Useless is not the term of art. It is brittle. So, very, very brittle.
Costs born by the victim are not the only problem. It is that the brittleness of SSN makes it impossible to lay the costs at the feet of the proper "company which got hoodwinked".
You must share your SSN 100 times for: work, home, credit, school, health. All of them have been popped 5 times each. 20 years later, you are victimized. Who pays?
SSN should be deprecated. You can pretty quickly reason to public/private-key SSN alternatives. The US government would actually do it for the consumer (this term) but the US probably doesn't want to pay it's share of the replacement cost to do so.
Since all those companies can plausibly point to someone else, the victim pays! Which is just how they like it — privatize the profits and socialize the losses.
What would actually get creditors to stop using social security numbers is if the SSN's utility as a proxy for creditworthiness drops. But that won't happen, even with many more breaches, because individual consumers need to do everything they can to keep their credit scores up.
> Still, we should demand it.
Yep. The market will not drive this. It will have to be consumers, speaking collectively through the government, imposing regulations.
Costs born by the victim are not the only problem. It is that the brittleness of SSN makes it impossible to lay the costs at the feet of the proper "company which got hoodwinked".
You must share your SSN 100 times for: work, home, credit, school, health. All of them have been popped 5 times each. 20 years later, you are victimized. Who pays?
SSN should be deprecated. You can pretty quickly reason to public/private-key SSN alternatives. The US government would actually do it for the consumer (this term) but the US probably doesn't want to pay it's share of the replacement cost to do so.
Still, we should demand it.