Note from archiver<at>cs.uu.nl:
This page is part of a big collection
of Usenet postings, archived here for your convenience.
For matters concerning the content of this page,
please contact its author(s); use the
source, if all else fails.
For matters concerning the archive as a whole, please refer to the
or contact the archiver.
Subject: Social Security Number FAQ
This article was archived around: 25 May 2006 04:23:27 GMT
Last-modified: March 24, 2001
-----BEGIN PGP SIGNED MESSAGE-----
If you have comments on the following, please send them to me at
email@example.com. A description of how to retrieve the most recent
version of this and related documents appears at the end.
What to do when they ask for your Social Security Number
by Chris Hibbert
for Social Responsibility
Many people are concerned about the number of organizations asking for
their Social Security Numbers. They worry about invasions of privacy and
the oppressive feeling of being treated as just a number. Unfortunately,
I can't offer any hope about the dehumanizing effects of identifying you
with your numbers. I *can* try to help you keep your Social Security
Number from being used as a tool in the invasion of your privacy.
The advice in this FAQ deals primarily with the Social Security Number
used in the US, though the privacy considerations are equally applicable
in many other countries. The laws explained here are US laws. The advice
about dealing with bureaucrats and clerks is universal.
The Privacy Act of 1974
The Privacy Act of 1974 (Pub. L. 93-579, in section 7), which is the
primary law affecting the use of SSNs, requires that any federal, state,
or local government agency that requests your Social Security Number has
to tell you four things:
1: The authority (whether granted by statute, or by executive order of
President) which authorizes the solicitation of the information and
whether disclosure of such information is mandatory or voluntary;
2: The principal purposes for which the information is intended to be used;
3: The routine uses which may be made of the information, as published
annually in the Federal Register, and
4: The effects on you, if any, of not providing all or any part of the
The Act requires state and local agencies which request the SSN to
individual of only three things:
1: Whether the disclosure is mandatory or voluntary,
2: By what statutory or other authority the SSN is solicited, and
3: What uses will be made of the number.
In addition, that section makes it illegal for Federal, state, and local
government agencies to deny any rights, privileges or benefits to
individuals who refuse to provide their SSNs unless the disclosure is
required by Federal statute. (The other exception is if the disclosure
is for use in a record system which required the SSN before 1975. (5
USC 552a note). So anytime you're dealing with a government institution
and you're asked for your Social Security Number, look for a Privacy Act
Statement. If there isn't one, complain and don't give your number. If
the statement is present, read it. Once you've read the explanation of
whether the number is optional or required, and what will be done with
your number if you provide it, you'll be able to decide for yourself
whether to fill in the number.
There are several kinds of governmental organizations that usually have
authority to request your number, but they are all required to provide the
Privacy Act Statement described above. (see the list in the "Short History"
section of the website
http://www.cpsr.org/cpsr/privacy/ssn/SSN-History.html#history) The only time
you should be willing to give your number without reading that notice is when
the organization you are dealing with is not a part of the government.
Why You May Want to Resist Requests for Your SSN
When you give out your number, you are providing access to information
about yourself. You're providing access to information that you don't
have the ability or the legal right to correct or rebut. You provide
access to data that is irrelevant to most transactions but that will
occasionally trigger prejudice. Worst of all, since you provided the
key, (and did so "voluntarily") all the information discovered under
your number will be presumed to be true, about you, and relevant.
A major problem with the use of SSNs as identifiers is that it makes it
hard to control access to personal information. Even assuming you want
someone to be able to find out some things about you, there's no reason
to believe that you want to make all records concerning yourself
available. When multiple record systems are all keyed by the same
identifier, and all are intended to be easily accessible to some users,
it becomes difficult to allow someone access to some of the information
about a person while restricting them to specific topics.
Unfortunately, far too many organizations assume that anyone who
SSN must be the owner. When more than one person uses the same number, it
clouds up the records. If someone intended to hide their activities by using
someone else's number, it's likely that it'll look bad on whichever
shows up on. When it happens accidentally, it can be unexpected,
embarrassing, or worse. How do you prove that you weren't the one using your
number when the record was made?
Simson Garfinkel put it very well in an article for CACM's "Inside Risks"
column in October, 1995. His article started with the paragraph
The problem with Social Security Numbers today is that some
organizations are using these ubiquitous numbers for
identification, others are using them for authentication, and
still others are using them for both.
Simson went on to explain how the two uses are incompatible. I recommend
What You Can Do to Protect Your Number
It's not a good idea to carry your SSN card with you (or other documents
that contain your SSN). If you should lose your wallet or purse, your SSN
would make it easier for a thief to apply for credit in your name or
otherwise fraudulently use your number. Some states that normally use
SSNs as the drivers license number will give you a different number if you
ask. If your health insurance plan uses your SSN for an ID number, it's
probably on your insurance card. If you are unable to get the insurance
plan to change your number, you may want to photocopy your card with your
SSN covered and carry the copy. You can then give a health care provider
your number separately.
Here are some suggestions for negotiating with people who don't want to
give you what you want. They work whether the problem has to do with SSNs
(your number is added to a database without your consent, someone refuses
to give you service without getting your number, etc.) or is any other
problem with a clerk or bureaucrat who doesn't want to do things any way
other than what works for 99% of the people they see. Start politely,
explaining your position and expecting them to understand and cooperate.
If that doesn't work, there are several more things to try:
1: Talk to people higher up in the organization. This often works
simply because the organization has a standard way of dealing
with requests not to use the SSN, and the first person you deal
with just hasn't been around long enough to know what it is.
2: Enlist the aid of your employer. You have to decide whether talking
to someone in personnel, and possibly trying to change
corporate policy is going to get back to your supervisor and
affect your job. The people in the personnel and benefits
departments often carry a lot of weight when dealing with health
3: Threaten to complain to a consumer affairs bureau. Most newspapers
can get a quick response. Ask for their "Action Line" or
equivalent. If you're dealing with a local government agency,
look in the state or local government section of the phone book
under "consumer affairs." If it's a federal agency, your
congress member may be able to help.
4: Insist that they document a corporate policy requiring the number.
When someone can't find a written policy or doesn't want to
push hard enough to get it, they'll often realize that they
don't know what the policy is, and they've just been following
5: Ask what they need it for and suggest alternatives. If you're
talking to someone who has some independence, and they'd like
to help, they will sometimes admit that they know the reason
the company wants it, and you can satisfy that requirement a
6: Tell them you'll take your business elsewhere (and follow through if
they don't cooperate.)
7: If it's a case where you've gotten service already, but someone
insists that you have to provide your number in order to have a
continuing relationship, you can choose to ignore the request
in hopes that they'll forget or find another solution before
you get tired of the interruption.
How To Find Out If Someone Is Using Your Number
There are two good places to look to find out if someone else is using
your number: the Social Security Administration's (SSA) database, and your
credit report. If anyone else used your number when applying for a job,
their earnings will appear under your name in the SSA's files. If someone
uses your SSN (or name and address) to apply for credit, it will show up
in the files of the big three credit reporting agencies.
The Social Security Administration recommends that you request a copy of
your file from them every few years to make sure that your records are
correct (your income and "contributions" are being recorded for you, and
no one else's are.) As a result of a recent court case, the SSA has
agreed to accept corrections of errors when there isn't any contradictory
evidence, SSA has records for the year before or after the error, and the
claimed earnings are consistent with earlier and later wages. (San Jose
Mercury News, 5/14, 1992 p 6A) Call the Social Security Administration at
(800) 772-1213 and ask for Form 7004, (Request for Earnings and Benefit
Estimate Statement.) The forms are available online at the SSA's website:
http://www.ssa.gov/online/forms.html. You can also pick up a copy at any
office of the SSA.
Information about the credit reporting agencies is available in the Junk
Mail FAQ, and various other privacy-related FAQs. Try looking at
Retrieving the SSN FAQ and related documents
The SSN FAQ is available from two places: rtfm.mit.edu (by FTP or EMail),
or cpsr.org (by FTP or http). The html version is at cpsr.org, and
includes links to SSN-related info which has been omitted from the text
version. The text version is at MIT.
The URLs are:
There is a more comprehensive privacy page at CPSR (which points at
both the SSN and junk mail FAQs). It's at:
You can get the latest version of the SSN FAQ (the text version) by
sending mail to firstname.lastname@example.org with
as the sole contents of the body. Send a message containing "help" to get
general information about the mail server.
cpsr.org has other resources on privacy, SSNs, and related subjects.
Other directories contain information on pending legislation, the 1st
amendment, computer security, cryptography, FOIA, NII, and CPSR.
other Privacy-related Resources
If you have suggestions for improving this document please send them to me:
1195 Andre Ave. or email@example.com
Mountain View, CA 94040
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----