Apr 16, 1998
Posted to WWWDEV on 16 Apr 1998
Just a short, cynical note on social security (social insurance in Canada) numbers.
1. One number, two numbers, ten numbers: it makes no difference. It takes just a little very simple programming to create an associative database.
2. These databases are *already* linked. It's no coincidence that, when you update my address with Revenue Canada, that the change is reflected shortly thereafter with the Credit Bureau. And it's no coincidence that if your Hydro (electricity) bill goes up, that you will get a visit from the RCMP (police) on the off-chance that you are cultivating marijuana.
One point of these two points is to stress the fact that the 'Big Brother is Watching' scenario is already here. What keeps it from being more intrusive is that, for the most part, Big Brother doesn't care.
A second point which is really essential is that government and corporate databases ought, for the most part, to be treated as a single entity. People who are quite worried about this sort of thing should be as worried about corporate intrusion into their lives as they are about government intrusion.
The digital age means the rapid transfer and merging of data. The creation of complex and comprehensive personal records is an inevitability. There is too much money at stake for this not to happen.
A more substantial issue was raised by Chris Frank. Your records - your SIN number and employment history, credit rating, bank account balance, medical history, etc. - are all about you. However, the person who has the least influence over how they are maintained is you. When an error occurs in one of those records - as happens with appalling frequency - it is virtually impossible to get that record changed. For the most part, it is virtually impossible even to *see* your records.
In my opinion, a very significant issue which will arise concerns the question of ownership of personal data. One the one hand, we will see government and industry regard this information as corporate property. On the other hand, we will see individuals seeking to maintain control over their own data. This is going to be a big issue one day, as these records are worth, collectively, billions of dollars (why do they give you Club Z or Air Miles cards? So they can track purchases, especially purchases by postal code (which in turn are matched to income groups), which helps them target advertising and marketing).
For my part, when considering questions like: should we ask students for their SIN (social insurance number), I approach it this way: first, government demands that we collect the information anyways, so we're going to do it. Second, when a SIN is sent over the internet, that is probably the most secure part of the transaction. Once it enters college and/or government databases, it's going to leak all over the place anyways. So, third, as much as I can, I place the ownership of student infromation into student hands so they can manage their own information in their own way.
Oh yeah, a p.s.
How do I know these databases are linked?
As a matter of routine (and perhaps a little rebellion), I submit different information to different sources. Mostly, I do it in very innocuous ways - for example, I give each agency I associate with a slightly different postal code. This information tracks its way through the system and shows up again in some of the most unexpected places.