On Wed, May 16, 2001 at 01:14:01PM -0500, Aimee Farr wrote:
> Wouter said:
> > On Tue, May 15, 2001 at 08:42:25PM -0500, Aimee Farr wrote:
> > > The author proposes a take on the "Dutch Digital PII-boxes" to combat ID
> > > theft with a validation system, as an alternative to "SSN secrecy"
> > > legislation, etc. (The Dutch are implementing a scheme where personally
> > > identifying information is stored with the government, including the
> > > elective storage of medical and employment information: PII escrow.)
> I don't doubt some of what I have read as been "overblown." I would
> appreciate any good references.
As far as I know they are all in Dutch. The closest is the Telepolis
article (from <URL:http://www.heise.de/telepolis/>).
> > For what it is worth, the focus of this Dutch proposal is not about
> > storing _new_ personally identifying information but about a new way of
> > providing centralized access to information already stored by the
> > government (name, place and date of birth, the Dutch equivalent of a SSN
> > etc).
> I believe this is the context of the proposal I referenced. Not only is the
> government a TTP, this information is easily publicly available. Indeed, the
> proposed measure could be of concern to information brokers and several gray
> industries, depending on the ramifications and how it is implemented.
In the Dutch proposal, I don't see why information brokers are impacted
at all. It is only about changing the way the government makes its data
available to its own (semi-)government organisations and the citizen
itself.
> > This proposal is compatible with the project to replace the current
> > version of the passports with a version that includes a smartcard (with
> > appropiate personal keys and certificates). The idea was that this
> > smartcard could be used for strong authentication to access these
> > "personal vaults".
> Viewed as a courtesy and convenience service by the majority of the
> population?
This is hard to say, as the document is just a proposal to the Ministery
of Interior. As such, it hasn't had much press or even gone to our
houses of parlement. Probably it will be viewed as a minor change from
the current status quo, at least that's what I make of it.
> > The information is already out there being used, so let it be in a place
> > I have some form of control over it.
> That is the argument here.
As I see it, yes. I can not see it getting any worse, barring the
solvable problem of putting all that information in one central location
accessable over the Internet (the current system is on a closed network,
which at least cuts down the number of people in the position to try
down from the whole Internet to those with physical access or
equivalent).
> Thank you for taking the time to add some clarifications, and give the other
> side of the issue. I think this proposal takes much the same tact. Of
> course, we have numerous SSN laws being considered, and wheels are hard to
> stop. It will be interesting to see how the US will address this issue and
> secure the support of some powerful stakeholders.
Yes it will be interesting. I think one of the major differences with
the situation here in The Netherlands is that here the misuse of SSN's for
all kinds of non-government issues is not at all common. It is only used
as an unique identifier in tax-related issues (tax-form, wages-slip
etc), so it is of no value for opening bank accounts and all those
other problems misuse of the SSN has in the USA. The other one I can
think of is that the Dutch/European privacy laws are much stronger.
With kind regards,
Wouter Slegers
