Channels ▼
RSS

Design

Immigration Reform: Technology May Not Be the Answer, says Technologist


At a Congressional hearing on security and privacy issues affecting efforts to verify employee eligibility, Peter Neumann testified on behalf of the ACM's U.S. Public Policy Committee that many risks confront the complex systems requiring employers to submit identifying information on current and prospective employees, as envisioned in pending legislation. Neumann, a principal scientist in the Computer Science Lab at SRI International, urged Congress to create the right incentives for operators and employers to maximize the achievement of U.S. immigration laws that mandate employee eligibility verification while minimizing privacy and security risks to individuals. The pending legislation includes provisions to expand the Employee Eligibility Verification System (EEVS).

EEVS is related to several bills in the House and Senate proposing national systems for verification of employment eligibility, including the Secure Borders, Economic Opportunity and Immigration Reform Act of 2007 currently being debated by the U.S. Senate. Dr. Neumann cited vulnerabilities in the extensive computer database applications required by these systems that contain personal information, presenting risks to both the systems and the data as well as to individual privacy in these complex systems.

Speaking before the Subcommittee on Social Security of the U.S. House of Representatives Committee on Ways and Means, Neumann presented detailed recommendations to assure that the employee eligibility verification system is designed, constructed, and operated with the level of quality necessary to protect against identity theft and widespread fraud. "These potential pitfalls to security, integrity and privacy must be anticipated from the beginning and reflected throughout the design, implementation, and operation of the systems planned to implement the EEVS expansion," he said. "We should not expect easy technological answers to inherently difficult problems."

In his testimony, Neumann warned that information sent and stored in EEVS includes all of the primary personal identifiers in the U.S. "Any compromise, leak, theft, destruction, or alteration of the data would have severe consequences to the individuals involved, including, but not limited to, identify theft and impersonation," he said. He provided detailed USACM recommendations to address several aspects of specific concern in the EEVS, including transmission of information, accountability for access to information, scalability to handle at least a thousand-fold increase in user volume, and accuracy of information. He also addressed National ID System concerns and accessibility issues for small employers or poorly trained users.

Neumann, an ACM Fellow and a member of USACM, said these concerns are also applicable to related programs such as the REAL ID Act, which established standards for state-issued driver's licenses, and US-VISIT, a U.S. immigration and border management system. "Privacy and security are inextricably linked," Dr. Neumann noted. "One cannot ever guarantee complete privacy, but the difficulties are severely complicated by systems that are not adequately secure."

Neumann's statement urged more focused research on total-system approaches that address identity, authentication, authorization, and data protection. For example, he pointed to promising new developments that enable the use of cryptography to allow queries to be answered more efficiently.


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

Video