>From - Sat Mar 02 00:57:19 2024
Received: by 10.150.206.1 with SMTP id d1mr250695ybg.3.1247776971033;
Thu, 16 Jul 2009 13:42:51 -0700 (PDT)
Return-Path: <areda..._at_msn.com>
Received: from blu0-omc1-s7.blu0.hotmail.com (blu0-omc1-s7.blu0.hotmail.com [65.55.116.18])
by gmr-mx.google.com with ESMTP id 19si25270yxe.10.2009.07.16.13.42.50;
Thu, 16 Jul 2009 13:42:51 -0700 (PDT)
Received-SPF: pass (google.com: domain of areda..._at_msn.com designates 65.55.116.18 as permitted sender) client-ip=65.55.116.18;
Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of areda..._at_msn.com designates 65.55.116.18 as permitted sender) smtp.mail=areda..._at_msn.com
Received: from BLU149-DS10 ([65.55.116.8]) by blu0-omc1-s7.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Thu, 16 Jul 2009 13:42:51 -0700
X-Originating-IP: [24.158.238.87]
X-Originating-Email: [areda..._at_msn.com]
Message-ID: <BLU149-DS10C3D4EF8E1F04A3962407BC210_at_phx.gbl>
Return-Path: areda..._at_msn.com
From: "Its from Onion" <areda..._at_msn.com>
Subject: No, You Can't Have My Social Security Number
Date: Thu, 16 Jul 2009 15:42:40 -0500
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_02BE_01CA062C.0D6A2BF0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: MSN 9
X-MimeOLE: Produced By MSN MimeOLE V9.60.0053.2200
Seal-Send-Time: Thu, 16 Jul 2009 15:42:40 -0500
Bcc:
X-OriginalArrivalTime: 16 Jul 2009 20:42:51.0004 (UTC) FILETIME=[FC6673C0:01CA0655]
------=_NextPart_000_02BE_01CA062C.0D6A2BF0
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_02BF_01CA062C.0D6A2BF0"
------=_NextPart_001_02BF_01CA062C.0D6A2BF0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
n a paper published last week, two Carnegie Mellon professors unveiled a me=
thod for cracking the code of Social Security numbers<
http://www.informatio=
nweek.com/news/security/privacy/showArticle.jhtml?articleID=3D218400854>. G=
iven a person's birth date and the state where he or she was born along wit=
h public records of deceased people born around the same time, the research=
ers wrote an algorithm that predicted a person's SSN with startling accurac=
y. The biggest question raised by their paper isn't how our country came to=
rely on such an insecure identification system. The mystery is how it took=
so long for anyone to break such a ridiculously elementary system.
Social Security numbers were never designed to be secure. When SSNs came in=
to existence 75 years ago, they had one and only one purpose: to keep track=
of contributions to the federal pension system. When Congress established =
the program<
http://www.ourdocuments.gov/doc.php?flash=3Dtrue&doc=3D68> in 1=
935, it started issuing cards with unique nine-digit numbers. The numbers w=
ere derived using a simple formula. The first three digits, called the "are=
a number," refer to the state where the card was issued. The fourth and fif=
th digits, the "group number," are assigned in a predetermined order to div=
ide the applicants into arbitrary groups. The last four digits, the "serial=
number," are assigned sequentially, from 0001 to 9999 in each group.=20
Ten years after the SSN debuted, the feds added a clarification to the card=
in capital letters: "FOR SOCIAL SECURITY PURPOSES=97NOT FOR IDENTIFICATION=
."=20
By that point, it was already too late. Three years earlier, President Fran=
klin Roosevelt had issued an executive order<
http://www.defenselink.mil/pri=
vacy/files/EO_9397.pdf> allowing other federal agencies to use SSNs rather =
than launch their own systems. Within 20 years, the IRS, the Civil Service =
Commission, and the military were all using the numbers to identify people.=
=20
Social Security numbers haven't evolved much since those early days, but th=
e techniques for exploiting them have. The Social Security Administration's=
Web site is happy to tell you which three-digit codes belong to which stat=
es<
http://www.ssa.gov/employer/stateweb.htm> and in what order the group nu=
mbers are assigned<
http://www.ssa.gov/history/ssn/geocard.html>. The Carneg=
ie Mellon researchers simply determined that if you know when and where a p=
erson was born=97info that many of us readily supply on Facebook=97you can =
narrow down her possible Social Security number to a fairly small range. (S=
tudying existing government records, like the list of dead people's SSNs in=
the Death Master File<
http://www.ssdmf.com/FolderID/1/SessionID/%7B4EA13F0=
6-1E85-45C0-A4CE-FF78D146B1A6%7D/PageVars/Library/InfoManage/Guide.htm>, ga=
ve the researchers additional clues about when exactly specific states assi=
gned specific numbers.) The system works particularly well for people born =
in small states, which have only a few possible area numbers. (For example,=
Wyoming natives are very likely to have Social Security numbers that start=
with 520.) The odds of guessing someone's number on the dot are still low=
=97about 1 percent on average for more recent births, but up to 10 percent =
in small states. Even the lower figures, however, are plenty large enough t=
o steal a lot of real identities if you use a small network of computers to=
try out lots of possibilities.
Now that SSNs are used on our driver's licenses, tax returns, and bank stat=
ements, we have the worst of all possible worlds: Numbers that were never i=
ntended to be secure are being used to secure our most-valuable information=
. Because many companies also use Social Security numbers as a password to =
get into your account, swiping the number from a license or a student ID ca=
rd gives a person all sorts of access to your life.
------=_NextPart_001_02BF_01CA062C.0D6A2BF0
Content-Type: text/html;
charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3Dtext/html;charset=3Diso-8859-1>
<STYLE></STYLE>
<META content=3D"MSHTML 6.00.6000.16850" name=3DGENERATOR></HEAD>
<BODY id=3DMailContainerBody=20
style=3D"PADDING-LEFT: 10px; FONT-WEIGHT: normal; FONT-SIZE: 12pt; COLOR: #=
000000; BORDER-TOP-STYLE: none; PADDING-TOP: 15px; FONT-STYLE: normal; FONT=
-FAMILY: Times New Roman; BORDER-RIGHT-STYLE: none; BORDER-LEFT-STYLE: none=
; TEXT-DECORATION: none; BORDER-BOTTOM-STYLE: none"=20
leftMargin=3D0 topMargin=3D0 acc_role=3D"text" CanvasTabStop=3D"true"=20
name=3D"Compose message area"><!--[gte IE 5]><?xml:namespace prefix=3D"v" /=
><?xml:namespace prefix=3D"o" /><![endif]-->
<DIV>
<P><SPAN=20
style=3D"MARGIN-TOP: 0px; DISPLAY: block; Z-INDEX: 2; BACKGROUND: url(http:=
//l.yimg.com/ds/orion/1.0.5/img/badge-logo.png) no-repeat left top; MARGIN-=
LEFT: 5px; WIDTH: 16px; CURSOR: hand; POSITION: absolute; HEIGHT: 16px"></S=
PAN></P>
<DIV id=3Dbeacon_8abc80775d=20
style=3D"MARGIN-TOP: -15px; DISPLAY: block; Z-INDEX: 1; VISIBILITY: hidden;=
MARGIN-LEFT: -10px; POSITION: absolute"><IMG=20
style=3D"WIDTH: 0px; HEIGHT: 0px" height=3D0 alt=3D""=20
src=3D"
http://ads.undertone.com/lg.php?bannerid=3D3081&campaignid=3D120=
2&zoneid=3D618&UTCBLOCK=3D86400&UTSCCAP=3D5&UTLIA=3D1&l=
oc=3D1&referer=3Dhttp%3A%2F%2Fimg.slate.com%2Fid%2F2222882&cb=3D8ab=
c80775d&bk=3Dkmw6p7&id=3Dbh2uegafjtkcosccw8ko8ko0g"=20
width=3D0></DIV>n a paper published last week, two Carnegie Mellon professo=
rs=20
unveiled a method for <A=20
title=3D
http://www.informationweek.com/news/security/privacy/showArticle.jh=
tml?articleID=3D218400854=20
href=3D"
http://www.informationweek.com/news/security/privacy/showArticle.jh=
tml?articleID=3D218400854"=20
target=3D_blank>cracking the code of Social Security numbers</A>. Given a p=
erson's=20
birth date and the state where he or she was born along with public records=
of=20
deceased people born around the same time, the researchers wrote an algorit=
hm=20
that predicted a person's SSN with startling accuracy. The biggest question=
=20
raised by their paper isn't how our country came to rely on such an insecur=
e=20
identification system. The mystery is how it took so long for anyone to bre=
ak=20
such a ridiculously elementary system.
<P></P>
<P>Social Security numbers were never designed to be secure. When SSNs came=
into=20
existence 75 years ago, they had one and only one purpose: to keep track of=
=20
contributions to the federal pension system. When Congress <A=20
title=3D
http://www.ourdocuments.gov/doc.php?flash=3Dtrue&doc=3D68=20
href=3D"
http://www.ourdocuments.gov/doc.php?flash=3Dtrue&doc=3D68"=20
target=3D_blank>established the program</A> in 1935, it started issuing car=
ds with=20
unique nine-digit numbers. The numbers were derived using a simple formula.=
The=20
first three digits, called the "area number," refer to the state where the =
card=20
was issued. The fourth and fifth digits, the "group number," are assigned i=
n a=20
predetermined order to divide the applicants into arbitrary groups. The las=
t=20
four digits, the "serial number," are assigned sequentially, from 0001 to 9=
999=20
in each group. </P>
<P>Ten years after the SSN debuted, the feds added a clarification to the c=
ard=20
in capital letters: "FOR SOCIAL SECURITY PURPOSES=97NOT FOR IDENTIFICATION.=
" </P>
<P>By that point, it was already too late. Three years earlier, President=
=20
Franklin Roosevelt had issued an <A=20
title=3D
http://www.defenselink.mil/privacy/files/EO_9397.pdf=20
href=3D"
http://www.defenselink.mil/privacy/files/EO_9397.pdf"=20
target=3D_blank>executive order</A> allowing other federal agencies to use =
SSNs=20
rather than launch their own systems. Within 20 years, the IRS, the Civil=
=20
Service Commission, and the military were all using the numbers to identify=
=20
people.
<SCRIPT language=3Djavascript type=3Dtext/javascript>placeAd2(commercialNod=
e,'midarticleflex',false,'')</SCRIPT>
<SCRIPT language=3DJavaScript1.1=20
src=3D"
http://ad.doubleclick.net/adj/slate.business/webhead/midarticleflex;=
dir=3Dbusiness;dir=3Dwebhead;dir=3Dmidarticleflex;ad=3Dfb;ad=3Dbb;del=3Djs;=
ajax=3Dn;dcopt=3Dist;ad=3Dpop;heavy=3Dy;pageId=3Dslate-id-2222882;poe=3Dyes=
;fromrss=3Dn;rss=3Dn;front=3Dn;msn_refer=3Dn;articleId=3Dwww.slate.com;pos=
=3Dmidarticleflex;sz=3D446x33,300x250;tile=3D2;ord=3D96889957835911980?"></=
SCRIPT>
<SCRIPT language=3DJavaScript=20
src=3D"
http://optimized-by.rubiconproject.com/a/2277/2294/8481.js?cb=3D0.98=
12739610849809"=20
type=3Dtext/javascript></SCRIPT>
<!-- begin Undertone Ad Tag for INT200B - Medium Rectangle (300x250) -->
<SCRIPT type=3Dtext/javascript><!--//<![CDATA[
var ut_ju =3D '
http://ads.undertone.com/ajs.php';
ut =3Dnew Object();
ut.zoneid=3D618;
//]]>--></SCRIPT>
<SCRIPT src=3D"
http://cdn.undertone.com/js/ajs.js" type=3Dtext/javascript><=
/SCRIPT>
<!-- end Undertone Ad Tag for INT200B - Medium Rectangle (300x250) -->
<SCRIPT src=3D"
http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/al=
ice.js"=20
type=3Dtext/javascript></SCRIPT>
<SCRIPT=20
src=3D"
http://ads.undertone.com/ajs.php?&zoneid=3D618&cb=3D45731402=
907&exclude=3D%2C&charset=3Dutf-8&loc=3Dhttp%3A//img.slate.com/=
id/2222882&referer=3D"=20
type=3Dtext/javascript></SCRIPT>
<!-- Start Quantcast tag -->
<SCRIPT type=3Dtext/javascript>
_qoptions=3D{
qacct:"p-54JT4Ioyi-32M",
labels:"News,ThoughtLeader,Network.618"
};
</SCRIPT>
<SCRIPT src=3D"
http://edge.quantserve.com/quant.js" type=3Dtext/javascript>=
</SCRIPT>
<NOSCRIPT></NOSCRIPT><!-- End Quantcast tag --></P>
<P>Social Security numbers haven't evolved much since those early days, but=
the=20
techniques for exploiting them have. The Social Security Administration's W=
eb=20
site is happy to tell you <A title=3D
http://www.ssa.gov/employer/stateweb.h=
tm=20
href=3D"
http://www.ssa.gov/employer/stateweb.htm" target=3D_blank>which thr=
ee-digit=20
codes belong to which states</A> and in <A=20
title=3D
http://www.ssa.gov/history/ssn/geocard.html=20
href=3D"
http://www.ssa.gov/history/ssn/geocard.html" target=3D_blank>what o=
rder the=20
group numbers are assigned</A>. The Carnegie Mellon researchers simply=20
determined that if you know when and where a person was born=97info that ma=
ny of=20
us readily supply on Facebook=97you can narrow down her possible Social Sec=
urity=20
number to a fairly small range. (Studying existing government records, like=
the=20
list of dead people's SSNs in the <A=20
title=3D
http://www.ssdmf.com/FolderID/1/SessionID/%7B4EA13F06-1E85-45C0-A4C=
E-FF78D146B1A6%7D/PageVars/Library/InfoManage/Guide.htm=20
href=3D"
http://www.ssdmf.com/FolderID/1/SessionID/%7B4EA13F06-1E85-45C0-A4C=
E-FF78D146B1A6%7D/PageVars/Library/InfoManage/Guide.htm"=20
target=3D_blank>Death Master File</A>, gave the researchers additional clue=
s about=20
when exactly specific states assigned specific numbers.) The system works=
=20
particularly well for people born in small states, which have only a few=20
possible area numbers. (For example, Wyoming natives are very likely to hav=
e=20
Social Security numbers that start with 520.) The odds of guessing someone'=
s=20
number on the dot are still low=97about 1 percent on average for more recen=
t=20
births, but up to 10 percent in small states. Even the lower figures, howev=
er,=20
are plenty large enough to steal a lot of real identities if you use a smal=
l=20
network of computers to try out lots of possibilities.</P>
<P>Now that SSNs are used on our driver's licenses, tax returns, and bank=
=20
statements, we have the worst of all possible worlds: Numbers that were nev=
er=20
intended to be secure are being used to secure our most-valuable informatio=
n.=20
Because many companies also use Social Security numbers as a password to ge=
t=20
into your account, swiping the number from a license or a student ID card g=
ives=20
a person all sorts of access to your life.</P></DIV></BODY></HTML>
------=_NextPart_001_02BF_01CA062C.0D6A2BF0--
------=_NextPart_000_02BE_01CA062C.0D6A2BF0
Content-Type: application/octet-stream;
name="lg.php?bannerid=3081&campaignid=1202&zoneid=618&UTCBLOCK=86400&UTSCCAP=5&UTLIA=1&loc=1&referer=http%3A%2F%2Fimg.slate.com%2Fid%2F2222882&cb=8abc80775d&bk=kmw6p7&id=bh2uegafjtkcosccw8ko8ko0g"
Content-Transfer-Encoding: base64
Content-Location:
http://ads.undertone.com/lg.php?bannerid=3081&campaignid=1202&zoneid=618&UTCBLOCK=86400&UTSCCAP=5&UTLIA=1&loc=1&referer=http%3A%2F%2Fimg.slate.com%2Fid%2F2222882&cb=8abc80775d&bk=kmw6p7&id=bh2uegafjtkcosccw8ko8ko0g
R0lGODlhAQABAIAAAP///wAAACH5BAAAAAAALAAAAAABAAEAAAICRAEAOw==
------=_NextPart_000_02BE_01CA062C.0D6A2BF0--
Received on Sat Mar 02 2024 - 00:57:19 CST