Comment by quantumfissure
9 months ago
If they have your address; birthday; and SSN a whole lot. Generally, they could apply for credit cards; loans; set something to bill to you; etc...
Fortunately, it's getting harder without previous addresses or other verification methods.
For non-Americans that don't know, our Social Security number is generally assigned at birth or when you become a citizen by the Social Security Administration. Social Security is a disabled or elderly benefit we all pay into (roughly 7.5% employee and 7.5% employer - ~15% total). It's the only number we all get, since not everyone gets a driver's license; ID; passport; or other identifier. Unfortunately, it's been used to identify us for everything, and until recently was typically in plaintext on most forms (medical; tax; student; etc...).
CGP Grey has a good summary of how it came about and why it's become a problem: https://www.youtube.com/watch?v=Erp8IAUouus
> It's the only number we all get, since not everyone gets a driver's license; ID; passport; or other identifier. Unfortunately, it's been used to identify us for everything, and until recently was typically in plaintext on most forms (medical; tax; student; etc...).
I fail to see the problem with that. As you said, it's an identifier, like an username or your full name. There should be no issue with everyone knowing your full name, or your username; why there should be an issue with everyone knowing your SSN, or it being in plaintext everywhere?
Because it was used as BOTH an identifier AND proof of identity, for a long time. If it were used properly as simply an identifier, you'd be right, but there are still many cases where knowledge of the number is used as proof (or partial proof, along with birthdate/address/etc) of identity.
I heard there was a similar problem with the bank account number in the US - that you could use it to withdraw money without an actual password or strong identification. Hence the popularity of cheques, PayPal and similar services that weren't needed that much in Europe.
You're right that bank account numbers in the US are insecure, but you're wrong that this is why checks are popular here.
Checks are actually the source of the problem. If you have access to blank check stock and MICR laser toner (both readily available on Amazon, since business accounting departments will routinely print their own checks for payroll / bills), you can make seemingly valid checks to withdraw funds from any account number. This is still a problem.
The reason why checks are popular is because until recently there hasn't been a cheap + accessible + official + unencumbered way to do electronic transfers between personal accounts. The infrastructure existed (ACH), but only businesses could actually initiate deposits/withdrawals. Individuals could initiate full-service wire transfers, but those are risky (there's no way to reverse one done in error) and banks typically charge $25/transfer - which is far too expensive to use for anything routine.
PayPal came into existence so people could purchase goods online (on eBay, specifically) and have the option of performing a chargeback if the goods weren't delivered as advertised.
(Checks will probably still persist for some time, since all the online payment services want to charge percentage fees if they think you're acting as a business. The beauty of checks is that they just work and don't insist on taking a cut of the payment.)
> why there should be an issue with everyone knowing your SSN, or it being in plaintext everywhere
Because far too many businesses, esp. financial ones (banks/credit unions/etc.) have also incorrectly used it as a password to authenticate that "voice on phone" is really John Q. Public and/or that "grifter in chair across desk" is really John Q. Public. I.e., they used the fact that "person X" knew number Y as proof that person X was really person X.
We can argue that it was never intended to be used this way (a true statement), that knowledge of it provides no such proof (also true), and that using it as such was always wrong on the part of these businesses (also true), but the fact is, many did use it this way, and, sadly, many still do use it this way. And it is this misuse that is the "issue" with everyone knowing everyone's SSN.
> username
Think of it as being the username and password. That's how many institutions have treated it for a long time.
Do you need SSN for voting? I heard that you don't need an ID (at least in some states) which was very weird for me but if they ask SSN instead, that is at least something I guess?
No, SSN is not used for voting.
Voting requirements and eligibility are set individually by each state, sometimes even in finer detail, New York City wanted to give immigrants the right to vote in local school board elections for example.
SSN are administered by the federal government and are opt-in(however most people apply for one) so it is not something a state can really use as a voting requirement.
State I currently live in(GA), you need to bring a photo ID for in person voting: - Drivers License(from any state or federal government) - State ID card - Student ID card - ID badge from any state or federal workplace - Passport - Military ID - Tribal ID Data was cross check to an online voter registration database.
Prior state (NC), I think the ID requirements were similar(possibly more relaxed) but at that time the data was checked to the voter roll, a book with the name and address of all the people in the precinct. When you went to vote, you signed by your name and then it was crossed off the list.