{"id":51730,"date":"2015-07-14T12:03:29","date_gmt":"2015-07-14T18:03:29","guid":{"rendered":"http:\/\/hill-kleerup.org\/blog\/2015\/07\/14\/all-your-ssn-are-belong-to-us.html"},"modified":"2015-07-14T12:03:29","modified_gmt":"2015-07-14T18:03:29","slug":"all-your-ssn-are-belong-to-us","status":"publish","type":"post","link":"https:\/\/hill-kleerup.org\/blog\/2015\/07\/14\/all-your-ssn-are-belong-to-us.html","title":{"rendered":"All Your SSN Are Belong To Us"},"content":{"rendered":"<p>The idea of your Social Security Number being somehow a deep, dark secret password that nobody can ever find out and that therefore should give you permission into all your Super Secret Stuff is &#8230; darkly, bitterly, laughable. It was never intended to be that, and it&#39;s never been protected like that. It is, at best, a convenient way of identifying yourself with a number, akin to your name but with fewer nicknames or questions of middle initial. <\/p>\n<p>Any system that is relying on SSN as a security code, an authenticator (vs simply an identifier), not only needs to be fixed, <i>now,<\/i> but its designers need to be sent to work hand-addressing letters to people whose identities have been stolen, apologizing for their problems, and its owners need to be shamed in the public square. <\/p>\n<p>This is not a new problem. It&#39;s just a problem that&#39;s getting worse.<\/p><\/blockquote>\n<blockquote class=\"sm2wp\"><p>\n<a style='display:inline;' href='http:\/\/www.slate.com\/articles\/technology\/future_tense\/2015\/07\/opm_anthem_data_breaches_show_the_insecurity_of_the_social_security_number.single.html'><br \/>\n<img src='https:\/\/lh5.googleusercontent.com\/proxy\/441A7FTFy_FuW_9SPVmZczGdAbsH-2xsPORMlVMAchY81HIK8LjzLIkSORIaSQPwcxl1g1cC7m8dPUiE1zVbG3DnI11QIZILwCihHQih2QR4Q_fT2UD-llM9OWZnQgwpFEUox6IBzYWPrlIoLlqVgAmrQhmMbh8xLxqR59S09gosSuvDqOz_zRchLskzo0kQQFjzhLlqsVGCo8ZsnN-F6vgnjFgi68eGDS2ZEMZsQgZrOpyF1Tb41fM=w506-h303-p' border='0' style='max-width:650px;'\/><br \/>\n<\/a><br \/>\n<span style='font-size:large;'><a href='http:\/\/www.slate.com\/articles\/technology\/future_tense\/2015\/07\/opm_anthem_data_breaches_show_the_insecurity_of_the_social_security_number.single.html'>Hackers Love It That Americans Use Their Social Security Numbers for Everything<\/a><\/span><br \/>\nIn both the Anthem insurance hack and the two Office of Personnel Management hacks this year, attackers gained access to Social Security numbers, affecting 80 million and more than 22 million people respectively. The total between the two is probably less than 102 million (if some people were exposed by&#8230;\n<\/p><\/blockquote>\n<p><span style='font-size:small;'><a href='https:\/\/plus.google.com\/+DaveHill47\/posts\/Vx7z4jLqviz'>View on Google+<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The idea of your Social Security Number being somehow a deep, dark secret password that nobody can ever find out and that therefore should give you permission into all your Super Secret Stuff is &#8230; darkly, bitterly, laughable. It was never intended to be that, and it&#39;s never been protected like that. It is, at &hellip; <a href=\"https:\/\/hill-kleerup.org\/blog\/2015\/07\/14\/all-your-ssn-are-belong-to-us.html\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;All Your SSN Are Belong To Us&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_seopress_robots_follow":"","_seopress_robots_imageindex":"","_seopress_robots_snippet":"","_seopress_robots_primary_cat":"","_seopress_robots_breadcrumbs":"","_seopress_robots_freeze_modified_date":"","_seopress_robots_custom_modified_date":"","_seopress_robots_canonical":"","_seopress_social_fb_title":"","_seopress_social_fb_desc":"","_seopress_social_fb_img":"","_seopress_social_fb_img_attachment_id":0,"_seopress_social_fb_img_width":0,"_seopress_social_fb_img_height":0,"_seopress_social_twitter_title":"","_seopress_social_twitter_desc":"","_seopress_social_twitter_img":"","_seopress_social_twitter_img_attachment_id":0,"_seopress_social_twitter_img_width":0,"_seopress_social_twitter_img_height":0,"_seopress_redirections_value":"","_seopress_redirections_enabled":"","_seopress_redirections_enabled_regex":"","_seopress_redirections_logged_status":"","_seopress_redirections_param":"","_seopress_redirections_type":0,"_seopress_analysis_target_kw":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[106],"tags":[],"class_list":["post-51730","post","type-post","status-publish","format-standard","hentry","category-plusposts"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":134736,"url":"https:\/\/hill-kleerup.org\/blog\/2017\/09\/18\/social-security-numbers-broken-alternative.html","url_meta":{"origin":51730,"position":0},"title":"Social Security Numbers are broken. What is the alternative?","author":"***Dave","date":"Mon 18-Sep-17 11:41am","format":false,"excerpt":"We are increasingly a data-driven world. There are electronic records about us everywhere, and we rely on them in a thousand different ways to identify us. But anyone who's ever worked with a system that tries to reliably and consistently identify people knows that it's a problem. What identifier is\u2026","rel":"","context":"In &quot;~PlusPosts&quot;","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/hill-kleerup.org\/blog\/wp\/wp-content\/uploads\/2017\/09\/Equifax-HQ.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":128037,"url":"https:\/\/hill-kleerup.org\/blog\/2015\/09\/17\/if-you-need-further-proof-that-the-social-security-number-is-not-a-security-code.html","url_meta":{"origin":51730,"position":1},"title":"If you need further proof that the Social Security Number is not a security code","author":"***Dave","date":"Thu 17-Sep-15 6:43pm","format":false,"excerpt":"So one interesting thing I've learned from my foray into the world of Unemployment Insurance is that Colorado uses the SSN as your userid and identifier for pretty much everything (actually, use for unemployment claims was part of the original usage of the Social Security Card. Though they make some\u2026","rel":"","context":"In &quot;~PlusPosts&quot;","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/hill-kleerup.org\/blog\/wp\/wp-content\/uploads\/2015\/09\/Edward-Elmer-Heber-Social-Security-Card-Back5B15D.jpgimgmax%3D660.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/hill-kleerup.org\/blog\/wp\/wp-content\/uploads\/2015\/09\/Edward-Elmer-Heber-Social-Security-Card-Back5B15D.jpgimgmax%3D660.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/hill-kleerup.org\/blog\/wp\/wp-content\/uploads\/2015\/09\/Edward-Elmer-Heber-Social-Security-Card-Back5B15D.jpgimgmax%3D660.jpg?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":133915,"url":"https:\/\/hill-kleerup.org\/blog\/2017\/07\/20\/okay-can-we-stop-treating-ssn-as-a-super-seekrit-thing.html","url_meta":{"origin":51730,"position":2},"title":"Okay, can we stop treating SSN as a Super-Seekrit Thing?","author":"***Dave","date":"Thu 20-Jul-17 3:43pm","format":false,"excerpt":"Because, really, they keep getting leaked \/ hacked \/ discovered, and the there's all sorts of \"Oh noes, with a person's SSN they can pretend to be them.\"Just treat it as another attribute and figure out some other validation mechanism. This one's as broken (and obsolete) as \"Mother's Maiden Name\"\u2026","rel":"","context":"In &quot;~PlusPosts&quot;","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3730,"url":"https:\/\/hill-kleerup.org\/blog\/2003\/04\/04\/i_am_not_a_numb.html","url_meta":{"origin":51730,"position":3},"title":"I am not a number!","author":"***Dave","date":"Fri 4-Apr-03 9:48pm","format":false,"excerpt":"I'm sure someone 'round the Viet Nam War thought replacing all those military \"serial numbers\" with folks Social Security Numbers was a great idea. I mean, why force people to...","rel":"","context":"In &quot;Politics &amp; Law&quot;","block_context":{"text":"Politics &amp; Law","link":"https:\/\/hill-kleerup.org\/blog\/category\/politics-law"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":133755,"url":"https:\/\/hill-kleerup.org\/blog\/2017\/06\/30\/the-kinda-sorta-secret-ballot-trump-edition.html","url_meta":{"origin":51730,"position":4},"title":"The Kinda-Sorta Secret Ballot (Trump Edition)","author":"***Dave","date":"Fri 30-Jun-17 12:09am","format":false,"excerpt":"Trump's \"Let's Find Those Mythical 3-5 Million Illegal Voters\" commission is asking every state to turn over the name, address, date of birth, party affiliation, last four Social Security number digits, and voting history back to 2006 of every voter. And those records will then be available to the public.So\u2026","rel":"","context":"In &quot;~PlusPosts&quot;","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":134808,"url":"https:\/\/hill-kleerup.org\/blog\/2017\/09\/21\/equifax-breach-round.html","url_meta":{"origin":51730,"position":5},"title":"My Equifax Breach Round-Up","author":"***Dave","date":"Thu 21-Sep-17 8:24am","format":false,"excerpt":"The news cycle on all of this has settled down finally, so I feel like I can determine some coherent recommendations of what to do. That's different from what we need to do nationally (stop treating the SSN as a secret password and unique identifier, for one), but that's a\u2026","rel":"","context":"In &quot;~PlusPosts&quot;","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/hill-kleerup.org\/blog\/wp\/wp-content\/uploads\/2017\/09\/Equifax%2BHQ.jpgimgmax%3D660.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/51730","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/comments?post=51730"}],"version-history":[{"count":0,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/51730\/revisions"}],"wp:attachment":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/media?parent=51730"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/categories?post=51730"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/tags?post=51730"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}