The social security number is a type of privacy responsibility.

Source: Cointelegraph Original text: "Social Security Number is a privacy responsibility"

Author: Nanak Nihal, Chairman of the Holonym Foundation

The birth of the Social Security Number, like all identity identification systems, was not for the identity itself but to solve specific problems that require identity verification. The SSN was originally created just for the allocation of benefits. If the designers had known it would be used for identity and security verification as it is today, they would have certainly adopted a completely different design. While some believe that the Social Security Number is good enough, we should actively pursue better solutions.

SSNs are terrible identifiers, with two major issues: entropy and symmetry problems. The entropy problem refers to their lack of randomness, making them easy to guess—this is clearly inadequate for a number that is supposed to be confidential. The symmetry problem lies in the fact that when you need to prove the legitimacy of your identity, you must disclose your SSN to the other party, which violates the principle of confidentiality.

A study shows that with a simple machine learning model combined with basic personal information, 5% of SSNs for individuals born in specific years in certain states can be guessed within 10 attempts. A good identity system should possess unpredictability.

The symmetry problem is easy to understand: we are asked to set different passwords for different websites because each website could be targeted by hackers. The password breach of one website should not affect the login credentials of other sites. However, we have to provide the same SSN to all institutions — any data breach at any institution would expose the SSN. The SSN is less secure than passwords, and large-scale server breaches in recent years have led to the exposure of hundreds of millions of SSNs. An ideal identity system should not have so many single points of failure that could lead to SSN exposure.

Building a privacy-secure future

We are fully capable of establishing a better identity system; the only obstacles to transformation are the inertia of the existing SSN system and the people who rely on it. Any modern identity system that adopts public key cryptography can address the two issues mentioned above.

Public key cryptography uses randomly generated keys, so there is no entropy issue; the verification process does not require revealing the key itself, so there is also no symmetry problem. When using authentication, there is no single point of failure because the verification process does not leak any sensitive information—it merely proves that you own this identity.

If more information (such as name, date of birth, address, and photo) needs to be included in the credentials like a government ID card, then public key cryptography falls short. Zero-knowledge proof technology should be used in such complex scenarios.

This solves the symmetry problem when proving personal facts, ensuring that the verification process does not leak any information other than the content that needs to be proven. For example, through zero-knowledge proof, you can prove that you are over 18 years old or a resident of the United States without disclosing other personal information such as your name.

Switching to a new identity system is not easy, but it is worth trying. We should adopt cryptographic solutions that keep the SSN secret, rather than disclosing it to every requesting entity. In the 21st century, we can fully prove that we know it without revealing the secret—this is precisely the significance of cryptography.

Let's ensure that our secrets are not easily guessed through public key cryptography and/or zero-knowledge proof technology. Doing so will make our sensitive data much more secure than it is now.

Author: Nanak Nihal, Chairman of the Holonym Foundation

Related recommendations: Crypto projects need more visionary funding to achieve long-term development.

This article is for general informational purposes only and does not constitute and should not be construed as legal or investment advice. The views, thoughts, and opinions expressed herein are solely those of the author and do not necessarily reflect or represent the views and opinions of Cointelegraph.