Government and industry rely on Social Security numbers as a fail-safe way to ensure people are who they claim to be, but massive data breaches have led cybersecurity experts to argue the nine-digit identifier is past its prime. ...
With so many numbers floating in the online wilderness, cyber advocates on Thursday told a House panel agencies and companies could no longer trust them as a certain means to verify people’s identities.
“Social Security numbers are so deeply compromised and so widely available to the public...that they can no longer be used as an authenticator,” said Paul Rosenzweig, a cybersecurity expert at the R Street Institute, before the House Ways and Means Subcommittee on Social Security. While he and other witnesses largely agreed the number can still work as a unique government ID, the days of using it to prove someone is who they say are long over. ...
Acting Social Security Administration Commissioner Nancy Berry said the agency is open to exploring new authentication methods, but noted advanced solutions often come with a high price tag. Grobman pushed back hard against this notion, highlighting the “staggering” price of doing nothing outweighs the cost of building a new system. ...
Lawmakers and witnesses debated the pros and cons of several alternative authenticators—like ID-embedded cards, biometric data and blockchain tech—but agreed on the need for change as recent breaches rendered Social Security numbers essentially public information.
“It’s clear [Social Security numbers] aren’t a secret anymore, and it’s time to stop pretending they are,” said Chairman Sam Johnson, R-Texas.The thing is that just as soon as Social Security goes to a different unique identifier, government and industry will start to use that new unique identifier and it, too, will quickly become just as compromised as the Social Security number.
If the U.S. does want to go to some other unique identifier, it could do a lot worse than to copy India's Aadhar cards. Yes, poverty stricken India is probably the world's leader in this department. However, the idea of a government-issued biometrically-based identification system in the U.S. seems awfully unlikely for many reasons. The black helicopter people would go nuts or, perhaps I should say, nuttier than the already are.
Whatever new system the government adopts needs to be limited to government use only. Businesses should be prohibited from collecting the numbers (or whatever data is used) unless it is to deal directly with a government agency (such as reporting wages).
ReplyDeleteBusinesses will have to create their own system for verifying their customers' identities.
Nothing is secure. Nothing is private. Those are outdated concepts, that have, for the most part, been dead for more than a decade. Most people have little or no concept of what secure information means. Fewer have the ability or knowledge let alone the drive to properly "protect" personal information. Of course a bunch of old grey hairs in Congress that cant tell an ISP from an RSVP are going to solve it with the inborn knowledge of wealth. Old doesn't mean wise, privilege does not equal skill, and until we understand that, not one single little thing will change.
ReplyDeleteI think you nailed it 9:18.
ReplyDelete