Um, thanks, that’s exactly what I said.
Hats off to Shagnasty. I came in to post essentially what he did, specifically that legacy systems are forever, and that no, not only the “right” people have access to your data. Human nature trumps security protocols.
Data migration is done all the time. You set up a table that defines the values in Database A, another table that defines the values in Database B, and another table that defines the relationships between the tables. So in A you have the key, SSN, Lastname, Firstname, Date of Birth in MM/DD/YYYY, Address, and in B you have key, NameFirst, NameMiddle, NameLast, Date of birth in DD/MM/YYYY, Phone number, email address, SSN, shoe size.
Then you define the values that are the same in each database. Having the same primary key is not needed to establish that two entries in two databases refer to the same person, in fact it’s ridiculous to believe that the primary key must be the same between databases. So if you are migrating data from A to B, you say Lastname=NameLast, Firstname=NameFirst, SSN=SSN, define the DOB format, and so on. It’s something that has to be done carefully, but it’s done all the time and never depends on both databases using the same primary key. The primary key is simply arbitrary.
Our tax system uses the SSN to uniquely identify people. That’s fine. But this works because you generally can’t change your SSN. Which means it can’t be secret, because it’s used everywhere. Donald Trump’s SSN is no more secret than his name, and if he changes his name or SSN it can’t be secret because we need to know that the guy who paid such and such taxes in 2014 is the same guy who pays such and such taxes in 2015, and the guy who went to prison in 2007 is the same guy that’s getting released in 2017. A SSN might be obscure, but it’s not secret.
It was once common at colleges I taught at to use SSNs as student IDs. Each class roster/grade sheet I was given had SSNs next to names. Since I keep old grade rosters for my records, I have a treasure trove of potential identity theft material.
Once place was particularly bad. It had a tear off copy of the grade sheet that just had the SSNs and grades on them. Profs were supposed to then post these outside their doors so students could see their grades quickly without bugging us. (Later it went all online, of course.)
I never did post those. It was scary. It was really easy for people to figure out other student’s SSNs (and grades) given they were listed in alphabetical order.
I support this OP 100%. Here’s the thing – SSNs are misused, yes. Whether or not they’re used as PKs in databases (they shouldn’t be) is beside the point – any database that tracks people is probably going to need SSN somewhere for communication with the outside world.
In the military, our ID number used to be our SSN. It made sense – everyone already had one and it was unique. Then credit card companies started to treat SSNs as passwords, giving anyone a credit account as long as they knew a person’s SSN. Gah! Garbage! What is that shit?
In response, military and other gov’t organizations moved to make SSN secret. In the military, we’re now given a 10 digit number called an EDIPI that we can use in databases besides SSN (still not as a PK, mind you). Except SSN is still ubiquitous, so any database that stores EDIPI is also, 99% of the time, going to have SSN. Meaning if you know someone’s EDIPI you can probably social engineer their SSN out of some front line tech, or if you hack into a database and you have a list of EDIPIs, you can pull out all their respective SSNs.
The obvious result of this chain of events? We’re now being told to keep peoples’ EDIPIs secret! Can you imagine? It’s secret numbers, all the way down!
The solution would be to go back in time and smack the crap out of any financial institution or gov’t agency who used SSN as a password and send all of those people to security school. If you want a credit card, you should be required to show up, in person, with a photo ID so that someone can verify your identity. Meanwhile, you should be able to print your SSN on your forehead and suffer no more ill consequence than if you printed your name on your forehead.
Basic tenets of security:
- Identification – announcing who you are (Real name, username, flashing a badge or ID card, announcing your SSN, EIN, EDIPI, whatever) – should be 100% public
- Authentication – a method of verifying that someone is who they say they are – password, PKI, validating a photo ID or badge, etc – needs to be secure
- Authorization – verifying whether the identified/authenticated person is allowed to do whatever they want to do (open a credit card, log into a system, access those nude pictures over there, etc)
Personally, I think we’re past the point where the gov’t should have set up PKI for the general public and pushed to make chip and pin authentication ubiquitous for everything. That’s my answer for how to solve this. Make SSN useless for anything other than a unique identifier, require people to open accounts in person or with a chip/pin set up on their computer using PKI. Come down hard on any company that allows someone’s identity to be stolen if they’re not using a decent method of authentication.
Just to emphasize, every time some agency flips out about a data breach and urges people to keep their SSN secret, it’s a move in the wrong direction. It contributes to the problem and confuses people about proper security. People need to get in the right mindset to protect themselves, and telling them to keep their SSNs private is counter productive.
Anyone who thinks that if an unknown person knows your social security number they must be you is just insane. It’s like calling up the bank, telling them you’re Donald Trump, and they challenge you with a security question: “Oh yeah? If you’re really Donald Trump, what’s your name?” And when you answer “Donald Trump”, they’re convinced you’re the real Donald Trump and hand you a million dollars.