But that's already the case? You just have to go through the hassle of getting it resolved. You're also not liable for credit card fraud, but you still have to go through the hassle of calling the bank and getting it reversed.

Going through a hassle is effectively being liable, in this context. Especially when the credit reporting bureaus absolutely do not give a crap about you and make contacting them a job in itself.

It is akin to “the process is the punishment” when you get tied up in the US legal/criminal justice system, even if you are innocent.

Are you talking about T-Mobile, or the companies that fraudsters actually go to with this information?

You're not going to do much damage creating a T-Mobile account with my SSN. You will signing up for a credit card or resetting the password on my bank account.

Anyone that gets defrauded because they are using SSN/DOB/address as some type of identify verification/signature/authorization mechanism.

Which would include pretty much all consumer level/retail financial companies I think, but certainly is not limited to them.

When entity A defrauds entity B by pretending to be entity C, entity C should not be affected in any way, other than letting entity B know they were not party to the transaction.

In other words, it should be entity B’s responsibility to prove entity C engaged in a transaction with them before being able to affect entity C’s credit.

And that would solve all of this nonsense very quickly.