Researchers have found that it is possible to guess many -- if not all -- of the nine digits in an individual's Social Security number using publicly available information, a finding they say compromises the security of one of the most widely used consumer identifiers in the United States.
Many numbers could be guessed at by simply knowing a person's birth data, the researchers from Carnegie Mellon University said.
The results come as concern grows over identity theft and lawmakers in Washington push legislation that would bar businesses from requiring people to supply their Social Security number when purchasing a good or service.
"Our work shows that Social Security numbers are compromised as authentication devices, because if they are predictable from public data, then they cannot be considered sensitive," said Alessandro Acquisti, assistant professor of information technology and public policy at Carnegie Mellon University, and a co-author of the study.
A Social Security Administration spokesman said the government has long cautioned the private sector against using a Social Security number as a personal identifier, even as it insists "there is no fool proof method for predicting a person's Social Security Number."
"For reasons unrelated to this report, the agency has been developing a system to randomly assign SSNs," which should make it more difficult to discover numbers in the future, Mark Lassiter, a spokesman for the Social Security Administration, said by e-mail.
Introduced in the 1930s as a way to track individuals for taxation purposes, Social Security numbers were never designed to be used for authentication. Over time, however, private and public institutions began keeping tabs on consumers using the numbers, requiring people to present them as proof of identity, such as when applying for loans, new employment, or health insurance.
No comments:
Post a Comment