Social Security is deeply flawed, and will ultimately go bankrupt… but that’s a problem for “future us” to deal with.
Today’s problem is that with very limited information (birth date, and the state in which one was born), researchers from Carnegie Mellon University were able to correctly guess the first five digits of their sample’s Social Security numbers in two guesses, with 60 percent accuracy (boingboing).
It’s not a far leap to imagine a botnet (malware infected computers that are having resources sapped, and redirected towards the goals of the malware creator’s goals) applying for instant credit cards.
As a first step, the researchers suggest that the Social Security Administration start randomizing the assignment of SSNs. But randomization is only a Band-Aid™*, Acquisti said.
“It can buy us more time, but it isn’t going to change the underlying problem,” he said. “These numbers are supposed to be secret, but your bank has it, your insurance company has it, even your doctor has it. As long as we rely on numbers that are used as both identifiers and authenticators, then we are a system that remains insecure” (Wired).
Even if the Social Security Administration starts randomizing new numbers tomorrow morning, it won’t do a damn thing to address the millions of citizens with non-randomized numbers.
I don’t have a single idea to remedy this problem on a societal level, but someone needs to figure out a solution.
In the mean time, I will research how individuals can protect themselves and report back when I have some answers.
For those keeping score at home, this is yet another big loss for government bureaucracy.
* The “TM” was not originally part of Wired’s article. You’re welcome Johnson & Johnson.