According to Wired magazine, computer scientists from Carnegie Mellon University discovered distinct patterns in how Social Securty Numbers (SSNs) are assignedby by analyzing a public data set called the “Death Master File,” which contains SSNs and birth information for people who have died. In many cases, knowing the date and state of an individual’s birth was enough to predict a person’s SSN.
“I have long argued that Congress or the Federal Trade Commission should prohibit companies from using SSNs as a means to verify identity,” Daniel J. Solove, professor of law at George Washington University Law School, wrote in an e-mail. “Merely protecting against their disclosure is insufficient since [the Carnegie Mellon scientists] demonstrate that they can readily be predicted.”
As a first step, the researchers suggest that the Social Security Administration start randomizing the assignment of SSNs.
“It can buy us more time, but it isn’t going to change the underlying problem,” one of the researchers said. “These numbers are supposed to be secret, but your bank has it, your insurance company has it, even your doctor has it. As long as we rely on numbers that are used as both identifiers and authenticators, then we have a system that remains insecure.”
Click HERE for further details.
Monday, July 06, 2009
Subscribe to:
Post Comments (Atom)
Posts
1 comment:
Well this is pretty scary.
Post a Comment