{"id":731,"date":"2009-07-07T09:43:44","date_gmt":"2009-07-07T07:43:44","guid":{"rendered":"http:\/\/www.ofcourseimright.com\/?p=731"},"modified":"2009-07-07T09:43:44","modified_gmt":"2009-07-07T07:43:44","slug":"new-research-social-security-numbers-ssn-are-entirely-predictable","status":"publish","type":"post","link":"https:\/\/ofcourseimright.com\/?p=731","title":{"rendered":"New Research: Social Security Numbers (SSN) are Entirely Predictable"},"content":{"rendered":"<p><a href=\"http:\/\/www.pnas.org\/content\/early\/2009\/07\/02\/0904891106.full.pdf+html\"><img loading=\"lazy\" decoding=\"async\" class=\"alignright size-full wp-image-26\" title=\"Cybercrime\" src=\"http:\/\/www.ofcourseimright.com\/blog\/wp-content\/uploads\/2008\/06\/cybercrime.jpg\" alt=\"Cybercrime\" width=\"96\" height=\"132\" \/>New research<\/a> published in yesterday&#8217;s Proceedings of the National Acadamy of Sciences has dramatic implications for Americans and identity theft.\u00a0 Alessandro Acquisti is an Associate Professor of Information Technology and Public Policy at Heinz College of Carnegie Mellon.\u00a0 He has spent the better part of two years with his colleague Ralph Gross, looking at social security numbers as both identifier and authenticator, something we have all known was a bad combination.\u00a0 Professor Acquisti demonstrates just how bad of an idea it has been in the last twenty years.\u00a0 In that time there have been two significant policy changes that have made numbers extremely predictable based on two pieces of information:<\/p>\n<ul>\n<li>birth city<\/li>\n<li>date of birth<\/li>\n<\/ul>\n<p>The policy changes involve release of something known as the Death Master File (DMF), which was intended to prevent someone from expropriating a dead person&#8217;s identity, and the Enumeration at Birth (EAB) initiative, which has had the effect of allocating SSNs shortly after birth.\u00a0 These combined with the facts that SSNs have structure based on location, and that the less significant components are serialized in allocation, and it makes for a predictable SSN.<\/p>\n<p>This gets worse.\u00a0 While it may be possible to fix this problem for future generations that use SSNs, either by randomizing all or lesser components, or by not filing applications upon birth, the millions of people who have assignments in this time period are in an extremely difficult spot, because the workaround is a change of number.\u00a0 This argues for a new form of identity that separates authentication and identity, but the effort to do so requires that the finance, education, and medical sectors (not to mention government)\u00a0 change their means of identifying individuals.\u00a0 This will be no easy task.<\/p>\n<p>This research is a remarkable piece of work by Professor Acquisti and his colleagues.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>New research published in yesterday&#8217;s Proceedings of the National Acadamy of Sciences has dramatic implications for Americans and identity theft.\u00a0 Alessandro Acquisti is an Associate Professor of Information Technology and Public Policy at Heinz College of Carnegie Mellon.\u00a0 He has spent the better part of two years with his colleague Ralph Gross, looking at social &hellip; <a href=\"https:\/\/ofcourseimright.com\/?p=731\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;New Research: Social Security Numbers (SSN) are Entirely Predictable&#8221;<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[50,11,4,9],"tags":[38,255],"class_list":["post-731","post","type-post","status-publish","format-standard","hentry","category-complexity","category-internet-consumer-identity","category-politics","category-security","tag-identity","tag-ssns"],"_links":{"self":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/731","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=731"}],"version-history":[{"count":4,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/731\/revisions"}],"predecessor-version":[{"id":735,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/731\/revisions\/735"}],"wp:attachment":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=731"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=731"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=731"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}