Eyeing more secure alternatives to Social security systems numbers, lawmakers in the U.S. are seeming abroad. Today, the Senate Commerce Committee questioned former Yahoo CEO Marissa Mayer, Verizon chief privacy officer Karen Zacharia and both the current and former CEOs of Equifax on how to protect consumers against major data violates. The consensus was that Social Security numbers have got to go.
Rounding out the members of the commission, Entrust Datacard president and CEO Todd Wilkinson offered some context and insight about why the U.S. should indeed move away from Social Security numbers — a step that the witness unanimously agreed was necessary if not wholly sufficient to protect consumers moving forward, in light of the Equifax hacker.
“Over 145 million Americans’ insecure identities are now forever at risk, and they have limited ability to protect themselves, ” Wilkinson said. “A key question for this committee to hold is: What do we do now given these identities are forever compromised? ”
Social Security numbers are a privacy nightmare. While a consumer who gets hacked can replace credit card numbers and other account details, a Social Security number is relatively permanent, links between a real identity throughout a person’s lifespan. In the hearing, Wilkinson and many of the senators present argued that the U.S. needs to move to a dynamic system of personal identity, one designed with digital security in mind — a stark contrast with an inflexible legacy system that dates back to the 1930 s.
“Some combination of digital multi-factor authentication … is the right path, ” former Equifax CEO Richard Smith said when asked about such a program.
Multiple hours throughout the hearing, Brazil’s Infraestrutura de Chaves Publicas system of citizen IDs through digital certificates came up as a potential model for the U.S. as it moves forward. In this model, a certificate lasts for three years at maximum and can be used to issue a digital signature much like written signatures are use now. Unlike its counterpart in the U.S ., these identity accounts can be revoked and reissued easily through an established national protocol.
Members of the Senate committee also advocated for “rigorous” data security regulations, expanding FTC authority to enforce them and stiffer penalties to motivate companies to protect consumers proactively.
“The parade of high-profile data breaches seems to have no end, ” said ranking committee member Bill Nelson. “We can either take action with common sense regulations or we can start planning for our next hearing on the issue.”
Last month, White House cybersecurity coordinator Rob Joyce made it clear that the Trump administration is also interested in abandoning Social security systems numbers in favor of a more secure, more digital form of identification, stating that the form of ID has “outlived its usefulness.”
Make sure to visit: CapGeneration.com