A Carnegie Mellon University team led by CyLab researcher Alessandro Acquisti has shown that public information readily gleaned from governmental sources, commercial data bases, or online social networks can be used to routinely predict most — and sometimes all — of an individual’s nine-digit Social Security number.
Acquisti, associate professor of information technology and public policy at Carnegie Mellon’s H. John Heinz III College, and Ralph Gross, a post-doctoral researcher at the Heinz College, have found that an individual’s date and state of birth are sufficient to guess his or her Social Security number with great accuracy.
“Given the inherent vulnerability of Social Security numbers, it is time to stop using them for verifying identities and redirect our efforts toward implementing secure, privacy-preserving authentication methods,” Acquisti said.
The study findings will appear this week in the online Early Edition of the Proceedings of the National Academy of Science, and will be presented on July 29 at the BlackHat 2009 information security conference in Las Vegas. Additional information about the study and some of the issues it raises is available at http://www.ssnstudy.org.
The National Science Foundation, the U.S. Army Research Office, Carnegie Mellon CyLab and the Berkman Faculty Development Fund provided support for this research.
The full press release is available on Carnegie Mellon's website.
For analysis and commentary on the implications of this study, read this related CyBlog post: There is an Elephant in the Room; & Everyone’s Social Security Numbers are Written on It’s Hide
(Social security image by artist Tom Mosser.)
See all CyLab News articles