Neumann Testimony Press Release

Download PDF

 

acm
The Association for Computing Machinery

 

COMPUTER EXPERT URGES IDENTITY VERIFICATION SAFEGUARDS FOR EMPLOYEE ELIGIBILITY SYSTEMS

 

Neumann's Congressional Testimony Warns of Risks to Personal Privacy, System Integrity

NEW YORK, June 7, 2007 - At a Congressional hearing today on security and privacy issues affecting efforts to verify employee eligibility, Peter G. Neumann testified on behalf of the U.S. Public Policy Committee of the Association for Computing Machinery (USACM) that many risks confront the complex systems requiring employers to submit identifying information on current and prospective employees, as envisioned in pending legislation. Dr. Neumann, Principal Scientist in the Computer Science Laboratory at SRI International, urged Congress to create the right incentives for operators and employers to maximize the achievement of U.S. immigration laws that mandate employee eligibility verification while minimizing privacy and security risks to individuals. The pending legislation includes provisions to expand the Employee Eligibility Verification System (EEVS).

EEVS is related to several bills in the House and Senate proposing national systems for verification of employment eligibility, including the Secure Borders, Economic Opportunity and Immigration Reform Act of 2007 currently being debated by the U.S. Senate. Dr. Neumann cited vulnerabilities in the extensive computer database applications required by these systems that contain personal information, presenting risks to both the systems and the data as well as to individual privacy in these complex systems.

Speaking before the Subcommittee on Social Security of the U.S. House of Representatives Committee on Ways and Means, Dr. Neumann presented detailed recommendations to assure that the employee eligibility verification system is designed, constructed, and operated with the level of quality necessary to protect against identity theft and widespread fraud. "These potential pitfalls to security, integrity and privacy must be anticipated from the beginning and reflected throughout the design, implementation, and operation of the systems planned to implement the EEVS expansion," he said. "We should not expect easy technological answers to inherently difficult problems."

In his testimony, Dr. Neumann warned that information sent and stored in EEVS includes all of the primary personal identifiers in the U.S. "Any compromise, leak, theft, destruction, or alteration of the data would have severe consequences to the individuals involved, including, but not limited to, identify theft and impersonation," he said. He provided detailed USACM recommendations to address several aspects of specific concern in the EEVS, including transmission of information, accountability for access to information, scalability to handle at least a thousand-fold increase in user volume, and accuracy of information. He also addressed National ID System concerns and accessibility issues for small employers or poorly trained users.

Dr. Neumann, an ACM Fellow and a member of USACM, said these concerns are also applicable to related programs such as the REAL ID Act, which established standards for state-issued driver's licenses, and US-VISIT, a U.S. immigration and border management system. "Privacy and security are inextricably linked," Dr. Neumann noted. "One cannot ever guarantee complete privacy, but the difficulties are severely complicated by systems that are not adequately secure."

Dr. Neumann's statement urged more focused research on total-system approaches that address identity, authentication, authorization, and data protection. For example, he pointed to promising new developments that enable the use of cryptography to allow queries to be answered more efficiently.

The complete testimony for today's hearing is available at http://www.acm.org/usacm/PDF/EEVS_Testimony_Peter_Neumann_USACM.pdf

About ACM
ACM, the Association for Computing Machinery http://www.acm.org, is an educational and scientific society uniting the world's computing educators, researchers and professionals to inspire dialogue, share resources and address the field's challenges. ACM strengthens the profession's collective voice through strong leadership, promotion of the highest standards, and recognition of technical excellence. ACM supports the professional growth of its members by providing opportunities for life-long learning, career development, and professional networking.

About USACM
The ACM U.S. Public Policy Committee (USACM) serves as the focal point for ACM's interaction with U.S. government organizations, the computing community, and the U.S. public in all matters of U.S. public policy related to information technology. Supported by ACM's Washington, D.C., Office of Public Policy, USACM responds to requests for information and technical expertise from U.S. government agencies and departments, seeks to influence relevant U.S. government policies on behalf of the computing community and the public, and provides information to ACM on relevant U.S. government activities. USACM also identifies potentially significant technical and public policy issues and brings them to the attention of ACM and the community.

 

Related Articles

Global Technology Policy Newsletter – March 2017
ACM PUBLIC POLICY HIGHLIGHTS ACM provides independent, nonpartisan, and technology-neutral research and resources to policy leaders, stakeholders, and the public about public policy issues, as drawn from the deep technical expertise of the computing community. Apply for the new A ...Read More

  • (Posted on 12-Mar-17)
  • ACM Joint Task Force on Cybersecurity Education Grabs Spotlight at U.S. Congressional Hearing
    The ACM Joint Task Force on Cybersecurity Education seized the spotlight during a congressional hearing on “Strengthening U.S. Cybersecurity Capabilities” on Capitol Hill on February 14, 2017. The hearing before the House Science, Space, and Technology Subcommittee on ...Read More

  • (Posted on 18-Feb-17)
  • Global Technology Policy Newsletter – February 2017
    ACM PUBLIC POLICY HIGHLIGHTS ACM seeks to educate policymakers, the computing community, and the public about policies that will that foster and accelerate innovations in computing, computing education, and related disciplines in ways that benefit society. ACM Statement on U.S. E ...Read More

  • (Posted on 12-Feb-17)
  • ACM Sponsors Data Sciences Education Roundtable at the U.S. National Academies of Sciences
    ACM is sponsoring a new 3-year initiative by the National Academy of Sciences on data science postsecondary education. A series of roundtable discussions will bring together representatives from academia, industry, funding agencies, and professional societies to explore the trans ...Read More

  • (Posted on 17-Jan-17)
  • Global Technology Policy Update – December 2016
    ACM PUBLIC POLICY HIGHLIGHTS Cybersecurity Education and Research in Europe – The ACM Europe Policy Committee released a policy white paper “Advancing Cybersecurity Education and Research in Europe.” Committee Chair Fabrizio Gagliardi recently presented the find ...Read More

  • (Posted on 12-Dec-16)
  • Global Technology Policy Update – October 2016
    ACM PUBLIC POLICY HIGHLIGHTS Computer Science Education and Research in Europe – ACM Europe Policy Committee members will be attending the European Computer Science Summit in Budapest, Hungary on October 24-26, which features programs on the challenges and opportunities in ...Read More

  • (Posted on 09-Oct-16)