U.S. CitiesCity-Data Forum Index
Go Back   City-Data Forum > General Forums > Science and Technology > Internet
 [Register]
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
View detailed profile (Advanced) or search
site with Google Custom Search

Search Forums  (Advanced)
 
Old 08-20-2011, 02:13 PM
 
Location: Olympus Mons, Mars
5,970 posts, read 8,850,829 times
Reputation: 6192

Advertisements

as a former victim of ID theft several years ago I should've been more careful but...here is the deal...

I am on vacation now in the boonies. A few days ago I interviewed by phone and got a job starting when I return, which is great right! so... this recruiter has been pressuring me to start the paperwork asap, and needed my full SS. Tried calling him to see if I could do it over the phone but just couldn't reach him. The weather also has been very severe here so that makes it difficult to go to a booth and make calls, the phones are also in and out etc. As luck would have it the only fax machine I found in this little town is out of order the only thing functional was my internet connection and since I will be gone on a trek for an entire week, the guy needed the info before and not knowing if my net is also going to go offline I just emailed the SS to him...arrgg

As a computer guy I know exactly who gets to see this data and I also know that it is probably going to be archived as part of some server backup but I also know that the risk is very small compared to other ways SSNs are compromised. For instance, MAIL is one of the problems...usually chock full of account numbers, SSNs, credit cards and everything else imaginable that anyone who can pick a lock has access to! This is how my ID was stolen the last time, through regular mail.

here is the interesting thing... once you give your SSN to a 3rd party (especially smaller places like mortgage brokerages, car dealerships etc.) there is no way to know how that data is held. There is nothing stopping them from exchanging the number with their partners for legitimate purposes by plain old insecure email and from what I've heard this is quite common.

The whole system is broken because just using very public pieces of readily available information (Name, SSN, DOB, DL# etc.) one can pretty much obtain mortgages, lines of credit etc. which is just insane. And because the SSN is not something that is uniquely private to you (since you share it with other people you do business with) it really cannot and should never be used by itself to authenticate a transaction.

I read a good article about separation of identification and authentication... the SSN currently plays both roles while it should only play the role of identification. Authentication should always be private and never revealed to anyone. To participate in any legally binding and enforceable contract identification should be followed by private authentication.

The authentication system that ties into the SSN system does not exist yet...but it's about time that it be created since ID thieves are having a field day!

Please do not e-mail my social security number - Jesper's Blog

HowStuffWorks "SSN Problems"

Last edited by k374; 08-20-2011 at 02:25 PM..
Reply With Quote Quick reply to this message

 
Old 08-20-2011, 04:11 PM
 
13,072 posts, read 11,575,083 times
Reputation: 2608
A variation of the Public Key Infrastructure would solve this problem quite easily. It would remove the need for third parties to actually have the original number and would only have a hash value + a public key for validation which would be useless outside of the original verification scheme. No more SSI numbers floating around.
Reply With Quote Quick reply to this message
Reply
Please update this thread with any new information or opinions. This open thread is still read by thousands of people, so we encourage all additional points of view.

Quick Reply
Message:

Over $104,000 in prizes was already given out to active posters on our forum and additional giveaways are planned!

Go Back   City-Data Forum > General Forums > Science and Technology > Internet
Similar Threads
Follow City-Data.com founder on our Forum or

All times are GMT -6. The time now is 06:31 AM.

© 2005-2019, Advameg, Inc. · Please obey Forum Rules · Terms of Use and Privacy Policy · Bug Bounty

City-Data.com - Archive 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35 - Top