OMB Website Exposes Thousands of SSNs 107
msblack writes "The New York Times is reporting that an Office of Management and Budget website accidentally exposed at least 30,000 social security numbers publicly online. As many as 100,000 to 150,000 individuals may have been affected. The cost to taxpayers just for notifications and credit monitoring is estimated to run $4 million. 'While there was no evidence to indicate whether anyone had in fact used the information improperly, officials at the Agriculture Department and the Census Bureau removed the Social Security numbers from the Census Web site last week. Officials at the Agriculture Department said Social Security numbers were included in the public database because doing so was the common practice years ago when the database was first created, before online identity theft was as well-known a threat as it is today. '"
Permanent Fix for SSN (Score:5, Insightful)
semi-secret number bad tool for ID (Score:5, Insightful)
The deeper issue is why identity theft is my problem. Shouldn't the credit agencies etc. be very very liable for loaning money to someone who is not me? It seems like they are part of the fraud whether they were willing participants or not. I should be able to collect damages when their negligent checking of my identity harms my credit score. Identity theft is a con job, where the perp convinces Visa (or whoever) that they are me. Usually, when cons happen, BOTH the conman and the victim are liable for damage caused. Suppose I conned you into thinking I was a cop and told you to drive me around while I robbed banks. You would still be accessory to my crime even if you claimed you didn't know better. Visa wants to (and currently is) claiming that they are not accessory to the theft of my credit score. That's not right.
The SSN is just a proxy for the fact that there are different standards for people citizens and corporate citizens.
Mine (Score:5, Insightful)
What happened to privacy act and common sense? (Score:5, Insightful)
What should have been happening is that SSNs should not simply be included in various databases. They should have been following the rules that we were told they were. Whether or not that was successful, they should have had policies and processes for vetting the database for privacy issues prior to dumping it online. Federal privacy laws predate the Internet. The basic notion of checking your data for data that should not be publicly available predates the Internet.
IMO this is similar to the claim that "nobody imagined using airplanes as missiles before 9/11". The problem of Identity Theft existed, was well documented, and alone should have given them reason to examine their DB first. The basic laws on privacy should have. And failing that common sense should have. This is a failure on many grounds.
The third time it's enemy action. (Score:3, Insightful)
"Once is happenstance. Twice is coincidence. The third time it's enemy action."
People still use SSN's? (Score:3, Insightful)
Re:Permanent Fix for SSN (Score:3, Insightful)
In 1976 they passed a law:
"To make, under federal law, unlawful disclosure or compelling disclosure of the SSN of any person a felony, punishable by fine and/or imprisonment."
Take a peek at http://yro.slashdot.org/comments.pl?sid=231667&op
You'll see them say repeated "no national id". Then it is followed with "but this other thing which we mandated means you need to have a defacto ID called the SSN". Yes that's a paraphrase but read the original and you arrive right there.
The "observed law" is simple:
As long as an entity such as the SSN exists, the government will spew rhetoric against it being used more and more as a form of ID while moving solidly and irrefutably in that direction. It doesn't require complicity or conspiracy, or malevolence. All it requires is some "need" to track, some "need for accountability" for some program ostensibly meant for the public welfare.
And it is set up in a way to deny you are required to have one. You are only required if you want to take advantage of some "benefit" the fedgov decides to "grant" you. You know, like not having your income taken from you. Like getting a job in the first place, or a bank account. These types of backdoor requirements feed conspiracy theories left and right. Sure, you aren't required to have one to live - officially. But if you want to do anything that living entails such as having a job, property, driving, banking, etc. you need one.
No, there is one and only one permanent fix: ban the existence of the SSN or any multi-agency identifier. Let each agency have it's own ID for people who it tracks err I mean services, and let there be no legal cross-checking between. Let the credit industry provide it's own identifier system. let the banking have it's own. Let Blockbusters have it's own.
But limiting the use of any ID will not solve it. You have to ban them. Of course, getting rid of those agencies that feel they need them is also another part of a complete solution.
Re:Thanks a Lot, FDR (Score:3, Insightful)
Not if you get disabled at 25 and you draw social security benefits for the rest of your life.
Social Security is an insurance program. If we got rid of it, we would have destitute old people living out on the streets, like they did during the depression. If that's the society you want to live in, fine. I don't want to see that one bit.
Re:Thanks.. (Score:1, Insightful)
Re:Thanks a Lot, FDR (Score:3, Insightful)
The problem has been decades of Democratic and Republican Congresses skimnming surplus money off the SS trust fund to cover their budgetary problems.
Remember how part of Al Gore's 2000 Presidential campaign was to put Social Security funds into a "lock box"? Even then it was too late to 'save' SS.
Maybe if Clinton had actually locked up SS funds at the beginning of his Presidency, the system would be solvent for the long run (>50 years).
Re:Mine (Score:3, Insightful)
Maybe now you don't care, but what about 5 years from now? 10 years? 20 years? Do you *ever* intend to buy a house? Would you like to receive medicare/medicaid/social security once you get old? Good luck proving you are 'you' when others applied for the same benefits in your name, especially if they've been able to impersonate you for years and have just as long of a 'history' with your information as you do yourself.
Remember, once your information is out there, it's out there for ever. It's like throwing your email address to a pair of spammers, they're never going to stop abusing it... With the big difference that a SSN can do a whole lote more damage.