Secrecy of Social Security Numbers December 12
I was alerted by UCLA this morning that an attacker has accessed private records (including SSNs) of as many as 800,000 people associated with UCLA. This has been going on since October 2005 (14 months). This is getting a lot of coverage in the news (Washington Post, Slashdot, more from Google News).
The underlying problem is quite obvious: we have no secure identification system, and in the absence of such a system we have an insecure one. Many privacy advocates are opposed to a government issued ID card. I can sympathize with those concerns. However, in the meanwhile we have people using what amounts to a single password for every account: the social security number. The single password problem is that if even one database gets broken, the password for all other sites is known. So, your security everywhere is as weak as the weakest security anywhere.
Hopefully securing the identity problem will become a bigger priority as more of these attacks are publicized. The solution is not difficult technically, but requires some degree of standardization on identification techniques. In one scenario, public companies (such as Paypal for instance) could provide identify verification services. Paypal has your information, and Paypal can help you prove to a creditor that you are credit worthy, without that creditor learning enough information to impersonate you. Any number of companies could spring up to provide these identity services, and those that suffered security breaks would lose customers. In this picture, there is no global secret (like the SSN) which provides access to your credit. At any time a customer can cancel their account (which means that they could not prove their credit worthiness). A second scenario might be a government standardized smart card. This card could use PKI to verify identify, but not transmit enough information to allow impersonation (this is accomplished using a zero knowledge proof of identity). If the cards interface and characteristics were standardized, then credit card companies, state DMVs, etc. could produce cards to prove identity.
Obviously, there are privacy implications of standardizing identity systems, but I don’t see how things become worse than they are today. Databases today collect SSN, credit card numbers, driver’s license numbers, names and birth dates, home addresses, etc… this information is enough to track people and correlate databases. In the mean time, we seem to just have an insecure identity system. I don’t see how we lose privacy by having better identity systems.