SSN were never really secret. For the most part the first 5 digits are a derivative of when and where you were born (public record) and you’ve given out the last 4 to every financial institution and employer.

You last part is spot on. Basically people should setup a password at the DMV or something.

The United States Postal Service would be a great "trust provider" (managed PKI, signing personal certificates for individuals and busnesses, etc). They already do it inasmuch as many government agencies (the BMV in my state, for example) accept addressed official correspondence as proof of residency.

> the first 5 digits are a derivative

SSN assigned after 2011 are randomly assigned. The first digits no longer have any special meaning.

SSNs are not reused. About 450 million have already been issued. If people in a breach are issued new SSNs, we'll run out of numbers rather quickly.

I can just imagine the panic of having to increase the field size by a single digit, it'd be a billion dollar, decade long problem that never gets fixed.

Maybe the current SSN will just be a prefix, with additional suffix digits, like zip codes.

I'm sure they'll be reused at some point. Maybe there will be a market for used celebrity SSNs.

SSNs are used as unique identifiers. If you start re-using them, they're no longer unique.

Nothing about SSNs is ideal. The uniqueness and permanence assumption is part of why identity theft is so calamitous. So sharing an SSN with someone who's been dead 20 years seems preferable to sharing one with someone who is reusing yours.

>I think paying would also contravene US law.

Utter bullshit. How could you even come up with something like this? We've got a long record of thousands of ransom payments by US companies, don't you think someone might have already said something if this was illegal? There's a whole industry of companies that facilitates these ransom payments, and insurers who will cover the ransom amounts.