|Received:||8/3/2007 6:00:17 PM|
|Agency:||Federal Trade Commission|
|Rule:||Private Sector Use of SSNs|
Comments:With regard to the use of the SSN, there has been a conflation of Identifier and Authenticator. The SSN is meant as an Identifier only. That is, it is a label meant to uniquely identify a person. Common practice, however, sees its use as an Authenticator. When dealing with utility companies, financial institutions, or other systems where citizens hold accounts, the SSN is used as a password which grants account access. This places a burden on the citizen to keep the SSN a secret. Since the SSN is still used as an Identifier as well, keeping it a secret is very difficult. There should be no value in hiding an SSN, since it should not be used as an Authenticator. Other authentication methods exist and are widely deployed.