cancel
Showing results for 
Search instead for 
Did you mean: 

Time to ditch the Social Security Number?

tag
DaveInAZ
Senior Contributor

Time to ditch the Social Security Number?

Senators push to ditch social security numbers in light of Equifax hack

  • Eyeing more secure alternatives to social security numbers, lawmakers in the U.S. are looking abroad. Today, the Senate Commerce Committee questioned former Yahoo CEO Marissa Mayer, Verizon Chief Privacy Officer Karen Zacharia, and both the current and former CEOs of Equifax on how to protect consumers against major data breaches. The consensus was that social security numbers have got to go.
  • Social security numbers are a privacy nightmare. While a consumer who gets hacked can replace credit card numbers and other account details, a social security number is permanent, linked inexorably to a real identity throughout a person’s lifespan.
  • Multiple times throughout the hearing, Brazil’s Infraestrutura de Chaves Públicas system of citizen IDs through digital certificates came up as a potential model for the U.S. as it moves forward. In this model, a certificate lasts for three years at maximum and can be used to issue a digital signature much like written signatures are used now. Unlike its counterpart in the U.S., these identity accounts can be revoked and reissued easily through an established national protocol.

 

I agree, it's past time we do away with Social Security numbers as a way to identify a person. They came up with that system in the 1930s, before TV was invented, before computers, and before anyone ever dreamed of the internet. We now live in a digital, interconnected world, and a digital certificate of identity makes perfect sense. If compromised it can revoked and reissued, unlike a 9 digit SS number and an 8 digit date of birth that stay with us for life. And if implemented in a reasonable amount of time a digital identity certificate would make the hacked Equifax data useless.  

Message 1 of 10
9 REPLIES 9
Anonymous
Not applicable

Re: Time to ditch the Social Security Number?

The future has nothing to do with banks or governments but with blockchain technology.  One nice thing about producing reputation (including financial reputation) on a blockchain is that there could be competitive products out there and you as a consumer or lender can decide which to use and not to use.  It would likely mean that Equifax and Experian each would have their own "reputation blockchain".

 

The big benefit/downfall is that anyone at any time could create a brand new reputation and leave a bad one behind, but the reality is that a 40 year old starting out with a clean slate crypto reputation would be less trustworthy than someone with some dings.  Another benefit/downfall is that history could be forever unless the reputation contract included an age of removal of history.

 

It's tough to envision this today, but I think in 20 years it'll be the future of reputation, no than a "Yelp" for borrowers and inclusive in that would be a reverse-reputation system baked in: you could also leave reviews for your lenders for others to see, all permanently codified in an archive that is safe and secure (meaning you could give a creditor a one-time access code to look at your file, but never again, or you could issue them an access code that works for a period of time or forever).

 

Paypal actually patented a crypto reputation system back in 2014 or 2015.  They're not the only bank looking into it.

Message 2 of 10
Anonymous
Not applicable

Re: Time to ditch the Social Security Number?

I keep running into you all over these boards lately. You're absolutely right. Blockchain or shared ledgers, along with distributed currency/financial markets is going to change the way we do business and interact with each other on a profound level. The problem with a 40 year old with a clean slate is that there might be a hundred reasons why there is a new slate for any given purpose that have absolutely nothing to do with credit worthiness. So you end up penalizing the wife who left her husband, never paid a bill late in her life, but always let him sign for things. Or the recent immigrant who didn't know anyone that used our local version of a reputation blockchain but was highly trusted in his country. But I can't think of a better way to do it either and it's a vast improvement over what we have. Other than biometrics. Whatever happened to fingerprints and eyeballs? Those were supposed to be the future.
Message 3 of 10
Anonymous
Not applicable

Re: Time to ditch the Social Security Number?

The thing is, a clean slate at 40 would still have Capital One and Credit One and First Premiere to assist. There'd be significantly higher premiums as anyone could walk away at any time and start over, but that's the cost of a less regulated market.

I have been into crypto since 2012 (part of how I retired young but only a small part) and the currency part isn't what thrills me. The ability to contract without lawyers and even settle disputes without courts is intriguing! Knowing someone can invest without regulatory hurdles or restrictions that only allow wealthy folks, or confirming home ownership without vulture title companies...
Message 4 of 10
Anonymous
Not applicable

Re: Time to ditch the Social Security Number?

For years, I’ve been the lunatic telling everyone I know how insane using a 10-digit unchangable (and determined by birth date until recently) password to verify ID is. Every time I call a bank or other institution that asks for SS I provide it & then tell the poor rep on the line how stupid it is to use them.

Its really right up there with verifying ID using dob and address (which everyone you know will know) and using TRUE and often easily researchable answers to security questions for bank accounts etc... Mindblowingly irresponsible

I’m thrilled Congress finally seems to care about this. I strongly agree blockchain has excelk my potential here, though I have to say, almost anything would be an improvement.
Message 5 of 10
marty56
Super Contributor

Re: Time to ditch the Social Security Number?

I would favior a system that worked by something you have and something you know like a smart card/pin combo.  Many CCCs are doin this now.

 

LOL maybe we could all have chips planted into us.  I wouldn't mind but I know many would.

1/25/2021: FICO 850 EQ 848 TU 847 EX
Message 6 of 10
Anonymous
Not applicable

Re: Time to ditch the Social Security Number?

I applaud your optimism (not sure when I became such a miserly old coot). You're right about the clean slate part, but then we run into all the same issues we did when we started letting anyone and everyone declare bankruptcy and start all over again. There are plenty of people who would do it every 6 months if they could because they can't establish the long-term history and the cost of appearing to be new to the game is minute compared to the lasting effects of, let's say a civil judgment. I do a fair bit of security work so could go on and on about encryption and its uses. There's got to be a way to combine security and privacy with fairness and keeping the peace -- but hell, we're not much further along that path than when it came from Thomas Jefferson. Title companies are in fact the devil, second only to sub-prime lenders who really have a special place in hell waiting for them. I don't know if we'll ever be rid of lawyers or brokers, but it's nice to dream.
Message 7 of 10
Anonymous
Not applicable

Re: Time to ditch the Social Security Number?

No question the system is broken as it stands. I didn't see it noted here already, but wayyyy back when the IRS started tracking by SSN the SSA told them not to do so.

 

Blockchain can not and should not happen because -- let's just face it -- everything out today will be hacked. Computers deemed secure 20 years, 10 years, or even a month ago are no longer. Look at the KRACK attack. Somebody figured out how to exploit a bug in the WiFi spec and overnight BOOM, almost every single wireless network in the world was vulnerable. (Almost every network meaning anybody who uses a password for their network rather than some alternative methods of authentication.)

 

Microchips also wouldn't happen (at least in the short term) because of objections (I would not accept it by any means) and requirement to have the person physically present in a government facility to be chipped or reissued. This is expensive.

 

The digital certificates are interesting, but

  1. It's not something you physically hold (Not an issue for cc apps online, but what about ID purposes for driver's license, etc.?)
  2. Will it be downloaded locally or is it in the cloud? (In the cloud means the whole country stops if the server goes down.)
  3. If When it is compromised, how do they prove you're you to reissue it? (The SP system is useless if they have your SSN.)
  4. The impact on bank, etc. systems when these do get reissued; how do you authenticate your old self to them to make it your new self?
  5. How would minors hold this? I got my SSN at birth, before I could read or write.

There's also the precedant being set of whether the government can force you to connect electronically. While I suspect most here e-file federal taxes, it remains voluntary. I don't e-file my state because it would cost more than the stamp. My grandmother does not have a computer and does all her taxes on paper and mails it in.

 

I had one bank account from when I was younger that had the wrong SSN (Two of the last 4 digits were reversed) and that was a pain to change, but looking back, they didn't ask for anything more than a driver's license.

 

I think what will end up happening is a system to allow reissue upon request and a law to require a drivers license (or other state ID) to open any new account.

Message 8 of 10
Anonymous
Not applicable

Re: Time to ditch the Social Security Number?

Well, that approach leads us to believe that no matter what we try eventually someone somewhere is going to find a fault or outsmart the system anyway, so why bother trying? Smiley Happy

But to say the KRACK attack made every wireless network in the world vulnerable is a gross overstatement of fact.  It made every wireless network in the world (that was within range of someone who a) knows enough to exploit it and b) has incentive to do so) vulnerable.  This substantially drops the number of people impacted.  

 

You also seem rather against "microchips" for reasons I don't quite understand.  You would not accept it by any means based on what? That it would violate your freedoms and privacy? And to require every person to visit a government facility at one point in their life is not nearly as insurmountable as you make it out to be.  Show me one person that has never been inside a post office or DMV.   Government has the unique advantage in marketplaces to force people to do what they want (drive demand) and be the sole provider of any particular service (control supply).  In exchange for that, we ask them to be reasonable with their fees or we will elect officials that will put those controls in place.  Checks and balances.

 

Digital certificates can be *both* digital and physical.  There's no reason I can't carry around something that references an online verifier to a record.  Credit cards are a de facto proof of concept for this.  The card itself is a worthless piece of plastic but when inserted into a machine that lets a merchant know that Visa will cover my transaction up to a certain amount. I'm not sure why it would not be in the cloud.  You'd have to realize that if you were to do any other configuration you would be endlessly administering machines and data centers and we do enough of that as is. 

 

Think of a system that gives you two unique 13 digit numbers. One given to me at birth, which is a sequence of 13 numbers that gets calculated with a formula and has a control number at the end (kind of like credit card). This one is random enough for nobody to be able to guess anyone else's (for example, how many babies were born before you on your birth day in that region is a relevant factor in the formula) and is used with government entities and government entities only (it is illegal for the businesses to requirefrom you to provide that number to them to give you a service).

 

The second one is the national ID number given at 18 to serve as a proof of identity with the businesses.

 

And there you have it. Two distinct numbers. One for your government, and the second one for your dealing with businesses. Someone can't fake anything important (as in, government-related) with your ID, and businesses have a second number that is usually proven on the spot with the photo of you in your national ID.

 

Problem is solved.  Should either number be compromised the other number can be used with additional verification steps as a back up.  

 

And being a hold out for doing things on paper is great, but in the long run you're costing everyone else money by not getting on board.  It may cost you less than a stamp personally to file, but you have to pay taxes  to support an employee in a building also paid for with state/federal money to read what you wrote and just type it in themselves.  Your grandmother may not have a computer but it would be no different than asking her to go a voting center to use a computer there to vote in an election. 

 

Sorry to ramble I wanted to address all your points.  

 

The one glaring gap here is why aren't the banks the one taking the hit here for "identity" theft.  If someone comes up to me and says "hey, I'm your friend Bill. You owe me $20" and I give it to him only to find out later hey, that wasn't Bill at all.. should it be Bill's fault that I gave money owed to him to someone else?  No, of course not.  And should I then go around telling everyone else "hey don't give Bill any money, because he might not be who he says he is".  No, of course not.  That impugns Bill.  But it's exactly how the credit bureaus and banks work.  It should their problem when someone commits fraud.  Not ours.

Message 9 of 10
pcmedic2k
Valued Member

Re: Time to ditch the Social Security Number?

I remember WAY back when my original SS Card stated right on it " For Social Security Administration Use Only" Not to be used as Idendification". I also remember when you got pre-approved for a new credit card it would just show up in the mail with a letter that "You've Been Pre-Approved"  and explained your limit and terms.. No application, Not even a call for activation, you accepetd the invitation for the account by simply usig the card the first time. Talk about lax security.

Message 10 of 10
Advertiser Disclosure: The offers that appear on this site are from third party advertisers from whom FICO receives compensation.