funsec mailing list archives
Re: Colorado Supreme Court: Using a Stolen Social Security Number is Not Identity Theft
From: Jeffrey Walton <noloader () gmail com>
Date: Wed, 17 Nov 2010 19:30:15 -0500
On Wed, Nov 17, 2010 at 7:18 PM, Dan Kaminsky <dan () doxpara com> wrote:
On Wed, Nov 17, 2010 at 4:08 PM, Dan Kaminsky <dan () doxpara com> wrote:On Wed, Nov 17, 2010 at 4:04 PM, Jeffrey Walton <noloader () gmail com> wrote:On Wed, Nov 17, 2010 at 6:58 PM, Dan Kaminsky <dan () doxpara com> wrote:Did anyone actually read the ruling? They're basically saying a SSN# isn't an identity. Given that SSN#'s aren't actually unique in the population, they're, you know, right.Expand, please.http://www.schneier.com/blog/archives/2009/07/social_security.html Information about an individual's place and date of birth can be exploited to predict his or her Social Security number (SSN). Using only publicly available information, we observed a correlation between individuals' SSNs and their birth data and found that for younger cohorts the correlation allows statistical inference of private SSNs. [SNIP]Actually, technically, the above doesn't *necessarily* make SSNs non-unique. It just means that they're not randomly assigned. They could still be uniquely assigned within a non-random space. So that's a fairly significant assumption on my part, especially with some evidence of being willing to use non-contiguous assignment to deal with exhausting of numbers.
All in all, agree. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Colorado Supreme Court: Using a Stolen Social Security Number is Not Identity Theft, (continued)
- Re: Colorado Supreme Court: Using a Stolen Social Security Number is Not Identity Theft Jeffrey Walton (Nov 18)
- Re: Colorado Supreme Court: Using a Stolen Social Security Number is Not Identity Theft Rich Kulawiec (Nov 22)
- Re: Colorado Supreme Court: Using a Stolen Social Security Number is Not Identity Theft Jeffrey Walton (Nov 22)
- Re: Colorado Supreme Court: Using a Stolen Social Security Number is Not Identity Theft der Mouse (Nov 22)
- Re: Colorado Supreme Court: Using a Stolen Social Security Number is Not Identity Theft Valdis . Kletnieks (Nov 17)
- Re: Colorado Supreme Court: Using a Stolen Social Security Number is Not Identity Theft Jeffrey Walton (Nov 17)
- Re: Colorado Supreme Court: Using a Stolen Social Security Number is Not Identity Theft Dan Kaminsky (Nov 17)
- Re: Colorado Supreme Court: Using a Stolen Social Security Number is Not Identity Theft Jeffrey Walton (Nov 17)
- Re: Colorado Supreme Court: Using a Stolen Social Security Number is Not Identity Theft Dan Kaminsky (Nov 17)
- Re: Colorado Supreme Court: Using a Stolen Social Security Number is Not Identity Theft Dan Kaminsky (Nov 17)
- Re: Colorado Supreme Court: Using a Stolen Social Security Number is Not Identity Theft Jeffrey Walton (Nov 17)
- Re: Colorado Supreme Court: Using a Stolen Social Security Number is Not Identity Theft Jeffrey Walton (Nov 17)