Hey, wanna see if you’re a terrorist? Excuse me–“Specially Designated National or Blocked Person?” Thanks to the Department of the Treasury, you can, in PDF or ASCII flavors! (As stated above, I do feel like getting arrested, so I was going to write a form script that would search the file for you, but it’s 1.35Mb of unmarked-up plaintext, and I don’t want to kill my webhost with that much sequential search.)
I’m aware of this list because today I had to write down some personal info and sign a release form at work. My company could be getting a federal contractor as a client, so every employee name has to be checked against the list. Fair enough. I don’t like that, but it is the law.
I do have a problem, though, with the fact that we contracted an outside firm to do the checking. Everybody in this company had to sign a paper saying that neither my employer nor this firm were liable for any consequence of having yourself checked. Then everybody had to print his or her first, middle and last names, DOB, and SSN. The forms will be sent off to VeriCorp, who of course can be trusted with my SSN and corresponding information! I guess!
Keep in mind that my employers are probably paying thousands of dollars for this: VeriCorp is going to take a list of a few hundred names, then they’re going to take the text file linked above, and they’re going to have some people hit CTRL-F a few times. And if one of those people makes a typo and you go to Secret Terrorist Jail, whoops! Oh well! They’re not liable!
I am making use of hyperbole here, obviously. Nobody’s going to go to jail; if you’re on the SDN list and the FBI doesn’t know where you are, you’re certainly not going to be working under your real name, much less putting it down on that form. This whole thing is a redundancy measure, a legal fallback.
My point is that there is no reason to be sending hundreds of people’s personal info to an outside contractor, liability-free, when the list is publicly available, and we have an in-house software development team who are all experts at data correlation. I guess the potential client doesn’t trust us to verify our own employees, because we’re an interested party in the negotiations. But if they don’t trust us to verify the information correctly, why trust us to send it correctly in the first place?