The problem, as I have stated in other threads, is that your SSN is a public unique identifier, just like a username. Just like “Lemur866” identifies me to the administration and users on the Dope, a SSN identifies me to the Social Security office, and other entities that use that number.
Except, it only works if your identifier is public. If it’s secret, then it’s of no use. So if your name is secret, your address is secret, your phone number is secret, your SSN is secret, license plate number is secret, your email address is secret, no one can contact you or identify you.
And so your SSN is not secret. It’s written down in dozens or hundreds of places, like medical records and job applications and on and on and on. Remember this. Your SSN is public.
But there’s nothing wrong with a public unique identifier, in fact you pretty much need one if you’re going to, you know, identify people uniquely. You display your license plate number on your car every day, and never worry that someone is going to steal your car’s identity.
The problem comes when institutions confuse your username with your password. You call them up and say “Hey I’m Bob Smith”. And they say, “Oh yeah? If you’re really Bob Smith, what is your SSN?” And you say, “123-456-7890”. And they say, “Wow, it really is you! OK, let me hand over your private information!”
This is akin to being stopped by the cops, and them saying that they think the car you’re driving was stolen. So they come up with a foolproof way of finding out whether you’re the real owner of the car. If you can tell them the license plate number of the car, then you must be the real owner and will be free to go.
Your SSN is public and can’t be changed without a major hassle. This means it is not secret, and any institution that treats knowledge of your SSN as proof of identity should have their management dragged into the street and strung up by their testicles.
I have a unique identifier here on the Dope, “Lemur866”. Everyone knows what it is, everyone knows that this string of characters identifies me. But no one can post information here on the Dope as “Lemur866” just because they know my unique identifier, not even the administrators. To authenticate me, I must provide something else, my PASSWORD, and no one else, not even the administrators, know what my password is.