Passwords and Social Insecurity
Why do private companies treat your social security number like a personal ID number? The government doesn't do this: the only federal paper that will have your SSN on it is your Social Security Card. It does not appear on your passport, your drivers license, or your birth certificate. and yet, the last 4 digits of your SSN is the default PIN for
( Read more... )
2) "When social security was created" isn't a great argument for something, because social security is a moronic pyramid scheme. Sounds like the Republican argument about "When this country was created" while trying to defend composition of church and state. (state $\cdot$ church). Or slavery.
3) The government puts your SSN all over everything internal. It's on your tax returns (those go through the mail, too), for instance. Do you have a copy of a tax return in your house? Your parents' house? Your accountant's office? Every job application, and most other forms of paperwork are required to use it by law (they have to verify citizenship and provide your tax ID). It's on your Driver's License application. They also use it as your four-digit pin in many cases, such as when swiping your NSA badge while moving between buildings. Because people can't see you type your pin into a keypad while you're in a long line going into the cafeteria.
4) I think the moral here is to keep your eyes open. It turns out, identity theft just isn't that big a problem any more if you have brains. Basically all banks and credit cards have policies that protect you from it, and if yours don't I'd look into switching.
Your information is everywhere. No amount of complaining is going to get that cleaned up, because you're still going to end up e.g. applying to grad schools that leave your personal information in Google's cache (me). Also, play with numrange: sometime on Google and see how many credit card numbers you can find. It's kinda absurd.
I just did a little experiment, and with a little creativity, some web services, and multiple search engines, given only the information on my driver's license I can recover nearly everything needed to apply for a bank account in my name. I'm fairly certain that with < $500 I could join some of those online information collection sites like you see advertused on whitepages.com and get all of it.
The bottom line is that the thieves go for the easy targets. The ones who type all of their personal, bank, and security information into a web form that looks like ebay.com. The ones whose wallet they find or who throw out a box of checks without destroying them. Go make a purchase on Amazon without SSL and see the complete lack of theft that results.
It's just like your PC. (I believe that) There are vulnerabilities for whatever OS you're using that are known to hackers and not to Micro$oft/Apple/Torvalds/etc, or maybe they are known but still unpatched like M$ seems to be going for nowadays. Are you going to get hacked and get all your information stolen? It's unlikely because you're not a target someone would dedicate the time to break - they'll go for the people that execute email attachments instead.
Or someone at VA services could just lose a laptop with your information on it instead.
Reply
So everybody started using it, because it was easy. The fact that it has something to do with social security is tangential, really; it's just a UID.
Luckily, there is legal recourse for identity theft, unlike computer security, where it is (usually) roughly impossible to catch the bad guy.
My Dad points out that it could be that you checked a box somewhere that signed you up for a credit card implicity; overdraft protection, various other things...
Reply
I'm almost positive I didn't do anything to get this card; before this morning I hadn't actually been to a bank in months, except to get a cashier's check for the down payment on the apartment. If I checked some box several years ago, the card is a bit late getting here...
I guess at least part of it is that I've always thought that identity theft happened to people who weren't careful about stuff like this and used the same password on every website, people who buy stuff from spam advertisements, and who fall for phishing schemes. Reading how easy it was for Dan to find his own information in publicly accessible places (even outside of the whole grad school application thing, over which I hope someone was severely chastised, if not fired) and realizing that even if you're careful this information isn't in the least secure is a bit of a kick in the teeth for me.
Reply
It shall be unlawful for any Federal, State or local government agency to deny to any individual any right, benefit, or privilege provided by law because of such individual's refusal to disclose his social security account number [except for laws Congress may pass in the future that explicitly talk about SSN use].
I have always thought that I could get a drivers lisence, file my tax returns, etc. without giving anyone my SSN, so long as I was willing to stick to my guns and go through a bit of a hassle. Hearing otherwise makes me even more uneasy---there are a lot of underlings in the government that I don't think are trustworthy enough to handle everyone's personal information (just as in the Veteran's Affairs mishap you mentioned).
Otherwise, you make some excellent points.
Reply
Leave a comment