Government databases: The case against centralization By Christopher Kilmer web posted August 12, 2002 In the 1950s, computer makers pioneered information collection and retention systems, otherwise known as "databases." Databases make information instantly accessible and have sparked a revolution in the business world, increasing productivity and profitability. This technology also revolutionized the way government does business, but with dubious results. Across the globe, governments are moving to create centralized databases containing sensitive, personal information. As usual, they have failed to learn from mistakes of both the past and the present. At first blush, centralizing databases seems like a fantastic idea. After all, centralized databases would be easily accessible by benevolent government agencies, while multiple servers would not. However, recent events both here and abroad underscore the danger to individual privacy that centralization brings and why it should be avoided. Just two weeks ago, the city of New York pulled an official online employment service after it discovered an enormous security breach that permitted anyone who visited the website to view home addresses and Social Security numbers. The city belatedly advised almost 2,000 applicants to "consider taking various precautions, including the contacting of all major credit bureaus, creditors and banking institutions." The online job bank security failure illustrates the horrors that government database mismanagement can bring. Now take that example and extend it to the national level. Last week Japan went online with a national identification database containing addresses, names and national identification numbers. Prior to the implementation of the database, such information was widely dispersed across a network of servers located in provincial government offices. Perhaps the most frightening aspect of this tragic development is that the new database uses off-the-shelf Microsoft Windows 2000/NT server software - a preposterous choice, since it has security holes big enough to drive a Toyota Land Cruiser through. Computer hackers, rejoice! The government of Japan has made your job ridiculously easy. As the Japanese will soon learn, when information is centralized, it is impossible to imagine everything that can happen if it falls in the wrong hands. The Dutch have already learned this lesson from painful experience. Of all Western European countries, the Netherlands lost the highest percentage of its Jewish population to deportation and murder by the Nazis. According to information systems expert Roger Clarke, "the existence of a detailed register was of considerable assistance to the Nazi invader, and resulted in easy identification and location of many people targeted for the most extreme form of racial discrimination." Happily, today the Netherlands mandates that all information pertinent to government interests be stored at the municipal level. This dispersed system not only keeps information separated from the national government by one more degree, but protects it from consolidation into a single database that would be that much easier for malicious individuals to hack. Can we trust the Feds to take measures to protect our personal data? So far, Uncle Sam has a laughable track record with database management. It was only last December that United States District Court Judge Royce Lamberth ordered the Interior Department to shut down all its websites until it could close major network security holes that would have allowed hackers to tamper with a system handling over $500 million in annual royalties from Native American lands. As I write this, seven months after the order, many Interior websites are still offline. What happened in New York City is about as bad as it gets for security flaws, but at least it was localized and affected a relatively small number of people. Should the U.S. go the way of Japan and the Netherlands and centralize citizens' identification numbers and other information, the potential for misuse of such data would skyrocket, and it won't just be New Yorkers whose information would be compromised, but the entire nation. It's not all doom and gloom, though. The misadventures of the Feds could have hilarious results, at least for naysayers like myself. Someday, the U.S. Department of Labor could create a centralized job bank with millions of addresses and Social Security numbers. I would then laugh at the fool at who will have to call 275 million Americans and tell them to contact all the major credit bureaus, their creditors and banking institutions. Christopher Kilmer is a summer research associate at the Free Congress Foundation (http://www.freecongress.org) Enter Stage Right - http://www.enterstageright.com