While I'm trying to polish off The Transparent Society still, Techdirt points at Bruce Sterling's tiny piece for Wired, Absolute Corruption:
[T]he Net can hobble the slouching beast even as electronic communication extends its reach. Whistle-blowers who stand beyond the reach of repression can call the finance chief an extortionist--and they can do it on the Internet, for all to see. Internal reforms can also take advantage of the Net. In 2000, Chile started letting companies bid for government contracts online. Initial cost savings ranged from 2 to 10 percent, and everyone knows who’s supplying what to whom, and for how much.
Someone grousing about their phone carrier wanting to see his and his SO's social security cards before joining accounts brought to mind the part I read last night, which was about the folly of using the social security number as a password instead of a name. (This also comes up whenever Ken Nordine's "Confessions of 349-18-5171" comes up in my playlist.)
The idea is using your SSN as a verifier of your identity is like a web site using your email address as one. "Unique, permanent, and difficult to change, its aims are specificity and constancy," writes Brin, are the name-like attributes of the SSN. Used to be, "people knew their own SSN, but almost no one knew anyone else's. To banks, it seemed a convenient test for use during phone transactions--like your birth date, or another quaint verifier, your mother's maiden name."
UTC, in fact, still uses the SSN along with birth date to log into the online registration software. It now accepts the new UTC ID, but that's no better: it still has the attributes of a name ("unique, permanent, and difficult to change"), not a password. In contrast, The Blackboard system properly uses your UTC ID as your name, not password--which just makes your UTC ID that much less useful as a verifier, since you type it in plaintext whenever you log in.
