I was one of many volunteers at a local branch of a nonprofit where I had volunteered for years. The nonprofit, concerned about abuses that seemed to be everywhere in the “helping world,” decided to begin doing background checks on its volunteers. A meeting was called and about thirty of the volunteers at that location were present. There were several hundred volunteers combined at all locations.
A representative of the company doing the background checks gave a presentation. Of course, the company wanted Social Security Numbers, and, of course, many long-term volunteers were concerned. The company representative told us that the computerized records would be in an encrypted database.
It is well-known that many identity thefts and identity breaches are inside jobs, often made easier by poor security practices within companies possessing confidential data. In this case, I was concerned about both what the company representative didn’t say. Here’s what I expected him to describe:
- How would they handle the paper forms filled out and turned in at the presentation meeting?
- Would the forms be copied and, of so, where would the copies be kept?
- Who would have access to the paper forms and/or copies?
- Would there be a digital record of the information, in the form of a spreadsheet or a database? (More on this particular issue later in this post.)
- If there was a digital record, would it be stored in a laptop or portable device, potentially accessible to thieves?
- Who would have access to this?
The company representative didn’t say anything about this, leading me to believe he hadn’t thought the issues out, or didn’t think his audience was deserving of at least a short discussion of them.
What the company representative did say was even worse. He described the form the volunteers were asked to fill out and began by indicating that they were to enter the last four digits of their Social Security Number in a box on the first page and their full Social Security Numbers later in the form. This made no sense to most of the audience. They questioned the representative and he said that the numbers would be used as identifiers. Really? Identifiers into what? A database? A spreadsheet? Something else?
Here’s the first issue. Any competently designed database using identifiers as primary keys would make sure that different records each have different primary keys. At first glance, it would seem highly unlikely that any of the 30 volunteers at this location would have the same last four digits of their SSN. To quote from Porgy and Bess, “It ain’t necessarily so!” You may want to read up on the “Birthday Problem” at the URL https://en.wikipedia.org/wiki/Birthday_problem before reading the mathematics in the next paragraph.
The reason there may be duplicate primary keys is that there are 10,000 possibilities for four digits. This means 10,000 possibilities for the first person, 9,999 possibilities for the second person not to match the first, 9,998 possibilities for the third person not to match either of the first two, and so on. I ran a small Excel spreadsheet using the Fill command to enter the series of numbers from 1 to 10,000 in a column. I then created a Product of the numbers from 9,970 (10,000 – 30) with each number divided by 10,000. A probability greater than zero indicates that probability of a duplicate. Clearly the “database” wasn’t a database, but was, in fact, a spreadsheet. A spreadsheet probably doesn’t have the protections to restrict access to fields that should be kept private from as many employees as possible.
The second issue is that knowing the last four digits of a Social Security Number and having an idea of where a person was born can easily lead to determining the person’s full SSN. Look at the webpage by http://stevemorse.org/ssn/ssn.html by the famous genealogist Stephen P. Morse; his webpages are a must for any genealogist. Try to see if you can find your own SSN easily from the four digits and area of birth.
What did I do? I debated raising the issues described in this post, but decided that I was not the focus of the discussion. Instead, I turned in my ID badge and access card, ending my volunteer work digitizing microfilmed records that had deteriorated.
Do you think I made the right choice?