Social Security Numbers are Not Random
Social Security Numbers are not random. In some cases, you can predict them with date and place of birth.
Information about an individual’s place and date of birth can be exploited to predict his or her Social Security number (SSN). Using only publicly available information, we observed a correlation between individuals’ SSNs and their birth data and found that for younger cohorts the correlation allows statistical inference of private SSNs. The inferences are made possible by the public availability of the Social Security Administration’s Death Master File and the widespread accessibility of personal information from multiple sources, such as data brokers or profiles on social networking sites. Our results highlight the unexpected privacy consequences of the complex interactions among multiple data sources in modern information economies and quantify privacy risks associated with information revelation in public forums.
I don’t see any new insecurities here. We already know that Social Security Numbers are not secrets. And anyone who wants to steal a million SSNs is much more likely to break into one of the gazillion databases out there that store them.
predictable • July 24, 2009 11:00 AM
The problem with SSNs is that they were never intended to provide proof of identity or security. It was simply a number attached to a name to differentiate people with similar names for the purpose of delivering federal benefits. Instead, the problem lies with our banking and credit systems which are misusing SSN’s as a way of verifying one’s identity. The problem lies not with the SSN, but the poorly thought out identity-verification procedures used by the rest of society. It is somewhat unnerving to know that the people trusted with safeguarding our financial systems know no better way of verifying our identities than asking for a name and number combination which can be easily discovered or guessed.