Shostack + Friends Blog Archive

 

Frontiers of Data Disclosure

Howard Schmidt made a glib suggestion that made me laugh, but he has a point. He asked why don’t we just take names, social security numbers, and everyone’s mother’s maiden name and put it in a huge searchable database, so everyone knows that it’s not security information and we can once and for all stop using SSNs for anything.
I’m still chuckling over it, but you know — it’s not a bad idea.

10 comments on "Frontiers of Data Disclosure"

  • Chris says:

    This sounds like Pete Lindstrom’s “Modest Proposal”:
    http://spiresecurity.typepad.com/spire_security_viewpoint/2005/02/a_modest_propos.html

  • Adam says:

    And it is a bad idea. The fact that it’s public won’t prevent people from using it for authentication. Second, publishing it would require a change in the law. So why not change the law to forbid the use of such data for authentication purposes, rather than publishing it all?

  • Mordaxus says:

    Because we already have such a law, at least for SSNs? The original laws that set up the Social Security Administration forbid the use of an SSN as an identifier.
    It’s a great intention, but it didn’t work.

  • Adam says:

    Did it? I thought that was just PR, and the law didn’t actually forbid anything.

  • Mordaxus says:

    I don’t think there are penalties.
    I have relatives who worked at the SSA, and as a child when I made dark comments about national ID and SSNs was lectured up one side and down the other.
    I did the typical kid response (eye-rolling, smartass comment) and said relative backed down some and admitted that in practice this law is not followed. History has shown my skepticism warranted.
    However, it’s important to remember that the legislators and the SSA were sincere in their work to keep SSNs from being a de-facto ID, they were just unsuccessful.
    Consider this a corollary to your law that all privacy fears come true, or perhaps merely an early implementation of your rule. It makes a much better cautionary tale if we recognize the sincerity and diligence of the SSA as we recognize the failure. You can’t just make privacy the law.

  • Arthur says:

    I seem to recall the law stated the circumstances where you had to fork over your SSN and didn’t limit where it could be used…

  • Adam says:

    So the SSA history of the SSN page says the 1935 act doesn’t mention the number at all, but provides for a record-keeping scheme.
    Later laws changed this.

  • Chris says:

    Based on what I read at SSA.gov earlier today, Arthur and Adam are right. We are legally required to cough up the number under certain circumstances, the govt is required to tell us when we must and when it is purely voluntary, and we can refuse private requests but we can then be turned away by those private parties.

  • Gunnar says:

    i’ve met pete lindstrom, I know pete lindstrom. howard schmidt is no pete lindstrom. anyhow pete’ point is that this data is ALREADY published to databases that are searchable by plimus 100,000 people

  • Pete says:

    “The fact that it’s public won’t prevent people from using it for authentication.”
    True enough – as is the case today, which makes it funny every time someone tries to put that genie back in its bottle.
    However, if the SSA made the information *explicitly* public, then at the very least people would stop ridiculously calling for “secrecy” of their SSNs. In addition, alternative authentication options would become available. Finally, it would make legal action more viable.

Comments are closed.