There’s a bunch of folks out there who are advocating for publishing all SSNs, and so wanted to point out (courtesy of Michael Froomkin’s new article on Government Data Breaches ) that it would be illegal to do so.
42 USC § 405(c)(2)(C)(viii) reads:
(viii)(I) Social security account numbers and related records that are obtained or maintained by authorized persons pursuant to any provision of law enacted on or after October 1, 1990, shall be confidential, and no authorized person shall disclose any such social security account number or related record.
Which doesn’t impact on your policy analysis, but since you need to advocate for a law being changed, we might as well advocate for the right law, rather than a change you hope will have certain effects.
In my view, the right law is one that says that reliance on the SSN for authentication or authorization purposes shall be presumed negligent.
Oh, and Froomkin’s article is delightful too. Take a look.