Fun fact. In Sweden it's available to anyone. Anyone can also find out find out where you're living, whom you're living with and what vehicle you're driving (among other things). It's a part of offentlighetprincipen[1].
Yes. America’s problem is that they use the SSN as a secret. Knowing it means you can impersonate someone.
Whereas in Sweden the “person number” is public information and identity is authenticated and authorized in other ways (by showing a driving license or using a “bank id” app etc).
In the nordics how much tax you pay (meaning for most people you can just divide by twelve to determine salary) is also public info. As is how much houses sell for etc.
The public library probably have the local "Tax-calendar" (taxeringskalendern). Like an old fashioned phone book except instead of phone numbers it has the taxed income for everyone in your town for the last year (there is of course web sites with this info too but no free service that I know of). Spent an hour at the library looking up my coworkers salaries when prepping for my first pay negotiation many years ago.
SSN isn’t even a well-kept secret, considering you have to give it out for banking, medical, or anywhere else that needs to identify you.
We should have a kind of username / password system instead, where everyone has a unique ID and a separate private ID. We could even use something like RSA so you never have to give out your private ID to anyone.
I believe Offentlighetsprincipen is one of the main foundations of the success of Sweden as a democracy. It acts like a filter on corruption. Dumb politicians are regularly exposed early in their careers. Only really smart, subtly corrupt politicians make it to the top level of government.
Does that not lead to the potential sticky situations that my mind immediately jumps to?
Edit: I read through your link and did some light browsing of my own (later stonewalled by the fact that I don't speak any of the Scandinavian languages). I don't see anywhere that a citizen can re-assert their right to privacy but that would seem to be necessary in some cases (e.g. Twitch streamers wanting to remain incognito to avoid getting SWATted or otherwise frequently visited by police).
> I don't see anywhere that a citizen can re-assert their right to privacy
Rights depend on jurisdiction. I’m not aware of any right to privacy regarding place of residence or tax returns in Sweden.
A resident is entitled to file for a “protected identity” which would obscure their address, phone number and person number on these types of services. Even celebrities tend to avoid doing that unless they have a persistent stalker, because it leads to all sorts of practical problems when dealing with everyday administration.
For an even clearer example. There's this list of the 25 most searched for people last year: https://www.ratsit.se/info/omtalade/mest-eftersokta-forra-ar... . I can recognize several celebrities there, most of them artists, and even our prime minister.
You can see addresses, if they own dogs, which cars they own, what salary they have (the site I linked needs payment for that, but there's other ways to get it for free), the companies they own or own a part of.
In the United States SSNs are treated as secret. I shouldn't have t care if other people know my DOB or SSN, but I have to care because tons of companies and government offices use these as proof of ID.
If only there were legislation in place to subject those breaching this misinformation to legal recourse, so the current administration can enforce which problems exist in the public's eyes. Some real legal tools the government can use to enforce truths from falsehoods, wired right into the platforms that disseminate this kind misinformation. After all, elected representatives are known for their intellectual honesty and predictably virtuous behavior.
If only there were legislation in place to subject those breaching this misinformation to legal recourse
The SSN wasn't supposed to be used for identification at all, at first. [1] But the government decided that didn't apply to them, and then they decided that it didn't apply to anyone else.
Most states allow you to lookup teacher licenses using last name and they have a “secure” version of the same site for employers and employees to update data. Most of the secure sites use a combination of last names, dob, and/or SSNs to authenticate teachers.
But if everyone asks for last four then it also means everyone has it. You are one shitty site leak away from having all the info needed to identify you available publicly.
Funny, with the Governor first doubling down on his "leet hackers" drivel, but now trying to bury it with new unrelated tweets to push his earlier rants down.
You know the guys who made the site were telling their bosses: We got hacked, but we're in control of the situation. They weren't saying, we screwed up and made private info public.
I think we as a profession have made a fundamental error of not internalizing the idea that we have different “colors” of data that need to be treated as such at all times. At rest, and in motion.
We have bespoke solutions to keep passwords and numbers out of logs by obscuring certain key, value pairs, but that’s exactly what it is. Bespoke.
Those fields should be protected at all levels. I don’t know if I would go so far as calling it a cross cutting concern, but there is definitely a problem with stringly typed data that is a mix of PII, privileged data and common knowledge.
We've started to treat anything that even sounds like PII as if it were high level radioactive waste. We have a single unified model for our problem domain with special attributes on those properties which are PII-sensitive.
Any time our model is to be exposed to an unsecure context, it is reflected for these PII attributes and mapped into a special redacted variant of the same model.
For purposes of troubleshooting, the redacted model properties receive the sensitive data as a hash after it has been passed through salted SHA256. This allows for us to correlate sensitive things like SSNs between multiple log entries for the same work item, but unable to correlate across different work items.
About half the places I've worked, and all the place with more than a couple dozen employees, have had formal security levels on emails, data, and documents. It is common enough practice that plugins exist to set the levels in MS Office tools. These covers PII as well as confidentiality and simply "internal only" levels of content.
If you haven't worked in a large company in recent years, maybe you haven't seen it, but it feels fairly standard these days.
This is the search form. Pretty sure it's the results you would get after the search that has the full ssn in the html source. Still interesting in that it allows searching by the last 4 of the ssn.
And the source seems to indicate this is the "public ssn search", and that a "search by full ssn" probably also exists.
E.g.:
let SSNSearch = document.querySelector("#pnlSSNSearchHeader");
let SSNPublicSearch = document.querySelector("#pnlSSNPublicSearchContent");
Thats just ViewState (throw it in http://viewstatedecoder.azurewebsites.net/ if curious) of the schools array. Nothing special on the page. I suspect whats suspect is the lookup portion on the server side.
> Though no private information was clearly visible nor searchable on any of the web pages, the newspaper found that teachers’ Social Security numbers were contained in the HTML source code of the pages involved.
And the layout of that site - I suspect when you clicked through to look at a teacher, it would display the Name + last 4 of their social security number with their teaching credentials. I suspect that if you viewed source on that page, the full SSN was in the retrieved data but the page was just displaying the last 4 digits.
Can't confirm without the Archive site actually pulling live data but it seems to line up.
My guess from looking at this is once you select a district, it would have populated a dropdown with teachers. The teachers were keyed off SSN as the ids in the select element. Not clearly visible in source, but would appear right away if you did "inspect element" after selecting a district.
Readit News
[1] [PDF] https://www.regeringen.se/4a76f3/contentassets/2c767a1ae4e84...
Whereas in Sweden the “person number” is public information and identity is authenticated and authorized in other ways (by showing a driving license or using a “bank id” app etc).
In the nordics how much tax you pay (meaning for most people you can just divide by twelve to determine salary) is also public info. As is how much houses sell for etc.
We should have a kind of username / password system instead, where everyone has a unique ID and a separate private ID. We could even use something like RSA so you never have to give out your private ID to anyone.
I wouldn’t call those subtle.
Now, if you’re referring to only those politicians in your own country, then I have no reference for levels of subtlety involved.
Edit: I read through your link and did some light browsing of my own (later stonewalled by the fact that I don't speak any of the Scandinavian languages). I don't see anywhere that a citizen can re-assert their right to privacy but that would seem to be necessary in some cases (e.g. Twitch streamers wanting to remain incognito to avoid getting SWATted or otherwise frequently visited by police).
Rights depend on jurisdiction. I’m not aware of any right to privacy regarding place of residence or tax returns in Sweden.
A resident is entitled to file for a “protected identity” which would obscure their address, phone number and person number on these types of services. Even celebrities tend to avoid doing that unless they have a persistent stalker, because it leads to all sorts of practical problems when dealing with everyday administration.
That's because you usually can't.
In extreme cases you may be eligible for protected identity[1], but that status is not easily achieved.
[1] https://skatteverket.se/servicelankar/otherlanguages/inengli...
You can see addresses, if they own dogs, which cars they own, what salary they have (the site I linked needs payment for that, but there's other ways to get it for free), the companies they own or own a part of.
https://news.ycombinator.com/item?id=28866805
https://news.ycombinator.com/item?id=28867562
The SSN wasn't supposed to be used for identification at all, at first. [1] But the government decided that didn't apply to them, and then they decided that it didn't apply to anyone else.
1: https://www.nytimes.com/1998/07/26/weekinreview/the-nation-n...
We have bespoke solutions to keep passwords and numbers out of logs by obscuring certain key, value pairs, but that’s exactly what it is. Bespoke.
Those fields should be protected at all levels. I don’t know if I would go so far as calling it a cross cutting concern, but there is definitely a problem with stringly typed data that is a mix of PII, privileged data and common knowledge.
Any time our model is to be exposed to an unsecure context, it is reflected for these PII attributes and mapped into a special redacted variant of the same model.
For purposes of troubleshooting, the redacted model properties receive the sensitive data as a hash after it has been passed through salted SHA256. This allows for us to correlate sensitive things like SSNs between multiple log entries for the same work item, but unable to correlate across different work items.
If you haven't worked in a large company in recent years, maybe you haven't seen it, but it feels fairly standard these days.
Edit: that massive string on line 203 is awfully suspicious...
Double edit: there's another massive string a few lines above that, and the script on line 1188 is pretty interesting too
And the source seems to indicate this is the "public ssn search", and that a "search by full ssn" probably also exists.
E.g.:
> Though no private information was clearly visible nor searchable on any of the web pages, the newspaper found that teachers’ Social Security numbers were contained in the HTML source code of the pages involved.
And the layout of that site - I suspect when you clicked through to look at a teacher, it would display the Name + last 4 of their social security number with their teaching credentials. I suspect that if you viewed source on that page, the full SSN was in the retrieved data but the page was just displaying the last 4 digits.
Can't confirm without the Archive site actually pulling live data but it seems to line up.
https://news.ycombinator.com/item?id=28866805
Deleted Comment