Cryptographic replacement for social security numbers

tl;dr: US Government is looking into replacing social security numbers with cryptographic key pairs or blockchain.

I’m sure we have lots of opinions on this.

Also worth mentioning:

If you asked me, “What’s the ideal system for identity and trust as of 2017?” I would say blockchain.

But is the US government capable of effectively implementing it? No.

So we should privatize it, right? Yikes.

3 Likes

I’m sure the US also has some form of eSignature thingy available already for its citizens, so wouldn’t it be simpler to just make that mandatory? You know, for any sort of verification you need your id card that holds your key, plus the pin naturally.
Seems weird, or I just don’t understand, the whole point to change the ssn system completely. In my eyes the whole problem is that the current system is too ‘gullible’ in a way… that currently people are verified with the help of the ssn, rather than just being identified.
So for identity, the ssn works fine and wouldn’t need to be changed, but there has to be a step of additional verification.
Something else than fingerprints or irises tho, because if that data gets stolen good luck changing them afterwards.

I can’t think of anything that resembles an eSignature. I believe the only 2 ubiquitous forms of identification are Social Security number and birth certificate. Passport, drivers license, state ID etc are all voluntary and considerable portions of the population don’t have them.

There was some sort of PIN that was used when filing taxes, but I don’t remember using it for the past year or two…

We don’t. It is a bit of a problem.

5 Likes

Wow, didn’t know the ssn was a mess like that. Yeah maybe it does require an update.
But still, they even stated in the video that it’s used for verifying identity even if it’s not intended for that purpose.
Like saying whoever holds the keys owns the house…

what if someone was actually named joe generic, way to go government

It’ll be interesting to see what people come up with. I mean, the immediate way to look at this is from a perspective of keeping the information protected from being guessed, like the current SSN system. So obviously we go to public/private keys. But large swaths of the population have no or extremely limited access to technology. Homeless people, for example, are further disadvantaged because they don’t own a computer to maintain their private key. So the homeless slip further away from the rest of society.

But the thing is you don’t need to be a techie, you’d just get an id card with a chip that’s it. Should even be free to grab one. And if you don’t have a computer, well, you’re not doing any verifications online anyway, but that id card can still be scanned wherever your identity needs to be verified.

Agreed. Also, the chip card can be replaced if it’s compromised.

As much as I’d like to see a blockchain solution like Civic, I think there’s a better chance the government could pull off a key pair/chip ID solution.

Yes, this is something we can easily state, but then this isn’t really PKI anymore, is it? If the .gov can generate a new ID card for me at will, then they have both my public and private keys. And once again, we’re a single breach away from millions of IDs being stolen.

1 Like

The US SSN system is odd, I’m from the UK and I have several government numbers issues to me. National Security number that is used in the collection of certain taxes and welfare benefits. It was issued for my 16th birthday. A driver’s licence number that should be self-explanatory. An NHS number for all medical related things And I would have a passport number is I had one. The driver’s licence and passport numbers are linked and that is as close as we get to a single identity number.

Simply knowing someones NI number or driving licence number or any of the others would not be enough to compromise a person identified in the way knowing an SSN would be. it’s like it’s a magic key or something that could let someone unwind a persons life.

The UK government was getting pressure from the EU to introduce an ID card system. Around 15/20 years ago they tried to introduce ID cards for everyone here. There was a lot of resistance and they dropped the idea, but not before putting several systems in place. One of which was the new photo ID drivers licence we used paper licence before that. Biometric passports and the computer system for the ID card system. This is why if you need to replace your driver’s licence or passport they can use the photo and information from the other.

Don’t think that a single leak would compromise the system, since one would need the public key (crack the gov database), private key (steal/skim your card), and possibly a hash from a pin or a fingerprint or whatever (have you provide it). Plus the ssn to identify you as a person to bind all that data to. And since you never keep all the eggs in one basket… while it’s not foolproof (nothing is), it should make everything more robust multifold.
And while you could revoke a key, it would prolly need a face + some knowledge of what has happened to you in life, or a death cert.

That’s the double edged sword that makes me consider advocating for anarchy.

1 Like

I don’t think they would have to store your private key after they give you the card, but of course, that doesn’t mean they wouldn’t do it anyway. And there would need to be some system in place for proving who you are if your card is lost/destroyed etc.

Also as @Baz mentioned, if a PIN or biometric layer is added as a hash, then a government leak becomes less catastrophic.

AI-narchy

1 Like

Make the private key some number calculated by scanning a fingerprint. I’m just throwing shit at a wall and seeing if it sticks.

Maybe not plain biometric, because that would be too static (and then there’s the moral issue that should every newborn have their bmetrics recorded?) But using biometrics (or pin) to unlock the actual key adds another level of authentication whilst keeping the option to change the key if needed open.

I believe all babies in the US have their hand and foot prints taken at birth. I think it goes on the birth certificate.

I’m just now realizing that I don’t think I’ve ever seen my birth certificate, and I have no idea where it is…

Technically you could use a finger print as a salt but in reality that reduce security not to mention be a development nightmare

The Social Security Number was never meant to be a form of identification. (It used to say so right on the damn card!) It just turned into that, most likely imposed upon the public by private businesses. It’s obviously bad as a form of identification, because it’s so damn universal. If businesses used their own ID numbers, and SSN was only used for very specific purposes, it would be much safer. Sort of like not using the same password everywhere.

This sounds like a national ID system. I can tell you, there will be serious backlash if this is the intention of revising the system.