Comments for

Comment on FAQ about the study by Usenet Trial

Usenet Trial — Wed, 29 Jul 2009 21:30:16 +0000

Sometimes it’s really that simple, isn’t it? I feel a little stupid for not thinking of this myself/earlier, though.

Comment on The SSN study manuscript is now available by Giusy

Giusy — Fri, 10 Jul 2009 19:13:14 +0000

tutto il mio apprezzamento per il vostro lavoro.

Comment on FAQ about the study by Peter Rothman

Peter Rothman — Thu, 09 Jul 2009 14:58:25 +0000

Yes I am aware of soundex…

Your comment on credit card numbers is interesting because as I think you’ll agree “much harder to predict” != unpredictable.

FYI, I was most recently the Chief Scientist of a company developing fraud prevention technologies originally based on biometrics and related image based techniques. We developed a camera based surveillance platform that could detect known fraudsters in real time and system that could verify presented identity documents also in real time. The company recently decided to lay off most of the research team and focus its efforts on a project that was deemed to be an easier sale…SSN verification.

I personally always believed this was a dumb idea, and I knew that SSNs could not be used for this purpose. Your paper proves the point better than I ever could have.

Thanks,

Peter

Comment on FAQ about the study by Peter Rothman

Peter Rothman — Wed, 08 Jul 2009 03:56:46 +0000

What you’ve done here is really innovative. This is a new and interesting result that attacks the system from a different angle. Cool stuff. I imagine we will see more attacks based on these ideas.

It is true that many security professionals understood that SSNs were not secure personal identifiers and were potentially compromisable. And it is known that using the last four SSN digits as an identifier is a dangerous practice and yet that practice continues widely in spite of this knowledge.

I am curious about other applications like guessing state driver’s license numbers. Any additional comments along these lines?

AA: Thank you for your comments. Have you heard about SOUNDEX? it’s related to the patterns in driver licenses. CC# have patterns too, but more complex than SSNs - much much harder to predict from public data.

Comment on The SSN study manuscript is now available by Myronrobert Rushlow

Myronrobert Rushlow — Wed, 08 Jul 2009 01:44:05 +0000

I was most unhappy when “Our Legally Elect Congress of Bribetakers’ chose to use SSN numbers as Identification. Medicare; Medicaid; Military ID; Drivers licenses; Etc.; Etc.! Now that the SSN numbers are in such wide use: A think tank has developed a method to work them up from other data. Published study also! Dumb, dumb, double dumb!!!
This will put the Hackers into overdrive (They are very smart, educated too), I wonder how long it will take for Them to come up with a simple procedure for John Q. Citizen to work them out. This will of course be taken over by the Bad Guys, used to steal everything they can.
Then “Our rather Dumb, Legally elected Congress of Bribetakers, will organize (too late) a committee to study problem”! In a year or two they will decide something has to be done. They will then do whatever seems most politically, correct, least damaging to their Reelection chances.
This will really screw up the country, because most everything now works off, or is keyed to the Damned Social Security Numbers!!

AA: Among other things, we have omitted sensitive details about the prediction strategy from the published article (making it much harder to replicate the predictions), and we have shared our results with government agencies prior to publication. In their current form, SSNs are compromised as passwords. However, ignorance is no protection. Instead, we need to alert not just policy-makers, but also businesses and consumers of the threats to individual identities deriving from the use (and abuse) of SSNs as means of authentication - and transition to more efficient, secure, and privacy-preserving means of verifying identities in our society.

Comment on FAQ about the study by Charles Brady

Charles Brady — Tue, 07 Jul 2009 18:24:53 +0000

I do not know what will happen in 15 or 20 years–rhe way technoligy is being developed. I feel bad for our people what will happen in WASHINGTON AND CONGRESS. tHEY MUST GET TOGETHER AND VOTEFOR THE COUNTRY AND THE PEOPLE.GOD KNOWS–HELP?????

Comment on FAQ about the study by Charles Brady

Charles Brady — Tue, 07 Jul 2009 18:17:11 +0000

I am shocked–but today and the computer will be revealing many things and items. They will cause us embarassment. I will not be around in15 or 20 years.tha

Comment on FAQ about the study by E.J. Hilbert

E.J. Hilbert — Tue, 07 Jul 2009 15:59:10 +0000

Gentlemen,
The fact that SSN’s can be guessed has been known for sometime and has been part of the base coding behind some highend SSN generators. In the last 4 years I have attend at least 2 lectures detailing how to do this and I myself have detailed how it is done to law enforcement representatives around the world.

I share this because I am wondering why now and why you simply did not rely on the data shown by other researchers.

AA: As noted in the manuscript, the SSN assignment scheme is public knowledge (p. 1). In fact, we do cite previous work in this area by other researchers: said previous work used those patterns to estimate when and where a SSN may have been issued (see p. 1 and [Wessmiller, 2002], [Sweeney, 2004], [EPIC, 2008], cited in the manuscript and in the appendix). Instead, our work focused on the inverse, harder, and much more consequential inference: exploiting the presumptive time and location of SSN issuance to estimate, quite reliably, SSNs. This became possible because:

- We discovered (p. 3) that the interpretation held *outside* the SSA about how Area Numbers are assigned was incorrect: contrary to a commonly held view about their assignment, the same AN is used for 9,999 consecutively assigned SSNs (under the interpretation of the assignment scheme held outside the SSA, the SSA was believed to rotate through all of a state’s ANs for each assigned SN [Crow J, Bennett B (undated) Structure of Social Security Numbers, http://w2.eff.org/Privacy/ID_SSN_fingerprinting/ssn_structure.article.. Such scheme would render the AN random for states with multiple ANs, and the predictions we present in this article dramatically less accurate).

- We discovered (p. 4) that the assignment of the last 4 digits is not only sequential (as indeed stated in the publicly available information about the assignment scheme), but in fact highly correlated with the applicant's date of birth, and therefore not random (note that the SSA states that ``SSNs are assigned randomly by computer within the confines of the area numbers allocated to a particular state'' [SSA, 2001]). This is particularly the case for SSNs assigned after the onset of the EAB (1987 onwards).

- The relationship between Area Numbers and states, while public knowledge, would not be sufficient to predict Area Numbers except in very specific cases (see p. 1): low-population states (such as WY) and certain U.S. possessions are allocated 1 AN each - implying that knowledge that an individual applied for his/her SSN in that state or possession does indeed provide almost certain knowledge of the first 3 digits of his/her SSN. However, other states are allocated *sets* of ANs. For instance, an individual applying from a zipcode within the state of New York may be assigned any of 85 possible first 3 SSN digits. Therefore, knowledge that an individual applied for his/her SSN in that state provides low odds (1 over 85) of correctly guessing his/her first 3 digits with a single random guess. Those odds do not even include the probability of correctly guessing also the Group Number.

In short, without the discovery of patterns linking SSN digits to demographic data, knowledge of the assignment scheme would not be sufficient to predict SSNs with a degree of accuracy necessary to expose them to practical risks of identification. For instance, the probability of correctly guessing the first 5 digits of the SSN of an individual born in NY in 1998, even using the knowledge that the SSN was issued within that state, would be 0.012%, and the probability of correctly guessing the entire 9 digits with fewer than 1,000 attempts would be 0.0012%. Under the algorithm highlighted in the manuscript, those probabilities are several orders of magnitude larger. See Table 6 on p. 27 of the Supporting Information.

Comment on The SSN study manuscript is now available by Doyle Dodge

Doyle Dodge — Tue, 07 Jul 2009 14:52:23 +0000

I look forward to reviewing “The SSN study manuscript”, and over a period of time, determining how potential changes in the SSN program will affect our work.

Comment on The SSN study manuscript is now available by Doyle Dodge

Doyle Dodge — Tue, 07 Jul 2009 14:47:11 +0000

I look forward to reviewing, and staying involved, with this study.