Your social security number is the key to your identity. Its confidentiality is of the utmost importance, and individuals take intensive measures to protect the confidentiality of their social security numbers, especially as recent information security failures have compromised numerous identities in online scams. But what if no one even needed to hack into your bank information or send you a phishing email to steal your social security number?
Recently, a team of computer scientists from Carnegie Mellon University discovered that using select public information they can actually guess a person's social security number. They concluded that there are “distinct patterns in how the numbers are assigned” that correlate to an individual’s date of birth and state that they were born in. The computer scientists used information from the “Death Master File” from 1989 to 2003 to conduct an experiment to see how accurately they could predict the nine digit numbers. They were able to successfully predict the social security numbers of 8.5 percent of the 1000 records that were used in the experiment. The frightening factor in this experiment is that this process is legal. The information that the Carnegie Mellon computer scientists used was public information to which almost anyone could gain legitimate access. Personal profile sites like facebook.com make this information even more accessible as most individuals have their date of birth and home state on their profiles.
Privacy expert Alessandro Acquisti said that this is a matter of policy, not of personal protection. He stated that information like names and birth dates are already on the web. Because it is becoming nearly impossible to absolutely protect social security numbers, policy makers are reconsidering the use of social security numbers as personal identifiers. The Washington Post quoted Alessandro Acquisti as saying, "Our work shows that Social Security numbers are compromised as authentication devices, because if they are predictable from public data, then they cannot be considered sensitive." The issue has recently been pushed into the spotlight as Washington lawmakers are attempting to prevent businesses from asking new employees for their social security numbers because the routine use of social security numbers is contributing to the problem.
Sources:
Krebs, Brian. "Researchers: Social Security Numbers Can Be Guessed." The Washington Post. 6 July 2009. Web. 10 Sept. 2009. http://www.washingtonpost.com
Leggett, Haddley. "Social Security Numbers Deduced from Public Data." Wired. 6 July 2009. Web. 10 Sept. 2009. http://www.wired.com
Thursday, September 10, 2009
Subscribe to:
Post Comments (Atom)
Posts
This is a really interesting revelation -- the fact that people, likely potential attackers, actually do have a legitimate chance at accessing your social security numbers because they are not 100% randomly assigned. I guess that it would make sense to have some sort of system in assigning SS numbers, so that you don't accidentally assign the same number twice, or something.
ReplyDeleteI would think that this sort of information would lead people to have second thoughts about how they use the currently popular social networking sites. A lot of people don't hesitate to post up their birthdays and other personal information on our profile pages, like on Facebook and Myspace. While I understand that users can change their privacy settings so that users have to "Friend" someone else in order to see some of this personal information, this is not necessarily an incredibly effective security measure -- I am sure that a few of us have accepted a friend invitation from random strangers at one point or another, sometimes for the heck of it. I wonder if increased publication of this sort of news would lead to a decrease in use of social networking sites. Somehow, I doubt that there would be any significant impact.
This totally makes me think about how safe my identity really is if it can be LEGALLY predicted through the usage of sophisticated technology! Because innovations within our society are becoming more and more advanced, and the protection of millions of people's financial futures lie in the hands of a nine-digit number, then it seems that the privacy that we hold so dear in our social security numbers will soon become obsolete. If this occurs, then legislation should put into action some type of provision for another type of personal identification. We no longer need hackers or criminal minds to rip into our computer databases and steal our identities...rather they can be guessed?! It seems that whoever created the notion of social security numbers would have thought to not have the numbers allocated based on year or state of birth, but something much more random.
ReplyDeleteHonestly this does not surprise me at all. But at the same time it is frightening that this technology could fall into the wrong hands and actually lead to social security numbers becoming obsolete in regards to securely identifying us all. I wonder if that actually happens what then would the government use as the primary method to identify everyone? And then the next step would be how much money that would cost and how much time would it take? This is an interesting article but I always wondered why stuff like this gets published because what if some psycho reads this and spurs some creative way for he/she to cause trouble. I know that sounds stupid but it could happen.
ReplyDelete