Join 3,555 readers in helping fund MetaFilter (Hide)

Tags:

Is it okay to include SSNs as part of an email address?
November 14, 2012 11:45 AM   Subscribe

A local community college is considering new ways to format student email accounts to avoid problems arising from multiple students having the same name. One suggestion is to include the last four digits of the Social Security Number as part of the email address. I don't know anything about FERPA, but this doesn't sound like a good idea to me. Before I speak up on the issue, though, I was hoping someone here could provide me with some additional info on privacy laws.
posted by jackypaper to Law & Government (37 answers total) 1 user marked this as a favorite
 
I can't speak on the privacy laws, but I have to use those digits in a lot of fairly important contexts, like confirming things at my bank, my doctor's office, and other transactions. I would be pretty upset if my public email address included them. Also, they're not especially useful for people trying to find someone's email address-- if finding jbrown02 is problematic, how would jbrown5890 be any better? (Also, what if a student didn't have a SSN?)
posted by jetlagaddict at 11:48 AM on November 14, 2012 [2 favorites]


This would not pass my institution's FERPA interpretation, nor any reasonable smell test in my opinion.

Why wouldn't they just do what everyone else does and assign the emails in numerical order. For example:

John Smith's email is smith001@blank
Sarah Smith's is smith002@blank

and so on?
posted by Think_Long at 11:52 AM on November 14, 2012 [4 favorites]


I had those same thoughts. Somehow I ended up on a committee where this is being decided. Coming from a layman's point of view, I wanted to make sure I wasn't alone in my doubts about such a naming convention.
posted by jackypaper at 11:52 AM on November 14, 2012 [1 favorite]


I work in a compliance at a Big Company and part of my bailiwick is advising on the use of personal information, including Social Security numbers.

It is trivially easy to generate unique, non-colliding ID numbers (incrementing or otherwise) for students and employees. It is not trivially easy to manage the collection, processing, and dissemination of Social Security numbers for the purpose of generating an ID code that doesn't need to have any intrinsic tie to a person's SSN.

It is also a colossally BAD IDEA to work with Social Security numbers when you don't have to given the typically lax controls and frequent data breaches that occur at educational institutions.

Don't even bother getting to federal or state law or rationalizing this sytem - cut it off before it goes anywhere.
posted by Inspector.Gadget at 11:55 AM on November 14, 2012 [11 favorites]


Horrible idea. Researchers have found that the first 5 digits are very easy to guess: Given an individual's birthday and state of birth, "Acquisti and Gross ... could identify in a single attempt the first five digits for 44 percent of deceased individuals who were born after 1988..."
posted by Mr.Know-it-some at 11:55 AM on November 14, 2012 [11 favorites]


This is terrible for usability and privacy and possibly legal reasons. You could assign simple name-based addresses for the first student with that name, and add an incremental integer for later students
posted by East Manitoba Regional Junior Kabaddi Champion '94 at 11:57 AM on November 14, 2012


nthing jatlagaddict that I would not be happy if someone were using the last four of my SS as part of an email. especially if it was widely known that's where the numbers came from. Too many companies use the last four digits as sources of verification that you are who you say you are.

The way it seems to work on our campus is to use the first initial of the first name and the last name.

jackypaper would be jpaper@campus.edu

if that's taken, then they include the next letter: japaper@campus.edu

eventually some combination of the name jacpaper, jackpaper, etc won't be taken.
posted by royalsong at 12:01 PM on November 14, 2012 [1 favorite]


I'm really surprised a committee is deciding this. A college's well-trained, well-informed IT department--who presumably would have a lot to say about how email addresses are formatted--should be making this decision.

Having said that, this is one of the dumbest ideas I've seen in a while. It is classic "I'm solving a different problem than you've presented" behavior.

If the problem is that they need to differentiate and make unique each student's email address, a partial SSN is one of the LEAST secure ways to do it. There are multiple other, more secure ways to accomplish this that don't 1) potentially violate FERPA and 2) don't advertise the college's position as completely naive when it comes to information security.

e.g., Sequential numbering. Or random numbering. Or using a firstname.m.lastname@domain.edu formulation.
posted by ImproviseOrDie at 12:01 PM on November 14, 2012 [1 favorite]


Surely the students each have a unique student ID number? Why not use that instead of the SS number?
posted by EndsOfInvention at 12:01 PM on November 14, 2012 [6 favorites]


Do not use any part of the SSN. Consider how many things require you to have "last 4 digits of SSN" as a verification.

I know one institution that does first letter of first name, first 5 characters of surname, and then a 2 digit sequential number to differentiate among the john smiths.
posted by rmd1023 at 12:05 PM on November 14, 2012


I'm really surprised a committee is deciding this.

Welcome to the bureaucracy of higher education.

Yes, as everyone has said, this is a terrible, terrible idea, and it would make me worry about other areas in which personal data was being treated in an insecure manner.
posted by elizardbits at 12:05 PM on November 14, 2012


@ImproviseOrDie: When it comes to higher ed, never be surprised that a committee is deciding something. And never be surprised when the advice of experts is ignored. It's a weird dynamic.

At any rate, thanks to everyone for your counsel and opinions.
posted by jackypaper at 12:08 PM on November 14, 2012 [2 favorites]


Bad idea from a security perspective, but also a bad idea in terms of trying to solve the original problem.


Even if there was no security issue with using the last four digits of the s.s. number, there is no guarantee that the last name and 4 digit combo would be unique.

e.g.

Two people named Smith or Wang that have the same last 4 digits is quite possible to have. Now you are back to your original problem again.

Go sequential - that's what most organizations / universities with this problem do.
posted by bottlebrushtree at 12:08 PM on November 14, 2012 [4 favorites]


Everyone here is correct - this is a horrible idea.

Beyond the obvious points already made, there are two other problems:
posted by saeculorum at 12:19 PM on November 14, 2012 [1 favorite]


When it comes to higher ed, never be surprised that a committee is deciding something. And never be surprised when the advice of experts is ignored. It's a weird dynamic.

Yeah, it's been about 12 years since I worked in higher ed. I completely forgot about this kind of idiocy.
posted by ImproviseOrDie at 12:20 PM on November 14, 2012 [1 favorite]


Class year graduation and a combination of first initial, last name, and an individual identifier such as middle initial. For example someone graduating in 2019 could have Psmith19@college.edu or Pxsmith19 or Psmith219. This also works for alumnae.
posted by Gungho at 12:23 PM on November 14, 2012 [1 favorite]


EndsOfInvention  Surely the students each have a unique student ID number? Why not use that instead of the SS number?

Not a good idea either. It's common for campuses to use student ID numbers or partials thereof to verify identity for access to sensitive personal information, or as a screening label for exam results.

That a community college committee is even considering the use of SSN for a public-facing purpose makes me pretty nervous about their information security practices.
posted by hat at 12:27 PM on November 14, 2012 [3 favorites]


This is a terrible, terrible idea.
1. The privacy issue alone should be sufficient to kill it.
2. The last four digits of an SSN are not necessarily unique.
3. What do they propose to do for students who do not possess an SSN? (Such as exchange students from other countries.)
posted by Multicellular Exothermic at 12:30 PM on November 14, 2012 [1 favorite]


At my school we just did first initial, last name, and numbers. The first John Smith enrolled would be jsmith1, Jenny Smith would be jsmith2 and so on.
posted by mlle valentine at 12:38 PM on November 14, 2012


I work in a college's IT department; here's our method for generating usernames:

first initial + middle initial (if available) + last name (so, John Quincy Adams would have jqadams as a username, and Abraham Lincoln would be alincoln).

If and only if that construction results in a collision, a global collision number (i.e. starts at 1 for the first collision, and is incremented thereafter) is added. (thus, jqadams1 for Jane Quincy Adams, and alincoln2 for Abigail Lincoln).

The global collision number keeps bookkeeping simple, since you don't have to keep track of how many collisions each username has.

Many of the methods described here (adding class year, or adding subsets of SSN or student ID number, for example) don't solve the collision problem; they just make it less likely, which isn't what you want.
posted by orthicon halo at 12:47 PM on November 14, 2012 [4 favorites]


(Additionally, regardless of whether using a subset of the SSN or student ID would solve the problem or not, it's a terrible idea. Don't do it.)
posted by orthicon halo at 12:51 PM on November 14, 2012


Serious question: why don't you just let them choose their own usernames? Once a username is reserved, it's gone for good, even once the person has left the university.
posted by kdar at 1:00 PM on November 14, 2012 [1 favorite]


I'd shift to the other side of the @ sign.

John Doe enrolls in 2011? jdoe@2011.college.edu

Another John Doe in 2012? jdoe@2012.college.edu

And on and on.
posted by NotMyselfRightNow at 1:01 PM on November 14, 2012


My old university attempts to pick out usernames in roughly this order:Additionally, one username should absolutely never belong to anyone else after it's initially assigned. Ever. (No, you cannot have that username. It does not matter that its owner died in 1997.)
posted by one more dead town's last parade at 1:06 PM on November 14, 2012


I work at a college and told my coworker about this thread just now and her eyes bugged out of her head. NO NO NO NO NO NOOOOOOOOOOOOO.

My school also does first and second initial + last name. If someone repeats, they just come up with their own different variation on it, since they're allowed to. I knew a girl who would have been "mastoner," except her older brother already had that e-mail and initials. He suggested "imastoner." The school allowed it!

This is not that hard of a problem to determine to require your SSN being in your e-mail address, as long as you allow for a little flexibility.
posted by jenfullmoon at 1:08 PM on November 14, 2012 [3 favorites]


My college used the student's initials followed by a short 3-character hash of all of the letters of their name. By using a hash, you're pretty much guaranteed no chance of collision.
posted by zsazsa at 1:47 PM on November 14, 2012


We do initials plus random number until it's unique. Using random numbers just makes the algorithm a bit quicker.

With real names (e.g. last name) in usernames, we often run into name changes where users want to change their usernames too. Some of our systems cope well with that. Some really don't. Using initials makes such requests less likely and easier to refuse. Also, some people have really long last names, which can be problematic for usernames in some IT systems.

Last four of ssn is a really terrible idea.
posted by idb at 1:50 PM on November 14, 2012


A better alternative would be part of the last name followed by the day and year of birth. John Smith, born on the 4th of July 1990 would be jsmith0490@xxx.edu. Even for John Smiths, this allows for up to 31 different identifiers for each year of birth.
posted by megatherium at 2:17 PM on November 14, 2012


Anything more meaningful than a sequence number will conflict eventually.
posted by ckape at 2:33 PM on November 14, 2012


My college used the student's initials followed by a short 3-character hash of all of the letters of their name. By using a hash, you're pretty much guaranteed no chance of collision.

But if two people have the exact same name, you're guaranteed a collision...
posted by BungaDunga at 2:39 PM on November 14, 2012


But if two people have the exact same name, you're guaranteed a collision...

True. But the hash can involve other personally identifying information. Just enough to make it unique.
posted by zsazsa at 2:55 PM on November 14, 2012


Remind the committee that the last 4 of SSN and date of birth are commonly used as security questions for anything from health insurance to credit cards. If you're using last 4 of the SSN for the e-mail, all they'd need to get is the date of birth. They'd be giving up 50% of security verification.
posted by Verdandi at 3:12 PM on November 14, 2012 [1 favorite]


I work at a University.

the first person with first name starting with D and last name Williams, got dwilliams, the one after that got dwilliams1, I'm dwilliams16, and we're up in the 30's at this point.

Do something like that.
posted by deezil at 4:33 PM on November 14, 2012


There is absolutely no reason to have SSN's attached to student identity in such a public manner.

At the community college I recently attended, the email addresses were composed of the student's first initial, the first 6 of their last name AND the last 4 of the Student ID number (which was not their SSN).

The university i now attend does first initial, first 6 of last name and then adds 1,2,3 etc. for repeats.
(Both are in California)
posted by ApathyGirl at 6:45 PM on November 14, 2012


I work at a major university. Oh HELL no. Please use one of the suggestions above like first initial + last name [+ collision number if necessary] or whatever makes sense.

Just OMG not anything involving the SSN.
posted by Lexica at 8:21 PM on November 14, 2012 [1 favorite]


From 1995 to 1997, I attended a large state university that used my full SSN as my University ID number. Around 1997 they switched to some other system because obviously theirs was dumb.

The entire time I was a student at this university, they had email addresses of the form ande0001 for the first Anderson students, on up, and anders001 for other types of affiliates (staff, alumni...), and never included my SSN.

In 1998, I moved to a different university that lets you pick your own email address and lo it was awesome but you were stuck with what you picked as a freshman. Now in the corporate world my job interacts a lot with IT, I see the many different aliases that are possible behind the scenes, and I see the way they are broken by exceptional cases that someone didn't think to standardize.

Conclusion as user and eventually from the organizational side:
- No SSN
- Standardize, and consider all exceptional cases
- Choosing an email address was awesome.
posted by whatzit at 3:37 AM on November 15, 2012


No SSN please. Most of the bank a/cs, telephone a/cs, utility companies use my four digits to verify me.

Can't you use something like


[username][yearenrolled]@localcollege.com?
posted by bbyboi at 11:36 AM on December 2, 2012


« Older Is it safe for my little girl ...   |  My brother is going to prison ... Newer »
This thread is closed to new comments.