A Modest Proposal to Eliminate the SSN Façade

Douglas Schweitzer’s ComputerWorld blog about personal information makes the following assertion:

“For starters, Social Security numbers should NEVER be posted for everyone to see.”

While this seems like good advice today (given the existing downside), it shouldn’t necessarily be so, and as the referenced article suggests, sometimes may be required. A while back, I suggested that SSNs should all be published. Here is a more complete analysis of that proposal:

Quick, try this: Count the number of banks, credit card companies, insurance companies, mutual fund companies, mortgage companies, and utility companies that you have EVER done business with. Now, multiply that number by 1,000 average customer service representatives and information systems personnel. Add in about 20,000 IRS customer service reps (or 100,000 total employees if you are feeling really skeptical); 65,000 Social Security Administration employees; the total number of employees for every human resources department of every job you’ve ever had; employee counts for the admin department at all schools you’ve attended; and don’t forget the credit reporting agencies you love to hate.

My conservative estimate is that over 150,000 people have “defendable” access to a typical person’s Social Security Number (SSN) over his or her lifetime (a number of my colleagues suggest this number is much higher). And I’ve left out the use of your SSN on military service records, medical records, and local and state tax submissions, among others.

Every reported incident of “identity theft” or personal information leakage brings with it a public outcry to provide better protection over the SSN. Here’s what I don’t get: Why do we continue to treat the SSN as if it’s a secret? We know that hundreds of thousands of people have access already, so why do we think adding another handful of people, albeit criminals, is higher risk than this existing condition? In most cases, we’re not even sure if the SSNs have been used fraudulently (just copied), and there is plenty of evidence that people with “legitimate access” are a much bigger threat.

The answer to my rhetorical question above is apparent: it is a nationwide delusion. Okay, it’s not just that, but let’s not forget the old saying “a secret shared between two people is no longer a secret.” I’m all for restricting access to information, but also skeptical of its long-term viability. In any case, the prudent person must assume that his/her information is available to anyone who wants it.

What we really want to prevent is “identity theft” – I’m talking about the “real” kind with long-term liability and credit history implications, not fraud resulting from stolen credit cards. An identity can only be “stolen” if some third party organization (a car dealership, for example) is effectively “spoofed” by an attacker armed with the knowledge of a name and SSN and perhaps a few other attributes about a person. That is, third parties rely on the notion that the SSN is secret. Silly, really, but we’ve come up with all this legislation around secrecy that just can’t work.

Why does this matter? I didn’t put you through this exercise for nothing. The point is that we are also facilitating this “identity theft” bingo game of chance by letting organizations believe that if they can just somehow keep our SSNs from the “wrong” people, we can keep using them as if they would still wear white on their wedding day. Well, we can’t.

It’s time to eliminate the SSN façade. The solution to the problem of identity theft is a “cold turkey” one: publish all SSNs to ensure that no organization has the opportunity to suggest that their secrecy can be maintained. The Social Security Administration should pick a date 2-3 years in the future and announce that on that day it will publish the SSNs to the world.

The most obvious objection here is also the point: What about all the companies, and perhaps most importantly the Social Security Administration, that rely on the SSN as a secret? Won’t that really change the way they do business today? I sincerely hope not (because they should have stronger controls today), but I suspect so (because they don’t). There is a big difference (in controls) between the initial use of the SSN as validation of identity for a financial transaction (say, to get a credit card or purchase a car) and the ongoing relationship between an individual and an organization that retains the SSN.

The organizations currently using SSNs have other information available to them from their existing customer base – mutually-agreed upon “secrets” and transaction histories among others – and methods of “out-of-band” verification like sending verifying mail to the address-of-record. These techniques are more useful with the history of a relationship; often, setting up an account relies on information being provided by the consumer (or prospective fraudster).

A government mandate is the only way to build out a much stronger program for identity protection – one built on mathematics rather than on 150 thousand people keeping a secret. Otherwise, the laws for protecting the SSN will continue to grow in volume and complexity, organizations will continue to build in more controls, and we will continue to have our identities compromised.

3 comments for “A Modest Proposal to Eliminate the SSN Façade

  1. April 11, 2006 at 9:47 pm

    150,000 person shared “secret” considered broken

    I like Pete’s Modest Proposal to publish SSNs, I mean everyone gets up in arms about not taping your password to your monitor, but do 150,000 people walk by your monitor?

  2. April 20, 2006 at 9:41 pm

    More on SSN Secrecy Facade

    Kim Cameron appears shocked that local governments are putting private information on the Web. Lets just publicize them all and be done with it. They are perfectly useful identifiers and truly awful authenticators. Read more in my previous post on elim…

  3. May 30, 2006 at 11:12 am

    The SSN Is Also A Poor Identifier

    There’s an idea floating around that a major problem with SSNs is their dual use as identifiers and authenticators. (For example, Jeremy Epstein, “Misunderstanding the risks of SSNs,” in RISKS-24.29) This is correct, but the phraseology leads to people…

Comments are closed.