It's time to do away with Social Security Numbers.
In the wake of the massive Equifax breach last month the White House began a discussion about whether Americans should still use the government-issued identifier first introduced by Franklin Roosevelt in 1936.
After all, the Social Security number has become a major security issue.
Due to massive hacks and other forms of data theft, millions of Americans have had their Social Security numbers stolen in recent years. According to one study by NPR it's almost impossible to know exactly how many but most likely anywhere from 60 to 80% of all Americans have lost this government identifier to hackers. This does not even take into account identity theft through more conventional methods such as fraud or stolen paper records.
At the same time, the Social Security Administration resists efforts to replace any individual number so aggressively that in 2014 they allowed only 250 replacement numbers due to theft. The result has left millions of Americans, a likely supermajority of the country, victims of critical data theft with no likely remedy.
The problem, according to privacy and security experts, is that the system has grown far beyond its original purpose. What was once a number used by the government to track retirement benefits now touches most aspects of Americans' lives.
"The SSN has in effect become both a universal identifier as well as an authenticator," said Paul Stephens, director of policy and advocacy with the Privacy Rights Clearinghouse. "SSNs still serve a purpose as a unique identifier; however, we must recognize that using [them] the authenticate individuals opens the door to fraudulent activity, because SSNs are not as 'private' as they were once thought to be."
Anyone who has ever entered the last four digits of his Social Security number to speak with a cable representative or upgrade a cell phone plan knows how far this program has grown beyond its original intent. Banks, credit card companies and auto lenders all accept it as proof of identity, leading this number to become one of the most valued assets for identity theft on the internet. Anticipating that risk to at least some degree (if not the electronic implications), until 1972 the Social Security Administration specifically printed "Not For Identification" on the bottom of each card.
"A Social Security number was never intended to act as a security mechanism," said James Scott, senior fellow with the Institute for Critical Infrastructure Technology. "SSNs were introduced as identifiers and organizations eventually employed them as a convenient, if insecure control for identifying, cataloging, and authenticating consumers."
"Simply put," he said, "Social Security Numbers are not secure and were never meant authenticate data subjects."
Scott compared America's reliance on Social Security numbers to a computer login.
"[They] were developed as a identifier, like a username; however, they are being used for authentication, like a username and password pair," he said. "The lack of a secure second-layer control (i.e. the password) prevents the identifier from offering the necessary level of security. Anyone in possession of the SSN, regardless of identity, can act as the consumer."
As this number was never developed as a secure system neither the government nor companies treat it as such. It is intended to be private, but it's also treated as something which anyone can access if they need to. Without protections of law or technology, anyone from a landlord to a website can ask for it.
The other problem, experts say, is part of what makes it so valuable to both companies and consumers: it is, as Stephens said, a universal identifier. This has a lot of value to companies, who choose to trust that when the government says "001-01-0001 is John Winant," they can take that identity as writ. It also has value to individuals, who can use a single number for most of their consumer relationships.
That very convenience is what makes it valuable to criminals.
"Social Security numbers are a prime target for cybercriminals due to the value and utility attributed to the information," said Scott. "Consequently, most incidents involve the targeting, if not the exfiltration, of SSN data. Once an SSN and the accompanying identity information is stolen from one organization, that consumer is compromised at every organization."
Perhaps not a crisis in an era where information moved slowly, one sheet at a time, today's data thefts operate by the terabyte. Data, once stolen and published, is virtually impossible to claw back, meaning that once hackers have compromised a Social Security Number it will almost certainly remain compromised for the rest of that person's life.
In the wake of the Equifax data breach John Oliver joked on his show Last Week Tonight, "just move 145 million people into the witness protection program." Although tongue in cheek, his comment was largely accurate. That's what often what it takes to unwind the theft of this government identifier and the potential financial, tax, legal and credit-related issues that follow.
Social Security Numbers solve a problem. Companies have embraced them, because they need to know who they're doing business with. Consumers have done so to avoid tediously memorizing a different account number for every financial relationship in their lives. However because these numbers were never intended to work as secure identifiers, they solve this problem badly.
"It is long-past time to begin devaluing SSNs by reducing their employment as definitive security parameters," Scott said. "Ideal replacements are not yet popularized, or possibly conceptualized, but the increased introduction of multi-factor authentication, encrypted tokens, and other multi-layer knowledge-based authenticators can help to decrease organizational dependency on Social Security numbers which were developed for identification, not secure authentication."
Cyberthieves could swap places with as much as 80 percent of the population without the financial or legal systems ever realizing it.
That's the mark of a system that needs to go.
More of What's Trending on TheStreet: