John Q. Newman has given a few presentations at previous Defcon about identity theft from both sides-- manufacturing "new identities" and protection of your identity from theft.

The SSN-system sucks, as it exists now. It is ineffectively a "shared secret" that can be used with other not-so-secret personal information, presently assumed effective at verifying a single person's identity reliably.

How many different kinds of security tokens are required to open a credit card account? A Name? (something you know) an SSN? (Something you know,) a drivers' license Number? (Though you might think "something you have" (physical property) applications don't require the original; they generally just ask for the number, so this is really just something that you know,) an address? (something you know with a *little* bit of physical property as "something you have,") and a signature (something you can do -- performance.)

Almost all of these are the same "type" of token/authentication-type. "Something you know." However, most are difficult to change.
Legally changing your name? Right. Ineffective, since SSN is used across "aliases."
Change your SSN? I don't know how hard this is to do now, but it was nearly impossible, and/or expensive and/or time consuming to do it 10 years ago. Huge risk for abuse if done improperly.
Getting a new drivers' license number may be possible in other states, but is not so easy in mine. Also, this would require an update to your accounts that included it, and may be abused if not done properly.
New address? What? Are you going to move? Sure, you can get a P.O. Box, but residential addresses are still used by the phone company and other businesses/agencies, so may still "count" as being you.
Signature? Those can be forged, and inadequate checking creates an unnecessary burden to victims of identity theft. (Credit card companies make decisions and set policies on checking that risk their own profits, as well as damage credit ratings of victims, and create a burden for victims to clean up discrepancies.

Without proper validation of a signature, all of these "Secrets" are assumed to be sufficient to identity AND validate a person as being who they claim to be. Once these "secrets" are published, anyone with access to the publish data may initiate an attack--

This is similar to having a password to your finances split into pieces, but once your password is shared with unauthorized people, it is no longer a secret. Now, imagine that you could not change your password, or your password might take time and money to change, and you see a problem with the present system.

Make the problem worse? Imagine that copies of your password are stored in many places. (Metaphorically, written on post-it notes, left on desks of many financial agencies, credit card companies, banks, financial institutions, student loan locations, universities, schools, employers, and more.) Any failure at any storage location risk the sharing of your multi-part "password" with criminals.

What can fix it? There is No Silver Bullet. One method that could help would be a true password maintained at the federal level (something you know, but that is not shared with anyone except you and the feds-- something that you can change, but requires you to show up in person and provide fingerprints, scan of your retina, etc (something you are) along with other pieces of information (income tax refund/payment amount from a previous year, etc.) A shared secret between two parties.
Once such a system existed, this federal entity could "authenticate" people for businesses. You want to sign up for a card? Great. Sign up, ask the company for their TID number, then "log in" (phone, in person, computer) with the feds, and let them know that you have authorized the specified TID to create one account for you. A kind of hashing system might work here, or maybe a crypt system, where the customer's password is an encryption key, and the company's password is their decryption key for the given data-- pseudo PKI. with public/private key where password are "private" and TID/SSN are "public".)

Sure. I can see politics with this (Libertarians will probably be unhappy, but please keep politics out of this), and "big brother" issues. I can see high costs and the controversial topic of "biometrics." However, the present system is broken, and I invite you to provide better solutions that incorporate checkable tokens other than those of the type, "something you know" that is really stored in many, many places.
(Tape backups, sent through mail/UPS/FedEx, employee laptops, HR Dep, Benefits Dept, Compensation Dept, Credit Card, companies, Banks, Stock trading companies, and more.)

Ah very good CotMan- sounds like you've been reading up on your Bruce Scheier! I agree, and it needs to be fixed.