Because these numbers are so closely tied to our identities, it raises the question: Why are we still using Social Security numbers as ID?
In 1936, the Social Security number was introduced to track a worker’s earnings history for benefits, according to the Social Security Administration. Until 1972, the bottom of the card said: “For Social Security purposes — not for identification.”
Social Security numbers have since become one of the only unique, irreplaceable pieces of information that can identify individuals.
“Not everybody has a passport. Addresses change,” said Bob Rudis, chief data scientist at cloud and security firm Rapid7. “There is no central ID, apart from a Social Security number, that is official or can be thought of as the government saying this is actually you.”
“Everyone in the United States could be assigned a digital certificate … that identifies you and helps you authenticate into a bunch of places,” Rudis said.
However, Estonia is a much smaller country than the US. “I just don’t see us having the infrastructure, the will or the impetus as a nation to do something like that,” he added.
Tim Mackey, principal security strategist at Synopsys’ cybersecurity research center, said it’s important for a personal identifier to be replaceable.
“The [SSN] system was never designed around ‘I need to revoke mine and introduce a new one,'” he said. “One of the first attributes [to a new system] would be that we have some sort of method to revoke or replace that digital identifier.”
In Estonia, if a digital identifier is stolen, it can be reported missing and will be immediately suspended, according to Rudis. There are also processes for reissuing a new digital ID.
Biometrics, such as fingerprints, iris scans and facial recognition to identify ourselves are other potential alternatives to Social Security numbers. This type of technology has become more common in recent years, with users regularly unlocking smartphones with fingerprints or facial recognition.
However, Monique Becenti, product and channel specialist at cybersecurity software company SiteLock, also said biometric technology is “not advanced enough” yet.
“You can still exploit fingerprints, someone’s facial recognition, and someone’s iris scan,” she said. “You can mimic the data. It’s not impossible to copy someone’s fingerprints.”
And if biometric information is obtained by someone else, it’s not replaceable.
“Biometrics could make things better. The problem is how we end up implementing it,” said Rudis. “If you have a system that’s not that well designed for security … I’d be afraid of the loss of that biometric data to someone else.”
READ MORE HERE