Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Your Rights Online

Supreme Court To Hear SSN Privacy case 15

Chope writes "In the flurry of end-of-term US Supreme Court decisions, some may have overlooked a case the Court agreed to take for the term beginning in the fall 2003. The Court is finally going to consider the ramifications of government requests for and subsequent disclosure of your social security number. The law in question is the 1974 Privacy Act, which places restrictions on how the government (federal, state, and local) can request individuals' SSNs. A good source of background information is Chris Hibbert's SSN FAQ and his Privacy Act Background. While the Privacy Act put bounds on the when and how the SSN may be requested and also required the government to protect the information collected, the Privacy Act established no penalties if the government failed to protect the data. The Court will decide if individuals must prove they were harmed in order to receive compensation, or if the government's mere (?!) release of information is sufficient grounds to award damages. The story, an AP wire by Gina Holland, appeared in today's (28-June-2003) Portland Oregonian but doesn't yet appear on their website. Google isn't returning much at this point, either. The Supreme Court's website has only the barest information. The case is Doe (pseudonym) v. Chao, docket 02-1377. Doe was a coal miner who's SSN was used by the state of Virginia to track Black Lung disease cases. Virginia later published reports of the cases, including the SSNs. The 4th Circuit ruled against Doe in October 2002."
This discussion has been archived. No new comments can be posted.

Supreme Court To Hear SSN Privacy case

Comments Filter:
  • What nonsense (Score:4, Informative)

    by neitzsche ( 520188 ) on Monday June 30, 2003 @07:04AM (#6329666) Journal
    What we need is real protection of SSNs. Having the credit information system today depending exclusivily on SSNs is becoming more devastating to our economy each passing year. Experian, Equifax, TRW (whatever they are called now) need to all be shut down. We need severe criminal penalties for individuals (like estranged wives) that missuse SSNs with the credit agency's blessing. This case (that the article is talking about) where a government agency screwed up is incredibly rare; it's just not a big enough problem to be wasting time and effort on. Instead, go after the evil credit agencies!
    • Re:What nonsense (Score:3, Interesting)

      by wcbarksdale ( 621327 )
      More realistically, SSNs need to stop being considered secret and a form of authentication. It's much easier to take the lid of Pandora's Box all the way off.
  • by Sherloqq ( 577391 ) on Monday June 30, 2003 @08:13AM (#6330030)
    ...and make private companies accountable as well. Say what you will, I haven't had much trouble from government agencies so far when it comes to disclosing my SSN to anyone they shouldn't have, or without my permission. I'd me much more worried about all those credit reporting bureaus like Experian, whom neither did I ask to collect my data, nor to sell it to anyone pretending to be my employer or creditor. Those firms should be held accountable to at least the same level as the government institutions.

    Think about it. If the government wasn't already careful in protecting your personal data, there wouldn't be a need for the credit bureaus.
  • by imsmith ( 239784 ) on Monday June 30, 2003 @09:34AM (#6330599)
    The bulk of so called negligent disclosures occur because there is no positive control over database records by the subject of the information - its an actual technical challenge to accomplish that.

    In the absence of a technological means, it seems to me that the legislation ought to acknowledge that assigned identity information is a contract between two parties and treat it as such, awarding damages simply on the basis of breach of contract.

    The law doesn't say that, so it will be interesting to see how the Court rules.

    The rational that I see for this is something like this - I can't make up my SSN and not give it to the government, since it would not be an identifier of anything. The government can't assign me an SSN but not give it to me, because I have to know what it is and use it in order to establish it as an identifying label. It takes two parties and a link to establish the identity network, and if either party expands the network, it has to be with the consent of the other party or the identity becomes too diluted to have meaning or be trustworthy.
    • I can't make up my SSN and not give it to the government, since it would not be an identifier of anything.

      You have a smart card. Gov't asks you for a unique identifier for use in draft registration. You make up a random number, append it to your actual ID number, send back a SHA-1 of the result.
      • I like it, but seems that it would face the same hurdles to widespread adoption that PKI does... complicated, not intuitive, and geeky. And the point remains that there has to be a two party network for the hash to have meaning.

        It works for you and I, but will it work for everyone? I don't know. Forcing technology upon a culture to solve a problem only shifts the problem to another context within that society.

        Being the bridge between the current era of technological acceptance within a culture to anoth
  • Considering the potential hazard that going public with your SSN could be, I am shocked that my school isn't taking seriously the recent state law that makes using the SSN as student ID numbers illegal. According to the law, the SSN may only be requested for tax purposes; otherwise an alternative method for ID must be used. I am attempting to lead the charge to get the school to change its policy regarding SSNs, if not for their sake legally, then for the students' sakes.

In the long run, every program becomes rococco, and then rubble. -- Alan Perlis

Working...