On Dec. 1, 1936, government administrator Joe Fay walked over to a stack of cards in his Baltimore office, plucked the first piece of paper off the top, and made a historic announcement.
Written on the card was the name of John David Sweeney, a 23-year old shipping clerk from New Rochelle, N.Y. By having his name announced, Sweeney was the first record entered into a new government program called “Social Security.”
Along with Sweeney’s entrance into the program came an identifying number (055-09-0001) that would allow him to collect his Social Security benefits when he retired. Ironically, Sweeney was a Republican who didn’t think much of President Roosevelt’s New Deal programs, although he admitted he favored Social Security. But he would die in 1974 at age 61 without collecting any of the benefits he had accrued over the course of his working life.
From Sweeney on, Americans would be issued a unique number that would match them up with their Social Security benefits. But over the years, those Social Security numbers have morphed into something completely different; they have now essentially become every American’s national identification number, wreaking havoc on personal security and privacy.
The dangers of using Social Security numbers as a unique identifier became clear last year when credit reporting giant Equifax was hacked, endangering the personal data of up to 145.5 million Americans. The Equifax disaster exposed individual Social Security numbers, which can now be used to apply for credit, set up checking accounts, apply for jobs, and to access personal financial information online. The leak of Social Security numbers and dates of birth are especially damaging, since, unlike passwords, those identifiers can’t be changed once they’ve been stolen.
In the early days of paper record-keeping, Social Security numbers were reasonably secure; the number-holder held a card with a number known only to them printed on it. In the 1960s, banks began using the numbers to match names to bank accounts; soon, credit reporting agencies began using the numbers to authenticate individuals’ identities. In 1972, the government stopped printing “Not for Identification” on Social Security cards.
But in the computer era, large swaths of these numbers can be stolen, transmitted, used to steal an individual’s identity. This was never supposed to be the case; according to the Social Security Administration, the cards were “never intended to serve as a personal identification document.”
Fortunately, both President Donald Trump’s administration and congressional leaders are looking into ways to supplant Social Security numbers as Americans’ primary personal identifier. Republican Congressman Patrick McHenry of North Carolina has introduced a bill requiring credit-reporting firms to phase out the use of Social Security numbers by 2020. White House cybersecurity coordinator Rob Joyce has floated the possibility of replacing the numbers with “cryptographic keys” that unlock an individual’s private data. Joyce has noted “every time we use the Social Security number, we put it at risk.”
Thus, while technology has rendered Social Security numbers obsolete, new advances may hold the key to replacing them. Anyone who’s bought an iPhone in the past year can see how quickly biometrics have progressed; fingerprint and face recognition are now standard for unlocking electronic devices. Given last year’s Equifax breach, your Instagram account currently appears to be more secure than your credit history.
With the enormous power credit-reporting agencies have over our personal information, Congress should move quickly to force agencies such as Equifax, Experian PLC and TransUnion to modernize their authentication procedures. America’s government safety net record-keepers have done the hard work for these agencies for too long; now it’s finally time for Social Security numbers to retire.