UPDATE: Trump administration wants to replace Social Security numbers with something less vulnerable
By Kari Paul, MarketWatch
The Equifax hack raises timely questions about whether these numbers are obsolete
After the Equifax (EFX) breach exposed the data (http://www.marketwatch.com/story/equifax-breach-why-you-should-freeze-your-credit-report-today-2017-09-14) of potentially 146 million people, the Trump Administration is exploring replacements (https://www.bloomberg.com/news/articles/2017-10-03/white-house-and-equifax-agree-social-security-numbers-should-go) for Social Security numbers as a means of identification. Rob Joyce, special assistant to the president and White House cybersecurity coordinator said at a conference Tuesday that the Social Security number "has outlived its usefulness."
"It's a flawed system that we can't roll back that risk after we know we've had a compromise," he said. "I personally know my Social Security number has been compromised at least four times in my lifetime. That's just untenable."
A lifelong, unchanging identifier like a Social Security number makes hacks more appealing to scammers and inevitably puts consumers at high risk. "Today, the Social Security number may be the most commonly used numbering system in the United States," according to the Social Security Administration. That's good news for hackers, bad news for consumers.
The Social Security number was created in 1936 to keep track of earnings and was never meant to be an independent identifier, according to Sam Rehman, chief technology officer of Arxan. In fact, until 1972, it said "not for identification" at the bottom of all cards.
"We need to find a way like most other systems that require true consent to authorize," Rehman said. He suggested a new public key infrastructure for the U.S., which is a set of policies to manage digital certificates that correspond with people and use encryption for more security. Joyce said this is an option being considered by the federal government.
Put simply, the new identifier would be a unique number known only to the user that changes periodically and automatically. Replacing the Social Security number, this could be layered with additional forms of security like biometric identification or non-numerical identifiers like birth date, occupation, and other unique facts about an individual. This is the case in India, where an effort was launched in 2010 (http://www.marketwatch.com/story/end-of-the-nine-digit-social-security-number-2014-04-09) to create biometric identifiers for each of the 1.2 billion people in the country to crack down on welfare fraud.