Date registered: Aug 2005
Location: Lawrence, KS (USA)
Mentioned: 0 Post(s)
Quoted: 3 Post(s)
||LinkBack||Thread Tools||Display Modes|
Department of Corrections: Recently in my Computerworld column, I suggested that it's a bad idea to use Social Security numbers as unique personal identification numbers "just because they're available and, well, they're unique IDs."
I was wrong -- way, waaay wrong. As several readers wrote to point out, a Social Security number is far from unique.
It turns out that millions of people have been assigned more than one SSN -- more than 4 million by 1973, according to one government report, and probably many more today. (The Social Security Administration's press office just told me that 1,744 people were reassigned SSNs in 2004, 1,679 in 2005 and 1,201 in 2006.)
How does that happen? The Social Security Administration doesn't reuse SSNs and doesn't like changing anyone's SSN. But the agency will sometimes do it in cases of domestic violence, identity theft, and religious or cultural objections (for example, numbers containing "666" are offensive to some people). A new number can even be assigned if members of the same family have sequential SSNs, and it's causing problems.
In those cases, one person can have two different SSNs as identifiers in a database. So much for uniqueness.
There's one other situation where the Social Security Administration issues a replacement number: when more than one person has been assigned, or is using, the same SSN. The most infamous case of that was 078-05-1120, which was used on a "sample" Social Security card by a wallet manufacturer. At one point, more than 5,700 people were using that number as their SSN.
And that doesn't include cases where a fraudster intentionally uses a specific person's SSN to fake that person's identity. Or where a prankster wants to cause problems for a victim. Or where someone wants to protect his own SSN, so he just pulls a number out of the air when asked to fill in a number on a form.
In other words, it's not unique, and it's not even a very good identifier.
But we're still using SSNs as if they were both unique and good identifiers, aren't we?
We use SSNs even though they're easy to fake, easy to imitate and easy to steal. We treat them as proof of identification even though they have zero value for authentication. And at the same time, we fail to keep them confidential, splashing them all over reports that really don't need them -- except, of course, as unique identifiers.
Which is exactly what they aren't.
We can't even straighten out this mess ourselves, because so many industries treat the SSN as a unique ID that it has become required data. Even though we know it shouldn't be used that way -- that it really won't work that way -- we can't get rid of it.
What we can do is box it in.
We can remove SSNs from printed reports. Long lists of SSNs aren't actually useful to our users -- just to identity thieves.
We can obscure the display of SSNs on-screen. The last four digits are roughly as useful as the whole number, and blanking out the rest reminds users that SSNs should be kept confidential.
We can make sure there's a real unique customer ID in every database -- even if it's never displayed to users.
We can build logic that requires more identifiers than just an SSN before a customer's information is displayed.
In short, we can filter out most of the routine overuses and misuses of SSNs that currently riddle our systems and business processes.
Why should we? Well, there's the logical reason: Since an SSN isn't a unique identifier, we shouldn't act as if it is.
Then there's the practical reason: The screws are turning on SSN use. Slowly but surely, laws and regulations are changing to restrict how SSNs can be used and to dictate how they must be protected.
If we start now, we won't need a Y2k-style crash effort to solve the "SSN problem" when the new rules hit our businesses -- just a few tweaks.
For once, we can be ahead of the game.
And wouldn't that be unique.
|Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)|