undefined | Better HN

0 pointshannasanarion7y ago0 comments

Social security isn't a piece of technology, it's a government program. How is it in any way like VHS?

0 comments

3 comments · 1 top-level

dragontamer7y ago· 2 in thread

Whatever will replace SSNs will be a piece of technology. Ideally, something that uses public/private key encryption.

There's a lot of things that use public/private keys however, or security tokens, or whatnot. Should it be a smartphone app? A hardware dongle? Etc. etc. If a hardware dongle, which one?

As such, its the Executive Branch's job to research the various technologies, and implement a new standard to solve the online identity problem.

----------

For example, 18f (White House's crack website team) has the following: https://login.gov/

Github code here: https://github.com/18F/identity-idp

If single-sign on were widely deployed across US Agencies (and tied to financial services / private sector banks), we'd be in a way better place.

In any case, this is clearly the realm of the Executive Branch. Specifically 18f probably should continue to lead the effort, as they have been.

freehunter7y ago

All Congress has to do is pass a law saying "private companies are not allowed to store SSNs" and let those private companies figure out what the replacement is. Congress doesn't need to legislate the replacement technology.

dragontamer7y ago

That fundamentally misunderstands the problem.

SSNs are fine and useful. They just shouldn't be the "password" to financial systems. When every damn bank uses "Whats your pin and SSN" to gain access to an account... that's the problem.

The issue is that private companies use SSNs for security. There's nothing wrong in using SSNs as an identifier.

The USA needs to start assuming that SSNs are public information, and to build security through other means. SSNs were never a secret number to be used for authentication / authorization purposes.

1 more reply

j / k navigate · click thread line to collapse