USS Clueless Stardate 20011012.1800

  USS Clueless

             Voyages of a restless mind

Main:
normal
long
no graphics

Contact
Log archives
Best log entries
Other articles

Site Search

Stardate 20011012.1800 (On Screen): Atlee comments on my article about the use of Social Security Numbers as access keys for databases. Unfortunately, most of the problems she describes I think are virtues. There's no reason why any given database cannot issue to me a unique number, randomly chosen or sequentially assigned or created by hashing my name. If I go to a doctor or a pharmacy to use my health plan, I give them a card and it has an identification number on it. There's no reason that has to be my SSN; it could just as easily be anything else. The only requirement is that it be locally unique within that particular database; there's no benefit to me for using the same number for everything. Equally, if a credit rating bureau wants to keep records on me, they can tell me so and tell me what access key they're using. If I want a bank loan, I give that key to the bank and they access my record. Equally when I want a credit card. But there's no benefit for me for that number being the same one as is used by my health plan, or by the state for my driver's license, or by the Federal government for my taxes, or for any of the other 500 databases I'm in.

But for people who want to create an effective police state or to otherwise seriously invade my privacy, having a single number is priceless. If someone now wants to know all about me, all they need is my SSN. They can access my health records, my credit record, they can trace me back to all the places I've lived in my life, find everything out about me. If they were doing those things with my permission and knowledge, then I could give them all the access keys they needed to do it; it's only when they're doing it without my permission that a single number becomes useful.

The use of a unique number created by the database is not a new concept; it's what they used to do. In many cases they still do: my credit card doesn't have my SSN on it; rather, it's a number issued to me by my bank. No-one needs to know that number except when doing something I want done, and in that case I can give them that number. The bank can probably access my database entry using my SSN, but they don't do so routinely, and if they ceased to have that ability it wouldn't noticeably affect their day-to-day operations. (They have to have my SSN in the database but it doesn't have to be an access key.) And the same thing goes for all the other databases. There is no problem finding my records if I'm cooperating with them -- and if I'm not, then I want it to be as difficult as possible. Even more to the point, if I'm in a database without knowing it, then I want access to that database to be difficult and error prone.

As to the ambiguity of names and the difficulty of using them for access keys -- that is precisely the point. What that means is that if I am in several databases which don't use the SSN for access keys (and don't actually contain the SSN at all), then cross-correlating those databases becomes prohibitively difficult. This is a virtue, not a fault. It's precisely the reason I don't want the SSN used. I recognize that sometimes this will cause me grief -- and that is a price I'm willing to pay to protect my privacy. (discussion in progress)

Captured by MemoWeb from http://denbeste.nu/entries/00001075.shtml on 9/16/2004