[Cryptography] After Equifax pwning, what is the best means for replacing the SSN?
Harald Koch
chk at pobox.com
Tue Sep 12 15:39:37 EDT 2017
On 12 September 2017 at 14:23, erik <erik at erikgranger.name> wrote:
> So, here's a challenge for you guys if you're interested: Replace the
> social
> security number as a means of identification, and do it in such a way that
> meets some basic criteria.
>
Should probably start by researching what other countries do.
For example, in Canada, a Social Insurance Number can only be used for
interactions with the government. It cannot be asked for arbitrarily
(including as part of a credit check), and it can't be used as a personal
identifier (e.g. employee number, insurance customer ID, and so on).
(There was a lot of trouble with that last one in the late 80s and early
90s before IT people got the message...)
Separate discussion; universal identifiers are bad...
--
Harald
chk at pobox.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170912/09eda9cc/attachment.html>
More information about the cryptography
mailing list