Here are two current headlines in the New York Times "Most Emailed" box: "How Privacy Vanishes Online" and "I Need to Vent. Hello Facebook." The second answers the question posed by the first. Why is our privacy vanishing online? Because we want it to.
I'm not blaming people whose Social Security numbers are lifted from Facebook via criminal cryptologists. That is, by definition, a crime. I'm only suggesting that we offer information online by choice, not by fiat. Occasionally Facebook screws
up. But mostly, we sacrifice our privacy online for the human instinct to share and feel connected. If you want somebody to blame, look in the mirror.
Or look at whoever designed Social Security coding. Seriously! These headlines say as much about the guess-ability of Social Security numbers as the information we choose to put in our e-dentity profiles. As Slate's Chris Wilson pointed out in an article
last year (I wrote it up here
and will sum up below), Social Security numbers were originally designed to keep track of federal pension contributions, and not to be perfectly random.
In fact, they're not random at all: Chris explained
The numbers were derived using a simple formula. The first three digits, called the "area number," refer to the state where the card was issued. The fourth and fifth digits, the "group number," are assigned in a predetermined order to divide the applicants into arbitrary groups. The last four digits, the "serial number," are assigned sequentially, from 0001 to 9999 in each group.
That's why in one study, researchers posing as identify thieves, armed merely with knowledge of birthdays and birthplace, had a surprisingly good chance at guessing Social Security numbers. With that knowledge, they could access bank statements, credit card accounts, apartment leases, company accounts and other valuable information.
Chris suggested that we could replace Social Security numbers with totally randomized national IDs, and turn those numbers into the key for your drivers ID and tax returns. He also explained why this would be cumbersome and unpopular.
Bottom line is: follow the advice of Jon Kleinberg of Cornell University: "When you're doing stuff online, you should behave as if you're doing it in public -- because increasingly, it is."