Social Security Numbering System Leaves Public Vulnerable
Researchers at Carnegie Mellon University have found that statistical techniques can be used to determine an individual's Social Security number, based on the person's birth date and birth location, according to The New York Times. The findings were published in the Proceedings of the National Academy of Sciences on Monday.
The article states that the researchers tested their algorithm on a half million publicly available records in the Social Security Administration's Death Master File. Peter Swire, an Ohio State University law professor who served as the Clinton Administration's chief privacy counselor, is quoted in the article stating, "Social Security numbers are an aging technology, and we have to do serious planning for what will come next."
Although the researchers were only able to identify all nine SSN digits for 8.5 percent of those born after 1988, the article states that the accuracy of the predictions increased for smaller states. For example, the researchers were able "to predict all nine digits for 1 out of 20 Social Security numbers assigned in Delaware in 1996."
The researchers reportedly said that it might be possible for "sophisticated attackers" to reconstruct their methodology.
The article also quotes a response from SSA spokesperson Mark Lassiter:
"The method by which Social Security assigns numbers has been a matter of public record for years. The suggestion that Mr. Acquisti has cracked a code for predicting an S.S.N. is a dramatic exaggeration."
For decades, Mr. Lassiter said, the agency has cautioned the private sector against using the Social Security numbers as a personal identifier. He also said the agency was in the process of creating a random system for assigning numbers, which will be put in place next year.
Here is a link to the SSA's identity theft page.