Social Security Numbers: release them all

The situation with identity theft and Social Security Numbers is getting worse. Recently it was announced that several US government agencies' web sites had been displaying thousands of SSNs for more than 10 years. In response, the pages were taken down, and the government has offered free credit monitoring for the individuals whose numbers were exposed. There have been other cases where even millions of SSNs were jeopardized.

But my question as a random philosophizer is, is the problem here that SSNs are being exposed through malfeasance and/or malefaction, or is the problem that these numbers, part of a system created 80+ years ago for reasons having nothing to do with unique personal identifiers, are being used as critical pieces of personal ID?

I think the answer is clearly the latter. SSNs are useful to identity thieves solely because they are a handy way to tell people apart, and because there is an assumption that they are private.

It is very expensive to protect SSNs, or to pay for credit monitoring when they are exposed. And under the situation we are in today, when one is exposed, it clearly does make the individual who holds the number more vulnerable to fraud via identity theft. I think that the whole approach is wrong-headed.

The random philosopher's plan for dealing with SSN exposure is very simple: the government should immediately open a database on one or more of their web sites listing all SSNs, along with the names and DOB of people registered under the numbers. This should be a public web site, with no restrictions on access.

While it sounds rather absurd, what this would do instantly is remove all expectations of privacy with regard to SSNs. It would not interfere with the administration of Social Security: the numbers would still be perfectly useful as Social Security account numbers, which is all they were designed to be. But they would no longer be useful in any way to help someone prove their identity, which would eliminate the problem of SSN fraud and of identity theft based on SSNs.

A minor advantage of this would be that employers could do some basic checks on employees claiming certain SSNs, just name, DOB, gender; the basic info on the Social Security card, which would be in the public database. This would help prevent people from using the wrong SSN, either through error or deliberately.

SSNs could still be used as unique identifiers, something they are extremely useful for, but they just wouldn't be useful as proof of identity. Instead, something more useful would have to be developed for this purpose.

Most people who have studied this problem concur that "smart" codes, along with biometric data of some sort (fingerprints, photos, retinal photos) are much more useful for this purpose. Another element of a reasonable system of identification is to have multiple independent sources of identity, so that even if one source is exposed or contaminated, the other sources would continue to be valid. However, the specification of a viable system of identity is beyond the scope of this note.

In summary: Social Security Numbers were never designed to function as proof of identity, and as a result, inadvertent or deliberate exposure of SSNs is a tremendous problem in our society. The problem with SSNs can be solved overnight if the government simply publishes them all, removing all expectancy of privacy from them. This action would have several additional advantages, but its primary effect would be to force bureaucracies that have been misusing the SSN as their clients' personal identifiers to find something better for this purpose.

No comments: