One Ring to rule them all, One Ring to find them, One Ring to bring them all, and in the darkness bind them.—J.R.R. Tolkien
David Haas doesn't like to give out his Social Security number. He fends off all the requests he can, from doctors, credit card companies, the bureaucracy at large. In the end, it was summer camp that got him.
"If the camp refuses your child because you won't divulge your Social Security number, you end up giving in," said the Franklin Lakes, N.J., financial planner. Haas kind of caved to his daughter's school, too.
Don't be too hard on him. It is the number that rules us all.
Social Security numbers, which identify the retirement accounts Americans build up over a lifetime of paycheck deductions, are taken in the vast majority of data breaches, simply because they are ubiquitous. They're a juicy target. Together with other basic information, like name and date of birth, the Social Security number is a passport to a person's identity. Unlike a credit card number, which can be instantly canceled, the SSN serves most people for their entire lives, with some 496 million issued since the first batch of cards went out in 1936. Its use as authentication for personal accounts has expanded the opportunity for fraud.
The government has tried to lessen our dependence on the Social Security number as the ultimate identifier and authenticator—for example, some states ask for a driver's license or state ID on income tax forms. Within its own ranks, the federal government is locked in a struggle to reduce the "unnecessary collection, use and display" of the number. In 2007, a presidential task force issued recommendations to "help prevent the theft and misuse of consumer's personal information." A decade later, on May 23, the Government Accountability Office testified about a GAO progress report on executive branch efforts to address the recommendations. The verdict: "These initiatives have had limited success." Among the initiatives was a proposed "alternative federal employee identifier" on Office of Personnel Management forms. That was abandoned as impractical "without an alternate governmentwide employee identifier in place."
An estimated 17.6 million people, or some 7 percent of American residents 16 or older, suffered at least one instance of identity theft in 2014, the latest year of data available from the Bureau of Justice Statistics. And that was before mega-breaches like the one at the health insurer Anthem and at the Office of Personnel Management itself.
"We are bleeding fraud with the use of SSNs," said Eva Velasquez, chief executive officer of the non-profit Identity Theft Resource Center, which helps victims of identity theft.
Attempts to check the SSN's proliferation have been failing for nearly half a century. As early as 1971, a Social Security Administration task force proposed that the agency take a " 'cautious and conservative position' toward SSN use and do nothing to promote the use of the SSN as an identifier," according to The Story of the Social Security Number, on the agency's web site. No luck.
How about fingerprints? Government agencies including the Veterans Administration and the Post Office have tried them, but they came with the whiff of criminality. The bald string of numbers seemed the more practical way to go.