Sunday, October 25, 2009

Predicting Social Security Numbers

I have been reading through some fascinating research regarding social media and privacy. This is a warning to all of us to be very careful with the information that we make publicly available on the Internet.

Alessandro Acquisti, professor of information technology and public policy at Heinz College, led a team of Carnegie Mellon University researchers who have shown that public information readily gleaned from governmental sources, commercial data bases, or online social networks can be used to routinely predict most, and sometimes all, of an individual's nine-digit Social Security number.

Alessandro Acquisti, and Ralph Gross

Carnegie Mellon University, Pittsburgh, PA 15213
Communicated by Stephen E. Fienberg, Carnegie Mellon University, Pittsburgh, PA, May 5, 2009 (received for review January 18, 2009)

Information about an individual's place and date of birth can be exploited to predict his or her Social Security number (SSN). Using only publicly available information, we observed a correlation between individuals' SSNs and their birth data and found that for younger cohorts the correlation allows statistical inference of private SSNs. The inferences are made possible by the public availability of the Social Security Administration's Death Master File and the widespread accessibility of personal information from multiple sources, such as data brokers or profiles on social networking sites. Our results highlight the unexpected privacy consequences of the complex interactions among multiple data sources in modern information economies and quantify privacy risks associated with information revelation in public forums.