How government and industry are failing in battle against ransomware attacks
The Social Security number isn’t dead yet, but its days are numbered
America's outdated identification methods are ripe for change, particularly from the outdated, static Social Security number to a more secure, robust and modern system.
That transition is likely to be hastened by a pressing need for greater security, privacy and transparency in the digital age, following numerous disastrous data breaches. Most notoriously, the Equifax hack saw the potential exposure of highly sensitive Social Security numbers for more than half of all American adults.
The Social Security number remains the gold standard for identity verification in the U.S. You use it for everything from getting a passport to applying for a bank account.
But that single point of failure is a boon for cybercriminals, who are primed to pounce on leaks, data breaches and poor passwords to obtain credit card numbers and commit identity theft.
Consider that you don't even have to have your full nine-digit SSN leaked to be vulnerable. In many cases, just the last four digits will do.
Four simple digits and some basic personal information, much of which could be obtained through a quick Google search or cheap background check, could be all that stands between you and becoming a victim of identity theft. The system is broken, and there are now signs that America is finally ready to do something to fix it.
In the coming years, America's institutions in finance, government and elsewhere will begin to migrate away from this flawed system, embracing new technologies that will enhance security and help eliminate leaks and fraud. Such an undertaking will require a massive public-private partnership in the best interest of American citizens, who are put at risk by outdated, analog identification methods that remain largely out of their control.
Giving some form of control back to citizens is a crucial step in this transition. The Equifax hack, or Yahoo's leak of billions of passwords, emphasize just how little control a consumer has over their personal information in the digital age.
Equifax's ousted CEO testified to Congress earlier this fall that it is time to do away with the outdated Social Security number. In the wake of his company's critical situation, Richard Smith told officials in Washington that private industry will need to collaborate with government institutions to develop a replacement for the outdated and insecure SSN.
"It is time to have identify verification procedures that match the technical age in which we live," he said.
Of course, digital identities cannot entirely replace what is tangible, such as photo identification on a verifiable card, or a fingerprint or iris scan that cannot be easily replicated. For all of the hypothetical talk about carrying your driver's license on your smartphone, we don't yet have institutions in place for a TSA airport agent - let alone a bouncer at a nightclub - to verify the authenticity of a purely digital ID.
In the near future, meaningful solutions will come from merging physical, verifiable and trusted forms of identification with the secure and convenient advantages that come from a digital world. Imagine a system where you no longer have to wait in line at the DMV to verify your change of address for a new ID card. Or one where you could apply for a mortgage without needing to share highly sensitive bank statements and pay stubs.
The Social Security number was a cobbled-together solution for America's identity problem. Now, in 2017, that problem has turned into a full-grown identity crisis. Thankfully, after a series of data disasters, the public is more aware of the issue than ever before, and innovative companies in the emerging identity space are primed to resolve it.
I'm confident that, together, we'll find a better way to securely verify and manage identity in the U.S. and across the world, in a way that seamlessly transitions between our physical and digital worlds, offering the best of both. Because with every new, dangerous data leak that springs up, the necessity for change only becomes more apparent.
Travis Jarae (@TravisJarae) is the founder and CEO of One World Identity, an online platform that publishes events, publications, research and analysis, member services, and consumer news. He is a former Googler, Deloitte consultant, and Citi banker.