With all the hullabaloo regarding identity theft and the slew of stories highlighting the apparent inability of corporate American to safe-guard employee and customer information from thieving data-bandits a couple of recent stories have been overlooked that highlight questionable access to personal details from an other quarter - the federal government.

Today's New York Times has an interesting piece on the Internal revenue Service and Social Security Administration's willingness to relax their privacy guidelines at the request of the F.B.I. In a recently released report the federal agencies cite "life-threatening emergencies" in general and specifically the 9/11 investigation as the reason for complying with the F.B.I.'s requests.

"We ran thousands of Social Security numbers," said a former senior F.B.I. official who insisted on anonymity because the files involved internal cases. "We got very useful information, that's for sure," the former official said. "We recognized the value of having that information to track leads, and, to their credit, so did the Social Security Administration."

Some privacy advocates and members of Congress, although sympathetic to the extraordinary demands posed by the Sept. 11 investigation, said they were troubled by what they saw as a significant shift in privacy policies. Representative Carolyn B. Maloney, a New York Democrat who has sought information from the Social Security agency on the issue, said the new policy had "real civil liberties implications for abuse." Ms. Maloney questioned whether Congress was adequately informed. "If we don't know when the Social Security Administration decides to change its rules to disclose personal information," she said, "I think Americans have a right to be skeptical about their privacy."

The director of the Open Government Project at the Electronic Privacy Information Center, Marcia Hofmann, acknowledged the need for investigators to have access to vital information. "But an ad hoc policy like this is so broad that it allows law enforcement to obtain really sensitive information by merely claiming that the information is relevant to the 9/11 investigation," Ms. Hofmann said. "There appears to be very little oversight."

In addition to easing its rules, the Social Security agency agreed to waive normal privacy restrictions for information related to the F.B.I. investigation of the sniper shootings in the Washington region in 2002, the internal memorandums show. It does not appear that any information was ultimately turned over. The agency agreed two days after the Sept. 11 attacks to give the F.B.I. access to material from its files to obtain information on the hijackers, anyone with "relevant information" on the attacks and victims' relatives.

Under Social Security Administration policy, which goes beyond federal privacy law, such information cannot typically be shared with law enforcement officials unless the subject has been indicted or convicted of a crime. The loosening of the policy was updated and reauthorized last year, the internal documents show, and Social Security officials said Tuesday that it remained in place.

Read the full story.

Meanwhile on Monday, the Transportation Security Administration owned up to collecting information on airline passangers even thought Congress had previously instructed the agency to do no such thing. The TSA

A Transportation Security Administration contractor used three data brokers to collect detailed information about U.S. citizens who flew on commercial airlines in June 2004 in order to test a terrorist screening program called Secure Flight, according to documents that will be published in the Federal Register this week. The TSA had ordered the airlines to turn over data on those passengers, called passenger name records, in November.

The contractor, EagleForce Associates, then combined the passenger name records with commercial data from three contractors that included first, last and middle names, home address and phone number, birthdate, name suffix, second surname, spouse first name, gender, second address, third address, ZIP code and latitude and longitude of address.

Read the full article here.

-- MDT

Labels: HP, identity theft