Sunday, February 27, 2005

More on the Prohibition on Using Social Security Numbers by non-governmental users

Looks like EmergentChaos, who was originally skeptical of my idea to forbid the use of SSNs as identifiers, may have come around. He posts today that:
[T]he right focus for reform is to ensure that the law Congress shall pass includes elements of California's 1386 (requiring disclosure of breaches), 116 (forbidding the use of SSNs as identifiers), and a new provision, forbidding the use of birthday, mother's maiden name, or social security number as an identifier or authenticator. The law should impose strict liability on anyone who does either of the latter two, or fails to disclose in a timely manner (emphasis supplied).
I am glad Adam has come around on this. In my estimation, this is the only way in which we have a chance to solve this looming crisis. Let's get a consortium of end users of financial data together and have them develop a secure and disposable identifier / authenticator for each person for whom financial data is required. The end users can tailor a system that meets their needs far better than the government can.

Links to this post:



<< Home