Personal tools
You are here: Home Press Room News Releases 2007 Computer Expert Urges Identity Verification Safeguards for Employee Eligibility Systems
Document Actions

Computer Expert Urges Identity Verification Safeguards for Employee Eligibility Systems

Neumann's Congressional Testimony Warns of Risks to Personal Privacy, System Integrity

Virginia Gold

Sara Appleyard

The Association for Computing Machinery



Neumann's Congressional Testimony Warns of Risks to Personal Privacy, System Integrity

NEW YORK, June 7, 2007 - At a Congressional hearing today on security and privacy issues affecting efforts to verify employee eligibility, Peter G. Neumann testified on behalf of the U.S. Public Policy Committee of the Association for Computing Machinery (USACM) that many risks confront the complex systems requiring employers to submit identifying information on current and prospective employees, as envisioned in pending legislation. Dr. Neumann, Principal Scientist in the Computer Science Laboratory at SRI International, urged Congress to create the right incentives for operators and employers to maximize the achievement of U.S. immigration laws that mandate employee eligibility verification while minimizing privacy and security risks to individuals. The pending legislation includes provisions to expand the Employee Eligibility Verification System (EEVS).

EEVS is related to several bills in the House and Senate proposing national systems for verification of employment eligibility, including the Secure Borders, Economic Opportunity and Immigration Reform Act of 2007 currently being debated by the U.S. Senate. Dr. Neumann cited vulnerabilities in the extensive computer database applications required by these systems that contain personal information, presenting risks to both the systems and the data as well as to individual privacy in these complex systems.

Speaking before the Subcommittee on Social Security of the U.S. House of Representatives Committee on Ways and Means, Dr. Neumann presented detailed recommendations to assure that the employee eligibility verification system is designed, constructed, and operated with the level of quality necessary to protect against identity theft and widespread fraud. "These potential pitfalls to security, integrity and privacy must be anticipated from the beginning and reflected throughout the design, implementation, and operation of the systems planned to implement the EEVS expansion," he said. "We should not expect easy technological answers to inherently difficult problems."

In his testimony, Dr. Neumann warned that information sent and stored in EEVS includes all of the primary personal identifiers in the U.S. "Any compromise, leak, theft, destruction, or alteration of the data would have severe consequences to the individuals involved, including, but not limited to, identify theft and impersonation," he said. He provided detailed USACM recommendations to address several aspects of specific concern in the EEVS, including transmission of information, accountability for access to information, scalability to handle at least a thousand-fold increase in user volume, and accuracy of information. He also addressed National ID System concerns and accessibility issues for small employers or poorly trained users.

Dr. Neumann, an ACM Fellow and a member of USACM, said these concerns are also applicable to related programs such as the REAL ID Act, which established standards for state-issued driver's licenses, and US-VISIT, a U.S. immigration and border management system. "Privacy and security are inextricably linked," Dr. Neumann noted. "One cannot ever guarantee complete privacy, but the difficulties are severely complicated by systems that are not adequately secure."

Dr. Neumann's statement urged more focused research on total-system approaches that address identity, authentication, authorization, and data protection. For example, he pointed to promising new developments that enable the use of cryptography to allow queries to be answered more efficiently.

The complete testimony for today's hearing is available at

About ACM
ACM, the Association for Computing Machinery, is an educational and scientific society uniting the world's computing educators, researchers and professionals to inspire dialogue, share resources and address the field's challenges. ACM strengthens the profession's collective voice through strong leadership, promotion of the highest standards, and recognition of technical excellence. ACM supports the professional growth of its members by providing opportunities for life-long learning, career development, and professional networking.

The ACM U.S. Public Policy Committee (USACM) serves as the focal point for ACM's interaction with U.S. government organizations, the computing community, and the U.S. public in all matters of U.S. public policy related to information technology. Supported by ACM's Washington, D.C., Office of Public Policy, USACM responds to requests for information and technical expertise from U.S. government agencies and departments, seeks to influence relevant U.S. government policies on behalf of the computing community and the public, and provides information to ACM on relevant U.S. government activities. USACM also identifies potentially significant technical and public policy issues and brings them to the attention of ACM and the community.

ACM/Press Release. Last updated June 7, 2007 by Steven Geringer