Computer Privacy Expert Warns of Risks to Employment Eligibility Verification System
USACM's Antón Urges Thorough Testing of Pilot E-Verify System Prior to Adding New Functionality or Programmatic Goals
Association for Computing Machinery
Advancing Computing as a Science & Profession
|Virginia Gold||Cameron Wilson|
|ACM||ACM Public Policy Office|
WASHINGTON – April 14, 2011 – At a Congressional hearing today on the Social Security Administration’s role in verifying employment eligibility, Ana I. Antón testified on behalf of the U.S. Public Policy Council of the Association for Computing Machinery (USACM) that the automated pilot system for verifying employment eligibility faces high-stakes challenges to its ability to manage identity and authentication. She said the system, known as E-Verify, which is under review for its use as the single most important factor in determining whether a person can be gainfully employed in the U.S., does not adequately assure the accuracy of identifying and authenticating individuals and employers authorized to use it. Dr. Antón, an advisor to the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee and vice-chair of USACM, also proposed policies that provide alternative approaches to managing identity security, accuracy and scalability.
“A sense of urgency in our nation’s efforts to protect its citizens can sometimes lead to taking shortcuts without proper validation and testing,”said Dr. Antón, director of ThePrivacyPlace.org, a privacy research center for North Carolina State University and Purdue University. “Compromises to these systems would likely result in massive identity fraud, which would be more damaging given the planned and proposed expansions to the E-Verify pilot system.”
Dr. Antón, a professor at North Carolina State University, noted that E-Verify is being used by over 238,000 employers, yielding 16 million queries during the 2010 Fiscal Year. She cited a December 2009 evaluation conducted by Westat Corporation for the Department of Homeland Security that revealed inadequacies in the E-Verify system. This large-scale national test reported that 54 percent of illegal immigrants checked through E-Verify were incorrectly deemed eligible to work because they were using stolen or borrowed identities.
Dr. Antón noted that complex systems like E-Verify are fallible and often misused or subject to mission creep. She cited authentication and access control risks that may increase the system’s exposure or compromise data integrity and leakage, resulting in cost and schedule overruns, system breakdowns, intrusions, and obsolescence.
Speaking before the Subcommittee on Social Security of the U.S. House of Representatives Committee on Ways and Means, Dr. Antón urged members to eliminate the weaknesses of the E-Verify pilot system and objectively audit the system before it is scaled up or extended to verify individuals for anything other than employment. She identified technical solutions for validating pilot projects prior to adoption of permanent status, and offered objective technical recommendations even before expansion of E-Verify is considered. In addition, she warned against resorting to biometric technologies as a solution to the authentication problem posted by E-Verify, as it would be premature.
The complete testimony from Dr. Antón for today’s hearing is available on the USACM Web page.
ACM, the Association for Computing Machinery www.acm.org, is the world’s largest educational and scientific computing society, uniting computing educators, researchers and professionals to inspire dialogue, share resources and address the field’s challenges. ACM strengthens the computing profession’s collective voice through strong leadership, promotion of the highest standards, and recognition of technical excellence. ACM supports the professional growth of its members by providing opportunities for life-long learning, career development, and professional networking.
The ACM U.S. Public Policy Council (USACM) http://www.acm.org/usacm serves as the focal point for ACM's interaction with U.S. government organizations, the computing community, and the U.S. public in all matters of U.S. public policy related to information technology. Supported by ACM's Washington, D.C., Office of Public Policy, USACM responds to requests for information and technical expertise from U.S. government agencies and departments, seeks to influence relevant U.S. government policies on behalf of the computing community and the public, and provides information to ACM on relevant U.S. government activities. USACM also identifies potentially significant technical and public policy issues and brings them to the attention of ACM and the community.
# # #