The fact that your SSN is still used as a national ID in today’s age of tecgnology is what astounds me the most. Why is it my fault and my credit ruined when my identity gets stolen? All it takes sometimes to steal an identity is to convince a teller or whoever that you’re someone you’re not! If that happens, that’s the business’ fault, not mine.
Here’s a scary fact: take your SSN and add 1 to it. That’s a valid SSN! There’s no checksums or any security features at all. If you were assigned a(n) SSN at birth, that new SSN has a high likelihood of even being someone born in the same hospital as you.
What LOE (Level of Effort) would it take to replace our current SSN with a public/private key system? More than just a massive bureaucratic shift and public reeducation movement?
Could we have a memorizable public key and still have any meaningful level of security?
> What LOE (Level of Effort) would it take to replace our current SSN with a public/private key system? More than just a massive bureaucratic shift and public reeducation movement?
You are thinking about this from the wrong direction. The problem isn't that the government hasn't provided a PKI, the problem is that social security numbers are being used for identification.
This was a serious fear when social security was originally created. For many years social security cards had the words "not for identification" printed on them. They contain no biometric data, not even a picture. Their purpose is not identification.
So the solution is obvious. Actually prohibit social security numbers from being used for identification. Don't allow creditors to even ask for them.
Then people will figure something else out on their own. Instead of a credit reporting agency existing at all, new credit applications could ask for your account numbers at existing creditors and then the new creditor can get your credit history directly from them. It would be straight forward to automate this -- and even require you to prove that you're the account holder by presenting your card from the other bank (or signing into its website if online).
There is no need for a national identification system. Having a bad one was the original problem. Replacing it with some differently bad one is no better.
> Instead of a credit reporting agency existing at all, new credit applications could ask for your account numbers at existing creditors and then the new creditor can get your credit history directly from them.
How would this even be remotely viable? Why would you expect people to be honest about their credit histories in cases where they had late payments or some sort of default?
> How would this even be remotely viable? Why would you expect people to be honest about their credit histories in cases where they had late payments or some sort of default?
Why would you expect people to not just give someone else's social security number?
Places that extend credit often take into account incomplete data - my girlfriend was denied for an apartment lease because she didn't have __enough__ credit history.
But it is used that way for the lack of a better alternative. In my opinion the solution is a free federal ID card, where all the information on the card (including the picture) is digitally signed, to make forgery nearly impossible.
The only non trivial element is how to sign the photo. I guess there must be a way to sign a degraded version of the picture so that even an average scan of the ID card would be verifiable. Or the card could contain a small, cheap, water resistant memory chip which contains the picture in digital format. Then you can have a high degree of confidence in this physical document.
And there could be other usage of that card. Like if you make it a chip & pin so the card could become an unforgeable digital signature (physical signatures are absurdly unsecure too).
Many other countries have these exact cards. They are not new technology.
In fact, your US passport has that. Look for the biometric symbol on the front. It means there's a chip inside (not sure how to read off it) that includes your digitally signed identity details, including photo.
If you're willing to go the centralized route, then a minimalist ID card would just be a QR code that anyone can open and compare the official photo to you.
> If you're willing to go the centralized route, then a minimalist ID card would just be a QR code that anyone can open and compare the official photo to you.
"Just a qrcode" would be a weird and inconvenient format.
Other countries (Estonia, Spain, Belgium) have smartcard IDs. You can add a qrcode to that, but the primary data store can be secured (and accessed and updated) in much the same way a regular smartcard is, you can access it from your home with a regular card reader and the relevant access application. And of course the size is completely standard. And you can add contactless support to it if desirable.
Plus the US already has experience with these types of IDs: DoD has issued 17 million Common Access Cards.
A QR code (of I presume a URL) would be even simpler to use but creates a big point of failure, as you need to secure a central server that contains the picture of every american and needs to be accessed publicly. We know how these things tend to end.
Whereas digital signing can be done in an offline, airtight system, as long as the public key is widely available.
> In my opinion the solution is a free federal ID card, where all the information on the card (including the picture) is digitally signed, to make forgery nearly impossible.
But what advantage is there in having the federal government do this, instead of just having a bank issue one when you open your account? You could even use the same card with multiple creditors, which gives them access to shared credit history. Then filing for bankruptcy is the same as throwing away your bank card.
A big advantage is that it would push identity control risks to the federal government, which is in a position to want to protect its citizens (it has to remain accountable to voters).
A current problem in the US is that we have three for-profit companies doing that today, whom are only really accountable to each other (sort of) and their shareholders. Their customers are each other and banks; you whose data is actually at risk are not a customer of strong value to them directly.
Probably the majority of US citizens do not want a federal ID card. A number of states refuse to comply with the RealID requirements on their drivers licenses and others are dragging their feet. As a result the drivers licenses of some states won't be suitable for federal identification soon.
At one level it's a bit silly as many have passports and drivers licenses are (almost) a form of universal ID. On the other hand, I sympathize with the push against mandatory federal ID.
> And there could be other usage of that card. Like if you make it a chip & pin so the card could become an unforgeable digital signature (physical signatures are absurdly unsecure too).
Digital signatures are this just as much as any other cryptography:
You can put a gun to someone's head and force them to sign something, or observe their PIN and borrow their card while they're not looking, and the signature will match. Which means it is no solution to the problem where you claim there is a valid signature and they claim it isn't legitimate and the signature can't tell you who is telling the truth.
There are people willing to riot in the streets and burn down major cities because you dare suggest they have an ID card to vote. Can you imagine the uproar and unrest suggesting people carry a national ID card to do anything would be?
Voting is a constitutionally protected right. Accessing a credit line is not. Requiring a national ID to vote potentially discriminates against those too old/poor/immobile to go out and buy the ID card. It's a de facto poll tax, which is illegal.
But, your point is still true. Americans have an irrational fear of a national ID .
- drive to the government office (cost of transit)
- typically during business hours (non-free for hourly employees)
- provide some backing ID (otherwise, what's to stop somebody claiming to be me/you). That might not be free.
Basically, anything that might disenfranchise a protected class of citizen is going to have a tough time getting bipartisan support. Look no further than state-wide voter ID programs - almost all originate in conservative, GOP-led states - and almost all are thinly veiled attempts to prevent poor and minorities from voting (those two groups are more likely to support Democrats).
In some cases, yes. But, not always. The states are a bit of a hodgepodge...
- Washington and Oregon votes by mail for most/all elections (>95% mail ballot). No clue how they validate the sender, but you don't have to leave the house on election day.
- NC voters have to show an ID. But, just about any official-looking bill, bank statement, pay stub, or government document with voters name and address on it will do.
- Arizona similar to NC, but if no photo ID, must show 2 non-photo documents.
If the feds are signing the card, then they have the private key. Let the individual be the only one who knows their private key, and let the feds sign an attestation that the individual's public key corresponds to a particular person.
I can't ask my grand mother to know a private key. A physical document, if unforgeable, will do just fine. At the end of the day, all an ID card does is to outsource authentication to the government, which will do that regularly (every 5 to 10y) and issue an authentication token (the ID card) for third parties.
> This was a serious fear when social security was originally created. For many years social security cards had the words "not for identification" printed on them. They contain no biometric data, not even a picture. Their purpose is not identification.
That's still printed on them.
> Then people will figure something else out on their own. Instead of a credit reporting agency existing at all, new credit applications could ask for your account numbers at existing creditors and then the new creditor can get your credit history directly from them. It would be straight forward to automate this -- and even require you to prove that you're the account holder by presenting your card from the other bank (or signing into its website if online).
> There is no need for a national identification system.
Q21: When did Social Security cards bear the legend "NOT FOR IDENTIFICATION"?
A: The first Social Security cards were issued starting in 1936, they did not have this legend. Beginning with the sixth design version of the card, issued starting in 1946, SSA added a legend to the bottom of the card reading "FOR SOCIAL SECURITY PURPOSES -- NOT FOR IDENTIFICATION." This legend was removed as part of the design changes for the 18th version of the card, issued beginning in 1972. The legend has not been on any new cards issued since 1972.
I'm not sure I get the relevance, but I don't see it as self-evident that simply by banning the use of SSNs you will end up with a coherent national identification system (and if you do I'm not sure why that'd be preferable to one run by the government).
We don't need a coherent national identification system. We don't have a global one, the EU doesn't have one, why does the US need one?
Centralized identification is bad. There exists no competent, accountable, trustworthy party to administer it. It inherently gets abused to aggregate information about people that should be private. Monolithic systems are slow to adapt, allowing attackers to continuously outflank them.
When a bank needs to identify you, let them use your bank account number. When a doctor needs to identify you, let them use your patient ID number. And never the two shall meet.
What happens in that case is they all do it anyway, except in a haphazard and careless way where you might get mixed up with someone else.
Besides that, sometimes multiple entities do need to know who you are; how is it supposed to work if your insurer and your healthcare providers don't aren't able to match you up to one person?
> What happens in that case is they all do it anyway, except in a haphazard and careless way where you might get mixed up with someone else.
It is possible to make things sufficiently mixed up that the entire consent-absent aggregation system falls apart. Prohibiting them from using social security numbers and otherwise not providing any alternative unique primary key would go a long way toward that end.
> Besides that, sometimes multiple entities do need to know who you are; how is it supposed to work if your insurer and your healthcare providers don't aren't able to match you up to one person?
You don't need a single global identifier for that. You can give your healthcare provider your insurance policy number.
> It is possible to make things sufficiently mixed up that the entire consent-absent aggregation system falls apart. Prohibiting them from using social security numbers and otherwise not providing any alternative unique primary key would go a long way toward that end.
Not really. Log onto Spokeo, look yourself up, and see how many errors there are -- but at the same time, how the data is "close enough" to be useful. All compiled without a single identifier like SSNs.
They will figure out that they need some form of 2FA. There is a very simple and crude way of 2FA: Mail.
If you say "I'm bob smith with SSN 12345", then you gave them your id. You didnt' verify that you are in fact bob smith with SSN 12345.
Now they have to verify with some degree of certainty that you are. So they lookup your address, and send a regular paper mail describing what needs to be authorized, and you sign and return it (or call a number and enter a code, or visit a website, or whatever).
This kind of crude 2FA can still be circumvented by someone stalking you mailbox, but it's a lot better than nothing.
Now: what this requires is a mapping from name+ssn (or some unique identifier) to an up to date address. Having that has several other benefits when it comes to e.g. automatic voter registration etc.
Historically something like this, with our without transactions involving SSN, was pretty common. Forget the PIN associated with your frequent flyer account? The airline would send you a new PIN in the mail that would arrive in about a week or so.
There are obvious latency issues with this though and it would mostly be considered less than optimal today.
Right. So this mail 2FA is clearly not good enough for general use, but you really only need to use it once. Just like the airline just mailed the PIN for the next auth, so would a reasonable digital ID work too.
Make a national digital ID app. Applicants fill in a web form saying they want to have it. They enter their personal ID number (SSN or equivalent). The one time key for the digital ID is then sent to the mail address.
The user installs the digital ID app on their smartphone/computer and enters the key from the mail.
Now they can use that app to 2FA anything: fill in their tax returns online, buy things online, send money to anyone else, login to their internet bank or any other website (by open API), manage social security and other systems, apply for schools etc. This must sound like science fiction in the US but it's been a reality for 5-10 years where I live.
Americans are very resistant to the idea of a national ID. Yes, in some respects it already sort of exists between SSN, Passports, and individual states drivers licenses (about which there's still some residual squabbling about complying with the RealID federal standard). It may seem silly but if you as a politician propose a national ID card, you'll probably be involved in a recall election within a few months.
I think it hasn't been framed right. National ID is what gives the easy tax returns, protection against identity theft, less reliance on outdated systems like slow bank transfer, paper checks, manual voter registration, census processes...
I'm not sure what the fear is with a large central table having a number in one column and your name and address in the others.
I'm not going to argue it's wholly rational but there's a strong undercurrent of suspicion of and resistance to federal government power in the US. As a result, distributed messy processes are often seen as a feature rather than bug. I realize that it's probably hard for many Europeans to get their heads around this but it's the way it is--especially outside of coastal urban centers. And I don't even really disagree with this general attitude.
There is nothing that inherently requires this to be national. You could have this system distributed over 50 different databases if you wanted. It would require "transferring" people that move between the systems.
That said -if you are afraid of federal/national systems (which is an entirely valid if not entirely rational position) then why have a federal tax authority, national passports etc? It seems like getting the worst of both worlds if you have to run authorities that obviously need to keep track of every living soul in the country whether they like it or not - but then not giving them the tools to do so.
The EU is federal in much the same way (independent states, we don't want the central EU government to meddle too much in state business etc) but then we made sure that the EU government doesn't have anything to do with individuals in the member states, they deal only with the member states themselves. I pay taxes to the EU only indirectly through my home country's tax - so there is no need for an EU tax authority to know who I am, and so on.
The analogous situation for the US would be there was no federal taxes collected from individuals, if states issued passports etc.
My guess is the fear is of national anything, not just ID. Regardless if it's good or bad, state level authority is a big deal to a lot of people in the US, especially those on the conservative side of the fence.
This solution is still being used all the time. But they've outsourced the sending. They ask you to provide your utility bill, proving that it's you. Therefore there's no need to send a new document, if we already know that you already got existing document.
I've worked on several (poorly designed) systems where the SSN is used as a primary key. In itself, the SSN is not for identification, but as a primary key, it is used to aggregate tons of data about a person. Just think of the scores of databases where data elements exist that are associated by SSN.
It's the possession of that primary key linking all of our data that is the security issue.
Or creating a real citizen identification number: An ID that is connected to your photo and your finger prints at the federal level .. You know, like every other high income country in the world.
In America this would be impossible though. People would cry about state's rights, sign of the beast, privacy, etc.
> In America this would be impossible though. People would cry about state's rights, sign of the beast, privacy, etc.
I don't understand this logic, so perhaps someone can help me out. Nearly all US citizens has a SSN or tax ID number that is tied to them at the federal level. The first is a pseudo-random (I use that term loosely) group of digits that is basically required for you to get anything accomplished in the US. There are no safeguards built in to the SSN, yet it is the most ubiquitous form of unique identification used in the US with no easy way to escape it. If yours gets compromised, you're screwed, and no one is willing to help you.
A driver's license is a step down from that. Most Americans will have a state drivers license or state issued ID. No, it's not federal, but you're still entered into a government database where the information can be shared nationally if needed.
On the other hand, a bonafide identification system with real safeguards to protect your identity would alleviate so many headaches, and it would be no more invasive than an SSN. What is the actual drawback to a national ID?
Do you live in the US? There's a deeply ingrained distrust of the government basically everywhere. You're right that it's beyond rational. I've had conversations here where people would rather the government do literally nothing about a problem than attempt solutions that could not possibly be worse than the status quo because of how deep government distrust runs.
I do. That's why it baffles me. It's so very irrational to me. I don't trust the government to get a lot of things right, but a simple ID system (even when poorly implemented) can't be any worse than SSN as ID.
Lots of significant things use an SSN as a key - medical records, tax information, credit history, financial accounts. An SSN is one of the identifying things that the government definitely has access to. They could easily strong-arm their way around different agencies/companies with an SSN, so protection from government (in my eyes) is a non-argument.
A nationalized ID is supposed to protect us from unscrupulous 3rd parties. If you get someone's name and SSN, you can do a quick public records look up for an address. Confirm it with one company (say a cable co.) and you have unfettered access to that person's life.
I don't think the government could actually do worse than SSN as ID. It's a pseudo-random number with the person's place of birth and time of birth as "seeds". I already assume that Uncle Sam has (or at least access to) troves of data on me. So can they do me a favor and at least give me a half-assed ID system?
I agree a national ID number would be helpful, but I also don't think the distrust of the government is irrational.
The United States is the largest initiator of war and conflict in the world. It is the largest state sponsor of terrorism. It has more air craft carriers than the next five nations combined. It has 1% of its population in prison, more than any other high income country in the world. In 2008, congress/the senate bailed out a terrible corrupt banking industry, allowing CEOs to get away with millions, without consequence, while Americans all over the country lost their homes due to outright fraud.
Distrust of the US government is by no means irrational.
If you want to consider this sort of thing I would suggest looking at something like Apple iMessage for inspiration (and iCloud in general)
Apple is trying very had to do proper public-private key crypto, in a way where not even they have access to the keys, but that is also convenient for the user.
There's a reason, for example (this is the best example) you have to approve new iCloud Keychain devices from an existing device. Because that device re-encrypts the database with the private key of the new device.
Even that can cause problems as once someone forgets their password they may not be able to recover that keychain and by proxy other services. There are some trade-offs including an iCloud recovery key that is protected by HSMs that Apple Have with the complete inability to update their firmware - but that has other trade-offs such as they can't fix any bugs on those devices, etc.
I won't fully detail further I would suggest doing your own reading.
You may also wish to look at FIDO, in a sort of related unrelated way.
A friend of mine suggested that the US Postal Service is in a great place to "pivot" into offering digital "trust" services by leveraging their ability to offer a somewhat credible authentication of an individual based on ones ability to receive physical mail.
Here's my CSB addition... so I just moved and when I submitted my move notification to the US post office, they sent me a bunch of stuff including advertising for a service called USPS Informed Delivery.
Post 9.11, the post office has been scanning the front and back of all mail delivered in the US. This is the corollary physical post anti-terrorism measure to scooping up all text messages and email metadata. Somebody realized that these scans could turned into a service where you can see what's in your postbox without having to visit it. Helpful if you don't get to the mailbox frequently or are traveling.
I signed up for the service and they used some sort of knowledge based question to verify I actually lived at the new address. Questions like "Which of the 4 addresses did you live at previously?" The IRS has tried to lock down their systems with questions like this and failed miserably. With the amount of data accumulated about us all, if somebody wants to dig up info on you, it's possible through a myriad of data broker services.
I failed the knowledge based identity test, I was asked to bring my ID to a post office. I think either they didn't have the right profile information for me, or were confusing the profile information for a prior occupant of my new address. My driver's license has a badge from the DMV showing that I had registered the new address with the DMV. This badge was delivered by mail to the new address. I presented this ID to the post office.
After all this, my request to join the Informed Delivery program was rejected. I have notification submitted with the post office of my change of address, I presented valid DMV ID that was not accepted despite it having been correctly updated with the DMV. While I was there, I was asked to show a second form of ID which was not indicated as a requirement on the program documentation. I've escalated a request for explanation to the US post office without answer.
While I agree the US post office could provide identity verification, they are definitely not geared to actually do so.
The online identity verification questions were wrong for me, too. However, the in-person verification was very easy. The instructions said to bring a photo ID and proof of residence, like a lease.
The ID instruction for me was one ID from a selection of government issued IDs. I brought what was asked for. Weirdly, they also accepted a US passport where the address is written in pencil, by the holder!
Strange, we received different instructions. For me, item 8d in your link was a 2-page document that explained the need for separate address verification if the photo ID had the wrong address.
Yeah, my photo ID had the right address because I had affixed a badge mailed to me from the DMV to the new address with the correct new address printed on it. It's a legal requirement to have the badge affixed to the driver's license after 30 days from the move date.
I think if I had attempted to apply for this service at my old address, it would not have been a problem. I applied for this service around the 30 - 45 day mark after my move. I suspect the post office may be incorporating their historic data (which includes my old address) or possibly they are integrating their mailing system with DMV data (which may itself be out of date due to timing issues in data integration).
Perhaps; but the Postal Service currently operates at a near zero level of security for residential mail. Both incoming and outgoing mails said outside in an unlocked box (for many of us) that can be easily accessed by any passerby.
If (even) more of the contents of those boxes became valuable for easy impersonation and theft, the motivation for people to rummage would increase, and we would all likely pay a cost both in convenience and dollars for ordinary mail use.
> Both incoming and outgoing mails said outside in an unlocked box (for many of us) that can be easily accessed by any passerby.
Yeah, but get caught messing with mail and you can get royally screwed. I don't know of any other country where the Postal Service has its own cops with arrest powers, seems to be a pretty powerful deterrent.
Mail theft is a problem in my area. The USPS is pushing for "cluster mailboxes" which are 20+ mailboxes in one aluminum housing. The problem is they're easy to break into. I had Netflix suspend my account because so many discs went missing. The postal inspector's response was "Did you call the cops?"
We have "mail as 2FA" used pretty widely here, and identity theft usually involves someone e.g. opening a credit card or ordering products in someone elses name, and then stalking their mailbox in order to actually get anything.
So people simply got lockable mailboxes and that works pretty well.
interesting idea - and if you don't have a permanent residence you could just stop by a post office. Seems like they have the right infrastructure and are presently in need of a new business model.
I'd like to extend the 'DMV' / existing government licencing system with a standard digital signature (PKI); which would be applied to the OpenPGP / X.509 / etc public key you provide asserting "I own this" in a standard key-party manor (send the signature encrypted so that only the private key can decode it).
It would also be useful if you could provide multiple keys and associate them with one or more databases: 'full identity' (public listing with name) or key ages (probably 18, 21, and whatever social security/etc ages are).
The latter thing would allow for sites that require 'adult' access without forcing them to request credit cards (not always of age) or personal ID. It might not even be part of the standard flow, but merely as part of establishing an adult is involved if there's a dispute.
PS: 'adult' also implies 'able to sign contract' (such as accept Terms of Service). Financial sites would obviously require the full legal name key.
To actually provide a system for everyone, you'd need more than DMV, or another specialised department. Not everyone needs a driving license and not everyone can get one. This is likely to apply to other agencies in a similar way.
The signed public key could be included on the social security card and passport. The corresponding private key would need to be secured by a memorable passphrase and backups stored in a secure location under your control.
This is what we do in Spain, but with the national ID card. Only detail is that there is no backup, if you forget the passphrase you go to the police station and use your fingerprint in a machine that will reset your pass.
while we're throwing ideas around, how about just keeping a log of loans and payments rather than trusting some agency to come with with a composite 'score' based on...what exactly?
that way, I can decide how much I care about your 2 missed car loan payments 5 years ago and your disputed dry cleaning bill myself when offering you terms.
> how about just keeping a log of loans and payments
Why does my landlord need to know how much my student payments were ten years ago? Or what sort of car I drove then, and how long it took me to pay it off? Or that I once owed money to deplorable-sex-dungeon.com, or whatever other arbitrary thing they find offensive?
As someone who is always on the receiving side of this nonsense (I have no credit, never take on any debt and have always paid my bills), I'm completely with you.
if I were* a creditor, I'd find it pretty valuable to know if a prospective lender was a deadbeat. just trying to find a middle ground here. my score is awful because I never borrow any money. i think that should be qualitatively different to a potential creditor than someone who doesn't pay their bills.
for some number of years that meant traveling (car rentals, hotels) was a huge effort. getting leases on apartments was easier because of references. a mortgage was possible in the seedy 2000s, but not any longer.
A landlord is taking a tremendous risk by letting you rent.
Things renters can and will do include not pay rent, incurring several months (or worse) while being evicted, trashing the house.. if they behave badly or just can't quite keep up with timely payments and you have to rollover to a new renter that is pretty expensive, too.
This isn't to say credit scores are perfect, but they are so effective a predictor of conscientiousness, insurance companies rely on them to predict someone's likelihood of a car accident - on average, they work.
Those are all instances that can be abstracted behind random account names: Account 1,2,3,4,5. And amounts as simply "payments" into an ongoing credit account.
Sure, could I deduce that $1200 a month is for your rent? And that $250 is your student debt repayment because you've been paying it for 10 years?
Anywho, there are different ways to present your credibility as a debt repayor without leaking too much. Not that I'd mind giving out detailed information, as long as they ask my permission first.
That landlord is allowing you to move into her property and if you decide not to pay your bills (or to airBnB the place out for drug parties) said landlord will be out of pocket somewhere around 6 months of rent (eviction takes a long time) plus legal fees and repairs.
This is actually how it works. The lender gets to pick the scoring model they want to used based on the raw data provided by the credit bureaus. The credit scores you see on e.g. creditkarma are just one of the many models in use; they're all pretty similar in practice, but vary by a few points depending on what they emphasize.
They aggregate "events" reported by various creditors. Miss a utility bill and it goes to the centralized databases. That's why you so often need to provide SSN to activate services with post-paid debts.
Having a public/private key system doesn't solve the key problems of identity, namely, a link between your public key and you, and ensuring that it's not easy to create new alternate identities.
Having a digital signature by a private key is a decent way to ensure that you are linked to the public key, if the recipient knows the identity of the public key, and the private key is hard to copy (i.e. not memorizable, not something you type in to a bunch of potentially compromised computers). One way to do this is like Estonia's e-ID, which includes such a private key in the gov't issued photo ID; but having such an ID in the first place seems anathema in US.
An elliptic curve key is probably memorizable (a 256-bit number essentially) but is not quantum-resistant. For quantum-resistant schemes you might be able to memorize a 256-bit seed for a key generation algorithm. You can look at bitcoin "brain wallets" as precedent - they basically translate these random seeds into a memorizable phrase.
That being said, people are unlikely to bother memorizing a 256-bit key, and even if they do they'll just type it into a shady form in a phishing email anyway. Better to just put it on a smartcard chip - it's proven technology that's been rolled out in other nations already.
We have something like this in Belgium with our eID cards. AFAIK the chip has a public/private key. I use a PIN code to unlock the private key and I can create signatures with it to prove my identity.
Websites can actually use this for proper citizen authentication (and non-repudiation). The integration has UX bugs, but at the end of the day, I am very happy that we have something much more secure than a US SSN.
Erm, what do you mean "our"? This system cannot even be justified via the usual democratic collectivism - the commercial surveillance complex is a purely independent adversary that has formed on its own!
It certainly has had help and encouragement from government mandates (SSN, drivers license/plate, monetary surveillance, etc), but even if those were eliminated it would continue just fine using its own primary keys.
As such, it can't really be top-down reformed much [0] except for correctly assigning liability for the fallout from its negligence. For instance, having to repudiate an incorrect debt from a libelous bank or surveillance company should entitle one to easily claim reimbursement for the expenses occurred (including time) to do so.
In the coming weeks we'll undoubtedly see calls to "reform" this system through the technical strengthening of the identifiers it assigns onto us. This is a recipe for rekindling belief in the authority of private surveillance as well as an invitation for it to invade even more aspects of our lives. This is not the direction we want to go!
[0] Of course we can all work on solving the problem from the bottom up by cloaking ourselves. Spend cash when possible, rotate your grocery psuedonyms often, etc.
While I agree with you on all other points you mentioned, it's pretty clear to me that the voting public are _perfectly_ okay with the authority of both private and public surveillance, so long as it satisfies one or more of the following criteria:
* Reduces, or is thought to reduce, the cost of credit to the individual concerned. ("I'm okay with it, if it means I can trivially get access to credit because my credit score is good.")
* Prevents, or is thought to prevent, the risk of terrorist action or harm to children.
* Is limited to "others" (poor people, immigrants, other races, etc.).
Freezing credit needs to be free and one button until we have this fixed. Freezing and unfreezing needs to happen quickly.
We also need to know every time our credit is accessed and updated, not monthly like current reports, realtime.
This right should be in the digital Bill of Rights that need to happen as well that you should be able to protect yourself in the case of a breach at no cost to you.
Blockchain seems like the direction, but with how slow we move in everything legislatively, we need something now that allows freezing to be free, fast and easy.
The three credit bureaus, because they are in a fixed market and not truly in a competitive fair market with a privileged position, they got lazy just like the ratings agencies during housing crash. Lack of focus on their core missions due to no competitive threats.
Freezing I can see being fast and easy. At best you can troll someone by freezing their credit at an inopportune time - which might cause them to lose money, but less likely in general, surely.
Unfreezing? The whole point is to delay access, it can't be fast or it defeats the purpose. "They" have everything they need to unfreeze (otherwise why would freezing be necessary), so the only real protection you have is to forcibly delay access until you can prevent it.
I was intrigued by the idea of using a blockchain to anonymize and secure lending, so I looked it up and a trial of such a thing was run a few months ago. I found this gem:
> TransUnion and Equifax said they are always assessing new ways to secure consumer credit data, an area that is tightly regulated by governments around the world.
The irony aside, it seems like the exact sort of thing a blockchain is good for: verifying transactions with a high degree of anonymity among parties that fundamentally do not trust each other. If I say I've had transactions that I say I have, I should be able to send you a code for you to verify it. There's no reason why I shouldn't have to consent for my private financial information to be disclosed to strangers in the first place.
I don't see how using an anonymous blockchain is useful for storing credit data because it makes it trivial to walk away from a bad credit score and start over from zero.
Also, FWIW you do have to consent for someone to run a credit check on you.
> This is a terrible way to manage identity. From afar, a Social Security number looks kind of like a password. But you can change a password, and you shouldn’t use the same one with every service.
Going on a tangent, Apple has made the same mistake with TouchID.
TouchID is better than no passcode, that's the purpose for it.
Joe/Jill Public won't use a passcode on their phone, because it's too much hassle. But they WILL enable TouchID, thus rising the bar for random phone thieves/hackers.
People didn't start picking my phone up and trying to get into it until I set a pin. Back when I had an android there wasn't even a lock screen and no one ever touched it.
I know very little about cybersecurity and cryptography, but wouldn't it make sense for each device have a different passcode associated with a touch id? For example, my iPhone has a passcode XXXXXX, with touch ID associated with it. At the same time, my Macbook has a passcode 0123456789 with a touch ID associated with it.
> I’m sure Facebook, Google, and PayPal would all love to take over from the credit bureaus, and there are real reasons to be wary of that. Some people will tell you we should put it all on a blockchain, decentralizing the system and querying discrete pieces of information as needed. New solutions bring new problems, and there’s no perfect answer to any of it.
This is what concerns me most as we move from this to implementing solutions. We now have a glut of technology companies, some large and trusted, and many that will be created specifically to address this, that will permute the risk factors an pitfalls of such a business infinitely. One hundred companies doing credit bureau things means 100 places you'll have to put your sensitive info, 100 places that will have some different vulnerability, and 100 more targets on your attack surface.
Granted, one of these solutions may be sound, viable, secure, and advantageous to consumers. But the extant bureaus and any company that comes in to compete is a business, needs to make money, and will resist competition, will resist security over profit, and will never capitulate to a better competing solution until their last dollar is raised and spent.
This is the case in many european countries. European VAT IDs are usually recorded in some kind of publicly accessible registry and usually build by prefixing ID of tax payer with country code.
For example in czech republic:
- everyboby has "birth number", which is more or less equivalent of SSN except it in clearly encodes gender and for most people also DOB.
- corporations and any entity that is licensed for trade (including sole proprietorships) have "ICO" (which somewhat funilly translates into "personal identification number"), in essence it is equivalent to US's EIN.
- any entity which directly deals with tax office has DIC (tax identification number), which for natural persons is "CZ" + birth number and for other entities is "CZ" + ICO, same string is also an EU-wide VAT ID.
Once you start a bussiness or even own part of non-tradeable public company (which includes things like homeowners association) all three of these numbers are readily available in various open access government registries, together with first and last name and usually with registered address and thus nobody uses knowledge of one of these numbers as serious authenticator (but from time to time it is used as kind of filter for who given bussiness is willing to deal with).
When the system begins causing big losses for creditors, they'll start to take notice and develop a better system. Until then, the best thing you can do is freeze your credit and only unfreeze it when you need it.
That's not what I'm suggesting. Rather, the feedback loop you identified sadly lends itself towards marketing or financial stratagem as or more easily than making substantive changes.
Here we go again. A new great example how the neoliberal thinking and narrative just simply fails on humans. You want to give your data to corporate America and assume that they will be careful about protecting it? Than I am laughing hard at you. SMH The stupidity of free markets and the myth of self regulation. Ridiculous.
That's why it's more important than ever that we support and implement new important initiatives like that of Tim Berner Lee's. He wants a platform that gives users control of their data. Very good idea IMO.
I am pretty familiar with the idea and conceptually I am a proponent for it but the question becomes who pays for the hosting of your data, what's the incentives to get me to store it and for others to use only the data that I have?
I am also sceptic with regards to corporations having the data but government owning it doesn't make it much better.
In Denmark you mostly need to get access to one place in the system and you potentially have access to the data across the different verticals, Danish system is also SSN based.
The biggest problem though is what is the alternative to a credit bureau system?
I have friends who are twins and they both were issued same SSN number. Apparantly their primary key is first_name(first 6 chars)+last_name(first 6 chars)+DOB
Twins most likely have been born in the same city, unless the birth happened e.g. on a high speed train and they decided to file different birth places depending on the closest station.
Banks do need it when applying for some accounts in the UK, in particular ISAs because of the tax implications. I've also had it requested by a share broker. A list of places that use it is here:
https://www.gov.uk/national-insurance/your-national-insuranc... Note the pages says: "To prevent identity fraud, keep your National Insurance number safe. Don’t share it with anyone who doesn’t need it." !
> I've never been asked for it as an authenticator though.
What are you asked for as an authenticator? Do you have a drivers' license number, or a tax identification number, or a birth certificate number, or a passport number, or some other national identification item?
A consistently formatted identifier that's unique to every person in the country just seems like it would be too tempting for businesses not to use.
The NIN itself may not be an identifier, but a) you need it to open a bank account, b) it's definitely a security question for some banks, and c) you can use the NIN assignment letter from HMRC to your postal address as proof of residence.
The point is that in most of the world various government assigned IDs are just that: IDs and are usually used as such and when they are used as authenticators it is only for low-risk purposes and as an additional authentication check. On the other hand in US knowledge of SSN and few other bits of information is often all that you need to impersonate someone for pretty high-risk transactions.
Not only this, but the entire banking system is fucked up. I have an account number and routing number, then I can do whatever I want to your account. That's bizarre.
Here’s a scary fact: take your SSN and add 1 to it. That’s a valid SSN! There’s no checksums or any security features at all. If you were assigned a(n) SSN at birth, that new SSN has a high likelihood of even being someone born in the same hospital as you.