why the SSN needs to go

[Dave Farber <dave () farber net>]

------ Forwarded Message
From: Peter Bachman <peterb () cequs com>
Organization: Cequs Inc.
Date: Sun, 09 Mar 2003 10:50:03 -0500
To: dave () farber net
Subject: why the SSN needs to go

Dave, 

The SSN is outdated and needs to be replaced. In its place we need to
have a user generated number that can be changed as necessary to
prevent identity theft, can be flexible enough to create a paper trail
when necessary, and work as a high quality unique identifier in data
systems, while
at the same time being transparent enough so that the end user can see
at all times where it is being used and stored. It should meet data privacy
standards here and in Europe.

At the same time the cycle of identity theft needs to be broken. Costs
associated with identity theft are often not measured in dollars but wasted
time on the part of the victim. This is because there are limits to the
financial
burden to the individual. As a result costs are shifted to the general
population. Wasted time represents real opportunity costs.

There is currently no adequate compensation for the amount of grief
that a victim is forced to endure, because generally, our society does
not recognize "falling out of the system" to be something that should be
compensated. 

Being forced to delay a mortgage, being turned down for credit,
or simply not being recognized for who you really are, is actually a huge
problem in a society in which distributed systems are part of what you
can do at a particular moment in time. Identity is a keystone concept of
security in distributed systems, but at the same time, may not be the best
tool to use in all circumstances.

There is a segment of data gathering institutions which will oppose such a
move,
because they seek to easily aggregate even more information. Increasingly
they have
taken on more responsibility for this security, but at the same time that
comes at a cost
of knowing more about you than they really should.

They must be given a viable alternative, because the current approach is
shifting costs. 

We are simply piling too much functionality on a unique number that was not
designed in such a way to
handle that load. There are far better ways to get unique identifiers than
to
rely on this scheme.

Privacy and security demands that a balance be struck between parties to
safeguard this type of information,
especially when it can be demonstrated that it can be so easily exploited.

Products which manage this relationship well, (by layering effective
security around personal information)
will increasingly come into demand, as the previous trend of aggregating
personal information
itself gave benefits (and risks) by creating unique records within
distributed systems. Products
which expose the user to risks will be questioned. Many distribution systems
may be challenged by
the introduction of a unique verified relationship between producer and
consumer. 

For example, why should one "pay per play" (as a jukebox) for music or other
content? Why should one
be forced to pay again and again for content on different media, from LP to
CD, to SACD, as
the reproduction quality increases?

The content provider could simply license you to listen or watch, a specific
movie on any system, at any time, regardless of your location.

It's a very good thing to be able to walk into a store (or online) and be
able to purchase thousands
of dollars of goods, it makes the supply chain very flexible. However when
people abuse that
access, by stealing other people's identity documents, this is a major
problem, and makes
a major chore for system administrators to guard what would otherwise just
be a meaningless
number. Keep the SSN for what it was intended for, and replace it where it
needs to be
a unique identifier. Remove the exemptions that allowed for the collection
of that data,
and "gluing together" of records without transparency. This will require the
cooperation of
all parties to come up with a better solution.

The analysis seems to point out that a one truly secure method of
approaching this problem is better
than vulnerability in multiple large aggregated systems which may have
multiple points of access to
the data. This argues for continued research as to a more viable
alternative, and many systems
have replaced the SSN already with records tied to identity management
systems, often based
on LDAP and X.500 datastores, which can be updated by the end user. The next
time someone wants
your social security number, ask if there is an alternative they can use.


Peter Bachman
Cequs Inc.

peterb () cequs com


------ End of Forwarded Message

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/