The recent revelation that a database at the University of Maine had been hacked and that student and staff information, including Social Security numbers and dates of birth, had been accessed, should spur state officials to build a firewall between residents and public institutions. Specifically, the university system and public K-12 schools should be required to use identification that does not rely on Social Security numbers and dates of birth.
For decades, many colleges and universities used Social Security numbers as student ID numbers. The numbers were often required to be included on student tests and papers. As identity theft became a well-used method of defrauding people, institutions began shielding that information. But with the rise of the Internet, a new way to access personal information emerged.
A better way is to limit the use of Social Security numbers and dates of birth. That information should be required when students enroll, and in exchange for providing it, the college or university should issue an identity card that is used for all services. Such a system is similar to the passport system, which requires applicants to provide unique identifying documents, but does not reproduce them.
One Maine school district already is pushing back against a law that has not yet gone into effect which would increase the use of Social Security numbers. LD 1356, enacted in 2009 by the Legislature, requires the state Department of Education to “implement an automated system that matches the Social Security numbers of former participants in state educational and training programs with information in the files of state and federal agencies that maintain educational, employment and United States armed services records.” The law, which goes into effect in the fall, was conceived as a way to track students as they enter the work force to better evaluate educational programs.
But the SAD 44 school board, which oversees education in the Bethel-Andover area, last month unanimously approved a resolution asking the Legislature to rescind the law. School board members said the law was an invasion of privacy and urged district staff to explain to parents they can opt out of reporting.
The SAD 44 resolution will be submitted to the Maine School Board Association in the fall, seeking its endorsement.
The University of Maine database was not the first to be compromised, and it certainly won’t be the last. In 2006, some 26 million Social Security numbers were stolen from Veterans Affairs. In the electronic age, that nine-digit number, along with a name and a date of birth, are often enough to access bank accounts and open a credit card account. Rather than misplaced paranoia about government tracking citizens, the legitimate fear about such personal data is that once compromised, it becomes difficult to live in a world that relies so heavily on this information. It should be required only when absolutely necessary and then guarded carefully.