The Equifax breach of 145.5 million Americans’ personally identifiable information has brought cybersecurity to the national forefront and as experts grapple with protecting consumer privacy, the Social Security number could be on the chopping block.
“I feel very strongly that the Social Security number’s outlived its usefulness,” Rob Joyce, White House cybersecurity coordinator, said during a Washington Post conference on Monday. “It’s a flawed system. If you think about it, every time we use the Social Security number [we] put it at risk.”
A Social Security number is a personal identifier that connects an individual to all sorts of information online. These numbers were just one of the many pieces of personal data compromised when unauthorized third parties accessed information at Equifax (NYSE:EFX) earlier this year. However, as Joyce pointed out, a person cannot roll back the risk to her Social Security number once it has been breached.
In testimony before the House Energy and Commerce Committee on Monday, former Equifax CEO Richard Smith was asked about the magnitude of the breach on his company and whether the resulting risks could potentially continue on “forever” since Americans cannot change their Social Security numbers.
Smith conceded that is a potential danger and then asked, rhetorically, whether the Social Security number really is the best personal identifier as the country seeks to move security forward.
On Monday, Joyce proposed a security system that uses a public and private key, or two random sets of numbers – one that is shared publicly and the other is kept secret by the owner. The two keys are mathematically related, so something encrypted and sent to the public key can only be turned back to its original form using the private key, for example.
But, the important thing, Joyce said, is to get the conversation going.
“At the policy coordination level … we’ve called for the departments and agencies to bring forward their ideas and let’s start talking about the Social Security number and the vulnerabilities in the cyber wall,” he said.