Posts
The Drift
How a Tracking Serial Became a National ID
Path dependence is the economic concept that describes what happened to the SSN. Paul David's 1985 paper on the QWERTY keyboard established the principle: early choices create self-reinforcing mechanisms that make alternatives increasingly costly over time, even when the original choice was not optimal. The SSN is the QWERTY keyboard of American identity infrastructure — adopted for reasons of administrative convenience, locked in through network effects, now essentially impossible to replace without a coordinated disruption that no actor has the authority or incentive to organize.
But path dependence alone does not fully describe the SSN's accumulation. QWERTY spread through a single industry with a clear technological pathway. The SSN spread through every institution in American life, each adoption independent of the others, each one making the next adoption more rational. The mechanism was not network effects in the economic sense. It was something more diffuse: the gravitational pull of the only universal number that already existed.
When the IRS needed to link tax records to individuals in 1962, it could have created a Tax Identification Number from scratch — a new identifier, properly designed, with appropriate security features. The cost of doing so: budget appropriation, legislation, system development, enrollment of 180 million taxpayers, and the institutional friction of introducing a new number into a country that already had one. The cost of using the SSN: a memorandum. The choice was not difficult.
Every institution that adopted the SSN made a locally rational decision. No institution was responsible for what all of those locally rational decisions produced in aggregate. That is the architecture of drift. The catastrophe was distributed across a thousand individual choices, none of which was catastrophic on its own.
The same logic applied at every subsequent adoption point. Military service records, 1969. Medicare enrollment, 1965. Federal student loans. State driver's licenses. Bank accounts. Credit applications. Each institution looked at the SSN and saw the same thing: a number that was already universal, already in the wallet of every American adult, already connected to federal records that verified its authenticity. Building something new would have been harder. Nobody built something new.
Fifty Years of Institutional Accumulation
The drift was not evenly distributed across time. It accelerated in waves — each wave triggered by a major federal adoption that legitimized the number for a new category of use, which then cascaded into private sector adoption in the same category. The timeline below documents the major adoption events and the institutional logic that drove each one.
What the Government Knew — and Did Not Fix
The drift did not go unobserved. Beginning in the early 1970s, a series of government reports, congressional hearings, and independent studies documented the risks of the SSN's expanding use with increasing precision. The warnings were accurate. They identified the specific vulnerabilities that would produce the identity theft epidemic of the 1990s and 2000s. They were received, noted, and filed. The architecture was not changed.
HEW Report, 1973 — "Records, Computers and the Rights of Citizens": The Department of Health, Education and Welfare's Advisory Committee on Automated Personal Data Systems produced a landmark report that directly addressed the SSN's expanding use. The report warned that the SSN was becoming a de facto national identifier without the safeguards that a deliberately designed national identifier would require. It recommended against universal use of the SSN as a personal identifier and called for statutory limits on its collection and use. Congress received the report. No statutory limits were enacted.
Privacy Act of 1974: Congress passed the Privacy Act in direct response to HEW and related concerns, establishing limitations on federal agency collection and use of personal information including SSNs. The Act prohibited federal agencies from denying benefits based on refusal to provide an SSN unless disclosure was required by statute or predated the Act. This was a genuine constraint on federal use — and it applied only to federal agencies. The private sector was unaffected. Banks, credit bureaus, employers, and hospitals continued collecting SSNs without restriction.
Privacy Protection Study Commission, 1977: The Carter-era commission produced a comprehensive report on personal data systems that reiterated and expanded the HEW warnings. It documented the SSN's penetration into private sector systems, identified the specific risk of a low-entropy static identifier becoming the universal authentication token for financial systems, and recommended purpose-limitation requirements for SSN collection. The recommendations were not enacted.
What the warnings established: By 1977 — forty years before the Equifax breach — the federal government had documented in detail that the SSN's expanding use as a universal identifier, without security features or governance framework, was creating systemic privacy and identity risk. The warnings were not suppressed. They were published. The political economy of SSN reform — the institutional inertia, the absence of a crisis sufficient to force action, the presence of powerful interests that benefited from the status quo — was stronger than the documented risk.
The gap between the warning record and the policy response is itself an FSA finding. It is not evidence of incompetence or bad faith by the individuals who wrote the reports. It is evidence of a structural feature of American governance: the capacity to identify systemic risk in distributed institutional architectures is far greater than the capacity to coordinate remediation across the multiple actors whose independent decisions created the risk. The HEW report was right about everything. It had no mechanism to compel the credit bureaus, the banks, or the state governments to change their behavior.
The federal government warned itself, in writing, in 1973, that what it was building was dangerous. The warning was accurate. The architecture continued accumulating anyway — because the warning identified a systemic problem and the political system only had tools for addressing individual actors.
When Replacement Became Practically Impossible
There is no precise date on which SSN replacement crossed from difficult to practically impossible. It was a threshold, not an event. But by approximately 1980 — after the IRS adoption, the credit bureau penetration, the Medicare linkage, the military adoption, and the first wave of congressional mandates — the threshold had been crossed. The number of systems that would need to be simultaneously migrated to a new identifier had exceeded the coordinating capacity of any plausible political coalition.
Consider what replacement would require in 1980: new legislation establishing a replacement identifier and mandating migration across all federal systems; negotiated compliance from fifty state governments, each with its own SSN-dependent systems for driver's licenses, welfare administration, and state tax records; voluntary or mandated migration by three major credit bureaus that had built their entire data architecture around the SSN as primary key; migration by every bank, employer, insurer, and hospital that had adopted the number; and a re-enrollment process for 220 million Americans, each of whom would need to receive a new identifier and update every financial, government, and healthcare record that carried their old one.
No single actor had the authority to mandate all of that simultaneously. No political coalition in 1980 had the incentive to try. The drift had produced lock-in not through any decision to lock in the system, but through the simple accumulation of adopters past the threshold at which coordinated replacement became practically impossible.
1980 replacement complexity: ~220 million SSN holders; 3 major credit bureaus; IRS, SSA, DoD, HEW/HHS federal systems; 50 state governments; approximately 15,000 commercial banks; major insurance carriers; early adoption by hospital systems beginning transition to electronic records.
2026 replacement complexity: ~340 million SSN holders; same 3 credit bureaus plus LexisNexis, Experian data services, and dozens of downstream data brokers; IRS, SSA, DoD, HHS, VA, DHS, and multiple additional federal systems; 50 state governments plus territories; approximately 4,500 FDIC-insured commercial banks plus credit unions, fintech platforms, and payment processors; full penetration of electronic health record systems (Epic, Cerner, and others) using SSN as patient identifier; employment authorization systems; student loan servicers; and a dark web market whose entire commodity is SSN-linked data packages.
The structural observation: The replacement problem in 2026 is not simply larger than the replacement problem in 1980. It is categorically more complex, because the private sector adoption that was still in progress in 1980 is now complete and deeply embedded in systems whose operators have no individual incentive to absorb migration costs for a collective benefit they cannot capture.
What the Accumulation Record Establishes
The drift was not a failure of oversight. It was the predictable output of a governance architecture that assigned responsibility for individual programs without assigning responsibility for the aggregate. The IRS adoption was rational. The credit bureau adoption was rational. The Medicare adoption was rational. Each actor made the locally optimal choice. No actor was responsible for the system those choices produced. That is not a failure of individual judgment. It is a structural feature of fragmented institutional governance.
The private sector adoption was the decisive expansion. Executive Order 9397 opened the door to federal agency use. Congressional mandates expanded the federal footprint. But it was the credit bureau adoption in the 1970s — unlegislated, unregulated, and unrestricted by the Privacy Act that covered only federal agencies — that converted the SSN from a government administrative tool into the foundation of the private financial surveillance economy. The government issued the token. The private sector built the meaning layer. No governance framework connected them.
The warnings were accurate and ineffective. The HEW report of 1973, the Privacy Protection Study Commission of 1977, and the congressional hearings of the Carter and Reagan eras correctly identified the SSN's expanding use as a systemic risk. They were ineffective not because they were wrong but because the political system had no mechanism for coordinating remediation across the distributed set of actors whose independent choices had created the risk. The capacity to diagnose a distributed problem exceeded the capacity to fix one.
The lock-in threshold was crossed before any crisis made it visible. By 1980, the number of systems dependent on the SSN as primary key had exceeded the coordinating capacity of any plausible reform coalition. The threshold was crossed quietly, through accumulation, without any event that registered as a national emergency. The crisis — identity theft at scale, the Equifax breach, the dark web SSN market — came later, when the architecture was already too embedded to replace. Post 3 documents what was built on top of the locked-in foundation: the semantic capture layer, where private actors constructed the meaning of American identity on a token the government issued and then lost control of.
The Drift Record — What Post 2 Establishes
| Finding | Source | Status |
|---|---|---|
| Executive Order 9397 (1943) authorized federal agency SSN use beyond Social Security — first formal breach of the "Not for Identification" scope | Executive Order 9397, Federal Register | Documented |
| IRS adoption 1961: SSN became Taxpayer Identification Number — connected Social Security and tax records through a single identifier without governance framework | IRS administrative history; Revenue Act 1962 | Documented |
| Credit bureau adoption 1970s: Equifax, Experian (TRW), TransUnion adopted SSN as primary key for consumer credit files — no legislative mandate, no regulatory authorization required | Credit bureau administrative history; FTC reports | Documented |
| Congress mandated SSN use for federal programs dozens of times 1961–1996 with no cumulative architectural review | Congressional record; Privacy Act legislative history | Documented |
| HEW 1973 report warned against universal SSN use as personal identifier — recommendations not enacted; Privacy Act 1974 covered federal agencies only, left private sector unrestricted | HEW 1973; Privacy Act of 1974 | Documented |
| Lock-in threshold crossed approximately 1980 — replacement complexity exceeded coordinating capacity of any plausible political coalition before any crisis made the risk visible | Structural inference from adoption record | Structural Finding · Supported |
| The private sector adoption — unlegislated and unregulated — was the decisive expansion that converted the SSN from government administrative tool to private financial surveillance foundation | Credit bureau history; FTC record; Privacy Protection Study Commission 1977 | Structural Finding · Supported |
No comments:
Post a Comment