We really do need to find a better way of authenticating and identifying people. SSNs were never meant for this and they clearly don't fill the role successfully.
I've long been a proponent of the government announcing that they will publish everyone's SSN 2 years from now. Banks, insurance companies, the govt, etc have until then to figure better methods.
There are plenty of better ways already. A simple public/private keypair would go a long way towards this goal.
The problem is that everyone working on crypto products focuses on just developing technology, often attempting to make existing crypto systems easier to use for ordinary people. This is fine, but it's only a partial solution. We need to educate people who don't know and don't care about proper security. Nobody is going to use the most secure and easy to use crypto system if they don't see the benefit and think that a SSN or a driver's license is a good way to show their identity.
There is a lot of hand wringing about how hard it is to get ordinary people to take security seriously, but honestly this is a problem that will solve itself given enough time and enough breaches such as this. Until people understand that only secret information--which they and only they know--can be used to authenticate them and protect their information, this will just keep happening.
SSNs are already public information. There are numerous legal ways online to enter a person's name and 1 or 2 past addresses and get their SSN back.
Their main purpose is to serve as a primary key - many people have the same name, but SSN is unique. It should never be used for establishing identity - it's about as effective as asking someone for their middle name.
> We really do need to find a better way of authenticating and identifying people
What about not doing that at all? Hear me out. Not relying on "identity" would cost many orders of magnitude less. And besides, why should I care who you are-- what does your identity matter to me? And why should anyone else care?
It sounds like you're putting the bait out so somebody will disagree with you and then you'll explain the alternative to using identity as a form of authorization.
Can you save us a long and stupid discussion and simply explain your plan to practically deploy a better authorization system that will cost many orders of magnitude less?
How in the world did society even function before we had a unique number to identify people? It must have been utter chaos! Before 1935 (when the first SSN was issued), there was no way to borrow money, go to college, buy land, open any kind of account anywhere, or do any of the things that somehow we need a unique number for today.
I couldn't care less, but someone who is granting you credit has a legitimate reason to know who they're giving money to and how likely you are to pay it back, and who to chase after if you fail to do so.
Let's not pretend there aren't valid reasons for identity to be established.
Identity is tantamount to verifying education. Colleges need to know who you are, and potential employers need to be able to identify that yes this John Smith is the one that graduated from Stanford w/a 3.8 GPA and a degree in computer science.
I've long been a proponent of the government announcing that they will publish everyone's SSN 2 years from now. Banks, insurance companies, the govt, etc have until then to figure better methods.