Please do not e-mail my social security number

re: Please do not e-mail my social security number

steve — Thu, 12 Mar 2009 13:21:57 GMT

hi, what if you already emailed your ss # to a lawyer who requested it. What can you do to see if your # has been comprimised?

re: Please do not e-mail my social security number

DmitryK — Mon, 09 Mar 2009 02:33:56 GMT

in regards to not reporting payments of less than $600: surely this can be bypassed by spreading the whole sum in $599 chunks across multiple days (and/or multiple people)?

re: Please do not e-mail my social security number

Mike — Tue, 10 Feb 2009 17:29:13 GMT

I work for the US Dept. of Defense. They don't use your SSN, they use your employee ID number. Anyone want to guess what that is?

re: Please do not e-mail my social security number

Don — Fri, 30 Jan 2009 21:42:28 GMT

Publishing SSNs does not remove their value. It enhances it.

re: Please do not e-mail my social security number

ameyer — Fri, 30 Jan 2009 20:11:21 GMT

I suspect that the reason the credit card breaches get far more media attention is because those breaches cause a direct and imediate cost to the credit card companies. Identity theft however tends to hit the little guy much harder, the person who's identity has been stolen tends to incure the greater cost.

The credit card companies tend to be less forgiving of debts incured in your name by a breach of your personal information then by a breach caused by a breach in the chain of a legitimate transaction, for which they hold the liabality.

When your identity has been stolen they can claim that they entered into the agreement in good faith based on what they believed to be legitimate information suposedly validated by the government.

re: Please do not e-mail my social security number

Jeff Martin — Fri, 30 Jan 2009 16:47:37 GMT

I have to agree that all SSNs should be published to remove any value they might have as an authenticator. All this attention is being paid to a number that lives in thousands of places. Have you ever been to a doctor or hospital? Believe me, I work in health care IT and you have a lot more to worry about from their systems than from an email. It would be child's play to get into almost any hospital's network and steal SSNs, etc.

re: Please do not e-mail my social security number

Don — Fri, 30 Jan 2009 03:18:40 GMT

A 1099 is not required for a payment less than $600. There was mo reason to give them you SSN if the check was less than that.

re: Please do not e-mail my social security number

gbromage — Wed, 28 Jan 2009 22:48:43 GMT

I guess it comes down to what Bruce Schneier has been saying for years - the need to keep Idetification and Authentication as separate things. SSN is good for Identity, but bad as an authenticator.

re: Please do not e-mail my social security number

jesper — Wed, 28 Jan 2009 21:16:40 GMT

The SSN is certainly treated as an authenticator today. By extension, therefore, it is sensitive information. Whether that is a good idea or not is an interesting question.

re: Please do not e-mail my social security number

Michael Dickey — Wed, 28 Jan 2009 21:02:38 GMT

The real question is: "Is your SSN supposed to be private/sensitive information?"

re: Please do not e-mail my social security number

Pete — Wed, 28 Jan 2009 19:48:36 GMT

There are likely about 150,000 - 250,000 people that get "legitimate" access to your SSN over its lifetime to begin with, so the incremental risk associated with this email is pretty small. I say publish all SSNs so we can eliminate the facade of secrecy and move on to a more secure solution for authentication. SSNs are still fine for identification.

re: Please do not e-mail my social security number

Chris — Wed, 28 Jan 2009 07:46:11 GMT

Nice article.

Same sort of thing happens here in California when dealing with Title/Escrow Companies. They ask for all sorts of information to "setup your account" that isn't relevant to their services. And if you have ever been inside a title company you will notice that information security isn't high on their priority list. Filing cabinets all over the place with all sorts of sensitive records.