We are increasingly a data-driven world. There are electronic records about us everywhere, and we rely on them in a thousand different ways to identify us.
But anyone who’s ever worked with a system that tries to reliably and consistently identify people knows that it’s a problem. What identifier is ever continuous or persistent? Names have a dozen variations and spellings, and can be changed (for legal, marital, or other personal reasons). Addresses are inconsistent, as are phone numbers (though mobile numbers are getting more portable and perpetual, anyone can still change them). State IDs like drivers licenses are … well, bounded by the state, so a person could have more than one over time.
The closest thing we have in the US to a national identification number is the Social Security Number — a unique identifier that used to be issued upon going to work, and now is obtained at birth, and stays with the person perpetually.
The SSN has some significant problems, though. It’s a unique identifier, but is also meant to be a secret (or at least confidential) one. Employers have to know it for tax reporting purposes, but are not allowed to use it as an employee number. People doing credit checks of you ask for it, but aren’t supposed to reveal it to anyone else. Knowledge of it is considered to be an essential part of personal security, such that someone knowing your SSN (even the last four digits!) can pretend to be you for a number of sensitive purposes.
That’s not only problematic in trying to actually identify you, but it’s increasingly untenable. The Equifax break-in put 134 million SSNs into the wild — but then we are told that we have to be careful monitoring our credit because companies (and the IRS!) will still treat knowledge of our SSN as proof that someone is us, even though they know that strangers now have that information.
Or, as the article says, an SSN is not just your userid, but still serves as your password. And that’s crazy from a security standpoint.
The article’s basic suggestion that the SSN needs to be retire from at least one of those functions it carries — userid or password — is spot-on. The question becomes which one, and what to replace it with, and how to make that work in terms of valid initial assignment (if we can’t get everyone registered to vote, how do we get them a new national ID?), in the face of fraud (though SSN-related fraud is largely due to it being a quasi-secret number), error (how do you correct erroneous data associated with your identity, and prove that you have the right to assert that it’s erroneous), and potential abuse (if all the facts about you are associated with a single number, someone in authority can find out anything about you) and paranoia (OMG IT’S THE NUMBER OF THE BEAST AIEEEEE!).
But those are implementation details to work out (if non-trivial ones). The current situation — SSNs are so “secret” that knowing them is “proof” that you are you, but so unsecret that tens of millions of them are known to hackers — is unworkable, and will only grow more so over time.
[h/t +John E. Bredehoft]
Time to Retire Social Security Numbers | RealClearPolicy
There’s no way to sugarcoat it: The hackers who breached the credit bureau Equifax scored big. They made off with the personal identities of 143 million Americans — names, Social Security…
A big issue that was brought up with the new FaceId, is that your username and your password shouldn't be the same thing. Right?
This might, for better or worse, lead us to a Federal ID.
When I moved to Massachusetts your SSN was used as your driver's license number–on the driver's license. You could opt-out by request.
+Sam Hetchler Yup. Most password systems expressly prevent you from using your userid as part of your password, and have for years, because then why have a password?
+Ryan S I think, ultimately, that's where this leads to. Which is going to lead to a veritable howling mess of politics and paranoia, and will have knock-on down sides we can't even imagine — but will, if done right, get us out of this particular mess (and resolve much of the current voting rights / suppression thing, too).
+Kee Hinckley I know that was an approved practice at one point (it's referenced here [https://www.ssa.gov/history/reports/ssnreportc6.html%5D), but given the nature of SSNs (even to the point of using just the last 4 digits as some sort of personal password for many business uses), that strikes me as extremely problematic.
https://www.ssa.gov/history/reports/ssnreportc6.html