SSA's Ne result provides good lesson for us all

 

Connecting state and local government leaders

@INFO.POLICY Robert Gellman What has happened to the Social Security Administration's Web service? Last year, SSA tried to give people access to their personal account information through the Internet. SSA's Web site let individuals order an earnings and benefits statement. The service attracted a high level of publicity following a USA Today story suggested that personal records could be obtained improperly by someone who knew a few of your personal pieces of information.

@INFO.POLICY


Robert Gellman


 


What has happened to the Social Security Administration’s Web
service?


Last year, SSA tried to give people access to their personal account
information through the Internet. SSA’s Web site let individuals order an earnings
and benefits statement. The service attracted a high level of publicity following a USA
Today story suggested that personal records could be obtained improperly by someone who
knew a few of your personal pieces of information.


After intense media and congressional criticism, SSA closed down the site
to retool it for more security—and less functionality.


SSA’s experience is an important lesson learned for government
agencies and others seeking to do business on the Internet. SSA tried to do something
useful and innovative, and it got shot at for its troubles. But those who look longingly
at the potential of the Net should learn the right lesson.


Before continuing, a disclosure: I was hired by SSA to consult on the
retooling effort. The opinions expressed here, of course, are my own.


I have three basic points to offer. First, SSA had actually done a pretty
good job before setting up its Web service. The agency consulted with security people, and
it carefully and slowly tested its offering.


Yet to some, the agency didn’t do enough. SSA did not pay enough
attention to public relations and political concerns. Still, no matter how careful SSA was
in advance, it might not have mattered. The service touched three hot-button and
high-profile issues: Social Security numbers, privacy and the Internet.


Reporters especially love to hype the Internet angle on anything.
Activities routinely ignored by the media become front page stories when the Net is
involved. For example, more than a million marriages break up each year in the United
States alone. But when a spouse leaves a marriage because of an Internet relationship, it
makes for titillating footage on the TV tabloids.


Agencies must be aware of this. They must prepare for sharp and even
unfair reactions from the press, the public and Congress. The fear of criticism should
not, however, be used as an excuse for doing nothing.


This leads directly to my second point. Agencies must learn how to do
business on the Internet. Interest in Net services is clearly there. Criticism of the SSA
service did not come from the users. People who used the Internet service loved it, and
they want more. Net services are not only faster and more responsive, they are sometimes
cheaper as well.


For SSA, the cost of providing an earnings statement over the Internet was
measured in pennies. The cost of processing telephone and snail mail requests for the same
information was measured in dollars. In an era of downsizing and tight budgets, such
savings are important.


Finally, we all have to accept that computers and the Internet are
double-edged swords when it comes to privacy. They offer the prospect of better ways to
achieve privacy goals at the same time they create new threats to privacy.


Don’t be misled into thinking that privacy is the same as security.
Providing people with access to their own information is an important element of privacy
as well. That is one reason privacy advocates were not uniformly critical of SSA’s
original Web offering.


They recognized that what SSA was doing furthered privacy.


Security is important, too, but it is not the only concern. Advance
planning and consultation with users, security experts and privacy advocates can help
strike the right balance between sometimes competing objectives.


Don’t forget the folks on Capitol Hill, either. They hate to be
surprised by anything. When in doubt, they reach for a press release. Get them to buy in
as well.


SSA did a good job when it announced changes to its Net service last fall.
The new service will have increased authentication elements and reduced disclosure, but it
will still be valuable. It still does not offer perfect protection against interlopers.
That is impossible today.


But the improved service should be enough to satisfy just about everyone.


The only problem is that SSA hasn’t brought the service back online.
A revised and restructured Web page was supposed to be ready last December. It is not
clear what the problem is.


Using the Net to provide personalized service is the wave of the future.
Proceed with your eyes open, move cautiously, and talk to everyone. But proceed.


Robert Gellman, former chief counsel to the House Government Operations
Subcommittee on Information, Justice, Transportation and Agriculture, is a Washington
privacy and information policy consultant. His e-mail address is rgellman@cais.com.

NEXT STORY: Who needs an auditorium

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.