Comment by ryandrake
9 months ago
We "just" need to stop pretending they are secret like passwords and using them to authenticate that someone is who they say they are. Banks should not be issuing loans based on a bunch of personal information (including SSN) that the collected and concluded "Yup, that data matches itself--therefore you are actually you!"
The whole system is broken in hilarious ways.
Unrelated but similar: I live in a rural area, so we don't get street delivery of mail. Instead, we need to apply for a PO Box. Every year, to verify that only residents are using the PO Boxes, the Post Office sends out a renewal form, and you have to show up with a current bill and your driver's license. The latter makes sense—the State, presumably, goes through the validation of your address, and you sign their forms under penalty of perjury, etc., the the former is hilarious.
So, to receive the very bill used to authenticate "current residency," the bill has to go through the Post Office (remember what I said about no street delivery? anything that's mailed to our street address goes... to our PO Box!), and then we show it to them to validate that we are receiving email to that address—which cannot be independently validated outside the driver's license.
The PO Box we're renewing is therefore used to validate itself. And the fun part is that if you delay in returning the form, they'll block off your box.
I have been arguing for a while that we need to implement some sort of public-key cryptography system for identity verification. It's the obvious solution, though admittedly implementing it will take a lot of effort. But it would at least eliminate a lot of issues with how SSNs are used in practice right now.
They (the government and banks) still use the phone number to authenticate you. I would not be surprised if they consider using SSNs to issue loans, etc.
Is there some reason my bank needs this information in the first place? I want them to verify that I am the owner of the account, I do NOT need them to verify my precise federal identity.
They are legally required to know your identity and, I believe, report interest to the IRS. If they don’t check your government ID, they’ll be popular with organized crime.
Now, I’m sure banks also love that for data mining purposes but it’s not entirely without a valid reason.
This is so the IRS can keep track of the $15.40 of interest I earned on savings?
What mechanism causes KYC/ID checks to make banks unusable to organized crime? What purpose was organized crime using banks for? Is the government unable to get search warrants for bank accounts?
These are probably not what most people would consider valid reasons. The problems created outweigh the value of the solution.
1 reply →
And we already have well regulated tools for getting away from the ssn nonsense. They're called notaries.