Why using Social Security numbers for identification is risky and stupid.

Inside the Internet.
July 14 2009 6:08 PM

No, You Can't Have My Social Security Number

Why using SSNs for identification is risky and stupid.

(Continued from Page 1)

One reason that Social Security numbers are so fouled up is that they're used as both identifiers—a way to keep track of which Joseph Smith you are—and as authenticators—a way for your cell phone carrier to verify that you are, in fact, Joseph Smith when you call to change your plan. Alessandro Acquisti, the lead author on the recent SSN-cracking paper, makes an analogy to phone numbers. Your number, which you're generally comfortable sharing with friends and colleagues, is a way of identifying you. The PIN number you punch in when you dial in to your voice mail is a way of authenticating that you're the owner of that number. No rational person, of course, would choose a PIN number that's the same as their phone number. But that's the way Social Security numbers work.

So what should we do to fix this?

Advertisement

One avenue would be to replace Social Security numbers with national IDs that are much harder to crack. (Many European countries have some form of national identification number.) An ideal system would have no obvious formula based on place or date of birth. While there are plenty of ways to increase security—for example, having an authentication number that's separate from your SSN, the way many credit cards now do—most people will tell you this isn't a good solution. Any system is likely to be cracked if the incentive is high enough, and an official national ID would potentially be a single point of failure if someone gets a copy of your number. And as groups like the Electronic Privacy Information Center frequently point out, the public tends to oppose the idea of a national ID, making the prospect of such a system unlikely.

The simplest way to improve upon SSNs would be to diversify the way we identify ourselves. If we started using different ID numbers for different things, you wouldn't be able to take out a line of credit in my name if you stole my driver's license. Creating a bunch of unique IDs, though, leads to a contradiction between two sacred American rights: the Right to Privacy and the Right To Not Having To Remember 100 Different Numbers. The harder it is for people to manage their information, the less likely they are to log in to secure systems—bad for e-commerce—and the more likely they are to do things like write their security code on a Post-it note stuck to their computer monitor.

That's a good start, but the better SSN solutions are technical. Cryptologists long ago developed efficient ways to encode information such that only the intended recipient can decode them, a system known as public key encryption. Many e-commerce transactions work this way, with the browser and the vendor exchanging "certificates" to prove their authenticity to the other. There is, admittedly, no simple way to adapt this system for human interactions in which you're reading your number to an offshore customer service representative.Some studies, like this one, have examined how to protect personal IDs in places like health care databases, but there is not yet a clear solution that uses this approach in a variety of contexts. In the foreseeable future, the best solution is the same one that worked in 1935: Use Social Security numbers for Social Security, and use different numbers for other things. And, for the millionth time, don't stick a Post-it on your monitor.

TODAY IN SLATE

Politics

Meet the New Bosses

How the Republicans would run the Senate.

The Government Is Giving Millions of Dollars in Electric-Car Subsidies to the Wrong Drivers

Scotland Is Just the Beginning. Expect More Political Earthquakes in Europe.

Cheez-Its. Ritz. Triscuits.

Why all cracker names sound alike.

Friends Was the Last Purely Pleasurable Sitcom

The Eye

This Whimsical Driverless Car Imagines Transportation in 2059

Medical Examiner

Did America Get Fat by Drinking Diet Soda?  

A high-profile study points the finger at artificial sweeteners.

The Afghan Town With a Legitimately Good Tourism Pitch

A Futurama Writer on How the Vietnam War Shaped the Series

  News & Politics
Photography
Sept. 21 2014 11:34 PM People’s Climate March in Photos Hundreds of thousands of marchers took to the streets of NYC in the largest climate rally in history.
  Business
Business Insider
Sept. 20 2014 6:30 AM The Man Making Bill Gates Richer
  Life
Quora
Sept. 20 2014 7:27 AM How Do Plants Grow Aboard the International Space Station?
  Double X
The XX Factor
Sept. 19 2014 4:58 PM Steubenville Gets the Lifetime Treatment (And a Cheerleader Erupts Into Flames)
  Slate Plus
Tv Club
Sept. 21 2014 1:15 PM The Slate Doctor Who Podcast: Episode 5  A spoiler-filled discussion of "Time Heist."
  Arts
Television
Sept. 21 2014 9:00 PM Attractive People Being Funny While Doing Amusing and Sometimes Romantic Things Don’t dismiss it. Friends was a truly great show.
  Technology
Future Tense
Sept. 21 2014 11:38 PM “Welcome to the War of Tomorrow” How Futurama’s writers depicted asymmetrical warfare.
  Health & Science
The Good Word
Sept. 21 2014 11:44 PM Does This Name Make Me Sound High-Fat? Why it just seems so right to call a cracker “Cheez-It.”
  Sports
Sports Nut
Sept. 18 2014 11:42 AM Grandmaster Clash One of the most amazing feats in chess history just happened, and no one noticed.