It is pretty obvious that the social security number is not a very good authenticator, given that hundreds of thousands of people have access to the "something you know" piece of the puzzle, but that doesn’t necessarily mean that the SSN is useful as an identifier, as I and others have stated recently.
Emergent Chaos takes the SSN Identifier philosophy to task with its list of deficits:
- They’re too short: 30% of all possible SSNs have been issued.
- They lack a check digit. Between these two, you should never design an identifier like this, because any keying error is acceptable, and likely to affect a two people.
- They’re externally issued. This one is a little subtler, and I will argue by analogy. Mastercard and Visa, who understand risk management, make up their own numbers. They do this so that they can control when the numbers change, rather than being controlled. Seems like good database design to me.
- As a design principle, compartmentalization adds to resilience. (Kim Cameron had a good post on this, "IBM Researcher Rejects UK Identity Card Scheme.")
Though I agree with the first two points, I think ubiquity and uniqueness easily trump them (at least for now). The "externally issued" point is completely bizarre – that is the entire value proposition of aggregating information from heterogeneous, unrelated sources in the first place. The compartmentalization point must simply be a smokescreen (or a blind spot) – it is the content not the number that should be distributed, and distributed content is already the norm.
To be honest, I don’t really care whether the SSN is used as an identifier or not, as long as we can address the issues of accountability that I laid out in "The Sybil, Mr. Smith, and Rich Little Internet Accountability Problem." I think that the relative ubiquity and uniqueness of the SSN (for U.S. citizens and some others) provide much greater value than anything else available. I am not opposed to something else being used, or even some sort of federated approach, as long as the linkages remain. This means that the SSN need not be a primary identifier anyway; being an indexed attribute field in a record will suffice.
Emergent Chaos also suggests that creating a new law is easier than the highly complex (nee "baroque") technique of, umm, publishing a list of SSNs. Hmm… I guess I’m missing that part.
[I couldn't trackback to Emergent Chaos - Although he mentions spam as a problem, It seems pretty clear that Emergent Chaos has turned off trackbacks to effectively restrict freedom of speech by attempting to reduce the availability of dissenting opinions. ]
For the SSA to publish a list of SSNs would require a change in the law.
I don’t think that involuntary linkages are a good thing. People should be able to compartmentalize their lives.
@Adam -
I guess things get cloudy when they interfere with your belief systems, as in this case where linkages are typically “good database design” (at least in support of non-redundant data) and eschewed nonetheless. I understand your interest in compartmentalization, and enjoy that quite a bit even with the linkages that occur in certain aspects of life (little league baseball is a great place to see landscapers managing executives).
The linkages we are dealing with here are those of societal obligations (public goods); trust obligations (in the legal realm); and financial consideration. In those situations, compartmentalization is much more destructive than it is beneficial, primarily because the majority of people are reciprocators that will follow the lead of free-riders.
Pete
lexapro medication
lexapro medication
People should be allowed to go naked in certain recreational areas only