South Korean Citizen IDs Vulnerable, Based On US Model

An anonymous reader writes: South Korea's Resident Registration Number (RRN) has been proven 'vulnerable to almost any adversary' by the 'Queen of re-identification', Harvard Professor Latanya Sweeney, who previously proved that 87 percent of all Americans could be uniquely identified using just their ZIP code, birthdate, and sex. Sweeney was able to decrypt personal information from the RRN numbers of 23,163 deceased Koreans with 100% success by two different methods of attack, and notes that the South Korean system is based on one currently in use in the U.S.

Re:What's so secret about those numbers?

[Pi1grim]

This.

Same system in Estonia. What USA lacks for their SSN - is proper authorisation. Estonia, for example, has state-issued smartcards with assymetric cryptography keys generated on-die and then signed by central certification center, so that at any time you can verify whether ID is active, is not listed as stolen, etc. Software developed to work with the cards is opensourced and available for Win, Lin, Mac under BSD license and can be used to sign documents and encrypt documents for transit (public keys of all active IDs are stored on central certification server, much like GPG keyservers). Number in itself is in no way valid identification, only a valid signature by the private key is accepted as proof of identity. And guess what - identity theft problem solved in most part.