SOS Social Security Number Watch
The SSNwatch Validation Server uses publicly available information about Social Security numbers (SSNs) to verify whether a given SSN matches the person presenting the SSN.
The information provided by the SSNwatch validation server depends on how many digits of a Social Security number (SSN) are provided and whether a "quick" or "full" validation is requested. In general, as more digits are provided, more information is reported. Given a full 9-digit Social Security Number, the "full" validation option of the SSNwatch Validation Server identifies:
If only the first 3 digits of an SSN are provided, the SSNwatch Validation Server identifies only the state issued. If the first 5 digits of an SSN are provided, an estimated age range of the recipient and date of issuance are additionally reported. A narrower age range of the recipient typically results if the first 6 digits of the SSN are provided rather then just the first 5 digits.
To view a set of sample runs from the SSNwatch Validation Server, click here. To use the SSNwatch Validation Server, click here.
The SSNwatch Validation server makes computations from publicly available information about SSN encoding, SSN assignments, and SSNs retired from service due to death. All of this information is provided directly from the United States Social Security Administration under the Freedom of Information Act. One of the rationales for the sharing of this information is to help identify fraudulent SSNs when they are presented to businesses and government entities. Using the information to help combat SSN misuse is a primary goal of our SSNwatch Validation Service. Another primary goal of our work is to also determine the effectiveness of this information in combating SSN misuse, to identify risks, and to examine alternatives.
Our SSNwatch project has four primary goals related to Social Security numbers (SSNs).
The concept of the SSNwatch Server originated with Dr. Sweeney in the late 1970's while she was a student at the Massachusetts Institute of Technology (MIT). Dr. Sweeney reports:
Following the events of September 11, 2001, SSNs quickly evolved into national identifiers necessary for verifying one's identity for many documents related to national security concerns. Yet, SSNs were never intended to be used in this manner. Dr. Sweeney wanted to address this mismatch between the original purposes of SSNs and these new uses. Dr. Sweeney asked:
This question clearly drives the on-going development of the SSNwatch Validation Server. The current version of the SSNwatch Validation Server already provides an initial example of methods that can help match a person presenting an SSN to what is known about the SSN.
The overall SSNwatch project is broader however. It explores the duality of the privacy concerns, which cultivated Dr. Sweeney's original interests in SSNs on the one hand, and the increased need to share SSNs for many worthy purposes, on the other hand. The ultimate promise of the SSNwatch project is the creation of methods, technologies and related policies with provable guarantees of privacy protection while allowing SSNs (or alternatives) to be shared for many worthy purposes. The SSNwatch project seeks to educate decision-makers and the public by presenting scientific assessments of benefits, uses, and misuses of SSN sharing practices and alternatives.
By identifying the state in which the SSN was issued, the date the SSN was issued, the estimated age range of the recipient, and whether the number has been retired from use, we can provide inferences about the person presenting the SSN. This information can then be matched against other information the person provides for consistency. Mismatches in this information can help identify suspicious presentations of SSNs. Perhaps imposters might be exposed.
We envision potential uses of this technology in the future to be used in the review of:
However, our SSNwatch Validation Server is an academic demonstration and not fit for any purpose beyond our educational use at present. The availability of the SSNwatch Validation Server allows us to explore hypothetical scenarios for academic discussions.
In situations in which people provide SSNs in person or provide SSNs along with age and/or references to past states of residence (such as on resumes or job applications), then the SSNwatch Validation Server may be useful in exposing:
Consider an SSN that begins '078-05' as the first 5 digits. The SSNwatch Validation Server reports that 98% of the recipients of SSNs that begin with that prefix are born between the years of 1879 and 1921, inclusive. If the person presenting the SSN is clearly of age 20, for example, it is extremely unlikely that the provided SSN was issued to that person.
Consider an SSN that begins '078' as the first 3 digits. The SSNwatch Validation Server reports that all SSNs having that prefix were issued exclusively by the State of New York. If the person presenting an SSN with that prefix fails to list or acknowledge New York as a prior residence, then it is extremely unlikely that the provided SSN was issued to that person.
The order in which SSNs are issued does not follow a strictly sequential assignment though they do follow a prescribed non-sequential sequence assignment. As a result, knowing that one SSN has been issued does not mean that SSNs that are numerically less than that SSN have been issued. Consider two SSNs where the first begins '221-98' and the second begins '221-02.' The 4th and 5th digits of the first SSN are '98' and of the second SSN are '02.' The SSNwatch Validation Service reports that as of January 2004, SSNs beginning with '221-98' have been issued, but SSNs beginning with '221'-02' have not been issued. If a person presents SSN '221-02-1023', as their SSN, then it is extremely likely that the person has made an error.
Consider the SSN having the full 9-digits '078-05-1120'. The SSNwatch Validation Server, using the "full validation" option, reports that this SSN has been retired from service (due to death or termination). SSNs are not recycled or re-used. If a person presents this number as their SSN, then it is extremely likely that the person has made an error.
SSNs are required for anyone working in the United States. No one can legally work in the United States without having an SSN. Suppose a person provides an SSN having the first 5 digits '615-23' and reports work experience dating back to 1983. The SSNwatch Validation Server reports that the SSN was only issued in February 2001, making it extremely unlikely that the person was using this SSN for work experience in 1983.
Usually a person is issued one and only one SSN in their lifetime. Similarly, a single SSN is assigned to one and only one person. There are a few circumstances in which a person may get a replacement SSN, but these occurrences are extremely rare. If a person presents an SSN and claims it is a replacement SSN, then the date of issuance of the replacement SSN must be consistent with the time period in which the replacement number was being issued. Here is an example. Suppose a person claims to have originally been issued an SSN having the first 5 digits '609-01' and to subsequently have been re-issued an SNN having the first 5 digits '620-11'. The person claims the replacement SSN was provided in 2003. The SSNwatch Validation Server reports that the original SSN was issued before 1993 and the second SSN was issued in April 1999. The issuance of the second SSN is therefore inconsistent with the person's claim of receiving the replacement number in 2003. It is very unlikely that the second SSN was actually issued to the person in 2003.
As stated earlier, our SSNwatch Validation Server reports the issuing state, date issued, estimated age range of the recipient, and activity status of an SSN. This information was computed from publicly available information about SSN encoding, SSN assignments, and SSNs retired from service due to death. All of this information is provided directly from the United States Social Security Administration under the Freedom of Information Act. One of the rationales for the government's sharing of this information is to help identify fraudulent SSNs when they are presented to businesses and government entities. Using the information to help combat SSN misuse is a primary goal of our SSNwatch Validation Service. Another primary goal of our work is to also determine the effectiveness of this information in combating SSN misuse, to identify risks, and to examine alternatives.
Most people are reluctant to share their Social Security numbers (SSNs) unless required by law to do so or coerced to do so in order to receive a desired service or product. Other people freely share SSNs (their own and those of others) because of different views they hold about the identifiability and availability of SSNs. These views need to be scientifically addressed so that related behaviors and practices can be encouraged, if found to be of no or minimal risk, or discouraged, if provable risks and harms are shown. These are additional goals of our work in this SSNwatch project.
We intend to scientifically examine the following and develop related methods and recommendations accordingly:
Some people believe that releasing only an SSN, in part or whole, cannot be readily re-identified to the person to whom the SSN was issued without access to credit reports or other information containing both the person's SSN and name explicitly. An example is the somewhat common practice of listing student scores on the Internet by SSN or part of an SSN. Another example is the use of part of the SSN as part of an account number at commercial establishments. Such beliefs and practices may pose privacy risks for those who's SSNs are released.
Some people argue that access to SSNs, while available within many financial, health, employment, and government institutions, are not publicly available. Even though SSNs of known people can typically be purchased for less than $30 each, these people believe that access to large numbers of active SSNs is limited physically and economically. A goal in this work is to estimate how many active SSNs can be obtained for free (over the Internet) and to examine related risks.
Information provided as the basis for computations made by the SSNwatch Validation Server comes from the United States Social Security Administration. One of the rationales for the government's sharing of this information is to help identify fraudulent SSNs when they are presented to businesses and government entities. Using the information to help combat SSN misuse is a primary goal of our SSNwatch Validation Service. A goal of our work is to also determine the effectiveness of this information in combating SSN misuse, to identify risks, and to examine alternatives.
The SSNwatch project is provided by the Data Privacy Lab, a program within IQSS at Harvard University. Dr. Latanya Sweeney is the principal investigator and she is also the Director of the Data Privacy Lab.
The project originated when the Data Privacy Lab was located at Carnegie Mellon University.
No funds have been received by us to do this research. We have taken the effort on ourselves, at our own expense, to develop the server and provide the results publicly because the myths, benefits and risks associated with Social Security numbers need to be scientifically analyzed and publicly understood.
We may seek outside sponsors for particular sub-projects that build on the SSNwatch Validation Server. A commercial version of the SSNwatch Validation Service may even be made available in the future. The current version, however, is for research purposes only.
Join our mailing list to be notified of updates and news about this SSNwatch project. Send an email message to firstname.lastname@example.org to join the list.
We welcome you to submit on-line comments and to read the on-line comments of others. A submission form is available at dataprivacylab.org/dataprivacy/projects/ssnwatch/comments.html. You may also contact our team directly at email@example.com. The principal investigator on this project is Dr. Latanya Sweeney.
Tell me more about: