The Federal Trade Commission is seeking comment and planning to schedule public meetings to evaluate the use of Social Security numbers (SSNs) by private organizations, the agency announced this week.
The decision to involve the public comes after the President’s Task Force on Identity Theft in April called on member agencies that regularly work with the private sector — including the FTC, Department of Justice and Social Security Administration — to detail the uses of SSNs in private businesses to determine if they are necessary.
These agencies should collaborate with financial services firms, law enforcement agencies, consumer reporting companies, professors and consumer advocates, according to the task force’s report.
Any recommendations would be presented to President Bush during the first quarter of next year, according to the report.
John Pescatore, Gartner analyst and senior fellow, told SCMagazine.com today that the use of SSNs is rampant in the private sector, especially in legacy systems.
"For a student enrolling in college, or for someone joining a pool, or for someone opening up a store credit card, SSNs don’t have to be the identifier," he said. "It’s definitely way overused."
The FTC is soliciting comments on "the various uses of SSNs by the private sector, the necessity of those uses, alternatives available, the challenges faced by the private sector in moving away from using SSNs and how SSNs are obtained and used by identity thieves." The deadline is Sept. 5. To submit comments, visit www.ftc.gov/opa/2007/07/ssncomments.shtm.
SSNs are a key ingredient to successful identity theft, the report said.
"Consumer information is the currency of identity theft, and perhaps the most valuable piece of information for the thief is the SSN," the report said. "The SSN and a name can be used in many cases to open an account and obtain credit or other benefits in the victim’s name."
Colleges are the most visible organizations trying to move away from relying on SSNs as identifiers, but many firms are tentative to spend the time and money, Pescatore said.
"It’s like termites, you’ll find them everywhere you look," he said. "So many people are afraid to look because they’re everywhere."
He likens the push to eliminate the unnecessary use of SSNs to the Y2K scare.
"But Y2K had a deadline," Pescatore said. "This type of thing, there’s never a deadline."
But, he added, federal legislation could be coming.
Click here to email reporter Dan Kaplan.
Click here for the latest SC Magazine Podcast – July 30, 2007: Is the iPhone an IT security threat?