ID fraud already makes a lot of SSN non-unique; one in seven SSN has been used more than once, though the SSA doesn't report this to the owner of the SSN.
SSNs are not (yet) reused. There's ~900 million potential SSNs, we've run through half, and are using ~5.5 million a year, which gives us at least another half a century before we have to start reusing.
SSN weren't designed as unique identifying numbers - in fact, until 1972 the cards explicitly said it should not be used as such. It is also way too short to be unique ID within imaginable timeframe. The fact that it is used as such is because americans have no choice - no other common ID to use. Some use name + birthdate instead, but that's even worse.
SSN are supposed to be unique. They are not. If you try to use them as a unique identifier in a database, your customers/end users will be sorry. In the payroll app that I'm currently working on, 111111111 is used as a temporary number. Which ends up not being temporary enough.
Back in the 1990s I was trying to convince my colleagues not to use SSNs as unique IDs. I've since noted that quite a few organizations that had gravitated to SSNs as IDs had to go through expensive and chaotic migrations to real unique IDs.
In theory, yes. Though SSNs aren't unique. Which was a problem for me, though I guess the other holder of my SSN has passed since I haven't had any issues in years.
I'm not arguing with that at all! I'm saying that the fact that they aren't hasn't actually stopped anyone from using them that way.
When this assumption is violated, a psuedo-identifier is assigned. I have worked with multiple systems that work this way and it is the norm in finance and was the norm in higher education until relatively recently. State government information systems also use SSN as primary identifier surprisingly often, and in the system I've worked most closely with reused SSNs were resolved by just deleting the old record.
You could say that SSNs are the perfect storm - they aren't unique, but they're pretty close to unique, and this allows you to rely on SSNs as an identifier for long enough that when you run into a problem you're too dug in and so you find a workaround. For example, assign non-citizens "SSNs" with prefixes not used by SSA---this was the norm in higher ed, and many institutions "eliminated" the use of SSNs by just handling all students as international.
The IRS, of all organizations, uses SSN as a primary means of identifying individuals. They absolutely run into all kinds of problems with this that must be resolved by using other information as well but that doesn't stop them because it's just too convenient. Many such defects in use of SSNs are resolved by assigning an ITIN, which is just a pseudo-SSN with first digit '9' which is not in use by SSA. Even EINs have the same digit length as SSNs, suggesting that they're handled as SSNs by some systems.
Or consider this similar situation: name and DOB are not unique, but this doesn't stop them being near universally used as primary identifier in healthcare information systems. Actually healthcare widely used SSN before HIPPA mandated a change.
reply