Archive for May, 2007

Securing My Academic Transcript

I just ordered several transcripts from my university, which I will need to distribute to several organizations, for different reasons. If the transcript seal is broken, the transcript is no longer official.
As you’re probably aware, transcripts come in sealed envelopes. If the envelope seal is broken, the transcript is no longer “official.”

Most organizations I send transcripts to have no need for my Social Security Number. I can easily give them my SSN if the require it for legitimate reasons, such as tax purposes. So, I decided to break the seal, and remove my SSN from all but one of my transcripts, with a razor blade. I’ve found that black marker just doesn’t do the trick. Besides, this really gets the point acrossI removed my SSN from the transcript with a razor blade..

I re-sealed the envelope, and enclosed the following letter:

To Whom It May Concern:

At the advice of state and federal officials and numerous experts, and because of the extreme risks associated with disseminating my Social Security Number, I have removed my SSN from this document. Though I recognize that breaking the envelope seal transformed this transcript from an “official” to “unofficial” transcript, I certify that I have made no other changes to the document.

George Washington University refused my request to remove my Social Security Number from the transcript. George Washington University is one of a small minority of nationally ranked universities that do not allow students the protection of withholding Social Security Numbers from transcripts or other official university documents. I am told they plan to change their policy in the near future.

Countless states Attorneys General have issued warnings similar to the Washington, D.C. Attorney General, “avoid providing your social security number or other personal information to prospective employers [or other organizations] until you have verified the legitimacy of the organization and their need to verify your background.” A few states have even outlawed placing the Social Security Number on transcripts and other academic documents altogether.

I regret that I must resort to these measures to ensure the protection of myself and my family.

If this organization requires my Social Security Number for legitimate tax or background check purposes, I will be pleased to provide the information in the future. However, as this date, I am not aware of any such requirement.

Do not hesitate to contact me if you have any questions or concerns.

Sincerely,

Aaron Titus

I’ll let you know how it goes.

No Comments

The Way Things Really Are

Searching for truth is not really about finding what’s “best” for you. Usually “best” simply means “most comfortable,” “most familiar,” “most agreeable,” “easiest,” or even “least objectionable.” And in a world of changing aesthetics, paradigms, and ideas, preferences change, personalities alter, paradigms shift, and ideas find new incarnations. What is “best” or “most comfortable” for you will likely change over time.

In that sense, I am not looking for what’s “best.” I am looking for what is true.

Our eclectic, world-wide, culture is full of apparent contradictions. In the face of conflicted and conflicting views of the world and human condition, our culture rejects the notion that the pursuit of an answer may come to any assured or absolute conclusion, and therefore, though conflicting truths may exist, Truth does not. This is often expressed as “your truth,” and “my truth.” To assert that Truth does not exist is a neat and tidy way of making sense of a senseless world.

In past era, every major civilization has had a dominant religion. Religion answered key philosophical questions about the meaning of existence, and the nature of the world. High Priests held the keys to the secret, higher knowledge. Temples were objects of the interaction between man and deity, the eventual source of higher knowledge.
We are no different today, even in our diverse, international society. Our religion is Science. Our High Priests are Scientists. Our temples are Libraries and Wikis. Our High Priests have taught us that truth is transitory, and subject to constant revision with further understanding.

By way of example, a physics professor started the semester by asking our large class, “What is truth?” Several students raised their hands. The first said, “Truth is universal.” “Wrong!” the professor retorted, “In Physics, truth is specialized.” Stunned, another student answered, “Truth is something you know, but can’t prove.” “Wrong!” he shot back, “Nothing is true without proof.” The next student ventured, “Truth never changes.” Clearly in a rhythm he bellowed, “Wrong! Truth constantly changes as we learn new things.”

A half-dozen students offered answers to his rhetorical question before I could muster the courage to raise my hand. “Truth is the way things really are,” I said. His rhythm broke, and he gave no rebuttal.

Truth is the way things really are. The way things really were. The way things really are going to be.

All real things have a nature, or a set of calculable characteristics. All things (and I mean ‘things’ in the most inclusive sense possible) possess some degree of reality, and have a set of calculable characteristics that are independent of human perception or cognition. Even emotions and perceptions themselves are real, as they possess characteristics of their own. Whether the number of characteristics associated with a real thing is finite or infinite is of little concern. Neither is it of great concern whether or not human beings (or animals, or plant life) have the ability to acquire and comprehend any portion of these characteristics. These characteristics are fundamentally independent of perception, cognition, or interpretation. They describe the way things really are.

For centuries humans perceived the world as flat. The world’s nature did not change when the first person understood the earth is a spheroid. The earth’s spherical nature is independent of human cognition. Also, if I may be so bold, a tree falling in the woods makes a sound regardless of whether human ears are present. A tree’s nature is not dependent on a human’s ability to cognize vibration.

So the point is to try to understand the way things really are, and then adjust to the truth. Since arguably nobody completely understands everything about the way things are, were, and will be, Truth really isn’t the most comfortable, familiar, agreeable, ore easiest thing for anyone. Living according to Truth always involves adjustment.

From a religious perspective, if God really exists, then it is important to understand God’s nature as far as possible. If God really is the literal Father of the human family, or if any particular religious doctrine is true, then it is important to adjust one’s habits accordingly. Conversely, if any of the foregoing are not “the way things really are,” then it is equally important to understand that fact.

An individual comes to understand truth as he acquires characteristics that describe truth, whether by spiritual, transcendental, empirical, or other means. However, it is important not to accidentally substitute the concepts of “perception” or “interpretation” for the Truth itself. Perception and interpretation varies from individual to individual, but no amount of misperception will change the nature of a real thing.

Understanding is the personal acquisition of some degree of truth, subject to personal interpretation and distortion. Filtered, fragmented, or interpreted truth, as acquired by the human mind, is rarely complete. As Understanding is necessarily biased, it is unwise and unproductive to substitute Understanding for Truth.

Our finite minds have developed tools to acquire and process information about Truth, such as social constructs, biases, media, and language. One example is the Transparent Plane (such as windows, TV screens, camera lenses, sunglasses, or the imaginary plane on the edge of a stage) which filters the truth, leaving information for only one or two of the senses. Information passed through the Transparent Plane is therefore fundamentally incomplete.
Other tools for acquiring and filtering truth are experience, testimony from authority, observation, pre-conceived notions, the physical senses, linguistic biases, religious experience, etc.

As each of these tools filters characteristics, they present an incomplete or distorted view of the way things really are. Therefore, truth filtered through social constructs may yield conflicting interpretation. Finding internal conflict disconcerting, we seek ways to alleviate ourselves of the discomfort. We may encounter several apparently conflicting manifestations of one larger truth; but with our limited cognition, we may not be able to correlate them. Though it is natural and easy, it is incorrect and unenlightened to assume that conflicting manifestations of truth must necessarily represent “conflicting truths.”

Consider a cat playing with a laser light. He pounces on the red dot and feels nothing under his paws, but instead perceives that the dot has quickly jumped on top of his paws. He smells, hears and tastes nothing. Drawing on experience, he might identify the dot as a very small insect. The light is turned off, and he scurries to see where the “insect” has gone. Then the laser is laid on the ground to project a long red line across the floor. The cat is baffled. The entirely different shape and movement of this entity prove that this is completely unrelated to the red dot he first encountered.

The nature of the laser light remained fundamentally consistent. But the manifestation of the light, and the cat’s ability to apprehend and interpret the truth had been filtered, distorted, and fractionalized through his senses and interpretation. It is not unreasonable to suggest that humans have similar challenges acquiring and interpreting Truth. Truth is therefore essentially greater than human cognitive ability: Cognitive ability, illusion, point of view, interpretation, and biases are relative, not Truth.

Like my cognitively impaired cat investigating the laser beam, our society has not yet formulated a complete model in which to fit truth. Apparently conflicting manifestations of truth, and the inability to apprehend and interpret truth leads many to believe that many conflicting “truths” exist, or arrogantly assert that truth does not exist.

All real things have characteristics, which describe the way things really are. Despite social constructs and media that filter and fractionalize truth, Truth is the way things really are, and is unconstrained by human reason or cognition. As one comes to fully utilize spiritual, empirical and transcendental means of acquiring truth, one’s Understanding and actions come closer to the truth, or the way things really are.

No Comments

Wireless Medical ID Theft

Identity thieves use many tactics to gather sensitive personal information.  Some check your mailbox.  Others dumpster-dive.  But now a more sophisticated identity thief might be found slowly cruising medical park parking lots with a laptop.

Off work and out of school, I spent the week between Christmas and New Years, December 2006, taking care of a friend at Sibley Hospital.  During the long hours of sitting in the hospital and doctors’ offices, I tried to keep myself productive with my laptop, which proved surprisingly difficult without internet access. I scanned the 6th floor of the Hospital, and found 13 wireless networks, all of which were private and inaccessible.  That was understandable, but bad news for my productivity.

Many businesses have begun to recognize the increasing dependence their customers have on internet connectivity.  Consequently they, along with local governments and even hospitals and doctors offices now offer “Hot spots,” or areas of free internet access to patrons.  Complimentary internet access has even become an expectation in many places.

Down in the cafeteria, I began to wonder if all medical facilities were as careful as Sibley Hospital about securing their wireless networks.  After all, any time you mix open wireless networks with medical information, you run the risk of exposing confidential information protected by HIPAA, and privacy acts.

So, I decided to perform a survey of 76 casually selected wireless networks at hospitals and medical parks in Maryland and DC.  At the large hospitals I checked, public and private networks were carefully controlled.  However, networks in smaller medical parks, whose tenants are usually independent practitioners, showed far more security defects.

This trend is perhaps predictable, because hospitals maintain a staff of IT professionals, and have established IT procedures. In contrast, independent practitioners have small staffs and often outsource IT functions to people of varying skill.  When they outsource it to a non-professional, it can have a devastating effect on patient privacy.

Take Dr. Abulhasan Ansari’s office for example.  He treats adults and young adults in his Clinton, Maryland office.  While he was away on vacation in December 2006, a member of the office staff contracted with an outside IT “professional” to create a wireless network.  The network required no password, was not encrypted, and maintained all of the factory default settings.  The network was available to any member of the public with a laptop.  Though it is unclear whether it was intended to provide complimentary internet access to waiting patrons, it is clear that it was not intended to allow patrons to access confidential patient information.  But it didn’t turn out that way.

Sitting in my car, I opened my laptop. Once my laptop associated with Dr. Ansari’s network (named “linksys”), Windows XP automatically scanned it, and populated “My Network Places” with shared folders.  Unfortunately in Dr. Ansari’s case, these folders contained Access databases with confidential patient information, including names, SSNs, birth dates, and medical histories for his patients.  All of this information was available to anyone within 100 feet of the office with a laptop.  This meant that an identity thief could slowly cruise through the medical park parking lot, grab the Access databases with the patient data, and leave completely undetected, without stepping foot in the office.  Incidentally, the wireless router was also essentially open, which means that a thief could have hidden his tracks by erasing the router log.

After making this discovery, I entered the office and told the manager my findings.  At first, she insisted that the records were not theirs.  I displayed the access files on my screen and she confirmed that they were in fact, Dr. Ansari’s patients.  She insisted however, that since they “just recently” established the wireless network, no unauthorized person could have accessed the information in such a short time.  I don’t think she appreciated the irony of her statement, as she was viewing her patient data on my laptop.

I asked them whether they had any plans to notify the affected patients that their medical data had been potentially compromised.  Instead of answering the question, she said that they would simply disconnect the wireless router.  Once she disconnected the router, the files disappeared from my screen, and she promised to have the “professional” return and secure the network right away.

Exactly one week later, I visited the same medical park, and performed the same scan.  Dr. Ansari’s office had fixed their problem, but I was dismayed to find that one of their neighbors in an adjoining building had put up their own insecure wireless network in the intervening week.  They were closed at the time.

In all, I surveyed 78 medical wireless networks.  6 allowed access without a password, encryption, or other security bar.  Sibley Hospital, where I spent several days over the break, had at least two public wireless networks in the cafeteria.  They did not allow access to any internal network.  Four others, both in medical parks (not hospitals), allowed direct access to an internal office network, some of which contained confidential patient data in Excel files and physician dictations.

The most startling part of this exercise is that the percentage of insecure networks in my sample was nearly 8%.  A single breach by an identity thief can cause hundreds of thousands of dollars in damage, and adversely affect hundreds or even thousands of current and former patients.

Despite clear regulations set forth under the authority of HIPAA, new technology poses challenges to under-trained staff.  In addition, as demonstrated by this episode, there is a tendency to eliminate and hide mistakes (ie, turn off the router), rather than properly address the issue, or notify potentially affected individuals.

That policy is understandable, if regrettable, because often business owners don’t feel the need to “unnecessarily worry” their customers by announcing a potentially embarrassing security gaffe, when there is no hard evidence that anyone in particular accessed sensitive data, or an increased likelihood of harm.  It also regrettably creates an incentive for business owners to put their heads in the sand, so to speak, by not monitoring networks at all; after all, if you don’t collect data that could demonstrate whether a breach had occurred, you’ll never risk having to notify anyone of a breach.

So, next time you go to the doctor’s office, take your laptop, and be prepared to challenge your doctor’s information security procedures.  And keep an eye out for anyone cruising the parking lot with a laptop.

No Comments

The MIB: Medical Division

Long before Will Smith and Tommy Lee Jones hit the screen as intergalactic secret agents, the MIB was doing undercover work of a distinctly terrestrial nature. Amassing storehouses of medical information since 1902, the Medical Information Bureau maintains a sort of “Medical Credit Report” on roughly 20% of the United States population.

When you apply for life, health, or disability insurance, insurance companies collect information about factors that might affect your health or longevity, such as age, sex, drug or alcohol use, and other risk behaviors. There is a good chance that at one point or another, you have signed a waiver permitting an insurance provider to transmit this information to the MIB, which creates a record of the insurance findings.

Once stored in the MIB databases, participating MIB insurance companies may access your information in order to reduce insurance fraud. MIB stores these records for seven years, and some of their contents have been a closely held secret. Moreover, some of the information is inaccurate, which can cause major problems for some consumers. This arrangement has led privacy specialist Simson Garfinkel to refer to the MIB as the “official insurance agency gossip columnist.”

The MIB does not store medical test results, records, or X-rays. Though insurance companies are theoretically prohibited from rejecting insurance coverage based upon information in the MIB report, some evidence suggests insurance companies do just that.

So what does your MIB report say? The Fair Credit Reporting Act requires the major credit bureaus to offer one free credit report to consumers annually. However, the Act specifically does not apply to medical records. After some pressure from the FTC in the early 80′s, the MIB has agreed to offer consumers one free MIB Disclosure per year.

Not everybody has an MIB record, but ironically, in order to find out whether you’re in the system, you must become part of the system. The rather stern voice of MIB’s automated phone system warns that failure to provide a broad range of personal information to MIB, will terminate the call. You are asked to “certify under penalty of federal law,” the following information:

  • Your Social Security Number (SSN)
  • Your Last Name
  • Your First Name
  • Your Middle Name
  • Any Other Previous Surname
  • Your Date of Birth
  • Your Birth Place
  • Your Occupation
  • Your Current Address
  • Your Telephone Number

So, even if your personal information was not in their databases before you called, it will be once you call. Neither the automated phone system nor the website, www.mib.com, indicates how your personal information will be used, how long it will be stored, whether it becomes a part of your MIB report, or whether it will be shared with insurance companies.

I called the MIB Disclosure Report number (866-692-6901) and reluctantly provided the information. About one week later I received a letter from MIB: “Using the identification information provided as a part of your request to MIB, we have made a thorough search of our records… and cannot find any information.”

Great. Now the MIB had all of my personal information, and I didn’t have anything to show for it.

So I called customer service (781-751-6003), and requested that they purge my personal information from their database. A nice woman with a thick Boston accent answered the phone, and I learned a lot about their data retention policies.

When a consumer calls the Disclosure Report number, her information is divided into two files. Most of her identifying information is entered into a database, and tagged with a unique reference number. Then her SSN is placed in a text log file with the same reference number. Both data sets are stored indefinitely, and the MIB representative could not detail a regular policy of purging either.

MIB uses a person’s name, birth date, address, etc. to 1. Search for matching records, and 2. Make sure the person hasn’t requested a report within the last 12 months. But MIB representatives insist that they do not use the text file with the SSN for anything except to ensure that you are the one requesting your MIB record.” In other words, the MIB inappropriately uses the SSN as a proof-of-identity. This is yet one more reason why your SSN should stay out of others’ hands—to prevent medical impersonation.

Since the MIB claims not to use the SSN for any reason except “proof-of-identity,” I suggested that they re-think their data-retention policy, and purge the text log on a regular basis. The supervisor gave me a dubious reply, “Well I’m sure they have their reasons for keeping [the SSNs].” I didn’t ask who “They” were, or what “their reasons” might be; it was clear she didn’t know. And I doubt that I could have talked to “Them” if I had asked, anyway.

I requested that they purge my SSN from their text log. After a long and good-humored conversation, the representative agreed to do me a favor and delete my SSN. However, it was clear that I was an exception to the rule.

My report and accompanying podcast on the Medical Information Bureau piqued the interest of the MIB’s Vice President/ General Counsel, who contacted me directly. He asserted that they do have a data retention schedule, but that the policy is proprietary and confidential, and may vary based on a number of statutory and subjective factors. Citing another unpublished “proprietary” document, he also promised that MIB does not share any information collected over the phone with insurance companies.

Be sure to do your own cost-benefit analysis before ordering an MIB report. On one hand, the report is very helpful if you were recently turned down for insurance, or if your premiums seem abnormally high. On the other hand, you must yield some very sensitive data to MIB. Regardless, if you have not applied for life, health, or disability insurance within the past seven years, your MIB report will look like mine—empty.

www.mib.com Medical Information Bureau Site
(866) 692-6901- Consumer MIB Record Disclosure
(781) 751-6003- MIB Customer Service

4 Comments

Letter to Department of Homeland Security

I sent the following letter to the Department of Homeland Security, and each member of the Senate Committee on Homeland Security & Governmental Affairs, Senate Appropriations Subcommittee on Homeland Security, and the House Committee on Homeland Security on May 3, 2007.
A podcast version of this experience is available at The Privacy Podcast.

3 May 2007

Dear Daniel K Akaka, Lamar Alexander, Robert C Byrd, Benjamin L Cardin, Thomas R Carper, Tom Coburn, Thad Cochran, Norm Coleman, Susan M Collins, Larry Craig, Pete V Domenici, Judd Gregg, Daniel Inouye, Herb Kohl, Mary L Landrieu, Frank Lautenberg, Patrick Leahy, Carl Levin, Joseph I Lieberman, Claire McCaskill, Barbara A Mikulski, Patty Murray, Ben Nelson, Barack Obama, Mark L Pryor, Richard Shelby, Arlen Specter, Ted Stevens, John E Sununu, Jon Tester, George V Voinovich, John Warner, Christopher P Carney, Donna Christensen, Yvette D Clarke, Henry Cuellar, Peter DeFazio, Norman D Dicks, Bob Etheridge, Al Green, Jane Harman, Sheila Jackson-Lee, James R Langevin, Zoe Lofgren, Nita Lowey, Ed Markey , Eleanor Holmes Norton, Ed Perlmutter, Loretta Sanchez, Bennie G Thompson, Albert R Wynn, and Department of Homeland Security Office of General Counsel,

I am writing to alert you to certain DHS practices that seem to violate basic principles of citizenship and civil liberties, while providing no measurable security benefits.  DHS is operating in a gray area of the law, and I am asking you to investigate these practices to determine their legality and constitutionality.  I also hope you can answer a few basic questions about the short- and long-term consequences of the intimidating experience I had.

I have written the Department of Homeland Security twice in the last two months, and received no response or explanation.  I raise three objections:

  • First, the Department of Homeland Security should not have the authority to track the movement of United States citizens once they arrive in the country, absent probable cause, merely because they once fell into the broad class of “international travelers.”
  • Second, some Homeland Security policies and tactics are more about intimidation and looking good at some future congressional hearing than security, while simultaneously hurting freedom and failing to protect national security interests.
  • And third, there is a growing culture of governmental lawlessness and intimidation, emerging as a result of expanding executive power, in the name of National Security.

I want to be clear that this letter is not about Homeland Security officers overstepping their statutory authority, acting irrationally or abusively, or with undue force.

At the beginning of March 2007, I took a 5-day business trip to the Netherlands, to a small town called Ede. Because of my work schedule, I made no purchases except meals.  I returned to the United States with no purchased goods, and I carried less than $40 in cash (including Euros).

Every citizen and alien entering the United States must complete a blue Customs Form 6059B, declaring the value of the items he is bringing into the United States.  The form is mandatory, and includes your full name, birth date, family members who are traveling with you, passport number, and other information.  I filled out the form completely and accurately, except Lines 4(a) and 4(b).  These lines are entitled “Street Address (hotel name/destination),” and require travelers to write their complete destination address.  And that’s where I objected.

Specifically, the Department of Homeland Security should have the authority to track the movements of law-abiding United States citizens, once they have left the airport and entered the United States, simply because they were international travelers at one time.  On a custom’s declaration form, a citizen’s address is logically unrelated to the value of goods, and is no good for identification or security because it may be easily falsified.  Because the address may be easily falsified, form 6059B has the effect of tracking the movements of only law-abiding citizens who pose no threat, without probable cause.

So, I left lines 4(a) and (b) blank.  The first officer expressed annoyance that I didn’t fill out the form properly.  She ordered me to fill in the lines.  I politely refused.  She informed me that it was mandatory, and that “…Even the President of the United States” must do it.   Of course, whether the President had to fill out these lines is not the point- the question is whether the President, or any other citizen should have to do allow their movements to be tracked once they enter the United States.

Of course, I didn’t bother getting into that discussion with the officer, though.  Instead, I politely refused again.  I felt very uncomfortable, since this was the first time in my life I had ever disobeyed a direct request from an officer.

She called for a supervisor.  Immediately, four additional officers were at my side.  A supervisor questioned me further.  I again politely refused to write my destination on the form.  He forwarded me to “Line C” for secondary processing.  When I arrived, I looked around at lines A, B, and C.  I don’t know if I was the only United States Citizen in those three lanes, but of the more than a dozen people in those lines, I was certainly the only Caucasian.

The secondary officer was a little more pushy, and insisted on calling me “Bossman,” until I told him that “I am not the boss, you are,” after which he dropped the epithet.

He asked where I was traveling from, then said, “If you refused to tell them where you were going in Amsterdam, they’d put you on the next plane home.  If you went to London, and you pulled this crap, they’d send you home.  If you traveled anywhere in the world and you pulled this crap, Bossman, they’d send you home.”

“So,” I replied, “send me home.”

He dropped the subject, and moved on to another line of questioning.

Of course, I was home.  The difference between me in the United States versus Amsterdam or London, is that I’m a citizen in the U.S.  I recognize that when I travel to other countries, I am a guest in those countries, and I have only the rights they choose to give me.  But it’s a different story in my home country. I am a citizen.

Another officer corrected me, “You are an international traveler.”  With that one phrase, she instantly conveyed the fact that as an “International Traveler,” I am less than a Citizen.  This concept of law is new to me, and my question for you is: How much less of a citizen am I, when I travel internationally?

The interrogating officer directed me to place my bags on a conveyor belt, where he did a search of the entire contents.  He called his supervisor, and I was immediately surrounded by six officers for the duration of my stay at Dulles International Airport Customs.  I did not ask, and he did not tell me his name.

While he was doing the search, he continued to interrogate me.  He temporarily confiscated my driver’s license, and peppered me with questions about my name, hotel in the Netherlands, hotel receipt, my place of employment, work phone number, boss’ name, other employees’ names, the precise amount of time I had been working at my current place of employment, and so on.  Occasionally he would pause to remind me that “this doesn’t need to be this hard—” all I had to do was fill out the form.

And each time he told me how easy it would be if I just complied, I realized how absurd the entire ordeal was.  First, they knew exactly who I was—they had my passport, my driver’s license, my home address, and a complete profile on me, which was required before they let me step on the plane to begin with.  They had done a thorough search of my belongings and confirmed that I was truthful on my customs declaration form—which was the purpose of the customs declaration form, in the first place.

I respectfully refused, again, and again, and again, to write my destination on the form, but I answered all other questions completely, correctly, and respectfully (even ones that seemed logically irrelevant, or to which I objected).  I even explained that I was going home, and that my home was in the Washington D.C. area.

After interrogation from two separate officers (with four others blocking possible exits at all times), three officers escorted me into the back room, for a complete body pat-down.  I spread my arms and feet, while an officer did a clothed pat-down of every inch of my body, including my groin.

They did not find my destination address in my pants.

After the officer was done I asked, “So, writing my destination address on the form would make me that much less dangerous?”  That particular officer gave me a look that said, “Hey, I’m just doing my job.”

At that point, I realized that these were not security measures, but intimidation tactics to induce compliance.  The officers’ job was simple- do what they could to make me comply.  In fact, the very last thing an officer told me was, “Let this be a lesson to you to comply in the future.  This was unnecessary, and could have been avoided if you had simply complied.”  Well, of course it was.  I already knew that.

I was expressly complicit with every order each officer gave me.  I was polite and respectful at all times (mainly because I didn’t want to give the six officers a reason to jump on me).  I told the officers where I was going, and where I had been.  The only thing I refused to do was give the exact street address of my destination, which I could have made up, anyway.

All said, they read me the riot act for 45 minutes.  An officer finally wrote down my home address printed on my driver’s license, and confiscated my customs declaration form for additional “special” processing.  Apparently this procedure is highly unusual, since the officer at the exit refused to let me leave unless I gave him the form. I had to get special permission to leave the area.

I have no idea why what the special processing entails, why I should be subjected to it, or why it was necessary.  After all, the officers won—in the end, they got every piece of information they demanded.

DHS is Indiscriminately Tracking Movements of Law-Abiding Citizens

My first objection is simple:  Absent reasonable cause, Customs, or the Department of Homeland Security, or the Federal Government, cannot have jurisdiction to track the movements of a large class of United States Citizens.

But the DHS is tracking the movements of a large class of citizens once they have entered the country, namely “international travelers.”  Though the Executive Branch has deemed this class universally suspicious, the designation is neither warranted nor logical.

When the government tracks the movements of citizens, they are no longer treated as welcome visitors, but as hostile strangers, which citizens are protected against by the Privileges and Immunities Clause of the Constitution.  In addition, tracking the movements of large classes of citizens chills freedom of movement, which the Supreme Court has explained “as close to the heart of the individual as the choice of what he eats, or wears, or reads.  Freedom of movement is basic in our scheme of values.”  (Kent v. Dulles, 357 U.S. 116 (1958)).

Requiring Citizens to Divulge their Precise Destination Address has no Effect Except to Penalize Law-Abiding Citizens

Because lines 4(a) and 4(b) can be easily falsified, only law-abiding citizens would fill them out correctly.  No bad guy would knowingly write his destination address.  The lines are therefore effectively worthless for identification, duty enforcement, or security profiling for would-be criminals.  Their only effect is to track movements of law-abiding citizens.

In addition, additional security tactics (such as a full body search, intense interrogation, and full baggage search) were logically unrelated to determining my destination.  They were nothing more than intimidation tactics, not security tactics.  If I had merely falsified an address, I could have avoided the additional security tactics, but ironically my actions would have been more suspect.  The point of security questions and measures should be security, not intimidation.

Finally, a reasonable person might question whether the Department of Homeland Security prudently applied such an intense amount of resources (namely six officers for 45 minutes) to a matter of a destination address.  The prudence of applying such resources is beyond my area of knowledge.

DHS is Fostering a Culture of Intimidation and Lawlessness

My final objection is a rising culture of lawlessness and intimidation, in the name of National Security.  I assume that the officers did not exceed their statutory authority.  I assume that they probably could have detained me for 24 hours if they had wanted.  I don’t believe that the officers acted with undue force.  They did not abuse or beat me.  However, the entire thrust of the exercise was to intimidate me into compliance with a form, even though they had all relevant information.  And I’m frankly grateful that I was a white, articulate, natural born citizen; otherwise I’m fairly confident that I would have been subjected to additional “security measures.”

But most importantly, I don’t know what the consequences of my actions will be.  If I speed or break a criminal law, the punishments are well documented in the law and courts.  My questions are: Did I break the law?  If so, what law?  What are the short and long-term consequences of my actions?  The legal ambiguity surrounding this incident is indicative of a culture of lawlessness, and needs to be clarified.

Even though the officers got every piece of information they demanded, they still found it necessary to record something about me in their files.  What did they record? Do I now have a profile, and what does it say?  Does it say:  “Aaron Titus is a know-it-all pain-in-the-butt?” Or more frightening, perhaps it says, “Aaron Titus willfully disobeys direct orders of TSA officers.”  Or even worse, perhaps there is just a non-descript red “flag” that will put me in the same category as suspected terrorists and have an effect on my freedom of movement, or future government employment, in perpetuity.

I am unable to answer these questions, and hope that you will be able to elucidate some of them:

  • What is the difference between “International Traveler” and “Citizen?”
  • Did I break the law?
  • Do I have a security profile, and if so, what does it say?
  • Who has access to my profile, and how may it be used?
  • Will this letter be added to a file or profile in my name?
  • What will the consequences be, and how long will they last?

I walked out of Dulles International Customs shaken and intimidated, and a little scared at what unknown consequences await me because I refused to fill out lines 4(a) and 4(b) on a Customs form.  Since that time I’ve told some of my friends about the run-in with Homeland Security over the phone.  Then, half-jokingly I’ve said something like, “You’d better be careful, because you’re talking to an enemy of the state.  Our conversation is probably being recorded.”  Then we both pause, and then laugh nervously, because the idea is simultaneously absurd and frighteningly plausible.
I would appreciate any clarification you can give.

Sincerely,
Aaron Titus

3 Comments

The Secure Transcript

Survey of National Universities’ Use of the SSN on Academic Transcripts

Aaron Titus, 21 May 2007

Summary

Most universities have moved away from using students’ Social Security Numbers as their Student ID, but because the SSN continues to be a convenient identification number, ancillary higher education organizations, such as lending institutions, continue to use the SSN as a universal identification number. As a result, some universities which have otherwise discontinued using the SSN as a student ID, continue to print the student’s SSN on academic transcripts and official documentation.

Though academic transcripts should be treated as secure documents, students are often required to disseminate dozens of transcripts to entities with which they will have only one-time contact, most of whom have no need for the SSN. Despite the dangers, the national registrar association, American Association of Collegiate Registrars and Admissions Officers (AACRAO), recommends printing the SSN on transcript, and says that 79% of American colleges did so, in 2003. However, this 2007 survey indicates that now only 26% of US News and World Report’s top 126 colleges and universities mandatorily print the SSN on academic transcripts.

Background

The 2000 US Census reports that 52% of the population over 25, or 94 million people, have attended some college, and therefore potentially have an academic transcript. (http://www.censusscope.org/us/chart_education.html, accessed 5 May 2007). Universities use transcripts to transfer credit. Potential employers use them to verify class standing. Financial institutions, private study abroad corporations, organizations awarding scholarships, and a wide range of other public and private institutions require academic transcripts for a variety of reasons. Before and after graduation, a single student may send dozens of transcripts to organizations with which he may have only passing contact.

Very few of these organizations, including potential employers, have a legitimate need for students’ Social Security Numbers. But each time a student sends a transcript to an organization or prospective employer, the transcript information is usually captured digitally, logged in a database, and stored indefinitely. Since names, birthdates and SSNs are often printed on academic transcripts, these documents pose a potential risk to students and former students, if the information is misused or mishandled. Risk of data breach or identity theft increases proportionally as the student’s personal information is stored in more databases and paper files.

Most of the time, students can easily provide their Social Security Numbers to organizations with a legitimate need, using other methods than an academic transcript. Though employers need the SSN in order to report taxes, most potential employers don’t have a legitimate need for the information. The Washington, D.C. Attorney General warns, “avoid providing your social security number or other personal information to prospective employers until you have verified the legitimacy of the organization and their need to verify your background.” (http://occ.dc.gov/occ/lib/occ/id_theft_tips.pdf, accessed 5 May 2007). Countless other Attorneys General, state agencies, and experts across the country publish similar warnings. A few states have even outlawed placing the Social Security Number on transcripts and other academic documents altogether.

Survey Results & National Trends

Despite the potential risks posed to students and former students, the American Association of Collegiate Registrars and Admissions Officers (AACRAO) currently recommends that universities print SSNs on academic transcripts for convenience and universality. In fact, their most recent publication addressing this issue, the AACRAO 2003 Academic Record and Transcript Guide, reports that 79% of national colleges and universities print the SSN on transcripts. AACRAO is the recognized national authority in the University Registrar field.

I conducted a new survey of US News & World Report’s top 126 national universities in mid-January, 2007, to complement AACRAO’s four-year-old data. The purpose of the survey was to determine the current practices of leading national colleges and universities, with respect to printing students’ Social Security Numbers on official academic transcripts. Representatives from all 126 registrar offices responded to the following questions:

Question 1: Is a student’s Social Security Number printed on official transcripts?

Question 2: If so, may students request that their social security number be withheld from the transcript?

The responses varied from “No,” to categorically “Yes.” Of the many universities that answered no, several indicated that they withheld the SSN for privacy reasons, and one representative mistakenly explained that the privacy provisions of the Family Educational Rights and Privacy Act (FERPA) prohibited them from printing Social Security Numbers on transcripts. Other registrars were more direct. The UC Davis registrar replied simply, “the answer is ‘no’.” Others, like Boston University, include only “the last four digits of your SSN.” Several university registrars explained that the SSN would appear on older university transcripts because they are stored on microfilm, which are not editable. One or two colleges, such as Colorado State University, indicated that they planned to discontinue printing the SSN on transcripts in the near future.

A few, like Texas Christian defended their practice of mandatorily printing the SSN on transcripts by appealing to AACRAO’s recommendations: “Following AACRAO… recommendations we print the SSN on the transcript… as one step in reducing fraudulent use of academic records. AACRAO states the official transcript is a secure document that contains a large amount of confidential data all of which should be kept secure. In addition, in most cases, the transcript will be provided to those (schools and employers) who already have the SSN. We do not accept requests to withhold the SSN from the transcript.”

The responses were divided into four groups:

Category A: Colleges and Universities which did not print the SSN on academic transcripts. Most of these colleges print the Student ID Number, instead.

Category B: Colleges and Universities which print only a partial SSN on academic transcripts.

Category C: Colleges and Universities which print the full SSN on academic transcripts by default, but allow students to withhold it upon request.

Category D: Colleges and Universities which mandatorily print the SSN on academic transcripts.

Six colleges indicated that they include the full SSN on transcripts, but did not specify whether students could withhold it upon request. For purposes of this study, those six were placed in category D. The survey ignores indications of imminent policy changes—it represents a snapshot of practices during the month of January, 2007. The results of the 2007 survey contrast sharply with AACRAO’s 2003 data:

AACRAO 2003 Survey of National Colleges & Universities January 2007 Survey of US News & World Report’s Top 126 Colleges & Universities
In 2003, more than ¾ of national colleges & universities reported using the SSN on transcripts, according to AACRAO. In January 2007, only ¼ of top national universities mandatorily printed the full SSN on transcripts.
In 2003, more than ¾ of national colleges & universities reported using the SSN on transcripts, according to AACRAO. In January 2007, only ¼ of top national universities mandatorily printed the full SSN on transcripts.
Category A: Colleges and Universities which did not print the SSN on academic transcripts. Most print the Student ID Number, instead.
Category B: Colleges and Universities which print only a partial SSN on academic transcripts.
Category C: Colleges and Universities which print the full SSN on academic transcripts by default, but allow students to withhold it upon request.
Category D: Colleges and Universities which mandatorily print the SSN on academic transcripts.

As of January 2007, roughly 2/3 of nationally ranked universities printed a Student ID or only a partial SSN (such as the last 4 digits) on official transcripts. For instance, Harvard, Yale, Stanford, Princeton, and Duke do not use students’ SSNs on transcripts at all, while Georgetown and Berkeley print only the last four digits. 14 nationally ranked schools print the SSN on transcripts, but allow students to withhold it upon request.

Several possible explanations for the contrast between the two surveys may exist. First, the 2007 survey sampled only nationally ranked colleges and universities. Presumably, the 2003 AACRAO data includes a much broader sample of colleges. The absence of local community colleges on the 2007 survey may account for some of the difference, since smaller schools may not have as much funding to overhaul record-keeping systems. However, if nationally ranked colleges serve as a bellwether for national trends in this area, the 2007 survey may also indicate a sea change in how universities treat students’ SSNs. Regardless, only a small minority of nationally ranked colleges and universities now mandatorily print the SSN on academic transcripts.

I presented these findings to AACRAO in a February 2007 letter, and requested that they review their 2003 data and resulting recommendations. As of the date of this article, AACRAO has not responded to my letter.

I also presented the results to the George Washington University administration in Washington, DC. Presently, the university mandatorily prints the SSN on all academic transcripts. However, as a result of this survey, GW University has committed to change their transcript policy, and will allow students to withhold the SSN from transcripts upon request in the near future.

Conclusion

Students and former students should be aware of the risks associated with disseminating academic transcripts, and check their university’s transcript policy. If the policy does not provide sufficient protection, students should push registrars to meet their privacy needs. With persistence, many registrar offices will work with students to come up with creative solutions, on an individual basis.

In the current atmosphere of rising identity theft, students and former students need the ability to control how and to whom their personal information is transmitted. Even among universities that have ceased using the Social Security Number as a student ID, University Registrars should become more aware of this issue, and the trend away from printing Social Security Numbers on transcripts.

About Aaron Titus

Aaron Titus works as a Program Manager at an Alexandria, VA non-profit association. He is also attending the George Washington University Law School, specializing in Information Privacy Law. When he’s not busy being a proud father of two, he writes about privacy, and hosts several podcasts. These include The Privacy Podcast (www.aarontitus.net/privacy), and Free Space (www.libertycoalition.net/liberty-coalition-podcast).

A podcast of this article is available at http://www.aarontitus.net/privacy/index.php?id=13. Copies of this report are also available at Pogowasright.org and the Privacy Rights Clearinghouse.

DATA

I have included a table of results. Question 1 was, “Is a student’s Social Security Number printed on official transcripts?” Question 2 was, “If so, may students request that their social security number be withheld from the transcript?”

Answers in the column labeled “Question 2 Answer” reference the question 1 answer. Thus, if the question 1 answer was “Student ID,” and question 2 answer is “Yes: Optional,” it means: “Academic transcripts print the student ID, but the student ID may be omitted at the option of the student.”

Where the answer to question 1 was “Student ID,” the registrar indicated that the Student ID was not the SSN. “Category” references the descriptions and graphs below:

Category A: Colleges and Universities which did not print the SSN on academic transcripts. Most of these colleges print the Student ID Number, instead.

Category B: Colleges and Universities which print only a partial SSN on academic transcripts.

Category C: Colleges and Universities which print the full SSN on academic transcripts by default, but allow students to withhold it upon request.

Category D: Colleges and Universities which mandatorily print the SSN on academic transcripts.

University State Question1 Answer Question2 Answer Category
University at Buffalo—SUNY NY Student ID No: May Not Remove A
American University DC Student ID No: May Not Remove A
University of the Pacific CA Student ID No: May Not Remove A
College of William and Mary VA Student ID Not Specified A
Brown University RI Student ID Not Specified A
Pennsylvania State U.—University Park PA Student ID No Specified A
Drexel University PA Student ID Not Specified A
University of Tulsa OK Student ID Not Specified A
Cornell University NY Student ID Not Specified A
New York University NY Student ID Not Specified A
Rensselaer Polytechnic Institute NY Student ID Not Specified A
SUNY—Stony Brook NY Student ID Not Specified A
New Jersey Institute of Technology NJ Student ID Not Specified A
U. of North Carolina—Chapel Hill NC Student ID Not Specified A
North Carolina State U.—Raleigh NC Student ID Not Specified A
Harvard University MA Student ID Not Specified A
Boston College MA Student ID Not Specified A
Worcester Polytechnic Institute MA Student ID Not Specified A
Clark University MA Student ID Not Specified A
University of Chicago IL Student ID Not Specified A
U. of Illinois—Urbana – Champaign IL Student ID Not Specified A
Loyola University Chicago IL Student ID Not Specified A
University of Iowa IA Student ID Not Specified A
Howard University DC Student ID Not Specified A
Catholic University of America DC Student ID Not Specified A
University State Question1 Answer Question2 Answer Category
Stanford University CA Student ID Not Specified A
Univ. of California—Los Angeles CA Student ID Not Specified A
University of California—Davis CA Student ID Not Specified A
Univ. of California—Santa Cruz CA Student ID Not Specified A
University of Arizona AZ Student ID Not Specified A
Virginia Tech VA Student ID Yes: Optional A
University of Utah UT Student ID Yes: Optional A
University of San Diego CA Student ID Yes: Optional A
Univ. of Wisconsin—Madison WI No SSN Not Specified A
Southern Methodist University TX No SSN Not Specified A
Vanderbilt University TN No SSN Not Specified A
University of Oregon OR No SSN Not Specified A
University of Rochester NY No SSN Not Specified A
Princeton University NJ No SSN Not Specified A
Dartmouth College NH No SSN Not Specified A
University of New Hampshire NH No SSN Not Specified A
Duke University NC No SSN Not Specified A
Wake Forest University NC No SSN Not Specified A
Univ. of Minnesota—Twin Cities MN No SSN Not Specified A
Michigan State University MI No SSN Not Specified A
Tufts University MA No SSN Not Specified A
Purdue Univ.—West Lafayette IN No SSN Not Specified A
University of Delaware DE No SSN Not Specified A
University of Connecticut CT No SSN Not Specified A
University of Denver CO No SSN Not Specified A
Univ. of California—Riverside CA No SSN Not Specified A
University of San Francisco CA No SSN Not Specified A
SUNY College of Env. Sci. and Forestry NY No SSN Not Specified A
Univ. of Massachusetts—Amherst MA No SSN Yes: Optional A
Yale University CT No SSN Yes: Optional A
Lehigh University PA Last 5 SSN Digits Not Specified B
Marquette University WI Last 4 SSN Digits No: May Not Remove B
Case Western Reserve Univ. OH Last 4 SSN Digits No: May Not Remove B
Columbia University NY Last 4 SSN Digits No: May Not Remove B
University of Colorado—Boulder CO Last 4 SSN Digits No: May Not Remove B
University of California—Irvine CA Last 4 SSN Digits No: May Not Remove B
University of Vermont VT Last 4 SSN Digits Not Specified B
University of Virginia VA Last 4 SSN Digits Not Specified B
St. Louis University MO Last 4 SSN Digits Not Specified B
Univ. of Missouri—Columbia MO Last 4 SSN Digits Not Specified B
University of Missouri—Rolla MI Last 4 SSN Digits Not Specified B
Northeastern University MA Last 4 SSN Digits Not Specified B
University of Kansas KS Last 4 SSN Digits Not Specified B
University of Notre Dame IN Last 4 SSN Digits Not Specified B
Indiana University—Bloomington IN Last 4 SSN Digits Not Specified B
Emory University GA Last 4 SSN Digits Not Specified B
University State Question1 Answer Question2 Answer Category
Georgia Institute of Technology GA Last 4 SSN Digits Not Specified B
Georgetown University DC Last 4 SSN Digits Not Specified B
University of California—Berkeley CA Last 4 SSN Digits Not Specified B
Univ. of California—San Diego CA Last 4 SSN Digits Not Specified B
Univ. of California—Santa Barbara CA Last 4 SSN Digits Not Specified B
Pepperdine University CA Last 4 SSN Digits Not Specified B
Iowa State University IA Last 4 SSN Digits Yes: Optional B
Boston University FL Last 4 SSN Digits Yes: Optional B
Washington State University WA Full SSN No: May Not Remove D
University of Texas—Austin TX Full SSN No: May Not Remove D
Texas A&M Univ.—College Station TX Full SSN No: May Not Remove D
Baylor University TX Full SSN No: May Not Remove D
Texas Christian University TX Full SSN No: May Not Remove D
University of Tennessee TN Full SSN No: May Not Remove D
Clemson University SC Full SSN No: May Not Remove D
University of Pennsylvania PA Full SSN No: May Not Remove D
Carnegie Mellon University PA Full SSN No: May Not Remove D
Ohio State University—Columbus OH Full SSN No: May Not Remove D
Miami University—Oxford OH Full SSN No: May Not Remove D
Fordham University NY Full SSN No: May Not Remove D
SUNY—Binghamton NY Full SSN No: May Not Remove D
Univ. of Nebraska—Lincoln NE Full SSN No: May Not Remove D
University of Michigan—Ann Arbor MI Full SSN No: May Not Remove D
Johns Hopkins University MD Full SSN No: May Not Remove D
Brandeis University MA Full SSN No: May Not Remove D
Tulane University LA Full SSN No: May Not Remove D
University of Kentucky KY Full SSN No: May Not Remove D
University of Georgia GA Full SSN No: May Not Remove D
University of Miami FL Full SSN No: May Not Remove D
Florida State University FL Full SSN No: May Not Remove D
George Washington University DC Full SSN No: May Not Remove D
Colorado State University CO Full SSN No: May Not Remove D
Univ. of Southern California CA Full SSN No: May Not Remove D
University of Alabama AL Full SSN No: May Not Remove D
Auburn University AL Full SSN No: May Not Remove D
Rice University TX Full SSN Not Specified D
University of Pittsburgh PA Full SSN Not Specified D
University of Oklahoma OK Full SSN Not Specified D
Univ. of Maryland—College Park MD Full SSN Not Specified D
Northwestern University IL Full SSN Not Specified D
California Institute of Technology CA Full SSN Not Specified D
University of Washington WA Full SSN Yes: Optional C
Brigham Young Univ.—Provo UT Full SSN Yes: Optional C
Univ. of South Carolina—Columbia SC Full SSN Yes: Optional C
University of Dayton OH Full SSN Yes: Optional C
Ohio University OH Full SSN Yes: Optional C
University State Question1 Answer Question2 Answer Category
Yeshiva University NY Full SSN Yes: Optional C
Syracuse University NY Full SSN Yes: Optional C
Rutgers—New Brunswick NJ Full SSN Yes: Optional C
Stevens Institute of Technology NJ Full SSN Yes: Optional C
Washington University in St. Louis MO Full SSN Yes: Optional C
Massachusetts Institute of Technology MA Full SSN Yes: Optional C
Kansas State University KS Full SSN Yes: Optional C
Illinois Institute of Technology IL Full SSN Yes: Optional C
University of Florida FL Full SSN Yes: Optional C
Category A: 55 43.7%
Category B: 24 19.0%
Category C: 14 11.1%
Category D: 33 26.2%
Total 126 100.0%

No Comments