Carnegie Mellon University
Skip navigation and jump directly to page content

Facebookers Beware

Public Info Makes SSN Predictable

Alessandro Acquisti

Carnegie Mellon University researchers have shown that public information readily gleaned from governmental sources, commercial data bases, or online social networks can be used to routinely predict most — and sometimes all — of an individual's nine-digit Social Security number.

Project lead Alessandro Acquisti, associate professor of information technology and public policy at Carnegie Mellon's H. John Heinz III College, and Ralph Gross, a post-doctoral researcher at the Heinz College, have found that an individual's date and state of birth are sufficient to guess his or her Social Security number with great accuracy.

"In a world of wired consumers, it is possible to combine information from multiple sources to infer data that is more personal and sensitive than any single piece of original information alone," said Acquisti, a researcher in the Carnegie Mellon CyLab.

The study findings will appear this week in the online Early Edition of the Proceedings of the National Academy of Science, and will be presented on July 29 at the BlackHat 2009 information security conference in Las Vegas. Additional information about the study and some of the issues it raises is available at http://www.ssnstudy.org.

Ralph GrossThe predictability of Social Security numbers is an unexpected consequence of seemingly unrelated policies and technological developments that, in combination, make Social Security numbers obsolete for authentication purposes, according to Acquisti and Gross. Because many businesses use Social Security numbers as passwords or for other forms of authentication — a use not anticipated when Social Security was devised in the 1930s — the predictability of the numbers increases the risk of identity theft, which cost Americans almost $50 billion in 2007 alone.

The Social Security Administration could mitigate this vulnerability by assigning numbers to people based on a randomized scheme, but ultimately an alternative means of authenticating identities must be adopted, the authors conclude.

Students Ioanis Alexander Biternas, Ihn Aee Choi, Jimin Lee and Dhruv Deepan Mohindra assisted Acquisti and Gross in the study. The National Science Foundation, the U.S. Army Research Office, Carnegie Mellon CyLab, Pittsburgh Supercomputing Center and the Berkman Faculty Development Fund provided support for this research.

Pictured: Alessandro Acquisti (top), Ralph Gross (bottom)

Photos by Joshua Franzos

Related Links: Watch Video  |  Read Press Release  |  Heinz College  |  CyLab


Homepage Story Archives