Source: Cointelegraph
Original: “Social Security Numbers Are a Privacy Liability”
Author: Nanak Nihal, President of the Holonym Foundation
The birth of the Social Security Number (SSN), like all identity identification systems, was not for the identity itself but to address specific issues requiring identity verification. The SSN was originally created solely for the allocation of benefits. If the designers had known it would be used for identity and security verification as it is today, they would have adopted a completely different design. While some believe the SSN is good enough, we should actively pursue better solutions.
The SSN is a poor identifier with two major issues: the entropy problem and the symmetry problem. The entropy problem refers to the lack of randomness, making them easy to guess—this is clearly inadequate for a number that is supposed to be confidential. The symmetry problem lies in the fact that when you need to prove the legitimacy of your identity, you must disclose your SSN to the other party, which violates the principle of confidentiality.
A study shows that with a simple machine learning model combined with basic personal information, 5% of SSNs for individuals born in specific years in certain states can be guessed within 10 attempts. A good identity system should possess unpredictability.
The symmetry problem is easy to understand: we are required to set different passwords for different websites because each site may be vulnerable to hacking. A password leak from one site should not affect the login credentials of other sites. However, we are required to provide the same SSN to all institutions—any data breach at any institution can lead to SSN exposure. The SSN is less secure than passwords, and recent large-scale server breaches have resulted in hundreds of millions of SSNs being exposed. An ideal identity system should not have so many single points of failure that could lead to SSN exposure.
Building a Privacy-Secure Future
We are fully capable of establishing a better identity system; the only barriers to change are the inertia of the existing SSN system and the reliance on it by people. Any modern identity system that employs public key cryptography can address the aforementioned two problems.
Public key cryptography uses randomly generated keys, thus eliminating the entropy problem; the verification process does not require disclosing the key itself, so there is no symmetry problem. There are no single points of failure in the identity verification process, as it does not leak any sensitive information—it merely proves that you possess that identity.
If, like government IDs, more information (such as name, date of birth, address, and photo) needs to be included in the credentials, then public key cryptography may fall short. Such complex scenarios should utilize zero-knowledge proof technology.
This resolves the symmetry problem when proving personal facts, ensuring that the verification process does not leak any information beyond what needs to be proven. For example, through zero-knowledge proofs, you can prove that you are over 18 or a resident of the U.S. without disclosing other personal information like your name.
Transitioning to a new identity system is not easy, but it is worth our effort. We should adopt cryptographic solutions that keep the SSN secret rather than disclosing it to every requesting institution. In the 21st century, we can certainly prove that we know it without revealing the secret—that is the essence of cryptography.
Let us ensure that our secrets are not easily guessed through public key cryptography and/or zero-knowledge proof technology. Doing so will make our sensitive data much more secure than it is now.
Author: Nanak Nihal, President of the Holonym Foundation
Related: Crypto Projects Need More Visionary Funding for Long-Term Development
This article is for general informational purposes only and does not constitute and should not be construed as legal or investment advice. The views, thoughts, and opinions expressed here are solely those of the author and do not necessarily reflect or represent the views and opinions of Cointelegraph.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
