I had posted earlier about Social Security's plan to encrypt the CDs of client files sent to attorneys and others who represent Social Security claimants. The comments this post received are worrisome enough that I think they are worth bumping up to a full post:
What I wonder is whether this encryption even helps secure these files. Doesn't Social Security have to send all the information needed to decrypt the files when it sends the CD to the person representing the claimant? A CD with no identifying information is useless. A CD with full identifying information can be decrypted by anyone. Social Security could send the CDs with just the name or the Social Security number but that is problematic. Unless the attorney is using a database -- and most do not -- sending just the Social Security number would not be enough to allow the attorney to figure out whose CD it is. For that matter, it is not difficult to go online and find out a person's identity using their Social Security number. Sending just the name would not be enough in many cases to allow identification of the claimant. A friend of mine who practices in Texas has told me that he has many clients with identical names such as Jose Rodriguez or Maria Hernandez. I do not have so many Hispanic clients but my firm certainly has clients with duplicate names. It happens all the time.