Slashdot Mirror
US Studying Ways To End Use of Social Security Numbers For ID (securityweek.com)
wiredmikey quotes a report from Security Week: U.S. officials are studying ways to end the use of social security numbers for identification following a series of data breaches compromising the data for millions of Americans, Rob Joyce, the White House cybersecurity coordinator, said Tuesday. Joyce told a forum at the Washington Post that officials were studying ways to use "modern cryptographic identifiers" to replace social security numbers. "I feel very strongly that the social security number has outlived its usefulness," Joyce said. "It's a flawed system." For years, social security numbers have been used by Americans to open bank accounts or establish their identity when applying for credit. But stolen social security numbers can be used by criminals to open bogus accounts or for other types of identity theft. Joyce said the administration has asked officials from several agencies to come up with ideas for "a better system" which may involve cryptography. This may involve "a public and private key" including "something that could be revoked if it has been compromised," Joyce added.
Unlink SSN from TID (Taxpayer ID). Banks need TID, they have no business with SSN. Unlink SSN from healthcare (it wasn't legallay required until Obamacaare, although healthcare providers used it).
"National Security is the chief cause of national insecurity." - Celine's First Law
Sounds like another attempt at a national ID. I am sure it will go as well as all the past efforts.
You'll be able to conveniently use your social security number to get your new id number.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
Clearly says "not to be used for identification purposes" on it. I guess its an oldie.
So, like, you'd go to the SSA website, and they'd give you a string of digits. And you take this string and give it to banks or whatever, and they type it into the SSA website and that brings up who that is associated with. And the owner can revoke their string at any time and replace it with a new one. Better yet, make them all one-time-use, it's not like I REALLY need to use my SSN very often.
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
Blockchain. All the cool kids are doing it! Say it with me... Blockchain!
The new Medicare card will no longer have the primary (usually husband's) SSN as the Medicare number.
https://www.cms.gov/Medicare/New-Medicare-Card/index.html
About friggin' time! I've been doing my best to avoid giving out my SSN where it's not required by law since the '80s.
One big hole that has been going on for decades is Medicare:
* Once you're old enough to be on it, you can't get regular health insurance to pay for the portion of your medical work (often all or the bulk of the cost) that Medicare pays for. Regular health plans turn into cover-the-difference supplements. You must sign up for Medicare or pay the charges yourself. (And if you don't have the government imposing price levels or the insurance companies negotiating deep discounts you get to pay the drastically inflated "regular price" that makes up for their discounts.)
* But if you DO sign up for Medicare, what do you get for an ID? Your SOCIAL SECURITY NUMBER with a single letter appended after it. They won't provide any alternative (though they have "been thinking about it" for years). You have to give this to ALL your medical providers. Get a prescription or an immunization at a pharmacy, hand in your Medicare ID. Go to a doctor, hand in your Medicare ID. Get a lab test, hand in your Medicare ID. Go to a specialist, hand in your Medicare ID.
Dozens, or even hundreds, of medical billing paperwork operations, with unknown numbers of clerks doing data entry (often offshore) and unknown competency of IT people configuring their databases, get your name and SS#. Some have even been CAUGHT selling them. Oops!
* So then we get stories about how people over 65 have a much higher rate of identity theft - typically trying to imply that these oldsters are lax in guarding their SS numbers. Well, DUH!
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Practically half of us are already hacked NOW.
When would something be implemented even if a standard were already agreed upon and mandated? I get the feeling this will be treated like Android security where if you don't invest in X flagship, which is optional and expensive, you're just not covered. 140 million is nearly half of all US citizens. I'm pretty sure we can't just reprint all our forms, reprogram all our websites, rework all our databases and change the mentality towards accepting the new name and (hardest of all) technical requirements of the new setup.
All in all, we need a solution (whatever it is) Yesterday, but even in 1, 3, 5, 10 or 15 years I can't see it really in place (there is failure inertia of British / Metric conversion proportions here). Reminds me a bit of the stupid job we've done when it comes to the spirit of the law for chip&pin Credit cards, being optional and all and totally backward compatible to the old insecure method when the card gets stolen to pay for something online without you there (which is the point).
Changing the ID doesn't help. The problem is we are not authenticating. We need authentication, then the ID does not matter. Sovrin.org as a start?
tora
There's nothing wrong with using SSNs for ID. A unique number for each person in the country? Perfect.
The problem is when it gets treated as a secret, and abused for "authentication". It's not a secret, any more than your date of birth is a secret. It should be treated as publicly available information. Merely "knowing an SSN" should not be sufficient information to do much of anything, except possibly "give someone money".
Banks and businesses require customers to hand over their SSN, despite it being tagged "Not for use as identification", and then subsequently lose them in breaches. Government says let's replace SSN with something else - let's call it SSN2. What do you think will happen next?
I was thinking about a White House petition for Virtual Social Security Numbers:
Virtual Social Security Numbers
Single use numbers that are aliases for your real number.
To protect consumers from fraud and theft many banks now offer Virtual Credit Card Numbers. They are aliases, pseudonyms, for a real credit card number. They “lock” to the first merchant to use them. If a merchant’s database is compromised and a virtual credit card number is exposed, it is unusable. All charges not originating from the first merchant are declined.
The Social Security Administration could use a similar scheme to protect employees and consumers. A Virtual Social Security Number could be given to an employer or financial institution and the number “locked” to that organization when they verify the number with the government, submit information to the government, etc. If a different organization then tries to verify or use the number the government will fail to verify, reject the submission, etc. This would help impede identity theft and financial fraud as employers and financial institutions inadvertently expose employee and consumer information.
Virtual Credit Card Numbers are generated as needed using a credit card issuer’s online services. Virtual Social Security Numbers could similarly be generated as needed by the Administration through its online services.
The Internal Revenue Service could employ a similar scheme for their various taxpayer identification numbers.
Since the SSN only has 10 digits and there are 300 million citizens it means (ignoring any restrictions on numbers) that
one-third of the possible values [and possibly effectively many more] are used up. All you need do if you need an SSN and expect it
will not be checked by the Social Security Admin is... guess. And someone will get tagged with that data. With a high probability. That's not good.
Start with a US birth certificate.
The start to request banks, building societies show the same person exists. Driver licence? Education institution?
Got a mortgage? Credit card? Utility bill? Who is renting a home?
The best way to work out who is illegal, using fake ID or just treaded a social security number is to request layers of other photo ID.
City, state, federal and private sector documents have to start to match going back years.
Does the life story go back to a lot of other valid US id? Does the trail stop with a fictional number?
Using another persons social security number or creating a fictional social security number should start to show over different federal, city and state databases.
The problem with a reused or fictional social security number is that it should not safe from in depth city and federal level scrutiny.
What worked in the past to get a resume in and cover an illegal persons US university education will not stand to deeper investigation.
Fictional numbers should not be accepted. Reused numbers should be detected.
Start to match birth dates with names, education, work and other ID. Most illegals would have expected their one number to carry them.
Trying to use a social security number as few times as possible with ID built on a cover story should be different from average citizens.
Domestic spying is now "Benign Information Gathering"
Trivia: 6 is the number of man because in the Bible man was made on the 6th day. 6 three times is man exalted.
A simple solution for now would be just to add 4 or 5 digits to the new SSNs that are issued. That would break so many systems that others would have to address the real problem.
Decades ago AT&T had a payroll system that couldn't cope with two employees having the same SSN. It turns out that the SSA has stated that the numbers aren't unique, only unique combined with a last name. If Mary marries Mr Smith and there is a Mary Smith with her SSN, they will reissue her a new SSN. There are millions of people who have been issued replacement SSN so far.
Your social security number should really be viewed as a unique user name and not for purposes of authentication. You could then have one or more passwords for authentication purposes. Say one for taxes, one for mecdical, one for credit - you could change your password easily in the case of a data breach and it's less important if your user name only is leaked.
Many organizations have already addressed this problem by not using the SSN as an authenticator, but instead using only the last four digits of the SSN as the authenticator.
They also use these same four digits as a stand-in for the full SSN in a lower-security context, thereby killing two birds with one stone.
It's brilliant.
Works for the Medical field.
The card I received from them decades ago says it's not to be used for identification. Right there plain as day. But... some time between when I got my card and my daughters got theirs, the SS cards stopped saying that. How long before this new ID will get commandeered for use by businesses and we start the whole game over again?
CUR ALLOC 20195.....5804M
and to effectively voluntarily change your SSN, rendering the original number completely unusable:
To avoid disruption of existing users of the real social security number the real number would remain valid for all users prior to the use of the first virtual number. After the use of the first virtual number existing users of the real number are “grandfathered” but any new organization using it will be disallowed. A consumer may have the option to disallow all use of the real number, requiring legitimate organizations to update their accounts with a virtual number.
It seems to me there may not be any absolutely secure way of attaching a number, code, text string, retina photo, or whatever used for an identity authentication system. As soon as the system is established, someone will figure a way of compromising it. Even some kind of quickly changing, encrypted algorithmic solution one might come up with might last awhile, but it won't last. Tell me I'm wrong.
In a time of universal deceit, telling the truth is a revolutionary act. George Orwell
If you use the SSN as a primary key, you're incompetent and you should resign.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
What is the problem that needs to be solved? Is SSN the problem, or is the over use of SSN the problem? Will any replacement for SSN have the same overuse problem?
It's painfully obvious why a national id is a bad thing. There are people on both left and right who think it is a bad idea.
Another document you have to carry - "papers, please"
Instantly used for voting and other government services to filter those who can get them. That's racist!
YA form of ID to renew
Simple way to make noncompulsory things compulsory - census responses, selective service, jury duty
Just another step toward totalitarianism and the utter devaluation of human liberty. Fuck that. No one wants your efficiency, or your supposed protection from cybercriminals. This reminds me of the old email idea response sheet.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
What ever they decide, someone will make lots of money
oh, and it won't work
Which means someone else will also need to make a lot of money, and they will get to blame the last President of the USA.
You have NOTHING to worry about.... calm down.... there is a plan.
Trump will have started a Nuclear war and you will be dead long before they implement another system.
But the GOOD news is, all the dead people will make the problem much much smaller, saving the (remaining) tax payers billions.
AND the world will be back to the Stone Age anyways so who needs and ID, you will all looking for something to eat, making fires, and sharpening sticks.
Its about time. Finally. So many years too late we begin the beginning of what had really better be "OPEN SOURCE" dialog on how "WE" are identified as real. Or something like that. Just how do you finally, unquestionably really actually have the real me identified (in court criminally or in ordinary commerce)? I would suppose some combination of "Iris Scan" and a DNA sample would do in an extreme case, like a prison sentence, or even a 30 year mortgage- at what age would somebody be assigned an IDENTIFICATION? I'm sure Apple already has "i dentification"
for years to avoid using my SS# for identification purpose - tuff luck.
Argument against my wish is that the "company" has the right to choose what kind of identification they can demand.
It is sooo MF convenient, to have a whole population of a country tracked by ONE key!
Guess who benefits most from it?
Apply for a signed certificate from the government or business like one would get a signed certificate from a CA for their website. If you lose your private key, then you have to repeat the process (and the government or business revokes your old certificate). Make it time consuming such that people aren't willing to go through the process that often, and they won't be so careless with their private keys.
Only if everyone gets to have the number tattooed their forehead!
Sleep your way to a whiter smile...date a dentist!
my ex was born on the 5/6/66
Turned out that she came from the 5th circle of hell.
Give everyone a private key on their birth certificate, and publish a public key as the new SSN.
Make the companies who lost people's identity data in hacks pay for it. All of it. They're the ones who broke SSNs. They should be the ones who pay to fix it.
Please note that this doesn't solve a equally big problem- you shouldn't HAVE to identify yourself for doing most things. A good example would be if you have to prove your age to do something. Age verification doesn't mean that establishment should be allowed to know WHO you are, and even worse, record that fact somewhere. Such acts erode privacy, freedom, and could be used later to frame, manipulate, or harass people.
Only if the font is Olde English! We should have standards!
Wrong, you need to read the book The Number of the Beast. It states that the true number is 6^6^6.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Cool, now I can log onto my bank account with my private key, from a local library PC, which I'm totally sure is not infected with malware because, you know, Windows, and I can feel safe because... why exactly?
Why not adopt a burden of proof system like many other countries have. If you want to identify yourself you need to accumulate a certain number of points. Certain points are required for certain things (e.g. 100 points to open a bank account, 200 to apply for citizen ship etc).
Different items provide different points e.g. drivers license or government ID document with photo 50 points, bank issued document or card 25 points, internationally identifying document like passport 75 points, letter posted to your address 10 points etc.
Then the burden of proof also needs to link the systems together, i.e. you should always have a document with your name, your face, your date of birth and your home address. Mix and match documents until you have the required number of points and all the core parts covered, and bam. ID.
A shame that the laws dictate on the backside that we change our SSN's when it wasn't us that gave them up over, and over, and over, and over. Wouldn't it be nice if every time we screwed up, the government changed the laws for us?
You sound like those idiots that say "MAC addresses are unique, let's use them as an identifier."
Neither your MAC address nor your SSN is a unique identifier.
In fact, identity confirmation is quite difficult, and as an AC I can say that you are totally clueless when it comes to the various issues of identity.
Maybe you should let the adults talk and keep your head down.
Revelations 13, KJV
"Here is wisdom. Let him that hath understanding count the number of the beast: for it is the number of a man; and his number is Six hundred threescore and six."
A score is 20. Do the math.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Cryptography is Evil[TM]
The SSN was never intended to be an ID number. Any organization that ever said "if you know this number, we accept that as proof of identity" was stupid, and frankly should be legally liable for any fraud that they enabled.
The simplest form of identity check is to require a physical government-issued ID with a picture. This could be a driver's license, or a passport, or something similar. These are (a) reasonably difficult to fake, and (b) faking them is a crime. Those may be low barriers, but just knowing an SSN is no barrier at all.
Cryptographic keys? Joe Sixpack and Granny Gina don't have a clue about cryptography, and aren't going to get one. If you want to put a chip into the aforementioned government IDs, to make them harder to fake, sure. But the users don't need to know about this, and shouldn't have to care about it.
Of course, the drivers licenses in the US all look different, which makes them difficult to verify when used out of state. I really do not understand why USAians are so resistant to having a uniform, federal ID. It's not really going to make you any easier (or harder) to track, but being uniform, it would be a lot easier to check it's validity.
Enjoy life! This is not a dress rehearsal.
Have it like Germany, give out national ID cards that require registering residency. Makes a lot of things much easier from generating voter lists to sending out information to finding people in emergencies. That will also end the patchwork of abusing driver's licenses as de facto national ID. Then again, knowing the US governments track records they will immediately find a way to abuse that information.
Anger management issues?
This may involve "a public and private key" including "something that could be revoked if it has been compromised," Joyce added.
Or if you piss off the wrong person. Or if the system fails, or malfunctions. Or...
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
While Blockchain may have the marketcap, my vote for SSN replacement would be the Tangle i.e. quicker, free, public/private. IOT fits right in
Even if the country mandates it, employers will still use it.
Because, at this point, EVERYONE does.
Chas - The one, the only.
THANK GOD!!!
When I got my SSN, some 60 years ago, printed right on the then paper card, it said, NOT FOR IDENTIFICATION USE, or sommething like that. Guess they knew better then.
Trivia: while the link to Nero is POSSIBLE, that's speculative. Nero is actually never mentioned directly in the bible, but the number 666 most certainly is.
King James Version (I reference that as it's one of the older English translations)
Revelation 13:18
"Here is wisdom. Let him that hath understanding count the number of the beast: for it is the number of a man; and his number is Six hundred threescore and six."
As said the "man" being referred to may be Nero, but it doesn't explicitly state that anywhere.
"People who think they know everything are very annoying to those of us who do."-Mark Twain
While I have no specific suggestions on WHAT they should do, I'll agree that this is most certainly a problem that needs to be resolved. Since the dawn of the computing age standard practice has been if an account is compromised, you immediately change your password, yet out in meat-space we're expected to keep a 9-digit number secret (while simultaneously having to hand it out to countless people to conduct business) for our entire lives?
The SSN was created in 1936. That's 10 years before the first modern, programmable computer was invented. It's a product of a by-gone time.
"People who think they know everything are very annoying to those of us who do."-Mark Twain
Comment removed based on user account deletion
Somehow, I made it out of my parents' basement over the past 48 1/2 years. In the process, I got a clearance and roll with more background checking and additional ID than most people will ever have. None of that makes me feel even slightly safe, because I know it's all bullshit, really. It doesn't protect against espionage, identity theft or anything else, really. Moreover, the aggregation of key information into a single database is what enabled the OPM breach that gave it all away to (presumably) the Chinese. So some guy in China now knows everything about me, including my personal contacts and whatever data the USG gleaned during my background investigation.
I subjected myself to this, and I really only have myself to blame for being captured in the OPM hack. People shouldn't be forcibly subjected to this for zero gain in any critical way. And the data won't remain secure. That much is obvious, now. Governments cannot secure electronic data.
There's lots wrong with the system, but an ID card with crypto isn't going to fix anything, just make things worse.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
"and" == "."
Therefore the number of the beast is 660.6
But just watch: This is a foot in the door to hand the verification contract to Equifax. Without a bid.
Have gnu, will travel.
Most sensible part: "ÎÏ...ÎÎÏÏfOEÏ, ÎÏ...ÎÎÏÏfÎÏ"
There is no XUL, only WebExtensions...
Revelation 13:18. Is that so hard to know?
And a reasonable interpretation of the phrase 'for it is the number of a man, and his number is 666' is that while 7 is the number of completion, and the number 3 often found to refer to completion.
From a reasonably useful site:
"Interestingly, man was created on the sixth day of creation. In some passages of the Bible, the number 6 is associated with mankind. In Revelation “the number of the beast” is called “the number of a man. That number is 666” (Revelation 13:18). If God’s number is 7, then man’s is 6. Six always falls short of seven, just like “all have sinned and fall short of the glory of God” (Romans 3:23). Man is not God, just as 6 is not 7."
If you reject the Bible and/or God, then this is merely informative for you - knowing what other people believe and why is rarely a bad thing, and should not be offensive, unless you're offended by the truth, which in this instance is merely the truth of others' beliefs. You're free to believe what you will.
deleting the extra space after periods so i can stay relevant, yeah.
Numerology is more Gnosticism than theology.
deleting the extra space after periods so i can stay relevant, yeah.
Six Hundred
Three Score
Six
How this is anything but '666' is not obvious. The contemporary language of the KJV requires careful interpretation, not reinterpretation.
You may want to steer clear of the original "Pilgrim's Progress'.
deleting the extra space after periods so i can stay relevant, yeah.
Thank you for the information. Now please take your pills and get into the car.
deleting the extra space after periods so i can stay relevant, yeah.
My first SS card, said "not to be used for identification". Oh, I'm sure the government will come up with an alternative...CHIP implants. And they won't make it mandatory, but, if you don't they'll make a law that says if you don't have one, you can't access this government service or that government service. Hell, Sweden is doing it, and thinking about making it MANDATORY. When it comes to the USA, I'll be long gone, but, if I'm still around, I'll save them the fight, I'll just shoot myself. No one is putting an ID chip inside of me. It's bad enough your phone, home computer, GPS, car computers and what not know where you are and what you do all day long, but I'll be damn if someone plants one inside of me or puts a tattoo bar code on my skin.
Sigh, replying to undo unintended mod. Meant to mark interesting.
Hey, Windows users, there is no such thing as "forward" slash, there is only slash and backslash.
It's a representative republic, not a democracy, without a lobbying presence of your own, your Congressman is the place for this kind of request, not a social media holdover from the 44th presidency. That's so 2008.
The social media holdover is also a way to get a conversation going amongst the public, which can lead to many people contacting their senators and representatives. :-)
everyone gets to have the number tattooed their forehead!
This should not even be a problem. The problem is not SSN security. The problem is the way that people think it's some kind of secret password.
On my foreign passport, my SSN equivalent is printed on the same page as my name and photo. It's not a secret because we expect banks and similar businesses to verify identity using photo ID, not knowledge of a random 9 digit number associated with my person.
And that is the problem. That somehow, knowledge of a 9 digit number does not prove that you actually are that person.
I'm not a complete idiot... Some parts are missing.
SSN were never meant to be used for ID purposes and it is illegal to use them as such but this never stopped anyone. What about block-chain? Introducing the Blockstack Identity System
The problem is that with RFID being practically free, becoming more capable and smaller it will not be long before this is mandated at birth, injected into the feet/hands/forehead. The tags will be tied into every object interaction and used for all sorts of metadata hoarding.
Would it be more secure if we have simple feed back solution using 2 ways authentication through phone or computer? Something like If I apply for something, there is pop-up in my phone asks me to confirm? Such implementation already exist with remote login into your work computer and could be trivially replaced each time there is security bridge.
I try to avoid late-era Heinlein. His stuff got so bad.
The issue is not with Social Security numbers. The issue is with systems used to STORE SENSITIVE INFORMATION. You are still going to have the problem of theft, if you do not have a secure system, regardless of whatever identification system you use.
Stop ignoring the problem. Focus on securing your system.
Hey, my SS card says it is not for identification. Past that we put to much weight in a social security number, particularly after the Equfax (and other unknown) security leaks. We need to have a way to verify it is us without an external (copy-able, steal-able) component. And not a dang implanted RFID chip. Are we back to passwords?
One of the older translations, but definitely not one of the most accurate.
Although 666 is indeed the number in most texts, the various translations are all going to agree. But there is an old manuscript and a papyrus fragment that list 616. Not all that important, as with hand made copies there were lots of variations, sometimes mistakes, some added text, some missing verses, etc.
Going with the Crypto idea and public/private keys and a revocation list... what happens if your private key gets revoked by mistake?
People complain about how hard it is to get off the terrorist watch list; how hard will it be to get off the Identity Revocation List? "I'm sorry, you must present your valid identity card to file a complaint." "Your identity can not be found. Please try again." "Your identity has been revoked. Please wait, Identity Removal Services agents will be with you shortly. Please enjoy your time in Guantanamo Bay."
What are all the ways this could go wrong?
Part of the problem is that it's only a 9 digit number. We've already burned through about half of them.
Contribute to civilization: ari.aynrand.org/donate
better close the fucking door.....
Gad, I need to re-read that bit of self referential entertainment R.A.H. wrote.
Thanks for reminding me of a book from my younger days.
NRRPT/RCT
This whole thing is so absurd, given that it was plainly stated on my first Social Security card: "Not for use as Identification." My original card wore out and had to be replaced sometime back, but by then, its use as an ID had become the norm... We definitely need a more secure system of establishing a hack-proof ID.
PlaynBass
That's right. In fact don't give out your SS# to almost everyone. The ONLY ones that need it are banks and it seems health care due to the ACA, sometimes called Obummer care. Something that wasn't even his idea and he admits it.
You can give a fake number to those people. Start it with 555. That will instantly identify it to a guy like me that it's fake and we'll understand.
Yea, but "642, the number of the beast" isn't nearly as dramatic....
This comment is my opinion and does not represent an official position of Donald Trump or others I do not work for
Lack of security education and the use cases involved is why we continue to have this disaster:
Account Universally Unique Identifiers are needed and just like your email should be public knowledge and able to be changed (but not without some difficulty.) It is illegal to track people using SSN or verify their identity with SSN but that has been going on since the start because people didn't LEARN enough to separate the use cases. Keep some uses illegal, but address the use cases and allow it as a universal unique identifier everywhere (with legal limits-- you can't force everybody post comments online using their UUID as their account name.)
SSN is just fine to CONTINUE to use as a citizen number. Let them be published. Children born after X date get a smarter UUID. Something easy to remember, base33 with only 6 characters... 3 for time/place of birth and 3 as a serial number. [A-Z0-9] but remove [OZI] to avoid confusion with [051].
Identity will require 3rd party verification-- by government and allow for other parties to sign on as well.
Use Cases:
Age verification, Endorsements, Tax Id, ownerships, claims, signing, HIDDEN anonymous virtual identities.
Multiple IDs are possible and SHOULD exist. Drinking Age is fine with a photo ID validated by 2D barcode of a digital photo. No identity required-- anonymous age verification!
Online age verification, smart chip... difficult to copy -- again, no identity given whatsoever. A pin could be used SOMETIMES... skydiving vs porn depends on how strong a verification step is needed if you need a pin.
Hidden anonymous identity--- as many as you want but the government with a warrant can discover your true identity. You could blockchain all of your aliases. Corporations, Contracts-- all will NOT know your identity or track you precisely with this info-- but lawsuits and crimes would allow in certain cases your alias chain to be tracked down in court (but not disclosed to corps.) Rent a car, steal it-- get sued and the rental service wins but never knows who you are the whole time; but the cops who arrest you know. Credit cards etc could be done using something like this... bankruptcy or identity protection situations could "reset" you while still maintaining an official secret trail.
Biometrics:
Tattoo your SSN on your fingers and use that as your password. Biometrics also fail at 5th amendment protections.
iPhone X: don't put your password on your forehead, make forehead your password!
Democracy Now! - uncensored, anti-establishment news
I've always understood that 616 refers to Nero Caesar when writing his name in Hebrew numerals, but 666 refers to the Greek spelling: Neron Caesar.