Government data can't be wrong, right?
Have you ever tried to prove you’re not dead? It's harder than you would imagine.
Every few years, the media reports a story about a person who somehow was accidentally marked dead in a government database, detailing the trials the individual had to endure to be resurrected. In the meantime, their Social Security payments stopped, their bank accounts were frozen, and credit was unavailable. Some 9,000 people are digitally “killed” each year, and it can take as many as five years to be brought back to “life.”
Aside from the awkwardness encountered by the not-really-dead person, such incidents also mean that government—and computer-based systems in general—lose credibility. So how do situations like this happen?
“Knowing that you die is the key thing,” says Peter Tyler, an investigator with the Project on Government Oversight, a Washington, D.C., nonprofit that works to shed light on the U.S. government's activities. The Death Master File, administered by the Social Security Administration (SSA), keeps track of deaths. Unfortunately, sometimes the Death Master File has mistakes. (Yes, this is your cue to recite the Monty Python skit.)
Moreover, SSA actually maintains two versions of the death data, one of which is public and accessible by the private sector. That file is not a complete set of data, Tyler says, and it’s growing less complete every year because it doesn’t include all the data transferred to SSA by the states. That creates a problem, because private firms—such as insurance companies and some federal agencies, such as the Federal Emergency Management Agency and the Drug Enforcement Administration—have access to only the partial list.
In 2013, the Government Accountability Office issued a report, titled "Preliminary Observations on the Death Master File," in which the agency made a number of recommendations to improve the system. Some of the suggestions were implemented, says Tyler, who staffed a Department of Homeland Security hearing on the subject.
In addition, some hackers may have been breaking into systems to falsely declare people dead or newly born. In 2015, speaking at the DEF CON security conference, Chris Rock, CEO of Australian-based security company Kustodian, described the process. Essentially, he said, it requires obtaining information from the doctor registration system and using that information to create birth and death records. “Zero verification,” he told the Christian Science Monitor. “You can kill somebody in about 10 minutes.”
The opposite situation comes up, too. People can die without anybody ever informing Social Security, which is why a 2015 Office of the Inspector General report found 6.5 million people in the Social Security system listed as more than 112 years old. (The oldest verified person who’s ever lived, Jeanne Calment, died in France in 1997 at age 122.) It’s estimated that more than $3 billion in Social Security income was distributed on behalf of these people. Yet, the government doesn’t want to pick an arbitrary age and declare that people older than that surely must be dead, because sometimes they aren’t—and if it’s tough for a 40-year-old person to prove they are alive, it’s even tougher for a centenarian.
“Some deaths aren’t reported,” Tyler says. ”We don’t keep records that closely. We don’t have Big Brother. But it’s a problem as far as recordkeeping.” Part of the issue is that deaths are recorded on the local level, and there isn’t a standard way to record and consolidate the data.
And then there’s the case of Alecia Faith Pennington, who was born at home and home schooled, and never visited a doctor or a hospital. Consequently, she didn’t have a birth certificate or a Social Security number, which meant she couldn’t get a job, go to college, or get a driver’s license. Finally, after an extensive social media campaign, the Texas legislature put forth a bill that would let her obtain a delayed birth certificate.
Government database errors aren’t just a matter of life and death. People can also falsely get listed on databases of criminals or terrorists. It’s not like "CSI: Crime Scene Investigation," where there is a single central database of everyone in prison, Tyler says. While there is a federal database of people incarcerated at the federal level, it doesn’t include state-level prisons, municipal prisons, or county jails. “That’s a lot of people,” he says. “If my brother disappears and I think he’s in prison, there’s no central way to find that out.” Prisons are offered incentives to share information, but they aren’t required to. Due to the separation of powers, the federal government cannot compel states and localities to provide that data, Tyler says.
Government data in private hands can be wrong, too
It’s not just the government that keeps track of such things. Private companies act as pass-throughs or aggregators, collecting government data, which may not be updated if the government data changes. For example, a 2012 study by the National Consumer Law Center found that companies that cull public information databases on potential employees “routinely contain errors, mismatch people, or misclassify criminal offenses.” The report, "Broken Records: How Errors by Criminal Background Checking Companies Harm Workers and Businesses," recommended that the Consumer Financial Protection Bureau draw up regulations to ensure that background checks are accurate and require companies providing those background checks to register with the bureau so consumers can correct false or misleading information. In addition, the report recommended that the Federal Trade Commission investigate these companies to protect consumers from false information.
Similarly, the Electronic Frontier Foundation (EFF) is fighting a proposed bill in Congress that would require private employers to use E-Verify, a federal data system administered by the DHS, SSA, and U.S. Citizenship and Immigration Services, to verify the eligibility of job applicants to work in the United States. The EFF is concerned about the possibility of a data breach, errors in the E-Verify system, recordkeeping for name changes (such as through marriage), and in general the effect of making it harder for people not born in the U.S. to get jobs.
It’s bad enough to be falsely listed as dead. It’s even worse if your name becomes a record in the post-9/11 terrorism database, because much of the information about the database itself, as well as the reason for an individual’s inclusion, is secret. In 2014, then Attorney General Eric Holder invoked the state secrets privilege to prevent watchlisting guidelines from being disclosed in litigation launched by an American who was on the no-fly list, calling them a “clear roadmap” to the government’s terrorist-tracking apparatus, wrote Jeremy Scahill and Ryan Devereaux in "The Intercept." People in the terrorism databases included Sen. Ted Kennedy, Bolivian President Evo Morales, Lebanese parliament head Nabih Berri, and even a Cub Scout who got his first airport pat-down at age 2. And unlike the Death Master File, your name can stay on the terrorism database even if you die.
How to do data hygiene right
Data cleaning or data scrubbing is important in any database management process. But it’s even more so when lives are at stake and it’s a distant government agency collecting that information.
Fixing government database errors is one thing, but how can governments keep the mistakes from happening in the first place? Certainly, more tightly integrated government applications make a difference, says Munir Ismet, global lead for digital government and strategic alliances, Public Sector & Healthcare, at Hewlett Packard Enterprise.
For example, instead of having to report to multiple government agencies that you have a new baby (to, say, collect benefits and services to which you’re entitled), in a well-designed smart city infrastructure, you only have to tell one organization and everything else will be provided proactively, Ismet says. “You can run a workflow across government applications to make them understand that this has happened,” he says. “As applications get modernized, this happens in a more efficient fashion.”
Another improvement may come from enhanced security, through methods such as identity management systems, Ismet says. The application checks authenticity and identity; it also monitors hacking attempts and even shuts down the software if necessary.
However, improved security doesn’t necessarily help in the case of typos, Ismet says, suggesting that agencies run audits to check for inaccurate information. “Unfortunately, this happens after the event,” he acknowledges.
After the GAO report, legislation to make agencies respond more promptly to cases of mistaken death was passed by the Senate but not by the House, Tyler says. “Because that law wasn’t passed, it’s unclear how much they’ve improved the system.”
Government database errors: Lessons for leaders
- Even if your business isn’t involved in declaring people dead, it probably has other functions that are just as final. As much as possible, government agencies should look for ways to avoid making irrevocable decisions, such as checking before deleting a large customer record or otherwise eliminating large amounts of data, particularly based on just one indication.
- Because mistakes do happen, be sure to have a process for backing them out, whether it’s bringing people "back to life" or recreating their company history.
- Build in ways to check data that seems odd, whether it’s people who’ve lived to more than 120 years old or too many people residing in what turns out to be a vacant city block.
This article/content was written by the individual writer identified and does not necessarily reflect the view of Hewlett Packard Enterprise Company.