the real issue here is everyone assuming social security numbers are meant to be 'secret'. It is a terrible way to authenticate someone. There have been recent studies to show how non-random someone's number actually is.
Someone recently suggested the 'nuclear' option of making everyone's social security number public and forcing all institutions to figure out a better model. This may be too extreme but something like that may be necessary
I agree that SSNs are used in a contradictory manner. They are both a universal identifier -- something you have to give to open a bank account, etc., and something that many places use to track your information, and a universal authenticator, wherein only YOU are supposed to know your SSN.
It's like requiring everyone's username to double as their password. It is seriously broken system, something else has to be figured out.
I once worked somewhere where to reset your network password you needed to provide the last 4. As in anyone could use anyone's account without even guessing the password.
To make matters worse, I had my username wrong, and so they helpfully told me "my" SSN, which was someone else's.
We live in a world where I have an 8 digit alphanumeric password protecting my weather preferences, but nothing protecting my credit.
and while we're on the topic of how broken SSN's are...
why is it that the most important piece of identification you receive in your life, that you also need to keep forever, is printed on a crappy piece of paper???
I was really astonished by this when I moved to the US from Canada. Canada gives you a plastic card while after 7 years, my SSN card has pretty much turned into a disintegrating pile of paper dust.
I just get annoyed whenever I'm asked for my social security number for something stupid. They always ask me for it at blood drives, and if I ask why they need it, they get really mad and have never given me a decent answer. If I refuse they assign me a different tracking number but treat me like dirt the whole time.
At least it's not legally required. Every company needs to have an alternative from my understanding. Not sure where this is stated, but at least every company, aside from financial institutions, has allowed me to not use an SSN. It just usually takes a conversation with a couple supervisors and a callback.
The annoying thing is precisely the conversation that is required to convince the person on the other side of the phone call that they do not, in fact, require your SSN.
This always irks me, particularly because I feel uncomfortable questioning protocol. Sometimes I refuse. Sometimes I pay by credit card and they say they need it for confirmation.
In most cases the phone number is the best way to geocode a buyers location. There are a lot of business location analysis going on in the world and geocoding a buyer is a huge part of that.
I usually always give out my phone number (I am a geographer, like I was excited when the census came.) and I have never had calls from the GAP or other stores solicitating anything.
Take off the tinfoil hats and help us geographers!
I had this happen when trying to buy some printer paper. I asked "Why do you need that?" and they said it was so that I could return items without a receipt.
People just kind of latched onto it because it's a number (supposedly) unique to each individual that most people have memorized.
Names don't work because there are many people with the same name, and besides, they are alphabetic. Phone numbers occasionally transfer to others, as do physical addresses, etc. A Social Security number is always unique to its possessor (theoretically) and, for most adults, is available immediately in memory.
As such, it's become a popular "customer ID", as it were, in a lot of systems. If you assign each individual their own ID, they will forget it and mix it up with other IDs from other places, so an SSN is easy for everyone involved.
The problem is that people assume that an SSN is exclusive knowledge and use it as an authenticator -- when something is a universal identifier that you must write on many documents and give to many people (usually along with all other personal stats like address, phone, names, etc.), it just isn't reasonable at all to think that that can function secretly.
When asked for an SSN, a lot of people don't refuse because they imagine the fight would be fruitless and they'd be denied access to the thing they were trying to get. Some people don't understand much about SSNs or how easy it is to steal identities with them, so they don't mind giving it out. There are certain places where an SSN is legally required (for instance, opening a bank account) and sometimes it's hard to know if you're obligated to give the info or not.
Perhaps it wouldn't be so bad if the SSN were used merely as a user ID and there was an authenticator required in each case, but as it is now, in most cases, you can walk in with an SSN and a few widely published data like name and address, and obtain all kinds of loans and accounts from all kinds of places in the name of the SSN's registered owner, because people assume that only the real owner is able to know the SSN. It's this assumption that is responsible for our difficulties.
One of the biggest users of social security numbers for identification is the US military. When my dad was in the army, my mom and I both had his SSN memorized because we had to use it so often on paperwork.
In fact, the US military uses the SSN for the serial number, as in "name, rank, and serial number", the (only) information you are supposed to report to your captors if taken prisoner.
I've always worried that enemy forces would capture our troops, steal their identities, and then ruin their credit.
Anyway, I have access to the SSN of just about everyone in the army over the last five years. The do give the special forces people substitute SSN numbers but other than that it's fairly easy information to get access to if you if you are doing any sort of analysis of army trends.
Hell, they might as well. Our college used them as ID numbers for the first year I was there. We wrote it on all our tests. Forget about it, that stuff isn't secure.
My brother had his identity stolen while he was in school. The perpetrator turned out to be a person who worked in the registrar's office!
When I started grad school they used SSN as the ID number too. I went to the registrar and asked them to change mine. They said they couldn't do it because, as a TA, I was considered an employee and they "had to" use my SSN. You can imagine I wasn't happy.
I was working for the graduate dean's office at my university, and was helping set up a big presentation for new teaching assistants. One of the talks being given was the importance of security and privacy, with a lot of focus on keeping your SSN secure.
As the talk began, the presenter passed around a sheet and asked everyone to sign in - with their name, school, and social security number.
It made it halfway around the big conference hall, and halfway through the talk, before someone finally raised their hand and asked about the incongruity of being at a talk about the importance of keeping SSN's secret, while being asked to sign in with them.
Georgia Tech started off doing this and switched over to a fake 9 digit number while I was there (2001?ish). Since I still remember/recognize it, I use it as my SSN more or less everywhere except for work/W2.
Wow, how long ago was this? Totally a FERPA violation these days. Hell, even the randomly generated student IDs may be private soon. We're already implementing PINs that will need to be entered before staff can talk to students about billing and aid.
Someone recently suggested the 'nuclear' option of making everyone's social security number public and forcing all institutions to figure out a better model. This may be too extreme but something like that may be necessary