It's beyond ridiculous--criminally stupid, even--that we're still using nine-digit social security numbers to identify ourselves and keep our financial information "secure."

"Secure" is in quotes, because it's a joke to think that it's all secure--as we've seen again and again. The latest obvious example of course is that Equifax managed to compromise 143 million social security numbers earlier this year. (Oh wait, 145 million.)

But that's nothing new. Anthem lost 80 million social security numbers. In 2006, the Department of Veterans Affairs lost 26.5 million American veterans' social security numbers. (Disclosure: I was one of them!) In 2015, another government agency lost 21.5 million social security numbers.

Since there are only 330 million people in the United States to begin with, this means there's something like a 40 or 50 percent chance that your personal social security number has been compromised. And there's no putting that genie back in the bottle.

All of which leads to an obvious solution that until now, there was no indication the government was actually considering: Finding a way to make the stolen social security numbers worthless.

Lo and behold, that's what the White House's cybersecurity coordinator, Rob Joyce, says he wants to do.

"I feel very strongly that the social security number has outlived its usefulness. It's a flawed system," Joyce told an interviewer Tuesday at a forum put on by The Washington Post. "If you think about it, every time we use the Social Security number, we put it at risk."

Indeed! (This might have to do with the fact that Joyce says he himself, has had his social security number compromised at least four times during his lifetime.)

Obviously I know that politics are hugely polarized now, probably more so than at any point in any of our lifetimes. But regardless of how you feel about President Trump, getting rid of social security numbers is a brilliant idea that I hope most Americans can get behind.

The question becomes, of course, what to replace them with. Fortunately, Joyce said he has an idea--and he's getting other parts of the government to propose and refine solutions.

"There are technologies we can look at advancing," he said. "Certainly the idea that we can use a public and private key--something that i can use publicly but not put the information at risk--something that can be revoked, if it's known to be compromised."

Imagine that: quickly and easily voiding your social security number (or its equivalent) if you suspected it had been compromised. Why haven't we put this into effect already?

As Joyce put it: "It's just untenable. We're in a modern digital age. We've got to find a way to use that modern cryptographic identifier to drive down that risk."

Published on: Oct 4, 2017
Like this column? Sign up to subscribe to email alerts and you'll never miss a post.