Social Security numbers are 'flawed system,' need modern tech replacement
At a recent cyber conference, White House cybersecurity coordinator Rob Joyce said a replacement for Social Security numbers that could include a 'modern cryptographic identifier. The biggest issue with traditional social security numbers, Joyce said, is that they cannot be changed if they become compromised. He also said that he believed his own Social Security number had been compromised at least four times in his life.
To remedy these issues, Joyce said that the White House is looking into modern alternatives. These could include a "modern cryptographic identifier" Joyce said, which could power a private key-based system, for example. What exactly this could turn out to be, though, remains up for debate. The replacement could include the use of blockchain technology, biometric security, or some other form of identification.
Should we replace the social security number for that purpose? Probably, but that's not easy, either. There are a couple of relevant National Academies reports on questions that need to be answered before any national ID system could be deployed, and Who Goes There? Authentication Through the Lens of Privacy, on the privacy properties of various authentication systems. Basically, running any sort of national identity scheme is hard, and it's not clear that the replacement would have fewer problems than what we have now. Even well-engineered systems, such as the Estonian national ID card, have been reported vulnerable.
What, then, can we do? The problem underlying identity theft is not the existence of social security numbers, but rather, how little authentication is done for a person requesting credit. A digital national ID card could perhaps solve that