WASHINGTON–In light of the recent hacking of credit rating firm Equifax which stole the personal data of 145 million Americans, the White House Cybersecurity Coordinator has confirmed that the administration is making plans to phase out the Social Security number system, which was thoroughly compromised in the Equifax hack.
The remark made by Rob Joyce, the White House Cybersecurity Coordinator on Nov. 9 during the Defense One Summit, an annual conference on American and global security sponsored by the Defense One website, could be the first ever official confirmation of ongoing plans to replace the Social Security number. Joyce, a special assistant to the president and a top official in the Trump administration’s cybersecurity team, is well-known for his prior criticism of the Social Security number system, and has previously hinted that the system has outlived its usefulness.
Joyce said on Thursday that the Trump administration “has formed an inter-government agencies working group,” which holds a weekly meeting to work on the plan to phase out the Social Security number. The working group is looking at how to move away from Social Security number—which is tremendously intertwined with existing institutions and practices—and to adopt a better and safer alternative system.
While not giving much specific detail, Joyce said that the administration is determined in its effort to eventually remove the reliance on the Social Security number.
“If we don’t start on the journey, we will never finish it,” Joyce said.
The recent Equifax hack, which took place between May and July and became publicly known in September, resulted in the stealing of the personal data of 145 million Americans by unidentified hackers. While many details surrounding the hack have yet to be revealed, it is known that the hackers managed to steal the Social Security numbers and dates of birth for almost all adult Americans with some form of credit record.
Critics of the Social Security number have long charged that the system, which was designed in the early 20th Century, is severely outdated, creating a privacy and security nightmare for all the Americans that rely on it for interactions with both the government and the private sector. The most commonly cited weakness is that the number can’t be changed even if it has been compromised.
“Equifax hack was my ‘enough’ moment,” said Rob Joyce, “We want to push this with an end goal in mind and try to use this burning platform to say, we got to move out.”
Just a day before Joyce’s remark, the Senate Commerce Committee held a hearing questioning the current and former executives of Equifax and Yahoo. While the executives did not reveal much additional detail about the hackings of their respective companies, multiple senators and other expert witnesses at the hearing also voiced support for the idea of phasing out the Social Security number.
Removing the Social Security number from American life, however, will not be an easy task. Joyce said on Thursday that the administration will need help from the Congress and the industry to push forward the transition. The administration is looking at what technologies and proxies can be used to replace the Social Security number, said Joyce.
Joyce has previously proposed a “public-private key” system to replace Social Security number, which will utilize the latest technologies to create an encrypted system in which Americans would use a “private key” to match their “public key” in the process of validating their identity.
Such a system will be less vulnerable to be compromised on a massive scale, as in the case with the Equifax hack, since the government can always issue a new private key to someone whose key is compromised. The added process and complexity, however, means that it will take considerable time and resources to complete the transition for hundreds of millions of Americans with existing Social Security numbers.