FTC Report on Social Security Numbers and their Relationship to Identity Theft

 by Doug Pollack

The FTC released a report last month titled “Security in Numbers — SSNs and Identity Theft” that delves into the linkage between how we are asked to use our social security number for identification and authentication, and the related implications on subsequent identity theft. It notes that identity theft continues to be a major issue with severe economic consequences in America.

“Identity theft continues to be a major problem in this country, with victims numbering in the millions each year and out-of-pocket losses (primarily to businesses) in the billions of dollars.”

The thrust of this report, however, is around how best to change how organizations use and require you to use your social security number in order to limit the risks of data breach and identity theft.

“There is a broad consensus that the use of the SSN as an identifier is often beneficial, but that its use as an authenticator – as proof of identity – is problematic. Identifiers are effective only when they are widely shared. One’s name, for example, is widely known and generally effective as an identifier, although in many cases its lack of permanence or uniqueness prevents it from being useful as an identifier. Authenticators, on the other hand, are effective only when they are secret and thus not widely known. According to commenters and workshop participants, SSNs do not function well as authenticators because they are used commonly as identifiers and thus are widely available.”

In today’s environment, the idea of expanding our government regulation in order to provide greater privacy and security for Americans is likely to find a more positive reception given the recent issues that have resulted from poor oversight in the financial markets. The recommendations of this report (below), specifically the establishment of authentication standards for businesses that hold our personal data, represent a terrific path for ensuring greater protection of our identities from theft and misuse.

“The Commission believes that a number of actions could be taken to reduce the role of SSNs in identity theft, with emphasis on reducing the demand for SSNs by minimizing their value to identity thieves through improved authentication processes. Most importantly, the Commission recommends that Congress consider establishing national authentication standards for businesses that have consumer accounts and are not already subject to authentication requirements from other federal agencies.”