
Senators push to ditch social security numbers in light of Equifax hack - Varcht
https://techcrunch.com/2017/11/08/are-social-security-numbers-going-away/
======
njarboe
The main problem trying to be fixed here is "identity theft". What that crime
is, I think, is not clearly understood. This is when a criminal defrauds a
bank or other company by getting credit using your identifying information and
then defaults. The bank then misinforms the credit bureaus that you defaulted
on your loan and this lie by the bank hurts you when you want to get any type
of loan. This crime would be better called "bank slander" and the banks that
do it should be fined heavily with some money going to the person slandered.

Banks should have to know who they are loaning money to and if they make a
mistake, that needs to be solely their problem. Then banks will figure out
ways to confirm your identity better and people won't get into the hell that
is trying to get the "bank slander" removed from their credit report.

~~~
StavrosK
This reminds me of the recurring Onion title:

‘No Way To Prevent This,’ Says Only Nation Where This Regularly Happens.

I don't understand _why_ the US has identity theft. Is it because there's no
national ID? Here in Europe we don't have any "secret" number that someone can
just use to open a bank account in your name.

~~~
jeremyt
Don't you guys routinely use ACH transfers to buy things, give out your bank
info, and just hope everything goes well?

~~~
kuschku
SEPA Direct Debit, yes, is used like that.

But abuse is very low, as it requires that whoever does it identifies
themselves first at another bank, and opens a merchant account (which has
other verifications). And then reversing it is easy, too.

And you can't even shop with stolen IBANs at Amazon, because every major
retailer will first send you a 1ct transaction with transaction info set to a
OTP you use to verify that you own the account.

~~~
espadrine
Wouldn't the equivalent of ACH transfer be SEPA Credit Transfer (SCT)?

I'd add that SEPA being mandatory for all participating countries has
simplified transfers a great deal. Now most banks remember creditors, just
like a phone book but for money, so sending money from your phone is pretty
neat.

Additionally, the SEPA effort created ISO 20022, which is gaining ground
worldwide as a one-stop-shop format for financial transfers. See this article
from the US Federal Reserve a couple of weeks ago:
[https://fedpaymentsimprovement.org/news/press-
releases/feder...](https://fedpaymentsimprovement.org/news/press-
releases/federal-reserve-announces-iso-20022-migration-timeline-fedwire-funds-
service/)

~~~
kuschku
Well, depends on if you consider push or pull.

SCT is entirely push, and requires signing the transaction with your card, or
using at least 2FA for verification. This doesn’t happen by accident.

SDD is entirely pull, and is the only one that could theoretically be abused,
but that’s as mentioned also not that easy.

------
beager
> Today, the Senate Commerce Committee questioned former Yahoo CEO Marissa
> Mayer, Verizon chief privacy officer Karen Zacharia and both the current and
> former CEOs of Equifax on how to protect consumers against major data
> breaches.

So, ask the person who lost 3 billion accounts, the person who is stuck with
the mess from losing 3 billion accounts, the person who lost 145 million SSNs,
and the person who is stuck with the mess from losing 145 million SSNs how to
protect against data breaches?

I appreciate the relevance of those individuals to data security, but they're
clearly not subject matter experts. If I wanted to secure my home against
burglars, burglary victims probably wouldn't be my first consultation.

That said, the mostly fixed nature of SSNs and their intrinsic potential for
introspection is a huge liability and we should move away from them.

[edit: Karen Zacharia may well be a subject matter expert here, it's a little
unfair to group her in with my rant.]

~~~
burkaman
Burglary victims should be your first consultation, because most people who
weren't burgled were probably just lucky, or were burgled but haven't realized
it yet.

If there are 10 houses, a burglar tries to get into all 10 but only succeeds
on 2, then you should talk to the 8 owners who successfully protected their
houses. If there are 1000 houses, a burglar tries to get into 10 but doesn't
tell you which 10, and succeeds on 2, you should talk to those 2 owners
because they know for a fact what can fail. 990 owners will just say "do what
I do" without having any evidence that their strategy is actually safe.

~~~
curun1r
Or, you know, maybe stop talking to homeowners, victims or not, and start
talking to people who make locks and safes. Actual subject matter experts
rather than targets.

CEOs, at best, will be proxies for whatever security personnel they have on
staff and we have no way of evaluating the credentials of those security
staff. At worst, they'll be advocating for policies that reduce their
exposure/costs at the expense of greater overall fraud costs.

The senate should use their own knowledgeable proxy in this case. NIST has
already shown itself capable of creating security standards of a reasonable
quality. Run another public competition for a national ID system capable of
replacing SSN and let real security professionals propose (and then debate) a
way out of the current mess. Senators can then codify the results of that
process into law.

~~~
adventured
> Or, you know, maybe stop talking to homeowners, victims or not, and start
> talking to people who make locks and safes. Actual subject matter experts
> rather than targets.

You want to talk to the burglars. They already know the locks and safes and
likely know even better how to break them than the creators. In this case, you
want to talk to hackers.

The reason Congressional panels do things like this, is to put on a good show.
They like to be seen dealing with higher level matters/people as a
demonstration of stature.

~~~
djrogers
> In this case, you want to talk to hackers.

No - the problem here isn’t hacking, it’s allowing a fixed, easily learned
number be a sole proof of ‘identity’. SSNs were used in identity theft long
before hackers.

------
eggpy
> Multiple times throughout the hearing, Brazil’s Infraestrutura de Chaves
> Públicas system of citizen IDs through digital certificates came up as a
> potential model for the U.S. as it moves forward. In this model, a
> certificate lasts for three years at maximum and can be used to issue a
> digital signature much like written signatures are used now. Unlike its
> counterpart in the U.S., these identity accounts can be revoked and reissued
> easily through an established national protocol.

I believe most Americans are opposed to a national ID, so SSNs have been used
as a (utterly terrible) workaround. Some reasoning for this, to quote an ACLU
article on the subject[0], 'Former Senator Alan Cranston has described the
national I.D. card as "a primary tool of totalitarian governments to restrict
the freedom of their citizens." '

The Brazil solution mentioned seems pretty reasonable though. I like the built
in expiration and ease of reissue. Anyone have experience with or thoughts
about this sort of system?

[0] [https://www.aclu.org/other/national-identification-cards-
why...](https://www.aclu.org/other/national-identification-cards-why-does-
aclu-oppose-national-id-system)

~~~
vadimberman
> Former Senator Alan Cranston has described the national I.D. card as "a
> primary tool of totalitarian governments to restrict the freedom of their
> citizens."

Ugh. National IDs are common in Europe as well as other places where identity
theft is mostly an exotic concept featured in the news about America. It's
hard to call Belgium a totalitarian regime.

Whereas in countries without national IDs, people are forced to provide
personal details to scores of vendors big and small who use these details for
their purposes and may lose them to online criminals. But hey, we are
protected against a hypothetical tyranny.

~~~
smnrchrds
Isn't it legally required that you carry your ID at all times unless you are
within 200 meters of your home? That would horrify most Americans. I know it
is not in reality, but it sounds totalitarian.

~~~
skrause
> _Isn 't it legally required that you carry your ID at all times unless you
> are within 200 meters of your home?_

In Germany there is no such requirement, even though many Germans also think
that you have to carry it with you. But the _Ausweispflicht_ (Obligation of
identification) only means that you have to own an ID, but you can leave it
home most of the time (which I do).

~~~
avar
When I lived in Germany I by mistake didn't check into a tram once and was
discovered by a ticket inspector. Long story short since I didn't have ID on
me I ended up getting escorted by two police officers back to my house to show
them my passport.

So yes, you don't have to carry ID on you in Germany, but only in the most
pedantic sense. You'll just get a free police escort back to where you keep
your ID in case you need to identify yourself. That hardly qualifies as not
needing to carry ID when going about your business in the sense that Americans
would be familiar with.

~~~
icebraining
But could they have forced you to identify yourself if you hadn't broken some
rule? I get it was a mistake (which I've made in the past as well), but still,
the US police will probably want to identify you as well if they have reason
to fine you.

~~~
0xffff2
In most US states, the police can't force you to provide a physical
identification card period. At most, they may be able to compel you to
verbally identify yourself, e.g. by providing your name and address.

The idea of being legally required to provide government-issued identification
to a law enforcement official _under any circumstances_ is simply verboten in
the US.

~~~
quasse
>The idea of being legally required to provide government-issued
identification to a law enforcement official under any circumstances is simply
verboten in the US.

As long as you're not within 100 miles of the border inside the "limited civil
rights zone". [1]

Personal experience is that border patrol officers feel no need for "probable
cause" before pulling you over and searching your vehicle.

[1] [https://www.aclu.org/other/constitution-100-mile-border-
zone](https://www.aclu.org/other/constitution-100-mile-border-zone)

------
yason
The problem is if social security number is used not only for identification
but authentication. Knowing someone's SSN shouldn't ever get you anything: SSN
could as well be public information, ideally. I don't know about the US but
where I live, bank account numbers are effectively public: you could publish
yours on the internet and all people could do is put money on your account.
The bank will then require official authentication if you wish to use the
account number to withdraw money.

Using an unique identification number for authentication is authentication by
proxy. Yes, it's highly likely that only the right person knows his own number
but never guarantees anything.

Make authentication easy and solid and the bar for frauding through stolen
identity goes up.

~~~
olegkikin
What we really need are private keys, stored in hardware, like secure enclave.
Whenever someone wants a proof of your identity, they ask you to sign a
certain message with a timestamp.

------
cesarb
> Multiple times throughout the hearing, Brazil’s Infraestrutura de Chaves
> Públicas system of citizen IDs through digital certificates came up as a
> potential model for the U.S. as it moves forward.

That made it sound as if every Brazilian had one of these, and it were the
main citizen ID. That's not the case.

Here in Brazil, the main ID is the RG (Registro Geral), which is an identity
card made of paper, issued by any of the 26 states (plus the Federal
District). Since it's issued by the states, a single person can have more than
one RG.

We also have the equivalent of USA's SSN, here called the CPF. Like the SSN,
it's used as the person's tax ID, and is a national number. It's also issued
as a card made of paper, but unlike the RG, it cannot be used for
identification, since it has no picture or fingerprint. For simplicity, if you
already have a CPF number when your RG is issued (or re-issued), you can have
the CPF number printed on the RG card.

It's with the CPF that the "Infraestrutura de Chaves Públicas" (ICP) comes
into view: you can get a certificate associated with your CPF, and use it for
instance to sign your taxes. But it's not required, and most people don't have
that certificate, or even know that it exists.

In my opinion, the reason we don't have the same problem as the USA is not
some fancy digital certificate stuff, but the simple fact that the CPF number
by itself does nothing: everybody also wants to see the RG card. And for
income taxes, the electronic form also requires a number found in the previous
year's income tax receipt. The income tax return will be deposited into a bank
account of your choice, but AFAIK it only accepts a bank account where the
account owner has the same CPF, and to open a bank account you need the RG
(plus other documents).

------
matt_wulfeck
What I want is control. I want to know who is accessing my credit history and
for what purpose. And I want control of what accounts and business are able to
access it.

The government can accomplish this by providing your identify in a way that
provides this control and transparently, and requiring that businesses/third-
parties come through this gateway for identification.

------
matt_wulfeck
Recently my grandmother passed away. We found her social security card (from
1932) and it says very clearly "NOT FOR IDENTIFICATION". It seems some lessons
are lost.

~~~
tzs
That refers to the card, not the number.

For some discussion of the history of this, see this old Straight Dope column:
[http://www.straightdope.com/columns/read/141/why-does-my-
old...](http://www.straightdope.com/columns/read/141/why-does-my-old-social-
security-card-say-it-cant-be-used-as-id)

PS: did you typo the year? Social security numbers were first assigned in
1935, and social security cards were first issued in 1936.

~~~
matt_wulfeck
Yeah it’s a typo. She was in 1932 but her card came after.

------
coleca
How many million lines of mainframe COBOL would need to be updated if the SSN
were to go away?

~~~
FLUX-YOU
A lot less when they take the lazy route and autofill 000-000-0000 and just
remove any validation in the languages that are cheaper to hire for.

------
tomschlick
To me, a good solution would be a chip-based smart card with a private key on
it for physical proof of identity, and an oauth api for web based stuff. The
api would also power the back-end of the in person transactions and issue the
vendor a token which they would use from that point forward.

In this system, everything would be logged in terms of who/what accessed your
data and it could be de-authorized at any point.

The cards themselves could just be each state's ID/Drivers License to avoid
the scare of the national id that many are opposed to for one reason or
another. Replacing an ID would be as easy as visiting your DMV (shudder) and
them invalidating your old private key.

~~~
chatmasta
You would rather the government store 300 million identifiers instead of
Equifax?

There are crypto solutions to this problem, but they’re not as simple as
symmetric encryption and smart cards. An ideal system will also enforce rules
for storage and access. Something like your data is always encrypted with your
own private key, and you can authorize bits of the data at a time to third
parties.

~~~
tomschlick
No, the government wouldn't store anything other than the basic identity
(which they already do) and issue verification tokens. The accessor would
store their proprietary info as well as the access token to person's private
info on the govt api.

Full blown crypto solutions to this don't really scale well and present many
problems where the accessor would need to keep asking you for info to see if
it changed.

My solution solves the main problem of having a universal number that can get
your identity stolen. If we can fix that we have solved 90% of the problem and
can work on other things like privacy of said data at a later date.

------
alkonaut
On a related note: have many in the US swicthed to locked mailboxes?

Without locked mailboxes, you can't even use the slow address/snail-mail 2FA
that should be used for certain transactions when you don't have

E.g. if I want to take a loan, I'd say who I am and the bank would send the
papers to sign to my mail address. Only after I sign the papers will I get the
money. Someone pretending to be me would have to stalk my mail box (time
consuming and hard because it's locked), or first change identity records to
associate my name with his mail address. This greatly increases the difficulty
of this kind of fraud. From just needing a fake ID, to either having to commit
a long stalk of my mailbox and commit physical mail theft OR having to do a
multiple phase fraud where authority address records are first changed.

Obviously this all hinges on a) id required to open bank account, b) central
registry that maps id to mail address, separate from the bank.

------
DonHopkins
I worry that they'll figure out that the easiest way to ditch social security
numbers is to ditch social security.

------
ActsJuvenile
It is quite straightforward to upgrade SSN system. Social Security
Administration can generate deterministic Private+Public key pairs for all
citizens.

Public key is your new SSN. If it gets stolen, simply generate a new public
key, and give it out as a new number. All public keys are easily verified
since SSA knows the private keys.

~~~
amorphid
Just don't make me memorize a 4096 bit key :)

~~~
chrisper
Why do you even need to memorize something like this? In any other country you
do not memorize your tax ID... You just look it up when you need it.

~~~
amorphid
It's pretty normal to memorize your 9 digit social security number, in the
same way you know your phone number. Because the SSN card is a fundamental
piece of identity theft, it's common practice to NOT carry the number in your
wallet. You never know when you'll need the number, and very rarely need the
actual card. I don't think I've ever used my physical SSN card in the last 5
years, but I need to provide the number itself quite often, especially on
financial, employment, and government documents.

We still use paper checks, too. Good times.

------
tabtab
SSN is FINE as a simple identifier. The problem is that organizations try to
use it like a PIN code or password. It should NEVER be used as proof of
identity per transaction requests. Software Engineering 101: Use the right
tool for the job. If an org needs a PIN code or password, make one.

------
nthj
My first inclinations are that Apple and Google should be in these committee
meetings. 77% of Americans own smartphones [1]. 99.6% of new smartphones run
Android or iOS [2]. I would love for my iPhone to generate a private/public
key pair, with the private key stored on the Secure Enclave.

To register my public key, I fill out, on my phone, a bit of basic public
information: full legal name, place & date of birth, and my current address
and submit it. My phone suggests a nearby SSA office and proposes several
appointment times, reminding me the day of.

At the appointed time, I take my phone, passport, birth certificate, SSN card,
driver's license and recent electric bill with my address on it to the local
SSA office. [3] There, the administration manually inspects and verifies my
documentation. Their systems then sign the authentication along with the
current location, the time, the official's ID number, and a sha256 hash of a
photo of me and the official holding up today's paper.

My phone chirps, I use my passcode/Touch ID/Face ID/Dance ID to digitally
counter-sign their authentication. This assures me that when the SSA's private
keys are rotated because of inevitable compromise or on a routine schedule, my
public key was not overwritten by the attackers.

The SSA administration publishes my public key in their online directory.
Private companies can download the public key directories and cache them, or
pay Stripe-like vendors for just-in-time lookups. When I want to apply for a
credit card, my phone chirps and I sign the credit request, just like Apple
Pay. When I lose my phone, I run by the SSA office again before I apply for
another credit card.

Empowered by this new security layer, Congress passes a law establishing that
no one can be held liable for—and credit decisions may not be made
against—accounts that have not been digitally signed for any citizen who has a
verified public key.

And then I remember healthcare.gov and I wonder if I should even press submit.

[1] [http://www.pewinternet.org/fact-
sheet/mobile/](http://www.pewinternet.org/fact-sheet/mobile/)

[2] [https://www.theverge.com/2017/2/16/14634656/android-ios-
mark...](https://www.theverge.com/2017/2/16/14634656/android-ios-market-share-
blackberry-2016)

[3] I wouldn't necessarily need to have all of these kinds of documentation,
but the public directory system would be able to indicate which forms of
identification I did have at time of authentication, for third parties to
weigh the risk of identity theft.

~~~
kelnos
> At the appointed time, I take my phone, passport, birth certificate, SSN
> card, driver's license and recent electric bill with my address on it to the
> local SSA office.

Say I'm homeless and I literally do not have any of those things. How do I
prove my identity? (To be fair, I'm not sure how I'd prove my identity under
the _current_ system.)

Regardless of this... I can't have a credit card or any kind of loan without
owning a smartphone? What if I can only afford a feature phone? What if I
simply don't want to own a phone? What if own a Windows Phone, and the
software only runs on Android and iOS? What if I'm a developer who wants to
start a new phone OS (new huge barrier to entry)?

I suppose I wouldn't be opposed to the _option_ of having this stored on my
phone, but what's wrong with just having a smart card with this information on
it? If I lose it, it can still be easily revoked and replaced.

~~~
nthj
In retrospect, I'm not sure I was clear enough that my proposal was mostly a
usability / familiarity hack for the general public. I agree this would only
be an option.

Specifically, if I'm not in a financial position to own and maintain a
smartphone, OR I'm not inclined to trust Apple or Google with my identity, I
could acquire a (heavily subsidized?) smart card from the SSA office.

If I don't trust a national office with my identity (see the National ID
debacle), I can choose not to use the system entirely. Banks can continue to
offer to extend me credit by verifying my identity manually. Specifically, I
wrote:

> no one can be held liable for—and credit decisions may not be made
> against—accounts that have not been digitally signed for any citizen //who
> has a verified public key.//

My idea being that if Bank of America sends me to collections or pursues a
judgement against me, I can take them to small claims for the statutory limit
by easily showing the judge that (1) I had a verified public key at the date
of the debt and (2) Bank of America cannot provide my digital signature
showing I accepted the debt. I'm in and out in a few hours and clear $5K.

If the proposal above had even 20% rollout/adoption, that's 65 million people
who can sleep a bit more soundly at night knowing their identity is–not
perfectly secure—but FAR more secure than our current system.

------
ykler
Obviously it is a problem that social security numbers are often accepted as
proof of identity, but the article seems to be saying that permanent id
numbers are bad even apart from this. I don't understand what the argument is
though

------
njharman
The problem isn't that we have numbers. It's that corporations have little
incentive to protect them.

Right now it's cheaper (i.e. more profitable) to do as little as possible and
when/if they get hacked just pay extra on PR/lobbying for a couple weeks/month
until someone else gets the public's attention.

Enact Huge (like $1000 per person exposed) fines, corporate death penalty,
jail time for people in charge. And, I can guarantee you, companies will start
actually protecting their data.

~~~
castratikron
Senator Baldwin got Equifax to admit this in the hearing (around the 1:23:00
mark):

[https://www.youtube.com/watch?v=LunazYJGNXU](https://www.youtube.com/watch?v=LunazYJGNXU)

------
gumby
How does it work in countries where the opposite is true (e.g. Sweden, where
the "personnummer" is public info)? Why is there not massive identity fraud
there?

~~~
mickronome
For everything where identity is important there is liberal use of an ID card
of decent quality, one with several counterfeiting features. Any drivers
license also doubles as one. Online an electronic signature of some kind is
used, exactly which varies a bit, but the one called BankID is accepted in
most places.

Long rambling post ahead, I'm really, really terrible at writing something
mostly coherent on the phone, apologies to everyone, but the above paragraph
really is the only important part of this comment :)

For bigger financial transactions, if your counterpart is a company they will
often do a credit check, which the credit checking provider is then by law
required to inform you about through regular mail.

Sensitive online services from government and other companies mostly use some
version of an electronic ID, the most common is generally known as BankID,
despite of its name it's simply an embodiment of an electronic ID. BankID got
its name because it is provided by Bankgirot, a clearinghouse company with a
long history in which most of the major Swedish banks have some ownership.
Another implementation is provided by Telia AB, a formerly state owned
telecommunications provider.

It's not a bulletproof system by any means, but for the most part it appears
to work.

However, I'm not too enthusiastic about the eagerness to adopt "BankID on your
mobile phone”. It feels like it's only a matter of when, rather than if,
someone will manage to exploit it through som security flaw in some of the
popular smart phones. Which will inconvenience a lot of people until banks -
most likely - simpy roll back the transactions, as is in the digital realm
it's hard to disappear money when literally everyone gets assigned an ID.

Tangentially, the most common way used to create legitimate companies for
illegal activities AFAIK, at least used to be to pay of some substance abuser
or petty thief to use their identity, and simply have them take the fall
when/if things go south. So apparently, creating fake identities would appear
to be rather hard.

Because the ubiquity of the personal number, and the liberal use of good
quality ID cards. This number connected through tax, loans, land ownership,
insurance etc, makes it somewhat hard to make money leave the digital world
without trace. It would also be terrible in the hands of a competent
totalitarian regime or fundamentalist (of any sort) government. Sometimes I
think we subconsciously avoid that by voting for mostly uncharismatic leaders
with little appeal except for them promising a little bit more money in your
wallet, better social security, healthcare, child care, or school. In all
cases better can be read as more available, efficient, and ecological from the
left - and higher fees, stricter requirements, and lower availability from the
right. But I digress.

There have been some areas of law/contract where identity theft was easier,
notably land ownership/property laws. IIRC in the property laws it was
essentially stated that a signature on paper with two witnesses signatures was
indirectly used as proof of identity. Unsurprisingly, this led to some people
getting their homes sold by third parties, and having to face a rather arduous
legal procedure to get back to square one.

Yeah, that one was rather monumentally stupid, but it wasn't really caused by
the personnummer being public.

------
rrggrr
Keybase.io has this problem solved in a way creditors, etc. could make good
use of. Let the proofs be user/use driven.

~~~
craftyguy
no, we don't need a proprietary, centralized service for this.

~~~
orthecreedence
Proprietary, no. Centralized? Yes, please.

Blockchains are great and all, but if you lose your private key you should not
be barred from ever opening another bank account or getting insurance.

The SSA should switch to using asymmetric crypto keys and publish a web
service that lets companies grab your public key based on a set of information
(name, DOB, etc). Then that public key can be used to verify things signed by
the private key.

In the case of a lost/compromised private key, the SSA can generate a new
keypair, assuming the person can verify their identity.

~~~
craftyguy
If we go the centralized route, we're just creating another Equifax (walled
garden). That has always worked out great in the past, right?

~~~
Spooky23
It depends on the scope.

You already have 50+ walled gardens, also known as the “Bureau of Vital
Statistics”.

Any identity document you have in the US is either linked to a birth
certificate in one of those registries, or with an immigration record
maintained by the Federal government.

~~~
craftyguy
> You already have 50+ walled gardens, also known as the “Bureau of Vital
> Statistics”.

This seems like the bandwagon fallacy. That's no reason to continue the
insanity of promoting walled gardens as a solution.

~~~
Spooky23
Your birth is when you become a human and your identity is created.

What would be a more ultimate root of trust than the memorial of your birth,
held securely by a trusted authority?

~~~
craftyguy
Birth certificates are pieces of paper that literally anything identifying as
a hospital can create 'offically'. It would be trivial to create a forged
certificate, there are a ton of dark net sites offering them for sale. If the
US $1 bill were this easy to create (it's not), it would be worth pretty much
nothing.

~~~
cesarb
> Birth certificates are pieces of paper that literally anything identifying
> as a hospital can create 'officially'.

I don't know how it works in European countries, but here in Brazil, birth
certificates are made by notaries, not hospitals. You might be able to get
forged hospital documents to take to the notary, but getting a "backdated"
birth certificate for an adult is harder (getting a second copy of your birth
certificate is easy, however; just go to the same notary, who has every birth
certificate it emitted registered on its books).

~~~
Spooky23
The US has something like 7-10k issuing agencies.

In some places, it is trivial to request somebody’s birth certificate. It’s
one of those weird US things where localities control stuff that they lack the
ability to do well.

Regardless of issues, it’s still the penultimate representation of you.

------
nnq
Isn't it obvious that this scandal was either provoked or amplified in order
to make Americans get themselves mandatory government IDs with chips and
biometrics?

...not that that would be a bad thing. Just getting in line with EU and the
rest of the world, finally. Mass monitoring would at least become _a few order
of magnitudes cheaper_ hopefully spending those funds on more socially useful
things. Offer a chip-less option for more privacy paranoid people, so that at
least they can't be tracked remotely when they don't carry their phones (yeah,
some countries have this option system). And it's all nice and dandy.

As an European, I find it mind boggling when I see people without adequately
secured and mandatory IDs in the US...

------
itissid
I think one more thing that needs to be understood is how can one dynamically
establish identity. I have never built a cryptographic system, but I thought
maybe the following could be better:

Lets say Alice is a person wanting to establish Bob's identity. 1\. Bob must
be the only person who retains control over his identity. 2\. Bob can verify
he is who he says by a distributed system and Alice gets only a Yes/No answer.
3\. All verification can be done using a distributed fashion, something like
bitcoin/blockchain.

The most important thing here would be an implementation of the distributed
nodes and how bob's information is authenticated. But I think all these parts
already exist. Political and Business will is needed.

------
Thriptic
Is there a reason why we couldn't use state IDs for this purpose? We would
just have to converge on a standard design, data structure, and set of APIs
for access. It would also allow us to issue new ones easily in the event of a
problem.

~~~
x3n0ph3n3
It exists already: [https://www.dhs.gov/real-id](https://www.dhs.gov/real-id)

------
swlkr
I'd be all for user-friendly GPG keys or public/private key pairs for
everyone.

------
ugh123
Great that they're finally attempting to do _something_. But I get a little
annoyed that congress always seems to act fast when its something that might
actually affect _them_. Otherwise its back to partisan do-nothing.

------
donatj
God if this comes to fruition I will be so happy. The social security number
is a horrible way to prove who I am.

I attended a small private college and they literally printed it on
everything, it was our student ID.

------
GigabyteCoin
>Today, the Senate Commerce Committee questioned former Yahoo CEO Marissa
Mayer, Verizon chief privacy officer Karen Zacharia and both the current and
former CEOs of Equifax on how to protect consumers against major data
breaches.

That has got to be some kind of joke.

Why would they ask the former leaders of two companies (Yahoo and Equifax) who
have experienced perhaps the largest data breaches of all time... "how to
protect consumers against major data breaches?"

That is ridiculous.

They should have asked the current head of security from each company instead.

------
pimmen
In Sweden we have a national id number given at birth which can be Luhn
checked just like a credit card, and we use a digital id bound to a device
with an pin number. We use them both in conjunction for online banking, filing
taxes and all kinds of things and we have a dramatically lower rate of
identity theft than the US.

The national id has been here for a long, long time and the digital id has
been here for more than 10 years.

~~~
donkeyd
Many Americans are just really afraid of anything being controlled by the
government. It's why they keep doing stuff that us Europeans don't understand,
like not having strict gun control, not having affordable health care, not
having acceptable social security, etcetera. Americans tend to hate government
more than they love themselves and others.

Having lived in the US it really bothers me, since there are so many great,
caring people there that I don't understand why they keep doing what they do.

------
rangersanger
The timing on this is interesting given our current political climate and the
power the "frightful five" quietly wield and the amount of data they compile
about us. I'm all for a better ID system, but I'm extremely concerned that a
public/private partnership would lead to someone like facebook, google,
microsoft, apple or amazon issuing said ID or being able to get anywhere near
it.

------
Nomentatus
I've suggested this before here, but the card companies need to give other
companies like Equifax reference numbers to store that uniquely identify the
card to the credit card company (or others) but don't give the credit card
number and don't get anybody closer to charging anything on the card.

------
dawnerd
Also important that whatever happens, they make it easier for people to revoke
their id and get a new one.

------
Overtonwindow
I think more power needs to be given to the person whose identity is stolen.
Similar to how the chip and pin system was rolled out: If a fraud is
committed, the entity with the least secure method of transaction pays. That
pushed retailers to upgrade their systems.

------
StreamBright
It would be easy to introduce a pin protected chip card and use 2FA all the
time for everything. But in the US even credit cards do not have chip and if
they do it does not have a pin. The rest of the world using these security
measures for almost a decade.

~~~
opportune
Good luck getting Grandma to understand that

~~~
StreamBright
Should we organize the world around what grandma understands?

How many grandmas are out there vs how many people who understand at the very
least pin codes?

------
jwatte
SSNs are fine identifiers (user names.)

The problem is that people try to treat them like authenticators (passwords.)

Using SSNs as identifiers everywhere would reduce lots of mistakes and bugs.

Having a national ID system and modern ID documents/verification would reduce
fraud.

These would go very well together!

------
slaymaker1907
The Brazil idea sounds really cool to me. You can revoke identies if need be
and they are more protected since they rely upon a public/private key system.
Therefore, you can verify your identity without giving another party your
secret info.

------
mrhappyunhappy
Instead of creating security systems around sensitive data, make data useless
to thieves.

------
Yizahi
> “The parade of high-profile data breaches seems to have no end,” said
> ranking committee member Bill Nelson. “We can either take action with common
> sense rules or we can start planning for our next hearing on the issue.”

So true.

------
bflesch
How about fingerprinting and other biometrics as a replacement? This would be
a solid solution, easy to implement and could be integrated with already
existing storage systems?

~~~
JumpCrisscross
Biometrics are not replaceable when they are stolen.

~~~
zamalek
Furthermore, they may not be unique.[1] We are also very far off from being
able to trust the technologies that read biometrics, especially for the
incompetents that the government usually contracts. I can't find the source,
but there was a post/comment on HN linking to a bio engineering lab where they
found that _any_ fingerprint was being accepted. Your cell phone is likely
light years ahead of anything a government contractor would put in place.

[1]: [http://www.telegraph.co.uk/science/2016/03/14/why-your-
finge...](http://www.telegraph.co.uk/science/2016/03/14/why-your-fingerprints-
may-not-be-unique/)

------
maerF0x0
Would be nice US gets something backed by crypto

[https://en.wikipedia.org/wiki/Tiigrih%C3%BCpe](https://en.wikipedia.org/wiki/Tiigrih%C3%BCpe)

[https://www.forbes.com/sites/kalevleetaru/2017/10/15/replaci...](https://www.forbes.com/sites/kalevleetaru/2017/10/15/replacing-
us-social-security-numbers-with-estonias-cryptographic-model/#5b15dc9b2aab)

~~~
AdmiralAsshat
Unless of course the algorithm that powers the crypto is discovered to be
flawed and predictable.

~~~
bdamm
The current algorithm is demonstrably the worst. ROT13 would be stronger.

~~~
adamnemecek
ROT13 is too weak, use ROT26 it’s twice as strong.

------
ahallock
Why were businesses ever allowed to use SSNs in the first place?

------
shmerl
Long time overdue.

------
jerianasmith
So regardless of the possibility that somebody gets simply part of your
number, it can be anything but difficult to make sense of the rest. Analysts
in 2009 composed a calculation that could foresee a Social Security number
effectively 44 percent of the time in the United States.

------
igorgue
What's Yahoo doing there? Why is she still employed by anyone? LOL...

