Social Security Numbers: A Modest Proposal

Yet again, a business has been cavalier with tens of thousands of people’s personal data . If your W-2 was processed by PayMaxx in the last few years, any number of people might have read it. There could be thousands of identity thefts as a result.

Yet it’s not really PayMaxx who will be at fault if identity theft occurs. The real problem is that too many businesses use Social Security Numbers (SSNs) for authentication.

SSNs aren’t unique, they aren’t secret, and they were never intended to be used as universal identifiers, let alone authentication tokens. However, the relative obscurity of SSNs has led many businesses to misuse them to verify identity, even though they are completely unsuitable for the purpose.

The simple and obvious solution would be for the US government to legislate prohibiting use of SSNs for any purpose other than identifying taxpayers and social security recipients to the federal government. The legislation would be set to take effect some time at least 12 months in the future, to give companies plenty of time to issue new identity numbers to their customers.

It seems obvious to me that that will never happen, however. Too many corporations with a vested interest in cross-referencing their databases with everyone else’s, and no motivation to spend money on real security.

But I contend that we don’t need to wait for government to act. As I’ve already mentioned, SSNs aren’t actually secret. It’s apparently pretty easy for any random company to get a database of SSNs, and it seems clear that hackers can obtain such databases too. So let’s try a thought experiment…

Suppose a secretive band of hackers obtains a large database of SSNs, ideally the SSNs of the majority of people in the USA. They take out prominent ads in the major national newspapers, announcing that as of January 2007, the database of SSNs will be made available to anyone who wants it, via the Internet.

Companies misusing SSNs would have a simple choice: either stop doing so, or face massive fraud against them in 2007. Shareholders wouldn’t give them much choice.

On January 2007, the database of SSNs is published anonymously to the Internet.

Of course, the perpetrators of this civic act would need to be careful to remain anonymous, lest they suffer a hailstorm of lawsuits, possibly even spurious claims of ‘terrorism’. But in the end, we would live in a better world–one where SSNs were clearly only useful for identification.

The Dream World, Part 1

I’m a lucid dreamer. I am somewhat conscious during my dreams, I’m aware that they’re dreams, and I can influence their content somewhat. However, there seem to be certain inherent rules or limitations to what I can do.

One limitation is that I can’t make sudden, drastic changes. If I try to make things appear from nowhere, or disappear before my eyes, it breaks the dream and I wake up. So if I’m being chased through a shopping mall by a flesh-eating zombie, I can’t just make the zombie disappear. However, I can remember that there’s a sports shop around the corner with a good supply of baseball bats and a few rifles behind the back counter.

Another rule is that things have to be somewhat realistic. They can be bizarre or surreal, or can obey unusual laws of physics, but they have to be basically believable. So if I try to dream that I meet Jeri Ryan at an SF convention, that’ll work; if I try to dream that she finds me irresistably sexy and invites me back to her room, something in my brain or in the dream world will say ’Uh-uh, no way, ain’t gonna happen’ and I’ll wake up.

I can do things when I’m dreaming that I can’t do in real life. However, another rule of the dream world is that I have to learn new skills—just like real life.

The first thing I learnt was how to become invisible. It helped a lot with nightmares when I was a kid. However, it wasn’t a complete solution, because some monsters have a good sense of hearing, or could smell me. The obvious solution was to learn to fly; it was hard work, though. Initially I couldn’t get far from ground level, unless I was lucky enough to drift higher without realizing it. The breakthrough came when I realized that it didn’t work the way people always portray it as working in films; you don’t fly like a bird. It’s more like swimming through the air. I’ve pretty much got it mastered now.

A more recent skill I’ve developed is the ability to pass through solid objects. I’m still a beginner at it; it’s somewhat uncomfortable, and I have to brace myself, so I tend not to do it very often.

The fact that it takes years of practice to learn a dream skill implies a sense of continuity… and indeed, the dream world does seem to have continuity. I’ll sometimes have several dreams on successive nights that make up a longer dream. Some locations crop up again and again, and remain mostly consistent. Interestingly, even completely imaginary locations have some continuity.

On the other hand, dreams also repeat, so time in the dream world isn’t strictly a linear flow from past to future. The repetitions aren’t complete verbatim ones, though; generally once I realize I’ve encountered the scenario before, I can use information from the previous time to help me. I also get to use any new skills I’ve learnt—sometimes I’ve had a single repeat of a dream many years after the original.

I’m not sure what any of this means, if anything. I just find it interesting.