US Studying Ways To End Use of Social Security Numbers For ID

wiredmikey quotes a report from Security Week: U.S. officials are studying ways to end the use of social security numbers for identification following a series of data breaches compromising the data for millions of Americans, Rob Joyce, the White House cybersecurity coordinator, said Tuesday. Joyce told a forum at the Washington Post that officials were studying ways to use "modern cryptographic identifiers" to replace social security numbers. "I feel very strongly that the social security number has outlived its usefulness," Joyce said. "It's a flawed system." For years, social security numbers have been used by Americans to open bank accounts or establish their identity when applying for credit. But stolen social security numbers can be used by criminals to open bogus accounts or for other types of identity theft. Joyce said the administration has asked officials from several agencies to come up with ideas for "a better system" which may involve cryptography. This may involve "a public and private key" including "something that could be revoked if it has been compromised," Joyce added.

Step one and two.

[msauve]

Unlink SSN from TID (Taxpayer ID). Banks need TID, they have no business with SSN. Unlink SSN from healthcare (it wasn't legallay required until Obamacaare, although healthcare providers used it).

Re:Step one and two.

[ctilsie242]

You can have a national ID system, but the way it likely will be designed will be a jackpot for all well-heeled attackers.

Instead, why not a national ID system based on certificates? For example:

When someone turns 21 here in the US, the country they were born in signs a certificate stating that the owner is over 21. This way, a bar owner has 100% cryptographic proof that someone is of legal age to drink... but doesn't need to know their name or any other info about the person.

If a degree from an accredited school is required, the school signs the ID with a cert showing the degree. That way, it doesn't matter who the person is... but the cert is valid.

Going into short-lived certs, one can have a cert signed by the FBI stating that there are no priors on the RAP sheet. This cert can be valid for a few days. Again, it solves the purpose and gives no data out.

Even credit records, Equifax or whatnot can sign a certificate stating someone's FICO score is over 700, ensuring they have an easy track for qualifying for a house. Since all this requires is a HSM to do the signing, it can be made well secured, with the actual scores being on an air-gapped database.

If we go with certificates, it means that one's privacy is kept, but the legal needs for stuff (age, no criminal history) are met. Add an option for the ID card holder to only show certs that are relevant, and this makes for an extremely private ecosystem.

Secure as well, since the only real points of attack are the cryptosystem (good luck), endpoint cards (which would only compromise users singly), and a signing cert holder (which only affects them). The only real single point of failure would be the physical ID card itself.

Time to implement?

[vlueboy]

Practically half of us are already hacked NOW.
When would something be implemented even if a standard were already agreed upon and mandated? I get the feeling this will be treated like Android security where if you don't invest in X flagship, which is optional and expensive, you're just not covered. 140 million is nearly half of all US citizens. I'm pretty sure we can't just reprint all our forms, reprogram all our websites, rework all our databases and change the mentality towards accepting the new name and (hardest of all) technical requirements of the new setup.

All in all, we need a solution (whatever it is) Yesterday, but even in 1, 3, 5, 10 or 15 years I can't see it really in place (there is failure inertia of British / Metric conversion proportions here). Reminds me a bit of the stupid job we've done when it comes to the spirit of the law for chip&pin Credit cards, being optional and all and totally backward compatible to the old insecure method when the card gets stolen to pay for something online without you there (which is the point).

Virtual SSN - White House Petition ?

[perpenso]

I was thinking about a White House petition for Virtual Social Security Numbers:

Virtual Social Security Numbers
Single use numbers that are aliases for your real number.

To protect consumers from fraud and theft many banks now offer Virtual Credit Card Numbers. They are aliases, pseudonyms, for a real credit card number. They “lock” to the first merchant to use them. If a merchant’s database is compromised and a virtual credit card number is exposed, it is unusable. All charges not originating from the first merchant are declined.

The Social Security Administration could use a similar scheme to protect employees and consumers. A Virtual Social Security Number could be given to an employer or financial institution and the number “locked” to that organization when they verify the number with the government, submit information to the government, etc. If a different organization then tries to verify or use the number the government will fail to verify, reject the submission, etc. This would help impede identity theft and financial fraud as employers and financial institutions inadvertently expose employee and consumer information.

Virtual Credit Card Numbers are generated as needed using a credit card issuer’s online services. Virtual Social Security Numbers could similarly be generated as needed by the Administration through its online services.

The Internal Revenue Service could employ a similar scheme for their various taxpayer identification numbers.

User name equivelant

[burtosis]

Your social security number should really be viewed as a unique user name and not for purposes of authentication. You could then have one or more passwords for authentication purposes. Say one for taxes, one for mecdical, one for credit - you could change your password easily in the case of a data breach and it's less important if your user name only is leaked.

Re:National ID?

[chill]

So, use the driver's license as the identifier. You have to physically go into the DMV and prove your identity to get one -- just like now. Nothing's perfect for this step, but this is one of the more workable and accurate systems so far.

Change the cards to be PIV/CAC/HSPD-12-style smart cards, so they can store a private key unique to the individual. These can be used for legally binding digital signatures.

You end up with 56 or so "certificate authorities" -- the 50 States, the various U.S. possessions and territories, and the Federal Gov't themselves. States already can validate each other's DL numbers and records in real time.

This deals with the concerns of having the big, bad central government in charge of everything yet still provides for a workable, federated system.

I don't care how safe you feel, you're wrong

[HBI]

Somehow, I made it out of my parents' basement over the past 48 1/2 years. In the process, I got a clearance and roll with more background checking and additional ID than most people will ever have. None of that makes me feel even slightly safe, because I know it's all bullshit, really. It doesn't protect against espionage, identity theft or anything else, really. Moreover, the aggregation of key information into a single database is what enabled the OPM breach that gave it all away to (presumably) the Chinese. So some guy in China now knows everything about me, including my personal contacts and whatever data the USG gleaned during my background investigation.

I subjected myself to this, and I really only have myself to blame for being captured in the OPM hack. People shouldn't be forcibly subjected to this for zero gain in any critical way. And the data won't remain secure. That much is obvious, now. Governments cannot secure electronic data.

There's lots wrong with the system, but an ID card with crypto isn't going to fix anything, just make things worse.