> They were created as usernames, but people treated them as passwords.
Fully agree, but I don't see how this refutes what I and the root-level comment (anti-IRS sentiment aside) are saying.
> the lack of security around SSNs is because they weren't intended to be secret.
The lack of security is not BECAUSE they weren't intended to be secret. The lack of security is because numerous organizations (including the IRS, until their introduction of an IP PIN) treated these "usernames" as though they were passwords.
It's not a design problem with original intent of SSNs, it's an implementation problem with any organization using them improperly. Gov't services are just as responsible as banks and credit agencies when they misuse them.
Fully agree, but I don't see how this refutes what I and the root-level comment (anti-IRS sentiment aside) are saying.
> the lack of security around SSNs is because they weren't intended to be secret.
The lack of security is not BECAUSE they weren't intended to be secret. The lack of security is because numerous organizations (including the IRS, until their introduction of an IP PIN) treated these "usernames" as though they were passwords.
It's not a design problem with original intent of SSNs, it's an implementation problem with any organization using them improperly. Gov't services are just as responsible as banks and credit agencies when they misuse them.