According to White House cybersecurity coordinator Rob Joyce, the government may already be considering a departure from the use of Social Security numbers as identification.
Speaking at the 2017 Washington Post Cybersecurity Summit yesterday, Joyce confirmed the Trump Administration has asked federal officials to put their heads together and come up with a plan to significantly change the way we identify citizens–namely by dropping the SSN completely.
These revelations come in the continuing chaos that is the Equifax breach fallout. The breach–one of the worst in history–has exposed the SSNs and associated personal data of 143 million Americans to identity thieves.
Chances are good if you’ve worked or are currently working in the U.S., those nine little digits that control your entire work, financial, and credit history are currently up for grabs somewhere on the dark web.
With your SSN and a few key pieces of identifying information, thieves have all they need to drain your bank account, take out credit cards and loans in your name, open utility accounts, obtain pricey medical treatments, and even file for your tax refund.
For soon-to-be Social Security beneficiaries, identity theft can be particularly nasty. Imagine filing for your retirement benefits only to find that “you” have already been receiving Social Security payments for several years.
Or you file for disability or supplemental Social Security benefits and your claim is denied outright due to someone claiming earnings under your SSN (these earnings may exceed what is allowed by supplemental, and to claim disability, one cannot have claimed significant earnings since the onset of the disability).
These realities are painful for victims who had absolutely no say in the matter. We didn’t leave our doors unlocked or carelessly hand our information to strangers–and when it comes to credit reporting, the Big Three credit bureaus have our SSNs and identifying information whether we like it or not.
Even Richard Smith, former Equifax CEO, wonders whether it isn’t time for a big change in the way we use SSNs:
“The concept of a Social Security number in this environment being private and secure–I think it’s time as a country to think beyond that. What is a better way to identify consumers in our country in a very secure way? I think that way is something different than an SSN, a date of birth, and a name.”
Smith, who was at the helm of Equifax for the past 12 years, stepped down following the breach.
Joyce, too, thinks it’s high time we ditch the SSN to protect the privacy and financial security of our country’s citizens–especially considering that once issued, a SSN is permanent:
“I feel very strongly that the Social Security number has outlived its usefulness. It’s a flawed system. If you think about it, every time we use the Social Security number, you put it at risk… It’s a flawed system that we can’t roll back…after we know we had a compromise.”
Joyce and others in the government are currently floating a variety of alternatives to phase out the SSN. For himself, Joyce is in favor of a modern cryptographic public-private key system that would prevent thieves from ever converting your complex key back into your actual identifier.