"We can't protect the Social Security number because we have to disclose it for every aspect of our military lives; it's a necessity," Conti, an Army intelligence officer and computer science professor at the United States Military Academy at West Point, says in an interview with GovInfoSecurity.com. "Getting a flu shot, any reason I have to disclose my Social Security number or getting my laundry done?"
Conti contends the military's relatively lax policy on personal identity information places service personnel at high risk for identity theft. He and three fellow senior officers who also teach at West Point this week published a paper, entitled The Military's Cultural Disregard for Personal Information, that details the problem and offers solutions.
"We use the Social Security number in every aspects, both mundane and sensitive," Conti says. "We use the Social Security number as an identifier and as a password. Children 10 years old and up have a military ID card with their sponsor's Social Security number on it. It's in every facet of our lives. It's in our recycling bins. We shout it out in formation; we thumbtack it to bulletin boards. It's everywhere, so we're courting disaster in how we us it."
In the interview, with GovInfoSecurity.com's Eric Chabrow, Conti:
- Explains how and why the military began using Social Security numbers ubiquitously;
- Provides examples on how personal identifiable information is misused; and
- Offers suggestions how to fix the problem.
Conti is an out-of-the-box thinker, who along with Army Col. Col John "Buck" Surdu wrote an article proposing a fourth, coequal military branch focused on cybersecurity, which he described last year in an interview with GovInfoSecurity.com: Culture War: Making Cyber Career Military Friendly.
He earned a bachelor degree in computer science at West Point in 1989, a year before laptops became standard issue to all cadets, as he points out. Since then, Conti received master and doctorate degrees in computer science from Johns Hopkins University and Georgia Institute of Technology, respectively. He also has written two books on cybersecurity, Googling Security(Addison Wesley, November 2008) and <Security Data Visualization (No Starch Press, September 2007).