inc-student - [InC-Student] Re: [MACE-Dir] Why so much effort to minimize use of SSNs in the US?

Subject: InCommon Federation Discussions About Online Student Services

List archive

[InC-Student] Re: [MACE-Dir] Why so much effort to minimize use of SSNs in the US?

From: Brendan Bellina <>
To: Keith Hazelton <>
Cc: mace-dir <>, "Net@EDU Identity Management Working Group Discussion list" <>, InC-Student <>
Subject: [InC-Student] Re: [MACE-Dir] Why so much effort to minimize use of SSNs in the US?
Date: Mon, 10 Jan 2011 07:27:09 -0800

It seems to me that it is always bad practice to make public your internal unique identifier. The SSN is essentially the federal government's unique identifier for benefits and income tax. People share phone numbers, addresses, birth dates, and names, so the SSN is the unique key.

Financial and educational systems the government does not have direct control over started using the SSN as their own identifier for various purposes, including identification, treating it as a shared secret, even though it is not. As a result the government lost control of their own identifier. They cannot modify it, add a check digit, make it alphanumeric, change its length, without breaking the financial and educational systems. Too late once the cat is out of the bag.

As a result they started an effort to eliminate its use in non-government run systems. I think they are trying to get control of it again so that they have the option back of altering it.

Considering the harm these days that can be done by having someone's name, date of birth, and SSN, the fewer systems that store that set of information the better.

Regards,

Brendan

On Jan 10, 2011, at 4:47 AM, Keith Hazelton <> wrote:

I'm asking for a range of answers to the question "Why have we in the US spent so much time and resource into getting the SSN out of our systems and data files?" I have recently seen opinions that it's really only because the SSN was used as part of an authentication solution. It may seem obvious to some that there is more to it, but I'm asking you to state the various concerns that led us to push back so hard on their widespread use.

Why? High-energy discussions around person identifiers are swirling around the US again. A new push from several quarters for a "globally unique, persistent and portable identifier" is driving the discussion. This is often jokingly introduced as "The SSN was perfect, but we can't use that, so..."

Help enrich the discussion by contributing your answers. One place this will surface is on the InCommon, Internet2 and Educause-sponsored "IAM Online" series this Wednesday, Jan. 12 at 3:00 pm Eastern Standard Time, "A Panel Discussion about Persistent Identifiers for Education" (see http://www.incommon.org/iamonline/ for details).

[InC-Student] Why so much effort to minimize use of SSNs in the US?, Keith Hazelton, 01/10/2011
- RE: [InC-Student] Why so much effort to minimize use of SSNs in the US?, John C Borne, 01/10/2011
- [InC-Student] Re: [MACE-Dir] Why so much effort to minimize use of SSNs in the US?, Brendan Bellina, 01/10/2011
- RE: [InC-Student] Why so much effort to minimize use of SSNs in the US?, Rodney Petersen, 01/11/2011
  - Re: [InC-Student] Why so much effort to minimize use of SSNs in the US?, Brendan Bellina, 01/24/2011

List archive

[InC-Student] Re: [MACE-Dir] Why so much effort to minimize use of SSNs in the US?