260
All U.S. Social Security numbers may need to be changed following a massive breach that is already being investigated as a national threat (www.ecoticias.com)
submitted 1 week ago by CubitOom@infosec.pub to c/politicaldiscussion@lemmy.world
45 comments fedilink hide all child comments

cross-posted from: https://lemmy.ca/post/60478981

Borges alleges that a little-known federal tech team called the Department of Government Efficiency, or DOGE, copied the government’s master Social Security database into a cloud system that lacked normal oversight.

If his account is correct, the mishandling of this information could expose hundreds of millions of people to fraud and abuse for the rest of their lives.

you are viewing a single comment's thread
view the rest of the comments
[-] sylver_dragon@lemmy.world 24 points 1 week ago

The whole idea that we have some permanent "secret" number which is used to uniquely identify us is just really, really dumb in this day and age. There are better solutions, but they are hard, cost money and will probably face an insane level of political resistance. So, we continue to lurch on with the dead corpse of a bad idea that is social security numbers. But hey, at least it's cheap, right?

[-] CubitOom@infosec.pub 7 points 1 week ago

What if social security was instead a gpg key pair?

Although it will probably become a blue checkmarked profile on X.com

[-] Randelung@lemmy.world 1 points 6 days ago

You're thinking of digital signatures, which have their own issues to solve.

[-] sylver_dragon@lemmy.world 0 points 6 days ago

That's really my thinking on it. Though, I would do the same thing the US Government does for ID cards now: smartcards.
So, we already have the Read ID act, which started the standardization of ID in the US, let's take it one step further. The US Government stands up a PKI infrastructure, which then issues subordinate issuer certificates to the States. The States are then in charge of issuing each person a smartcard with a personal digital certificate. These cards would be tied to drivers licenses or state ID cards, much as Real IDs are today. There would need to be a Federal standard on what types of card technologies would need to be used. And we'd probably want both contact chip and NFC communications.

When you want to access Government services or specific areas which actually need that level of identity confirmation, you would go through a similar process to any digital certificate login. You tap/dip the card, enter a pin and the systems exchange an encrypted nonce to verify the private key. I'd also want to see some regulation around when you can be asked to use it. With GDPR style fines (e.g. 5% of global revenue, per incident) behind those regulations.

To throw a bone at the "think of the children" crowd, to get them on-board politically, it would also be interesting to investigate the possibility using the system for age verification, without providing identification to anyone. E.g. using something akin to a zero-knowledge proof, or just a bit which can be set when signing a nonce which shows that the ID is valid for whatever age is required for something. But maybe that's just my not-quite-awake brain coughing up silly ideas.

[-] 4am@lemmy.zip 7 points 1 week ago

Do you have any idea how many people will lose their key?

[-] jabberwock@lemmy.dbzer0.com 7 points 1 week ago

Could set up a key escrow with the issuing agency so there is a recovery mechanism if they can prove their identity through other means. That's at least as secure as the current model in terms of issuance.

Ideally we would move towards self-sovereign identities, but that's a whole other effort.

this post was submitted on 15 Feb 2026
260 points (97.4% liked)

Political Discussion and Commentary

1486 readers
250 users here now

A place to discuss politics and offer political commentary. Self posts are preferred, but links to current events and news are allowed. Opinion pieces are welcome on a case by case basis, and discussion of and disagreement about issues is encouraged!

The intent is for this community to be an area for open & respectful discussion on current political issues, news & events, and that means we all have a responsibility to be open, honest, and sincere. We place as much emphasis on good content as good behavior, but the latter is more important if we want to ensure this community remains healthy and vibrant.

Content Rules:

  1. Self posts preferred.
  2. Opinion pieces and editorials are allowed on a case by case basis.
  3. No spam or self promotion.
  4. Do not post grievances about other communities or their moderators.

Commentary Rules

  1. Don’t be a jerk or do anything to prevent honest discussion.
  2. Stay on topic.
  3. Don’t criticize the person, criticize the argument.
  4. Provide credible sources whenever possible.
  5. Report bad behavior, please don’t retaliate. Reciprocal bad behavior will reflect poorly on both parties.
  6. Seek rule enforcement clarification via private message, not in comment threads.
  7. Abide by Lemmy's terms of service (attacks on other users, privacy, discrimination, etc).

Please try to up/downvote based on contribution to discussion, not on whether you agree or disagree with the commenter.

Partnered Communities:

Politics

Science

founded 2 years ago
MODERATORS
laverabe@lemmy.world
laverabe@lemmy.zip