With the recent Equifax debacle, I froze my credit file at all the places I was able to. But the news still keeps on coming. Whenever I read about these events, I think, “Why can’t we just request a new Social Security Number, like we can request a new bank account number?”
Well, for one, there’s not a lot of SSNs available. 1.2 billion at the max, and I’m certain that you can’t have SSNs like 000-00-0000, and there’s probably a few other notable blocks that couldn’t be used, so it’s less than that. And with people constantly dying and being born, those numbers are always getting used up. If we were to allow people to request new SSNs easily, we would exhaust the available supply very quickly.
So, if we were to reimagine how our country’s income tracking system could be implemented, we should make sure it’s not going to need an update for a very long time. And when you think of things that are going to last a long time, I think of 128-bit values – GUIDs.
I understand that the retrofit of a new field in databases around the world to accommodate this new ID value would be nigh impossible, so this is just a thought exercise in what we could want from a national identifier.
Foremost, we would want our ID to be replaceable at will, but we would also need to be able to keep a history of former IDs. For example, if your ID was stolen or leaked, you would simply request a new one, and the old one would be archived. The old ID would continue to be valid for existing credit lines and other previously established links, but would no longer be valid as a lookup for new lines of credit or other interests. Ideally, you would update your old accounts with your new number. Maybe it would be mandatory to keep your ID up to date within a year of changing it.
Second, your ID should not be able to be guessed or calculated. There are guidelines for the structure of SSNs that indicate approximate year of issue and state issued in. With a random GUID, there is no such pattern (although it could be somewhat implemented with the resultant loss of security). The vastness of a 128-bit space would nearly eliminate guessing. The length of a GUID also means it would be difficult for people to memorize upon overhearing someone else reciting it.
So, if we were going to do this, do it right, do it big. Go from 10 bits to 128 bits and never think about it again.
Comments are closed.