Forgot your password?
typodupeerror

Does Your Employer Still Use SSNs? 193

Posted by Cliff
from the not-likely-to-change-any-time-soon dept.
An anonymous reader asks: "My company, a fairly large telco, still uses social security numbers for non-financial purposes; mostly for our IT ticketing system. I find it amazing that in these times, with how easy it is to use an SSN to obtain credit, that any company still does this. I've heard talk for almost eight years that the practice is going to be stopped but little progress has been made. How many companies out there still use SSNs so openly? Since it seems that nobody is in a hurry to solve this issue, what can be done to speed the process up?"
This discussion has been archived. No new comments can be posted.

Does Your Employer Still Use SSNs?

Comments Filter:
  • Simple (Score:5, Funny)

    by SecaKitten (925554) on Thursday October 12, 2006 @07:50PM (#16416021)
    what can be done to speed the process up?
    Simple, apply for credit cards in your boss's name.
    • by BKX (5066)
      "Hey, Boss, what's your Social Security number?"

      "Nought, nought, nought. Nought, nought. Nought, nought, nought, one. Damn Roosevelt."
  • by Anonymous Coward
    My company makes us use our ssn as our email address. Talk about being a number...
    • by parasonic (699907) on Thursday October 12, 2006 @09:36PM (#16417401)
      How about the law that you shall not be identified by your SSN?

      How about the law that you shall not be required to give more than the last four digits of your SSN?

      No wonder there are "305 lawsuits" per average company per year...
      • Neither of those laws you mentioned actually exist.

        A business can ask for an SSN when you attempt to buy a nine volt battery with exact change. Perfectly legal. You can, of course, refuse such a ridiculous request. Also quite legal. They can then decline to do business with you. Just as legal.

        It’s only the government folks that are prohibited by law from demanding SSNs.

        • Re: (Score:2, Interesting)

          by Anonymous Coward
          Depends on where in the world you are. Those laws do exist here, in Denmark.
          They are critical to prevent the misuse of SSNs. Also you can't require someone to give there SSN, except for spcific situations, e.g. banks can require SSN to open an account.
        • Re: (Score:3, Interesting)

          by afidel (530433)
          Actually they DID exist. The original social security act made it illegal to use the SSN for any purpose other than for the administration of taxes and social security benifits. The law would not have passed without this provision from the reasearch I have done. It was only in the mid 80's with years of unenforcement of the law and the explosion of computer tracking databases that an update to the act (changing benifits and retirement age) carried a rider striking the provision. Due to the way that modern i
          • by toddbu (748790)
            I'm old enough to have a Social Security card from the 1960's that has the words "NOT TO BE USED FOR IDENTIFICATION" printed boldly on the front of the card.
            • And I’m young enough to occasionally frequent stores with products that are labelled as being “FOR TOBACCO USE ONLY.” I think that signage carries about as much weight.

        • The law was added at the state level in some states. An example is Vermont.

          And it is needed in more states.
        • by smbarbour (893880)
          Allow me to quote verbatim, the text from the back of my US Social Security card:

          Do not laminate this card.

          This card is invalid if not signed by the number holder unless
          health or age prevents signature.

          Improper use of this card and/or number by the number holder
          or any other person is punishable by fine, imprisonment or both. ...

          And yes, there are laws that restrict the use of SSN's within the private sector. If the business requests a SSN, a privacy statement must be given indicating what they are going to

  • by soren42 (700305) * <jNO@SPAMson-kay.com> on Thursday October 12, 2006 @07:51PM (#16416047) Homepage Journal
    My employer, a large bank, doesn't even use SSN's (or, more specifically TIN's - Taxpayer Identification Number) for non-financial information. Our employee ID numbers are unique, distinct, and not based on any formula. Now, that said, any employee that has a corporate credit card or is an officer of the company ("Officer", "Assistant Vice President", "Vice President", "Director", "Managing Director", "Senior Vice President", "Executive Vice President", "Senior Executive Vice President", etc., etc., etc.) does have their credit checked monthly by the company. But, I would assume that any company - not just a bank - would take that precaution with employees with purchasing or signatory authority. That system is based on SSN/TIN at our company - but it makes sense there.

    I believe that there is a Federal Regulation that intends to restrict the use of SSN/TIN numbers for identification by (guessing here) 2010. I'm certain there is such a law for banks, but I believe that it extends to any US public company. Anyone have details on this?

    One last thing - I know many people who use fake SSN's for non-financial uses. For some time, Richard Nixon's SSN was very popular. Now, don't get me wrong, I'm not endorsing that practice - just sharing that it seems pretty common to me.
    • Re: (Score:3, Informative)

      by TubeSteak (669689)
      Taxpayer Identification Number (TIN)
      http://en.wikipedia.org/wiki/Individual_Taxpayer_I dentification_Number [wikipedia.org]

      Employer Identification Number (EIN)
      http://en.wikipedia.org/wiki/Employer_identificati on_number [wikipedia.org]

      One last thing - I know many people who use fake SSN's for non-financial uses. For some time, Richard Nixon's SSN was very popular.

      1. A surprising number of organizations will never check your SSN's validity
      2. Try changing a digit, you might end up with a very similar & still valid SSN (that belongs to s

    • by reanjr (588767) on Thursday October 12, 2006 @08:09PM (#16416333) Homepage
      I used to work for a logistics company that GM uses. One of GM's systems required some kind of user authentication (I don't remember the details) that they asked for my SSN to use. I did an MD5 on my actual SSN in hex and ripped out all the letters, used the first 9 as my SSN. It's a nice, repeatable way to generate a fake SSN that is likely to be unique in any system.

      I strongly suggest using fake SSNs for anything possible, but of course, many times you are signing the "I verify that all this information is true to my knowledge" clause. Of course if you use it all the time, maybe you can get away with chalking it up to confusion over your actual SSN.
    • My employer bases their id number on the number of people hired before you. As a result of a corporate merger, many people (including myself) were hired all at once causing my former boss to be upset. Her ID ends in 70 and my name is alphabetically one before hers. That was a running joke for a while after her girlfriend figured the numbering out.
      Phil
    • Re: (Score:3, Interesting)

      by LearnToSpell (694184)
      HSBC, which is what you could call "a large bank," uses SSNs for everything. It's pretty annoying.

      As far as I know, to contradict your info (and I'd love to be corrected on this), any non-governmental company is allowed to use SSNs for whatever they want. I looked it up briefly a little while ago, and that was my understanding, but again, I hope I'm wrong.
  • SSN (Score:5, Insightful)

    by CherniyVolk (513591) on Thursday October 12, 2006 @07:52PM (#16416059)

    In the beginning the Social Security Number was issued by the government and is unique to each living citizen. This much still holds true.

    But what was lost somewhere via the effects of Capitalism.... was that this number was supposed to be private to the individual assigned it. And, while there are laws protecting a citizens privacy. Companies were granted positions to effectively counter such laws. Only the government, state or law-enforcement officials may "demand" your Social Security Number. Visa can not demand you give it to them. Your landlord can not demand you give it to him. Private schools by law, can not demand you forfeit such information.

    But no law is telling Visa or anyone else to accept alternate information for their personal records. As a result, you have to give out your Social Security Number, becuase if you don't, you can't apply for an Apartment, you can't buy a car, you can't have a credit card, you can't open a bank account, you can't get a job..... yeah, we have a choice.

    *Some places do accept alternate information such as Drivers License Numbers.*
    • Re: (Score:3, Interesting)

      by Raindance (680694) *
      Honestly... not that I'm a big fan of litigation, but this seems like a problem a high-profile lawsuit (regarding the needless identity-theft risk companies are exposing their users to) could fix. The market won't fix it, and if politicians haven't fixed it by now it's hard justify just waiting until a law comes along to outlaw it.

      Perhaps the EFF could step in.
    • by Vellmont (569020)

      Your landlord can not demand you give it to him.

      And your landlord doesn't have to give you a lease if you don't provide him with a SSN either. My landlord wanted all this crazy information about me. SSN, monthly income, drivers license #, my checking and savings account numbers. Way more information you'd ever need to do some very easy identify theft. He may not be a crook, but how do I know he keeps the information secure? How do I know no one he employees is a crook, or any future people he employees
      • I told the landlord to stuff it, no one needs to know my damn bank account numbers but me.

        Did you pay your rent by check?
    • Then add in a company like TALX [http://www.talx.com/] that will publish your SSN and Bank Numbers in the name of cheaper payroll advices. Yes it saves money to our company, but did do mean to have all the information of employees of America's top 500 companies in one location with poor passwords??
    • Re: (Score:3, Interesting)

      by Qzukk (229616)
      was that this number was supposed to be private to the individual assigned it.

      WRONG, and that's why this is a problem. The SSN was designed to identify you to the government for tax purposes. Everyone who reported your money to the government needs it: your employer, your bank, mortage officers, loan officers, casinos and so on and so forth. Someone stole your SSN? Oh noes! They can pay your taxes for you! The horror!

      It wasn't until other companies decided that they could use the SSN to identify you to
      • Right. The problem isn't your employer using your SSN to identify who you are uniquely. The problem is dumbass companies that pretend that knowledge of your SSN proves you are that person.

        I've written before [ath0.com] that there's actually a free market solution to the problem. What it needs is for some well-funded activists (Gilmore?) to put together a nice big database of SSN info. We know all that info is available to any company that wants it.

        Then, public announcements are prominently made in the press (NYT ads,
    • Re:SSN (Score:5, Informative)

      by RexRhino (769423) on Thursday October 12, 2006 @10:28PM (#16417957)
      Only the government, state or law-enforcement officials may "demand" your Social Security Number.

      Completly false. Employers are REQUIRED BY LAW to take your social security number to handle SS deductions. Banks and credit card companies are REQUIRED BY LAW to retain your social security number in order to do financial reporting (so the IRS can check and make sure you aren't spending more than your reported earnings). Gun shops are REQUIRED BY LAW to take your social security number as part of criminal background checks. There are a whole slew of situations where, not only can a company ask you for your SSN, but they are required to take your SSN!

      Visa can not demand you give it to them.

      Visa IS REQUIRED BY LAW to take your social security number, or a tax ID number if it is a corporation, as part of their financial reporting requirments.

      Private schools by law, can not demand you forfeit such information.

      Private schools BY LAW ARE REQUIRED to take your SS number if the private school accepts federal government loans or grants for students.

      Don't try to obscure the blame that the government bears for your SSN being your ID number. Aside from the fact that they have made legislation making SSN the de-facto ID number (Real ID Act), it was the government that decided that you would have one single number that would follow you for the rest of your life as your unique identity (as opposed to the system they used for passports, where your passport is given a unique ID, but that number will change over the course of your life... your passport is assigned a number, not the person)
      • Re: (Score:3, Informative)

        by NormalVisual (565491)
        Gun shops are REQUIRED BY LAW to take your social security number as part of criminal background checks.

        Not true. There is a field for the SSN on a Form 4473, but it's not required that it be filled in.
        • by Neoprofin (871029)
          It's optional, for the purpose of "preventing mistaken identities" honestly with all the other information you have to give them as well as being run through the NIC you may as well just give it to them, they already know more about you than you own mother.
          • with all the other information you have to give them as well as being run through the NIC you may as well just give it to them

            Except that the gun shop is required to keep the 4473 on file, and gun shops tend to be attractive burglary targets. I would imagine that anyone breaking in would be more interested in heisting the inventory rather than paperwork, but it's still safer to not have your SSN anywhere it doesn't absolutely have to be.
      • Visa IS REQUIRED BY LAW to take your social security number, or a tax ID number if it is a corporation, as part of their financial reporting requirments.

        There's a big difference between being required by law to collect your SSN AFTER/b> you have applied for the card and been accepted, and collecting your SSN BEFORE you have accepted in order to do a credsit check.

        There is no need for anyone to ever give their SSN to a company to do a credit check. However, most do anyway to save time.

      • There are a whole slew of situations where, not only can a company ask you for your SSN, but they are required to take your SSN!

        I stand corrected.

        However, what laws, laws that are actively and vehemently enforced, or systems and measures are in place to invalidate the seemingly end-all-be-all of identification as the SSN, and for companies to protect those numbers exclusively with outrageous fines should they be leaked or the source for an identity compromise? None!

        As far as I'm concerned, it's meant to be
    • Re:SSN (Score:4, Interesting)

      by spagetti_code (773137) on Thursday October 12, 2006 @10:54PM (#16418229)
      As a foreigner who was working in the US for a number of months (all above board - my US based employer stationed me there) - I was forced to get by without a SSN.

      I had all sorts of issues including (a small sample):

      • having my VISA card rejected because it wasn't an "American" VISA
      • having my passport labelled a forgery at a bank because the date was 14/6/68. To quote the teller "there's no 14th month". Let me tell you - that creates an interesting scene in a busy bank.
      • being given checks by another bank, which were rejected by almost everyone because their starting number was too low. Then the bank cancelled them because of my lack of SSN.
      • the supermarket wouldn't let me use checks because I didn't have an SSN.
      • being offered a discount at the checkout on an expensive item if I signed up for a loyalty card. I said I didn't have an SSN. No problem they said. 30 minutes of head scratching and phone calls later, the checkout and manager and manager's manager gave up. Sorry they said. You need an SSN.

      Eventually I got a fake SSN from a website that has lists of unused SSNs and everything went a lot smoother.

      • Re: (Score:3, Insightful)

        by NormalVisual (565491)
        being given checks by another bank, which were rejected by almost everyone because their starting number was too low

        Yup, and for the life of me I can't figure that one out. Every bank I've done business with has asked me what I wanted my starting check number to be, which makes the check number completely useless.
        • Yup, and for the life of me I can't figure that one out. Every bank I've done business with has asked me what I wanted my starting check number to be, which makes the check number completely useless.
          It's probably just a programmatic way to avoid starter checks. Those usually start at something ridiculous like 1 or 101.
      • Re: (Score:3, Informative)

        by Alioth (221270)
        I was in the same situation for a while (I ended up staying in the US rather longer, so in the end got a pukka SSN because I had to pay US taxes).

        However, not all banks are equal. The credit union at work absolutely refused to give me an account because they said they got fined if they gave accounts to people and didn't take their SSN. Bank of America, on the other hand, told me that was bullshit and had no problem in opening an account for me. All they wanted was a letter from my employer saying that I was
        • If the credit union's offering was a combined checking/savings account (as mine is), then they would have to have the SSN in order to report the interest earned. If it was checking only where no interest could have been earned, then I agree that they had no need for it.
      • Re: (Score:3, Funny)

        by abb3w (696381)

        having my passport labelled a forgery at a bank because the date was 14/6/68. To quote the teller "there's no 14th month". Let me tell you - that creates an interesting scene in a busy bank.

        Let me apologize for the increased restrictions on the ownership and use of firearms in the United States that have allowed an ignoramus so massive to continue to walk about.

    • Re: (Score:3, Informative)

      by jcr (53032)
      In the beginning the Social Security Number was issued by the government and is unique to each living citizen. This much still holds true.

      Nope. There have been many cases of the SSA issuing blocks of numbers multiple times. SSN collisions happen every day.

      -jcr

    • by sakusha (441986)

      Only the government, state or law-enforcement officials may "demand" your Social Security Number.

      No.

      Apparently everyone is overlooking the incredibly obvious reason why SSNs even exist. It is your SOCIAL SECURITY ACCOUNT NUMBER. Your employer MUST have your SSN, or it cannot send your Social Security tax withholding to the US Treasury, the number is used to direct those funds to your personal retirement benefits account. Additionally, it is your Taxpayer ID Number, so it is used for other tax withholding,

    • Re:SSN (Score:5, Insightful)

      by Eivind (15695) <eivindorama@gmail.com> on Friday October 13, 2006 @06:54AM (#16421109) Homepage
      How about instead stopping the idiocy of confusing identification with authenthication ?

      A SSN is a perfectly fine and perfectly way to establish that we're talking about the same person. Names, adresses, birthdates whatever all break down here. (there is more than one "John Smith", there could even be more than one with the same birthdate, furthermore it's perfectly possible that "Ann Smith" is the same person as "Ann Kulstad", she could've married.)

      For this purpose, making certain that two records really refer to the same person, SSN is fine. A unique key that refers to an individual.

      Now, where you guys went wrong where in confusing this with authenthication.

      The very fact that you use your SSN to *identify* which person you're talking about means that lots of different organisations and individuals *MUST* know your SSN. That ain't a problem. The problem is in assuming that whoever is aware of your SSN *IS* you, or is authorized to order credit-cards in your name, or whatever else.

      We've got SSNs in Norway too. They're not particularily secret. The tax-people have them. Your employer has it. Your bank has it. They all even *need* to have it, to *identify* you. Your employer, for example, pays taxes, and uses your SSN when communicating with the tax-people so that it's clear for which individual these taxes are.

      But here's the rub: Knowing the SSN is never *ever* considered authentication. You cannot order a credit-card in someones name just by knowing it. Nor access their bank-account, or infact do *anything* you couldn't just aswell have done without it. Except for ONE thing: If you know the SSN, you can use it to refer to an individual, in such a way that all involved will know for sure precisely *which* individual you're talking about.

      The account is owned by individual X, the taxes are paid by individual X, the drivers-licence was issued to individual X, and we all (the bank, the employer, the drivers-license-people, etc) agree that this is infact one and the same individual, despite the fact that one of us spelled his name wrong, he has married, he has moved, and there's 17 other people with that precise name in Norway.

      *THAT* is the point of a SSN.

      You cannot at the same time give your SSN to dozens of different organisations (which you need to do if using it as an identificator shall work) and at the SAME time pretend that it's a secret that only the individual himself would ever know.

      I dunno why USA persists in the stupidity.

      • by swv3752 (187722)
        The US is big and overall sparsely populated. The US has a fairly mobile society. There is no national ID card. We have individual states the size of Norway. California, one of the most populous states, has areas that are a 100 miles from nowhere. Many things like opening accounts at the bank are done by mail or internet. All of this leads to a big mess not easily so solved as it would be in a smaller country.
  • by Marxist Hacker 42 (638312) * <seebert42@gmail.com> on Thursday October 12, 2006 @07:57PM (#16416127) Homepage Journal
    That SSNs are non-unique. They used to be, but thanks to illegal immigrants, ID theft, and a lot of other problems, SSNs simply aren't unique anymore, and thus are not a good identifier.
    • Re: (Score:3, Interesting)

      by MBCook (132727)
      Are SSNs of dead people later re-assigned? If not now, is there a guarantee that they won't do that later? With 300 million people alive now and all the people coming into this country and being born here, how long before they have to start recycling them, especially if they want to keep doing the first 3 digits showing where you were born part?
      • Re: (Score:3, Informative)

        by Planesdragon (210349)
        Are SSNs of dead people later re-assigned?

        Not yet [ssa.gov], but they will eventually. That or add another digit.

        Less than a century until we run out of our billion or so possible SSNs. Expect the next method to just have a new digit thrown in.
      • Re: (Score:3, Interesting)

        by pla (258480)
        Are SSNs of dead people later re-assigned? If not now, is there a guarantee that they won't do that later?

        Q20: Are Social Security numbers reused after a person dies?
        A: No. We do not reassign a Social Security number (SSN) after the number holder's death. Even though we have issued over 415 million SSNs so far, and we assign about 5 and one-half million new numbers a year, the current numbering system will provide us with enough new numbers for several generations into the future with no changes in t

        • Re: (Score:3, Informative)

          by MustardMan (52102)
          However, an SSN has only nine digits - So the SSA will need to add a digit or three within then next few decades.

          10^9 = 1 billion possibilities. If the current system has used up 415 million, and SSNs are being added at a rate of 5.5 million a year.... that's around a hundred years to use up the remaining possibilities. I call that more than "a few decades"
          • Re: (Score:3, Informative)

            by DeadChobi (740395)
            I did the math on this for a math ed. class. It's about 110-130 years from now that we will run out, assuming the population maintains the same growth rate.
            • by pboulang (16954)
              Wait, you did this for a class and STILL couldn't come up with:
              (1000000000 - 415000000) / 5500000 = 106.36 years?

              *sigh*

          • That is assuming that each combination is available for use --- which is completely false. The numbers aren't assigned in increasing order, they contain fields whose values are in a certain range. This reduces the number of available SSN's.
          • by pla (258480)
            10^9 = 1 billion possibilities.

            As I mentioned, you have quite a few invalid numbers... The ones I mentioned alone drop that down by 12,100,001. Also, several other "valid" ranges have closed, such as the 700-733 range for railroad workers, despite that range not having come even close to fully used. Then 800 to 999 also count as invalid (you have 200 million numbers wasted right there).



            SSNs are being added at a rate of 5.5 million a year.... that's around a hundred years to use up the remaining pos
      • I don't think they're doing the three digits showing where you were born part anymore now. 999,999 is far too small for our largest major cities now. And I bet they do get reassigned now- otherwise only 4 generations and we'll run out.
        • An invalid (or impossible) Social Security number (SSN) is one which has not yet been assigned.

          The SSN is divided as follows: the area number (first three digits), group number (fourth and fifth digits), and serial number (last four digits).
          From SSA.gov
          To determine if an SSN is invalid consider the following: No SSNs with an area number in the 800 or 900 series, or "000" area number, have been assigned. No SSNs with an area number above 772 have been assigned in the 700 series.

          No SSN's with a "00" group num
      • by itwerx (165526)
        first 3 digits showing where you were born

        They actually indicate the location of residence at the time of submission.
              I know this because my first three digits indicate the state of CA which is where I was living when I got my SSN but it is not where I was born. I had occasion to speak with an IRS employee at a later date and they confirmed.
  • by kbob88 (951258) on Thursday October 12, 2006 @07:58PM (#16416145)
    I used to work in the IT department of a managed care company in the early 90s, and seem to remember something about it actually being illegal to use the Social Security Number for any other purpose (than running Social Security and the IRS). Of course, we (and every else in healthcare) still used it as a primary numbering/identification scheme. Not sure if the illegality was true or not.

    From the Social Security Administration [ssa.gov]:
    • "[Makes] misuse of the SSN for any purpose a violation of the Social Security Act"
    • "Unlawful disclosure or compelling disclosure of the SSN of any person a felony, punishable by fine and/or imprisonment."
  • even more outrageous (Score:3, Interesting)

    by Aeron65432 (805385) <agiamba.gmail@com> on Thursday October 12, 2006 @08:00PM (#16416187) Homepage
    I am a student at Tulane University in New Orleans, Louisiana, and we use our social security numbers as STUDENT ID's.


    It appalls me how irresponsible this is. I have to write out my social security number down for the desk worker if I lock myself out of my room, to log-in to view my classes and grades, and all the time online to manage my account.


    I cannot believe that such a highly accalimed university promotes such reckless actions. SSN's are basically our national ID number, and the fact that I have to throw it around all the time scares me.

    • by hurfy (735314)
      dang, i was a little distrubed when the community college did this 20+ years ago! I would have thought that went out of fashion by now :(
    • by Vellmont (569020)
      I had the same experience at the Univ of Wisconsin Madison when I started in 1990. They used the SSN+1 digit as a student ID. I think it was the last digit that was the student ID. Hopefully they've eliminated that practice by now.
    • Ask them to change it. We just did with our 2 daughters and 3rd just signed up without SSN.
    • by BKX (5066) on Thursday October 12, 2006 @09:50PM (#16417571) Journal
      Or at least allows you to. All universities and colleges MUST allow you to change your student ID to something other than your SSN if you ask (and are encouraged to not use SSNs anyway, though not required). It's federal law (a law passed about five years ago, I beleive). Ask and you shall receive. If you don't, sue and you shall receive even more.
  • My company is definitely not that bad, but SSN is still used on certain internal documents that really don't need the SSN and should just have the employee ID number instead.

    The wrong way to speed up the process - post SSN of your CEO and higher management on the web or even sell them.

    Do some research. See if there are any lawsuits holding companies responsible. Check for hard info on identity theft. Express your concerns to management in a documented fashion. If you can involve lawyers, HR, and the right
  • by BenEnglishAtHome (449670) * on Thursday October 12, 2006 @08:19PM (#16416461)

    ...that my employer [irs.gov], a place flat-out driven by SSNs in many aspects of our work, wouldn't think of using them for anything internal that isn't mandated by law. We issue to everyone a 5-character ID that's used for signons and all sorts of IDs. We used to use a contraction of the user name, but even that has been 95% phased out for years.

    It's not that difficult to quit using SSNs and it's just good policy. I'm surprised that they are still so commonly used in situations where they might be disclosed to anyone but the person to whom it belongs.

    • by Teancum (67324)
      I contend that they ought to be disclosed to anybody and everybody, because the SSN should not be used to establish identity other than to prove that you are a unique individual in the USA. It ought to be no more sacred than your telephone number, which is published in public directories. Why not the SSN?

      It is how the SSN is being misued by banks, and other agencies when it is not what it was established to be used for.
  • I always wondered about this with the SSN's on dog tags.
  • USPS still uses em (Score:3, Interesting)

    by DrMrLordX (559371) on Thursday October 12, 2006 @08:23PM (#16416501)
    I work for the US Post Office at a REC site. We still use parts of our SSN for identification. I don't really want to elabourate, but anyone who wished to steal SSNs there could easily do so.
  • what can be done to speed the process up?

    Leak it.

  • It's only a matter of time before someone gets their hands on the SSN:name database and posts it for all to see.

    What the fuck happens then?

    • That is possibly the most brilliant suggestion I've ever heard regarding identity-theft mitigation in the US. Releasing all of the SSNs is excellent, and we need to do it. Right now.

      Currently, the weakness in the system is that a SSN and publicly-available information is still being treated as secure enough to be useful for identification, despite being demonstrably insecure for nearly all individuals (I'm sure there are a few people out there who have never had a job, but they probably don't need to worr
      • by metamatic (202216)
        Yeah, I proposed basically the same idea elsewhere in this thread, and "on my web site back in Feb 2005.

        My idea, though, is that we have a widely published campaign with a set starting date that's at least a year in the future. So organizations have absolutely no excuse.
  • by Associate (317603) on Thursday October 12, 2006 @08:28PM (#16416601) Homepage
    We were required to give the last four digits of our SSN to get in the gate. Their verification was someone sitting on the otherside of the gate call box with a list of everyone's SSN. I expressed some concerns to my supervisor at the time because I didn't really trust my coworkers. Stupid bitch ran and told our manager that I was going to refuse to give it. She came back and told me that I could be fired for not following the procedure.
    That said, Larry Wise's last four SSN numbers are 2795.
  • I was talking about this at earlier today, because it is of great concern to me. I think I have the start of a solution:

    There needs to be a way to uniquely identify someone, and verify that identity. What does not need to be done is make that id public. That is the whole point of PGP encryption. An national ID number needs to be assigned. I hate the thought, but I finally gave in that it is a necessity. We already have a SSN, so it isn't something new. It just needs to be seperate from your SSN. I
    • by iggymanz (596061)
      or we could have a society in which the government can't id or track people at all. They only check that x number of unique people voted in the last election, maybe by retina scan or whatever. If someone gets arrested they get a temporary tracking which only lasts until conviction or acquittal/release. No income tax in such a world, obviously.
      • by Alchemar (720449)
        As long as you have it put in the law that every goverment department has to use a seperate key, then it becomes usless for most tracking. Each department could track within itself, but if you want to have fun. Make them get a new requester ID every year. Now all they can do is name/age matches. That is what I liked about the idea so much.
    • by kent_eh (543303)
      Since each company that needs your information would have a different number to Id you with, it would prevent massive datamining into your life.

      Which, of course, means that they will do everything in their power (and in the power of whatever politicians that they own) to make it not happen.

      Those same companies want to be able to datamine your life to a greater extent than they do now.
      Their concern about your privacy is "less than none".
      • by Alchemar (720449)
        I don't think any of the companies out there care about your privacy directly, but a lot of companies are losing a lot of money because of the problem with the current system. I think they will do everything in their power to make it a system that they can track everything for financial gain, but I am hoping that people will wake up, and that there are enough votes cast in favor of throwing out the current dictator that he will be unable to compensate with voter fraud. When the new party takes office, I a
    • by infolib (618234)
      they then send that encrypted number to the Department of Identification along with their number where it is looked up on a database and the company is only given your Name and age group

      So now the DoI has a long list of your every attempt at being certified for something - buying booze, viewing adult movies and other heathen activities. Who do you trust with that list? (Or do you really believe it will not somehow be rolled into the no fly list system?)

      The current system sucks, but at least there is n
  • SSNs? (Score:5, Funny)

    by JohnWiney (656829) on Thursday October 12, 2006 @09:19PM (#16417213)
    My employer doesn't, because none of his employees has an SSN.
    • I realize why this was modded funny, but I wonder if the parent was meant to be funny.

      the only reason I ask is because I know of several US Citizens that don't have SSNs.

      After all, there's no law saying you have to have one.

      • by Teancum (67324)
        However, there is a law that says that every employee involved in a business that conducts "interstate commerce" (that is about as vague as it comes) must file with the IRS and report the income payed to all of its employees. That is about 99% of all businesses in the USA, BTW, as even a burger store, locally owned and not even a franchise of a larger chain, is conducting "interstate commerce" if somebody from another state can potentially buy one of their hamburgers. Filing with the IRS requires the SSN.
        • by loteck (533317)
          Of course, you can't have any of your money in a bank either, as you need the SSN (again for tax reasons) to open the bank account.

          this is not necessarily true.

          • by Teancum (67324)
            If it is an interest bearing account that is deposited in a bank insured by the FDIC, yes it is. The interest income is reported to the IRS. As are almost all checking accounts, especially with post 9/11 issues.

            I suppose you can find some accounts that are not tied to the federal reporting statues, but those would not be the typical accounts that are offered by any banks that are federally or state chartered.

            Of course, if the bank you are talking about is "off shore" that is a different issue altogether,
  • I'm a high school teacher in Kentucky. Yesterday, every teacher in the state got an email informing us that letters sent to our homes inadvertently displayed our SSN through the address window!!! Anyone could have swiped the numbers just by looking at the envelope. I'm not worried myself (my credit is so bad I hope someone will steal my identity), but just imagine if some unscrupulous postal employee noticed thousands of SSNs in plain view.
    • Re: (Score:2, Informative)

      by mjs0 (790641)

      Not trying to scare anyone here...but...my wife works in this field (no not stealing identities, helping people resolve issues arising from stolen identities!) and unfortunately it is not just about your credit. If someone gets hold of your SSN together with your name they can 'become you' in many different ways.

      One of the scariest things is when your number gets used for reporting income by many people. Even if income tax is withheld on the wages of these imposters guess what happens when you work 20 dif

  • Using an SSN for an IT ticketing system? What do they do, run a credit check before unlocking a user's account?
  • i'm a victim (Score:3, Informative)

    by feld (980784) on Thursday October 12, 2006 @11:03PM (#16418311)
    i live in WI and someone in Milwaukee (with many, many previous addresses) is reporting my SS. I have no idea how or where they are reporting it, but they're in the database with my #. They have never used it for financial things yet, though, so my credit is fine. I reported this to the cops several times but they won't do anything about it because they arent using it for credit related things. This pisses me off to no end.

    I have the original SS card in its original envelope from 2 months after I was born.

    I had a hard time explaining things to employers when I was a teenager because they'd do checks of some sort and find this other guy's name.... notably Radio Shack and Menards (Like Home Depot) were the main ones causing problems over it.
    • Re: (Score:3, Informative)

      by jcr (53032)
      Not necessarily a single person. Many illegal aliens will pick a random set of digits, and they'll share numbers that work. Depending on the employer, they may need to change numbers annuallly.

      -jcr
  • Thats what it means to many programmers (and creditors), of all the things a person has on them - thier SSN is unique (not totally, there have been mention of dupes - though no accounts I could verify).

    It's not a problem if you are dealing with one location or a small set of locations, but if you deal with state-wide or federal data it gets to be an issue to have a good unique ID for everyone.

    The idea of a national ID would be an alternative (as SSNs go up to 999,999,999 we are running out). ANother would
  • by Michael Woodhams (112247) on Thursday October 12, 2006 @11:44PM (#16418655) Journal
    The problem isn't that people can find out your SSN.

    The problem is that banks etc. use knowledge of SSN for authentication. If someone accumulates debt in your name, based only on their knowledge of your SSN and other readily available data (DOB, mother's maiden name) then you should be able to simply disown those debts, sticking the problem back on the people who accepted inadequate ID.
    • by dowobeha (581813)

      Quattuor res in hoc mundo sanctae sunt: libri, liberi, libertas et liberalitas.

      Translation? :)

  • From the Privacy Rights Clearinghouse: Your Social Security Number: How Secure Is It? [privacyrights.org]

  • by Anonymous Coward
    In some countries the SSN-equivalents are public and not excpected to be a secret usable to prove your identity. E g in Sweden the Personal Number of all citizens is public. No organisation would use knowledge of the PN as proof of identity. That is what a photo id form an acreditied organisation is used for. The PN is simply a good key to use.

    One may argue that having compatible unique keys in almost all databases enables or at least simplifies abuse by correlating various databases. But as far as identity
  • "My company, a fairly large telco, still uses social security numbers for non-financial purposes; mostly for our IT ticketing system. I find it amazing that in these times, with how easy it is to use an SSN to obtain credit, that any company still does this."

    I would say that the problem is not that your company uses the numbers for non-financial purposes, but that it is easy to use it to obtain credit.
    *that* is the thing that should be fixed. Don't attempt to keep something like an SSN a secret, because th
  • My former didn't stop SSN as employee ID until they launched a two year project to consolidate all the the various HR processes into one big enterprise management software package. Keeping identification numbers straight during the switchover was a huge headache. Every current and former employee had three ID numbers during that time.. SSN, old employee ID (which was 0 + SSN, don't ask me why) and their new randomly-assigned employee ID. Keeping those numbers straight during the transition, making sure
  • Perhaps it shouldn't be so easy to missuse SSNs? Why do you have companies that allow the use of just SSNs to signup for something? SSNs and their equals are a very good identifiers but only if you have a password or something else that has been established as yours already.

    SSNs are the perfect single sign on.

    I don't see the problem at all...
    • by Teancum (67324)
      The biggest problem is that the SSN is misused by far too many banks and other institutions as a password to prove identify. Instead, it should be used as a part of somebody's name, such as "I am John Q. "532-66-3321" Public".

      If a SSN is used in any other context or manner, it is that context that is out of line. The same should be said for a mother's maiden name or any other "proof of identity" that is suggested. Instead, identify needs to be established with some sort of "trusted" group that makes a re
  • http://www.gao.gov/new.items/d051016t.pdf [gao.gov]

    Basically, federal and state laws have all sorts of different restrictions. Related to this topic, it says:

    The Michigan law also contains a prohibition against the use of SSNs on identification and membership cards, permits, and licenses. Missouri's law includes a prohibition against requiring an individual to use his or her SSN as an employee number. Oklahoma's law is unique in that it only limits the ways in which employers may use their employees' SSNs, and

  • We used to have SSNs on certain employee forms until I noticed them and mentioned that it was a bad idea to my supervisor. I removed it from the forms (we also have a unique ID number for employees). I also set it up so fewer people have access to SSNs.

    Seriously, though, this is /.- most of us here work in IT, so we are the ones who control the information distribution in our companies. If you notice something stupid about how SSNs or other personal information is distributed, tell your boss (or your
  • I need to get a tax form form Meryl-Lynch. I had moved right before they mailed it out. I called to give them a change of address. In order to log on the system I had to enter a username and password, the system told me the default was username:SSN Password:Last 4 digits of your SSN. It then informed me that I did not have a valid PIN number for the system, and asked me to enter one. I then got through the voice mail system to a real person. The first thing he asked was to verify the address: I explai

"One Architecture, One OS" also translates as "One Egg, One Basket".

Working...