Aftermath of the Equifax hack

Muneeb Ali
Sep 11, 2017 · 2 min read

Social Security Numbers and personal data of 143 million people have recently been breached in a hack of Equifax. That’s almost half of the US population. The consumer outrage and media stories after the hack are not fully grasping the root problem.

Equifax, TransUnion, and Experian maintain centralized databases of sensitive consumer data. We’ve not opted-in to using their services, but they maintain information on us regardless. These are not tech companies, and online security is not their core competence. Their security practices are mediocre at best, but that’s not the root problem.

Centralized databases will always get hacked:

On the internet, any company that stores your data will (eventually) get hacked. There are no exceptions to this rule. It’s just a matter of time.

Demanding “better security” of these centralized databases will not make the problem go away. The response to the Equifax hack is not to demand “better security” but to demand the removal of these data banks all together.

The model of centralized data is fundamentally broken. The real lesson of the Equifax hack is that there is no way to secure centralized databases.

What can we do?

Given the wide-spread use of legacy social security systems, this is a messy problem to solve. Following are some suggestions that can help:

Near-term:

In the near-term, we should simply assume that our data was hacked and

  1. Setup credit/security freeze on all agencies; a fraud-alert is not enough.
  2. Enroll in the complimentary identity theft protection from Equifax.
  3. Most importantly, let’s not let this crisis slip away without getting major reform mandated by law.

Medium-term:

In the medium-term, we should stop using Social Security Numbers as private/sensitive information. They can be used as public identifiers instead. The Social Security Administration (SSA) can start giving people private keys that own social security numbers. These keys can be re-issued if lost or compromised and should require a visit to a local SSA office.

Long-term:

In the long-term, we should remove our dependence on the Social Security Administration and centralized databases like Equifax. Decentralized identity systems like Blockstack ID, uPort, and Civic have made significant progress in recent years. Blockstack recently released a new system that scales registrations to millions of users. It’s inevitable that hacks of centralized identity systems will force everyone to switch over eventually.

The hacks will not stop. Decentralization is the only way forward.


Comments? Tweet them @muneeb

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store