Pendulum Swinging Toward Privacy

netbuzz writes "The New York Times reports this morning on a gathering movement to remove Social Security numbers from online public records. While justifiable, given the reality of and concerns about identity theft, it also doesn't take much to imagine how such concerns will be abused by public officials who are strapped for cash and/or ethically challenged."

So What?

[TubeSteak]

Snohomish County, Wash., for example, said Wednesday that 61 types of documents, including tax liens and marriage certificates, would be blocked. (The documents are supposed to remain public at courthouses or state offices.)

Just because the records are 'offline' doesn't mean that the information in them is any safer.

Or is security by obscurity "good enough" in this case?

Re:So What?

[ScrewMaster]

Yes, well, at least that cracker with the .ru TLD won't be able to grab a couple hundred thousand such records all at once. Not so much security-by-obscurity as it is security-by-inconvenience.

Re:So What?

[paeanblack]

The problem has never been that SSNs were widely known. Giving everybody a unique piece of information that can distinguish this John Smith from that John Smith is a very practical method.

The problem is that knowing your SSN is considered proof of identity.

This is equivalent to:
"Hi, I'm John Smith"
"Prove it"
"J-o-h-n S-m-i-t-h"
"Well, that's good enough for me...here's your new credit card".

I think the cleanest solution would be a statement from the government like this:
"Social Security Numbers are no longer to be used as a form of authentication. They are for identification purposes only. To ensure this state of affairs in the future, we will on January 1, 2009 publish all SSNs with the full names of the people to which they are assigned. After this date, any person or company found relying on SSNs as proof of identity will be solely and completely responsible for all damages from fraud and 'identity theft' occuring as a result of such idiocy. We are not mandating a specific method of proper authentication, nor are we establishing a national clearinghouse for such. All we are doing is telling you to get off your asses, incorporation some real security, and stop running your businesses like complete fucking retards"

Re:So What?

The problem is not that SSN's are used for authentication, which I'm not even sure is true.

The problem is that it's used as a primary key for me. You can use it to link together all sorts of information about me. Publishing all SSN's just makes this problem worse.

Re:So What?

[jfengel]

Government statements don't usually use phrases like "complete fucking retards", but it seems warranted in this case. It's offensive that a company would give a loan to somebody just because they know my SSN and then have the audacity to come to me for the money.

Re:So What?

[paeanblack]

The problem is that it's used as a primary key for me. You can use it to link together all sorts of information about me. Publishing all SSN's just makes this problem worse.

The alternative is everybody rolling their own, which commonly leads to one agent's primary key being another agent's authentication factor. This gives anyone with access to both data sets the means to impersonate you.

Re:So What?

The problem is not that SSN's are used for authentication, which I'm not even sure is true.

you're not even sure? what retarded planet are you from?

Re:So What?

[mikael]

There was story some time ago in Canada, about some tenants who managed to sell the house they were renting to a third party. This sale was achieved through a dodgy notary (apparently he was responsible for authenticating ownership, which he didn't bother to do). The consequence was that two mortgage payers (the landlord and the people who 'bought' the property) ended up having to go to court in order to decide ownership of the house. I didn't keep up with this case, but who have liked to know who won.

Re:So What?

we will on January 1, 2009 publish all SSNs with the full names of the people to which they are assigned.

And please include the mother's maiden name. Oh, and the names of all of their pets. And favorite color.

Re:So What?

[mpe]

The problem has never been that SSNs were widely known. Giving everybody a unique piece of information that can distinguish this John Smith from that John Smith is a very practical method.

Even then it's only intended for certain purposes. If a school needs to distinguish between two students with the same name it's really up to them to work out how to. Ditto for a bank with several customers having the same name.

Doesn't Matter

[MBC1977]

The SSN is for my social security benefits, not my dammed identification. If they want to make a national identification number (after debating the pros and cons of such) later than that is fine. But to use the SSN for purposes that it was not intended for is foolish at best and dangerous at worse. One day I actually may have to claim those benefits (sad, as that may be), and don't want it tied into or tied up by any company's Bull****.

Re:Doesn't Matter

[profplump]

The problem isn't that SSN are used as public identifiers -- having another public identifer would just shift the problem to that number instead of your SSN. And it's unlikely that having a stolen SSN would actually affect your ability ot make SS claims anyway, at least not for very long.

The problem is that your SSN is both a public ID and a secret used to validate that ID. So long as a single bit of information is used as both the public and private bits of that equation there's no way to solve this problem no matter how many ID numbers you generate.

Would is really be so hard to require that new credit accounts can only be issued with a notarized signature? Notary publics are intended to serve just this kind of purpose -- to validate that a particular person really did execute an agreement. It's pretty easy to find a notary public even in rural areas, and they don't report their specific activities to the government, so there's aren't a lot of big-brother concerns with respect to having your documents notarized. Seriously, this seems like a problem we solved 100 years ago.

Re:Doesn't Matter

I think authentication is the bigger issue, not identification. It doesn't matter whether I know your identifier (your name or your SSN) if I still can't prove that I'm you.

Re:Doesn't Matter

[Yoweigh116]

Mod up this post's parent, please. Sacrificing the security of your financial identity in exchange for a little bit of convenience is absurd.

Re:Doesn't Matter

[mkoko]

Would is really be so hard to require that new credit accounts can only be issued with a notarized signature?

Say goodbye to online applications, applying over the phone, etc. Now the credit card business is making less money than it was before.
And they won't like that.

Re:Doesn't Matter

Would is really be so hard to require that new credit accounts can only be issued with a notarized signature?

You'd run across the credit bureau (TRW, Equifax, etc...)and retail lobbies who insist to the politicans that "we need the convenience for opening credit".

I don't want the convenience, but the retailers want it so that they can give all the stupid people the store credit cards that they want (read the agreement. store credit cards are ripoffs) and the credit card corps, banks, and credit check corps want the "right" to store data to give quick impulsive credit (debt) to the morons and to sell the data that they collect to the highest bidder - without OUR consent!@!!

Re:Doesn't Matter

You English speaking moron, read the fucking dictionary first:

dam1 (dm) n. 1.a. A barrier constructed across a waterway to control the flow or raise the level of water. b. A body of water controlled by such a barrier. 2. A barrier against the passage of liquid or loose material, as a rubber sheet used in dentistry to isolate one or more teeth from the rest of the mouth. 3. An obstruction; a hindrance. --dam tr.v. dammed, damming, dams. 1. To hold back or confine by means of a dam. 2. To close up; obstruct: He tried to dam his grief. See Synonyms at hinder1. [Middle English, probably from Old English *damm.] --dam"mer n.

Re:Doesn't Matter

[nsaspook]

If you have a old SSN card like mine it says on the bottom

FOR SOCIAL SECURITY AND TAX PURPOSES-NOT FOR IDENTIFICATION

This is from about 1970ish.

Re:Doesn't Matter

[profplump]

You can still apply online, the account just isn't active until they get their notarized copy of your acceptance.

By the time they've approved you for credit paying an extra couple of dollars to actually open the account is no problem -- it's not like they have to process notarized paperwork at the pre-approval stage.

Re:Doesn't Matter

[Phoobarnvaz]

Would is really be so hard to require that new credit accounts can only be issued with a notarized signature? Notary publics are intended to serve just this kind of purpose -- to validate that a particular person really did execute an agreement. It's pretty easy to find a notary public even in rural areas, and they don't report their specific activities to the government, so there's aren't a lot of big-brother concerns with respect to having your documents notarized. Seriously, this seems like a problem we solved 100 years ago.

I totally agree with you!!! The problem about this is that vendors who want to sell that flat panel or some other big ticket item to some idiot impulse buyer would lose that sell. They would have time to think about the possible hole they were digging for themselves by forcing them to get a notarized document for said sale.

This is one of the biggest reasons we don't have a national freeze on credit files...because the retail/credit industry would collapse from the idiots figuring out they really don't need the item or it's too much trouble to get the notarized document.

Re:Doesn't Matter

[BlueItalian]

I don't understand the mechanism that allows identity theft in the USA. There's no such thing in any european country of my knowledge, and frankly I don't understand why the idea of a national ID with a picture on it to certify who you really are is so scary to you and the english. How is it possible for someone to impersonate someone else in the USA by simply using their SSN?

Re:Doesn't Matter

[JimBobJoe]

There's no such thing in any european country of my knowledge, and frankly I don't understand why the idea of a national ID with a picture on it to certify who you really are is so scary to you and the english. How is it possible for someone to impersonate someone else in the USA by simply using their SSN?

The problem is not the lack of an identity card (and I happen to disagree with the parent posters that somehow the point of failure is that the SSN is used both as an identifier and password.)

The problem is simply that we give large amounts of credit in the US very quickly. You can fill out a form and get a $10,000 credit line instantaneously. It's my understanding that that is unique to the US. When you have that much money available that conveniently, it's worth it to a fraudster to do whatever it takes to get it.

Honestly, your national ID card doesn't have these problems because you don't have so much on the line. If you had a mechanism in your country for getting $10,000 simply by filling out a form and showing ID, you'll find out very quickly that your ID card is pretty worthless when that amount of money is on the line.

Re:Doesn't Matter

[Attila+Dimedici]

I am pretty sure that it states in the Social Security Act that the SS# is NOT to be used for identification. I don't believe that any law changing this has ever passed. Companies and governments (State, local, and federal) just started using the SS# to ID people because every legal resident had one. Some states use the SS# as the drivers license #, some colleges use the SS# as the student ID. If my recollection of the wording of the SSA is correct this is technically a violation of it, but nobody ever enforces it (it is possible that there was an Act passed superceding this wording, but I am unaware of it).

Re:Doesn't Matter

I believe that's referring to the card, not the number. The card itself is not a valid form of ID.

Re:Doesn't Matter

[Kadin2048]

Mod parent up. That identity theft is (apparently/allegedly) less common in Europe has nothing to do with identity cards, and identity cards would not do anything to curb identity theft in the US. Actually, I could think of a few ways in which they'd probably make it worse.

I suspect that the prevalence of identity theft / fraud here, is mostly the result (as the parent suggests) of shady creditors' practices of extending large amounts of credit to people more or less anonymously -- on nothing except their name and address, basically, and with no real check to make sure that either piece of information is particularly valid.

I've never tried it, but I suspect that it would be trivially possible for me to go out, today, and get enough credit so that when maxed out, it would be utterly impossible for me to ever pay off without declaring bankruptcy. Now, this really wouldn't be hard for a potential creditor to see; all they'd have to do is ask for a pay stub and look at how much money I'm making, and look at my other outstanding lines of credit, and do the math. The interest on a few hundred thousand dollars would probably be more than my income (less basic expenses), at the rates some creditors charge. However, it's easy to find creditors who don't bother to check. Hell, there are creditors who pretty much advertise that they don't check.

Now, in most circumstances, I firmly believe that in a free society, it's each persons right to destroy themselves in whatever manner they choose, whether it's driving without a seat belt, or ingesting inadvisable chemicals, or blowing their money on Beanie Babies and freezing to death in the street. That would all be peachy with me. But I would not have a problem with a law that forced the responsibility for debtors onto their creditors, if the creditors extended credit to them inappropriately -- not because I really give a damn about people who can't be bothered to manage their money, but because it makes it too easy for someone to steal an responsible person's identity and destroy it in a hurry. The banks are contributing to identity crime in the same way that a "no questions asked" pawn shop does, when they fence obviously stolen goods. Basically, I want the lenders to have a vested interest in going over potential borrowers with a fine-toothed comb. This could be most easily accomplished by making high-risk loans unprofitable: those $100k credit lines that they seem to hand out like candy, only exist because they're profitable. If it wasn't possible for the banks to collect on the debt, they would instantly stop issuing credit without making sure that the borrower was who they said they were, and that they really were able to pay it back.

It is easier to make crime unprofitable, than it is to make it impossible; criminals only steal people's identities because they can be used to readily obtain large quantities of cash. If you eliminate the identity-to-cash conversion, or at least make it harder, you make the crime less profitable and lucrative overall.

Re:Doesn't Matter

[mpe]

The problem is that your SSN is both a public ID and a secret used to validate that ID. So long as a single bit of information is used as both the public and private bits of that equation there's no way to solve this problem no matter how many ID numbers you generate.

If anything declaring SSNs "private" is likely to make the problem worst as more fools will think it is secure in some way or other.

Re:Doesn't Matter

[mpe]

I don't believe that any law changing this has ever passed. Companies and governments (State, local, and federal) just started using the SS# to ID people because every legal resident had one. Some states use the SS# as the drivers license #, some colleges use the SS# as the student ID. If my recollection of the wording of the SSA is correct this is technically a violation of it, but nobody ever enforces it

The longer this kind of abuse go on the harder it is to do anything about it.

Re:Doesn't Matter

[profplump]

I agree that there would be less reward for fraud if credit were harder to obtain. But are you really suggesting that we do something to make it complicated to obtain large amounts of credit? I could never run my business without having access to at least $25k in credit -- you try selling someone a whole set of new computers and making them pay before you even order (let alone deliver) the equipment.

And in either case, wouldn't you like to know that someone can't take out a mortgage in your name without doing something reasonably effective to prove their identity? Even if there were less fraud, I'd still like to be protected from it if the costs of protection are low. Authenticating your identity in some meaningful way before being issued credit based on that identity doesn't seem like a terrible price to pay.

Gathering? Been happening for over a decade

[davidwr]

In the 1990s health care plans, universities, and others stopped using SS#s as identifiers out of privacy concerns.

In the last 15-plus years, some public records have also changed identifiers, been removed from the public records, or had SS#s redacted for the same reason.

The pendulum may be moving faster now but the swing began long ago.

But will universities/ follow suit?

[rob_squared]

At the university I went to the student ID was the social security number, and since that is used with credit companies and businesses for tax reasons, its still a problem. Heck, even standardized tests where TAs were grading, they used SS#s. This is a step in the right direction, but its only the first one.

Re:But will universities/ follow suit?

[Rick17JJ]

I was taking a part time college class at a Junior College several years ago. The students social security number was printed on the class schedule that each student carried around with them on the first day of class. On the first day, there were misplaced class schedules laying on the ground and on desks all around the campus. Nobody seemed too concerned. I don't know if the local junior college still does that or not.

Back in the 1970's, I got an Arizona drivers license shortly after moving to Arizona. Back then, by default, they would use the social security number as the drivers license number unless the applicant specifically asked them not to. My social security number was on my drivers license for over 30 years. ATM machines did not yet exist in grocery stores or small shops, so checks were typically used to pay. When cashing a check they would typically ask for a drivers license and write the drivers license number on the check. Over a few decades, that would be thousands of checks, per person, with the social security number on them. A few years ago, I went over to the department of motor vehicles and had them change my drivers license number to something other than the social security number.

For many years, the envelope for my monthly medical insurance bill always asked me to write my account number under the return address on the outside of the envelope. My account number was my social security number and I always hated having to write that on the outside of the envelope. They finally stopped using my social security number as my account number a few years ago and also stopped asking me to write it under the return address on the outside of the envelope.

A few decades ago most people also kept their social security card in their wallet. Some people still do, even though wallets are frequently lost or stolen.

For many years, identity theft was very rare and there was very little effort to keep social security numbers secret. So after decades of not keeping them secret everyone is now being told that they need to keep them secret. Who's idea was it to start using something that had never been very secret for identification purposes? Knowing a social security number or a mother's maiden name should never have been considered to be proof that someone is who they say they are.

Fortunately, I have never been the victim of identity theft other than one minor instance of having one fraudulent charge on a charge card a few years ago.

Re:But will universities/ follow suit?

[MMC+Monster]

Interestingly enough, when I went to high school (mid-to-late 80s), our ID number in school was a 9 digit number that was not our social security number. At that time I thought it was strange, now I think they were ahead of their time.

stupid

[circletimessquare]

so now records which were easily identifiable will be obscure and hard to locate

oh yeah, right, this is always a good thing. because what the city hall of tacoma washington is used for is the fascist illuminati overlords attempting to turn you into slaves. not, you know, trying to buy land or registering a marriage certificate. you know, mundane every day things you WANT to be easy and painless. clearly, we have to worry about our irrational fears of being controlled by bogeymen from bad hollywood movies we watch and take as the truth of existence. pffft

make your choice slashdot: a "cash-strapped", as you say, municipality that can function for you because records are easy to locate, or one that... drum roll please... is like pulling nails out of your nailbed everytime you just want to buy some land or get a divorce

leave the social security numbers on the documents, please

the privacy above all costs idiots here on slashdot make me want to puke

bolt of lightning for some of you: there are actually real world limits on privacy... that make sense

REALLY

Re:stupid

[Poppler]

the privacy above all costs idiots here on slashdot make me want to puke

Currently, my SSN is bought and sold by unscrupulous companies without my knowledge or consent. I can't think of a single way that has made my life more "painless". Why does my SSN need to be published on the internet for a local official to verify my identity for a marriage license?

bolt of lightning for some of you: there are actually real world limits on privacy... that make sense

And this isn't one of them. If you're going to argue that there is an acceptable tradeoff for having our SSNs published online, you're going to have to elaborate a little, because the examples you gave don't cut it.

Re:stupid

[Beryllium+Sphere(tm)]

>leave the social security numbers on the documents, please

Believe me, that muncipality is going to be even more cash-strapped if and when they have to pay for all the damage they cause by publishing SSNs.

What about other identifiers?

[shakestheclown]

This is all good for SSNs, but what about other personal identifiers?

I'm tired of my local priest asking to see my penis for identification.

Re:What about other identifiers?

[Saikik]

Obviously you should stop leaving your penis laying around on public documents...

Que?

[Butisol]

What are the implications of this for Jose Cucaracha, his wife, six children, and one fetus?

Re:Que?

[shakestheclown]

...Cockroaches don't have SSNs...

Re:Gathering? Been happening for over a decade

It took my school until 2004 to stop using our socials for student id. They were printed on our id cards, bus passes, library cards, etc. Even the course roster given to the instructors listed our ssn next to our name.

Then we started using 8 digit id's. The problem? The public numbers are now used as passwords into some systems.

SSN is an account number

[cepler]

My Social Security Number (SSN) is an account number. Why is it used by so many companies as a form of authentication? It's simply a string of numbers indicating where money is stored for social security benefits. The ignorance of companies in relying on this single number as a form of identification and authentication is what has caused this problem. I should feel free to give out my SSN to anyone. It's not a password and should never have been USED as one PERIOD.

Re:SSN is an account number

[malchus842]

It's simply a string of numbers indicating where money is stored for social security benefits.

There's no money stored anywhere. Social Security is a "pay as you go" system, and any excess funds are replaced with Treasury Bonds (IOUs from the taxpayers to fund Social Security in the future). At some point, the tax needs of repaying those bonds, as well as covering new retirees will exceed the ability of the workforce to pay - unless a significant change in the system is enacted.

Re:SSN is an account number

[PPH]

True. Its not a password. Knowledge of a SSN is not sufficient to validate my identity.

On the other hand, I don't want private organizations to have a universal identifier that they might use for data mining purposes. Do you really want your auto insurance company to access your local grocery store 'discount card' records to see how much beer you buy?

Re:SSN is an account number

And it easily outweighs the rest of everything else. Right now, the US public debt is about $5 trillion (about 2/3 of our GDP yearly). The outstanding value of social security debt is presently about, oh... $50 trillion or so, easily.

Re:SSN is an account number

[mpe]

My Social Security Number (SSN) is an account number. Why is it used by so many companies as a form of authentication?

Especially considering that many of them have no interest at all in putting money into said account. Thus giving them the information makes about as much sense as giving them your bank account details.

Re:SSN is an account number

[sjames]

While some changes may be in order, the fundamental argument against social welfare can be vastly simplified.

If those arguments are true, then it is also true that it is IMPOSSIBLE for a typical person to ever save enough money to retire, pay for health care, etc. If true, the problem is much more fundamental than tweaking policies and percentages in the Social Security program.

Right...

[DittoBox]

public officials who are strapped for cash and/or ethically challenged.

Right. Aren't all public officials strapped for cash and/or "ethically challenged?"

Re:Right...

I thought it was a pre-requisite....

/shrugs

Ther is a much much better way

[argoff]

Get rid of the stupid number, and the ponzi retirement scheme that comes with it. It may make it harder for the government to track my finances, well boo hoo hoo I think I'm going to cry.

all the eggs in one basket

[eneville]

this is exactly where having everyone's data in the same place is a problem. the government should invest in monitoring the access and controlling who can do what with it. queries should be controlled, and mechanisms have to be put in place to ensure that no user can extract too much data in a short period of time. i'm not in a position to suggest exactly how that should be implemented in the office as i do not work there, but i can see how organisations without access controls can easily be abused.

Blah blah blah

[Score+Whore]

Why doesn't someone grow a pair testicles and forcibly tell all the businesses in the world that your SSN is not secret. It is not to be used as a strong credential. Treat it just as fucking public as something like your name. If the law said, it's not secret and any business that uses it as "proof" of someone's identity has to bear the burden of any losses that business incures. If they sign a contract with some scam artist and that person takes off with a brand new ferarri, too fucking bad, they can't come after the person who's name was used. They can't file a bad credit report.

Re:Blah blah blah

[MollyB]

Why doesn't someone grow a pair testicles ... For the same reason you don't grow a pair of ovaries, sir.
Personally, I think the metaphor of having (or growing, if you will...) a Spine or Backbone is more accurate, and includes everyone.
This is slashdot, I know, but, c'mon...

Re:Blah blah blah

BTW, there is no such crime as identity theft. There is theft, and there is failure to correctly identify. The victime of "identity theft" is the victim not only of the person who used his credentials, but of the corporation or government agency which gave money / credentials to the wrong person, then tried to hold the victim responsible unless/until the victim offers evidence that he is entitled to get his own property/freedom/etc. back.

Re:Blah blah blah

[maxume]

So you are saying that you have never once met a woman that was accurately described as 'having a pair'? Really? I've met a few ladies with big brass balls(I wonder if anyone will reply to that?).

Of course you haven't, because you think it is sexist, but whatever, I mean, c'mon, what's next, sensitivity training on the job?

Security through economics

[Beryllium+Sphere(tm)]

Door locks, armored cars, fences and alarms don't prevent crime, they raise the cost (including risk) above the benefit.

Same here. An SSN has some market value. Cheap automated harvesting is profitable. Driving to a courthouse and copying by hand almost certainly isn't. No profit, no mass crime. The threat is then reduced to stalkers and private detectives.

Re:Security through economics

[caluml]

Door locks, armored cars, fences and alarms don't prevent crime, they raise the cost (including risk) above the benefit.

I'd never thought of it like that. Insightful.

Notarization

[Beryllium+Sphere(tm)]

>Would is really be so hard to require that new credit accounts can only be issued with a notarized signature?

Credit is a drug. Drug pushers don't want anything to slow down their chance to get money from a desperate customer.

Credit issuers make lots of money from both legal instant credit and from lending to crooks and collecting from fraud victims.

Your suggestion is good security, good policy, and will be blocked by intense lobbying. (Also vulnerable to the forged ID problem, since that's what notaries check).

Re:Notarization

[profplump]

Notaries are, of course, still subject to fraud, just like anyone else. But they're a lot less subject to fraud then someone who just asks for your ID number.

If you're vicimized because of mistake by a notary you can take action against them -- in most places they're required to be bonded and are strictly liable up to several thousand dollars.

Re:Notarization

[maxume]

If notaries were expected to authenticate credit applications, and they were regularly held liable for mistakes, they would start charging a great deal more.

It seems like a good idea to make sure that companies that issue cards to the wrong person are responsible for the consequences of that action. They will just pass the cost on to their customers, but they are also the only ones who are in a position to do anything about it. For the most part, if somebody decides they are going to impersonate me, there isn't a whole lot I can do to prevent it, so it doesn't make sense to make me bear the consequences.

Having card issuers do the work also means that they will try to make it an efficient process; a notary doesn't really care if people have credit cards, so he will charge cover-his-ass prices(there would likely be a reasonable equilibrium, but notaries will never know more about the credit card business than the credit card companies...).

hello

[circletimessquare]

welcome to reality

in reality, you can have convenience and reliability

or you can have privacy and security

you can't have both at the same time

welcome to the real world

Re:hello

in reality, you can have convenience and reliability

or you can have privacy and security

you can't have both at the same time

No one consulted me about the tradeoffs.And, I'd rather have my local businesses make me jump through hoops instead of relying on a nationally corrupted database.

Your retort is asinine.

Re:hello

[Poppler]

in reality, you can have convenience and reliability

or you can have privacy and security

you can't have both at the same time

Once again, I have to ask you to elaborate on that. What "convenience and reliability" is being achieved by publishing Social Security numbers online?

Re:hello

[jrockway]

welcome to reality

in reality, you can have convenience and reliability

or you can have privacy and security

you can't have both at the same time

welcome to the real world

welcome to reality

in reality, you have punctuation marks and capital letters

sentences end with periods

sentences start with capital letters

welcome to the real world

Hey Jedediah! Hand me that arc welder!

[jfengel]

I dun got this barn door nailed pretty darn shut, but I wanna weld it and and sink it in concrete, just to be sure. That horse may already be outside the barn but I fer gol dern sure don't want him to get any MORE out.

Re:Gathering? Been happening for over a decade

[forlornhope]

Hello fellow Mountaineer, Or at least I would assume as WVU does the exact same idiotic thing.

We're All Gonna Die!

[pipingguy]

All this hinges upon peoples' perception of "safety". I usually do not watch network TV, but last night I accidentally caught something by John Stossel wherein he was talking about relative safety. In this group we're pretty sophisticated (mod me up, pandering to the audience) but the average slob/pleb/6-pack Joe gets his info from mainstream TV.

Aside from providing big muscle to win good wars, make good entertainment and do the manifest destiny thing, the US is pretty good at mobilizing its citizens for the good fight.

Please don't let us down, America.

Regards from your younger obscure brother,
Canada

Maybe ...

If we started executing identity theives and privacy pirates we wouldn't be afraid to use our SSNs. The majority of people want secure National ID.

Re:SSN=Username + Password

It is simple, your SSN is both your username and your password here in the US.

pendulum of privacy

[peektwice]

The headline initially had me intrigued thinking that the USA Patriot act or some portion of it had been struck down as unconstitutional, or maybe that ISPs were refusing to do the RIAAs dirty work by not sending threatening letters for them. However...

nothing to see here, move along....

The solution to your problem: SIN!

[telso]

What needs to be done is to prevent companies from requiring SSNs unless absolutely required. Just above you, in the land of the sensible, Social Insurance Numbers have been like that for a while:

Unless an organization can demonstrate that the reason they are asking for a person's SIN is specifically allowed by law, or that no alternative identifiers would suffice to complete the transaction, they cannot deny or refuse a product or service on the grounds of a refusal to provide a SIN. Examples of organizations that legitimately require an SIN include employers, banks and investment companies, and federal government agencies. Giving an SIN when applying for consumer credit, such as buying a car or electronics, or allowing it to be used as a general purpose identification number, such as by your cable company, is likely a bad idea.

And now, thanks to the lovely PIPEDA, this is true for any personal information. Obviously if you're at a resort trying to rent a bike or something and they refuse, you're not going to leave and write the privacy commissioner, but next time you'll make it better for everyone, and maybe even educate someone and/or make their business more efficient.

It's sort of surprising that Congress hasn't gotten off its ass and done something about this. (Well, they have, just not enough of them.)

On second thought, it's not.

Re:The solution to your problem: SIN!

[KDR_11k]

Or look at some European countries, we have no identifying numbers that are used by multiple organizations. Sure, I have a number for medical insurance, for studentship, etc but noone who isn't involved directly with those will ask for that number. We have ID cards for identifying ourselves.