It turns out our Social Security numbering system, which launched in 1936, isn’t very foolproof against some types of hacking. The New York Times reports that researchers at Carnegie Mellon University “used statistical techniques to predict Social Security numbers solely from an individual’s date and location of birth.”
From the researchers’ sample, it was possible to identify in a single try the first five digits for 44 percent of deceased individuals who were born after 1988 and for 7 percent of those born from 1973 to 1988. It was possible to identify all nine digits for 8.5 percent of those born after 1988 in fewer than 1,000 attempts.
The accuracy of the prediction system increased for smaller states and for people born after 1988. The accuracy was higher for those born in the late 1980s and after because of rules that led increasingly to the assignment of Social Security numbers at birth. The researchers, for example, reported that they needed 10 or fewer tries to predict all nine digits for 1 out of 20 Social Security numbers assigned in Delaware in 1996.
The study points out that although it’s technically possible for criminals to repeat the results of the study, it’s currently unlikely. Still, it underscores that SSNs are an “aging technology,” in the words of one law professor quoted in the article. Or as one of the co-authors of the study says,
“My hope is that publishing these results may open a window of opportunity, so to say, to finally take action,” Mr. Acquisti said. “That S.S.N.’s are bad passwords has been the secret that everybody knows, yet one that so far we have not been able to truly address.”
“Social Security Numbering System Vulnerable to Fraud, Experts Say” [New York Times]