Orthogonal Thought | Random musings from the creator of Cooking For Engineers and Lead Architect of Fanpop





More Social Security Numbers Publicly Available

Posted 20 April, 2007 at 1:19pm by Michael Chu
(Filed under: Life, Rant)

The New York Times reported today that the social security number of 30,000 people "who received loans or other financial assistance from two Agriculture Department programs were disclosed for years in a publicly available database, raising concerns about identity theft and other privacy violations". The first question that comes to mind, is why does this stuff keep happening?

Then, I think about it and it seems inevitable that SSN's will be leaked or made available by accident as long as we use them as our primary form of identification in the United States. Since it's a unique number that is issued by the government to almost all U.S. citizens (apparently, after talking to my friend Harold, children who are home birthed take a little longer to get their numbers depending on which county you live in), it's basically the primary key into the citizens database of the U.S. It's bound to get out (you give it out all the time to strangers when you need to access your accounts, apply for credit, buy anything worth more than a few thousand dollars, etc.), so we should have something else in place as authentication. Then we won't be so worried about letting our SSN out all the time. Also, some financial institutions are starting to match other pieces of "public" information to authenticate - you need your SSN and your current address. If a database or a piece of mail has your SSN on it, wouldn't it have your address too?

I'm not sure what the solution is - assign everyone a credit card sized device that has a unique private key built in and generates the appropriate response to a challenge code that the credit card company, bank, or other business issues? That could work, but many people would lose it (just like people lose their social secury cards) and batteries would go dead and it wouldn't be as cheap for the goverment to produce as a piece of thick paper with a number printed on it.

Unfortunately, I have to go back to work and I should be using my time coding instead of thinking up a new solution for identity theft.

1 comment to More Social Security Numbers Publicly Available

Jesse Harris, April 20th, 2007 at 2:10 pm:

  • The real stupidity of the SSN as an identifier is that it's the equivalent of a username with no password. Unfortunately, there's no incentive for credit reporting agencies to discourage ID fraud since it's all on the consumer to prove they don't owe the money, something that can take months or years if it's even possible.

    When you ask for a credit report online, you're asked a series of 5 questions about your credit history. Why is it that they don't ask those same questions when doing a credit check to make sure it's you? The system is already in place and it would almost entirely shut down fraudulent use of the SSN for loans and credit cards. Even basic checks against place of birth, age and gender would kill a lot of the fraud and the government has that checking system in place as well.

    We have the solutions, we just choose not to use them. Stupid, stupid, stupid.