On the Anthem Hack

On February 5, 2015, Anthem---a health insurance company---announced that hackers had been able to access records containing tens of millions of names, birthdays, Social Security numbers, addresses and employment data. Because such information can easily be used by identity thieves, concerns have arisen about a rash of identity thefts in the future. Such accounts are increasingly common, although the Anthem hack apparently counts as one of the largest to date, and media stories tend to play the cybersecurity angle---how vulnerable firms are to being compromised, what they can do about it and so on. All of these angles are legitimate, and are covered in many other posts on Lawfare and elsewhere. But often overlooked is another important point---the inadequacy of the Social Security number as the centerpiece of records relating to personal identity. Consider that the SSN has only 9 digits, which means that at most it can identify a billion individuals. The current population of the United States is over 300 million, and about 450 million SSNs have been issued, which means a high probability that a mistake on the SSN for John Doe will refer to another real person. The SSN also does not have a check digit, the use of which could help to eliminate most single-digit errors in recording SSNs. And of most significance for this discussion, it is very difficult to obtain a new SSN, as one must provide evidence of ongoing problems as the result of the compromise---preventive action to defend against the possibility of misuse is not allowed. If one could start from scratch today, no one imagines that we would want the current SSN identification system. But any replacement system will encounter at least two major problems. First is the cost of upgrading. The SSN is a set of 9 digits, and many, many computers have been programmed on this basis. Changing the SSN to include alphabetic characters, or expanding it to more than 9 digits, would create enormous headaches as lots of computer programs would have to be rewritten. But such technical problems can be overcome. The second problem is more difficult. Nearly all proposals for a replacement to the SSN face significant opposition from advocates who fear abuse of any such replacement. In essence, they argue that a new system would be used as the foundation for a identification system that conjures up images of national ID cards and government authorities tracking the movements and activities of all citizens. These advocates are not wrong to have such concerns, and given a history of the SSN that shows over time significant growth in its use in initially unanticipated applications, it will take a great deal of political will to ensure that the same fate does not await any replacement system. I welcome any thoughts on how to limit the use of a replacement ID system to its original stated purpose.