[Simon_says]

The big architectural flaw is that when I as a consumer prove my identity to company A, that gives company A enough information to impersonate me to company B. Or equivalently, it can give a rogue employee at company A that power, or anybody who hacks company A's database.

The solution is asymmetric cryptography, wherein identity is tied to a public/private keypair, and I can prove I have the corresponding private key without giving the other party the ability to impersonate me. Ideally, the government wouldn't know my private key, either, rather they would just give their own attestation that a given public key is owned by a person with a given name, DoB, SSN, and biometrics.

Along similar lines, any financial account would have its own keypair, with moving money out of the account requiring signing with the private key.

The state of cryptography today is way too obtuse for this to work right now, but I think it could be made more user friendly with specialized hardware to hold the keys and perform the encryption.

The idea that SSNs are secret, but we hand it out to half a dozen organizations is absolutely ludicrous.