Nowhere To Hide
Congratulations, you're being audited, says the letter from the IRS. You know that "use tax" on mail-order purchases that everyone blows off? Well, someone checked up on your credit card history and found out you didn't pay the tax on your L.L. Bean purchases. Also, the amount you deducted for medical expenses doesn't include the $125 that your HMO says went toward eyeglasses. Please don't hesitate to call if you have any questions.The interview for the store manager position went really well, and you're eagerly awaiting the call telling you you got the job. But when the call comes, it turns out you didn't get the job: a review of your criminal record showed that you had six shoplifting convictions. You've never even stolen a kiss. Startled, you call for a copy of the report, and there they are in black and white. After months of bureaucratic entanglement, someone finally admits that those were supposed to go on the record of Steven van Dyck, not Stephen Van Dyke.You have AIDS, and you're managing your illness with medication. One day, a brochure comes in the mail advertising one of those deals in which a company buys out your life insurance policy. You call your doctor, angrily accusing him of breaching confidentiality; swearing he had nothing to do with it, he suggests that you yell at your insurance company instead. As it turns out, the company that processes claims for your pharmacist makes its database available to various direct-marketing companies, and in that database is your prescription record. The information is loose. More mail starts to come, from pharmaceutical companies, activist groups, funeral homes . . .After living with an abusive boyfriend for two years, you've torn yourself away. You've closed your accounts, moved to another state and tried to start a new life. Around tax time, a booklet is mailed to the apartment you and he shared; your Social Security number is printed on the mailing label. Your ex-boyfriend, a cop, accesses the national registry of state DMV computers, which began collecting SSNs to track deadbeat dads, and finds out your new address. He shows up and murders you.None of these scenarios is possible today. If current trends continue, all of them will be possible within 10 years.And if you think resisting the trend will be easy, consider this scenario:Bothered by the rampant dissemination of personal data, you decide one day to refuse to give out your Social Security number to anyone. That means you can't get a job or pay taxes, open a bank account, buy a house or rent an apartment, stay at a hotel, obtain a credit card, get a driver's license, buy an airline or train ticket, rent a video, get a library card, receive government benefits or carry insurance. Determined, you shack up with a less hardheaded friend and do odd jobs and garden for cash. (You can't spend the cash at the chain stores in your suburban town, though, without some form of ID, so that they can track your purchases--and without giving out your SSN, you have no ID.) Somehow, you get by--until the day when the police knock on your door with a warrant to search for contraband. Your sudden termination of trackable activity, signifying that you had abandoned the "legitimate" economy, set off alarms in a database somewhere. Going underground is probable cause.It all sounds like a cyberpunk nightmare fantasy, but the disturbing thing is how much of it is already possible--and how much further certain entities want to go with it. And it all begins with the Social Security number.Created by the Social Security Act of 1935, the SSN was vigorously opposed at first because of fears that the federal government would use it as a national identification number for the supervision of its citizens. The Social Security Administration went to great pains to ensure that it would not be used that way, but those efforts were soon superseded: a 1943 executive order issued by President Franklin D. Roosevelt required federal agencies to use the SSN as an index for any newly created record-keeping system, and the Internal Revenue Service began using it as a taxpayer ID number in 1961, opening the door to the SSN's use as a universal "economic ID."The Privacy Act of 1974 forced the government to scale back its use of the SSN, requiring all agencies requesting the numbers to disclose how they will be used, what law allows the agencies to request them, whether it's mandatory or optional that a citizen provide his number and what the consequences are if the citizen refuses. But by that time, banks already were using SSNs to report interest earnings to the IRS, as were life insurance companies that offered retirement funds. And the Tax Reform Act of 1976 undid much of the Privacy Act's progress, allowing states and municipalities to use the SSN as proof of identity for taxation, social services and licensing of drivers and their vehicles. By 1996, all parents were required to obtain SSNs for their children by age 1, and the Small Business Job Protection Act, enacted that year, allowed the IRS to treat parents' failure to disclose their children's SSNs on tax forms as an arithmetic error--an excuse for an audit.Ironically, having someone's Social Security number won't get you anything from a government agency (unless you're an officer of the law--more on that later). The real problem is the way its use has spread to the private sector.When credit cards first came on the scene, they requested applicants' SSNs as a way of establishing financial soundness with banks. But the 1980s saw the formation of credit reporting agencies such as Experian (formerly TRW), Trans Union and Equifax, which use SSNs both for indexing data and for authenticating requests for that data, allowing anyone with a person's name and SSN to view data about that person. The ability to perform fast, nationwide credit checks was embraced by other businesses and public utilities looking for ways to protect themselves from fraud. At the same time, then-fledgling health maintenance organizations followed the lead of the rest of the insurance industry in collecting SSNs for authentication purposes. Other institutions, notably universities, used the ubiquitous SSNs as internal ID numbers of their own.The trouble, from a security standpoint, is that a number used as an index can't be used effectively for authentication, and vice versa. If you're looking up data under a certain number, that number can't be used to verify your right to see it. In data-security jargon, the index is a "public key," the authenticator a "private key." When a private key becomes public, data using that key are no longer secure. And various forces have combined to make SSNs very, very public.Enter "identity theft": the misappropriation of personal data to commit fraud."Typically, an identity thief will obtain some critical piece of information about an individual--their name, their address, their Social Security number, possibly their job place--and based on that they will attempt to set up a whole separate set of credit," says Russ Haven, legislative counsel for the New York Public Interest Research Group. "In some cases you can walk into a department store and get instant credit. The identity thief will use the info they've obtained to set up a separate credit account, and then they'll go on a spree--travel, big purchases, wining and dining. They've got a free ride based on your identity and your credit history, and they live the good life for a while. Then they max out. Then they'll steal someone else's."The use of the Social Security number as both private and public key makes that possible. The credit reporting agencies make it even more dangerous. Once the identity thief maxes out "your" new credit card and defaults on it, you're left holding the bag. Federal law limits your personal liability to $50, but the stain on your credit history is propagated not only through the credit reporting machinery--from which it will reach anyone who comes looking for information on your history, such as bank lenders, landlords and prospective employers--but to all the entities the information gets sold to. Thought your credit information was private? Nope. There's a big market for credit information, which direct marketers of financial services, in particular, find tremendously useful."It's absolutely devastating for the consumer, because there's the emotional sense of being violated--someone else is roaming around in the world pretending to be you, running up huge bills," Haven says. "But there's a much more practical effect that when the bills come due, your credit history will suffer, and you may lose job opportunities, you may lose an apartment. . . . Because once the information about negative credit events gets out into the real world, you can't really recapture it easily."According to Sherry Frohman of the New York State Coalition Against Domestic Violence, there are many documented instances of identity fraud committed by abusive ex-partners. But actually, that's one of the better ways in which personal information available through the great data network might be misused."People get killed," Frohman says bluntly. "When we've seen confidentiality be violated--whether that's somebody who has accessed information from a computer or information has accidentally been given out--we've seen women and kids get killed. And sometimes that information is transferred to somebody, and it's not intentionally given to that person with intent to harm or even knowingly that they're violating something."If fraud and violence were the only concern regarding the large-scale trading of personal information, undoubtedly some more secure method of storing it could be found. But there's another bogeyman hiding in the shadows: human error."Sometimes there's incorrect information about an individual," notes Pam Katz of the American Civil Liberties Union, "and once you use the Social Security number as a national identifier, that incorrect information gets shared and inputted into databases, and therefore it becomes very hard for you to control and correct."Compounding the likelihood of error is that Social Security numbers, contrary to both popular belief and intention, are not unique. "They were intended by the Social Security administration to be unique, but the SSA didn't take sufficient precautions to ensure that it would be so," writes Chris Hibbert in an on-line document, "What to Do When They Ask for Your Social Security Number" (www.cpsr.org/cpsr/privacy/ssn/ssn.faq.html). "They have several times given a previously issued number to someone with the same name and birthdate as the original recipient, thinking it was the same person asking again. There are a few numbers that were used by thousands of people because they were on sample cards shipped in wallets by their manufacturers."Moreover, Hibbert writes, there's no way of confirming that an SSN is valid without looking it up: "The numbers don't have any redundancy (no check-digits), so any nine-digit number in the range of numbers that have been issued is a valid number. It's relatively easy to write down the number incorrectly, and there's no way to tell that you've done so."Can any private entity compel you to provide it your Social Security number? No. Is any entity required to offer you its services if you refuse to provide your number? No. Even among people who are aware of the risks of letting their numbers fall into the wrong hands, most folks fork it over rather than do without the products or services they came for.All is not quiet on the governmental front, either. Although Privacy Act protections are a strong safeguard against personal information falling into the wrong hands, the move toward creating large registries, all indexed by Social Security number, to guard against welfare fraud, terrorism and child-support delinquency places a great deal of information in the hands of the government--and, by extension, law-enforcement agencies. That doesn't sit well with civil-liberties groups."The government should not be in a position to be a Big Brother, to know all," says Katz. "When the Privacy Act was being discussed in '74 and amended, we testified before Congress that it's dangerous to create a national identifier. It could be used to intimidate people--for example, if the government is suspicious of the political activities of an individual, it has been known to use and misuse information to discredit that individual in all spheres of his or her life . . . and the government should not have the power to do that."That point is echoed by state Assemblyman Dan Feldman (D-Brooklyn), who has tried to fight the spread of information collection and exchange: "Government, like other institutions, is capable (a) of making mistakes and (b) of potentially, even if temporarily, being controlled by evildoers. And so to put that kind of information in the hands of any government runs the risk that it will be used to oppress individuals at some point."Even if some of the registries being created today don't contain sensitive information themselves--New York, for example, has begun requiring motorists to provide their SSNs when they obtain or renew their driver's licenses, to track deadbeat parents--the insecurity of the registries, combined with the existence of other databases, still invites abuse. Police agencies are routinely granted access to DMV files; if those files contain SSNs, a whole new world of information suddenly becomes available . . . without a warrant."They say in the little brochure that the feds hand out [that] if you don't want this to happen you can simply not provide the agency the information," says Tim Maxwell, an advocate for the disabled. "If you want to opt out of the system, essentially they're restricting your right to travel without giving private information."A 1995 Federal Aviation Administration anti-terrorism directive compounds that restriction. Issued in violation of sunshine laws, it forbids airlines from allowing passengers to board a plane without showing government-issued picture ID. And according to the Electronic Privacy Information Center (www.epic.org), the FAA is considering imposing a regulation that would require all passengers to provide their SSNs before boarding a plane, to aid in victim identification in the event of a crash. In effect, not only are people being presumed guilty of terrorism, welfare fraud and support delinquency until proven innocent, they're also being presumed killed until proven alive. Withhold your number, and you'll be getting to Kansas City on foot.If the idea of your movements' being tracked doesn't appeal to you, you might want to stay away from the supermarket and the drugstore.If you use a credit card to buy groceries and sundries, or if you carry one of those shopper's cards that let you write checks and get special discounts here and there, chances are your purchases are being tracked, compiled in a database and sold to direct-marketers."People who have a problem with continence, who buy adult diapers and so forth, might not particularly want that information peddled to every company interested in it--or anybody interested in it who's willing to pay for the list," Assemblyman Feldman says. "In fact, that has happened. People with such conditions, known because they buy those products, have been made public, much to their embarrassment."If you're an Internet user, be careful what program you use to browse the Web. Microsoft Online provided its users with special client software that not only let the user snoop around the Internet, it let Microsoft snoop around the user's machine, by recording what was on the hard drive and reporting the information back to an automated data collector. Many sites, mostly the larger commercial ones, use "cookies"--packets of coded information--to track users' visits. And nearly all Web browsing software keeps a log of what sites have been visited, which anyone with access to a user's machine can look at--something you might want to consider when you log on at work. "If you have porno or video games or info that someone might think is potentially dangerous or not in keeping with what they believe is appropriate, someone can blow the whistle on you," Feldman warns.If you have a sensitive medical condition or suspect that you might one day, or if you're seeing a mental health professional for any reason, pay cash . . . or stay home. When you invite an insurance company into your health-care world, you're opening what may be the biggest can of worms of all.Every state has confidentiality laws that expressly forbid medical professionals from releasing any information about patients' conditions or treatment without the patients' express consent. But when you sign on to your insurance plan, you sign a release granting the insurer access to all of that information. There is no law forbidding the insurance company from releasing that information (although Massachusetts has passed a law restricting what information companies may ask for).That loophole already has led to many incidents ranging from the embarrassing to the traumatic. Many have occurred when mental health information has been commingled in a single file with more general medical data: In Massachusetts, one man, having confessed some masturbation fantasies to a therapist, was horrified to find that his dermatologist had access to the information. Others have stemmed from many HMOs' practice of putting procedure before patient: A woman in California, after having been raped, told a psychiatrist employed by her HMO that she fantasized about taking revenge on her attacker, a state police officer. The HMO reported it to the police as a threat of violence, and the woman was arrested and held against her will in a psychiatric ward for 18 hours. She was released and her attacker convicted and fired from the force--but when he appealed his firing and asked the HMO to confirm that she had threatened him, it did so.Other breaches open when employers self-insure, which grants them access to much information not available to other employers. A district court found that a Philadelphia man employed by SEPTA, the metropolitan transit agency, had been discriminated against when an audit of the agency's insurance plan revealed that he was taking an expensive AIDS drug. (The decision was overturned on appeal: the higher court decided that the basis of the previous ruling, that the man's privacy had been violated, was unfounded, since the company had the right to monitor its costs.)Computerized medical records, which often are insecure within health-care institutions even when they're not released to anyone outside, are a special area of concern for HIV/AIDS advocates, according to Stacey Millman of the New York AIDS Coalition. "Access to medical information via computer databases is still largely unregulated, and that opens up a Pandora's box," Millman says. "People living with HIV and AIDS still face widespread discrimination and stigma regarding their disease. It is simply outrageous that such information is easily available and not kept secured. . . . It is even more outrageous that Congress would pass legislation that would allow the implementation of streamlining the sharing of medical information before any rigorous protections are in place. It is nothing less than irresponsible and reckless."What, you didn't hear about that legislation? It was buried deep in the Health Insurance Portability and Accountability Act, also called Kennedy-Kassebaum after its Senate sponsors, Edward Kennedy (D-Mass.) and Nancy Kassebaum (R-Kan.). Buried deep in that act was a section "encouraging the development of a health information system" by standardizing the electronic transmission of medical records, "providing for a standard unique health identifier for each individual . . . for use in the health care system."The state of Maryland has gone even further, creating a statewide health database, operated by that state's Department of Mental Health & Hygiene, to which all medical professionals must report the particulars of every patient visit. Six other states--Iowa, Kentucky, Minnesota, North Dakota, Vermont and Washington--have similar plans in the works. Maryland's database was created for the express purpose of monitoring doctors' recommendations to control health care costs.When will it end? Not until lawmakers decide to step in and put a stop to it, something they haven't felt the pressure to do, given citizens' apparent willingness to put up with all manner of intrusions (despite polls reporting that as many as 80 percent of respondents believe their privacy is threatened), business's eagerness to cash in on the phenomenally lucrative info trade and politicians' willingness to make hay out of fraud and waste issues.In Congress, Sens. Dianne Feinstein (D-Calif.) and Charles Grassley (R-Iowa) have introduced a bill to protect the privacy of individuals' Social Security numbers and other personal data, by allowing credit reporting companies to release no identifying information about an individual other than name, address and listed telephone number; prohibiting commercial uses of a person's Social Security number "or any derivative of such number" without that person's written consent; and barring state DMVs from using SSNs except for identity verification. But although the bill would slow the spread of personal information, it would still allow any entity to demand a person's SSN as a condition of doing business. And even as that bill moves through legislative channels, another bill, introduced in the House by Rep. Stephen Horn (R-Calif.), would require anyone registering to vote to provide his Social Security number as verification of citizenship (a requirement that already exists in Virginia but was recently ruled unconstitutional by a federal appeals court)."There's a wonderful quote by William Pitt: ÔNecessity is the plea for every infringement of human freedom,' " says Katz of the ACLU. "People need to start speaking out to their representatives about the need for these protections. If everybody who initially feels that sense of indignance, that this is an invasion, would then put on his or her to-do list, ÔWrite representative about concern,' something in the long term could be done that could benefit everybody. Because if the representatives don't hear from the consumers, they're hearing from big business, who make big profit from this information."THE BEST DEFENSE"There's no way to opt out of it," says NYPIRG's Russ Haven. "Other than living out in the woods like Ted Kaczynski, you're out of luck. The information is out there, and you can't get it back." But there are ways to control the rate at which that information gets out--and, in some cases, who gets that information, although as a general rule the entities that can do the most damage with it are also those with the clout to send you packing if you don't play along.Here are some of the things you can do:* Periodically request copies of your credit and medical histories, and challenge any incorrect information you find. (Credit reports can be obtained from Equifax, 800-685-1111; Experian, 800-682-7654; or Trans Union, 800-916-8800. The law entitles you to a free report any time you're denied credit; other requests carry a fee of less than $10. Medical records are available from the Medical Information Bureau, 617-426-3660, for $8.)* If you receive catalogs or magazines in the mail, ask them not to share your name and address; they must honor your request. Credit bureaus will do the same, though you may have to make the request in writing.* Pay cash at stores that use electronic scanners.* If you suspect your Social Security number has been used fraudulently or assigned to another person, call the Social Security Administration to get a new number.* Never carry your Social Security card or anything with your Social Security number printed on it in your wallet or purse.* Don't give out your Social Security number to anyone except the SSA, the IRS, your employer ( after you're offered the job, not before) and the financial institutions you deal with. In states where SSNs are printed on driver's licenses, you can demand that the DMV use a different number.* If someone at a business or agency with no legal right to your SSN insists that he must have your it to conduct business, try the following steps in order: First, explain your position politely and hope that he understands and cooperates. Second, talk to someone higher up in the organization. Third, threaten to complain to a consumer affairs bureau. Fourth, insist on seeing a documented corporate policy requiring the number (usually there is none). Fifth, find out how the number is used and why it's needed, and suggest alternatives. Sixth, take your business elsewhere. (If that's not an option, use 078-05-1120--the number printed on sample cards--or any number beginning with an 8 or a 9. Never make up a number at random unless it starts with 8 or 9--someone might already have it, and you'd be causing trouble for yourself and for him.)* For more tips and information, contact the Privacy Rights Clearinghouse (619-298-3396, www.privacyrights.org). Factsheets are available in English and Spanish. Information is also available on-line at Junkbusters (www.junkbusters.com).