the social security number crisis

The Social Security Number Crisis

Latanya Sweeney

privacy.cs.cmu.edu

Questions Addressed in this Lecture

How are Social Security numbers assigned?

What predictions can we make about a person and his SSN?

If we have a person’s Social Security number, can we get a credit card in her name?

Show me someone who gives his Social Security number away for free.

Give me a solution to consider.

Thanks to

Harry Lewis

Henry Leitner

Harvard Center for Research on Computation and Society

Gratitude toHarvard Extension School

Harvard Summer School

Harvard GSAS

Harvard College

for exposing me to other disciplines and other ways of thinking.

1.Example: linking data2.Example: anonymizing data3.Example: distributed surveillance4.Example: trails of dots5.Example: learning who you know6.Example: identity theft7.Example: fingerprint capture8.Example: bio-terrorism surveillance9.Example: privacy-preserving surveillance 10.Example: DNA privacy11.Example: SSN failures and biometrics12.Example: k-Anonymity13.Example: webcam surveillance14.Example: text de-identification15.Example: face de-identification16.Example: fraudulent Spam

Privacy Technology

privacy.cs.cmu.edu

Data Detective

How do we learn sensitive or strategic information from seemingly innocent information?

Data Protector

How do we provably prevent sensitive or strategic information from being learned?


Privacy Technology

privacy.cs.cmu.edu

Technology Or Privacy

Privacy

Usefulness

Traditional Belief System

This Work

And


Privacy Technology

privacy.cs.cmu.edu

1.Example: linking data2.Example: anonymizing data3.Example: distributed surveillance4.Example: trails of dots5.Example: learning who you know6.Example: identity theft7.Example: fingerprint capture8.Example: bio-terrorism surveillance9.Example: privacy-preserving surveillance 10.Example: DNA privacy11.Example: Identity theft protections12.Example: k-Anonymity13.Example: webcam surveillance14.Example: text de-identification15.Example: face de-identification16.Example: fraudulent Spam

Privacy Technology

privacy.cs.cmu.edu

1.Example: linking data2.Example: anonymizing data3.Example: distributed surveillance4.Example: trails of dots5.Example: learning who you know6.Example: identity theft7.Example: fingerprint capture8.Example: bio-terrorism surveillance9.Example: privacy-preserving surveillance 10.Example: DNA privacy11.Example: Identity theft protections12.Example: k-Anonymity13.Example: webcam surveillance14.Example: text de-identification15.Example: face de-identification16.Example: fraudulent Spam

Privacy Technology

privacy.cs.cmu.edu

Original Tracked De-Identified


Privacy Technology

privacy.cs.cmu.edu

- 2 0 . 0 %

0 . 0 %

2 0 . 0 %

4 0 . 0 %

6 0 . 0 %

8 0 . 0 %

1 0 0 . 0 %

1 2 0 . 0 %

0 5 1 0 1 5 2 0 2 5 3 0 3 5

B i n s i z e

U n a l t e r e d

S a f e

A l t e r e dHIPAA CERTIFIED!


Privacy Technology

privacy.cs.cmu.edu


Privacy Technology

privacy.cs.cmu.edu

Gross overview

Sufficiently de-identified

Identifiable

Explicitly identified

Readily identifiable

Sufficiently anonymous

Unusual activity

Suspicious activity

Outbreak detected

Outbreak suspected

Normal operation

Identifiability 0..1 Detection Status 0..1

1.Example: tracking people2.Example: anonymizing data3.Example: distributed surveillance4.Example: trails of dots5.Example: learning who you know6.Example: identity theft7.Example: fingerprint capture8.Example: bio-terrorism surveillance9.Example: privacy-preserving surveillance 10.Example: DNA privacy11.Example: Identity theft protections12.Example: k-Anonymity13.Example: webcam surveillance14.Example: text de-identification15.Example: face de-identification16.Example: fraudulent Spam

Privacy Technology

privacy.cs.cmu.edu


Privacy Technology

privacy.cs.cmu.edu

Team Members

• Computer scientists (AI, database, security, theory, NLP, HCI, data mining, vision, biometrics, link analysis)

• Lawyers

• Social scientists

• Geneticists

• Ethicists

• Medical doctors

• Policy analysts

• Forensic scientists

• Economists

SSN Numbering Scheme

• Social Security number allocations

•Historical highlights and uses

•Inferences from SSNs

Historical Highlights of the SSN• 1935 Social Security Act SSNs only to be used for the social security program.

• 1943 Executive Order 9397 Required federal agencies to use SSNs in new record systems

• 1961 IRS began using SSN As taxpayer identification number

• 1974 Privacy Act Government agencies use of SSN required authorization and disclosures (exempt agencies already using SSN)

• 1976 Tax Reform Act Granted authority to State and local governments to use SSNs: state and local taxes, motor vehicle agencies

•Over 400 million different numbers have been issued. Source: Social Security Administration, http://www.ssa.gov/history/hfaq.html

Non-Government Uses of SSN•Corporate use of the SSN is not bound by the laws and regulations mentioned earlier.

You can request an alternative number from companies. You can refuse to provide, they can refuse service.

• Most common non-government use relates to credit bureaus and credit granting companies who rely on the number for:

Recognition – to locate your credit history for sharing it with you or with others from whom you requested credit.

Authentication – to make sure new entries are added to the credit report that relates to you. Primary means is SSN along with mother’s maiden name, which serves as a kind of password.

•Common uses are as corporate identification numbers: Example: medical and school identification cards

Quality of the SSN Assignment

Ability to acquire the number and use it falsely grows as more copies of the number are stored for different purposes while possible benefits of misuse have rewards (even if illegal).

A Social Security number is almost always specific to one person and one person typically has a unique SSN. There are exceptions.

Unusual case of SSN 078-05-1120 Used by thousands of People!

In 1938, a wallet manufacturer provided a sample SSN card, inserted in each new wallet.

The company’s Vice President used the actual SSN of his secretary, Mrs. Hilda Schrader Whitcher.

The wallet was sold by Woolworth and other stores. Even though it had the word "specimen" written across the face, many purchasers of the wallet adopted the SSN as their own. In the peak year of 1943, 5,755 people were using it. SSA voided the number. (Mrs. Whitcher was given a new number.) In total, over 40,000 people reported this as their SSN. As late as 1977, 12 people were still using it.

Source: Social Security Administration, http://www.ssa.gov/history/ssn/misused.html

SSN Numbering Scheme

• Social Security number allocations

•Historical highlights and uses

•Inferences from SSNs

SSNs are Encoded Numbers

Format: AAA-GG-NNNN

The encoding is based on how the numbers are issued. They typically situate the recipient in a geographical area within a time range. They may also reveal whether the person is an immigrant, an alien, or a worker on the railroad.

AAA is area code

GG is group code

NNNN is serially assigned number

First 3 digits Provide the State of Issuance, 1

001-003 New Hampshire004-007 Maine008-009 Vermont010-034 Massachusetts035-039 Rhode Island040-049 Connecticut050-134 New York135-158 New Jersey159-211 Pennsylvania212-220 Maryland221-222 Delaware223-231 Virginia691-699*

232-236 West Virginia232 North Carolina237-246681-690247-251 South Carolina654-658252-260 Georgia667-675261-267 Florida589-595766-772268-302 Ohio303-317 Indiana

Source: Social Security Administration, http://www.ssa.gov/foia/stateweb.html


318-361 Illinois362-386 Michigan387-399 Wisconsin400-407 Kentucky408-415 Tennessee756-763*416-424 Alabama425-428 Mississippi587-588752-755*429-432 Arkansas676-679

433-439 Louisiana659-665440-448 Oklahoma449-467 Texas627-645468-477 Minnesota478-485 Iowa486-500 Missouri501-502 North Dakota503-504 South Dakota505-508 Nebraska509-515 Kansas



516-517 Montana518-519 Idaho520 Wyoming521-524 Colorado650-653525,585 New Mexico648-649526-527 Arizona600-601764-765528-529 Utah646-647

530 Nevada680531-539 Washington540-544 Oregon545-573 California602-626574 Alaska575-576 Hawaii750-751*577-579 District of Columbia580 Virgin Islands



580-584 Puerto Rico596-599586 Guam586 American Samoa586 Philippine Islands700-728 Railroad Board**

* Some states may share the same area by transfer or split.

** Railroad employees, discontinued July 1, 1963.

000 will NEVER start a valid SSN.


SSNs are Encoded Numbers

Format: AAA-GG-NNNN

The encoding is based on how the numbers are issued. They typically situate the recipient in a geographical area within a time range. They may also reveal whether the person is an immigrant, an alien, or a worker on the railroad.

AAA is area code

GG is group code

NNNN is serially assigned number

Digits 4 and 5, Order of Issuance

Called the Group numbers. Not assigned sequentially, but in the following order:

ODD - 01, 03, 05, 07, 09 EVEN - 10 to 98

After all in 98 are assigned, then EVEN - 02, 04, 06, 08 ODD - 11 to 99

Source: Social Security Administration, http://www.ssa.gov/foia/ssnweb.html

High Group Listing

On a regular basis, the Social Security Administration (SSA) publishes the highest group number that has been assigned for each area. Below is a sample of the first few entries for 9/2/2003.

Source: Social Security Administration, http://www.ssa.gov/foia/highgroup.htm

001 98 002 98 003 96 004 007 02 008 86 009 86 010 013 86 014 86 015 86 016 019 86 020 86 021 86 022 025 86 026 86 027 86 028 031 84 032 84 033 84 034 037 68 038 68 039 68 040

High Group Listing, How to Read

On a regular basis, the Social Security Administration (SSA) publishes the highest group number that has been assigned for each area. Below is a sample of the first few entries for 9/2/2003.

001 98 002 98 003 96 004 007 02 008 86 009 86 010 013 86 014 86 015 86 016 019 86 020 86 021 86 022 025 86 026 86 027 86 028 031 84 032 84 033 84 034 037 68 038 68 039 68 040

For area 003 (the first 3 digits of an SSN), the highest number used in the 4th and 5th digits is 96.

High Group Listing, Interpretation

Recall the assignment of group numbers: ODD - 01, 03, 05, 07, 09 then EVEN - 10 to 98 After all in 98 are assigned, then

EVEN - 02, 04, 06, 08 then ODD - 11 to 99

001 98 002 98 003 96 004 007 02 008 86 009 86 010 013 86 014 86 015 86 016 019 86 020 86 021 86 022 025 86 026 86 027 86 028 031 84 032 84 033 84 034 037 68 038 68 039 68 040

003-09-1234 would be valid SSN.003-02-1234 would NOT be valid.

What Can be Learned from the First 5 Digits of an SSN

In “semantic learning” terms,

•The first 3 digits provide reliable inferences about place of issuance.

•Digits 4 and 5 provide inferences on time of issuance.

Social Security Death Index

The Social Security Administration releases the Social Security Death Index for public use. Perceived benefits:

•genealogical research (constructing family trees)

•attempt to defeat illegal re-use of SSNs.

Released information for each death:

NameSSNdate of birthdate of deathplace where SSN was issuedplace where SSN benefit was paid upon death

Social Security Death Index

http://ssdi.genealogy.rootsweb.com/

Search by name or SSN, in art or whole.

Advanced search includes options for date of birth, date of death, and geographical location, in part or whole.

Sample Result for Herb Simon

Search on Herbert Simon, Last residence was Pennsylvania.

SSNwatch On-line SSN validation

system. Given the first 3 or 5 digits of an SSN, returns the state in which the SSN was issued along with an estimated age range of the person.

http://privacy.cs.cmu.edu/dataprivacy/projects/ssnwatch/index.html

Sample uses:Job Applications Apartment Rentals Insurance Claims Student Applications

SSNwatch Results for SSN 078-05-

Geography New York Date of issuance Issued before 1993 Year of Bir th (5 -digit prefix)

64% born 1889 to 1910 98% born 1879 to 1921

If the person presenting the SSN is about age 20, then it is extremely unlikely that the provided SSN was issued to that person.

SSNwatch Results for SSN 078-05-

Geography New York Date of issuance Issued before 1993 Year of Bir th (5 -digit prefix)

64% born 1889 to 1910 98% born 1879 to 1921

If the person presenting the SSN fails to list or acknowledge New York as a prior residence, then it is extremely unlikely that the provided SSN was issued to that person.

Lab Activity: Predicting an SSN from Facebook Profiles

Take a moment and write down the steps (“algorithm”) needed to predict a SSN.

Assume SSN is issued at birth.

Your algorithm should predict the first 6 to 9 digits for Alice, who is born today in Cambridge, MA.

(You don’t have to give me the answer, but tell me how to figure it out.)

Lab Activity: Predicting an SSN from Facebook Profiles

Recent finding:

We can accurately predict 6 to 9 digits of a young person’s SSN.

Federal Trade Commission Report: Victim Complaint Data

The next group of slides are excerpts from the Federal Trade Commission Report on Identity Theft, Victim Complaint Data. Figures and Trends January-December 2001.

Federal Trade Commission Report: Victim Complaint Data

Other Statistics

•Of the credit card fraud, more than half (or 26% of all thefts) involved new accounts. [Federal Trade Commission Report on Identity Theft, Victim Complaint Data. Figures and Trends January-December 2001.]

•Number of months between date of identity theft first occurring and date first discovered by victim: Less than 1 month 45%, 1-6 months 25% [Federal Trade Commission Report on Identity Theft, Victim Complaint Data. Figures and Trends January-December 2001.]

•50% of the credit card reports checked contained errors. Two reasons for errors: (1) mistaken for another person with similar name; and, (2) fraud. [Consumer Reports, July 2000]

Federal Trade Commission Report: Overview of the Identity Theft Program, Oct 1998 – Sep 2003

Data Privacy Lab Finding Fraudulent New Credit Cards

We can describe an algorithm that shows how thousands of fraudulent credit cards could be issued to malicious parties using only FREE on-line information?

• If works, thousands of Americans are at risk to identity theft immediately!• If works, need:

• Credit card application requirements• Finding Social Security numbers on-line• Finding dates of birth on-line• Finding mother’s maiden name on-line

Basic Information Necessary For a Credit Card Application

• Name• Social Security number• Address• Date of birth• Mother’s maiden name

Strategy: if one can identify these fields for a person, they have the basic information needed to acquire a credit card in that person’s name. Therefore, we need only demonstrate how this information can be obtained on-line.

Student application

Basic information and School Information




Do these first.

One Approach is to Buy an SSN

There are websites that advertise SSNs for sale.

The California-based Foundation for Taxpayer and Consumer Rights said for $26 each it was able to purchase the Social Security numbers and home addresses for Tenet, Ashcroft and other top Bush administration officials, including Karl Rove, the president's chief political adviser. [Associated Press, “Social Security numbers sold on Web” 8/28/2003]

One Approach is to Buy an SSN

http://socialsecuritypeoplesearch.com/index.asp

Reportedly Permissible Purposes for Purchasing an SSN On-line, 1


Locating Missing PersonsChild Support EnforcementSkip TracingCollectionsPeople Locator ServiceLocating AlumniOther Legal, Normal Business UseJudgement on SubjectApprehending CriminalsLaw Firm -Fiduciary Interest



Legal Process ServiceLegal ResearchFinding Owners of Unclaimed GoodsFraud and Loss PreventionGovernment AgencyInsurance Claims InvestigationsInvestigation of Civil LitigationJournalistic EndeavorsLaw EnforcementLicensed PI



Locate Former Patients (Medical Industry Only)Locating Beneficiaries and HeirsLocating Existing CustomersLocating Former CustomersLocating Former EmployeesLocating Fraud VictimsLocating Pension Fund BeneficiariesNecessary to Complete TransactionPermission from SubjectProduct Recalls



Resolve Customer DisputesSearch on MyselfTo give to a Court of LawWitness and Victim LocatingAsset IdentificationCourt Related

Related Approaches in the Past

Projects related to locating Social Security numbers on-line:

In 2001, the approach was based on the use of the ID card of students being a SSN.

In 2002, the approach was based on the use of student provided information.

Seth Mandel’s Approach in this Course in 2001

Strategy: Recognizing the student ID number at the University is the SSN, Seth mined course web sites in which student grades were posted using part of the students SSN (the last 6 digits).

He then crossed student listed as being in the course with their web pages, to get hometown thereby inferring the first 3 digits!

Example from CMU in 2003, using last 4

digits

Maksim Tsvetovat’s Approach in this Course in 2002

Strategy: On-line resumes often include Social Security number. So, go to an in-formal job discussion site in which resumes are exchanged or a repository is found, and locate all the SSNs, along with name and address which is also typically included.

Results: he found one job bank repository that had hundreds of resumes containing SSNs along with names and addresses! Very few included date of birth. None included mother’s maiden name.

Job Banks are On-line with Resumes Listing {SSN, name, address}

... Welcome to Maryland's Job Bank! ... Are You Looking For Dream Job. ... Search for jobs nationwide,and by creating a resume, thousands of employers across the nation ... www.ajb.dni.us/md/ - 29k

NationalJobBank.com - Post your jobs or resume for FREE!... The National Job Bank is a web-site developed specifically for job seekers, employers ... Weencourage you to post your resume, post a job listing or contact ... www.nationaljobbank.com/ - 16k - Sep 9, 2003

Google: resume ssn site:.edu 1

[DOC]RESUMEFile Format: Microsoft Word 2000 - View as HTMLRESUME. RICHARD ALLEN BROWN. Richard Allen Brown. PO Box 782. Kayenta, AZ 86033.Home Telephone-520-697-3513. NAU Telephone-520-523-4099. DOB: 03-10-77. SSN: 527-71 ... dana.ucc.nau.edu/~rab39/RAB%20Resume.doc

Many found. One is shown above. But the actual resumes are amidst lots of non-resume pages!


resume... 2843. DOB: 10-10-48 New Britain, CT 06050-4010. F: (860) 832-3753.SSN: 461-84-… H: (203) 740-7255 C: (203) 561-8674. Education. Ph. ... www.math.ccsu.edu/vaden-goad/resume.htm

A second example.


Scot Lytle's ResumeScot Patrick Lytle. Home: (301)-249-5330 2116 Blaz Court School: (410)-455-1662Upper Marlboro, MD 20772 SSN: 578-90-…. OBJECTIVE. ... userpages.umbc.edu/~slytle1/resume.html

We emailed warnings to these people that this is not a good practice!

One claimed to have been the victim of a identity theft recently.




Done.

Next...



This on-line resume, located earlier, actually listed date of birth too!


resume... 2843. DOB: 10-10-48 New Britain, CT 06050-4010. F: (860) 832-3753.SSN: 461-84-… H: (203) 740-7255 C: (203) 561-8674. Education. Ph. ... www.math.ccsu.edu/vaden-goad/resume.htm

This on-line resume, found earlier, also listed date of birth!


Scot Lytle's ResumeScot Patrick Lytle. Home: (301)-249-5330 2116 Blaz Court School: (410)-455-1662Upper Marlboro, MD 20772 SSN: 578-90-… OBJECTIVE. ... userpages.umbc.edu/~slytle1/resume.html

The third resume did not have his DOB listed.

anybirthday.com given a name, provides a

birthday

Had several hits matching name, but only one in his ZIP.

Finding Dates of Birth

Anybirthday.com tends to have information on people over the age of 30. Younger people are often not included.

Many other population registers can be used, such as voter lists. Anybirthday.com is not he only source!




Done.

Done.

Next...

Publicly Available Birth Records

Not all states, but many consider birth records, the kind of information included on a person’s birth certificate in the United States, as publicly available information.

A few states have gone further to provide this information on-line.

In the United States, birth certificate information tends to include the mother’s maiden name!

California on-line Birth Records

Results of search on ‘Jones’

Source: http://www.vitalsearch-ca.com/gen/_nonmembers/ca/_vitals/cabirths-nopsm.htm




Done.

Done.

Done.

Resulting Concern


Thousands of people are at risk!

Even if this is not the current means accounting for the bulk of fraud related to new credit card accounts, this is clearly a very serious and growing threat!

Done.

Done.

Done.

Identity Angel –resumes

1. Locate on-line resumes (using Filtered Searching)

2. Extract sensitive values (using regular expressions)

3. Email subjects about their risks

L. Sweeney. AI Technologies to Defeat Identity Theft Vulnerabilities. AAAI Spring Symposium on AI Technologies for Homeland Security, 2005. http://privacy.cs.cmu.edu/dataprivacy/projects/idangel/index.html

ID Angel, Sample Resume


100’s found. One is shown above. But the actual resumes are amidst lots of non-resume pages!

Identity Angel –resume findings

1. 1000 resume hits on Google using fliteredSearch, revealed 150 resumes, of which 140 (or 93%) had complete 9-digit SSNs.

10 resumes had partial, invalid, or some other country’s SSN.



2. All email addresses (113 of 113 or 100%) were found. The ‘@’ and dot (.) notation worked well. All dates of birth (110 of 110 or 100%) were found, but some dates, which were not dates of birth were incorrectly reported as such; this happened in 20 cases (but only 7 where the proper DOB was not also found).



3. In terms of combinations: 104 (or 69%) resumes had {SSN, DOB};

105 (or 70%) had {SSN, email},

76 (or 51%) had {SSN, DOB, email}.


Identity Angel –resume findings4. A single email message was sent to

each of the 105 people having {SSN, email} alerting them to the risk. Within a month, 42 (or 55% of all of DBB) no longer had the information publicly available.A year later, 102 (or 68% of all of DBA) no longer had the information available.


Lab Activity: Locating an SSN at Harvard.edu

Using Google, search for on-line resumes containing SSNs and dates of birth.

The first one I found was for a Harvard Professor.

Let’s find his email and send him a message, advising him to remove his SSN from his on-line resume.

Lab Activity: Solving the Problem (?)

Here is a proposed quick fix.Please review this proposal and tell me what problems, if any, you think it may fix.

Proposal:Instead of assigning SSNs using the structured numbering scheme, have a central repository that randomly assigns numbers.

the social security number crisis

Documents