Skip to main content


How 2020 Presidential Candidates Can Guard Against Cyberattacks

The 2016 presidential election witnessed unprecedented Russian cyberattacks and disinformation campaigns designed to disrupt the U.S. electoral system by influencing public opinion. The Russian goal is intended to destabilize the U.S.  through ideological activism, advancing their interest and further their political agenda. Their methods compromised computer systems of candidates and political parties using the exfiltrated data to spread disinformation and influence presidential elections.

On January 6, 2017, the U.S. Director of National Intelligence released a declassified report “Assessing Russian Activities and Intentions in Recent U.S. Elections.” According to the report, Vladimir Putin ordered a massive campaign orchestrating attacks from multiple fronts that involved spreading pro-Trump propaganda on social media to hacking the Democratic National Committee (DNC). Their methods resulted in massive data breaches within the DNC that included access to John Podesta's email f…

Can National ID Be The Solution to Identity Theft?

When I was involved the Internal Revenue Service (IRS) modernization program as an Identity Access Management (IAM) architect back in 2004 one of the issues raised was identity theft should any criminal compromise the identity of a tax filer. The IRS, other federal agencies, states, credit reporting bureaus and financial institutions are reliant on the Social Security Number (SSN), and it is the nation's de facto national I.D. system. Without social security, a number of citizens cannot open bank accounts, obtain employment, get credit cards or secure loans, or even acquire a state driver’s license.

With the historic large-scale breaches affecting many industries recently, Personal Identifiable Information (PII) and Protected Health Information (PHI) have been compromised and now we are seeing a remarkable increase in fraudulent tax returns bilking the US Treasury Department of billions in fraudulent tax refunds with no end in sight. The IRS and Social Security Administration (SSA) have put out websites encouraging all to register accounts and enable different filing pins (IRS) and two-factor authentication (SSA).

Social Security Administration:
Internal Revenue Service:

The problem with registering with these federal agencies is profound and for the everyday person who will use them once a year to file their taxes how would they remember their IRS filing pins or user IDs and passwords on the SSA accounts? Of course, we can build awareness using user ID and password vaults to keep track of our IRS, SSA, bank, retirement accounts and what other online credentials you may have but most are not savvy to understand the importance of protecting their credentials, or it becomes overwhelming information overload. Many people still believe that if their SSN is compromised, they can directly request a new one like a credit card or bank account. That scenario is riddled with far-reaching consequences and is not recommended.

This article will discuss the controversial aspect if the practical pursuit towards a national ID system is a viable solution that addresses both security and privacy to thwart identity theft or is it not? Can it serve as an uncompromising ID similar to the smart card, the passport with embedded identity chips or the federal government’s Common Access Cards (CAC) using the latest biometric capabilities?

The Debate for a National ID System

The push towards having a national ID systems stem in part from illegal immigrants as well as the escalating identity theft from cyber attacks. In the past, from a physical security aspect, both the Bush and Obama Administrations have deployed drones, sensors and sent thousands of agents to police our borders. Yet the problem remains what to do with the illegals currently in the country and the unscrupulous employers who hire them.

Proponents wanting to have a national ID system would allow employers to reject and report undocumented job applicants to the authorities. This would allow the deportation of the illegals and the prosecution of employers who hire them. The basis for this is if the illegal immigrants are physically prohibited from entering the country, and they cannot find jobs, why would they come?
From an information security perspective, it would be useful by issuing tamper-proof, biometric ID cards using fingerprints or a comparably unique identifier to all citizens and legal residents - by requiring job applicants to demonstrate legal status and identity by non-forgeable electronic means, along with safeguards to protect American workers, prevent identity theft, and provide due process protections. This proposal was introduced in government as a fraud-resistant, tamper-resistant Social Security card, among other secure documents, to prove work eligibility.

Opponents of a national ID argue such cards as the embodiment of a Big Brother brand of government, omniscient, tentacular and an invasion of privacy. Other critics view it as the intrusive society of George Orwell's 1984 along with the shattered lives of Nazi concentration camp inmates institutionalized by the ID number tattooed on their forearms. Yet these arguments fail to explain that all U.S. passports issued since 2007 contain chips that enable the biometric use of facial recognition technology. The proliferation of visas for foreign travel has not encroached on Americans’ civil liberties. Why would another form of a national ID pose such a threat? A national ID would also alleviate voter fraud and the ability to consolidate state IDs such as the driver’s license, FAA pilot’s license and some other advantages such as eliminating the SSN, user IDs, and passwords.

Social Security Number Once Compromised

When your identity is stolen, an immediate response is to get new credit cards, close bank accounts and completely separate yourself from your current identifying information. In some cases, those steps are warranted. For example, if the cybercriminal has already tried to take money out of your checking account, you should change your checking account number. If the cybercriminal has applied for a duplicate driver’s license under your name, you should ask your state Department of Motor Vehicles for a new number.

Changing numbers in the above situations is relatively routine. However, since many identity theft cases involve the Social Security number, some victims express a desire to apply for a new number. While it might seem to be a logical step, getting a new Social Security number is fraught with consequences, not always apparent at the beginning.

The Facts:
  • Your original SSN will remain assigned to you and linked through Social Security Administration (SSA) computer systems to the new number. SSA does not void, delete or cancel SSNs.
  • When SSA assigns you a new SSN because of significant misuse and disadvantage of your SSN, a different indicator will be placed on your prior SSN record. The new SSN will be cross-referenced to the old number for tracking purposes for SSA and IRS governmental purposes only.
  • Ask for a letter from the SSA explaining that they have issued you a new SSN. This letter needs to state you will no longer be using the old number and start referring to the original number. This is a critically important document when you are changing everything else over.
  • When SSA determines that the same SSN was accidentally assigned to two different people, and consequently assigns a new number to one of these individuals, the numbers are not cross-referenced.
  • Keep in mind that a new number probably will not solve all your problems. This is because other governmental agencies (such as the IRS and state motor vehicle agencies) and private businesses (such as banks and credit reporting companies) likely will have records under your old number. Also, because credit reporting companies use the number, along with other personal information, to identify your credit record, using a new number will not guarantee you a fresh start. This is especially true if your additional personal information, such as your name and address, remains the same. The following are examples of some, but not all, such agencies/organizations: Internal Revenue Service (IRS); Banks; Departments of Motor Vehicles; insurance companies, especially health insurance companies; schools, universities, and colleges; credit bureaus; other Federal and State agencies; and the military.
  • Medicare and Medicaid Credit bureaus use the SSN in conjunction with other information (for example, the individual's name, year of birth, address(es), and spouse's name) to identify a record. When the individual uses a new SSN, he/she is not guaranteed a fresh start, mainly if the other identifiers remain the same. NOTE: A credit bureau may combine the credit records from the old SSN with those from the new SSN.
  • In the case of identity theft, a new SSN may actually create new problems. The absence of any credit history under the new SSN may make it more difficult for an individual to get credit, continue college, rent an apartment, buy a big-ticket item, open a bank account, get health insurance or get a job.
It is a monstrous challenge that would take a phased-in approach to develop and implement a national ID system with the goal of perhaps incorporating all access rights and privileges. Some countries around the world have implemented compulsory ID systems, yet the United States is a laggard and is suffering the consequences both from a physical and information security perspectives.
In my view, a national ID system is of strategic importance to safeguard our most vital asset, its legal citizens, and their identities from being compromised.