Slashdot Mirror
Congress To Restrict Social Security Number Use
diverge_s writes "News.com.com has an article detailing a long overdue attempt Congress is making to restrict the use of Social Security Numbers. From the article: 'In both the House and the Senate, there are at least three pieces of pending legislation that propose different approaches to restricting the use and sale of SSNs. Politicians have expressed astonishment at what they see as a rising identity fraud problem, frequently pointing to a 2003 Federal Trade Commission survey that estimated nearly 10 million consumers are hit by such intrusions each year.'"
All the proposals mentioned in the article are merely band-aids on a system that is fundamentally broken. Any competently designed identification system consists of two parts: the public identifier, and the private key. The problem with SSNs is that you have a system where one number is simultaneously the public and private parts of the system, which dooms it to failure every time.
Making new rules limiting the sale and purchase of SSNs, or restricting the display of SSNs on reports, is just closing the barn door after the hore has already left.
____
~ |rip/\/\aster /\/\onkey
Many companies and government organizations use the SSN as some kind of shared secret for the purposes of establishing identity.
This law wants to prop up this model.
THIS IS A STUPID MODEL.
There are much better ways of establishing identity than using the SSN.
What we need to do is STOP USING SSN TO ESTABLISH IDENTITY!!!
Then it can be public, you can post it wherever you want, and we won't have to deal with the impossible problem of putting the cat back in the bag.
Government issued smartcards, with a simple PKI (and revocation system) would be a perfect method for establishing identity. We need to put the money in to that, not trying to keep some unchangable number secret.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
I was once reprimanded by an employer for standing my ground on the fact that a badgenumber+SSN was not a good idea for a login id. grumble grumble. I left the place soon after and have never listed it on my resume.
meh
...by requiring the use of a RealID number instead of an SS#. This is how they will force RealID down everyone's throat.
Go read the article. The proposed legislation sounds reasonable. It should have been done years ago.
Now, what sort of evil riders will be attached?
The obscure we see eventually. The completely obvious, it seems, takes longer. - Edward R. Murrow
I wonder why more companies/organizations don't realize this, and any step to educate them is a step in the right direction.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
078-05-1120
It's a specimen number from the Eisenhower era. No need to give ur correct number to the cable or phone company. They don't need it. Period. Of course it's possible that someone else has used this number already, especialy if you live near me in upstate NY.
Otherwise use the "Fletch" approach on things like your customer loyalty cards. I keep mine under Harry S Truman, Ted Nugent and John Cocktosen. I have started using Igor Stravinsky lately.
Comment removed based on user account deletion
*NOT*
Wait... What's this printed on the back of my Social Security card? "Not to be used for identification purposes."
Having been the victim of identity theft and credit card fraud, I have to say this is probably too little too late. I've had over $20,000 in fraudulent charges made in my name -- items ranging from electronic equipment to beer and gasoline. The Social Security number is already the de facto citizen identification number, even if it is not de jure.
Some culpability lies in the lap of merchant businesses, as well. In one case, a company sent a credit card application issued in my name to an old address. The occupant filled it out and began making purchases. When the bill came due, the collections agency had no problem tracking me down to give notice. In my opinion, this merchant could have been more dilligent, because I had asked them to cancel my account years before this happened. They were certainly dilligent when it came to getting paid.
...right on the card. Just what is there about "Not for purposes of identification" that is hard for officials to understand?
Of course, when I was in the hospital emergency room and I said I didn't want to give them my social security number, they said they would treat me until I did. I backed down.
When I contacted the social security administration about this, and said "Am I required to give anybody but the government my SSN," their rather unhelpful reply was "No, you're not required to, but the hospital is not required to treat you without it."
"How to Do Nothing," kids activities, back in print!
Much of the debate on the 1974 Privacy Act revolved around the fact that the SSN was NOT to be used as a universal identifier. Paragraph 7 (if my memory serves) restricted the use of SSNs to those things either grandfathered (allowed by federal, state, or local law) before 1974 or explicitly named and allowed in a federal law; and in either case including a requirement that the requestor tell you the basis for the request. (Note that folks blanketly refusing to give the SSN are usually not on strong legal ground. Much better is to refuse until the requestor provides the legal basis for the request as provided for in the Privacy Act. IANAL etc...).
The loophole was that this act only restricted government not the private sector. Thus banks, insurance companies, universities, employers, local pizza joints, all ask for the SSN and can refuse service unless you provide it.
It would be a good start to debate if we could base a new law on the existing historical basis for the limitations in the 1974 privacy act, and then extend those restrictions to ALL use of the SSN by anyone.
They just don't care because the current system minimizes their financial losses by transfering those losses to the individual who has his/her identity "stolen".
Making any changes would cost money which reduces profits.
Any changes that improved the situation could be used to find them responsible when/if their new system is defrauded.
So, fixing the system is, from the individual company's point of view, all loss and no gain.
Unless they are providing some other way to authenticate people when they sign up for a service this doesn't seem to me like it will do much.
You mean something like "assign a pseudorandom 20-digit account number"? Yeah, real challenge there
After all, who wants to pay your taxes?
The problem here directly relates to that answer - No one.
You should ONLY ever need to give your SS# for the purpose of reporting taxable income to the SSA. Period. End of valid reasons.
You should not need it on your driver's license, you should not need it on non-interest-bearing financial accounts such as credit cards or most checking accounts. You should not need to give it to the phone, cable, gas, and electric companies. You shouldn't even need to give it to the town/city or possibly even the state (though, as far as the state goes, since the IRS disgustingly considers the state giving me back the excess of my withheld taxes as "income", they've done a definitional end-run around that exception). You shouldn't need to give it to your university if you don't receive any fincial aid. You shouldn't need to give it to your insurance company, since they only reimburse you for losses. You shouldn't need to give it to your doctor or pharmacist. You shouldn't need it on your marriage license (though again, we have a definitional end-run by the government for that one, by having special tax rules for married couples).
Personally, I find it telling that politicians "expressed astonishment" that every company and their dog asks for your SS#. How the hell do these guys live in the modern world? Do they actually have servant even for such rare tasks as signing up for a new long distance carrier or ISP? And can someone even legally let a servant sign up for credit cards or mortgages?
We need these assclowns out of office ASAP, and a maximum allowable income and assets cap for any future officeholders. Have over half a million in capital or make over 100k per year? See ya.
And NO... MORE... LAWYERS!
But my father pointed out that years ago, you didn't need a social security card until you first got a job. Now, in order to claim your children on taxes, you have to get them a social security number.
Over here(Ireland), we used to have an RSI (Revenue and Social Insurance) number. Basically a fraternal twin of the social security number. Well not any more pal! These got "upgraded" to a PPS(Personal Public Service) number. You get them from birth and you need them for everything . If you do not have, or like me, constantly forget your number, you cannot apply for anything. Without this number, you do not exist.
Basically, it's your Number. The unique ID that indexes your name in the Government's databases. That is, if the Government has a database. Things are still a little behind the times over here.
Anyway my point is that this overtly and officially does what your SSN unofficially does, i.e. replaces your name as your most important indentification. For everything. Private companies ask me for this all the time, and probably have complete access to any verification database to check up on it. Who am I kidding. In this country, private companies probably have write access to the database.
To bring things heavily ontopic, no one, no one I know cares about this. "A shure, what's wrong with it?... Will you go 'way from me with your 'privacy'. What do you have to be private about, What?" is the typical, nay, universal response. Never mind that this country used to be a theocracy, one party state and under foreign rule not so long ago.
Admittedly, the odds of a dictatorship are extremely low, but I can tell you that there is an extreme level of corruption here. Most importantly, the police here are highly unaccountable and frequently unscrupulous. There are many well documented incidents of railroading amoung other things. How does the PPS number mix into all this? I'm not too sure, but I don't like the idea of it.
I don't think the issue is one of privacy. I think it's one of independance. Freedom in a sense. I should be able to be who I am, say who I am, without needing any official papers from the state. why should they have the right to grant and revoke some number or tag that in effect becomes my name? As a citizen, I should have the right to live my life free from interaction with the government, not bound to its whim by beaurcracy.
Consider the plight of people in China, who need papers to move from provence to provence. How dare the government tell them where they can and cannot live in their own country. My fear is that PPS and SSN may lead to a similar situation. You will need the governments approval, via a valid, unsuspect number, to do just about anything. Need to open a bank account. Sorry, your PPS came up red. Need to fly interstate? Sorry your SSN is on the do not fly list.
Try and tell this to anyone over here and they'll just give you funny looks. I'm one of the few people that disagreed with electronic voting, and I can tell you that was a struggle. So I'm not even going to waste my time going on about PPS numbers outside of this post.
May the Maths Be with you!
Now, in order to claim your children on taxes, you have to get them a social security number.
Not only that, but with my youngest kids, the paperwork to request and issue an SSN was processed by the hospital. We were told that if we didn't sign the request form, we wouldn't be allowed to take our child home. I didn't buy that, of course, but signed the form because I knew we'd need the number anyway. I'm sure that if you forced the issue, you could take your baby home without getting an SSN, but I doubt anyone does.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
At the state school everything was all about the SSN. One every test, you had to put your SSN...
In the early 1990s a group of students took Rutgers to court regarding SSN use as the student identifier. They won in federal court, and that case was considered precedence in this field. (Not to mention kinna cool because it was just a bunch of students going at the university pro se.)
That case specifically enumerated
*prohibitions using all or part of the SSN as an identifier on tests or assignments
*prohibitions using all or part of the SSN as an identifier en masse (such as posting grades by last four digits)
*prohibitions regarding using all or part of the SSN as an identifier on student ID cards
Universities damn well know of the Krebs v. Rutgers prohibitions but they have taken their time in implimenting them. Hell, even my university broke/still breaks the Privacy Act of 1974, by not disclosing how the SSN will be used and if its necessary to disclose, when applying for admission.