Are we allowed to collect ssn with just ssl?