SSA's Ne result provides good lesson for us all


Robert Gellman


What has happened to the Social Security Administration’s Web

Last year, SSA tried to give people access to their personal account
information through the Internet. SSA’s Web site let individuals order an earnings
and benefits statement. The service attracted a high level of publicity following a USA
Today story suggested that personal records could be obtained improperly by someone who
knew a few of your personal pieces of information.

After intense media and congressional criticism, SSA closed down the site
to retool it for more security—and less functionality.

SSA’s experience is an important lesson learned for government
agencies and others seeking to do business on the Internet. SSA tried to do something
useful and innovative, and it got shot at for its troubles. But those who look longingly
at the potential of the Net should learn the right lesson.

Before continuing, a disclosure: I was hired by SSA to consult on the
retooling effort. The opinions expressed here, of course, are my own.

I have three basic points to offer. First, SSA had actually done a pretty
good job before setting up its Web service. The agency consulted with security people, and
it carefully and slowly tested its offering.

Yet to some, the agency didn’t do enough. SSA did not pay enough
attention to public relations and political concerns. Still, no matter how careful SSA was
in advance, it might not have mattered. The service touched three hot-button and
high-profile issues: Social Security numbers, privacy and the Internet.

Reporters especially love to hype the Internet angle on anything.
Activities routinely ignored by the media become front page stories when the Net is
involved. For example, more than a million marriages break up each year in the United
States alone. But when a spouse leaves a marriage because of an Internet relationship, it
makes for titillating footage on the TV tabloids.

Agencies must be aware of this. They must prepare for sharp and even
unfair reactions from the press, the public and Congress. The fear of criticism should
not, however, be used as an excuse for doing nothing.

This leads directly to my second point. Agencies must learn how to do
business on the Internet. Interest in Net services is clearly there. Criticism of the SSA
service did not come from the users. People who used the Internet service loved it, and
they want more. Net services are not only faster and more responsive, they are sometimes
cheaper as well.

For SSA, the cost of providing an earnings statement over the Internet was
measured in pennies. The cost of processing telephone and snail mail requests for the same
information was measured in dollars. In an era of downsizing and tight budgets, such
savings are important.

Finally, we all have to accept that computers and the Internet are
double-edged swords when it comes to privacy. They offer the prospect of better ways to
achieve privacy goals at the same time they create new threats to privacy.

Don’t be misled into thinking that privacy is the same as security.
Providing people with access to their own information is an important element of privacy
as well. That is one reason privacy advocates were not uniformly critical of SSA’s
original Web offering.

They recognized that what SSA was doing furthered privacy.

Security is important, too, but it is not the only concern. Advance
planning and consultation with users, security experts and privacy advocates can help
strike the right balance between sometimes competing objectives.

Don’t forget the folks on Capitol Hill, either. They hate to be
surprised by anything. When in doubt, they reach for a press release. Get them to buy in
as well.

SSA did a good job when it announced changes to its Net service last fall.
The new service will have increased authentication elements and reduced disclosure, but it
will still be valuable. It still does not offer perfect protection against interlopers.
That is impossible today.

But the improved service should be enough to satisfy just about everyone.

The only problem is that SSA hasn’t brought the service back online.
A revised and restructured Web page was supposed to be ready last December. It is not
clear what the problem is.

Using the Net to provide personalized service is the wave of the future.
Proceed with your eyes open, move cautiously, and talk to everyone. But proceed.

Robert Gellman, former chief counsel to the House Government Operations
Subcommittee on Information, Justice, Transportation and Agriculture, is a Washington
privacy and information policy consultant. His e-mail address is [email protected].

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.