Skip to main content

Main menu

  • Home
  • Articles
    • Current
    • Special Feature Articles - Most Recent
    • Special Features
    • Colloquia
    • Collected Articles
    • PNAS Classics
    • List of Issues
  • Front Matter
    • Front Matter Portal
    • Journal Club
  • News
    • For the Press
    • This Week In PNAS
    • PNAS in the News
  • Podcasts
  • Authors
    • Information for Authors
    • Editorial and Journal Policies
    • Submission Procedures
    • Fees and Licenses
  • Submit
  • Submit
  • About
    • Editorial Board
    • PNAS Staff
    • FAQ
    • Accessibility Statement
    • Rights and Permissions
    • Site Map
  • Contact
  • Journal Club
  • Subscribe
    • Subscription Rates
    • Subscriptions FAQ
    • Open Access
    • Recommend PNAS to Your Librarian

User menu

  • Log in
  • My Cart

Search

  • Advanced search
Home
Home
  • Log in
  • My Cart

Advanced Search

  • Home
  • Articles
    • Current
    • Special Feature Articles - Most Recent
    • Special Features
    • Colloquia
    • Collected Articles
    • PNAS Classics
    • List of Issues
  • Front Matter
    • Front Matter Portal
    • Journal Club
  • News
    • For the Press
    • This Week In PNAS
    • PNAS in the News
  • Podcasts
  • Authors
    • Information for Authors
    • Editorial and Journal Policies
    • Submission Procedures
    • Fees and Licenses
  • Submit
Commentary

Should Social Security numbers be replaced by modern, more secure identifiers?

William E. Winkler
  1. Statistical Research Division, Bureau of the Census, Washington, DC 20233

See allHide authors and affiliations

PNAS July 7, 2009 106 (27) 10877-10878; https://doi.org/10.1073/pnas.0905722106
William E. Winkler
  • Find this author on Google Scholar
  • Find this author on PubMed
  • Search for this author on this site
  • For correspondence: william.e.winkler@census.gov
  • Article
  • Info & Metrics
  • PDF
Loading

Social Security numbers (SSNs) were originally developed as unique identifiers well before recent times when sophisticated methods of using and combining data files became available. Although the main legislated uses of SSNs are by the Social Security Administration (SSA) and the Internal Revenue Service (IRS), SSNs have become ubiquitous as identifiers in both credit files and even health-related files. With many files, the SSN, along with other identifying information such as name, address, telephone number, and date-of-birth, is the primary means of corroborating that an individual from one data source is the same individual in another data source (1).

In our credit-driven society, individuals often want their applications for new credit to be approved as quickly as possible. Approval is often accomplished by comparing information on the credit application with an appropriately designed external database. Speed of linkage may be improved by using only SSN and date-of-birth. Because typographical error is common (say, from keying a hand-written form), the linkage procedures may only require that 7 of 9 characters in the SSN agree and the components of date-of-birth (day-of-birth, month-of-birth, and year-of-birth) approximately agree. The linkage may also use names in a procedure that accounts for minor typographical error. If name is not used in the linkage, then, as noted by Acquisti and Gross (1) in this issue of PNAS, an identify thief can use a new name and mailing address along with the “verified” SSN–date-of-birth combination to obtain new credit.

Acquisti and Gross (1) demonstrate that it is possible to predict SSNs for a moderately large proportion of the population. This is particularly true for individuals who received SSNs via the Enumeration-At-Birth (EAB) procedure that began in 1993. The prediction models are greatly facilitated by SSA's own documented procedures for creating SSNs and publicly available SSA Death Master File (DMF) information that was intended to help prevent fraud and identify theft. To clarify and provide a precursor to later arguments, I repeat some of the description of Acquisti and Gross. The first 5 digits of the SSN are assigned geographically with certain states getting known sets of digits. The precise ordering and specific values have been available in public documents for years (2, 3). The first five digits are assigned in known order (not consecutive) and, within each set of the specific values of the first five digits, the last four digits are assigned consecutively from 0001 to 9999. Although SSA documentation (2, 3) specifically states that the last four digits of SSN are randomized, Acquisti and Gross disprove that valid randomization occurs.

The Acquisti–Gross procedures (1) allow them to predict the first five digits of the SSN with high accuracy. Acquisti and Gross refine their model using the DMF information about the patterns present in the SSNs and dates-of-birth. With the refined model, it is possible to predict the last four digits with accuracy within a range of 100 for individuals born in 1993 or later. The accuracy is much lower for other years. Many of the web-based “identity-verifying” sources allow typographical error in the SSN and a number of verification queries up to a fixed upper bound from a given computer. By varying the guess of the SSN in a range of 100 (or even greater ranges) and using queries from several computers, it is possible to verify a given combination of SSN and date-of-birth to compromise the identity of an individual.

The SSN is not a secure identifier, particularly for individuals born in 1993 and later.

The main issue is that, as Acquisti and Gross demonstrate (1), the SSN is not a secure identifier, particularly for individuals born in 1993 and later. If the SSN is not secure in the sense that it is straightforward to associate it with an individual for whom a name and date-of-birth are available, then it can be very easy to steal such an individual's identity.

Having one's identity stolen can be exceptionally costly (1–3 years, $30,000 or more in expenses) (4–6).

Modern computer environments and capabilities necessitate a secure, accurate, unique, and verifiable identifier. I suggest three changes to existing SSN-assignment procedures that are reasonably straightforward to implement and that may serve as a precursor to more appropriate procedures. The first is to use a different random ordering of the last four digits of the SSN within each group as determined by the first five digits of the SSN. This straightforward change does not affect any of the subsequent legitimate uses of the SSN and should be implemented. Equally easy to implement and even more secure would be for SSA to issue SSNs in a given state at random from the entire set of remaining SSNs that are available to the state. The second change is to add a check digit as an extra field in the SSN (7). Check digits ensure that a set of integers are keyed correctly 90% of the time. The procedure does this by computing a verifying check digit from the existing 9 digits that must agree with the keyed or available check. The “check digit” can be stored in a separate location although, ideally, it might be stored in a location that is adjacent to the SSN. If two check digits were used, then it would be possible to ensure that 99% of SSNs were keyed correctly.

The third change would be to add a pair of digits to deal with the vintage of SSNs. The current 9-digit SSN does not have sufficient numbers for 300+ million Americans, deceased individuals, and others such as certain foreign nationals who need SSNs as part of their U.S. employment. The pair “00” might be associated with most current SSNs and could again be stored in a nonadjacent location. Because some individuals already have two assigned SSNs (8), identical SSNs are sometimes assigned to different individuals, and some geographic regions may be close to running out of SSNs, the SSA could use “01,” “02,” and so on to disambiguate other sets of SSNs. The third change seems crucial because SSA will possibly be running out of sufficient, unassigned SSNs within 70 years (9). The second change facilitates verifying that a transcribed/keyed SSN agrees with SSA's main Numident database containing all verified SSNs and associated information. A third-party group (or individual) with suitable expertise would need to verify that the SSA procedures were properly implemented.

There are two questions related to the general privacy of individuals. First, will SSA be able to issue new, replacement SSNs to individuals from 1993 until the time when SSA implements more secure procedures? Many individuals born from 1993 have significantly increased risk of identity theft. Second, will the credit-granting industry and other groups that need to verify identities adopt procedures that somehow significantly reduce the possibility of identity theft for most individuals? Because millions of individuals are affected by identity theft annually (4–6), the ease with which identity-verifying procedures are compromised needs to be reduced.

Footnotes

  • 1To whom correspondence should be addressed at:
    Statistical Research Division, Bureau of the Census, 4600 Silver Hill Road, Washington, DC 20233-9100.
    E-mail: william.e.winkler{at}census.gov
  • Author contributions: W.E.W. wrote the paper.

  • The author declares no conflict of interest.

  • See companion article on page 10975.

References

  1. ↵
    1. Acquisti A,
    2. Gross R
    (2009) Predicting Social Security numbers from public data. Proc Natl Acad Sci USA 106:10975–10980.
    OpenUrlAbstract/FREE Full Text
  2. ↵
    1. Social Security Administration
    SSA's Program Operations Manual System, (undated) https://5044a90.ssa.gov/apps10/poms.nsf/.
  3. ↵
    1. Alvey W,
    2. Kilss B
    1. Jabine TB
    (1985) in Record Linkage Techniques 1985, Properties of the Social Security number relevant to its use in record linkages, eds Alvey W, Kilss B (Department of the Treasury, Internal Revenue Service, Washington, DC), pp 219–225, Available at www.fcsm.gov/working-papers/RLT_1985.html.
  4. ↵
    1. Claburn T
    (10 22, 2007) Identify theft: Costs more, tech less. InformationWeek, article ID 202600312.
  5. ↵
    1. Rubenking J
    (3 2, 2004) PC Magazine, Identity theft: What, me worry? Available at www.pcmag.com/article2/0,1759,1522469,00.asp.
  6. ↵
    1. Burger AK
    (2 5, 2008) E-Commerce Times, The cost of identity theft: Part 1, Beyond dollars and cents. Available at www.ecommercetimes.com/story/61515.html.
  7. ↵
    1. Herzog TA,
    2. Scheuren F,
    3. Winkler WE
    (2007) Data Quality and Record Linkage Techniques (Springer, New York).
  8. ↵
    1. Social Security Administration
    Why are there multiple Social Security numbers on my statement? (undated) http://ssa-custhelp.ssa.gov/cgi-bin/ssa.cfg/php/enduser/std_adp.php?p_faqid=120&p_created=955568058.
  9. ↵
    1. Barnhart JAB
    (3 16, 2006) Written answers by the Commissioner of the Social Security Administration to questions from J McCrery, Chairman of the Subcommittee on Social Security. Available at http://waysandmeans.house.gov/hearings.asp?formmode=view&id=4979&keywords=Barnhart+McCrery+March+16.
PreviousNext
Back to top
Article Alerts
Email Article

Thank you for your interest in spreading the word on PNAS.

NOTE: We only request your email address so that the person you are recommending the page to knows that you wanted them to see it, and that it is not junk mail. We do not capture any email address.

Enter multiple addresses on separate lines or separate them with commas.
Should Social Security numbers be replaced by modern, more secure identifiers?
(Your Name) has sent you a message from PNAS
(Your Name) thought you would like to see the PNAS web site.
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Citation Tools
Should Social Security numbers be replaced by modern, more secure identifiers?
William E. Winkler
Proceedings of the National Academy of Sciences Jul 2009, 106 (27) 10877-10878; DOI: 10.1073/pnas.0905722106

Citation Manager Formats

  • BibTeX
  • Bookends
  • EasyBib
  • EndNote (tagged)
  • EndNote 8 (xml)
  • Medlars
  • Mendeley
  • Papers
  • RefWorks Tagged
  • Ref Manager
  • RIS
  • Zotero
Request Permissions
Share
Should Social Security numbers be replaced by modern, more secure identifiers?
William E. Winkler
Proceedings of the National Academy of Sciences Jul 2009, 106 (27) 10877-10878; DOI: 10.1073/pnas.0905722106
del.icio.us logo Digg logo Reddit logo Twitter logo CiteULike logo Facebook logo Google logo Mendeley logo
  • Tweet Widget
  • Facebook Like
  • Mendeley logo Mendeley

Related Articles

  • Predicting Social Security numbers from public data
    - Jul 06, 2009
Proceedings of the National Academy of Sciences: 106 (27)
Table of Contents

Submit

Sign up for Article Alerts

Jump to section

  • Article
    • Footnotes
    • References
  • Info & Metrics
  • PDF

You May Also be Interested in

Smoke emanates from Japan’s Fukushima nuclear power plant a few days after tsunami damage
Core Concept: Muography offers a new way to see inside a multitude of objects
Muons penetrate much further than X-rays, they do essentially zero damage, and they are provided for free by the cosmos.
Image credit: Science Source/Digital Globe.
Water from a faucet fills a glass.
News Feature: How “forever chemicals” might impair the immune system
Researchers are exploring whether these ubiquitous fluorinated molecules might worsen infections or hamper vaccine effectiveness.
Image credit: Shutterstock/Dmitry Naumov.
Venus flytrap captures a fly.
Journal Club: Venus flytrap mechanism could shed light on how plants sense touch
One protein seems to play a key role in touch sensitivity for flytraps and other meat-eating plants.
Image credit: Shutterstock/Kuttelvaserova Stuchelova.
Illustration of groups of people chatting
Exploring the length of human conversations
Adam Mastroianni and Daniel Gilbert explore why conversations almost never end when people want them to.
Listen
Past PodcastsSubscribe
Panda bear hanging in a tree
How horse manure helps giant pandas tolerate cold
A study finds that giant pandas roll in horse manure to increase their cold tolerance.
Image credit: Fuwen Wei.

Similar Articles

Site Logo
Powered by HighWire
  • Submit Manuscript
  • Twitter
  • Facebook
  • RSS Feeds
  • Email Alerts

Articles

  • Current Issue
  • Special Feature Articles – Most Recent
  • List of Issues

PNAS Portals

  • Anthropology
  • Chemistry
  • Classics
  • Front Matter
  • Physics
  • Sustainability Science
  • Teaching Resources

Information

  • Authors
  • Editorial Board
  • Reviewers
  • Subscribers
  • Librarians
  • Press
  • Cozzarelli Prize
  • Site Map
  • PNAS Updates
  • FAQs
  • Accessibility Statement
  • Rights & Permissions
  • About
  • Contact

Feedback    Privacy/Legal

Copyright © 2021 National Academy of Sciences. Online ISSN 1091-6490