Killing Social Security Numbers Will Make Identity Problems Worse


“A good name is more desirable than great riches; to be esteemed is better than silver or gold.” – Proverbs 22:1

As the proverb notes, identity is a matter of public record. And our public reputations matter quite a lot – socially as well as economically. That is why the debate to kill or replace social security numbers is so grossly misinformed.

Names and date of birth alone are not sufficient to uniquely identify us. As a result, if the social security number is banned from use, then the risk to our reputations is high. What if two John Smith’s are born on the same day and one joins the military while the other goes to jail as a sex offender? What if two John Smith’s are born on the same day and one goes on to build excellent credit by paying all of his debt on time while the other John Smith has gone bankrupt multiple times?

How do we keep these identities separate so that our reputation – good or bad – is appropriately tied to the right, unique individual?

The Importance of an Unique Identifier

To keep identities separate in a country of more than 300 million where many names and dates of birth are shared, we need a unique, national identifier. Enter the social security number. The SSN is quite effective – even when SSNs are public – at uniquely describing a person. Because Americans have a set of static, unique, and public identifiers, then concerned parents in a neighborhood can know when a sex offender moves into a nearby dwelling or a bank can check a FICO score to determine the creditworthiness of a particular person.

Establishing a person’s unique identity in the context of their criminal history, educational degrees, and bank history is a straightforward problem. Humans use faces, which are public, to establish the identity of a person they are discussing in a conversation. A parent might use a name, date of birth, and SSN to lookup the criminal history and credit score of a nanny they might employ to watch their children. A bank might use the same information to check a credit score. In both cases, the unique, national identifier is necessary to ensure that the parent is screening the right nanny and that the bank is screening the right customer.

If the social security number is banned from use but the problem of ensuring we are talking about one unique person – and that person’s reputation – will remain, then organizations will need to establish a new, unique national identifier. The most likely course of action industry will take is to use every American’s face as their unique identifier. Faces, like SSNs are public, but they actually compromise privacy far more than SSNs because organizations can now track a person’s face online and offline through cameras and resolve that behavior to a single identity. More tracking isn’t a good thing so a non-biometric national identifier is a good thing for privacy.

Social Security Numbers are Usernames, Not Passwords

The problem with social security numbers is that some organizations are using them as proof of identity. They are using social security numbers as a password rather than a username. For example, many organizations allow customers to call a support number and use a name and corresponding last four of SSN to reset the password on an online account. Clearly, that is a negligent practice that must stop.

Americans need a national, unique identifier. The country simply needs to agree that all of the static information, names, dates of birth, and SSN – our American usernames if you will — are now a matter of public record just like your Twitter or Snapchat handle is a matter of public record. But knowledge of SSN – just like knowledge of someone’s public Twitter handle – should never be used as a password.

To defeat identity theft, organizations need to use a combination of possession and biometric based methods to ensure that the person claiming the public legal identity of an American is in fact that person. Possession and biometric based techniques include uploading an image of a driver’s license, liveness tests on selfies to match the face of the user claiming an identity to a driver’s license, device identity and history e.g. has this device been tied to fraud anywhere else, and so on. Knowledge of someone’s identity history can only be used as a user name – not a password – because once secrets aren’t secret anymore it doesn’t mean that the knowledge isn’t true – your name, date of birth, and social security number are still perfectly valid — it just means that the secret can’t verify the identity of the bearer anymore.

Members of Congress, the media, and even CEOs of public companies need to stop conflating usernames with passwords. A good first step towards separating signal from noise would to be refrain from publishing the opinions of CEOs of companies that suffered massive data breaches on how to solve this problem. Those executives had their chance and failed. You probably wouldn’t ask the owner of a home that is burning down for advice on how to prevent fires; it’s the same with identity.

There are two questions to answer for transactions that need identity. Whose identity are we describing? Is this person the owner of the described identity or an authorized proxy?

American companies are struggling mightily with the latter question. Ironically, the increasingly accepted wisdom in the media and Congress is to destroy the social security number, which effectively solves for the former problem, even though no one is quite sure how that solves the latter problem. It doesn’t – it just makes the overall problem a lot worse.