My NYT op-ed; SSNs are dead now, but this is another Target moment

Click to read my New York Times op-ed.

I’ve always said ID theft is basically a marketing ploy. We stick with an outdated system that hurts people all so cashiers can try to upsell credit cards (“Do you want to save 20% today?”). And I’ve often said one of the best things that could happen would be publication of all SSNs, to once and for all end the fantasy that the number is some kind of secret.  Today The New York Times let me say that. Here’s an abstract of my just-published New York Times op-ed. Click the image above to read the whole piece.

Back when ID theft was mainly credit card fraud and a 100,000-record leak was a big deal — the good old days, around 2004 — my hacker friends and I would sit around and brainstorm ways to slow down the “fastest growing crime of the century.”  One came up again and again: Someone should steal the entire database of Social Security numbers and publish it online somewhere. (No one tried, that would be a crime!)  Why do something so crazy? Once and for all, it would eliminate the fantasy that an SSN is both a unique identifier and a secret to be used as an authenticator.

America’s identification system relies on the fantasy that an SSN is a secret.  Publication of the full SSN list would shatter that fantasy, and force the banking industry to invent new and genuinely effective ways to protect consumers from identity thieves.

It seems that’s finally occurred.  Equifax is being terribly, dangerously vague about its stunning loss of “potentially” 143 million Social Security numbers.  The data “outs” roughly three-quarters of Americans with a credit report.  Might as well be everyone.

Whatever the firm finally cops to, this much is certain: Social Security numbers are no longer a secret.

What now?

This Equifax hack could, and should, be another Target moment. It should spur industry into action and upgrade.  No one technology is going to replace SSNs as an identifier and a secret, and that’s a good thing.  There is security in diversity.

Whatever the fallout from Equifax, it should be clear, finally, that SSNs were never designed to be a security tool, and their usefulness for that purpose has run its course.  Just publish the whole list and be done with it. Then, get on to the business of keeping our secrets a secret.

Click here to read the entire piece at The New York Times. 

 

AlertMe

If you’ve read this far, perhaps you’d like to support what I do. That’s easy. Buy something from my NEW LIBRARY AND E-COMMERCE PAGE, click on an advertisement, or just share the story.


About Bob Sullivan 1366 Articles
BOB SULLIVAN is a veteran journalist and the author of four books, including the 2008 New York Times Best-Seller, Gotcha Capitalism, and the 2010 New York Times Best Seller, Stop Getting Ripped Off! His latest, The Plateau Effect, was published in 2013, and as a paperback, called Getting Unstuck in 2014. He has won the Society of Professional Journalists prestigious Public Service award, a Peabody award, and The Consumer Federation of America Betty Furness award, and been given Consumer Action’s Consumer Excellence Award.

2 Comments

  1. Hi Bob,
    Thanks for your excellent work on the Equifax security breach. I learned about your efforts in today’s Philadelphia Inquirer article by Stu Bykofsky.
    My password manager team sent me a relevant link:
    https://blog.lastpass.com/2017/09/equifax-breach-means.html
    that advocated the importance of implementing credit monitoring before credit files freeze by stating, “Make sure you’ve signed up for credit monitoring before you freeze your credit. Once you freeze it, you will not be able to sign up for the monitoring to be notified of any unauthorized changes that could occur if your information has been stolen.”
    Do you agree?
    Best regards,
    Richard Plummer

  2. Bob,

    Very insightful article as always. But our efforts to convert to cards with chips in them are, as usual, half hearted at best. Why have virtually no retailers or bank gone to a chip AND PIN system – which is what really makes the European system safer?

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.