Social Security

Which Bastard Stole My Social Security Number (The 'Skeleton Key' to My Life)?

|

Social Security card
Public Domain

I received a letter from an old employer, yesterday. I haven't worked for the company in a decade — it's no longer even in the same business in which I was employed. But the company kept something of me when I quit. My name and Social Security number were kept on a "storage device, which was no longer in use," and that device "was among several pieces of computer hardware taken from our facilities" by a thief. That's a little concerning, considering that Adam Levin at ABC News recently described the Social Security number as "a skeleton key, able to unlock a kingdom of untold riches for identity thieves."

The Electronic Privacy Information Center warns:

The widespread use of the SSN as an identifier and authenticator has lead to an increase in identity theft. According to the Privacy Rights Clearinghouse, identity theft now affects between 500,000 and 700,000 people annually. Victims often do not discover the crime until many months after its occurrence. Victims spend hundreds of hours and substantial amounts of money attempting to fix ruined credit or expunge a criminal record that another committed in their name.

Identity theft litigation also shows that the SSN is central to committing fraud. In fact, the SSN plays such a central role in identification that there are numerous cases where impostors were able to obtain credit with their own name but a victim's SSN, and as a result, only the victim's credit was affected. In June 2004, the Salt Lake Tribune reported: "Making purchases on credit using your own name and someone else's Social Security number may sound difficult—even impossible—given the level of sophistication of the nation's financial services industry…But investigators say it is happening with alarming frequency because businesses granting credit do little to ensure names and Social Security numbers match and credit bureaus allow perpetrators to establish credit files using other people's Social Security numbers." The same article reports that Ron Ingleby, resident agent in charge of Utah, Montana and Wyoming for the Social Security Administration's Office of Inspector General, as stating that SSN-only fraud makes up the majority of cases of identity theft.

Famously, Social Security numbers were not supposed to be used for exactly the sort of universal ID purposes to which they're put, today. The Social Security Administration says, "in 1946, SSA added a legend to the bottom of the card reading 'FOR SOCIAL SECURITY PURPOSES—NOT FOR IDENTIFICATION.' This legend was removed as part of the design changes for the 18th version of the card, issued beginning in 1972." By that time, of course, the assurance was already a joke.

Among the biggest offenders are Medicare, which prints the SSN directly on the card, the Internal Revenue Service, which is responsible for flurries of W-2 forms issuing forth, adorned with SSNs, and the military where, until recently, "soldiers regularly used their SSNs to check out basketballs from on-base gyms, access firing ranges, fill out health forms and track their laundry."

The requirement of SSNs for every conceivable interaction with the government made their adoption by the private sector inevitable. If your employer has to record your Social Security number for tax purposes, why not stick everything else under there, too?

Like a lot of employers, my old company had decommissioned hardware lying around, containing critical information about forgotten employees. With the horse well and truly out of the barn and down the road, the company promises that it is "increasing the security of our data storage devices, incorporating the use of encryption technology, increasing physical security at our facilities, nd updating our data retention policies." That's all nice — good ideas, really. They've also signed up me and the other indentity theft candidates for a service that provides credit monitoring and other safeguards at no cost to us. That's appreciated.

But it remains awfully problematic that a single number extracted from the records of a long-ago job could have such potential impact on my life.

Only a half-century or so late, the feds have clued into the fact that using SSNs as a universal tracker is a bit problematic. In 2010, it occurred to them to pass legislation mandating (PDF):

No Federal, State, or local agency may employ, or enter into a contract for the use or employment of, prisoners in any capacity that would allow such prisoners access to the Social Security account numbers of other individuals.

Yeah. That seems wise.

But we're still a long, long way from removing "skeleton key" power from the Social Security number. Which means it's time to go check on that credit-monitoring service.

NEXT: Saudi Arabia Deporting Lebanese Hezbollah Supporters

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Never work for anyone with loose controls, Tuccille. Now your personal Mark of the Beast is out there for sale to the highest bidder. Probably Satan.

    1. Swallow your soul.
      http://www.hark.com/clips/ymqh…..-your-soul

    2. SSN’s being used as an ID number really pisses me off. When we went to find a new OB/GYN for Banjos, they got her insurance information (from her insurance card) and then asked for all of my info, including SSN because the policy was under my name. I asked them why they needed my SSN if they had the policy and group number and they said it was “standard practice”. We told them to go fuck themselves in not so many words and they said they would just get it from the insurance company. Needless to say, I let them have it and we went to another OB/GYN.

      I’ve tried to do the same with many other places, but it’s damn near impossible to conduct any recorded financial transactions without giving away your SSN.

      1. I got into a similar situation with the Red Cross over blood donation. Their own policy states that the SSN does not have to be used as an identifier; but I had to get rather nasty in order to have a made-up number implemented.

        And, yes, I have refused to deal with groups over this crap, too. To further compound the foolishness, sometimes it turns out the SSN is not even really used — it’s just a field “required” by the software, so the weenie can just type in any 9-digit number. Incredible bullshit!

        1. My kid’s 8th-grade school application required SSN.

          I just made up a number, and I’m glad I did.

          Later in the school year, he told me about how he had easily (and innocently) hacked the school’s administrative records and obtained access to every student and teacher personal info including SSN.

          1. When he gets picked up and flown out to NORAD, tell him to say hi to Dabney Coleman for me.

            1. They’ll need him to hack the aliens’ network for them, so they can upload a virus to the mothership.

      2. I never give my SSN tracking number to medical professionals who request it. I’ve never had a problem. They go with DOB and state driver’s license instead.

        But yeah, any financial institution needs it, or they’ll be raided for money laundering by the fed gang.

  2. You’re a writer. You work for Reason. There’s nothing to steal.

    1. Just wait until Michael Bay buys the rights to High Desert Bar-B-Q.

  3. HEY! What a coincidence. MY name is J.D. Tuccille now too…

    1. J D Tuccilleheimerschmidt,
      His name is my name too.
      Whenever we go out,
      The people always shout,
      Hey! J D Tuccilleheimerschmidt
      Ya da da da da da da

      [repeat ad nauseam]

  4. I have been hoping some enterprising Mexican has been industriously paying into my Social security account.

    1. Mexican? No. Russian? Da.

  5. What mythology is it that you have power over someone if you know their ‘real’ name, like their SSN?

    1. Advanced Dungeons and Dragons.

      1. POWER WORD: KILL

        1. “Even HM’s name is a killing word!”

    2. It’s part of Judaism, Christianity, pre-modern European mythology, Sufism, Mormonism and a few others. Most dualistic philosophies seem to incorporate it at some point. Even Platonic forms could be understood as a form of name superstition.

      1. Found it:

        True Name
        A true name is a name of a thing or being that expresses, or is somehow identical with, its true nature. The notion that language, or some specific sacred language, refers to things by their true names has been central to philosophical and grammatical study as well as various traditions of magic, religious invocation and mysticism (mantras) since antiquity….

  6. Has there ever been a bigger scam than Social Security? Maybe the Wall Street-DC collusion, maybe the Federal Reserve. But SS has to be no less than #3.

    1. Has there ever been a bigger scam than Social Security?

      The Federal Reserve system?

      1. Soylent Green?

        Anti-Racist Hitler?

        1. How are Soylent Corporation’s products a scam? They’re not fake food, after all. It is arguably misrepresentation, though Soylent is currently fighting that claim in court.

          1. I guess while its being decide we’ll just have to make room, make room for huge and healthy proportions of the people’s food.

            1. Some of it is plankton-based.

            2. being decided

              I think if we had an edit button I could almost come across as literate on some days.

              1. Damn you, Killaz! It does my ego no good if you catch your own dumbassery!

                1. Damn you, Brandon. I was hoping to trip you up on ‘make room, make room’, but I gather that you spotted the literary reference instead of thinking it an error.

                  1. I had to read that shit in high school. My AP English teacher was a Malthusian hippie.

    2. It’s an interesting scam. People who pay in do get some money back, though not at a rate of return comparable to general market growth. Most schemes like this blow up pretty quickly, with none of the money ever getting back to the victims. Clever, in a totally evil way.

      1. Most schemes like this don’t have the power to compel people to take part.

      2. The worst part is that NOBODY benefits from it other than the parasites. The money is not invested, it is just stolen by the government to mask part of its massive deficit, and is later used as an excuse to raise taxes more. SS is worse than a scam, it’s a recursive tax justification.

    3. Medicare is a bigger scam. Much bigger.

  7. JD, in a bizarre coincidence, I recently got an e-mail from a Nigerian Prince named JD Tuccille. We’re about to conduct some business that’s gonna make me a millionaire.

    If you’d like, you could send me an e-mail and give me your SSN and I’ll make sure he didn’t steal your identity. It’ll also protect my investment, as the wire transfer from him is taking longer than it did for me to send him my money.

  8. Famously, Social Security numbers were not supposed to be used for exactly the sort of universal ID purposes to which they’re put, today.

    But of course.

    1. Always trust the government. They know what’s best because they’re smarter then you.

      1. And just like G-d – when they appear to not know what’s best; that’s only because you don’t get how this all really is the best for you.

  9. There’s been a long string of stories of companies with sloppy data practices losing personally identifying data. Part of the reason this keeps happiness is that the cost of cleaning up the resulting mess is generally put onto the person who’s information was compromised rather than the company that did the compromising.

    This is one area where we need to see more lawsuits. If companies faced more liability, they might think a bit harder about whether they really need to collect that data to begin with.

  10. Simple let’s create a DNA db with everybody in it! Then you can be positively identified, plus it will fight crime, since we’ll be able to id any DNA found at any crime scene instantly. No more ID theft and psychopaths will have to work like Dexter to remain free to kill.

  11. Some company lost yours? My state lost everyone’s!

    1. Did the state offer everyone a year of free credit-alert?

      1. Yeah, so we all got screwed twice.

        1. Because, you know, it’s not actually “free.”

        2. Sweet.

          Good luck.

    2. DoVA lost a few million folks SSNs (amongst other data).

      By God I am happy I never have anything to do with those bumbling idiots.

  12. We (Floriduh state universities) used to use SSN as student ID numbers. We stopped several years ago and went to made-up student ID numbers, which are basically still 9 digits. I think it was because of some legislation passed at the state level, because I don’t see our bureaucracy ever voluntarily making a large-scale transition like that.

    1. What I first moved to Virginia in 1989, the DL number was your SSN. As soon as they offered T-numbers, I jumped to get mine changed. Everybody I knew thought I was paranoid until I explained how your SSN can be misused about a million different ways and none of them to help you out.

      The state changed the law a short while later that made all DL #’s something other than one’s SSN.

    2. That’s how I know mine by heart, from college.

      1. Yep. Ditto.

        During my sophomore year, the physics dept had to stop posting test grades by SSN. They used the last 4 digits and assumed conflicts would be minimal.

        They were using SSNs in order to by anonymous, because posting grades with names was illegal.

    3. Your SSN is your “Service Number” in the Armed Forces….talk about being tagged.

  13. If you really think about it, the fact there’s even such a thing as “identity theft” is a total crock.

    Think what happens: someone goes into, say, a bank claiming to be you and takes out a loan, running off with the money. In a sane world, that would be money theft, and it should be the bank’s problem to resolve. But for some reason, instead of expecting the bank to do a better job figuring out who their customers are before they give them lots of money, they’re allowed to pretend that you’re actually responsible for the loan and that it’s now your job to fix their screwup for them.

    1. How the hell I was supposed to know that Nic Cage stole Travolta’s face?

    2. 100% agreed, Stormy.

      It’s always struck me as idiotic that a financial institution can totally screw you with a few key strokes, but trying to dispute or remove fraud or mistakes is damn near impossible.

      I had my identity stolen several years back and trying to get the companies that opened the accounts to cancel them and remove the credit markers is worse than arguing with Tulpa. I got most of it taken care of, but I still get collection calls from companies that claim I owe them money.

      1. Just heard this story from a friend with a common name (I’ll call her Jane Jones). She didn’t get her tax refund, because it had been withheld by the Metropolitan Transportation Commission, which handles bridge tolls. They claimed she owed $900. Seems an outsourced collection agency picked the wrong Jane Jones. When contacted they insisted she prove she did not own the car involved, which the DMV won’t/can’t do. Eventually she started contacting politicians and they were actually helpful and got it cleared up.

        Turned out the Jane Jones they wanted is an immigration lawyer in SF who (apparently) drives through the FasTrak lanes on the bridges without a transponder and just ignores all the bills she gets.

        1. Some people at the agency erroneously in the pursuit of someone else stole your friend’s money? Why are they not being prosecuted for this theft?

          1. They did this in while under contract to a state authority, so nobody will get charged with theft. However, the politicians seemed very interested, so they might use this as a reason to steer the collection contract to a different firm, perhaps one that coincidentally is run by someone politically connected, if not an actual relative.

    3. Stormy times a zillion. I’ve been saying for years that there is no such thing as identity theft. Some a-hole rips off some bank pretending to be someone else, that’s a two party transaction. Someone else should be left totally out of it.

  14. Most schemes like this blow up pretty quickly, with none of the money ever getting back to the victims. Clever, in a totally evil way.

    If Charles Ponzi could have printed his own money, he’d be one of the greatest heroes of financial history.

  15. I wish someone would steal my ID. As long as the made me The Jacket in return….

  16. The problem is not with the social security number, the problem is with our modern convienent credit based economy.

    It used to be very hard to get a loan and you generally had a personal relationship with your banker, enough so that everyone who worked at your home branch knew your name and face. In such a world identity documentation is not so necessary but it is slow, this eliminates lots of impulse buying on credit which makes a lot of companies a lot of money and pumps up GDP numbers making politicians look better.

    Today credit is everywhere and ridiculously easy to get, people like it because it means they can get a new smartphone in just a few minutes, companies like it because it means customers can spend easier and faster (which means more), and politicians love it because it increases monetary velocity making economic indicators look better, the problem is it can only work with some sort of universal unique personal identifier, if they didn’t use SSN’s they’d have to make up something else to use the same way and whatever unique identifier they did use would be just as susceptible to theft as the SSN is

  17. How do we know this is the real Tuccille?

  18. I am surprised we did not get someone taking a sideways swipe at Shikha Dalmia, illegal immigrants, etc. Well, at least not yet.

    1. Shikha Dalmia should go back to India and change things there if she cares so much about it, rather than ruining America with her “enlightened Socialist” bullshit.

      /fuckhead

      1. Aw, thanks for filling in…its just not the same though…. *puts hands in pockets, kicks nearby can a few feet with head hanging down*

  19. Full disclosure: I work for a company that provides ID theft restoration services, and when not wasting my time here at H&R I’m assisting individuals resolve their ID theft issues for a living. I have resolved every kind of possible issue- Medical, criminal, Tax related, credit related, even minor ID theft issues, you name it-I’ve fixed it. Fun fact: less than 30% of ID theft issues are credit related.

    A couple points about the gist of the problem:

    1.)Stormy is right that one of the main problems is that banks hand out credit like candy, and they no longer make a reasonable effort to verify the ID of the individual applying for the loan/credit card/mortgage whatever, simply because they want to lend faster. And once the ID theft happens these companies are rarely if ever held responsible for the damage to the real persons credit and financial history (never mind the BS they have to go through to get it fixed).

    2.) The IRS handed out over $20 BILLION in fraudulent tax returns ( http://www.nbcnews.com/video/c…..2#48493722 ) most of which were ID theft related….

    continued-

  20. 3.) Criminal and Medical ID theft is not just a problem in terms of paperwork. I’ve seen vital records changed where ID theft caused blood types to be switched, and prescription details altered, which can have obvious health implications. I’ve helped several individuals who were thrown in jail over crimes committed using their SS#, and the procedure for resolution is a far cry from “innocent until proven guilty”.

    Finally, there is no easy answer to the problem other than getting the FTC and CFPB to go after companies who regularly violate the rights of individuals through the Fair Credit Reporting Act and other consumer laws. The most we can hope for is that Congress does not make it WORSE by attempting to fix it.

    As with most other problems with our legal system, enforcing the current laws as opposed to making new ones would be a more efficient response.

    1. We don’t need a legal fix, just an appropriate assignment of the costs. If the costs of “identity theft” were born by the businesses that actually control the data and decision making processes, they’d have incentives to come up with solutions on their own.

      Case in point: there has for more than a decade now, been a technical solution that allows servers to authenticate passwords without having to store a copy of the password on the server-side of the system:

      http://en.wikipedia.org/wiki/S…..d_protocol

      Yet how often do we hear stories of “someone hacked into Company X and stole the password file to all their customer accounts!” Why does this happen? Because it doesn’t cost a company like Sony much when it happens so they really don’t care.

  21. So it’s the govt’s fault that private businesses and private credit reporting firms aid and abet fraud by not checking the validity of credit applications/credit reports? Way to absolve your ex-employer, too; the government made them get sloppy with your personal information. Right.

Please to post comments

Comments are closed.