[acdha]

Is the problem really government agencies or the many companies which tried to cut costs by misusing an identifier as an authentication secret? The law you propose seems like it would have no effect whatsoever unless it applied to the private companies which created and perpetuate this problem.

[jessaustin]

If SSN didn't exist then some equivalent (perhaps driver's license number and state? that would be convenient for non-drivers!) would be used, because the problem is actually at a different level. The way the laws governing banks and the credit industry are structured, it's possible to be on the hook for debt without a reliable proof of having agreed to that debt. If the laws changed to require that proof (e.g. creditors must have a video of the debtor stating "I am Alice Smith my birthday is July 1 1970 I live at 123 Main St in Springfield and I agree to pay $100 on or before January 1" or something similarly difficult to fake at scale), nobody would care about SSNs anymore. Of course that would introduce friction to the process, but with consumer debt at its current levels maybe that would be a good thing?

[acdha]

The point is that SSNs are perfectly good for what they were designed for. The problem arose when companies decided to treat a username as a password but weren't forced to absorb the cost of their negligence.

[bithive123]

The point is these private companies are loathe to do anything that makes fraud harder or takes liability off the victims so yes, making laws is not only helpful it's the only thing that will ever work.