SSN FAQ Addendum
SSN FAQ Addendum
by Chris Hibbert
last modified May 1, 2005
Most organizations that have studied the issue have concluded that a simple combination of Name, Address, and Phone number is usually sufficient. In cases where you are likely to be dealing with several members of the same family (and thus Jr. and Sr. might have matching records, you can add Date of Birth. If the database saves an old address and the date of the move, that will usually be sufficient to identify particular clients uniquely.
If you're designing a database or have an existing one that currently uses SSNs and want to use numbers other than SSNs, it's useful to have the identifiers use some pattern other than 9 digits. You can make them longer or shorter than that, or include letters. That way it won't be mistaken for an SSN.
Robert Ellis Smith, the publisher of the Privacy Journal, recently asked people to suggest alternatives to the SSN for indexing databases. He published some of the answers in Computers Privacy Digest, and in the Privacy Journal. Other excerpts are available at EPIC.
Some of the qualities that are (often) useful in a key and that people think they are getting from the SSN are uniqueness, universality, security, and identification. When designing a database, it is instructive to consider which of these qualities are actually important in your application; many designers assume unwisely that they are all useful for every application, when in fact each is occasionally a drawback. The SSN provides none of them, so designs predicated on the assumption that it does provide them will fail in a variety of ways.
Many people assume that Social Security Numbers are unique. They were intended by the Social Security Administration to be unique, but the SSA didn't take sufficient precautions to ensure that it would be so. They have several times given a previously issued number to someone with the same name and birth date as the original recipient, thinking it was the same person asking again. There are a few numbers that were used by thousands of people because they were on sample cards shipped in wallets by their manufacturers. (One is given below.)
The passage of the Immigration reform law in 1986 caused an increase in the duplicate use of SSNs. Since the SSN is now required for employment, illegal immigrants must find a valid name/SSN pair in order to fool the INS and IRS long enough to collect a paycheck. Using the SSN when you can't cross-check your database with the SSA means you can count on getting some false numbers mixed in with the good ones.
Not everyone has a Social Security Number. Foreigners are the primary exception (though the SSA will now assign a number to a legal immigrant without connecting that to the authority to work), but many children don't get SSNs until they're in school (and some not until they get jobs). They were only designed to be able to cover people who were eligible for Social Security. If your database will keep records on organizations as well as individuals, you should realize that they're not covered either.
Few people ever ask to see an SSN card; they believe whatever you say. The ability to recite nine digits provides little evidence that you're associated with the number in anyone else's database.
There's little reason to carry your card with you anyway. It isn't a good form of identification, and if your wallet is lost or stolen, it provides another way for the thief to hurt you.
Older cards are not at all forgery-resistant, even if anyone did ever ask for it. (Recently-issued cards are more resistant to forgery.) The numbers don't have any redundancy (no check-digits) so any 9-digit number in the range of numbers that have been issued is a valid number. It's relatively easy to write down the number incorrectly, and there's no way to tell that you've done so.
In most cases, there is no cross-checking that a number is valid. Credit card and checking account numbers are checked against a database almost every time they are used. If you write down someone's phone number incorrectly, you find out the first time you try to use it. An incorrect SSN might go unnoticed for years in some databases. In others it will likely be caught at tax time, but could cause a variety of headaches.
If someone absolutely insists on getting your Social Security Number, you may want to give a fake number. I have never needed to give a fake number; at least one of the remedies described above has always worked for me. There are legal penalties for providing a false number when you expect to gain some benefit from it. For example, a federal court of appeals ruled that using a false SSN to get a Driver's License violates federal law.
Making a 9-digit number up at random is a bad idea, as it may coincide with someone's real number and cause them some amount of grief. It's better to use a number like 078-05-1120, which was printed on "sample" cards inserted in thousands of new wallets sold in the 40's and 50's. It's been used so widely that both the IRS and SSA recognize it immediately as bogus, while most clerks haven't heard of it. There were at least 40 different people in the Selective Service database at one point who gave this number as their SSN. The Social Security Administration recommends that people showing Social Security cards in advertisements use numbers in the range 987-65-4320 through 987-65-4329.
There are several patterns that have never been assigned, and which therefore don't conflict with anyone's real number. They include numbers with any field all zeroes, and numbers with a first digit of 8 or 9. Follow this link to see more details on the structure of SSNs and how they are assigned.
Giving a number with an unused pattern rather than your own number isn't very useful if there's anything serious at stake since it's likely to be noticed.
There aren't any federal laws that explicitly forbid the collection of SSNs. However, there is a body of law, intended to prohibit the misuse of credit cards, that is written vaguely enough that it could be interpreted to cover personal collections of SSNs. The laws are at 18 USC 1029, and cover what is called "access device fraud." An access device is "any card, plate, code, account number or other means of access that can be used, alone or in conjunction with another access device, to obtain money, goods, services, or any other thing of value, or that can be used to initiate a transfer of value." The law forbids the possession, "knowingly and with intent to defraud" of fifteen or more devices which are counterfeit or unauthorized access devices." If interstate commerce is involved, penalties are up to $10,000 and 10 years in prison.
If you have suggestions for improving this document please send them to me email@example.com, or by sending snail mail to: