Securing Social Security cards?

As if the government didn't have enough on its hand trying to keep major "card projects" like TWIC and HSPD-12 moving forward, two U.S. representatives have introduced legislation that would make the Social Security cards for American much more secure.

Admittedly, it's probably not a particularly hard card to duplicate, and when introducing the legislation, they noted that a GAO study in 2005 found employers using some 1.4 million Social Security numbers that don't exist anymore (read: dead people). The representatives, Mark Kirk and Peter Roskam, said that a more secure card would help reduce identity theft and immigration fraud. I'll give Kirk and Roskam this: The current system is weak. So what's in their proposed card?

  • Tamperproof design
  • Increased wear resistance
  • Digitized photo
  • Encrypted, electronic bar code
  • Biometric identifiers

For now, the photo, bar code and biometrics would only apply to individuals older than 15.

Since this is a blog, I don't have to hold back. So, here's what I think: K.I.S.S.

SSCard1.jpgStart by creating a single database for SSNs that are commonly used in fraud and for ones that have expired. Allow for controlled access to that list to weed out the SSN as being a tool of fraudsters. But adding a photo and biometric "identifiers" makes it start to be a national ID, whereas the Social Security card has been more of a way of assigning us each a number (yes, we're all just numbers), a number that in general hasn't been particularly protected. In fact, we should perhaps consider securing this source of identity theft by not moving it around haphazardly, providing it to every cell phone company when you get a contract, and more. Take that number back to being a simple way for assignment in the Social Security system, a don't try to force it into being government identity document. It never was designed as such, and even making a secure card seems just like another patch of asphalt over a very deep pothole. If we want a government-issued identifier, then let's start from the core and create a system that makes sense from the very beginning, rather than try to convert a tired system for yet another purpose.

I want to know how you feel about this security issue. Sound off in our comments section, and express your professional security opinion and opinion as an American.