Re: Colorado Supreme Court: Using a Stolen Social Security Number is Not Identity Theft

[Jeffrey Walton <noloader () gmail com>]

On Wed, Nov 17, 2010 at 7:18 PM, Dan Kaminsky <dan () doxpara com> wrote:
> On Wed, Nov 17, 2010 at 4:08 PM, Dan Kaminsky <dan () doxpara com> wrote:
> > On Wed, Nov 17, 2010 at 4:04 PM, Jeffrey Walton <noloader () gmail com> wrote:
> > > On Wed, Nov 17, 2010 at 6:58 PM, Dan Kaminsky <dan () doxpara com> wrote:
> > > > Did anyone actually read the ruling?
> > > > They're basically saying a SSN# isn't an identity.
> > > >
> > > > Given that SSN#'s aren't actually unique in the population, they're, you
> > > > know, right.
> > > Expand, please.
> >
> > http://www.schneier.com/blog/archives/2009/07/social_security.html
> >
> > Information about an individual's place and date of birth can be
> > exploited to predict his or her Social Security number (SSN). Using
> > only publicly available information, we observed a correlation between
> > individuals' SSNs and their birth data and found that for younger
> > cohorts the correlation allows statistical inference of private SSNs.
> > [SNIP]
>
> Actually, technically, the above doesn't *necessarily* make SSNs
> non-unique.  It just means that they're not randomly assigned.  They
> could still be uniquely assigned within a non-random space.  So that's
> a fairly significant assumption on my part, especially with some
> evidence of being willing to use non-contiguous assignment to deal
> with exhausting of numbers.
All in all, agree.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.