Security Bytes

Jun 22 2007   4:31PM GMT

Congress warms to the idea of ditching SSNs as identifiers

David Schneier David Schneier Profile: David Schneier

After years of screaming and yelling from privacy advocates, consumer groups and others with some common sense, the Congress is finally coming around to the idea that using Social Security numbers as identifiers is bad. SSNs are used in so many places these days that it may be too late for this to do any good for anyone who’s over the age of three, but it’s worth a try. I’ve been to conferences where they printed attendees’ SSNs on their badges as a “security precaution.” And I’ve also watched security experts sit in the lobby of a conference hotel and sniff the wireless network with a free tool and grab dozens of SSNs as people register for the show. This stuff is not difficult.

As Caron Carlson points out in her story, the federal government not only leaves many SSNs exposed as a matter of course, it also has no standard for how to truncate them. That means some agencies use the first five digits as an identifier, while others use the last four, making it trivial for thieves to put the pieces together. But agencies and some private sector special interest groups are complaining it’s too hard to change to a new identifier. Really? My dental insurance company just did it and it went off without a hitch. Laziness is no longer an acceptable defense for using SSNs.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: