The US Senate considers “ditching” SSN
In light of the recent hack on Equifax in which over 145 million social security numbers were made available for the purposes of cyber crime and identity theft, there is an effort underway to think of a better way to protect individual identity.
The SSN has been the bedrock of individual digital identity. Once that number is compromised, the individual identity can be falsified. Falsified forever. Credit cards? Replaceable. SSN? Not so much. Is there a way around such dire loss of privacy that a person’s identity is in essence stolen, forever compromised?
Former Yahoo CEO, Marissa Mayer, Verizon chief privacy officer Karen Zacharia and both the current and former CEOs of Equifax unanimously agreed that the best way to protect consumers against major data breaches is to remove the one weak link: SSN.
Entrust Datacard president and CEO Todd Wilkinson offered some context and insight about why the US should indeed move away from Social Security numbers — a step that the Senate witnesses unanimously agreed was necessary. “A key question for this committee to consider is: What do we do now given these identities are forever compromised?”
In the Senate hearing, Wilkinson and many of the senators present argued that the US needs to move to a dynamic system of personal identity, one designed with digital security in mind — a stark contrast to an inflexible legacy system that dates back to the 1930s. Better would be a digital multi-factor authentication. But has such a program proven to be viable?
Brazil’s Infraestrutura de Chaves Públicas system of citizen ID has been offered as a model for the US. Brazil provides digital certificates for each citizen. The certificate lasts for three years at maximum and can be used by the certificate holder to issue a digital signature much like written signatures are used now. Unlike its counterpart in the US, these identity accounts can be revoked and reissued easily through an established national protocol.
Rob Joyce, the White House cybersecurity coordinator, is also calling for the end of Social Security numbers as a national identification code. Joyce said, “I believe the Social Security number has outlived its usefulness.” Joyce was part of a Cybersecurity Summit at The Washington Post.
On the one hand, due to “the parade of high-profile data breaches that seem to have no end,” having a system by which “identity accounts can be revoked and reissued easily through an established national protocol,” would provide a most needed solution to a very big problem. On the other, such a system would provide amazing Big-Brother type power to those who happen to be in control of the system.
What would an individual do if he could neither buy or sell until his identity account had been reissued? What if the controlling ideology would only reissue to those agreeing with full support? Which is the bigger problem? Loss of identity in a free society or refusal to renew identity in a repressive society? Technology – source of many benefits – can be used for great harm.