Social Security numbers are a privacy liability

Hundreds of millions of SSNs have been leaked online already, but a privacy-focused identity solution could help fix the problem.

Opinion by: Nanak Nihal, president of Holonym Foundation

Social Security started like any form of identity — not identity for its own sake but to solve a specific problem that needs an identity solution. Social Security numbers (SSNs) were created to distribute benefits. If those creating them knew they would be used for identity and security as they are today, they would have designed them very differently. While some may think Social Security numbers are good enough, we should actively strive for better. 

SSNs are terrible identifiers. They suffer from two problems: the entropy problem and the symmetry problem. The entropy problem is that they are not random, so they’re pretty easy to guess, which is undesirable for something you are supposed to keep secret. The symmetry problem is one where you need to prove you’re legitimate. When you give someone your Social Security Number to prove your legitimacy, you’re no longer keeping it a secret, when it should be. 

A study trained a simple machine learning model to guess someone’s Social Security number using simple facts about the person. For people born in certain states in specific years, 5% of SSNs could be guessed in 10 or fewer tries. A better identity system would not be guessable.

The symmetry problem is simple to comprehend: You are supposed to create unique passwords for different websites, as each can be hacked. When one is hacked, it should not impact your login credentials for the others