This might be an interesting avenue for the tech community to come up with a solution similar to digital certificates and apply it to SSN numbers with an RFC of sorts that gets whetted by security experts and submitted to the government as a proposal to fix the problem long term.
Just publish them all. Give the country a couple of years warning that all social security numbers will become a matter of public record, and then publish them all. Any organization that still treats them as a secret could then be sued into oblivion.
In the UK there is no such thing as an SSN, only "national insurance numbers" which are used for transactional purposes with the government, but are otherwise not part of daily life.
Society seems to function just fine. It's totally not necessarily to give each person an identifier.
Return the identity division to the states. No more SSN for everyday use. Every state will provide an ID, and most people already have one, and each identification has a serial number. That number is how you identify yourself to private companies. The only people who should be using your SSN is the federal government.
Problems may arise:
1) What if you don't want an ID? Ok give them the number, skip the ID and photo, and go forth.
2) What about people who don't want to be know and forego identification? I'd say you have little choice, it's extremely hard to remain off of SOME database.
3) ID's cost money. Whose going to pay? That's a good federal grant question. Each state gets refunded for the trouble.
The thrust of your comment already exists: it’s called a driver’s license or state ID for those who do not drive. The problem is identifying an American, not a resident of Massachusetts or Kansas. Comcast operates everywhere. State Farm operates everywhere. They want socials to identify you no matter where you live (for a number of reasons). How do you tie a Michigan license to a Nevada license to identify you? It’s intractable and already fails for the cases where it is used.
You’d be asking businesses to get set up with every single state and territory for the purposes of identity management, and giving fraudulent folks fifty-four opportunities to defraud national businesses rather than N social security numbers. I can do the OMB analysis on your bill: 54x growth in consulting fees, billions in lost productivity forcing every system to switch to a new fifty-four jurisdiction unique identifier, etc. etc.
Ideal would be a number that fits in the same space as an SSN but can be rotated. This limits significant changes to national company systems, but means you only have a billion not-so-secure numbers to play with, so you’d have to strongly disincentivize rotations to about 2 or 3 per lifetime modulo American death rate. If we are going to disrupt extensively, let’s focus on one American system rather than fifty-four systems for no net benefit; if state-level identification was useful for this purpose, we would already be using the ones we have. We don’t.
The reason SSN became a form of ID in the first place was because it's the only way to track a person across all states.
If I get a loan in California, then move to Arizona and apply for another loan from another bank, the new bank should still be able to know about my loan in California. SSN was just too convenient for that purpose and banks stuck with it even though it wasn't designed for it.
Private / Public Key Identification needs to be revisionable. Public keys need to be accessible. In the case of a breach new keys should be generated against some sort of public / private block chain. When a enitity requires your data they should be granted a revocable public key to it. If there is a breach we generate a new pair and the private key is stored on a sort of IIA server, and a new key is immutably added to the person. Or something more.
Replacing it with something more closely approximating a national ID number will run up against religious beliefs that such IDs are Satanic and portend the End Times.
Just because you do not share such beliefs does not mean they do not exist, or can be dismissed.
A UUID would be just as bad at the end of the day and be more of a pain in the butt. There's nothing necessarily wrong with having a short-ish identifier, like what we already have on state-issued ID's for referencing a certain individual - but ideally we should move on from this number being a password to being equivalent to a actual identifier. Smart cards are ubiquitous these days (you probably have one in your wallet, assuming you have a debit or credit card on you) - that identifier should be associated a public key and your ID card holds the private key, if your card is stolen the key is revoked and a new one issued.
[+] [-] mwnivek|8 years ago|reply
[+] [-] praveenster|8 years ago|reply
[+] [-] s73ver_|8 years ago|reply
[+] [-] AckSyn|8 years ago|reply
[deleted]
[+] [-] mhandley|8 years ago|reply
[+] [-] namelost|8 years ago|reply
Society seems to function just fine. It's totally not necessarily to give each person an identifier.
[+] [-] Overtonwindow|8 years ago|reply
Problems may arise:
1) What if you don't want an ID? Ok give them the number, skip the ID and photo, and go forth. 2) What about people who don't want to be know and forego identification? I'd say you have little choice, it's extremely hard to remain off of SOME database. 3) ID's cost money. Whose going to pay? That's a good federal grant question. Each state gets refunded for the trouble.
[+] [-] jsmthrowaway|8 years ago|reply
You’d be asking businesses to get set up with every single state and territory for the purposes of identity management, and giving fraudulent folks fifty-four opportunities to defraud national businesses rather than N social security numbers. I can do the OMB analysis on your bill: 54x growth in consulting fees, billions in lost productivity forcing every system to switch to a new fifty-four jurisdiction unique identifier, etc. etc.
Ideal would be a number that fits in the same space as an SSN but can be rotated. This limits significant changes to national company systems, but means you only have a billion not-so-secure numbers to play with, so you’d have to strongly disincentivize rotations to about 2 or 3 per lifetime modulo American death rate. If we are going to disrupt extensively, let’s focus on one American system rather than fifty-four systems for no net benefit; if state-level identification was useful for this purpose, we would already be using the ones we have. We don’t.
[+] [-] peterjlee|8 years ago|reply
[+] [-] celestialjeu|8 years ago|reply
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] jaunkst|8 years ago|reply
[+] [-] msla|8 years ago|reply
Just because you do not share such beliefs does not mean they do not exist, or can be dismissed.
[+] [-] krapp|8 years ago|reply
[+] [-] s73ver_|8 years ago|reply
[+] [-] BatFastard|8 years ago|reply
As for UUID, so now I need to remember a 64 character UUID?
[+] [-] snuxoll|8 years ago|reply
[+] [-] mtmail|8 years ago|reply
[+] [-] zbobet2012|8 years ago|reply
[+] [-] bitwize|8 years ago|reply
[+] [-] transverse|8 years ago|reply
[+] [-] misterbowfinger|8 years ago|reply