Skip to content.

TalkBMC

Sections
You are here: Home » Blog Archive » Jeff Bohren » The Identity Management Expert » A Modest Proposal

A Modest Proposal A Modest Proposal

Document Actions
A Modest Proposal


Sometimes I think Janus, the Roman god typically depicted as having two faces should declared the official deity of Identity. I don’t mean that for the obvious reasons such that two (and sometimes four) faces is an obvious metaphor for multiple personas. I am also not referring the Roman belief that Janus was the god of gates, doors, and doorways.

No, I am proposing Janus because those of us who work in Identity are some of the most two-faced people you’ll ever meet. Take SSNs for instance. We simultaneously preach SSNs as the sacred crown jewels of your identity while giving away our SSN whenever asked for it. Just the other day I had to give my SSN and my dental insurance number to the secretary of an orthodontist that we are trying to schedule an appointment with.

Which leads me to ask the question, why do I consider my SSN so sensitive that I believe it must be protected, yet I am willing to divulge it when requested? It’s because the SSN has evolved over time from being an accounting artifact to being a shared secret used for authentication, a role for which it was not intended and is not suited.

So how then could you change the rules of the game? One person trying to change the rules of the game is Todd Davis the CEO of LifeLock. He publishes his SSN openly in the LifeLock adds and on their web site. He claims to be so confident in their identity theft protection service that he can give the world his SSN without worry.

But I have half-Swiftian Modest Proposal to change the game without needing the LifeLock or similar services. The government could announce a date on which they will start publishing a complete list of names and SSNs. Companies would have until that time to stop using SSNs as an authentication mechanism. Once the SSN is public domain there would be no reason to worry about protecting it. And no one would ask you for it. In fact it would no longer be needed for anything that did not involve tax information.


_____
tags:
Friday, October 26, 2007  |  Permalink |  Comments (1)

Lifelock

Posted by jeff at 2007-10-31 09:26
Just remember that the President of LifeLock had his Identity stolen and his service did not protect him. It was reported in the Dallas newspaper but they like to keep it real quiet!! In addition, they screwed up the investigation for the police and were unable to prosecute the offender. See Phoenix paper for update.
 
Powered by Plone

This site conforms to the following standards: