Interesting article, and interesting comments. Arguments similar to this have been going around for quite some time, and I highly expect that will remain the case. I honestly don't expect anyone to ever do anything about this.

The main thing that makes a SSN dangerous to share is its link to obtaining, reporting and maintaining credit. As everyone has said, take that away and they have very little value. So, why not task the Credit Industry with coming up with a solution? Instead of this whole process of relying on the government to allow people to change SSNs instantly after a breach (instantly, yeah our government never does anything instantly), why not require the credit industry to create another method of uniquely identifying people? Several other companies, schools and organizations have managed to do it on a smaller scale, so it's possible... Then, when a breach occurs, the people can get another 'creditID' from the industry, and their SSN will continue to serve its original purpose and not need to be changed.

And while we are at it, why not have the SSA and the IRS get together and start tracking invalid uses of SSNs for income reporting?

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/465/34941#34941