Slashdot Mirror

← Back to Stories (view on slashdot.org)

Supreme Court To Hear SSN Privacy case

Posted by Hemos on from the about-time dept.

Chope writes "In the flurry of end-of-term US Supreme Court decisions, some may have overlooked a case the Court agreed to take for the term beginning in the fall 2003. The Court is finally going to consider the ramifications of government requests for and subsequent disclosure of your social security number. The law in question is the 1974 Privacy Act, which places restrictions on how the government (federal, state, and local) can request individuals' SSNs. A good source of background information is Chris Hibbert's SSN FAQ and his Privacy Act Background. While the Privacy Act put bounds on the when and how the SSN may be requested and also required the government to protect the information collected, the Privacy Act established no penalties if the government failed to protect the data. The Court will decide if individuals must prove they were harmed in order to receive compensation, or if the government's mere (?!) release of information is sufficient grounds to award damages. The story, an AP wire by Gina Holland, appeared in today's (28-June-2003) Portland Oregonian but doesn't yet appear on their website. Google isn't returning much at this point, either. The Supreme Court's website has only the barest information. The case is Doe (pseudonym) v. Chao, docket 02-1377. Doe was a coal miner who's SSN was used by the state of Virginia to track Black Lung disease cases. Virginia later published reports of the cases, including the SSNs. The 4th Circuit ruled against Doe in October 2002."

3 of 15 comments (clear)

  1. this is a problem that can be solved by imsmith · · Score: 3, Interesting

    The bulk of so called negligent disclosures occur because there is no positive control over database records by the subject of the information - its an actual technical challenge to accomplish that.

    In the absence of a technological means, it seems to me that the legislation ought to acknowledge that assigned identity information is a contract between two parties and treat it as such, awarding damages simply on the basis of breach of contract.

    The law doesn't say that, so it will be interesting to see how the Court rules.

    The rational that I see for this is something like this - I can't make up my SSN and not give it to the government, since it would not be an identifier of anything. The government can't assign me an SSN but not give it to me, because I have to know what it is and use it in order to establish it as an identifying label. It takes two parties and a link to establish the identity network, and if either party expands the network, it has to be with the consent of the other party or the identity becomes too diluted to have meaning or be trustworthy.

    1. Re:this is a problem that can be solved by 0x0d0a · · Score: 2, Interesting

      I can't make up my SSN and not give it to the government, since it would not be an identifier of anything.

      You have a smart card. Gov't asks you for a unique identifier for use in draft registration. You make up a random number, append it to your actual ID number, send back a SHA-1 of the result.

      --
      May we never see th
  2. Re:What nonsense by wcbarksdale · · Score: 2, Interesting

    More realistically, SSNs need to stop being considered secret and a form of authentication. It's much easier to take the lid of Pandora's Box all the way off.