Slashdot Mirror
Website Posts Partial SSNs of Politicians in Protest
John3 writes "The Foundation for Taxpayer & Consumer Rights has posted partial Social Security numbers for several California politicians to protest their vote against pending privacy legislation. According to a San Francisco Chronicle story, the SSNs were purchased on the Internet for $26." Now there's an effective way of showing the problems of the status quo.
What I find amusing about this situation is that these are the same leglislators (scuse the spelling) that unanimously voted for SB1386 when their bank/credit info was compromised, yet don't want to take that last step now to protect everyone's privacy.
The more time I spend in CA the more I realize our state legislators are like ill trained puppies: They're cute to look at, but occassionally you need to whack them with a magazine to keep them from crapping on the carpet.
-E2The evil monkey commands you to dance.
This reminds me of that time that reporters in Washington St. decided to rumage through the garbage of all the goverment officials who supported the police in removing garbage as evidence from the outside of suspects homes.
That didnt end up well for the officials then, sort of a double standard.
Well, the reason is because if I post my own SSN, then I could be considered to be implicitly allowing others to use it. I don't care if someone else posts my SSN, but I'm not going to do it myself.
Actually, the credit beuru once accidently typed in the wrong SSN of a convicted felon. After that, the man's SSN that they typed in was suddenly not able to find a job or get credit for anything. After at least 10 years in the gutter, one of the people he looked to employment said to him "we don't hire people with your history". The man began inquiring what that must mean and found out that the credit bearu screwed up his account by saying he was a convicted felon. He then sued the bearu for a good 20-50million dollars and is now living on easy street. All I was really trying to say is that if someone wants to get your SSN, all they have to do is act like an employer and do a credit check. There are a million other ways, too. When I worked at CVS, our login code was our SSN. All someone had to do would be watch closely a few times, and wham, they've got it.
I came, I saw, She conquered.
If Bill ever collects on Social Security, it might make front page news (well, front Slashdot page news, anyway).
"It's overkill, of course. But you can never have too much overkill." - Anonymous Slashdot Coward
See, I still think if I give it to you I'd be negligently guilty of its use. But hey, for $26 you can find it out, right? I'll give $26 to the first person who posts my SSN on slashdot.
The problem isn't that we need privacy laws to protect user's SSNs...those can be publicly available. The problem is that the SSN has been overloaded by businesses and other organizations.
A SSN is a number granted to an individual by the government for the purposes of identifying that person to the government. It shouldn't be a means of identifying someone to a credit card company, bank or other institution (my university used SSN as our student ID numbers). If one of these institutions wants to identify me by a number, they can assign me their own damn number.
What we need is legislation preventing private institutions from assigning extra significance to any government issued piece of identification. Just because SSN is a handy primary key for their db tables doesn't mean that they should be allowed to use it.
</rant>
"Don't blame me, I voted for Kodos!"
Like most here, I think this is an effective demonstration of the ease with which personal information can be obtained, whether on the Interweb or elsewhere. The mere fact that these legislators are reacting so badly to release of fairly benign personal information is probably an indicator that they made a mistake in their voting. If they truly believed in their position they would have looked at this release and shrugged, or even been amused.
The problem arose when the mapping between a person's name (or identity) and the SSN was considered confidential information, and a number of government and non government organizations started treating the knowledge of a person's SSN as an authentication mechanism.
Many companies treat the fact that you know (the last 4 digits of) a social security number combined with some additional information like the last name and street address as proof that you are indeed who the record states you are.
This is absurd. Either each individual should be assigned a secret id, which when used in conjunction with the SSN proves one's identity, or some other mechanism to verify identity should be developed. As long as the SSN continues to be (ab)used as a supposedly public index into a database, as well as a piece of confidential information, privacy will remain a farce.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
This allows the use of SSNs as an identifier, but not as an authentication token. Lawyers have a hard problem with that distinction, but they understand negligence.
I would hate not having my CPR number (Danish Social Security Number). It make identification so much easier, I only wish I could use it for more things.
I never hear of anyone having their CPR number misused. Try to remember that it's just a easier way of identification and NOT a tracking device inserted up your ass. Your more like to be tracked when you use your VISA card than by having a SSN. I'm sure Wal-Mart knows more about most Americans than the US government does.
Why are Americans so much more paranoid than other people? Have your government really screwed over that many times? If you can't trust your government you have a problem. Please do something about it.
The root of the problem is that any system relying on keeping your social security number secret is broken. An SSN is an identifier for a person, it is like a name. You don't keep your name secret (Wizard of Earthsea aside) so why should the number be different?
Not that you'd necessarily want people to be able to find out and disclose your number whenever they felt like it - there are still privacy considerations even with 'useless' information - but if disclosing the number exposes you to fraud then the fault is with the systems that rely on SSN to authenticate (rather than identify) an individual.
Every cheque you write has your bank account number on it. Disclosing the number doesn't automatically expose you fraud (unless you also supply headed notepaper and do other stupid things). If the banks can do it, why not social security?
-- Ed Avis ed@membled.com
The problem is that civil servants (such as these politicians) often believe that they are our superiors. So most of them are incapable of realizing that privacy laws are for everyone. Instead they will look at creating a law or applying an existing law in such a way as to protect just themselves. That was exactly the reaction of the civil servants involved in the garbage search incident in Oregon.
[Set Cain on fire and steal his lute.]
Actually, in the case of major political figures (which probably does not include California assembly members), actors/actresses and other famous individuals, the government, in particular GSA and the Social Security Administration, have flagged their numbers.
Having known people who work for the SSA, I've heard stories of having to deal with processing a legitimate information request for a major figure, such as an actor or member of Congress, and having to explain every aspect of the actions taken the next day, because any processing of data using a flagged number triggers an internal review.
If you try and use that SSN for anything, you'll very quickly be getting a visit from some individuals with their sense of humor surgically removed, and you'll very likely not be seen for a while.
Give us a hint to go on...
I know for a fact, for example, that I can get the SSN of anyone in my company (or who previously worked for it, since they don't delete the info!).
No, I'm not privy to the information. They have an app with a poorly implemented security layer which will allow you to see anyone's information - where they live, ssn, name.
Perhaps you could work for the same company?
My point is that by performing the same exercise before the vote, they might have influenced the vote to go the way they wanted. By doing this after the vote, at best, they require the process to start over again with a new bill to achieve what they want.
Had they asked nicely before the vote (which I assume they did, they are lobbyists after all) they would have been ignored. If they had released this information they would have been accused of attemption to extort the assemblymen.
You don't persuade a burglar to not rape your wife or steal your property. You make sure that it is too costly for him (personally) to even try. If the big dog in the back yard doesn't discourage him, maybe the NRA bumper sticker on the pickup outside will.
Ask nicely beforehand, and if you are ignored, punish severely afterward.
These politicians already cared nothing for the privacy bill, perhaps because it was an abstract idea to them. Now that their information is at risk, it is more than just a concept. It is important to each and every one of them. Who cares if they like you? They will do the right thing because it will now benefit them.
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
You have a point, but the fact is that people who are (in)famous are the target of harrassment, stalking, and other attacks more often than the average joe. I can imagine there's a few anti-Microsoft zealots who would love to savage Bill Gates' credit record or file an SSI claim as him, just as an example.
I think that if I were Bill Gates, I'd be justifiably more concerned about the potential of abuse of my SSA data than I personally am. I certainly am concerned about it, but I'm not subject to the same kind of exposure that political figures, actors, and so on are.
It's probably a question of simply allocating resources- you can't flag everyone's SSN for followup, but it should raise a flag (in my opinion) if the Speaker of the House's social security records are accessed by an operator answering the 1-800 line, for example. Chances are, it's just someone (usually a flunky) filing some piece of paperwork or other, but it could be something more sinister.