Identity Theft

Identity Theft

by Latanya Sweeney


In 2003, the U.S. General Accounting Office identified SSN vulnerabilities as ripe for exploitation by terrorists, making SSN problems a serious concern to homeland security. This writing proposes two AI technologies used to defeat identity theft vulnerabilities specifically related to Social Security numbers (SSNs). The “credential validation problem,” involves matching the person presenting the credential to the subject of the credential. The first tool proposed herein, SSNwatch, is used to verify whether a given SSN matches the person presenting the SSN by exploiting semantics (knowledge representation) related to SSNs. The second tool, Identity Angel, crawls through Cyberspace, finding people at risk to identity theft (data mining) and notifies appropriate parties. Deploying these tools combats fraud related to financial and identity crimes that threaten the nation’s economic prosperity and security. They demonstrate how AI technologies can improve security while simultaneously enhancing the privacy of citizens.

Both of these tools are non-invasive. They work for less sophisticated computer users, who are the most likely to fall victim to these kinds of attacks. They operate within the existing information infrastructure. They do not require companies or agencies to change existing practices. They do not require any new laws. They do not require access to any sensitive information that is not already in the public domain. And, they do not impose overt modifications to routine user behavior in order to operate. Yet, the deployment of these non-invasive tools promises to be an effective guard against some important financial crimes related to the theft or misuse of personal identifiers and homeland security.

Tool #1 SSNwatch Validation Server
The SSNwatch Validation Server uses publicly available information about people and about SSNs to verify whether a given SSN matches the person presenting the SSN, and vice versa. Using publicly available information about SSN encoding and inferences about SSN assignments, the current SSNwatch Validation Server identifies the issuing state, date issued, estimated age range of the recipient, and activity status of an SSN. Uses of the SSNwatch Validation Server spot identity inconsistencies. An example is a 25 year old man presenting an SSN issued to a 50 year old man. Spotting these kinds of inconsistencies can be useful in processing job applications, apartment rentals, insurance claims, medical claims, and student applications, and so on.

Tool #2 Identity Angel
Identity Angel provides an immediate means of reducing identity theft risk by identifying people for whom information, freely available on the Internet, can be combined sufficient to impersonate the person in financial or credentialing transactions. In the example of fraudulently acquiring a new credit card, the imposter needs the {name, SSN, address, date of birth, mother’s maiden name} of the subject. Identity Angel automatically identifies people (tens of thousands in the example application) to whom this information is available freely on-line and then notifies the person (or appropriate parties) in cases where this information in part (or whole) can voluntarily be removed. Identity Angel runs automatically, without human intervention, finding vulnerable people and automatically notifying them.

Having technologies such as SSNwatch and Identity Angel deployed provides a provably effective and immediate guard to defeating identity theft vulnerabilities, and they do so non-invasively.

Keywords: Social Security numbers, homeland security, law-enforcement, personal documents, credentials, identity theft, financial fraud, entity resolution, identity matching, personal identification, privacy-preserving surveillance, artificial intelligence


L. Sweeney. AI Technologies to Defeat Identity Theft Vulnerabilities. AAAI Spring Symposium, AI Technologies for Homeland Security, 2005. (PDF).

L. Sweeney. A Guardian Angel Protects You From Identity Theft. Carnegie Mellon University, LIDAP Working Paper 16. Pittsburgh: January 2006. Under review for publication.

In the News

  • In the news: CBS News, Denver, "Angel Protects Those Who Might be Targets for ID Theft," October 20, 2005. (text, video)
  • CBS News, New York, "Why A Resume Could Bring A Job, But Also ID Theft: Identity Theft From Online Resumes On The Rise," Septmber 28, 2005 (text, video)
  • Pittsburgh Post-Gazette, December 26, 2005, "The Thinkers: Data privacy drives CMU expert's work" (text)

Related Links

Spring 2006 Data Privacy Lab