Dim Light?

Flipping the switch on privacy.

In the continuum of caution about personal data, I find myself sliding toward the slack end not because Im getting lazy, mind you, but because the rest of the world is getting more careful about who they give their information to.

Good for you. Information such as your Social Security number runs, for all intents and purposes, your life in the 21st century. Its the key to all kinds of information it was never intended to protect; everything from medical records to financial history is identified by those nine little digits, which were never designed to carry such a load. (Conspiracy theories to the contrary to the usual dev/null address, please, though Ill grant that the difference between an ID number (verboten under American law) and a unique identifying number is getting dangerously semantic.)

Youve got to be careful with that kind of info, as the tens of thousands of victims of identity theft in the US last year would hasten to tell you. All kinds of folk think they need it, and most of them are wrong. Latest offender: our own Seattle City Light, whod like you customers to use your Social Security number to prove who you are. As the newsletter in your latest bill says (you read it, right?), "Starting March 5, when you contact us we will request one of the following identification numbers for accountability: Social Security number, Washington state drivers license number, or Washington state identification number."

Whats wrong with checking our names against our account numbers? According to Andrew Lofton of the City Light department, the new interest in getting to know us is a result of a badly needed upgrade to City Lights antiquated billing system, rumored by knowledgeable sources to be equal parts baling wire, duct tape, and chewing gum. Jettisoning the 25-year-old mainframe system for a slick new client-server setup means that pretty soon well all be able to pay our bills and check our usage online, among other things. (Lots of other things. They spent $39 million to purchase and develop and install this thing; for that kind of money you damn skippy want to see all-round improvements, if not actual teleportation and time-travel capabilities.)

Anyway, Lofton explains that using Social Security or drivers-license numbers will solve, for City Light, "the most difficult problem in billing": ensuring accuracy. He assures me that the information City Light collects is never shared (its prohibited, since the agency is a public entity), and that if anyone is uncomfortable giving a Social Security number, they can always use the aforementioned drivers license number.

Needless to say, a lot of people arent buying the accuracy-privacy tradeoff, even with City Lights assurances that the new system, purchased from SCT Utility Systems, was built with security consciousness from the ground up. As one ASCII correspondent acidly remarked, "Accountability? If my identity is stolen it will be me trying to clear up the mess, not the utility company." Bluntly put, protections fail. Databases get hacked by miscreants both outside and inside the office. Even if City Light means to be careful and has every intention of using those numbers in a limited way, most folk would agree that putting their Social Security number into yet another computer system is that much more peace of mind lost.

Even the Feds are getting more concerned about the sensitive nature of Social Security numbers. Last week the Treasury and Justice departments, along with the Office of Management and Budget, released a study showing that personal info such as bank-account balances and (yes) Social Security numbers needs more protection than it currently gets. The study concerned personal bankruptcy filings. The general public is allowed a lot of information about such proceedings, so that the system can be kept accountable and aboveboard. However, said the study, the risks of identity theft and privacy violation are so real in the age of the Internet that certain protections need to be in place. Such protections might involve limiting access to the really sensitive info to folks with a direct interest in the bankruptcy, such as creditors. That doesnt sound like a big whoop, maybe, but what it means is that as public institutions (such as the courts and, oh, the utility companies) become more and more Net-ready, theyre going to find pressure to rethink what kinds of data need to be part of their online presence.

According to the Federal Trade Commission, about 28 percent of identity thefts involve scamsters who open telephone, cellular, or utility service with someone elses name. Untangling such messes is tedious and nerve-wracking for victims and for every blessed institution theyre forced to deal with. Clearly the need to positively ID callers is critical for Seattle City Light and the people it serves; Im just wondering if they couldnt have figured out a better way, especially with all of us so watchful now.

 
comments powered by Disqus