WASHINGTON --- For all the concern about identity theft, researchers say there's a surprisingly easy way for the technology-savvy to figure out the precious nine digits of Americans' Social Security numbers.
"It's good that we found it before the bad guys," Alessandro Acquisti of Carnegie-Mellon University in Pittsburgh said of the method.
Mr. Acquisti and Ralph Gross report in today's edition of Proceedings of the National Academy of Sciences that they were able to make the predictions using data available in public records and information such as birthdates on social networks such as Facebook.
For people born after 1988 -- when the government began issuing numbers at birth -- the researchers were able to identify, in a single attempt, the first five Social Security digits for 44 percent of individuals. And they got all nine digits for 8.5 percent of those people in fewer than 1,000 attempts.
For smaller states their accuracy was considerably higher than in larger ones.
Mr. Acquisti said in a telephone interview that he has sent the findings to the Social Security Administration and other government agencies with a suggestion they adopt a more random system for assigning numbers.
Social Security spokesman Mark Lassiter said the public should not be alarmed "because there is no foolproof method for predicting a person's Social Security number."
"The suggestion that Mr. Acquisti has cracked a code for predicting an SSN is a dramatic exaggeration," he said via e-mail.
However, he added: "For reasons unrelated to this report, the agency has been developing a system to randomly assign SSNs. This system will be in place next year."
The researchers say their report omits details to make sure they aren't providing criminals a blueprint for obtaining the numbers.
The predictability of the numbers increases the risk of identity theft, which cost Americans almost $50 billion in 2007 alone, Mr. Acquisti said.
A problem in the battle against identity thieves is that many businesses use Social Security numbers as passwords or for other forms of authentication, something that was not anticipated when Social Security was devised in the 1930s. The Social Security Administration has long cautioned educational, financial and health care institutions against using the numbers as identifiers.