Congress To Restrict Social Security Number Use

diverge_s writes "News.com.com has an article detailing a long overdue attempt Congress is making to restrict the use of Social Security Numbers. From the article: 'In both the House and the Senate, there are at least three pieces of pending legislation that propose different approaches to restricting the use and sale of SSNs. Politicians have expressed astonishment at what they see as a rising identity fraud problem, frequently pointing to a 2003 Federal Trade Commission survey that estimated nearly 10 million consumers are hit by such intrusions each year.'"

Comment removed

[account_deleted]

Comment removed based on user account deletion

Those Who Forget History...

[neongenesis]

Much of the debate on the 1974 Privacy Act revolved around the fact that the SSN was NOT to be used as a universal identifier. Paragraph 7 (if my memory serves) restricted the use of SSNs to those things either grandfathered (allowed by federal, state, or local law) before 1974 or explicitly named and allowed in a federal law; and in either case including a requirement that the requestor tell you the basis for the request. (Note that folks blanketly refusing to give the SSN are usually not on strong legal ground. Much better is to refuse until the requestor provides the legal basis for the request as provided for in the Privacy Act. IANAL etc...).

The loophole was that this act only restricted government not the private sector. Thus banks, insurance companies, universities, employers, local pizza joints, all ask for the SSN and can refuse service unless you provide it.

It would be a good start to debate if we could base a new law on the existing historical basis for the limitations in the 1974 privacy act, and then extend those restrictions to ALL use of the SSN by anyone.

My real question is...

[Spy der Mann]

Why TF are SSN's used to AUTHENTICATE a person's identity? A SSN should just be used for REFERENCE.

Or am I wrong?

Re:It says "Not for purposes of identification..."

[plague3106]

Of course, when I was in the hospital emergency room and I said I didn't want to give them my social security number, they said they would treat me until I did. I backed down.

You shouldn't have backed down. ERs are required by law to treat emergant cases.

Re:shared secret

[microTodd]

Government issued smartcards, with a simple PKI (and revocation system) would be a perfect method for establishing identity

But...but...I though National ID cards were a Bad Idea [slashdot.org]?

But now it seems that this commentBlob thinks they are a Good Idea.

I'm so confused.

Re:Band-aid on a gunshot wound.

[Anonymous Coward]

I don't. I give them 9 random digits.

Re:Band-aid on a gunshot wound.

[TripMaster Monkey]

While that may be technically true, it still is a de facto requirement for many things. I myself have attempted to obtain bank accounts without a SSN, and was told by the bank manager on two seperate occasions, "No, we can't force you to give us your SSN...but we don't need to let you have an account here, either.".

The measure [com.com] sponsored by Clay Shaw of Florida, which would make it illegal in certain cases for anyone to refuse to do business with people who decline to supply their SSNs, would go a long way towards preventing this sort of abuse, but again, it only puts a band-aid on the underlying problem.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Band-aid on a gunshot wound.

[emmaussmith]

Public Universities are beginning to change. About 2 years ago, NC State University (my school) switched from using the SSN to a six digit ID number which the Cashier's Office had already been using in their own database.

They issued new ID cards to everyone along with other much needed improvements (your SSN is no longer used as a standard barcode on the front, larger photo, newer magstripe, expiration date, etc.). This made everything much more secure and departments and professors are no longer allowed to have/use your SSN as a primary key.

Re:Band-aid on a gunshot wound.

[Asphalt]

There seems to be a huge amount of misunderstanding about the law regarding the use of SSN's. It is a violation of federal law to require a person to submit their SSN for anything other than certain finance related purposes (actually that's a pretty big and unfortunately hazy list, but one that is far smaller than businesses respect). I think it is legal for anyone to request it, but probably 90% of the time they have no basis for requiring it.

I don't use mine (except for financial institutions).

When my dog's vet asks for my SS#, I simply say "I don't have one".

There's really little that they can do about it. They give me a quizzical look, but that's about it.

Maybe I'm from Canada. Maybe I never applied for a number (technically, you don't have to).

I've yet to have anyone ask me "why?". I wouldn't be their business.

Of course, this doesn't work with banks. I give it to people who have an overt legitimate legal need for it.

But, if they don't pay me interest or wages ... I have no Social Security Number.

That's been my position for years. Is it always convenient? No. The cellphone carrier required a deposit (which was paid back with interest after 1 year).

Utilities required a deposit when they were first set up (which were paid back with interest after 12-18 months).

You have to decide whether you want to trade short term convenience for privacy.

Most people choose the former, but I usually go with the latter.

Re:Well, then *REALLY* limit the SS#'s use

[neongenesis]

The only people who need your SS# is your employer because they have to make the contributions. Your bank doesn't need it - they, as well as your mortgage company , broker, etc., can use a Taxpayer ID # to create 1099s and such for the IRS.

I will probably get modded down for inserting a few facts...

The SSN IS your taxpayer ID, unless you are a corporation in which case it is your EIN.

As you noted, your employer witholds taxes identified with your SSN. Properly allowed by law.

Banks pay interest which is reported to the IRS under your SSN. Properly allowed by law.

Your broker may be dealing with 401K, 403B, etc types of accounts whose activities need to be reported to the IRS under your SSN. Properly allowed by law.

Mortgage Companies are payed interest which may be deductable and is reported to the IRS under your SSN. properly allowed by Law.

The problem starts when this convieniently avaliable identifier is then used by the institution for a whole lot of other primary keys just because it is already there and the law does not restrict its use unless the institution is a governmental one. See the 1974 Privacy Act section 7.

We need to get the restrictions of the 1974 Privacy Act extended to non-governmental use as well as governmental use along with penalties for an organization that improperly uses the SSN as an identifier when not authorized by a federal law.

Re:Band-aid on a gunshot wound.

[swillden]

I give them 9 random digits.

Then you might be giving them someone else's number. While that probably won't ever result in trouble for the owner of that number, I think it's a better ideas to give an unassigned number. There are plenty of them.

For the first three digits, you can choose any number between 650 and 659 or between 729 and 999.

For the next two digits, the numbers '00' are never assigned.

For the last four digits, '0000' is never assigned.

Personally, I like to use a number that differs from my real number in only a couple of places, so that I can remember it, in case I'm ever asked for it again. Effectively, I have two similar numbers, one I give to those I think actually need it (financial institutions and employers, mainly), and one I give to everyone else.