Security's Everyman

Security's Everyman

Monday, December 10, 2007

Have SSN's outlived their usefulness?

Everywhere you look someone has lost data that contains SSN's. It's on a spreadsheet, on a USB key, in a database, in a text file or email. We treat them like they are just a number that has no real value. Everyone asks for them from your insurance company to the phone company. Why does anyone other than our employer need our SSN? I've blogged about this before and had a poll about their use but I still don't have any clear answers.

Recently in the news we read about the breach at the Oak Ridge National Laboratory and one of the pieces of data that was stolen was visitors SSN's. Why did they have to give their SSN to visit? If we don't trust them enough to have "normal" identifying methods then why were we allowing them to even visit? Why wasn't this data encrypted? Why was it still in a state where it was easily accessible since the newest data was 3 years old and the oldest was 18 years old? This is just completely unacceptable for any responsible party to continue to have "vulnerable" data after all that has gone on in the last few years. The government should be leading the way in showing us how to secure and actually doing it. Not leading the way in showing us how to lose data.

The other thing that really gets to me is when companies want you to give out your SSN when applying for their service. WHY!!!!!! Why do they need to know my SSN just to hook up my phone or allow me to watch TV! Then when you object they act like they have no choice but if you push hard enough they will give you an alternative. What I want to know is why not offer the alternative as the only (or at least first) choice. Why not remove the choice of giving your SSN. There are other ways to prove a person's identity or their "risk rating".

I know that many have said that SSN's are so compromised that the only real choice is to throw them away and start over with something else. Some say why bother protecting yours because more than likely it is already publicly available. I say I DON'T CARE!!!!!!!!!!!!!! What if it is easy to find my SSN? IT'S STILL MINE!!!! I should be the one that determines who can and can't have access to it and use it. NOT THE PEOPLE WHOSE SERVICE I AM SEEKING TO PAY FOR!

We have to change our perspective on things. We have to quit having such a nonchalant attitude about our personal information and other things that matter to us. We have to quit rolling over and playing dead and acting like we have no other recourse but to give in. I know that SSN's are a US issue but other countries have similar methods of identification that are just as vulnerable and just as abused.

I had a conversation with a lady a few months ago who worked in IT for a school system and she was commenting on how many Latin students in the elementary school had SSN's. I said that they were probably born here by immigrant parents but she insisted that most of them had been here less than a year. Then I said that maybe that it was a ITIN (Individual Taxpayer Identification Number) since they look like SSN's and go in the same field on most forms. Again she insisted that they weren't ITIN's but real SSN's. If that is true then what does that say? Either they are stolen, their parents lied to get them one or SSN's have become completely meaningless and that getting one is no harder than filling out a form.

Maybe they have outlived their usefulness?

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.