There’s an idea floating around that a major problem with SSNs is their dual use as identifiers and authenticators. (For example, Jeremy Epstein, “Misunderstanding the risks of SSNs,” in RISKS-24.29) This is correct, but the phraseology leads to people trying to solve the problem by saying “if we just used SSNs as ID numbers, and made them all public, we’d be fine.”
This is dangerously seductive and wrong.
- They’re too short: 30% of all possible SSNs have been issued.
- They lack a check digit. Between these two, you should never design an identifier like this, because any keying error is acceptable, and likely to affect a two people.
- They’re externally issued. This one is a little subtler, and I will argue by analogy. Mastercard and Visa, who understand risk management, make up their own numbers. They do this so that they can control when the numbers change, rather than being controlled. Seems like good database design to me.
- As a design principle, compartmentalization adds to resilience. (Kim Cameron had a good post on this, “IBM Researcher Rejects UK Identity Card Scheme.”)
Not only is the SSN a poor identifier, but the use of the SSN as an authenticator will end up living on, even if we published them all, as Pete Lindstrom has suggested. What Lindstrom hopes is to stop the use of SSNs as authenticators, but that’s not done by publicizing them. If we want to stop the use of SSNs as authenticators, we could pass a law to do that. So why not work for that law, rather than one we hope will cause the courts to impose negligence penalties in accordance with our hopes?
Related to the resilience of a system, national ID numbers are inimicable to liberty. The English understood that what a government wants to control, it must first enumerate, and called the enumeration “The Doomsday Book.”
So, using the SSN as “just an identifier” is a bad idea. Publishing a list of them is a baroque and convoluted way to reach a useful goal, although it has great value as a publicity stunt.
(Lee Harvey Oswald’s SSN card via “Examination of Handwriting and Fingerprint Evidence” report to the Select Committee on Assassinations. Note the useful identifier.)