Image via Wikipedia In the transparent world, the one thing still sacrosanct is our Social Security Number, the key to our statistical identity. Carnegie Mellon researchers Alessandro Acquisti and Ralph Gross have discovered that the amount of public data on the Web makes it possible to find individuals’ SSNs. "In a world of wired consumers, it is possible to combine information from multiple sources to infer data that is more personal and sensitive than any single piece of original information alone," Acquisti said. To glean the numbers, the researchers used the Social Security Administration's Death Master File, a public database that provides Social Security Numbers, death and birth dates as well as place of birth, for the deceased.
Gross and Acquisti found statistical patterns within this database that allowed them to predict the SSNs of the living. They then used the same patterns on social network profiles, using birth dates and places to guess at users’ Social Security Numbers.
While it took the researchers many guesses to transmute public data into SS Numbers, they have proven that the alchemy works.
"If you can successfully identify all nine digits of an SSN in fewer than 10, 100 or even 1,000 attempts, that Social Security number is no more secure than a three-digit PIN," the authors wrote.
The predictions are especially accurate for people born after 1988, when the government began assigning Social Security Numbers right after a child’s birth. It is also easier to guess the numbers for people from smaller states.
“Industry and policy makers may need . . . to finally reassess our perilous reliance on SSNs for authentication, and on consumers’ impossible duty to protect them,” the researchers conclude.
The full article can be found at The Proceedings of the National Academy of Sciences.