If you want to keep your identity safe, don’t use a Navigator
By Loren Heal on September 17, 2013
[reprinted with permission of the author]
As part of the complex montrosity known as Obamacare, people signing up for health insurance can have the help of Navigators - people with little training or experience wading through the most complex law ever passed. The manual for the program describes a system that will lead to privacy violations, personal embarrassment, and identity theft.
I read the Navigator manual in the mindset of information security: the set of practices and principles used to protect the confidentiality, integrity, and accessiblity of information systems.
Along the way, I kept thinking; why do we need a program so complex that we then need “Navigators” to help us wade through it?
Descriptions of practices that violate information security principles are rampant throughout the Navigator manual (pdf), but the portion on data safeguards has me crying into my coffee.
There are some generally accepted principles and guidelines for information security to keep in mind:
- If you want to keep a secret, don’t tell anyone. More generally, information should be limited to those who need access to it.
- Most compromises occur by people talking to people, not from hacking.
- Most compromises are committed by insiders.
- The system should not rely on individuals to secure data, but should force them to take purposeful actions if they want to compromise it.
In general, what has my tears spoiling my daily cup is that they’re relying on the personal integrity of people who will have more incentive to steal information than to safeguard it. Here, for instance, is the portion dealing with IRS information. That’s right, the Navigators, who will be part time, seasonal employees, will go over your tax return with you, and keep a copy for their records:
Once you have the tax return information, you have to protect it. The IRS Data Safeguards protect information through:
· Restricting Access. Only authorized people who need to know should have access to the information.
· Recordkeeping. Keep excellent records on the information (e.g., sources of income and expenses).
· Employee Awareness. Train employees how to safeguard information.
· Reporting Requirements. Be ready to provide reports on how you protected the information if HHS or the IRS asks for reports.
· Disposal. Know how to get rid of the information safely.
· Need and Use. Only handle the information you need to use.
· Computer Security. Make sure the information on your computer is as safe as the paper
That last point: If Navigators will have confidential data about you saved on their computers, especially their own personally owned ones, that’s a basic design flaw. Even if the Navigators were individuals of perfect integrity, we know as a matter of metaphysical certitude that they will be targeted. It will be impossible to tell the identity thieves among them from the merely careless. Consider an identity theft ring that wanted access to people’s tax returns. They can either compromise a Navigator’s computer, or simply compromise the Navigator by buying their computer from them at the end of open enrollment.
Though the instructions repeatedly call on Navigators (and apparently, their employees) to safeguard information, it only highlights the fact that there is nothing forcing them to keep it safe other than their own questionable desire to do so.
System designers can’t rely solely on personal integrity. They have to rely on systemic design (like ensuring that consumer data is not stored on Navigator computers, or only fleetingly so) and personal incentives, like the opportunity for advancement. Since the Navigator function will be seasonal, there will be no path forward from that job, and no accountability for data confidentiality.
In effect, each of the points above represents a way for data to escape — or to be taken — for nefarious purposes. The system appears to have been slapped together to give the Navigators jobs and make sure personal data was as accessible as possible to the overreaching federal hive, rather than to have been designed from the bottom up for data confidentiality (let alone data integrity).