Congress To Restrict Social Security Number Use

diverge_s writes "News.com.com has an article detailing a long overdue attempt Congress is making to restrict the use of Social Security Numbers. From the article: 'In both the House and the Senate, there are at least three pieces of pending legislation that propose different approaches to restricting the use and sale of SSNs. Politicians have expressed astonishment at what they see as a rising identity fraud problem, frequently pointing to a 2003 Federal Trade Commission survey that estimated nearly 10 million consumers are hit by such intrusions each year.'"

Band-aid on a gunshot wound.

[TripMaster Monkey]

All the proposals mentioned in the article are merely band-aids on a system that is fundamentally broken. Any competently designed identification system consists of two parts: the public identifier, and the private key. The problem with SSNs is that you have a system where one number is simultaneously the public and private parts of the system, which dooms it to failure every time.

Making new rules limiting the sale and purchase of SSNs, or restricting the display of SSNs on reports, is just closing the barn door after the hore has already left.

shared secret

[Lord Ender]

Many companies and government organizations use the SSN as some kind of shared secret for the purposes of establishing identity.

This law wants to prop up this model.

THIS IS A STUPID MODEL.

There are much better ways of establishing identity than using the SSN.

What we need to do is STOP USING SSN TO ESTABLISH IDENTITY!!!

Then it can be public, you can post it wherever you want, and we won't have to deal with the impossible problem of putting the cat back in the bag.

Government issued smartcards, with a simple PKI (and revocation system) would be a perfect method for establishing identity. We need to put the money in to that, not trying to keep some unchangable number secret.

They will fix this...

[Anonymous Coward]

...by requiring the use of a RealID number instead of an SS#. This is how they will force RealID down everyone's throat.

It's About Time

[BigCheese]

Go read the article. The proposed legislation sounds reasonable. It should have been done years ago.

Now, what sort of evil riders will be attached?

Repeat after me...

[GillBates0]

A SSN is just a name, a public identifier, or a login username if you will. It is _not_ a password or authentication mechanism (for that matter, neither is my mother's maiden name or street address). Using a SSN+address for authentication is as ridiculous as using a username+IPAddress alone for online banking.

I wonder why more companies/organizations don't realize this, and any step to educate them is a step in the right direction.

Re:Band-aid on a gunshot wound.

[Billosaur]

All the proposals mentioned in the article are merely band-aids on a system that is fundamentally broken. Any competently designed identification system consists of two parts: the public identifier, and the private key. The problem with SSNs is that you have a system where one number is simultaneously the public and private parts of the system, which dooms it to failure every time.

From the article: The SSN hasn't always had such broad applications. Back in 1935, Congress first directed the Social Security Administration to develop an accounting system to track payments to the fund. Out of that mandate came a unique identifier that has ultimately found applications in everything from issuing food stamps to tracking down money launderers.

This is what happens in the modern age, when previous devices are outstripped by new uses for them. The SSN number started out as simply an identifier for the purposes of calculating benefits and recording taxes. It has turned into a universal identifier, but has not fundamentally changed at all. It's very easy to forge a Social Security card, and the accessibility of SSN data tied to all sorts of other information makes it far too easy to compromise.

As an aside, other than the fact it doesn't contain a photo, the SS card is pretty much a national id card.

Restriction already exists

[WinstonSmith2600]

The restriction already exists. If you read the back of your card it says:
        Improper used of this card and/or number by the number holder or any other person is punishable by fine, imprisonment or both.

The only proper use is for access to the social security funds. Which does not include identification for getting a minimart discount card. People at the minimart have no need and no right to the ssn. Unless of course you're employed there.

Re:Sounds like an election year idea to me

[Like2Byte]

Anyone want to give odds this legislation gets passed after elections?

Anyone want to give odds this legislation gets forgotten after elections?

Just in the nick of time

[Mouth of Sauron]

*NOT*

Wait... What's this printed on the back of my Social Security card? "Not to be used for identification purposes."

Having been the victim of identity theft and credit card fraud, I have to say this is probably too little too late. I've had over $20,000 in fraudulent charges made in my name -- items ranging from electronic equipment to beer and gasoline. The Social Security number is already the de facto citizen identification number, even if it is not de jure.

Some culpability lies in the lap of merchant businesses, as well. In one case, a company sent a credit card application issued in my name to an old address. The occupant filled it out and began making purchases. When the bill came due, the collections agency had no problem tracking me down to give notice. In my opinion, this merchant could have been more dilligent, because I had asked them to cancel my account years before this happened. They were certainly dilligent when it came to getting paid.

Election year politics

[symbolic]

I take everything anyone (elected) says with a grain of salt at this point, because elections are looming just a few short months away. Because, as others have suggested, long since become a very real problem, any attempt to solve it (at least by the methods outlined in the article), are mere sprints along the PR highway. To go the distance will require some fundamental changes, few of which may be amenable to entrenched interests (Big Business, Inc.)

Well, then *REALLY* limit the SS#'s use

[krygny]

The only people who need your SS# is your employer because they have to make the contributions. Your bank doesn't need it - they, as well as your mortgage company , broker, etc., can use a Taxpayer ID # to create 1099s and such for the IRS. And health insurance companies have no shittin' business with your SS#, not to mentiion the galactic stupidity of putting it right on your ID card.

When someone asks me for the last 4 digits of my SS#, I ask them to use another secrity key. if they can't, I don't do business with them.

Post SSNs of Congress and the Bush Administration

[schwit1]

I wonder if action would be quicker if somebody posted on a free website the SSN's and other personal information of congress members and the Bush administration, and their families.

Re:Band-aid on a gunshot wound.

[Gonarat]

Good point. The Government has had problems convincing Older Americans to use direct deposit for Social Security Benefits and the current Medicare system is not exactly been easy for them either. I was trying to come up with something a little more secure than a PIN while steering clear of biometrics since they cannot be changed (or someone may be missing that body part, etc). Of course, a change like this would take more investigating and planning since I'm sure there are other holes/problems that I did not think of which would need to be addressed.

I'm just trying to think of something that could work without requiring a National ID card or any other sort of token that could be lost or stolen.

Queen B's Privacy Law

[queenb**ch]

Data is a big business in this country. Buying and selling data on consumers is a multi-billion dollar industry. As such, they have huge lobbies in Congress to make sure that there aren't any laws passed that will have any impact on their precious profit margins.

Here's what an ideal law looks like:

1) All data collected belongs to the individual that it pertains to, not to the harvester of the data.

2) No data can be released to any entity but appropriate law enforcement with a valid search warrant without the express permission of the subject.

3) Social security numbers shall not be used by any entity but the social security administration, the IRS, or the US Military. If you are not an official representative of the social security administration, IRS or US Military acting in an official capacity which requires you to request the social security number of an individual, asking someone to provide a social security number shall be a felony punishable by no less than a 10 year mandatory jail sentence and $100,000 fine per incident.

4) Use of another person's social security number shall be a felony with no less than a mandatory 10 year jail sentence. Knowingly allowing someone to use your social security number shall be a felony with no less than a 20 year mandatory jail sentence and a fine no less than $100,000 per instance. Bankruptcy shall not clear this fine. Payment in full is the only method of disposal for this debt.

5) Any entity holding information on an individual must make every attempt available using whatever means is available (phone, fax, mail, or email) to contact that person. The notification must consist of an explicit listing of all the information on hand, an explanation of what the information is being used for and a means to correct any information that is in error. If the information is to be used, the entity must ask for and obtain the individual's permission to continue to use it. If permission to continue using information is not forth coming in a period sixty (60) days, the information pertaining must be purged from all records and data.

6) Credit reporting bureaus will henceforth assign an internal ID # beginning with the name of the company for use in tracking various customers. For example, your credit record ID at Experian will begin with Experian. (This will let consumers know who is holding the data).

7) If you hold data on an individual that you are unable to reach in order to obtain permission, you may contact the credit bureaus to see if they have a listing for that indivdual and can send a letter. You are still in the same sixty (60) day window listed above.

8) Failure to purge the data or continued use of the data after the 60 day expiration shall be deemed a felony punishable by $100,000 fine per incident and 10 year minimum mandatory jail sentence per incident.

9) Releasing data without the express permission of the individual in question shall be deemed a felony punishable by $100,000 fine per incident and 10 year minimum mandatory jail sentence per incident.

10) If you are an illegal immigrant using someone else's SSN, your government will be billed for all costs associated with your arrest, prosecution, trial, imprisonment, and deportation.

11) Knowingly hiring an individual who is using a falsified social security number (i.e. one that has not been issued to that individual by the Social Security Administration) shall be a felony with a 10 year mandatory jail sentence and minimum fine of $100,000 per incident.

I think that makes a rather nice start.

Just my 2 cents,

Queen B.

SSN's....Too Late

[Beefslaya]

It's too late to start enforcing the us of SSN's, because they are already in place as an identification number, just like they told our parents and grandparents that they were NOT going to be used for. The national ID card could be used to solve this issue easily. For one, you could scrap the social security number as the main form of identification, and use it was it was meant for, Social Security benifit contributions. They screwed this system up years ago by giving every breathing thing that walked across the border, a SSN. By issuing a new card with a NEW number, and these cards are only issued to those that show PROOF of citizenship (Birth Certificat, Naturalization Papers), you convert all credit, medical, and employment info onto this new number. No number? No employment, no credit, no benifits, no STATE drivers license. And while you are at it, make it available as a passport also. The Department of State should handle this and is more then capable of it. If used in conjunction with the "fair" tax national sales tax...it would be a double pronged threat to illegals. For one, you couldn't receive your rebate check, and you now have to pay taxes on the benifits you use, the system becomes self sustaining. It's NOT that hard. The solutions are out there. These idiots in Washington are NOT doing their job. http://www.send-a-brick.com/ [send-a-brick.com]

Comment removed

[account_deleted]

Comment removed based on user account deletion