SSN, DOB and other personal data of my child is part of this leak. But it was already leaked through a different hack at a health insurance provider in any case.
It should be clear by now that as long as the data is stored somewhere it is at risk of being leaked. It doesn't matter how secure you think your tech stack is. Improving tech is not the solution. Here's the solution:
1. Don't collect information in the first place, unless absolutely needed. Some schools collect DOB, address and so on just to register for a webinar.
2. Don't permanently store information. If you collect SSN for employability verification then do the verification, store a flag, then delete the SSN. Similarly, after verifying DOB, store a flag then delete DOB.
3. Assume information is already public. This is the most important part. Despite all of the leaks happening, many financial and other sites will let you use your DOB, SSN etc. to prove that you are who you say you are. This is absurd. It appears American businesses prioritize convenience over security. Americans need to demand better.
I think the solution is to make SSN useless for anything. It's ridiculous what can be done with nothing more than what amounts to glorified directory information. Why are SSN targets? Because of what can be done with them. The world should expect SSN to be in the same class as a phone number. Private, but mostly useless. "Oh no... they hacked a database and got a list of phone numbers." Not something you hear very often nor does it really make people squirm.
I think we need something like drivers licenses with public-key crypto. Lost your ID? Go to the police, prove your identity to them and get a new driver's license. If people are worried the masses are too dumb for PKI, then make it opt-in and leave it to advocacy groups to expand utilization.
Your first paragraph misses the diagnosis a little bit your prescription is correct.
The problem isn’t specific to SSNs. Most authentication of users in the public sector in the USA is done by knowledge of facts, whereas it should require proof of government ID card (preferably with digital certificate, not just knowledge of the ID number)
> I think the solution is to make SSN useless for anything.
It is rapidly approaching that point by virtue of all these breaches. SSNs are like gold or fiat currency: they only hold value because they are relatively scarce. If too many are in circulation, then no institution will trust them, which makes them useless.
> If people are worried the masses are too dumb for PKI
Use OAuth to communicate with a central service that uses FIDO2 for authentication. Easy to use, easy to revoke, almost impossible to pwn.
Is an SSN really "useless", though? The problem is that the heaviest costs of stolen identity are borne primarily by the individual victim, not by the company which got hoodwinked.
Useless is not the term of art. It is brittle. So, very, very brittle.
Costs born by the victim are not the only problem. It is that the brittleness of SSN makes it impossible to lay the costs at the feet of the proper "company which got hoodwinked".
You must share your SSN 100 times for: work, home, credit, school, health. All of them have been popped 5 times each. 20 years later, you are victimized. Who pays?
SSN should be deprecated. You can pretty quickly reason to public/private-key SSN alternatives. The US government would actually do it for the consumer (this term) but the US probably doesn't want to pay it's share of the replacement cost to do so.
Since all those companies can plausibly point to someone else, the victim pays! Which is just how they like it — privatize the profits and socialize the losses.
What would actually get creditors to stop using social security numbers is if the SSN's utility as a proxy for creditworthiness drops. But that won't happen, even with many more breaches, because individual consumers need to do everything they can to keep their credit scores up.
> Still, we should demand it.
Yep. The market will not drive this. It will have to be consumers, speaking collectively through the government, imposing regulations.
Given the the "market" has chosen to use public "secret" information like SSN's, birthdates, "mother's maiden name", etc, I'm fearful of what kind of hare brained solutions industry would come up with on their own if left to design an authentication system. That having been said, something needs to change.
Culturally, I think we need to move away from the idea of "identity theft", which places most of the burden of "restoring their good name" on the individual whose "identity" was "stolen". We need to treat it like what it is-- fraud. We should hold the parties who are negligent in their duty to authenticate liable for the fraud committed.
Insurance companies and banks would act quickly if the liability were theirs. We'd have "chip and PIN" in the United States if fraud liability rested with banks, instead of mainly with merchants, for example.
I'd like to see the US Postal Service get into the identity/authentication "game", personally, but efforts at a state level would be better than nothing.
Yes! So often I see conversations surrounding data theft, and the talk is about how people can protect themselves. People seem to rarely consider that if the burdens of fraud were put onto financial institutions, identity theft would stop overnight.
I agree completely with items 1 and 3, but 2 isn't really practical. A person's employer doesn't just need the SSN for verification, they need it to send tax-related data to the IRS, and if your student has loans the SSN is needed for sending data about loans to the Department of Education. It would be impractical for them to ask the employee or student for this information every time it was needed, so they store it. It would be better to purge this data when it is no longer needed, though.
The solution is single-user tax/benefit-account identifiers: someone gives you their authorized-user identifier, you go to the issuer of your private id (SSA, IRS, whoever) with it and get a single-use identifier for you to use for that user, and you give them that, not your main identifier.
Ideally, the identifier they give you would be not be the one that they use to government either, but one tired to it
I really wish we had a real national ID card and SSN usage because a thing of the past. Maybe a chip in the card like the ones credit cards that provide one time use numbers for verification. It seems like every couple of months I get a hit on someone trying to take out a loan or similar but they are blocked because I have my accounts frozen with the big 3 credit agencies.
1) and 2) are definitely concrete things we can act on but 3) is a battle you will lose.
The only reason that SSNs remain convenient is because there is no viable alternative when your authorization hits government or financial institutions.
Maybe financial institutions will get wise (I doubt it, unless they have to pay $1,000,000 to every user whose SSN gets leaked from their systems) but the government will probably never change in our lifetimes.
It's not like universal government issued IDs haven't been suggested, but the SSN is used because it's the thing resembling one that hasn't died in committee or debate. There's no political will to create a single identification system for US Citizens and it will be fought tooth and nail by liberals and conservatives.
There is fundamental opposition to the very notion of a national ID system in the United States, it's not as simple as "opt-in" or "SSN would be backwards compatible."
Most importantly, do NOT collect data you do not need to. I don’t see why universities need their students’ SSNs, apart from reporting salaries paid to grad students-as-employees.
As far as I was aware, many private US universities explicitly didn’t collect this data in an effort to maintain deniability when dealing with immigrants (especially “illegal immigrants”).
Of course, many many students in undergraduate life are also employees of the school part time, so presumably they need to provide this information.
For large lecture classes (100+ people), my university (professors/TAs) would post grades on the wall outside the lecture hall. For "privacy", instead of names they used SSNs.
Given the construction of SSNs (first five digits are a key for state-and-date), and our large population of students from different states, reconciling SSN to human was trivial.
Ironically, the foreign students were in better shape because the registrar issued them an ID number which was not their SSN.
It's like the foreign key into the rest of government systems. The id isn't the problem, it's the presumption that the id presented corresponds to the correct person.
This would go away if government's had safe, secure and unique identifiers for all individuals that would have all the necessary data attached to it and stored safely by the government. That way, the only thing a business needs to collect is your unique ID and some secure token controlled by the individual that allows the third party to confirm your data with the government. This whole "privacy" thing is probably a solvable problem if we think outside our comfortable box, but instead we're trying to optimize in the local maxima we've already inherited.
Exactly, it should be like an API token or a signed blob, that allows the ID owner X (the student) to ask the verifier V (part of Govt) to verify ID for query entity Q. This string can be checked by those holding the private key for Q.
X:Q = V->generatepair(Qpub)
// Generate a unique ID stri g for interacting with the university. Not confidential, because not verifiable by anyone.
Tok = V->encode(Xpriv, X:Q, Qpub, property:FullName, Vpriv)
// Generate a token string unique to the pairing of X:Q, for a specified property like FullName, signed by the verifier.
FullName = decode(Tok, Xpub, Qpriv)
// The query entity (university) can decide this blob, but no one else can.
If the Q looses confidentiality of Qpriv and all the Tok, then that data is lost. But having that doesn't let the attacker prove they are X to a different entity.
I'm sure more rigorous schemes have been thought out, but there is so much inertia in changing anything.
All good points, I'd add one more. Make sure you have detection and response capabilities.
Many attacks go from an initial point of compromise to find and attack target information. If you can detect this activity early, it might be possible to reduce the severity of the breach.
The damage from incidents such as this would be at least somewhat limited if organizations did not collect SS numbers when they have no legal purpose for doing so, and if people did not automatically comply when asked to supply these numbers. Whenever I go to the doctor and am asked to fill out the usual form while waiting the usual 90 minutes past my scheduled appointment time, I leave the ubiquitous space for my SS number blank. They are not paying me a salary, so have no legitimate need for this number. I know why they want it, and that purpose does not benefit me. Not once has this led to a problem: they know that there is no legal basis for demanding the number, but ask for it anyway, as they have nothing to lose by doing so.
I said this just a couple of days ago re: a data breach:
The US needs to just scorch the earth re: social security numbers. Set a date when all liability for fraud enabled by improper use of SSN's for "authentication" is the responsibility of the party misusing SSNs and publish the entire list.
The list has, arguably, already been published (thanks, Equifax!). We just need to close the loop.
Unlikely to unfold that way (we are 20 years into the RealID standard recommendation and it has been delayed again).
As I’ve mentioned elsewhere, SSN is not the only fact used for authentication. We need to move away from all pure fact-knowledge proofs of ID and to MfA preferably with one factor based on a government issued ID and asymmetric encryption.
I agree that it's unlikely unless there's massive public outcry, and even then I don't see it happening. The status quo is too entrenched and until elected leaders feel the pain from their constituents nothing is going to change.
I concentrated on SSN because it's the government-issued fact-based "authentication" factor. The other fact-based factors are just as bad.
I wish we could have a government-sponsored PKI but between concerns from citizens about "freedom" (either freedom for business to "innovate" in the space, or freedom from individuals to be "tracked" by the government) and from surveillance advocates who will want to include key escrow/recovery provision I don't see it flying.
In some other comments on this post I mentioned the USPS would be a great "trust" provider. They already serve in that capacity to some extent evidenced by the various government entities who accept an addressed piece of mail as proof of residency. I don't think there'd be enough bipartisan support to make it happen, but I think it'd work great.
While I agree that the world would be a better place if people refused giving as much information as possible, the specific fix here is to not consider social security numbers private information in the first place - they're clearly identifiers, not shared secrets. There is nothing about them that verifies anything - it's basically the database-friendly version of your name.
But yes, this could have all been headed off if the social security act had prohibited private organizations from requesting, using, or storing these identifiers in the first place, for anything but immediately passing them on to tax authorities. A Customer ID is good enough for all non-credit uses, and credit should require actual in-person verification to issue. But this is the general shape of totalitarianism in the US. The government mandates the barest minimum of systems, companies lobby against any restrictions that would prevent their abusing it, and we end up with a legally-mandated freedom-destroying system invading most aspects of our lives.
PS I've got to wonder about a blockchain solution for keeping a public catalog of leaked PII that gets abused for verification. Make the "exploit" plain as day and companies will have to change. Right now the carding community keep this to themselves, and out of sight is out of mind for the companies that continue to abuse it.
For medical insurance it’s usually only needed if they you don’t have your member ID number or just recently enrolled. More common for vision or dental insurance to use SSN though.
Give the wrong ssn on every form you possibly can. Many databases are filled with fake ssns, nobody cares or checks. A lot of Americans don’t even have one.
Some Americans, mostly older women, don't know their SSN because they never used it. Their husbands handled taxes, opened bank accounts, and collected Social Security. If you've ever dealt with medical data, SSN is not a reliably unique identifier. Couples will share a number because each gives the "relevant" number instead of their own.
Consider that the IRS provides an ITIN number for tax filing purposes to anyone who doesn't have a SSN. Millions of undocumented immigrants pay their taxes and operate in society without a SSN.
And I'm not sure that ~3% counts as “lots” in any event. Also, that 3% includes people who may have overstayed a work authorization (although that's probably a small enough fraction of the total to ignore).
Universities do a lot of financial interactions with students, including credit checks, housing, financial aid, and very high levels of payments. They also often employ students. They also need to be able to track your records through name changes. They need your SSN.
>They need your SS# if they are paying you and need to withhold taxes.
They also need it for the 1098-T (Tuition Statement). That's not to say they couldn't design better systems and not use SSN as an identifier, but there is a legitimate need for it.
Not disagreeing with you points. My issue is, when I went to school, they wanted you to put your SS on your papers and tests as that is really what they used as your student id.
Now I feel ancient. If you ran our highschool ID cards through a magstripe reader it would display your SSN.
There was a huge problem a few friends and I caused our first year there when we got bored in the computer lab. Every student account on a school computer had a folder named PUBLIC. Out of curiosity we dug down a few folders and found the txt file that was referenced by the simple visual basic program the IT guy wrote for class scheduling. That program used your name and SSN as login credentials. So there was a txt file that was simply a list of everyone's name and SSN for it to reference.
We being the idiots we are copied the file because it was a public folder anyone could access. The only reason we didn't get expelled was because one of the kids had a lawyer father who threatened to go public about them being that irresponsible with our data.
When I was in college SSNs were still used as our ID numbers. Every dept had folders in the hall outside the office for each student. They'd put grades out in those folders. Guess what was printed on those grades.
If you had a mag stripe writer you could grab a random person's grades, encode their SSN on a student ID, and then use the card to buy stuff on campus.
They need your SS# if they are paying you and need to withhold taxes. They don't need to do a credit check unless you are borrowing from them, which is unusual. For financial aid, if they want to verify your income, they can request that you have the IRS send them a transcript, which they will receive directly from the IRS with SS # redacted. The “need to be able to track your records through name changes” does not mean that they need your SS #. “They need your SSN”: Usually they do not, but US citizens have been trained to believe that they do.
EDIT: It’s been a long time since I was in school, and, frankly, I was expecting someone with fresher knowledge to come up with a counter-example. So, see the comment above about an IRS form 1098-T.
Anecdote: I've been told previously that my state kept vaccine records in a shared database indexed by SSN--as a way of easing loss of medical records when patience switched providers.
It's possible they were doing something similar.
I've also had to give my SSN to verify my identity to my insurance carrier at my dentist.
SSN is the de facto userID for lots of government systems.
It’s sad for lots of reasons, but understandable considering that it is useful. for whatever reason there isn’t much political will to make an honest effort at a federal government ID (even though we de facto have multiple)
yup, I was affected as I got this email yesterday:
> Good day!
> If you received this letter, you are a customer, student, partner or employee of University of California.
The company has been hacked, data has been stolen and will soon be released as the company refuses to protect its peoples' data.
> We inform you that information about you will be published on the darknet ( [link redacted] ) if the university does not contact us.
> Call or write to this store and ask to protect your privacy!!!!
I'm leafing through the linked site and I can see SSNs, tax forms, enrollment forms - yikes!
I got that email and immediately went to onion [dot] dog just to check out the site... was pretty clear it was some weird onion gateway so I decided not to go to the link.
I mean, you could probably go to the onion link directly with a Tor browser.....but that's probably a bad idea too. I'd open it in a VMed machine maybe.
Thanks for taking the risk of visiting a potentially exploit-ridden site for everyone. So, it contains a list of things to be leaked, plus leaks a sample to prove they're not bluffing?
For one thing, http://haveibeenpwned.com is Australian, so not subject to US law. It might be illegal to access it in the US, but it's not illegal for it to exist.
I think donw was talking about the much more gray-area part of HIBP: obtaining the lists of leaked passwords, in order to hash each one and store the hashes.
Everyone keeps jumping on Microsoft, but Microsoft is not the problem.
The problem are the Universities, specifically management and the Board of Directors.
They see IT as a complete waste of time, they won't fund it properly, they refuse to pay market rates. Coupled with the fact that the staff behaves like children, pushing back on EVERYTHING that the security teams want to implement.
The staff doesn't understand why people need passwords, I'm not kidding, they want just open access to everything from anywhere without any controls, and they throw temper tantrums when any controls are put in place. Frankly if it wasn't for the safety and security of the University these people would not be able to function in the real world, and I can't image what it must be like for students dealing with these egotistical, bombastic children.
You're not wrong, but you're not right either. When someone stabs someone with a knife the person at fault is indeed the one stabbing. But the guy who's been in his ear for the last year advising which knife to buy to kill as efficiently as possible without getting caught bears some responsibility as well.
Most of the enterprise sales including Microsofts bears responsibility here for knowingly exploiting these idiots in the management position and the Board of Directors. It's a huge circle jerk culture back and forth.
I full well remember working in Louisiana where they tried to introduce Microsoft Dynamics as an EHR backend for Medicaid. The CTO of the DoH was an ex Microsoft guy. The secretary had some times to Microsoft. And Microsoft knew full well that their shit isn't working when they went on their sales pitch that "Dynamics can do everything".
All the engineers advised them against it, multiple waves of them left. I got fired for telling the middle management that I wouldn't be bullied into doing things I didn't consider ethical.
The CTO of the DHH moved on to the HHS btw. There's never any recourse to this, because what they are doing is not only legal, but also with good intention.
EDIT: Also keep in mind that engineers are rarely allowed to talk to leadership, let alone to inform the board. But after what I learned, I think keeping silent is never a good option. Last time I needed to do that I made one of the German Government healthcare institutions change course on an obvious mistake. And all I did was inform the board of what exactly they are deciding, what the consequences of their decisions are and who would be responsibility for it. The recourse of that was mostly bullying, since there wasn't really anything they could have done, but the lesson here is that most people have a lot more power than they think.
At one point I worked with a couple University IT teams. It was a mess. IT little to no control of its own destiny.
Basic policies were fought tooth and nail by departments and influential professors / individuals who themselves didn't understand the ramifications of their decisions.
IT budgets would get cut and monies given to departments who would build catastrophes of networks, and when the department was tired of it would get handed to IT to make it work, the entire budget already having already been spent on making a mess.
I worked on several projects where complex microscopes or millions of dollars of equipment were connected to off the shelf consumer networking gear (and then they'd blast it with gigs upon gigs of data in a few milliseconds) because the consumer networking gear is what the folks in that department knew how to use. It was then handed to the IT team and then tickets opened about how 'it doesn't work' / it is described as an IT failure when nothing works.
I work in University IT as a developer in the central IT department, but I started off in one of those "shadow IT" groups. There are little islands of technologists embedded with grad students who continue to make many things run on shoestring budgets and with minimal oversight from IT professionals.
I've seen things change in recent years, though. The central IT department is gradually gaining traction in some of these places.
That isn't a panacea, of course, because we have our own issues. But I do think overall the availability of senior IT staff and programmers is a huge boon for these small teams who are starting from little to no experience in the field.
Yeah. I worked infra at a few EU Universities, and while firing someone in that environment is pretty difficult, you still get the "old boys club" that will absolutely not let you do anything.
The problem was never users/faculty. It was other people doing IT there for longer who would not accept anything they were unfamiliar with, and treated "their" hardware as if it was their own children. It led to a sort of balkanization of infrastructure that was extremely difficult to break, and you often had to spend way more of the budget to come up with convoluted solutions so you didn't touch their ancient setups rather than just making the whole thing homogenous and centrally managed.
As a result, depending on what you were working on, you could have to deal with wildly different AWS/Azure/GCP platforms, or on-prem hardware that could range from independent(!) OpenStack installs to ancient Debian machines that might not even be supported anymore. Sometimes people negotiate licensing completely separately, where you could have unused licenses available but it's not communicated so it's bought again by someone else. Some places even had random servers running inside people's offices connected via Wi-Fi.
There's a reason I got out of that line of work. I'm frankly surprised universities aren't a larger target.
it's like pulling teeth because you try to get everyone to agree on every decision. sometimes you just have to tell your academic user base that this is the way it is.
it doesn't have to be that way. IT people are pretty shit in general at soft skills. sometimes, you need to stand up for yourself in a conflict.
your userbases digs in their heels because you let them.
Or the users escalate to a high enough level, who inevitably has a university admin background and has no regard for IT or security - the decision inevitably ends up being on the side of the userbase. This is the problem with being considered a cost center, rather than a value producer within any organization.
So, while I have never worked at any of the universities in question, I did work at a major university in IT for several years (University of Texas at Austin), and while it was not perfect, it does not resemble what you just described. So, I don't know if this is a difference between universities, or perhaps your frustration with your own experience making you slant things a little more negatively than it really is? Or maybe it was really that bad wherever you were. I would just like to say it wasn't perfect, but it wasn't nearly that bad where I was.
I think you'll find a lot of this type of thing in threads like these - the better range of experiences go from "okay" to "pretty nice", but the bad can get very horrible, very fast, and people tend to remember the bad more. Especially if you have to seemingly fight against everyone on a daily basis just to do the basics of your job.
I worked at a public university for a few years and can absolutely confirm the above.
Subpar pay and some professors think rules do not apply to them because of their status or the "critical research" they are working on. To be fair, not all professors were like that, many were humble and friendly.
> Everyone keeps jumping on Microsoft, but Microsoft is not the problem.
Actually, moving to a more managed environment (so Azure and SaaS instead of hosting your own stuff) might make it better since MS can and will patch their own servers rapidly.
I'm not an expert at this, but wouldn't it be better to impose regulation+penalties on best practices and force organizations to abide by a minimal set of standards (e.g., no clear-text passwords; no SSNs as IDs; breaches must be announced)
A journalist at Fast Company noticed it and wrote an article about Google's user- and privacy-hostile practices. I had written about these problems a few years before:
This is just one aspect of one of Google’s services. But, really, their business model is built on selling information about you to advertisers. Do you trust them to carry this out in a secure and anonymized way?
It was a sincere question, thank you for the sincere response. When I asked my question I was narrowing thinking of account security and data leaks (which I still think Google does a decent job at) but it is clear that the issue of privacy is much broader than just that one aspect.
The examples you gave are great examples of how privacy is not given the respect it deserves in these data collecting companies and design decisions can have catastrophic effects for their unsuspecting victims.
> their business model is built on selling information about you to advertisers.
I don't mean to be pedantic but their business model is selling your attention to advertisers not the data. Selling the actual data that they use for targeting is against their best interest since it would allow others to do what they do.
Off topic, but the manner in which you and GP resolved your disagreement (with respect, active "listening", and acknowledgment of counterpoints) represents some of the very best of HN. It was a pleasure to see; thank you both.
Google does not sell information about you to advertisers. They sell targeted advertisement services. It is, in fact, in Google’s best interest to make sure the information they collect on you does not ever reach the hands of advertisers, because if it does, they lose their biggest competitive advantage.
When your reply is about privacy, not account security, and you "had to" go back 7 years in time, what you wrote instead on me makes a good impression on Google wrt account security.
Every time I login to my Google account, Google rejects caring about my perfectly good password, in favor of using email verification instead. Many times this occurs via a password reset link - apparently my password doesn't matter at all. So no, I don't think Google should be considered any kind of leader in security.
Google dis-respecting one's email login settings (and abruptly eg enabling 2FA) is annoying and I'm thinking about migrating -- at the same time, what they do, makes one's account more secure (from what I've seen) but with a higher risk of locking people out permanently from their own accounts
Sure, it's technically less secure to have a password and a password reset link, rather than just the password reset link. But you'd think a password reset link would be the thing that would result in extra scrutiny and hoops to jump through (eg captchas, rejecting from suspicious IPs, etc). That it seems to be the preferred login procedure seems to indicate that something is very odd with their security model, likely due to worrying too much about people who reuse their password of "Fluffy123!" across every site.
> Unless the universities pay the ransom, the hackers will continue publishing student information.
That is an incredibly irresponsible thing to say. The data is out now, you'll be able to buy it from a broker soon enough. Any money paid is money lost. I think paying would also contravene US law.
What these victims do need is new SSNs, and the Gov't needs to find a way to identify people without the ID also being the password.
SSN were never really secret. For the most part the first 5 digits are a derivative of when and where you were born (public record) and you’ve given out the last 4 to every financial institution and employer.
You last part is spot on. Basically people should setup a password at the DMV or something.
The United States Postal Service would be a great "trust provider" (managed PKI, signing personal certificates for individuals and busnesses, etc). They already do it inasmuch as many government agencies (the BMV in my state, for example) accept addressed official correspondence as proof of residency.
I can just imagine the panic of having to increase the field size by a single digit, it'd be a billion dollar, decade long problem that never gets fixed.
Nothing about SSNs is ideal. The uniqueness and permanence assumption is part of why identity theft is so calamitous. So sharing an SSN with someone who's been dead 20 years seems preferable to sharing one with someone who is reusing yours.
Utter bullshit. How could you even come up with something like this? We've got a long record of thousands of ransom payments by US companies, don't you think someone might have already said something if this was illegal? There's a whole industry of companies that facilitates these ransom payments, and insurers who will cover the ransom amounts.
Everyone, let's have this "secure" service where we put _ALL_ of our sensitive data!! Including export controlled materials? To be honest, it seems like PII including SSN leak regularly. Whatever... freeze your credit and get monitoring. On the other hand, export controlled ITAR/EAR... now that's bad!
Which is the fault of the person treating it as a password.
If I said
"can I have a loan, my name is John Smith from 123 Main Street"
And the bank gave me money and stuck it on John Smith's account, people (John Smith) wouldn't stand for it.
In an ideal world SSNs would be published in a global lookup list, getting rid of the entire idea in the average person's head that SSNs are secret information when they aren't.
Could just replace that with "in other countries".
Where I live my personal number is considered public and government will give it to anyone asking. Authentication is done using one time codes, certificates, identification cards and similar. Nothing stops a company from treating the personal number as some authentication factor but it would make no sense.
It's a secret that you are compelled to share with many many entities. And apparently it is hard coded into 'too many' places to change. I would bet the US is still using SSNs of the exact same format when I'm long dead.
Ignorant american question... in not-in-person transactions, how do they make sure that the one time code/ certificate goes to John, not just someone claiming to be John? Is there some centralized password issuer/validator that can only be reset in person?
Here in Austria there is a free phone app (Handysignatur) that allows you to authenticate to a variety of services. It's a two factor system, so someone would need to steal both your phone and your password to impersonate you. For initial activation, you need to go to a government office and show your passport to verify your identity.
It's mostly used to log into government services, but you can also use it to digitally sign arbitrary PDFs.
Banks have their own system where you need an app from the bank to confirm your identity when logging into your bank account or to authorize payments.
As far as I know, identity theft is really not much of an issue here. The biggest weakness is phishing (eg. people could call and pretending to work for your bank, asking to you to confirm something on your phone app)
Here in Germany you either get some username and password in person, setup an app for 2FA, or sometimes you get two different letters (one with the username and another one with the password). I guess so that it is slightly more difficult to intercept both.
For a few services if you forget the password you get the letters again.
Yeah, it's crazy the extent to which banks have gotten away with shifting the blame onto consumers in the USA for "the bank didn't verify your identity and we got defrauded, and now we will falsely report this debt as yours with minimal consequences to us, and it's on you to prove that something didn't happen".
> Which is the fault of the person treating it as a password
Fault isn't the important question. Often the damage is done to the SSN owner, with zero consequences to the person/organization who misuse and/or mishandle the data.
That just sounds like a single point of failure to me. That is, if this is a serious proposal. Sarcasm does not come through on the internets very well. :P
And that’s just what I dug up on UC Berkeley in a few minutes. At what point do we start saying “no” to anyone requesting personal information? If a university known for its computer science programs can’t keep this info secure, how can we trust our doctors, insurance companies, landlords, and so on to get security right?
This is the Accellion breach, not a problem with their internal systems. This box is used for 'secure' large data transfer. Like a Dropbox appliance basically. Except Accellion write rubbish software and the devices were ruthlessly shelled. Insert :Cheeto lock: meme.
Arguably, the hundreds of Accellion clients should have separately encrypted their data and used some sort of PKI to exchange public keys. But try getting users to do that properly.
Unfortunately, since Broadcom bought Symantec there hasn't been any good PGP solution for corporate file exchange.
IT departments at universities are generally not bastions of competence. This was exacerbated by private sector compensation greatly exceeding compensation at universities the last twenty years.
You really do not want to know what passes for IT at universities even as renowned as Stanford or Berkeley.
Great. Just great. This is days after I learned about the new Germany-wide deal with Microsoft for licensing their software and services, so it perfectly fuels my fears. Before, it was mostly just a volume license for Windows and Office, but now it's the full arsenal, M365, Teams, and, announced very proudly by our University, we'll be moving our Active Directory to the hybrid cloud. Every Student and Staff will automatically have their personal data deployed to the Azure cloud. Isn't that great? Finally Germany is working on tech incompet^Windependence!
What could go wrong?
I mean, they assured they'd form a working group with other Universities about remaining concerns regarding privacy issues in Windows 10 and planning to confront Microsoft about them. I guess Microsoft is shivering with fears and busy removing all telemetry right now.
Other great changes form this new deal are that Universities now have to pay a full Windows license for every employee, no matter how many hours they work; before you'd pay by how many full-time jobs all the employees would make up for. That means most Universities pay twice as much now. And did you know the new deal explicitly forbids remote access to any Windows machine under this license? You have to pay extra for that. What a strange coincidence regarding the current epidemic. Universities' legal departments are clueless whether this only applies to RDP, or alternative 3rd party tools as well (or rather whether this would hold up in court).
This is the first time the deal is made nation-wide, you'd think this puts our Universities in a better position, but we got fucked in every way possible.
I realize this is only marginally related with the original post, but 1) sorry, I just had to vent somewhere, this seemed just like the final straw, and 2) am I the weird one for seeing a problem in this trend? Universities were once driving innovation in technology, students were fiddling with emerging and expensive tech, but today we already have some Universities that don't even have their own datacenter anymore, everything is hosted elsewhere and maintained by contractors. Students access SaaS via a Browser. Walled gardens everywhere. This doesn't help.
I'm not at all shocked. The popularity of such SW is direct proportional with the bribe money paid to government officials. Remember the trip MS made to Münich ?
That's why I laugh and laugh about people here,reddit or twitter jerking off about how what a wonderful human philanthropist Bill Gates is, as if among the other awful things MS did is not to have created enforced monopolies in almost all third world countries governments by bribing their officials to accept MS products, and funding FUD campaigns against any movement to open source/free software.
that is a stupid comment. the techies inside unversities are horrendously underfunded. m365 at least will bring consistency and will probably also make your date more secure to third party actors.
it also comes with a5 licenses with a special and cheap deal so it's basically ridicolous that all other customers are paying for this.
> but today we already have some Universities that don't even have their own datacenter anymore, everything is hosted elsewhere and maintained by contractors. Students access SaaS via a Browser. Walled gardens everywhere
tons of software was already from external contractors.
I'm not sure but some people like you are living in bubbles.
of course it would be possible to have everything open source. BUT with our current governement M365 is the best solution. the cdu sleeped for over 20 years to have a great open source solution. so it would be impossible to have something integrated ready within a short window, it would also blow a huge budget.
the only thing you can be mad about is our government, the m365 is the best thing that could happen.
btw. I hate the strange bashing against american companies, as if german companies are any better (they are not).
btw. I'm german and everytime I see something like that I'm mad, we do everything to even have a SaaS vendor, with ridiculous data privacy (only if you are an american company, for german company's the authoritis are looking away or making special rules) and than our governement fucks every citizen by making rules that don't even work together with the privacy rules.
time to relocate. everything starts to be stupid and the wrong questions are asked.
"When disagreeing, please reply to the argument instead of calling names. 'That is idiotic; 1 + 1 is 2, not 3' can be shortened to '1 + 1 is 2, not 3.'"
> the techies inside unversities are horrendously underfunded. m365 at least will bring consistency and will probably also make your date more secure to third party actors.
True, but no reason to dig an even deeper hole.
> of course it would be possible to have everything open source. BUT with our current governement M365 is the best solution. the cdu sleeped for over 20 years to have a great open source solution. so it would be impossible to have something integrated ready within a short window, it would also blow a huge budget. the only thing you can be mad about is our government, the m365 is the best thing that could happen.
You're completely ignoring that I'm complaining about the move to the cloud, and the restrictiveness of the contract. Even just continuing the old contract and staying with offline-Office would have been better.
> btw. I hate the strange bashing against american companies, as if german companies are any better (they are not).
I never even hinted at this being about Microsoft being American. I don't want my University to upload my PII to "the cloud" so I can use Word in a Browser.
You're basically saying we shouldn't even be trying anymore. Why not shut down the CS departments of universities entirely and just hand out accounts to Skillshare et al., so those still interested in CS can learn from there? There's nothing left a University could offer that you can't access from there. Maybe a couple credits for the Azure cloud if you need to do something computationally intensive. Your University surely doesn't have anything left in-house for this anyways.
I worked at a company where they from the start were building all their internal tools like their own Jira-like system, their own Slack and so on. When you started working, for the first three to six months you were only working on those tools and also learning the internal culture. Then when the company had idle time or if you wanted you could continue working on them.
I am thinking that universities have missed huge opportunity to build their own m365. If they started 20 years ago, by now they would have mature system tailored for their own organisation. But you needed people with vision and able to get others on their side. Something like this would be perfect for CS students, to have a taste of the corporate real world before even starting their professional life.
Unfortunately these days I don't see much value in universities when it comes to CS. It may be useful for networking as you get a chance to meet like minded people and spend time with them, but other than that you can learn everything online mostly for free these days.
Something like 20 years ago universities had advantage that they had resources you wouldn't otherwise get, but now that advantage is gone.
Many people just see it as a fun time outside of parents' home and don't take it seriously.
The universities did build such systems. See Andrew at CMU or Athena at MIT. They built a ton of infrastructure, from distributed file systems (afs) to chat systems (zephyr), word processors (ez), multimedia email (messages) and so on.
Some developments from those projects live on today, such as Kerberos. But most of those innovations had crappy user interfaces and never made it outside the university. Commercial companies took their ideas and built products mere mortals could use. Now there is no reason not to use the commercial products that are more stable, more secure, and have more applicability outside the university. Plus you have to serve students who aren’t there for CS with the same network.
Isn't the fact that these product were not of commercial quality an indication that maybe the courses were not that great? How people can learn building something that is useful, easy to operate and adding value if at a place where they supposed to learn it, they are not taking it seriously or don't have enough skill to teach it?
I hope this doesn't look like an attack, I am genuinely interested.
Like most things, I believe the issue comes down to incentives. If you are a university student studying CS, what’s your incentive? To get the best grade possible in your course, most likely. What is your shortest path to a great grade? Is it adding user friendly features? Or demonstrating mastery of applying theoretical principles in software, for example by implementing a novel distributed consensus algorithm? Plus your course lasts at most a semester, to perhaps several years if you are lucky to work on the same project the entire time you’re paying to attend university.
The incentive for commercial companies on the other hand is entirely opposite. Their incentive is to build a product that appeals to the widest population faster than their competitors. They optimize for user friendliness and eschew the untested in favor of hacky solutions that work now. From the developers perspective, they are now paid to work so they have more of an incentive to do things that may not be as attractive to them personally such as fixing bugs.
Also, there is a difference between university and apprenticeship. Traditionally university focused on teaching the soft skills, the “liberal arts”, providing a broad base of knowledge from history to widen the mind of those who attend. It’s not meant to be a job training center. Unfortunately these days it seems that most employers are uninterested in mentoring and apprenticeships, looking for the public to subsidize job training for them. Universities in my opinion are poorly set up for this, but alas this is what most expect.
University programs manned primarily by 18-21 year olds are supposed to compete against for-profit companies with highly experienced and specialized engineering talent?
> You're completely ignoring that I'm complaining about the move to the cloud, and the restrictiveness of the contract. Even just continuing the old contract and staying with offline-Office would have been better.
a cloud is a necessity. it's basically impossible to have a local solution, for every fucking university and most stuff is basically serices built together with closed and open source software, which is a managemend disaster.
> I never even hinted at this being about Microsoft being American. I don't want my University to upload my PII to "the cloud" so I can use Word in a Browser.
your PII is uploaded to so many companies, besides microsoft. microsoft is probably the lesser evil of all these.
> You're basically saying we shouldn't even be trying anymore. Why not shut down the CS departments of universities entirely and just hand out accounts to Skillshare et al., so those still interested in CS can learn from there? There's nothing left a University could offer that you can't access from there. Maybe a couple credits for the Azure cloud if you need to do something computationally intensive.
we should but as of now we should have a intermediate ms solution. btw. the cs departments most of the time do managed services, they do not develop stuff. often they already manage microsoft solutions, so they already use microsoft active directory and exchange.
most of them were also breached by hafnium.
what we should do is built a edu cloud (SaaS/PaaS/IaaS) with services (open source) for students and profs, which has a central mail system and is managed centrally. but until this is built you need a working solution.
> Your University surely doesn't have anything left in-house for this anyways.
I'm not a student anymore, but most universities do not have that much selfbuild code lying around anyways. I mean most people working at universities don't care what they os is, they want to use their ms outlook or ms word. of course some universties are way more science oriented and thus more personal wants to use linux & co or write stuff in latex, but that is a minority.
also as soon as you are leaving your university, there are only a handful of corporations where you won't be using a ms product. after hafnium tons of them are also moving to m365.
If the email is based on the Exchange/AD paradigm then o365 is undoubtedly far more secure. An expertly administered postfix system might deliver mail more securely but probably has a weak web frontend.
I too prefer offline Office install for my own use, but they are systemically less secure. Just rampant exploitation.
Do you have a link (German or English)? I couldn’t find anything, and at first glance it doesn’t make any sense. There is no single agency, group or person MS could negotiate with nationwide, universities are pretty independent and education is on the state level.
Yes, Universities can simply refuse to participate in this deal, but it puts them in a worse position, as previously, the deal was usually made on state level, which afaik no state does anymore. I'm in BaWü and now the choice is either negotiating with MS individually or taking the Bundesvertrag. I think technically they are still considered individual deals per state, but they are effectively the same everywhere ("Campus und School-Rahmenvertrag").
MS full disk encription is like FBI (or MI6) full disk encription. If your wife does not know the key it does not mean it is secure when everybody else knows it.
I find it bizarre that after Stasi and other stuff, German people are not opposed to massive personal data collection.
It's the same thing, except that instead of the state your data is owned by private entity that can technically do anything they want with it. It is scary.
I mean ... Stasi and Gestapo kept different kind of data. You would have to do a more and different kind of analysis to make it into argument that makes sense. And seems like the people who throw around Stasi dont really know what that organization done.
Foreigner's two cents: it's not that they don't care---the abysmal availability of Google Street View attests to that among others---but rather a combination of (a) masses (and hence bureaucrats) not having as comprehensive a definition of "personal-data invasive" as those that work in tech and (b) this German trust in any document that can be ratified/made into a legal proclamation.
(a) isn't really uniquely German, of course. Most people not in tech, though privacy-conscious, won't really bat an eyelid on Windows 10 telemetry, Instagram's excess of data gathered, etc.
With (b), I bet the Universities are satisfied that Microsoft has all clearances/certifications to be GDPR-compatible or whatever else. That pacifies their cynicism. If shit hits the fan, the courts can worry about it. The important thing is they checked all the boxes in the paperwork with sufficient diligence.
Again, just my two cents. I'm not even European but it seems to me Switzerland in real-life is what Germany is in most people's imaginations. But again, that's just more of my opinions.
> Universities' legal departments are clueless whether this only applies to RDP, or alternative 3rd party tools as well (or rather whether this would hold up in court).
How about IP KVMs? How about non-IP KVMs? How about a long usb cable?
At first, I thought accellion is a software for managing students programs, schedules, courses, etc.
I decided to check their website and was stunned to learned that it's:
an Enterprise Content Firewall that prevent breaches and compliance violations from risky 3rd party communications.
I guess they will need to review some of their core business model because they failed to fulfill their promises to their clients and customers.
Failing that, complianceware should be restricted to running its non-Turing-complete rules locally rather than routing everything sensitive through one sweet sweet target host.
Accellion's FTA goes EOL this month. They've been pushing customers to upgrade to their new Kiteworks product, but it does not excuse them from having to deal with the disaster with their FTA product which is still technically and contractually supported by the company. Though the vuln was reported in mid-Dec 2020 and the company released a patch a week later, is a PR disaster for them.
Lots of great comments about not collecting/retaining sensitive data in the first place.
Yes, we need to move away from SSN as a { unique-ID + secret } combo. But that's a non-trivial task.
I'm starting to think we need something like PCI for SSN: want to use a SSN? Bam! You are now subject to intense audits that will evaluate all your data practices (and for which you will be billed). Orrrr… use a third-party vendor and never touch this data.
That being said, it's still not a perfect option because Credit Card numbers can be rotated whereas SSN seems to be engraved in stone. Still following the Credit Card analogy, having multiple numbers would greatly help. Just the same as you don't go around (anymore) showing everybody your bank routing information and have multiple cards for various purposes, have multiple identity numbers:
- tax ID number
- driver's license number
- passport number
- medical record number (yes, MRNs are a thing, just prefix it with the org ID)
- medicare number
- actual social security number for only social security (and at this point, a new one + rebranding is in order)
Is this a relatively new requirement for universities to require a SSN for prospective students? I don’t recall having to provide this information about 1 decade ago or even 5 years ago.
Legally, it's not required to apply. But, it is required to access federal FA. And some schools collect it regardless of legal requirement because it makes their life easier (avoiding dupe person records, student workers, etc).
So, I worked at a major American university that (years back) had to remove SSN from all of their databases; it was a major project. The exceptions were related to cases where they get something monetary (e.g. cash scholarship, student jobs, etc.) that requires reporting that income to the federal government, which wants the SSN.
Generally, it is actually LESS common to require SSN now than 20 years ago; when I was an undergrad, exam grades would get posted by SSN on a public bulletin board (the idea being you could find your own, but you wouldn't know anyone else's SSN to look up their grade). So SSN was considered less sensitive than your grade on a single ordinary exam.
You probably have to prove that you're a citizen or have the appropriate immigration status, this usually involves your SSN. Why is it done this way? Politics I guess.
While I don't disagree with you on how bad things are now, good luck with the idea of not giving your SSN to your employer or university. At a certain point people will ask if your intention is to move to a wood shack in Montana and write a manifesto.
I have high speed fiber to the home. SaskTel Infinet is great. It's a socialist organization too! Check it out! Saskatchewan has a lot of socialism in its history, mostly because of the intense agriculture history where farmers would pool all their grain together to negotiate better prices.
Set up a corporation, employ yourself, and send invoices from the corporation to the people who wish you to perform services for them.
I've been doing this for over a dozen years. My customers don't need to have a single piece of my PII.
To be honest, the thought of sending even a single piece of my PII to a customer or vendor gives me the heebie-jeebies, given what we know about data breaches. I don't even let my personal services people handle my data in Google Apps until and unless I've shipped them a chromebook and walked them through setting up hardware 2FA and enabling Advanced Protection.
I'm waiting for a national bank chain or AmEx to get popped; thanks to the legally mandated total lack of financial privacy in the United States there's no way to insulate oneself from those vendors.
They are in fact not great IDs and the Social Security Administration asked very nicely for the rest of the country to not use them as a form of identification: https://www.youtube.com/watch?v=Erp8IAUouus
A few reasons why SSNs are bad as IDs:
1. There are a number of situations where people will not have a SSN.
2. SSNs are "secrets" that need to be broadly shared to participate in many parts of business and government in the US.
3. SSNs lack many security and authentication mechanisms most forms of ID have (e.g. photo ID)
There are folks in the US who rally against the idea of a national ID, but I've always thought it was a silly argument considering how pervasive and problematic SSNs are as a form of identification.
If a living person has a SSN they can be identified by it [1]. That does not imply any individual can be identified by a SSN or that any SSN identifies an individual. The suitability of an SSN is situational for ID purposes.
The video conflates identification and authentication to its detriment.
Social Security Numbers are very good identifiers, that’s literally their purpose.
Social Security Cards are poor authentication tokens because they contain no validation to prove the card holder is the person associated with the number. Or said another way, you cannot prove your identity (authenticate) with a social security card.
I don’t see what built in validation of the number has to do with the security of the identifier.
So again, the problem is using a Social Security Number or card for authentication. It’s fine as an identifier.
[1]: Social Security Numbers can be reissued but this should only happen when the number is no longer in use.
Q20: Are Social Security numbers reused after a person dies?
A: No. We do not reassign a Social Security number (SSN) after the number holder's death. Even though we have issued over 453 million SSNs so far, and we assign about 5 and one-half million new numbers a year, the current numbering system will provide us with enough new numbers for several generations into the future with no changes in the numbering system.
There are only around 330 million Americans and about 5 million born/immigrated each year. 1 billion possibilities will be enough for about 100 more years. Presumably sometime before then we can replace or update the system (or worst case add one more digit).
Somewhat tangential, but I've always found it weird when I read about strong opposition of some in the US to government ID, framing it as something that jeopardizes the indivdiual's rights. My perspective from a European point of view is different, a government system that provides some ID (which is good both for identification and authentication) is a crucial protection of my rights. I don't want anybody to be able to impersonate me, which means I want a universally accepted system of strong authentication. That's what government ID is to me, it's like a PGP keyring where the government is the introducer in the web of trust.
In the absence of such a system, various ad-hoc systems emerge, and that's IMO why identity theft is so staggeringly common in the US - it's easy, and it's easy because very poor systems are routinely used for authentication. If I understand correctly, you can do a lot in the US with one-factor knowledge authentication, where the "something you know" are things like your name, address, DOB or SSN, all of which are exceptionally poor as authentication.
While there is no Federal ID every state in the Union (to my knowledge) provides ID cards to citizens. These vary slightly from place to place but all contain verifiable identity (authentication).
This may seem strange to outsiders but makes more sense when you consider the United States is a federation of sovereign states. The system is built on the idea of limited federal power with states sharing but retaining much of their own sovereignty. This has many of the benefits of any federated system and makes for a robust democracy.
There’s very little of consequence you can do in the United States with single factor knowledge. If identity theft is more common here than elsewhere (citation needed) I would guess it has more to do with a lack of consequences (consumer protection) than a Federal ID.
I'm familiar with the US federal system, but as far as I know, the individual state IDs still have the same problem. In particular, they're apparently difficult to obtain for poor or disadvantaged people, so there are enough people without an ID to let the insecure ad-hoc systems exist in parallel. So something like knowing the SSN, or displaying an utility bill (trivially faked) exists as a parallel ID form.
European government-issued IDs don't work well just because they are accepted, they work well because no other ID is accepted, and that's only possible when 99% or more of the population has such an ID (and the rest can be handled in a somewhat more convoluted but uncommon procedure).
Of course I have no good insight into how feasible it is for a US state / federal government to ensure that everyone (for sufficiently large values of everyone) in the state / country has an ID, without disadvantaging anyone.
One dimension to this is that racism and xenophobia is so nakedly tolerated including in the political class in the US, that many are fear that any governmental ID would only be half-heartedly rolled out to inconvenient and undesirable people in an effort to suppress their voice.
No, they actually are NOT fine for ID or authentication. They contain no security features and if an attacker knows their victim's birth location can often determine the first set of digits of an SSN.
My name + address is fine for ID, everyone knows it, but it's unique. There are no security features on my name.
I could claim my name is Joe Biden and I live at 1600 Pennsylvania Avenue, just like I could go onto HN and claim my userid is urda, that isn't a problem.
The next step would be to authenticate - and that's where the problem comes -- SSNs and names are no good for authentication. They're a userid.
In rigorous use in security, identification just means unambiguously referring to a specific identity. This is as simple as providing an identifier. Which the social security number roughly does (they can be re-used after death apparently).
Actually proving the provided identity is your identity is authentication. SSNs come with no decent authentication method. Hence, the identifier of an SSN is not very good in situations where authentication is required.
For an example where authentication of identifiers is not required. Consider the following: "Dear business please identify all your employees so we can correctly give them benefits". In this case, having identifiers for people is sufficient.
Heck, any case where you are asked to identify a 3d party cannot require authentication.
Strictly speaking "please identify yourself" means please give me your name. If this is spoken by someone with authority they may want prove of that claim. In that case, it is great if authentication of your given identifier is possible.
So if you have one, they are a unique record - a primary key in a database for example. It can be changed, but far less likely than a name change, and unlike names it is unique.
For the US, that sounds like a perfectly good guid to use in situations where a name isn't good enough (There's more than one John Smith in the US). The company authenticates your identity SSN with you via some means other than you telling them, you authenticate with the government via some means, and job done.
The problem is that the authentication bit doesn't exist. It's basically 0-factor authentication.
Technically there's a trivial solution -- assuming the government can authenticate a person's SSN (which they do when tehy are given out), then at that point the person gives their public key to the government, and this is stored in an open database against the guid. That means anyone needing to authenticate their SSN could simply use their private key to do so.
In reality those private keys would of course not remain private, so it's not a good solution, but it does highlight how an SSN could be used.
Even with a secure SSN, that number should only be collected by a company in limited circumstances -- you shouldn't collect PII unless you have a legitimate need, be that a name, phone number, or SSN, and you shouldn't keep it for longer than you need to. In some countries that's a legal requirement, but it's always the morally right thing to do. If you need to communicate with the government about a person, then sure, collect their SSN. If you need to know where to ship their order, then sure, collect their address.
That doesn't mean the address or SSN should be considered secure.
The only one of those things that has any claim to being a secret is SSN. And that ship has sailed - at this point it would be a public service to publish all SSNs so we’re all forced to stop treating it like knowing an SSN means something.
The rest belong in public directories, where they have been for decades.
There's a strong argument to be made that one risks their future in general by taking on the substantial debt usually involved in attending a US university. There are worse things one can do with regards to their future than keeping their private data private.
yes.
Hopefully that day comes where people understanding that keeping your PII private is for good reasons, and not for hiding anything bad...
It is a pitty, that many (most) governments make the life hard (through laws/regulations/...) for companies wanting to offer services like aliases for phone numbers.
Wouldn't it be great if I could give an alias phone number, and if I want I can redirect that number into the void [1]
[1] or instead of redirect into the void possibly other good or less good ideas like "pay $1 to call me"... which would help some cases where I would have liked to delete an alias, but not sure if I didn't give it to someone that I want to keep in contact with
This is putting a bandaid on a rotten leg. What is needed is a way to stop businesses from calling you if you haven't given them permission. It is a huge problem in the US but it isn't like this everywhere. The underlying problems should be fixed instead: Laws that actually prevent this (enforced laws) and the opportunity to block non-local calls from places not as functional (like calls from the US).
I have had the same mobile phone number for decades and I get maybe one call a year from a business that I haven't specifically allowed or requested calling me and it is always international because local laws actually work.
Yes, it is a band aid, or one solution out of many needed ones, and yes, probably not highest priority in terms of needs. But it doesn't have to be a either...or...
And I wouldn't derive from your lack of need from a lack of need for others!! Independently from the country. Stealing is allowed in no country, and it still happens in every country. Laws and enforcement is great, but it won't stop 100% cases, and if I like to have a door lock on my door (or two), then let me do... I don't care if some don't feel a need for it (and stealing is just an example... the same for so many illegal things).
It should be clear by now that as long as the data is stored somewhere it is at risk of being leaked. It doesn't matter how secure you think your tech stack is. Improving tech is not the solution. Here's the solution:
1. Don't collect information in the first place, unless absolutely needed. Some schools collect DOB, address and so on just to register for a webinar.
2. Don't permanently store information. If you collect SSN for employability verification then do the verification, store a flag, then delete the SSN. Similarly, after verifying DOB, store a flag then delete DOB.
3. Assume information is already public. This is the most important part. Despite all of the leaks happening, many financial and other sites will let you use your DOB, SSN etc. to prove that you are who you say you are. This is absurd. It appears American businesses prioritize convenience over security. Americans need to demand better.