Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Congress To Restrict Social Security Number Use 280

Posted by Zonk
from the they're-not-toys-you-know dept.
diverge_s writes "News.com.com has an article detailing a long overdue attempt Congress is making to restrict the use of Social Security Numbers. From the article: 'In both the House and the Senate, there are at least three pieces of pending legislation that propose different approaches to restricting the use and sale of SSNs. Politicians have expressed astonishment at what they see as a rising identity fraud problem, frequently pointing to a 2003 Federal Trade Commission survey that estimated nearly 10 million consumers are hit by such intrusions each year.'"
This discussion has been archived. No new comments can be posted.

Congress To Restrict Social Security Number Use

Comments Filter:
  • by TripMaster Monkey (862126) * on Friday May 12, 2006 @11:06AM (#15318356)

    All the proposals mentioned in the article are merely band-aids on a system that is fundamentally broken. Any competently designed identification system consists of two parts: the public identifier, and the private key. The problem with SSNs is that you have a system where one number is simultaneously the public and private parts of the system, which dooms it to failure every time.

    Making new rules limiting the sale and purchase of SSNs, or restricting the display of SSNs on reports, is just closing the barn door after the hore has already left.
    • by Billosaur (927319) * <.ten.enilnotpo. .ta. .rehtorgw.> on Friday May 12, 2006 @11:17AM (#15318464) Journal
      All the proposals mentioned in the article are merely band-aids on a system that is fundamentally broken. Any competently designed identification system consists of two parts: the public identifier, and the private key. The problem with SSNs is that you have a system where one number is simultaneously the public and private parts of the system, which dooms it to failure every time.

      From the article: The SSN hasn't always had such broad applications. Back in 1935, Congress first directed the Social Security Administration to develop an accounting system to track payments to the fund. Out of that mandate came a unique identifier that has ultimately found applications in everything from issuing food stamps to tracking down money launderers.

      This is what happens in the modern age, when previous devices are outstripped by new uses for them. The SSN number started out as simply an identifier for the purposes of calculating benefits and recording taxes. It has turned into a universal identifier, but has not fundamentally changed at all. It's very easy to forge a Social Security card, and the accessibility of SSN data tied to all sorts of other information makes it far too easy to compromise.

      As an aside, other than the fact it doesn't contain a photo, the SS card is pretty much a national id card.

    • You are correct in the the system is totally broken, and needs to be revamped. However, the first step in the process to fix things is to stop the universal use of the Social Security number because it is so convenient. You should not have to reveal such an important piece of data for a grocery store discount card.
    • by Gonarat (177568) * on Friday May 12, 2006 @11:34AM (#15318658)

      Exactly. It shouldn't matter if I know your SSN. There should be a private key part of the equation required for a transaction that requires an SSN to take place. This token should be a pass phrase, not just a password or PIN. Verification can be done electronically by the Social Security Administration.


      For example, if I sign up for a credit card, the application would not be processed until I give my valid pass phrase and it was verified. This way, someone could find out my SSN, date of birth, Mother's maiden name, shoe size, or whatever else, but could not do anything with it without knowing my pass phrase. Credit cards themselves should at least require a PIN to complete a transaction. This could be done without a major overhaul of the financial network -- the ISO 8583 specs supports PINs.


      You could support several pass-phrases. One pass phrase would be for applying for credit and such, giving a Bank or Credit institution this pass phrase would allow them to not only access your credit report, but would give them authorization to update it as they do today. A second pass phrase could be given to just allow read access to a credit report. This could be used for your own access, access by landlords, or any other situation where you need to give out that information without giving the ability to update it. One time use read pass phrases could even be supported. Pass phrases could be changed by visiting the Social Security Office or online. Any forgotten pass phrases would require a visit to the Social Security Office.


      A system like this would massively cut down on fraud and identity theft without too massive of a change to the current system flow.


       
      • by canuck57 (662392) on Friday May 12, 2006 @04:24PM (#15321463)

        For example, if I sign up for a credit card, the application would not be processed until I give my valid pass phrase and it was verified.

        This isn't going to help, what if the institution records it? Sooner or later they will. Oh yea, pass a law... that is useless too as we can't enforce the laws we already have.

        The real issue is the lending institutions business practices of NOT practicing due diligence in maters of credit. That's right, they are just too damn lazy to verify who you are. They have been known to hire ex-cons to process credit card applications!!! Personnally, I don't care if they are careless, I do however care about the grief it causes people.

        The real solution is to make it easy for those that get grief from poor and lax credit to recover damages and get their records corrected quickly. I would propose:

        • Unlimited liability for damages to people who have been harmed by invalid or incorrect credit information.
        • Credit information must be corrected in 7 days of notice or the credit agencies involved shall assume 100% liability for all damages and up to 30 times the damages in punative damages.
        • Damages can include almost any expense, milleage, legal, rental, hotel, airfare, time taken, etc.
        • No charges are allowed for users to check their credit, and no charges for correcting their credit. This includes providing 1-800 numbers as not to incur long distance. And up to 8 times per year.
        • If big credit is deemed negligent or unresponsive punitive damages can be unlimited.

        And enforce the above vigoriously. Make the lenders so scared and costly to get it wrong they will clean up their act. Maybe we have to go the bank where we meet a real person that will check our ID and knows we have deposits. But a small price to pay. And apply at the bank, not through Joe's Con Credit card processing service.

        One last item, a forced labor camp where if convicted of fraud, you have to work to pay off all damages to get free. In essence, those that knowingly choose a life of fraud become indentured slaves to society.

    • by Alex P Keaton in da (882660) on Friday May 12, 2006 @11:35AM (#15318670) Homepage
      Um- do we really need legislation to restrict use of SSNs? I thought that the law already said that SSNs are only for, well, social security... Why dont we enforce laws before making up new ones?
      I went to a state University for 2 years before transferring to a private one. At the state school everything was all about the SSN. One every test, you had to put your SSN...
      • Ages ago, when I went to wustl.edu (1980-82), the student ID was your SSN.
      • I graduated from a state University 3 years ago, and it was the same. The SSN was your ID, but you had to put on every assignment you handed in, not just tests. You could request your ID to be changed to another number, but few people did it.
        • At Michigan Tech, where I am still going, it is the same. And the "M-Number" that you can get if you ask doesn't work with some things, at least according to people I know that got one. Most teachers don't use it on assignments, but some do, and many use it on tests. Most grade lists are sorted by last four digits.
      • by emmaussmith (256072) on Friday May 12, 2006 @12:19PM (#15319151)
        Public Universities are beginning to change. About 2 years ago, NC State University (my school) switched from using the SSN to a six digit ID number which the Cashier's Office had already been using in their own database.

        They issued new ID cards to everyone along with other much needed improvements (your SSN is no longer used as a standard barcode on the front, larger photo, newer magstripe, expiration date, etc.). This made everything much more secure and departments and professors are no longer allowed to have/use your SSN as a primary key.
      • by JimBobJoe (2758) <swiftheart AT gmail DOT com> on Friday May 12, 2006 @02:29PM (#15320458)
        At the state school everything was all about the SSN. One every test, you had to put your SSN...

        In the early 1990s a group of students took Rutgers to court regarding SSN use as the student identifier. They won in federal court, and that case was considered precedence in this field. (Not to mention kinna cool because it was just a bunch of students going at the university pro se.)

        That case specifically enumerated

        *prohibitions using all or part of the SSN as an identifier on tests or assignments

        *prohibitions using all or part of the SSN as an identifier en masse (such as posting grades by last four digits)

        *prohibitions regarding using all or part of the SSN as an identifier on student ID cards

        Universities damn well know of the Krebs v. Rutgers prohibitions but they have taken their time in implimenting them. Hell, even my university broke/still breaks the Privacy Act of 1974, by not disclosing how the SSN will be used and if its necessary to disclose, when applying for admission.
    • There seems to be a huge amount of misunderstanding about the law regarding the use of SSN's. It is a violation of federal law to require a person to submit their SSN for anything other than certain finance related purposes (actually that's a pretty big and unfortunately hazy list, but one that is far smaller than businesses respect). I think it is legal for anyone to request it, but probably 90% of the time they have no basis for requiring it.

      • While that may be technically true, it still is a de facto requirement for many things. I myself have attempted to obtain bank accounts without a SSN, and was told by the bank manager on two seperate occasions, "No, we can't force you to give us your SSN...but we don't need to let you have an account here, either.".

        The measure [com.com] sponsored by Clay Shaw of Florida, which would make it illegal in certain cases for anyone to refuse to do business with people who decline to supply their SSNs, would go a long way
      • by Asphalt (529464) on Friday May 12, 2006 @12:22PM (#15319193)
        There seems to be a huge amount of misunderstanding about the law regarding the use of SSN's. It is a violation of federal law to require a person to submit their SSN for anything other than certain finance related purposes (actually that's a pretty big and unfortunately hazy list, but one that is far smaller than businesses respect). I think it is legal for anyone to request it, but probably 90% of the time they have no basis for requiring it.

        I don't use mine (except for financial institutions).

        When my dog's vet asks for my SS#, I simply say "I don't have one".

        There's really little that they can do about it. They give me a quizzical look, but that's about it.

        Maybe I'm from Canada. Maybe I never applied for a number (technically, you don't have to).

        I've yet to have anyone ask me "why?". I wouldn't be their business.

        Of course, this doesn't work with banks. I give it to people who have an overt legitimate legal need for it.

        But, if they don't pay me interest or wages ... I have no Social Security Number.

        That's been my position for years. Is it always convenient? No. The cellphone carrier required a deposit (which was paid back with interest after 1 year).

        Utilities required a deposit when they were first set up (which were paid back with interest after 12-18 months).

        You have to decide whether you want to trade short term convenience for privacy.

        Most people choose the former, but I usually go with the latter.

    • It seems obvious that you need one number that only the government and your employer knows and another unique number that can be given to banks, your land lord, credit companies etc. At least that way if your public number is stolen they can only affect your credit rating and not your income taxes. What they really need is a website where you can generate new keys to give to different agencies. That way you know where the leak came from and police can identify companies that are selling your number, have
    • by jcr (53032) <jcr.mac@com> on Friday May 12, 2006 @12:15PM (#15319104) Journal
      Any competently designed identification system

      The SSN was never intended to be an identification system. In fact, its proponents promised up and down that the SSN would never be used for anything but keeping records of individual retirement accounts.

      -jcr
      • The SSN was never intended to be an identification system. In fact, its proponents promised up and down that the SSN would never be used for anything but keeping records of individual retirement accounts.

        Also, the rate would never be more than 3%. And "your employer pays half". And it wasn't "insurance" for legal purposes, until the Supreme Court agreed that it wasn't insurance, at which point they started calling it insurance. The entire program is based on deceptions [cato.org].
    • by Ahnteis (746045)
      Well, these ARE politicians we're talking about.

      What else do you call someone who sells his soul?
    • Now that the US is bringing in a nationwide, (with biometrics) ID system, the SSID is actually soon to become obsolete.... effectively mandating that the business community start using the national ID (like, what other ID number are they going to use?) will simply cement the new system as being necessary for your existence.
      I'm, of course, betting that the new law will not place any restrictions on uses of the incomming national ID system.

      Resistance is futile!

    • You mean BROTHEL door don't you?
  • shared secret (Score:5, Insightful)

    by Lord Ender (156273) on Friday May 12, 2006 @11:12AM (#15318416) Homepage
    Many companies and government organizations use the SSN as some kind of shared secret for the purposes of establishing identity.

    This law wants to prop up this model.

    THIS IS A STUPID MODEL.

    There are much better ways of establishing identity than using the SSN.

    What we need to do is STOP USING SSN TO ESTABLISH IDENTITY!!!

    Then it can be public, you can post it wherever you want, and we won't have to deal with the impossible problem of putting the cat back in the bag.

    Government issued smartcards, with a simple PKI (and revocation system) would be a perfect method for establishing identity. We need to put the money in to that, not trying to keep some unchangable number secret.
    • by Alaren (682568) on Friday May 12, 2006 @11:20AM (#15318513)

      A story:

      A few years ago, one of my little sisters (she's almost 20 now) went to get her driver's license. She had her birth certificate and her social security card and all that documentation they demand of you.

      After some checking and an inordinately long wait time, the DMV finally informed my sister and father that the social security number was in use by a 60 year old man.

      To this day, we don't know if this person was using the number by mistake, or maliciously, or as an illegal immigrant... we just don't know. But my father pointed out that years ago, you didn't need a social security card until you first got a job. Now, in order to claim your children on taxes, you have to get them a social security number. But you wouldn't use that number for anything else... so for 16 to 18 years, there's a largely unmonitored SSN available for fraudulent use. Even this wouldn't be a major problem... except for all of the other stuff your SSN is now used for.

      An earlier post was right to call this a band-aid, and not just because of the private/public separation. As you point out, we have out of convenience made SSNs the ultimate in unique identifiers... when all the social security system is really designed to do is keep track of your social security benefits. Credit reporting and record keeping and generally any method that relies on your SSN to identify you is outside of the SS system is tacked on arbitrarily. One of the reasons the SSN system is not designed more securely is that it was never intended to be used as a protection for sensitive data!

      • But my father pointed out that years ago, you didn't need a social security card until you first got a job. Now, in order to claim your children on taxes, you have to get them a social security number.

        Over here(Ireland), we used to have an RSI (Revenue and Social Insurance) number. Basically a fraternal twin of the social security number. Well not any more pal! These got "upgraded" to a PPS(Personal Public Service) number. You get them from birth and you need them for everything [oasis.gov.ie]. If you do not have, or like me, constantly forget your number, you cannot apply for anything. Without this number, you do not exist.

        Basically, it's your Number. The unique ID that indexes your name in the Government's databases. That is, if the Government has a database. Things are still a little behind the times over here.

        Anyway my point is that this overtly and officially does what your SSN unofficially does, i.e. replaces your name as your most important indentification. For everything. Private companies ask me for this all the time, and probably have complete access to any verification database to check up on it. Who am I kidding. In this country, private companies probably have write access to the database.

        To bring things heavily ontopic, no one, no one I know cares about this. "A shure, what's wrong with it?... Will you go 'way from me with your 'privacy'. What do you have to be private about, What?" is the typical, nay, universal response. Never mind that this country used to be a theocracy, one party state and under foreign rule not so long ago.

        Admittedly, the odds of a dictatorship are extremely low, but I can tell you that there is an extreme level of corruption here. Most importantly, the police here are highly unaccountable and frequently unscrupulous. There are many well documented incidents of railroading amoung other things. How does the PPS number mix into all this? I'm not too sure, but I don't like the idea of it.

        I don't think the issue is one of privacy. I think it's one of independance. Freedom in a sense. I should be able to be who I am, say who I am, without needing any official papers from the state. why should they have the right to grant and revoke some number or tag that in effect becomes my name? As a citizen, I should have the right to live my life free from interaction with the government, not bound to its whim by beaurcracy.

        Consider the plight of people in China, who need papers to move from provence to provence. How dare the government tell them where they can and cannot live in their own country. My fear is that PPS and SSN may lead to a similar situation. You will need the governments approval, via a valid, unsuspect number, to do just about anything. Need to open a bank account. Sorry, your PPS came up red. Need to fly interstate? Sorry your SSN is on the do not fly list.

        Try and tell this to anyone over here and they'll just give you funny looks. I'm one of the few people that disagreed with electronic voting, and I can tell you that was a struggle. So I'm not even going to waste my time going on about PPS numbers outside of this post.
      • To this day, we don't know if this person was using the number by mistake, or maliciously, or as an illegal immigrant... we just don't know

        It's just as likely that the number was issued more than once. The SSA has been known to fuck that up on many occasions.

        -jcr
      • I'm fine with keeping the SSN as a unique identifier. But its use has to be authenticated somehow! Then illegal immigrants can't assert your sister's is their own.

        Having a universal, unique, public identifier is a great thing for many reasons. But to work right, that number must be authenticated.
      • by swillden (191260) * <shawn-ds@willden.org> on Friday May 12, 2006 @01:47PM (#15320083) Homepage Journal

        Now, in order to claim your children on taxes, you have to get them a social security number.

        Not only that, but with my youngest kids, the paperwork to request and issue an SSN was processed by the hospital. We were told that if we didn't sign the request form, we wouldn't be allowed to take our child home. I didn't buy that, of course, but signed the form because I knew we'd need the number anyway. I'm sure that if you forced the issue, you could take your baby home without getting an SSN, but I doubt anyone does.

    • The problem to me is the way they intend to fix this. They'll just give us a new ID number instead of SSN.

      So everyone will use the new ID number (NIDN for short from now on) where they used to use the SSN (except for Social Security themselves).

      Now people won't steal other people's SSNs.

      They'll steal NIDNs instead.

      What a fix.

      I'm with you. We need a real way to fix this. Combine the NIDN with something that can't be faked easily (finger print into a national database that can not be used by law enforcem

    • Government issued smartcards, with a simple PKI (and revocation system) would be a perfect method for establishing identity.

      And a perfect method for bringing us back into the dark ages of freedom. Wear that yellow star proud! You are an American!

      Until the time when they start requiring you to use that smart card to start your car, log on to the Internet, pay for your groceries, and make phone calls. All data which will be funneled through the SmartCard Central Database located somewhere deep underground
      • How is the tinfoil hat doing? All nice and shiny?

        You are describing the potential abuses by a government for such a system, jumping immediately to the conclusion that if it exists, the government will abuse it. Give me a break - the US government, at last check, regardless of what you think of it, was still elected (and please don't start yet-another-debate about electoral votes).

        The truth of the matter, is that the US needs a national id card (and not the de-facto national id card that the Social Secur
        • Given our current government's record of going after everything it can get information-access-wise, all in the name and pious pursuit of "security", can you think they'd do any less in the above instance?
          • I understand this argument, and I'll go back to my "they are elected" argument. If you don't like what your government does, then don't elect them. We don't live in Cuba or China here. But on that specific subject, the truth of the matter is that if polls are any indications, the vast majority of Americans have no problem with what the NSA is currently doing (I assume that's what you're refering to).

            But regardless, that problem is not inherent to the concept of the ID card. It's what they are allowed
        • Re:shared secret (Score:4, Insightful)

          by jcr (53032) <jcr.mac@com> on Friday May 12, 2006 @12:24PM (#15319215) Journal
          You are describing the potential abuses by a government for such a system, jumping immediately to the conclusion that if it exists, the government will abuse it.

          You ignore the fact that when a power is ceded to a government, it's extremely difficult to revoke. When we instituted the census, for example, we didn't anticipate it being used to round up people and put them in concentration camps, but that's precisely what the FBI did under Roosevelt.

          Perhaps you trust the government with this power today, but I do not trust all future administrations with this power.

          The truth of the matter, is that the US needs a national id card

          Like hell we do.

          -jcr
        • Re:shared secret (Score:3, Interesting)

          by walt-sjc (145127)
          You must not pay much attention to what is going on today...

          We have the NSA monitoring internet traffic (AT&T), logging all phone calls, and probably much much more. We have the FBI doing "sneak and peak" searches without warrants, expanding wiretaps, delving into library records and requiring secrecy on that (or go to jail), holding people for years without charging them with a crime, etc. etc. etc.

          Every single day we have the government gathering more and more data and invading privacy to levels our f
    • Government issued smartcards, with a simple PKI (and revocation system) would be a perfect method for establishing identity.

      P1: Government wants smartcards to control citizens.
      P2: Public resists

      1) Insist they will "solve" a problem that government created in the first place. Make sure to throw in "otherwise, the terrorists win!" at some point.
      2) Profit (this works so surprisingly well, they don't even need a third step)
    • Re:shared secret (Score:3, Informative)

      by microTodd (240390)
      Government issued smartcards, with a simple PKI (and revocation system) would be a perfect method for establishing identity

      But...but...I though National ID cards were a Bad Idea [slashdot.org]?

      But now it seems that this commentBlob thinks they are a Good Idea.

      I'm so confused.
    • THIS IS A STUPID MODEL.

      Yes, I agree. But I think your solution is also a band aid. The problem is the need to establish identity in the first place, not the means by which which you do it.

      The greatest need to establish identity is because we have allowed a police state to evolve, where people are tracked and correlated at every step of their lives. The problem isn't identity theft, fraud will never be prevented by technological means, the problem is that to the government we have become just a number to
  • by bigattichouse (527527) on Friday May 12, 2006 @11:12AM (#15318423) Homepage
    I was once reprimanded by an employer for standing my ground on the fact that a badgenumber+SSN was not a good idea for a login id. grumble grumble. I left the place soon after and have never listed it on my resume.
    • I don't know how long ago that was, but I think things are changing in that regards. My company also used the SS# in way too many places (it's a convenient primary key on databases) but they're being stripped out of many many such programs and databases. Policies are now in place that you have to jump through some major hoops to be able to use it in your applications/databases (and will almost in all cases be told "no"). I don't know if this was driven by legal requirements, or just (belated) common se
  • by Anonymous Coward on Friday May 12, 2006 @11:12AM (#15318424)
    ...by requiring the use of a RealID number instead of an SS#. This is how they will force RealID down everyone's throat.
  • It's About Time (Score:3, Insightful)

    by BigCheese (47608) <dennis.hostetler@gmail.com> on Friday May 12, 2006 @11:13AM (#15318431) Homepage Journal
    Go read the article. The proposed legislation sounds reasonable. It should have been done years ago.

    Now, what sort of evil riders will be attached?
  • Anyone want to give odds this legislation gets passed after elections?
  • Repeat after me... (Score:4, Insightful)

    by GillBates0 (664202) on Friday May 12, 2006 @11:16AM (#15318457) Homepage Journal
    A SSN is just a name, a public identifier, or a login username if you will. It is _not_ a password or authentication mechanism (for that matter, neither is my mother's maiden name or street address). Using a SSN+address for authentication is as ridiculous as using a username+IPAddress alone for online banking.

    I wonder why more companies/organizations don't realize this, and any step to educate them is a step in the right direction.

    • by khasim (1285) <brandioch.conner@gmail.com> on Friday May 12, 2006 @11:35AM (#15318673)
      I wonder why more companies/organizations don't realize this, and any step to educate them is a step in the right direction.
      They do realize it.

      They just don't care because the current system minimizes their financial losses by transfering those losses to the individual who has his/her identity "stolen".

      Making any changes would cost money which reduces profits.

      Any changes that improved the situation could be used to find them responsible when/if their new system is defrauded.

      So, fixing the system is, from the individual company's point of view, all loss and no gain.
      • I've always wondered about this. Has anyone ever sued a financial organisation for failing to properly identify them when performing transactions?

        In the case of fraudulent transactions on accounts, IMO, it's the fault of the financial organisations for not properly ensuring that it's the real account holder that is performing the transaction. If someone could set a precendent in law for that, then we might start to see some change (although I have a vague, sinking feeling that all of a sudden we'll all b
      • That's why the real solution is to announce that after a certain date, the SSN will be totally public. That there will be a web site anyone can go to, enter a name and address, and get the SSN.

        It could even be done without government action being needed [ath0.com].

        The problem we have now is companies acting as though SSN is a secret. The solution is obviously to make it so clearly non-secret that they can't afford to do that.
    • A SSN is just a name, a public identifier, or a login username if you will. It is _not_ a password or authentication mechanism (for that matter, neither is my mother's maiden name or street address).

      Unfortunately, it is a de facto authentication mechanism when companies use it in combination with other information to determine your unique identity.

      Using a SSN+address for authentication is as ridiculous as using a username+IPAddress alone for online banking.

      Granted, they're both ridiculous, and I'm not defen
  • No - Really? (Score:3, Interesting)

    by WeAzElMaN (667859) on Friday May 12, 2006 @11:17AM (#15318465)
    Politicians have expressed astonishment at what they see as a rising identity fraud problem

    You don't say. It took them long enough. Apparently MySpace is a bigger threat [slashdot.org] to consumers these days - after all, identity theft has been around longer than SNSs. Give me a break.
  • by davmoo (63521) on Friday May 12, 2006 @11:17AM (#15318466)
    So far everything Congress is talking about is as effective as trying to put the toothpaste back in the tube.
    • Good analogy, but I've got a better one from my semester in ROTC...

      "Leading a platoon from behind is like trying to push a piece of spaghetti from behind."
    • and instead of buying a new tube of toothpaste (redoing the system), they will spend billions making a device that will pump the old toothpaste into the old tube.
      • they will spend billions making a device that will pump the old toothpaste into the old tube.

        Considering there's very likely already a device that puts toothpaste into a tube that the toothpaste companies use, you can be quite certain that device should likely not cost billions.

        I don't think your slip up was intentional, but it's even more true to the point lol. They'd rather re-invent the machine to stuff the toothpaste back in than use one that's already on the market.
  • The restriction already exists. If you read the back of your card it says:
            Improper used of this card and/or number by the number holder or any other person is punishable by fine, imprisonment or both.

    The only proper use is for access to the social security funds. Which does not include identification for getting a minimart discount card. People at the minimart have no need and no right to the ssn. Unless of course you're employed there.
  • 078-05-1120

    It's a specimen number from the Eisenhower era. No need to give ur correct number to the cable or phone company. They don't need it. Period. Of course it's possible that someone else has used this number already, especialy if you live near me in upstate NY.

    Otherwise use the "Fletch" approach on things like your customer loyalty cards. I keep mine under Harry S Truman, Ted Nugent and John Cocktosen. I have started using Igor Stravinsky lately.
    • No need to give ur correct number to the cable or phone company. They don't need it. Period.

      Well, duh. That's always been the simplest solution. Unless you're applying to the CIA, a fortune 500 company, or maybe your bank, make it up. I use 123-45-6789 all the time with zero problems.
    • by OctoberSky (888619) on Friday May 12, 2006 @11:46AM (#15318780)
      I go with Peter Lemonjello, sometimes when asked I correct people with "It's Dr. Lemonjello"

      Mr... err... Dr. Lemonjello has a Gmail account, a throw away cell phone, and subscriptions to Stuff, Popular Science, and Field & Stream. He now gets credit card offers. He lives in my house yet I have never seen him. H&R Block must think I am sick of him living with me because they are offering him a home loan, good rate too, Peter must have good credit.
      He used to get those 9 cds for 1 penny but he got sick of all the associated crap that came along with them.
      I reply to all of his mail with the return address labels some Church sent him. He must be religous, I think I might have Dr. Lemonjello ordained so he can conduct marragies through an online church.
      • My cat, "Synge Delgato", gets offers all the time. One time she got an offer in the mail which came complete with a nickel glued to the letter. I gave the coin to her, but she gave me this look that said, "What am I going to do with a nickel, you *know* I don't have any pockets!" So I kept it.

        Now, whenever she begs for bits of french fry, I say to her, "You know all those nickels you turned your nose up at? Well, you could've bought your own damn bag of french fries!"

        Dumb cat!

        --Rob

    • My Kroger card is registered to the right honerable Mr. Harry Peter .
    • No need to give ur correct number to the cable or phone company. They don't need it.

      You can always try anyway. If they don't like what they see (or don't see anything) just be prepared to give them deposits, or possibly (not sure they can do that legally) deny service.
    • Otherwise use the "Fletch" approach on things like your customer loyalty cards. I keep mine under Harry S Truman

      Just a word of caution, if you actually care about remaining anonymous with regards to a customer loyalty card then you can only make transactions in cash with that store. The moment you use a credit card that info is correlated to your account and then they do have your proper name associated with it. And yes, they do collect some credit card data because one of the things stores with loyalty ca

    • Otherwise use the "Fletch" approach on things like your customer loyalty cards. I keep mine under Harry S Truman, Ted Nugent and John Cocktosen. I have started using Igor Stravinsky lately.

      If you've ever paid by check, debit or credit card in conjunction with using one of those 'loyalty' cards then the cat is out of the bag - you might as well just used your real name.

      There are services that aggregate transaction data from participating merchants and then data-mine it to reveal connections like Joe buying b
  • The Social Security Administration doesn't accept paranoia as a criterion for granting a new card, but it recognizes cultural objections and religious pleas. One stratagem: Contend that your credit has been irrevocably damaged by a number-related snafu, or that you live in fear of a stalker who knows your digits. Once you switch your SSN, never use it. Then use the fake one of 078-05-1120 as mentioned in the previous post.
  • by Mouth of Sauron (196971) on Friday May 12, 2006 @11:21AM (#15318525)
    *NOT*

    Wait... What's this printed on the back of my Social Security card? "Not to be used for identification purposes."

    Having been the victim of identity theft and credit card fraud, I have to say this is probably too little too late. I've had over $20,000 in fraudulent charges made in my name -- items ranging from electronic equipment to beer and gasoline. The Social Security number is already the de facto citizen identification number, even if it is not de jure.

    Some culpability lies in the lap of merchant businesses, as well. In one case, a company sent a credit card application issued in my name to an old address. The occupant filled it out and began making purchases. When the bill came due, the collections agency had no problem tracking me down to give notice. In my opinion, this merchant could have been more dilligent, because I had asked them to cancel my account years before this happened. They were certainly dilligent when it came to getting paid.
    • if you haven't done so already, i highly suggest using the optout program to stop receiving CC offers https://www.optoutprescreen.com/ [optoutprescreen.com]

      I did this a year ago and i get no CC offers in the mail AT ALL. it is a great program. it is also 100% legit FTC Gov't Site Explaining Program [ftc.gov]
      • Hi hsmith,

        I've since contacted the major credit bureaus, had flags added to my records that I have been the victim of credit card fraud, and had stops placed in my file such that extension of credit would not be automatic. Such stops are not permanent, however, they are only temporary lasting one year. I also annually request credit reports to see if any lines of credit have been extended in my name.

        These are all a bother, but the credit card fraud has stopped.
    • I got mine in the early 60s, and "not for identificattion purposes" used to be printed on the FRONT of the damned thing....
  • by dpbsmith (263124) on Friday May 12, 2006 @11:30AM (#15318622) Homepage
    ...right on the card. Just what is there about "Not for purposes of identification" that is hard for officials to understand?

    Of course, when I was in the hospital emergency room and I said I didn't want to give them my social security number, they said they would treat me until I did. I backed down.

    When I contacted the social security administration about this, and said "Am I required to give anybody but the government my SSN," their rather unhelpful reply was "No, you're not required to, but the hospital is not required to treat you without it."
  • by neongenesis (549334) on Friday May 12, 2006 @11:31AM (#15318635)

    Much of the debate on the 1974 Privacy Act revolved around the fact that the SSN was NOT to be used as a universal identifier. Paragraph 7 (if my memory serves) restricted the use of SSNs to those things either grandfathered (allowed by federal, state, or local law) before 1974 or explicitly named and allowed in a federal law; and in either case including a requirement that the requestor tell you the basis for the request. (Note that folks blanketly refusing to give the SSN are usually not on strong legal ground. Much better is to refuse until the requestor provides the legal basis for the request as provided for in the Privacy Act. IANAL etc...).

    The loophole was that this act only restricted government not the private sector. Thus banks, insurance companies, universities, employers, local pizza joints, all ask for the SSN and can refuse service unless you provide it.

    It would be a good start to debate if we could base a new law on the existing historical basis for the limitations in the 1974 privacy act, and then extend those restrictions to ALL use of the SSN by anyone.

  • Why TF are SSN's used to AUTHENTICATE a person's identity? A SSN should just be used for REFERENCE.

    Or am I wrong?
  • In my database administration class, one of the first things they did was talk about bad usage of data and how so many companies that used SSN's as primary keys ended up in hot water as a result.

    Nowadays I find insurance companies putting in haphazardly on your cards, HR depts putting it on paystubs and employers asking for it prior to making a job offer.

    Hopefully this wil finally drive it into peoples skulls that using a SSN for anything but governmental usage is bad policy and soon... illegal.
  • How stupid is that? I realize some banks have already gone thru the conversion of "userId's" - not acct numbers - from SSN's to other ID numbers. But account numbers of your checking account?? How f'n stupid is that??

  • Since I have been in the wonderful world of DoD contracting, SS#'s are quite popular to use even down to compliance training for a long time. Our company is now starting to get away from using that number. Now, you have an employee number. My Emp # is 002xxx. Easier than a SS#. It should be that only Payroll has you SS# and no one else. A year ago, my manager from my old job demanded my SS# which I refused to give. I got a pretty nasty reprimand for it. I basically as ked him why and then mentioned that he

  • This is going on the bottom of a long list of changes that (now) require quite a bit of money to implement. I foresee 2 numbers (at least) in use for the next 15 years. SSN is a PK, Alt Key, fixed length string in thousands of databases. I doubt we're going to see much shift in this very soon.

    Then, when examining the new number, one realizes that they've only solved a few of the many problems with a national id. What they're searching for is a universal hash value for individuals. This
  • by symbolic (11752) on Friday May 12, 2006 @11:43AM (#15318749)
    I take everything anyone (elected) says with a grain of salt at this point, because elections are looming just a few short months away. Because, as others have suggested, long since become a very real problem, any attempt to solve it (at least by the methods outlined in the article), are mere sprints along the PR highway. To go the distance will require some fundamental changes, few of which may be amenable to entrenched interests (Big Business, Inc.)
    • Data is a big business in this country. Buying and selling data on consumers is a multi-billion dollar industry. As such, they have huge lobbies in Congress to make sure that there aren't any laws passed that will have any impact on their precious profit margins.

      Here's what an ideal law looks like:

      1) All data collected belongs to the individual that it pertains to, not to the harvester of the data.

      2) No data can be released to any entity but appropriate law enforcement with a valid search warrant without
  • Joe: Hey the horse is out!
    Bill: oh Crap, better close the gate!
  • We've been limiting that for years in Canada. Social Insurance Numbers cannot be used to track people in a database legally in Canada. [privcom.gc.ca]
  • by krygny (473134) on Friday May 12, 2006 @11:57AM (#15318918)
    The only people who need your SS# is your employer because they have to make the contributions. Your bank doesn't need it - they, as well as your mortgage company , broker, etc., can use a Taxpayer ID # to create 1099s and such for the IRS. And health insurance companies have no shittin' business with your SS#, not to mentiion the galactic stupidity of putting it right on your ID card.

    When someone asks me for the last 4 digits of my SS#, I ask them to use another secrity key. if they can't, I don't do business with them.
  • Or at least Not Done to use your SSI number for any other purpose than (shock, gasp) identifying your Social Security Account. I had a seperate driver's license number, selective service (draft) number, university ID number, group health ID, and several others. For a history of its spread as a personal identification number, see this page [ssa.gov] from the Social Security Admin. The problem, of course, was the same as that of password security, people can't remember more than two ID numbers.
  • Are they going to make it illegal, in the sense of large scale corporate fraud, where the perpetrator gets to keep his mansions and private islands and billions of dollars and so on? Or are they going to make it illegal in the sense of getting caught with a gram of marijuana where the perpetrator does a career of hard time behind bars with forced labor, and loses basic rights of citizenship for life?
  • It is already unlawful to use social security for dealing with anything other than govermental issues (e.g., social security), and has been ever since the social security system was incepted. What good will a new law that essentially says "using social security numbers for any purpose other than social security is DoublePlusUnGood" achieve?
  • I wonder if action would be quicker if somebody posted on a free website the SSN's and other personal information of congress members and the Bush administration, and their families.
  • SSN's....Too Late (Score:2, Insightful)

    by Beefslaya (832030)
    It's too late to start enforcing the us of SSN's, because they are already in place as an identification number, just like they told our parents and grandparents that they were NOT going to be used for. The national ID card could be used to solve this issue easily. For one, you could scrap the social security number as the main form of identification, and use it was it was meant for, Social Security benifit contributions. They screwed this system up years ago by giving every breathing thing that walked a
  • Politicians express astonishment that someone might steal an identity? Are they SO out of touch with reality that it really puzzles them why someone would do it?

    Impersonating someone gives you access to many nice things that get you a load of money. Oh, it's forbidden? Since when does this matter?

    Whether something is done (when it's illegal) depends on 3 factors, and on those 3 only: How much is gained by doing it? How high is the chance to be found out? What is the damage done if you get caught?

    That's it.

An authority is a person who can tell you more about something than you really care to know.

Working...