Make us your home page
Instagram

Today’s top headlines delivered to you daily.

(View our Privacy Policy)

Security wasn't really part of the plan

In a paper published this month, two Carnegie Mellon professors unveiled a method for cracking the code of Social Security numbers. Given a person's birth date and the state where he or she was born along with public records of deceased people born around the same time, the researchers wrote an algorithm that predicted a person's SSN with startling accuracy.

The biggest question raised by their paper isn't how our country came to rely on such an insecure identification system. The mystery is how it took so long for anyone to break such a ridiculously elementary system.

Social Security numbers were never designed to be secure. When SSNs came into existence 75 years ago, they had one and only one purpose: to keep track of contributions to the federal pension system. When Congress established the program in 1935, it started issuing cards with unique nine-digit numbers.

The numbers were derived using a simple formula. The first three digits, called the "area number," refer to the state where the card was issued. The fourth and fifth digits, the "group number," are assigned in a predetermined order to divide the applicants into arbitrary groups. The last four digits, the "serial number," are assigned sequentially, from 0001 to 9999 in each group.

Ten years after the SSN debuted, the feds added a clarification to the card in capital letters: "FOR SOCIAL SECURITY PURPOSES — NOT FOR IDENTIFICATION." By that point, it was already too late. Three years earlier, President Franklin Roosevelt had issued an executive order allowing other federal agencies to use SSNs rather than launch their own systems. Within 20 years, the IRS, the Civil Service Commission, and the military were all using the numbers to identify people.

Social Security numbers haven't evolved much since those early days, but the techniques for exploiting them have. The Social Security Administration's Web site is happy to tell you which three-digit codes belong to which states and in what order the group numbers are assigned. The Carnegie Mellon researchers simply determined that if you know when and where a person was born — info that many of us readily supply on Facebook — you can narrow down her possible Social Security number to a fairly small range. (Studying existing government records, like the list of dead people's SSNs in the Death Master File, gave the researchers additional clues about when exactly specific states assigned specific numbers.)

The system works particularly well for people born in small states, which have only a few possible area numbers. (For example, Wyoming natives are very likely to have Social Security numbers that start with 520.) The odds of guessing someone's number on the dot are still low — about 1 percent on average for more recent births, but up to 10 percent in small states. Even the lower figures, however, are plenty large enough to steal a lot of real identities if you use a small network of computers to try out lots of possibilities.

Now that SSNs are used on our driver's licenses, tax returns and bank statements, we have the worst of all possible worlds: Numbers that were never intended to be secure are being used to secure our most valuable information. Because many companies also use Social Security numbers as a password to get into your account, swiping the number from a license or a student ID card gives a person all sorts of access to your life.

One reason that Social Security numbers are so fouled up is that they're used as both identifiers — a way to keep track of which Joseph Smith you are — and as authenticators — a way for your cell phone carrier to verify that you are, in fact, Joseph Smith when you call to change your plan.

Alessandro Acquisti, the lead author on the recent SSN-cracking paper, makes an analogy to phone numbers. Your number, which you're generally comfortable sharing with friends and colleagues, is a way of identifying you. The PIN number you punch in when you dial in to your voice mail is a way of authenticating that you're the owner of that number. No rational person, of course, would choose a PIN number that's the same as their phone number. But that's the way Social Security numbers work.

So what should we do to fix this?

One avenue would be to replace Social Security numbers with national IDs that are much harder to crack. (Many European countries have some form of national identification number.) An ideal system would have no obvious formula based on place or date of birth.

While there are plenty of ways to increase security—for example, having an authentication number that's separate from your SSN, the way many credit cards now do — most people will tell you this isn't a good solution. Any system is likely to be cracked if the incentive is high enough, and an official national ID would potentially be a single point of failure if someone gets a copy of your number. And as groups like the Electronic Privacy Information Center frequently point out, the public tends to oppose the idea of a national ID, making the prospect of such a system unlikely.

The simplest way to improve upon SSNs would be to diversify the way we identify ourselves. If we started using different ID numbers for different things, you wouldn't be able to take out a line of credit in my name if you stole my driver's license. Creating a bunch of unique IDs, though, leads to a contradiction between two sacred American rights: the Right to Privacy and the Right To Not Having To Remember 100 Different Numbers. The harder it is for people to manage their information, the less likely they are to log in to secure systems — bad for e-commerce — and the more likely they are to do things like write their security code on a Post-it note stuck to their computer monitor.

That's a good start, but the better SSN solutions are technical. Cryptologists long ago developed efficient ways to encode information such that only the intended recipient can decode them, a system known as public key encryption. Many e-commerce transactions work this way, with the browser and the vendor exchanging "certificates" to prove their authenticity to the other.

There is, admittedly, no simple way to adapt this system for human interactions in which you're reading your number to an offshore customer service representative. Some studies have examined how to protect personal IDs in places like health care databases, but there is not yet a clear solution that uses this approach in a variety of contexts. In the foreseeable future, the best solution is the same one that worked in 1935: Use Social Security numbers for Social Security, and use different numbers for other things. And, for the millionth time, don't stick a Post-it on your monitor.

Chris Wilson is an assistant editor at Slate in Washington.

Security wasn't really part of the plan 07/25/09 [Last modified: Saturday, July 25, 2009 4:30am]
Photo reprints | Article reprints

    

Join the discussion: Click to view comments, add yours

Loading...
  1. No. 16 USF hangs on at Tulane, off to first 7-0 start

    College

    NEW ORLEANS — After half a season of mismatches, USF found itself in a grudge match Saturday night.

    USF quarterback Quinton Flowers (9) runs for a touchdown against Tulane during the first half of an NCAA college football game in New Orleans, La., Saturday, Oct. 21, 2017. (AP Photo/Derick E. Hingle) LADH103
  2. Lightning buries Penguins (w/video)

    Lightning Strikes

    TAMPA — Those wide-open, end-to-end, shoot-at-will games are a lot of fun to watch, especially when those shots are going in the net. But if the players had their druthers, they would rather have a more controlled pace, one with which they can dictate the action.

    Tampa Bay Lightning defenseman Slater Koekkoek (29) advances the puck through the neutral zone during the first period of Saturday???‚??„?s (10/21/17) game between the Tampa Bay Lightning and the Pittsburgh Penguins at Amalie Arena in Tampa.
  3. Spain planning to strip Catalonia of its autonomy

    World

    BARCELONA, Spain — The escalating confrontation over Catalonia's independence drive took its most serious turn Saturday as Prime Minister Mariano Rajoy of Spain announced he would remove the leadership of the restive region and initiate a process of direct rule by the central government in Madrid.

    Demonstrators in Barcelona protest the decision to take control of Catalonia to derail the independence movement.
  4. Funeral held for soldier at center of political war of words (w/video)

    Nation

    COOPER CITY — Mourners remembered not only a U.S. soldier whose combat death in Africa led to a political fight between President Donald Trump and a Florida congresswoman but his three comrades who died with him.

    The casket of Sgt. La David T. Johnson of Miami Gardens, who was killed in an ambush in Niger. is wheeled out after a viewing at the Christ The Rock Church, Friday, Oct. 20, 2017  in Cooper City, Fla. (Pedro Portal/Miami Herald via AP) FLMIH102
  5. Chemical industry insider now shapes EPA policy

    Nation

    WASHINGTON — For years, the Environmental Protection Agency has struggled to prevent an ingredient once used in stain-resistant carpets and nonstick pans from contaminating drinking water.

    This is the Dow chemical plant near Freeport, Texas. Before the 2016 election, Dow had been in talks with the EPA to phase out the pesticide chlorpyrifos, which is blamed for disabilities in children. Dow is no longer willing to compromise.