It seems like data breaches and cyberattacks are an all-too-common occurrence, and their impacts can be catastrophic for Americans whose personal information is stolen. But what if we eliminated the value of the Social Security number, effectively removing the top prize for hackers?
Walsh said regardless of tighter regulations, improved technology and new data protection software, security breaches will continue to happen. His unorthodox solution is to devalue the information targeted by hackers.
“Let’s start with Social Security numbers, which are the holy grail of these attacks since they are the keys to unlocking all kinds of other digital treasures,” Walsh said.
As the universal identifier in the United States, there are more than 450 million nine-digit SSNs in circulation. Originally designed for income tracking, SSNs have become a national identification number for taxes. You now need a SSN to apply for a job, open a bank account, apply for a credit card and lots of other financial transactions.
“And while there are few legal requirements to surrender your SSN to any private company, it’s nearly impossible to… conduct a financial transaction without it,” Walsh explained.
Walsh is not alone in calling for a devaluation of the SSN.According to The Baltimore Sun, The University of Maryland was the unfortunate victim of a cyberattack that compromised the personal information, including names, SSNs, dates of birth and university identification numbers, of more than 309,000 students, staff and alumni.
In testifying at a hearing of the U.S. Committee on Senate Commerce, Science and Transportation in 2014, University of Maryland president Wallace Loh said that if Social Security numbers were not used for banking purposes, the United States could eliminate a number of data breaches. Loh said:
“Why don’t we devalue Social Security numbers? Why not require financial institutions not to use Social Security numbers so that there’s no longer the incentive to steal Social Security numbers?”
So, what could replace SSNs? Walsh said:
The government has played with advanced encryption and data protection measures such as public key infrastructure (PKI) for more than a decade and hasn’t been able to make them work. The idea of replacing SSNs with public keys that require multifactor authentication is an interesting concept.
Walsh also suggested redesigning SSNs (making them longer, with alpha characters).
“Security faces the same economics as hackers – you can keep throwing money at the problem, but you quickly reach an inflection point where the cost outweighs the benefit,” Walsh said.
Maybe devaluing the asset hackers are so eager to get their hands on is a good place to start.
What do you think of Walsh’s proposal to eliminate the value of the SSN? Share your comments below or on our Facebook page.
Given all the variations on identity theft, do yourself a favor and watch this video on ways to protect yourself:
Disclosure: The information you read here is always objective. However, we sometimes receive compensation when you click links within our stories.