Thursday, September 10, 2015

Protecting Social Security numbers

    I talked last week with a person that had their identity compromised when their Social Security number was stolen.  This dramatic action had made their life one of having difficulty with their credit cards, calls from creditors and other endless complications to their life.  You don't realize how much of a problem this is until you talk with someone impacted as this person was.  It is funny how the cards all say that they are not for identification purposes but that is no longer true.  I even remember when college professors would post our grades on their door identified by our Social Security number.  Remember when your health care provider used your Social Security number as your policy number?  Unfortunately you are supposed to still carry your Medicare card with you and your number is your Social Security number.  Maybe it is time to recognize that the use of Social Security numbers are no longer the best way to identify ourselves to government and financial institutions.  We need to develop a system of using a PIN or some other means to make it more difficult to steal and use our Social Security number.  The digital age require a digital solution to improve how we are identified.

   The IRS has developed a PIN system to prevent the filing of false tax returns.   I bet you didn't know this.

    Supporters of Kim Davis, the county clerk in Kentucky who has refused to issue marriage certificates because she opposes gay marriage, have been comparing her resistance to Martin Luther King when he was jailed in Birmingham in the 1960's,   I think a fairer comparison to that time period is here.

1 comment:

Anonymous said...

Yep, great post, Duane. SSN's are the perfect "bad example" of system engineering. It's exactly what NOT to do. SSNs were originally IDENTIFIERS - they were just an account number, and could be public with no problem. They didn't necessarily have to be unique - there are people who have had multiple SSNs; there are cases of the same SSN being assigned to different people. It didn't matter, as long as SSA could keep your account straight.

But over time, "the system" decided that we all need national ID numbers, and that they should be AUTHENTICATORS - if you know the value of the SSN, that's knowing the password, and you must be that person, right? SSNs wound up as the national ID number, with the caveat that the national ID number must be secret.

Of course, until recently SSNs were easily guessable if you had an idea when and where somebody was born. The first digits were assigned geographically - 21x was Baltimore/Washington; 43y was New Orleans; 52z was Denver; etc. The numbers were then assigned sequentially; it didn't take much work to figure out what value a New Orleans number issued in the early 1970s would have for its middle digits. Surprise - only the last 4 digits are "secret." (Numbers are now assigned "randomly" but that's no help for the other hundred fifty million or so.)

So, why not change? In two words, "money" and "politics." "Politics" - we'd have to openly acknowledge that we all have national ID numbers, and few people want to acknowledge that fact. And who'd be in charge of these national ID numbers? Homeland Security; the IRS; the FBI? "Money" - it would cost a LOT to start over with a whole new system. Nobody wants to spend that.