South Korean Citizen IDs Vulnerable, Based On US Model

An anonymous reader writes: South Korea's Resident Registration Number (RRN) has been proven 'vulnerable to almost any adversary' by the 'Queen of re-identification', Harvard Professor Latanya Sweeney, who previously proved that 87 percent of all Americans could be uniquely identified using just their ZIP code, birthdate, and sex. Sweeney was able to decrypt personal information from the RRN numbers of 23,163 deceased Koreans with 100% success by two different methods of attack, and notes that the South Korean system is based on one currently in use in the U.S.

What's so secret about those numbers?

I'm only familiar with the Swedish model which uses a ten-digit number starting with the person's birth date on the form YYMMDD, three serial digits and a checksum. The key is that it's not designed to be secret at all, you're supposed to use it everywhere and for everything. It's just an ID number, simply knowing it does not entail authentication or authorization.