What's So Secure About Social Security Numbers?

A Social Security Number (SSN) is essential to employment, to pay taxes, to even get a drivers license. But how secure is all the information connected to that number? In the move to a paperless society, those SSNs are put into databases and held on servers around the globe. With other personal information tacked to them, they are attractive targets for a hacker or a laptop thief.

With the latest SSN and personal data thefts, the privacy of citizens is at issue, and identity theft cases are becoming high profile. On June 9th the Georgia Merit System announced that a file was hacked which contained the names, SSNs and locations of 12,000 active Georgia state employees. Although officials are unsure if information was downloaded, the point is that the information was accessed.

Like the recent theft of information on U.S. military personnel and families, the Department of Energy announced on June 11th that the names, SSNs, birthdates and phone numbers of 4,000 employees was found in a home in Washington state during an unrelated police investigation. It is unclear how this list came to be in the home, and investigations are still under way.

According to Gartner "it [is] clear that Social Security numbers can no longer be relied on as proof of identity." The fact is that SSNs are used for many everyday purposes, and the security of databases containing them is not reliable. Perhaps it is time to upgrade our technology.

There are several options. One being the Smart Card. This card is designed with a chip which can be loaded with the necessary personal information, and then read by authorized scanners. As with any new technology there is still some controversy. The proximity style smart card requires that the card is only in close range of a scanner, begging the question of who might be reading the signal. But the contact style card, which is inserted into a scanner in much the same way as an ATM, is seen as a more secure form.

Smart cards are beginning to be used in the medical industry in Europe, primarily Germany. At the May Government Technology Conference in Sacramento, Tommy Thompson, former Wisconsin Governor and former Secretary of Health and Human Services, spoke about the use of these cards to hold vital health information. "The technology is there, we should have it" he said while showing a card which contained his personal medical information.

Such cards could securely hold personal information while also verifying identification. Of course, cards can be lost or stolen, but can be replaced without the loss of data on thousands of individuals. Smart cards could also have multiple applications such as credit, driving, passports, medical and more.

US VISIT kiosks employ biometric identification
Photo: Wayne Hanson
Another option is the development of biometrics. To many, face imaging, iris scans and voice recognition may seem like a step into the pages of a science fiction novel, but these technologies are under development, and in some cases have been developed for some high-security applications. For example, the Department of Homeland Security uses biometrics in the form of digital finger scans and photos for its US VISIT program. And California requires both a thumbprint and a SSN to apply for a drivers license.

Americans once carried their SSNs on printed cards in their wallets or purses, and information was kept in paper files. Citizens have allowed their personal information to be digitized and collected in centralized databases. While multiple benefits have resulted from digitization, it is the responsibility of the government and private sector to be responsible gatekeepers. New technologies have created the problem of identity theft, and newer technologies offer possible solutions.
KW