Comment by acdha
1 year ago
The SSA specifically told people not to misuse SSNs this way and it seems like a poor use of taxpayer funding to spend billions bailing out businesses’ bad decisions, even if that was legal (Congress would have to specifically authorize it), since we’d be back to the same problem with five years.
If we were going to do something, we’d make government ID include an NFC token for PKI purposes since public keys can’t be compromised in the same way, but nobody is jumping to pay for that, especially in a country where you have so many people prone to wild conspiracy theories (I am especially amazed by the guys who freak about a national ID as big brother but never say a word about the credit reporting industry) and the enduring “Mark of The Beast” religious fears.
> If we were going to do something, we’d make government ID include an NFC token for PKI purposes
Another alternative would be to go the other way: Pass a law prohibiting the use of social security numbers for any purpose other than social security. Don't provide any globally unique identifier for companies to use.
Instead each institution would issue their own identifier which would have no value outside of that institution. If they get breached or you lose your ID, they mail a new one to the address they have on file or some similar recovery method and you don't have to worry about someone using your ID somewhere else because the breached one gets disabled and you get a replacement.
The obvious advantage here is that companies can't use it to correlate your activity across institutions without your knowledge or consent.
> If we were going to do something, we’d make government ID include an NFC token for PKI purposes since public keys can’t be compromised in the same way, but nobody is jumping to pay for that, especially in a country where you have so many people prone to wild conspiracy theories (I am especially amazed by the guys who freak about a national ID as big brother but never say a word about the credit reporting industry) and the enduring “Mark of The Beast” religious fears.
Login.gov gets us pretty far until NFC can get baked into credentials. Would love to see passport cards evolve into this [2], but again, lots of work and political will to make that happen. In the meantime, remote and in person proofing to bind IRL gov credentials to digital identity must do.
(As of December 31, 2023, over 111 million people have signed up to use Login.gov to date, with over 324 million sign-ins in 2023; this is ~1/3rd US population; no affiliation)
[1] https://login.gov/
[2] https://travel.state.gov/content/travel/en/passports/need-pa...
I still don't get why people are calling these "religious fears". The parable from the book is because the problem is very old, but the problem is exactly the same as it ever was: If a central authority gives everyone a serial number then it will be used to track them by powerful institutions, which is a tool of oppression. This is the massive mistake we made with social security numbers, and their inherent insecurity is actually mitigating the damage there because it makes people much more hesitant to divulge it.
You do not want to make it easier for every carnivorous for-profit corporation and wannabe apparatchik to pressure every citizen to cough up an identifier that can be used to track their every move.
> I still don't get why people are calling these "religious fears
That’s what the people making those claims are talking about. If you haven’t talked with paranoid religious extremists before, it’s eye-opening: they are literally saying that a mandatory government ID will serve the beast mentioned in Revelations.
That’s not the only concern or group raising it by any means but I mentioned it because governments have to consider edge cases - if you make SSN a required field you have to figure out how to avoid turning away children from those households. If you’re building a website to sell t-shirts, that’s fine but if its government services you might be breaking the law and especially might be harming people who need help (a 17 year old who ran away from that house might have trouble getting the ID they need to live independently).
> a central authority gives everyone a serial number then it will be used to track them by powerful institutions, which is a tool of oppression.
It’s only a tool of oppression if you have a government prone to abuse and without constraints. If that’s true, since the computer age the distinction increasingly useless. The Stasi paid clerks to move paper around and if you’re comparing IDs by hand having a single number is a huge timesaver. In 2024, however, all not having one means is that they use software to link them – the context for this story is the huge industry doing that for all kinds of data, and they don’t mind having to link a couple of different identifiers. Faced with an oppressive government, we should be calling for legal restrictions and accountability for leaders. Not having a unique identification number is like wearing a breastplate into battle after the invention of the machine gun.
4 replies →
>I still don't get why people are calling these "religious fears".
People are calling these "religious fears" because they are fears very often based on religion. People who fear the Mark of the Beast aren't simply worried about being tracked by powerful institutions, they're looking for prophetic signs of the antichrist and Satanic one world government that their holy book says will lead to the second coming of Christ and Armageddon. Even though it was really talking about Nero Caesar. You can't separate the fear from the religion.
>You do not want to make it easy for every rapacious for-profit corporation to pressure every citizen to cough up an identifier that can be used to track their every move.
Then ban cellphones. Those are far more useful as a means of surveillance and control than any serial number in a database. They're also held in the hand and to the head, and used to buy and sell goods, which conforms far more closely to the mark of the beast than, say, RFID chips or SSNs or serial numbers on currency. Which the mark of the beast people were all against, in their time.
Unless you want to go full Kaczynski and run off into the woods to live off the grid, you can't avoid having identifiers attached to you. Your birth certificate, vaccination history, criminal record, credit score, address and phone number, the license plate on your car. Even the cookie that leaves you logged in to Hacker News. Governments and corporations already know who you are and where you are. Are there massive negative externalities to having our identities controlled by forces we have no agency over? Absolutely. But fearing every number as a slippery slope to a global satanic dystopian hellscape isn't reasonable. Unfortunately that's the context in which many people have this conversation, and that needs to be recognized.
1 reply →
The problem with login.gov is that nobody can use it outside of the US government. I can't use my login.gov account to attest my identity to my bank.
So my bank will continue to use my SSN as proof of identity for loans.
Not yet, but we’ll get there.
https://beeckcenter.georgetown.edu/wp-content/uploads/2021/1...
Yeah, I love login.gov and especially how they embraced things like WebAuthn faster than entire industries like finance but I can only imagine how much screaming there would be if usage became a requirement outside of government.
Painting those of us concerned with privacy as "people prone to wild conspiracy theories" is a very bad faith take.
Please do not give the government any more power over me than they already have, thanks.
> Painting those of us concerned with privacy as "people prone to wild conspiracy theories" is a very bad faith take.
Fortunately that’s not what I’m doing. I suggest reading more carefully and trying to come up with a scenario where the government having standard identifiers meaningfully harms your privacy but a mess of identifiers and a huge private industry linking them does not.