Your social security number isn’t secure
Click here to read more about SpamStopsHere, the e-mail security company that brings you this blog.
Scott Bauer of the Associated Press wrote an article yesterday titled ”States faulted over privacy breaches; tighter security urged“. The article mentions several recent information security breaches by government agencies, with the purpose of pointing out that it’s not just private companies that are failing in this area.
Bauer writes about a privacy activist by the name of Betty “BJ” Ostergren who has been working at getting many state agencies to prevent social security number information from being published in online public records. This is a noble cause, and I’d like to commend Ostergren for protecting our social security numbers while federal agencies and private corporations continue to use this number to authenticate us.
Your “social security number” doesn’t have the word “security” in its name because it’s secure. The number was never meant to be secure, and its purpose is just to identify a specific person or account in the federal system. An account number can not be used to authenticate the identity of a person. However, many private companies and federal agencies continue to use it in this manner.
Until U.S. citizens all have their own uniqie implanted identification chip, each organization that needs to authenticate their account holders needs to establish an authentication method when the account is opened. I shouldn’t be able to call up my bank and get account information with just my social security number, birthdate, and ZIP code. Although this is terribly convenient for myself and my bank, none of this information was ever meant to be part of an authentication mechanism. Information used to identify a specific person or account doesn’t authenticate the identity of the account holder or an authorized account administrator.
Until the practice of using public information as an identity authentication mechanism is changed, this country will continue to have huge problems with unauthorized account creation and changes.
April 29th, 2008 at 3:57 pm
I remember less than 5 years ago being able to go to the Hamilton County court of clerks website, look up traffic tickets by last name or license plate number, and see a scanned copy of the ticket, including the defendant’s social security number, birth date, address, and even signature.
Today, those records are not available through the website, but they are still available through the mail.