Shostack + Friends Blog Archive


Privacy and Background Checks

In a comment, Axinar writes:

Is it reasonable for an employer to know whether or not a potential employee has a history of violence or theft? Well, probably. And with our liability situation the way it is, generally any company with deep pockets is virtually REQUIRED to run background checks because if an employee “goes postal” and discovery reveals that person has a previous background of violence that the company could have found out but didn’t, that company can be sued out of existence.

This tension is challenging. The quality of records maintained is low. We know that people have been denied jobs because of bad records. At the same time, as an employer, I’m concerned about doing the right thing for my employees and for my shareholders.

I am generally not fond of technological solutions to social problems. That said, I think one important way forward comes to us via the work of Stefan Brands. In his book, Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy
,” Stefan describes ways that a job applicant can take certified records from a company, say Lexis Nexis, and present parts of them to a potential employer. The cryptographic math is brilliant. If you don’t believe me, ask his thesis advisors, Ron Rivest and Adi Shamir. I could present a statement of the form “Adam Shostack has no criminal record in the United States, signed, LN” or “Adam Shostack has no record of criminal violence in the United States.”

Important facets of this include that the statement is signed by some certifying party, that the exact statements made are under my control, and that I can only make statements the certifier is ok with. At the same time, because I’m in the middle, I can see what statements the certifier accepts. So if there’s a problem, I can correct it, or sensitize the reader of the statement that I believe there’s a problem.

(I worked with Stefan at Zero-Knowledge, and one of my biggest regrets is that we didn’t get further in promoting his technologies.)

[Update: Don’t miss Not Bad for A Cubicle‘s post on this. Wish I’d said all that.]

8 comments on "Privacy and Background Checks"

  • Axinar says:

    Well, I guess the problem is this — if you lose a job to identity theft, hypothetically the most you can possibly lose is about $1,000,000, which is probably less than would make it worth the while of an attorney to take up the case.
    However, if you hire someone with a violent past and they come in and mow down 15 people with an Uzi, and it can be proved that you had a way of discovering that violent past, a company could likely be sued for $10,000,000 for EACH person killed.
    Yes, we do need to get the authentication issue under control … and probably we need to do so with the same mechanism that caused this mess in the first place unfortunately — everyone who has been harmed by identity theft needs to get together and form a HUGE class action lawsuit and put the whole damn industry out of business until it can be cleaned up.

  • Pete says:

    It seems to me that for this system to work, we would need some form of strong (retainable) identification as well as certifying authorities. The exciting part of crypto is that it provides the possibility of anonymity (though perhaps not privacy). However it is done, this is a house of cards without stronger identity (even if they are alternate forms from our “human” identity). Of course, the more forms of identification we have, the more likely we will need an aggregator like ChoicePoint (I think).

  • Axinar's says:

    The Importance of Authentication

    As counter-intuitive as it may seem, I believe that ultimately it is a religious issue. It certainly is a public policy issue that needs to be addressed, and it impacts financial concerns of just about everyone in the modern world, but it stems from …

  • At ChoicePoint, the point is on their heads, pt. 4

    Over at EmergentChaos, Adam Shostack has posted some thoughts on, “Privacy and Background Checks??? … I’m going to go a step further and put my own analysis of what this means. Background checks are a Risk Management mechanism. In the scenario o…

  • Iang says:

    Not to belittle Stefan’s achievments here (I also was working to help him get some of his stuff into action, until ZKS put a stop to that 😉 but the technological solution of better refining the data is really only half of the picture.
    As a sometime employer, I can see that being presented with a carefully crafted statement that gives me precisely what I *need* may be a valuable thing. But I also shy clear of agreeing that this is an ideal. In fact, I think as presented that would be a disaster.
    Possibly the reason for this is the principle of redundancy. Flying foot loose and fancy free here, I want to employ people who work well in my context, and fundamentally, it is *I* who make the call, and it is *I* who have the knowledge to make that judgement. I’m also the one who pays the costs of failure, for the most part.
    Not the individual, and not the careful partitioner of data a la Stefan’s admittedly revolutionary concepts.
    Which is to say, I want to be able to read *all* the data that I can. Which immediately puts the emphasis on my own responsibility; to make the right judgement, yes, but more, to also filter out the bad information and the uncorrelated, and to protect it.
    Literally, I want to know everything about a person. Yes, I may for example employ a reformed paedofile for a payments programming job, or I may employ a reformed bank robber for a child minding job. It’s my call. And my neck.
    Which means any approach to reduce the information is an approach that says “the employer cannot be trusted nor responsible with this information.” Which may well be true … but the logical conclusion is that the employer cannot be trusted/responsible for _making an employment decision_.
    Is that what you (not personally) want? To which I say, be careful what you wish for!

  • adam says:

    What I want depends on which side of the desk I’m sitting on. As an employer, I want open and candid statements from references. As a candidate, I want to know if someone’s slamming me.
    As an employer, I don’t want to get into an argument over a decision. As a candidate, I want the opportunity to rebut false statements.

  • Cypherpunk says:

    The problem with such privacy-protecting systems in this context is that there will be a race to the bottom. Some workers won’t use them. They will tell employers, I have nothing to hide. I am giving you blanket permission to search my records, the credit databases, my employment history. You will see that I have no black spots on my record, I have been an exemplary employee and I will do just as good a job for you.
    Another job applicant comes in and uses all this fancy technology. Well, you can see this endorsement here, and that one there, but you can’t see any other details of my work history.
    Which are you going to hire? The first job seeker is far more credible. The one who is hiding data is going to be assumed to have something to hide. Applicants will be competing against one another and this will motivate them to expose all of the information. Even if there are some problems, they would rather show the problem and explain it. That’s a responsible thing to do and it can actuallly improve the applicant’s image. Hiding data is only going to make the employer wonder about just how bad things are.
    The bottom line is that anonymity will cost employees. It will hurt them in any competition where openness and visibility is an asset. They can still get jobs, but they will be worse jobs that pay less, because by hiding details about themselves they cannot compete with those who are open.

  • adam says:

    “I have nothing to hide, but I want to participate in the process, to make sure the information you get is accurate and credible.”
    There may be a race to the bottom at McDonalds. Other companies may choose to compete by showing a trust in their worker. Those companies will have an advantage in hiring great people and motivating them to work well.

Comments are closed.