Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Congress To Restrict Social Security Number Use

Zonk posted more than 8 years ago | from the they're-not-toys-you-know dept.

280

diverge_s writes "News.com.com has an article detailing a long overdue attempt Congress is making to restrict the use of Social Security Numbers. From the article: 'In both the House and the Senate, there are at least three pieces of pending legislation that propose different approaches to restricting the use and sale of SSNs. Politicians have expressed astonishment at what they see as a rising identity fraud problem, frequently pointing to a 2003 Federal Trade Commission survey that estimated nearly 10 million consumers are hit by such intrusions each year.'"

cancel ×

280 comments

Band-aid on a gunshot wound. (5, Insightful)

TripMaster Monkey (862126) | more than 8 years ago | (#15318356)


All the proposals mentioned in the article are merely band-aids on a system that is fundamentally broken. Any competently designed identification system consists of two parts: the public identifier, and the private key. The problem with SSNs is that you have a system where one number is simultaneously the public and private parts of the system, which dooms it to failure every time.

Making new rules limiting the sale and purchase of SSNs, or restricting the display of SSNs on reports, is just closing the barn door after the hore has already left.

CORRECTION! (-1, Troll)

TripMaster Monkey (862126) | more than 8 years ago | (#15318387)


Bwah ha ha ha!

'hore' ought to be 'horse'.... ^_^

Re:CORRECTION! (0, Offtopic)

idontgno (624372) | more than 8 years ago | (#15318526)

Is that you, Sigmund? [wikipedia.org]

Re:CORRECTION! (0, Offtopic)

mkw87 (860289) | more than 8 years ago | (#15318732)

'hore' made it sound better anyways

Re:CORRECTION! (0, Offtopic)

spamking (967666) | more than 8 years ago | (#15318741)

Yep . . . funnier too.

Re:Band-aid on a gunshot wound. (0)

Anonymous Coward | more than 8 years ago | (#15318391)

Making new rules limiting the sale and purchase of SSNs, or restricting the display of SSNs on reports, is just closing the barn door after the hore has already left.
Sounds like I'd have a hell of a time in one of your barns, Trip Master Monkey.

Re:Band-aid on a gunshot wound. (0)

Anonymous Coward | more than 8 years ago | (#15318438)

One of the best things they SHOULD do is to restrict companies from exporting/shipping/moving SSN anyplace outside of the borders of the US.
Do you want that tech support person in Inida, China, or other unregulated country access to your SSN, credit file, medical files, etc?

Re:Band-aid on a gunshot wound. (4, Insightful)

Billosaur (927319) | more than 8 years ago | (#15318464)

All the proposals mentioned in the article are merely band-aids on a system that is fundamentally broken. Any competently designed identification system consists of two parts: the public identifier, and the private key. The problem with SSNs is that you have a system where one number is simultaneously the public and private parts of the system, which dooms it to failure every time.

From the article: The SSN hasn't always had such broad applications. Back in 1935, Congress first directed the Social Security Administration to develop an accounting system to track payments to the fund. Out of that mandate came a unique identifier that has ultimately found applications in everything from issuing food stamps to tracking down money launderers.

This is what happens in the modern age, when previous devices are outstripped by new uses for them. The SSN number started out as simply an identifier for the purposes of calculating benefits and recording taxes. It has turned into a universal identifier, but has not fundamentally changed at all. It's very easy to forge a Social Security card, and the accessibility of SSN data tied to all sorts of other information makes it far too easy to compromise.

As an aside, other than the fact it doesn't contain a photo, the SS card is pretty much a national id card.

Re:Band-aid on a gunshot wound. (1)

IsThisNickTaken (555227) | more than 8 years ago | (#15318739)

National ID card? When was the last time you have had to show some your SS card? I know they can be easily forged these days but why bother. You just need to rattle off the digits when asked.

Re:Band-aid on a gunshot wound. (1)

Qzukk (229616) | more than 8 years ago | (#15318845)

the SS card is pretty much a national id card.

Which it does a pretty crappy job of being, since the numbers are recycled.

Re:Band-aid on a gunshot wound. (2, Interesting)

rjune (123157) | more than 8 years ago | (#15318498)

You are correct in the the system is totally broken, and needs to be revamped. However, the first step in the process to fix things is to stop the universal use of the Social Security number because it is so convenient. You should not have to reveal such an important piece of data for a grocery store discount card.

Re:Band-aid on a gunshot wound. (1, Informative)

Anonymous Coward | more than 8 years ago | (#15318902)

I don't. I give them 9 random digits.

Re:Band-aid on a gunshot wound. (1, Funny)

Anonymous Coward | more than 8 years ago | (#15318572)

It didn't help that the whole public/private key system was developed 40 years after the SSA.

Re:Band-aid on a gunshot wound. (1)

plague3106 (71849) | more than 8 years ago | (#15318651)

One of the bills would require that companies can't refuse business with someone that doesn't provide the SSN. I would hope that it would prohibit companies from putting more burdens on people that do so.

I would love to see a bill as simple as that in place; why do you need to give you SSN for a fucking cell phone?

Re:Band-aid on a gunshot wound. (1)

Xichekolas (908635) | more than 8 years ago | (#15318766)

Usually they use it to run credit checks. The people that pick dumb plans and have $150 bills every month tend to not be able to afford it... and tend to go bankrupt or never pay.

But yeah, I agree, they don't need it. Have them look me up some other way.

Re:Band-aid on a gunshot wound. (5, Interesting)

Gonarat (177568) | more than 8 years ago | (#15318658)

Exactly. It shouldn't matter if I know your SSN. There should be a private key part of the equation required for a transaction that requires an SSN to take place. This token should be a pass phrase, not just a password or PIN. Verification can be done electronically by the Social Security Administration.


For example, if I sign up for a credit card, the application would not be processed until I give my valid pass phrase and it was verified. This way, someone could find out my SSN, date of birth, Mother's maiden name, shoe size, or whatever else, but could not do anything with it without knowing my pass phrase. Credit cards themselves should at least require a PIN to complete a transaction. This could be done without a major overhaul of the financial network -- the ISO 8583 specs supports PINs.


You could support several pass-phrases. One pass phrase would be for applying for credit and such, giving a Bank or Credit institution this pass phrase would allow them to not only access your credit report, but would give them authorization to update it as they do today. A second pass phrase could be given to just allow read access to a credit report. This could be used for your own access, access by landlords, or any other situation where you need to give out that information without giving the ability to update it. One time use read pass phrases could even be supported. Pass phrases could be changed by visiting the Social Security Office or online. Any forgotten pass phrases would require a visit to the Social Security Office.


A system like this would massively cut down on fraud and identity theft without too massive of a change to the current system flow.


 

Re:Band-aid on a gunshot wound. (4, Interesting)

Alex P Keaton in da (882660) | more than 8 years ago | (#15318670)

Um- do we really need legislation to restrict use of SSNs? I thought that the law already said that SSNs are only for, well, social security... Why dont we enforce laws before making up new ones?
I went to a state University for 2 years before transferring to a private one. At the state school everything was all about the SSN. One every test, you had to put your SSN...

Re:Band-aid on a gunshot wound. (1)

sconeu (64226) | more than 8 years ago | (#15318781)

Ages ago, when I went to wustl.edu (1980-82), the student ID was your SSN.

Re:Band-aid on a gunshot wound. (0)

Anonymous Coward | more than 8 years ago | (#15318881)

Purdue had SSNs on the student ID when I started in 1990. Exam scores and final grades were often posted with the lookup key being the last 4 digits of your SSN.

Re:Band-aid on a gunshot wound. (1)

iamlucky13 (795185) | more than 8 years ago | (#15318776)

There seems to be a huge amount of misunderstanding about the law regarding the use of SSN's. It is a violation of federal law to require a person to submit their SSN for anything other than certain finance related purposes (actually that's a pretty big and unfortunately hazy list, but one that is far smaller than businesses respect). I think it is legal for anyone to request it, but probably 90% of the time they have no basis for requiring it.

FIRST! (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15318359)

FIRST!

Of course they want to restrict SSN# (-1, Offtopic)

Rahga (13479) | more than 8 years ago | (#15318375)

How else did you think they'd justify injecting RFID tags into our heads?

Re:Of course they want to restrict SSN# (2, Funny)

doppe1 (856394) | more than 8 years ago | (#15318594)

How else did you think they'd justify injecting RFID tags into our heads?

What, they haven't started this already ?

I just pulled out my teeth.

No Significance (1)

Cliff.Braun (825786) | more than 8 years ago | (#15318384)

Unless they are providing some other way to authenticate people when they sign up for a service this doesn't seem to me like it will do much. Now I didn't RTFA, but if it's restricting who can ask for the SSN or something like that then whomever needs to verify your identity will simply have to get a different bit of it, and then the SSN is no longer as significant. After all, who wants to pay your taxes?

Re:No Significance (3, Interesting)

pla (258480) | more than 8 years ago | (#15318795)

Unless they are providing some other way to authenticate people when they sign up for a service this doesn't seem to me like it will do much.

You mean something like "assign a pseudorandom 20-digit account number"? Yeah, real challenge there


After all, who wants to pay your taxes?

The problem here directly relates to that answer - No one.

You should ONLY ever need to give your SS# for the purpose of reporting taxable income to the SSA. Period. End of valid reasons.

You should not need it on your driver's license, you should not need it on non-interest-bearing financial accounts such as credit cards or most checking accounts. You should not need to give it to the phone, cable, gas, and electric companies. You shouldn't even need to give it to the town/city or possibly even the state (though, as far as the state goes, since the IRS disgustingly considers the state giving me back the excess of my withheld taxes as "income", they've done a definitional end-run around that exception). You shouldn't need to give it to your university if you don't receive any fincial aid. You shouldn't need to give it to your insurance company, since they only reimburse you for losses. You shouldn't need to give it to your doctor or pharmacist. You shouldn't need it on your marriage license (though again, we have a definitional end-run by the government for that one, by having special tax rules for married couples).



Personally, I find it telling that politicians "expressed astonishment" that every company and their dog asks for your SS#. How the hell do these guys live in the modern world? Do they actually have servant even for such rare tasks as signing up for a new long distance carrier or ISP? And can someone even legally let a servant sign up for credit cards or mortgages?

We need these assclowns out of office ASAP, and a maximum allowable income and assets cap for any future officeholders. Have over half a million in capital or make over 100k per year? See ya.

And NO... MORE... LAWYERS!

Re:No Significance (1)

lazarusdishwasher (968525) | more than 8 years ago | (#15318903)

I think I have figured out the plan.

The way I see it this explains why vista is taking so long.

Microsoft in an effort to show off the advancements they have made are going to give the goverment a copy of longhorn to put on one of the spare computers they have. The goverment will then create a user account for everybody in the country and force every company to join in the giant active directory structure. In the future if you need authenticated you give them your social security numer and then they will hand you a keyboard to type in your user name and password. This would also eliminate the need for cash, credit cards, and checks because all of your information would be stored in your roaming profile.

Microsoft was able to sell this plan because 90% percent of computers already run windows, so the computers are already there.
You would also get the advantage of the windows firewall and anti-malware programs to prevent anything from going wrong.

The goverment would also have to ban linux because anybody trying to reverse engineer the protocol is obviously trying to steal everyone's identity.

Start with the Banks (2, Interesting)

cwalk (899502) | more than 8 years ago | (#15318407)

Banks are the biggest culprits. Your account number is often your SSN. Therefore, if criminals get a hold of your bank statements, they can usually ascertain your SSN.

Re:Start with the Banks (1)

Thud457 (234763) | more than 8 years ago | (#15318467)

I thought that it was Federal regulation from back to the 70's at least that SSN's were NOT to be used for any other purpose othere than identification for SS.

I remember in college in the 80's that the university used student's SSNs as their student number.

And many state DMVs (WHO SHOULD KNOW BETTER) seem to use the same faulty practice.


It's too late to fix the current system. We're all gonna have to line up to get the chip in the head with the secret bonus explosive charge as seen in the book of revelations and MI:III.

Re:Start with the Banks (1)

voice_of_all_reason (926702) | more than 8 years ago | (#15318579)

I remember in college in the 80's that the university used student's SSNs as their student number.

In the 80s? St Johns in New York was still doing this when I left in 2004.

Re:Start with the Banks (0)

Anonymous Coward | more than 8 years ago | (#15318625)

My former employer designed some software for a state college. The lead sales manager called the school and asked for some test data. The school sent their entire enrolled student body's information including the student's name, addy, phone number, parent's names and addy's.

And everyone was all worried about 'hackers' breaking in to systems in a Chicago college when a college in CT was sending it out VIA EMAIL!

Your account number is *not* your SSN (1)

Peter Simpson (112887) | more than 8 years ago | (#15318540)

No, it isn't. I'm not sure where you bank, but I have never banked anywhere that used my SSN as the account number. How would you have more than one account?

My SSN is *on* my account records (how else would they file interest gains with the IRS?), but it is not the account number

Re:Your account number is *not* your SSN (1)

955301 (209856) | more than 8 years ago | (#15318644)

They put a -1, -2 on the end.

University of Florida did this with their stupid student loan system. One of the loads was with Sallie Mae. Sallie Mae outsourced their call centers to India.

I got into an argument with an Indian for refusing to give my number to a foreign national. I told them to pick something else to verify. They kept refusing. Eventually, I got my way.

Re:Your account number is *not* your SSN (1)

cwalk (899502) | more than 8 years ago | (#15318698)

While it is true that officially your account number is not your SSN, often times the two are used interchangeably. I bank with Chase, and I am prompted for my SSN every time I want to bank over the phone. Furthermore, I am required to use my SSN whenever I want to online bank. The bottom line is that banks use your SSN more often then they should.

Re:Your account number is *not* your SSN (0)

Anonymous Coward | more than 8 years ago | (#15318901)

The SSN may be used to verify your identity, but it is not used as or in place of your account number. Yes, you often have to provide the SSN when you call in to verify that it is you, but it is not used as an account number. This is why the SSN is usually not written on the statements you receive - that would be really stupid. Then, if somebody picks up your statement they have both your account number and your SSN to verify your identity.

Re:Start with the Banks (1)

clear_thought_05 (915350) | more than 8 years ago | (#15318879)

You probably should bank elsewhere or better educate yourself. In the last 3 bank accounts I've opened (2 in the last 3 years) none of them used SSN as account number. Everything is delegated to pin numbers or other account numbers. Even more so -- my bank statements do not have my SSN number on them anywhere. I use a Credit Union, a (mega-corporation) online Bank and a regional (to my area of the US) Bank.

Point being, I doubt starting with the banks is proper. Instead start with all the commercial companies that provided services, like cell phones providers or cable company. (Both asked me to verify SSN in the last few months)

shared secret (5, Insightful)

Lord Ender (156273) | more than 8 years ago | (#15318416)

Many companies and government organizations use the SSN as some kind of shared secret for the purposes of establishing identity.

This law wants to prop up this model.

THIS IS A STUPID MODEL.

There are much better ways of establishing identity than using the SSN.

What we need to do is STOP USING SSN TO ESTABLISH IDENTITY!!!

Then it can be public, you can post it wherever you want, and we won't have to deal with the impossible problem of putting the cat back in the bag.

Government issued smartcards, with a simple PKI (and revocation system) would be a perfect method for establishing identity. We need to put the money in to that, not trying to keep some unchangable number secret.

A good example of this: (4, Informative)

Alaren (682568) | more than 8 years ago | (#15318513)

A story:

A few years ago, one of my little sisters (she's almost 20 now) went to get her driver's license. She had her birth certificate and her social security card and all that documentation they demand of you.

After some checking and an inordinately long wait time, the DMV finally informed my sister and father that the social security number was in use by a 60 year old man.

To this day, we don't know if this person was using the number by mistake, or maliciously, or as an illegal immigrant... we just don't know. But my father pointed out that years ago, you didn't need a social security card until you first got a job. Now, in order to claim your children on taxes, you have to get them a social security number. But you wouldn't use that number for anything else... so for 16 to 18 years, there's a largely unmonitored SSN available for fraudulent use. Even this wouldn't be a major problem... except for all of the other stuff your SSN is now used for.

An earlier post was right to call this a band-aid, and not just because of the private/public separation. As you point out, we have out of convenience made SSNs the ultimate in unique identifiers... when all the social security system is really designed to do is keep track of your social security benefits. Credit reporting and record keeping and generally any method that relies on your SSN to identify you is outside of the SS system is tacked on arbitrarily. One of the reasons the SSN system is not designed more securely is that it was never intended to be used as a protection for sensitive data!

Re:A good example of this: (0)

Anonymous Coward | more than 8 years ago | (#15318805)

I believe SSN's have never been guaranteed to be unique. The combination of (Name, SSN) is supposed to be.

Re:A good example of this: (1)

csanford (944712) | more than 8 years ago | (#15318861)

To this day, we don't know if this person was using the number by mistake, or maliciously, or as an illegal immigrant... we just don't know.
Just for the record, the Social Security Administration is known to make the occasional mistake of issuing identical SSNs [whnt.com] . It's pretty rare, but that may have been what happened in your sister's case.

Re:shared secret (1)

MBCook (132727) | more than 8 years ago | (#15318543)

The problem to me is the way they intend to fix this. They'll just give us a new ID number instead of SSN.

So everyone will use the new ID number (NIDN for short from now on) where they used to use the SSN (except for Social Security themselves).

Now people won't steal other people's SSNs.

They'll steal NIDNs instead.

What a fix.

I'm with you. We need a real way to fix this. Combine the NIDN with something that can't be faked easily (finger print into a national database that can not be used by law enforcement by legal restriction) and use that.

It seems to me, worst case scenario, this will end up exactly like SSNs are now so nothing will change.

Re:shared secret (1)

flobberchops (971724) | more than 8 years ago | (#15318569)

Then they will steal their fingerprints you ninney (or worse, fingers :D )

Re:shared secret (1)

garcia (6573) | more than 8 years ago | (#15318552)

Government issued smartcards, with a simple PKI (and revocation system) would be a perfect method for establishing identity.

And a perfect method for bringing us back into the dark ages of freedom. Wear that yellow star proud! You are an American!

Until the time when they start requiring you to use that smart card to start your car, log on to the Internet, pay for your groceries, and make phone calls. All data which will be funneled through the SmartCard Central Database located somewhere deep underground in Nevada.

No thanks.

Re:shared secret (1)

avdp (22065) | more than 8 years ago | (#15318786)

How is the tinfoil hat doing? All nice and shiny?

You are describing the potential abuses by a government for such a system, jumping immediately to the conclusion that if it exists, the government will abuse it. Give me a break - the US government, at last check, regardless of what you think of it, was still elected (and please don't start yet-another-debate about electoral votes).

The truth of the matter, is that the US needs a national id card (and not the de-facto national id card that the Social Security cards is). For a government entity or other institution to be able to tell you are who you say you are is a pretty fundamental need, and very poorly addressed in the USA. Right about every European country has such an ID card, and yet surprisingly enough they're not enslaved to the government and probably have the most stringent privacy laws protecting them than anywhere else in the world. Go figure.
 

Re:shared secret (1)

RM6f9 (825298) | more than 8 years ago | (#15318914)

Given our current government's record of going after everything it can get information-access-wise, all in the name and pious pursuit of "security", can you think they'd do any less in the above instance?

Re:shared secret (1)

voice_of_all_reason (926702) | more than 8 years ago | (#15318638)

Government issued smartcards, with a simple PKI (and revocation system) would be a perfect method for establishing identity.

P1: Government wants smartcards to control citizens.
P2: Public resists

1) Insist they will "solve" a problem that government created in the first place. Make sure to throw in "otherwise, the terrorists win!" at some point.
2) Profit (this works so surprisingly well, they don't even need a third step)

Re:shared secret (2, Informative)

microTodd (240390) | more than 8 years ago | (#15318899)

Government issued smartcards, with a simple PKI (and revocation system) would be a perfect method for establishing identity

But...but...I though National ID cards were a Bad Idea [slashdot.org] ?

But now it seems that this commentBlob thinks they are a Good Idea.

I'm so confused.

I still get all bent out of shape.. (3, Interesting)

bigattichouse (527527) | more than 8 years ago | (#15318423)

I was once reprimanded by an employer for standing my ground on the fact that a badgenumber+SSN was not a good idea for a login id. grumble grumble. I left the place soon after and have never listed it on my resume.

Re:I still get all bent out of shape.. (1)

avdp (22065) | more than 8 years ago | (#15318841)

I don't know how long ago that was, but I think things are changing in that regards. My company also used the SS# in way too many places (it's a convenient primary key on databases) but they're being stripped out of many many such programs and databases. Policies are now in place that you have to jump through some major hoops to be able to use it in your applications/databases (and will almost in all cases be told "no"). I don't know if this was driven by legal requirements, or just (belated) common sense but it's a welcomed change!

They will fix this... (3, Insightful)

Anonymous Coward | more than 8 years ago | (#15318424)

...by requiring the use of a RealID number instead of an SS#. This is how they will force RealID down everyone's throat.

It's About Time (3, Insightful)

BigCheese (47608) | more than 8 years ago | (#15318431)

Go read the article. The proposed legislation sounds reasonable. It should have been done years ago.

Now, what sort of evil riders will be attached?

Re:It's About Time (1)

955301 (209856) | more than 8 years ago | (#15318677)

Now, what sort of evil riders will be attached?

A national ID card perhaps?

Sounds like an election year idea to me (1)

slashjames (789070) | more than 8 years ago | (#15318439)

Anyone want to give odds this legislation gets passed after elections?

Re:Sounds like an election year idea to me (2, Insightful)

Like2Byte (542992) | more than 8 years ago | (#15318504)

Anyone want to give odds this legislation gets passed after elections?

Anyone want to give odds this legislation gets forgotten after elections?

Re:Sounds like an election year idea to me (1)

drdewm (894886) | more than 8 years ago | (#15318921)

Jeb Bush will be your next President and if he's anything like his brother then you can bet they don't want you to be able conceal your identity in any way so having your SSN or a national ID card will come to bare. Heck it might even be a national ID card with your SSN as the identifier.

Repeat after me... (3, Insightful)

GillBates0 (664202) | more than 8 years ago | (#15318457)

A SSN is just a name, a public identifier, or a login username if you will. It is _not_ a password or authentication mechanism (for that matter, neither is my mother's maiden name or street address). Using a SSN+address for authentication is as ridiculous as using a username+IPAddress alone for online banking.

I wonder why more companies/organizations don't realize this, and any step to educate them is a step in the right direction.

Re:Repeat after me... (1)

drpimp (900837) | more than 8 years ago | (#15318580)

Tell that to the people that get their identities jacked and it Ef's up their credit. Not saying that a stolen drivers license wouldn't get you in the same boat. But my university used to use SSN for student ID. They have since 86'd that, but who knows how many places my SSN is floating around on paper because of that. That REALLY doesn't make me that comfortable.

No financial burden for them. (4, Interesting)

khasim (1285) | more than 8 years ago | (#15318673)

I wonder why more companies/organizations don't realize this, and any step to educate them is a step in the right direction.
They do realize it.

They just don't care because the current system minimizes their financial losses by transfering those losses to the individual who has his/her identity "stolen".

Making any changes would cost money which reduces profits.

Any changes that improved the situation could be used to find them responsible when/if their new system is defrauded.

So, fixing the system is, from the individual company's point of view, all loss and no gain.

Re:No financial burden for them. (1)

danpat (119101) | more than 8 years ago | (#15318890)

I've always wondered about this. Has anyone ever sued a financial organisation for failing to properly identify them when performing transactions?

In the case of fraudulent transactions on accounts, IMO, it's the fault of the financial organisations for not properly ensuring that it's the real account holder that is performing the transaction. If someone could set a precendent in law for that, then we might start to see some change (although I have a vague, sinking feeling that all of a sudden we'll all be required to do everything in person and give blood samples...).

Re:Repeat after me... (1)

ClickOnThis (137803) | more than 8 years ago | (#15318920)

A SSN is just a name, a public identifier, or a login username if you will. It is _not_ a password or authentication mechanism (for that matter, neither is my mother's maiden name or street address).

Unfortunately, it is a de facto authentication mechanism when companies use it in combination with other information to determine your unique identity.

Using a SSN+address for authentication is as ridiculous as using a username+IPAddress alone for online banking.

Granted, they're both ridiculous, and I'm not defending the (ab)use of SSNs. However, you're not likely to go to jail if you change your IP address. For better or for worse, the SSN "tattoo" carries the imprimatur of the federal government.

I wonder why more companies/organizations don't realize this, and any step to educate them is a step in the right direction.

Companies and organizations should never have been allowed in the first place to use the SSN as they do. I think many of them started to use SSNs because of their uniqueness and convenience: their customers are "pre-labeled". Others (such as the lending industry) use them to track an individual consumer's behavior across various companies, organizations and transactions.

Of course, now the problem is that there is simly too much information linked to the SSN, and "government-issued" != "confidential". You're right, it should not be used as a password. But that doesn't change the fact that it should never have been used in the first place to link together all of this information about consumers. Adding a password won't really fix that.

No - Really? (2, Interesting)

WeAzElMaN (667859) | more than 8 years ago | (#15318465)

Politicians have expressed astonishment at what they see as a rising identity fraud problem

You don't say. It took them long enough. Apparently MySpace is a bigger threat [slashdot.org] to consumers these days - after all, identity theft has been around longer than SNSs. Give me a break.

Too little too late (2, Funny)

davmoo (63521) | more than 8 years ago | (#15318466)

So far everything Congress is talking about is as effective as trying to put the toothpaste back in the tube.

Re:Too little too late (1)

voice_of_all_reason (926702) | more than 8 years ago | (#15318662)

Good analogy, but I've got a better one from my semester in ROTC...

"Leading a platoon from behind is like trying to push a piece of spaghetti from behind."

Re:Too little too late (1)

ModernGeek (601932) | more than 8 years ago | (#15318773)

and instead of buying a new tube of toothpaste (redoing the system), they will spend billions making a device that will pump the old toothpaste into the old tube.

Restriction already exists (3, Insightful)

WinstonSmith2600 (961157) | more than 8 years ago | (#15318488)

The restriction already exists. If you read the back of your card it says:
        Improper used of this card and/or number by the number holder or any other person is punishable by fine, imprisonment or both.

The only proper use is for access to the social security funds. Which does not include identification for getting a minimart discount card. People at the minimart have no need and no right to the ssn. Unless of course you're employed there.

If you need to use a fake SSN# use this one... (4, Interesting)

i_want_you_to_throw_ (559379) | more than 8 years ago | (#15318497)

078-05-1120

It's a specimen number from the Eisenhower era. No need to give ur correct number to the cable or phone company. They don't need it. Period. Of course it's possible that someone else has used this number already, especialy if you live near me in upstate NY.

Otherwise use the "Fletch" approach on things like your customer loyalty cards. I keep mine under Harry S Truman, Ted Nugent and John Cocktosen. I have started using Igor Stravinsky lately.

Re:If you need to use a fake SSN# use this one... (1)

voice_of_all_reason (926702) | more than 8 years ago | (#15318685)

No need to give ur correct number to the cable or phone company. They don't need it. Period.

Well, duh. That's always been the simplest solution. Unless you're applying to the CIA, a fortune 500 company, or maybe your bank, make it up. I use 123-45-6789 all the time with zero problems.

Re:If you need to use a fake SSN# use this one... (1)

base3 (539820) | more than 8 years ago | (#15318916)

Exactly--the local utility or Blockbuster doesn't have access to the SSA database to validate numbers, and if you're not applying for credit, they don't have any business with it anyway.

Some utilities might try to pull credit and come up with no hit, and perhaps request a deposit. The strategy I use is to just mix up some digits in my own, so I can claim accidental transposition if the place is actually able to verify the number's bogus. Hasn't happened yet.

Re:If you need to use a fake SSN# use this one... (4, Funny)

OctoberSky (888619) | more than 8 years ago | (#15318780)

I go with Peter Lemonjello, sometimes when asked I correct people with "It's Dr. Lemonjello"

Mr... err... Dr. Lemonjello has a Gmail account, a throw away cell phone, and subscriptions to Stuff, Popular Science, and Field & Stream. He now gets credit card offers. He lives in my house yet I have never seen him. H&R Block must think I am sick of him living with me because they are offering him a home loan, good rate too, Peter must have good credit.
He used to get those 9 cds for 1 penny but he got sick of all the associated crap that came along with them.
I reply to all of his mail with the return address labels some Church sent him. He must be religous, I think I might have Dr. Lemonjello ordained so he can conduct marragies through an online church.

Re:If you need to use a fake SSN# use this one... (0)

Anonymous Coward | more than 8 years ago | (#15318896)

But what's he a doctor of? I'm hoping gynaecology.

Re:If you need to use a fake SSN# use this one... (1)

Maxo-Texas (864189) | more than 8 years ago | (#15318854)

My Kroger card is registered to the right honerable Mr. Harry Peter .

Restrictions on "valid" SSNs and SINs (1)

querist (97166) | more than 8 years ago | (#15318869)

US SSN's can't begin with
  000
  666
  729-749
  764-999

validating a Canadian SIN
the process is as follows:

take the SIN (e.g. the one given by Hop: 226-922-896)

Take every other digit and put them into two groups and hold the last digit by itself

group 1 is 2 6 2 8
group 2 is 2 9 2 9
checksum 6

Now add the digits in group 1 ( 2 + 6 + 2 + 8 = 18) and hold this value

Take the digits in group 2 and form a number (2929) and double it ( -> 5858)
Add the digits in this sum ( 5 + 8 + 5 + 8 = 26)

Add this sum to the sum of the digits from group 1 ( 26 + 18 = 44)

Add the check digit to the last digit of this value and you should get 10 (6 + 4 = 10)
Note that if you get a 0 for the last digit then your check digit is also 0.

Re:If you need to use a fake SSN# use this one... (1)

avdp (22065) | more than 8 years ago | (#15318875)

No need to give ur correct number to the cable or phone company. They don't need it.

You can always try anyway. If they don't like what they see (or don't see anything) just be prepared to give them deposits, or possibly (not sure they can do that legally) deny service.

Regarding getting a New SSN... (1)

i_want_you_to_throw_ (559379) | more than 8 years ago | (#15318522)

The Social Security Administration doesn't accept paranoia as a criterion for granting a new card, but it recognizes cultural objections and religious pleas. One stratagem: Contend that your credit has been irrevocably damaged by a number-related snafu, or that you live in fear of a stalker who knows your digits. Once you switch your SSN, never use it. Then use the fake one of 078-05-1120 as mentioned in the previous post.

Just in the nick of time (5, Insightful)

Mouth of Sauron (196971) | more than 8 years ago | (#15318525)

*NOT*

Wait... What's this printed on the back of my Social Security card? "Not to be used for identification purposes."

Having been the victim of identity theft and credit card fraud, I have to say this is probably too little too late. I've had over $20,000 in fraudulent charges made in my name -- items ranging from electronic equipment to beer and gasoline. The Social Security number is already the de facto citizen identification number, even if it is not de jure.

Some culpability lies in the lap of merchant businesses, as well. In one case, a company sent a credit card application issued in my name to an old address. The occupant filled it out and began making purchases. When the bill came due, the collections agency had no problem tracking me down to give notice. In my opinion, this merchant could have been more dilligent, because I had asked them to cancel my account years before this happened. They were certainly dilligent when it came to getting paid.

Re:Just in the nick of time (2, Interesting)

hsmith (818216) | more than 8 years ago | (#15318652)

if you haven't done so already, i highly suggest using the optout program to stop receiving CC offers https://www.optoutprescreen.com/ [optoutprescreen.com]

I did this a year ago and i get no CC offers in the mail AT ALL. it is a great program. it is also 100% legit FTC Gov't Site Explaining Program [ftc.gov]

Re:Just in the nick of time (1)

Mouth of Sauron (196971) | more than 8 years ago | (#15318822)

Hi hsmith,

I've since contacted the major credit bureaus, had flags added to my records that I have been the victim of credit card fraud, and had stops placed in my file such that extension of credit would not be automatic. Such stops are not permanent, however, they are only temporary lasting one year. I also annually request credit reports to see if any lines of credit have been extended in my name.

These are all a bother, but the credit card fraud has stopped.

Re:Just in the nick of time (1)

VAXcat (674775) | more than 8 years ago | (#15318847)

I got mine in the early 60s, and "not for identificattion purposes" used to be printed on the FRONT of the damned thing....

look at the card (1)

lazarusdishwasher (968525) | more than 8 years ago | (#15318532)

I thought that the social security card or the sheet it is attached to had the words not to be used for identification on them.

sombody should inform all of the big corporations that they have made a small mistake and that the social security number is not a means of identifacation for anybody outside of the social security administration.

My Social Security # is 323-80-9292! (0, Troll)

Jizzbug (101250) | more than 8 years ago | (#15318546)

Hey, Congress: Is telling Slashdot my social a restricted use?!

323-80-9292, that's me

I also try to always announce my SS# over the phone when I'm calling friends to purchase quarter ounces of marijuana.

Too Little Too Late (1)

Yez70 (924200) | more than 8 years ago | (#15318561)

Yet another waste of time by our elected morons.

It says "Not for purposes of identification..." (4, Interesting)

dpbsmith (263124) | more than 8 years ago | (#15318622)

...right on the card. Just what is there about "Not for purposes of identification" that is hard for officials to understand?

Of course, when I was in the hospital emergency room and I said I didn't want to give them my social security number, they said they would treat me until I did. I backed down.

When I contacted the social security administration about this, and said "Am I required to give anybody but the government my SSN," their rather unhelpful reply was "No, you're not required to, but the hospital is not required to treat you without it."

I meant, would NOT treat me... (1)

dpbsmith (263124) | more than 8 years ago | (#15318645)

...must... hit... preview... button....

It's actually funnier as written, but of course what the hospital said was that they would not treat me until I gave them my SSN.

Sorry to bring up the obvious... (1)

Spy der Mann (805235) | more than 8 years ago | (#15318682)

But isn't hospital care, by definition, a SOCIAL SECURITY?

Re:It says "Not for purposes of identification..." (2, Informative)

plague3106 (71849) | more than 8 years ago | (#15318740)

Of course, when I was in the hospital emergency room and I said I didn't want to give them my social security number, they said they would treat me until I did. I backed down.

You shouldn't have backed down. ERs are required by law to treat emergant cases.

Those Who Forget History... (3, Informative)

neongenesis (549334) | more than 8 years ago | (#15318635)

Much of the debate on the 1974 Privacy Act revolved around the fact that the SSN was NOT to be used as a universal identifier. Paragraph 7 (if my memory serves) restricted the use of SSNs to those things either grandfathered (allowed by federal, state, or local law) before 1974 or explicitly named and allowed in a federal law; and in either case including a requirement that the requestor tell you the basis for the request. (Note that folks blanketly refusing to give the SSN are usually not on strong legal ground. Much better is to refuse until the requestor provides the legal basis for the request as provided for in the Privacy Act. IANAL etc...).

The loophole was that this act only restricted government not the private sector. Thus banks, insurance companies, universities, employers, local pizza joints, all ask for the SSN and can refuse service unless you provide it.

It would be a good start to debate if we could base a new law on the existing historical basis for the limitations in the 1974 privacy act, and then extend those restrictions to ALL use of the SSN by anyone.

My real question is... (2, Informative)

Spy der Mann (805235) | more than 8 years ago | (#15318642)

Why TF are SSN's used to AUTHENTICATE a person's identity? A SSN should just be used for REFERENCE.

Or am I wrong?

About Friggin Time (1)

Foofoobar (318279) | more than 8 years ago | (#15318666)

In my database administration class, one of the first things they did was talk about bad usage of data and how so many companies that used SSN's as primary keys ended up in hot water as a result.

Nowadays I find insurance companies putting in haphazardly on your cards, HR depts putting it on paystubs and employers asking for it prior to making a job offer.

Hopefully this wil finally drive it into peoples skulls that using a SSN for anything but governmental usage is bad policy and soon... illegal.

Oh f**k it - just gimme my national ID card (1)

i am kman (972584) | more than 8 years ago | (#15318680)

It's just like congress to wait until the whole issue is OBE to actually address it. The Real ID Act of 2005 effectively creates national ID cards that will be far more central to defining your identity than SSNs. And they are to be used for identification purposes.

The congress should focus on passing strong protection for these ID numbers rather than just SSNs.

Besides, while identity theft is a huge problem, business still have a legitimate need to run credit reports and on-the-spot background checks and a SSN makes that possible. Well, they don't really need to, but you don't really need to rent cars or get instant credit either... So all this nonsense talk of fake SSNs isn't really addressing the problem.

Re:Oh f**k it - just gimme my national ID card (1)

COredneck (598733) | more than 8 years ago | (#15318788)

Remember, the Real ID Act was passed as a rider on a must-pass bill. It was never discussed or debated ! It is a bad law that was insisted on by Rep. Francis James Sensenbrenner, Jr. He is heir to Kimberly-Clark fortune. Ironic, the company bought another company that makes RFID devices. Kind of a conflict of interest.

Anti Real ID items can be found at WikiPedia Real ID Act [wikipedia.org] . There are some items concerning activism to kill the act. One of them is getting states to refuse to go along, therefore, causing the whole deck of cards to fall.

My Credit Unions Acct #'s are SSN's (1)

Black-Man (198831) | more than 8 years ago | (#15318691)

How stupid is that? I realize some banks have already gone thru the conversion of "userId's" - not acct numbers - from SSN's to other ID numbers. But account numbers of your checking account?? How f'n stupid is that??

business procedures must change (0)

Anonymous Coward | more than 8 years ago | (#15318765)

issue isn't so much about changing the way SSN works.

you should have the choice at many of these businesses to not use your SSN if you do not want to.

there are people out there, very few, who refuse to give out their ssn#, but it makes doing or signing up for anything that much harder.

Many cases these businesses refuse to work with you if you dont provide a SSN #.

my school uses my SSN as my student ID #.

DoD Contractors usage of SS#'s (1)

COredneck (598733) | more than 8 years ago | (#15318722)

Since I have been in the wonderful world of DoD contracting, SS#'s are quite popular to use even down to compliance training for a long time. Our company is now starting to get away from using that number. Now, you have an employee number. My Emp # is 002xxx. Easier than a SS#. It should be that only Payroll has you SS# and no one else. A year ago, my manager from my old job demanded my SS# which I refused to give. I got a pretty nasty reprimand for it. I basically as ked him why and then mentioned that he didn't need the number. It pissed him off !

Now dealing with the gov't, they are pretty insistent on that number.

Mandated Change (1)

mugnyte (203225) | more than 8 years ago | (#15318726)


  This is going on the bottom of a long list of changes that (now) require quite a bit of money to implement. I foresee 2 numbers (at least) in use for the next 15 years. SSN is a PK, Alt Key, fixed length string in thousands of databases. I doubt we're going to see much shift in this very soon.

  Then, when examining the new number, one realizes that they've only solved a few of the many problems with a national id. What they're searching for is a universal hash value for individuals. This is a tough problem, and perhaps may not be solved with a single number - unless it's perhaps birthmoment & a genetic checksum + password. Even then, the amount of information in the key may be unwieldy.

  I'm a proponent of appending a password to the key so that those values without a password constitute a "user layer" of information (public), and the password suffix is the "kernel layer" that allows me to promote my information to that layer. For example, when I leave a health care provider for another, I can take their records and promote them before heading to another provider. This will allow me to control the flow of information collected about me. Sadly, I'm 100% confident this will never happen.

Election year politics (2, Insightful)

symbolic (11752) | more than 8 years ago | (#15318749)

I take everything anyone (elected) says with a grain of salt at this point, because elections are looming just a few short months away. Because, as others have suggested, long since become a very real problem, any attempt to solve it (at least by the methods outlined in the article), are mere sprints along the PR highway. To go the distance will require some fundamental changes, few of which may be amenable to entrenched interests (Big Business, Inc.)

yes. (1)

/dev/trash (182850) | more than 8 years ago | (#15318774)

Joe: Hey the horse is out!
Bill: oh Crap, better close the gate!

Cynical me (0)

Anonymous Coward | more than 8 years ago | (#15318793)

I'll believe it when I see it.

The U.S. government's record on restricting use of personal information hasn't been stellar under any recent administration and only appears to be getting worse. If only use of DNA databases, phone call records, and ISP subscriber data, etc. were subjected to the same scrutiny ...

I won't hold my breath.

I don't believe that congress is shocked. (1)

rocker_wannabe (673157) | more than 8 years ago | (#15318859)


One of the big reasons people need to steal social security numbers (SSN) is to work in this country. The government actually likes the fact that illegals use hijacked SSNs and pay into services they can never use. If we actually made the system secure then it would be easier to keep illegal aliens from working in this country and congress can't have that.

Taking advantage of people to make more money is what big business is all about, whether it's Chinese serfs or illegal immigrants. It has always been that way and was why Communism and Socialism came into being in the first place.

If you are making money from people who are virtually slaves you are a Capitalist.

If you are making money from people who are actually happy to be at work then you are a Socialist.

If you aren't making very much money and no one is happy to be at work then you are a Communist.

I hope that cleared things up for everyone

Re:I don't believe that congress is shocked. (1)

Jizzbug (101250) | more than 8 years ago | (#15318917)

If you're an Anarchist, there are no nation-states and therefore no borders, so there are no more "illegal aliens". PROBLEM SOLVED!

Btw, my SS# is 323-80-9292.

Illegal Aliens everywhere: please use my social!

Well, then *REALLY* limit the SS#'s use (2, Insightful)

krygny (473134) | more than 8 years ago | (#15318918)

The only people who need your SS# is your employer because they have to make the contributions. Your bank doesn't need it - they, as well as your mortgage company , broker, etc., can use a Taxpayer ID # to create 1099s and such for the IRS. And health insurance companies have no shittin' business with your SS#, not to mentiion the galactic stupidity of putting it right on your ID card.

When someone asks me for the last 4 digits of my SS#, I ask them to use another secrity key. if they can't, I don't do business with them.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...