The "P" Word? You Know, Privacy & Psecurity.

From Slashdot, Wired, and the when-is-a-secret-not-a-secret-dept: The nation’s Social Security numbering scheme has left millions of citizens vulnerable to privacy breaches, according to researchers at Carnegie Mellon University, who for the first time have used statistical techniques to predict Social Security numbers solely from an individual’s date and location of birth.

Knowing someone’s SSN is a key part of identity theft. Just by knowing this easily obtained (or guessed secret) means that somebody can assume your identity, rob you blind, and then leave you with years of pain and suffering trying to document that you weren’t the one who ran up tens of thousands of dollars of bad debt.

Protecting your not-so-secret SSN is impossible due to the fact that everybody with a financial interest in “knowing you” (worse than the biblical sense) has easy access to this number. Further complicating matters is the fact that these same entities have no financial incentive to protect it because they’re not the one who pays the price for wrecking your financial life. You do.

So what to do? Put a freeze on your credit and lift it manually everytime you need access to modifiy your lines of credit? Pay an outrageous sum to the · big · three so that they report any “suspicious” activity related to your credit history?

What’s really needed is a fundamental change in thinking: Up until now, business and government have confused your Identity with Authentication. They are not the same thing! While the former might identify you within a database, the later confirms that you are indeed the account holder (yourself) through the use of a secret that only you would know. For a more concrete example, think of your email address and the password that you use to access your email: the address identifies you, your secret password authenticates that you are the email account holder (more or less).

As you can see, much has to change before this problem gets fixed.