Slashdot Mirror
Congress To Restrict Social Security Number Use
diverge_s writes "News.com.com has an article detailing a long overdue attempt Congress is making to restrict the use of Social Security Numbers. From the article: 'In both the House and the Senate, there are at least three pieces of pending legislation that propose different approaches to restricting the use and sale of SSNs. Politicians have expressed astonishment at what they see as a rising identity fraud problem, frequently pointing to a 2003 Federal Trade Commission survey that estimated nearly 10 million consumers are hit by such intrusions each year.'"
All the proposals mentioned in the article are merely band-aids on a system that is fundamentally broken. Any competently designed identification system consists of two parts: the public identifier, and the private key. The problem with SSNs is that you have a system where one number is simultaneously the public and private parts of the system, which dooms it to failure every time.
Making new rules limiting the sale and purchase of SSNs, or restricting the display of SSNs on reports, is just closing the barn door after the hore has already left.
____
~ |rip/\/\aster /\/\onkey
Unless they are providing some other way to authenticate people when they sign up for a service this doesn't seem to me like it will do much. Now I didn't RTFA, but if it's restricting who can ask for the SSN or something like that then whomever needs to verify your identity will simply have to get a different bit of it, and then the SSN is no longer as significant. After all, who wants to pay your taxes?
Banks are the biggest culprits. Your account number is often your SSN. Therefore, if criminals get a hold of your bank statements, they can usually ascertain your SSN.
Many companies and government organizations use the SSN as some kind of shared secret for the purposes of establishing identity.
This law wants to prop up this model.
THIS IS A STUPID MODEL.
There are much better ways of establishing identity than using the SSN.
What we need to do is STOP USING SSN TO ESTABLISH IDENTITY!!!
Then it can be public, you can post it wherever you want, and we won't have to deal with the impossible problem of putting the cat back in the bag.
Government issued smartcards, with a simple PKI (and revocation system) would be a perfect method for establishing identity. We need to put the money in to that, not trying to keep some unchangable number secret.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
I was once reprimanded by an employer for standing my ground on the fact that a badgenumber+SSN was not a good idea for a login id. grumble grumble. I left the place soon after and have never listed it on my resume.
meh
...by requiring the use of a RealID number instead of an SS#. This is how they will force RealID down everyone's throat.
Go read the article. The proposed legislation sounds reasonable. It should have been done years ago.
Now, what sort of evil riders will be attached?
The obscure we see eventually. The completely obvious, it seems, takes longer. - Edward R. Murrow
Anyone want to give odds this legislation gets passed after elections?
I wonder why more companies/organizations don't realize this, and any step to educate them is a step in the right direction.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
Politicians have expressed astonishment at what they see as a rising identity fraud problem
You don't say. It took them long enough. Apparently MySpace is a bigger threat to consumers these days - after all, identity theft has been around longer than SNSs. Give me a break.
So far everything Congress is talking about is as effective as trying to put the toothpaste back in the tube.
I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
The restriction already exists. If you read the back of your card it says:
Improper used of this card and/or number by the number holder or any other person is punishable by fine, imprisonment or both.
The only proper use is for access to the social security funds. Which does not include identification for getting a minimart discount card. People at the minimart have no need and no right to the ssn. Unless of course you're employed there.
078-05-1120
It's a specimen number from the Eisenhower era. No need to give ur correct number to the cable or phone company. They don't need it. Period. Of course it's possible that someone else has used this number already, especialy if you live near me in upstate NY.
Otherwise use the "Fletch" approach on things like your customer loyalty cards. I keep mine under Harry S Truman, Ted Nugent and John Cocktosen. I have started using Igor Stravinsky lately.
Comment removed based on user account deletion
The Social Security Administration doesn't accept paranoia as a criterion for granting a new card, but it recognizes cultural objections and religious pleas. One stratagem: Contend that your credit has been irrevocably damaged by a number-related snafu, or that you live in fear of a stalker who knows your digits. Once you switch your SSN, never use it. Then use the fake one of 078-05-1120 as mentioned in the previous post.
*NOT*
Wait... What's this printed on the back of my Social Security card? "Not to be used for identification purposes."
Having been the victim of identity theft and credit card fraud, I have to say this is probably too little too late. I've had over $20,000 in fraudulent charges made in my name -- items ranging from electronic equipment to beer and gasoline. The Social Security number is already the de facto citizen identification number, even if it is not de jure.
Some culpability lies in the lap of merchant businesses, as well. In one case, a company sent a credit card application issued in my name to an old address. The occupant filled it out and began making purchases. When the bill came due, the collections agency had no problem tracking me down to give notice. In my opinion, this merchant could have been more dilligent, because I had asked them to cancel my account years before this happened. They were certainly dilligent when it came to getting paid.
Is that you, Sigmund?
Welcome to the Panopticon. Used to be a prison, now it's your home.
I thought that the social security card or the sheet it is attached to had the words not to be used for identification on them.
sombody should inform all of the big corporations that they have made a small mistake and that the social security number is not a means of identifacation for anybody outside of the social security administration.
No, it isn't. I'm not sure where you bank, but I have never banked anywhere that used my SSN as the account number. How would you have more than one account?
My SSN is *on* my account records (how else would they file interest gains with the IRS?), but it is not the account number
Hey, Congress: Is telling Slashdot my social a restricted use?!
323-80-9292, that's me
I also try to always announce my SS# over the phone when I'm calling friends to purchase quarter ounces of marijuana.
-=/\- Jizzbug -/\=-
Yet another waste of time by our elected morons.
What, they haven't started this already ?
I just pulled out my teeth.
...right on the card. Just what is there about "Not for purposes of identification" that is hard for officials to understand?
Of course, when I was in the hospital emergency room and I said I didn't want to give them my social security number, they said they would treat me until I did. I backed down.
When I contacted the social security administration about this, and said "Am I required to give anybody but the government my SSN," their rather unhelpful reply was "No, you're not required to, but the hospital is not required to treat you without it."
"How to Do Nothing," kids activities, back in print!
Much of the debate on the 1974 Privacy Act revolved around the fact that the SSN was NOT to be used as a universal identifier. Paragraph 7 (if my memory serves) restricted the use of SSNs to those things either grandfathered (allowed by federal, state, or local law) before 1974 or explicitly named and allowed in a federal law; and in either case including a requirement that the requestor tell you the basis for the request. (Note that folks blanketly refusing to give the SSN are usually not on strong legal ground. Much better is to refuse until the requestor provides the legal basis for the request as provided for in the Privacy Act. IANAL etc...).
The loophole was that this act only restricted government not the private sector. Thus banks, insurance companies, universities, employers, local pizza joints, all ask for the SSN and can refuse service unless you provide it.
It would be a good start to debate if we could base a new law on the existing historical basis for the limitations in the 1974 privacy act, and then extend those restrictions to ALL use of the SSN by anyone.
Why TF are SSN's used to AUTHENTICATE a person's identity? A SSN should just be used for REFERENCE.
Or am I wrong?
...must... hit... preview... button....
It's actually funnier as written, but of course what the hospital said was that they would not treat me until I gave them my SSN.
"How to Do Nothing," kids activities, back in print!
In my database administration class, one of the first things they did was talk about bad usage of data and how so many companies that used SSN's as primary keys ended up in hot water as a result.
Nowadays I find insurance companies putting in haphazardly on your cards, HR depts putting it on paystubs and employers asking for it prior to making a job offer.
Hopefully this wil finally drive it into peoples skulls that using a SSN for anything but governmental usage is bad policy and soon... illegal.
This is my sig. There are many like it but this one is mine.
They just don't care because the current system minimizes their financial losses by transfering those losses to the individual who has his/her identity "stolen".
Making any changes would cost money which reduces profits.
Any changes that improved the situation could be used to find them responsible when/if their new system is defrauded.
So, fixing the system is, from the individual company's point of view, all loss and no gain.
It's just like congress to wait until the whole issue is OBE to actually address it. The Real ID Act of 2005 effectively creates national ID cards that will be far more central to defining your identity than SSNs. And they are to be used for identification purposes.
The congress should focus on passing strong protection for these ID numbers rather than just SSNs.
Besides, while identity theft is a huge problem, business still have a legitimate need to run credit reports and on-the-spot background checks and a SSN makes that possible. Well, they don't really need to, but you don't really need to rent cars or get instant credit either... So all this nonsense talk of fake SSNs isn't really addressing the problem.
But isn't hospital care, by definition, a SOCIAL SECURITY?
How stupid is that? I realize some banks have already gone thru the conversion of "userId's" - not acct numbers - from SSN's to other ID numbers. But account numbers of your checking account?? How f'n stupid is that??
Since I have been in the wonderful world of DoD contracting, SS#'s are quite popular to use even down to compliance training for a long time. Our company is now starting to get away from using that number. Now, you have an employee number. My Emp # is 002xxx. Easier than a SS#. It should be that only Payroll has you SS# and no one else. A year ago, my manager from my old job demanded my SS# which I refused to give. I got a pretty nasty reprimand for it. I basically as ked him why and then mentioned that he didn't need the number. It pissed him off !
Now dealing with the gov't, they are pretty insistent on that number.
This is going on the bottom of a long list of changes that (now) require quite a bit of money to implement. I foresee 2 numbers (at least) in use for the next 15 years. SSN is a PK, Alt Key, fixed length string in thousands of databases. I doubt we're going to see much shift in this very soon.
Then, when examining the new number, one realizes that they've only solved a few of the many problems with a national id. What they're searching for is a universal hash value for individuals. This is a tough problem, and perhaps may not be solved with a single number - unless it's perhaps birthmoment & a genetic checksum + password. Even then, the amount of information in the key may be unwieldy.
I'm a proponent of appending a password to the key so that those values without a password constitute a "user layer" of information (public), and the password suffix is the "kernel layer" that allows me to promote my information to that layer. For example, when I leave a health care provider for another, I can take their records and promote them before heading to another provider. This will allow me to control the flow of information collected about me. Sadly, I'm 100% confident this will never happen.
'hore' made it sound better anyways
Arguing with an engineer is like wrestling a pig in mud. Soon, you realize the pig is dirty, and he likes it.
Yep . . . funnier too.
I take everything anyone (elected) says with a grain of salt at this point, because elections are looming just a few short months away. Because, as others have suggested, long since become a very real problem, any attempt to solve it (at least by the methods outlined in the article), are mere sprints along the PR highway. To go the distance will require some fundamental changes, few of which may be amenable to entrenched interests (Big Business, Inc.)
issue isn't so much about changing the way SSN works.
you should have the choice at many of these businesses to not use your SSN if you do not want to.
there are people out there, very few, who refuse to give out their ssn#, but it makes doing or signing up for anything that much harder.
Many cases these businesses refuse to work with you if you dont provide a SSN #.
my school uses my SSN as my student ID #.
Joe: Hey the horse is out!
Bill: oh Crap, better close the gate!
I'll believe it when I see it.
...
The U.S. government's record on restricting use of personal information hasn't been stellar under any recent administration and only appears to be getting worse. If only use of DNA databases, phone call records, and ISP subscriber data, etc. were subjected to the same scrutiny
I won't hold my breath.
I believe SSN's have never been guaranteed to be unique. The combination of (Name, SSN) is supposed to be.
We've been limiting that for years in Canada. Social Insurance Numbers cannot be used to track people in a database legally in Canada.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
One of the big reasons people need to steal social security numbers (SSN) is to work in this country. The government actually likes the fact that illegals use hijacked SSNs and pay into services they can never use. If we actually made the system secure then it would be easier to keep illegal aliens from working in this country and congress can't have that.
Taking advantage of people to make more money is what big business is all about, whether it's Chinese serfs or illegal immigrants. It has always been that way and was why Communism and Socialism came into being in the first place.
If you are making money from people who are virtually slaves you are a Capitalist.
If you are making money from people who are actually happy to be at work then you are a Socialist.
If you aren't making very much money and no one is happy to be at work then you are a Communist.
I hope that cleared things up for everyone
"Meaningless!, Meaningless!" says the Teacher. "Utterly meaningless!"
US SSN's can't begin with
000
666
729-749
764-999
validating a Canadian SIN
the process is as follows:
take the SIN (e.g. the one given by Hop: 226-922-896)
Take every other digit and put them into two groups and hold the last digit by itself
group 1 is 2 6 2 8
group 2 is 2 9 2 9
checksum 6
Now add the digits in group 1 ( 2 + 6 + 2 + 8 = 18) and hold this value
Take the digits in group 2 and form a number (2929) and double it ( -> 5858)
Add the digits in this sum ( 5 + 8 + 5 + 8 = 26)
Add this sum to the sum of the digits from group 1 ( 26 + 18 = 44)
Add the check digit to the last digit of this value and you should get 10 (6 + 4 = 10)
Note that if you get a 0 for the last digit then your check digit is also 0.
The only people who need your SS# is your employer because they have to make the contributions. Your bank doesn't need it - they, as well as your mortgage company , broker, etc., can use a Taxpayer ID # to create 1099s and such for the IRS. And health insurance companies have no shittin' business with your SS#, not to mentiion the galactic stupidity of putting it right on your ID card.
When someone asks me for the last 4 digits of my SS#, I ask them to use another secrity key. if they can't, I don't do business with them.
Research shows that 67% of those who use the term "research shows", are just making shit up.
Or at least Not Done to use your SSI number for any other purpose than (shock, gasp) identifying your Social Security Account. I had a seperate driver's license number, selective service (draft) number, university ID number, group health ID, and several others. For a history of its spread as a personal identification number, see this page from the Social Security Admin. The problem, of course, was the same as that of password security, people can't remember more than two ID numbers.
Some mornings it's hardly worth chewing through the restraints to get out of bed.
But my father pointed out that years ago, you didn't need a social security card until you first got a job. Now, in order to claim your children on taxes, you have to get them a social security number. But you wouldn't use that number for anything else... so for 16 to 18 years, there's a largely unmonitored SSN available for fraudulent use.
It is irritating that this SSN is unmonitored. So every year I put my child's SSN on my tax record and every year this record is monitored by some government agency (IRS), all while this same government agency can't/doesn't(?) collaborate with others agencies to benefit themselves (the government) as a whole?
I realize that criminals can do much more for themselves with computers than ever before, but fail to understand why government agencies with definate data cant cooperate/communicate(?) to use that same data to the citizens benefit.
There should be some red flags when my child (currently 4) has their SSN used for anything more than a dependant. Finding the flaws in why a 4 yr old could be a anything more than a laughing and giggling at cartoons member of society type of dependent, is where I cant help but see a problem.
Sure the usage of such a public number is flawed (very) but failing to connect the dots in many cases is also part of the failure.
I wonder if the ignorance behind these failures (to communicate) , could be part of the same logic that drives the 'connections' the NSA will use when evaluating my phone records.
Are they going to make it illegal, in the sense of large scale corporate fraud, where the perpetrator gets to keep his mansions and private islands and billions of dollars and so on? Or are they going to make it illegal in the sense of getting caught with a gram of marijuana where the perpetrator does a career of hard time behind bars with forced labor, and loses basic rights of citizenship for life?
-fb Everything not expressly forbidden is now mandatory.
The president will just override it. And don't think it will get any better when Jeb runs against Hillary in '08.
What?
I work in IT for one of the largest banks in the world. To even suggest you SSN is your account ID shows just how little you know about this subject.
It is already unlawful to use social security for dealing with anything other than govermental issues (e.g., social security), and has been ever since the social security system was incepted. What good will a new law that essentially says "using social security numbers for any purpose other than social security is DoublePlusUnGood" achieve?
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
Just a word of caution, if you actually care about remaining anonymous with regards to a customer loyalty card then you can only make transactions in cash with that store. The moment you use a credit card that info is correlated to your account and then they do have your proper name associated with it. And yes, they do collect some credit card data because one of the things stores with loyalty cards like to track is how many people are paying with credit and what they're buying on credit.
On a related note I recall reading some of the compiled data from supermarkets and there are some unexpected and oddly detailed correlations, one was if someone buys (IIRC) Ragu pasta sauce there is something like an 80% chance they also own a dog.
-- I'm not a pessimist, I'm a realist. It's not my fault that life sucks so much. --
I wonder if action would be quicker if somebody posted on a free website the SSN's and other personal information of congress members and the Bush administration, and their families.
Since social security is supposedley doomed, will SSN's still be used and issued after it goes away?
"Now, in order to claim your children on taxes, you have to get them a social security number."
7 ,00.html
No you don't.
To claim your children and spouse when they do not have a SSN on your taxes, you contact the IRS and get an ITIN.
I claimed my wife for years with a ITIN until she was issued a green card and a then a SSN...
http://www.irs.gov/individuals/article/0,,id=9628
"IRS issues ITINs to individuals who are required to have a U.S. taxpayer identification number but who do not have, and are not eligible to obtain a Social Security Number (SSN) from the Social Security Administration (SSA).
ITINs are issued regardless of immigration status because both resident and nonresident aliens may have U.S. tax return and payment responsibilities under the Internal Revenue Code."
But my father pointed out that years ago, you didn't need a social security card until you first got a job. Now, in order to claim your children on taxes, you have to get them a social security number.
Over here(Ireland), we used to have an RSI (Revenue and Social Insurance) number. Basically a fraternal twin of the social security number. Well not any more pal! These got "upgraded" to a PPS(Personal Public Service) number. You get them from birth and you need them for everything . If you do not have, or like me, constantly forget your number, you cannot apply for anything. Without this number, you do not exist.
Basically, it's your Number. The unique ID that indexes your name in the Government's databases. That is, if the Government has a database. Things are still a little behind the times over here.
Anyway my point is that this overtly and officially does what your SSN unofficially does, i.e. replaces your name as your most important indentification. For everything. Private companies ask me for this all the time, and probably have complete access to any verification database to check up on it. Who am I kidding. In this country, private companies probably have write access to the database.
To bring things heavily ontopic, no one, no one I know cares about this. "A shure, what's wrong with it?... Will you go 'way from me with your 'privacy'. What do you have to be private about, What?" is the typical, nay, universal response. Never mind that this country used to be a theocracy, one party state and under foreign rule not so long ago.
Admittedly, the odds of a dictatorship are extremely low, but I can tell you that there is an extreme level of corruption here. Most importantly, the police here are highly unaccountable and frequently unscrupulous. There are many well documented incidents of railroading amoung other things. How does the PPS number mix into all this? I'm not too sure, but I don't like the idea of it.
I don't think the issue is one of privacy. I think it's one of independance. Freedom in a sense. I should be able to be who I am, say who I am, without needing any official papers from the state. why should they have the right to grant and revoke some number or tag that in effect becomes my name? As a citizen, I should have the right to live my life free from interaction with the government, not bound to its whim by beaurcracy.
Consider the plight of people in China, who need papers to move from provence to provence. How dare the government tell them where they can and cannot live in their own country. My fear is that PPS and SSN may lead to a similar situation. You will need the governments approval, via a valid, unsuspect number, to do just about anything. Need to open a bank account. Sorry, your PPS came up red. Need to fly interstate? Sorry your SSN is on the do not fly list.
Try and tell this to anyone over here and they'll just give you funny looks. I'm one of the few people that disagreed with electronic voting, and I can tell you that was a struggle. So I'm not even going to waste my time going on about PPS numbers outside of this post.
May the Maths Be with you!
When I attended University of Maryland, they used SSNs on our Student ID cards. The number was pretty much iniquitous throughout everything they did. I remember many, many occasions where the teachers would have SSNs, IDs, and more displayed on overhead projectors. Most interesting to me was how unphased everyone was by the whole system. Teachers were reckless with the numbers and the student's didn't care.
Well, these ARE politicians we're talking about.
What else do you call someone who sells his soul?
Does this even matter considering my generation isn't even going to be able to collect it?
We are proud to announce the new social security collar!
Data is a big business in this country. Buying and selling data on consumers is a multi-billion dollar industry. As such, they have huge lobbies in Congress to make sure that there aren't any laws passed that will have any impact on their precious profit margins.
Here's what an ideal law looks like:
1) All data collected belongs to the individual that it pertains to, not to the harvester of the data.
2) No data can be released to any entity but appropriate law enforcement with a valid search warrant without the express permission of the subject.
3) Social security numbers shall not be used by any entity but the social security administration, the IRS, or the US Military. If you are not an official representative of the social security administration, IRS or US Military acting in an official capacity which requires you to request the social security number of an individual, asking someone to provide a social security number shall be a felony punishable by no less than a 10 year mandatory jail sentence and $100,000 fine per incident.
4) Use of another person's social security number shall be a felony with no less than a mandatory 10 year jail sentence. Knowingly allowing someone to use your social security number shall be a felony with no less than a 20 year mandatory jail sentence and a fine no less than $100,000 per instance. Bankruptcy shall not clear this fine. Payment in full is the only method of disposal for this debt.
5) Any entity holding information on an individual must make every attempt available using whatever means is available (phone, fax, mail, or email) to contact that person. The notification must consist of an explicit listing of all the information on hand, an explanation of what the information is being used for and a means to correct any information that is in error. If the information is to be used, the entity must ask for and obtain the individual's permission to continue to use it. If permission to continue using information is not forth coming in a period sixty (60) days, the information pertaining must be purged from all records and data.
6) Credit reporting bureaus will henceforth assign an internal ID # beginning with the name of the company for use in tracking various customers. For example, your credit record ID at Experian will begin with Experian. (This will let consumers know who is holding the data).
7) If you hold data on an individual that you are unable to reach in order to obtain permission, you may contact the credit bureaus to see if they have a listing for that indivdual and can send a letter. You are still in the same sixty (60) day window listed above.
8) Failure to purge the data or continued use of the data after the 60 day expiration shall be deemed a felony punishable by $100,000 fine per incident and 10 year minimum mandatory jail sentence per incident.
9) Releasing data without the express permission of the individual in question shall be deemed a felony punishable by $100,000 fine per incident and 10 year minimum mandatory jail sentence per incident.
10) If you are an illegal immigrant using someone else's SSN, your government will be billed for all costs associated with your arrest, prosecution, trial, imprisonment, and deportation.
11) Knowingly hiring an individual who is using a falsified social security number (i.e. one that has not been issued to that individual by the Social Security Administration) shall be a felony with a 10 year mandatory jail sentence and minimum fine of $100,000 per incident.
I think that makes a rather nice start.
Just my 2 cents,
Queen B.
HDGary secures my bank
To this day, we don't know if this person was using the number by mistake, or maliciously, or as an illegal immigrant... we just don't know
It's just as likely that the number was issued more than once. The SSA has been known to fuck that up on many occasions.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
It's too late to start enforcing the us of SSN's, because they are already in place as an identification number, just like they told our parents and grandparents that they were NOT going to be used for. The national ID card could be used to solve this issue easily. For one, you could scrap the social security number as the main form of identification, and use it was it was meant for, Social Security benifit contributions. They screwed this system up years ago by giving every breathing thing that walked across the border, a SSN. By issuing a new card with a NEW number, and these cards are only issued to those that show PROOF of citizenship (Birth Certificat, Naturalization Papers), you convert all credit, medical, and employment info onto this new number. No number? No employment, no credit, no benifits, no STATE drivers license. And while you are at it, make it available as a passport also. The Department of State should handle this and is more then capable of it. If used in conjunction with the "fair" tax national sales tax...it would be a double pronged threat to illegals. For one, you couldn't receive your rebate check, and you now have to pay taxes on the benifits you use, the system becomes self sustaining. It's NOT that hard. The solutions are out there. These idiots in Washington are NOT doing their job. http://www.send-a-brick.com/
Politicians express astonishment that someone might steal an identity? Are they SO out of touch with reality that it really puzzles them why someone would do it?
Impersonating someone gives you access to many nice things that get you a load of money. Oh, it's forbidden? Since when does this matter?
Whether something is done (when it's illegal) depends on 3 factors, and on those 3 only: How much is gained by doing it? How high is the chance to be found out? What is the damage done if you get caught?
That's it. If the first is high and either of the latter two is zero, it IS done. If it was near impossible to find a murderer, people would shoot each other by the dozen. If it was virtually impossible to find music downloaders, people would... erh... Well, exactly my point.
People don't give a sh.. about law, order, regulations or legality. The three factors determine whether something is done. Not guilt, consciousness or remorse. They're outdated models of a time when people actually cared whether their peers think badly of them.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I'm, of course, betting that the new law will not place any restrictions on uses of the incomming national ID system.
Resistance is futile!
Free Software: Like love, it grows best when given away.
The RFID tag goes in the long bone before the first knuckle at the base of your thumb.
Have a nice day, Citizen.
I'm fine with keeping the SSN as a unique identifier. But its use has to be authenticated somehow! Then illegal immigrants can't assert your sister's is their own.
Having a universal, unique, public identifier is a great thing for many reasons. But to work right, that number must be authenticated.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
As the individual(s) in question did have social security numbers, I would say that they would probably be ineligible for ITINs. In your case the ITIN was necessary, as your wife was a non-citizen and thus not eligible for a SSN.
"The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
Hey, you do what you like when it's you in the emergency room. I know what my priorities are.
"How to Do Nothing," kids activities, back in print!
You mean BROTHEL door don't you?
That's why the real solution is to announce that after a certain date, the SSN will be totally public. That there will be a web site anyone can go to, enter a name and address, and get the SSN.
It could even be done without government action being needed.
The problem we have now is companies acting as though SSN is a secret. The solution is obviously to make it so clearly non-secret that they can't afford to do that.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
'hore' ought to be 'whore'
Guys closing that barn door now is well.... a bit late.
They would have to issue a new number to everyone for this to be effective. They old ones are already all over the place. This will be used as an excuse to implement the national ID stuff, beware.
You answered your own question in your write up.
"No you are not required to, but the hospital is not required to treat you without it."
Philosophically it is just wrong to set up a SSN system and try to use that as an identification system, but that's exactly what everyone did anyway! There's no law that says you can't do that, and there never has been. You can't enforce a philosophical objection.
This is a portion from TFA:
Another measure, sponsored by Florida Republican Clay Shaw, would restrict the display of SSNs on credit reports and on various government-issued documents and identification tags. It would also make it illegal in certain cases for anyone to refuse to do business with people who decline to supply their SSNs.
I'm cautiously optimistic about this possibility (I'm cautious about any legislation that sounds like I might like it) but in essence this is what US law is missing. By giving the holders of the SSN the right to refuse to give the information, you give them the power to take legal action when someone asks for their SSN in situations which the law says it's not required. Granted, if someone is dying in a hospital, you are going to turn over your SSN. However, if you can then turn around after your life is saved and sue them, or expose them to having done something illegal, or whatever, the hospital will change it's practices to avoid litigation. It won't happen overnight but it will happen.
Originally, the creators of the SSN planned the SSN not to be an identification number, as in they hadn't planned on it being a reliable way to identify someone like for example a driver's license is a reliable way to identify someone. They just didn't count on how useful it would be for databases in the age of computing.
They never said "oh no you can't use this or we will smite you!"
"All great wisdom is contained in .signature files"
You could support several pass-phrases. [...] One time use read pass phrases could even be supported. Pass phrases could be changed by visiting the Social Security Office or online.
I have to say, that I have absolutely no problem with what you propose. I would have no trouble using it whatsoever.
However, consider the mass audience of this stuff. Think back to Florida '00 where people voted for the wrong person because they couldn't figure out a paper voting ballot. A piece of paper! Any system proposed that doesn't take into consideration the moronic nature of a significant portion of the population is doomed to fail. I'm guessing based on my own subjective experience (totally pulled out of the air) that 15% of society are total morons. I'm not talking about slightly below average - I mean, can barely read style of moronification. I'm not insutling such people - I'm just saying that if we don't take them into consideration in designing the next system - there's going to be hell to pay.
Oh and one addition to your proposed solution: You better pass a law that companies that are given your private phrase aren't allowed to store it at all. And if it's one-time use, all the better... but that would just exacerbate the furrowed brows and confused stares of the moronites.
I'm a big tall mofo.
Not quite true-- you didn't have to get a SSN to claim children for your tax exemptions, but if they had any income themselves, such as an account or stocks given as gifts or college-fund, then you would get a SSN so that you didn't have to claim the income yourself. (the children would often not have enough income to pay any taxes at all, and stocks wouldn't be taxed until they were sold for capital gains).
The main point is still valid: it became a registered but mostly unused and unmonitored SSN.
As I understand it, when the SS program was first proposed there were concerns voiced that the SSN would be used as a universal identification number. Of course there was the response of "oohh no, nothing to worry about this will be for SS benefits only" whatever.
Here we a re couple of gnereations later and politicians will harp about this and try to look like they are championing portection for the citizens but in reality they are just fixing somethign which they broke to begin with. Now who are the bigger morons? Those in government or those who vote them in?
> there's a largely unmonitored SSN available for fraudulent use
... or something like that... can't recall the details
Even worse, it can be unmonitorable.
A friend of mine tried to monitor his daughters reports since his Ex has used his other daughter's info to get utility service before.
He was told he couldn't do it since he wasn't her.
And she couldn't do it since she was a minor.
You actually want all the government agencies correlating information together?
....since they don't have as much trouble getting those records...
Just junk food for thought...
...while also arguing for a National ID card, most likely with an RFID chip.
Is being "irony-challenged" a requirement to run for Congress?
Now, in order to claim your children on taxes, you have to get them a social security number.
Not only that, but with my youngest kids, the paperwork to request and issue an SSN was processed by the hospital. We were told that if we didn't sign the request form, we wouldn't be allowed to take our child home. I didn't buy that, of course, but signed the form because I knew we'd need the number anyway. I'm sure that if you forced the issue, you could take your baby home without getting an SSN, but I doubt anyone does.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
I thought it was more like a sieve-like tourniquet for a missing limb...
It's about time though. I had for years had this idea:
Treat the already-fucked/exposed SSNs akin to a "public key" of sorts. Everybody either has or CAN get access to it. So, delink it from retirement, government, payroll and educational accounts. Create a NEW number which is SUPPOSED TO BE private. It lines to the above-restricted accounts. It's is solely an INPUT mechanism as retirement goes. But, for education, payroll, and law enforcement purposes, it would be tightly controlled and kept out of the hands of greedy fucking corporations-- ESPECIALLY those asses in the credit reporting entities where rampant laziness or abuse of time and profit keeps many people on the fix-my-report treadmill.
The public side of the existing SSN would be useful for those who want to make legal or authorized deposits into your account. The friendly depositor would not need your bank account number. So, anyone wanting to donate to you COULD, and it would be traceable for tax purposes, unless you opt to NOT allow anonymous or other deposits to your public SSN this way.
I suppose the goddam lobbyists and reporting agencies, tho, would fight this tooth and nail (and, hire a $50 hit man to kill my ass on any future overseas trips)...
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
They're changing. The Buckley Amendment (the law you refer to) stipulates no use of SSN for non tax purposes if you receive federal money (IIRC). Most universities are changing because of identity theft from food court receipts and the fact that they can probably be successfully sued under the law.
I suppose this law would cover the people who *don't* receive federal funds... like businesses.
In the 1970s, my mother was one of the programmers for the University of Maine's computer. They used the SSN behind the scenes as a student ID number (like so many universities today). Turned out, they had two accepted applicants with the same number. After some phone calls to verify that each applicant was certain, they talked to the SSA. In the 1970s, their story was that the SSN was not guaranteed to be unique. Nobody should be assuming it to be such. Long story short, the University of Maine couldn't switch student ID schemes fast enough, and they told the second student to accept that he had to get a new number if he wanted to attend -- he did get a new number.
At the state school everything was all about the SSN. One every test, you had to put your SSN...
In the early 1990s a group of students took Rutgers to court regarding SSN use as the student identifier. They won in federal court, and that case was considered precedence in this field. (Not to mention kinna cool because it was just a bunch of students going at the university pro se.)
That case specifically enumerated
*prohibitions using all or part of the SSN as an identifier on tests or assignments
*prohibitions using all or part of the SSN as an identifier en masse (such as posting grades by last four digits)
*prohibitions regarding using all or part of the SSN as an identifier on student ID cards
Universities damn well know of the Krebs v. Rutgers prohibitions but they have taken their time in implimenting them. Hell, even my university broke/still breaks the Privacy Act of 1974, by not disclosing how the SSN will be used and if its necessary to disclose, when applying for admission.
Personally, I find it telling that politicians "expressed astonishment" that every company and their dog asks for your SS#. How the hell do these guys live in the modern world? Do they actually have servants
Yes, they do have servants (including, of course, their wife, family, people in their campaign, et cetera.) They do not realize how often their SSN is given out, because they have people who do that for them. Being a congressman is just too complex for them to take care of life themselves.
For a time I worked at a friend's life insurance brokerage. He had contracts with a dozen different companies, and probably 300 agents under him, with various contracts with various companies.
All of the companies used my boss' SSN in some stupid way (with the most egregious using it as the main identifier for logging in to the website to check on pending cases.) This meant that we, in his office, had to throw around the SSN and document its use for others (and it also meant that many of his agents had his SSN in their files as well.) If he knew how his SSN was being used, he'd be furious.
Whoever came up with this system needs to be beaten.
And one of the first things a database designer learns is to never use SSN as a primary key.
Funny that it wasn't always the case eh...
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
They need your SSN because the IRS uses it. Customer service can probably pull you up from their DB by SSN or acct. #. If CR is pulling you up by SSN as a matter of policy, get a new bank. If they are really using it as an account number, get a new bank and call the Better Business Bureau to lodge a complaint, but I'd be willing to wager all my Slashdot karma they don't use the SSN as the acct. #.
Patrick Doyle
I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....
[This] is just closing the barn door after the horse has already left.
No, it isn't. There are still horses in the barn, my identity hasn't been stolen yet.
Get your Unix fortune now!
It sounds like they're exposed to serious risks from EMTALA and database compromises (I question whether HIPAA covers it). It would be heartless to let them remain in ignorance.
If you were to post the name and phone number of the head of their Risk Management department, someone here who's public-spirited might do some pro bono work to educate them. I'm sure there's such a person here on Slashdot.
At least one...
Whereas: All the money paid by US citizens for "Social Security" has been "borrowed" for other purposes and cannot now be repaid,
And
Whereas: The "Social Security Number" assigned will no longer be of any use for payment by the US Government,
And
Whereas: The "Social Security Number" has become widely used by for-profit businesses as a personal identification number without any recompense to the US Government for providing that unique and secure identification system
It Is Now Law: That each business and nonprofit using a Social Security Number for personal identification will pay the person whose name is attached to that number thirty percent (30%) of all gross income secured by that identification,
And
That money will be taxed at a 90% rate, which will be used to repay the so-called "Social Security Trust Fund" thereby making those four words true again.
They were asking so they could do a credit check, of course.
They made treatment conditional on your ability to pay.
If it was an emergency (defined with words like "serious") then they broke the law (unless non-lawyer me has misunderstood the law). If you choose to make an issue of it they are now open to a $50,000 fine, a civil suit from you, and if you can get the bureaucrats sufficiently angry at them, *revocation of their Medicare provider agreement*. Start with the regional office of the Health Care Finance Administration -- no, wait, that's the older term, the Centers for Medicare & Medicaid Services. The crux of your complaint would be that they refused treatment and demanded payment information as a condition of treatment. No charge to you, not expensive like a lawsuit, might help the next person who tries to get medical help there. Say "EMTALA" if they don't recognized section 1867.
Our "master id" should be private. Corporarations should be able to generate a unique ID from my government issues smartcard by pushing their public key through my card.
In this way, it would be impossible for corporations to do data mining on my information. There would be no absolute unique keys from one company to another. The only entity that could traverse these databases is the governemnt.
Mind you, I don't completly trust the government, but I don't trust corporations one bit.
Indexing databases by social security numbers should be a federal offense.
-------- -------- Support Wesley Clark for president!!!
Privacy and anonymity are not the same thing. Look at it this way, if it's something someone in a small town would know, it's probably public knowledge.
WHO ARE YOU??? This is the question addressed by a secure identification method.
Please don't confuse the issue with police states. The lack of a "unique number" has neve stopped dictators before now. They're not goint to help would be tyrants much today.
I believe the existing "system" is far more dangerous as it is controlled by corporations as opposed to the government which at least partially belongs to the people. Right now, Equifax and Citibank could care less if your identity is stolen. They don't care if someone data mines personal information about yourself and sells it.
What is required is a framework and some solid laws about what is privte and what is public. A "proof positive" private ID (one that can be authenticated but not recorded) goes a long way towards providing IDs without encroaching on privacy.
However, they cannot put things like RFIDs in them. If they do that, the jig is up.
-------- -------- Support Wesley Clark for president!!!
It's worse than that. When my son was born, we had to apply for the SSN before he could leave the hospital. We were busy with other stuff, but when we finally wondered why we never got the card, we called and checked. It had supposedly been sent, but never arrived. Not to worry, we could pay for a duplicate card. Could we have a different number, since somebody else was now using his? Nope, he was already in the computer. We could get a duplicate card, in fact we had to since that is the only way that we could learn his SSN.
What a country!
Congratulations! You have been pre-approved for a $10,000 limit credit card from [Bank name here]. Please contact us immediately to claim your new credit card with 0% initial interest! Just click the link below!
;)
----
Address requests your super-secret pass phrase to give you this "wonderful offer". As long as stupid people have computers, identity theft will happen. And yes, I used the wrong "you're" intentionally because even if they did, it would still work. Good luck modding me, I'm not sure if it is funny, insightful or +5 obvious
"If you have nothing to hide, you have nothing to fear." - Every fascist, ever
As an inhabtant born and raised in the these unites states, I resent the fact that I'm branded as cattle or some piece of merchandise. I too refuse to give out my Social "Security" Number unless it is for a legitimate purpose (taxes) even receive better service in many cases as well. My ex-employer submitted an incorect Social "Security" Number on my W-2, and this incorrect number was used for over 2 years. Nothing came of it, and nobody knew until I brought it to their attention. It is a shame that in order to excercise some of my rights as an American that I have to pretend to be a foreigner.
Short of an uprising, or nation catastrophy, their is only one option of getting rid of Federal, State, and local government disrespect of our privace. That option is voting for candidates of alternative political parties such as the Constitution Party. http://www.constitutionparty.org/ . Here is the Constitution Party's position on Social "Security" Numbers:
The Constitution grants no authority to the federal government to administrate a Social Security system. The Constitution Party advocates phasing out the entire Social Security program, while continuing to meet the obligations already incurred under the system. Until the current Social Security system can be responsibly phased out, we propose that:
* The Social Security tax not be a "rainy day" fund which politicians can pirate, or from which they can borrow to cover their errors and pay for their excesses.
* Individuals who have contributed to Social Security be allowed to withdraw those funds and transfer them into an IRA or similar investments under the control of the individual contributor.
* Any sort of merger between the U.S. Social Security System and that of any foreign country be banned, so the distribution of benefits will not go to persons who have not qualified for payments under American law as legal residents.
* Earning limitations on persons aged 62 and over be removed, so that they may earn any amount of additional income without placing their benefits at risk.
* Those provisions of the Social Security system which penalize those born during the "notch years" between 1917 and 1926 be repealed, and that such persons be placed on the same benefit schedules as all other beneficiaries.
We support the right of individuals to choose between private retirement and pension programs, either at their place of employment or independently.
The reason SSN are valuable are because they are percieved as secret.
They should be published in a book like telephone numbers.
They would lose value, could not be used for to identify, problem solved
Take a look at: http://www.snopes.com/business/taxes/woolworth.asp / That would be a good number to use, it looks real and you won't be using someone else's number.
In general, it is safe and legal to kill your children. -- POSIX Programmer's Guide
This has happened to many large groups that used SSN as a key. The SSA claimed as late as the 1987 that a SSN is not unique but it will be unique with for a given name however they would issue a new ssn if the last name and 1st initial were also the same.
I think the easy solution for this is for them to start printing a few extra random digits on about 5% of the next few batches of cards. How many systems would break if people started showing up with 14 digit SSNs