Supreme Court To Hear SSN Privacy case

← Back to Stories (view on slashdot.org)

Supreme Court To Hear SSN Privacy case

Posted by Hemos on Sunday June 29, 2003 @10:57PM from the about-time dept.

Chope writes "In the flurry of end-of-term US Supreme Court decisions, some may have overlooked a case the Court agreed to take for the term beginning in the fall 2003. The Court is finally going to consider the ramifications of government requests for and subsequent disclosure of your social security number. The law in question is the 1974 Privacy Act, which places restrictions on how the government (federal, state, and local) can request individuals' SSNs. A good source of background information is Chris Hibbert's SSN FAQ and his Privacy Act Background. While the Privacy Act put bounds on the when and how the SSN may be requested and also required the government to protect the information collected, the Privacy Act established no penalties if the government failed to protect the data. The Court will decide if individuals must prove they were harmed in order to receive compensation, or if the government's mere (?!) release of information is sufficient grounds to award damages. The story, an AP wire by Gina Holland, appeared in today's (28-June-2003) Portland Oregonian but doesn't yet appear on their website. Google isn't returning much at this point, either. The Supreme Court's website has only the barest information. The case is Doe (pseudonym) v. Chao, docket 02-1377. Doe was a coal miner who's SSN was used by the state of Virginia to track Black Lung disease cases. Virginia later published reports of the cases, including the SSNs. The 4th Circuit ruled against Doe in October 2002."

15 comments

Min score:

Reason:

Sort:

What nonsense by neitzsche · 2003-06-30 00:04 · Score: 3, Informative

What we need is real protection of SSNs. Having the credit information system today depending exclusivily on SSNs is becoming more devastating to our economy each passing year. Experian, Equifax, TRW (whatever they are called now) need to all be shut down. We need severe criminal penalties for individuals (like estranged wives) that missuse SSNs with the credit agency's blessing. This case (that the article is talking about) where a government agency screwed up is incredibly rare; it's just not a big enough problem to be wasting time and effort on. Instead, go after the evil credit agencies!

--
"God is dead." - Frederik Nietzsche
1. Re:What nonsense by wcbarksdale · 2003-06-30 09:44 · Score: 2, Interesting
  
  More realistically, SSNs need to stop being considered secret and a form of authentication. It's much easier to take the lid of Pandora's Box all the way off.
Why not amend that proposed law... by Sherloqq · 2003-06-30 01:13 · Score: 4, Insightful

...and make private companies accountable as well. Say what you will, I haven't had much trouble from government agencies so far when it comes to disclosing my SSN to anyone they shouldn't have, or without my permission. I'd me much more worried about all those credit reporting bureaus like Experian, whom neither did I ask to collect my data, nor to sell it to anyone pretending to be my employer or creditor. Those firms should be held accountable to at least the same level as the government institutions.

Think about it. If the government wasn't already careful in protecting your personal data, there wouldn't be a need for the credit bureaus.

--
Have EVDO, will travel.
1. Re:Why not amend that proposed law... by 0x0d0a · 2003-06-30 03:36 · Score: 1
  
  You chose to use a credit card. Much like using a grocery store "savings" card, that's essentially an opt-in for monitoring.
  
  --
  May we never see th
2. Re:Why not amend that proposed law... by Sherloqq · 2003-06-30 05:25 · Score: 1
  
  Monitoring is one thing... disclosing (selling) my private information without my knowledge (e.g. SSN, buying habits) is another.
  
  Hey, if you're gonna make a profit off me, at least share the proceeds!
  
  --
  Have EVDO, will travel.
3. Re:Why not amend that proposed law... by r00tarded · 2003-06-30 05:57 · Score: 3, Insightful
  
  fine, but they make mistakes in 70% of the records they hold. these mistakes impact my ability to get a morgage, or a car. they profit off of this information, should they not be held accountable if it is incorrect?
  
  --
  
  four-oh-four
4. Re:Why not amend that proposed law... by Anonymous Coward · 2003-07-01 06:15 · Score: 0
  
  You do have rights, there are number of laws that make it easy to catch and sue the Credit reporting agencies, Debt Collectors and even the Original Creditors. These laws include but are not limited to:
  
  THE FAIR DEBT COLLECTION PRACTICES ACT
  THE FAIR CREDIT REPORTING ACT
  THE FAIR CREDIT BILLING ACT
this is a problem that can be solved by imsmith · 2003-06-30 02:34 · Score: 3, Interesting

The bulk of so called negligent disclosures occur because there is no positive control over database records by the subject of the information - its an actual technical challenge to accomplish that.

In the absence of a technological means, it seems to me that the legislation ought to acknowledge that assigned identity information is a contract between two parties and treat it as such, awarding damages simply on the basis of breach of contract.

The law doesn't say that, so it will be interesting to see how the Court rules.

The rational that I see for this is something like this - I can't make up my SSN and not give it to the government, since it would not be an identifier of anything. The government can't assign me an SSN but not give it to me, because I have to know what it is and use it in order to establish it as an identifying label. It takes two parties and a link to establish the identity network, and if either party expands the network, it has to be with the consent of the other party or the identity becomes too diluted to have meaning or be trustworthy.
1. Re:this is a problem that can be solved by 0x0d0a · 2003-06-30 03:40 · Score: 2, Interesting
  
  I can't make up my SSN and not give it to the government, since it would not be an identifier of anything.
  
  You have a smart card. Gov't asks you for a unique identifier for use in draft registration. You make up a random number, append it to your actual ID number, send back a SHA-1 of the result.
  
  --
  May we never see th
2. Re:this is a problem that can be solved by imsmith · 2003-06-30 04:49 · Score: 1
  
  I like it, but seems that it would face the same hurdles to widespread adoption that PKI does... complicated, not intuitive, and geeky. And the point remains that there has to be a two party network for the hash to have meaning.
  
  It works for you and I, but will it work for everyone? I don't know. Forcing technology upon a culture to solve a problem only shifts the problem to another context within that society.
  
  Being the bridge between the current era of technological acceptance within a culture to another is part of the responsibilities of Sovereigns. All regulatory legislature (non-criminal guidance) can be viewed as short-term solutions to phenomeonon that will work themselves out in the long-term, but need to have their effect on society mitigated until they do.
3. Re:this is a problem that can be solved by Anonymous Coward · 2003-07-01 11:14 · Score: 0
  
  You are neglecting the point that SS numbers were not supposed to be used for general identity purposes but were co-opted to become THE defacto standard
SSN for everything? by crashnbur · 2003-06-30 18:50 · Score: 1

Considering the potential hazard that going public with your SSN could be, I am shocked that my school isn't taking seriously the recent state law that makes using the SSN as student ID numbers illegal. According to the law, the SSN may only be requested for tax purposes; otherwise an alternative method for ID must be used. I am attempting to lead the charge to get the school to change its policy regarding SSNs, if not for their sake legally, then for the students' sakes.