Though we may treat our Social Security numbers like confidential information, those nine digits are just about everywhere: Your bank, school, cable company, phone company, and more probably have this information, and may not be storing it securely. In a world where everything from fast food chains to massive global accounting firms are vulnerable to cybercrime, some are wondering if it’s time to say goodbye to the SSN.
That’s apparently option officials in the Trump Administration are weighing in the wake of rampant data breaches, such as the one suffered by credit reporting agency Equifax.
Bloomberg reports that Rob Joyce, special assistant to the president and White House cybersecurity coordinator, floated the idea of replacing the SSN as a way of proving one’s identity.
“I feel very strongly that the Social Security number has outlived its usefulness,” Joyce said during a cyber conference, as reported by Bloomberg. “Every time we use the Social Security number, you put it at risk.”
How’d We Get Here
A lot has changed in the 81 years since the SSN was created, from the way the numbers are used to the risks associated with the wrong person getting their hands on your information.
According to the Social Security Administration, the SSN was developed in 1936 as a way to track U.S. workers’ earning to determine their Social Security benefits. Since then, more than 454 million numbers have been issued.
The card was never intended to serve as a personal identification document, as it does not establish that the person presenting the card is actually the person whose name and SSN appear on the card, the SSA notes.
However, over time, the convenience and simplicity of the number has created a more wide-spread use by both government and private agencies.
In the 1940s, the government began requiring federal agencies to use SSNs for the purpose of identifying individuals in new records. With the creation of computers, the uses of the number increased.
In the 1970s, the SSA studied the use of the SSN for non social security uses. The resulting report suggested that using the nine-digit number as a national identifier wasn’t a great idea.
But that didn’t stop the government or private companies from requiring the number be used for a number of programs, including eligibility for Department of Veterans Affairs benefits, eligibility under Housing and Urban Development programs, as well as, for a time on driver’s licenses, death certificates, and other materials.
“Unfortunately, this universality has led to abuse of the SSN. Most notoriously, the SSN is a key piece of information used to commit identity theft,” the SSA points out.
For now, there isn’t a plan in place to change the SSN system, but the administration is looking into “what would be a better system” to not only identify consumers, but also protect them from hacks.
One possible option could be a “private key,” perhaps like a token or other physical item.
The token, similar to a credit card chip, would be embedded with a long cryptographic number. Once the token is presented, consumers would have to enter a PIN to enable its use, Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology, tells Bloomberg.
While it would be an expensive and timely endeavor to change the SSN system currently in use, Joyce says it needs to happen.
“It’s really clear, there needs to be a change, but we’ll have to look at the details of what’s being proposed,” Joyce said.
Another possibility is the use of a blockchain technology to create a nearly impossible to duplicate DNA fingerprint identifier.
The number could then be stamped on all important documents used by the individual.
It’ll Take Time
If the use of SSNs is going to change, it won’t be quick.
“You’d need to change a lot of existing public law,” Marc Rotenberg, executive director of the Electronic Privacy Information Center, tells Bloomberg. “There would need to be extensive hearings and study about the consequences. It’s a complicated issue.”
Calls For Change
The Trump Administration isn’t the first group to look for or call for changes related to the use of SSNs.
In May, the Federal Trade Commission hosted an Identity Theft workshop focusing on how the fraud has evolved and what can be done to address it in the future.
Eva Valesquez, CEO of the Identity Theft Resource Center, noted during the panel discussion that the SSN should not have the level of important or weight that it is currently given.
“They are being used for something they were not designed for,” she noted. “In the perfect work we wouldn’t use as the main identifier.”
She pointed to the need to put a system in place that would allow for more verification of consumers’ identity.