I have to send my SS# to a prison I intend to visit. what is the most secure way to do this? fone? two separate emails? text?
Phone.
I was going to post a thread about this too. Sometimes small businesses will ask for your credit card number via email (eg people who rent their rooms out). They don’t have the secure systems or technical knowhow to open encrypted emails. Is it safe to just email it to them?
It depends on how tech-savvy you and your recipient are. A properly-encrypted e-mail is going to be an essentially unbeatable level of security, but that depends on your recipient setting up a public-key encryption system, and requires a fair bit of extra work on both ends.
Phone, though, is almost certainly good enough, since the only people likely to have the means and opportunity to sniff it out are people who already have legitimate means of learning your SSN.
I think the more important question is: What format is the prison system willing to accept it in?
I can just imagine if you call some bureaucrat at the prison who spends his/her whole day dealing with buddies and fellow gang members wanting to visit some hard-core criminal or general loser in prison and say “This form asks for my SSN, but I’m going to send it to you in 9 separate emails triple-phase shift key encoded and randomized.” I can imagine that the answer might just be “Do you want to visit or not? Fill in Form PS-54a like everybody else and mail it to us or stay home.”
Frankly, I’d be far more concerned about what is going to happen to my SSN after it reaches the prison than about it being compromised in transmission to the prison. (I am not saying that the prison bureaucrat in charge of visitors will do something wrong, but your SSN will go into some filing cabinet somewhere that somebody will, possibly years from now, mishandle.)
When you show up at the prison how exactly are you going to demonstrate that the SSN is yours? The only thing I have with my SSN on it is my SS card which I don’t carry with me and specifically says it’s not to be used for identification.
If you only have to orally give your SSN when you arrive at the prison, you can, I presume, send a random 9 digit # to them as long as you can remember it.
Give them a 9 complement of your SSN, then you can redetermine it easily
The only thing I have with my SSN on it is my SS card which I do carry with me as I was specifically instructed to do when I first got it way back in 19 mumble mumble. Carrying your SS card does not constitute using it for identification.
They are almost certainly breaking their agreement with their bank by doing this, just as a point of note. There’s probably a good reason this is written into the merchant agreements.
Password protect a pdf or word document containing the information. Call and provide the password over the phone as you’re sending the email. We use this method all the time in my department. Encrypted email isn’t secure enough for our tastes.
Unless, of course, they use your SSN to do a quiet background check on you before you show up, in which case they’re likely to be interested in a completely different visit than you might have in mind once you show up and attempt to use your fraudulent SSN. Not that I’m paranoid or anything.
Quite the contrary. A PGP encrypted email is pretty much unbreakable while PDF and Word passwords have been broken. You can search for “password recovery tools”.
NONONONONO!!!
The usual protocol for emailing sensitive numbers like this is to make multiple transmissions. You might send fragments of the number or alternating numbers, with a pre-arranged agreement on how the recipient can piece the complete number back together.
However, I think Alley Dweller has it right when he says that this is just too much hassle for most bureaucratic wage slaves to bother with.
Phone or fax would be my first choice.
If that’s not feasible, use some kind of file-sharing service. My business uses a file portal with passwords set up for each user so that we can securely send files. However, there are plenty of options, some of them free. A lot of clients send me files via YouSendIt and DropBox.
DropBox links are admittedly public, but if you delete the file immediately after the recipient gets it, it’s not likely that a hacker had time to intercept the e-mail and download the link. (Though I’m not a believer that the word “likely” should have any place in a discussion of security, but my standards are higher than many people.)
My non-technical two cents:
Yes, email is not secure. But what is? They can hack into the phone system and listen to your phone call. People mail physical documents with SS numbers in them all the time and they just sit in mail boxes and are handled by post office employees. At some point security by obscurity is deemed good enough.
There are billions and billions of emails sent around the world every single day. A vanishingly small number of them have SS numbers in them. Why would some hacker try to use this medium to get SS numbers? There are far easier ways of stealing identities.
Phone calls don’t sit around archived for years on insecure PCs. “Microsoft support” scammers don’t trick people into giving up access to the contents of their phone calls.
So when the OP calls them on the phone, the prison office lady will write down the OP’s name and SS number. She will probably use a sticky note. And then she will probably throw it away in a wastebasket that is “emptied” by prison inmates.
Look, I am just saying nothing is secure. For any method, we just have to accept a certain amount of risk and don’t live in fear.
I know people that agonize over giving their credit card number to purchase something through an online store, but don’t hesitate to hand their card over for 10 minutes to the 17 year old waiter who has had 3 jobs in the last two weeks.
So… phone?
This goes against every regulation out there for the handling of secure information. Most people are not this stupid. Shred bins, you know? They’re everywhere. I’ve never worked at a prison, so who knows. But I would be **very **surprised if this happened regularly, rather than as an exception.
If it’s worth going through this much trouble, then it’s worth going through about the same amount of trouble to do it right, using actual encryption. If someone can intercept one e-mail, they can intercept multiple e-mails just as easily.
I totally agree but some people/places are just backward and refuse to try anything new. Some years ago I bought a book from Australia and needed to give them my credit card number. In the end I sent an email with a scan of the card with the four last figures blacked out. And then, from a different email account of mine to a different email account of theirs an email with the four missing digits.