Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Does Your Employer Still Use SSNs?

Cliff posted more than 7 years ago | from the not-likely-to-change-any-time-soon dept.

193

An anonymous reader asks: "My company, a fairly large telco, still uses social security numbers for non-financial purposes; mostly for our IT ticketing system. I find it amazing that in these times, with how easy it is to use an SSN to obtain credit, that any company still does this. I've heard talk for almost eight years that the practice is going to be stopped but little progress has been made. How many companies out there still use SSNs so openly? Since it seems that nobody is in a hurry to solve this issue, what can be done to speed the process up?"

cancel ×

193 comments

Sorry! There are no comments related to the filter you selected.

Simple (5, Funny)

SecaKitten (925554) | more than 7 years ago | (#16416021)

what can be done to speed the process up?
Simple, apply for credit cards in your boss's name.

Even simpler (2, Interesting)

JimXugle (921609) | more than 7 years ago | (#16417137)

Or do credit checks on him and let them slip into the fax machine when it's set to auto-dial the NY Times, Washington Post, His Wife, Misteress, and several corporate leadership figures in the company.

Re:Simple (1)

BKX (5066) | more than 7 years ago | (#16417173)

"Hey, Boss, what's your Social Security number?"

"Nought, nought, nought. Nought, nought. Nought, nought, nought, one. Damn Roosevelt."

Re:Simple (0)

Anonymous Coward | more than 7 years ago | (#16417497)

hahhahah that was brilliant thinking

You think you have it bad? (2, Interesting)

Anonymous Coward | more than 7 years ago | (#16416033)

My company makes us use our ssn as our email address. Talk about being a number...

Re:You think you have it bad? (3, Informative)

parasonic (699907) | more than 7 years ago | (#16417401)

How about the law that you shall not be identified by your SSN?

How about the law that you shall not be required to give more than the last four digits of your SSN?

No wonder there are "305 lawsuits" per average company per year...

Re:You think you have it bad? (3, Informative)

BandwidthHog (257320) | more than 7 years ago | (#16417871)

Neither of those laws you mentioned actually exist.

A business can ask for an SSN when you attempt to buy a nine volt battery with exact change. Perfectly legal. You can, of course, refuse such a ridiculous request. Also quite legal. They can then decline to do business with you. Just as legal.

It’s only the government folks that are prohibited by law from demanding SSNs.

Re:You think you have it bad? (2, Interesting)

Anonymous Coward | more than 7 years ago | (#16419519)

Depends on where in the world you are. Those laws do exist here, in Denmark.
They are critical to prevent the misuse of SSNs. Also you can't require someone to give there SSN, except for spcific situations, e.g. banks can require SSN to open an account.

Re:You think you have it bad? (0)

Anonymous Coward | more than 7 years ago | (#16419411)

How about the law that you shall not be identified by your SSN?

Too easy to evade. All they have to do is make your id 123-45-6789A. Then they sit there with their bare, smug faces hanging out and say, "A SSN is a structure without alphabetics, is it not?"

That crap has already been upheld by our corrupt court system.

Wow... that's not right... (4, Interesting)

soren42 (700305) | more than 7 years ago | (#16416047)

My employer, a large bank, doesn't even use SSN's (or, more specifically TIN's - Taxpayer Identification Number) for non-financial information. Our employee ID numbers are unique, distinct, and not based on any formula. Now, that said, any employee that has a corporate credit card or is an officer of the company ("Officer", "Assistant Vice President", "Vice President", "Director", "Managing Director", "Senior Vice President", "Executive Vice President", "Senior Executive Vice President", etc., etc., etc.) does have their credit checked monthly by the company. But, I would assume that any company - not just a bank - would take that precaution with employees with purchasing or signatory authority. That system is based on SSN/TIN at our company - but it makes sense there.

I believe that there is a Federal Regulation that intends to restrict the use of SSN/TIN numbers for identification by (guessing here) 2010. I'm certain there is such a law for banks, but I believe that it extends to any US public company. Anyone have details on this?

One last thing - I know many people who use fake SSN's for non-financial uses. For some time, Richard Nixon's SSN was very popular. Now, don't get me wrong, I'm not endorsing that practice - just sharing that it seems pretty common to me.

Re:Wow... that's not right... (2, Informative)

TubeSteak (669689) | more than 7 years ago | (#16416183)

Taxpayer Identification Number (TIN)
http://en.wikipedia.org/wiki/Individual_Taxpayer_I dentification_Number [wikipedia.org]

Employer Identification Number (EIN)
http://en.wikipedia.org/wiki/Employer_identificati on_number [wikipedia.org]

One last thing - I know many people who use fake SSN's for non-financial uses. For some time, Richard Nixon's SSN was very popular.
1. A surprising number of organizations will never check your SSN's validity
2. Try changing a digit, you might end up with a very similar & still valid SSN (that belongs to someone else)

Re:Wow... that's not right... (1, Interesting)

Anonymous Coward | more than 7 years ago | (#16418403)

Try changing a digit, you might end up with a very similar & still valid SSN (that belongs to someone else)

Or you might end up with an invalid one. There are rules for how the number is constructed and there are easily-googled programs into which you can input a nember to see if it's valid.

If a company simply validates SSNs, without any further checking, they may still catch an arbitrarily constructed invalid number.

Be especially careful about modifying the first three digits. It's well known that the first three follow a pattern across the country, so they constitute a pointer to where the card was issued. Try to use a San Francisco-issued number in Miami and you may get tripped up if someone asks a question about where in the Bay Area you were living when your card was issued.

If you try to use a number starting with 7, be prepared to talk about which railroad issued your card to you. 700 to 728 were given to railroads to pass out to new employees who didn't already have one through 1963, then discontinued.

Even if they were still in use, I suspect you wouldn't see a lot of these in the future as few babies apply for employment with a railroad at birth, when our trusting government insists that we be brande^H^H^H^H^H^H included in our national Social Insecurity system. 729 and above are either unassigned (for future use) or are invalid.

Finally, from http://www.ssa.gov/ssnumber/ [ssa.gov] (bottom of middle column), "Misuse of someone else's SSN is a violation of Federal law and may lead to fines and/or imprisonment."

Re:Wow... that's not right... (4, Interesting)

reanjr (588767) | more than 7 years ago | (#16416333)

I used to work for a logistics company that GM uses. One of GM's systems required some kind of user authentication (I don't remember the details) that they asked for my SSN to use. I did an MD5 on my actual SSN in hex and ripped out all the letters, used the first 9 as my SSN. It's a nice, repeatable way to generate a fake SSN that is likely to be unique in any system.

I strongly suggest using fake SSNs for anything possible, but of course, many times you are signing the "I verify that all this information is true to my knowledge" clause. Of course if you use it all the time, maybe you can get away with chalking it up to confusion over your actual SSN.

Re:Wow... that's not right... (1)

Psychofreak (17440) | more than 7 years ago | (#16416727)

My employer bases their id number on the number of people hired before you. As a result of a corporate merger, many people (including myself) were hired all at once causing my former boss to be upset. Her ID ends in 70 and my name is alphabetically one before hers. That was a running joke for a while after her girlfriend figured the numbering out.
Phil

Re:Wow... that's not right... (0)

Anonymous Coward | more than 7 years ago | (#16416857)

huh?

Re:Wow... that's not right... (0)

Anonymous Coward | more than 7 years ago | (#16417189)

He took an entire paragraph of unnecessary details to point out that his employee ID is 69.

Re:Wow... that's not right... (1)

dave562 (969951) | more than 7 years ago | (#16417755)

He took an entire paragraph of unnecessary details to point out that his employee ID is 69.

Well, at least he stayed true to the essense of the topic...

Re:Wow... that's not right...

Re:Wow... that's not right... (1)

atomic-penguin (100835) | more than 7 years ago | (#16419091)

...her girlfriend...

I think your missing the point about the lesbians.

Re:Wow... that's not right... (2, Interesting)

LearnToSpell (694184) | more than 7 years ago | (#16417143)

HSBC, which is what you could call "a large bank," uses SSNs for everything. It's pretty annoying.

As far as I know, to contradict your info (and I'd love to be corrected on this), any non-governmental company is allowed to use SSNs for whatever they want. I looked it up briefly a little while ago, and that was my understanding, but again, I hope I'm wrong.

SSN (4, Insightful)

CherniyVolk (513591) | more than 7 years ago | (#16416059)


In the beginning the Social Security Number was issued by the government and is unique to each living citizen. This much still holds true.

But what was lost somewhere via the effects of Capitalism.... was that this number was supposed to be private to the individual assigned it. And, while there are laws protecting a citizens privacy. Companies were granted positions to effectively counter such laws. Only the government, state or law-enforcement officials may "demand" your Social Security Number. Visa can not demand you give it to them. Your landlord can not demand you give it to him. Private schools by law, can not demand you forfeit such information.

But no law is telling Visa or anyone else to accept alternate information for their personal records. As a result, you have to give out your Social Security Number, becuase if you don't, you can't apply for an Apartment, you can't buy a car, you can't have a credit card, you can't open a bank account, you can't get a job..... yeah, we have a choice.

*Some places do accept alternate information such as Drivers License Numbers.*

Re:SSN (2, Interesting)

Raindance (680694) | more than 7 years ago | (#16416393)

Honestly... not that I'm a big fan of litigation, but this seems like a problem a high-profile lawsuit (regarding the needless identity-theft risk companies are exposing their users to) could fix. The market won't fix it, and if politicians haven't fixed it by now it's hard justify just waiting until a law comes along to outlaw it.

Perhaps the EFF could step in.

Re:SSN (1)

Vellmont (569020) | more than 7 years ago | (#16416623)


Your landlord can not demand you give it to him.

And your landlord doesn't have to give you a lease if you don't provide him with a SSN either. My landlord wanted all this crazy information about me. SSN, monthly income, drivers license #, my checking and savings account numbers. Way more information you'd ever need to do some very easy identify theft. He may not be a crook, but how do I know he keeps the information secure? How do I know no one he employees is a crook, or any future people he employees are crooks?

I told the landlord to stuff it, no one needs to know my damn bank account numbers but me. He eventually agreed to let me rent from him, but he was under no obligation to do so.

Re:SSN (1)

LordKronos (470910) | more than 7 years ago | (#16417227)

I told the landlord to stuff it, no one needs to know my damn bank account numbers but me.

Did you pay your rent by check?

Re:SSN (0)

Anonymous Coward | more than 7 years ago | (#16418051)

Not a savings check.

Re:SSN (1)

jackb_guppy (204733) | more than 7 years ago | (#16416811)

Then add in a company like TALX [http://www.talx.com/] that will publish your SSN and Bank Numbers in the name of cheaper payroll advices. Yes it saves money to our company, but did do mean to have all the information of employees of America's top 500 companies in one location with poor passwords??

Re:SSN (2, Interesting)

Qzukk (229616) | more than 7 years ago | (#16417181)

was that this number was supposed to be private to the individual assigned it.

WRONG, and that's why this is a problem. The SSN was designed to identify you to the government for tax purposes. Everyone who reported your money to the government needs it: your employer, your bank, mortage officers, loan officers, casinos and so on and so forth. Someone stole your SSN? Oh noes! They can pay your taxes for you! The horror!

It wasn't until other companies decided that they could use the SSN to identify you to them despite the fact that many, many people have access to these numbers that this became a problem.

The solution is for the credit agencies to start feeling the bite. When lenders get a credit report from the agency that says that the crook they're dealing with isn't who the agency said they were, they should sic lawyers on the credit agencies when they end up with bad loans. A change in laws to force lenders to deal with the consequences of fucking up instead of allowing them to pursue the real person when they didn't bother to actually find out who they're giving money to will help also. Once this is in effect, the credit agencies will start to compete again, and improve based on accuracy. Lenders, too, will make sure the person receiving their money is who they say they are. I'm confident that captialism can come up with a solution for this one on it's own, we just have to stop protecting the lenders and credit agencies from their own stupidity so that Darwin can take care of the rest.

Re:SSN (1)

Acer500 (846698) | more than 7 years ago | (#16417255)

I know it is not a popular opinion, but I state it in these threads often anyway: get a real identification system like the rest of the world has and stop using the SSN which used to say "not for identification purposes".

Nobody can ask for a credit card with my ID number alone in my country, it uses other forms of protection - photo and fingerprints plus some anti-faking measures, and before you say it's demeaning, or that it's not effective, think that it's the same system your country uses on everyone that lands in an airport (so you're either demeaning visitors, which I think you are, or by saying it doesn't work you're saying it's not effective as a tracking system).

By the way, this has been discussed to death even here, see

http://ask.slashdot.org/article.pl?sid=06/04/27/23 26258 [slashdot.org]

I like this comment for instance:

by lelitsch (31136): Assuming you live in the US, you obviously don't have a social security number, drivers license, birth certificate, or passport, and you have never been sick, or attended school; and have yet to pay taxes? Newsflash: the government holds a lot of data about you. Unfortunately, the data is currently linked by an universal and extremly weak key, namely a 9 digit number that you probably have passed out many times over to people who are as trustworthy as used car salesmen. Come to think of it, more than a few probably were used car salesmen...

Re:SSN (4, Informative)

RexRhino (769423) | more than 7 years ago | (#16417957)

Only the government, state or law-enforcement officials may "demand" your Social Security Number.

Completly false. Employers are REQUIRED BY LAW to take your social security number to handle SS deductions. Banks and credit card companies are REQUIRED BY LAW to retain your social security number in order to do financial reporting (so the IRS can check and make sure you aren't spending more than your reported earnings). Gun shops are REQUIRED BY LAW to take your social security number as part of criminal background checks. There are a whole slew of situations where, not only can a company ask you for your SSN, but they are required to take your SSN!

Visa can not demand you give it to them.

Visa IS REQUIRED BY LAW to take your social security number, or a tax ID number if it is a corporation, as part of their financial reporting requirments.

Private schools by law, can not demand you forfeit such information.

Private schools BY LAW ARE REQUIRED to take your SS number if the private school accepts federal government loans or grants for students.

Don't try to obscure the blame that the government bears for your SSN being your ID number. Aside from the fact that they have made legislation making SSN the de-facto ID number (Real ID Act), it was the government that decided that you would have one single number that would follow you for the rest of your life as your unique identity (as opposed to the system they used for passports, where your passport is given a unique ID, but that number will change over the course of your life... your passport is assigned a number, not the person)

Re:SSN (2, Informative)

NormalVisual (565491) | more than 7 years ago | (#16418531)

Gun shops are REQUIRED BY LAW to take your social security number as part of criminal background checks.

Not true. There is a field for the SSN on a Form 4473, but it's not required that it be filled in.

Re:SSN (3, Interesting)

spagetti_code (773137) | more than 7 years ago | (#16418229)

As a foreigner who was working in the US for a number of months (all above board - my US based employer stationed me there) - I was forced to get by without a SSN.

I had all sorts of issues including (a small sample):

  • having my VISA card rejected because it wasn't an "American" VISA
  • having my passport labelled a forgery at a bank because the date was 14/6/68. To quote the teller "there's no 14th month". Let me tell you - that creates an interesting scene in a busy bank.
  • being given checks by another bank, which were rejected by almost everyone because their starting number was too low. Then the bank cancelled them because of my lack of SSN.
  • the supermarket wouldn't let me use checks because I didn't have an SSN.
  • being offered a discount at the checkout on an expensive item if I signed up for a loyalty card. I said I didn't have an SSN. No problem they said. 30 minutes of head scratching and phone calls later, the checkout and manager and manager's manager gave up. Sorry they said. You need an SSN.

Eventually I got a fake SSN from a website that has lists of unused SSNs and everything went a lot smoother.

Re:SSN (2, Insightful)

NormalVisual (565491) | more than 7 years ago | (#16418553)

being given checks by another bank, which were rejected by almost everyone because their starting number was too low

Yup, and for the life of me I can't figure that one out. Every bank I've done business with has asked me what I wanted my starting check number to be, which makes the check number completely useless.

Re:SSN (2, Informative)

jcr (53032) | more than 7 years ago | (#16418487)

In the beginning the Social Security Number was issued by the government and is unique to each living citizen. This much still holds true.

Nope. There have been many cases of the SSA issuing blocks of numbers multiple times. SSN collisions happen every day.

-jcr

Re:SSN (1)

sakusha (441986) | more than 7 years ago | (#16418781)

Only the government, state or law-enforcement officials may "demand" your Social Security Number.

No.

Apparently everyone is overlooking the incredibly obvious reason why SSNs even exist. It is your SOCIAL SECURITY ACCOUNT NUMBER. Your employer MUST have your SSN, or it cannot send your Social Security tax withholding to the US Treasury, the number is used to direct those funds to your personal retirement benefits account. Additionally, it is your Taxpayer ID Number, so it is used for other tax withholding, which is reported to the IRS and your state tax office under that number.

Of course, just because your employer is legally required to use your SSN in its internal accounting and payroll system, doesn't mean they have to use it for external ID purposes.

Re:SSN (4, Insightful)

Eivind (15695) | more than 7 years ago | (#16421109)

How about instead stopping the idiocy of confusing identification with authenthication ?

A SSN is a perfectly fine and perfectly way to establish that we're talking about the same person. Names, adresses, birthdates whatever all break down here. (there is more than one "John Smith", there could even be more than one with the same birthdate, furthermore it's perfectly possible that "Ann Smith" is the same person as "Ann Kulstad", she could've married.)

For this purpose, making certain that two records really refer to the same person, SSN is fine. A unique key that refers to an individual.

Now, where you guys went wrong where in confusing this with authenthication.

The very fact that you use your SSN to *identify* which person you're talking about means that lots of different organisations and individuals *MUST* know your SSN. That ain't a problem. The problem is in assuming that whoever is aware of your SSN *IS* you, or is authorized to order credit-cards in your name, or whatever else.

We've got SSNs in Norway too. They're not particularily secret. The tax-people have them. Your employer has it. Your bank has it. They all even *need* to have it, to *identify* you. Your employer, for example, pays taxes, and uses your SSN when communicating with the tax-people so that it's clear for which individual these taxes are.

But here's the rub: Knowing the SSN is never *ever* considered authentication. You cannot order a credit-card in someones name just by knowing it. Nor access their bank-account, or infact do *anything* you couldn't just aswell have done without it. Except for ONE thing: If you know the SSN, you can use it to refer to an individual, in such a way that all involved will know for sure precisely *which* individual you're talking about.

The account is owned by individual X, the taxes are paid by individual X, the drivers-licence was issued to individual X, and we all (the bank, the employer, the drivers-license-people, etc) agree that this is infact one and the same individual, despite the fact that one of us spelled his name wrong, he has married, he has moved, and there's 17 other people with that precise name in Norway.

*THAT* is the point of a SSN.

You cannot at the same time give your SSN to dozens of different organisations (which you need to do if using it as an identificator shall work) and at the SAME time pretend that it's a secret that only the individual himself would ever know.

I dunno why USA persists in the stupidity.

Point out to your local normalization DBA (3, Interesting)

Marxist Hacker 42 (638312) | more than 7 years ago | (#16416127)

That SSNs are non-unique. They used to be, but thanks to illegal immigrants, ID theft, and a lot of other problems, SSNs simply aren't unique anymore, and thus are not a good identifier.

Re:Point out to your local normalization DBA (2, Interesting)

MBCook (132727) | more than 7 years ago | (#16416437)

Are SSNs of dead people later re-assigned? If not now, is there a guarantee that they won't do that later? With 300 million people alive now and all the people coming into this country and being born here, how long before they have to start recycling them, especially if they want to keep doing the first 3 digits showing where you were born part?

Re:Point out to your local normalization DBA (2, Informative)

Planesdragon (210349) | more than 7 years ago | (#16416691)

Are SSNs of dead people later re-assigned?

Not yet [ssa.gov] , but they will eventually. That or add another digit.

Less than a century until we run out of our billion or so possible SSNs. Expect the next method to just have a new digit thrown in.

Re:Point out to your local normalization DBA (2, Interesting)

pla (258480) | more than 7 years ago | (#16416765)

Are SSNs of dead people later re-assigned? If not now, is there a guarantee that they won't do that later?

Q20: Are Social Security numbers reused after a person dies?
A: No. We do not reassign a Social Security number (SSN) after the number holder's death. Even though we have issued over 415 million SSNs so far, and we assign about 5 and one-half million new numbers a year, the current numbering system will provide us with enough new numbers for several generations into the future with no changes in the numbering system.

However, an SSN has only nine digits - So the SSA will need to add a digit or three within then next few decades. Reissuing numbers, thanks to the exponential growth of the population, would only gain them a few years at most, so they probably won't do it (instead doing something like adding a new number group and moving all existing users to 000-###-##-####).


Rather than use a dead person's number, though, might I suggest you use one of the classic non-numbers, such as any group all zeros (000-##-####, ###-00-####, ###-##-0000) (official) or 666-##-#### (unofficial, but as yet still never issued), or 078-05-1120 (the single most used fake SSN in history, which belongs to Hilda Whitcher, the secretary of an ad exec who decided to use her number in a promotion - She got a new one to replace it and the SSA retired it). A friend of mine had his used, just by coincidence, for something as mundane as a college ID, and you wouldn't believe the hoops he had to jump through just to register for classes. So don't make someone else's life hell, just carefully pick a totally invalid number.

Re:Point out to your local normalization DBA (2, Informative)

MustardMan (52102) | more than 7 years ago | (#16417203)

However, an SSN has only nine digits - So the SSA will need to add a digit or three within then next few decades.

10^9 = 1 billion possibilities. If the current system has used up 415 million, and SSNs are being added at a rate of 5.5 million a year.... that's around a hundred years to use up the remaining possibilities. I call that more than "a few decades"

Re:Point out to your local normalization DBA (2, Informative)

DeadChobi (740395) | more than 7 years ago | (#16417789)

I did the math on this for a math ed. class. It's about 110-130 years from now that we will run out, assuming the population maintains the same growth rate.

Re:Point out to your local normalization DBA (1)

pboulang (16954) | more than 7 years ago | (#16420071)

Wait, you did this for a class and STILL couldn't come up with:
(1000000000 - 415000000) / 5500000 = 106.36 years?

*sigh*

Re:Point out to your local normalization DBA (1)

Marxist Hacker 42 (638312) | more than 7 years ago | (#16417087)

I don't think they're doing the three digits showing where you were born part anymore now. 999,999 is far too small for our largest major cities now. And I bet they do get reassigned now- otherwise only 4 generations and we'll run out.

Re:Point out to your local normalization DBA (1)

Propaganda13 (312548) | more than 7 years ago | (#16418309)

An invalid (or impossible) Social Security number (SSN) is one which has not yet been assigned.

The SSN is divided as follows: the area number (first three digits), group number (fourth and fifth digits), and serial number (last four digits).
From SSA.gov
To determine if an SSN is invalid consider the following: No SSNs with an area number in the 800 or 900 series, or "000" area number, have been assigned. No SSNs with an area number above 772 have been assigned in the 700 series.

No SSN's with a "00" group number or "0000" serial number have been assigned. No SSNs with an area number of "666" have been or will be assigned. Information about the SSN and SSNs that have been assigned is available on SSA's website at http://www.socialsecurity.gov/employer/highgroup.t xt [socialsecurity.gov]

How the first 3 numbers are assigned
http://www.socialsecurity.gov/employer/stateweb.ht m [socialsecurity.gov]
NOTE: The same area, when shown more than once, means that certain numbers have been transferred from one State to another, or that an area has been divided for use among certain geographic locations.

Immigration reform could also vastly change the number of SSNs used. Heritage.org estimated 100 million immigrants over 20 years based on the first draft of th CIRA and lowered that 66 million after an ammendment. The government had lower estimates for the same bill.

Still we should have decades anyway. Adding a number to SSN would screw up the existing databases anyways, so would the government take additional steps? Possibly, two numbers - government use only and public use. Public Encryption keys? (highly doubtful I know) This type of thing could go hand in hand with National IDs.

Re:Point out to your local normalization DBA (1)

itwerx (165526) | more than 7 years ago | (#16417703)

first 3 digits showing where you were born

They actually indicate the location of residence at the time of submission.
      I know this because my first three digits indicate the state of CA which is where I was living when I got my SSN but it is not where I was born. I had occasion to speak with an IRS employee at a later date and they confirmed.

Thought it was actually illegal (3, Informative)

kbob88 (951258) | more than 7 years ago | (#16416145)

I used to work in the IT department of a managed care company in the early 90s, and seem to remember something about it actually being illegal to use the Social Security Number for any other purpose (than running Social Security and the IRS). Of course, we (and every else in healthcare) still used it as a primary numbering/identification scheme. Not sure if the illegality was true or not.

From the Social Security Administration [ssa.gov] :
  • "[Makes] misuse of the SSN for any purpose a violation of the Social Security Act"
  • "Unlawful disclosure or compelling disclosure of the SSN of any person a felony, punishable by fine and/or imprisonment."

even more outrageous (2, Interesting)

Aeron65432 (805385) | more than 7 years ago | (#16416187)

I am a student at Tulane University in New Orleans, Louisiana, and we use our social security numbers as STUDENT ID's.


It appalls me how irresponsible this is. I have to write out my social security number down for the desk worker if I lock myself out of my room, to log-in to view my classes and grades, and all the time online to manage my account.


I cannot believe that such a highly accalimed university promotes such reckless actions. SSN's are basically our national ID number, and the fact that I have to throw it around all the time scares me.

Re:even more outrageous (1)

hurfy (735314) | more than 7 years ago | (#16416379)

dang, i was a little distrubed when the community college did this 20+ years ago! I would have thought that went out of fashion by now :(

Re:even more outrageous (1)

Anonymous Coward | more than 7 years ago | (#16416443)

I am a student at Cal Poly, San Luis Obispo in California, and we also are forced to use our ssn's as student ID's. I think the whole Cal State college system (27 schools) uses this practice. How hard would it be to assign random student ID's?

My accounting professors seem to think our ssn's make good "digital signatures", and ask us to put them on our assignments in Excel as a signature saying the work is ours, and ours alone. I've abstained so far without raising any questions.

Re:even more outrageous (0)

Anonymous Coward | more than 7 years ago | (#16419223)

It isn't like this at Cal State LA, as of around 2004, they used to do that though.

Re:even more outrageous (1)

Vellmont (569020) | more than 7 years ago | (#16416675)

I had the same experience at the Univ of Wisconsin Madison when I started in 1990. They used the SSN+1 digit as a student ID. I think it was the last digit that was the student ID. Hopefully they've eliminated that practice by now.

Re:even more outrageous (1)

jackb_guppy (204733) | more than 7 years ago | (#16416877)

Ask them to change it. We just did with our 2 daughters and 3rd just signed up without SSN.

Good thing federal law prevents that. (4, Interesting)

BKX (5066) | more than 7 years ago | (#16417571)

Or at least allows you to. All universities and colleges MUST allow you to change your student ID to something other than your SSN if you ask (and are encouraged to not use SSNs anyway, though not required). It's federal law (a law passed about five years ago, I beleive). Ask and you shall receive. If you don't, sue and you shall receive even more.

Re:even more outrageous (1)

anakin876 (612770) | more than 7 years ago | (#16418249)

BYU used to do this - they just changed a few years ago. Right before the change went through an advertiser they had sold the list of graduates to printed out address labels that included name, address and SSN. Fortunately they weren't used - but DUH what a terrible idea.

Re:even more outrageous (1)

niney (796319) | more than 7 years ago | (#16419267)

It was pretty bad when my college gave out email accounts a while back. They used a digit, your initials, and the last four digits of your SSN as your username. So careless...

Not as bad (1)

Propaganda13 (312548) | more than 7 years ago | (#16416227)

My company is definitely not that bad, but SSN is still used on certain internal documents that really don't need the SSN and should just have the employee ID number instead.

The wrong way to speed up the process - post SSN of your CEO and higher management on the web or even sell them.

Do some research. See if there are any lawsuits holding companies responsible. Check for hard info on identity theft. Express your concerns to management in a documented fashion. If you can involve lawyers, HR, and the right management, the process could be sped up. If it isn't then you have documented steps that you took to clear up the issue before problems happened.

Re:Not as bad (0)

Anonymous Coward | more than 7 years ago | (#16417121)

and get fired...you're now a hero!

Universities (0)

Anonymous Coward | more than 7 years ago | (#16416229)

I go to a public university in Indiana and they are in the process of phasing out SSN's as your ID number. Starting with the people who are currently seniors they began issuing dual ID numbers (both a 10 digit and 9 digit SSN were valid), the year after that SSN use was discouraged, my freshman year only use of 10 digit ID was officially sanctioned but SSN still saw occaisional use, but I havn't been asked for anything but my 10 digit ID number all year.

You might be surprised... (4, Interesting)

BenEnglishAtHome (449670) | more than 7 years ago | (#16416461)

...that my employer [irs.gov] , a place flat-out driven by SSNs in many aspects of our work, wouldn't think of using them for anything internal that isn't mandated by law. We issue to everyone a 5-character ID that's used for signons and all sorts of IDs. We used to use a contraction of the user name, but even that has been 95% phased out for years.

It's not that difficult to quit using SSNs and it's just good policy. I'm surprised that they are still so commonly used in situations where they might be disclosed to anyone but the person to whom it belongs.

What about the Military? (1)

Foo2rama (755806) | more than 7 years ago | (#16416463)

I always wondered about this with the SSN's on dog tags.

Re:What about the Military? (1)

Quixotic241 (1004413) | more than 7 years ago | (#16419793)

The military uses SSNs for everything. Remember the stolen VA laptop?

USPS still uses em (2, Interesting)

DrMrLordX (559371) | more than 7 years ago | (#16416501)

I work for the US Post Office at a REC site. We still use parts of our SSN for identification. I don't really want to elabourate, but anyone who wished to steal SSNs there could easily do so.

RS and BOA (1)

Malevolyn (776946) | more than 7 years ago | (#16416521)

Radio Shack still uses them to do employee discounts and certifications. Bank of America uses them to login to online banking.

Re:RS and BOA (0)

Anonymous Coward | more than 7 years ago | (#16418537)

Actually Radioshack has a discount card available on there employee site that uses a random number or something like that. It is just no one uses them. The system will take any number in it. I rang in a sale tonight and reversed my employees number by mistake and it still excepted it.

Re:RS and BOA (0)

Anonymous Coward | more than 7 years ago | (#16418909)

I use bofa online (California) and I never have to enter my SSN... just a portion of my debt card number and a password, that's it.

Re:RS and BOA (1)

ankie (1010847) | more than 7 years ago | (#16419535)

Anyone who has SSN as the online ID with BoA has the right to change it under the customer service tab; this now becomes the user's responsibility for not having SSN as the login ID. And when new accounts are opened now, it no longer defaults to SSN for the online banking ID. So the company is making efforts to get away from SSN for the online activity.

Re:RS and BOA (0)

Anonymous Coward | more than 7 years ago | (#16419677)

Ummm, not really. Bank of America online banking was enhanced several years ago to allow you to pick your own 9 digit login, thankfully. Now, whether or not most online users _know_ this fact or would take the time to actually _use_ it is another question (apparently many don't).

Leak (1)

bergeron76 (176351) | more than 7 years ago | (#16416539)

what can be done to speed the process up?

Leak it.

What happens if someone publishes all SSNs? (1)

defile (1059) | more than 7 years ago | (#16416597)

It's only a matter of time before someone gets their hands on the SSN:name database and posts it for all to see.

What the fuck happens then?

Easy (0)

Anonymous Coward | more than 7 years ago | (#16419721)

1. Leak SSN Name databse
2. ???
3. Profit

That'd be the best identity-theft reform EVER! (1)

Behrooz (302401) | more than 7 years ago | (#16420535)

That is possibly the most brilliant suggestion I've ever heard regarding identity-theft mitigation in the US. Releasing all of the SSNs is excellent, and we need to do it. Right now.

Currently, the weakness in the system is that a SSN and publicly-available information is still being treated as secure enough to be useful for identification, despite being demonstrably insecure for nearly all individuals (I'm sure there are a few people out there who have never had a job, but they probably don't need to worry about identity theft) and completely compromised for a few.

A complete disclosure would kick the legs out from the whole ridiculous system, forcing all stakeholders currently using it to stop, because the entire system would be demonstrably compromised. Right now, the burden of proof is on the victims of identity theft, but after a leak of this magnitude any entity who used the SSN for authentication would be facing the legal equivalent of Armageddon.

Someone needs to acquire the complete SSN database, then publish the names followed by a new digit every week until complete disclosure is attained two months later. That'd give time and publicity for bureaucratic inertia to get a sound kick in the ass, and spark a dialogue about a robust, secure, and real system of identifiability to replace the worse-than-useless consensus kludge we have now.

Old Employer 8 years ago (2, Funny)

Associate (317603) | more than 7 years ago | (#16416601)

We were required to give the last four digits of our SSN to get in the gate. Their verification was someone sitting on the otherside of the gate call box with a list of everyone's SSN. I expressed some concerns to my supervisor at the time because I didn't really trust my coworkers. Stupid bitch ran and told our manager that I was going to refuse to give it. She came back and told me that I could be fired for not following the procedure.
That said, Larry Wise's last four SSN numbers are 2795.

Solution (1)

Alchemar (720449) | more than 7 years ago | (#16416677)

I was talking about this at earlier today, because it is of great concern to me. I think I have the start of a solution:

There needs to be a way to uniquely identify someone, and verify that identity. What does not need to be done is make that id public. That is the whole point of PGP encryption. An national ID number needs to be assigned. I hate the thought, but I finally gave in that it is a necessity. We already have a SSN, so it isn't something new. It just needs to be seperate from your SSN. In fact the plan I have, would allow your national ID to still be used for your SSN, and still be seperate from every other business or goverment department.

Set up a goverment department whose entire job is to administer ID numbers. The only information they should have is Name and age. They isssue everyone a private ID number and and encryption calculator. With the price of handheld calculators, I am confident that it can be done at a very reasonable cost. The department will then issue an ID number to each business that may need to know your ID. When a business or goverment agency wants your ID, they must give you their ID number, you encrypt your number with their ID number and give them the results, they then send that encrypted number to the Department of Identification along with their number where it is looked up on a database and the company is only given your Name and age group i.e. Under 16, 16-18, under 21, or over 65, depending on why the needed to register for an ID request. An adult site can request an 18 or over check, a convience store would need to know Under 18 for cigeretts, or under 21 for beer, etc, etc. Since each company that needs your information would have a different number to Id you with, it would prevent massive datamining into your life.

Re:Solution (1)

iggymanz (596061) | more than 7 years ago | (#16419009)

or we could have a society in which the government can't id or track people at all. They only check that x number of unique people voted in the last election, maybe by retina scan or whatever. If someone gets arrested they get a temporary tracking which only lasts until conviction or acquittal/release. No income tax in such a world, obviously.

Re:Solution (0)

Anonymous Coward | more than 7 years ago | (#16419765)

An national ID number needs to be assigned.

Fuck you right in the heart, you pusillanimous Stalinist bastard.

Timeclock passwords. (1)

Kate6 (895650) | more than 7 years ago | (#16416711)

My company uses SSN's as our passwords for logging into our timeclock application through our web browsers. While the connection is behind our firewall, it's not SSL-encrypted... And I have no idea how the SSN/passwords are actually stored. Only been working there for 3.5 months so far, but have felt uncomfortable about it from day 1.

yep (1)

ezwip (974076) | more than 7 years ago | (#16416725)

Insurance companies will be using them for along time. Big huge warehouses full of em that the "cleaning crew" can weed through after everyone leaves.

Very selective disclosure (1)

kf4lhp (461232) | more than 7 years ago | (#16416755)

The University I work for has very limited disclosure of SSNs, and has system-wide been cracking down on the users of them - justify the need, or get rid of them. And if you have them, then your systems get to undergo more frequent and in-depth security audits.

The College I attend uses an 8-digit serial number which is linked across to the SSN for student identification, but they can still use your SSN if you don't know the other number.

I think the biggest point is that I don't want someone (even me) to be able to see the SSNs of others, but being able to search against them is very helpful, especially when dealing with new students who haven't a clue what their university ID number(s) are.

re: getting the results you want (1)

Gybrwe666 (1007849) | more than 7 years ago | (#16417055)

First off, one of the biggest telco's in the US used, at least the last time I checked, about two years ago, the last four digits of their employees' SSN's as *EMAIL* addresses. Emails were initials followed by the last four. Sad and pathetic...

However, if this is truly something you want to see changed, it might be worth calling around to a local reporter or television stations and seeing if you can hook a reporter on the idea of getting a good story out of this. Privacy concerns these days are no laughing matter and I've found recently that sometimes corporations have individuals in them with good intentions but beauracracy and inertia make it difficult for even some of the highest placed individuals to effect real change.

And just think about how exciting it would be to the the "Anonymous Source" in a nice little news story...

My university still does. (1)

deezilmsu (769007) | more than 7 years ago | (#16417163)

In fact, all the roll sheets distributed to professors (and handled by 2-5 people before it hits their hands) have the last 4 of our SSN on it, and it's used as a main identifier for students.

Photo IDs (0)

Anonymous Coward | more than 7 years ago | (#16417183)

I've never had a company actually ask to see my Social Security Card, but more than a few want to make a photocopy or scan of the picture ID from my drivers license.

Companies don't really seem to care whether their FICA contribution actually goes to the right person or not -- maybe they get their payment amounts returned later, for the bogus SSNs.

SSNs? (4, Funny)

JohnWiney (656829) | more than 7 years ago | (#16417213)

My employer doesn't, because none of his employees has an SSN.

Funny or Interesting? (1)

loteck (533317) | more than 7 years ago | (#16419733)

I realize why this was modded funny, but I wonder if the parent was meant to be funny.

the only reason I ask is because I know of several US Citizens that don't have SSNs.

After all, there's no law saying you have to have one.

Relational Database (1)

MikeB0Lton (962403) | more than 7 years ago | (#16417217)

Usually the SSN is the PK in a relational db. It isn't hard to assign arbitrary account/user/customer numbers to those records, and replace the SSN in other tables with that number (assuming you have cascading updates). If the SSN is necessary for business, it should be stored without relationships to other tables. Of course this usually requires your program to be edited...

You have the choice... (1)

JSThePatriot (980143) | more than 7 years ago | (#16417237)

Starting from the point the government decided SSN's were how they were going to track us financially you have had the choice on whether or not that number is used anywhere else. If they have automatically used your SSN without your permission, then I would send them a Certified Letter stating that you do not want to use your SSN in their IT Ticketing system, they will have to change it or face the law themselves.

I dont know where to find these laws, but you could certainly contact a lawyer that is familiar with SS, and he/she would be able to help you promptly.

JS

My old company used last-4 SSNs (0)

Anonymous Coward | more than 7 years ago | (#16417287)

Just a point of information, I used to work for a large regional telco (whose slogan could have been "a new *Frontier* for all *Citizens* and their *Communications*", but I digress...) who used the last 4 of SSN for identity confirmation when calling customer support, including password resets. For a 6000-employee company.

Re:My old company used last-4 SSNs (1)

jesboat (64736) | more than 7 years ago | (#16419011)

Sprint?

and just to show what can happen... (2, Informative)

phageman (627693) | more than 7 years ago | (#16417319)

I'm a high school teacher in Kentucky. Yesterday, every teacher in the state got an email informing us that letters sent to our homes inadvertently displayed our SSN through the address window!!! Anyone could have swiped the numbers just by looking at the envelope. I'm not worried myself (my credit is so bad I hope someone will steal my identity), but just imagine if some unscrupulous postal employee noticed thousands of SSNs in plain view.

Re:and just to show what can happen... (1)

T-Ranger (10520) | more than 7 years ago | (#16418769)

The postal workers arn't done working the way through 1972 series of Playboys

Re:and just to show what can happen... (2, Informative)

mjs0 (790641) | more than 7 years ago | (#16418973)

Not trying to scare anyone here...but...my wife works in this field (no not stealing identities, helping people resolve issues arising from stolen identities!) and unfortunately it is not just about your credit. If someone gets hold of your SSN together with your name they can 'become you' in many different ways.

One of the scariest things is when your number gets used for reporting income by many people. Even if income tax is withheld on the wages of these imposters guess what happens when you work 20 different $20,000 per year jobs...you end up in the top tax bracket, and of course it looks like you've take the standard deduction 20 times. Guess who the IRS comes after to get all those extra taxes...the actual owner of the SSN of course.

Oh and imagine what happens when someone gets your SSN and other info then applies for a driver's license in your name. Maybe 6 months later you get pulled over for a routine stop and dragged to jail for non-payment of speeding fines or even worse crimes.

Are any of these likely, no...but as with all matters of probability unlikely does not mean never...it does happen to somebody.

And on the topic of companies using SSNs for non-essential situations...someone in that organization needs to look at a few recent laws regarding the correct handling of NPI (non-public information) such as:

crazy (1)

CheeseTroll (696413) | more than 7 years ago | (#16417947)

Using an SSN for an IT ticketing system? What do they do, run a credit check before unlocking a user's account?

i'm a victim (3, Informative)

feld (980784) | more than 7 years ago | (#16418311)

i live in WI and someone in Milwaukee (with many, many previous addresses) is reporting my SS. I have no idea how or where they are reporting it, but they're in the database with my #. They have never used it for financial things yet, though, so my credit is fine. I reported this to the cops several times but they won't do anything about it because they arent using it for credit related things. This pisses me off to no end.

I have the original SS card in its original envelope from 2 months after I was born.

I had a hard time explaining things to employers when I was a teenager because they'd do checks of some sort and find this other guy's name.... notably Radio Shack and Menards (Like Home Depot) were the main ones causing problems over it.

Re:i'm a victim (2, Informative)

jcr (53032) | more than 7 years ago | (#16418581)

Not necessarily a single person. Many illegal aliens will pick a random set of digits, and they'll share numbers that work. Depending on the employer, they may need to change numbers annuallly.

-jcr

Re:i'm a victim (0)

Anonymous Coward | more than 7 years ago | (#16420089)

I'd think there'd be some law that would penalize falsifying something like a SSN - have you talked to the SSA about this yet? http://www.ssa.gov/ [ssa.gov]

Individual Unique ID (1)

JoeCommodore (567479) | more than 7 years ago | (#16418597)

Thats what it means to many programmers (and creditors), of all the things a person has on them - thier SSN is unique (not totally, there have been mention of dupes - though no accounts I could verify).

It's not a problem if you are dealing with one location or a small set of locations, but if you deal with state-wide or federal data it gets to be an issue to have a good unique ID for everyone.

The idea of a national ID would be an alternative (as SSNs go up to 999,999,999 we are running out). ANother would be biometrics but those are from what I hear at least 512 bytes for a fingerprint metric and higher for others.

Though I don't think it was a problem until private-sector creditors picked it up as thier de-facto key unique ID for financial identity, and when or if the national ID comes out I am sure the banks will adopt that too and keep the system screwed up.

You're looking at it from the wrong direction (2, Informative)

Michael Woodhams (112247) | more than 7 years ago | (#16418655)

The problem isn't that people can find out your SSN.

The problem is that banks etc. use knowledge of SSN for authentication. If someone accumulates debt in your name, based only on their knowledge of your SSN and other readily available data (DOB, mother's maiden name) then you should be able to simply disown those debts, sticking the problem back on the people who accepted inadequate ID.

Florida State University (1)

SinGunner (911891) | more than 7 years ago | (#16418725)

When I worked for FSU, to login to our timeclocks we had to enter the last 4 digits or our SSN, but we entered them BACKWARDS. The thing is, everyone knew we entered them backwards... I couldn't quite figure out the point. Were they trying to point out that the policy itself was backwards?

SSN equivalent public in some countries (2, Informative)

Anonymous Coward | more than 7 years ago | (#16419919)

In some countries the SSN-equivalents are public and not excpected to be a secret usable to prove your identity. E g in Sweden the Personal Number of all citizens is public. No organisation would use knowledge of the PN as proof of identity. That is what a photo id form an acreditied organisation is used for. The PN is simply a good key to use.

One may argue that having compatible unique keys in almost all databases enables or at least simplifies abuse by correlating various databases. But as far as identity theft goes, the SSN only enables it if the SSN are expected to be kept secret. AS long as they are public they are no more useful for identity theft than your name.

What exactly is the problem? (1)

pe1chl (90186) | more than 7 years ago | (#16420695)

"My company, a fairly large telco, still uses social security numbers for non-financial purposes; mostly for our IT ticketing system. I find it amazing that in these times, with how easy it is to use an SSN to obtain credit, that any company still does this."

I would say that the problem is not that your company uses the numbers for non-financial purposes, but that it is easy to use it to obtain credit.
*that* is the thing that should be fixed. Don't attempt to keep something like an SSN a secret, because that will certainly fail.

Here in the Netherlands we have our equivalent of the SSN printed on just about every document and letter, and nobody considers that a problem.

It's a big project (1)

anon*127.0.0.1 (637224) | more than 7 years ago | (#16420819)

My former didn't stop SSN as employee ID until they launched a two year project to consolidate all the the various HR processes into one big enterprise management software package. Keeping identification numbers straight during the switchover was a huge headache. Every current and former employee had three ID numbers during that time.. SSN, old employee ID (which was 0 + SSN, don't ask me why) and their new randomly-assigned employee ID. Keeping those numbers straight during the transition, making sure every single old database was scoured and updated, knowing which numbers to use in which situation... all of it was a major headache.

It didn't help that we had a couple of major gaffes during the transition. At one point late in the process, a letter was sent out to all 6000+ employees with the information that "Your new employee ID is printed in the upper left corner of the address label on this envelope. If you have any questions call HR at xxx...". Except that somehow they managed to mail out all 6000 of those letters without anyone noticing that actually, the new employee ID *wasn't* printed in the corner of the label. Or anywhere else for that matter.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>