Why not use a national ID as username for every website?

Question

Everyday we visit many websites, including our university's website, maybe Google, Yahoo, etc. But on each of them, we have a unique username, while each person in a country can have a "national code" such that no persons share a code. So, they could use their national code as their username on every website.

Why not? Why isn't this the situation? Wouldn't it be better if we had one username for all of the websites in the world? Does it have something to do with security?

Answer 1

1. Privacy. Being able to link every user account to a natural person would be the end of anonymity on the Internet. Maybe you have nothing to hide, so that's of no concern for you. But as Edward Snowden said: "Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say".
2. Not every person on the planet would have a national ID number. There are countries in the world which don't give ID numbers to their citizens. In some regions of the world, residency registration is spotty at best or nonexistent. People from these countries could no longer actively use the Internet anymore. Also, there are edge-cases like stateless people, people with multiple citizenships or people from disputed territories.

3. In those countries which do have ID numbers, you have the problem of proving that someone is indeed the owner of an ID number. Because your ID number is public knowledge, I could use it to register in your name on any website I want, thus stealing your identity.

   A solution to this problem would be a state-supported authentication service (something like OAuth). But considering how many governments there are in the world, it would be impossible to agree on a protocol standard which is supported by everyone all over the world. And if you do somehow get the ~200 or so governments in the world to cooperate on something (a feat worthy of a Nobel Peace Prize), you now put a tremendous responsibility into their hands. Not only could they very easily prevent their citizens from using any services they don't like by no longer authenticating their citizens to it, they could also impersonate their citizens on any website.

Answer 2

You can't:

• have multiple, separate accounts (e.g. separate professional and personal accounts, or a separate parody account)

• have a truly anonymous account

• have an account if you're a stateless person, or from a country that doesn't have a national ID, or too young or otherwise ineligible to have a national ID

• allow the national ID scheme(s) to ever change (or re-issue numbers)

Answer 3

In some countries, it is simply forbidden to use the most important unique IDs in other databases than those for which it was originally meant for. For example, you would get an ID for the state-run health insurance system, which the tax office is not allowed to use and vice versa. All this to ensure privacy and make it more difficult to cross-reference databases with personal information.

In fact, EU requirements regarding personal information are getting stricter and all the companies you mentioned already have trouble ensuring compliance with their current approach. That alone is reason enough to avoid national ID numbers like the plague.

Answer 4

As well as security, there are also colossal privacy concerns. You probably don’t want Facebook and Pornhub to be able to compare notes and link your Pornhub account to your Facebook account. And of course, someone might want to create two different accounts, but they’ve only got one ID.

Answer 5

Actually we have a very pertinent case in point as to why this is not a good idea. In the US, we have long had a system of credit reporting that is based on national Id. The (absurd) presumption was that if you know the national Id of some person and their name, birthdate etc., you must be that person. The problem with this is that finding out the the national Id of someone is becoming increasingly trivial. The result is that people are regularly impersonating others for illicit gains. The problems for the actual owner of that Id can be really big.

This idea that you are proposing would actually contribute even more to this issue but that's not really the point I am making here. Changing your national Id is very difficult in most (all?) countries. Once someone has this information, it's useful for a long period of time and victims of this struggle for decades to deal with all the constant problems such as debt collection agencies calling them at work or terrorizing their families. I recently heard about a woman who's national ID was stolen and used by another woman who was going to prison.

The problems with this kind of system are very much like the use of biometrics. If my fingerprint is my Id and someone can reproduce it, then everything I touch is potentially giving away my identity to a thief. People can even get it off a photo as in the link above. If anything, we need to get away from the use of such unchangeable Ids.

Answer 6

Their are numerous reasons this is a bad idea. Here are a few off the top of my head.

• If we all had the same username for every service, there now exists a DB of all usernames (which will be leaked, or compiled eventually). I now only need to worry about getting your password. This creates the greatest username enumeration DB ever created.
• I can sign up to any number of services with your userid. Some services might use email verification and some won't.
• The more unique pieces of information I have about you, the easier ID theft is. I could combine the service signs up to create a whole other digital you based on your global ID.
• It would be the best ad tracking ID ever created. You could link all account/internet usage together to create a super ad profile.

Answer 7

Other answers cover the concerns over privacy, authentication, and availability very well, but there's another, more pragmatic problem with this approach: It's simply too hard to implement from a technical perspective.

National IDs from different countries frequently overlap with each other. There will be huge numbers of collisions, where two people from different countries have the exact same number. Example: The US SSN is a 9 digit number. The Canadian Social Insurance Number is also a 9 digit number. The Canada SIN includes a check digit, but even so the number of possible collisions is still in the millions.

To avoid this, people would need to specify both the national ID number AND the country. But how do people present this information?

• Do you have two separate fields, one for the country, and one for the ID? If so, you've just greatly complicated the database and software requirements for everyone in the world.
• Do you have one field where you merge two values together?
• If so, How do you represent the country? (ISO alpha code? ISO Numeric code?
  Something else?)
• How do you concatenate the values? Country first, then ID? Is there a delimiter? If so, what is it?

• How do you handle the fact that the same ID can be represented with different formats? Some numbers use hyphens or dots, some use spaces, etc.

• What happens when a country is taken over by another country, or a country splits into two?

• What happens when people move from one country to another or change citizenship?
• Who is going to manage all of this complexity? Who pays for that management?
• How do you handle countries that maintain multiple types of IDs, social insurance numbers, voter ID numbers, tax IDs, etc?
• What happens when a country changes its national ID system? (this is happening quite frequently in recent years)
• Who is going to manage all this complexity? How do you enforce the rules?

Regardless of any other concerns, this solution is self-defeating, as it does not simplify anything, it adds lots of complexity.

Answer 8

Case Study: Norway.

Norway has national ID numbers. And we use them for everything.

On the bright side, it makes everything easy. I don't have to do tax returns because the tax office knows everything anyway. Whenever I talk to some government office, I give them the ID number and they automatically know my name, address, age and everything else, without typing errors. Same with banks, insurance companies and other "worthy" businesses. (Not sure how they qualify as "worthy", but there are a lot of them)

Even "unworthy" businesses know the ID numbers of their employees to report their income to the tax office.

My apartment complex management knows my ID number. I am sure they report it to some government office or another.

In theory ID numbers are secret, in practice they are not. They are everywhere, how could they be secret?

The banks have cooperated to create a system for authentication for on-line banking. This uses a combination of a dongle creating one-time passwords and a remembered password.

The government has bought into this system so we use the same dongle/password for government websites too.

We have strict laws about how databases containing these numbers should be treated. Judging by newspaper headlines, these laws are often broken in small ways but rarely in large ways.

Privacy is broken often, but it is rarely important data. Customer data bases and such. I am sure marketing people are drooling over these data, but I won't loose any sleep over it.

I know others will disagree.

Important data, like medical records, are actually guarded pretty competently. The downside of that is that different hospitals and such have problems exchanging data.

Identity theft is rare, again judging by newspaper headlines. I suspect that this is because Norway is so transparent that the thief will have problems hiding after the identity theft is discovered.

Answer 9

In Sweden, I am registered to some websites that actually do this. For example, to register in the housing queue in various cities, I login with my Swedish national ID (the password is local). The housing office needs to know my national ID anyway, so one might as well use it as a login. Of course, database breaches can be a source of worry, but that is true for any database containing the national ID, whether or not it is used for logging in or not.

Other answers have addressed why this is undesirable and unfeasible to apply universally.

Answer 10

How well does it work?

One reason would be that universal IDs are not really suited to the task. They do not have a consistent form, and depending on how they're generated, they are all more or less user-unfriendly. They're not necessarily globally unique either (it would require an immense amount of coordination to achieve that).

Some countries might not have universal IDs at all, I bet there's not few countries where it isn't even exactly known how many people exist or who they are. Most certainly, there exist hundreds of millions of people (probably more) who do not have any such thing as an ID card, a social security number, or a birth certificate. They probably don't have much internet access either, but should we in principle deny them using websites because they lack an ID number?

The number on my ID card is 10 alphanumeric characters, and my universal ID on the backside of the ID card is date of birth reversed, plus one digit, plus 7 seemingly random digits, and a letter.
Surely fatlover69 and luckyguy777 are way easier to remember as usernames than M7NTU3C2H5, or 6805097<8614257D, are they not?

What do I do if I ever want a second account, or I wish to abandon an account and replace it with another? Maybe I lost the password and can't access the recovery mail address, maybe the account was hijacked, or something different.
Well, do not despair, that's easy: You only need to get another unique ID. Oh, wait...

Do you trust every website?

Another, even more important reason is you likely wouldn't want some random website to know your ID at all. It's the same thing as with biometry. Or, to a lesser extent, with email addresses and phone numbers. Your phone number is one of the first thing everybody, not just websites, wants to know. Buy a table at a furniture center, and they want to know your phone number. When you tell them "Well,... no. I don't want you to call me", they seem offended¹.
Now, the thing is, in the worst case you can always easily change your mail address and phone number. Changing who you are and what you are is troublesome. Plus, ID numbers contain check digits and are verifiable, so giving a website (which won't accept a "No") a fake number probably won't work well.

Websites, and the companies behind them, are generally (with very, very few exceptions) not trustworthy. In fact, this very website (Stackoverflow to be precise) proved its unworthyness only yesterday by sending me unsolicited job offer spam under the false premise that I opted in to receive these. Sure, not much harm done in this case. But do you really trust every random website enough to give them your identification which is many orders of magnitude more sensitive than a throwaway Google address? Really?

It's not long since you only needed a name (presumably someone else's name) to rent a parcel deposit box. Welcome to the world of online fraud. Loot is sent to the victim's name, to the victim's deposit box. Only just... they have no idea they own that box at all, and they didn't order anything.
Meanwhile, you need a name and the matching identification number. I'm not sure why you still don't have to physically present an ID, but whatever.

Do you really want to tell some random website that number?

Did you think it to the end?

Universal IDs are generally a problem, more than one might think. Many of us are concerned about Facebook and Google storing a cookie and placing beacons on websites. But what if you told them your universal ID?

I remember working in a Swedish hospital around 20 years ago where you could access every person's medical record (and other personal data) by entering their unique code in a computer which, of course, didn't require a password or anything. Their unique code, that was their date of birth backwards, plus a 2-digit sequence number (or something very similar).
Also, there was a database (again without password) where you could match names, partial addresses, and age ranges to find out the number in case you didn't know and in case the patient could maybe not answer. Which is no problem because, obviously, we're all professionals, and nobody would ever use this data for anything but what's intended.

My initial thought was: "Woah, we are so retarded, still using paper -- the Swedes are so fucking cool. Compared to them, we live in the middle ages".
On a second thought, I was much less extatic with the idea. Why, it's a great thing, is it not? And you have nothing to hide. Plus, it's only ever beneficial.

Yes, except... if you knew this girl's name was Inga² and you didn't even know her last name, but you guessed she was approximately 22-24 years old and lived in this town, then, well, you could within seconds look up whether she had a history of genital herpes before going on a date!
Not that I would ever do such a thing, nor can I confirm or deny knowledge of any circumstances under which other individual people have or might have done or recommended said or similar thing, even on a hypothetical base.

Data, and the ability to link data to people is a very, very dangerous thing, it should be avoided at all cost if you can help it. You should never let it happen voluntarily, without urgent need, and without consideration.

^{1 "Oh, I cannot afford a cellphone" works much better, it also limits the amount of extra stuff they're trying to sell to you.
2 Name changed to protect the innocent. Any resemblance to real persons, living or dead, is purely coincidental.}

Answer 11

While there are many reasons that this isn't a good enough idea, it's irrelevant as there are many ways to do the same thing. In most cases, people also don't share email addresses, OpenIDs and phone numbers. And they are more standardized across countries. Why not use them instead?

Well, for the university username, they would assume some students would change emails and phone numbers more often than the university. But at least they still have the option to reserve the phone number and email address usernames for the users opted into it.

On the other hand, theoretically a government could set up a system that makes people logging into websites using something equivalent to national IDs, and change all the related processes to make stealing merely an ID number useless. They could also make a new protocol so that this works the same for all countries. And most of the problems pointed in other answers could be solved in some ways. But it is not done. And as emails and phone numbers already solved the problem, there is no incentive to actually do this.

Answer 12

One more important point:

Market forces. Until 5-10 years ago, almost everyone with a new website wanted you to create a new login and password just for their site. It's simple to do (especially so if you don't bother about protecting the password database), and free of dependencies. Even today, there are still many who want to use this approach.

To counteract these market forces, you'd need government regulations. The result of which would be that new businesses would set up their servers in any country that isn't yours, unless you also introduce severe restrictions on the internet (hello there, China). Internationally standardized regulation on userprofiles seems unlikely, seeing the vastly different political requirements of the US and EU alone ("all power to businesses" vs "privacy privacy privacy"), and impossible if we also consider some Middle Eastern and Asian countries.

Stig Hemmer's answer highlights that your suggestion is indeed possible but only on a national level for already regulated industries.

Answer 13

There is something "close" to what you propose -- it's called OAuth2 - where a third-party system performs user authentication and supplies a pre-authenticated token to subscribing web sites -- the example use case even works here on StackExchange -- when you "Log in using Facebook" or Google, or whatever, you are using a federated system, which is about as close as you can get to having a world-wide single-sign on...