Thank goodness Adam Shostack is on the job over at Emergent Chaos. Although he is completely against anything that may reduce our privacy, like any method of stronger identification, he is more a stickler for quality in data management.
So he is willing to point out the flaws in using an SSN as some sort of "universal key" used in databases even though it flies in the face of his convictions. I don’t see any reason why anyone would use the SSN as an actual database key if they had an alternative.
Database developers are unlikely to use the SSN as a key to link tables within the same database. On the other hand, if information is being aggregated from multiple sources, it may be the only field in common. Anyone who has ever tried to normalize and link records from disparate sources knows how crucial some sort of link is in this case. Under these circumstances, the SSN is extremely useful, even given its flaws (not necessarily unique, not globally issued, etc..) simply because it is a "pretty good identifier" that is better than most other solutions.
Anyone attempting to link databases is also likely to use any other fields in common – Adam may as well suggest that the first and last names are not good either, because people are going to use those fields as well.
Mistyping is a problem with all data entry.
Lots of companies use SSNs as database keys. Why? Usually laziness, why come up with your own unique identifier if you think one already exists? Adam’s point is that they aren’t unique and they pose a privacy issue.
Yes mistyping is a problem with all data entrey. That’s the point of checksums. How often has your credit card been charged for someone elses transaction due to a typo? I’d guess never. Because credit cards have checksums built in.
I read Adam’s post as an appeal to find other, better ways of doing things than SSNs. And yes data quality is an issue, given the probability for typoing as someone elses SSN you’re entire credit or ability to fly could be shot to hell. I’m know I’m not comfortable with that. Why are you?
-DM
You’re right, I should have done a better job at saying that I am all for a better solution. I have been badgering Adam and writing enough about stronger identity cards that I didn’t want to belabor it in this post. So let me belabor: there are a lot of ways to make this identification stronger and I think we should move in that direction. In that regard, I agree with Adam. I just find it interesting (and admirable) that he can effectively make the case for stronger identity even though he doesn’t support it (at least from what I can tell).
The whole stronger identity question notwithstanding, I don’t see using SSNs as a big deal. They aren’t private at all. (I don’t understand why security folks continue to cling to this fallacy given that they are willing to torpedo much, much stronger control at the drop of a hat). Sure, there may be better existing solutions, but I don’t know of any. Again, this assumes that you are using disparate data sources that have nothing better.
I am definitely looking forward to the days when we get another shot at making these systems better, but I am not too worried about the situation today.