U.S. birthplace and birthdate public and associated? Save against Carnegie-Mellon University.
Failure exposes the first five digits of the Social Security number. From NetworkWorld:The study comes from Carnegie Mellon University's Alessandro Acquisti, an assistant professor of information technology and public policy, and Ralph Gross, a postdoctoral researcher.
....
The algorithm, which the authors did not detail, successfully ascertained the first five digits for 44 percent of the records in the Death Master File for people born between 1989 to 2003. The complete SSN could be picked out for 8.5 percent of those people in under 1,000 attempts. [zaimoni: Worse than random chance or adequate pseudorandom number generator (~9.5% by rote calculation).]
....
In 1989, the agency stated a program called Enumeration at Birth, assigning SSNs to newborns as part of the birth certification process. The changes, however, increased the correlation between a person's birth date and all nine digits of a SSN, especially for people in less populated states, making SSNs easier to discover, the researchers wrote.
Unfortunately, the identity-verification services used in issuing credit cards, etc. aren't that finicky about repeat attempts.
....
The algorithm, which the authors did not detail, successfully ascertained the first five digits for 44 percent of the records in the Death Master File for people born between 1989 to 2003. The complete SSN could be picked out for 8.5 percent of those people in under 1,000 attempts. [zaimoni: Worse than random chance or adequate pseudorandom number generator (~9.5% by rote calculation).]
....
In 1989, the agency stated a program called Enumeration at Birth, assigning SSNs to newborns as part of the birth certification process. The changes, however, increased the correlation between a person's birth date and all nine digits of a SSN, especially for people in less populated states, making SSNs easier to discover, the researchers wrote.
Unfortunately, the identity-verification services used in issuing credit cards, etc. aren't that finicky about repeat attempts.