USS Clueless -- Social Security Numbers and privacy

  USS Clueless

             Voyages of a restless mind

Main:
normal
long
no graphics

Contact
Log archives
Best log entries
Other articles

Site Search

Social Security Numbers and Privacy

Senator Feinstein (D-CA) is trying to move a bill through congress which would forbid anyone from revealing anyone else's SSN "without permission". In actual practice, this is no more than a band-aid on a running wound -- and a faulty band-aid at that. Identity theft is the symptom; rampant invasion of privacy is the problem.

The misnamed "Social Security Number" is a taxpayer identification code issued by the US government to everyone in the US. By law, every adult resident is required to have one. Also by law, no-one is permitted to have more than one. From the point of view of private database owners, this makes it an ideal access key. More scary is that if a lot of databases all index on it, then it is trivial to cross-index them. It is far harder to do this using things like names, or addresses because of duplication and mispelling. The SSN is ideal: it's short, unambiguous, unique, and ubiquitous. Which is why everyone, everyone, asks for your SSN on any form you fill out. It has become the universal ID.

The problem with Senator Feinstein's bill is that "without expressed consent" business. The main people who want to do this kind of thing are in a position to extort consent. They're already doing so, quite shamelessly.

Doctor-patient communication is "privileged" in the US. By long-standing court precedent, such communication is protected by the Fifth Amendment, on the grounds that the relationship between a patient and a doctor cannot work without complete frankness. If a patient feels as if they must lie or conceal information, there's a strong potential for incorrect diagnosis and treatment -- and nowhere is this more critical than in mental health care. It is vital in a patient/therapist relationship for the patient to trust the doctor fully and reveal anything and everything. Without this, the relationship cannot work. It's not so much that the patient will reveal commission of crimes -- that's rare. But they'll reveal things which are deeply embarrassing, and this is essential and very, very common.

Thus any doctor called to the stand in any trial, and asked a question about what a patient has said, can quite legally refuse to answer. This is good.

Ever apply for any serious health insurance benefits? I don't mean benefits where you pay the insurance company (i.e. getting coverage) I mean benefits where they have to pay you. You'll receive a form which you sign and return which gives the insurance company the right to ask your doctors any question at all, which directs the doctors to answer fully, which gives the insurance company access to any and all records your doctor keeps, including notes about each meeting you've had -- and which gives the insurance company permission to keep that information and to give it to anyone they feel like. There seem to be no limits, none whatever, to what they are permitted to do with the information. That last is in there because the insurance companies keep a collective central database where they share this information with each other.

You don't have to sign, in theory. You don't have to grant permission. But if you don't, you also won't get the benefit you're entitled to. (Which is fine with the insurance companies; they save money. I have to wonder whether some of this is intended precisely to dissuade people from making claims.) Their stated reason for getting this information is to make sure that the claim is not fraudulent, but it also has the effect of making doctor-patient privilege a sham. There is no privacy in the relationship, and as a result that damage to the relationship is done anyway in many cases. It makes no difference to a person suffering from a mental problem if their embarrassment is being given to bureaucrats at an insurance company instead of to officers of the law; it's still out in the world and spreading fast. If you want full confidentiality, you can have it -- as long as you fully pay for it yourself. How many people can afford that?

Ever apply for a bank account or a credit card? You have to provide a lot of information about yourself and you sign a form permitting the bank to use that information for anything they want, and to give it to anyone they feel like. Which means they give it to the big credit reporting companies, who in turn give it to anyone willing to pay a fee. Among other things, they sift their database and produce lists of people, including names and addresses, which they sell to companies who want to send out advertising -- especially credit card offers.

The Europeans have the right answer, and the US needs to follow their lead in this. In Europe private databases are severely regulated and access to them is restricted. But it's not going to happen in the US, though it should. The reason is simple: all businesses will oppose it. Privacy has no commercial value, but nosiness is worth a fortune. There are entire corporations in the business of collecting information about you which they sell to anyone willing to pay, and to some extent nearly every business does this. Money talks. Sad, really.

If Senator Feinstein's bill is made law, it will have little effect. Most of the places dispensing your SSN already have your permission to distribute it -- or will get it from you by making you an offer you can't refuse. Unless the law unconditionally prevents distribution of the SSN even with your permission then it will have no important effect.

This page has been viewed 1872 times since 20010726.

Captured by MemoWeb from http://denbeste.nu/essays/privacy.shtml on 9/16/2004