Shostack + Friends Blog Archive


Federal Computer Week on SSN Purges


There’s an article in Federal Computer Week explaining that “Agencies face SSN scrubdown.” We mentioned this last week in “White House Data Breach Prevention Guidelines.” I am pleasantly surprised to learn that some data actually will be be declared ‘unnecessary:’

Agencies can eliminate some SSN uses by asking employees not to write their SSNs on leave application forms, Howell said. NBC also is modifying its time and attendance system to eliminate the use of SSNs…Like USDA, Interior has a head start on scrubbing its databases of unnecessary SSNs. Interior’s National Business Center, which handles many of the department’s major applications containing sensitive information, is able to mask or block the display of SSNs on reports and computer screens, said Interior CIO Mike Howell.

It remains to be seen how much data will be scrubbed. There’s also an interesting linguistic tidbit: the article flips between and and or, as in “only as authorized by law and as necessary to carry out agency responsibilities” and “Do we have to have information for a legal or procedural reason.”

As any programmer can tell you, there’s a world of difference between those two sentences.

Article pointer via Pogo Was Right. Photo, “Social Aptitude,” by ms. boomer.