Slashdot Mirror
US Studying Ways To End Use of Social Security Numbers For ID (securityweek.com)
wiredmikey quotes a report from Security Week: U.S. officials are studying ways to end the use of social security numbers for identification following a series of data breaches compromising the data for millions of Americans, Rob Joyce, the White House cybersecurity coordinator, said Tuesday. Joyce told a forum at the Washington Post that officials were studying ways to use "modern cryptographic identifiers" to replace social security numbers. "I feel very strongly that the social security number has outlived its usefulness," Joyce said. "It's a flawed system." For years, social security numbers have been used by Americans to open bank accounts or establish their identity when applying for credit. But stolen social security numbers can be used by criminals to open bogus accounts or for other types of identity theft. Joyce said the administration has asked officials from several agencies to come up with ideas for "a better system" which may involve cryptography. This may involve "a public and private key" including "something that could be revoked if it has been compromised," Joyce added.
Sounds like another attempt at a national ID. I am sure it will go as well as all the past efforts.
Doesn't solve the problem though. You still have high-value information linked to the TID, which ultimately is the root of the problem.
Ultimately you need the TID to be unique to each taxpayer, and a subset/hash of the TID plus additional information to be linked for other (financial) purposes. The IRS should be the only ones able to re-associate you to a unique qualifier.
But, until you eliminate the profit motive for credit bureaus everything will end up being re-assembled. Back to square one.
There's nothing wrong with using SSNs for ID. A unique number for each person in the country? Perfect.
The problem is when it gets treated as a secret, and abused for "authentication". It's not a secret, any more than your date of birth is a secret. It should be treated as publicly available information. Merely "knowing an SSN" should not be sufficient information to do much of anything, except possibly "give someone money".
Good start.
Just stop at asking the question: what do other countries do. Presumably, Sweden, Great Britain, Japan, France, Germany, Kenya, Brazil, Canada, and may others have been in the same situation. Let's not find out how they did it. Presumably, the solution is separate numbers for a Financial/Tax ID, Social Security Number, Medicare Number, and the like.
I know what we can do! We can give a $10 million contract to Equifax for them to find the solution for us! No-bid contract, of course.
Make the companies who lost people's identity data in hacks pay for it. All of it. They're the ones who broke SSNs. They should be the ones who pay to fix it.
Well by law it's supposed to only be used for Tax identification purposes. Not healthcare, not insurance, not anything else. But everybody just ignores the Privacy Act of 1974 because it's never been enforced.
I'm too lazy to compose a creative sig.
Practically half of us are already hacked NOW.
Let me fix it for you.
Practically half of us know we are already hacked now. The rest will learn soon.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
All theories that sound reasonable on paper but are utterly divorced from reality. Only useful for keeping people dumb, just like in the totalitarian dystopias you so decry.
If you ever step out of your mom's basement (real or allegorical) into the scary, scary world, you'll notice that the US de facto already has this. In most of the country, you can't get anywhere without a car and you can't drive without a driver's license. And folks without one readily get a state ID because in most of the US, you literally can't even do as much as buy a beer without either. Also note that a lot of western European nations have national IDd, and are politically further away from totalitarianism than Ameristan, with (among other things) protection of personal privacy that still has some semblance of meaning. Do you really honestly believe the fact that there's formally no national ID is much of a hindrance to US government services intent on tracking their citizes?
On a more anecdotal note, I subjectively felt/feel far freer in Western European countries with state ID than in the USA; among many other things, I got ID-ed almost an order of magnitude more often in the latter country. Sure, I could in theory have refused and suffer the consequences, but that "in theory" is exactly why the US is so backward - you conservatives/libertarians/whatever should really get your feet on the ground and start talking in real life terms instead of lofty theoretical concepts that are hollow and being circumvented right under your firmly airborne noses.
And don't even get me started on SSNs; when I read this story, I rolled my eyes so hard that it was almost audible. Assuming you don't dedicate your life to paranoidly protecting your SSN, its security is an illusion. You know as well as I that your SSN is pretty much everywhere, and identity theft rates are only as "low" as they are because most criminals find it easier to rob people at gunpoint than to jump through a few loops in order to steal the ID of someone who more often than not will turn out to have more liabilities than assets.
I guess you grew up with it and you'll never understand how utterly bizarre it is to foreigners that there exists a simple 9-digit number that has such huge power over a lot of aspects of your life that it may be your biggest secret, YET YOU HAVE TO FILL IT INTO SOME FORM OR SPEAK IT OUT ON THE PHONE ON A MONTHLY BASIS. Hello? Is this thing on?