Insensitive attributes
And the award for best blog post title of the day goes to…
There is an Elephant in the Room; & Everyone’s Social Security Numbers are Written on Its Hide.
The post, by Richard Power, reports on an article by Alessandro Acquisti and Ralph Gross, “Predicting Social Security numbers from public data”, (faq, PNAS paper) which highlights how one can narrow down a US citizen’s social security number to a relatively small range based only on his or her state and date of birth.
As the Social Security Administration explained (see the elephantine blog post linked above), this was not really a secret; the SSA’s algorithm for generating SSN’s is public. The virtue of the Acquisti-Gross article is in pointing out the security implications of this clearly.
One of the interesting notions the study puts to rest is the distinction between “insensitive” and “sensitive” attributes. Almost anything can be used to identify a person, and once someone has a handle on you it is remarkably easy to predict, or find out, even more.
Leave a Reply