This site shows how Social Security Numbers are handed out in the US. There are two problems with SSNs. The first is that they provide a unique key for an individual, and therefore can be used to tie together information in all kinds of databases to make a complete picture when perhaps such a complete picture should not be available. Proper legislation that provides a strong privacy safe harbor and a short enumerated listing of acceptable uses could solve this problem. This issue is the “national ID” issue, and the closest thing we have today in the US is state drivers licenses.

The second and more immediate issue is that SSNs are being used both as identifiers (because they are a unique number) and as passwords. You call up a bank, for instance, and to verify your identity, they ask for your SSN and a mother’s maiden name. Businesses frequently have to use their Tax ID number as a secret code. The massive and readily apparent problem with this system is that you cannot have one item serve as both an identifier and a secret key. This should be obvious, right? If I want to keep something secure, I need a secret key to protect it. A secret key can take the form of a password, a random string of numbers, whatever, but the most important part is that it is non-obvious, so that people can’t easily guess it, not readily available to a random person, and, most important secret, so that the only person who knows it is YOU.

Computer passwords are usually stored in something called a one-way hash, which basically means that it cannot be reconstructed if someone were to compramise the computer.

A Social Security Number fulfills none of these requirements. First, because it is being used both as an identifer and a password, plenty of people have access to it. Bank employees, government employees, your employer and some of the people you work with, car companies, insurers, schools, the state, county, and local government. Accountants. Some stores. Credit card companies. The list goes on, and it is continuing to expand as more and more companies and organizations are using SSN as a unique key. Even if someone doesn’t have your SSN, however, they can still guess it. As the page linked above demonstrates, your SSN is just a serial number, meaning it goes in order.

If you know where someone is born, you can figure out the first three digits. Know when they are born and you get the next two. Now there are only four digits left, and they go in order. But it is even easier then that. Pay a few bucks to any of a myriad of sources and you can get someone’s SSN, and from that medical history, insurance records, employment information, legal history…the list goes on.

My solution, and that of many privacy advocates, victims of identity theft, and concerned individuals, has been to avoid giving our your SSN at all costs. But just not giving out your SSN doesn’t really solve the problem. As the web page above shows, SSNs are easy to guess. As a few minutes of googling will show, SSNs are readily obtainable for a small fee. And experience shows that your SSN is everywhere, and the systems that it connects to, which are being increasingly linked together, often store inaccurate or mis-categorized data about you.

The solution is simple: restrict SSN use. It can be an ID or a password, but not both. Just like we have to remember different passwords online for different web sites, so should we in person. Ideally, companies could start utilizing public key infrastructures. A person’s public identifier key could be readily available, while his or her private key could be keep secret and safe. When someone needs to verify their identity, they can use their private key to digitally sign a document, and anyone can verify ther person’s identity against their public key. Now that is real security.