CRS Weekly Report: The Social Security Number
Thursday, July 9th, 2009The Congressional Research Service is a $100 million a year think tank that researches and writes informative and non-partisan reports on topics suggested by members of Congress. The catch–and the reason you might not have read their work–is that CRS reports are only made easily available to members of Congress. Citizens can request these reports from lawmakers, but without a public index, they can’t request something they don’t know exists. The CRS Reports currently rank first on CDT’s Most Wanted Government Documents. In an ongoing effort liberate these documents, CDT runs Open CRS, an online repository of public CRS Reports. To spotlight these reports, I will be writing “CRS Report of the Week” posts and feature a relevant report each week. These reports are informative in both that they serve as excellent primers to political issues and that they offer a degree of insight into what information is circulating around Congress.
The Social Security Number: Legal Developments Affecting Its Collection, Disclosure, and Confidentiality
#RL30318
October 2nd, 2008
It is well known that Social Security Numbers (SSNs) should not be used as authenticators. A new study demonstrating the ease with which SSNs can be predicted serves as further evidence to this fact. Simply put, SSNs weren’t designed to be authenticators. The problem with SSNs is that they have become both the de facto national identifier and authenticator for private industry. This is analogous to using your name (an identifier) as your password (an authenticator). Identifiers are simply a reference to who you are and, thus, are often public. Authenticators, on the other hand, are used to prove identity, and should not be known publicly. These dual uses of SSNs as identifiers and authenticators has worried identity experts for some time because of this difference in security levels. The new research steps over those concerns and suggest that SSNs should never be used as authenticators not just because of the risk an individual’s SSN might be disclosed, but because SSNs are predictable based upon publicly available information. Ultimately, it does not matter how vigilant one is in protecting his or her SSN. It can easily be discovered.


