Hacker News new | past | comments | ask | show | jobs | submit login

>What I do NOT believe is that the Social Security number just sort of came about and started being used by government services such as the IRS without anyone being responsible for that huge organizational decision or the initial (current?) lack of security controls around its implementation.

They didn’t “just sort of come about”, they were created for this exact purpose of tracking government services. Over the years, the number of government services expanded because of the lack of other alternative like I said.

And the lack of security around SSNs is because they weren't intended to be secret. It is generally private sector groups like banks and credit agencies that have turned this into a problem by treating SSNs as if they are a proof of identification. They were created as usernames, but people treated them as passwords.




> They were created as usernames, but people treated them as passwords.

Fully agree, but I don't see how this refutes what I and the root-level comment (anti-IRS sentiment aside) are saying.

> the lack of security around SSNs is because they weren't intended to be secret.

The lack of security is not BECAUSE they weren't intended to be secret. The lack of security is because numerous organizations (including the IRS, until their introduction of an IP PIN) treated these "usernames" as though they were passwords.

It's not a design problem with original intent of SSNs, it's an implementation problem with any organization using them improperly. Gov't services are just as responsible as banks and credit agencies when they misuse them.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: