At a Congressional hearing on security and privacy issues affecting efforts to verify employee eligibility, Peter Neumann testified on behalf of the ACM's U.S. Public Policy Committee that many risks confront the complex systems requiring employers to submit identifying information on current and prospective employees, as envisioned in pending legislation. Neumann, a principal scientist in the Computer Science Lab at SRI International, urged Congress to create the right incentives for operators and employers to maximize the achievement of U.S. immigration laws that mandate employee eligibility verification while minimizing privacy and security risks to individuals. The pending legislation includes provisions to expand the Employee Eligibility Verification System (EEVS).
EEVS is related to several bills in the House and Senate proposing national systems for verification of employment eligibility, including the Secure Borders, Economic Opportunity and Immigration Reform Act of 2007 currently being debated by the U.S. Senate. Dr. Neumann cited vulnerabilities in the extensive computer database applications required by these systems that contain personal information, presenting risks to both the systems and the data as well as to individual privacy in these complex systems.
Speaking before the Subcommittee on Social Security of the U.S. House of Representatives Committee on Ways and Means, Neumann presented detailed recommendations to assure that the employee eligibility verification system is designed, constructed, and operated with the level of quality necessary to protect against identity theft and widespread fraud. "These potential pitfalls to security, integrity and privacy must be anticipated from the beginning and reflected throughout the design, implementation, and operation of the systems planned to implement the EEVS expansion," he said. "We should not expect easy technological answers to inherently difficult problems."
In his testimony, Neumann warned that information sent and stored in EEVS includes all of the primary personal identifiers in the U.S. "Any compromise, leak, theft, destruction, or alteration of the data would have severe consequences to the individuals involved, including, but not limited to, identify theft and impersonation," he said. He provided detailed USACM recommendations to address several aspects of specific concern in the EEVS, including transmission of information, accountability for access to information, scalability to handle at least a thousand-fold increase in user volume, and accuracy of information. He also addressed National ID System concerns and accessibility issues for small employers or poorly trained users.
Neumann, an ACM Fellow and a member of USACM, said these concerns are also applicable to related programs such as the REAL ID Act, which established standards for state-issued driver's licenses, and US-VISIT, a U.S. immigration and border management system. "Privacy and security are inextricably linked," Dr. Neumann noted. "One cannot ever guarantee complete privacy, but the difficulties are severely complicated by systems that are not adequately secure."
Neumann's statement urged more focused research on total-system approaches that address identity, authentication, authorization, and data protection. For example, he pointed to promising new developments that enable the use of cryptography to allow queries to be answered more efficiently.