62 comments

[ 4.0 ms ] story [ 130 ms ] thread
I say "no" every time, and people asking for it are flabbergasted and make it seem like I'm committing some sort of social taboo. "Why should I trust your company to protect me from identity theft?" is usually my retort, which they never have a compelling rejoinder.
The problem with this approach is that frequently the business doesn't care much about serving you. If you say no, they just say that's okay. Come back when you will. And then what? Fine if there are many options, but often there aren't. I'm thinking medical and banking here, but I'm sure there are many more where all the companies that offer the service you want/need require you to give them your SSN.
Can you legally open a bank account without a SSN? Legit asking. Same qq for medical.
I always exclude my SSN on medical forms and have never had a problem. Banks are another matter...
Lots of people in the US don't have SSN's, but are still entitled to medical services. The same is not true for banking.
Pretty much no. Banks in the US are subject to Know Your Customer (KYC) laws that require them to collect a lot of personal information about you to uniquely identify you as an individual and tie you to past behavior and other entities you interact with. SSN is functionally a shortcut to most of this. Everybody has a unique one, and all the entities track you by it, so they can put those pieces together when and if necessary.
I know you could in mid-2000s. Couldn't get a credit card without a safety deposit (deposit $X, get a credit limit of $X), though.
Where I've had the most friction is with background checks. They don't offer a "decline" option, so I have to either give them my SSN or tell them I don't have one. I have done the latter and it wasn't a big problem, just more work for them.
The system we have with SSNs are just fundamentally flawed. It's like a password you can't choose or change, that is also in a million databases (in plaintext) and regularly gets stolen and resold. We have better systems for authentication and we're stuck treating this number like it has any value at all.
That’s right.

You can use a number as a unique identifier for each person that everybody stores. You can also use a number as a secret code to authenticate yourself.

But you can’t use the same number for both purposes.

Even worse is going to be when people start misusing biometrics, where--like with SSNs--they make a very wrong yet temporarily convenient assumption that the information is secret.
Biometrics don't have to be secret to be useful -- my home country has national ID cards with embedded fingerprint data, and certain transactions are required by law to have you physically present yourself and verify your identity with a fingerprint reader that checks it against your card's info.
Does an authority always inspects everyone's fingers to make sure nobody is wearing a gelatin pad, or is it a facility which has a rather expensive machine that does a lot of extra anti-spoofing tests?

In general, the common situations some people wish they could use biometrics--like a grocery store payment--are also ones where it won't actually be that secure. After someone goes on a shopping-spree with your stolen fingerprint, you can't really change it.

Fingerprints are real easy to forge with super glue, a digital camera with telephoto lens, a printer, and elmer's glue (1)

1. https://www.ccc.de/en/updates/2014/ursel

This may be true, but its even easier with the SSN where you just give them the number and that's it. Because the fingerprint scan isn't perfect doesn't mean it isn't better (much better).
The USG just needs to choose an authentication scheme that is easily and securely implemented in smartphones, yet still accessible to the grandmas out there that will use this as their first piece of technology. Then, once adopted, they should double down and publish the full mapping of names to SSNs, eradicating any remaining value they have as anything other than a User ID.
What happens to people without smartphones or if someone loses theirs via theft?
Stop at the Post Office to pick up your One Time Expiring Activation Code, bring along a piece of mail and a friend to vouch for you.
So if someone has a friend and a printer they can impersonate anyone? Doesn't seem like that adds much security.
At some point, identity relies on an official who is legally empowered to make a decision, and people stating things where lying would be fraud. We currently have very weak intermediary steps in the US-- transmitting 9 digits that last a lifetime-- that could be firmed up in similar ways to 2FA and notarization
I described the current process for voting. I meant it both a little facetiously, and mostly just matter of factly.
Or you simply don't have a smartphone.
> The USG just needs to choose an authentication scheme that is easily and securely implemented in smartphones

This is a fundamentally terrible idea. It assumes people must have a smartphone.

What does it take to have a smartphone? You have to commit to a monthly expense stream paid to a proprietary private company. A company who also has the power to cancel you.

No, anything that is an official government scheme must be fully implemented as a government service with zero dependencies on private companies.

It isn't like a password; it's a globally unique, (mostly) immutable identifier, used across a broad range of systems.
> It isn't like a password

True, but far too many businesses treat it as an "authentication" token that they can use to authenticate that you are who you say you are. I.e., they treat it like a password that only you know, and so if you can recite it to the telephone help desk person, then the help desk person is assured that the voice on the other side of the phone must be Mr. X who has SSN YYY-YY-YYYY.

That "must" be kept secret. So, a password.
The problem is that SSNs weren't designed as a unique identifier for US identity, with no consideration given for protection, authentication, etc. The earliest SS cards came with 'NOT FOR IDENTIFICATION' on the front, was used for nothing except SS, and was in general designed as nothing more than a record-keeping number.

Then people figured out that since the government went through the trouble of assigning every* [1] american* [2] a unique* [3] number* [4], they might as well use that as their own ID too for inter-operability between different financial firms, and that's how we ended up in this shitty situation.

Every time somebody proposes 'hey we should come up with a better national ID number' you get people yelling about mumble mumble big government mumble mumble privacy mumble mumble feds tracking you around, and the proposal dies in committee.

[1] originally only issued to those who worked, and was not exempted from the SS system, notably children. Of course these days children have SS numbers because they're a de-facto ID number, and it's required to claim dependents, and with varying degrees of resistance from weird groups like the Amish. Additionally, non-eligible people are issued tax IDs instead, which have the same format as SSNs because it was easier that way

[2] big(?) political fights over who exactly must get numbers, of course, from religious groups, illegal immigrants, and many more

[3] except of course it's not unique, there were errors where people got duplicate numbers, and people can get reassigned numbers, thereby having more than one

[4] did you know they used to assign SSNs sequentially? The guy who was next in line got your number + 1

Weren't the cards originally for retirees to go pick up the social security check from the social security office, as well as request documents and such? It's like pension books in other countries.
Don't forget that social security numbers are also recycled upon death, so definitely not unique.
SSN was never meant to be a form of identification. Now, let’s figure out a way to consistently convert an individual’s DNA to a hash… oh wait. Worldcoin?
don't give crud publicity.
I personally think this is the wrong track to take. What we should do to social security numbers is make them so ubiquitous, make it so that you know all of your friends social security numbers, so that it is no longer used as a private identifier, which it isn't, and is thoroughly unsuit for purpose as.

Especially as "AI", the ubiquity of chat GPT and AI generated images makes it easy to fake people, having a public registry of every real citizen becomes a much more sensible thing. There is an insane take on "PII" that the list of "Your real name and address" are sensitive information. A generation ago everybody's name and address were in the phone book, and we were better off for it.

> A generation ago everybody's name and address were in the phone book, and we were better off for it.

Would you like to start? Please leave a reply to this comment with your real name, full home address, date of birth, SSN, and whatever other non-PII PII you have in mind.

The parent poster seems to be talking about it being a coordinated widespread effort, why are you challenging them to do something different?
Because the specific risk to an individual from having their personal information publicized does not decrease when everyone else's personal information is publicized as well. If the poster above wants people to throw away the notion of privacy, then they have nothing to lose from leading by example. And if they refuse, that in itself is proof that their words are hollow.
It's tough to make that argument when those were the days of physical locations and card-based verification.

While SS# is thoroughly unsuitable and personal info is even more so, that pragmatism and illusion of security serves as the foundation of government and commerce. What are we going to use instead?

The likelihood of a truly national cryptographically verifiable smart ID card is seemingly nil given the patchwork quilt of laws in the US.

Lots of people were unlisted on purpose. e.g. people with aggressive ex-boyfriends.
> A generation ago everybody's name and address were in the phone book, and we were better off for it.

I'm much happier in a world where the answer to "how do I reach a random person I don't know" is "look for the contact method of their convenience that they deliberately choose to share, if any".

> A generation ago everybody's name and address were in the phone book, and we were better off for it.

Were we? Anyone who has ever been stalked would disagree with you. There's a reason "doxxing" is considered a bad thing.

> A generation ago everybody's name and address were in the phone book

No they weren't. Most people's were, but a large number of people were willing to pay the $5/mo extortion fee to have their information omitted.

I always say no. I can get away with it in every case except banks and loans.

At the same time, anytime a company asks for your birthdate, give them a fake one. I frequently use my mom's birthday and a sibling's birth year so I can remember it.

There's a spike in births on Jan 1st if website records are to be trusted.
An something like 10% of the population lives in Beverly Hills.
And one heckuva party line on 867-5309
In pretty much any store that has rewards account that you have to punch in a phone number (like a drug store, gas station, grocery), I use this number. Someone has always created one.
Banking is actually a rare case where it makes sense because they legitimately need your TIN (taxpayer ID number). For businesses this is the same as their EIN (employee ID number) so no big deal.

What's problematic that ought to be fixed is that for individuals your TIN is just your SSN. Lazy. We ought to just issue personal TINs the first time you file taxes.

(comment deleted)
I do exactly the same. There are a few situations where you really need to provide your SSN, but outside of those, I tell whoever's asking that I won't provide one. 95% of the time, they're ready for that and will create an ID number for me.

In the few times when someone who doesn't have a legitimate need for my SSN but insists on getting it anyway, I give them Richard Nixon's: 567-68-0515

There is a doctor I visit and they have one of those kiosks that make me do shadow work, you know, checking me in, the work of a receptionist.

It used to prompt for SSN. I would enter a bunch of zeroes. Now there is a button that says 'I don't want to give it'.

And then the next screen prompts you for the last 4 digits of your SSN, stating that insurance companies need it.

No. You already have a scan of my ID and insurance card. You don't need more.

I once insisted with an optometrist that they only take my insurance number and not my SSN. They contacted my insurance and the insurance sent them my SSN.

I can't avoid medical insurance having my SSN because of tax reporting requirements.

Actually you can. Just don't give them your SSN. I did this with Kaiser Permanente and it continues to work just fine.
> They contacted my insurance and the insurance sent them my SSN

If all you're doing is making them get the information from someone else, what exactly are you accomplishing? Adding a bit of friction to a process?

I mean, fine, if that's the aim, but it sounds like this was intended as more of a “they don't need this information at all, and if you don't give it to them, then they won't have it” technique, and (apparently) that doesn't work.

I told them they shouldn't give the insurance company their SSN.

There is no "someone else" who will give the insurer this information.

I wish I could but I literally can't not do on Phreesia. And then I can't go into the doctor's office without checking in, which they won't do on paper if they use Phreesia.
I say no by default to companies asking too much information all the time, here in NZ companies seem particularly bad at asking for this info, and it's become so normalized that I always get weird looks when I say no, which annoys me even more.

Why does my barber need my email address and phone number to cut my hair? Why does the supermarket ask for my address when I'm just trying to buy a bottle of milk? When I buy trousers it's sign up for the membership plan and fill out all these personal details.

No, No, No. I'm not putting all of my details in your crappy insecure database - and yes, I know it's for "marketing" purposes, I dont want your spam either. It's infuriating.

Just look at how it has been solved in Scandinavia, Estonia etc. I don't know enough about Indian Aadhar (?), but I assume that works as well. And start keeping a decent registry of people instead of relying on a once a decade census.