Matthew Kilgore

My personal site

A Better US National ID System

Due to the new Equifax breach, it got me thinking about how Americans need to re-think our national identification. For one SSN were never intended to be used by companies or even state governments. It was originally designed for the utilization of the IRS and the IRS only, but instead, it now takes on the role of being our national identification. The nine-digit code on each SSN card is unacceptable and easily guessable. Not to mention that if you’re older and the person knows your year of birth and location of birth they can very easily guess the first five digits.

There is a better way forward, and thanks to current technology that method is digital and optionally can completely change the way we handle national identification, and yet at the same time, it also gives us the potential to completely reshape the way the companies collecting our identification see us. This technology is already widespread and well-known and even already used in some countries. The technology I’m talking about is called private-public cryptology. If the companies, states, and the federal government could only access our public keys, and our private keys are stored electronically securely on a credit card like chip that only we have access to it could potentially completely change the way we do things.

First, we have to talk about why it’s more secure than the current social security number system. For one if the only thing stored by companies and the government is a public key then if hackers gain access to it then the only thing they have is something you could very easily share with the entire world without caring. Second, because the private key is stored on a secure chip (like that of a credit card) and is not RFID enabled it would ensure that the only way someone can act as you, is if they have that card. A card that you could mark as stolen and have a new public/private key set generated for you and the old one disabled. This means that the key that could be stolen by hackers would be useless. And the key stolen by thieves could be disabled. This makes it much more secure than the current system of nine digits that can not be changed no matter how often it gets stolen.

 How do we implement it?

When it comes to implementation, the private key can never be stored on a server. This would cause drastic problems and major issues. Instead, the private key should be uploaded to the chip in the card and then erased from the server generating it immediately. The chip should also never store the key on any other computer. The chip should be powerful enough to do basic encryption and signing of data without offloading the task to any other devices. This means that the private key is stored in a very secure manner that can never be stolen by computer thieves. However, because the key would be on a card (likely in a purse or a wallet), it could potentially be stolen by a physical thief who would regularly steal money or credit cards. However, this issue can be easily resolved by giving citizens an easy to use web portal or app where they can invalidate the public key. Automatically this would result in the stolen ID card no longer working to identify as the victim. This would work very much, in the same way, reporting a credit card stolen would.

When it comes to verifying a user, the company or government would need to check that the public key has not changed every single time they verify a user. Otherwise, a card reported stolen could potentially be used by a thief. To verify a user is who they say they are this can be done using basic cryptographic signatures. Essentially the company could send a basic document or have the user fill out a form. And then the user would insert their card into a chip human interface device that would send the data to the chip to be signed. That signed document would then be forwarded to the company or government where they could verify it using the public key. For the IRS or other relevant documents that need to be signed the public-private key system is far superior because the signature cannot be forged. This means that our taxes could be filled completely online, starting a business would be as easy as writing in some documents and then signing them with the card (and sending the money), and filing for loans and other relevant legal documents would be just as easy. Public notaries could remain however they could get a special “notary” card that has a sub-private key of the states notary private key. The state could then have the notaries sign documents with both their notary keys and their national ID which covers the current system of a stamp and signature. The exact key system we use could be just about any of the existing ones or even one proposed by researchers at The Weizmann Institute of Science

Who Generates the Keys, Who Stores the Keys?

When it comes to who generates the public/private keys and who stores them is a debate that will come down to the states and the federal government. If the federal government does it, then we could have one of the agencies (probably the IRS) generate the keys and then mail the cards to the parents of children and also everyone else who needs one. Then they would have to store these keys on a server and possibly create a public API endpoint to those servers for companies and the states to verify citizens. This method is great because everything is centralized and it can be guaranteed that no two people have the same keys. However, states and probably many citizens will argue that this method gives the government way too much information regarding who we are.

States Run The Show

Another approach would have the states generate and store the keys. This method also works, however, it becomes a problem for companies and other states because they would need to have the API information for every single state in their system to verify people. This becomes the biggest issue if states ever decided to make the national ids also drivers licenses because if the citizen goes to another state that state would have to have the API info for the state the traveler came from and would then have to verify with that state. Although this issue trivial for the most part because developers will likely develop a 3rd party API that handles the request to all of the states APIs it would still fragment them quite a bit. Also theoretically two people could potentially get the same keys just from different states which could be a problem.

Hybrid Approach

There are two more methods both of which involve a mixture of the two just mentioned. One where the state generates the keys and then send the public key to the federal government. This eliminates the issue of multiple APIs being too fragmented for use by companies and the government. And it also removes the problem of duplicate keys in different states. The other method is to have the states store the public keys so that they are still control of them and so that the citizens who don’t want the federal government to save them are happy. However having the federal government generate the keys and then send the public key to the state eliminates the issue of duplicate keys. However, this system re-introduces the problem of the API being too fragmented for use by companies and even the federal government. Plus because the public keys are not sensitive data businesses and the federal government may store the keys in the end anyway.

The Conclusion

No matter what we do there’s a clear case that we need to change the way we check peoples identities. And more importantly, the way we do it has to be more secure than a little piece of blue paper with nine digits supplied by the IRS. Public-private key technology is a pretty clear winner when it comes to a good, foolproof and secure method of doing it. And even better we don’t have to create something completely new that doesn’t exist. There are already countries all over the world that have implemented this technology in some way or another for themselves. It’s our turn to change the way we do things and its time to bring the government and our national ID system to the 21st century. With secure methods, easy ways to report it stolen, new numbers every time it gets lost or stolen, billions of possible combinations, and extremely difficult to crack cryptology it’s almost impossible to say that public-private crypto might not work. It’s entirely possible that I’ve overlooked something huge that would stop the implementation (other than cost, time and politicians doing politics). However in the end I think that cryptologist and software engineers can design something that would work not just for the united states, but also all over the world.