Source: Cointelegraph
Original text: (Social Security Number is a privacy liability)
Author: President of Holonym Foundation Nanak Nihal
The birth of the Social Security Number, like all identity identification systems, was not for identity itself but to solve specific problems that required identity verification. The SSN was originally created solely for the allocation of benefits. Had the designers known it would be used for identity and security verification as it is today, they would have adopted a completely different design. While some believe the SSN is good enough, we should actively pursue better solutions.
SSNs are poor identifiers with two major issues: entropy problem and symmetry problem. The entropy problem refers to their lack of randomness, making them easy to guess - which is obviously inadequate for numbers that are supposed to be confidential. The symmetry problem arises when you need to prove the legitimacy of your identity; you must disclose your SSN to the other party, which violates the confidentiality principle.
A study shows that using simple machine learning models in conjunction with basic personal information, for certain populations born in specific years in some states, 5% of SSNs can be guessed within 10 attempts. An excellent identity system should possess unpredictability.
The symmetry problem is easy to understand: we are asked to set different passwords for different websites because each site may be susceptible to hacking. A password leak for one site should not affect the login credentials of other sites. However, we are required to provide the same SSN to all institutions - any data leak from one institution will expose the SSN. SSNs are less secure than passwords, and recent large-scale server breaches have exposed hundreds of millions of SSNs. An ideal identity system should not have so many single points of failure that could lead to SSN exposure.
Building a privacy-secure future
We are fully capable of establishing a better identity system; the only thing holding back change is the inertia of the existing SSN system and those who rely on it. Any modern identity system that employs public key cryptography can solve the aforementioned two issues.
Public key cryptography uses randomly generated keys, so there is no entropy problem; the verification process does not need to disclose the key itself, so there is also no symmetry problem. There are no single points of failure during authentication since the verification process does not leak any sensitive information - it just proves you possess that identity.
If more information (such as name, date of birth, address, and photo) needs to be included in credentials like government IDs, then public key cryptography becomes insufficient. Such complex scenarios should utilize zero-knowledge proof technology.
This addresses the symmetry problem when proving personal facts, ensuring that the verification process does not leak any information aside from what needs to be proven. For example, through zero-knowledge proofs, you can prove that you are over 18 or a resident of the U.S. without revealing other personal information such as your name.
Transitioning to a new identity system is not easy, but it is worth our effort. We should adopt cryptographic solutions that keep the SSN secret, rather than disclosing it to every requesting institution. In the 21st century, we can prove that we know it without revealing secrets - this is the essence of cryptography.
Let us ensure that our secrets cannot be easily guessed through public key cryptography and/or zero-knowledge proof technology. Doing so will make our sensitive data much more secure than it is now.
Author: President of Holonym Foundation Nanak Nihal
Related topics: Encryption projects need more visionary funding for long-term development
This article is for general informational reference only and does not constitute, nor should it be considered, legal or investment advice. The views, thoughts, and opinions expressed here are solely those of the author and do not necessarily reflect or represent the views and opinions of Cointelegraph.