Hacker News new | ask | show | jobs
by orthecreedence 2845 days ago
Fuck the blockchain.

Just issue public/private keys to citizens. They sign with their private key, banks verify with their public key. Anyone can request your public key from the Social Security Administration via API. Done.

The SSN acting both as the identifier and the password is the real problem, and throwing the blockchain into the mix just complicates things more.

We still need a central agency. It's the authentication method that is pathetically worthless.
1 comments
shawn 2845 days ago
Terrible idea. If you try to force users to do key management, you've lost.

Keybase is the only one getting this right, and people are now claiming they're ignoring security in order to do it. It would be a dumpster fire to trust government agencies to get the design requirements right.

link
plankers 2845 days ago
Really? It seems to be working fantastically in Estonia:

https://e-estonia.com/solutions/e-identity/id-card/

link
shawn 2845 days ago
That’s very cool! Thank you for pointing out the counterexample.
link
jkaplowitz 2845 days ago
Belgium also uses decent crypto, software, and hardware for their electronic identity system:

https://eid.belgium.be/en/what-eid

For the last several decades, many of us Americans have become too skeptical about what government can do in terms of technology, even while it's completely true that government often gets it wrong.

link
plankers 2845 days ago
That skepticism may have something to do with many of us Americans watching our government spectacularly fail to keep pace with changing technology over the past few decades. Not sure there's any real solution for a nation of federated states who don't like to coordinate with one another. Please prove me wrong, politicians.
link
jkaplowitz 2845 days ago
It's definitely tricky, not disagreeing there. But Belgium is also a federation of multiple language regions who don't like to coordinate with each other. Way smaller and way fewer regions, sure, but equally with more hostilities between them.

There are very few government officials worldwide who truly know technology or how to effectively engage the real experts in an agile way rather than just government contractors. That seems to be the main problem to me.

Even in the US, the US Digital Service and 18F have done great work. And Canada has at least one backbencher MP who's a Linux and free software geek, asking legitimately knowledgeable questions in committees on topics like IPv6, copyright, and plenty of unrelated topics too.

Of course I realize those organizations and people are exceptions. But they, and the Belgian and Estonian examples, indicate what can be.

Maybe we can figure out how better to make technologists interested in serving in government, or working closely with it from the outside.

link
odbol 2843 days ago
Maybe it has something to do with all our politicians being older than my parents... who can barely figure out email.
link
orthecreedence 2844 days ago
Users are already doing key management! It's just that the record ID, public key, and private key are all the same number.
link