By: Pete

Pete — Tue, 22 Mar 2005 02:21:08 +0000

You’re right, I should have done a better job at saying that I am all for a better solution. I have been badgering Adam and writing enough about stronger identity cards that I didn’t want to belabor it in this post. So let me belabor: there are a lot of ways to make this identification stronger and I think we should move in that direction. In that regard, I agree with Adam. I just find it interesting (and admirable) that he can effectively make the case for stronger identity even though he doesn’t support it (at least from what I can tell).

The whole stronger identity question notwithstanding, I don’t see using SSNs as a big deal. They aren’t private at all. (I don’t understand why security folks continue to cling to this fallacy given that they are willing to torpedo much, much stronger control at the drop of a hat). Sure, there may be better existing solutions, but I don’t know of any. Again, this assumes that you are using disparate data sources that have nothing better.

I am definitely looking forward to the days when we get another shot at making these systems better, but I am not too worried about the situation today.

By: DM

DM — Sun, 20 Mar 2005 20:02:24 +0000

Lots of companies use SSNs as database keys. Why? Usually laziness, why come up with your own unique identifier if you think one already exists? Adam’s point is that they aren’t unique and they pose a privacy issue.

Yes mistyping is a problem with all data entrey. That’s the point of checksums. How often has your credit card been charged for someone elses transaction due to a typo? I’d guess never. Because credit cards have checksums built in.

I read Adam’s post as an appeal to find other, better ways of doing things than SSNs. And yes data quality is an issue, given the probability for typoing as someone elses SSN you’re entire credit or ability to fly could be shot to hell. I’m know I’m not comfortable with that. Why are you?

-DM

Comments on: SSN as Database Key?

By: Pete

By: DM