[Cryptography] After Equifax pwning, what is the best means for replacing the SSN?
Richard Outerbridge
outer at interlog.com
Tue Sep 12 17:33:03 EDT 2017
> On 2017-09-12 (255), at 15:39:37, Harald Koch <chk at pobox.com> wrote:
>
> On 12 September 2017 at 14:23, erik <erik at erikgranger.name <mailto:erik at erikgranger.name>> wrote:
> So, here's a challenge for you guys if you're interested: Replace the social
> security number as a means of identification, and do it in such a way that
> meets some basic criteria.
>
> Should probably start by researching what other countries do.
>
> For example, in Canada, a Social Insurance Number can only be used for interactions with the government. It cannot be asked for arbitrarily (including as part of a credit check), and it can't be used as a personal identifier (e.g. employee number, insurance customer ID, and so on).
>
> (There was a lot of trouble with that last one in the late 80s and early 90s before IT people got the message...)
>
> Separate discussion; universal identifiers are bad…
Note that the nine digit Canadian SIN (also the American one?) incorporates a one digit LUN check digit (like most if not all credit card numbers).
You had to really protest hard against providing your SIN when opening a Bank account, to the extent of sending the Teller to their Manager.
Eventually you could fill in their forms with ”999 999 999” if you were adamant. Don’t know what it’s like these daze.
__outer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170912/dec37799/attachment.html>
More information about the cryptography
mailing list