Slashdot Mirror
How Face Recognition Can Uncover SSNs
nonprofiteer writes "Building on previous work showing that social security numbers are not random, CMU researchers ran experiments in which they predicted students' social security numbers after taking a photo of them with a cheap webcam. Using off-the-shelf facial recognition technology and data-mining publicly available Facebook photos and profile information, they were able to come up with the social security numbers of several of the students. (More impressive, as they note that 60% of the students were foreign, and had no SSNs, leaving them a pool of less than 50)."
Has nothing to do with nuclear submarines.
Seven puppies were harmed during the making of this post.
90% of Americans don't care if you know anything and everything about them, are invading their privacy, tracking their behavior or identifying their SSids. They latch onto kitch phrases like "The government owns Facebook" but they don't really understand what their personal and private freedoms are worth.
When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
In a cave hugging South Africa’s lush southern coastline, Curtis Marean suspects he has cornered a wily Stone Age crew that brought humans back from extinction’s brink. These plucky refugees of continent-wide desolation were able to pull off such a stunning evolutionary turnaround because they got lucky. A coastal oasis near the bottom of the world spread its sheltering arms in the nick of time.
Marean proposes that it was there, where the Arizona State University archaeologist now conducts excavations, that humankind’s mental tide turned sometime between 164,000 and 120,000 years ago. Seaside survivors learned to read the moon’s phases in order to harvest heaps of shellfish — brain food extraordinaire — during a few precious days each month when ocean tides safely retreated.
Tantalizing traces of complex thinking and behavior, including lunar literacy, have turned up at South Africa’s Pinnacle Point, a cave-specked promontory that juts into the Indian Ocean. Chunks of dark red pigment and strikingly beautiful seashells found by Marean’s team in one cave attest to ancient ritual activities. Stone points unearthed in the same cave sport glossy patches, signs that the rock was heated to make it easier to work with. The finds challenge the long-standing view that Stone Age people did not think abstractly and perform complex rituals until about 50,000 years ago.
People chanced upon Pinnacle Point and its dietary bounty, Marean says, only after global cooling had rendered much of Africa barren and uninhabitable. Several genetic studies suggest that modern human numbers throughout Africa plummeted to a few hundred breeding individuals around that difficult time.
“Our excavations may have intercepted ancient people who shadowed the shifting shoreline and are the ancestors of everyone on the planet,” Marean says.
Research on Pinnacle Point’s mussel-seeking moon trackers exemplifies a growing scientific conviction that fish and shellfish have played a largely unappreciated role in brain and mind evolution throughout the history of the Homo genus, which appeared at least 2 million years ago and includes people today. Though several East African savanna sites contain butchered animal bones, signaling carnivorous tastes among human ancestors, some scientists now argue that red meat has been oversold as a dietary staple.
At a meeting of the American Association of Physical Anthropologists, held in Minneapolis in April, researchers argued that ancient menus focused heavily on food from lakes, rivers and oceans. New work presented at the meeting pointed to lakeside fishing in East Africa nearly 2 million years ago, the shoreline shellfish harvesting among Homo sapiens at Pinnacle Point starting more than 160,000 years ago and sea voyages to Pacific Ocean islands by an unlikely group of New World settlers around 12,000 years ago.
Food scientists at the meeting emphasized that nutrients essential for brain growth are much more abundant in fish and shellfish than in red meat or any other food. And grabbing catfish out of shallow waters, not to mention scooping up handfuls of shellfish along the shore, may be far easier than hunting land animals or scaring predators away from meaty carcasses, says archaeologist Jon Erlandson of the University of Oregon in Eugene.
Shellfish collecting and fishing probably began early among members of the Homo genus, Erlandson says. “These foods later could have provided nutrients that enabled the evolution of fully modern brain size and cognition.”
Erlandson suspects that, before Homo sapiens’ Pinnacle Point pursuits, fishing was a catch-as-catch-can affair. Consider ancient cuisine unearthed on the eastern shore of Kenya’s Lake Turkana. Someone there bellied up to an aquatic buffet nearly 2 million years ago, leaving a mess that only an evolutionary scientist could love.
At a site unceremoniously dubbed FwJj20, a team l
This isn't a problem: the government promised that SSNs would never be used as ID numbers! They even printed it on early SSN cards. So no one could use this for identity theft, right? Right? I mean, that'd mean the government broke its promise when it instituted the Social Security program. It's just like how the program could never go broke, even though it's a pay-as-you-go system. After all, there will always be more workers than retired people, even if people retire early... wait, abortion, birth control, and increased lifespan mean that there aren't enough young people to pay for retirement? So where's the money going to come from? I'm certainly not going to be paying 3-4 times what I am now in 30 years, right? That could never happen either. After all, the government always keeps it promises and plans carefully to fulfill its obligations...
HAHAHAHAH, sorry, couldn't write that with a straight face.
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
The writeup made it sound like you could look at a crappy snapshot of a person and magically discover their SSN. What actually happened is that they trolled the Facebook profiles for their hometown and date of birth to discover the SSNs, the webcam was just to match up the person sitting at a terminal currently with their Facebook profile. The story is basically: Off the shelf facial recognition software seems to work pretty good, even with a crappy webcam.
I read the internet for the articles.
I find this article title to be silly.
What they do is use facial recognition to match people to their Facebook profile, then use the details stored there to obtain the SSN.
Up next:
- How names and surnames can Uncover SSN
- How giving people your email address can Uncover SSN.
- How running a facebook search can Uncover SSN
The algorithm found out people hometowns and dates of birth, and used it to determine the first 5 digits of the SSN (not the scarier last 4 digits).
The reviewer, unsurprisingly, left off (or didn't emphasize) a quite important part of the study. Still it's pretty neat. From TFA: "At the head of the research team was Alessandro Acquisti, a CMU professor who pointed out in 2009 that the social security number system has a huge security flaw — social security numbers are predictable if you know a person’s hometown and date of birth [emphasis mine] . This study essentially adds a facial recognition component to that study. Acquisti, Ralph Gross and Fred Stutzman ran three experiments. In the first, they data mined Facebook for photos of people with searchable profiles. They then used that database of faces and identities when applying off-the-shelf facial recognition technology (PittPatt) to “anonymous” singles on a popular dating site. Acquisti told me in an interview last month that they were able to reidentify 15% of the digital Cupids. In the second experiment, they used a $35 webcam to take photos of CMU students. They then asked the 93 participants to take a quick online survey. While they did that, the facial recognition software went to work figuring out who they were. Acquisti told me that 42% of those participants were linked to their Facebook profiles. Finally, the third experiment was the one to link faces to their unique nine digits For those participants who had date of birth and city publicly available on their account, the researchers could predict a social security number (based on the work from their 2009 study). "
(That would also be "Place of Birth", not hometown, as those two items are often quite different.)
Which makes sense, since you couldn't more than guess at the last 4 no matter how much info you have.
Is it really an issue that people can use a webcam to make up a number which shares 5 digits with my SSN?
http://lkml.org/lkml/2005/8/20/95
Has nothing to do with nuclear submarines.
It doesn't have anything to do with niggers either but you don't see me wasting first post over it...
Finding SSNs by using facial recognition software is just one use of this, more importantly is that facial recognition can be used to search for people and find who they are. Sure, SSN is part of that data, but it looks like more important part here is connecting the face to the name and location.
You can't handle the truth.
first thought: "... how could the government know what your face will look like when they give you your ssn?"
The real headline should be: "Access to your Facebook Profile can uncover your SSN"
First line: "Oh btw, you can figure out whose facebook profile to troll by using facial recognition."
Is it really an issue that people can use a webcam to make up a number which shares 5 digits with my SSN?
Possibly, given that the last 4 digits (the ones this technique can't guess) are commonly used to display a "sanitized" short SSN. For instance, my student loan paper work has xxx-xx-nnnn for an identifier...
Don't tag me bro. Don't identify me bro. Don't track me bro. Don't research me bro.
CMU, fuck you.
Finally, the third experiment was the one to link faces to their unique nine digits
For those participants who had date of birth and city publicly available on their account, the researchers could predict a social security number (based on the work from their 2009 study). The researchers sent a follow-up survey to their student participants asking them whether the first five digits of the social security number their algorithm predicted was correct.
I'm missing a little something here.
Until recently, the first five digits, were, by definition, based on state/city and birthdate. Ask a genealogist or anyone interested in "private eye" stuff from the past couple decades... they probably have a table you can look up the first five vs location. The first three were strictly based on state; I was born in WI in the 70s; We all have the same first 3. The next two were issued more or less by city/hospital. So everyone born in the same hospital, pretty much for that year, has the same first five. At most, they had a rather shallow pool of a couple to draw from. Why they needed a study in 2009 to "discover" something that has been in endless publications is a mystery. Its like saying we need a "study" to "discover" how to fill out a IRS 1040 form based on neural network analysis of a statistical sample of tax returns, or we could just RTFM or RTF govt publication explaining in great detail what the answer already is.
You don't even need a statistical sample study. Just pull the SSDI and chug away. Social Security Death Index. Notice anything interesting about the publicly available SSNs for people born in Milwaukee in the mid 70s who are already dead? You have to wonder about old people, if the only person left alive from my Grandma's birthplace/birthyear is granny, and all SSNs for that year and hospital are in the SSDI except for the one ending in 1234, and she's the only one left alive, hmm, I wonder what grannies SSN might be? The point being that the "secret" is by no means 4 digits long = 1 out of 1e4. Its more like 1 out of (1e4 minus the number of dead people per the SSDI) I would imagine some entire swaths of the SSN namespace are dead people in the SSDI, except for the few elderly still living.
The other mystery is all they verified was the "public" half of the SSN. The "private" 4 digits was not verified. So, they've accomplished ... nothing.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
The article says they used a $35 webcam. Imagine what they could have done if the had a $100 webscam! That would be almost 3 times the facial recognition and 3 times the SSN cracking! Oh noes! Don't give them any more funding! -www.awkwardengineer.com
Derp http://en.wikipedia.org/wiki/SSN_%28hull_classification_symbol%29
FTA: "The researchers sent a follow-up survey to their student participants asking them whether the first five digits of the social security number their algorithm predicted was correct. "
SS numbers are 9 digits long. Matching the first 5 digits isn't matching 9 digits. The first 3 are associated with place, the second 2 are fairly predictable based on when the SSN was issued, but the last 4 are just assigned sequentially. Also, there is no requirement to get an SSN shortly after birth, so SSNs aren't even necessarily associated with birth date.
"National Security is the chief cause of national insecurity." - Celine's First Law
Given your face they can track back to a name, and frequently a birthdate and home town.
If you're younger than 40, that's almost always enough to get the first 5 digits of your SSN.
For added stupidity, a con artist using Linked In could then ping you with a job and ask for the last 4 of your SS# thereby getting your entire SS# and possibly a signature.
I thought the last four were assigned incrementally and could be guessed reliably based on birthdate
"The researchers sent a follow-up survey to their student participants asking them whether the first five digits of the social security number their algorithm predicted was correct."
No word on how well they did, either.
From the Schneier Study: "Information about an individual's place and date of birth can be exploited to predict his or her Social Security number (SSN). Using only publicly available information, we observed a correlation between individuals' SSNs and their birth data and found that for younger cohorts the correlation allows statistical inference of private SSNs. The inferences are made possible by the public availability of the Social Security Administration's Death Master File and the widespread accessibility of personal information from multiple sources, such as data brokers or profiles on social networking sites."
What that means is that since SSN ranges are allocated regionally, and individual SSNs are generated sequentially, people born in the last 30 years around the same time in the same area will have similar SSNs. This isn't all that magical, and relies on consistent SSN allocation practices. It's just another form of social engineering. The SSA can completely stymie this with just a little bit of randomization.
Foreign or not you apply for and get a SSN, when you enroll there... Unless they participated in the experiment during the first 2 weeks of enrollment. Furthermore most foreign students not only will have SSNs and will have similar ones if they applied the same day. That may explain the high success rate in guessing the first 5 digits... Go figure...
Why do I need the webcam again?
Yes, I'm aware of the link to the first 5 digits. That's how they make up their SSN that matched 5 digits.
It's the last 4 that is the trick and they didn't move the needle on this.
You're far more likely to have your SSN taken in a hacking right now than by this webcam anyway.
http://lkml.org/lkml/2005/8/20/95
Typical racist-inbred-fat-white southerner...
Well if they can guess the first 5, the last 4 are often used by different institutions to identify you over the phone, or at least they try... So I'm sure for a lot of people, the last 4 are documented somewhere.
Like spotting 3 breasted women and cyclops kids. Must be from that part of the state.
As long as the Republicans are in the pockets of these banks and fight the nomination of true consumer rights advocates like Elizabeth Warren, these things will continue to happen.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Hate to intrude with an original thought. We have fairly strict libel laws to prevent slathering misinformation about a person hither and yon, whether the SOB deserves it or not.
Linking vast swathes of electronic records together of dubious provenance, accuracy, and agenda is in many ways worse than public slander: it only takes place in closed rooms behind your back with your immediate financial interests at stake, it's hard or impossible to prove this is going on, and recourse under the law heavily favours the windmill.
When it's just one institution putting black marks on your file for lodging an accurate complaint, so be it. In the theory of the market, you can severe your relationship and start fresh with a different service-minimizing, TOS-touting telecom-in-training.
When your insurance company puts a black mark on your file for filing a successful claim, and then they share with every other financial institution on the planet that you're a born complainer, or it gets linked up surreptitiously behind the scenes, this is not right.
Using a government sanctioned number just makes it that much easier to pretend "the number is really you" rather than using some UID of their own devising, which is clearly just an access key into a database of dirt cobbled together by grasping econocrats.
When I was responsible for anonymizing data to provide test cases for external developers, part of the process was changing all birth dates to the 1st of the month. That's good enough for just about any analytical purpose except astrological predictions. Changing the last 2 digits of the zipcode to "99" significantly fuzzed the location. Might not be sufficient to mask the identity of the occasional 103 year-old in a sparsely populated region, but nothing to lose sleep over.
I've never posted my true birthdate on any public site.
did they use to get past all the duckface and tongue hanging out pictures?
First off, hometown don't mean shit.
I didn't get assigned my SSN in my hometown, i was across the country at the time.
In fact, i've had local pigs claim i was giving them a fake SSN back when i would get hassled more (when i was a junkie).
Of course, the average IQ of the local police is like 12 or something.
But whatever.
The other weird part is, most peeps I grew up with, don't live here anymore. So once again, what does hometown have to do with shit?
Be seeing you...