Adam Shostack critiqued my proposal for public SSNs. Here is how I responded in his comments:
I am not sure why you feel it is necessary to use an SSN for both an identifier and authenticator. It is ideally suited for the former and completely useless for the latter. That is why we can solidify the difference between the two by making the identifier public.
It is ironic to read what you say about SSNs – almost seems like you want them to remain as secret as possible and that somehow we can turn back time and close Pandora’s box to make them reasonable authenticators. I disagree.
Re: The "paris hilton dog" scenario – sure it is possible that people will come up with something worse. I guess I have more faith that everyone is better off with a good solution. Btw, I don’t see how your solution solves this "paris hilton dog" problem, either.
I see most of your suppositions as pretty far-fetched. SSNs like PGP? Not. Closing ranks? Not. Legislation that does more good than harm? Not. (In fact, if legislation gets passed, I guarantee you in 2007 you will be complaining about how useless it is in this very blog).
I don’t understand how you can trust the government with legislative control over this type of thing but then don’t trust them to issue national ID cards.
(And on a side note: rewrite your comments and replace SSNs with vulnerabilities. An interesting parallel.)
I think it is pretty important to distinguish between an identifier and an authenticator. Identifiers need to be unique and long-lasting, while authenticators have a property about them that matches a human "body" to that identifier. (Of course, we think of secrets, biometric uniqueness, or possession as ways to authenticate).
The problem with SSNs is that we are trying to kill two birds with one stone, and it ain’t working. So let’s kill one bird and let one live, as is common practice in enterprises today.
I don’t see any reason to forbid the use of SSN as an identifier – it is much more unique than a name, which we also use. Phone numbers are useful as well but generally don’t last forever (though that may change). Credit card numbers, account numbers, last names, etc.. all have their uses, some good, some bad.
It is the authenticator part that causes the problem.
I posted along similar lines on Adam’s blog but using DNA. Would you care to comment?
http://www.emergentchaos.com/archives/000950.html
Sometimes it seems that there is an underlying resistance to have an absolute identifier (which I agree doesn’t need to be secret) and which is somehow equated with a fear of privacy abuse.
Seems that I was onto something with Adam (see the post you reference at http://www.emergentchaos.com/archives/000957.html
Adam is against the idea of a definitive identifier that is capable irrefutable evidence.
This leads me to wonder whether his taking issue with your proposal is ‘on the up and up’.
But I also have to wonder if the only effective way to protect privacy is to promulgate ineffective indentity mechanisms. An alternative to me seems to design into the system checks and balances the keep any one party from abusing the systems (including the government as a party) perhaps through the use of independent and varied international certificate authorities.
Actually, there are ways to make identifiers reasonably secure. However, they are not in any way compatible with US culture.
Let me explain: over here we have both mandatory ID cards and mandatory registration with the town administration (so they can always, at least theoretically, know where any given citizen lives). The government issued ID cards and passports are the identificators and since they are reasonably hard to come by and/or fake they can be used pretty effectively. It works – actually, it works very well.
However, I know that this situation gives most US citizens the creeps because they fear Big Brother (and, given the current situation, probably rightfully so). I agree that with the current terrorist craze all across the world any system freshly put in place will probably be used for much more surveillance than is being done over here. We are lucky that the system was put in place long enough ago that it’s established and not over-used or abused.
As usual, YMMV.