Social insecurity

The theft of a laptop in Minneapolis with 268,000 Social Security numbers confirms the worst fears of privacy advocates who warned us against the growing use of your number as a national identification card.

“They said it was only going to be for the purpose of tracking your Social Security account, and then slowly and quietly it was used for driver’s license records, now you have to give it to your bank, all government agencies use it as the identification number, so the original promise that it was only going to be used for one purpose was one of the great lies to the American people.”

That was 1996, when Evan Hendricks of the Privacy Times newsletter warned us about the insidious nature of the practice.

Back then, the fear was the government’s 1996 Illegal Immigration and Reform Responsibility Act, which requires states to get Social Security numbers from applicants. But far from protecting citizens against illegal immigrants, the practice has led to a privacy sieve, not only by government, but private business.

That was Memorial Blood Center’s faux pax. The blood center, which is sending letters to people whose Social Security numbers were ripped off, but has posted nothing about the privacy breach on its Web site, used the number to identify whether people were eligible to give blood. There was a time when we had a better way of identifying ourselves. We’d give our names.

The American Red Cross, for the record, also requires a Social Security number for identification when donating a pint of your finest. But it says a driver’s license will do. A year ago, its donors suffered the same fate as those who donated through the Minneapolis blood center.

You’re not required to give your Social Security number to private businesses. But they’re not required to provide you with any service if you don’t.

So far, only California has taken steps to significantly reduce the use of a Social Security number as a national ID card.

In the meantime, 268,000 of you are being asked to call your financial institution to head off the possibility your number will be used to access your accounts.

Guess what their first question will be?

  • Mike

    This isn’t the first time personal data has been stolen via a business agency. It’s time to close the vulnerability that has been created by businesses using our social security numbers. And it’s time to punish the hell out of lazy agencies that don’t have measures in place to keep our data private. Million dollar fines for first offenses.

  • http://www.emergentchaos.com/archives/2006/05/the_ssn_is_also_a_poor_id.html Dickens

    Maybe everyone has invested in systems that use SSN as an identifier. The linked article. Assuming the human race has infinite existence, and so far we’ve consumed 30% of all possible SSN’s, when will we run out of options.

  • Sylvia

    Lack of security for unique identifiers that exist for people (name and/or number) is the primary issue. Either bolster that (through huge penalties for lost/stolen information and forced corrective measures) or drop unique identifiers.

    I’m surprised more hasn’t been made over here of the huge information scandal in England. Per one news article: “Government says sorry after data on 25 million Britons disappears in internal mail.” Two computer disks that contained names, addresses, birthdates, national insurance numbers, bank account numbers for almost half the British population were dropped into internal government mail and never arrived. So they’re lost somewhere in processing. This is going to have repercussions for years. You don’t know where the information will end up and how it might be used when it resurfaces. Could it happen here? Of course. What a disaster.