SANTA CLARA, Calif.--(BUSINESS WIRE)--Oct 10, 2018--McAfee, in partnership with the Center for Strategic and International Studies (CSIS), today released a report addressing the growing privacy and security concerns of using the Social Security Number (SSN) as the de facto personal identifier in the United States. Rather than developing an entirely new identifier at this time, the report authors identify smart cards as the most viable approach to modernizing the SSN, solving the immediate needs of the U.S. Social Security Administration while also creating a trusted foundation for future digital identity initiatives in both the public and private sectors.
U.S. institutions have increasingly relied upon the SSN as a personal identifier both online and offline, making it difficult to easily replace it with a digital age alternative. Yet the SSN is easily stolen and misused, and it is hardly ever reissued once it is stolen. Recent consumer data breaches demonstrate that the SSN is an appealing target for cybercriminals; they are stolen for a variety of fraudulent activities or sold in bulk on the cybercrime black market. This has resulted in major privacy and security vulnerabilities for Americans, with some estimates saying that between 60 percent and 80 percent of all SSNs have been stolen.
“We have long known that the SSN was never meant to serve as a personal identifier, and its use as such has inadvertently rendered millions of Americans susceptible to identity theft and continued abuses of privacy,” said Candace Worley, Chief Technical Strategist at McAfee. “These problems need to be solved with a solution powered by a digital credential for online authentication, but backed and validated by the trusted authority of the U.S. government.”
Challenges to Modernization
The report authors examine various national efforts to update the SSN and draw three lessons from these past efforts:
“I’ve participated in several initiatives throughout the years to replace the SSN and create a national identifier, and all of them have fallen flat for one reason or another,” said James Lewis, senior vice president at CSIS. “As a first step, we propose rebuilding the SSN as the foundation for online authentication of identity, creating a path for the private sector to develop authentication apps that are anchored in a modernized, digital SSN.”
Based on their analysis, the authors detail the problems facing any effort to build a more secure and trustworthy online environment:
They identify four core principles necessary to successfully implementing a new SSN solution:
The report evaluates a number of technical options for modernizing the SSN, including blockchain, mobile apps using sensors, biometric identifiers, federated identity and public key infrastructure (PKI). This analysis led the authors to recommend smart cards as the best path towards the objective. They cite the following reasons:
Worley continued: “The report provides a wide-ranging review of what has and hasn’t worked in past efforts to establish national digital identity frameworks, and nicely frames the role government can play to address an immediate technical need while also opening the way for private sector innovation. The smart card is one example of a technology with the potential to enhance citizens’ security and privacy today, while also becoming the trusted platform upon which the private sector can build the identity solutions of tomorrow.”
For more information and analysis on the report’s findings, please see the full report, related commentary, and a livestream discussion of this topic at a CSIS event today.
McAfee is the device-to-cloud cybersecurity company. Inspired by the power of working together, McAfee creates business and consumer solutions that make our world a safer place. www.mcafee.com
The features and benefits of McAfee technologies depend on system configuration and may require enabled hardware, software, or service activation. No computer system can be absolutely secure.
View source version on businesswire.com:https://www.businesswire.com/news/home/20181010005040/en/
KEYWORD: UNITED STATES NORTH AMERICA CALIFORNIA
INDUSTRY KEYWORD: TECHNOLOGY DATA MANAGEMENT INTERNET OTHER TECHNOLOGY SECURITY MOBILE/WIRELESS
Copyright Business Wire 2018.
PUB: 10/10/2018 09:01 AM/DISC: 10/10/2018 09:01 AM