Other people touched on the answer but let me make it more clear. Information about individuals is held in databases, usually thousands of different ones spread throughout the government, medical industry, and other businesses. Databases need to connect to each other to compile information and they need a way to do that. Most databases aren’t designed to do careful research about who is who. They just need a common key to link everything together. In the U.S., that key has become the social security number as the de facto standard. Records that have the same SSN get linked together as the primary key. That is really the only good way to do it. You can design systems to cross-check by things like names and addresses but there aren’t any common rules you can use. People, especially females, often use multiple names and may have multiple addresses.
In the computer age, billions upon billions of these records are joined together automatically without anyone looking at each result. If someone assumes your identity through your social security number and takes out bad loans, it will get linked to you until you find out about it and take the steps to correct it which may take a lot of time and energy.
Social security numbers aren’t very secure at all however. I used to work in IT benefits outsourcing and had access to millions of people’s personal data including their social security numbers but way beyond that as well. I had to go through a basic security screen and HIPAA training to get access to it but there are thousands of people in those types of jobs that can get detailed info on almost anyone and assume their identity or sell it if they wanted to. There isn’t a good defense against it. Some people have to be trusted to work on the databases and they could potentially make a copy of the info for a significant portion of the U.S. population and put it on a USB flash drive and sell it or post it somewhere. That does happen the same way that people that gain access to credit card databases can steal a huge number at once. There is no way to stop it based on the current system.
In addition you only get one SSN. If someone starts abusing your credit card number, that number gets canceled, and you are issued a new number. If an identity thief is using your SSN to take out loans, etc. you have to stop them via credit holds and such.
The original purpose for SSNs is to link up all your contributions over a lifetime of many different jobs, so it would cause problems if they got canceled and re-issued.
In the military anyway your SSN may as well be tattooed on your forehead and printed on your business cards. It is used for every single thing you do throughout your career and is very poorly protected in practice. You can’t refuse to give it to someone who needs it.
This has always really bothered me as a military member. They should go to a service number and do away with using the SSN for everything.
There’s also the problem that a SSN is being used as, essentially, both a username and a password. Not usually (I hope) in the same situation, but it seem that for every situation where the SSN is used to identify who I am, there is another one where I’m talking on the phone and I hear “To confirm your identity, can I get the last 4 digits of your SSN?”
That would be our social security number. They might have changed the practice, but when I was in Basic, they made us write it in big numbers on our duffel bags too. You know, the ones we carried all of our stuff in when we went to the airport to fly to our next base. :rolleyes:
There is a counterpoint to the use of a SSN. Here is Oz we have had a few battles to prevent the introduction of a universal identity. (In practice we do have one - our version of the SSN is our Medicare number.) The arguments about the introduction revealed an interesting divide between the populace and the government - something I am surprised doesn’t resonate a bit in the US.
A SSN does indeed allow disambiguation of identity. My name isn’t exactly common, but there are at least half a dozen more with my name in the country. I used to get phones calls for one of them. A country wide mechanism for disambiguating all those records held by government and the private sector on everyone, was something viewed with distrust. The reality was that the population realised that they liked a situation where it wasn’t always absolutely clear that Joe Bloggs who was claiming welfare was the same Joe Bloggs who had business dealings in another city. And so on. People were less than happy that the government might become efficient in its ability to track them. Letting that efficiency leak in to the private sector possibly even worse.
We still have two government numbers that matter. Our Medicare number and tax file number. They are pretty much fixed for life one allocated. TFN is sprayed around to financial organisations and employers for obvious reasons. But Medicare number pretty much goes to medical professionals and hospitals, and that is it.
Thanks everyone!
I think my point has been understood. SSN is trying to serve two uses. They conflict. It has it’s original purpose of connecting a person to a database-the SS database of employment. Many organizations have found that it works equally well with other databases. No surprise. It is a useful tool and as such should remain. I also contend that other strings can be devised to accomplish the same thing. It’s second use, as a means of identifying a person, doesn’t work as well and conflicts with the first use. I contend that the second use is inappropriate and another method should be used. Doing so would, in my opinion, greatly improve personal security. Since using the SSN for this purpose, is quite insecure. Heck years ago some states used SSN on drivers licenses and then sold the drivers license information to anyone who wanted to buy a copy of that public record. Long ago it is true.
So, since this thread has ended up in GQ (thanks-I didn’t dare to hope it would rate a promotion!) , anyone have any good ideas about how to devise a useful and secure means of identifying people? And after that, anyone care to opine as to whether that would be a good idea?
Here in Canada, the official rule is that your SSN is used to identify you to the government(s) and that you are required to supply it to your employer and other businesses that issue tax forms concerning you, such as investment banks. In theory, nobody else is supposed to require it.
In practice, of course, any business that wants to do a credit check (mortgage lender, cell phone carrier) will ask you for it, and they’ll treat you as a nutcase if you assert your right not to supply it.
Back in '05 I had to work on our local version of SSN-protection statutes. We had to do quite a bit of work even for partial effect - among the bills were that the Commonwealth government agencies were not to use a citizen’s SSN as the published case/docket/claim/complaint/whatever number, but just keep it for internal reference use in accessing the taxation/benefits systems; that no public or private entity may post it anywhere public; that if having to release any document that contained the SSN, redacting the number was mandatory and would not be considered legally an “alteration” of the document; that public and private educational institutions were not to use it as student number; that public deeds of record were not to include the SSN as identifier of the signatories on the paper, but rather a statement from the notary/registrar if they had checked it out; that employers were to use it only for tax purposes and not as everyday ID number; that private merchants save for specific exceptions may request it; etc.
It was really, really pervasive, in many cases we had to make an exception for using the “last four”. And yes, part of the problem is that it’s been used as simultaneous username and password.