
Loophole Ends the Privacy of Social Security Numbers - endswapper
https://www.bloomberg.com/view/articles/2016-09-15/this-loophole-ends-the-privacy-of-social-security-numbers
======
etjossem
> "The whole point of the federal privacy law is to prevent states from making
> the Social Security number into a nationally mandated identification number
> of the kind that’s common in Europe. The practice goes back to the immediate
> post-World War II era, when Sweden became the first country to assign every
> citizen a personal identity number that follows you throughout your life and
> must be used in essentially every interaction with state. Every Swede
> memorizes the number in childhood. And notably, the tax authority makes
> everyone’s number publicly available to anyone who asks for it."

This wouldn't be a bad thing if we didn't also use the SSN as proof of
identity. Numbers as "usernames" for individuals are fine. But they should not
also serve as "passwords." That particular cat is already out of the bag. The
list of people who know or have access to your social security number includes
dozens of bank personnel, medical professionals, standardized testing
agencies, previous employers, and government employees. It is entirely
possible for malicious actors, given any other personal identifier (a unique
full name, or any full name plus address), to find the associated social
security number.

We simply cannot expect any SSN - let alone its last 4 digits - to be known
only by the person to which it was issued.

~~~
bsimpson
For many people, the last 4 digits are the only ones that aren't easily
deduced if you know the city a person was born in and the person's approximate
birthdate.

~~~
etjossem
And for this reason, many SSN verifiers (banks, government agencies, etc) ask
for the last 4 digits. Then they store them in a dusty database somewhere and
forget about them until they have to verify identity again, or there's a major
breach.

That last part is the part that keeps me up at night.

~~~
Iv
Even if they didn't, given the number of state-level administrations, I am
sure I can get close to the 9999 attempts I need to brute force a code. I
wonder how many automated attempts are possible.

------
int_19h
The opposition to the national ID in US is really, really weird. Especially
when it comes from many of the same people who insist on photo ID when voting,
because they're afraid of non-citizens going to vote. Since the federal
government is the one that keeps track of things such as immigration status,
it stands to reason that it should be the one issuing IDs that are used for
voting purposes - and at that point you might as well use it for everything
else.

And, of course, SSNs are already a de facto national ID system. It just
happens to be one that wasn't designed for ID purposes, and so it's very
suboptimal (but any government abuses you could do with a proper ID, you can
also do with SSN).

~~~
mturmon
Opposition to using the SSN as an identifier started out as a privacy thing.
It's also the reason that the Social Security Card itself is so flimsy and
bare-bones. They did not want it to become a national ID card.

I used to respect this, but as time has passed, I think crooks and scammers
get more benefit out of the lack of ID than most of the public gets out of
these rudimentary guards. Anyone remotely serious (nation-states and bigcorps)
can ID me if they want.

~~~
PhantomGremlin
_They did not want it to become a national ID card._

I laminated my card because it was flimsy. It's still OK over 40 years later.
My card has the following words on it:

    
    
       FOR SOCIAL SECURITY
       AND TAX PURPOSES --
       NOT FOR IDENTIFICATION
    

_time has passed_

Yes you are right. That ship sailed way back in 1972 when the SSA removed
those words.[1]

[1]
[https://www.ssa.gov/history/hfaq.html](https://www.ssa.gov/history/hfaq.html)

~~~
Tactic
Just a note that the SSA advises not laminating your card.

[https://faq.ssa.gov/link/portal/34011/34019/Article/3786/Can...](https://faq.ssa.gov/link/portal/34011/34019/Article/3786/Can-
I-laminate-my-Social-Security-card)

~~~
PhantomGremlin
That's good advice for the newer cards.

Back in the old days there were no security features. The name was hand typed
onto the card. Here's an earlier example than mine, note that the text at the
bottom is different:
[http://www.elvispresleymusic.com.au/pictures/img/elvis/50s/5...](http://www.elvispresleymusic.com.au/pictures/img/elvis/50s/50/elvis_social_security_card_1950.jpg)

Can any of you young whippersnappers (whatever that means!) tell me who that
person was? :)

------
criddell
I don't understand how people can pretend that a SSN isn't a national ID
number. Of course it is.

If a state wants to show that it isn't, then make changes that make the number
unsuited to being a national ID number. Let people pick their own number or
reduce it to a 4 digit number.

~~~
MichaelGG
It's federal isn't it? So it wouldn't be up to the state.

I'd want to read the actual decision because on face value, this seems
ridiculous. Basically every agency can just get around the Privacy Act saying
"uh child support!". It should be up to the child support or taxation
authorities to go around and find people not paying and deal with them
appropriately.

Unfortunately, especially with people used to modern databases, I don't think
many people are used to thinking that the government's job should sometimes be
a bit more difficult.

~~~
fredgrott
Yes, it would be up to the state..

LOOK AT YOUR DL from your state, does it show your SSN?

In some USA States we still can have our SSN not listed on our DL in some
other states we cannot

~~~
logfromblammo
In the states where the DL number is not identical to the SSN, it may still be
possible to reconstruct the SSN from the DL number. The SSN may also be
encoded in the 2D barcode on the back, without appearing on the face. There
may be a few states that have to query a central database in order to link a
DL number to a SSN.

But rest assured that every state will attempt to maintain such a link, and
will sell access to it for the right price. That's why you should treat every
request for your driver's license number as a request for your social security
number, even though it is probably not governed by the privacy protection laws
as it might be if the request was for a SSN directly.

~~~
FT_intern
Do you have sources on this? I remember doing research on this and concluding
that most states phased out basing driver's license numbers on SSNs

~~~
jandrese
I thought it was a provision of the RealID act that states couldn't use your
SSN as your driver's license number anymore.

IMHO, the idea that it's a secret number has been shot for years now. Fretting
over who can find your SSN is pointless because the answer is anybody. It's ok
as long as you don't give any special privileges to someone just because they
know another person's SSN. It's no more special than your full name.

~~~
logfromblammo
I'm not entirely certain whether all states have decided to comply with the
requirements of RealID for their drivers' licenses. Last time I checked, there
were still some holdouts, but that was quite some time ago.

------
danso
I wonder how much of the desire to hang on to SSN as a private identifier is
rooted in the fact that SSN's contain a bit of personal data. Until 1972, the
first 3 digits represented where you were born or where the card was issued.
Afterwards they represent the mailing address for the application for the
card.

And because of that design decision, some states were fairly close to running
out of SSNs:
[https://www.ssa.gov/policy/docs/ssb/v69n2/v69n2p55.html](https://www.ssa.gov/policy/docs/ssb/v69n2/v69n2p55.html)

Today, SSNs are randomized:
[https://www.ssa.gov/employer/randomization.html](https://www.ssa.gov/employer/randomization.html)

Considering the numbering system was created in the 1930s, their idea of what
constitutes a unique, private (i.e. hard to remember) number is a bit less
relevant today.

~~~
mindslight
IMHO it's just about trying to hold onto it being less generally useful, as
was initially promised. The government pulled the same "limited scope"
bullshit they did for all the recent "terrorism" "laws".

Enumerating and precisely identifying citizens is _the basis of mass
surveillance_. For most every societal use, a name and a birthday is good
enough identification. Individuals should not be perfectly legible to the
government, because then the rulers are further tempted into demanding that
reality conform to their whims.

Of course now that government-cum-computer has entrenched and precessed, there
are many areas where precise identification will help preserve one's rights.
If one shared a name and birthdate with a wanted criminal, they certainly
would want to be distinguishable!

But such situations are really due to the system asserting that its
abstractions are airtight. For example if someone applies for credit in my
name, the crime that has occurred is _fraud_ and I am not involved. But the
system (within-abstraction) diagnoses the situation as _me_ being a victim of
"identity theft", transferring blame to the individuals affected by its own
shortcomings! Further cementing the abstractions further strengthens belief in
them, making these failure modes even harsher.

Another practical problem in the US is that the government fails to prohibit
the use of such identifiers for private purposes, under a half-applied theory
of private contract (or really just money talks). So we end up with the
double-edged sword of the free market combined with a government mandate,
which destroys individuals' _sole_ power of _exit_ versus otherwise
unaccountable corporate entities.

------
quotemstr
The entire SSN system is a disgrace. We've had the cryptographic tools for
decades to do it right, but we instead treat SSNs as both identifier and some
sort of awful bearer token. In any sane system, knowing an actor's precise
identity should not permit impersonating that actor!

~~~
dragontamer
Social Security was invented in 1935, and the first Social Security cards were
passed out in 1937. The SSN system has been virtually unchanged since then.

There's absolutely no disgrace about the SSN system: it did the job quite well
decades before the invention of the computer. The disgrace is that no system
has come to replace it in the last 80 years.

The US Post Office sent out a RFC suggesting that they're contemplating a
national-identity system btw, complete with PKI infrastructure and
cryptographic proofs. They're probably the best agency to verify the
identities of millions of Americans (any American with a home / post office
address can be verified by a Post Office employee).

But that's all speculation. I don't recall any news suggesting that the US
Post Office has actually been approved to roll out this hypothetical
identification system. (But honestly, I do think its a good idea and would
support such an initiative)

\--------------

In any case: Social Security Numbers aren't a problem. We all need to be
tracked by the social security system so that we get benefits.

The problem is that every government agency is using SSNs as if they were good
identifiers. I mean, yeah, its good for the government to "save money" here
and recycle the Social Security Administration's hard work in listing all
American Citizens. But this is definitely an area of the Government where I'd
prefer more money were spent on a "proper solution", as opposed to the minor
cost savings of centralizing it all on the shoulders of the Social Security
Administration.

\---------------

Repurposing the US Post Office would serve multiple purposes:

* The US Post Office has been downsizing recently. IE: Lost jobs, fewer benefits, losing money. Etc. etc. If the US Post Office took on more work and did something essential in today's computer-based society (aka: if they were the gatekeepers of a National-identity PKI certificate), it'd give all those Post Office workers a job in an age of declining snail-mail.

* Very large agency with a staff who specializes in physical contact with a huge number of Americans. There are very few agencies that have the size, scale, and connectivity of the US Post Office.

* A PKI-based national identity certificate would replace SSNs as the national identifier of choice. With proper security / proper certificate handling, it would be significantly safer than SSNs. Proof through physical access + identifiers (ie: Government-issued ids, like Passports + Drivers Licenses) is a solved problem with the Post Office. Post Office employees are regularly trained to verify Birth Certificates, Drivers Licenses, Passports and so forth. They know how to verify identities physically.

~~~
TheCoelacanth
The problem isn't with the concept of SSNs. The problem is that everyone and
their uncle asks you to disclose them yet we still have the delusional idea
that they are secret.

~~~
toufka
Though everyone and their uncle asks you to disclose SSNs, you don't actually
have to. Tell AT&T that it's none of their business, tell your university, 'no
thanks', etc. Though everyone asks, the only people you should tell are your
bank, your employer, and the IRS.

~~~
mkhalil
This doesn't really work in practice. Have you ever applied for a credit card
without a social? Sure, they can't require you to provide it, but the odds for
getting approved without it are virtually nil.

------
jedberg
Anyone who thinks an SSN is a secret is naive at best.

Back in the day, your student ID at California State schools was your SSN. It
was on your ID card, which you had to present to do anything at the school.

~~~
cgusto
Wasn't even that long ago. In 2006, the CSU I was at still used your SSN for
everything - including logging into the computers. This particular school has
since changed this, but I wouldn't be surprised if the practice is still used
elsewhere.

~~~
jedberg
Wow. I know at CSULA it was SSNs in the early 90s, but they were already
phasing it out.

------
InclinedPlane
What's fun about SSNs is that proof of them having been leaked isn't
sufficient to get a new one, you have to become the victim of fraud based on
your SSN having leaked to get a replacement.

~~~
jdmichal
Honestly, that's somewhat understandable. Otherwise, there would be plenty of
advice that you should rotate your SSN every year, just in case... While that
would be an ideal final state, in our current state that's probably not a
great idea.

I suppose ideal final state would be some combination of a cryptographic
certificate and a rotating security token ala RSA SecurID. The token is enough
to verify that you possess the certificate, but has no unique value in-and-of
itself.

~~~
InclinedPlane
Right. But remember, this applies to cases where you can prove that your SSN
has been _stolen_ , which isn't enough to get a new one (if it were about 2/3
of Americans would be able to get one, most likely).

The big problem is that the SSN is completely, utterly a bad idea in the 21st
century, but nobody is working on a superior replacement because things aren't
"that bad yet".

------
norea-armozel
I really wish we would just standardize identification in the US but it's
likely that such a standardization will result in 50 "standards" which don't
talk to each other and are vulnerable to all kinds of attacks. I say this
mostly because I've seen some of the crap that passes for IT in my home state
(Kansas). And it's a mess. I can only imagine it gets worse the bigger the
state government.

------
ourmandave
Haven't we moved on from pretending SSNs are secret or useful in any way? Now
there's two factor authentication ("what's your favorite color?"), etc.

When I read that The Hackers have my SSN again I'm not really that worried
having lost count.

But if we had a Federally issued Secure ID, when (not if) that got hacked I
would worry a lot.

~~~
JadeNB
> Now there's two factor authentication ("what's your favorite color?")

Not so great an example of secret information …. TFA is useless, I think,
unless you are allowed to pick the question. (Or, of course, you can give
site-specific nonsense answers to repeated questions, but most people don't do
that.)

~~~
WorldMaker
"Secret questions" are almost always not two factor, they are "Wish It Was Two
Factor". The two factors are supposed to be: something only you know (a
password) and something only you have (a physical key or device you keep with
you).

Secret questions are still just something you know, therefore not a second
factor from passwords. Secret questions are often worse than two factor
because they _also_ violate the "only you" part of the security factors by
often asking mostly the equivalents of public record information making them
generally only about as useful as tertiary usernames/IDs. (Which is why the
advice these days is to treat them as passwords and give them pseudo-
randomized phrases, unconnected to actual answers of the stated question.)

~~~
JadeNB
> "Secret questions" are almost always not two factor, they are "Wish It Was
> Two Factor".

You are right. I was going along with what I perceived as my parent
([https://news.ycombinator.com/item?id=12509768](https://news.ycombinator.com/item?id=12509768)
)'s identification of 'secret' questions with TFA, but I shouldn't have. Thank
you for the correction.

(Also, although surely there aren't many such people around here, for anyone
who doesn't get your reference: [http://thedailywtf.com/articles/WishItWas-
TwoFactor-](http://thedailywtf.com/articles/WishItWas-TwoFactor-) .)

------
pravda
In some states, you have to give your SSN to get a driver's licence.

~~~
protomyth
North Dakota once used the SSN as the driver's license number. That's been
corrected.

------
libeclipse
How is it decided if one law supersedes another? It seems pretty strange to
have contradicting laws, especially since the federal privacy act is very
broad in its statement.

~~~
sbuttgereit
Given the volume of law that we have, it's not surprising at all that there
are laws which contradict other laws.

Decisions of which law supersedes another are more often than not up to
judges, and sometimes juries, in cases like this. Other laws can be written
which try to settle the questions, too, but by and large it's the court cases
which settle precedent.

This is why who gets to be a judge is such an important question. At the end
of the day, the decisions of individual people who are judges can hold an
incredible amount of power... and so long as their decisions are well reasoned
(or well rationalized)... they can determine how we can live (or not live) our
lives.

(edited for clarity)

------
alkonaut
How about just make the SSN a proper national ID, issue everyone with proper
photo + SSN Id cards?

The SSN is a username, not a secret password. I fail to see how it can be more
of a privacy concern that authorities (or other people) know your SSN, than
that they know your middle name?

------
cloudjacker
The ironically named Federal government should just finish subjugating the
states , completely, so that these silly idiosyncrasies stop existing

We would be better off if we stopped pretending there is any form of
federalism here as the states contribute nothing to the aggregate whims of the
national government as it continues to tolerate their mentally challenged
courts, useless evolving body of opaque case law, and patch work of redundant
executive departments. Literally the only things states do is adversely affect
interstate commerce.

The national government has complete leverage over every state, and will just
as well sanction any one financially just as fast as it would sanction a
foreign nation state, when it becomes interested in an outcome such that the
10th amendment is null and moot.

The consequences, politically, are very minimal, as these bankrupt states are
reliant on the teet of the national government that long ago granted itself
the authority to regulate all nuances everywhere.

------
protomyth
I wonder if it would be possible to have private, certified identity providers
for people.

~~~
ceejayoz
Notaries public?

~~~
protomyth
I mean more in the sense of issuing an acceptable id number. It would probably
be a stretch to get a Notaries public to do that.

------
simbalion
The author is really late to this particular party.

[https://replacethessn.xyz/](https://replacethessn.xyz/)

