| Comment Number: | 531096-00042 |
| Received: | 8/3/2007 6:00:17 PM |
| Organization: | |
| Commenter: | Stepp |
| State: | CT |
| Agency: | Federal Trade Commission |
| Rule: | Private Sector Use of SSNs |
| No Attachments |
Comments:
With regard to the use of the SSN, there has been a conflation of Identifier and Authenticator. The SSN is meant as an Identifier only. That is, it is a label meant to uniquely identify a person. Common practice, however, sees its use as an Authenticator. When dealing with utility companies, financial institutions, or other systems where citizens hold accounts, the SSN is used as a password which grants account access. This places a burden on the citizen to keep the SSN a secret. Since the SSN is still used as an Identifier as well, keeping it a secret is very difficult. There should be no value in hiding an SSN, since it should not be used as an Authenticator. Other authentication methods exist and are widely deployed.