DAVID L. SOBEL
Computer Professionals for
666 Pennsylvania Avenue, S.E.
Washington, DC 20003
Counsel for Amicus
June 30, 1992
Computer Professionals for Social Responsibility ("CPSR") is a non-profit membership organization, incorporated in the state of California, with offices in Palo Alto, CA, Cambridge, MA and Washington, DC. CPSR's membership includes a Nobel Laureate and four recipients of the Turing Award, the highest honor in computer science. CPSR's activities include the review of governmental computing policies to determine their possible impact on privacy and civil liberties interests. CPSR has prepared reports and presented testimony on computer technology and privacy issues at the request of congressional committees./1/
The misuse of the Social Security number ("SSN") is a risk to public safety and a threat to personal privacy. Such careless information practices are opposed by professional computing societies. Professional codes of ethics clearly state the importance of privacy protection in the design of computer systems./2/ Automated information systems, by virtue of their great processing capability, pose an ongoing risk to personal privacy. For this reason, the computer science community has long argued that adequate safeguards must be established to protect personal information, including the Social Security number./3/ Computer scientists have also played a prominent role in congressional proceedings and the de-velopment of key reports that gave rise to many of the privacy laws in the United States today./4/ And computer privacy remains a cen-tral concern at regular meetings of computer pro-fessionals./5/
As the leading organization in the United States concerned with the impact of computer technology on personal privacy, CPSR has a substantial interest in legislative and judicial proceedings addressing the confidentiality of the SSN and has contributed its views and expertise to congressional committees/6/ and courts/7/ considering the issue.
At issue in this case is whether the Virginia State Board of Elections violated appellant's constitutional right to vote by demanding appellant's Social Security number as a condition of voter registration, where the Board does not maintain the confidentiality of the SSN and freely discloses voter registration information -- including the SSN -- upon request. In short, the issue is whether the right to vote may be encumbered by conditioning its exercise upon the relinquishment of substantial privacy interests.
A review of relevant legislative and judicial pronouncements shows that the unnecessary disclosure of the SSN has long been opposed. Indeed, in 1974 Congress explicitly recognized the particular risk to privacy that could result from the unnecessary disclosure of the Social Security number and therefore enacted restrictions on its use.
The extent of the privacy invasion at issue here becomes apparent when one considers that the Social Security number is used as an identification code for databases containing a wide range of financial, medical, educational, and credit information. It is like a master key that once obtained opens many doors. Public safety and personal privacy require that the distribution of such a key be carefully controlled.
In recognition of the substantial risk that the unnecessary disclosure of the SSN might pose to public safety and personal privacy, the federal courts have protected the confidentiality of the number against unwarranted disclosure. Amicus believes that this Court should continue to provide that protection in this case and hold that Virginia's demand that a voter's SSN be provided and freely disclosed is an unnecessary and unconstitutional impediment to the right to vote.
Consideration of appellant's claim -- that collection and disclosure of his SSN exacts an impermissibly heavy price on the right to vote -- requires an appreciation of the harm appellant will suffer if he is compelled to comply with Virginia's registration requirements. While the disclosure of a nine-digit number might, at first blush, appear to be of little consequence, examination of the history of the SSN and its proliferating abuse demonstrates that the personal privacy implications are substantial. Indeed, the burden at issue here is far heavier than the $1.50 Virginia poll tax struck down as unconstitutional by the Supreme Court twenty-six years ago. Harper v. Virginia State Board of Elections, 383 U.S. 663 (1966).
I. The Unnecessary Disclosure of the SSN Raises Substantial Issues of Personal Privacy
Our legal system has long recognized and protected the right of personal privacy. The drafters of the Constitution "conferred, as against the Government, the right to be let alone -- the most comprehensive of rights and the right most valued by civilized man. To protect that right, every unjustifiable intrusion by the Government upon the privacy of the individual, whatever the means employed, must be deemed a violation" of constitutional principles. Olmstead v. United States, 277 U.S. 438, 478 (1928) (Brandeis, J., dissenting).
Justice Brandeis recognized that the First Principles enunciated in the Constitution have the "capacity of adaptation to a changing world" and must be applied to "new conditions" and technologies. Id. at 472. In the Olmstead case, Justice Brandeis anticipated that technological change would pose new challenges to the courts, and that the protection of liberty in this realm would require great vigilance. Justice Brandeis's formulation of the privacy problem that results from rapidly changing technologies was eventually adopted by the Supreme Court in United States v. Katz, 389 U.S. 347 (1967)./8/
As the Supreme Court more recently noted, "both the common law and the literal understandings of privacy encompass the individual's control of information concerning his or her person." Department of Justice v. Reporters Committee for Freedom of the Press, 109 S. Ct. 1468, 1476 (1989). See also A. Westin, Privacy and Freedom 7 (1967) ("Privacy is the claim of individuals ... to determine for themselves when, how, and to what extent information about them is communicated to others").
Protection of privacy rights is particularly important when the administrative convenience afforded by computer technology may obscure the underlying privacy interest in controlling the collection, use and disclosure of personal information./9/ The courts must be vigilant in the face of bureaucratic tendencies to ignore appropriate measures for safeguarding personal information, particularly where multi-use identifiers such as the SSN are likely to exacerbate the privacy harm that would result from unlawful disclosure. The Supreme Court has recognized the risks to personal privacy created by "unwarranted disclosures" in the computer age.
We are not unaware of the threat to privacy implicit in the accumulation of vast amounts of personal information in computerized data banks or other massive government files. The collection of taxes, the distribution of welfare and social security benefits, the supervision of public health, the direction of our Armed Forces, and the enforcement of the criminal laws all require the orderly preservation of great quantities of information, much of which is personal in character and potentially embarrassing or harmful if disclosed. The right to collect and use such data for public purposes is typically accompanied by a concomitant statutory or regulatory duty to avoid unwarranted disclosures.
Whalen v. Roe, 429 U.S. 589, 605 (1977) (emphasis added). See also 429 U.S. at 607 (Brennan, J., concurring) ("The central storage and easy accessibility of computerized data vastly increase the potential for abuse of that information ...").
Indeed, the Supreme Court has noted recently that the Privacy Act "was passed in 1974 largely out of concern over 'the impact of computer data banks on individual privacy.'" Reporters Committee, 109 S. Ct. at 1478 (citation omitted). That concern looms large when -- as in this case -- individuals' Social Security numbers are demanded for purposes unrelated to the SSN's intended use and are indiscriminately disclosed.
A. History of the SSN and Restrictions on its Use
Although the Social Security number has been with us since 1936, the use of the SSN for purposes unrelated to the administration of the Social Security system is a relatively recent phenomenon. The number was first intended for use solely by the federal government as a means of tracking earnings to determine the amount of Social Security taxes to credit to each worker's account. Over the years, however, the SSN has been used by government agencies and the private sector for other purposes, often over the objection of independent experts and the general public. See, e.g., A. Westin and M. Baker, Databanks in a Free Society 399 (1972) ("adopting the Social Security number officially as a national identifier or letting its use spread unchecked cannot help but contribute to public distrust of government").
The government was first permitted to use the SSN for tax reporting purposes when Congress authorized the Internal Revenue Service ("IRS") to use SSNs as taxpayer identification numbers. P.L. 87-397 (Oct. 5, 1961). However, it was recognized at that time that this expanded use of the SSN would raise substantial privacy risks, and those concerns have continued to grow.
Public opposition during the 1960s to the misuse of the Social Security number was evident during a series of hearings held on privacy and information collection. See, e.g., Federal Data Banks, Computers and the Bill of Rights: Hearings Before the Subcommittee on Constitutional Rights of the Senate Judiciary Committee, 92d Cong., 1st Sess. Part I, 775-881 (1971). As Health, Education and Welfare ("HEW") Secretary Elliot Richardson testified in 1971:
There would certainly be an enormous convenience in having a single identifier for each individual ... [making] more efficient the acquisition, storage, and use of data .... It is the very ease of assembling complete records, of course, which raises the specter of invasion of privacy.
Id. at 784.
Two years later, an HEW advisory committee issued a report recommending the development of extensive legal safeguards for the record systems maintained by the federal government. The Secretary's Advisory Committee on Automated Personal Data Systems, U.S. Department of Health, Education and Welfare, Records, Computers and the Rights of Citizens (1973) (hereinafter cited as "HEW Report") at 121. The advisory committee warned that the use of the SSN as a personal identifier "would enhance the likelihood of arbitrary or uncontrolled linkage of records about people, particularly between government or government-supported automated personal data systems ..." Id. at 122 (footnote omitted). In recognition of that risk, the advisory committee recommended the enactment of restrictions on the disclosure and dissemination of the SSN. The HEW Report recommended that:
* Uses of the Social Security number be limited to only those purposes required by the federal government.
* Federal agencies should not require the use of the Social Security number absent statutory authority.
* Congress evaluate any proposed use of the Social Security number.
* Individuals have the right to refuse to provide their Social Security numbers, and should suffer no harm for exercising this right.
* Organizations required by Federal law to obtain the Social Security number use the number solely for the purpose for which it was obtained and not make any secondary use or disclose the SSN without the informed consent of the individual.
Id. at 124-25.
Congress adopted those recommendations the following year through passage of the Privacy Act, P.L. 93-579, 88 Stat. 1896, (1974). See S. Rep.No. 1183, 93d Cong., 2d Sess. reprinted in 1974 U.S. Code Cong. & Admin. News 6916, 6944-46 (citing HEW Report). The Privacy Act makes clear that Congress gave special recognition to the need to control the proliferation and misuse of the SSN. Section 7 makes it unlawful for any agency to deny any right, benefit or privilege to any individual "because of such individual's refusal to disclose his social security account number." It further provides that any agency requesting an individual to disclose his or her SSN must "inform that individual whether that disclosure is mandatory or voluntary, by what statutory or other authority such number is solicited, and what uses will be made of it." P.L. 93-579, Sec. 7, 88 Stat. 1896, 1909 (1974), reprinted in 5 U.S.C. Sec. 552a note (1982).
In Section 3 of the Act, Congress provided that
[n]o agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains, unless the disclosure would be [in compliance with several specified exceptions not applicable here].
5 U.S.C. Sec. 552a(b). A "record" is defined as
any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to his education, financial transactions, medical history, and criminal or employment history and that contains his name, or the identifying number, symbol, or other identifying particular assigned to the individual ....
Id., Sec. 552a(a)(4).
In enacting these protections, Congress sought to prevent the privacy violations made possible by the proliferation of the SSN.
Citizens' complaints to Congress and the findings of several expert study groups have illustrated a common belief that a threat to individual privacy and confidentiality of information is posed by [expanding use of the SSN]. The concern goes both to the development of one common number to label a person throughout society and to the fact that the symbol most in demand is the Social Security number, the key to one government dossier.
* * *
A cross-section of such complaints appearing in the subcommittee hearings shows that people are pressured in the private sector to surrender their numbers in order to get telephones, to check out books in university libraries, to get checks cashed, to vote, to obtain drivers' licenses, to be considered for bank loans, and many other benefits, rights or privileges.
S. Rep. No. 1183, 93d Cong., 2d Sess., reprinted in 1974 U.S. Code Cong. & Admin. News 6916, 6944.
Amicus believes that the SSN privacy concerns Congress addressed in 1974 have even greater force today. Computerization of public and private sector databases, combined with insufficient attention to privacy protection, has increased the incidence of misuse of the SSN. As a congressional oversight committee recently noted,
[t]he extensive use of computers has resulted in the wide-spread private sector use of the social security number as an identifier. Many merchants require a customer to provide a social security number as a condition of doing business. Credit bureaus use the social security number to maintain individual credit files and routinely sell this information to almost anyone who requests it. The ability of the private sector to gather information such as credit history, grocery store purchases, medical records (including pre-natal information), family medical histories and genetic makeup has raised fears that in the near future unregulated companies will serve as national identity bureaus collecting and dispersing an individual's most private information.
Use of Social Security Number as a National Identifier: Hearing Before the Subcomm. on Social Security of the House Committee on Ways and Means, 102d Cong., 1st Sess. 2-3 (1991) ("Use of SSN") (Subcommittee hearing notice).
Amicus' opposition to the misuse of the SSN is also shared by the Social Security Administration. As Gwendolyn S. King, Commissioner of Social Security, testified before the subcommittee,
[the Social Security Administration] and the Congress have historically had fundamental concerns about the possibility that the SSN might become a universal identifier in this country. These concerns center on questions of individual privacy and the increased possibility of the invasion of that privacy if all records pertaining to an individual could be accessed under one number. ...
The need for a unique number for individual records in computer systems means that use of the SSN is likely to continue to expand in the years ahead. While the Social Security Administration is not, and we believe should not be, responsible for use of the SSN in the private sector, we have a deep concern that individuals not be harmed through carelessness in the use of the SSN.
Id. at 25 (Testimony of Gwendolyn S. King, Commissioner of Social Security) (emphasis added). At issue in this case, we believe, is precisely the invasion of privacy and "harm" to which the Commissioner referred.
B. Disclosures of the SSN Jeopardize the Confidentiality of Personal Information
Concerns over the proliferation of single personal identifiers -- both in the United States and abroad -- are well-founded. Given the misuse of the SSN in the United States, access to the number provides a window into the activities and lifestyle of any person. Social Security Commissioner King recognized this in her congressional testimony. "An individual's Social Security number is the key to accessing a variety of information about that individual. That fact has shaped [the Social Security Administration's] current policy [of not disclosing SSNs without the individual's consent]." Use of SSN at 22.
The unnecessary disclosure of an individual's SSN creates the risk of confidential information being disclosed to any person or institution in possession of the individual's SSN. Because so much information is now retrievable by a person in possession of the SSN, the risk that personal information can be unlawfully obtained has greatly increased.
This problem of aggregated personal information was well stated by Congressman Frank Horton who said more than twenty-five years ago:
One of the most practical of our present safeguards of privacy is the fragmented nature of personal information. It is scattered in little bits across the geography and years of our life. Retrieval is impractical and often impossible. A central data bank removes completely this safeguard.
The Computer and the Invasion of Privacy: Hearings before the Special Subcommittee on Invasion of Privacy of the House Committee on Government Operations, 89th Cong., 2d Sess. 6 (1966).
Similarly, the Supreme Court has recognized that the aggregation of personal information heightens the degree of protection that must be afforded. In Reporters Committee, the Court affirmed the withholding of an individual's criminal "rap sheet" under the Freedom of Information Act. The Court noted "the power of compilations [of information] to affect personal privacy that outstrips the combined power of the bits of information contained within." 109 S. Ct. at 1477.
In practice, the use of the SSN for purposes unrelated to the needs of the Social Security Administration has greatly diminished the "fragmented nature of personal information," as Congressman Horton warned against and Congress sought to prohibit through the passage of the Privacy Act of 1974. The SSN, once disclosed, is the key to that vast repository of personal information. As the Supreme Court recognizes, "the power of compilations [such as those accessible through an SSN] to affect personal privacy" mandates that the courts be particularly vigilant in protecting the security of aggregated personal information.
Recent news stories illustrate the threat to personal privacy created by the indiscriminate disclosure of an individual's SSN. According to the Wall Street Journal, Fidelity Investment offers a toll-free telephone service that -- upon entry of a Social Security number -- provides an audio summary of a customer's investment portfolio. The system, which does not use a single-purpose, personal identification number ("PIN")/10/ to verify a caller's identity, permits anyone knowing the SSN of any Fidelity customer to access that individual's confidential account information. Clements, "Finding Out How Your Neighbor Invests is a Free Phone Call Away," Wall Street Journal, February 4, 1991, page C1.
The Boston Globe has reported that there are more than 300 cases of fraud involving SSNs each year in Massachusetts. "Authorities say that, with another person's Social Security number, a thief can apply to obtain that person's welfare benefits, Social Security benefits, credit cards or even the victim's paycheck." Neuffer, "Victims Urge Crackdown on Identity Theft," The Boston Globe, July 9, 1991. In California, reported cases of SSN fraud increased from 390 cases in 1988 to an estimated 800 cases in 1991. Anwar, "Thieves Hit Social Security Numbers: Fouled Up Benefits and Credit," San Francisco Chronicle, August 30, 1991, page 1.
The recent congressional testimony of the Deputy Inspector General of the Department of Health and Human Services provides additional evidence.
The SSN is a critical element of identification used in nearly every sector of American society. As such, it has been targeted for abuse in a wide variety of criminal activities. The SSN can be used to obtain Social Security or other government benefits, driver's licenses, credit cards, and passports. We often see persons who commit a wide range of credit fraud and other crimes using false SSNs to conceal their true identity. ...
* * *
Of the 1,066 criminal convictions the [Office of Inspector General] obtained in fiscal year 1991 relating to fraud in Social Security programs, 590 involved unlawful use of SSNs.
Statement of Larry D. Morey, Deputy Inspector General for Investigations, Department of Health and Human Services, before the Subcommittee on Social Security and Family Policy, Committee on Finance, U.S. Senate, February 28, 1992, at 5-6.
The HEW advisory committee recognized the problem in 1973, noting that "[a]s long as the SSN of an individual can be easily obtained ... , both individuals and the organizations that use it as a password are vulnerable to whatever harm may result from impersonation." HEW Report at 132.
"A further problem with the use of the SSN as an identifier is that it makes it hard to control access to personal information." C. Hibbert, What to do When They Ask for Your Social Security Number (1992) at 3.
Even assuming you want someone to be able to find out some things about you, there's no reason to believe that you want to make all records concerning yourself available. When multiple record systems are all keyed by the same identifier ... it becomes difficult to allow someone access to some of the information about a person while restricting them to certain topics.
The Court should regard the disclosure of the SSN as a critical problem of public safety and information privacy. The number is akin to the combination of a safe containing an individual's most intimate possessions. Sensible information practices would mandate that the use of the number be carefully controlled. The non-consensual disclosure of an SSN is tantamount to the disclosure of highly personal information.
C. The Need to Restrict the Use of Personal Identification Numbers is Widely Recognized in Other Countries
The particular privacy problem of multi-use identification numbers, such as the SSN, is not unique to the United States. In Canada, "the abuse of the Social Insurance Number is the only privacy issue that has regularly commanded the attention of members of the House of Commons in the last twenty years." D. Flaherty, Protecting Privacy in Surveillance Societies 281 (1989). The Canadian government has taken steps to prevent the Social Insurance Number from becoming a universal personal identifier; a separate employee identifier is being introduced for federal employees, and the matching of computer files is being reduced./11/
In France, the memory that identification numbers on government records were used to round up Jews during the Nazi occupation has played an important role in the efforts to restrict the use of such numbers. At a meeting of European data protection commissioners in 1980, France's National Commission on Informatics and Freedoms prevented the development of international identity cards, the use of personal identification numbers, and the assignment of a new unique number to each recipient. Its solution was to attach a number to the card and not the person, so that if a card was lost, the individual received a new number. D. Flaherty, Protecting Privacy in Surveillance Societies 227 (1989). The use of the card became a matter of national debate in 1981. In an election statement on informatics, Francois Mitterand stated that "the creation of computerized identity cards contain a real danger for the liberty of individuals." Id.
Today, as the Europeans consider the development of a continent-wide standard for data protection, controlling the possible misuse of unique identifiers remains a central concern. Portugal's new constitution forbids the interconnection of files save in exceptional cases, and it is clear that "citizens shall not be given all purpose national identification numbers." Greece has instituted a system of national identity numbers for certain public sector data files, but the linkage of these files is forbidden by law. In Australia, the Privacy Act of 1988 forbids the use of the tax file number as a national identification system by "whatever means." M. Spencer, 1992 And All That: Civil Liberties in the Balance 60 (1990).
II. The Courts have Recognized that Disclosure of an SSN Violates Personal Privacy Rights
The federal courts have recognized that substantial privacy interests are implicated in the disclosure of SSNs. Without exception, every court that has had occasion to consider the issue has reached the conclusion that the non-consensual release of an SSN by a federal agency would constitute "a clearly unwarranted invasion of personal privacy." See, e.g., IBEW Local No. 5 v. Department of Housing and Urban Development, 852 F.2d 87, 89 (3d Cir. 1988).
In cases decided under the Freedom of Information Act ("FOIA"), 5 U.S.C. Sec. 552, the courts have held that disclosure of SSNs is precluded by Exemption 6 of the FOIA, which restricts the release of "personnel and medical files and similar files the disclosure of which would constitute a clearly unwarranted invasion of personal privacy." Id. Sec. 552(b)(6). See, e.g., Painting and Drywall Work Preservation Fund, Inc. v. Department of Housing and Urban Development, 936 F.2d 1300 (D.C. Cir. 1991); Local 3, IBEW v. Nat'l Labor Relations Board, 845 F.2d 1177 (2d Cir. 1988); Oliva v. United States, 756 F. Supp. 105 (E.D.N.Y. 1991); Aronson v. Internal Revenue Service, 767 F. Supp. 378 (D. Mass. 1991); Painting Industry of Hawaii Market Recovery Fund v. Department of the Air Force, 751 F. Supp. 1410 (D. Hawaii 1990)./12/
In IBEW Local No. 5, a union sought the release of, inter alia, the SSNs of non-union employees working for a federal contractor./13/ The Third Circuit began its analysis by noting that "there is a presumption in favor of disclosure" in FOIA cases. 852 F.2d at 89./14/ Nonetheless, the court found that "the disclosure of the Social Security numbers would constitute a clearly unwarranted invasion of privacy and is therefore barred by Exemption 6." Id. The court looked to the congressional policy embodied in the Privacy Act.
The employees have a strong privacy interest in their Social Security numbers. Congress has recognized this privacy interest by making unlawful any denial of a right, benefit, or privilege by a government agency because of an individual's refusal to disclose his Social Security number. Moreover, in its report supporting the adoption of this provision, the Senate Committee stated that the extensive use of Social Security numbers as universal identifiers in both the public and private sectors is "one of the most serious manifestations of privacy concerns in the Nation."
Id. (citations omitted).
Having recognized an individual's "strong privacy interest" in his or her SSN, the Third Circuit cited the risk that the SSN, if disclosed, could be misused and noted that "once a number is public knowledge, it could wind up in anyone's hands." Id. (emphasis added). Likewise, this Court has recognized the harm that would flow from the FOIA disclosure of federal employees' home addresses:
[e]mployees have a strong privacy interest in their home addresses. Disclosure could subject the employees to an unchecked barrage of mailings and perhaps personal solicitations, for no effective restraints could be placed on the range of uses to which the information, once revealed, might be put.
American Federation of Gov't Employees v. United States, 712 F.2d 931, 932 (4th Cir. 1983) (emphasis added).
Once an SSN "wind[s] up in anyone's hands," the potential privacy ramifications are substantial. While the disclosure of this multi-use identifier might not cause immediate harm to the individual, it is the subsequent use that might be made of the SSN that is determinative. As the D.C. Circuit emphasized in protecting the names and addresses of federal annuitants from disclosure under FOIA,
[i]n virtually every case in which a privacy concern is implicated, someone must take steps after the initial disclosure in order to bring about the untoward effect. Disclosure does not, literally by itself, constitute a harm .... Where there is a substantial probability that disclosure will cause an interference with personal privacy, it matters not that there may be two or three links in the causal chain.
National Ass'n of Retired Federal Employees v. Horner, 879 F.2d 873, 878 (D.C. Cir. 1989).
The judicial authority recognizing an individual's privacy interest in the confidentiality of his or her SSN -- and in the information to which the SSN is a key -- provides strong policy arguments against the practice challenged here. And, as amicus has shown, the potential for injury is not hypothetical. Instances of fraud and invasion of privacy have increased markedly as non-essential uses of the SSN have proliferated. In recognition of this potential harm, the Court should scrutinize closely any claim that the collection and dissemination of the SSN is necessary to advance a compelling state interest. See, e.g., Norman v. Reed, 112 S. Ct. 698, 705 (1992); Anderson v. Celebrezze, 460 U.S. 780, 789 (1983).
III. The Collection and Dissemination of the SSN for Election Purposes is Unnecessary and Serves no Significant State Interest
Given the demonstrated risks inherent in the collection and dissemination of the SSN, the challenged practice should only be sustained if it is shown to be absolutely necessary and if less intrusive alternatives do not exist. In fact, there are viable alternatives that would serve the state's interest in administering its system of voter registration.
Every day, organizations and institutions make decisions about the design of their records systems and whether the use of the SSN is necessary or appropriate. While some entities do opt to use the SSN, many other organizations avoid the SSN and develop their own, oftentimes more accurate, numbering schemes./15/ Similarly at the state level, some states have placed an unnecessary reliance on the SSN while others have developed better, less intrusive policies./16/ Single-purpose identification cards without universal identifiers can actually enhance personal privacy by restricting the extent of a person's identity that must be disclosed to interact with a large institution. Library cards and driver's licenses are examples of such limited purpose cards./17/
The practices of other states demonstrate that voter registration systems can, indeed, be administered without resort to the SSN. According to a report compiled by the Federal Election Commission ("FEC"), the nation's five most populous states -- California, New York, Texas, Florida and Pennsylvania -- do not require their citizens to provide SSNs when registering to vote. Federal Election Commission, National Clearinghouse on Election Administration, Technical Report 2 (February 1992). If California, with 14 million registered voters (according to the FEC) can administer its registration system without requiring the SSN, it is difficult to fathom why Virginia, with 2.9 million voters, cannot do the same./18/
Aside from the question of Virginia collecting the SSN, there remains the issue of the state disclosing it. While the state might claim a marginal interest of "administrative convenience" in support of the collection of the SSN, but see Harman v. Forsenius, 380 U.S. 528, 542 (1965), there is no articulable justification for the disclosure of the number. In the face of the obvious and proven harm inherent in the disclosure of an individual's SSN, Virginia's reckless and unnecessary policy cannot be sustained.
The unnecessary collection and disclosure of Social Security numbers constitutes a substantial invasion of privacy, as Congress, the Social Security Administration and the courts have recognized. In enacting the Privacy Act, Congress was motivated, in large part, by a desire to curtail the proliferating use and disclosure of the number. Virginia's requirement that Social Security numbers be provided -- and freely disclosed -- as a condition of voting places an unwarranted and substantial burden on the exercise of that fundamental right. The decision of the district court should be reversed.
DAVID L. SOBEL
Computer Professionals for Social Responsibility
666 Pennsylvania Avenue, S.E.
Washington, DC 20003
Counsel for Amicus
June 30, 1992
1 See, e.g., "The Redesign of the National Crime Information Center (NCIC)," the Subcommittee on Civil and Constitutional Rights, Committee on the Judiciary, House of Representatives, May 18, 1989 reprinted in FBI Oversight and Authorization Request for Fiscal Year 1990, 101st Cong., 1st Sess. 512 (1989); "The Computer Security Act of 1987 (P.L. 100-235) and the Memorandum of Understanding Between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA)," the Subcommittee on Legislation and National Security, Committee on Government Operations, House of Representatives, May 4, 1989 reprinted in Military and Security Control of Computer Security Issues, 101st Cong., 1st Sess. 80 (1989); "Amendments to the Fair Credit Reporting Act, before the Subcommittee on Consumer Affairs and Coinage of the Committee on Banking, Finance and Urban Affairs, House of Representatives, June 12, 1990, reprinted in Amendments to the Fair Credit Reporting Act, 101st Cong., 2d Sess. 774 (1990).
2 The Association for Computing Machinery ("ACM") Code of Professional Conduct states that:
EC5.1 An ACM member should consider the health, privacy, and general welfare of the public in the performance of his work.
EC5.2 An ACM member, whenever dealing with data concerning individuals, shall always consider the principle of individual privacy and seek the following:
To minimize the data collected;
To limit authorized access to the data;
To provide proper security for the data;
To determine the required retention period of the data;
To ensure proper disposal of the data.
The Data Processing Management Association ("DPMA") Code of Ethics, Standards of Conduct and Enforcement Procedures states:
"In Recognition of My Obligation to Society I Shall: Protect the privacy and confidentiality of all information entrusted to me"
The preliminary code of ethics for the International Federation of Information Processing ("IFIP") makes data protection a central provision of Individual Professional Ethics:
1.2 Protection of Privacy
Information Technology Professionals have a fundamental respect for the privacy and integrity of individuals, groups, and organizations. They are also aware that computerized invasion of privacy, without informed authorization and consent, is a major, continuing threat for potential abuse of individuals, groups, and populations. Public trust in informatics is contingent upon vigilant protection of established cultural and ethical norms of information privacy.
20 Computers & Society 36 (March 1990) (emphasis added).
3 The Association for Computing Machinery, for instance, passed the following resolution in 1974:
The Council of the ACM states its concern over the absence of legislative safeguards against the misuse of universal identifiers, including the Social Security Number, and urges the prompt generation and passage of such legislation.
4 Willis H. Ware, a noted computer scientist at the Rand Corporation and an advisor of CPSR, chaired the Secretary's Advisory Committee on Automated Personal Data Systems of the Department of Health, Education & Welfare. That Committee produced Records, Computers and the Rights of Citizens (1973), a landmark report which outlined the privacy risks of automated record sys-tems, recommended various safeguards, and gave rise to the Privacy Act of 1974, the most comprehensive privacy law in the United States. Joseph Weizenbaum, an emeritus pro-fessor of Computer Science at MIT and a member of CPSR, was also a member of the Advisory Committee.
Subsequent reports by the Office of Technology Assessment have often relied heavily on computer scientists to assess the privacy risks on automated information systems. See, e.g., Defending Secrets, Sharing Data: New Locks and Keys for Electronic Information (1987). See also National Research Council, Computers At Risk: Safe Computing In the Information Age (1991).
5 See, e.g., Rein Turn, "Information Privacy Issues for the 1990s," 1990 IEEE Symposium on Security and Privacy 395.
6 See, e.g., "Protecting the Privacy of Social Security Numbers and Records," the Subcommittee on Social Security and Family Policy, Committee on Finance, U.S. Senate, February 28, 1992;Use of Social Security Number as a National Identifier: Hearing Before the Subcommittee on Social Security, House Committee on Ways and Means, 102d Cong., 1st Sess. (February 27, 1991) (testimony of Marc Rotenberg, Director, CPSR Washington Office).
7 See, e.g., Ingerman v. Internal Revenue Service, et al., No. 91-5467 (3d Cir.) (amicus brief of CPSR).
8 While the Court's analysis of Fourth Amendment claims under the Katz test has raised substantial questions about the impact of technological change upon "the reasonable expectation of privacy," see, e.g., Rakas v. Illinois, 439 U.S. 128, 431 n. 12 (1978); see also Amsterdam, Perspectives on the Fourth Amendment, 56 Minn. L. Rev. 349 (1974), where Congress has sought explicitly through statutory authority to regulate an information practice, the privacy protection must be broadly construed.
9 Likewise, considerations of bureaucratic convenience will not sustain unwarranted barriers to the exercise of voting rights -- the issue that is central to this case. As the Supreme Court has held, "constitutional deprivations may not be justified by some remote administrative benefit to the State." Harman v. Forsenius, 380 U.S. 528, 542 (1965).
10 Personal identification numbers ("PINs") refer to any identity number associated with a card. In the United States, an individual may have many PINs: a bank ATM card, a telephone charge card, a workplace access card. In other countries such as Sweden and Australia, the term "PIN" is often used to refer to a universal tax number, similar to the SSN in the United States, and therefore raises much of the same concern as the SSN.
11 Privacy Laws & Business, February 1989, at 4, quoted in M. Spencer, 1992 And All That: Civil Liberties in the Balance 60 (1990). See also Access Reports, July 11, 1990, at 6.
12 Amicus' research has uncovered no case in which a court has authorized disclosure of SSNs under the FOIA.
13 In that case, the Union sought payroll records from the United States Department of Housing and Urban Development ("HUD"). HUD released the payroll records, including the employees' work classification, hours worked, rates of pay, and gross and net pay levels. However, HUD withheld the employees' names, home addresses, and Social Security numbers.
14 The Third Circuit held in IBEW Local No. 5 that the disclosure of the names and addresses of the employees would not constitute an unwarranted invasion of privacy. 852 F.2d at 92. Although this Court has not had occasion to consider the withholding of SSNs under FOIA, it has long held that disclosure of the addresses of federal employees under FOIA would constitute an unwarranted invasion of privacy. American Federation of Gov't Employees v. United States, 712 F.2d 931 (4th Cir. 1983).
15 From a technical viewpoint, the SSN is a poorly designed numbering scheme for personal identification. It lacks a "check sum digit," i.e., a procedure for determining the facial validity of the number.
16 For instance, the Maryland Motor Vehicle Administration announced earlier this year that it will no longer require applicants to divulge their SSN when obtaining or renewing driver's licenses. Nor does Maryland print the SSN on its licenses. "Md. Forgets the Number," Washington Post, February 27, 1992, at C6.
17 Computer scientists have developed new verification and identification methods that protect security and privacy for individuals while providing businesses and government agencies with the information they need for commercial transactions and user authentication. See, e.g., Chaum, "Security Without Identification: Transaction Systems to Make Big Brother Obsolete," Communications of the ACM (October 1985).
18 According to the FEC, voter registration figures for the 1988 presidential election in the other large states which do not require SSNs were as follows: New York, 8.6 million; Texas, 8.2 million; Florida, 6 million; and Pennsylvania, 5.9 million. Federal Election Commission, National Clearinghouse on Election Administration, Technical Report 1 (February 1992).