HN Theater @HNTheaterMonth

Americans have no national identity card. The closest thing is a Social Security number, which has no security or biometric features.

https://youtu.be/Erp8IAUouus

⬐ mindslight

Until the existing system is reformed with something like the GDPR, nobody should support increasing the technical strength of identification.

Currently, the only way you can prevent surveillance companies from unaccountably creating permanent records on you is to avoid feeding them your personal information in the first place. There is absolutely no recourse or even legal concept that prevents "ID.me" from using the data you're basically forced to give them here, for any purpose they later desire. Until there are real data protection laws that allow for the creation of trust through accountability, auditing, and right of deletion, then opposing anything that benefits the surveillance industry is the only way we can protect ourselves.

⬐ csdvrx

And it's a good thing, and personally I would love it if we could stop having even SSNs.

⬐ tangjurine

So I'm guessing you're saying: Nothing > ssn , and Nothing > public key cryptography.

Are you also saying: Ssn > public key cryptography? And if so, why?

⬐ csdvrx

Yes, yes, no.

See my other comment: people should be in charge of their identity, NOT the government.

⬐ landemva

Like penis circumcision, SSN is voluntary. Typically parents enroll the child for giggles or whatever.

And no, passport application does not require SSN.

⬐ dharmab

This is completely wrong. The IRS requires children to have an SSN to qualify their families for tax credits, and SSNs are required for most employment. Even if you are a member of a group that does not have to pay into social security, you still need an SSN so that the SSA and IRS can track that you are exempt.

⬐ messe

> I would love it if we could stop having even SSNs

Why?

⬐ gumby

The case that a universal identifier, or even some authoritative list of people, has a benefit that exceeds its cost, has never been made. It’s simply “one of those things”

⬐ jdmichal

The problem with SSNs is that places treat it like a secret, when it's an identifier. They were not designed to be a secret, and obviously are a pretty terrible secret at this point in time. What with the fact that probably every person older than 18 has had theirs leaked at some point in time.]

If places would just stop treating them as a secret, it wouldn't even matter.

⬐ Lammy

"The invention of permanent, inherited patronyms was, after the ad­ministrative simplification of nature (for example, the forest) and space (for example, land tenure), the last step in establishing the necessary preconditions of modern statecraft. In almost every case it was a state project, designed to allow officials to identity, unambiguously, the ma­jority of its citizens. When successful, it went far to create a legible peo­ple. Tax and tithe rolls, property rolls, conscription lists, censuses, and property deeds recognized in law were inconceivable without some means of fixing an individual's identity and linking him or her to a kingroup. Campaigns to assign permanent patronyms have typically taken place, as one might expect, in the context of a state's exertions to put its fiscal system on a sounder and more lucrative footing. Fearing, with good reason, that an effort to enumerate and register them could be a prelude to some new tax burden or conscription, local officials and the population at large often resisted such campaigns."

— James C Scott, Seeing Like a State: How Certain Schemes to Improve the Human Condition Have Failed

(Thanks shoo — https://news.ycombinator.com/item?id=29885742)

⬐ fennecfoxen

I guess the general premise is that any national ID number, SSN or otherwise, is liable to be used in all the wrong ways by untrustworthy institutions both inside and outside the government, damaging privacy and opening you up to exciting forms of fraud against your name (/ ID number); it is often treated as a secret, but it is not a secret at all.

— Unfortunately, with enough computers and enough tracking information, bad actors can often do the same thing without a number, anyway, and you can get different kinds of fraud.

⬐ systemvoltage

Yep. I would oppose any sort of National ID card whether it has biometric security or not. Passport is about the only thing that is a Federal level ID and accepted everywhere as an ID.

I would want states to have their own ID system where an average citizen can vote for policies that make a difference. I am also against cross-state data sharing (Driver's license) and such.

⬐ csdvrx

I could accept identifying with a passport, since the costs alone means it would not be supported in most cases, but only if it was associate with a strict requirement that the passport number or any other number/qr/barcode was hidden, and if it was illegal to save copies of even the image of the passport with the numbers hidden.

⬐ giantg2

My state engages in actually illegal data sharing and retention that violates state law. Nobody does anything about.

Who watches the watchers? The people who comprise "the system" rig the system in their favor and cover for each other.

They are in fact not great IDs and the Social Security Administration asked very nicely for the rest of the country to not use them as a form of identification: https://www.youtube.com/watch?v=Erp8IAUouus

A few reasons why SSNs are bad as IDs:

1. There are a number of situations where people will not have a SSN.

2. SSNs are "secrets" that need to be broadly shared to participate in many parts of business and government in the US.

3. SSNs lack many security and authentication mechanisms most forms of ID have (e.g. photo ID)

There are folks in the US who rally against the idea of a national ID, but I've always thought it was a silly argument considering how pervasive and problematic SSNs are as a form of identification.

⬐ ACS_Solver

Somewhat tangential, but I've always found it weird when I read about strong opposition of some in the US to government ID, framing it as something that jeopardizes the indivdiual's rights. My perspective from a European point of view is different, a government system that provides some ID (which is good both for identification and authentication) is a crucial protection of my rights. I don't want anybody to be able to impersonate me, which means I want a universally accepted system of strong authentication. That's what government ID is to me, it's like a PGP keyring where the government is the introducer in the web of trust.

In the absence of such a system, various ad-hoc systems emerge, and that's IMO why identity theft is so staggeringly common in the US - it's easy, and it's easy because very poor systems are routinely used for authentication. If I understand correctly, you can do a lot in the US with one-factor knowledge authentication, where the "something you know" are things like your name, address, DOB or SSN, all of which are exceptionally poor as authentication.

⬐ jhanschoo

One dimension to this is that racism and xenophobia is so nakedly tolerated including in the political class in the US, that many are fear that any governmental ID would only be half-heartedly rolled out to inconvenient and undesirable people in an effort to suppress their voice.

⬐ mulmen

This is an unnecessarily cynical take IMO. While systemic racism is certainly a problem it is at least possible to address it on smaller scales. Some states aggressively limit access to voting but at the same time others make it very easy. This is the benefit to the federated system.

⬐ Daho0n

To be fair most systems in the EU is exactly the same.

⬐ mulmen

While there is no Federal ID every state in the Union (to my knowledge) provides ID cards to citizens. These vary slightly from place to place but all contain verifiable identity (authentication).

This may seem strange to outsiders but makes more sense when you consider the United States is a federation of sovereign states. The system is built on the idea of limited federal power with states sharing but retaining much of their own sovereignty. This has many of the benefits of any federated system and makes for a robust democracy.

There’s very little of consequence you can do in the United States with single factor knowledge. If identity theft is more common here than elsewhere (citation needed) I would guess it has more to do with a lack of consequences (consumer protection) than a Federal ID.

⬐ Daho0n

It's the same as the EU but with way more federal power and way less local democracy.

⬐ ACS_Solver

I'm familiar with the US federal system, but as far as I know, the individual state IDs still have the same problem. In particular, they're apparently difficult to obtain for poor or disadvantaged people, so there are enough people without an ID to let the insecure ad-hoc systems exist in parallel. So something like knowing the SSN, or displaying an utility bill (trivially faked) exists as a parallel ID form.

European government-issued IDs don't work well just because they are accepted, they work well because no other ID is accepted, and that's only possible when 99% or more of the population has such an ID (and the rest can be handled in a somewhat more convoluted but uncommon procedure).

Of course I have no good insight into how feasible it is for a US state / federal government to ensure that everyone (for sufficiently large values of everyone) in the state / country has an ID, without disadvantaging anyone.

⬐ hedora

4. SSN’s are not unique, nor were they designed to be, but people think they are.

⬐ swiley

I'm pretty sure I read somewhere SSNs aren't even guaranteed to be unique.

⬐ mulmen

If a living person has a SSN they can be identified by it [1]. That does not imply any individual can be identified by a SSN or that any SSN identifies an individual. The suitability of an SSN is situational for ID purposes.

The video conflates identification and authentication to its detriment.

Social Security Numbers are very good identifiers, that’s literally their purpose.

Social Security Cards are poor authentication tokens because they contain no validation to prove the card holder is the person associated with the number. Or said another way, you cannot prove your identity (authenticate) with a social security card.

I don’t see what built in validation of the number has to do with the security of the identifier.

So again, the problem is using a Social Security Number or card for authentication. It’s fine as an identifier.

[1]: Social Security Numbers can be reissued but this should only happen when the number is no longer in use.

⬐ mulmen

Too late to edit but apparently SSNs are not reused: https://www.ssa.gov/history/hfaq.html

Q20: Are Social Security numbers reused after a person dies?

A: No. We do not reassign a Social Security number (SSN) after the number holder's death. Even though we have issued over 453 million SSNs so far, and we assign about 5 and one-half million new numbers a year, the current numbering system will provide us with enough new numbers for several generations into the future with no changes in the numbering system.

⬐ nathanaldensr

I wonder how this is possible when there are only one billion combinations of digits.

⬐ rodonn

There are only around 330 million Americans and about 5 million born/immigrated each year. 1 billion possibilities will be enough for about 100 more years. Presumably sometime before then we can replace or update the system (or worst case add one more digit).

The story of how this happened is quite interesting. CGP Grey did a video about how it evolved [0]. I'm not American so I can't judge how likely it is to ever change because it seems to be politically radioactive to propose a government mandated ID.

We had a similar issue in Australia, but our workaround is that your drivers license (or ID card from the equivalent of the DMV) typically acts as your ID.

[0] https://www.youtube.com/watch?v=Erp8IAUouus

⬐ aidenn0

My first driver's license number was my SSN

⬐ BrandoElFollito

We have in France ID Cards that are not compulsory. It is just such a hassle to use something else that everyone has one.

Alternatively, for minor things, you can make a declaration on your honor. This is super useful in, say, a library where you need to enroll.

This video does a great job explaining it: https://www.youtube.com/watch?v=Erp8IAUouus

The summary is that the USA does not have an official national person identity number. The SSN is the closest approximation, so it is being (ab)used as one. This is despite that it is explicitly not designed for it and has some qualities which make it less suitable (the numbers are small and very predictable).

In general, nearly every national-identity-system suffers from a contradiction between assigning identities and identifying. Where the number you get assigned is simultaneously your identity and a secret you use to establish your identity. There are initiatives to solve this using cryptography, but this is complicated by political attitudes towards privacy and government tracking. I dare say in the USA this is more pronounced due to both the problem and the political attitude against solutions being more pronounced.

⬐ teddyh

I thought that link would be to https://www.youtube.com/watch?v=CS9ptA3Ya9E but it wasn’t, so there it is. But your link is good too.

I was talking about this with a friend the other day. I don't know about the technical feasibility (RE sybil attack[0]), but if it were possible, it would have a massive impact on the web. The current state of the art (in terms of new user signup) is using phone numbers as representing unique "trustable" people, which is kind of absurd.

This reminds me of how social security numbers weren't originally intended to be used as unique identification, but the demand for some form of identification was so strong that organisations ended up hackily using it anyway.[1]

[0] https://en.wikipedia.org/wiki/Sybil_attack

[1] https://www.youtube.com/watch?v=Erp8IAUouus

⬐ zelly

Hot take, but the only real way to solve this identity problem is to take people's DNA. The only attack on that is to literally synthesize fake DNA/fake hair/fake saliva. Even then you can prompt randomly for DNA the way Twitter randomly prompts for phone number verification. Or ask the user for a selfie and spot inconsistencies in the mapping from DNA to face.

It's scary to let internet companies have your actual DNA (though that didn't stop 23andme customers), so there could be an layer in between (a nonprofit? machine with a hardware security module?) that does the DNA sequencing and returns a digital signature to authenticate you.

The obvious downside is that it would work too well. Banning becomes much more serious of a thing when it's lifelong and potentially could affect your descendants. I hope I'm not giving anyone any ideas because this is horrible.

⬐ s_kilk

Even DNA wouldn't work because of weird shit like chimerism. Our classic assumptions about this stuff just don't hold in reality.

⬐ zozbot234

Just post a bond that is forfeited if you engage in verifiable abuse, the proceeds of which are used to compensate the victims (if applicable). Use pseudonymous identity to link any number of site-specific "identities" to that same initial posting. Real-name identity can then be optional (although some sites may still insist on it), but users in good standing are protected from "sybil" attacks because each entirely-new user requires posting a separate bond, so the cost quickly becomes infeasible.

⬐ dane-pgp

Posting bonds might be part of a solution, but there is still a question of who gets to decide whether or not something is abuse (or who is a victim, for that matter). The closest I've seen to this sort of system is OpenBazaar's use of "proof of burn":

https://openbazaar.org/blog/why-proof-of-burn/

⬐ zozbot234

> but there is still a question of who gets to decide whether or not something is abuse (or who is a victim, for that matter)

In principle, all you need is a trusted arbitrator that's acceptable to all involved parties. This is how "multiple signatures" work on Bitcoin already; the third-party escrow can decide who's going to keep the coins by adding her signature to either party's claim.

⬐ zelly

This doesn't solve the problem of identity. You still would need some way of differentiating the accounts with the bond, or else I can just sybil the system by having a lot of money and a really good way of impersonating people.

⬐ ryanthemadone

I naïve reading of your solution implies that the poor wouldn't be able to put up such a bond and would therefore be excluded from this techno utopia - where the rich would be able to create Sybil's and game systems all day long.

CGP Grey recently made a great video about this exact problem with social security numbers: https://www.youtube.com/watch?v=Erp8IAUouus

They were started to keep of taxes and never meant to be used as IDs.

CGP Grey did a great video a few years ago explaining how bad SSNs are.

https://youtu.be/Erp8IAUouus

⬐ mehrdadn

I've watched this video 5-6 times over the past year or so. It's funny and fantastic.

⬐ 013a

In fact, the number he used on the card in the video is the number shown in the article.

⬐ mxuribe

Wow, i had never seen this video. I've been somewhat familiar with some of the topics depicted in the video...But seeing them all in one place - and of course the brilliantly cute and funny method - taught me lots more....Which lead to me remembering that this is all true and not fictitious...which instantly makes me a sad panda. :-(

SSNs don't have a checksum like credit card numbers do (or like national identity card numbers do), because the SSN is not meant to be used the way it is used.

https://www.youtube.com/watch?v=Erp8IAUouus

⬐ ilkkao

In many countries they have. Which leads me wonder if github is expected to detect all formats there are around the globe

⬐ Nevermindmine

But do many countries treat them as secrets? Where I live, my number is a unique identifier for me but it's not secret. Because, you know, sharing secrets isn't smart and leads to the recurring issues we see in the US.

⬐ nickjj

I'm from the US and I remember about 20 years ago I registered for a Blockbluster card (a way to rent DVDs from Blockbuster) and the form required putting my full social security number on it. In the US it's supposed to be secret but lots of places want access to it. Blockbuster never got my SSN and they did let me sign up without providing it. It's crazy they would even ask.

Actually, the SSN is an account number, solely intended for tracking money paid into and paid out of an account. It isn't meant for identification, and the method it's used for identification is terrible. (Largely: If you know the number, you are identified.)

It's treated like a secret, but as a 9-digit number you give to dozens of organizations in your life which follows a predictable and partially guessable pattern, it is an absolutely terrible secret.

Absolutely good explainer video about how this travesty took place historically: https://www.youtube.com/watch?v=Erp8IAUouus

⬐ paulddraper

SSN is absolutely an identifier.

It's like given name & surname (also identifiers), but actually unique.

The problem is that SSN is not only an identifier, it's also the means of authentication, which is "the process or action of verifying an identity."

---

To draw an analogy, username is an identifier. Password, SSH key exchange, etc. are mean of authentication, i.e. the process of verifying a username identifies the user.

SSN is both a username and a password; it needs to be one or the other.

There is great video about that by CGP Grey: https://www.youtube.com/watch?v=Erp8IAUouus

watch this (https://www.youtube.com/watch?v=Erp8IAUouus) and tell me if SSN is good for even US?

Yeah, I suppose that's right. And as you say, it's very practical.

> Keep in mind that the social number in USA is apparently also supposed to be secret (like a password) which sounds absolutely crazy to me.

That's very true, reminds me of this video [1] by CGP Grey, giving some background of the issue.

[1] https://www.youtube.com/watch?v=Erp8IAUouus

Here's a relevant pop science video by CGP Grey[0] that explains all the various problems with SSNs. My favorite part is the fact that until quite recently (2011) you could decrement or increment a given SSN by 1 and get another valid SSN, since they were sequential.

[0]:https://www.youtube.com/watch?v=Erp8IAUouus

⬐ lobster_johnson

A couple of years ago I accidentally filed my tax return with a typo in the SSN. I was stunned to find that the IRS accepted it. It took months to fix.

⬐ et2o

My twin and I have SSNs a single digit apart.

⬐ Danihan

Why would that be surprising? They are incremental, as far as I know..

⬐ goialoq

SSNs are 9 digits, which means that mathematically 1 of 3 SSNs must be valid

⬐ MarkPNeyer

Unpacking this for others who scratched their heads like I did:

There are 1 billion possible social security numbers. There are roughly 300 million people in the USA. So roughly 1/3 possible SSN’s is currently in use.

⬐ andruby

Does the US re-use previously issues SSN's when people die? With such a limited numeric space, they probably have to, right?

⬐ djrogers

Haven’t had to yet - they’ve only been around since the ‘30s and we haven’t quite used them all up yet.

⬐ akvadrako

Yes, they do.

⬐ None

None

⬐ icebraining

Q20: Are Social Security numbers reused after a person dies?

A: No. We do not reassign a Social Security number (SSN) after the number holder's death. Even though we have issued over 453 million SSNs so far, and we assign about 5 and one-half million new numbers a year, the current numbering system will provide us with enough new numbers for several generations into the future with no changes in the numbering system.

https://www.ssa.gov/history/hfaq.html

⬐ gberger

100 years doesn't really equate to "several generations"...

CGP Gray did a really good video[1] about this recently. The short version is that it's the least terrible mechanism presently available for uniquely identifying and disambiguating American citizens.

[1] https://www.youtube.com/watch?v=Erp8IAUouus

CGPGrey did an excellent video on this topic: https://www.youtube.com/watch?v=Erp8IAUouus

Counterintuitively, this is evidence that the Equifax breach isn't necessarily going to cause massive harm. If someone wanted to impersonate you, they could already.

I remain hopeful that the full list of 140M SSNs will be posted in full. It's a rare opportunity: if that happens, the US will have no choice but to finally switch to a new system. One that doesn't rely on SSNs being private. That's the absurdity. It is easy to steal your identity because we have allowed it to be easy.

It's going to be difficult to switch to a new system, but the pain will be worth it. Imagine if the author could finally have peace of mind because nobody could impersonate him.

That is a fairytale, admittedly. It's always going to be possible to steal someone's identity if you're determined. But just look how trivial it is right now. Your driver's license plus the thief's photo is all they need. And it's possible to forge: they don't even need to swipe your physical one.

Those are “the keys to the kingdom,” said Bo Holland, CEO of AllClear ID, an identity-monitoring service. “Once you have somebody's name, social, birth date, and address, you can go and open new accounts.”

The SSN shouldn't be the critical key in that list.

https://youtube.com/watch?v=Erp8IAUouus

⬐ noncoml

> Counterintuitively, this is evidence that the Equifax breach isn't necessarily going to cause massive harm. If someone wanted to impersonate you, they could already.

This argument doesn't not follow logically. It's like saying you shouldn't lock your house because if somebody really wants to get in, they will do it.

⬐ larvaetron

It would be analogous to a security breach of a manufacturer's database of keycuts and corresponding locks, not outright refusing to lock your doors.

⬐ noncoml

Right. That analogy it more correct, but it doesn't make it follow logically. It's like a someone having the keys and address for each key.

⬐ LeifCarrotson

It does. Locking your house provides some security.

But it would no longer provide security if every person in the country had a copy of your key.

⬐ noncoml

One of us missed the point.

⬐ PhasmaFelis

It sounds like he's saying "don't worry about getting fucked by the Equifax breach; you were fucked already." Which certainly isn't reassuring, whether or not it's true.

⬐ matz1

It does follow. Not locking your house is not going to cause massive harm. If somebody really wants to get in, they will do itm

⬐ noncoml

I guess you leave your front door open every morning before leaving for work?

⬐ matz1

We are talking about leaving door unlocked, not leaving the door open. I lock the door every morning out of habit but I'm pretty sure its unlikely that something happen if I don't.

⬐ noncoml

I don't know what you are trying to argue about, but somebody got hold of personal details, SSN and credit card details of 140 million people.

The argument that it is ok, because anyway if somebody wanted it really hard they would find a way to get my personal details, is illogical.

⬐ matz1

Yes as the parent poster said, it may lead to the improvement of the system.

⬐ KGIII

I leave my house unlocked. If not, everyone around knows where the key is.

Of course, this isn't something I suggest you do. It's certainly not practical for most people. I mention it only to show that there are varied security needs. On this particular subject, my credit has been frozen since the OPM breech.

⬐ camus2

> I leave my house unlocked. If not, everyone around knows where the key is.

the day you get robbed, it will absolutely make a difference for whoever insure your house and its content.

⬐ KGIII

If someone around here takes something, they needed it more than I did. I live way out in an unincorporated township. People aren't inclined to steal when they know I'd just help them out if they need me to.

It's pretty great to live here. The only crime in my area is growing weed and that's now legal.

⬐ noncoml

Yeah, that’s the problem when we start arguing with analogies. Things can get derailed easily. Mea culpa.

⬐ sillysaurus3

Yes and no. At a certain point, if people keep breaking into our houses, it's a good idea to think about the locks we use.

⬐ noncoml

That's a different argument, than the one in the first line, to which I completely agree.

⬐ cm2187

The difference between breaking into a house and hacking into a machine is that a burglar can only break into so many houses and has a significant risk of getting caught. A hacker can get into an almost unlimited number of machines and is unlikely to risk any retaliation.

As a result you have the equivalent of dozens of people trying to pick the lock of your door every day, and the law can't do much to stop it. That requires you to pay f*ing attention to the quality of your lock.

⬐ pmorici

Start issuing everyone a FIPS 201-2 PIV card instead of those flimsy paper cards the SSN's are currently printed on.

⬐ snarf21

The big problem is switch from SSN to what? Just another number that serves the same purpose?

SSN is fine, what we need is the right for our credit to always be frozen and anyone who grants credit outside of our approval is liable for the loss. We also just need to bite the bullet and make chip and pin mandatory everywhere.

We don't need to make identity theft impossible just reasonably hard. Other nations seem to have it figured out.

⬐ criddell

For a long time SSN cards carried a notice that they were to be used only for social security and taxation purposes and never for identification. Maybe the government should take steps to make the SSN unsuitable as an identifier outside of those two agencies.

⬐ rocqua

A big question in making credit providers liable for incorrectly granting credit is the specific definition of 'correctly'.

Sadly, just 'issued without approval' is a bit too wide a definition. You need to deal with 'john' helping others fraudulently impersonating 'john'. In that case, the bank should not be liable.

In general, I see potential for a weird type of coorperation. They verify identities for credit providers for a fee. In return, this coorperation takes on the liability of wrongly verifying identities.

Question is, given the importance of such a coorperation, how much regulation is needed? At what point is there so much regulation required that it is better left as a government-run service?

⬐ narrator

All they need is an ssn you can change if it gets stolen. To change it all that's needed is to go into a government office and do a biometric scan in person. That would be so ridiculously easy.

Of course the government will never let a good crisis go to waste. Instead, we will all get chips under our skin that can't be removed that will be passively scanned by the authorities everywhere we go.

⬐ PeachPlum

One irony is that for my US visa I had to have an interview, supply a photograph, have my fingerprints taken and submit to an eyeball scan. Making the US visa inside my UK passport more reliable an identifier than the passport itself.

⬐ pas

SSN is a primary key, not a shared secret.

The entire problem is that people started using SSN as a shared secret, but it was classic password reuse. Use the same secret every fucking where.

No. If you want to establish trust, use a random secret for each new trust relationship.

If you want to establish identity ask the identity providers what kind of anti-forgery guarantees they provide. Oh, nothing, you say!? Then don't use that provider.

Banks are trying to use easy to forge things to make sure they won't lose money. Sounds like stupidity. So they limit their stupidity (hence you can't just register for a credit card online, otherwise bored Russian teenagers would have already bankrupted them).

⬐ narrator

What if, when you replaced your SSN, banks could use a system that would return "invalid SSN" on any new credit application. The existing accounts would be suspended unless you called them and updated your SSN. It would be about as much as a hassle as updating all of one's autopays when a credit card number gets stolen.

⬐ pas

I don't want to call up all of my business address book because one of them fucked up and leaked something.

They shouldn't even ask for it.

Currently fraud is held back by law enforcement. Which is triggered by fraud detection. Which is triggered when the wrong person gets a call from a collections agency.

And this chain of events is too long, but since there's no global (national) system to check if someone is a professional scam artist or a regular bloke, that's what banks are left with.

⬐ alkonaut

Don't switch from SSN. Just accept that they are public identifiers and ensure 1) everyone has access to photo ID with that SSN and 2) an authority can lookup addresses from SSN to perform 2FA.

This means everyone in the US has to accept national ID.

(It could theoretically be done at state level but it would be a huge hassle compared to national, and your tax authority and others are already national and need to know every person that lives in the country).

Basically you need to trust the federal government to solve your ID problem. And if the answer to that is "Whoa that won't happen, people won't accept national anything" then the simple answer is you'll keep being subjected to ID theft.

Why is chip & pin a bullet to bite? Isn't that just better for all parties involved?

⬐ snarf21

I think the excuse is always that small businesses can't afford to upgrade their POS. I think the reason is that a lot of money is made by processors, etc. on all the fraudulent transactions. The credit card companies make plenty on high interest rates to cover this loss. It is like retail stores factoring in 20% (e.g.) loss into their prices so the consumer pays for it. I think capping interest rates on credit cards would force them to push chip and pin more. It is weird that we don't have chip and pin at the pump but now most places require zipcode which is worse than chip and pin.

⬐ md_

I recently had the brilliant idea that someone should create a site where we all enter our social security numbers and personal information (DOB, name, etc), with the promise that once the site collects, say, 100M verified records, all of them will be released.

Seems like an opportunity to force the hand. I, like you, imagine such an action would induce systemic change.

Maybe.

⬐ Tomte

> if that happens, the US will have no choice but to finally switch to a new system.

Impossible. A large part of the American people is obsessed with "the government is going to oppress us all". National IDs or anything similarly working are therefore a big no-go.

If you could solve this problem, you could presumably also solve the gun debate to a large degree.

⬐ criddell

There's also a lot of people that object to a national ID number on religious grounds. These people vote and seem to be influential.

⬐ stretchwithme

The hassles and inconvenience this problem causes victims is sort of an unpriced externality of the credit industry. If those extending credit had to compensate the victims for their negligence, maybe they'd stop being so negligent.

And it would help if individual making the faulty decision to extend credit lost all their commissions for the week. It should be a blight on their record, with more than 5 instances causing them to lose their jobs. And CEO of the worst offending company gets a hefty fine.

Maybe that would focus the industry on solving this problem.

⬐ tryingagainbro

The SSN shouldn't be the critical key in that list.

So it would a "Credit ID," Passport Number, DL #, or something related. What's the difference, it will need to be stored next all your stuff, awaiting to be stolen. Now the banks eat the small % caused by fraud (cost of doing biz), your life is hell, but not theirs.

Scan your iris before getting the new loan isn't going to happen either, too costly and slow. If they ever do that online, they'll find a way to recreate that based on your existing scan, stored at the future Experian.

⬐ ProblemFactory

> So it would a "Credit ID," Passport Number, DL #, or something related. What's the difference, it will need to be stored next all your stuff, awaiting to be stolen.

It should not be a passport number or driver's license number. It should be the original, physical passport or driver's license that you present in person. The physical object is much harder to steal or copy, and can be revoked.

You should not be able to open credit lines or accounts with a business without appearing at least once in person first.

⬐ germanier

It doesn't even have to be in-person at that specific business. In Germany, the post office will authenticate your ID for any business that pays them for that service (either at a branch or during daily delivery). Alternatively, identification startups now allow to authenticate yourself via video chat without leaving your home. Video enables them to check most security features on the ID.

The national ID also has an embedded smart card usable for authentication but for some reason using that has never took off.

⬐ zAy0LfpBZLC8mAC

> Video enables them to check most security features on the ID.

Video is just another form of photo copy, so how would that work?

⬐ Vespasian

You are required to respond to questions from them and verbally verify a) what you're are applying for b) read out the data written on the ID (passport or national ID) and c) move and wiggle the card around and occlude it with your finger so the agent can verify certain security features (holograms, picture, "shiny stripes" on the card). In my opinion, it would be quite hard to prerecord the whole process and/or reuse such recordings for multiple applications.

All in all this process makes it much much harder to steal an identity. Also, once you report your ID card stolen, its serial number will be blacklisted preventing it from being used. Add to this that there is a snail mail address on your cards which will typically be used to send login information such as passwords and PINS

⬐ zAy0LfpBZLC8mAC

Well, not yet, maybe? Given the state of the art in real-time video manipulation, including based in motion capture, I am not so sure that's gonna stay that way for long.

Also, please don't use terms like "steal an identity", that is how banks frame things in order to make it appear that they are not responsible. Banks don't employ reliable authentication, thus they get defrauded by imposters--nothing is ever stolen from those who the importers pretend to be, it's only between the bank and the imposter, noone else is a party to that fraudulent transaction.

⬐ Vespasian

You make some valid points here. I'm "excited" to see the influence of real-time machine learning.

For now, it remains somewhat secure in practice and will hopefully bye augmented by use of cryptography already available in many IDs (though, as other comments note, not widely used in some countries)

⬐ zAy0LfpBZLC8mAC

As for the cryptography available in many IDs: Those usually are a terrible idea, because it's a black box that decides who has rights and who has not. How would a court investigate the reliability of some smart card? Or does that effectively transform courts into institutions that sign orders from whoever actually controls the smart cards? If the card says you signed a contract, you signed it?

⬐ watwut

I haven't seen password I'd or national card I'd used as identification, ever. The way it works is that you bring it physically and they look into it. Or that you send photo of the id (yes that is easier to forge, then again harder then forging utility bill) - that is done only where it is impossible to do physical check and never with loans and such.

Identity theft in Europe is extremely rare. It is possible to do something in your name, sure, but it does not happen nowhere near as often and damage is limited compared to ssn system.

⬐ tryingagainbro

>> The way it works is that you bring it physically and they look into it.

Not gonna happen, banks for now will rather swallow the relatively low loses due to fraud.

In USA you sign a piece of paper (pre-approved loan), or login online and the loan money is deposited in your account within a few days. All automated. So far it works out for them, if fraud loses increase, the banks, not us, will choose the next method. And Congress will approve it within weeks.

⬐ rocqua

The issue is that fraud causes more loss than just for the bank. Whomever got impersonated is also fucked. At the moment, they have very little recourse to recoup their costs from the bank that got fooled.

⬐ glitcher

> “Once you have somebody's name, social, birth date, and address, you can go and open new accounts.”

>The SSN shouldn't be the critical key in that list.

Nothing in that list is secret.

⬐ joshmn

Hate to break it to you, but with very minimal browsing and $4 in bitcoin, anyone can buy any SSN of a US person born after 2003.

⬐ nitrogen

anyone can buy any SSN of a US person born after 2003.

Why only 14-year-olds and younger?

⬐ joshmn

I haven't the base, and there are conflicting sources about where the base came from (only two persons have it that I know of)

⬐ tscs37

Because the kids these days will enter their SSN and their parent's Credit Card into anything that looks like flappy bird to unlock the extra jump boost or something like that.

⬐ joshmn

That wouldn't explain my sister's.

⬐ incompatible

How would a more secure system work? Biometrics? Smart cards?

⬐ sampo

> How would a more secure system work?

Just look what many other countries do.

⬐ incompatible

I'm not sure that any country has really solved it convincingly. Sure, they do better than the US and its secret SSNs, but that doesn't say much.

⬐ lagadu

National ID cards with biometric information along with PIN plus private keys for document signing and 2FA for online interactions isn't convincing enough for you?

⬐ incompatible

I mean, countries may have national identity cards with chips and perhaps biometrics that make them hard to forge, but a) I believe there's opposition in the US to identity cards b) do they help establish identity remotely, e.g., online?

⬐ kristofferR

Norway has a great system called BankID. To sign-up/login to all banks, government services and other places where you need to verify your identity you enter your SSN, personal password and code from your 2FA device (which banks give you freely)/phone app.

https://www.bankid.no/en/

⬐ zAy0LfpBZLC8mAC

In other words, you also have a system of password reuse (a personal password instead of a per-account password?!)?

Also, how is the reliability of the 2FA device established? If there were some claim before a court that you authorized some sort of transaction, what would they have to demonstrate to prove your liability? What will the court do if you question whether the numbers generated by the 2FA device are actually cryptographically random?

⬐ twiss

The Netherlands has an OAuth system for online identity verification, called DigiD, for anything government-related (taxes, healthcare, etc.) Other than that, occasionally a service asks for a copy of your passport, although that's not really allowed.

⬐ rocqua

It should be noted that DigiD is a terrible system. The government acknowledges that and is currently working on a new system.

For illustration, when I'm logging in, I get the option to login with my password, OR to login with 2 factors. When the second factor is optional, it doesn't provide much defense. Some select services require the second factor, but its very few. Until very recently, the second factor was SMS, which is rather easy to fool.

Also, as far as I know, Digid isn't related at all to banking. Instead, you need to show ID (passport or ID-card, drivers license does not suffice in this case) to open an account with a bank. After that, each bank has their own system.

⬐ detaro

You can activate German ID cards to work as RFID smartcards for online identification. Practically, there aren't all that many places to do it, and not many people do so. You also need a smartcard reader, but those were available reasonably cheap (no idea if a smartphone with NFC can do it or not)

(You also can have a certificate on it, but they missed an opportunity and didn't make it default, you have to ask for and pay extra for that. Would have been a chance to widely roll out certificates of the standard necessary to legally replace signatures, instead of other crap that has been proposed as a replacement sigh)

⬐ quuquuquu

>the US will have no choice [but to switch to a better, non-SSN based system]

I absolutely hope this happens too...

... but I have a feeling all of the banks and agencies involved will find a way to plug their ears more and pretend nothing is wrong.

They will look at how costly and complex it is to create a halfway decent identity system (even though it's really not hard, other countries do it just fine with digital and physical keys/tokens).

And they will just continue to push the burden of ID theft onto consumers, rather than their businesses.

⬐ eastWestMath

I think I've seen you defending Equifax on every post related to identity theft since the breach. Do you work there or something, why are you so invested in this?

⬐ rxhernandez

This logic is so impressively bad I don't know where to begin. Okay how about this, I'm going to pretend I lack morals for a second.

I would do this with the information:

1. Write a script to webscrape sites like LinkedIn to find out if a name/address/ssn key could be tied to people like doctors, engineers and whoever else might have sufficient disposable income.

2. I would take out loans in their name. If I have to be there in person, I would go from city to city and find people I could easily get dirt on, like people that might be here illegally. I would then cut them in for a piece of the loan and then move onto a random city in a 200 mile radius.

3. Move away after I get away with enough to live on for the rest of my life.

4. Hell I might just sell the rest of the information and scripts to other people who lack scruples.

⬐ sillysaurus3

And you'd end up in prison pretty quickly. The point is, it'd be worth the pain. We'd come out of it with a better system.

⬐ usaphp

The flaw in your logic lays with the bank. You will need a bank account/visit branch/transfer loaned money somewhere where you can cash them. Banks have cameras + Irs will quickly find you and won't allow you disappear or use that money

⬐ rxhernandez

The flaw in your logic is that you fail to realize i have access to 143 million bank accounts and can transfer any number of ways I want to. You also overestimate the competence of smaller banks.

Neglecting all of that you do realize that International wire transfers do exist right?

⬐ usaphp

It takes 1-3 business days for a US bank to transfer any amount and I am sure it will be even higher if the transaction is not matching a usual pattern of your victim. So 144 million bank accounts mean nothing with such long processing delays

⬐ rxhernandez

Tell that to all the banks that had been sued for millions for losses due to phishing attacks. My mom's bank was one of them. The criminals got the money out successfully somehow.

⬐ usaphp

It does not mean they were not caught later by bank insurance company

⬐ djsumdog

One of the few instances where American Banking still being in the 1990s is a benefit[1] .. but not really.

Australia, NZ, Singapore, most EU countries all have instant person-to-person transfers with little to no fees and supported via the government. 500 euro can be gone like that. Poof. But it's all within the same country. And when it's within the same country, it's traceable, reversible and enforceable by law.

So the 1-3 business days isn't where the protection is at. It's the way we mark and track transactions. The real danger, is SWIFT transfers. Once that money leaves the country, it's very unlikely you'll ever see it again.

[1]: http://penguindreams.org/blog/the-american-banking-system-is...

⬐ raarts

Payments are immediate between countries too. On my vacation in Armenia (you know, former USSR and a pretty poor country) I paid in the supermarket with my Dutch debit card (chip with PIN), I immediately popped my phone and opened the banking app for my (small, Dutch local) bank, and it showed the withdrawal.

⬐ None

None

⬐ waqf

> the world

The United States. I assure you that even though other countries have credit reporting, they do not use SSNs.

> will have no choice but to finally switch to a new system.

Really? I think they will just carry on unless and until the financial downside (losses from extending bad credit, or lawsuits from identity theft victims, or penalties from the federal government intervening directly) is shown to be really huge.

⬐ incompatible

Other countries have the equivalent of SSNs, i.e., a number issued by the government tax collector. However, other countries don't use it as a form of ID. In my experience, they use passports, ID cards, drivers licenses, etc., which are supposedly "hard to forge".

⬐ incompatible

These systems don't work well remotely, of course. Sometimes an organisation will accept an upload of a scan or a mailing of a photocopy. They sometimes require it to be signed by a somebody to verify that it's genuine (e.g., a Justice of the Peace). But by doing that, the "hard to forge" feature is lost entirely.

⬐ kilotaras

Ukraine is experimenting and slowly rolling out an oauth-like system called BankID, where you bank can provide information to third party.

⬐ novium

At first I was surprised by you mentioning Ukraine and BankID, especially since it's developed by Swedish banks. But reading about it now makes it seem like they are branching out to other European countries as well.

Over here it's basically used for everything that needs authentication / signatures - taxes, banking etc.

⬐ amigoingtodie

You talking about Facebook?

⬐ my_ghola

They do use a scan or a photocopy, but having that stored it is easier to check the identity of the real person once they claim there was identity theft.

⬐ incompatible

The "verified photocopies" can be a bit of a joke. I know somebody who was having trouble finding enough ID for something. They printed an online bank statement, photocopied it, and got a JP to verify the photocopy against the original printout.

⬐ LoSboccacc

It's not just hard to forge: tgey expire often and change code frequently sp the exploytable window is smaller than for the quasi permanent ssn

⬐ incompatible

Perhaps true to some extent, but a passport can last 10 years, which is plenty of time for identity theft.

⬐ llukas

If your identity gets stolen you get new passport with new number and put old one into stolen document database.

Cannot do this with SSN.

⬐ incompatible

The question would then be how many organisations check the stolen document database when looking at a passport id.

⬐ LoSboccacc

however, that clearly puts the blame where it's due. ssn changes being exceptions make easy to shield company from due process. id's, otoh, have specific procedures for handling.

⬐ llukas

If you want to legally lend money why shouldn't you be required to do look up? If you didn't you're liable...

⬐ alkonaut

More importantly, we can 2FA from my id number to my address because there is a db mapping from id to post address.

With a locked mailbox (which is the default) it becomes a hassle to steal an identity.

If I get a new credit card it's sent to the address I id'd for.

⬐ mseebach

It's better than just trusting the SSN, but I'd still prefer a system that can't be beat with a stick and some chewing gum.

(Yes, I had an ID theft near-miss that involved a locked mail box in a locked stairwell. To me, the more obvious perpetrator seemed to be someone with access to the mail delivery pipeline, but the investigator I spoke certainly did not think terribly highly of the security of a locked mailbox)

⬐ freeflight

> The United States. I assure you that even though other countries have credit reporting, they do not use SSNs.

They use ID cards with at least some features to make forging said ID cards more difficult, unlike the US SSN which is pretty much just a number on a piece of paper.

This is mainly an issue of authentification and as long as your credentials remain crappy/easy to guess/easy to forge (like the US SSN system), that long it will stay easy to game the system.

Imho this def con talk about birthing and killing virtual babies might also be quite relevant to the issue, tho it's not entirely focused on the US: https://www.youtube.com/watch?v=9FdHq3WfJgs

⬐ chimeracoder

> I assure you that even though other countries have credit reporting, they do not use SSNs.

No, but many use systems which are not appreciably better than SSNs from a security and identity theft perspective.

⬐ sillysaurus3

Fixed, thanks. What do you feel are some sensible systems used by the rest of the world? One that's hopefully hard enough to break but easy enough not to cause massive hassles.

⬐ tscs37

In Germany, my ID might be a form of identification but only in association with the person in question, the ID's number or data itself is not considered identifying by a few institutions (postal service, banks, etc; you always need physical presence for identification or use post-ident)

The ID is government issued, cheap to obtain in case of loss (30€ and a bit of waiting until the new one arrives) and contains a photo of you so it's of no particular value to someone who doesn't look like you.

IIRC identity theft isn't a huge problem in Germany but it exists, however most credit agencies offer options to lock down or delete data concerning such theft, I haven't interacted with any of them yet though.

⬐ kuschku

> or use post-ident

Or use the eID functionality, which is growing now that the old IDs are starting to expire.

⬐ tscs37

TBH, I haven't seen many websites that offer eID functionality, so I haven't bothered setting it up.

⬐ freeflight

It's certainly a weird process to witness in Germany.

A couple of weeks ago I had a friend over who used my WLAN to eID for some service (i think it was pre-paid CC? Neither of us can't remember at this point) over his android phone using some "AusweisApp2".

He ended up in a video chat with a lady who asked him to show his face/ID and swivel the ID in the light so she could see the reflections of the security features.

I was sitting next to that whole process thinking about how difficult it would be to put on a convincing facemask and create a matching fake ID that would pass a video inspection.

Shouldn't be that difficult, most certainly less difficult than trying to convince a postman in person by showing them a fake ID at an address matching the fake ID.

⬐ kuschku

> A couple of weeks ago I had a friend over who used my WLAN to eID for some service (i think it was pre-paid CC? Neither of us can't remember at this point) over his android phone using some "AusweisApp2".

Ah, that’s the system you use when you don’t have any of the new eIDs, but one of the old ones.

That should be phased out by 2021

⬐ tscs37

It's not impossible to fake and I don't think that'll ever be the point.

Rather, it's just very difficult compared to faking an SSN number on the internet.

The address in this case would be difficult since a lot of institutions pull your address from the local registry, so you can't convince them to not sent stuff to any victims address unless you manage to change their address in the registry too.

⬐ seszett

It's similar in France.

In addition, each government service uses a different ID number and is forbidden from sharing information or using another service's ID number. So you have a fiscal number for taxes, a social security number for health things, an identity card number that only has meaning with the card itself. Your private (non-healthcare) insurance, your bank, and other private institutions can issue you their own number as well (or another kind of id key) but can not share them between themselves and cannot ask you to give them numbers of unrelated services. Citizens are responsible for forwarding themselves most information between separate services when needed.

In practice it makes it sometimes tedious to auth at any of these services (you have to find your number in whatever mail you received or card you got issued) but it really makes it more difficult to impersonate another citizen, as you would at most gain access to one service, and it wouldn't help you access any other.

⬐ user5994461

To confirm your identify: national ID card, passport or driver license.

To confirm your income: Your yearly income tax sheet, a payslip or your contract of employment.

There is really no reason whatsoever for credit check and background check agencies to exist. All they do is ask for these papers anyway.

⬐ alkonaut

We have national id + complete index of people, but still have credit check agencies.

The difference is probably that here those agencies aren't somehow trying to guarantee my identity. They just answer what credit rating my identity has.

⬐ aianus

Credit has little to do with income. I have over $70k in various credit lines and have never shown any proof of income whatsoever. I just name a number and they accept it (after checking my all-important credit score).

⬐ user5994461

Again, that's an American thing. They will distribute credits to whoever ask for them, as much as they can just to make money out of people.

In non insane countries, you are considered debt-free when you have no credit, not when you accumulate credits and pay them with one another.

⬐ aianus

Giving people credit without seeing how much they already owe and how they're repaying it is insane. Rich people can go over their heads and default just as well as poor people. There is an obvious and valid need for credit reporting agencies to exist.

⬐ chimeracoder

> In non insane countries, you are considered debt-free when you have no credit, not when you accumulate credits and pay them with one another.

I'm not sure how you think the American system works if you think that "debt-free" has any meaning other than "no balances or debts outstanding".

⬐ harryh

It's worth noting that the perpetrator in the bloomberg article had a fake driver's license in the name of the victim. So ID cards aren't a complete solution either.

⬐ u801e

Couldn't they verify the authenticity of the drivers license by contacting the department of motor vehicles?

One shouldn't verify documents unless you're a member of the organization that issued them.

⬐ djsumdog

It was most likely a real license. Credit checks use the DL number. You need an SSN card to get a license or ID card and the SSN card is gained using security questions and has no photo, fingerprints or biometrics associated with it.

I remember needing to get a new SSN card once and it was creepy how easy it was.

⬐ mgkimsal

Comparing photo on dl with photo from DMV might help.

⬐ mcguire

Not to mention the other documents from the GP.

⬐ djsumdog

But you get that ID card using an SSN card. Other countries have a photo attached to your nation ID card and citizen identification number (and sometimes fingerprints too).

But think about America right now. Do you honestly think we could get national ID numbers? Could you imagine people being asked for a DNA swab or fingerprint to establish their identity? The blow black would be monstrous, and I don't think it'd be entirely unjustified. With 1% of our population incarcerated or on probation, with no national health care and being the largest state sponsor of terrorism in the world, there is good reason for Americans not to trust their government. Add in all the fundie religious people crying "sign of the beast" and Alex Jones followers yelling "national RFID chips" and you're stuck with a situation that cannot change.

⬐ ensignavenger

I am pretty sure every US state attaches photos to drivers licenses, too. Also, most of not all states require a birth certificate not just a ss card.

⬐ chimeracoder

> But you get that ID card using an SSN card.

Not necessarily. Not all states require an SSN in order to issue an ID.

> But think about America right now. Do you honestly think we could get national ID numbers?

Unfortunately (for all the reasons you mentioned and more), we're pretty close, as the REAL ID system is about to take effect.

That's going to be a huge problem for people living in the states that don't issue REAL IDs. It's also going to be a problem for legal immigrants and transgender people in every state.

⬐ uiri

Not all states require an SSN in order to issue an ID.

I was under the impression that every single state requires an SSN to issue a driver's license or id card in order to track and enforce child support order across state lines.

Which states don't require an SSN to issue an ID?

Legal immigrants have passports, and ID cards/driver's licenses from their home country. I'm not sure what will require two forms of REAL ID compliant identification.

⬐ chimeracoder

> I was under the impression that every single state requires an SSN to issue a driver's license or id card in order to track and enforce child support order across state lines.

Nope. If they did, the impetus behind the REAL ID act wouldn't even be relevant, because illegal immigrants wouldn't be able to obtain a drivers' license or state ID.

> Which states don't require an SSN to issue an ID?

California is the biggest one, and in fact, California makes it illegal to discriminate against anyone who has a driver's license but cannot show legal residency.

Some states mark licenses as "not valid for identification" if they don't show legal residency, but it's usually subtle and easily overlooked or ignored. And the SSN isn't the only way to show legal residency, either.

> Legal immigrants have passports, and ID cards/driver's licenses from their home country.

For foreigners, passports are the only acceptable form of identification from foreign governments. Driver's licenses and other government IDs are not allowed, with the exception of driver's licenses from Canada.

⬐ ensignavenger

Missouri didn't want to implement RealID not because they didn't want to require an SSN, but rather because they did not want to store copies of the identification documents in a central database. We ended up with a two tier system where individuals may opt for a RealID license or a regular license. For RealID licenses, the documents will be stored in an air gapped system, with criminal penalties for anyone who uses the system for anything other than RealID. (whether or not that gets enforced is another issue...).

Missourians have good reason to distrust the DMV, as they have been caught red handed illegally useing their databases in the recent past.

⬐ cyphar

Usually multiple forms of ID. In Australia you have a "points" system (each form of ID is worth a certain number of points and they are additive) where you need 100 points to create a bank account. This translates to a drivers license and passport, or drivers license and existing debit card, etc.

In Estonia I believe the system is based on public key cryptography (every national ID has a private key that is used for signing things).

⬐ mcguire

HSPD12 badges for everyone?

⬐ alpinemeadow

In Sweden I got an identity card with a chip that I can use with BankID (a system that uses a card reader + PIN for most transactions). There is a Tax ID number but this is pretty much a public record (you can find out people's incomes very easily, in fact small local newspapers run every year "richest people in X articles") In addition, every time a company runs a credit check on me, the credit reporting company must snail mail a copy of my credit report to my physical address. So it would be pretty easy for me to detect a fake account creation.

⬐ freeflight

> In addition, every time a company runs a credit check on me, the credit reporting company must snail mail a copy of my credit report to my physical address.

Wow, that's really user-friendly, I wish it would be handled like that in Germany too.

Instead, German registration offices are selling citizen registration data in bulk to most interested parties and they couldn't even tell you to whom [0].

People can opt out of that process, by handing in a written objection with their initial registration, tho barely anybody actually does that because barely anybody is aware of their data being sold in the first place.

[0] https://www.golem.de/1010/78398.html

⬐ None

None

⬐ sfifs

India is switching to biometric verification linked to the national identity card. The last lease agreement I registered and the last phone connection I obtained both went through the biometric verification process

These are implemented as biometric two factor auth. So you show your id card, scan your finger print and validate via a code received to the registered mobile device on sms

⬐ KGIII

What if you have no cell phone or computer?

⬐ sfifs

At this point, cell phone is a necessity in India to get any services. Mobile subscriber base is about 1.1 billion (1) which means almost all adults have a cell phone connection. So the question is practically moot.

(1) https://www.google.com.sg/amp/m.timesofindia.com/business/in...

⬐ chimeracoder

> At this point, cell phone is a necessity in India to get any services

And in a delightful catch-22, Aadhaar is essentially a requirement for obtaining a cell phone.

You can bypass this with some other documents and providing a landline that they verify within a week, but it's incredibly cumbersome.

⬐ KGIII

Practically moot is a varied distance from moot. I was just curious if there was an underclass that was unable to get any services. It's much the same in my country, really.

⬐ Waterluvian

In Canada you can't do anything meaningful without a photo driver's license or a passport. My wife got a passport just to have a quality ID. Before that she couldn't even open a chequing account.

⬐ tmnvix

Ditto NZ and Aus. Also means that no national ID card or number is necessary. Seems kind of obvious to me. The use of SSN as proof of identity in the US just seems like misuse to me.

⬐ Waterluvian

There's a fantastic CGP Grey video on that. I'd search for a link but on phone.

⬐ tonyztan

https://youtu.be/Erp8IAUouus

⬐ chimeracoder

> Ditto NZ and Aus. Also means that no national ID card or number is necessary. Seems kind of obvious to me. The use of SSN as proof of identity in the US just seems like misuse to me.

It's the same in the US too. The problem in the article is that the person had a legitimate driver's license issued in the stolen name with his own picture on it.

It's not just a simple as "he had the SSN".

⬐ ev0l

That's not entirly true. The branch manager has discression. I know because when I first moved to Canada I had no such ID and opened an account after asking for the branch manager.

⬐ Waterluvian

Thanks for sharing. I didn't know that. I always assumed it was policy. I've spent my whole life needing a driver's license or passport when I do anything money or government related.

I'm glad they can make discresionary decisions like that for special circumstances, such as someone who clearly can't have an ID or passport yet.

Mind if I ask, did they ask for your passport?

⬐ toomanybeersies

How did you not have a passport when you first moved to Canada? How did you get into the country?

⬐ jdboyd

Until 2008, US citizens didn't need a passport to enter Canada. What initially changed in 2008 was actually that you needed the passport to return back to the US.

I don't know what the rules were back then for moving to Canada, but you could stay 180 days at a time back then.

⬐ MrQuincle

Just make it impossible to get credit without any purpose.

+ Getting a mortgage as an identity thief? Fine. Easy to pay him a visit.

+ Getting a car? No. That's dumb. You can buy a car if you have the money.

+ Getting a bank account? Fine. Just force banks to disallow people to go below zero for several years (or forever). Replace all credit cards by debit cards.

That's basically the situation in the Netherlands for most part. Identity still gets stolen, but the impact is minimal.

⬐ None

None

⬐ avip

I always look at Estonia when such questions arise. They are consistently on the frontend of public service innovation.

⬐ Joeri

In Belgium we have a national ID card which has a pin-protected chip and is required for all government and bank interaction. It is very hard to forge, and through a usb card reader I can use it for digital authentication (like for filing my taxes on the web). Getting one issued in the case of loss requires interacting with the police, so the threshold to someone fraudulently obtaining a real card in someone else's name is high.

Identity theft isn't something I hear about often here.

⬐ chx

Five years on top of what you get for other crimes if you faked a government ID (in itself it can be as low as one year but combined with other crimes, it's five years). It's one good step among many.

⬐ kmonsen

Better checks by the banks, they need to take responsibility when opening accounts and not rely on the credit bureaus. This could mean slightly more expensive banking services.

⬐ Maarten88

I think the eagerness of US banks to offer credit is a big part of the problem. Having people endebted is an essential part of the system of wealth transfer and class control, and the system is set up to make this really easy. In the Netherlands, where I live, it might also be possible to obtain a fake id if someone would go through the length this impersonator went through, but I think it would be much harder to open bank accounts and get meaningful credit without questions being asked.

What I do not understand is why victims of this have not sued their banks over this yet. Suing should be the US couterbalance to this. People are innocent victims of fraudulent behaviour of their banks, and those banks are being robbed by thieves. Banks are supposed to guard their customers' money, which in this case they are clearly not doing. Maybe they do it unknowingly, or they are incompetent, but in the end those banks are behaving fraudulently too.

⬐ jackskell

Or, they have relinquished their ability to legal redress in court AS A CONDITION of doing business with them, agreeing to arbitration.

⬐ defined

This is a HUGE issue in the USA, one which, apparently, too few people know about, or take seriously.

More and more companies are insisting on customers signing binding arbitration clauses as a condition of doing business: car dealers, banks, airlines, you mention it. It's all very well to say, well, don't do business with them, when all the competition are doing the exact same thing. If you need, say, a new car, well, good luck getting one without signing most of your rights away, and this is no exaggeration.

Binding mandatory arbitration clauses mean that you cannot sue the company, and agree to accept the verdict of the arbitrator, for which there is no appeal, and who is generally hired by the company having the arbitration dispute and is therefore impartial /s.

I have read FTC field reports about vehicle warranty claims where one arbitration decision was so outlandish even the FTC wrote that it was irrational, and the vast majority were in favor of the dealer.

⬐ roel_v

While not a bank account, let's not be smug about our country: http://m.telegraaf.nl/binnenland/article/24095858/man-in-pro... . (For the non Dutch speakers, Amsterdam guy had several houses rented in his name, some of which were used for mj plantations, and various other expenses incurred in gis name).

Identity theft is not just because of ssn or other unique semi secret numbers. It's part of it, yes, but the root cause is a combination of culture and lack of inventive (ie, identity theft is just not a big enough problem for actors to care).

The social security cards here use to say "Not for identification." Then the IRS started using it as a Tax ID instead of creating their own (my Tax IDs in Australia and NZ, two places I had work visas for, were public as well).

Most countries have some type of citizen identification number, which is attached to some ID with a photo and/or finger prints. The US does not, and the political climate for the past several decades would probably never allow this. The Real ID act has been seen as a sign of the beast by religious fundamentalist and a basic erosion of rights by libertarians et. al.

Passport numbers can't be used either because not all US citizens/residents have a passport and the numbers change when you renew them. Most parents get a SSN for their child at birth. Even people I know with dual citizenship overseas have them (all except for one, and you don't really need one unless you want to go to America to work .. and then you'll also need to pay an immigration/tax lawyer to go back and reconcile all your taxes).

Here's a great video on it: https://www.youtube.com/watch?v=Erp8IAUouus

For everybody who isn't acquainted with how Social Security Cards work in the US and how they came to be I highly recommend watching "Social Security Cards Explained" by CGP Grey https://www.youtube.com/watch?v=Erp8IAUouus

He also explains why US citizens don't have an Identity Card as opposed to many European countries.

⬐ sitharus

That’s quite crazy. Though here in NZ we don’t have a National ID number either, we have several different numbers for different purposes. Most places will work with a driver licence or passport number, but given there’s no need to register a change of name it gets a little tricky.

If you don’t have any of those you can get a statutory declaration of identity from a local court. You just have to swear you’re the person in front of a justice of the peace and provide a passport photo.

The whole situation is reasonably well explained by CGP Grey's video on Social Security Cards

https://www.youtube.com/watch?v=Erp8IAUouus

CGP has a good video on this: https://www.youtube.com/watch?v=Erp8IAUouus

For anyone who wants an explanation at just how bad the social security number really is, this is the most enjoyable explanation for it I've seen, by CGP Grey

https://www.youtube.com/watch?v=Erp8IAUouus

⬐ cableshaft

This is an excellent video. Thanks for sharing it. Are there any other videos by this guy that you recommend? I like his style quite a bit.

⬐ hencq

There are a lot. I thought this one was really funny [0]. This one I found very interesting [1].

Somewhat different, is the Hello Internet [2] podcast, which is by Grey and Brady Haran who you might know from the Numberphile youtube channel [3]. It's basically the 2 of them chatting about random stuff, but I find it very entertaining.

[0] https://www.youtube.com/watch?v=LO1mTELoj6o

[1] https://www.youtube.com/watch?v=LrObZ_HZZUc

[2] http://www.hellointernet.fm/

[3] https://www.youtube.com/watch?v=w-I6XTVZXww

⬐ rement

Humans Need not Apply. https://www.youtube.com/watch?v=7Pq-S557XQU

⬐ astura

All of them.

⬐ bmelton

Others have already chimed in here, but I honestly can't remember a CGP Grey video that I wasn't thoroughly entertained by, even when I already knew all of the facts presented.

For amusement's sake, I really enjoy his videos on geography, such as (his first video ever) this one on the UK (which I guess might need updating soon?):

https://youtu.be/rNu8XDBSn10

or this one on Scotland:

https://youtu.be/p3HnMLq8m9U

or my favorite geographical video, on the Vatican:

https://youtu.be/OPHRIjI3hXs

That said, they're all pretty great, so I'd just start with this list of all his videos in ascending order:

https://www.youtube.com/watch?v=rNu8XDBSn10&index=1&list=PLq...

⬐ karrotwaltz

Wow. Having an ID card seems so normal to me that I would never have thought that the US didn't have any. I've been to the US before and never even noticed. Thanks for the link.

⬐ rconti

To be fair, I've traveled many places that require national ID cards, and yet never carried my passport on my person, in violation of local laws. And I've never had an issue.

It's something so unlikely to come up in day-to-day interactions that it's not really that important. I'm sure if I got stopped in, say, France, and had no passport to show, they wouldn't exactly lock me up on the spot, they'd find a way to accommodate me.

I still only have a really vague understanding of what happens if a cop in the US wants me to identify myself and I refuse. If I'm not suspected of a crime, obviously, I can just walk away. I'm not really sure what I'd do if I was arrested for cause and refused to identify myself.

⬐ mikeash

There's a substantial faction of the American right wing which is vehemently opposed to any sort of national ID scheme. They don't want the government having a big database of all citizens. Strangely, these tend to be the same people who want to require photo ID to vote.

⬐ mikestew

There's a substantial faction of the American right wing which is vehemently opposed to any sort of national ID scheme.

Oh, I doubt it's a left-right thing. I'm pretty lefty these days, and I oppose a national ID. Some minority groups, like say Jewish folks, might carry bad connotations about putting everybody in a big database so we can keep track of (and categorize) them.

⬐ talmand

I believe the majority of these people would be against the Federal government requiring such an ID. They are likely fine with their local government, that they have more control over, handling such IDs which would be required for voting.

But, of course, there's not much preventing the local government from sharing the info with the Feds.

⬐ 794CD01

No, some of us would love for the government to have one in an ideal world, we just recognize that the US government that exists today is not competent enough to be trusted to run such a database. Just think about the topic we're discussing - do you really trust the US Department of Identity to not have breaches like this every year? The only difference is that we'd never hear about them.

⬐ neuromantik8086

One can dream that the state governments would be competent enough though. I feel like it wouldn't be that hard to make driver's licenses / state identification cards mandatory at the state level (fewer people to piss off).

⬐ mikeash

Is there any reason the data in a national database would have to be confidential in the first place?

⬐ gnaritas

This is not a right wing issue, it's an authoritarian vs libertarian issue. Plenty of people on every side don't trust the government and don't want to give it more power.

⬐ gok

I hate to play the recently poisoned "both sides" argument, but it really is weirdly widely unpopular. The ACLU in particular is strongly opposed to a national ID system.

I say this as someone who would strongly support a federal mandatory national ID system (and the ACLU, generally)

⬐ mikeash

In this particular case, I think the "both sides" argument may well have merit. Thanks for pointing that out. I really should just say a big chunk of Americans.

You're right it was never meant to be a unique identifier, we need a national identification card, link to a video about it.

https://youtu.be/Erp8IAUouus

⬐ goialoq

Americans don't like National ID cards because we remember the Third Reich and the USSR.

⬐ krapp

I think it's more that Americans don't like national ID cards because they're paranoid about the Mark of the Beast and mistrust Federal power on principle.

⬐ maxerickson

I'm not sure I would proclaim that unironically in a discussion of a giant American company accidentally losing track of a database containing detailed personal information about ~1/2 the country.

I mean sure, it's not in your pocket. But are you going to move house in response to this breach?

⬐ SimbaOnSteroids

The point is that your social is a fairly predictable number if you can figure out someone's birthday and hometown. I realize this wouldn't help in the case of equifax but it would help in other instances. It would also allow us to have voter ID laws that didn't constitute a poll fav but that's a totally unrelated issue.

⬐ dx034

You don't need one central register with intimate data of citizens. You can keep registers local to avoid widespread data breaches. It's still possible to verify the authenticity (e.g. for police) by requesting from the local register (electronically) but no one has access to all data at once.

At the same time, the system can be designed to only store the data necessary. Don't think it's necessary to store more information than for SSID.

⬐ tripzilch

As opposed to who?? Are you implying that the European countries successfully implementing these systems do not?

Also, if I recall correctly, the UN had to actually remind the US about the actual dangers of the Third Reich only a few weeks ago.

⬐ roywiggins

Germany has rather more intimate knowledge of both of those, and they have national ID cards without sliding into authoritarianism...

⬐ thephyber

Strange that this is being downvoted. The video is very relevant.

I get that many Americans are suspicious about our government, but the fact is that much of our credit / jobworthiness in the US is tied up in the Social Security card. I would rather it be something more useful, such as the Estonian National ID card -- which has smart features like digital contract signing.

The SSN was never intended as a national ID.

It was originally created alongside the Social Security Administration, to track what individuals put in and what they take out. People only received one upon becoming employed.

Over time, the IRS realized that it could be used as a national ID, and adopted it for that purpose. They encouraged people to obtain one from a young age (even for their newborn children), and it was used to replace the original 'honor system' of 'How many children do you have?' tax discounts; now they'd need to register their child with a SSN.

Companies eventually began piggybacking on the number as a national identifier (due to our lack of one), and voila. We're left with an awfully insecure identification system that shouldn't be an identification system for much in the first place.

For anyone interested in more: https://www.youtube.com/watch?v=Erp8IAUouus, and the sources below the video.

⬐ reaperducer

Why do we need to number people anyway? People are very consistent with spelling their own names. This combined with a birth date and/or a birth city should be enough to uniquely identify anyone.

Think about passwords. A SSN is only nine digits, 0-9. JohnHarrySmith19900101NewYork is far more secure. And doesn't dehumanize the recipient.

⬐ thephyber

There are 8 billion people on Earth. You are a number sometimes. It's okay for {your passport, your driver's license, your social security card, your credit card, your bank accounts, etc} to treat your account as a number.

The SSN just acts as a (largely) unique identifier. In the US, it also serves as proof that someone is eligible to work in the country. It's also the primary key for the account which collects my Social Security earnings over my career.

You are asking the wrong question. Neither of the keys you identify, whether it be "123-45-6789" or "JohnHarrySmith19900101NewYork", is "secure". Perhaps the latter has more entropy, but it's not the equivalent of your password when you log into a website -- it's the equivalent of your username. When you fill out a federal form like your tax form, anyone who sees the form sees your Social Security number.

If we were talking about making Social Security secure, your Social Security card would be plastic/metal and have a chip in it, similar to an EMV chip. It would have a private key which can be used to sign digital contracts and can be used to generate login tokens. It's effectively a private key that generates different public keys for each interaction/transaction you need to perform with it. Right now, Social Security is entirely about "what you know" with an easy to fabricate "what you have" and has no "who you are" factors.

⬐ dragonwriter

> People are very consistent with spelling their own names.

Is this true of all people?

> This combined with a birth date and/or a birth city should be enough to uniquely identify anyone.

For common names and large cities, probably not.

> JohnHarrySmith19900101NewYork is far more secure.

No, it's not; SSNs aren't passwords, and shouldn't need to be “secure” in that sense, but names aren't secret and birth dates and locations are easily discoverable (and the combination of all three is frequently publicly announced!), so this would be less secure.

⬐ dx034

> For common names and large cities, probably not.

Would be interesting to see statistics for that. It wouldn't be New York in this case, but for example Brooklyn or Queens. Even for the most popular name combinations, the number of people with the same name born on one day in one administrative area will be extremely low. Esp if you require middle names to be included.

⬐ tripzilch

Or you can just use a number. Because unlike names, you can assume one thing about individuals in a population and that is that they are countable.

You still just need 33 bits of information to identify any human on the planet, anyway.

(post-singularity, evolved into an ever-merging amorphous network of consciousnesses, we can use multidimensional fractal subsets of R^n, but we'll cross that bridge when we get there)

⬐ mikeyouse

> Is this true of all people?

Not even remotely.. My name has a space and an accent, it's always different. My wife's name is spelled differently on each of her birth certificate, drivers license, and social security card. And we have 'traditional' names.

⬐ dx034

In Germany, this is how identification works to some degree. You have an ID card number but this changes with every card. There is a permanent tax number but this isn't used for anything but tax purposes.

In the end, identification can be done by name, birth date and place of birth. You'll find these requirements on many official forms. This is fairly unique and ties to birth certificates which can be obtained with this information. Even if all databases were erased, this data could restore registers (as birth certificates have a paper copy).

⬐ acdha

This is definitely not reliable in large cities, and it would have privacy concerns not to mention failing to handle people who don't follow the same naming conventions you do or who don't have day-level precision on their birth date.

See http://www.kalzumeus.com/2010/06/17/falsehoods-programmers-b... and especially http://latanyasweeney.org/work/identifiability.html

Numbers have the nice advantage of not assuming structure, character set, etc. and allow changes for edge cases such as someone escaping an abusive spouse — see the full list of reasons at https://faq.ssa.gov/link/portal/34011/34019/article/3789/can...

⬐ Pyxl101

Not only was SSN not intended to be a national id, it was explicitly not supposed to be a national id.

In the era when SSN was established, Nazi Germany and its emphasis on "papers, please" was on the public's mind. SSN was intended to be used solely for tax purposes, not as a form of national identity. There were legal constraints on when government agencies can even ask for SSN, limited to legitimate tax purposes. Sadly, these protections have been whittled down over time:

https://www.bloomberg.com/view/articles/2016-09-15/this-loop...

> Federal law is supposed to protect the privacy of your Social Security number from government inquiries -- but apparently that doesn’t extend to a check on whether you’ve paid back taxes and child support. In a decision with worrying implications for those who oppose a single national identification number, a divided federal appeals court has rejected a lawyer’s refusal to submit his Social Security number along with his renewal of Maryland bar membership.

> The state says it needs Social Security numbers to make sure lawyers’ child support and taxes are up to date. The court’s majority said that was enough to fit the Social Security number under the federal law that allows states to use your number for tax purposes. That definition is so loose that it enables states to ask for your Social Security number pretty much whenever they want -- even when their records have been hacked.

Really, the government should make it possible for citizens to create an arbitrary number of different tax ids (SSNs), as many as they want. One for every firm they do business with, one for every employer, and so on.

⬐ selimthegrim

http://www.nytimes.com/1998/07/26/weekinreview/the-nation-no...

⬐ secabeen

The honor system didn't work. When they put in the SSN requirement, the number of children reported on tax returns dropped by 10% (from 77 million to 70 million): http://articles.latimes.com/1989-12-11/local/me-33_1_exempti...

I could try to explain, but this video does a better job than I could hope to: https://www.youtube.com/watch?v=Erp8IAUouus

An ~8 min history lesson.

"Social Security Cards Explained" - CGP Grey

https://www.youtube.com/watch?v=Erp8IAUouus

There's an inbuilt distrust of the federal government built into the constitution itself and there's a constant drumbeat from the Republican side that the federal government is wasteful and out of touch with the needs of the individual states, often for practical purposes of devolving control of funding and policy to the state level where in general they have more control.

And as to why the SSN is the way it is, it's a usage of convenience. Before the SSN there was no unique identifier for every citizen then suddenly to keep track of the new entitlement and assistance programs during the great depression one was created and companies started using it as they wanted because it was the most convenient uuid available. There's a good recent CGP Grey video about the history of SSN and why it's such a silly mess today.

https://www.youtube.com/watch?v=Erp8IAUouus

We really really should...

For the best education on this insanity that I can reference:

Social Security Cards Explained - CGP Grey

https://www.youtube.com/watch?v=Erp8IAUouus

This happened to a photography editor who sits in the cube across from me. He found out he had a ticket in Pittsburgh, a city he had never been to, when he tried to transfer his license to a new state.

No lawyer would take the case either. He eventually went to an identity theft company, who took $400 and fixed the issue in three months.

I use to work in Identity Management at a major university. A number of people came through our systems without SSNs. We had a complicated set of rules to make sure we didn't provision two accounts. We'd check if the names were reversed and we'd check both the month/date = date/month on the date of birth (people from other countries might enter it backwards without thinking about it). We even had rules for SSNs that were off by <2 digits with similar names. Every morning we'd have a set of "manual provisions" we'd have to stop and check.

Occasionally duplicate accounts get created and we'd have to go through a big manual process of combining them and telling them "You need to use this account; forget about the other one. It no longer exists," and get their stuff synced across all AD domains (Universities typically have several).

What surprises me about this article is the NYC system doesn't use the SSN (which is good in a sense, it should never be used as a identification number, see the latest GCP Greg: https://www.youtube.com/watch?v=Erp8IAUouus).

The idea of an identity and criminal record us that follows us digitally is a very new concept, one that didn't exist 150+ years ago; or at least no where near the complexity it does today. Immigration was also treated very differently. Most of are criminal background procedures in the US are plagued with problems like this; which is why most counties require fingerprint/criminal checks for immigration screenings.

Today, the idea of a national identification number is highly opposed in the United States. In some ways I favour this as I feel digital identities lead to a situation where people cannot escape their pasts. But it also means people use absolutely terrible ways to associate people such as name and birthday; totally non-unique fields that should never be used to identify people. SSNs offer no real security; no photos and your number +1/-1 is most likely a valid SSN of someone who was born the same day as you.

⬐ metafunctor

I don't really understand the opposition to using a national identification number. It's a (non-secret) code to uniquely identify people, exactly what would've been needed in the Lisa Davis case, and exactly what quite a few countries are using without problems.

Just don't use it for any kind of authentication, ever, because it's not a secret. Also, add a checksum to avoid typos.

⬐ Nomentatus

Yes there are advantages. But a loss, too.

When I was young there was privacy. Believe it or not, you could start a new life somewhere else if you wished, and leave the old one behind, without any great effort. Move and get an unlisted number and you might as well have vanished from the face of the earth. Freedom as I knew it then required privacy, these were not concepts that could be separated.

I'm not sure what the West means by freedom now; since I'm no longer in a practical sense free to do so much that I was once free to do, without scrutiny. No doubt crime rates are down as a result; but reducing crime wasn't the purpose of freedom. Of course, it would take real effort to maintain privacy in a digital world. I think the time will come when we make that effort.

⬐ protomyth

A simple explanation of the opposition is that a national identification number will be assigned, and then we go cashless, then only people with those numbers will be able to do commerce of any type. Add in a bit of requirements that would require a violation of someone's religion and you got the story. Preventing a national id number stops part of the problem. Expect a lot of push back on any attempt to get rid of cash.

⬐ jrpt

In my case, it's someone with a different name, but they think the car belongs to me. It's my old car that I sold to a dealer, who then sold it to this person. I'm pretty sure the DMV knows because I updated the registration, but the SF MTA doesn't appear to know, so I get tickets threatening me with really bad things if I don't pay or contest them each time.

⬐ djsumdog

By "updated the registration," did you fill out a release of liability form after you sold it? It's probably too late now, but most states have a form you fill out after the sale of a car to indicate it's no longer in your possession (so they don't charge you for things like parking tickets; toll roads, red light cameras).

⬐ mbrookes

>people from other countries might enter it backwards without thinking about it

people from other countries might enter it correctly without thinking about it

⬐ seanp2k2

English: let's have separate sizes for fasteners vs the rest of the world let's use a separate standard for every physical measurement let's write dates backward let's drive on the wrong side of the road

Frankly I'm surprised that we didn't use big endian for x86.

⬐ tjalfi

TL;DR x86 is little-endian for compatibility with the Datapoint 2200.

From Stan Mazor's 1995 survey article "The History of the microcomputer - Invention and Evolution" from Proceedings of the IEEE, pp. 1601-1607, Dec. 1995,

  A. Little Endian

    Some have wondered why the addresses in the 8008 were
  stored "backward" with the little end first, e.g., the low
  order byte of a two byte address is stored in the lower
  addressed memory location.  I (regrettably) specified this
  ordering as part of the JUMP instruction format in the spirit
  of compatibility with the Datapoint 2200.  Recall that their
  original processor was bit serial; the addresses would be
  stored low to high bit in the machine code (bit backward).
  Other computer makers organize the addresses with the "big
  end" first.  The lack of standardization has been a problem
  in the industry.

⬐ Symbiote

I think you mean American, especially for the measurements, where American measurements are different even from the old British/Commonwealth system.

A pint of beer or cider in Britain is 568mL, in the USA 473mL, but everything else in a British bar is sold in metric units. And today is "the third of April", 3/4/2016.

⬐ logfromblammo

Today is the 93rd of Checkuary, 2016. That is equivalent to the 3rd of April, 2017.

Checkuary is the unofficial 13th month of every year. It lasts until you remember to write the correct year number on all of your checks.

As an American, I write it as 3Apr2017 to avoid ambiguity. I can't stand how the traditional all-numeric date format is neither big-endian nor little-endian.

⬐ mikestew

It lasts until you remember to write the correct year number on all of your checks.

What's a "check"?

⬐ Symbiote

As a British person living in Denmark, I haven't written a cheque for about... well... a long time.

My current British bank account didn't come with a cheque book, but the one I had when I was a student did. So probably 2009 or so; maybe one or two per year before that.

⬐ cr0sh

I just wrote a check - pretty much the only check I write any more, to pay my lawn guy.

The only other time I've used a check in the recent past has been to void one for direct deposit at an employer.

I wish there was a way around both of these - I hate writing checks.

⬐ lostlogin

I've written one ever here in NZ and it bounced - the bank cancelled the account due to me not using it ever and didn't tell me. It was for a house too, so that was fun.

⬐ flukus

> It was for a house too, so that was fun.

As in a home loan deposit are an outright house purchase?

In Australia when I did this it was done via a different kind of cheque, I forget what it was called because I haven't used one before or since, but I had to the bank in person to get it.

⬐ Nadya

A cashier's cheque is what you're looking for.

⬐ lostlogin

It was the deposit (pains on going unconditional) and was a cheque from a cheque book. The whole thing was a farce. The bank rang and gave me a hard time for not having a cheque book, whilst having the cheque in their hand.

⬐ djsumdog

The American banking system is still in the 1990s. We have no direct person-to-person transfers here.

When you use your bank to pay a bill on-line, unless it's a major utility that worked with your bank to setup an ACH payment means, the bank will typically still print a paper check and send it to its destination.

We have electronic transfer (ACH) using the bank (ABA or routing number) and account number, but it's not available to regular people. People often keep these two numbers secrete to prevent identity theft.

Most other countries, you put your friends bank num, account num and name and it will show up in their account the very next day (even on holidays!) for free. In the US, you have to use 3rd party payment systems like PayPal, which charge fees and don't really do bank-to-bank transfers.

⬐ Symbiote

The time for an electronic transfer to go through is now seconds in the UK, Denmark and several other European countries.

(The UK system guarantees two hours, but it's usually seconds.)

You can also use a mobile phone number instead of knowing the bank account numbers. This is extremely common in Denmark, including for purchases; the same system exists in the UK but it is less often used.

⬐ mjevans

Please always write your date fields with the correct number of leading zeros.

You've also written it in "outer right hand side of a ledger" notation instead of the more correct ISO-8601

https://xkcd.com/1179/ (ISO 8601)

⬐ Symbiote

I was describing how 99% of British people would write the date, particularly in handwriting. It's how I was taught to write it on schoolwork.

Official forms in Britain (and most of Europe) use the leading zeros, DD/MM/YYYY, though the separator can be / - . or a mixture.

⬐ mjevans

It's less broken than the mixed insanity that is popular in America, and as I described, there is a functional situation in which the ordering might even be preferential.

Never the less, the one true date format is ISO 8601, and it should be used everywhere there isn't a clear and over-riding reason to use another format.

⬐ germinalphrase

In conversation would you say "I'll be going home on April fourth" or "I'll be going home on the fourth of April"?

From the Midwest, USA and I'd would always refer to the date in the first way (and subsequently, it is logical to write the date in month/day format).

Still agree that day/month/year makes more sense.

⬐ Nomentatus

There are a few choices of order in use in various parts of the world. Only one is unambiguous as a string of numbers: Year, month, day (where year is four digits, not two.) Because year/day/month does not seem to be in use anywhere.

⬐ ewams

I say both. You coming over on July 4th for our big Forth of July Celebration?

And year/month/day/hour/minute/second is best as its largest to smallest and if you name your documents / fields in this format it sorts better.

⬐ jdietrich

>In conversation would you say "I'll be going home on April fourth" or "I'll be going home on the fourth of April"?

The latter. "April fourth" would sound very odd in a British accent.

⬐ jessaustin

It sounds fine in an Irish accent: "Early morning, April fourth, shot rings out in the Memphis sky..."

⬐ Symbiote

"On the fourth of April" when spoken, "on 4 April" when written.

Example with lots of written dates: http://www.telegraph.co.uk/news/2017/03/29/article-50-brexit... (but I could equally choose a formal document, like my birth certificate, or something very informal, like a handwritten note).

When spoken, the "of" is always included, and the number is always an ordinal (-th etc).

⬐ theandrewbailey

Except it didn't happen like that.

More like: "Let's pioneer this field." Later: "Sure there are international standards now, but we won't change how we do things because money."

⬐ pmontra

The pioneering arguments is correct in some fields. For example TV sets and computer/phone screens are still measured in inches all around the world. I'm in Italy and I think gas pipes in houses are still measured in inches [1] and some bicycle components come with metric and imperial sizes. The imperial ones are getting rare. On the other side engines are measured in cubic centimeters even in the USA.

But the pioneering argument doesn't apply to everything. Every country or area inside countries had their own units of measurement for basic stuff like mass of things, weight of food, volume of cups, length of poles, exactly like every city had its own time before time zones. There is no pioneering in the size and weight of containers for wheat. It's stuff people have been doing since before writing.

Basically every country standardized most units but the USA didn't. I think that having the larger economy in the world played a role in that. There are no incentives to adapt when the rest of the world will build a slightly different size of everything only for the US market.

[1] Check this conversion table for gas pipes http://www.azzistudio.it/tavola.html and notice the weird values for the metric sizes (millimeters). Nobody would build pipes with those diameters if they started metric centuries ago.

Don't blame the immigrants, blame those who are fully or partly paying under the table.

Of course, would you support a national ID card as a means of combating this variable you accuse?

In the US we pretty much have such a thing already, just without any proper security or identification aspects... https://www.youtube.com/watch?v=Erp8IAUouus (A short (< 8 min) video by the ever informative CGP Grey on the inanity of US SS cards.)

⬐ rhapsodic

> Don't blame the immigrants, blame those who are fully or partly paying under the table.

I blame the federal government, which has willfully failed to enforce the laws that are already on the books.

And the Democratic politicians running these "sanctuary cities" who are willfully thwarting enforcement of federal immigration laws.

The Democrats and their smug upper-class elites have well and truly stabbed the American working class in the back. Anyone who thinks Trump won Michigan and Pennsylvania because of Wikileaks is way off the mark. That's the last thing a man cares about if he has a family to raise and a mortgage and he's only qualified to do manual labor and he's unsure that he'll be able to stay employed to retirement.

Oh, and constantly calling those people racists and xenophobes doesn't help the Democratic party much among those people either.

You're right. My guess is most "anonymized" data is lazy--stripping out obvious identifying information. There are quite a few cases where you can pinpoint users from correlating to publicly available data. CGPGrey posted a video today showing a layman's example with Social Security Numbers[1].

One cool thing I heard Apple talk about[2] was injecting noise or subsampling to help mask individuals. Although, I don't see that mentioned in their public page on privacy[3] or their whitepaper[4].

[1] https://youtu.be/Erp8IAUouus

[2] https://www.wired.com/2016/06/apples-differential-privacy-co...

[3] http://www.apple.com/privacy/approach-to-privacy/

[4] http://images.apple.com/business/docs/iOS_Security_Guide.pdf