Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pendulum Swinging Toward Privacy

Posted by kdawson on from the watch-that-swing dept.

netbuzz writes "The New York Times reports this morning on a gathering movement to remove Social Security numbers from online public records. While justifiable, given the reality of and concerns about identity theft, it also doesn't take much to imagine how such concerns will be abused by public officials who are strapped for cash and/or ethically challenged."

18 of 72 comments (clear)

  1. Doesn't Matter by MBC1977 · · Score: 4, Insightful

    The SSN is for my social security benefits, not my dammed identification. If they want to make a national identification number (after debating the pros and cons of such) later than that is fine. But to use the SSN for purposes that it was not intended for is foolish at best and dangerous at worse. One day I actually may have to claim those benefits (sad, as that may be), and don't want it tied into or tied up by any company's Bull****.

    --
    Regards,

    MBC1977,
    1. Re:Doesn't Matter by profplump · · Score: 4, Interesting

      The problem isn't that SSN are used as public identifiers -- having another public identifer would just shift the problem to that number instead of your SSN. And it's unlikely that having a stolen SSN would actually affect your ability ot make SS claims anyway, at least not for very long.

      The problem is that your SSN is both a public ID and a secret used to validate that ID. So long as a single bit of information is used as both the public and private bits of that equation there's no way to solve this problem no matter how many ID numbers you generate.

      Would is really be so hard to require that new credit accounts can only be issued with a notarized signature? Notary publics are intended to serve just this kind of purpose -- to validate that a particular person really did execute an agreement. It's pretty easy to find a notary public even in rural areas, and they don't report their specific activities to the government, so there's aren't a lot of big-brother concerns with respect to having your documents notarized. Seriously, this seems like a problem we solved 100 years ago.

    2. Re:Doesn't Matter by nsaspook · · Score: 5, Informative

      If you have a old SSN card like mine it says on the bottom

      FOR SOCIAL SECURITY AND TAX PURPOSES-NOT FOR IDENTIFICATION

      This is from about 1970ish.

      --
      In GOD we trust, all others we monitor.
    3. Re:Doesn't Matter by JimBobJoe · · Score: 2, Informative

      There's no such thing in any european country of my knowledge, and frankly I don't understand why the idea of a national ID with a picture on it to certify who you really are is so scary to you and the english. How is it possible for someone to impersonate someone else in the USA by simply using their SSN?

      The problem is not the lack of an identity card (and I happen to disagree with the parent posters that somehow the point of failure is that the SSN is used both as an identifier and password.)

      The problem is simply that we give large amounts of credit in the US very quickly. You can fill out a form and get a $10,000 credit line instantaneously. It's my understanding that that is unique to the US. When you have that much money available that conveniently, it's worth it to a fraudster to do whatever it takes to get it.

      Honestly, your national ID card doesn't have these problems because you don't have so much on the line. If you had a mechanism in your country for getting $10,000 simply by filling out a form and showing ID, you'll find out very quickly that your ID card is pretty worthless when that amount of money is on the line.

  2. Gathering? Been happening for over a decade by davidwr · · Score: 3, Interesting

    In the 1990s health care plans, universities, and others stopped using SS#s as identifiers out of privacy concerns.

    In the last 15-plus years, some public records have also changed identifiers, been removed from the public records, or had SS#s redacted for the same reason.

    The pendulum may be moving faster now but the swing began long ago.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  3. Re:Gathering? Been happening for over a decade by Anonymous Coward · · Score: 3, Interesting

    It took my school until 2004 to stop using our socials for student id. They were printed on our id cards, bus passes, library cards, etc. Even the course roster given to the instructors listed our ssn next to our name.

    Then we started using 8 digit id's. The problem? The public numbers are now used as passwords into some systems.

  4. SSN is an account number by cepler · · Score: 2, Insightful

    My Social Security Number (SSN) is an account number. Why is it used by so many companies as a form of authentication? It's simply a string of numbers indicating where money is stored for social security benefits. The ignorance of companies in relying on this single number as a form of identification and authentication is what has caused this problem. I should feel free to give out my SSN to anyone. It's not a password and should never have been USED as one PERIOD.

    1. Re:SSN is an account number by malchus842 · · Score: 4, Informative

      It's simply a string of numbers indicating where money is stored for social security benefits.

      There's no money stored anywhere. Social Security is a "pay as you go" system, and any excess funds are replaced with Treasury Bonds (IOUs from the taxpayers to fund Social Security in the future). At some point, the tax needs of repaying those bonds, as well as covering new retirees will exceed the ability of the workforce to pay - unless a significant change in the system is enacted.

  5. Ther is a much much better way by argoff · · Score: 2, Insightful

    Get rid of the stupid number, and the ponzi retirement scheme that comes with it. It may make it harder for the government to track my finances, well boo hoo hoo I think I'm going to cry.

  6. Re:So What? by paeanblack · · Score: 4, Insightful

    The problem has never been that SSNs were widely known. Giving everybody a unique piece of information that can distinguish this John Smith from that John Smith is a very practical method.

    The problem is that knowing your SSN is considered proof of identity.

    This is equivalent to:
    "Hi, I'm John Smith"
    "Prove it"
    "J-o-h-n S-m-i-t-h"
    "Well, that's good enough for me...here's your new credit card".

    I think the cleanest solution would be a statement from the government like this:
    "Social Security Numbers are no longer to be used as a form of authentication. They are for identification purposes only. To ensure this state of affairs in the future, we will on January 1, 2009 publish all SSNs with the full names of the people to which they are assigned. After this date, any person or company found relying on SSNs as proof of identity will be solely and completely responsible for all damages from fraud and 'identity theft' occuring as a result of such idiocy. We are not mandating a specific method of proper authentication, nor are we establishing a national clearinghouse for such. All we are doing is telling you to get off your asses, incorporation some real security, and stop running your businesses like complete fucking retards"

  7. Re:So What? by Anonymous Coward · · Score: 3, Insightful

    The problem is not that SSN's are used for authentication, which I'm not even sure is true.

    The problem is that it's used as a primary key for me. You can use it to link together all sorts of information about me. Publishing all SSN's just makes this problem worse.

  8. Blah blah blah by Score+Whore · · Score: 2, Insightful

    Why doesn't someone grow a pair testicles and forcibly tell all the businesses in the world that your SSN is not secret. It is not to be used as a strong credential. Treat it just as fucking public as something like your name. If the law said, it's not secret and any business that uses it as "proof" of someone's identity has to bear the burden of any losses that business incures. If they sign a contract with some scam artist and that person takes off with a brand new ferarri, too fucking bad, they can't come after the person who's name was used. They can't file a bad credit report.

    1. Re:Blah blah blah by MollyB · · Score: 3, Interesting

      Why doesn't someone grow a pair testicles ... For the same reason you don't grow a pair of ovaries, sir.
      Personally, I think the metaphor of having (or growing, if you will...) a Spine or Backbone is more accurate, and includes everyone.
      This is slashdot, I know, but, c'mon...

  9. Security through economics by Beryllium+Sphere(tm) · · Score: 3, Interesting

    Door locks, armored cars, fences and alarms don't prevent crime, they raise the cost (including risk) above the benefit.

    Same here. An SSN has some market value. Cheap automated harvesting is profitable. Driving to a courthouse and copying by hand almost certainly isn't. No profit, no mass crime. The threat is then reduced to stalkers and private detectives.

  10. Re:stupid by Beryllium+Sphere(tm) · · Score: 3, Interesting

    >leave the social security numbers on the documents, please

    Believe me, that muncipality is going to be even more cash-strapped if and when they have to pay for all the damage they cause by publishing SSNs.

  11. Hey Jedediah! Hand me that arc welder! by jfengel · · Score: 2, Funny

    I dun got this barn door nailed pretty darn shut, but I wanna weld it and and sink it in concrete, just to be sure. That horse may already be outside the barn but I fer gol dern sure don't want him to get any MORE out.

  12. Re:But will universities/ follow suit? by Rick17JJ · · Score: 4, Insightful

    I was taking a part time college class at a Junior College several years ago. The students social security number was printed on the class schedule that each student carried around with them on the first day of class. On the first day, there were misplaced class schedules laying on the ground and on desks all around the campus. Nobody seemed too concerned. I don't know if the local junior college still does that or not.

    Back in the 1970's, I got an Arizona drivers license shortly after moving to Arizona. Back then, by default, they would use the social security number as the drivers license number unless the applicant specifically asked them not to. My social security number was on my drivers license for over 30 years. ATM machines did not yet exist in grocery stores or small shops, so checks were typically used to pay. When cashing a check they would typically ask for a drivers license and write the drivers license number on the check. Over a few decades, that would be thousands of checks, per person, with the social security number on them. A few years ago, I went over to the department of motor vehicles and had them change my drivers license number to something other than the social security number.

    For many years, the envelope for my monthly medical insurance bill always asked me to write my account number under the return address on the outside of the envelope. My account number was my social security number and I always hated having to write that on the outside of the envelope. They finally stopped using my social security number as my account number a few years ago and also stopped asking me to write it under the return address on the outside of the envelope.

    A few decades ago most people also kept their social security card in their wallet. Some people still do, even though wallets are frequently lost or stolen.

    For many years, identity theft was very rare and there was very little effort to keep social security numbers secret. So after decades of not keeping them secret everyone is now being told that they need to keep them secret. Who's idea was it to start using something that had never been very secret for identification purposes? Knowing a social security number or a mother's maiden name should never have been considered to be proof that someone is who they say they are.

    Fortunately, I have never been the victim of identity theft other than one minor instance of having one fraudulent charge on a charge card a few years ago.

  13. pendulum of privacy by peektwice · · Score: 2, Insightful
    The headline initially had me intrigued thinking that the USA Patriot act or some portion of it had been struck down as unconstitutional, or maybe that ISPs were refusing to do the RIAAs dirty work by not sending threatening letters for them. However...

    nothing to see here, move along....
    --
    Other than this text, there is no discernible information contained in this sig.