58°F
weather icon Mostly Clear
Las Vegas, NV
Opinion

Lawmakers, beware the perils of personal data collection

By SAMANTHA STONE SPECIAL TO THE LAS VEGAS REVIEW-JOURNAL
March 2, 2015 - 12:01 am
 

It’s hard not to seem like a Luddite, a naysayer, or a nut while assessing the new and expanded uses of technology proposed in bills being considered by the Nevada Legislature.

And what a shame to feel uneasy and unappreciative about a proposed DMV database that would help police locate family members quickly when someone is rushed to the hospital after an accident. County coroners and the Department of Public Safety are supporting a bill to create an emergency contact registry because it could save money and man hours when they’re looking for next of kin.

Who wouldn’t support that? Why apply the brakes to a plan that could help loved ones arrive in time to make critical medical decisions, or spare them agonizing hours wondering what’s happened to someone who’s unconscious or dead?

But privacy advocates identified holes in the provision of Senate Bill 3 that describes the management of this personal data. They asked for tighter guidelines.

What could go wrong with this database? Maybe nothing. It depends on who’s minding the data — and how.

Suppose a criminal gets access and calls next-of-kin to report a fake accident. He prods panicky relatives for personal information to get proper emergency care for the “victim” — insurance policy numbers, a physician’s name and prescription drug information. Family members comply, desperate to help. This is not far-fetched. Similar schemes are rampant and profitable.

Take comfort in knowing the registry would be optional. Nevadans who love the idea more than they fear a security breach could opt in.

Carson City is awash in bills that are supposed to make life safer or more convenient by collecting more personal information, or by inducing Nevadans to engage with the state’s information systems. Many have useful goals, but they also provide fertile ground for unintended consequences.

In another example, Assembly Bill 94 bill would allow election departments to send sample ballots by email to voters who opt in. Voter registrars say it would reduce the cost of mailing paper sample ballots, and political activists believe it would stimulate civic involvement.

At the bill’s first hearing, proponents submitted a privacy amendment, putting the burden on voters to submit written requests to keep their email addresses private. Rather than provide privacy by default, the state would require voters who opt in for email ballots to subsequently opt out of a public listing. What could go wrong? It depends on the sophistication of the data custodians, the technical rigor of their systems and the savvy of the citizens.

Confoundingly, while making some airy statements that raise questions about current security of the Clark County election website, Registrar of Voters Joe Gloria also testified that sample ballots are available online. So why not encourage voters to download an electronic version, rather than solicit email addresses?

All of this should give pause to lawmakers. Their confidence should be conditional on absolute clarity from the data collector. And every goal should be accomplished in the least intrusive manner possible.

But some members of the elections committee gushed over the sheer gee-whiz-we’re-digital factor. Others were no doubt persuaded by the cost savings. Clark County alone would save $1,670 for every thousand voters who choose email ballots over mail ballots.

If you believe your state-sponsored data custodians have privacy and security locked down, recall that we recently saw the inadvertent exposure of Social Security numbers belonging to 114 retired judges by an entity with fiduciary responsibility. The Public Employees Retirement System emailed a spreadsheet with unencrypted Social Security numbers in response to a public records request. The breach was reported by the recipient, the Nevada Policy Research Institute, which had sought the data.

It’s a stunning mistake. Although no names accompanied the data, and the recipient behaved responsibly, things could have been worse. Identities can be reverse engineered using a couple of the other data points that appeared on the spreadsheet.

Government and the private sector are both lagging in their grasp of how to protect privacy and security. There’s even less awareness of potential danger.

“Because we can” is not a good reason to expand data gathering by the state. Nevada might benefit from a two-year moratorium on such initiatives while public understanding catches up with technology.

Samantha Stone is a Nevada Journalist who has covered digital privacy and security since 2008.

MOST READ
Don't miss the big stories. Like us on Facebook.
THE LATEST
President Donald Trump. (AP Photo/Matt Rourke)
LETTER: Not a fan
Jim Veltri Las Vegas

The president is not a good person.

(Getty Images)
COMMENTARY: Dreaming of a white Christmas
By Tom Purcell Cagle Cartoons Newspaper Syndicate

Snow still fills me with the same joy I felt as a boy when school was canceled.

Former Vice President Mike Pence. (AP Photo/Morry Gash)
COMMENTARY: True conservatives fight back against Trump
By Steven Roberts Andrews McMeel Syndicate

As the end of Trump’s presidency looms on the horizon, the conservatives he repressed for so long are starting to find their voice again.

The Dome of the U.S. Capitol Building. (AP Photo/Andrew Harnik)
LETTER: Bipartisan legislation awaits Congress
Wayne Willis North Las Vegas

As Congress enjoys a holiday recess after a divisive year, there are opportunities for bipartisan progress that Nevada’s delegation can lead. Two key efforts deserve immediate support.

MORE STORIES