Rethinking Sensitive Information - Social Security Numbers

Saturday, November 05, 2011

Rafal Los



Every time another one of these articles[1] comes out about a massive disclosure of US-based Social Security Numbers (SSN) I am forced to wonder whether this system of that magic 9-digit number is fundamentally, completely, and irreparably broken.

Most recently we learned that the US office of Social Security has been sweeping what amounts to a serious breach of information via the "Death Master File" under the rug, and since many Federal Agencies are exempt from state data breach laws one has ever had to disclose anything.

While I could sit here and underscore the utter lack of understanding for basic information security in the various government agencies and their complete contempt for the data breach laws that everyone else has to adhere to - that's not the point of this post. 

We all know how completely backwards and "from the 1950's" governmental agencies are - just ask the GAO[2]... so I'm just going to leave it at that.

I believe it's time to re-think those 9 magic numbers that dictates our identity here in the United States. 

Until less than a decade ago, those 9 magical digits were printed on checks, drivers licenses, and who knows what else... so why do we even consider them 'private' anymore? 

It's high time for a change.  There needs to be some other way to identify people here in the US.  It's not just that many SSNs are being re-used, or that there have been disclosures all over the place - all these come together to prove the SSN is a lost cause.

Heard all this before?  So have I.

Public and private entities alike have proven that having a single nine-digit number as the gateway to our identities is not appropriate.  There needs to be a new system set up, before the situation gets worse.

Data breaches and identity theft costs organizations billions of dollars a year - so perhaps we need to push the government to come up with a new way of verifying the identity of its citizens? 

The best way to stop the pile-up of data breach and identity theft losses is to enact some legislation which can change the the way identifying information is structured... in my humble opinion.

Do you agree?

  • The Republic - "Social Security kept silent about private data breach" - October 13th, 2011 -
  • GAO Report to Congressional Committees - "Weaknesses Continue ..." - October 3, 2011 -

Cross-posted from Following the White Rabbit

Possibly Related Articles:
Information Security
breaches Privacy Government Social Security Numbers Personally Identifiable Information identity
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.