Yes, but the argument that just releasing the database is responsible is based on the notion that private sector businesses have no right to use the identifier and can't complain if their usage is compromised. But extensive use by the public sector means that an alternative system needs to be put in place before releasing the database.
If you think about it, there's virtually no purpose to a SSN without the IRS's current usage. The whole purpose of it is to track contributions into and benefit distributions out of the fund. The SSA tracks the benefit distributions, but the IRS's usage is squarely within the raison d'etre for the SSN existence in the first place. Releasing the mapping database would essentially break Social Security since they'd no longer have a working way of tracking contributions into the fund.
I've got no issue with the IRS and/or the private sector continuing to use SSNs as surrogate IDs or usernames. Being public doesn't prevent it from being used to disambiguate similar users or associate records between datasets. In fact, having the mapping public would make it easier, since that's one less column you need to store securely.
What it would prevent is the illusion that providing my SSN on demand is in any way an indication that I am in fact the human being attached to that number and not some third party.
I don't see a problem with the IRS continuing to use it as-is. I would have no more incentive to lie about my SSN than I currently do about my legal name or my mailing address, for example. In fact, I might have a significant disincentive if I knew that my boss, my HR manager, the auditor at the IRS, and anyone else who cared could spot check whether it matched what I told them all my name was. Besides, the IRS has been dealing with endless attempts at tax fraud for a century and a half now. One more awkward but plausible avenue for cheating is likely to be background noise against their existing caseload.
Which is exactly why I said, "...an alternative system needs to be put in place before releasing the database."
I wasn't saying that using SSNs they way they're currently used is a good system or even that it works halfway decently. I was saying your plan for the SSA to break the world would also fundamentally break the original purpose for the SSN and hurt themselves. The IRS and SSA need to get together and devise a better system for authenticating citizens and resident aliens before even contemplating taking that step.
What I'd like to see them do is get NIST involved and run it as a public challenge the way they have with the various encryption standards. Get competing strategies proposed and let cryptographers rip them to shreds until something acceptable is left over. Incidentally, we should also do the same thing with voting machines to create a standard which vendors can implement and sell to local election commissions.
> Besides, the IRS has been dealing with endless attempts at tax fraud for a century and a half now
Former Intuit employee here...not in tax, but I've worked with people who are and learned a lot about anti-fraud programs. Acting like this is an old problem is disingenuous. The advent of e-file has made the problem massively worse. Releasing the entire database would make it, turn, significantly worse. I can guarantee you that Intuit, H&R Block and the other online tax filing solutions have been in contact with Equifax to get the full list of (or full list of hashes of) SSNs that were compromised and that returns for those SSNs will undergo increased fraud scrutiny. Equifax only leaked around 1/3 of all SSNs, so your plan to release the full list would create far more than background noise.
If you think about it, there's virtually no purpose to a SSN without the IRS's current usage. The whole purpose of it is to track contributions into and benefit distributions out of the fund. The SSA tracks the benefit distributions, but the IRS's usage is squarely within the raison d'etre for the SSN existence in the first place. Releasing the mapping database would essentially break Social Security since they'd no longer have a working way of tracking contributions into the fund.