On Thursday, September 26, 2002, at 06:19 PM, Crispin Cowan wrote: > What WILL work to prevent ID is legislation that prohibits banks & > credit bureaus from using pathetically weak authenticators. Dr. > Crispy's proposed law to largely eliminate ID theft: > > * No financial institution or government agency may use a social > security number, any attribute that is a matter of public record, > or any attribute that is easily obtainable about another person > (such as DOB, address, or mother's maiden name) as an > authenticator. Authenticators must be *secret*, known only to the > person and to the issuing organization at the time of issue. From the Social Security Administration's Publication No. 05-10002, "Your Number and Card": > Giving Your Number To Others > > If a business or other enterprise asks you for your Social Security > number, you can refuse to give it to them. However, that may mean > doing without the purchase or service for which your number was > requested. For example, utility companies and other services ask for > your Social Security number, but do not need it; they can do a credit > check or identify their customers by alternative means. > > Giving your number is voluntary even when you are asked for the number > directly. If requested, you should ask: > > * why your number is needed; > * how your number will be used; > * what happens if you refuse; and > * what law requires you to give your number. > > The answers to these questions can help you decide if you want to give > your Social Security number. The decision is yours. > > Our primary message is this--be careful with your Social Security > number and your card to prevent their misuse. When Social Security was first established the law authorizing the issuance of numbers specifically prohibited their use as identification. The only legitimates purpose for the SSN according to the original statute is to identify and access an individual's Social Security account. The IRS uses your SSN as your Taxpayer ID Number (TIN), but you can ask for and get a different TIN that is not your SSN. I believe the IRS was later authorized to require SSNs when they took over collecting FICA "contributions." Employers can ask for and use your SSN only to complete tax forms. Most organizations that ask for your SSN--schools, utility companies, etc.--will issue an identifier to you if you ask. Their use of SSNs is more or less benign; the problem is that they don't secure the information. The Federal Privacy Act of 1974 supersedes some earlier provisions relating to government use of your SSN. The Privacy Act on its face seems to cover the same points as Dr. Crispy's proposal, but it's full of exceptions and loopholes, and probably conflicts with hundreds of other regulations. No enforcement mechanism exists, either. State agencies and private companies can ask for your number, and even deny services if you don't give it to them: the California DMV requires a SSN to get a drivers license, and agencies in other states have similar requirements. Federal courts have upheld such state laws on the theory that the individual does not have to give their SSN (i.e. there is no statutory penalty for not divulging it); not getting a license is not regarded as a penalty because no statutory right to get a drivers license exists. > Sadly, I don't think the State has the jurisdiction to implement such > a law; it'll probably have to be Federal. In general states laws can't override or nullify Federal laws, but they can clarify and narrow areas left open in a Federal law. Since Social Security numbers are issued by the Federal government states can't legislate on their use in any meaningful way. The Federal Privacy Act also appears to create a Federal jurisdiction over identification schemes. I'm not an attorney. -- Greg Jorgensen PDXperts LLC, Portland, Oregon, USA
This archive was generated by hypermail 2b30 : Thu Sep 26 2002 - 20:28:11 PDT