The entire US Social Security database was uploaded on a random cloud server, Whistle-Blower Says
Technology
93
Beiträge
54
Kommentatoren
0
Aufrufe
-
You know, at some point you actually do something to put out the fire, you leave, or you burn.
-
This post did not contain any content.
-
I agree that "random server" is a bad choice of words, but do want to add additional information context as the concern isn't necessarily unwarranted. Another qoute from the article:
“I have determined the business need is higher than the security risk associated with this implementation and I accept all risks,” wrote Aram Moghaddassi, who worked at two of Mr. Musk’s companies, X and Neuralink, before becoming Social Security’s chief information officer, in a July 15 memo.
Its also sounds like they did spin up a new database with limited security/oversight to "move" faster. Why that's worrisome is they aren't denying there is a risk or lack of security, they are just saying it's justified.
Oh yea, agree it's a dumb move. This should be on-prem data IMO.
-
I dont have a problem with that, but what I will object to is the current regime making the replament ID system. 1) there is no way they would design it well or securely, smart people capable of building such a system are usually the first to bounce to another country as they will have the means to do so. 2) it would be too easy for them to lord the new ID over peoples heads (like they are with immigration status now) and impliment a social credit score like China does.
Your correct that SSNs should not be used as IDs, but getting the government to build a modern system for that opens too many avanues for abuse (especially with darth cheeto in charge).
I don't know much about it, but what did they change with the whole Real ID / star on Licenses and such. I believe the purpose was to make it so the IDs were to a minimum standard so they could be accepted in all 50 states. If they all had unique ID numbers (I don't know that they do) they could have just used those, or expanded on those and already have the ID system in place. To travel to another state and have a valid ID, I believe the cut off date is November of this year. (At least for my State, because my spouse doesn't drive and her ID she was told would no longer be valid post November if she doesn't go in and get it done)
-
I’ve said for a while that the SSA should do basically this exact thing. In a more controlled manner, but still the same result. Announce something like “in two years, we’ll make our database public. Every single name, DOB, and SSN will be publicly searchable.
It sounds radical, but SSNs were never meant to be a secure form of ID. Old cards even said something like “do not use this as ID” on them. But organizations quickly latched onto it because they wanted to have a way to identify individuals with the same name and DOB. And SSNs were convenient because people already had them.
It would force organizations to develop their own way to ID people. It would be a huge step towards making an actual secure form of ID. And the warning time would give people enough time to design the new system and roll it out, while still giving a hard deadline for when it needs to be done.
No, we don't need this at all. businesses need to be fined out of existence for using the ssn, and lenders should do due diligence without some imaginary score.
-
they will have to get rid of social security now. it's the only way
"You don't have a SSN? Must be an illegal"
-ICE -
Accelerationism like that never works. When it all settles, you get extremely mild improvements for a whole lot of hurt.
Accelerationism can work if you are in position to lead the rebellion. But for the vast majority of us, you'd be a foot soldier, probably die before ever seeing the day of victory.
-
If you read the article, the current head of the SSA acknowledges they did set up the system being discussed and that he's accepted the increased risk of the implementation as there is a "business need".
What cloud servers are they using?
-
This post did not contain any content.
We‘re getting closer to a cyberpunk world every day
-
Yeah, god forbid we have people who aren't fucking idiots taking care/maintaining our information.
But again - this has zero information. What cloud storage is it on? How is it not secure?
-
I’ve said for a while that the SSA should do basically this exact thing. In a more controlled manner, but still the same result. Announce something like “in two years, we’ll make our database public. Every single name, DOB, and SSN will be publicly searchable.
It sounds radical, but SSNs were never meant to be a secure form of ID. Old cards even said something like “do not use this as ID” on them. But organizations quickly latched onto it because they wanted to have a way to identify individuals with the same name and DOB. And SSNs were convenient because people already had them.
It would force organizations to develop their own way to ID people. It would be a huge step towards making an actual secure form of ID. And the warning time would give people enough time to design the new system and roll it out, while still giving a hard deadline for when it needs to be done.
There was a time when bank card number was practically all you needed to get someone's money.
I think Estonia's electronic IDs are the best, they have the government sign (sometimes provide, but generally just sign) your public key. It's both that the government doesn't have your private key and that it's immediately usable for many things. I don't know if they do, but one can also make ID cards (with a necessary chip inside, of course), where a private key can be written and used for signing operations, but not read back.
Modern technology allows so much goodness that politicians and corps have just started globally gaslighting us over what can be done and what can't. Stalling on technically easily solvable issues, so that it wouldn't come to real ones.
-
I dont have a problem with that, but what I will object to is the current regime making the replament ID system. 1) there is no way they would design it well or securely, smart people capable of building such a system are usually the first to bounce to another country as they will have the means to do so. 2) it would be too easy for them to lord the new ID over peoples heads (like they are with immigration status now) and impliment a social credit score like China does.
Your correct that SSNs should not be used as IDs, but getting the government to build a modern system for that opens too many avanues for abuse (especially with darth cheeto in charge).
and impliment a social credit score like China does.
Honestly you don't need such an official system, and such a commercial system, as that network of data brokers and credit rating providers, already exists. So of that in particular I wouldn't be scared because it's not avoidable anyway. What's avoidable is government's ability to discriminate based on data. Think how.
-
I agree that "random server" is a bad choice of words, but do want to add additional information context as the concern isn't necessarily unwarranted. Another qoute from the article:
“I have determined the business need is higher than the security risk associated with this implementation and I accept all risks,” wrote Aram Moghaddassi, who worked at two of Mr. Musk’s companies, X and Neuralink, before becoming Social Security’s chief information officer, in a July 15 memo.
Its also sounds like they did spin up a new database with limited security/oversight to "move" faster. Why that's worrisome is they aren't denying there is a risk or lack of security, they are just saying it's justified.
Could you please explain like I'm 10?
-
This post did not contain any content.
At this point I think you can legally opt out of any type of data collection by the government like the Census. You're required by law to participate but they are also required by law to keep your information safe, that's no longer possible in this administration and there's plenty of relevant data to back it up.
-
There was a time when bank card number was practically all you needed to get someone's money.
I think Estonia's electronic IDs are the best, they have the government sign (sometimes provide, but generally just sign) your public key. It's both that the government doesn't have your private key and that it's immediately usable for many things. I don't know if they do, but one can also make ID cards (with a necessary chip inside, of course), where a private key can be written and used for signing operations, but not read back.
Modern technology allows so much goodness that politicians and corps have just started globally gaslighting us over what can be done and what can't. Stalling on technically easily solvable issues, so that it wouldn't come to real ones.
The simple act of comparing signatures meant that it was very difficult to randomly target people. We don't have anything like that today, like a key/token pair.
-
What cloud servers are they using?
Given it's the government it's most likely AWS or Azure. That really isn't inherently bad, it's more the attitude of "move fast and break things" doesn't necessarily work for secure systems with sensitive data.
-
Could you please explain like I'm 10?
The SSA stores a lot of sensitive data. Normally with sensitive data you want to be very careful with who can access it and how.
What is potentially worrisome in this situation is it seems like the SSA is taking on the "move fast and break things" attitude of Silicon Valley.
More technically, most government agencies use AWS and Azure (cloud providers) to host data. So spinning up a new server isn't inherently bad. However, creating a new server that is secure and has the correct access controls (user permissions regarding who can see/change content) can be challenging. The whistle blower believes they are not doing this right, and it sounds like the head of the SSA isn't disagreeing, just saying he thinks the risk is worth it.
-
Given it's the government it's most likely AWS or Azure. That really isn't inherently bad, it's more the attitude of "move fast and break things" doesn't necessarily work for secure systems with sensitive data.
So again, it’s all just bullshit hopes and dreams by the anti-doge people. No data has been exposed or hacked, no evidence of it actually being on anything insecure.
-
This post did not contain any content.
It's times like this I wonder about the like/dislike paradigm I.E. "I like/dislike knowing this and/or appreciate the perceived reputability of the source" vs. "This is good news/I fucking hate this."
This one just got a "I fucking hate this" from me.
-
At this point I think you can legally opt out of any type of data collection by the government like the Census. You're required by law to participate but they are also required by law to keep your information safe, that's no longer possible in this administration and there's plenty of relevant data to back it up.
I think we should be able to have a national class action against DOGE. 100% serious, all US citizens for sure, and anyone else with data in the Social Security database, should sue the individuals responsible for this.
Then we take the money and start a company that contracts out to the government to create a national digital ID system that is the most secure in the world, and allows for amazing anonymity.
