Social Security Numbers Code Cracked By Researchers

Identity theft is a real problem these days. All of us know at least one person who has been the victim of identity theft. And guess what – now there’s more reason than ever to fear for your identity safety. It turns out that some really smart people have figured out how to accurately predict your Social Security number by using only your birthday and state of birth. Go figure. Here’s the details from ScienceDaily.com:

Project lead Alessandro Acquisti, associate professor of information technology and public policy at Carnegie Mellon’s H. John Heinz III College, and Ralph Gross, a post-doctoral researcher at the Heinz College, have found that an individual’s date and state of birth are sufficient to guess his or her Social Security number with great accuracy.

An example is the Social Security Administration’s Death Master File, a public database with Social Security numbers, dates of birth and death, and states of birth for every deceased beneficiary. Its purpose is to prevent impostors from assuming the Social Security numbers of deceased people. But Acquisti and Gross found that analyzing the death file enabled them to detect statistical patterns that would help them predict Social Security numbers of the living.

Oh great. If you research the history of Social Security numbers, they were never meant to be used for personal identification (aka personal identifiers). Social Security numbers were developed in the 1930’s as a way to track individuals for taxation purposes. Of course, the government warned the private sector of using Social Security numbers as personal identifiers, but the private sector did not take heed of the warning. Over the years, however, many companies began to use Social Security numbers as a way to identify people. In the end, it all spells danger for us. Maybe. Just hope your number doesn’t get stolen.

To fight this problem, the Social Security Administration has been working on a system that will randomly assign Social Security Numbers. However, this is only a band-aid. We need a new personal identifier altogether. Good luck with that.