Privacy and your social security number

Pretty much everybody in the USA has a social security number (SSN) and much of the private and public data related to us is attached in one way or another to that SSN. Not a bad system, you might say. After all, a more-or-less random 9 digit number is fairly secure.

The problem is that our SSN is anything but random. In fact, apparently it's pretty predictable. In a new study conducted by Alessandro Acquisti, associate professor of information technology and public policy at Carnegie Mellon, has shown that public information readily gleaned from governmental sources, commercial data bases, or online social networks can be used to routinely predict most and sometimes all of a person's SSN. The study findings will appear this week in the online Early Edition of the Proceedings of the National Academy of Science (PNAS)

Carnegie Mellon views this news as sufficiently serious to merit setting up a website solely for the purpose of educating people about security and SSN.

Acquisti and Gross tested their prediction method using records from the Death Master File of people who died between 1973 and 2003. They could identify in a single attempt the first five digits for 44 percent of deceased individuals who were born after 1988 and for 7 percent of those born between 1973 and 1988. They were able to identify all nine digits for 8.5 percent of those individuals born after 1988 in fewer than 1,000 attempts. Their accuracy was considerably higher for smaller states and recent years of birth: for instance, they needed 10 or fewer attempts to predict all nine digits for one out of 20 SSNs issued in Delaware in 1996. Sensitive details of the prediction strategy were omitted from the article.


Pretty scary stuff for younger people. People in my age group didn't get SSNs until we got jobs so we're less easy to predict. In cases where you can guess the complete SSN in 10 or less attempts---something that is essentially instant when using a computer program to automate coded number entries---using the SSN for security is a joke. Any hacker who bothered to get just a few items of data, easily found, like birthplace and hometown, can then hack into all sorts of supposedly private accounts.

I guess it might be a good idea to be a wee bit secretive about where I was born---and when. You might want to take that precaution too!

Comments

jan said…
I can't believe the amount of information some people put on the internet about themselves. On a classmates page, for instance, there for all to find is the year they graduated, thus a pointer to their age, and the city. A number of them would also be born in that city. Also pictures of their children. Scary.
Into the Light said…
I've known about this for some time, as I've dealt with SSNs for years. But in order to predict someone's SSN you'd have to spend some time figuring out the triggers for the patterns. Not impossible as the study shows, but you'd have to have access to a data on a sizable number of people to start with. I like to think the government keeps that a little private, but who knows. Still, I used to be able to pinpoint the area of the country people were from by their SSN and age. I never tried to do it in reverse though. LOL. And I'm too ethical to use the info for anything illegal. :-)
I knew there was a way of tracking that stuff back when I opened my first checking account. I gave the clerk my SSN and she asked if it was obtained in XX state (different than where I was at the time). She said the first three digits indicate what state the card had been issued in.
kenju said…
I guess I am doomed, then, because everything about me is on the web somewhere. My saving grace is that there is nothing for them to steal.
Smug said…
When Chris and I were at the courthouse getting our marriage licence, she asked for his SSN, when he told her, she said, "Oh you must be from New Mexico" She knew that just from a few of the numbers in his SSN! A bit freaky!
tiff said…
Sometimes it's good to be old!
rosemary said…
My husband is beyond secretive with personal info....but....his SS# was still used by an undocumented worker in California to get a driver's license, job etc. and we had our tax refund held up because this idiot owed back child benefits to Welfare!!!!
oklhdan said…
Scary world we live in. Way too much information available to anybody wanting to use it for no good.

Popular posts from this blog

ankles: the sequel

Natural Gas Pipeline in Mebane

The New Season--part 1