Bell Curve The Law Talking Guy Raised by Republicans U.S. West
Well, he's kind of had it in for me ever since I accidentally ran over his dog. Actually, replace "accidentally" with "repeatedly," and replace "dog" with "son."

Saturday, May 27, 2006

Is Our ID System Outdated?

It was reported today that CSU Stanislaus has had a security glitch that put the names, birthdates, SSNs and other such data on Google. According to the report it isn't the first time this has happened. (As an aside, the article says that the school stopped using SSNs for student IDS last year. I thought that using SSNs for ID purposes like insurance cards, drivers' licenses, and student IDs was illegal? Do state institutions get a pass on that one?)

In light of last week's news that a computer had been stolen containing unprotected ID info for veterans and their dependents, and in light of the number of undocumented immigrants who seem to have no trouble getting false SSNs (or those of the deceased), I have to ask a simple question: Is a social security really an effective ID system?

It is a 9 digit number, the first 3 of which indicate the state you were born in and the other 6 being random. Perhaps Bell Curve can tell us the number of possible permutations. But I am beginning to think that having a thumb print scan may not be such a bad idea. I wouldn't go for the total biometric idea, but I sense that we may have to come up with something new.

What do the Citizens think? What new type of ID system should we employ? Is the SSN system outmoded?


Anonymous said...

I'm not sure if the SSN system is the problem in and of itself. Rather I think the problem is that the people who gather this data cannot be trusted to keep it safe and private.

The real concern I have is not only for identity theft but for the promises from various government officials that our own liberty and privacy is not threatened by national information gathering projects such as Total Information Awareness and national ID cards.

Stories like the VA and CSUS cases make it clear that trusting to the competence of bureaucracies is a risky matter. Why should we trust their motives as well? 

// posted by Raised By Republicans

Anonymous said...

I wish there was some way to bar or at least discourage companies (or government agencies) who don't actually need your social security number from using it as your customer ID.

While it might be necessary for your doctor's office to have it in their files somewhere, do they really need to ask for it every time you come in? Why not use your date of birth? Or your name, for Pete's sake? I just stopped writing it in and haven't had a problem yet. As long as they get that sweet, sweet, PPO card, I think the front desk could care less.

When I was in college, we were assigned a student ID number that was not our Social Security Number. Sure, it took us a whole week to memorize it (since we were smarter than the average bear and it was printed on our ID cards), but the student ID number was more than adequate for meal plan transactions, going to the Health Center, and getting exam results.

I don't know if having a public and a non-public ID number is workable out in the real world, but it certainly kept the identity genie in the bottle.

In law school, the Powers That Be decided that everyone at Rather Large University had to use their SSN as their student ID number. There was no way to opt out of this, and it made me really uncomfortable and paranoid since Rather Large University required you to use your student ID for meals, at the Health Center, etc., and any enterprising insider could have turned a quick buck selling the information. To make things more fun, there was no campus mail center, and if you lived in the vicinity of Rather Large University, your mail was stolen out of your mailbox with alarming frequency.

After this experience, I began to use online banking and credit card monitoring, and that's worked pretty well. I can tell if something's gone wrong in days, rather than weeks, and I've been pleasantly surprised to find that even my big ugly national bank is more than happy to blow out fraudulent transactions.

One of the unfortunate by-products of late-night news shows is that many people who could be greatly helped by learning how to use online banking are terrified of the Internet ("She went on the Internet - AND NEVER CAME BACK. Film at 11.")

A lot of the things that put seniors (and the rest of us) at risk for identity theft - paper bank statements, checks sent to mailboxes, writing paper checks and putting them in private mailboxes - can be eliminated or diminished through using online banking.

-Seventh Sister  

// posted by Anonymous

Anonymous said...

RBR is right that we ought to be concerned about how data is handled. But we also have to stop offering it up, as 7th Sis says.

My favorite was when I signed up for a video rental card and they wanted my SSN. This is usually for the credit check. I, like 7th Sis just leave that box empty or I make them explain why they think they need it. The answer is usually something noncommittal or "I don't know". "Well do you think that you should ask people for information if you can't tell them why they need it?" "Ahh, I guess not." Then I still leave it empty just to show them that it is silly to ask for information. You'd be amazed at how many of us just fill in boxes without thinking. We assume they need information that they don't.

I angered a nurse one time because I went into the clinic with a sore throat, knowing it was strup. She started asking me questions including when I last menstrated. I asked why she thought she needed that information when I was there for a sort throat. She just looked at me with dumb look as if to say, "Dahh, like because I asked you." I responded with "So what you are telling me is that you don't really know why you need it, right?" "Well, it's just a question on the form. You don't need to tell me if you don't want to." "OK.", I said. She stood there for a minute and said, "Well are you going to tell me?" I refused and she got all pissed off and huffed out.

See, so much that they don't need to know and when you ask why, they get all agaited.

I think a "public" and "Private" number wouldn't be a bad idea. Although, I suppose they'd still have to be linked and that would end up compromising everything anyway. 

// posted by USWest

Anonymous said...

Another thought . . . maybe we need to get them changed like once every 10 years or something.

My employer treats my computer password with more care than my SSN. I have seen and experienced the mishandling of my SSN by my employer without my authorization. People don't respect SSNs. They make me change my password every 90 days. But your SSN is with you cradle to grave. I think my Passport number is a safer ID than my SSN.


// posted by UsWest

Anonymous said...

I think the SSN should be abolished, for the most part, since it cannot be made safe. Why does my car have a 17-place alphanumeric code, but I have a 9 digit number keyed to my place of birth? At the very least, the SSN and birth date should not be able to unlock so much other information! 

// posted by LTG

Dr. Strangelove said...

7th Sister writes, "A lot of the things that put seniors (and the rest of us) at risk for identity theft - paper bank statements, checks sent to mailboxes, writing paper checks and putting them in private mailboxes - can be eliminated or diminished through using online banking."

I agree and applaud that sadly uncommon attitude. Many people wrongly feel that internet data is more vulnerable than paper data, despite all the protections and encryptions available to secure online data. People distrust internet security protocols for essentially the same reason they distrust radioactivity security protocols... because they cannot see them and do not understand them. And all the TV misinformation about hackers only compounds the problem. Electronic voting machines suffer from a similar fear of the unknown. Despite the long history of actual tampering with paper ballots, people are more afraid of potential tampering with electronic ballots... even though to do so is much more difficult and usually much easier to catch.

Yet I do not blame those who are worried. Like 7th Sister, I give the media a fair amount of the blame... but scientists and those who market their products also are to blame. The usual promotion methods emphasize simplicity, make poor analogies, and always hide all the details. They so rarely tell us how things work, because they think it will be too hard to understand or be frightening (or in the case of Diebold voting boxes, because they simply refuse on proprietary grounds).

The cure for technophobia is more education, not more marketing. People believe what they (think they) understand... they are rightly reluctant to trust blanket assurances from those who have an interest in their compliance or purchases (the government, buisness leaders, and often scientist-enterpreneurs.)

As for the question of IDs... I agree with RbR and 7th Sister that there should be a way to bar or discourage companies and gov't agencies from requesting and obtaining one's personal ID information. But I also agree with USWest that the current SSN system is a poor one and should be improved, probably enhanced by biometrics. These two ideas are complementary, not in opposition.