Is it time to stop using Social Security as Identification?

Yahoo, Target, Home Depot, Sony, eBay, LinkedIn. All of these companies have fallen victim to a major cyber attack and had petabytes of data stolen. Every American has had their accounts or information compromised by attackers, but the Equifax attack could be the most damaging cyberattack in history.

143 MILLION accounts. That is 44% of the American population. Almost half of the US population’s names, birth dates, addresses, and social security numbers have been stolen. Credit card companies won’t know if the line of credit they are about to issue is to the true owner of that social security number, or the criminal who bought the identity on the black market. Identity theft is going to explode, millions of dollars in false charges will arise. An attacker can apply for loans and bank accounts which will appear to be legitimate. There will be new regulations on how companies are required to store and secure data, and probably introduction of massive fines if they fail to properly secure it.

BUT the thing that won’t change is the 9 digit number the government uses to identify us. Identification isn’t even the purpose of social security! Before the internet, your SSN was safe. You kept the card in a safe place, and memorized the number. Then, in 2008, the US government enabled private businesses to collect as much information as the wanted, even if they didn’t need it at all. Your data started being stored on private servers. The cost to replace social security as an identification tool is too high, it would cost billions of dollars to build a new system, and take years to implement this new system, and in the mean time, there will be dozens of other massive data breaches that will appear to be worse.

Some of the ideas for replacing social security based identification  are pretty bold, DNA based ID, biometric cards that contain fingerprints, using block chain technology to verify identities. We can even make up a whole separate numbering system, we just need to limit the collection of that number by a private organization that has no need for it! If your utility provider or employer need to verify your identity, there has to be another way to do that without handing them the keys to our destruction.

Whatever ends up replacing that archaic system, I’m very disappointed that it took a breach of this magnitude to force us to realize it.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.