USACM Urges Congress to Build in Safeguards for Automated Employment Checks
Spafford’s Congressional Testimony Warns of Impact on Blameless Seeking Employment
The Association for Computing Machinery
Advancing Computing as a Science & Profession
||ACM Public Policy Office|
NEW YORK, May 6, 2008 – At a Congressional hearing today on employment verification systems and their impact on the Social Security Administration, Eugene H. Spafford, chair of ACM’s U.S. Public Policy Committee (USACM), cited several potential problems, some already evident, in a pilot system operated by the U.S. Department of Homeland Security’s (DHS) to electronically check on employee work eligibility. Dr. Spafford urged Congress to include sufficient safeguards to ensure that both employers and employees are adequately protected from technical failures and abuses of the system.
Congress is considering several proposals to expand the DHS automated employment verification system, known as E-Verify, by mandating that every employer verify all new hires and existing employees using an expanded version. Currently, employers may use the existing E-Verify system to confirm work eligibility in the U.S. against Federal databases.
“As technologists, we are acutely aware of the limitations and failure modes of current information technology,” Dr. Spafford noted. “What makes this especially serious is that some of those failures many result in unemployment for unfortunate and innocent victims. Any system must take the extreme failure modes into account and provide appropriate safeguards to avoid injury to the blameless seeking gainful employment to better themselves.”
Testifying before the Subcommittee on Social Security of the U.S. House of Representatives Committee on Ways and Means, Dr. Spafford identified three major concerns regarding E-Verify: the accuracy and timeliness of system results; the security and privacy protection afforded to information kept in the system; and the technical feasibility of multiple approaches to creating such a system. He added that these concerns are also applicable to related programs such as the REAL ID Act, which established standards for state-issued driver’s licenses, and US-VISIT, a U.S. immigration and border management system.
Historically, Dr. Spafford said, decisions to hire someone willing to put in an honest day’s work are made by individuals. “Requiring that decision to be overruled by technology is a not-insignificant change that would remove or penalize human judgment in exigent or compassionate circumstances, especially in cases of error,” he said. He also noted that any widespread shift toward mandating an employee verification system has significant social as well as technological impacts.
In his testimony, Dr. Spafford referenced highlights from last year’s testimony by Dr. Peter G. Neumann’s on this topic. They included: the high failure rates of using data, particularly Social Security Number (SSN) records, to drive these employee verification systems; the risks to IT systems with large databases of personal information from abuse, theft, and corruption; potential burdens on small business owners who may be required to obtain, maintain, and secure appropriate computer access methods; availability of the system to victims of disasters such as Hurricane Katrina; and challenges to budget and design criteria from scaling prototypes into large systems.
Dr. Spafford is an ACM Fellow. He is professor and executive director of the Purdue University Center for Education and Research in Information Assurance and Security (CERIAS), a campus-wide multidisciplinary institute, with a mission to explore important issues related to protecting computing and information resources. He was also a member of the most recent incarnation of the President’s Information Technology Advisory Committee (PITAC) from 2003 to 2005.
The complete testimony for today’s hearing is available at http://www.acm.org/usacm/PDF/EEVS_Testimony_Eugene_Spafford_USACM.pdf
ACM, the Association for Computing Machinery www.acm.org, is the world’s largest educational and scientific computing society, uniting computing educators, researchers and professionals to inspire dialogue, share resources and address the field’s challenges. ACM strengthens the computing profession’s collective voice through strong leadership, promotion of the highest standards, and recognition of technical excellence. ACM supports the professional growth of its members by providing opportunities for life-long learning, career development, and professional networking.
The ACM U.S. Public Policy Committee (USACM) http://www.acm.org/usacm serves as the focal point for ACM's interaction with U.S. government organizations, the computing community, and the U.S. public in all matters of U.S. public policy related to information technology. Supported by ACM's Washington, D.C., Office of Public Policy, USACM responds to requests for information and technical expertise from U.S. government agencies and departments, seeks to influence relevant U.S. government policies on behalf of the computing community and the public, and provides information to ACM on relevant U.S. government activities. USACM also identifies potentially significant technical and public policy issues and brings them to the attention of ACM and the community.
# # #