We have heard this story so many instances that we already know the way it will unfold. Big firm proclaims breach. CEO makes assertion of contrition. Government in command of cybersecurity is publicly fired. Prospects obtain letters of apology and identification monitoring companies. We return to life as regular till one other breach restarts the cycle.
Our present use of SSNs mixes two ideas: identification and authentication. Identification mechanisms enable us to uniquely determine a person, whereas authentication mechanisms enable us to substantiate a person’s declare of identification. Consider it this manner: If you stroll as much as the entrance desk of a resort to test in, you would possibly determine your self by title, however then the desk clerk asks to see your driver’s license to authenticate your claimed identification. Within the on-line world, you would possibly determine your self with an e mail handle, however you authenticate that declare together with your password.
We at present use Social Safety numbers as each identifiers and authenticators. However Social Safety numbers are, in reality, solely identifiers since there is no password or different authentication mechanism related to them. If you share your quantity with a lender, landlord, potential employer or your dentist, there’s nothing stopping them from utilizing it to impersonate you. And that is the place publishing all SSNs is available in. Making all SSNs out there to the general public would make it inconceivable to make use of them as authentication since everybody would know everybody else’s SSN. They usually may then nonetheless be used for identification.
What number of digital and paper recordsdata scattered world wide include this nine-digit key to your identification?
Even when you have not already been the sufferer of identification theft, chances are high good that hackers have already got your SSN. It could be sitting in a bootleg digital file someplace, as hackers look forward to the fitting alternative to make use of it. For those who weren’t affected by the AMCA breach, there have been loads of different alternatives on your information to fall into the unsuitable arms.
Once we mistreat identifiers as authenticators, we facilitate identification theft. Anybody who has ever obtained your SSN, legitimately or illegitimately, can declare your identification as their very own. And, worst of all, there is not a lot that you are able to do to thwart them. In contrast to a password, it is extraordinarily troublesome to alter your SSN. It is as if everybody you ever invited into your own home saved a duplicate of the important thing and also you’re unable to alter the locks.
Safe authentication expertise already exists. We use it every single day to guard our social media accounts, e mail inboxes and the handfuls of different mundane logins which might be a part of our on a regular basis lives. Should not we cowl our most delicate monetary data with at the least that very same minimal stage of safety?
Sadly, implementing sturdy authentication is troublesome and costly, and there is no incentive for credit score reporting businesses, monetary establishments or different bureaucracies to put money into the expertise required to exchange our present use of SSNs. With no burning platform, nothing will change. However Congress can mild the required hearth by directing the publication of all SSNs in 5 years.
This can be a drastic, however obligatory, measure. Mandating the longer term publication of SSNs creates a digital time bomb that may drive a repair to a essentially flawed system. Whereas setting a time bomb could seem irresponsible, keep in mind that the tens of millions of SSNs already within the arms of hackers represent tens of millions of particular person time bombs, ready to throw off their shrapnel of identification theft. A type of bombs may need your title and Social Safety quantity written on it. Let’s disarm them.