I’ve been thinking about social security numbers and how often we have to give them out lately. Then, with this, it seems all the more apparent that there should be some higher level of security on SSNs.
Would it be possible to set up a system where a person could set up an account to monitor the use of his/her SSN? The person would set up a login that would allow him to see all of the times that his SSN is used for verification processes?
Just like the bank notifies me when any transaction over a certain amount is carried out, shouldn’t it be possible to set up a system that sends you an email whenever your SSN is used?
This implies that there is some sort of centralized dingus which is pinged every time somebody writes down or looks up an SSN. No such dingus exists. A bazillion databases are out there, many using SSNs in their tables, and they don’t have any reason to inform one another when somebody’s records are accessed.
It is possible but not really feasible. Tying together that many databases from different sources would cost many billions of dollars in upfront costs and billions of dollars a year to maintain. Even then, identity thieves could still work around it pretty easily since they tend to work fairly fast. As a systems analyst, I don’t think it is worth it.
The government and all kinds of companies both large and small. There are thousands of them out there if not many more. I recently worked on a number of them that had all identity information for millions of people in the U.S. and that is just one company. There are already strong privacy laws in place with potentially severe penalties for misusing that type of data but it is fairly trivial for a systems person to do if you wanted to. There is no good way around the problem.
Some libraries still have patrons’ SSNs, but the good ones have switched to other unique identifiers. What we really need is a public/private key style ID number.
So what could be used as a unique identifier instead of having companies depend on the Social Security number?
What we need is a unique alphanumeric key assigned at birth, derived from something unique to you as an individual.
e.g. DNA sample encoded in a certain way + thumbprint encoded in a certain way, mash those together, and generate a unique number. (you cannot rely on just DNA for cases like identical twins.) Let’s call it the DNAPID (DNA + Print + ID)
The unique number could be used by a criminal but you could eventually prove without a doubt that the criminal is not the “real” person corresponding to that DNAPID since they could not provide a DNA sample and thumbprint to match.
I realize that there is a problem with thumbprints in cases of people missing thumbs. That part of the idea needs some work. One thing any human being has to have is DNA, and a functioning brain, but I can’t think of anything to combine with DNA besides a fingerprint or thumbprint.