That's, right, eliminate all privacy and secrecy surrounding SSNs. Publish them for the living the way they currently are published for the deceased. They would become about as secret as someone's address, license plate, phone number, or email address. They would still work perfectly as an account number to be used by the SSA, but they would instantly lose all utility as an ID/authentifier, forcing people to use something else for that purpose.

Greg Shenaut

That never occurred to me -- a really interesting idea! It would certainly drive home to people that the number is in no way secure or useful as an authenticator. It would be a disaster if we did that tomorrow, of course, but food for thought for future systems.

Chris,

I was pleased when I started reading your note, distinguishing between authenticators and identifiers, because I thought you'd see the point of this distinction. But no :-( The original poster is 100% right. Society needs a good _identifier_, because the main alternative "name + address" is messy and too fluid. But there should be no secrets to this. The best way of driving home that SSN is an identify - like "name + address", but better - is to make them all public. But there's one more step.

If I go into your bank and give them your name, and your address, and they let me empty your account, no one would dispute they were foolish and legally liable. But with identity theft, we are constantly blaming the entities the let info (like SSN's) slip yet I scarcely ever see criticism of the real culprits. This one is easy. SSN's were not designed to be secret, are NOT secret, and are easily guessible, and if someone (a bank, a business, whatever) treats them as some secret password (an authenticator) - which they were never supposed to be - then they should be immediately 100% liable for all damages including consequential damages. Yes, it would be harder to open a new account, etc, but the price would be worth it because the people who _should_ be guarding against identity theft would finally have incentive to do so (wherease now they have none.)

Use SSN to "prove" identity should be treated the same as citing a name and address to "prove" identity. I.e. obviously unfair, idiotic, and culpable.

Identifiers are not authenticators. We need to a good identifier, and SSN's will do fairly well in the U.S. Let them be that! Don't hide them. Anyone who thinks that since it's a good identifier, it must be a good authenticaor, has no business running a business like a bank.

I totally agree that it's very clever, yet very simple, and you're right, it would have to be at an announced later date, to allow all the entrenched systems to replace their current authentication schemes.

However I don't think it's politically feasible (even though technically it's a great idea). All the huge companies with big pockets would lobby against it because they don't want to spend the (admittedly) large amounts of money required to develop alternate systems. Smart entities have already moved away from using SSNs as identifiers where possible (some States have stopped using SSNs as Driver's License IDs for example).

The ironic thing is that the University where I work was using SSNs as identifiers, and decided to change that using just this approach. They came up with their own generated University ID number (SSNs are still used internally for associating Tax reporting and Benefits, but have tightly controlled access), and planned to make that number completely public. It's *intention* was always as a public identifier, and everyone got a *separate* user name and password for authentication. Then the legislature (who understand technology about as well as I understand Clam genetics) decided that the University ID was *private* info and designated it protected information, even though it is *never* used for authentication (only for identification). Years later and we're *still* fighting to get them to change that policy, even though it makes no sense!

I hate clueless politicians!

Well said!

Agree wtih all of the above. This would do an incredible amount to curb identity theft.

A program has been circulating since at least the mid 80's (available from your local cops) that will give you state of issue and approximate age based on your SSN. I've long ago memorized my SSN and destroyed my card but I now have to carry a Medicare card whose number is, guess what?, your SSN followed by -A. Try to get medical coverage without the card! How stupid is that? Probably the most vulnerable age group to identity theft might as well have it stenciled on their foreheads. For once I agree with the right wing religious nuts. It is indeed "The Mark of the Beast"!