For non-Americans (and Americans) that don't quite understand what SSN is and why it's a problem, CGP Grey [1] has a great (and short) video about the history and why it's not technically an identifier, but has become one.
It's so interesting how Australia went the other way and actually banned the use of any government-issued ID number as a primary identifier by any organisation other than the government department which issued that ID number.
In the 80s, the very popular Aussie prime minister, Bob Hawke wanted to introduce a National ID card, complete with a unique number, that would then be used for everything from Medicare to tax filing. The government however did not have the numbers to pass it through the Senate. Hawke called a double dissolution (dissolving both lower and upper houses of parliament) over the issue. He was returned to power after the election but still without a majority to get the bill through.
There were then attempts to use "other" government issued ID cards like the Medicare number, for this purpose. To prevent this, a few years later, a bill was passed that would prevent any such use.
In reality, this means businesses can ask for government issued numbers but it has to be optional and voluntary, and never used as a primary ID. When I go to my doctor for example, I can provide them with my medicare number, in which case they will claim the Medicare rebate on my behalf automatically, or I can refuse to provide them this number, pay the doctor's fee in full, and claim the rebate from medicare myself separately. Similarly I can provide my bank with my tax file number, in which case they will automatically tax my interests earned according to my income band. Or I can not provide them my tax file number, in which case they'll tax my interest rate at the highest income band, and I can then get the money back from the tax office when I file my tax returns at the end of the year.
In Australia we don't have a Bill of Rights. We don't even have a right to freedom of speech. The police can ask us to unlock our phones without a warrant; etc etc. Yet when it comes to privacy, our laws are very clear. For a country with such a history of protecting individual liberties, it always amazes me that the United States takes such a laissez faire approach to privacy.
The video doesn't quite get into the problem of identity theft, which is when someone uses your stolen creds to claim they are you, and then go on a shopping spree which may include buying a car under your name. You shouldn't be liable for debts incurred after having your identity stolen but proving that is a lot of work.
> You shouldn't be liable for debts incurred after having your identity stolen but proving that is a lot of work.
The first step is to call it what it is: fraud by misrepresentation. The owner wasn't deprived access to their identity (a key component of theft), they weren't even involved in the transaction. Companies want to have their cake and eat it - have low barriers to making sales/offering loans without rigorously verifying the identity of the person benefiting and be shielded from losses when their low-friction on-boarding fails lets in fraudsters.
If a home buyer is duped into transferring deposit into a fraudsters account, they don't blame it on corporate "identity theft" and put the escrow agent on the hook by default.
The reason the Shaggy defense doesn't work is the default assumption of the courts is that you're a deadbeat trying to game the system. This assumption comes about because in the majority of cases it is the truth. The system would be a lot nicer if there weren't people trying to scam it every hour of every day of the week.
When I was in the Boy Scouts, a local judge came to speak with us about the legal system. I asked a similar question and he admonished me that innocent people never wind up in court. He explained that every person who is in a trial (criminal or civil) is guilty of something. A judge's job was merely to determine if the prosecution or plantiff was correct about what the defendant was guilty of. He was very annoyed that ignorant people, who had never been to law school, kept spreading this nonsense that some defendants were innocent.
The problem with putting a value judgement on this is that it will precondition people to assume good faith or bad faith on the validity of the assessment based on how they interpret the fairness of the court system.
Instead, we could just say that the majority of the cases are people trying to get out of legitimate debts. If we wanted to go farther, we could say that's because some people just don't feel responsible for their own debts and some people make a choice that a last ditch effort to get out of a debt they know they should pay rather is the lesser of two evils when the alternative is to continue to fail to provide adequately for their family given their circumstances, and how different people may draw that line at different points.
That's harder to articulate and a larger discussion that may be a tangent people aren't interested in discussing though, so it's probably just simpler to keep the value judgements out of it if the intent is to keep the discussion productive.
Instead, we could just say that the majority of the cases are people trying to get out of legitimate debts.
There's another discussion which could be had about just how legitimate even "legitimate debts" actually are in some cases but that's even more in the woods.
When someone named adamomada comes to the bank for a loan, the presumption is that
adamomada will repay the loan.
If they knew it wasn't you, they wouldn't have written the loan in the first place. They're asking you to repay it because they really do think it was you.
If "it wasn't me" was all anyone had to do to get out of paying a loan, many people would do it.
It's much more subtle, fraud is accepted and part of the business. Even if you are not 100% certain of the identity of the person, what matters is how likely you are going to get paid back.
For example, when you purchase online, some merchants do not check who is the owner of the card, or the address. It's done on purpose, because some people borrow the card of the others, some people don't want to use their card, etc. And overall it's all about risk management, but if the holder is really the one in front of you is just one factor among others.
It’s not “accepted” as much as it is just simply impossible to completely avoid at any kind of scale.
Even if online payments were eliminated, and you had to show up in person with a birth certificate and passport to perform a transaction, fraud would be non-zero.
To have a functioning business, people need to be able to use the system.
Is that even a Shaggy defense? The whole point of the Shaggy defense was that it's saying it wasn't you despite overwhelming evidence ("She even caught me on camera - it wasn't me")
But in this scenario, there is basically zero evidence it was you
I thought it was, they would have to have some sort of evidence of your name, dob, ssn, blood type, etc. But in the end it was just your information used fraudulently; you the person did not authorize the loan and therefore it really isn’t your loan.
"Identity Fraud" is institutionalized victim blaming. The claim is that the person who's identity was stolen was defrauded (and they should protect themselves or fight back), but in reality it was the creditor that got defrauded.
In many other places SSNs are non-sensitive data. There is not much one can do just knowing a SSN. Usually one has to do some kind of verification (eg using some sort of authentication app, if online). Which is why it is so confusing.
[1] https://www.youtube.com/watch?v=Erp8IAUouus