Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Why Google Wants Your Kid's SSN

CmdrTaco posted more than 3 years ago | from the hello-toby-from-madison dept.

Privacy 391

Jamie found a somewhat creepy story about a kid's art contest run by Google. As part of the entry, they need the last 4 digits of a social security number. The article suggests that the information requested by the contest should make it possible to guess at, and compile a list of children's social security numbers. It's bizarre and worth your read.

cancel ×

391 comments

Sorry! There are no comments related to the filter you selected.

Do no Evil (0)

mfh (56) | more than 3 years ago | (#35289862)

Except to kids.

Re:Do no Evil (5, Insightful)

Anonymous Coward | more than 3 years ago | (#35290152)

Some mid-level employee came up with a clever but ultimately bad way of distinguishing applications. Conspiracy theory: ignored.

TL;DR Version (4, Informative)

The MAZZTer (911996) | more than 3 years ago | (#35289864)

Google's already removed the field from a newer version of the entry form. will not store any collected numbers, and has explained the need for the city of birth (to help prove US citizenship as required by the contest).

Re:TL;DR Version (4, Informative)

Renderer of Evil (604742) | more than 3 years ago | (#35289892)

Except that neither city of birth nor SSN are indicators of citizenship / residency.

This reminds me of the wifi data gathering operation where they amassed all this information "by mistake."

Re:TL;DR Version (1)

Anonymous Coward | more than 3 years ago | (#35289948)

Yeah, I was born in canada yet would be illegible for this contest. It makes no sense, but it is easy to guess the ssn if you have all the other info ( in fact as an immigrant my ssn has a special begining)

SSN should never be required by anything but for social security purposes. I believe there a law about that too. The gov needs to seriously start cracking down on anyone who asks for this information.

google can figure it out! (1)

Thud457 (234763) | more than 3 years ago | (#35290210)

You know, maybe google should tackle this "unique person identifier" thing once and for all.

errr, did I just say that?! nevermind, bad idea.

Re:google can figure it out! (1)

AmiMoJo (196126) | more than 3 years ago | (#35290280)

When taking exams in the UK you are identified by a random number assigned by the exam board. The people marking the exam have no idea who you are to prevent bias or favouritism. It seems like Google should actually be trying to anonymize entries rather than identifying them, with personal data only used after a winner is picked to verify citizenship.

Re:google can figure it out! (2)

xaxa (988988) | more than 3 years ago | (#35290408)

When taking exams in the UK you are identified by a random number assigned by the exam board.

Significantly, the exam board have to assign their own number, because British children probably don't have an identifying number when they're entered for the exam. (Not to mention non-British people taking the exams.)

However, unless this system has changed since 2004, the numbers aren't random. My number was 0003, and my surname was third in the list of all children at the school.

Re:TL;DR Version (1)

biryokumaru (822262) | more than 3 years ago | (#35290274)

Seriously? I can't think of a form I've filled out ever that didn't ask for social security crap on it, and I sure as hell am never going to get anything from the actually social security funds. Full: car insurance, bank, credit reports, credit cards, health insurance, my doctors, my wife's doctors, my son's doctors, the dentist. Last 4: my college, cell phone (Verizon always did... I think T-Mobile does too), cable company, miscellaneous forms at work. I mean, what kind of rock do you live under where you think extricating our social security number from every part of our life is in any way feasible?

Re:TL;DR Version (1)

silentace (992647) | more than 3 years ago | (#35290436)

Honestly your list seems long but if you factor it down you have a simple list:
People who run credit checks on you...
Doctors
College
Work

The credit check people (verizon, cable companies, etc) will need it to credit check you so they assure to themselves that you are a good paying customer. The doctor would use it most likely as a unique ID and proof of a unique record or even to file your health insurance claims. College... same and work... well work is probably the most obvious... they pay you and would need it to do their paperwork. I am sure there are times where it isn't necessary, but I think you blew it out of proportion.

I think people have put this whole Social Security number thing on some pedestal. The life lock guy put his social security number on TV and got his identity stolen 13 times? http://www.wired.com/threatlevel/2010/05/lifelock-identity-theft/ [wired.com]

That alone proves to me that the social security numbers are pretty secure the way they are. If you put your social on public television and you have "some" problems... you're doing pretty good. Everyone I know who has had there identity stolen was not because their social was easily accessible. Just my two cents.

Re:TL;DR Version (1)

biryokumaru (822262) | more than 3 years ago | (#35290512)

The insurance company, cable company and phone company all use it as a unique identifier, not to run credit checks. Likewise the doctor needs it to give to the insurance company as a unique identifier.

Re:TL;DR Version (0)

Anonymous Coward | more than 3 years ago | (#35290376)

indeed, if you were illegible, nothing else really matters....

Re:TL;DR Version (0)

h4rm0ny (722443) | more than 3 years ago | (#35290392)

Yeah, I was born in canada yet would be illegible for this contest.

Ineligible.

Re:TL;DR Version (0)

Anonymous Coward | more than 3 years ago | (#35290286)

city of birth [...] indicators of citizenship

Since when is that? What kind of exceptions are there?

Re:TL;DR Version (3, Informative)

phunster (701222) | more than 3 years ago | (#35290310)

You are wrong, the 14th amendment grants citizenship to those born in the U.S. From the Wikipedia article:

In the case of United States v. Wong Kim Ark, 169 U.S. 649 (1898), the Supreme Court ruled that a person becomes a citizen of the United States at the time of birth, by virtue of the first clause of the 14th Amendment, if that person is:

        * Born in the United States
        * Has parents that are subjects of a foreign power, but not in any diplomatic or official capacity of that foreign power
        * Has parents that have permanent domicile and residence in the United States
        * Has parents that are in the United States for business

The Supreme Court has never explicitly ruled on whether children born in the United States to illegal immigrant parents are entitled to birthright citizenship via the 14th Amendment,[5] although it has generally been assumed that they are.[6] A birth certificate (a.k.a Certificate of Live Birth for children born in certain states) issued by a U.S. state or territorial government is evidence of citizenship, and is usually accepted as proof of citizenship.

Re:TL;DR Version (1)

fredjh (1602699) | more than 3 years ago | (#35290122)

How does someone saying what city prove anything?

Re:TL;DR Version (0)

Anonymous Coward | more than 3 years ago | (#35290234)

It makes it the sayer's problem, not Google's.

Re:TL;DR Version (0)

GooberToo (74388) | more than 3 years ago | (#35290364)

Google's already removed the field from a newer version of the entry form. will not store any collected numbers, and has explained the need for the city of birth (to help prove US citizenship as required by the contest).

Normally I'm defending Google from the insane paranoia which seems to permeate slashdot these days. But none of that is a valid explanation. Its extremely unlikely they were doing this for any reason other than to farm social security numbers.

If proof of citizenship were in fact important, it would only be required at time of prize collection. But they didn't do that. Rather, they farmed ever entry. This is how just about all other contests are conducted. Furthermore, normally only the child's information and basic parental consent is required. Everything else is obtained at the time prizes are rewarded.

If proof of citizenship were in fact important, they would ask for proof of citizenship. Stating a city is in no way proof of citizenship. With their "proof", every illegal citizen currently in the US is now a citizen. Again, only makes sense they used it to farm children's social security numbers.

Unless they have some really good explanation, far, far, better than the obviously transparent lies, in this case, Google absolutely was up to evil.

Did Maddox start working at Google? (1, Funny)

jackdub (1938908) | more than 3 years ago | (#35289884)

http://www.iambetterthanyourkids.com/ [iambettert...urkids.com] -- I hope THIS GUY isn't a judge!

Re:Did Maddox start working at Google? (1)

c0d3g33k (102699) | more than 3 years ago | (#35290238)

The amusing thing is, those pictures are probably all drawn by *his* kids, since I doubt he can just walk into a school and get artwork from other children to post to the web just to trash them in public. That's some quality parenting, for sure.

(Could be from friends or relatives, I suppose, but still ...)

Re:Did Maddox start working at Google? (1)

box4831 (1126771) | more than 3 years ago | (#35290296)

I imagine with his rather large fanbase, there would be plenty of people who would voluntarily submit their kids' artwork (whether or not you find the idea 'quality parenting'). Hell, maybe even their own from their childhood. (BTW does maddox actually have kids?)

Well duh (3, Informative)

ElectricTurtle (1171201) | more than 3 years ago | (#35289886)

Without even reading the article I know why. SSNs contain demographic data about where and when somebody is born. They are not serial numbers or randomly generated. Anybody with access to the first half of the SSN has demographic data.

Re:Well duh (3, Funny)

Sockatume (732728) | more than 3 years ago | (#35289924)

It's the last four digits that they were collecting, as a unique ID.

Re:Unique ID (1)

TaoPhoenix (980487) | more than 3 years ago | (#35289966)

"Limited Info" - implying that no deductions can be made from that info? There's other related articles that current zip code crossed with all that stuff also produces matches, and this time they have the parents' info.

Wait, what? What parents will send their complete info to Google for a kid's art contest?

You can't get that national ID database under the RFID label, so let's do it ... wait for it... for the kids! Google will hand that list over, to make sure no terrorists in training are practicing drawing guns.

At least it's Google. I expect them to be evil, but not usually stupid, so it might take a few years before the Blackhats get hold of the list.

Re:Unique ID (1)

Sockatume (732728) | more than 3 years ago | (#35290020)

The last four digits of a US SSN are allocated in sequence from 0000 to 9999 for a given SSN group. They are exactly and completely uninterpretable and arbitrary.

Re:Unique ID (1)

eggled (1135799) | more than 3 years ago | (#35290158)

But given all the other demographics, the non-random first 5 digits can often be guessed with some accuracy. So, with a database loaded with demographics tied to those last four random digits, you're bound to be able to successfully complete several SSNs.

Re:Unique ID (1)

VolciMaster (821873) | more than 3 years ago | (#35290208)

The last four digits of a US SSN are allocated in sequence from 0000 to 9999 for a given SSN group. They are exactly and completely uninterpretable and arbitrary.

Note, though, that the method of assigning the initial sets of numbers is slated to change this summer: http://en.wikipedia.org/wiki/Social_security_number#Structure [wikipedia.org]

Re:Unique ID (2)

rwa2 (4391) | more than 3 years ago | (#35290276)

Exactly... the first 5 digits are kinda recoverable from your birth date and location. So if you give them the last 4 numbers, which are the only ones that are really kinda random, then they can pretty much deduce your entire SSN from available public records.

But I don't really understand why I'm supposed to keep my SSN any more protected and secret than, say my employee ID number or my Slashdot UID for that matter. Any bank or government that uses a simple 9 digit number as a S3(R1+ C0D3 to authenticate people are obviously morons when it comes to security and deserves to cover any losses they accrue due to "identity theft". Give me a two-factor authentication smartcard now, dammit, and to hell with any idiot credit card company that is foolish enough to allow someone to open an account in my name without it.

Re:Unique ID (1)

Byzantine (85549) | more than 3 years ago | (#35290530)

Your ideas intrigue me, and I would like to subscribe to your newsletter.

Re:Unique ID (1)

maxume (22995) | more than 3 years ago | (#35290556)

Your conspiracy makes no sense. The SSA already has a database matching SSNs to names and birth locations.

Re:Well duh (1)

JustOK (667959) | more than 3 years ago | (#35289974)

they must not be expecting less than 10001 entrants.

Re:Well duh (1)

JustOK (667959) | more than 3 years ago | (#35289986)

uh, they must be expecting less than 10001 entrants.

Re:Well duh (1)

TheRaven64 (641858) | more than 3 years ago | (#35289998)

They were probably expecting a lot fewer [wikimedia.org] .

Re:Well duh (1)

just_another_sean (919159) | more than 3 years ago | (#35289984)

Right, and by also asking for their city of birth they can get the first five digits.

Re:Well duh (1)

VolciMaster (821873) | more than 3 years ago | (#35290216)

Right, and by also asking for their city of birth they can get the first five digits.

No, you can't - you can only derive the area number from whence the application was sent, and the group number of that batch: http://en.wikipedia.org/wiki/Social_security_number#Structure [wikipedia.org]

Re:Well duh (0)

ElectricTurtle (1171201) | more than 3 years ago | (#35290000)

That would be retarded, as the last four digits are repeated for each SSN region. I mean really, how do you imagine that hundreds of millions of people could be uniquely identified with just four decimal digits? It's basic math. That could not have been Google's intent. It's probably just somebody's ignorant theory.

Re:Well duh (0)

SudoGhost (1779150) | more than 3 years ago | (#35290334)

Yes, the last four digits are repeats for each region. But, if you provide the last four digits of the SSN (which is typically the only truly random part), the city of birth, and age of the child, and you have a pretty solid means of determining the complete social security number. I'm not saying I buy into this conspiracy nonsense, but it's not outside the realm of probability either.

Re:Well duh (0)

ElectricTurtle (1171201) | more than 3 years ago | (#35290388)

For small cities maybe, but as I have already said elsewhere [slashdot.org] , that doesn't work out so well for large cities.

Re:Well duh (1)

SudoGhost (1779150) | more than 3 years ago | (#35290490)

That's only true to a degree, as the numbers are assigned by zip codes near a given social security office, not by city. If you were given the mailing address of the child (instead of just the city), you could feasibly narrow the numbers down more. I'm not saying you'll be able to get it right even all of the time, but even if you only get it right 30% of the time, that's alot of SSNs.

Re:Well duh (1)

gad_zuki! (70830) | more than 3 years ago | (#35289982)

The last four digits don't. Its the first 5 that can be translated into location.

My understanding is that if I knew your place of birth/hometown I could figure out the first five (or work it down to a small set) and just append the last four and have your social.

Storing socials is pretty crazy nowadays. Even Walgreens has stopped doing this. They do what hospitals do use a primary key of Lastname + birthdate, and the verify secondly with address or first name. Its not perfect but your number of collisions is low and that information isn't getting an identity thief much, especially compared to a social.

Re:Well duh (1)

ElectricTurtle (1171201) | more than 3 years ago | (#35290076)

Set size can vary widely. Can you imagine how many SSNs are valid for NYC or LA? Last four digits only provide for 10k-1 blocks, so with NYC at ~6m you would need ~600 different preceding number sets. Not what I would call small.

Re:Well duh (1)

rwa2 (4391) | more than 3 years ago | (#35290308)

Meh, NYC and LA mostly consist of illegal immigrants / permanent residents anyway. Right? :-P

A lot of the numbers eventually get reused when geezers croak as well... I realize we're not too many generations into it, but seems like that should make things complicated soon.

Re:Well duh (1)

wwwillem (253720) | more than 3 years ago | (#35290226)

.... do use a primary key of Lastname + birthdate, and then verify secondly with address or first name ....

Which makes me remember what happened to me ten years ago. "Just of the Boat" :-) in Canada I signed up for my companies healthcare. Got a first dental claim cheque but it had on it the wrong company name. Called the insurance guys and, long story short, there was another guy in Canada with the same last name (which is a weird Dutch one "Van Schatter", not your "Smith" or "Johnson") but also the same birthdate. Which is pretty rare, but he also had the same first name (again, not "Joe" or "Brian"), now that becomes creepy. OK, the address was different.......

Re:Well duh (0)

SudoGhost (1779150) | more than 3 years ago | (#35290382)

On a slightly off note, on June 25, 2011, they plan to do away the geographical connection between the place of birth and the first three digits. One less thing, I guess. In this instance it would make this 'guessing the first five digits' much, much harder, if not impossible. http://www.socialsecurity.gov/employer/randomization.html [socialsecurity.gov]

Re:Well duh (1)

Anne_Nonymous (313852) | more than 3 years ago | (#35290256)

>> SSNs contain demographic data about where and when somebody is born.

Actually, it's where the SSN was issued, not necessarily where a person was born. SSN isn't *required* for years after birth.

libya is not on the 'edge of civil war' (-1)

Anonymous Coward | more than 3 years ago | (#35289894)

it's a massacre of civilians by one of our 'allies'.

Kids shouldnt even have SSI numbers (1, Interesting)

commodore6502 (1981532) | more than 3 years ago | (#35289902)

They aren't working. They aren't earning money, therefore they aren't depositing cash into an SSI account yet. Not until the kid starts working (age 16; 18; whatever) do they need to apply for an SSN.

Re:Kids shouldnt even have SSI numbers (4, Informative)

olsmeister (1488789) | more than 3 years ago | (#35289932)

They need to have SSN numbers as children so that they may be claimed as tax deductions by their parents.

Re:Kids shouldnt even have SSI numbers (-1)

commodore6502 (1981532) | more than 3 years ago | (#35290116)

>>>may be claimed as tax deductions

My parents claimed ME and my two nieces on tax returns, and we didn't get SSNs until we were 16 (i.e. when we started working). So your claim is false.

Re:Kids shouldnt even have SSI numbers (1)

olsmeister (1488789) | more than 3 years ago | (#35290190)

I think that used to be true, but they've tinkered with things [wikipedia.org] .

Re:Kids shouldnt even have SSI numbers (3, Informative)

corbettw (214229) | more than 3 years ago | (#35290214)

Same with my parents...in the 70s and 80s. But guess what? I need my kids' SSNs to claim them as dependents now, starting in the late 90s. So your premise that laws never change is flawed, therefore your conclusion that olsmeister's claim is false is flat-out wrong.

Re:Kids shouldnt even have SSI numbers (1)

celticryan (887773) | more than 3 years ago | (#35290264)

>>>may be claimed as tax deductions

My parents claimed ME and my two nieces on tax returns, and we didn't get SSNs until we were 16 (i.e. when we started working). So your claim is false.

You're right, because nothing could have possibly changed since were a kid... Take a look at http://www.irs.gov/publications/p17/ch01.html#en_US_2010_publink1000170567 [irs.gov] Specifically:

Dependent's social security number. You must provide the SSN of each dependent you claim, regardless of the dependent's age. This requirement applies to all dependents (not just your children) claimed on your tax return.

Re:Kids shouldnt even have SSI numbers (0)

jggimi (1279324) | more than 3 years ago | (#35290266)

Your assumption is incorrect. Go read a Form 1040 from any recent year. SSNs or ITINs are required for claimed dependents. Laws and regulations are subject to change. Reality shifts.

Re:Kids shouldnt even have SSI numbers (0)

Anonymous Coward | more than 3 years ago | (#35290468)

Which is the real issue.

Why not lower taxes instead of special exceptions?

Re:Kids shouldnt even have SSI numbers (0)

nschubach (922175) | more than 3 years ago | (#35289944)

I'm sure it's not the kids... I had a SSN before I knew what it was, that it existed, or knew that I existed.

Re:Kids shouldnt even have SSI numbers (1, Informative)

cranky_chemist (1592441) | more than 3 years ago | (#35289954)

The IRS takes different view.

Kids have SSN numbers to prevent unscrupulous parents from conjuring dependents out of thin air for the tax breaks. It also stops more than one person from claiming the same child as a dependent.

If not a SSN, the IRS would still have to issue every child a unique identifier. Why reinvent the wheel?

Re:Kids shouldnt even have SSI numbers (0)

sunking2 (521698) | more than 3 years ago | (#35290340)

Not entirely true. If you don't mind having a giant red flagged waved when it comes time to audit people you don't need to provide a SSN.

Re:Kids shouldnt even have SSI numbers (0)

Anonymous Coward | more than 3 years ago | (#35290506)

SSN is far from unique.

Re:Kids shouldnt even have SSI numbers (0)

celticryan (887773) | more than 3 years ago | (#35289968)

Unless you want to get that tax break from having a kid. Then you do need a SSN for them...

Re:Kids shouldnt even have SSI numbers (2)

clorkster (1996844) | more than 3 years ago | (#35290070)

"The Tax Reform Act of 1986 required parents to list Social Security numbers for each dependent over the age of 5 for whom the parent wanted to claim a tax deduction. Before this act, parents claiming tax deductions were on the honor system not to lie about the number of children they supported. During the first year, this anti-fraud change resulted in seven million fewer minor dependents being claimed, nearly all of which are believed to have involved either children that never existed, or tax deductions improperly claimed by non-custodial parents." (wikipedia [wikipedia.org] )

Aside from creating yet another federal identification number, this seems a reasonable argument for the age of taxing everything.

Re:Kids shouldnt even have SSI numbers (0)

commodore6502 (1981532) | more than 3 years ago | (#35290174)

It also takes-away the kid's right to Refuse to participate in SSI. (Yes you can choose not to join the Social Security program, as many self-employed persons do.)

Re:Kids shouldnt even have SSI numbers (1)

clorkster (1996844) | more than 3 years ago | (#35290366)

Would the context of this story be any different if "SSN" were changed to "TID"? I'm pretty sure you can't legally opt out of that.

Re:Kids shouldnt even have SSI numbers (2)

MightyYar (622222) | more than 3 years ago | (#35290204)

Not until the kid starts working (age 16; 18; whatever) do they need to apply for an SSN.

PLEASE don't fight this... the last thing I need is another government-issued ID number for my whole family. Let the IRS re-use the number given by the SSA. I already have a passport number, a drivers license number, and a social security number for every member of the family.

Re:Kids shouldnt even have SSI numbers (1)

Minwee (522556) | more than 3 years ago | (#35290352)

But the sooner they have their number assigned, the sooner it can be tattooed onto their hand and forehead.

Re:Kids shouldnt even have SSI numbers (2)

Anonymous Psychopath (18031) | more than 3 years ago | (#35290540)

They aren't working. They aren't earning money, therefore they aren't depositing cash into an SSI account yet. Not until the kid starts working (age 16; 18; whatever) do they need to apply for an SSN.

They need one if you want to set up a 529 education investment account, or if you want to claim the deduction on your tax returns. They also need one for a bank account, and kids should learn about managing money as early as possible.

Motto: "Don't Be Evil" (2, Insightful)

jgtg32a (1173373) | more than 3 years ago | (#35289946)

My general approach to life is to assume that any and all corporations will screw me over for a buck, and all advertisements are 75% distraction from the 20% lies and 5% facts.

I was largely indifferent to Google (I only switched from Yahoo because the page loaded faster), but when I heard that their motto was "don't be evil." I started to think that they most likely are evil, and are simply biding their time.

It's ridiculous that SSNs should be sensitive info (5, Insightful)

water-vole (1183257) | more than 3 years ago | (#35289958)

The problem isn't with google for collecting social security numbers. The problem is that SSNs are so sensitive in the US. I live in Sweden and here social security numbers are a matter of public record and many companies collect these numbers from their customers for their databases. It's quite convenient and, if done right, not as privacy infringing as people seem to think. It's quite ridiculous to have, like the US, a system where you can impersonate someone by knowing their number.

Re:It's ridiculous that SSNs should be sensitive i (2, Interesting)

drinkypoo (153816) | more than 3 years ago | (#35289992)

While your points are well-taken, complaining that it's really the government's fault when google collects information which could be harmful to you is like saying that it's really god's fault when someone shoots you to death because he declared that impacts from high-velocity masses shall rearrange your internal organs.

Re:It's ridiculous that SSNs should be sensitive i (0)

Anonymous Coward | more than 3 years ago | (#35290028)

That's so true. Same applies to fingerprints .. and soon to DNA as well.

Re:It's ridiculous that SSNs should be sensitive i (5, Interesting)

Sockatume (732728) | more than 3 years ago | (#35290078)

I don't know how the US got this meme that knowing your SSN somehow proved your identity. Of course once that meme has developed and companies start using the SSN as a password, people become very protective of their SSNs, and the idea that it's a special number that requires protection becomes self-reinforcing.

Re:It's ridiculous that SSNs should be sensitive i (0)

Anonymous Coward | more than 3 years ago | (#35290464)

The US has for most of it's history had "Can't hack it in your homeland? come to America, where the bar is low!" as it's recruiting slogan. It shouldn't be that surprising that we've got some pretty messed up social policy.

Re:It's ridiculous that SSNs should be sensitive i (0)

Anonymous Coward | more than 3 years ago | (#35290550)

So whats your SSN?

Re:It's ridiculous that SSNs should be sensitive i (0)

Anonymous Coward | more than 3 years ago | (#35290090)

Agreed.

SSN's became identical with credit score id number.

Credit Score is pretty meaningless these days. Perhaps for that first mortgage.... otherwise credit means "Do you pay your late fees?" "How much do you earn?" and "What BIG things do you own already?" Where is credit worthyness in that?

Oh No! (1)

PurpleCarrot (892888) | more than 3 years ago | (#35290004)

Because only Google could figure out that SSNs are sequential, follow a known formula, and can generally be figured out with the last 4 digits and the location and date of birth. Sooo Scary! To think that SSNs are in any way a secure identifier is to be naive.

Re:Oh No! (5, Insightful)

boarder8925 (714555) | more than 3 years ago | (#35290104)

And yet the government, banks, corporations, etc. all require you to provide it because they assume it to be secure. Or rather, because they convince us SSNs are secure, all while knowing they're not.

Why do they have to be citizens? (2)

celticryan (887773) | more than 3 years ago | (#35290010)

Making citizenship of the US a requirement for the contest is just stupid. I scanned briefly through their rules posted online - I couldn't really find an answer. Seems to create a lot more work for Google. Unless of course it was all a ruse to get your kids SSN... MUHAHAHHAHAHAAHA!

Re:Why do they have to be citizens? (2)

Sockatume (732728) | more than 3 years ago | (#35290056)

Legal issues pertaining to competitions, basically. You'll find that most contests run by US companies limit entry to residents of the United States and, sometimes, Canada.

Re:Why do they have to be citizens? (1)

Yvan256 (722131) | more than 3 years ago | (#35290542)

And thanks to our over-protective Loto-Quebec government branch, most contests available in the USA and even in Canada aren't available for Quebec residents. Never mind the requirements about bilingual informations and rules, I've heard that they require you to submit something like 10% of the prize to them as a security deposit until the contest is over, that any legal problem has to be ruled in Quebec, etc. That's why it's always "All provinces except Quebec", it's just too much trouble.

mynuts won; when the rats start jumping ship (-1)

Anonymous Coward | more than 3 years ago | (#35290080)

you can bet your future the 'surface' is near. all of the millions of babies who get to keep their limbs/stay alive/begin to thrive, will thank you, & you'll know it. the ones that didn't make it....? have we learned anything yet?

Ignorance is NOT bliss (2)

hyades1 (1149581) | more than 3 years ago | (#35290082)

This is genuinely loathsome, and yet more proof that ignorance is no excuse when a parent offers up private informatioÂn about their children.

Let's be clear: You have no right to give up ANY private informatioÂn about your children without making very, very sure there's a good reason to do so, and that such information will be used within explicit, clearly defined limits. When your children are adults, they'll have to live with decisions you make about them now. That's especially true of informatioÂn that will allow interested parties who DO NOT have your child's best interests at heart to assemble a profile on them and target them every minute of their lives.

SSN is stupid anyway. (1)

unity100 (970058) | more than 3 years ago | (#35290092)

even contemplating that ssns could be used to identify people uniquely online was stupid from the start. think - its just a number. its not something encrypted or else. its a plain number that is constructed according to a particular algorithm. any half decent person intent on abusing it could eventually discover that algorithm by running tests and trials with crappy software. this goes for all kinds of such number schemes.

actually, anything that can be read in a digital environment, can easily be faked/duped in the same digital environment. there is no remedying this. think - even the paper documents were faked at large before digital age.

How else do you uniquely identify USAsians? (0)

drinkypoo (153816) | more than 3 years ago | (#35290098)

Seriously, you can't use state ID numbers because they are even more prone to change. You can't use names because they're not unique and they change. You can't use biometrics because you can't. :) So what are you going to use to uniquely identify people? Death and taxes -> taxpayer ID until death.

Re:How else do you uniquely identify USAsians? (1)

w_dragon (1802458) | more than 3 years ago | (#35290250)

Yes, but it should be unique ID for the government *only*. If someone wants to impersonate me to pay my taxes I'm not nearly as concerned as when they try to impersonate me to get a bunch of credit cards and trash my credit record. Make them public and make it possible to sue banks and credit reporting agencies for fraud if they allow someone else to open accounts as you based on name, DOB, and SSN alone.

Another conspiracy blog on Slashdot (5, Insightful)

Posting=!Working (197779) | more than 3 years ago | (#35290110)

I'm not much of a conspiracy theorist by disposition, but doesn't "these last 4 digits were not entered into our records and will be safely discarded," sound like a contradiction? (How can they delete something that is not in their records?)

It's not a contradiction to anyone who can understand the word "discarded" in relation to paper forms does not mean deletion of a file on a computer.

Also, this article was written 4 days AFTER Google had already changed the form to not have the SSN. This is even mentioned in the article body.

Yeah, I know it's on Huffington, but that crap doesn't qualify as a news article. Calling it a blog is doing it a favor, calling it a lunatic rant about a problem that's already taken care of would be more accurate.

Wow, this guy is over the top. (5, Insightful)

HeckRuler (1369601) | more than 3 years ago | (#35290140)

I mean, I understand the driving force behind a demographic's distrust of Google. They're a giant corporate information broker that lures people to simply hand over their data by providing free services. In certain distopian future sci-fi novels, that would be a nifty plot.

But I can literally taste the tin foil on this guy's head. The little nutter gave me synesthesia. I think Its mostly his tone of voice. The way he's simply incredulous about the possibilities, with nothing to show for it.

1.) I'm not much of a conspiracy theorist by disposition, but...

Hey, I think I spotted where he became a conspiracy nutcase.

Are these posts here to show us how evil Google has become to to show us how nutty the "google is evil" crowd has become? Because despite the title, I'm leaning with the latter.

Of course! The principle of explosion (2)

mrjb (547783) | more than 3 years ago | (#35290142)

When they have the 4 last digits of the SSN, they just apply the principle of explosion [xkcd.com] to derive the rest.

Sheeple parents (1)

tibit (1762298) | more than 3 years ago | (#35290144)

What kind of a genius must one be to divulge something just because someone asks nicely? It's like social engineering without the 'engineering' part. I routinely give randomly generated [keepass.info] answers to various privacy invading "security" questions on bank sites: it's none of their damn business what is the name of my first girlfriend. On pretty much every non-governmental, non-credit-related form, I always use a made up number when asked for the SSN. They are too lazy to figure out what artificial keys are? I give them one.

Stupid parents give out their kids' SSN numbers without thinking. What's new? Google isn't really to blame, I don't think.

Statistical Significance (3, Informative)

Nailer235 (1822054) | more than 3 years ago | (#35290148)

This Ars Technica article (linked below) is a good summary on how the first five numbers can be determined. Apparently for persons born after 1988 (note that here we are dealing with a children's art contest, so this will likely be the case), the number can be accurately guessed 44% of the time if you know the date/place of birth. The odds vary by region - some states the first five digits can be guessed 90% of the time. http://arstechnica.com/tech-policy/news/2009/07/social-insecurity-numbers-open-to-hacking.ars [arstechnica.com]

"I'm not much of a conspiracy theorist" (0)

Vernes (720223) | more than 3 years ago | (#35290150)

I'm not much of a conspiracy theorist by disposition, but doesn't "these last 4 digits were not entered into our records and will be safely discarded," sound like a contradiction? (How can they delete something that is not in their records?)
I'm glad you asked Bob, and the answer is quite simple through this demonstration.
What we have here Bob, is an Parental Consent form. As you can see it does indeed
contain the 4 SSN digits. What we are going to do next is pivotal.
What we are going to do next is shoving the form, made from paper, into your big mouth.
And after we managed to shove it down your gullet, your stomach acids will render the data useless.
That's right Bob, paper forms need to be entered into systems. They do not enter themselves.

tin-foil hat paranoia (2)

sribe (304414) | more than 3 years ago | (#35290182)

Yeah, I read that article last night:

1) Just because google could use the other info the guess at the first 5 digits of ss #s, and according to some professors somewhere, get almost 10% of them right, certainly does not mean that was what google was going to do. For identity theft, nearly 10% right is great. For any other use, more than 90% wrong is pretty awful.

2) The author does not seem to realize that full name & birth date are not even close to uniquely identifying children. In fact, even full name, birth date, and city is likely to have a few collisions. When Timmy Jones wins a prize, they might need to know which Timmy Jones.

SSN was a bad choice, precisely because people should be protective of it; they should have gone with some other info. But last four of SSN is a default used in all sorts of situations, so somebody picked that common bit of info without thinking about it too much. That's all. No grand conspiracy. No attempt, I'm sure, to take last four and derive the other 5.

Do Not Read TFA - Huffington Post (3, Informative)

killfixx (148785) | more than 3 years ago | (#35290186)

The Huffington Post does not pay the authors of their stories. They are owned by Arianna Huffington, [wikipedia.org] new owner of AOL.

Evil...

Done...

Obligatory XKCD (2)

scorp1us (235526) | more than 3 years ago | (#35290200)

792 - 'Password Reuse" [xkcd.com]

While not a password, this kind of "opportunistic data gathering" adds up. Digital records remain for ever. Next week ask for the first 5.
Then join them later. But the first 5 aren't needed if you know birth year and region.

Why can't we make a security token out of an MD5 sum the SSN with trailing garbage text (to prevent a dictionary attack - say a GUID which would identify the use of this security token) and use that? GUID is chosen by the SSN holder, so the host cannot dictionary attack its own participants.

Kids' (2)

immakiku (777365) | more than 3 years ago | (#35290248)

Was anyone else bothered that the summary and headline didn't read Kids', but instead read Kid's?

Re:Kids' (0)

Anonymous Coward | more than 3 years ago | (#35290316)

Not if you only have 1 kid.

SSN v6 (2, Funny)

Anonymous Coward | more than 3 years ago | (#35290252)

They are running out of SSN's and will now implement v6. It will look something like this; wh47:0th3:f0ck:00is:g01n:00on:0n0w:dud3

Selective Service for the next generation (2)

AHuxley (892839) | more than 3 years ago | (#35290254)

You would think the post Vietnam generation recalls where data like this can end up in bulk, for profit and in a very uniquely identified way for the US gov.
http://en.wikipedia.org/wiki/Farrell's_Ice_Cream_Parlour [wikipedia.org]
But dont worry, Google only has links with the NSA and they only like data outside the USA...

Trolling article is trolling. (2)

TimHunter (174406) | more than 3 years ago | (#35290300)

The entire article is a ridiculous troll for hits from the newly-popular "anti-Google" crowd.

[A] person's city of birth and year of birth can be used to make a statistical guess about the first five digits of his/her social security number. Then, if you can somehow obtain those last four SSN digits explicitly -- voila, you've unlocked countless troves of personal information...

No, you don't have "troves of personal information." That's hyperbole. You've got a statistical guess about the demographics of the children who enter the contest. You simply can't go from a statistical guess+the last 4 digits of the SS number to personal information about a particular individual.

As a thought experiment though, suppose Google could. Suppose Google could look take "4321" and "Schenectady, NY" and come up with "little 5 year old Jimmy Smith at 1 Second Ave." What are they going to do with this information? Take out a mortgage in his name?

Finally, now Google has removed the requirement. Poof. The imaginary problem now has even less basis, so let's all stop crying "whaaaa...Google is teh evil" and move on to something important. Fer cryin' out loud, somewhere out there Apple is selling shiny toys to hipsters. THIS MUST BE STOPPED!

how dare Google (2)

doperative (1958782) | more than 3 years ago | (#35290304)

How dare Google organize a contest where mature adults can choose to not enter their children in a contest !!!!!

Why treat SSN as a secret authentication factor? (4, Insightful)

PSaltyDS (467134) | more than 3 years ago | (#35290482)

It gets my blood pressure up a bit every time I read about "revealing" someone's SSN as having penetrated an inner sanctum. The password-secret treatment of that number needs to be dropped. It's time for legislation in the US that makes it invalid and indefensible in court to treat knowledge of an SSN as an authentication factor. Any organization that treats knowledge of the SSN as an authentication factor should be fully liable for the consequences of any fraud that results.

Note I'm talking about authentication, not identification. Nobody thinks Google shouldn't be able to identify the contestants, and an SSN is more unique than names. The problem only comes from the ability to use that number as a "password" to authenticate for access to things (like bank accounts). Treating the SSN as a "username" would not cause the problem; it's using it as an authenticating secret despite the fact that it's easily accessible that makes revealing it a terrible security lapse.

Knowing your SSN should be no more helpful to a fraudster than knowing your full name or hair color. It should be treated as information too readily available to be of any use for authentication. Reliance on that kind of information for authentication should be evidence of failure in due diligence, and lead to liability for that inappropriate reliance. If your bank lets someone take all the money out of your account just because they know your full name they should be liable. If they do just because they knew your SSN it should be treated the same way.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>