The ChoicePoint incident highlights the weakness of the SSN if used as a secret identifier. There are a number of companies (probably a large number) that use SSNs inappropriately, and it seems unlikely to stop without drastic action.
My proposal: List SSNs publicly. The Social Security Agency can notify all of its intent to publish all SSNs at some point in the future – enough time for organizations to absorb and react to this news.
The net result is to eliminate the notion that perhaps SSNs are "secure enough" for some purposes given that they are at least slightly less-widely distributed than other identity demographics.
Once this is done, we can move on to using cryptography online and identity cards in the physical world that are based on stronger forms of identity verification.
Great series of posts on ChoicePoint and the issues around identity theft.
I have a tough time with all the cries for more patchworks of regulations that seem like bandaids while the patient is hemorrhaging internally.
SSN was never meant to be identification or authentication… You hit the nail on the head – in the US we don’t have any consistent and robust identity standard. Most security pros seem to shy away from advocating them. Well, how about a voluntary system? You could request a federal identity card which some institutions might honor and grant additional privileges (not unlike the idea of pre-screened frequent flyers). Then piggy back that onto digital certificates as an optional field for stronger authentication. Let consumers pick any certificate issuer that they choose (as well as company supplied certs for employee use).
Don’t want the ‘mark of the beast’? Fine, there will be that market in demand also – just more expensive mechanisms like tokens, more risk, etc.
False sense of security is dangerous! SSNs give the impression of security while, as you say, provide none. People should come to realize that SSNs (and Mother’s maiden name) are pretty much public record and we should move on to a better authentication system.