Social Security Numbers Are Not Secure


This paper from CMU’s Alessandro Acquisti and Ralph Gross is a remarkable piece of work. Starting just from publicly available records, they were able to guess SSNs with surprisingly high accuracy—up to 50%. SSNs aren’t assigned at random, so from just your birthdate and place, it only takes a few plausible inferences about the rate at which SSNs are assigned to make a good guess at your exact number.

It’s true, as Bruce Schneier says, that this isn’t a big deal since SSNs are already effectively public information. Unfortunately, much of the U.S. continues to lumber along under the shared fiction that SSNs are confidential, and sometimes even a reliable proof of identity. Acquisti and Gross’s paper ought to help demolish that fiction. They make the truth explicit, and thus harder to deny.