Predicting Social Security Numbers From Public Data
We show that Social Security numbers (SSNs) can be accurately predicted from widely available public data, such as individuals' dates and states of birth. Using only publicly available information, we observed a correlation between individuals' SSNs and their birth data, and found that for younger cohorts the correlation allows statistical inference of private SSNs, thereby heightening the risks of identity theft for millions of US residents. The inferences are made possible by the public availability of the Social Security Administration's Death Master File and the widespread accessibility of personal information from multiple sources, such as data brokers or profiles on social networking sites. Our results highlight the unexpected privacy consequences of the complex interactions among multiple data sources in modern information economies, and quantify novel privacy risks associated with information revelation in public forums. They also highlight how well-meaning policies in the area of information security can backfire, because of unanticipated interplays between policies and diverse sources of personal data.
Alessandro Acquisti is an Associate Professor of Information Technology and Public Policy at the Heinz College, Carnegie Mellon University, a member of Carnegie Mellon Cylab, and a fellow of the Ponemon Institute. His work investigates the economic and social impact of IT, and in particular the economics and behavioral economics of privacy and information security. His research in these areas has been disseminated through journals (including Proceedings of the National Academy of Science, Marketing Science, Marketing Letters, IEEE Security & Privacy, Journal of Comparative Economics, Rivista di Politica Economica); edited books (Digital Privacy: Theory, Technologies, and Practices, Auerbach, 2007); book chapters; and leading international conference. His findings have been featured in media outlets such as NPR Fresh Air, NBC, MSNBC.com, the Washington Post, the New York Times, the Wall Street Journal, the New Scientist, and more.
Alessandro has received national and international awards, including the 2005 PET Award for Outstanding Research in Privacy Enhancing Technologies and the 2005 IBM Best Academic Privacy Faculty Award. He is and has been member of the program committees of various international conferences and workshops, including ACM EC, PET, WEIS, ETRICS, WPES, LOCA, QoP, and the Ubicomp Privacy Workshop at Ubicomp. In 2007 he co-chaired the DIMACS Workshop on Information Security Economics and the WEIS Workshop on the Economics of Information Security. In 2008, he co-chaired the first Workshop on Security and Human Behavior with Ross Anderson, Bruce Schneier, and George Loewenstein. His research has been funded by the National Science Foundation, the Humboldt Foundation, the National Aeronautics & Space Administration, Microsoft Corporation, as well as CMU CyLab and CMU Berkman Fund.
Alessandro has lived and studied in Rome (Laurea, Economics, University of Rome), Dublin (M.Litt., Economics, Trinity College), London (M.Sc., Econometrics and Mathematical Economics, LSE), and at the University of California, Berkeley, School of Information, where he worked with John Chuang, Doug Tygar, and Hal Varian and received a master's degree and a Ph.D.