X

White House official: Let's replace Social Security numbers

A Trump cybersecurity adviser says alternatives to the numbers could include a cryptographic key.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
See full bio
Laura Hautala
2 min read

After the Equifax breach, the Trump administration is asking for ideas to replace the Social Security number as an identifier.

 CNET

After the massive data breach at Equifax, it would be fair to ask what your Social Security number is even good for anymore.

It's no longer really a secret form of identification, so let's think of something else. White House cybersecurity coordinator Rob Joyce, speaking Tuesday at the Washington Post's Cybersecurity Summit, said that's what the government should do.

"I feel very strongly that the Social Security number has outlived its usefulness," Joyce said.

Major data breaches often spur complaints that the Social Security number was never intended to be a universal form of identification. But it appears Joyce isn't just speculating. He said Tuesday the Trump administration has asked federal government departments and agencies to come up with ideas for a new form of personal identification.

If the idea goes any further, it'll be one more way that the Equifax breach has touched every corner of our financial lives. So far, lawmakers have jumped on the opportunity to introduce bills that would tighten regulations on the companies that hold onto and sell consumer information. What's more, other financial companies will likely consider changes to their practices as Equifax continues to take blows in public for its actions leading up to and after the data breach.

If we phase out Social Security numbers, though, we'll need something that won't just get compromised all over again. 

"It's a flawed system that we can't roll back that risk after we know we've been compromised," said Joyce, who acknowledged his own Social Security number has been compromised four times that he knows of.

The Equifax breach and you

The solution, he said, might be in cryptography -- that area of computer science that lets you to log in to your bank's website without the bank needing to store your password on its servers. You enter your password when you create your bank account, and the bank's system runs some complex math wizardry to turn your password into a long string of numbers and letters that it then stores to identify you later. If the cryptography is good, criminals can't ever turn that string back into your password and use it to log in to your accounts.

Joyce proposed a similar system to replace Social Security numbers. It's known as a public-private key system, and it means you never have to trust someone else to take care of that identifying information for you.

"We've got to find a way to use that modern cryptographic identifier to help us drive down that risk," Joyce said.

Tech Enabled: CNET chronicles tech's role in providing new kinds of accessibility. Check it out here.

Technically Literate: Original works of short fiction with unique perspectives on tech, exclusively on CNET. You can read them here.