White House Official, Former NSA Hacker: Social Security Numbers Are Useless
White House cybersecurity coordinator Rob Joyce said Tuesday that he believed the United States should begin to do away with Social Security numbers as a national identification method and move on to something more modern.
Speaking at the Washington Post’s Cybersecurity Summit, Joyce—a veteran of the National Security Agency’s hacking division—said the time has come from the government to turn to cryptographic identifiers for its citizens.
"I believe the Social Security number has outlived its usefulness," Joyce said, noting that the number cannot be changed—even after it has been compromised. Social Security numbers are only changed in rare cases, meaning even victims of identity theft are often left using the same number that has already been stolen from them.
Joyce also said that every use of the Social Security number puts it at risk. Because the number is a vital identifier for American citizens, every time it is given out increases the chances that it could be exposed.
"It's a flawed system that we can't roll back after a breach," Joyce said. "It's really clear there needs to be a change."
Joyce’s comments come just weeks after the data breach at credit reporting firm Equifax that resulted in the theft of personal information including Social Security numbers for as many as 145 million U.S. citizens. The breach effectively compromised the national identification number of nearly half of the entire country.
In response to the breach Equifax has provided consumers with credit monitoring services and other tools designed to help protect their identity but the bell cannot be unrung. The social security number of those Americans will be at risk for the rest of their lives, and their personal information will likely be sold and traded online among criminals and other malicious actors.
Joyce has reportedly raised the issue of ditching Social Security numbers with the Trump administration. The administration has in turn asked federal departments and agencies to look into the vulnerabilities associated with the current system and how to go about replacing it with a newer, more secure alternative.
Joyce had his own suggestion for a replacement: a “modern cryptographic identifier” like public and private keys. These keys utilize encryption methods to authenticate an individual. A person has a public key that is accessible by anyone who wants to communicate with them and a private key that only they hold. That private key must be verified in order to receive or send a message.
The White House cybersecurity coordinator has an unlikely ally in the move away from Social Security numbers in former Equifax CEO Richard Smith. While the breach at the company that happened on Smith’s watch is responsible for the latest push to move away from Social Security numbers, the ousted executive echoed the idea while testifying in front of Congress Tuesday.
"The concept of a Social Security number in this environment being private and secure—I think it's time as a country to think beyond that," Smith said. "What is a better way to identify consumers in our country in a very secure way? I think that way is something different than an SSN, a date of birth, and a name."
Smith said his Social Security number has been compromised at least four times and said, “that’s just untenable.”
© Copyright IBTimes 2024. All rights reserved.