[House Hearing, 110 Congress] [From the U.S. Government Printing Office] PROTECTING THE PRIVACY OF THE SOCIAL SECURITY NUMBER FROM IDENTITY THEFT ======================================================================= HEARING before the SUBCOMMITTEE ON SOCIAL SECURITY of the COMMITTEE ON WAYS AND MEANS U.S. HOUSE OF REPRESENTATIVES ONE HUNDRED TENTH CONGRESS FIRST SESSION __________ JUNE 21, 2007 __________ Serial No. 111-33 __________ Printed for the use of the Committee on Ways and Means [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] U.S. GOVERNMENT PRINTING OFFICE 63-017 WASHINGTON : 2011 ----------------------------------------------------------------------- For sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, Washington, DC 20402-0001 COMMITTEE ON WAYS AND MEANS CHARLES B. RANGEL, New York, Chairman FORTNEY PETE STARK, California JIM McCRERY, Louisiana SANDER M. LEVIN, Michigan WALLY HERGER, California JIM McDERMOTT, Washington DAVE CAMP, Michigan JOHN LEWIS, Georgia JIM RAMSTAD, Minnesota RICHARD E. NEAL, Massachusetts SAM JOHNSON, Texas MICHAEL R. McNULTY, New York PHIL ENGLISH, Pennsylvania JOHN S. TANNER, Tennessee JERRY WELLER, Illinois XAVIER BECERRA, California KENNY HULSHOF, Missouri LLOYD DOGGETT, Texas RON LEWIS, Kentucky EARL POMEROY, North Dakota KEVIN BRADY, Texas STEPHANIE TUBBS JONES, Ohio THOMAS M. REYNOLDS, New York MIKE THOMPSON, California PAUL RYAN, Wisconsin JOHN B. LARSON, Connecticut ERIC CANTOR, Virginia RAHM EMANUEL, Illinois JOHN LINDER, Georgia EARL BLUMENAUER, Oregon DEVIN NUNES, California RON KIND, Wisconsin PAT TIBERI, Ohio BILL PASCRELL JR., New Jersey JON PORTER, Nevada SHELLEY BERKLEY, Nevada JOSEPH CROWLEY, New York CHRIS VAN HOLLEN, Maryland KENDRICK MEEK, Florida ALLYSON Y. SCHWARTZ, Pennsylvania ARTUR DAVIS, Alabama Janice Mays, Chief Counsel and Staff Director Brett Loper, Minority Staff Director Subcommittee on Social Security MICHAEL R. MCNULTY, New York, Chairman SANDER M. LEVIN, Michigan SAM JOHNSON, Texas EARL POMEROY, North Dakota RON LEWIS, Kentucky ALLYSON Y. SCHWARTZ, Pennsylvania KEVIN BRADY, Texas ARTUR DAVIS, Alabama PAUL RYAN, Wisconsin XAVIER BECERRA, California DEVIN NUNES, California LLOYD DOGGETT, Texas STEPHANIE TUBBS JONES, Ohio Pursuant to clause 2(e)(4) of Rule XI of the Rules of the House, public hearing records of the Committee on Ways and Means are also, published in electronic form. The printed hearing record remains the official version. Because electronic submissions are used to prepare both printed and electronic versions of the hearing record, the process of converting between various electronic formats may introduce unintentional errors or omissions. Such occurrences are inherent in the current publication process and should diminish as the process is further refined. C O N T E N T S __________ Page Advisory of June 14, 2007, announcing the hearing................ 2 WITNESSES Hon. Charles E. Schumer, a Senator from New York................. 6 Hon. Ed Markey, a Representative in Congress from Massachusetts.. 59 Hon. Joe Barton, a Representative in Congress from Texas......... 68 ______ Hon. Patrick O'Carroll, Inspector General, Social Security Administration................................................. 63 Joel Winston, Director, Division of Privacy and Information Protection, Federal Trade Commission........................... 74 Dan Bertoni, Associate Director, Education, Workforce, and Income Security, Government Accountability Office..................... 96 ______ Justin Yurek, President, ID Watchdog, Denver, Colorado........... 118 Stuart Pratt, President, Consumer Data Industry Association...... 123 James D. Gingerich, Director, Administrative Office of the Courts, Supreme Court of Arkansas, on behalf of the Conference of State Court Administrators, Williamsburg, Virginia.......... 131 Annie I. Anton, Associate Professor of Software Engineering, North Carolina State University, Raleigh, North Carolina, on behalf of the Association for Computing Machinery.............. 138 Marc Rotenberg, Executive Director, Electronic Privacy Information Center............................................. 158 Gilbert T. Schwartz, Partner, Schwartz & Ballen LLP, on behalf of the Financial Services Coordinating Council.................... 169 SUBMISSIONS FOR THE RECORD LexisNexis, letter............................................... 183 Bruce Hulme, Legislative Director, National Council of Investigation and Security Services, statement................. 187 National Organization of Social Security Claimants' Representatives, statement..................................... 188 Property Records Industry Association, statement................. 190 PROTECTING THE PRIVACY OF THE SOCIAL SECURITY NUMBER FROM IDENTITY THEFT ---------- THURSDAY, JUNE 21, 2007 U.S. House of Representatives, Committee on Ways and Means, Subcommittee on Social Security, Washington, DC. [The advisory announcing of the hearing follows:] ADVISORY FROM THE COMMITTEE ON WAYS AND MEANS McNulty Announces a Hearing on Protecting the Privacy of the Social Security Number from Identity Theft June 21, 2007 By (202) 225-9263 Congressman Michael R. McNulty (D-NY), Chairman, Subcommittee on Social Security of the Committee on Ways and Means, today announced that the Subcommittee will hold a hearing to examine the role of Social Security numbers (SSNs) in identity theft and options to enhance their protection. The hearing will take place on Thursday, June 21, in room B-318 Rayburn House Office Building, beginning at 10 a.m. In view of the limited time available to hear witnesses, oral testimony at this hearing will be from invited witnesses only. However, any individual or organization not scheduled for an oral appearance may submit a written statement for consideration by the Subcommittee and for inclusion in the printed record of the hearing. BACKGROUND As many as ten million Americans fall victim to identity theft every year. The effects of identity theft can be catastrophic to the lives of affected individuals. The reported costs are significant-- according to the Federal Trade Commission, businesses lose $50 billion and consumers expend another $5 billion annually to recover from identity theft. The SSN is a critical tool for identity thieves looking to establish a credit account in someone else's name. And it is often the key that identity thieves use to gain access to other personal information such as bank accounts. Because it is a unique piece of personal information that does not change over time, the SSN provides a convenient way to track individuals throughout public and private records. As a result, SSNs have become ubiquitous in these records, and they are being used for purposes far beyond their original role of tracking earnings in order to compute Social Security benefits. While the widespread use of SSNs can be advantageous to business and government, it is also useful for identity thieves and other criminals. Moreover, records containing the SSN are increasingly available in electronic form, and easily accessible over the Internet. Thus, the need for streamlined business processes and openness of public records must be balanced against the increasing risks of identity theft and other crimes. Despite its widespread usage, there is no Federal law that requires comprehensive confidentiality protection for the SSN. An SSN may be found on display to the general public on employee badges and in court documents, or offered for sale on the Internet. Some limited protection of SSN confidentiality is provided by the Fair Credit Reporting Act (P.L. 91-508) and the Gramm-Leach-Bliley Act (P.L. 106-102), which restrict the use and disclosure of SSNs by financial institutions. Also, many states have enacted legislation to restrict the use, disclosure or display of SSNs. Still most private sector use of the number remains unregulated. In the 108th Congress, the Committee on Ways and Means approved comprehensive legislation to enhance SSN privacy to protect against identity theft (H.R. 2971; H. Rept. 108-685). Among other provisions, the bill would restrict the use, sale, purchase or display of SSNs. Members of Congress concerned about the magnitude of identity theft and its devastating effects on victims have introduced similar legislation this year. In announcing the hearing, Chairman McNulty stated ``there is no question that we need stronger protections for Social Security numbers to combat the growing crime of identity theft. Identity theft can destroy an individual's or family's financial well-being with a touch of a button. We must begin to place some common-sense limits on the use of the SSN by government and business in order to ensure the privacy of the information and prevent theft.'' FOCUS OF THE HEARING: The Subcommittee will examine what role the SSN plays in identity theft, and the steps that can be taken to increase SSN privacy and thereby limit its availability to identity thieves and other criminals. The hearing will examine how SSNs are currently used, what risks to individuals and businesses arise from its widespread use and options to restrict its use in the public and private sectors. DETAILS FOR SUBMISSION OF WRITTEN COMMENTS: Please Note: Any person(s) and/or organization(s) wishing to submit for the hearing record must follow the appropriate link on the hearing page of the Committee website and complete the informational forms. From the Committee homepage, http://democrats.waysandmeans.house.gov, select ``110th Congress'' from the menu entitled, ``Committee Hearings'' (http://democrats.waysandmeans.house.gov/ Hearings.asp?congress=18). Select the hearing for which you would like to submit, and click on the link entitled, ``Click here to provide a submission for the record.'' Once you have followed the online instructions, completing all informational forms and clicking ``submit'' on the final page, an email will be sent to the address which you supply confirming your interest in providing a submission for the record. You MUST REPLY to the email and ATTACH your submission as a Word or WordPerfect document, in compliance with the formatting requirements listed below, by close of business Thursday, July, 5, 2007. Finally, please note that due to the change in House mail policy, the U.S. Capitol Police will refuse sealed-package deliveries to all House Office Buildings. For questions, or if you encounter technical problems, please call (202)225-1721. FORMATTING REQUIREMENTS: The Committee relies on electronic submissions for printing the official hearing record. As always, submissions will be included in the record according to the discretion of the Committee. The Committee will not alter the content of your submission, but we reserve the right to format it according to our guidelines. Any submission provided to the Committee by a witness, any supplementary materials submitted for the printed record, and any written comments in response to a request for written comments must conform to the guidelines listed below. Any submission or supplementary item not in compliance with these guidelines will not be printed, but will be maintained in the Committee files for review and use by the Committee. 1. All submissions and supplementary materials must be provided in Word or WordPerfect format and MUST NOT exceed a total of 10 pages, including attachments. Witnesses and submitters are advised that the Committee relies on electronic submissions for printing the official hearing record. 2. Copies of whole documents submitted as exhibit material will not be accepted for printing. Instead, exhibit material should be referenced and quoted or paraphrased. All exhibit material not meeting these specifications will be maintained in the Committee files for review and use by the Committee. 3. All submissions must include a list of all clients, persons, and/or organizations on whose behalf the witness appears. A supplemental sheet must accompany each submission listing the name, company, address, telephone and fax numbers of each witness. Note: All Committee advisories and news releases are available on the World Wide Web at http://democrats.waysandmeans.house.gov. The Committee seeks to make its facilities accessible to persons with disabilities. If you are in need of special accommodations, please call 202-225-1721 or 202-226-3411 TTD/TTY in advance of the event (four business days notice is requested). Questions with regard to special accommodation needs in general (including availability of Committee materials in alternative formats) may be directed to the Committee as noted above.
The Subcommittee met, pursuant to notice, at 10:00 a.m., in room B-318 Rayburn House Office Building, Hon. Michael R. McNulty (Chairman of the Subcommittee) presiding. Chairman MCNULTY. The hearing will come to order. I want to welcome all of our witnesses and all of our guests. You will notice on the list of witnesses that we have three Members of Congress scheduled to be here today, Senator Schumer, Congressman Markey and Congressman Barton. They are involved in markups today so we do not know exactly what time they will arrive, but as they arrive, we will ask the indulgence of the other witnesses to accommodate their statements so that they can come in, make their statement, if they have time, answer a couple of questions and then get back to their markup. Our hearing today will focus on the role that the Social Security number plays in the crime of identity theft and options to enhance the privacy and security of the Social Security number so that it is not as useful a tool for identity thieves. Stealing or obtaining Social Security numbers through illegitimate means is a key part of identity fraud. Our Subcommittee is deeply concerned about identity theft and how to better protect the Social Security number. In fact, this is the 16th hearing on this topic we have held in the past 7 years. Identify theft is one of the fastest growing crimes in the United States. Research by the Federal Trade Commission suggests that almost 5 percent of the adult population of the United States, some 10 million people, were victims of some kind of identity theft in just a single 12-month period. Through its Web site and toll free hotline, the FTC receives between 15,000 and 20,000 contacts each week from those who have been victimized by identify thieves, as well as people seeking information about how to protect themselves from identity theft. Identity theft ruins individuals' good names and destroys their credit ratings. Identity thieves have stolen the homes of elderly retirees and have caused innocent persons to be arrested when crimes are committed under a falsified identity. It has even ruined the future credit ratings of young children. The FTC reports that individuals spend $5 billion a year attempting to recover their good names and credit histories. Annual surveys find that businesses lose more than $50 billion per year to identity theft-related fraud. Victims also spend years cleaning up the damage done by such thieves. In fact, we have learned that a victim who testified before this Subcommittee in the previous Congress, Nicole Robinson, still has not been able to correct her credit record. Even though she testified before Congress and our staff intervened with the credit bureaus, she continues to experience problems relating from the theft of her identity 7 years after her identity was first stolen. The Social Security Administration and its inspector general have worked diligently to increase the integrity and security of the Social Security number and the procedures used in issuing it. But SSA has essentially no control over how the Social Security number is used by other governmental agencies or the private sector. Today, we will hear about the problem of identity theft from Government agencies who have studied it and representatives of those who suffer from it. We will hear from businesses and Government agencies that use the Social Security and we will hear suggestions on how to better protect the Social Security number by limiting its use by Government and the private sector. I am committed to moving forward with legislation and of making it more difficult for thieves and other wrongdoers to obtain a Social Security number and use it to commit identity theft or other crimes. I welcome the testimony we will receive today that will help us better understand the nature of the problem and the potential solutions. I am now pleased to yield to the Ranking Member of the Committee, a distinguished veteran and one of my heroes in life, Mr. Johnson. Mr. JOHNSON. Thank you, Mr. Chairman. I appreciate Chairman McNulty for holding this hearing on protecting the privacy of Social Security numbers from identity theft. You know Americans are rightly worried about the security of their personal information, including their Social Security number. We hear reports on a daily basis about another data breach in the private or public sector where hundreds, if not thousands, of people's personal identity information is stolen. According to the Privacy Rights Clearinghouse, the total number of known records that have been compromised due to security breaches beginning in January 2005 through last week was over 155 million. The fact is that even though Social Security numbers were created to track earnings for determining eligibility and benefit amounts under Social Security, these numbers are widely used as personal identifiers. As we will hear today, Social Security numbers are vital to many commercial and Government transactions to verify identity and prevent fraud. Examples include enforcing child support, aiding law enforcement, compiling information from many sources to help ensure the accuracy of credit reports. Unfortunately, as pointed out by the GAO in testimony before this Subcommittee, Social Security numbers have become the identifier of choice and are used for everyday business transactions. In fact, in their April 2007 report, the President's Identity Theft Task Force identified the Social Security number as the most valuable commodity for an identity thief. So, it is no wonder that concerns about identity theft remain high. According to the Federal Trade Commission, identity theft is the number one consumer complaint, amounting to 36 percent of complaints received in 2006. Americans are right to be concerned. According to the latest data provided by the FTC, over a 1-year period, nearly 10 million, or about 5 percent of the adult population, discovered they were victims of identity theft. Even worse, the true number of victims in this devastating crime is unknown since most victims do not report it. Losses due to these thefts were estimated to exceed $50 billion. Also, it has been reported that ID theft victims spend roughly 300 million hours a year trying to resolve the negative effects of ID theft, including re-establishing their hard- earned good credit and clearing their good name. Even worse, identity theft continues to threaten our national security. As said in the 9/11 Commission Report, and this is a quote, ``Fraud in identification documents is no longer just a problem of theft. At many entry points to vulnerable facilities, including gates for board aircraft, sources of identification are the last opportunity to ensure that people are who they say they are and to check whether or not they are terrorists.'' Our Subcommittee has been working on a bipartisan basis to protect the privacy of Social Security numbers and prevent identity theft since the 106th Congress when it first approved the Social Security number Privacy and Identity Theft Prevention Act to restrict the sale and public display of Social Security numbers. This legislation was introduced on a bipartisan basis by then Subcommittee Chairman Clay Shaw and then Ranking Member, the late Bob Matsui. We know that providing for uses of Social Security numbers that benefit the public while protecting their privacy is a complex balancing act. However, I believe we must act and with your help, Mr. Chairman, we will act to stop rampant abuse of Social Security numbers, help prevent ID theft and further protect American privacy. I look forward to hearing from each of our witnesses and thank them in advance for sharing with us their experiences and recommendations. Thank you, sir. Chairman MCNULTY. I thank the Ranking Member. Other Members will be allowed to insert opening statements for the record. We are pleased at this time to be joined by Senator Schumer, who is involved in another markup, and we are going to go to him right away. He is the senior Senator from the State of New York. He has a long history on this subject of trying to protect our constituents across the country from identity theft. He is a dear friend of mine and before he leaves, I am going to give him a little editorial from one of the local newspapers in my district because when he was first elected to the Senate back in 1998, many people in upstate New York were wondering how much they would see of the new Senator, and he made a pledge that he would visit each of the 62 counties in the State of New York every single year that he was in office. The editorial from the newspaper cites the fact that you have kept that pledge every single year that you have served in the Senate. Thank you for going over and visiting my friend John Redcliffe and the farmers over there, they deeply appreciate it. Senator Schumer. STATEMENT OF CHARLES E. SCHUMER, A U.S. SENATOR FROM THE STATE OF NEW YORK Senator SCHUMER. Well, thank you, Mr. Chairman. I very much appreciate the introduction. I am so glad to be here for a whole lot of reasons. First, it is great to call you ``Mr. Chairman,'' my good friend Mike McNulty, who does such a wonderful job both in the capital region and down here. Second, for the 18 years in the House, or at least the first 9 and 10, I really wanted to be on this Committee, and I never got on so I am glad to get here at least on this side of the table. I am now on Senate Finance. Things work a little faster in the Senate in terms of seniority. I thought I might just tell a quick story in reference to the Chairman's mention. It is true I visit every county every year, so I am pretty diligent. I go to the little counties and big counties. In 2004, when I ran for re-election, I carried 61 of the 62 counties. I did not carry one, Hamilton County, not that far from where you are. Hamilton is a beautiful county. It is as large as Rhode Island. It is in the middle of Adirondacks, great forests and rivers and mountains, great hunting, great fishing, but it is our smallest county population-wise. It has a little bit fewer than 5,000 people. I had visited it six times since re-election, which was a lot. I asked my chief of staff, ``Why do you think I lost Hamilton County,'' Martin Brennan. Martin Brennan said, ``It is easy, Chuck, it is the only county where you actually met every single voter.'' Anyway, it is good to be here. I want to thank all of my friends, so many of whom I served with in the House, and my friend, Eddy Markey, who was senior to me then and senior to me now, and I thank you for your leadership on this issue, Mr. Chairman. Let me thank Congressman Rangel, our colleague from New York as well. We all know when it comes to identity theft, the Social Security number is the golden key that opens all doors. If you can get a person's Social Security number, you can impersonate him, steal his money, ruin his credit and literally devastate his life. In my testimony, I am going to focus on one particular risk of identity theft and what Congress can do about it. I am pleased that today the GAO, the Government Accountability Office, prepared at my request a report which focuses on the insidious problem of Social Security numbers displayed online in public records, and that report is being release coincident with this hearing. Now, it used to be that when your tax lien or your divorce decree was filed as a public record, it sat in an office building. You had to go there in person to track down a record but in recent years, more and more Government agencies are putting public records on the Internet. In fact, the GAO found that in 40 out of 50 States, one or more offices are displaying people's public records right on the Internet. Anyone with a computer can now view these online records, often for free. The recordkeepers who put files online probably just want to provide more transparency and access to information and those are important values I think we all support, but we need to have public access in a way that does not expose people to identity theft. In the words of the GAO, these online records provide ``potentially unlimited access'' to personal information, including Social Security numbers. It is not surprising that there are known cases where identity thieves use online public records to prey on their victims. Yet, the GAO reports that online display of public records is on the rise. We cannot let this practice continue unchecked. The report shows that online public records may be doing more harm than good. The world has changed but our laws are lagging far behind. Here is what we can do about it, Mr. Chairman, and I look forward to working with you and Chairman Rangel to try and accomplish some good changes here. First, we need to have uniform standards for protecting Social Security numbers by hiding either the first five digits or the last four digits. The good news is that Federal agencies have started hiding the first five digits of Social Security numbers in public record documents. The very bad news is that data brokers and other entities are going in the opposite direction and hiding the last four digits. So, it is a classic case of the Federal Government where one hand does not know what the other is doing. It makes it very easy to use public sources to get the whole nine numbers. It is sort of a little bit like an Abbott and Costello routine. You get the first five from the Social Security records-- you get the last four from the Social Security records, the first five from the others, the data brokers and others, and you sort of have straight flush for identity theft. It is like a slap stick routine, each group points the finger at the other but it is not a joke when ordinary citizens are paying the price. The GAO was able to piece together people's full nine digit numbers even though they were always hidden, one half or the second half, in just one hour from their desks. An identity thief could do this anywhere in the world. So, I am proposing legislation that would require the Social Security Administration to set standards, telling public agencies and private businesses what method of truncation to use so everyone will be protected. It is sort of a tragedy of errors, everyone is trying to help by masking part of the number but no one is paying attention to the big picture and that is where they need a Federal role. Congress should act now because the numbers of records involved are growing everyday, a little coordination in this area will go a long way toward stopping identity theft and it seems to me that this simple bill should pass by a wide margin. I do not know who would oppose it. Second, we need to make sure that state and local recordkeepers are never displaying full Social Security numbers on the Internet. I will be re-introducing my bill from the last Congress to ban these recordkeepers from showing complete numbers on the Internet. Again, I hope this bill can be passed quickly given the evidence of the report. The legislation is feasible and practical given the advanced technology we have today, like software to help find and hide Social Security numbers. County clerks and other public recordkeepers are public servants and they should be taking steps to protect people. They cannot say, ``Well, it is not my problem.'' So, if recordkeepers want to put documents online, they should but they should hide all or part of the Social Security number that appears in those documents. Under this bill, the Department of Justice will be able to enforce the ban by imposing fines on any office that ignores the law. It will also help recordkeepers by authorizing grants to their offices if they want to redact Social Security numbers from the older records because that takes a job to go back and do it, and we do not think that the local taxpayer should have to foot the entire bill for that. Finally, the GAO reports that private businesses have been buying public records in bulk for years. We need to know more about this practice, and I have asked the GAO to investigate it. Currently, we have no idea how frequently our records are being sold or why or where they go. This report reveals there may be large sets of records that are overseas and that these Social Security numbers may be beyond the protections of American law. When the GAO reports back on their investigation, we should try to work together to close any loopholes. The buying and selling of our private information is not the kind of thing that should be happening in the dark of night without any oversight even from people who are 10,000 miles away. With the great power of today's technology, Mr. Chairman, in conclusion, comes a great responsibility to regulate that technology and avoid unintended harms. The measures I have mentioned today will address the risks uncovered in today's report, excellent report by the Government Accountability Office, great job, and I hope that my colleagues will join me in moving these measures forward to protect Americans from identity theft. In conclusion, finally, I want to thank the Subcommittee and your leadership, Mr. Chairman, and the Ranking Member, Mr. Johnson, so that we can--this is an important step, this hearing, on rising to the challenge of protecting our Social Security numbers. I very much thank you for allowing me to be here today. [The prepared statement of Senator Schumer follows:] Prepared Statement of the Honorable Charles E. Schumer a Senator from New York Good morning, Chairman McNulty and Ranking Member Johnson. Thank you for inviting me to testify. I want to commend Subcommittee Chairman McNulty and Committee Chairman Rangel, my esteemed colleagues from the New York delegation, for holding this important hearing on protecting Social Security numbers. We all know that when it comes to identity theft, the Social Security number is the golden key that opens all doors. If you can get a person's Social Security number, you can impersonate him, steal his money, ruin his credit, and literally devastate his life. In my testimony, I'm going to focus on one particular risk of identity theft, and what Congress can do about it. I am pleased to announce today's release of a new report, prepared at my request by the Government Accountability Office, that focuses on the insidious problem of Social Security numbers displayed online in public records. It used to be that when your tax lien or your divorce decree was filed as a public record, it sat in an office building. You had to go there in person to track down a record. But in recent years, more and more government agencies are putting public records on the Internet. In fact, the GAO found that in 40 out of 50 states, one or more offices are displaying people's public records right on the Internet. Anyone with a computer can now view these online records, often for free. The record-keepers who put files online probably just want to provide more transparency and access to information, which are important values that I support. But we need to have public access in a way that doesn't expose people to identity theft. In the words of the GAO, these online records provide ``potentially unlimited access'' to personal information, including Social Security numbers. It's not surprising that there are known cases where identity thieves used online public records to prey on their victims. And yet the GAO reports that online display of public records is on the rise. We cannot let this practice continue unchecked. This report shows that online public records may be doing more harm than good. The world has changed, but our laws are lagging far behind. Here's what Congress can do about it, and I hope that my good colleagues here on the House side will lend their support to these measures. First, we need to have uniform standards for protecting Social Security numbers by hiding either the first five digits or the last four digits. The good news is that federal agencies have started hiding the first five digits of Social Security numbers in public record documents. The very bad news is that data brokers and other entities are going in the opposite direction of hiding the last four digits. This is a case of classic Federal Government where one hand doesn't know what the other is doing. This makes it very easy to use public sources to piece together a full nine-digit Social Security number that could be used for identity theft. The GAO was able to do this in just one hour, from their desks. An identity thief could do the exact same thing--from anywhere in the world. It's almost like a slapstick routine--each group is pointing the finger at the other. But it's not a joke when ordinary citizens are paying the price. That's why I am proposing new legislation that will require the Social Security Administration to set standards telling public agencies and private businesses exactly what method of truncation to use. It's a tragedy of errors--everyone is trying to help by masking part of the number, but no one is paying attention to the big picture. It's time for a federal role. Congress should act now, because the numbers of records involved are growing every day. Just a little coordination here will go a long way toward stopping identity theft, and it seems to me that this simple bill should pass by a wide margin. Second, we need to make sure that state and local record-keepers are never displaying full Social Security numbers on the Internet. I will be reintroducing my bill from the last Congress to ban these record-keepers from showing complete numbers on the Internet. I hope that my bill can be passed quickly, given the new evidence in this report. This legislation is both feasible and practical given the advanced technology we have today, like software to help find and hide Social Security numbers. County clerks and other record-keepers are public servants--they should be taking steps to protect people. If record-keepers want to put documents online, they are welcome to do so, but they should hide all or part of any Social Security number that appears in those documents. Under this bill, the Department of Justice will be able to enforce the ban by imposing fines on any office that ignores the law. My legislation will also help record-keepers by authorizing grants to offices that want to redact Social Security numbers from older records, but need more resources. Finally, the GAO reports that private businesses have been buying public records in bulk for years. We need to know more about this practice, and I have already asked the GAO to investigate it. Currently, we have no idea how frequently our records are being sold, or why, or where they go. This report reveals that there may be large sets of records that are overseas, and that these Social Security numbers may be beyond the protections of American law. When the GAO reports back on their investigation, the Congress should move quickly to close any loopholes. The buying and selling of our private information is not the kind of thing that should be happening in the dark of night, without any oversight. With the great power of today's technology comes a great responsibility to regulate that technology and to avoid unintended harms. The measures that I've highlighted will address the risks uncovered in today's report, and I hope that my colleagues will join me in moving these measures forward to protect Americans from identity theft. In closing, let me say that I appreciate the excellent work of the Government Accountability Office in preparing this study. Again, I thank the Subcommittee for recognizing that we must rise to the challenge of protecting our Social Security numbers, and thank you for having me here today. Chairman MCNULTY. Thank you very much, Senator Schumer. I know you are on the run but I just wanted to thank you for your testimony, to assure you that we will work together with you on legislation. I also want to thank you for a statement you made in another trip upstate recently about properly funding the Social Security agency so that we can start to cut back on this tremendous backlog that we have with regard to disability claims, which is not only a tremendous hardship on many of our constituents, it is a national embarrassment to every Member of Congress when someone comes in with a legitimate claim for a government benefit, and we tell them they have to wait a year and a half or 2 years before they even get an answer, so we really need to do something about that. I want to thank you for your commitment in that regard. On the House side, we have taken some steps in moving toward that. We have got $100 million over the President's request out of the Appropriations Committee, I asked for more than that but we got that far anyway. In recent years, the President's request has been under-funded, we are $100 million over. I am hoping that on the Senate side you can help us get to at least that number, or hopefully higher, so that we can begin to make a serious dent in this backlog. I do not know if you have time, do you have time to take a couple of questions? Then we will get immediately to Ed Markey after that. Does any Member wish to pose a question to the Senator? Yes, Lloyd? Mr. DOGGETT. Chuck, thanks so much for what you have been doing on this. Can you update us on where this legislation is in the Senate and how you think it is moving over there? Senator SCHUMER. I think it is moving very well. We are just going to update it because of the GAO report, particularly the first thing I mentioned, but it seems to have support. The one place where there was objection, the old or the local officials who used and put these things online, we have dealt with their objections, and I think the new legislation should have smooth sailing. Thank you, Lloyd. Chairman MCNULTY. I also want to ask unanimous consent that we insert into the record the new GAO report, which the Senator referenced in his testimony. Mr. Levin. [The provided material follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Mr. LEVIN. Welcome. Senator SCHUMER. Glad to be here, Sandy. Mr. LEVIN. Both of you and everybody else. Just quickly, and I will ask the same of Ed Markey, what is the source of the hesitation or the resistance? Senator SCHUMER. The only resistance, it is a good question, was from the local officials who said, ``Look, we have an obligation to put it online, you do something about it.'' So, the fact that we are both mandating that in the future they treat things one way, that is not too hard for them to do. There is software that does that easily. For past records that are on display, which of course an identity thief anywhere in the world could go back to, we help give them some funding to cover those up because that is a little harder. You have got to go back in the records and re-enter them. I think now most of the opposition is gone. Mr. LEVIN. By the way, I am not sure, as I look around, if everybody is old enough to remember Abbott and Costello. Your reference to them--they are going into different doors. Senator SCHUMER. Right. Mr. LEVIN. But it sounds very much like these actions would be attributed to Abbott and Costello. Senator SCHUMER. I find with my staff, and I am blessed, I have a great, great staff, but most of them are half of my age and I mention all these cultural things, and they look at me like I am from another planet. Now, I know how it feels, how my parents felt when we mentioned things like the Beatles or Elvis Presley or something like that. Mr. LEVIN. Thank you. Chairman MCNULTY. Well, I think most of them have seen the clips of ``Who's on first.'' [Laughter.] Chairman MCNULTY. If there are no further questions, I want to thank the senior Senator from New York. Senator SCHUMER. I thank you, Mr. Chairman, and all my colleagues. It is great to finally make it to the Committee on Ways and Means after all these years. [Laughter.] Chairman MCNULTY. Your staff has that editorial, Chuck. Senator SCHUMER. Great, thanks. Chairman MCNULTY. We would now like to go to our colleague from Massachusetts from Malden, Massachusetts, 7th District, the Honorable Ed Markey, who has been a real leader on this issue for a number of years. STATEMENT OF HON. ED MARKEY, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF MASSACHUSETTS Mr. MARKEY. Thank you, Mr. Chairman, very much and thank Mr. Johnson, and I thank each of you for inviting me here today. This is a very important issue. Mr. Barton of Texas and I have introduced legislation, the Social Security number Protection Act, in order to bring a halt to unregulated commerce in Social Security numbers. It does not establish an absolute prohibition on all commercial use of the number but it would make it a crime for a person to sell or purchase Social Security numbers in violation of rules promulgated the Federal Trade Commission. The Federal Trade Commission would be given the power to restrict the sale of Social Security numbers, determine appropriate exemptions, and to enforce civil compliance with the bill's restrictions. Why is this legislation necessary? Let me share with you just one story. Several years ago, a man named Liam Youens was stalking a 21-year-old New Hampshire named Amy Boyer. Youens reportedly purchased Amy Boyer's Social Security number from an Internet Web site for $45. Using this information, he was able to track her down, a process that he chillingly detailed on an Internet Web site that he named after his target. Finally, this demented stalker fatally shot Amy Boyer in front of the dental office where she worked. Afterward, he turned the gun on himself. The terrible tragedy of Amy Boyer's murder underscores the fact that while the Social Security number was originally intended to be used only for the purposes of collecting Social Security taxes and administering the program's benefit, it has over the years evolved into a ubiquitous national personal identification number, which is subject to misuse and abuse. The unregulated sale and purchase of these numbers is a significant factor in a growing range of illegal activities, including fraud, identity theft, stalkings and tragically even murders. If you do the simple Internet search in which you enter the words ``Social Security numbers,'' you will turn up links to dozens of Web sites that offer to provide you for a fee Social Security numbers for other citizens or to link up a Social Security number that you might have with a name, address and telephone number. Where are the data mining firms and private detection agencies obtaining these numbers? In all likelihood, they are accessing information from the databases of credit bureaus, financial service companies, data brokers or other commercial firms. Unfortunately, this has become a business. The privacy of all Americans has become a business. It becomes valuable information, all of these secrets about American families. While there is a purpose to which all of that information can be placed, it just should not be a commodity that can be used by anyone that feels that if they can combine enough of it, it becomes a product valuable to someone who wishes to purchase it. If someone actually obtains a Social Security number from one of these sites, they have a critically important piece of information that can be used to locate the individual, get access to information about the individual's personal finances or engage in a variety of illegal activities. By bringing to a halt, unregulated commerce in Social Security numbers, this bill, and what you are doing, Mr. Chairman, will help to reduce the incidence of pretext in crimes, identity thefts, and other frauds or crimes involving misuse of a person's Social Security number. We need to take action now if we are going to fully protect the public's right to privacy by preventing the sale of Social Security numbers. Under the legislation which Mr. Barton and I have introduced, the Federal Trade Commission would be given rulemaking authority to restrict the sale of Social Security numbers, determine appropriate exemptions and to enforce civil compliance with the bill's restrictions. On May 10th of this year, that legislation passed through the Energy and Commerce Committee. This, of course, is the other key Committee in terms of dealing with this issue, and you have to take action in a way that reflects your expertise on the whole issue of Social Security since that subject is here in the Committee on Ways and Means. But together we should find a way of affording real protection to American families on this legislation. Taking action now can help us to prevent further Amy Boyer's from being victimized. But even at a lower level, this whole idea that all of our information is now out there for anyone to be able to crack is wrong. These data miners have no regard for the personal privacy of us as a society. We are reaching a point now, to be honest with you, where some kid today who is googling some sites right now, unless we figure out a way of ensuring that that information is destroyed, 15 or 18 years from now, some employer will be saying, ``Let's go back and find out what that kid was googling to get some insight into who they are.'' So all of this is becoming increasingly an important part of our society, to determine what kind of privacy we want to provide to American families. You are providing the leadership, Mr. Chairman, I thank you for that. [The prepared statement of Mr. Markey follows:] Prepared Statement of the Honorable Ed Markey a Representative in Congress from the State of Massachusetts Mr. Chairman, thank you for inviting me to testify at today's hearing. The Gentleman from Texas (Mr. Barton), and I have introduced H.R. 948, the``Social Security Number Protection Act,'' in order to bring a halt to unregulated commerce in Social Security numbers. It does not establish an absolute prohibition on all commercial use of the number, but it would make it crime for a person to sell or purchase Social Security numbers in violation of rules promulgated by the FTC. The FTC would be given the power to restrict the sale of Social Security numbers, determine appropriate exemptions, and to enforce civil compliance with the bill's restrictions. Why is this legislation necessary? Let me share with you just one story. About six years ago, a man named Liam Youens was stalking a 21- year old New Hampshire woman named Amy Boyer. Youens reportedly purchased Amy Boyer's Social Security number from an Internet Web site for $45. Using this information, he was able to track her down, a process that he chillingly detailed on an Internet Web site that he named after his target. Finally, this demented stalker fatally shot Amy Boyer in front of the dental office where she worked. Afterwards, he turned the gun on himself. The terrible tragedy of Amy Boyer's murder underscores the fact that while the Social Security number was originally intended to be used only for the purposes of collecting Social Security taxes and administering the program's benefits, it has over the years evolved into a ubiquitous national personal identification number which is subject to misuse and abuse. The unregulated sale and purchase of these numbers is a significant factor in a growing range of illegal activities, including fraud, identity theft, stalkings and tragically, even murders. If you do a simple Internet search in which you enter the words ``Social Security numbers,'' you will turn up links to dozens of web sites that offer to provide you, for a fee, Social Security numbers for other citizens, or to link up a Social Security number that you might have with a name, address and telephone number. Where are the data- mining firms and private detective agencies that offer these services obtaining these numbers? In all likelihood, they are accessing information from the databases of credit bureaus, financial services companies, data brokers, or other commercial firms. If someone actually obtains a Social Security number from one of these sites, they have a critically important piece of information that can be used to locate the individual, get access to information about the individual's personal finances, or engage in a variety of illegal activities. By bringing a halt to unregulated commerce in Social Security numbers, my amendment will help reduce the incidence of pretexting crimes, identity thefts and other frauds or crimes involving misuse of a person's Social Security number. We need to take this action now if we are going to fully protect the public's right to privacy by preventing sales of Social Security numbers. Under the Markey-Barton bill, the FTC would be given rulemaking authority to restrict the sale of Social Security numbers, determine appropriate exemptions, and to enforce civil compliance with the bill's restrictions. As you know, on May 10th of this year, the Energy and Commerce Committee approved this legislation. The Speaker has now referred the bill to the Ways and Means Committee until July 20th, for consideration of such provisions that may fall within the Committee's jurisdiction. I would strongly urge the Committee to approve this bill, so that this Congress can put in place stronger protections to restrict the purchase and sale of Social Security numbers. Taking action now will help us prevent a recurrence of tragedies like the Amy Boyer case, as well as the much more frequent incidences of misuse of the Social Security number to perpetrate identity thefts. I look forward to working with you, Mr. Chairman, and with the Chairman of the full Committee, Mr Rangell, and Ranking Members McCrery and Johnson as the Committee moves forward to consider this important legislation. Chairman MCNULTY. Thank you, Mr. Markey. I want to thank you for your passionate activism on this issue for a long period of time. The part of your testimony I agree with the most is the time for talk should be over, and we should actually do something. I am in the process of putting together a proposal, which I am going to share with Mr. Johnson, hopefully get bipartisan support on this Committee, and then what I would like to do, Mr. Markey, is to talk to you and the gentleman from Ennis, Texas, Mr. Barton, and try to meld our proposals and get a united front and actually do something. Does anyone which to inquire of Mr. Markey? Yes, Ms. Schwartz? Ms. SCHWARTZ. Thank you. Good morning. Just a question, you leave the question of exemptions or possible appropriate use in your legislation rather open, basically to be set later. I understand that is a little bit of a difference between your legislation and Senator Schumer's, is that correct? So, just to inquire about whether you think there are any appropriate uses that we ought to articulate in legislation and are you open to that? Mr. MARKEY. Yes, well, what Senator Schumer I think was referring to is the fact that, for example, in the financial services industry, we have to find a way where they can use some of these identifiers so you can use the first five or the last four or some combination and so that there is some use that it can be placed but it doesn't unlock the whole key to who the individual is. We are actually working together on that for the financial services industry and others but only that a part of it is available, that the entire number is not made available unnecessarily because it is not necessary in order to provide an identification. All of us when we go down, and we punch in our little code when we are trying to take money out of the ATM machine, we only need four numbers, we do not need a nine number code. So, there is a way of doing it that can still protect the number. Ms. SCHWARTZ. Okay, and I think this question has somewhat been asked, I am somewhat new to this Committee but I understand there have been quite a few hearings on this and it feels like this is an issue that has been around, and we just have not taken action on. As you move forward as we do, as the Chairman does, it certainly seems that it is time for us to do something about it, to reach some understanding and agreement about this and provide some of this protection. All of us are asked for Social Security numbers all the time. We had an interesting hearing actually, the full Committee, just about people being appropriately afraid to share their Social Security number because of such failure to protect it once you give it out. So, I look forward to working with you and, of course, working with the Senate as well to actually move this along. Thank you. Chairman MCNULTY. Does anyone else wish to inquire? Mr. Markey, thank you very much for your testimony. We look forward to working with you on actually enacting some legislation. Mr. MARKEY. Thank you, Mr. Chairman, and I thank all of you very much. Chairman MCNULTY. We will now go to panel number two. Mr. Barton is on his way. When he gets here, because he is in another markup, we will accommodate him as well. Panel number two consists of The Honorable Patrick O'Carroll, inspector general of the Social Security Administration; Joel Winston, associate director, the Division of Privacy and Information Protection of the Federal Trade Commission; and Dan Bertoni, the director of Education, Work force, and Income Security of the GAO. I want to thank all of you for being here today. Your entire testimony will appear in the record. We ask you to summarize it in about 5 minutes so that we can have some time for some questions by the panel Members. If you could just keep your eye on the little indicator there, when the green light goes off and the amber light goes on, it is time to kind of wrap up. When the red light goes on, we would appreciate if you would try to conclude so we can get some questions in and also have time to get to the third panel. We will start with the inspector general. STATEMENT OF HON. PATRICK O'CARROLL, INSPECTOR GENERAL, SOCIAL SECURITY ADMINISTRATION Mr. O'CARROLL. Good morning, Chairman McNulty. Good morning, Mr. Johnson and Members of the Subcommittee. I want to thank you for your interest in protecting the Social Security number and for your interest in the work of the Office of the Inspector General. It is a pleasure to be here today to discuss this issue, which is at the heart of my office's mission: protecting the Social Security number. I suggest that in order to do so the time has come to strike an appropriate balance between convenience and security. You have my comprehensive written statement, and now I want to discuss some of its highlights. Over the past decade, we have worked in partnership with the Social Security Administration and with this Subcommittee to bring about improvements in the process by which SSA issues Social Security numbers, new SSN cards and replacement cards. However, we believe the greatest vulnerability is the theft of the number. I assure you that it is harder than ever to obtain a SSN or a Social Security card based on fraudulent information or false pretense. Unfortunately, we cannot report the same degree of progress in protecting the SSN once it legitimately leaves SSA. Our audit and investigative work has taught us that the more SSNs are used unnecessarily, the higher the probability that they might become improperly disclosed and then used to commit crimes. We have highlight vulnerabilities and have suggested ways SSA can try to persuade organizations to limit their use of the number and better protect sensitive data. However, legislation may be required to compel these organizations to forego the convenience the SSN represents. One of our most expansive reviews involved Federal agencies' controls over the access and use of SSNs by external entities. Recently, 15 Federal offices of inspectors general joined us with this review. We provided a comprehensive report with recommendations to improve the security the SSN at the Federal Government level. While we believe our work brought about improvements, recent OMB guidance makes it clear that the use of the SSN in Federal agencies will have to be further curtailed and security measures further improved. Of course, the Federal Government is not the only repository of SSN information. Schools, hospitals, businesses and state and local governments request SSNs for a variety of purposes, very few of which are actually required by law. Many of these entities use the SSN simply as a matter of convenience and do not provide adequate controls to protect the data. For example, our auditors have studied by universities' and hospitals' use of the SSN. While these institutions may have a legitimate use for the number with respect to certain functions, we found that once collected, the number was used for other purposes and was not always given the level of protection it deserves. In response to our audits, SSA's outreach efforts and their own experiences with data loss, many universities are now moving away from the SSN as a student identifier. In an audit currently underway, we are disturbed to learn though that 43 states still collect Social Security numbers for students in kindergarten through 12th grade despite the fact that only three of these states have laws that require it. Some of these schools and school districts still print the student's SSN on their attendance rosters, making it clear that they are placing convenience ahead of security. It may be the time for legislation barring the use of the SSN for all those but uses required by law. Our Social Security Number Integrity Protection Team encouraged banning the display of SSNs on driver's licenses, and this is one example of legislation enacted as part of the Intelligence Reform and Terrorism Prevention Act of 2004 that we believe has made a significant difference in SSN integrity. We frequently remind people do not carry your Social Security card in your wallet, so having the SSN on their driver's license undermine these efforts. In the same vein, consider the wisdom of SSNs displayed on the Medicare card or other forms of identification. So, the IRTPA provided a degree of assistance but more is needed. H.R. 745, introduced in the last Congress, and Senate bill 238, which was just discussed in the current Congress, each seek to address the display of SSNs and the sale of SSNs by information brokers, practices not currently prohibited by law. H.R. 948 would also prohibit the sale of SSNs under many circumstances, which would help reduce the largely unfettered trafficking in SSNs that are being done by information brokers. Legislative action to limit the sale and display of SSNs is critical to the security of the SSN, and I applaud these efforts just as I applaud the Subcommittee's commitment to improving the integrity of the SSN protection for all. In summary, far from its original intent, the SSN has become a convenient tracking number, whose proliferation has significantly detrimental consequences. We cannot allow the public security to be jeopardized over a matter of convenience. Thank you. [The prepared statement of Mr. O'Carroll follows:] Prepared Statement of the Honorable Patrick O'Carroll, Inspector General, Social Security Administration Good morning, Chairman McNulty, Mr. Johnson, and members of the Subcommittee. Thank you for the invitation to be here today to discuss the Social Security number (SSN) and how we can better protect it and the American people. The Office of the Inspector General (OIG) at the Social Security Administration (SSA) came into being in 1995, with the implementation of the Social Security Independence and Program Improvements Act of 1994. As a new entity charged with preventing and detecting fraud, waste, and abuse in SSA's programs and operations, we were well aware of the central role that the SSN played in American society, and the critical need for us to protect its integrity. With SSA, we have made significant strides towards that end since our early days. However, we are keenly aware that much more needs to be done. Today, I will provide you a brief history of our audit and investigative efforts, which have played an important role in strengthening SSN integrity--especially in the way these important numbers are assigned. But, more importantly, I will provide you with perspective on areas in which action is still needed--perhaps through additional legislation--to better protect SSNs from unnecessary collection and improper disclosure. I believe the American people expect and deserve our attention to address this vital matter. Well before 9/11, and even before identity theft became as significant an issue as it is today, we knew we had much work to do to strengthen SSN integrity. We were especially aware of the broad uses of SSNs throughout U.S. society and their importance to noncitizens while they are in the U.S. We also recognized that SSNs are the cornerstone of SSA's programs and, therefore, before we could turn too much of our attention outward--to the use and misuse of SSNs--we first needed to make sure that everything was in order within SSA. As a result, much of our early SSN work was in the area of enumeration--the process by which SSA assigns SSNs. If SSA's enumeration processes were not sound, no amount of improvement to the use and security of the SSN after it was issued would be of much value. Since 1999, when we issued a Management Advisory Report emphasizing the importance of proper SSN assignment and use, we have worked closely with SSA to improve controls in the enumeration process. Based on our recommendations, collaborative efforts and new legislative requirements, SSA has improved the enumeration at birth and enumeration at entry programs, heightened the awareness of SSA employees to fraudulent identification documents presented with applications for SSNs, tightened controls over the issuance of replacement Social Security cards, and otherwise made it much more difficult to obtain a valid SSN through the use of a fraudulent application. During this period, my predecessors testified before this Subcommittee and other Committees and Subcommittees of both houses of Congress on SSN-related issues many times, presenting the results of our work, responding to requests from Members, proposing legislation, and seeking ways to further improve SSN integrity. The September 11 attacks underscored the need to continue those efforts, but with respect to SSNs, did not teach us anything we did not already know about the critical role of the SSN in our society. In the months following 9/11, we worked with the FBI and other law enforcement agencies to provide critical information, and began a series of SSN- based Homeland Security initiatives. These projects sought to ensure, through review of SSNs and other information, that individuals with access to critical infrastructure sites such as airports, seaports, nuclear power plants, and similar locations, were who they claimed to be, and not imposters who would do us harm. Even while working on Homeland Security matters, our investigators continued their day-to-day work on individual SSN misuse cases, bringing to justice scam artists, identity thieves, counterfeit document artists, and other criminals whose tool of the trade was the purloined SSN. On an annual basis, we receive about 10,000 allegations of SSN misuse a year, and investigate approximately 1,500 criminal cases of misuse. After years of increases, these numbers have now held steady for several years, indicating that not only our investigative work, but also our audit work, is having a significant impact. Having completed numerous audits that helped SSA strengthen its enumeration processes, in more recent years our auditors have begun to address the far more challenging issue of SSN misuse. While SSA can implement controls to prevent the improper assignment of SSNs, it has very few mechanisms to curb the improper--or simply the unnecessary-- use of an SSN. Our audit and investigative experiences have taught us that the more SSNs are used unnecessarily, the higher the probability that these numbers could be improperly disclosed and used to commit crimes throughout society. We read about these occurrences in the newspaper every day, but we've yet to develop meaningful ways to stem the tide. As I'll discuss in a moment, our recent audit work has highlighted vulnerabilities and suggested some ways in which SSA can try to persuade organizations that use SSNs to limit this use and better protect this sensitive information. To some extent, these efforts, along with the users' own experiences with improper disclosures, have convinced some organizations to do as we and SSA have suggested. However, because it is such a convenient and unique number, and change may be costly, others appear to discount the risk and continue on with business as usual. To convince these parties, we believe SSA needs more help. Specifically, we believe the time has come to consider legislation limiting the collection and use of SSNs to those purposes mandated by Federal law, or otherwise reducing the use of SSNs as convenient identifiers. In 2002, the Federal inspector general community joined with us to look more closely at one high-risk issue regarding SSNs: agencies' controls over access, disclosure, and use of SSNs by external entities, such as contractors, within their respective agencies. A total of 15 Offices of Inspector General participated in this effort, each conducting an audit within their respective Agencies. We combined our results and provided a comprehensive report, which included recommendations to improve the security of the SSN at the Federal Government level.While we believe that our work, and the work of our fellow inspectors general, brought about improvements in SSN security and heightened awareness of the issue, there is more to be done. Recent OMB guidance makes it clear that at least at the Federal level, uses of the SSN must be curtailed, and security measures enhanced. We will continue to monitor the Federal sector's progress in accomplishing this mandate. Of course, the Federal Government is not the only source of SSN information. As I'm sure you're aware, schools, businesses, and State and local governments request SSNs for a multitude of purposes--very few of which are required by law. Rather, many of these organizations use the SSN as an identifier simply because it is convenient. For example, our auditors have looked at the use of SSNs by universities and hospitals as student and patient identifiers, respectively. While both of these types of organizations may have had some reason for collecting SSNs, such as financial aid or Medicare coverage, we found that once collected, the number was used too frequently for other purposes and not always given the level of protection necessary. In response to our audits, SSA outreach, and their own experiences with data exposures, many universities are moving away from using SSNs as student identifiers. However, in an audit currently underway, we were disturbed to learn that 43 States collect the SSNs of students in kindergarten through 12th (K-12) grade. In only three of these States is the collection of these numbers required by law. The No Child Left Behind Act of 2001 requires that each State implement an accountability program that measures the progress of students and schools through the collection and analysis of data. However, the law does not require that States use SSNs to identify and track students. Rather, we believe that some K-12 schools use SSNs as a matter of convenience. For example, while we did not perform a statistical sample, we know of some schools and districts that still print the students' SSNs on attendance rosters. We would suggest that the security of individuals' personal information--in this instance, the personal information of children-- not take a back seat to administrative convenience. For the 2004/2005 school year, the National Education Association estimated that there were more than 48 million K-12 students in over 15,000 school districts across the country. We believe that the collection and use of SSNs without proper controls is a huge vulnerability for this young population. Recent data indicate the number of children under age 18 whose identities have been stolen is growing. This is particularly troubling given that some of these individuals may not become aware of such activity until they apply for a credit card or student loan. We also found that State and local governments use the SSN as an identifier for other programs, such as prescription drug monitoring, when other identifiers such as drivers license numbers might be more appropriate. Additionally, these entities don't always provide sufficient protection of this data. We even conducted an audit that looked at the access prisoners are sometimes given to SSNs while doing work in prison on State records or other documents containing SSNs and other personal information. The possibility of giving a convicted identity thief access to the tools of his or her trade while in prison is certainly alarming. I'm proud of the work that has been done, and continues to be done, by both our Office of Audit and our Office of Investigations, but our focus on SSN integrity does not stop there. Several years ago, in order to keep track of our many-faceted effort to protect the SSN, we formed the Social Security Number Integrity Protection Team, or SSNIPT. That group, comprised of attorneys, auditors, and investigators, has had its own quiet--but important--successes. It was in part the efforts of the SSNIPT team that led to the eradication of the display of SSNs on Selective Service mailings and the Thrift Savings Plan website--two practices in which the Federal Government was itself putting the SSN at risk. The team has also worked to propose legislation, which was ultimately enacted as part of the Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA), to eliminate the practice of displaying SSNs on drivers licenses. All of our exhortations over the years aimed at getting Americans to stop carrying their Social Security cards in their wallets would be of little value if the one document they were required to carry also displayed their SSN. The OIG will not waver in our commitment to protect the integrity of the Social Security number through our timely audit, investigative, and other work, and we welcome Congress' help. Legislation has been, and will always be, a key factor in our ability to protect the SSN and protect the American people. Legislation has, to some degree, improved enforcement mechanisms in this area (the Identity Theft Penalty Enhancement Act), but legislation that would limit the display of SSNs on public documents or eliminate the sale of SSNs by information brokers has not yet been passed, with the exception of the IRTPA provision concerning drivers' licenses. Similarly, no law has been passed to address the unnecessary collection of SSNs by schools, hospitals, or other entities that use this number as a matter of convenience but fail to adequately protect this personal information. There are, however, a number of bills that have been introduced. In the last Congress, H.R. 1745, as well as the current Congress' S. 238, each seek to address both the display and the sale of SSNs, and H.R. 948, while silent on the display of SSNs, would also prohibit their sale under many circumstances. Any legislative provisions that reduce the display of SSNs or limit or eliminate trafficking in SSNs by information brokers and others would be of great help to our efforts. It is important, however, not only to stop intentional criminal behavior, but to place an onus on those who use the SSN--either because they are required to do so by law, or because the SSN is a convenient identifier--to protect the information they are holding. Consider an investigation we recently concluded in which several people were convicted of SSN misuse on a large scale. The primary subject of the investigation was a manufacturer of fraudulent identification documents that he created using real names and SSNs that his co-conspirators obtained. The documents were then used to defraud banks, businesses, and individuals out of more than half a million dollars. The names, SSNs, and other data were stolen from banks and from a hospital where security measures were obviously inadequate to prevent or detect the theft. This individual and his co-conspirators are being criminally prosecuted, but criminal prosecution is not always an option. One proposal we have made in the past is that the OIG's Civil Monetary Penalty authority be extended to include SSN misuse. Providing the authority to penalize those who misuse SSNs but are not criminally prosecuted, or to penalize institutions that collect, but fail to protect, SSNs could create a strong deterrent and an effective tool. The OIG has proven its ability to administer such a program through its administration of the existing provisions of Sections 1129 and 1140 of the Social Security Act--and we are prepared to take on this new challenge. Indeed, we are faced with new challenges on a daily basis, as we constantly find new ways to close gaps in the SSN's protection. We are currently examining the practice of assigning SSNs to noncitizens who will only be in the United States for a few months--but are allowed to obtain an SSN that will be good forever. Consider, for example, the practice of allowing noncitizens who enter the country with a fiance visa to obtain an SSN. While deciding whether they will marry, these noncitizens are allowed to stay in the United States for 3 months-- after which time they must marry, leave the country or apply for a new immigration status with DHS. By approving their request for an SSN during this 3-month period, we might be giving those who have no intentions to marry a much-needed tool for overstaying their visas. We believe a wiser course of action would be to approve the SSN application after the marriage has occurred, but we may need a legislative remedy to implement such a policy. Additional opportunities exist to restrict SSN access to other populations that might take advantage of similar programs. We've also just undertaken an audit concerning the display of the SSN on Medicare cards, a document that many Americans carry in their wallets. I mentioned earlier our attempts to remove the SSN from drivers' licenses; while the use of the SSN in the Medicare program may be necessary, the display of the SSN on the card is something we'll be taking a critical look at. As we have stated before this Subcommittee on many occasions, the SSN was never intended to do more than track a worker's earnings and pay that worker benefits. As the uses of the SSN have expanded over the decades, through acts of Congress and through the SSN's adoption simply as a matter of convenience, its value has increased as a tool for criminals. The Social Security card itself, which states on its face that it is not to be used for identification, is frequently cited as needing improvement. But spending billions of dollars to try and stay one step ahead of counterfeiters is not the answer. The answer lies in doing everything we can to ensure the integrity of the enumeration process; limit the collection, use, and public display of the SSN; encourage the protection of the SSN by those who use it legitimately; and provide meaningful sanctions for those who fail to protect it or who misuse it themselves. We will continue our audit work in these areas, such as the fiance visa audit I just mentioned. We will continue our investigations, such as those I've described today. We will continue working to ensure Homeland Security, as reflected in the role we played in the recent arrests of terrorists planning an attack on Fort Dix. We will continue to seek the prosecution of employers or others who knowingly provide false SSNs to employees otherwise not authorized to work in the United States, as we did just last week in the Pacific Northwest, where a staffing agency was allegedly providing illegal workers with fraudulent SSNs. And we will continue to work with SSA and with this Subcommittee in hearings such as this, and in seeking legislation to make our efforts still more effective. Thank you, and I'd be happy to answer any questions. Chairman MCNULTY. Thank you, Mr. O'Carroll. In accordance with my previous announcement, we want to accommodate Congressman Barton, who is in another markup. I want to thank you, Joe, for making the time to come over and at this time, I would like to recognize the gentleman from Ennis, Texas, Congressman Barton. His entire testimony will appear in the record, and we now invite him to summarize his testimony. STATEMENT OF HON. JOE BARTON, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF TEXAS Mr. BARTON. Thank you, Chairman McNulty. I apologize for my tardiness. We do have a full Committee markup upstairs on nine bills to reauthorize and approve the Food and Drug Administration. I did not know Ways and Means had a hearing room in the Rayburn Building. I headed out to the Longworth Building, and I had to be turned around and brought back here, but this is pretty nice. We can make a trade or something. I also thank Ranking Member Johnson for his many courtesies over the years. ----I want to thank this Subcommittee for holding this important hearing on the vulnerability of the Social Security number and how we should protect our Social Security number. Twenty years ago, nobody gave a second thought to showing a Social Security number on a driver's license. Now times have changed. In the Internet age, the Social Security is the key to our personal, medical and financial history. If we do not protect it, other people can unlock our lives and steal both our money, our reputations and sometimes our identities. The thought of a universal identifier, like the Social Security number, falling into the hands of an identity thief strikes a chord of fear in every consumer in this country, as it well should. The Federal Government is partly to blame for allowing Social Security numbers to morph into something so crucial. When Social Security was being invented, they needed a way to uniquely identify every participant. Since 1936, the government has issued roughly 420 million Social Security numbers. No one then imagined the ubiquitousness and the critical role that these numbers would assume because records were on paper, credit was a luxury for the elite, and identity theft was literally something out of science fiction. Unfortunately, a Social Security number now can be used to wreck a person's finances. Our Social Security numbers are everywhere. They are vulnerable to abuse and the government largely has failed to do anything about it. Last year, I applied for a cell phone at Radio Shack. I had to give my Social Security number to three different people in the course of getting that cell phone within a 30 minute period. That is simply unacceptable in my opinion. Technology is part of the problem and fortunately technology is beginning to offer solutions. Businesses which use Social Security numbers as commercial identifiers can often authenticate customers effectively and in a flash with other identifiers. Moreover, there are numerous situations in which no benefit exists for the business to require a Social Security number at all. I think some of them simply do it out of habit. Once a business does have your Social Security number, can they share it? Can they sell it? For that matter, can a business buy your Social Security number from another business? None of that to me seems like a very good idea, and I hope this Subcommittee would agree with that. These are important questions and the answers are even more important. Erasing the link between our Social Security number and our personal information I think and Congressman Markey thinks is the best idea. Lacking that, there are a few easy steps that each of us can take to cut the risk of our number falling into the wrong hands. H.R. 948, the Social Security Number Protection Act, is a good start. This bill accomplishes something so simple that it is hard to believe that it has not already been done. It makes the sale and purchase of our Social Security number illegal. Buying and selling people's Social Security numbers I think is intolerable in a modern society. Internet information brokers should not have the ability to sell information to anyone who walks in the front door and plunks down a few dollars. As additional protection, H.R. 948 restricts the display of Social Security numbers online and prohibits requiring your number on any identification or Membership card. I am well aware of the benefits Social Security numbers provide in preventing fraud and protecting me from being a victim. Despite comments from the critics, the intent of H.R. 948 does not affect legitimate uses of Social Security numbers. The Federal Trade Commission has given rulemaking authority to exempt honest purposes from the prohibitions that protect consumers. Mr. Chairman, Ranking Member, and Members of this Subcommittee, the Energy and Commerce Committee, on which I serve and Congressman Markey serves, voted unanimously to report H.R. 948 last month. That does not happen often on the Energy and Commerce Committee, let me tell you. Last night, we were up here until 11 o'clock and passed six bills, all on a party line vote, so an unanimous consent report of H.R. 948 is an accomplishment. I hope that your Committee will now take up either the bill that Mr. Markey and I are sponsoring or discharge it so that we can take this important step in protecting our consumers' identities and their privacy. With that, Mr. Chairman, and Members of the Subcommittee, I yield back. Chairman MCNULTY. Thank you, Mr. Barton, and thank you for your many years of work on this issue. I think most people have their own personal stories about being asked for their Social Security number. I have a similar one to yours. It was a retail purchase. My wife and I were out a few years ago, and we were buying a refrigerator. We made selection and filled out the paperwork, and I was paying by personal check. I know you have additional ID, so I had my driver's license, which is a picture ID, and the driver's license number, which is not the Social Security number, and I wrote that on the check and gave it to the cashier. She then asked me for my Social Security to buy a refrigerator. Now, the difference between you and me is I refused. Mr. BARTON. Good for you. Chairman MCNULTY. I still got the refrigerator, but how many people are in circumstances like that and they just freely give their Social Security number? So, I think before we even get to legislation, we have a tremendous job ahead of ourselves in educating people about the proper circumstances under which they should share their Social Security number. Thank you for that news about reporting the bill out of the Committee. Mr. Johnson reminded me that in the last Congress, we reported out a bill out of Committee on Ways and Means but for some reason or another, these bills never get enacted into law. I mentioned to your colleague, Ed Markey, and to Senator Schumer earlier that while everybody is grateful for what everyone has done in the past in focusing on this issue, now is the time we need to actually do something, to pass something and get enacted into law. I want to thank you for your continued commitment to see to it that that happens. Does any Member wish to inquire of Congressman Barton? Ms. Tubbs Jones? Ms. TUBBS JONES. Just an inquiry, Congressman Barton. I was reading a newspaper article from the Cleveland Plain Dealer, which is my hometown newspaper, and what happened in the state of Ohio was that an intern had a copy of a disk of a number of people who were receiving, I guess it was back-up checks and so it says that thousands of state workers rushed to sign up for identity fraud protection after learning their personal information was on a back-up computer tape stolen from an intern's car. There are all kinds of crazy things that happen that expose people's information to possible identity theft. For the record, Mr. Chairman, I seek unanimous consent to have two articles from the Plain Dealer entered into today's record. Chairman MCNULTY. Is there objection? The Chair hears none, so ordered. The first provided article follows: [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] The second provided article follows: [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Ms. TUBBS JONES. It ended up that the state decided that they would hire a company to provide identity theft protection for all these workers whose information had been lost in the process. But you think about it, this is a legitimate use of the Social Security number but being put in jeopardy as a result of some stupid activity, or maybe I should not say ``stupid,'' someone not thinking about where they kept up with information on behalf of workers. Having coming from a criminal justice background, as a prosecutor, as a judge, sometimes I think we try and implement laws to protect a certain situation, it really may not be the criminal justice system that we need to implement but having to safeguard this place to make appropriate conduct for the use of information. I am like you, I have to call into the bank to get my information, I have to give them my full Social Security number to get the $2 that I have in the bank. But it is really kind of a crazy situation. Mr. BARTON. Can I borrow a dollar? Ms. TUBBS JONES. Can you borrow a dollar? Let's see, maybe I can help you out. Well, I want to thank you for the work that you are doing in this area and like to be supportive. Thank you, Mr. Chairman. Chairman MCNULTY. Does anyone else wish to inquire? If not, we wish to thank Congressman Barton. Thanks, Joe. Mr. BARTON. Thank you, Mr. Chairman. Chairman MCNULTY. That concludes the testimony of panel one. We will continue on panel two with Mr. Winston. STATEMENT OF JOEL WINSTON, DIRECTOR OF PRIVACY AND INFORMATION PROTECTION, FEDERAL TRADE COMMISSION Mr. WINSTON. Thank you, Chairman McNulty, Ranking Member Johnson, and Members of the Subcommittee. I am Joel Winston, associate director of the Division of Privacy and Identity Protection at the Federal Trade Commission. I appreciate the opportunity to testify today about Social Security numbers and identity theft. As we have heard, identity theft afflicts millions of Americans every year. One telling example illustrates the damage it can cause. A few months ago, a consumer from Los Angeles contacted the FTC Identity Theft Hotline. He reported that his employer had suffered a data breach in which the consumer's employee records, including his Social Security number, had been compromised. Soon thereafter, an identity thief opened five credit card accounts in the consumer's name, resulting in thousands of dollars of unauthorized charges. But the thief did not stop there, he also emptied the consumer's checking account of almost $2,000. In the first month or so after discovering the theft, this consumer spent hundreds of hours trying to repair the damage. The Social Security number is often the key item of information that an identity thief needs to commit his crime. It is therefore critical to make SSNs less accessible to identity thieves. At the same time, it is important to remember that SSNs serve legitimate and useful purposes in our economy, including their widespread use to match individuals to information about them. For that reason, any restrictions on SSNs should be carefully tailored to reduce disclosures or uses that are unnecessary without inadvertently eliminating or burdening those that are necessary. Although SSNs sometimes are used for legal compliance or essential business purposes, too often they are used simply as a matter of convenience or habit. For example, some organizations still use SSNs on employee badges or ID cards when a different and less sensitive identifier would work just as well. The President's Identity Theft Task Force, in its report issued this April, concluded that, ``More must be done to eliminate unnecessary uses of SSNs, both in the public sector and the private sector.'' The government has already begun to address its own SSN policies. This week, for example, the Office of Personnel Management issued guidance to all Federal agencies on limiting the collection and use of SSNs for human resource purposes. With respect to the private sector, the Task Force calls for a comprehensive review of SSN usage, and this review has already begun. We will be looking at the extent to which SSN uses are driven by business necessity and what the benefits and costs would be of restricting them. In the meantime, the Federal Trade Commission has taken, and is continuing to take aggressive action to address identity theft. The first priority is prevention, stopping thieves from obtaining SSNs or other sensitive information. Businesses must be vigilant in protecting sensitive data they collect from consumers. To re-enforce this message, the Commission has brought 14 law enforcement actions against businesses that fail to reasonably safeguard consumers' personal information. Consumers, too, must be more careful about guarding their information and so consumer education is a key part of our strategy. The Commission reaches out to the public in a variety of ways, including our identity theft Web site and hotline, and our highly successful multi-media national education campaign named, ``Deter, Detect, Defend.'' But restrictions on SSN usage and disclosure and better data security are not enough. Some sensitive information inevitably will find its way to identity thieves. Therefore, we must make it more difficult for criminals to use SSNs once they obtain them. Creating better methods of authenticating consumers would further this goal. When a thief steals personal data, he can use it to open an account only if he can convince the account provider that he is the person whose data he stole. In April, the Commission hosted a workshop on authentication. We learned some encouraging new techniques to authenticate consumers that are being developed and deployed, and we discussed how the government and private sector can encourage their adoption. I would like to turn now briefly to the issue of legislation. As we have heard today, several bills have been introduced in Congress over the past few years that would restrict SSNs in various ways. Generally, these bills would prohibit the display, purchase, sale or use of SSNs, subject to several exceptions, such as for law enforcement, public health and credit reporting purposes. The Commission has not taken a formal position on these bills, but I believe that they have an appropriate objective: to eliminate gratuitous SSN transfers or use while recognizing that there are certain necessary and legitimate transfers or uses that should be permitted. The challenge is to draw the right line. As Mr. Johnson said, it is a complex balancing act. As I stated earlier, the Task Force is in the process of developing a comprehensive record on the factors that impact on where that line might be drawn. We support the idea that rulemaking authority be granted to the appropriate Federal agencies to implement and flesh out these exceptions, and I note that H.R. 948 gives that authority to the FTC. Identity theft is one of the most important consumer protection issues of our time and must be attacked at every angle. The Commission will continue to place a high priority on preventing this crime and helping victims to recover. We look forward to continuing our work with Congress in this effort, and I would be happy to answer any questions that you might have. The prepared statement of Mr. Winston follows:] Prepared Statement of Joel Winston, Director, Division of Privacy and Information Protection, Federal Trade Commission [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Chairman MCNULTY. Thank you, Mr. Winston. Mr. Bertoni. STATEMENT OF DAN BERTONI, EDUCATION, WORKFORCE, AND INCOME SECURITY, GOVERNMENT ACCOUNTABILITY OFFICE Mr. BERTONI. Good morning, Mr. Chairman, and Members of the Subcommittee. I am pleased to be here to discuss ways to protect the Social Security number, which was originally created as a means to track worker earnings and administer retirement benefits. Over time, the SSN has evolved beyond its intended purpose, become the identifier of choice and is now used for myriad non-Social Security purposes. This is significant because a person's SSN, along with name and date of birth, are key pieces of information used to commit identity theft. Potential for misuse of the SSN has raised concerns about how the public and private entities are obtaining, using and protecting SSNs. My testimony today is based on our prior work, as well as the report issued today for Senator Schumer and will focus on describing SSN use in the public and private sector, as well as vulnerabilities that remain to protecting them. In summary, a number of Federal laws and regulations authorize or require agencies at all levels of government to collect SSNs to administer their programs. For example, the Debt Collection Act 1996 requires any individual doing business with the Federal Government or applying for a grant or service to furnish a valid SSN. Certain state and local government agencies also collect SSNs as part of their responsibility for maintaining public records. In a prior work, we reported that 41 states and the District of Columbia display SSNs in public records, as well as 75 percent of all U.S. counties. SSNs were most often found in court and property records. As noted earlier, in our report issued today, we found that the Internal Revenue Service and the Department of Justice are the only Federal agencies commonly providing records containing SSNs to state and local recordkeepers. IRS and Justice provide thousands of property liens annually to recordkeepers in which they have traditionally included full SSNs for identity verification purposes. Historically, access to public records occurred by visiting local offices and search through electronic or paper records. However, today, more recordkeepers provide potentially unlimited access to sensitive information through bulk sales to private companies and to the public via the Internet. Some states, however, have begun to restrict how they display or provide access to SSNs in such records. For example, Florida counties we recently visited are currently using special software to search for and remove millions of SSNs and other sensitive information from their records. In the private sector, information re-sellers, credit bureau reporting agencies and health care organizations collect SSNs from various sources and use this information primarily for identification verification purposes. Large information re- sellers obtain SSNs from various public records, such as bankruptcy notices, tax liens, civil judgments and property transactions. In addition to their own direct use of SSNs, entities such as banks, securities firms, telecommunications firms and tax preparers also share this information--SSN information with third party contractors who perform services for them. Although new Federal and state laws have helped restrict SSN use and display, vulnerabilities remain. For example, we are concerned that SSNs are still displayed on certain federally-issued cards. In particular, the Center for Medicare and Medicaid Services has not yet acted to remove SSNs from over 40 million Medicare cards despite our report citing this weakness. We are also concerned that current Federal laws restricting the sale of SSNs and other personal information applied to certain types of entities, such as financial institutions, but not to information re-sellers, who are obtaining and using the same sensitive data. However, recently proposed legislation, the Social Security Protection Act of 2007, as discussed by Mr. Markey earlier, if enacted, may help address this vulnerability by placing additional restrictions on the sale and purchase of SSNs. H.R. 1745, which was introduced in the last Congress, also includes provisions to address this issue. Further, Federal oversight regarding the sharing of SSNs with contractors is less stringent for the telecommunications and tax preparation industries, which poses potential additional challenges for protecting SSNs and other sensitive data in those industries. Finally, although Federal agencies have begun truncating SSNs on documents provided to state and local recordkeepers, different truncation methods between the public and private sectors have implications for identity theft. Current Federal lien records display the last four digits of SSNs, while private re-sellers often provide the first five digits of the SSN to the customer. Consequently, with minimal effort, our analysts were able to electronically access private sector databases, compare this information to Federal liens, and reconstruct full identity and SSN information for 10 liens for 10 individuals from 10 states. The entire process took less than an hour or about an hour or about 6 minutes per SSN and it was all done from their desks. In light of this finding, we continue to urge the Congress to consider enacting a single truncation standard or assign an agency to do so. Mr. Chairman, this concludes my remarks. I will be happy to answer any questions that you or other Members of the Subcommittee may have. Thank you. [The prepared statement of Mr. Bertoni follows:] Prepared Statement of Dan Bertoni, Director, Education, Workforce, and Income Security, Government Accountability Office Mr. Chairman and Members of the Subcommittee: I am pleased to be here today to discuss ways to better protect the Social Security number (SSN), which was originally created as a means to track workers' earnings and eligibility for Social Security benefits. Since its creation, the SSN has evolved beyond its intended purpose to become the identifier of choice for public and private sector entities and is now used for myriad non-Social Security purposes. This is significant because a person's SSN, along with name and date of birth, are the key pieces of personal information used to perpetrate identity theft. Consequently, the potential for misuse of the SSN has raised questions about how private and public sector entities obtain, use, and protect SSNs. Over the last several years, the Congress and some states have recognized the importance of restricting the use and display of SSNs by both the public and private sectors. As a result, federal and state laws have been enacted that to some degree protect individuals' personal information, including SSNs. However, the continued use of and reliance on SSNs by public and private sector entities, as well as the potential for their misuse, underscore the importance of identifying areas that can be further strengthened. GAO has issued a number of reports and testified before this Subcommittee about the various aspects of SSN use in both the public and private sectors. Accordingly, my remarks today will focus on describing the (1) use of SSNs by government agencies, (2) use of SSNs by the private sector, and (3) vulnerabilities that remain to protecting SSNs. In summary, a number of federal laws and regulations require agencies at all levels of government to frequently collect and use SSNs for various purposes. For example, agencies frequently collect and use SSNs to administer their programs, link data for verifying applicants' eligibility for services and benefits, and conduct program evaluations. In the private sector, certain entities, such as information resellers, collect SSNs from public sources, private sources, and their customers and use this information for identity verification purposes. In addition, banks, securities firms, telecommunication firms, and tax preparers sometimes share SSNs with their contractors for limited purposes. Although laws at both the federal and state levels have helped to restrict SSN use and display, and both public and private sector entities have taken some steps to further protect this information, several vulnerabilities remain. For example, federal laws addressing SSN use and collection in the private sector continue to leave SSNs maintained by certain industries vulnerable to misuse by identity thieves and others. For this testimony, we primarily relied on information from our prior reports and testimonies that address public and private sector use and protection of SSNs. These products were issued between 2002 and 2006 and are listed in the Related GAO Products section at the end of this statement. We conducted our reviews in accordance with generally accepted government auditing standards. Background The Social Security Act of 1935 authorized the Social Security Administration(SSA) to establish a record-keeping system to manage the Social Security program, which resulted in the creation of the SSN. Through a process known as ``enumeration,'' unique numbers are created for every person as a work and retirement benefit record. Today, SSA issues SSNs to most U.S. citizens, as well as non-citizens lawfully admitted to the United States with permission to work. Because the SSN is unique for every individual, both the public and private sectors increasingly use it as a universal identifier. This increased use, as well as increased electronic record keeping by both sectors, has eased access to SSNs and potentially made this information more vulnerable to misuse, including identity theft. Specifically, SSNs are a key piece of information used to create false identities for financial misuse or to assume another individual's identity. Most often, identity thieves use SSNs belonging to real people. However, the Federal Trade Commission's (FTC) identity theft victim complaint data has shown that only 30 percent of identity theft victims know how thieves obtained their personal information. The FTC estimated that over a 1-year period, nearly 10 million people discovered they were victims of identity theft, translating into estimated losses of billions of dollars. Federal Laws Affecting SSN Use and Disclosure There is no one law that regulates the overall use of SSNs by all levels and branches of government. However, the use and disclosure of SSNs by the Federal Government is generally restricted under the Privacy Act of 1974. Broadly speaking, this act seeks to balance the government's need to maintain information about individuals with the rights of individuals to be protected against unwarranted invasions of their privacy. Section 7 of the act requires that any federal, state, or local government agency, when requesting an SSN from an individual, tell individuals whether disclosing the SSN is mandatory or voluntary, cite the statutory or other authority under which the request is being made, and state what uses it will make of the individual's SSN. Additional federal laws also place restrictions on public and private sector entities' use and disclosure of consumers' personal information, including SSNs, in specific instances. As shown in table 1, some of these laws require certain industries, such as the financial services industry, to protect individuals' personal information to a greater degree than entities in other industries. [Table 1: NOT AVAILABLE AT TIME OF PRINT.] In 1998, Congress also enacted a federal statute that criminalizes fraud in connection with the unlawful theft and misuse of personal identifiable information, including SSNs. The Identity Theft and Assumption Deterrence Act made it a criminal offense for a person to ``knowingly transfer, possess, or use without lawful authority,'' another person's means of identification ``with the intent to commit, or to aid or abet, or in connection with, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable state or local law.'' Under the act, an individual's name or Social Security number is considered a ``means of identification.'' In addition, in 2004, the Identity Theft Penalty Enhancement Act established the offense of aggravated identity theft in the federal criminal court, which is punishable by a mandatory two-year prison term. State Laws Affecting SSN Use and Disclosure Many states have also enacted laws to restrict the use and display of SSNs. For example, in 2001, California enacted a law that generally prohibited companies and persons from engaging in certain activities with SSNs, such as posting or publicly displaying SSNs, or requiring people to transmit an SSN over the Internet unless the connection is secure or the number is encrypted. In our prior work, we identified 13 states--Arizona, Arkansas, Connecticut, Georgia, Illinois, Maryland, Michigan, Minnesota, Missouri, Oklahoma, Texas, Utah, and Virginia-- that have passed laws similar to California's. While some states, such as Arizona, have enacted virtually identical restrictions on the use and display of SSNs, other states have modified the restrictions in various ways. For example, unlike the California law, which prohibits the use of the full SSN, the Michigan statute prohibits the use of more than four sequential digits of the SSN. Some states have also enacted other types of restrictions on the uses of SSNs. For example, Arkansas, Colorado, and Wisconsin prohibit the use of a student's SSN as an identification number. Other recent state legislation places restrictions on state and local government agencies, such as Indiana's law that generally prohibits state agencies from releasing SSNs unless otherwise required by law. Government Agencies Collect and Use SSNs for a Variety of Purposes A number of federal laws and regulations require agencies at all levels of government to frequently collect and use SSNs for various purposes. Beginning with a 1943 Executive Order issued by President Franklin D. Roosevelt, all federal agencies were required to use the SSN exclusively for identification systems of individuals, rather than set up a new identification system. In later years, the number of federal agencies and others relying on the SSN as a primary identifier escalated dramatically, in part, because a number of federal laws were passed that authorized or required its use for specific activities. For example, agencies use SSNs for internal administrative purposes, which include activities such as identifying, retrieving, and updating records; to collect debts owed to the government and conduct or support research and evaluations, as well as use employees' SSNs for activities such as payroll, wage reporting, and providing employee benefits; to ensure program integrity, such as matching records with state and local correctional facilities to identify individuals for whom the agency should terminate benefit payments; and for statistics, research, and evaluation. Table 2 provides an overview of federal statutes that address government collection and use of SSNs. In some cases, these statutes require that state and local government entities collect SSNs. [Table 2: NOT AVAILABLE AT TIME OF PRINT.] Some government agencies also collect SSNs because of their responsibility for maintaining public records, which are those records generally made available to the public for inspection by the government. Because these records are open to the public, such government agencies, primarily at the state and local levels, provide access to the SSNs sometimes contained in those records. Based on a survey of federal, state, and local governments, we reported in 2004 that state agencies in 41 states and the District of Columbia displayed SSNs in public records; this was also true in 75 percent of U.S. counties. We also found that while the number and type of records in which SSNs were displayed varied greatly across states and counties, SSNs were most often found in court and property records. Public records displaying SSNs are stored in multiple formats, such as electronic, microfiche and microfilm, or paper copy. While our prior work found that public access to such records was often limited to inspection of the individual paper copy in public reading rooms or clerks' offices, or request by mail, some agencies also made public records available on the Internet. In recent years, some agencies have begun to take measures to change the ways in which they display or provide access to SSNs in public records. For example, some state agencies have reported removing SSNs from electronic versions of records, replacing SSNs with alternative identifiers in records, restricting record access to individuals identified in the records, or allowing such individuals to request the removal of their SSNs from these records. Private Sector Entities Collect SSNs from Various Sources for Identity Verification Purposes Certain private sector entities, such as information resellers, consumer reporting agencies (CRAs), and healthcare organizations collect SSNs from public and private sources, as well as their customers, and primarily use SSNs for identity verification purposes. In addition, banks, securities firms, telecommunication firms, and tax preparers engage in third party contracting and sometimes share SSNs with their contractors for limited purposes, generally when it is necessary and unavoidable. Private Sector Entities Collect SSNs from Both Public and Private Sources Information resellers are businesses that specialize in amassing personal information, including SSNs, and offering informational services. They provide their services to a variety of customers, such as specific businesses clients or through the Internet to the general public. Large or well known information resellers reported that they obtain SSNs from various public records, such as records of bankruptcies, tax liens, civil judgments, criminal histories, deaths, and real estate transactions. However, some of these resellers said they are more likely to rely on SSNs obtained directly from their clients, who may voluntarily provide such information, than those found in public records. In addition, in our prior review of information resellers that offer their services through the Internet, we found that their Web sites most frequently identified public or nonpublic sources, or both, as their sources of information. For example, a few Internet resellers offered to conduct background investigations on individuals by compiling information from court records and using a credit bureau to obtain consumer credit data. CRAs, also known as credit bureaus, are agencies that collect and sell information about the creditworthiness of individuals. Like information resellers, CRAs also obtain SSNs from public and private sources. For example, CRA officials reported that they obtain SSNs from public sources, such as bankruptcy records. We also found that these companies obtain SSNs from other information resellers, especially those that specialize in collecting information from public records. However, CRAs are more likely to obtain SSNs from businesses that subscribe to their services, such as banks, insurance companies, mortgage companies, debt collection agencies, child support enforcement agencies, credit grantors, and employment screening companies. Organizations that provide health care services, including health care insurance plans and providers, are less likely to obtain SSNs from public sources. These organizations typically obtain SSNs either from individuals themselves or from companies that offer health care plans. For example, individuals enrolling in a health care plan provide their SSNs as part of their plan applications. In addition, health care providers, such as hospitals, often collect SSNs as part of the process of obtaining information on insured people. Private Sector Entities Primarily Use SSNs to Verify Individuals' Identities We found that the primary use of SSNs by information resellers, CRAs, and health care organizations is to help verify the identity of individuals. Large information resellers reported that they generally use the SSN as an identity verification tool, though they also use it for matching internal databases, identifying individuals for their product reports, or conducting resident or employment screening investigations for their clients. CRAs use SSNs as the primary identifier of individuals in order to match information they receive from their business clients with information on individuals already stored in their databases. Finally, health care organizations also use the SSN, together with information such as name, address, and date of birth, for identity verification. In addition to their own direct use of customers' SSNs, private sector entities also share this information with their contractors. According to experts, approximately 90 percent of businesses contract out some activity because they find either it is more economical to do so or other companies are better able to perform these activities. Banks, investment firms, telecommunication companies, and tax preparation companies we interviewed for our prior work routinely obtain SSNs from their customers for authentication and identification purposes and contract with other companies for various services, such as data processing, administrative, and customer service functions. Company officials reported that customer information, such as SSNs, is shared with contractors for limited purposes, generally when it is necessary or unavoidable. Further, these companies included certain provisions in their standard contact forms aimed at safeguarding customer's personal information. For example, forms included electronic and physical data protections, audit rights, data breach notifications, subcontractor restrictions, and data handling and disposal requirements. Vulnerabilities Remain to Protecting SSNs in both the Public and Private Sectors Although federal and state laws have helped to restrict SSN use and display, and public and private sector entities have taken some steps to further protect this information, our prior work identified several remaining vulnerabilities. While government agencies have since taken actions to address some of the identified SSN protection vulnerabilities in the public sector, private sector vulnerabilities that we previously identified have not yet been addressed. Consequently, in both sectors, vulnerabilities remain to protecting SSNs from potential misuse by identity thieves and others. Government Agencies Have Taken Additional Actions to Address SSN Protection, yet Vulnerabilities Remain In our prior work, we found that several vulnerabilities remain to protecting SSNs in the public sector, and in response, some of these vulnerabilities have since been addressed by agencies. For example, in our review of government uses of SSNs, we found that some federal, state, and local agencies do not consistently fulfill the Privacy Act requirements that they inform individuals whether SSN disclosure is mandatory or voluntary, provide the statutory or other authority under which the SSN request is made, or indicate how the SSN will be used, when they request SSNs from individuals. To help address this inconsistency, we recommended that the Office of Management and Budget (OMB) direct federal agencies to review their practices for providing required information, and OMB has since implemented this recommendation. Actions have also been taken by some federal agencies in response to our previous finding that millions of SSNs are subject to exposure on individual identity cards issued under federal auspices. Specifically, in 2004, we reported that an estimated 42 million Medicare cards, 8 million Department of Defense (DOD) insurance cards, and 7 million Department of Veterans Affairs (VA) beneficiary cards displayed entire 9-digit SSNs. While the Centers for Medicare and Medicaid Services, with the largest number of cards displaying the entire 9-digit SSN, does not plan to remove the SSN from Medicare identification cards, VA and DOD have begun taking action to remove SSNs from cards. For example, VA is eliminating SSNs from 7 million VA identification cards and will replace cards with SSNs or issue new cards without SSNs between 2004 and 2009, until all such cards have been replaced. However, some of the vulnerabilities we identified in public sector SSN protection have not been addressed. For example, while the Privacy Act and other federal laws prescribe actions agencies must take to assure the security of SSNs and other personal information, we found that these requirements may not be uniformly observed by agencies at all levels of government. In addition, in our review of SSNs in government agency-maintained public records, we found that SSNs are widely exposed to view in a variety of these records. While some agencies reported taking actions such as removing SSNs from electronic versions of records, without a uniform and comprehensive policy, SSNs in these records remain vulnerable to potential misuse by identity thieves. Consequently, in both instances, we suggested that Congress consider convening a representative group of federal, state, and local officials to develop a unified approach to safeguarding SSNs used in all levels of government. Some steps have since been taken at the federal level to promote inter-agency discussion of SSN protection, such as creation of the President's Identity Theft Task Force in 2006 to increase the safeguards on personal data held by the Federal Government. In April 2007, the Task Force completed its work, which resulted in a strategic plan aimed at making the Federal Government's efforts more effective and efficient in the areas of identity theft awareness, prevention, detection, and prosecution. The plan's recommendations focus in part on increasing safeguards employed by federal agencies and the private sector with respect to the personal data they maintain, including decreasing the unnecessary use of SSNs in the public sector. To that end, last month, OMB issued a memorandum requiring federal agencies to examine their use of SSNs in systems and programs in order to identify and eliminate instances in which collection or use of the SSN is unnecessary. In addition, the memo requires federal agencies to participate in governmentwide efforts to explore alternatives to agency use of SSNs as personal identifiers for both federal employees and in federal programs. Vulnerabilities Persist in Federal Laws Addressing SSN Collection and Use by Private Sector Entities In our reviews of private sector entities' collection and use of SSNs, we found variation in how different industries are covered by federal laws protecting individuals' personal information. For example, although federal laws place restrictions on reselling some personal information, these laws only apply to certain types of private sector entities, such as financial institutions. Consequently, information resellers are not covered by these laws, and there are few restrictions placed on these entities' ability to obtain, use, and resell SSNs. However, recently proposed federal legislation, if implemented, may help to address this vulnerability. For example, the SSN Protection Act of 2007, as introduced by Representative Edward Markey, would give the Federal Trade Commission (FTC) rulemaking authority to restrict the sale and purchase of SSNs and determine appropriate exemptions. The proposed legislation would therefore improve SSN protection while also permitting limited exceptions to the purchase and sale of SSNs for certain purposes, such as law enforcement or national security. Vulnerabilities also exist in federal law and agency oversight for different industries that share SSNs with their contractors. For example, while federal law and oversight of the sharing of personal information in the financial services industry is very extensive, federal law and oversight of the sharing of personal information in the tax preparation and telecommunications industries is somewhat lacking. Specific actions to address these vulnerabilities in federal laws have not yet been taken, leaving SSNs maintained by information resellers and contractors in the tax preparation and telecommunications industries potentially exposed to misuse, including identity theft. We also found a gap in federal law addressing SSN truncation, a practice that would improve SSN protection if standardized. Specifically, in our Internet resellers report, several resellers provided us with truncated SSNs showing the first five digits, though other entities truncate SSNs by showing the last four digits. Therefore, because of the lack of SSN truncation standards, even truncated SSNs remain vulnerable to potential misuse by identity thieves and others. While we suggested that the Congress consider enacting standards for truncating SSNs or delegating authority to SSA or some other governmental entity to do so, SSN truncation standards have yet to be addressed at the federal level. Concluding Observations The use of SSNs as a key identifier in both the public and private sectors will likely continue as there is currently no other widely accepted alternative. However, because of this widespread use of SSNs, and the vulnerabilities that remain to protecting this identifier in both sectors, SSNs continue to be accessible to misuse by identity thieves and others. Given the significance of the SSN in committing fraud or stealing an individual's identity, it would be helpful to take additional steps to protect this number. As the Congress moves forward in pursuing legislation to address SSN protection and identity theft, focusing the debate on vulnerabilities that have already been documented may help target efforts and policy directly toward immediate improvements in SSN protection. To this end, we look forward to supporting the Subcommittee and the Congress however we can to further ensure the integrity of SSNs. Related to this, we have issued a report on the Federal Government's provision of SSNs to state and local public record keepers, and we have also recently begun a review of the bulk sale of public records containing SSNs, including how federal law protects SSNs in these records when they are sold to entities both here and overseas. Mr. Chairman, this concludes my prepared testimony. I would be pleased to respond to any questions you or other members of the subcommittee may have. Chairman MCNULTY. I thank all of the witnesses. Thank you, Mr. Bertoni, especially for this new report, which you issued I believe today as a result of the inquiry by Senator Schumer. Mr. BERTONI. Yes. Chairman MCNULTY. That is now a part of the record of the Subcommittee, and we will certainly consider that in our deliberations. I want to thank Mr. O'Carroll for the time we spent together recently to talk about issues generally regarding Social Security, and I want to thank you for your commitment to helping us to reduce the backlog, to keep the agency focused on its core mission and also the subject of today's hearing, protecting the American people from identity theft. I am glad to know we are on the same wavelength and working for the same purposes. Mr. Winston, thank you also for your testimony. You mentioned this review of the Social Security number uses. Where are you on that, how long will that take, when can we expect to see some kind of a product on that? Mr. WINSTON. As I mentioned, the Task Force issued its report in April, at which point we immediately put together a group of FTC and other agency employees to begin this review. In fact, this week, we are meeting with a number of officials from trade associations and business groups and others to try to find out more not only about how they use Social Security numbers but why and what it would cost in terms of money, as well as inconvenience of change. Chairman MCNULTY. But just in line with my previous thoughts about this Congress actually doing something, when could we expect to see the results of your review? Mr. WINSTON. The Task Force report calls for a report to the President by the first quarter of 2008. I suspect we will have information well before that that would be useful. Chairman MCNULTY. Well, we would really appreciate any data that you could give us prior to that because some of us do not intend to wait around until 2008 to start moving legislation. At this time, I would yield to the ranking Member, Mr. Johnson. Mr. JOHNSON. Thank you, Mr. Chairman. We are not going to wait until 2008, huh? Mr. O'Carroll, I remember some years ago the Social Security Administration was handing out new Social Security numbers to upward of 100 people--or 100 times to the same guy just by a phone call. Have we stopped that because we passed legislation to do it? Mr. O'CARROLL. Yes, Mr. Johnson, that was one of the recommendations that came out after 9/11 when we started to ratchet down on the security of the number of it, and what we were looking at was multiple SSNs being reissued on it. We now have in the SSA systems because of our recommendations and because of your legislation, we are now being much more attentive to the number of cards going out, it is into the system. There are flags put up. We are taking a look at numbers of cards going to the same address, sort of the same type of similar thing with replacement cards. When 300 cards go to one address, it is what we call a ``clue.'' So, we have been trying to plug up that hole. Mr. JOHNSON. How do you do that? Mr. O'CARROLL. Well, what we are doing with that is it is flagged, we get the information on it, and in our case we have been doing audit work on it where we actually go to the address what the address is. In some cases, it is legitimate in terms of it is a university or something where it is one entity but where it is an apartment building in some locale, we actually recommend that to our investigators and our investigators are going there, and we are looking to find who is collecting those false cards and making arrests. Mr. JOHNSON. Well, you mentioned your ongoing role to ensure homeland security, as reflected in the recent arrest of terrorists planning an attack on Fort Dix. Based on your experience to date, how are Social Security numbers and document fraud, how is that fraud being committed by potential terrorists or do you know? Mr. O'CARROLL. Well, as we know with terrorists and in fact all criminals, everyone is trying to assimilate into the public. What happens is that we are finding in a lot of cases people trying to do that illegal assimilation are going to identity mills, and they are going to places where they are able to get immigration documents, Social Security cards, and we monitor that all the time and keep track in terms of the prices that going for it and just ways of monitoring. But we work very closely with Immigration, with FBI, in the case of Fort Dix, with the New Jersey State Police, all of them are a part of the Joint Terrorism Task Force up there, which we are a member. What had happened in the case of Fort Dix was we found out that several of the suspects in it, in previous occasions in dealing with law enforcement, used false identities up to and including Social Security card fraud. I have got to tell you prosecutors use Social Security misuse, which is part of the legislation that came out this Congress, we use that as an enforcement tool, the misuse of the SSN to identify and arrest terrorist suspects. Mr. JOHNSON. Good for you. Are you finding people from overseas asking for Social Security cards before they come over here? Mr. O'CARROLL. Well, yes, and there are two stories to it. In terms of one, it is a good one because what is happening is before they get here, they go into an enumeration process where they are dealing with embassies overseas and they are being vetted by the embassy before they come here, which is a good technique. What we are finding, though, and we have done it in our audit reports, is that we find that only Social Security employees really put the due diligence into checking all the documentation, checking all the information, and we are finding that when SSA delegates that responsibility to other agencies to be doing it, we are not getting the same type of quality. So, in our audit report we recommended that Social Security work with State Department on making sure that the documents that are taken in those applications overseas are valid, are good and that they are legitimate needs for SSNs. Mr. JOHNSON. Do we need to put anything in legislation to reaffirm that or is it clear enough now? Mr. O'CARROLL. If you do not mind, let me check that and get back to you because I think at this point it does seem to be--it has been brought to State Department's attention, and I have got to tell you, it is a good program, and it is a fairly new one so we might be at a point now of monitoring it before we do any more recommendations for it. But I will check it and get back to you. Mr. JOHNSON. Thank you, sir. I appreciate it. Chairman MCNULTY. Thank you, Mr. Johnson. Mr. Levin may inquire. Mr. LEVIN. Thank you, Mr. Chairman and Mr. Johnson, for having this hearing. When I read your opening statements, you mentioned, Mr. Chairman, this is the sixteenth hearing on this topic. Chairman MCNULTY. It is time for action. Mr. LEVIN. That the FTC receives between 15,000 and 20,000 contacts each week from those who have been victimized. Mr. Johnson, my pal, you say in your statement, according to the Privacy Rights Clearinghouse, since January 2005, that breaches have been over 155 million. So, the staff, as usual, has prepared some really incisive questions, but could I ask you this because this kind of jumps off the pages, what is the problem? What is taking so long? Why have we been having all these hearings and there are all these breaches and all these thefts? What is holding this up, what is holding you up? What is holding Washington up? Mr. WINSTON. I guess I cannot answer the question about why you have had so many hearings but as far as what is holding up the FTC and the other agencies that have been working on this problem, we have been working diligently on it. We have done a lot of law enforcement. We have done a lot of outreach. I think additional legislation would be very helpful in making it easier for us to tackle this problem. Mr. LEVIN. You are an active participant in crafting this legislation? Mr. WINSTON. Yes, we have been involved. We have provided technical assistance to different Committees and the different sponsors. We have urged Congress to pass national data breach notification standards and national data securities standards. We think that is critical in this fight. There are a lot of steps that are being taken but it is a complex problem and it is an ever-evolving problem. Identity theft is everything from your cousin going up in your bedroom and stealing your wallet to international crime rings hacking into computer databases and getting records. In tackling it, we need to tackle it from every angle, as I mentioned. Mr. LEVIN. Okay, so it is complex but if we go home and talk to our constituents and we say about any problem, it is complex, it changes their complexion, they get kind of red. So, I will ask the two of you, Mr. O'Carroll and Mr. Bertoni, what is the problem? Why is it so difficult? Why haven't we acted besides its complexity? Mr. BERTONI. As far as why you have not acted? Mr. LEVIN. Congress and the Executive and all of you? Mr. BERTONI. I think as far as the pressures on the Congress, there are interests on the other side of this issue that make the case that commerce and business to business information sharing and ultimately customer service will deteriorate. I think that argument has been heard. It points-- it stalled forward progress in terms of making sure that other industries have similar protections in terms of their information security and disclosure similar to the financial services institutions, in particular the telecommunications and tax preparer industry. That bar is lower, and we have concerns that that bar is lower, and we believe at a minimum it should be raised at least to the level of the financial services community. So, I guess the roundabout answer is there are arguments on both sides and at some point which one will win or which compromise will prevail, that is something for you all as policy-makers to work out. Mr. LEVIN. I think that is a useful answer. Mr. O'Carroll, you get 30 seconds to explain why there has not been more action. Mr. O'CARROLL. I guess I better talk quick. I think there has been a lot of action in terms of when I came to this inspector general's office 10 years ago, the Social Security number was out there, it was being used as the primary identifier on virtually every document up to and including the driver's license. In the time that I have been here, it is now off of the driver's licenses. The Social Security statement, which goes out every year to every citizen, has a truncated number on it now. When government checks went out, they had a Social Security number in the window on the check, that stopped. I got to say it has been a long haul doing it because of the convenience factor. Everyone used the Social Security number as a convenient tracking number, and it has been really our mission to try to get it back into the box through all this time. The Social Security Protection Act was some steps in the right direction, it took us a number of years with this Committee to get that through, and I think if you could do another act of this kind with more controls over the Social Security number, that would probably be the benefit of this Congress. Mr. LEVIN. Thank you. Thank you. Chairman MCNULTY. Thank you, Mr. Levin. Mr. Lewis may inquire. Mr. LEWIS OF KENTUCKY. Thank you, Mr. Chairman. Going back to the balance that you were talking about there, Mr. Winston, in your testimony you stated that restrictions on the Social Security number should be reduced to unnecessary use without inadvertently burdening necessary use. Could you explain what you believe to be necessary and unnecessary use? Mr. WINSTON. Yes, I think the H.R. 948 really goes at it the right way. It lists--it basically bans sale and purchase of the Social except for certain specific purposes, law enforcement, public health and safety, for credit verification, for fraud prevention. Then it says that the FTC should do rulemaking in order to flesh out those exceptions and add additional ones if it determines that it is appropriate. I think that is the right approach. Mr. LEWIS OF KENTUCKY. Mr. Bertoni, would you want to comment on that too? Mr. BERTONI. In terms of the balance, striking a better balance, as I said before, I think it is important that actions taken do not upset the free flow of commerce, the ability of businesses to share information. But as our report, as we continue to say in our reports, there are still industries that still fall we believe way out of the parameters in terms of a reasonable amount of regulation and control in terms of their information security and disclosure policies. Again, at a minimum, if you looked at what has happened in the financial services sector, that sector has not grinded to a halt. There have been changes made. We are asking the Congress to look at some of these other sectors to see if that bar could be raised. Again, there would be some compromises to be made, but we also believe there are soft spots and areas to be strengthened in several of those areas. Mr. LEWIS OF KENTUCKY. Mr. Winston, of course all of you I think would agree that if we could authenticate the consumer or the customer, we would go a long way in stopping thieves. I know you have been looking at that, Mr. Winston. What have you come up with as far as finding a good way to authenticate the people who are out there? Mr. WINSTON. We did hold a 2-day workshop on this subject with lots of people from all over the world coming in to talk about their experiences. I think what came out of that was that there is no panacea. There is no one perfect way to authenticate. If there were, thieves, who are very smart, would come up with a way to defeat it. So, what we are seeing more and more of are multiple layers of authentication, not just one piece of information but a biometric, a thumb print, an iris scan, plus an identification number or pin number. So, there is a lot of movement in that direction and government can facilitate that and encourage it. It probably is not a wise thing for government to come in and say this is how you have to authenticate consumers. Mr. LEWIS OF KENTUCKY. Okay, thank you. Chairman MCNULTY. Thank you, Mr. Lewis. Mr. Becerra may inquire. Mr. BECERRA. Thank you, Mr. Chairman. Thank you all for your testimony. Let me ask a question. My understanding is if we were to try to re-issue the Social Security number to try to take care of discrepancies and to try to give people a new number that is not out there in the public domain, and if we were to try to give it some type of enhanced security, a photograph or some type of biometric, we are looking at somewhere in the order of about $10 billion to do that. Is that--I know a rough estimate but is that still more or less an estimate, Mr. O'Carroll? Mr. O'CARROLL. It is a moving target, Congressman, in that it depends on the type of--what features would go into the new card, whether it was a biometric. Mr. BECERRA. Give me a rough estimate. Mr. O'CARROLL. I say that just a rough off-the-top of my head number, that would be a good number, the $10 billion but with a lot more ``but's'' to it. Mr. BECERRA. I understand because I want to move off of that, I am just trying to get a rough sense of things, so about $10 billion gives you a new card that might give Americans enhanced security. Right now SSA would swallow that cost, Congress would have to provide you with the money to do that, otherwise it would be impossible to actually administer because there will be tremendous cost trying to get folks to come in with their birth certificates and whatever else they will need to try to identify themselves for purposes of getting this new card. Okay, so let me ask this, who should pay for the establishment and maintenance of a new identity system, identification system, taxpayers or the users? Because right now the Social Security number imposes no cost on any consumer, any business if it is used solely for the purpose of identifying how much you have earned for Social Security purposes in the future. That the taxpayers I think we are willing to bear because we are going to get the benefits of the Social Security system in the future. But as it is right now with identity theft, with business losses mounting into the billions, tens of billions of dollars, there are lots of costs involved in trying to secure your identity or restore your identity or for a business to try to reclaim losses. I hear no talk about who is going to pay for giving us a more secure system, the taxpayers or all the consumers, meaning the businesses and actual individual consumers, who would utilize that increased security that would come from a new identification system that may be housed within Social Security? Mr. O'CARROLL. Okay, not to be argumentative but why would Social Security be the vehicle for this new identifier? Mr. BECERRA. That is a good question. Mr. O'CARROLL. Be put back on to the management of the Social Security Administration when we have a good number now that is doing what it is supposed to do in terms of tracking wages and tracking benefits on it and the commercial half is the other one. Mr. BECERRA. Let's take that path, say we say the Social Security number will be used only for Social Security purposes. Disability benefits, retirement benefits, death benefits. Mr. O'CARROLL. Tax purposes. Mr. BECERRA. That is not necessarily Social Security but we have ventured into at least taxes for purposes of the use of the Social Security number but for other reason, but then what would you suggest or does Social Security what would be used as that identifier that used nationally for whether it is consumer purposes or other types of purposes? Mr. O'CARROLL. I thought I did a pretty good job of batting this away from Social Security. [Laughter.] Mr. O'CARROLL. I am thinking I might yield my time to one of my esteemed panel members. Mr. BECERRA. Let me ask Mr. Bertoni that question is because what I am trying to get a sense--those must all be the folks from GAO who are laughing back there, I am just trying to get a sense, we are going to have do something but who should pay it? My sense is that the taxpayer should pay something because ultimately we are all taxpayers, most of us are taxpayers, and we want to have that security. But I am not out there selling my identification number to identity thieves. I am not the one that tells a particular business or government agency use my number for some other purpose, whether it is for purposes of registering a divorce or buying a refrigerator. So why should the taxpayer then foot the bill to make this card, if it is used for Social Security, to make it more secure? Mr. BERTONI. Again, that is certainly a policy question. I can tell you how it is now. SSA has certainly---- Mr. BECERRA. I do not want to know how it is now, give me a sense, who should pay? Mr. BERTONI. I think there are models out there where you could construct a different model where others could pay outside of the agency. Mr. BECERRA. ``Others,'' identify ``others''? Mr. BERTONI. I am just considering say the driver's, and I am not advocating, I am just kicking something around here, there are models where people who are buying the card or buying the service, which is a driver's license, would be asked to pay a fee for that. I am not aware of any models where say beneficiaries of a particular card or identity card, such as a SSN, like an information re-seller, would have to pay. I cannot talk to that because I am not aware of that model. The only two models I am aware of are the agency footing the bill or the purchaser of the license or the card, historically that has not been something that SSA has wanted to do. Beyond that, again, I think that is an option, a policy option for Congress to consider. Mr. BECERRA. A user fee of sorts? Mr. BERTONI. There are models but I am not advocating that. Mr. BECERRA. No, I understand and I thank you for your comments. Mr. Chairman, thank you very much. I know my time has expired. Chairman MCNULTY. Thank you, Mr. Becerra. Mr. Ryan may inquire. Mr. RYAN. Thank you, Mr. Chairman. I guess I will pick up where Mr. Becerra left off because this issue has so many sources, so many directions. It interweaves all of these problems we have got, terrorism, immigration, all of these things, so we have some no-brainers, unify the truncation standards, right, and some other easy low-hanging fruit things. At the end of the day, it seems like what we are headed to is how do we, A, authenticate people and, B, kind of clean up the database in Social Security and stop the mission creep of the number being used, these are pretty much the two issues here, right? So now we are being faced with this sort of fork in the road, do we do a Social Security card, do we just fix the Social Security card, put $11.7 billion, $10 billion, whatever this number is, and make the Social Security card better with biometrics and a centralized Federal database or do we go a different route? I guess that is kind of the fork we are in right now. Let me ask just each of the three of you, if we go down this path of a better 21st Century Social Security card with the biometrics and all of this, do you believe that given the way the market works, given the way identity thieves work, that a Social Security card under today's technology can be implemented and can be successful for the long term from preventing identity theft and all that. I will just ask the three of you, just go down the line, however you want to start, Mr. O'Carroll? Mr. O'CARROLL. I will tell you, Mr. Ryan, we have done a lot of looking at Social Security cards in terms of whether to use different type of stock for it, different printing for it, whether to put biometrics into it, everything else, and I have got to tell you what we have found by looking at just history in general is when whenever the government comes up with any type of a document, a form or whatever, especially if there is going to be some financial gain in figuring out a way of compromising it, the counterfeiters usually do figure out a way to compromise it. So, even when you say, if we come up with one, do you think we will get a few years out of it before somebody does it, then all of a sudden you are going to go back to the thought of another $10 billion of coming up with a new card. Mr. RYAN. Yes. Mr. O'CARROLL. So, what we are advocating on this is that it is the number, it is not the card, and if we can put more time, effort, whatever into the system work on it, where we are getting good, positive hits on terms of when information is put in, is this the right person for it, and that is again what I am saying with this is that the first step on this thing is really with the government in terms of right now the agencies going to each other, basically work on that type of thing, the technology for it, that is a big step in the right direction. Then at the time, which kind of goes back to what we were talking about before, is when you are talking in terms of the financial sector and all the other forms of identity that are being used, our recommendation is to use different numbers than the Social Security number for it. The one that I am always sort of cautious on with this thing is with the Social Security number, I think we have done a very good job about it, is keeping it, at least in terms of the government, for the government uses of it, and not having it become a national identity document, which is kind of the role where if you got into biometrics and hard cards and that, it is a whole other step. Mr. RYAN. So, we could get ourselves on the slippery slope, but I want the other two of you to comment. Let me throw this at you as well. Tell me if I am wrong, we are at this fork, do we go down this sort of unifying national ID card route, which has all of the Orwellian and privacy and obsolete issues associated with it, or can the market produce ever upgraded standards on helping people authenticate who they are and give people the tools in the marketplace to be able to authenticate their identity and then you clean up the Social Security number itself and then people can operate through society by preventing identity theft and being able to authenticate who they are and the government does a job of basically saying this particular authenticating agency or company is correct, they do a good job. The government can do a job of making sure that a business that wants to market itself as an authenticating entity, has the Good Housekeeping Seal of Approval, can do that, is that the path that we go down, meaning instead of the national ID card, do we have institutions that are out there in the private sector that can be authenticators of people or not? Do you understand what I am trying to get to? I would like to just ask you to consider that as well and give me your take on that. Mr. WINSTON. Sure. Mr. Ryan, I think what you are---- Mr. RYAN. Yes, I am not doing a good job of explaining myself. Mr. WINSTON. No, actually you are. Mr. RYAN. Okay. Mr. WINSTON. What you are playing out I think is the very debate that is going on with the real ID act. There are certain advantages to that, of course, of having one ID card for everything. It is easy to use, hopefully it is secure, but there are down sides and there are privacy issues and there are cost issues that are very serious. My own view is that maybe another way to go is to further develop what is happening now, which is multiple forms of authentication, not having one form of authentication for every purpose but in different sectors having different forms of authentication. It can be a pin, it can be a biometric. That is much harder for an identity thief to break into. There are convenience issues, of course. Consumers do not want to memorize 15 different passwords, but I think there is ongoing a development of better, useable forms of authentication that I think have a good chance of solving this problem. Mr. RYAN. Mr. Bertoni. Mr. BERTONI. There is a lot in that question. I think one thing we need to consider early on is given that we have real ID there, do we want to go forward with a parallel path of having a Social Security card with very similar secure features? I think you could create some redundancies that do not need to be there. So, there is an issue for the country to consider in terms of what will it be, will it be real ID, will it be the Social Security number? We issued a report last year that talked about the pro's and con's and options, and I can provide you some of that. But, again, to step back, even before we talk about who does it and what we might use, there are real implementation issues to consider with just the Social Security Administration. With 300 million cards issued out there, how do we do it? Is it laddered? Is it all at once? Who gets it first? Prior to 1978, there was very little fraud verification for people seeking a SSN. These people could come forward now, get their Social Security card, and we really did not do a good job of verifying who they were in the first place. So, we have millions of people with these pre-1978 cards that they are going to walk away with an ID card that is going to be what most people conceive to be bullet proof, and they may not be who they say they are. That is an issue. I think in terms of data cross-matching, we have gone on record at GAO that short of new cards, biometrics, there is a lot that the public and private sector can do in terms of data cross-matching, using various elements, not just the Social Security number. Truncation is a great protection. It should be part of the verification scheme, but there are new models out there where they use multiple data points to give the verifier a higher comfort level that you are who you say you are. So, that to us is certainly something that needs to be considered and moved on. Mr. RYAN. I assume my time is up. Thank you, Mr. Chairman. Chairman MCNULTY. Thank you, Mr. Ryan. Ms. Schwartz. Ms. SCHWARTZ. Well, thank you. I am going to try and take us off the discussion of a national ID card. I am not sure we are anywhere near any agreement about the need for such a thing and who would do it and how we would pay for it and how we would protect people's identification. I think pulling us back if we could just a little bit to the use of the Social Security number and kind of risks we are already engaged in. It seems to me we ought to take care of that first, and we have not done that yet. So, let me just understand here, the feeling so far is that you do not, and I guess it would be the Social Security Administration, does not have the authority to restrict the use of Social Security numbers, I think that is a simple yes or no? Mr. O'CARROLL. Yes. Ms. SCHWARTZ. You do not have the authority, you do not? Mr. O'CARROLL. Correct. There is no authority. Once it is outside of Social Security, it is out in the public, we have no authority to restrict. Ms. SCHWARTZ. So, individuals ask for it, they give it--we all have, as you pointed out, hospitals, universities, schools---- Mr. O'CARROLL. But we can recommend people say no but we cannot enforce them not to ask. Ms. SCHWARTZ. You do not also feel that you have the authority to set standards about its use? For example, you mentioned display, I think all of us have actually seen from what hospitals used it at some time or health centers might have used it as their patient chart number. It was on my Blue Shield insurance card for years, how hard was that to figure out, it said Allison Schwartz and my Social Security number, I think they would probably have assumed it was my husband's just out of sexism but it was actually mine, and I had my insurance. They only just recently have changed that, I assume, because of the concerns about identity theft. So, the question is do you feel like you could not even or you do not have the authority now to set standards about display or use or protection of a Social Security number used by any kind of private entity? Mr. O'CARROLL. Correct. There is very limited use. One of the limits that is on it is that when it is falsely used in advertising, and we can enforce that. That is the one where you get in your mail a document that looks like it came from the Social Security Administration, it is using the logo, and that type of stuff. We can restrict that type of use but the other types of uses where Radio Shack is asking for your Social Security number, we cannot. That is where this is very difficult because once it got out of SSA and got into the economy, it started becoming that financial tracker. Ms. SCHWARTZ. Hence, the need for us to take some action to---- Mr. O'CARROLL. Yes. Ms. SCHWARTZ [continuing].--Limit the use in the private sector and attempt to set some standards or suggest who does set the standards on how they protect this very sensitive information. One other question for you. The IRS, as you well know, has been subcontracting with private collection agencies to collect taxes. The first thing they ask is for the Social Security number. We had a hearing which revealed the fact that individuals are very hesitant, appropriately, to give someone who just says, ``Hi, I am Susan, I cannot tell you why I am calling, I have to make sure I know who I am talking to first, would you give me your Social Security number?'' It is just stunning actually that this is a government-authorized activity. Now, many people do not give their Social Security appropriately but some do. Now, do you know if you or the IRS has set very careful limits on the protection of those Social Security numbers once they get them, these are now private agencies? Mr. O'CARROLL. Well, it is interesting that you bring that up. One is that you, as you noticed there, what we are saying is when somebody calls you up on the phone and asks for your Social Security number, do not give it, which reinforces that. But then with secondary information and back and forth, trust with information and know that what they are calling about is a transaction with the government, there is that. But what we have done, and we have gone to the Department of Treasury, is that we have asked all other--we have asked 15 other inspectors general to take a look at their departments and the use that they have of Social Security numbers, up to and including contractors, which is what you are talking about, and in 2001, six years ago, there was very little control over that. There were no real limits on it, nothing was in the contract about safeguarding the Social Security information and that. In a follow-up that we did about a year ago, those same 15 agencies were finding out--and they are all the biggest departments--were finding out that, yes, they are safeguarding their own information, one, they are too cautious on disclosures of it, so any of their documents, they are very cautious to not have Social Security numbers. Ms. SCHWARTZ. The department is or the subcontractors are? Mr. O'CARROLL. These are the departments and then each of the departments are asked at their subcontractors and whether the contractors were abiding by security of any Social Security number information, and we found that they were. Ms. SCHWARTZ. So, you have done a study? Mr. O'CARROLL. Yes, and so we keep doing that to make sure that the Federal agencies are looking at subcontractors and making sure, like in this instance, that there is protection on it. OMB, under the new PII guidance, is also reinforcing that. So, I have got to say at least government-wise and government contractor-wise, we are being very--much more astute or much more attentive to that issue. Ms. SCHWARTZ. So, the concern is really much more in the private sector and the use of these numbers in the private sector. Mr. O'CARROLL. Yes. Ms. SCHWARTZ. We have had other hearings but we really need to do something to give you the tools and the authority, I am looking at both you actually, exactly how we will write all this legislation I guess remains to restrict the use of the Social Security number and to set very clear standards about its use. It is pretty stunning how it has been used. So, thank you very much. Mr. Chairman, I think my time is up. Chairman MCNULTY. Thank you, Ms. Schwartz. Ms. Tubbs Jones. Ms. TUBBS JONES. Thank you, Mr. Chairman. You do, sir, however the authority to restrict more than one person using the same Social Security number though, do you not? Mr. O'CARROLL. Yes, we do. Ms. TUBBS JONES. That is as big a dilemma in government as anything else is with regards to Social Security numbers, correct? Mr. O'CARROLL. The misuse of the SSN and the legal use, yes. Ms. TUBBS JONES. Yes, and so we have many employers who employ people in the United States of America and they in the same company and more than one person using the same Social Security card number, Social Security number, excuse me, not a card but the number? Mr. O'CARROLL. Yes. Ms. TUBBS JONES. What are we doing about that? Mr. O'CARROLL. Well, we are working in terms with Immigration to be taking a look at what is called the basic pilot, which is the verification program, that when an employee applies for a job, we verify the SSN as being a legitimate SSN and a legitimate name and the basic information of male, female, date of birth on it. That is being done. Ms. TUBBS JONES. So, what is your enforcement? Mr. O'CARROLL. Excuse me? Ms. TUBBS JONES. I am going to interrupt you because I do not have but 5 minutes. Mr. O'CARROLL. Sure, hey, we are coming from the same place. Ms. TUBBS JONES. So, what are your enforcement tools for that purpose? Mr. O'CARROLL. Well, enforcement tools on it is the misuse of the SSN, we use that violation when people are misusing it, and as an example when we were talking about the Fort Dicks terrorist investigation, we worked with ICE every day of the year where people are misusing SSNs and where they are charged with it. Unfortunately, prosecutors are not the most thrilled with that type of a prosecution unless it is in large numbers. Ms. TUBBS JONES. I am not talking about terrorists, I am talking about the employers who allow the use of more than one person to use a Social Security number, what are we doing about those employers and what are our enforcement tools and what have we done? Mr. O'CARROLL. We are going after them. We just had a recent case in Massachusetts in which an employer was telling any new employee coming in if they did not have a Social Security number, go to this location and they will give you a Social Security number. They were getting counterfeit Social Security numbers going to work for this employer and the employer was arrested. Ms. TUBBS JONES. Do you have any numbers? If you do not have them with you today, I would be interested on how many employers we have prosecuted for allowing employees to use-- more than one employee to use the same Social Security number, I would be interested in having that? Mr. O'CARROLL. I would have to respond back on that. I am not sure whether it is a large number but it is a number, and I will get it for you. Ms. TUBBS JONES. I will tell you what, I am not sure either, but I bet money that it is a large number. I am laughing--not laughing but I just pulled out my Ohio Public Employees Retirement System prescription drug card, it has got my Social Security number on it, broad as day. That is my ID number. I guarantee you there are a whole lot of others out there that are using that. It is easy for us to sit in this room, and I am not going to be a holier than thou person, but it is easy for us to sit in the room and have a discussion and be congenial in the course of our discussion about what we are going to do about Social Security numbers, and I have only been in Congress 9 years and I am sure, as we said, we have been sitting here having these nice little collegial discussions about the impact and that is why we end up where we are right now with the misuse and identity theft of Social Security numbers. I just would hope that even in our collegiality, that in 2007, that we will move forward to accomplishing some real things because all of us sit here and say, ``It is right here on my card. I call in to the bank, I want to get my bank account number. I have got to give my Social Security number, my mother's maiden name,'' and on and on. We have accepted it as just part of the living in the United States of America and accessing information, but we have got to get further ahead and be serious about how we involve this. After that nice little piece I have done, Mr. Chairman, I thank all of you for the work that you do, but tell us what you need, let's do it, let's not just sit here and allow people to continue to be put in harm's way as a result of misuse. I thank you, Mr. Chairman, for your time. Chairman MCNULTY. I thank Ms. Tubbs Jones, and I want to assure her that Mr. Johnson and I have expressed our determination to move forward with some legislation rather than just talking about the issue. Mr. Ryan has an additional inquiry. Mr. RYAN. Thank you, Mr. Chairman. Mr. O'Carroll, I wanted to follow-up on Ms. Tubbs Jones question, I want to ask you about these no-match letters. This happens to us all the time where we will have an employer that will call or write us and say they have received a no-match letter from the Social Security agency where they said, ``Well, we have found that five people are claiming the same number, we do not know if your employee is the right person or the wrong person. You cannot fire the person, we are going to do the investigation.'' Then they typically have no follow-up from thereafter. So they are caught. So can you just walk me through what is the process and the procedure at SSA, do you have what you need to do to find out who people are or who they are not? How do you do this, do you just do random audits of your database to see more than one claim on a Social Security number? What do you do when you find four or five people claiming the same number? What is the outcome? Can you just explain this briefly to me? Mr. O'CARROLL. Well, when the tax information goes to SSA and that information is run against the SSA database, that is where the no-match's are coming out. It is all automated, it is automatic, a letter is automatically sent out to the employer. Mr. RYAN. So, every no-match that comes in is identified? Mr. O'CARROLL. Yes. Mr. RYAN. Those that can be identified with an employer, a letter is generated on it to that employer. Really it is an automated process. On occasion, if there are a lot of them, SSA will contact employers with a liaison service to see if they can help them but for the most part it is a pretty passive action, where the letter goes out, the employer is notified, the employer knows that the information that he is given is incorrect and basically he or she is instructed to contact the employee and straighten it out. Then also the employee is recommended to go to Social Security and Social Security will then straighten it out with the employee. Mr. RYAN. But since the employer just has an I-9 Form he or she has to fill out, which they have to have some document, one of what 29, I think thrown in front of them, they do not know whether the person is legitimate or not, whether they are illegal or not, how then does the person proceed? They send the person to the local Social Security office and then it is up to the Social Security to use their best judgment to determine whether the person they say they are or not, is that basically how this follow-up occurs? Mr. O'CARROLL. A lot of people follow up with the employee on it, yes. But I have got to tell you in most cases, it can be rectified at the employer/employee level in terms of the person does have the work documents, the other documents for the employer to look at and it can be resolved at that level. I have to tell you one of the down sides of this one is that in many cases by the time the employers are getting these no-match letters, especially in transient type industries, that employee is long gone and that is probably the biggest issue on this thing is that, and it is one of the biggest problems with misuse of SSNs in the application process of it is that if that person used false identification or purported to have a false identification, was turned away from SSA initially or whatever, we are never able to find that person because the information was all false that they had and they are gone into society. That is probably the biggest problem with the no-match letters is that most cases are the biggest violators--or not violators, the biggest recipients of no-match letters are large industries are very transient. That is probably the biggest issue of it is that that employee is no longer there because it is a year later when the tax information comes in. Mr. RYAN. But it also seems like the way the system is configured now, a person could still get away with possessing a wrong Social Security number even through this system, correct? Mr. O'CARROLL. Yes. Mr. RYAN. Even after the no-match letter person who really is not who they say the are, using some other Social Security number, could still continue using it? Mr. O'CARROLL. That does happen, yes. Mr. RYAN. All right, thank you. Mr. Bertoni? Mr. BERTONI. Yes, we did some work on that last year, the electronic suspense file whereby wages that do not match, the name, date of birth, Social Security, end up in this file with billions of records and, yes, in fact we have seen Social Security numbers with all zeros, all 9s, all 8s, ``ABCDEFG'' that are being used and people are working under them. We have recommended to IRS, DHS to pick up the enforcement effort. Mr. RYAN. Thank you. Chairman MCNULTY. Thank you, Mr. Ryan. If there are no further inquiries, I want to thank Mr. Bertoni, Mr. Winston and Mr. O'Carroll for your testimony. It has been very helpful. We do intend to try to move legislation. I would ask that the witnesses continue to be available to the Members and our staff as we try to move in that direction, thank you very much. In the interest of time, while panel three is coming to the podium, I would just like to introduce the Members of the panel. We have Justin Yurek, president of ID Watchdog of Denver, Colorado; Stuart Pratt, president of Consumer Data Industry Association; James D. Gingerich, director, Administrative Office of the Courts of the Supreme Court of Arkansas, on behalf of the Conference of State Court Administrators; Annie Anton, associate professor of Software Engineering, North Carolina State University, on behalf of the Association for Computing Machinery; Marc Rotenberg, executive director of the Electronic Privacy Information Center; and Gilbert Schwartz, partner of Schwartz & Ballen, LLP, on behalf of the Financial Services Coordinating Council. I want to thank all the witnesses for being here and sharing your expertise today and for your patience in waiting for the other two panels to testify. All of your statements will appear in the record in their entirety. We would ask each one of you to summarize your statement in as close to 5 minutes as you can. Just keep an eye on the little device in front of you to give you an indication when you should wrap up. So with a summary of your testimony, it leaves a little bit more time for Members to make inquiries. I think we will start with Mr. Yurek and go right down the line and hear everyone's testimony first and then allow the Members to inquire. Mr. Yurek? STATEMENT OF JUSTIN YUREK, PRESIDENT, ID WATCHDOG, DENVER, COLORADO Mr. YUREK. Thank you, Mr. Chairman and Members of the Committee. My name is Justin Yurek and I am the president of ID Watchdog Corp. ID Watchdog is an identity theft detection and resolution company that helps consumers to protect themselves from, and resolve issues related to, identity theft. Our firm experiences firsthand the pain and suffering of the consumer at the hands of identity thieves and it is this pain that I wish to highlight to do. Ultimately, the question of legislative reform comes down to an analysis of the expenses incurred by business and government and restricting access to sensitive data, such as Social Security numbers, versus the benefit such action would afford consumers. I wish to illustrate these benefits to consumer victims by way of case study. Rather than dealing with faceless statistics, I would like to tell the story of one of ID Watchdog's clients. I believe there is great benefit in looking at the specifics of his one case to determine general facts about all identity theft. We first met our client, Charlie W., in April of 2006. Initially, Charlie asked us to perform a full background check to ensure that his personal data records were accurate. ID Watchdog pulled data from thousands of databases that cover 13 crucial areas of consumer information. The shocking results revealed the following incidents in Charlie's name which he was not responsible for. I apologize for the laundry list I am about to say, but I think all the details are important: Four traffic citations in Florida, Washington and Arizona; three felony arrests for assault and harassment in Washington; a conviction for assault where he served, supposedly, 144 days in jail in Washington; an active national warrant for arrest in Washington for bail jumping; an active warrant for arrest in Arizona for failure to appear; a newly issued driver's license in Florida; several thousand dollars of unpaid medical bills in Washington and Florida; and several thousand dollars of phantom 1099 income dating back to 1996. A practicing Buddhist, Charlie had never had so much as a speeding ticket, let alone felony arrests for assault. Additionally, Charlie was a resident of Colorado and had never been to Florida, Washington or Arizona. Dismayed, he immediately engaged us to assist in restoring his name. A few weeks after Charlie engaged ID Watchdog to help him, his employer did a routine background check. As a result, Charlie was called into an office where he was to be fired, arrested and sent to Washington to face the active warrants there. We quickly intervened on Charlie's behalf and by providing photographs and fingerprints were able to save Charlie, termination, arrest and extradition. Along side these very direct problems, Charlie also suffered significant secondary problems. First, his access to loans in order to finance and expand his business was limited due to his damaged credit reports. Second, he paid inflated car and medical insurance rates as a result of his damaged driving and medical records. Third, Charlie paid inflated interest rates on his mortgage and other lines of credit due to his unfairly lowered credit score. A month later, the thief who was plaguing Charlie's identity was tracked to a car dealership in Louisiana where he was attempting to purchase a new vehicle using Charlie's identity. We immediately alerted the local sheriff's office who dispatched an officer to confront the thief. Once on the scene, the officer found that without an active warrant in Louisiana, he did not have proper cause to arrest the thief and planned to let him go. In response, ID Watchdog quickly called law enforcement officials in Washington state to have them fax over the active national warrant to the Louisiana authorities. After the Louisiana parish sheriff's office was able to verify that the warrant was still active, the thief was finally arrested. The thief's real name was Hugh P. For more than 10 years prior, Hugh had stolen Charlie's wallet, which contained his driver's license and health insurance card. The health insurance card had Charlie's Social Security number printed on it. Over the years, Hugh had used Charlie's identity in every brush with law enforcement, whenever he needed medical treatment, and whenever he had 1099 income which he did not want to claim for tax reasons. In Hugh's own words, ``It was very easy to use his ID and Social Security number. No one ever looks twice at them. To be honest, I never dreamt I would be caught.'' The case of Hugh and Charlie illustrates the key problems with the system as it stands today. Social Security numbers are overexposed and overused, giving thieves too much access to sensitive data. Entities lack standard client authentication procedures leading to easy proliferation of the crime and law enforcement agencies lack multi-jurisdictional cooperation and effective laws leading to ineffective investigation and prosecution of the crime, as well as fearless criminals. I applaud the Committee's commitment to this topic. As discussions continue, I would ask that you focus on the three previously mentioned areas when considering new legislation: Easily accessible Social Security numbers, lack of client authentication practices and lack of multi-jurisdictional cooperation and effective laws are at the heart of the crime's popularity with criminals and therefore must be at the heart of any legislation aimed to stop identity theft. Finally, as the Committee continues to develop improved legislation, I would ask they keep in mind individual stories, such as Charlie's, and the trials and tribulation that he experienced. After all, hardworking, innocent, upstanding individuals like him will be the true beneficiaries of effective legislative change. Thank you very much. [The prepared statement of Mr. Yurek follows:] Prepared Statement of Justin Yurek, President, ID Watchdog, Denver, Colorado Mr. Chairman and members of the Subcommittee, My name is Justin Yurek. I am the president and co-founder of ID Watchdog, a Denver-based identity theft detection and resolution company. Since2005, ID Watchdog has assisted identity theft victims in resolving identity theft related problems. Our comprehensive process encompasses all aspects of identity theft from detection of the crime, to scoping and resolution. During the process, ID Watchdog takes a limited power of attorney and actually carries out the recovery process on behalf of our clients. Based on this experience, we believe that we have a unique perspective on identity theft as we have interfaced with all applicable entities involved in the problem--from law enforcement, to government, to creditors, to collection agencies, to reporting agencies, and so on. In addition, our diverse client base has given us the opportunity to deal with all types of identity theft--from financial, to criminal, to medical, to family identity theft, etc. I appreciate the opportunity to share our broad-based familiarity with the topic of identity theft and am happy to speak today about the role of Social Security numbers (SSNs) in identity theft and about the need to enhance SSN privacy. Introduction: The purpose of my testimony is to underscore the plight of the consumer in the problem of identity theft. Often the problems of the consumer are overshadowed by losses sustained by business interests affected by the crime. Unlike the direct-losses absorbed by businesses, the effects of identity theft to an individual victim are consequential damages, and therefore less quantifiable. Nonetheless, the effects of identity theft to individual victims are devastating. The problem of identity theft is not a simple one and unfortunately continues to grow at an alarming rate. Identity theft is the fastest growing white collar crime in America; growing from fewer than 100,000 cases in 2000 to over 10 million new cases in 2006. At the same time that raw incidents of identity theft have grown, so has the scope and nature of the crime itself. While largely associated with financial consequences, identity theft crimes have gone well beyond credit reports into other more troubling areas. According to Federal Trade Commission statistics, only 30 percent of crimes reported last year were related to financial and credit report relevant matters. The newest and fastest growing segments of identity theft include medical, tax, and criminal related identity theft. As the scope and nature of the crime broadens, we also see the time and energy required to recover from the crime increasing. We are now faced with a crime that is happening to more individuals and is simultaneously escalating in severity and consequence for the victims. With current protections, identity theft is not a matter of ``if'' for consumers; it is a matter of ``when,'' as everyone will ultimately become a victim to some degree. These trends cannot be allowed to continue and the Subcommittee is in an excellent position to affect significant improvement on the current identity theft epidemic by enacting legislation that would directly affect the dissemination, use, and misuse of the social security number--undoubtedly the most important weapon in an identity thief's arsenal. The Social Security number was not designed to serve as a universal, unique, personal identifier. However, it has developed over time to fill that role in government, military, public and private sectors. Despite becoming the de facto standard, there have been very few formal development efforts for the protection of this important identifier, resulting in a dangerous imbalance between the importance and accessibility of the SSN on one hand, and the protections afforded to the individual on the other. I will detail a few case studies from ID Watchdog's own client base to show the problem of identity theft from a consumer point of view. I hope to illustrate the desperate need for legislative reform to ease the damage inflicted to a rapidly growing number of citizens. Case Study 1_Charlie W. (Colorado)Charlie W. realized that he was an identity theft victim when we performed a full background check on him in April of 2006. Analyzing thousands of reports in 13 crucial areas, ID Watchdog found the following fraudulent activity in Charlie's name: 2 traffic citations in Florida, several thousand dollars in medical bills in Washington, a traffic citation in Washington for driving with a suspended license, 3 felony convictions in Washington, a record of 144 days spent in jail in Washington, a warrant for his arrest for bail jumping in Washington, an arrest for DUI in Arizona, a second warrant for his arrest for failure to appear in Arizona, a new drivers license in Florida, a bill for an ambulance ride in Florida, and unaccounted-for 1099 income for work done in several states. Shortly after contracting with ID Watchdog to resolve these issues, Charlie's employer pulled a routine background check and found all of this data as well. Charlie was threatened with termination from his job, arrest, and extradition based on his active warrants. ID Watchdog intervened on his behalf and Charlie was neither arrested nor fired. However, it took several months of additional work to quash the outstanding warrants and to absolve him of the fraudulent debts. Charlie's problems started a decade ago when the perpetrator of his identity theft stole his wallet. The thief used Charlie's identification documents including his Social Security number to perfect his impersonation of Charlie. Despite not realizing that he was a victim, Charlie suffered numerous damages during this 10-year period. First, he paid inflated car insurance rates as a result of his damaged driving record. Second, his access to loans in order to finance and expand his business was limited due to his damaged credit reports. Third, Charlie paid inflated interest rates on his mortgage and other loans and credit lines due to his erroneously negative credit reports. These monetary damages were then coupled with the emotional damage related to his close call with his employer as well as the stress of completing the restoration process. Case Study 2_Anita J. (Colorado)Anita J. became a victim of identity theft after she began applying for mortgages online. Shortly after submitting her personal data to several mortgage brokerage sites, fraudulent activity began occurring within Anita's identity. Over the next several months an industrious identity thief purchased four properties in Anita's name. The combined value of the mortgages attached to these properties approached $1 million. Anita took a hiatus from her mortgage shopping and it wasn't until several months later, when she began investigating new mortgages again, that she realized she had been victimized. By the time she became aware of her problem; all four properties had been placed in foreclosure. Non-payment of the mortgages had dropped her credit scores more than 200 points. Collection companies eventually found Anita and began to demand payment for the delinquent accounts. Anita's credit card companies noticed the sudden drop in her credit scores and began to ratchet up her once low interest rates to above 20 percent. Appalled that all of this had occurred, Anita began the arduous process of repairing this damage and winning back her good name. Her efforts began to take a toll on her work. The long hours she spent writing letters to credit bureaus, dealing with title companies related to the properties, and phone calls made patiently trying to explain to unsympathetic collection agencies that ``they had the wrong person,'' eventually raised Anita's stress to unhealthy levels. She began to log the time she was spending on the problem and surpassed 400 hours before finally enlisting our help. Anita was quickly absolved of the debts that had illegally been acquired in her name. However, the rest of her case demanded more attention. Removing the delinquent mortgages and foreclosures from each one of her three credit reports presented a significant challenge--even with police reports and clear evidence of her innocence. Harder still was the removal of her name from public records related to the foreclosure and title work of the properties. This kind of straight forward ``new account'' ID theft is one of the most classic forms of the crime. Although the dollar amount involved is extremely high, this case and the steps required to solve it represent a very large portion of the 10 million cases of identity theft reported last year. Case Study 3_David H. (Illinois)David H. realized that he was a victim of identity theft after he returned to the United States from Japan, where he served in the US Air Force. David was victimized not by one, but two separate thieves in different parts of the country. After receiving a couple of mysterious calls from collection agents, David checked his credit report to find over 20 fraudulent accounts in his name. David was shocked to find cell phone accounts, credit cards, utilities, and hospital bills that were in his name, but that he did not open. Not only did David have no prior knowledge of these accounts, he was not even in the United States when they had been opened. David's predicament quickly became worse when he was informed by his manager at work that he was being fired because a background check found a felony drug conviction in Arizona. Once again, these alleged incidents occurred when David was abroad in the Air Force. After a long, drawn out process that involved filing extensive paperwork with the local magistrate in Arizona and reissuing a new driver's license, the arrest records were purged from David's background. Additionally, he was eventually reinstated to his old job; however, David's troubles were not yet over. Several months later, David received notice from the state of Illinois that 60 percent of David's wages were to be garnished due to unpaid child support payments. Not surprisingly, David had never met the woman who was receiving the payments, and was not in the country at the time the child was conceived or born. After two weeks of work and several in-person interviews with child services personnel, David was absolved from the payments. Military personnel have traditionally been at high-risk for identity theft because of the military's use of Social Security numbers for identification. The number is often prominently displayed on ID cards and even on an individual's bunks in some cases. To date, David has spent one and a half years defending himself from false accusations and restoring his good name. He has been subjected to harassment from collection agencies, his credit score has been crushed, and he had to endure the humiliation of being fired from his job under the stigma of a false criminal conviction. He has been falsely accused of fathering illegitimate children and nearly lost 60 percent of his income as a result. Adding final insult to injury, these problems all occurred while David was actively serving his country during wartime. David's case is an example of how there is probably too much reliance by data brokers on the Social Security number to authenticate the identity of persons in records from many different sources. Today, the majority of David's problems have been resolved and deleted from his records, however he lives in constant vigilance, because the thieves could go back to work at anytime. RecommendationsIn the criminal world, identity theft continues to grow in popularity. It is our opinion that 3 driving factors have contributed to this rise in popularity, and that these factors need to be addressed by any new legislation. These factors are: 1. The availability of the Social Security number. 2. The ease of use of this data to commit fraud due to lack of effective authentication procedures. 3. The lack of legal consequences for a thief. Identity thieves perceive identity theft as a low risk/high payoff crime. This perception will need to be altered to affect significant changes in the growth trends of the crime. The Availability of the Social Security Number Social Security numbers are simply used too much. Before using an identity to perform a crime, identity thieves must harvest personal identifying information such as name and Social Security number. The flow and availability of this information today affords thieves too many ways to obtain this data. Possible legislative changes to consider in order to improve this situation could include the following: Companies should be restricted from using the Social Security number for customer identification purposes. The Social Security number should be removed from easily accessible public records. Social Security numbers should be removed from all forms of identification that might be lost or stolen. Social Security numbers should never be sold to unaffiliated 3rd parties for any reason. The Ease of Use of This Data to Commit Fraud Due to Lack of Effective Authentication Procedures Once a thief has harvested a victim's identifying information, he must now use it for his own benefit. In almost all cases, slight modifications need to be made to a victim's identity before a crime can be committed. For example, a thief opening a new credit card account would need to fill out a credit application. On this application he would write the victim's name and Social Security number, but his own address and telephone number. With his own address on the application, the thief is ensured that the new card will be shipped to him rather than to the victim himself. With his own phone number, the thief will be able to call to activate the card from a phone number that he controls. Additionally, the thief would sign the application with his own signature, rather than the victim's. Standardized client authentication practices would greatly curtail potential identity thieves' ability to materially use identifying information to commit crimes and should be considered for new anti- identity theft legislation. These practices should include both high- tech approaches such as cross matching address history and name against Social Security number; and low-tech approaches such as signature verification. Such standards should be implemented universally for all entities that maintain and use the Social Security number and should come with meaningful penalties for non-compliance and negligence. The Lack of Legal Consequences for a Thief Other than the potentially easy and lucrative payouts of identity theft, thieves are motivated to commit the crime due to a low prospect of facing prosecution. Two sub-factors contribute to this perception of safety. First, existing legislation is too vague and oftentimes too different from jurisdiction to jurisdiction to be effective. Further clarification of penalties for the misuse of Social Security numbers and identity theft along with stricter penalties should be considered in any new legislation. Second, thieves currently exploit an environment of non-cooperation and non-communication that exists among the many entities involved in the investigation of identity theft. The result is a very low arrest rates for identity thieves. The multi- jurisdictional nature of the crime is at the heart of this problem. It is imperative for an over-reaching entity such as the Federal Trade Commission or the President's Identity Theft Task Force to coordinate between the various entities and jurisdictions involved in the investigation and prosecution and to facilitate open channels of cooperation and communication. With identity theft the thief and the victim are seldom in the same place, and as such it is imperative that disparate law enforcement agencies have the means to share information and resources. ConclusionThe statistics about identity theft are frightening. The sheer number of victims stands at an overwhelming 10 million per year. With such proportions, it is easy to become numb to these figures; however, it is a useful exercise to look at specific case studies to find general guidance for meaningful solutions. Additionally, it is vital for all of us to remain in tune with the specific pain and suffering that these crimes cause in order to maintain the proper motivation to find a solution. The Subcommittee has shown great leadership and tenacity over the past seven years in continuing to explore measures to limit identity theft. I implore you to continue your efforts and hope that when considering the costs associated with changes in legislation (especially costs to business), those costs should be weighed against the benefits that would be afforded to consumers such as Charlie W., Anita J., and David H. Chairman MCNULTY. Thank you, Mr. Yurek. Mr. Pratt. STATEMENT OF STUART PRATT, PRESIDENT, CONSUMER DATA INDUSTRY ASSOCIATION Mr. PRATT. Mr. Chairman, Ranking Member Johnson, and Members of the Committee, thank you for this opportunity to appear before you today. My name is Stuart Pratt. I am president and chief executive officer of the Consumer Data Industry Association. Let me start by saying that the CDIA supports efforts to limit the sale and display of the Social Security number to the general public. We also believe that sensitive personal information, like a Social Security number, should be secured. But we also believe in preserving the Social Security for legitimate uses for business to business and business to government transactions. Some context I think for that point is important. Forty million addresses change in this country every year. Three million last names change due to marriage and divorce. There are many other examples in our written testimony but in fact most identifiers change and our names are not unique. A unique identifier is important to fair information uses. Consumers have expectations and the Social Security number plays a role in meeting these expectations. Consumers expect data about them to be accurate. Consumers want to be protected from fraud. Data about them should be protected and secured. There are Federal laws that exist today, and they are effective and the operation of these should be preserved. Some examples are the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act and there are other examples in our testimony. But these laws restrict the use and display of the Social Security number. They restrict how it can be used, who can use it, and under what circumstances. Responsible uses of the SSNs do meet, I think, consumer expectations. This really just is not our view, the GAO concluded in a 2004 study that Social Security numbers are used to build tools that verify an individual's identity or match existing records since there is no widely accepted alternative, and we agree. The report further states that restricting business access to Social Security numbers would hurt consumers and possibly aid identity thieves, since it would be more difficult for businesses to verify an individual's identity. Again, we agree. The Federal Trade Commission in its own testimony has stated that SSNs play a vital role in our economy, enabling businesses and government and others to match information to proper individuals. For example, consumer reporting agencies use SSNs to ensure the data furnished to them is placed in the correct file, that they are providing the right report for the consumer. SSNs are used for locator services, to find lost beneficiaries, witnesses, law violators, to collect child support, to enforce judgments. But the SSN is not the final word on identity verification, and I think that this point is very important. The SSN plays a role, it is an important role, but data matching does not equate to identity verification or authentication. Our Members in fact produce one billion fraud likelihood assessments each year. We also produce 1.4 billion identity verification assessments each year. It is not just about data matching. Identity verification is much more. It is a risk assessment based on the deployment of a range of tools that consider matches of data, but they also consider application data. They also consider timing of application and various components of identity and whether or not they have been used previously in fraudulent applications. We also recognize that the Social Security number has value in public records and this is important for this Committee's consideration. Public records play a vital role in our society. Bankruptcy records, tax liens and judgments are part of a credit report. Public records help in the location of missing and exploited children. Validating professional licenses is critical for the health care industry. Without an SSN to tie these records together, a consumer can simply alter an address, change a name and separate himself or herself from the record. Preserving the SSN in public records is essential, but our Members do support State Government efforts to redact the SSN from the display to the general public, and we think there is good progress being made on that front. Finally, some building blocks of good public policy should include preemption. If you are going to establish a national standard, let's get it right and have a national standard and not a fifty-first state law. Preserve the operation of current laws, like the Fair Credit Reporting Act, and I think this is where we may differ with some of the approaches thus far. The Fair Credit Reporting Act is a well-established statute, as is the Gramm-Leach-Bliley Act, including information safeguards. Ensure that the appropriate rulemaking authority is bounded and that it takes into consideration small business implications and the Regulatory Flexibility Act. In conclusion, our Member's uses of the SSN meet consumer expectations. Data used is accurate, fraud can be prevented, identities can be better verified, public records are useful in our society. We appreciate this opportunity to testify, and we look forward to your questions. [The prepared statement of Mr. Pratt follows:] Prepared Statement of Stuart Pratt, President, Consumer Data Industry Association Chairman McNulty, Ranking Member Johnson and members of the subcommittee, thank you for this opportunity to appear before you today to discuss the importance of Social Security numbers. For the record, my name is Stuart Pratt and I am president and CEO of the Consumer Data Industry Association.\1\ --------------------------------------------------------------------------- \1\ CDIA, as we are commonly known, is the international trade association representing over 300 consumer data companies that provide fraud prevention and risk management products, credit and mortgage reports, tenant and employment screening services, check fraud and verification services, systems for insurance underwriting and also collection services. As we will discuss below, the secure and protected use of the social security number (SSN) is an important key to the effectiveness of these systems and services. --------------------------------------------------------------------------- Our members applaud this committee for the thoughtful and open dialogue that you have fostered regarding how Social Security numbers are used, to identify risks associated with such use, and to address these risks in a reasonable, targeted fashion. As a preliminary matter, CDIA supports efforts to limit the sale and public display of Social Security numbers. CDIA's members do not publicly sell or display Social Security numbers to the general public, and we oppose such activity. However, as will be discussed below, such restrictions have to be carefully considered, balanced and bounded so that restrictions on use do not interfere with legitimate business uses of SSNs to detect and prevent ID theft and financial fraud and for other beneficial purposes. The SSN is the only unique, individual identifier that follows a person throughout their lives, literally from the time they are born. SSNs are important to the smooth operation of today's economy because there is no other single identifier that serves the same purpose as effectively as the SSN. Although there are other identifiers that may serve similar purposes in some contexts, there are no other identifiers that serve this role across all individuals and circumstances. For instance, name and address can't be used because they are too common, change due to marriage and divorce, and, according to the U.S. Census Bureau, 42 million consumers move every year. Even for consumers who's address and name are constant, they do not always use their identifiers inconsistently (i.e., in some instances they will use a nickname, and may inconsistently use their generational designations (e.g., III, or Sr.)). There are also times where consumers themselves make mistakes when completing applications. Thus, a consumer's identifiers may be presented in different ways in different databases and, in some cases, the data may be partially incorrect. Further, personal identifiers such as name and birthday, are generally not as unique as we may believe they are. Further, the use of other alternatives that could possibly serve as a substitute for an SSN, such as a cell phone number or driver's license number, is often restricted by law. Thus, the SSN is a truly unique identifier. As the only unique identifier, the use of the SSN has migrated beyond simply keeping track of social security payments, even within the Federal Government itself. For example, it is used for tax purposes, Selective Service registration, employment verification, the provision of government benefits and a host of other uses. In addition, the use of the SSN is often mandated by the Federal Government. For instance, the Treasury Department regulations regarding PATRIOT Act compliance for financial institutions in many instances requires financial institutions to use the consumer's full SSN, as obtained from ``trusted [private] sources,'' such as credit bureaus. Additionally, many State laws require the use of the SSN for a wide range of important purposes dependent on accurate identification. For instance, to meet requirements of the law, government data often must be cross-checked or enhanced with data from private sector databases. For the private sector, the role of the SSN is that it serves as a unique identifier that is permanent, so a consumer cannot voluntarily relinquish it in bad times, and it is consistent across various systems. For example, a financial institution, a wireless communications company and a hospital can all rely on the same identifier for widely divergent purposes, all to help ensure that the individual before them is the person they believe is before them. Said differently, after having verified that a consumer is legitimate, a bank, for example, can then create a unique identifier such as a customer or PIN number. But as long as the bank is dependent on third- party sources to cross-check applicant data, unique identifiers must cut across external data sources. CURRENT LAW PROTECTS THE PUBLIC FROM INAPPROPRIATE USE There are several federal and state laws and regulations that restrict the use or disclosure of SSNs, including: the Gramm-Leach- Bliley Act (15 U.S.C. 6826(b)) and its implementing regulations (``Privacy Rule''); the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.); Section 5 of the FTC Act (15 U.S.C. 41-51); the Fair Debt Collection Practices Act (15 U.S.C. 1601 et seq.); the Health Insurance Portability and Accountability Act (Pub. L. 104-191); and the Drivers Privacy Protection Act (18 U.S.C. 2721 et seq.). Together, these laws restrict the use and display of SSNs, how they can be used, who they can (and can't) be shared with, and under what circumstances. The use of the SSN by Credit Reporting Agencies (CRAs), for instance, is governed by both the FCRA and, in most instances, GLB as well. These statutes limit how and when CRAs can disclose SSNs, to whom, and under what circumstances. For instance, many CDIA-member products are focused on helping consumers to gain access to the goods and services for which they apply--assisting a lender or other service provider in determining a consumer's eligibility. These products are regulated under the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.) as ``consumer reports.'' Eligibility determinations include applications for any type of credit including unsecured credit, home purchases, auto financing, home equity loans, as well as for insurance of all types, employment, government benefits, apartment rentals, and for other business transactions initiated by the consumer. The FCRA, enacted in 1970, has been the focus of careful oversight by the Congress, resulting in significant changes in both 1996 and again in 2003. There is no other law that is so current in ensuring consumer rights and protections are adequate. Similarly, some fraud detection tools are regulated under GLBA, and the use of data regarding those products is similarly circumscribed. Beneficial Uses of the SSN Because the SSN allows for consistency across various systems and data bases, there are a number of ways that the SSN is used that benefits consumers. Further, without the availability of the SSN, many of the products and services that consumers take for granted today could become more scarce. For instance, CDIA's members produce a range of critical consumer data products which bring great value to individual consumers, to society, and to the nation's economy. Our members design products used for determinations of a consumer's eligibility for a product or service, to prevent identity theft and fraud and to aid in the location of consumers for a variety of reasons. (1) Proper File matching: Ensuring that data goes to the right file, and is reported about the right individual. Lydia Parnes, Director of the Bureau of Consumer Protection at the Federal Trade Commission, recently testified about the importance of Social Security numbers before the Senate Judiciary Subcommittee on Terrorism, Technology and Homeland Security: ``SSNs play a vital role in our economy, enabling businesses, government, and others to match information to the proper individual. For example, consumer reporting agencies use SSNs to ensure that the data furnished to them is placed in the correct file, and that they are providing the right credit report for the right consumer. SSNs also are used in locator databases to find lost beneficiaries, witnesses, and law violators and to collect child support and other judgments. Employers must collect SSNs for tax reporting purposes, and health care providers may need them to facilitate Medicare reimbursement.'' She went on to say that ``the SSN is valuable in enabling entities to match information to consumers. With 300 million Americans, many of whom share the same name, the SSN presents significant advantages as a means of identification because of its uniqueness and permanence.'' Financial institutions and others rely on full and complete information from credit bureaus. Complete information is necessary if the appropriate information is to be placed in the proper consumer account. As an example, a financial institution may obtain information from a credit bureau on its customer named Tom Jones. As you can imagine, there are thousands of Tom Joneses in the country. In fact, it is likely that many Tom Joneses share the same last four digits of their SSN. Therefore, a report with information pertaining to Tom Jones with the last four digits of 1234 may not provide the financial institution with sufficient information to determine to WHICH Tom Jones the report refers. SSNs, therefore, help to ensure that our members are more likely to load data to the correct file with a high degree of precision. This is particularly true where a new account has been opened and is being added to the consumer's file for the first time. Consumer reporting agencies of all types have, under the Fair Credit Reporting Act, a duty to maintain reasonable procedures to ensure the maximum possible accuracy of the file; SSNs help them meet this requirement. SSNs also help to ensure that the proper consumer's file is produced when a consumer applies for a benefit under the FCRA. If a consumer reporting agency cannot, with precision, identify the proper file of the consumer, it returns a message to the creditor indicating that no record was found. This result would likely lead to far higher credit denials for consumers due to the inability of the creditor to review the consumer's credit history. Said differently, the Fair Credit Reporting Act certainly does not contemplate the consumer reporting agency ``taking a guess`` as to which consumer's file must be accessed and thus this current liability coupled with the absence of the SSN would seriously impinge on the way in which credit is granted in this country today. (2) Identity Verification to Prevent Identity Theft and Fraud A number of CIDA members produce products that are used by financial institutions, insurance companies and others to verify the identity of an individual and ensure that the person they are interacting with is who they say they are. These products are very effective in detecting and preventing identity theft and financial fraud before it happens. The SSN helps businesses to prevent fraud by cross-checking applicant data against various other data sources in order to authenticate the consumers' identity. Absent the use of an SSN, these systems will be far less likely to trigger security protocols, which prevent the crime of identity theft. In 2004, the GAO conducted a study on Social Security numbers, and concluded that ``information resellers, credit reporting agencies and health care organizations use social security numbers to build tools that verify an individual's identity or match existing records since there is no widely accepted alternative.'' The report further states that ``restricting business access to social security numbers would hurt customers and possibly aid identify thieves since it would be more difficult for business to verify an individual's identity.'' (3) Other specific products and services are enabled and enhanced through the availability of the SSN: Access to home ownership: Every homeowner benefits from a credit reporting system that reduces the costs of all mortgage loans by a full two percentage points, thus putting literally thousands of dollars in disposable income into their pockets. Homeownership is no longer a luxury of the well-to-do, but is a truly democratized American dream enjoyed by nearly seventy percent of the population.\2\ The SSN helps to facilitate the efficient operation of this system, as described above. --------------------------------------------------------------------------- \2\ Kitchenman, Walter., U.S. Credit Reporting: Perceived Benefits Outweigh Privacy Concerns, Pp. 5 (1998). --------------------------------------------------------------------------- Child support payment enforcement: Access to SSNs dramatically increases the ability of child support enforcement agencies to locate non-custodial, delinquent parents (often reported in the news with the moniker ``deadbeat dads''). For example, the Financial Institution Data Match program required by the Personal Responsibility and Work Opportunity Reconciliation Act of 1996 (PL 104-193) led to the location of 700,000 delinquent individuals being linked to accounts worth nearly $2.5 billion. Child support enforcement agencies report that their efforts are far more effective when they have access to the parent's SSN. One agency reports that they are able to locate fully 80 percent more delinquent non-custodial parents when the SSN is available, and the Association for Children for Enforcement of Support (ACES), a private child support recovery organization, has stated that social security numbers are the most important tool for locating parents who have failed to pay child support. Locator Services--SSNs are used routinely by law enforcement to locate missing children, fugitives and witnesses to crimes. The ability to conduct an information search using an SSN is essential. Restrictions on access to SSNs in government records would hamper the ability of law enforcement to obtain this vital information. Further a number of states report that use of SSNs to match across data bases has greatly reduced entitlement fraud. For example, Pension Benefit Information (PBI), a private company that locates former employees that are due pension benefits, has indicated that in many cases the SSN becomes the only link between an employer and their former employees with vested benefits. Employees move, marry and change their name, but the one thing that remains constant is their SSN. Locating sex offenders--SSNs are used to locate registered and unregistered sex offenders. There are over 560,000 sex offenders in the U.S. Approximately twenty-four percent of these individuals fail to comply with address registration requirements mandated by law. Access to SSNs allows law enforcement to locate sex offenders even when the registration address has not been kept current. Employment/security screening: As discussed above, SSNs serve as vital links among disparate records that help businesses verify prospective employees' identities and conduct thorough, accurate background checks to ensure workplace safety and business security. Small business B-to-B transactions: An SSN is the key business entity identifier to virtually all sole proprietorships or partnerships; as a result, SSNs are necessary to facilitate business- to-business transactions between small businesses. Securitized credit markets: Confidence in the U.S. securities market is made possible by accurate financial histories compiled using the SSN as a key identifier. Restricting use of the SSN could undermine confidence in these securities, resulting in substantially higher consumer costs for credit, including mortgages and auto loans. Insurance fraud prevention--Insurance companies use public record information compiled using social SSNs to detect fraudulent insurance claims. According to the National Fraud Center, the average American household pays $200 to $400 a year in additional insurance premiums to offset the cost of fraud. This cost would likely increase if companies do not have the information they need to detect and prevent fraud. (4) Additionally, without the use of the SSN, consumers would suffer harm: Incomplete data harms consumers: There would likely be an decrease in the ability of consumer reporting agencies to properly match incoming information to the correct consumer about whom the information relates. Think about the consequence to consumers of having a consumer credit report that does not contain all of the accounts that they pay on time and which makes them eligible for the lowest cost loans. Incomplete data harms our banking system: The absence of the SSN would also put at risk the safety and soundness of lending decisions due to less information being included in consumer credit reports due to data matching problems. Incomplete data prevents consumer access to goods and services: Think about the consequence for consumers when a consumer reporting agency cannot locate the proper file on a consumer and thus a lender, insurer or other service provider wanting to do business with the consumer has to deny the application, or the consumer has to pay higher rates. INFORMATION SECURITY AND THE SSN As discussed above, the use of data like the SSN actually helps to prevent fraud and identity theft, by enabling better authentication of consumers, so that a lender knows that a loan applicant is you, and not an identity thief. However, concerns have been raised that the SSN is a ``key,'' and all a potential identity thief needs to ``unlock'' a consumer's credit--that simply is not true. There are 2 basic types of financial fraud that may be perpetrated against an individual. The first is fraud against a person's existing accounts, such as credit card fraud, where a thief obtains your account number or credit card, and charges items to that card or drains your existing bank account. While those instances are problematic, and may cause a consumer some stress while getting those problems rectified, they do not cause any long-term harm to the consumer; they suffer no financial liability, and such fraud does not impact their credit in any way. More than 2/3rds of all ``identity theft,'' as identified by the FTC, falls into this category. The second, and more serious type of financial fraud is what we term ``real name'' fraud, where a fraudster obtains a person's sensitive personal information, such as their SSN and other information, and somehow fools a lender into thinking that they are that person. This may enable the thief to open new credit accounts in a victim's name without the knowledge of the victim. While the victim is ultimately not responsible for the financial harm, this type of fraud can have serious repercussions for the victim. As discussed, while obtaining a person's SSN may potentially make them susceptible to identity theft, it takes a lot more information, and the ability to use it in a way that thwarts the fraud detection tools in place, to commit ``real'' identity theft. Further, the SSN plays a major role in helping to stop such fraud, as well. The availability of MORE information, rather than less, is the key to reducing reliance on the SSN. Database matching is often like finger-print matching--the more unique data points there are, the more ability there is to identify and authenticate an individual. Further, each piece of data reduces the reliance on every other piece. However, Congress has limited the use of alternatives, increasing the reliance on SSNs. For instance, there are other unique identifiers that could help reduce the reliance on SSNs, such as Driver's License numbers, that do exist. However, the Driver's Privacy Protection Act (DPPA) has limited the ability of data base companies to utilize those to supplement, or even supplant, the use of SSNs. Wireless cell phone numbers also have the potential to serve that purpose. However, while those numbers are not used for telemarketing, Congress has, in other contexts, considered limiting the utility of these numbers for identification and fraud detection purposes, as well. PUBLIC RECORDS AND THE SSN Public records play a vital in our society and bring value to the consumer. Bankruptcy records, tax liens and judgments are part of consumer ``credit'' reports used by lenders to make decisions that implicate safety and soundness. Records of eviction are critical to landlords who must themselves pay the bills and attempt to lease properties to consumers who will do the same. Validating professional licenses for employment screening agencies is yet another use of public records, as is accessing criminal histories. Through the development of nationwide databases of public record information, our members have solved the problems inherent in having to search through tens of thousands of federal and state court houses and agency databases. In this way, the SSN is as important an identifier in a public document as it is in a private-sector database. It is a critical identifier for all of the data management reasons we discuss above. Without an SSN, a consumer can simply alter a few items of information, such as moving to a new address, or even changing a name and thus separate himself/herself from a bankruptcy record, a tax lien, a record of eviction and even a criminal history, in some cases. Clearly this is not a positive outcome for consumers or for American businesses which are on the front lines of making, for example, fair and accurate risk based lending and employment decisions, while at the same time fighting identity theft and fraud. Some federal proposals have suggested that state agencies must limit access to the SSN. The concern of the CDIA's members is that this apparent unfunded mandate will drive under-funded state agencies to either stop requesting the SSN when processing vital records, or to simply deny all access to public records containing SSNs. It is important that public records, including those records containing SSNs, continue to be made available. The open public records system is the cornerstone of the U.S. democracy and economy. The debate about the presence of the SSN in public records has suggested a possible binary solution, where SSNs could be made available electronically for certain entities, but could possibly be redacted for publicly available electronic documents, though costs associated with such an unfunded mandate will have to be addressed. It is encouraging to hear state court organizations discussing strategies for protecting SSNs, and CDIA will continue to engage in these dialogues. However, while CDIA believes that disclosure of the SSN to the general public must be addressed, we also believe that public records must be made available, including SSNs, to those with an appropriate need. Ultimately, dialogue with state and federal agencies coupled with the advancement of technologies will address concerns about public records which contain SSNs. An unfunded mandate will destabilize the system of public records which is so important to our democracy. Some Additional Notes on Other Important Issues: Finally, there are a few additional issues I would like to highlight before I conclude: Legitimate business uses: It is important that any restrictions imposed on the sale or display of SSNs contain exceptions for legitimate business uses such as identity verification; detecting, preventing and investigating ID theft and fraud; locating individuals; collecting child support and other lawful debts; and for any purposes permitted under the Fair Credit Reporting Act and Gramm-Leach-Bliley Act. Preemption: Ensuring that the Social Security number issue is addressed in a uniform fashion, so that all consumers are protected, is a vital component of this debate. Any legislation that would restrict the sale or display of SSNs must contain federal preemption so that businesses are subject to a single, national law rather than having to comply with various state laws all with differing and potentially conflicting requirements. Exempt Current Law As discussed previously, SSNs are broadly covered by a whole host of current statutes. Instead of adding an additional compliance burden on top of those laws, we would urge the Committee to exempt practices already covered under existing laws. Minimize Rulemaking Authority Because so many business practices rely on stable laws, CDIA would urge the Committee to codify any changes to current law, to the extent possible, rather than granting broad authority to the regulatory agencies. Further Assisting Identity Theft Victims: Provide the Ability to ``Ping'' the SSN Database CRAs utilize very sophisticated tools to ensure the accuracy of their systems. However, in rare cases of identity theft, it would be useful for us to have the ability to cross-check our databases to determine if a particular SSN is associated with a particular person. This would be very useful in further helping ensure the accuracy of our databases, and could help contribute to the accuracy of our databases and the ability to help correct the records of Identity Theft victims. CONCLUSION In conclusion, you can see that the underlying theme in the discussion of SSN uses is that of balance and ultimately ensuring the security of the number. Law that imposes national uniform information security regulations on all who possesses the SSN in combination with a person's name and address, is the most responsible and constructive focus for Congress. In contrast, law that overreaches in attempting to limit use of the SSN is likely to merely take fraud prevention tools out of the hands of legitimate businesses at the expense of consumers. Ironically, to prevent fraud you must be able to crosscheck information. To maintain accurate databases, you must be able to maintain a range of identifying elements. Absent the availability of the SSN, we will be less able to build accurate databases, to accurately identify records and to help prevent identity theft through the development of fraud prevention and authentication tools. Ultimately consumers expect us all to accomplish the goals of protecting and securing the SSN, and also ensuring the accuracy and effectiveness of databases which contain information about them. Thank you for this opportunity to testify. Mr. JOHNSON. Thank you, Mr. Pratt. Mr. Gingerich, you may testify. STATEMENT OF JAMES D. GINGERICH, DIRECTOR, ADMINISTRATIVE OFFICE OF THE COURTS, SUPREME COURT OF ARKANSAS, ON BEHALF OF THE CONFERENCE OF STATE COURT ADMINISTRATORS, WILLIAMSBURG, VIRGINIA Mr. GINGERICH. Thank you, Mr. Johnson and Members of the Committee. It is an honor to appear before you to have the opportunity to share with you some of the work which has already been done and is being actively considered in our Nation's state court systems in this very important area of balancing the public access to court records with privacy concerns of individuals. As to the specific topic of the hearing today, our country's state court systems have been quite active, as this Committee has, in recognizing the serious threat to personal privacy which comes from public access to personally identifying information, such as the Social Security number. Previously, in hearings of this Committee, members of COSCA have testified about the work undertaken by the Conference of Chief Justices and the Conference of State Court Administrators in 2000 and 2001 to develop a recommended comprehensive policy on access to court records and suggested that those guidelines be adopted by every state supreme court in the United States. On August 1, 2002, CCJ and COSCA adopted the resolution endorsing the guidelines and encouraging their adoption. I am pleased to report that since that testimony, 20 state supreme courts have adopted the guidelines, another eight states have made revisions to their previously adopted rules based upon the guidelines and five states have commissions currently underway considering adoption of the guidelines. About 60 days ago, my own state of Arkansas became the most recent state to adopt a comprehensive policy after almost 2 years of study and debate. We utilized the recommended guidelines, as well as the good work which has been done in many of our sister states. As it relates to the Social Security number, let me just read you the rule that has now been adopted by the Arkansas Supreme Court. It applies to every court record in the state, whether it is a paper record or an automated record and whether it lies in the supreme court building or any rural courthouse in the state. ``The following information in case records is excluded from public access and is confidential absent a court order to the contrary . . . number four, Social Security numbers; number five, account numbers of specific assets, liabilities, accounts, credit cards and personal identification numbers; and number eight litigant addresses and phone numbers.'' Those three exceptions were all borne out of our concern about, and our many hours of debate about, the very real problem of identity theft. I have to suggest however that there were some things that we learned along the way to guide how we now implement that policy, which I think are consistent with your purposes. First of all, the suggestion that we should simply ban the use of the Social Security number from any non-Social Security related activity is not good public policy and has serious negative consequences on the efficient and accurate operation of State court systems. It also conflicts with many other important public policy goals, adopted both at the state level and at the Federal level, which require the use of a Social Security number. I will not go into all of the issues, but I think my written testimony recites the many, many ways in which courts legitimately and appropriately have need for that information to do the work of a court system; for example when judges need accurate and verifiable information in order to enter decisions about assets and income, especially in family law cases, and in some states for the accurate identification of parties. In Arkansas, we do not use the Social Security number at all in criminal cases but, for example, in our juvenile justice system, both in dependency and in delinquency cases we use it in order to accurately identify an individual. Our state public policy suggests that we are not going to fingerprint children and so it is the only way in which we can accomplish that. Those records are segregated and sealed but nonetheless it is an appropriate use of the Social Security number. There many other ways. So, for Arkansas it was not the case of barring the use of the Social Security number but in implementing policies to protect the information from unnecessary disclosure. There is a second thing we learned; eliminating or restricting access to the Social Security number when the collection of the Social Security number has been required by the court or is otherwise required by state or Federal law in the future is an appropriate policy which we support and which we intend to implement. As to the ``in the future,'' our own rule adopted by the Supreme Court in Arkansas provides that the implementation date will apply only to records that are created after January 1, 2009. After looking at the scope of the issues for those files that resided in courthouses in millions of records in 75 county courthouses across Arkansas, it is simply impossible for us to expect that local officials in those courthouses were going to have any ability to go back and redact all of those records. So, we looked forward in terms of doing the best we could. I should add, however, that our court specifically provided authority for the local court officials to redact earlier records if they are able to, and that will probably happen on a case by case basis. To the extent that collection of the Social Security number is required by the court, when courts are asking people for the information ourselves, we can control it, we can manage it; and so in Arkansas we will adopt a rule similar to that which already exists in Washington, Minnesota and North Dakota to separate that information in a separate court file, with only the main file being available to the public. The information like the Social Security numbers will be in a separate file and will be unavailable, either in paper or in the automated record. When the Social Security number is otherwise provided in a pleading, for example, or in something that is presented by a lawyer to the court, we have very little control over that; but Arkansas will adopt a rule that requires the attorneys or parties to protect that information. I realize I am out of time, Mr. Chairman, and I would just say in conclusion that we recognize the problem. I think our state supreme courts are doing a pretty good job of trying to get to the implementation of the policy which you desire, and we are looking forward to working with you and the Committee in that effort. Thank you. [The prepared statement of Mr. Gingerich follows:] Prepared Statement of James D. Gingerich, Director, Administrative Office of the Courts, Supreme Court of Arkansas, on behalf of the Conference of State Court Administrators, Williamsburg, Virginia Mr. Chairman and Members of the Subcommittee, The Conference of State Court Administrators (COSCA) is pleased to present testimony on today's hearing on protecting the privacy of the social security number from identity theft. SUMMARY Mr. Chairman and members of the subcommittee, the state court community has been grappling with the issue of protecting privacy as it relates to court records for the past few years. We are taking a proactive stance in protecting the privacy of individuals and their social security numbers, while at the same time maintaining traditional open court access. Today, we will share examples of what state courts that are doing on this via the approval of court rules. In collaboration with the Conference of Chief Justices (CCJ), we established a project entitled ``Public Access to Court Records: CCJ/ COSCA Guidelines for Policy Development by State Courts,'' which outlines the issues that a jurisdiction must address in developing its own rules, and provides one approach. The Guidelines touch on the use of social security numbers (SSNs) in court records as well as other private information. The entire text of the Guidelines can be found online at http://www.courtaccess.org/modelpolicy/ 18Oct2002FinalReport.pdf. Both CCJ and COSCA, adopted a resolution endorsing the Guidelines and urged the states to address them. Mr. Chairman, SSNs are pervasive in state court documents and procedures. The testimony that follows gives the subcommittee numerous examples of how we use SSNs in day-to-day court proceedings. For example, we use SSNs to insure that judges have the best evidence available to them. We also use SSNs to collect fines and restitution. In addition, many SSNs appear in the public record in many types of court cases including, but not limited to, bankruptcy, divorce and child support cases. My testimony also details the federal requirements imposed on us to collect SSNs for various reasons, for example, to track parents who are not paying child support. Mr. Chairman, we stand ready to work with you to craft solutions to address the problem of identity theft. We want to do our part to eliminate it. We are at the same time concerned about the effort to require us to redact or expunge SSNs that appear in public records. We feel that this type of requirement would impose an unfunded mandate on state courts in this country. The cost to fulfill this requirement would be high because many SSNs appear in paper documents as well as other hard-to-redact microfilm/microfiche. ABOUT COSCA Before I begin my remarks, I would like to provide some background on our group and our membership. I submit this testimony on behalf of the Conference of State Court Administrators (COSCA). The National Center for State Courts, of which I am President, serves as secretariat to COSCA. COSCA was organized in 1955 and is dedicated to the improvement of state court systems. Its membership consists of the principal court administrative officer in each of the fifty states, the District of Columbia, the Commonwealth of Puerto Rico, the Commonwealth of the Northern Mariana Islands, and the Territories of American Samoa, Guam, and the Virgin Islands. A state court administrator implements policy and programs for a statewide judicial system. COSCA is a nonprofit corporation endeavoring to increase the efficiency and fairness of the nation's state court systems. As you know, state courts handle 98 percent of all judicial proceedings in the country. The purposes of COSCA are: To encourage the formulation of fundamental policies, principles, and standards for state court administration; To facilitate cooperation, consultation, and exchange of information by and among national, state, and local offices and organizations directly concerned with court administration; To foster the utilization of the principles and techniques of modern management in the field of judicial administration; and To improve administrative practices and procedures and to increase the efficiency and effectiveness of all courts. Although I do not speak for them today, I also would like to tell you about the Conference of Chief Justices (CCJ), a national organization that represents the top judicial officers of the 58 states, commonwealths, and U.S. territories. Founded in 1949, CCJ is the primary voice for state courts before the federal legislative and executive branches and works to promote current legal reforms and improvements in state court administration. COSCA works very closely with CCJ on policy development and administration of justice issues. STATE COURTS ARE RESPONDING TO PRIVACY CONCERNS Mr. Chairman, let me begin by informing you of the progress that many state courts are making to protect individual privacy rights, while maintaining the American tradition of open courts. Through court rules, state court systems are changing their procedures for viewing and accessing court records as they relate to the appearance of social security numbers. Washington State, for example, is establishing a procedure for ``sealing'' family case court records containing privileged information such as social security numbers and financial information. In effect, Washington is creating two sets of records: a public and a private one. Vermont is placing the burden on parties to expunge or redact social security numbers from papers filed with the court. Minnesota is requiring that parties in a divorce case fill out a confidential information sheet, which contains social security numbers, to be kept separate from the official record. South Dakota adopted a rule that protects SSNs and financial account number information by requiring these numbers to be redacted from documents and submitted to the Court on confidential information forms. In addition to the proactive stance we are taking to this issue, we are also responding to some of the demands placed on our court systems by state legislatures and governors. In 2005, 53 bills were signed into law by governors dealing with social security number privacy. That's 17 more than in 2004; an increase of 46 percent. These bills range from simple prohibition of displays of SSNs on public records to new expansive criminal and civil statutes that punish wrongdoers and those that traffic in social security numbers as a means to steal a person's identity. In the 2006 sessions, state legislatures considered 176 measures dealing with social security numbers and privacy. Again, this number is an increase over the prior year. At the direction of the CCJ and COSCA leadership, we established a special subcommittee of the CCJ/COSCA Court Management Committee to explore privacy protection innovations and share them with the Congress and the Administration. This committee meets twice a year at our annual and mid-year meetings. This subcommittee has been researching the issue and is responsible for compiling examples of best practices in this area that I am presenting today. NATIONAL EFFORT TO CRAFT PUBLIC ACCESS GUIDELINES TO COURT RECORDS Our project entitled, ``Public Access to Court Records: CCJ/COSCA Guidelines for Policy Development by State Courts'' was a joint effort of CCJ/COSCA and the NCSC to give state court systems and local trial courts assistance in establishing policies and procedures that balance the concerns of personal privacy, public access and public safety. The State Justice Institute (SJI) funded this project in 2001 and it was staffed by the NCSC and the Justice Management Institute. The project received testimony, guidance and comments from a broad-based national committee that included representatives from courts (judges, court administrators, and clerks), law enforcement, privacy advocates, the media, and secondary users of court information. The Guidelines recommend the issues that a jurisdiction must address in developing its own rules governing public access. The Guidelinesare based on the following premises: Retention of the traditional policy that court records are presumptively open to public access The criteria for access should be the same regardless of the form of the record (paper or electronic), although the manner of access may vary The nature of certain information in some court records is such that remote public access to the information in electronic form may be inappropriate, even though public access at the courthouse is maintained The nature of the information in some records is such that all public access to the information should be precluded, unless authorized by a judge Access policies should be clear, consistently applied, and not subject to interpretation by individual courts or court personnel The Guidelines Committee examined the use of SSNs in current court practices. They looked at the inclusion of SSNs in bulk distribution of court records, and in other private information that courts traditionally protect, such as addresses, phone numbers, photographs, medical records, family law proceedings, and financial account numbers. Finally, the Committee examined various federal laws and requirements governing SSN display and distribution by state and local entities. On August 1, 2002, CCJ and COSCA endorsed and commended ``the Guidelines to each state as a starting point and means to assist local officials as they develop policies and procedures for their own jurisdictions.'' STATE COURTS' INTEREST IN COLLECTING AND USING SOCIAL SECURITY NUMBERS A question we are often asked is why do state courts utilize SSNs? What is the state court interest in collecting SSNs? Why do state courts need to require parties to provide their SSNs in the course of state court litigation? The following are some of the reasons we use them: Accurate determination of assets/income Judges need the most accurate information on assets and income when making their decisions, especially in family law cases. In many instances this involves examining assets by a social security number. There are numerous examples of individuals giving a false social security number to avoid paying child support, for example. The same logic applies in dealing with divorce cases in dividing assets. Identification of parties A growing number of court systems are using case management information systems in which an individual's name, address, and telephone number are entered once, regardless of the number of cases in which the person is a party. The advantage of these systems is to be able to update an address or telephone number for all cases in which the person is a party by a single computer entry. SSNs provide a unique identifier by which court personnel can determine whether the current ``John Smith'' is the same person as a previous ``John Smith'' who appeared in an earlier case. Courts have often used SSNs to identify criminal defendants as well as parties to civil cases. In the future, persons accused of crime will be identified by automated fingerprint identification systems (AFIS) which scan fingerprints and classify them electronically. The primary future need for SSNs as a means to identify individuals will therefore be in civil, not criminal, litigation. Collection of fees, fines and restitution by courts SSNs are the universal personal identifier for credit references, tax collection, and commercial transactions. When courts give a litigant an opportunity to pay an assessment resulting from a judgment in periodic payments, the court needs to be able to function as a collection agency. Having the convicted person's social security number is necessary for use of state tax intercept programs (in which a debt to the state is deducted from a taxpayer's state income tax refund) and other collection activities. Some states use additional means to enforce criminal fines and restitution orders, such as denial of motor vehicle registration; SSNs are often used for these purposes as well. Creation of jury pools and payment of jurors SSNs are a necessary part of the process by which multiple lists (for instance, registered voters and registered drivers) are merged by computer programs to eliminate duplicate records for individual citizens in the creation of master source lists from which citizens are selected at random for jury duty. Duplicate records increase an individual's chance of being called for jury duty and reduce the representativeness of jury panels. Some courts use SSNs to pay jurors as well. Making payments to vendors SSNs are used as vendor identification numbers to keep track of individuals providing services to courts and to report their income to state and federal taxing authorities. Facilitating the collection of judgments by creditors and government agencies Courts are not the only entities that need to collect judgements. Judgment creditors need SSNs to locate a judgment debtor's assets and levy upon them. Courts often require that the judgment debtor make this information available without requiring separate discovery proceedings that lengthen the collection process and increase its costs. Federal law now requires state courts to place the parties' SSNs in the records relating to divorce decrees, child support orders, and paternity determinations or acknowledgements in order to facilitate the collection of child support. On October 1, 1999, that requirement was extended to include the SSNs of all children to whom support is required to be paid. Notification to the Social Security Administration of the names of incarcerated and absconded persons The Social Security Administration cuts off all payments to persons incarcerated in federal, state or local prison or jails, and to person who are currently fugitives from justice. The savings to the federal budget from this provision are substantial. To implement this process, Social Security Administration needs to identify persons who have been sentenced to jail or prison and persons for whom warrants have been issued. The agency has traditionally obtained this information from state and local correctional agencies. See 42 USC Sec. ?1A402(x)(3) requiring Federal and State agencies to provide names and SSNs of confined persons to the Social Security Administration. The state courts of Maryland are involved in an experimental program to provide such information directly from court records. The Maryland program has two additional future advantages for state courts. First, the program offers the possibility of obtaining better addresses for many court records; social security and other welfare agencies have the very best address records because of beneficiaries' obvious interest in maintaining their currency. Second, cutting off benefits may provide a useful incentive for persons receiving benefits to clear up outstanding warrants without requiring the expenditure of law enforcement resources to serve them. Transmitting information to other agencies In addition to the Social Security Administration, many states provide information from court records to other state agencies. A frequently occurring example is the Motor Vehicle Department, to which courts send records of traffic violations for enforcement of administrative driver's license revocation processes. These transfers of information often rely upon SSNs to ensure that new citations are entered into the correct driver record. POTENTIAL LEGISLATION Mr. Chairman, in the past, this subcommittee has considered various pieces of legislation that would, in some form or another, prohibit the display of a person's social security number on a public record. Blanket prohibitions like these will place courts in the position of trying to comply with conflicting public policies. We submit the following questions for your consideration: The Welfare Reform Law requires courts to collect SSNs on court orders granting divorces or child support or determining paternity. State laws contain similar requirements in other types of cases in some states. What steps must a court take to restrict access to these documents, which are matters of public record in most states? SSNs appear in many financial documents, such as tax returns, which are required to be filed in court (e.g., for child support determinations) or are appended to official court documents, such as motions for summary judgments. What steps must a court take to restrict access to these documents, which are also matters of public record in most states? We were encouraged by language in the report accompanying HR 2971 (Rept.108-685, Part 1, p. 21) in the 108th Congress dealing with incidental vs. non-incidental appearances of SSNs in public records: During Social Security Subcommittee hearings on the bill, court and other public records administrators testified they receive numerous documents filed by individuals, businesses, and attorneys that often include SSNs the government did not require to be submitted, and of which they are therefore unaware. They stated redaction of ``incidentally'' included SSNs would create a serious administrative burden, and it would require significant resources to review each document and redact such incidental SSNs . . . With respect to SSNs submitted in court documents absent the court's requirement to do so, the individual communicating the SSN in the document, not the court, would be held responsible according to Section 108 of the bill. (Emphasis ours) In drafting social security legislation, we respectfully ask that you expand on the above sentiments in actual legislative language of any future bill. Courts will have substantial increased labor costs in staff time to redact or strike the appearance of SSNs in paper records or in microfilm/microfiche if a redaction requirement is imposed. In the event you draft legislation dealing with redaction, we urge you to make a distinction between existing court records/documents and future documents. For example, requiring a court to retroactively redact or expunge old records would be a nightmarish task due to the cost in staff time and the actual compiling of said court records. Finally, in an effort to make courts and court records more open, many courts are now beginning to make available many public records on the internet either as text/character documents or by scanning and placing them online through imaging software (PDF files). While the removal of SSNS in text/character documents may be relatively easy in some computer generated records (XML), other scanned records, such as PDF files, will be harder to change necessitating more staff and an increase in labor costs. OUR FUTURE COURSE OF ACTION CCJ and COSCA have recommended that state courts adopt the following policies, unless state law directs them otherwise, to protect citizen privacy while providing service to litigants: Official court files State courts should not attempt to expunge or redact SSNs that appear in documents that are public records. As was mentioned earlier, federal law requires state courts to place the parties' SSNs in the records relating to divorce decrees, child support orders, and paternity determinations or acknowledgement in order to facilitate the collection of child support. The purpose of placing that data on judgments is not just to provide it to child support enforcement agencies; it is also to provide it to the parties themselves for their own private enforcement efforts. Any other interpretation puts the courts in an untenable position--having an affirmative obligation to provide judgments in one form to parties and child support enforcement agencies and in another form to all other persons. This same reasoning applies to income tax returns or other documents containing SSNs filed in court. It would be unreasonable, and expensive, to expect courts to search every document filed for the existence of SSNs. Further, court staff has no authority to alter documents filed in a case; the social security number may have evidentiary value in the case--at the very least to confirm the identity of the purported income tax filer. Case management information databases Data in automated information systems raises more privacy concerns than information in paper files. Automated data can be gathered quickly and in bulk, can be manipulated easily, and can be correlated easily with other personal data in electronic form. Data in an automated database can also be protected more easily from unauthorized access than data in paper files. It is feasible to restrict access to individual fields in a database altogether or to limit access to specific persons or to specific categories of persons. Consequently, state courts should take steps to restrict access to SSNs appearing in court databases. They should not be available to public inquirers. Access to them should be restricted to court staff and to other specifically authorized persons (such as child support enforcement agencies) for whose use the information has been gathered. Staff response to queries from the public When court automated records include SSNs for purposes of identifying parties, court staff should be trained not to provide those numbers to persons who inquire at the public counter or by telephone. However, staff may confirm that the party to a case is the person with a particular social security number when the inquirer already has the social security number and provides it to the court staff member. In short, staff may not read aloud a social security number, but may listen to a social security number and confirm that the party in the court's records is the person with that number. This is the same distinction applied to automated data base searches. This distinction is one commonly followed in federal and state courts. CONCLUSION Mr. Chairman, we recognize the role of SSNs in the incidence of identity theft cases. The current state of affairs with regards to the treatment of SSNs provides lawbreakers the continued opportunity to exploit the current system at the expense of ordinary Americans. The threat of identity theft is real and we want to do our part to eliminate it. I have presented several ways our courts utilize SSNs. Finding solutions to protect an individual's privacy will be complex and difficult. Many state courts are already taking steps to fashion solutions in response to the problem. I remind you of the earlier mentioned approaches from Washington, Vermont, Minnesota and South Dakota. Other states are experimenting with different approaches. Thank you for asking for our input on this important matter. The Conference of State Court Administrators stands ready to work collaboratively and cooperatively to craft solutions to this important issue. I will be happy to answer any questions you may have. Chairman MCNULTY. Thank you, Mr. Gingerich. Dr. Anton. STATEMENT OF ANNIE I. ANTON, ASSOCIATE PROFESSOR OF SOFTWARE ENGINEERING, NORTH CAROLINA STATE UNIVERSITY, RALEIGH, NORTH CAROLINA, ON BEHALF OF THE ASSOCIATION FOR COMPUTING MACHINERY Ms. ANTON. Good morning, Chairman McNulty, Ranking Member Johnson and members of the Subcommittee. Thank you for the opportunity to testify today. This statement represents my own personal position as well as that of the Association for Computing Machinery's U.S. Public Policy Committee. By way of introduction, I am an associate professor at North Carolina State University and director of an academic privacy research center. In addition, I serve on several industry and government boards of technical advisors, including the DHS State of Privacy and Integrity Advisory Committee. Right now, personal information about you, me and millions of Americans is being compiled, accessed, sold and exchanged among businesses and government agencies. Yet, we should all be concerned. Is that personal information protected? Is it being shared only among those with a legitimate need for it? Can criminals easily access our personal information? These concerns are compounded by three factors: First, the widespread use of Social Security numbers has made it a de facto national identification number; second, computing technologies enable us to collect and exchange and analyze personal information on an unprecedented scale; and, third, there are widespread problems with cyber security leading to frequent and large security breaches. In particular, technology allows personal information to be combined with Social Security numbers, thus creating a convenient way to track individuals across public and private records. This raises privacy concerns, and these concerns are exacerbated because many businesses use the Social Security number as both an identifier and an authenticator. The terms ``identifier'' and ``authenticator'' have specific technical meanings that are often confused. An ``identifier'' is a label associated with a person. An ``authenticator'' provides the basis to believe that somebody is accurately labeled by some given identifier. So, authenticators might be something you know, like a secret password or a pin, something you have, like the key to your house, and something you are, such as a biometric. A Social Security number is an identifier. It is something that anyone can know, and many will, so it is not a secret. Hence, it is unuseable as an authenticator. Even though many organizations use it in this way, and this is a very big problem. My passport picture coupled with a tamper evidence security seal is an authenticator because it links me, something I am, as embodied my photograph, with my identity. Using Social Security numbers for both identification and authentication makes them much more valuable to a criminal who is intent on stealing someone's identity. This is a problem of our own making and it is a problem that we can eliminate. In the time remaining, I will highlight a few recommendations from my written testimony. First, we should move away from authentication based on information that is easily compromised. Social Security numbers or mother's maiden names are poor choices for authentication. Second, individuals should be empowered to control the dissemination of their Social Security numbers. Congress can support this by protecting citizens who prefer not to provide a Social Security number when conducting business that does not legally require it. Third, we should reduce the exposure of citizen Social Security numbers by prohibiting their display on ID cards and in public records and by redacting them from existing public records. For example, Choice Point is now redacting Social Security numbers and other personal information from reports that it provides to its clients. This practice should be required at other companies and organizations, especially data brokers and credit bureaus. Finally, we should require stronger security practices during the transmission and storage of Social Security numbers and all other personal information. In conclusion, Congress is the only entity that can make meaningful changes to protect the privacy and identities of U.S. citizens. We are encouraged by your attention to these issues, and the computing professionals that I represent stand ready to help you in your efforts. Thank you for your attention. I will be happy to answer any questions. [The prepared statement of Ms. Anton follows:] Prepared Statement of Ana I. Anton, Ph.D. Associate Professor, North Carolina State University [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Chairman MCNULTY. Thank you, Dr. Anton. Welcome back, Mr. Rotenberg. STATEMENT OF MARC ROTENBERG, EXECUTIVE DIRECTOR, ELECTRONIC PRIVACY INFORMATION CENTER Mr. ROTENBERG. I seem to have a technological problem but thank you, Mr. Chairman, Mr. Johnson and Members of the Subcommittee. It is nice to be with you this morning, and I appreciate the opportunity to testify on this issue. I have over the years appeared before the Subcommittee on the Social Security number issue. I have also litigated a number of the leading Social Security number privacy cases, one of which involved a resident in Virginia a number of years ago who was asked by the state secretary to provide his Social Security number when he went to register to vote. He did not object to that, what he objected to was the fact that the state of Virginia was publishing his Social Security number in the public voting rolls, and he said that that was a threat to his personal privacy. We wrote a brief for the Federal Appeals Court at that time, before people even used the phrase ``identity theft'' and we said if you make the Social Security number available, it will make it easier for people to commit the crime of financial fraud. Fortunately, the court agreed with us. The state of Virginia and many other states changed their practices. Unfortunately, as you know, this problem has become quite a bit more severe over the last several years. I am going to say a few words about that today. One of the key points I wanted to make this morning is actually I think the Privacy Act 1974 saw this problem coming and there is a provision in the Privacy Act that says very clearly that the Federal Government should try to minimize the collection and use of the Social Security number. It really should only be used for the original intended purposes, as well as a few others that have been authorized by law, including the use as a taxpayer identification number. But, as we all know, today the Social Security number is widely used across the Federal Government. It is used also in the financial services sector, which for some of the reasons that Professor Anton has described, creates a particular problem for consumers in this country. The Social Security number is both an identifier and a password. If you have access to someone else's Social Security number, there is a very good chance that you are going to be able to pull up the records on that person and also use the number to get access to the content of those records, and that is precisely what identity thieves do when they use the Social Security number to get access to someone's credit record information. Now, I describe in my testimony the problem has not escaped the notice of the White House. The President established a Task Force on Identity Theft, it was cochaired by the Attorney General, the chair of the Federal Trade Commission. We spent a lot of time on that task force, and we made some very specific recommendations. The task force rightly said that Social Security numbers were contributing to this problem but in our view, they did not go far enough to recommend strong solutions to diminish the problem. They wanted more enforcement authority to go after people who committed the crime of identity theft, but they did not do enough in our opinion to limit the collection and use of the Social Security number to really get to the problem at its source. So the rest of my testimony talks about some of the specific suggestions and actions that I believe the Congress could take to limit the problems associated with the misuse of the Social Security number, not using it for example as a record identifier, particularly in the private sector, not publicly displaying it on Web sites, not putting it on identity cards. As I also describe, and it speaks to an issue that you raised earlier, Mr. Ryan, I think the more difficult we make it for people to use the Social Security number as a general purpose identifier, the more likely it is that businesses will come up with other systems of identification that are appropriate for a specific context. If we think about it, this is actually our commonsense understanding of what an identifier should be. You have a bank account number for your banking relationship. You have a credit card number for your credit relationship. You probably have a number for your utility bill. That is actually a very good thing because if one of those numbers are compromised, it does not create a risk for you that all the other account information will be compromised. But part of the way to make that system work is to not let businesses cut corners by using the Social Security number in place of their own record identifier. So, that is a very important part of our recommendation for you today. Regarding the bill that has passed out of the Committee on Energy and Commerce, we think it is a good bill. It includes a lot of important provisions, but we do have a couple of specific recommendations that we think could make it a bit stronger. One issue we are particularly concerned about, and I know it is something that this Committee has considered in the past, and that is the issue of state pre-emption. Now, you know if you pre-empt the states in this area, a lot of legislation that has already been passed that protects the privacy of the Social Security number will be effectively overwritten, and I think that could be very problematic, particularly in this area where things are developing so quickly. So, what I would urge you to do on that issue is to establish a Federal base line, make the national standard the floor. For the states where there is not protection, you will give them protection. But if it is a baseline, you allow the states that are doing more and trying to anticipate some of the new problems to go forward and maybe give you some material for the next bill. So, thank you very much for the opportunity to testify. [The prepared statement of Mr. Rotenberg follows:] Prepared Statement of Marc Rotenberg, Executive Director, Electronic Privacy Information Center I. Introduction Chairman McNulty, Ranking Member Johnson, and Members of the Subcommittee, thank you for the opportunity to testify on the misuse of the Social Security number and the escalating problem of identity theft My name is Marc Rotenberg and I am Executive Director of the Electronic Privacy Information Center. EPIC is a non-partisan research organization based in Washington, D.C.\1\ Founded in 1994, EPIC has participated in the leading cases involving the privacy of the Social Security number and has frequently testified in Congress about the need to establish privacy safeguards for the Social Security number to prevent the misuse of personal information.\2\ --------------------------------------------------------------------------- \1\ EPIC maintains an archive of information about the SSN online at http://www.epic.org/privacy/ssn/ [``EPIC SSN Page'']. \2\ See, e.g., Greidinger v. Davis, 988 F.2d 1344 (4th Cir. 1993) (``Since the passage of the Privacy Act, an individual's concern over his SSN's confidentiality and misuse has become significantly more compelling''); Beacon Journal v. Akron, 70 Ohio St. 3d 605 (Ohio 1994) (``the high potential for fraud and victimization caused by the unchecked release of city employee SSNs outweighs the minimal information about governmental processes gained through the release of the SSNs''); Marc Rotenberg, Exec. Dir., EPIC, Testimony at a Joint Hearing on Social Security Numbers & Identity Theft, Before the H. Fin. Serv. Subcom. on Oversight & Investigations and the H. Ways & Means Subcom. on Social Security, 104th Cong. (Nov. 8, 2001), available athttp://www.epic.org/privacy/ssn/testimony_11_08_2001.html; Chris Jay Hoofnagle, Legislative Counsel, EPIC, Testimony at a Joint Hearing on Preserving the Integrity of Social Security Numbers and Preventing Their Misuse by Terrorists and Identity Thieves Before the H. Ways & Means Subcom. on Social Security & the H. Judiciary Subcom. on Immigration, Border Sec. & Claims, 105th Cong. (Sept. 19, 2002), available at http://www.epic.org/privacy/ssn/ssntestimony9.19.02.html. --------------------------------------------------------------------------- Two weeks ago in testimony, I urged the Subcommittee to strengthen the privacy safeguards for the proposed Employment Eligibility Verification Systems and warned that the errors in the Basic Pilot will be exacerbated by the increased dependence on the SSN.\3\ And, about a year ago, I urged Members of this Subcommittee to reject the use of the SSN as a national identifier and to ensure the development of adequate privacy and security safeguards to address the growing crisis of identity theft.\4\ --------------------------------------------------------------------------- \3\ Marc Rotenberg, President, EPIC, Testimony at a Hearing on Employment Eligibility Verification Systems Before the H. Ways & Means Subcom. on Social Security, 110th Cong. (June 7, 2007), available at http://www.epic.org/privacy/ssn/eevs_test_060707.pdf. \4\ Marc Rotenberg, President, EPIC, Testimony at a Hearing on Social Security Number High-Risk Issues Before the H. Ways & Means Subcom. on Social Security, 109th Cong. (Mar. 16, 2006), available at http://www.epic.org/privacy/ssn/mar_16test.pdf. --------------------------------------------------------------------------- Today, my statement will focus on the dramatic increase in identity theft in the United States that has resulted directly from the misuse of SSN and the need to pass comprehensive legislation to limit the use of the SSN as well the need to develop better systems of identification that are more robust. II. Summary of Social Security Number History Social Security numbers have become a classic example of ``mission creep,'' where a program designed for a specific, limited purpose has been transformed for additional, unintended purposes, some times with disastrous results. The pervasiveness of the SSN and its use to both identify and authenticate individuals threatens privacy and financial security. These risks associated with the expanded use of the Social Security number and identification cards underscore the importance of the hearing today. The SSN was created in 1936 for the purpose of administering the Social Security laws. SSNs were intended solely to track workers' contributions to the Social Security fund. Legislators and the public were immediately distrustful of such a tracking system, which can be used to index a vast amount of personal information and track the behavior of citizens. Public concern over the potential abuse of the SSN was so high that the first regulation issued by the new Social Security Board declared that the SSN was for the exclusive use of the Social Security system. Over time, however, legislation allowed the SSN to be used for purposes unrelated to the administration of the Social Security system. For example, in 1961 Congress authorized the Internal Revenue Service to use SSNs as taxpayer identification numbers. A major government report on privacy in 1973 outlined many of the concerns with the use and misuse of the Social Security number that show a striking resemblance to the problems we face today. Although the term ``identify theft'' was not yet in use, Records Computers and the Rights of Citizens described the risks of a ``Standard Universal Identifier,'' how the number was promoting invasive profiling, and that many of the uses were clearly inconsistent with the original purpose of the 1936 Act. The report recommended several limitations on the use of the SSN and specifically said that legislation should be adopted ``prohibiting use of an SSN, or any number represented as an SSN for promotional or commercial purposes.'' \5\ --------------------------------------------------------------------------- \5\ Dep't of Health, Educ. & Welfare, Secretary's Advisory Comm. on Automated Personal Data Systems, Records, Computers, and the Rights of Citizens 125-35 (MIT1973), available at http://www.epic.org/privacy/ hew1973report/. --------------------------------------------------------------------------- In enacting the landmark Privacy Act of 1974, Congress recognized the dangers of widespread use of SSNs as universal identifiers, and included provisions to limit the uses of the SSN. The Privacy Act makes it unlawful for a government agency to deny a right, benefit or privilege because an individual refuses to disclose his or her SSN. Section 7 of the Privacy Act specifically provides that any agency requesting that an individual disclose his or her SSN must ``inform that individual whether that disclosure is mandatory or voluntary, by what statutory authority such number is solicited, and what uses will be made of it.'' \6\ The Privacy Act makes clear Congress' recognition of the dangers of widespread use of SSNs as universal identifiers. --------------------------------------------------------------------------- \6\ Privacy Act of 1974, 5 U.S.C. Sec. ?1A552 (a) (2006). --------------------------------------------------------------------------- The Senate Committee report stated that the widespread use of SSNs as universal identifiers in the public and private sectors is ``one of the most serious manifestations of privacy concerns in the Nation.'' Short of prohibiting the use of the SSN outright, Section 7 of the Privacy Act provides that any agency requesting that an individual disclose his SSN must ``inform that individual whether that disclosure is mandatory or voluntary, by what statutory authority such number is solicited, and what uses will be made of it.'' This provision attempts to limit the use of the number to only those purposes where there is clear legal authority to collect the SSN. It was hoped that citizens, fully informed that the disclosure was not required by law and facing no loss of opportunity in failing to provide the SSN, would be unlikely to provide an SSN and institutions would not pursue the SSN as a form of identification. But the reality is that today the SSN is the key to some of our most sensitive and personal information. The financial services sector, for instance, has created a system of files, keyed to individuals' SSNs, containing personal and financial information on nearly 90 percent of the American adult population. This information is sold and traded freely, with virtually no legal limitations. In addition, credit grantors rely upon the SSN to authenticate a credit applicant's identity. Many cases of identity theft occur when thieves apply using a stolen SSN and their own name. Despite the fact that the names, addresses, or telephone numbers of the thief and victim do not match, accounts are opened and credit granted using only the SSN as a means of authentication.\7\ --------------------------------------------------------------------------- \7\ See, e.g., TRW, Inc. v. Andrews, 534 U.S. 19 (2001) (Credit reporting agencies issued credit reports to identity thief based on SSN match despite address, birth date, and name discrepancies); Dimezza v. First USA Bank, Inc., 103 F. Supp.2d 1296 (D. N.M. 2000) (same). See also United States v. Peyton, 353 F.3d 1080 (9th Cir. 2003) (Credit issued based solely on SSN and name, despite clear location discrepancies); Aylward v. Fleet Bank, 122 F.3d 616 (8th Cir. 1997) (same); Vazquez-Garcia v. Trans Union De P.R., Inc., 222 F. Supp.2d 150 (D. P.R. 2002) (same). --------------------------------------------------------------------------- Even the government is susceptible to identity theft based solely on obtaining an SSN and the name associated with it. Stolen SSNs are used to file fraudulent tax returns and to seek refunds owed to other citizens. When the proper owner of the SSN files his tax return it may be rejected as a duplicate and he may be required to spend time fixing his records in order to receive his tax refund.\8\ --------------------------------------------------------------------------- \8\ President's Identity Theft Task Force, Combating Identity Theft: A Strategic Plan 21 (April 23, 2007) [``ID Theft Task Force Report''], available at http://www.idtheft.gov/reports/ StrategicPlan.pdf. III. President's ID Theft Task Force and Nexus Between SSNs and --------------------------------------------------------------------------- Identity Theft The growing misuse of the Social Security number and the associated problem of Identity Theft have not escaped the notice of the White House. In May 2006, the President established an Identity Theft Task Force to ``track down on the criminals who traffic in stolen identities and protect American families from this devastating crime.'' \9\ The Task Force, chaired by the Attorney General and the FTC Chair, was expected to protect the financial information of citizens and reduce the threat of identity theft, which the FTC now annually reports is the number one concern of American consumers.\10\ --------------------------------------------------------------------------- \9\ Press Release, Office of the Press Sec'y, Fact Sheet: The President's Identity Theft Task Force (May 10, 2006), available at http://www.whitehouse.gov/news/releases/2006/05/20060510-6.html. \10\ Fed. Trade Comm'n, Consumer Fraud and Identity Theft Compliant Data: January-December 2006 (Feb. 7, 2007), available at http:// www.consumer.gov/sentinel/pubs/Top10Fraud2006.pdf. --------------------------------------------------------------------------- EPIC participated in the task force proceedings and provided extensive comments.\11\ We supported the Task Force's recommendation to reduce reliance on SSNs at all levels of government. We said: --------------------------------------------------------------------------- \11\ EPIC, Comments to the Federal Identity Theft Task Force, P065410 (Jan. 19, 2007), available at http://www.epic.org/privacy/ idtheft/EPIC_FTC_ID_Theft_Comments.pdf. --------------------------------------------------------------------------- Reducing use of SSNs and limiting the amount of data collected by government bodies is fundamental to maintaining the security of consumer data. This is an especially critical limitation upon the public sector, since government has the power to compel individuals to disclose personally identifiable information. The personal data collected by government entities should never be disseminated in public records or sold to the private sector. The Task Force should curtail the publicly available sources of the SSN, including the Social Security Death Register; bankruptcy filings and other court records; birth and death records; and records of other life events.\12\ --------------------------------------------------------------------------- \12\ Id. at 8. --------------------------------------------------------------------------- EPIC also pointed to the growing problem of the misuse of the SSN by businesses: The Task Force should also carefully investigate and analyze SSN use in the private sector, as there is evidence that private sector use of SSNs contributes substantially to the problem of identity theft. Restricting the sale, purchase and display of SSNs by private entities is a critical consideration in combating identity theft. The private sector must move away from using SSNs as identifiers, a goal which is feasible as demonstrated by Empire Blue Cross' transition from SSNs to alternative identification numbers for its 4.8 million customers.\13\ --------------------------------------------------------------------------- \13\ Id. at 8-9. --------------------------------------------------------------------------- The President's Task Force recognized the connection between the misuse of the Social Security number and the crime of identity theft but failed to propose adequate safeguards. According to the President's Identity Theft Task Force, ``the SSN is especially valuable to identity thieves, because often it is the key piece of information used in authenticating the identities of consumers.'' \14\ The SSN is also commonly used by the government and entities in the private sector to identify individuals. As the Task Force noted, ``SSNs--are widely used in our current marketplace to match consumers with their records (including their credit files) and as part of the authentication process.'' \15\ In short, SSNs function as both a username and a password--a single piece of information that both identifies an individual and authenticates that identification, a lock and a key rolled into one. Because of the way in which the SSN is used for identification and the prevalence of that use, much of your most sensitive information does not even have the same sort of rudimentary security as your email account. --------------------------------------------------------------------------- \14\ ID Theft Task Force Report at 23, supra note 8. \15\ Id. at 44. --------------------------------------------------------------------------- As noted by the Task Force, ``the SSN is a critical piece of information for the thief, and its wide availability increases the risk of identity theft.'' \16\ Despite the problems associated with using the SSN as an identifier, the Federal Government routinely uses SSNs in order to identify individuals within governmental programs. SSNs have been included as part of Medicare's Health Insurance Claim Number,\17\ and as part of a federal award identifier used by the USDA.\18\ --------------------------------------------------------------------------- \16\ Id. at 42. \17\ Id. \18\ Ellen Nakashima, U.S. Exposed Personal Data: Census Bureau Posted 63,000 Social Security Numbers Online, Wash. Post, Apr. 21, 2007, at A05, available at http://www.washingtonpost.com/wp-dyn/ content/article/2007/04/20/AR2007042002208.html. --------------------------------------------------------------------------- IV. Identity Theft as a Result of Social Security Number Misuse During the past fiscal year, the Department of Justice charged 507 defendants with aggravated identity theft. The DOJ highlighted a number of these prosecutions in a recent press release.\19\ A handful of the cases the DOJ put on display involved defendants misusing Social Security numbers for illegal purposes. --------------------------------------------------------------------------- \19\ Press Release, Dep't of Justice, Fact Sheet: The Department of Justice's Efforts to Combat Identity Theft (Apr. 23, 2007), available at http://www.usdoj.gov/opa/pr/2007/April/07_opa_278.html. --------------------------------------------------------------------------- In one of the cases, a woman was sentenced to 75 months imprisonment for defrauding FEMA in the wake of Hurricane Katrina.\20\ The defendant filed 28 fraudulent claims for disaster relief to FEMA using other people's Social Security numbers. After receiving money from FEMA, the defendant went out to buy real estate, a mobile home, vehicles, electronics, furnishings, and other goods and services. --------------------------------------------------------------------------- \20\ Id. --------------------------------------------------------------------------- In another case, six defendants victimized AOL subscribers with a ``phishing'' scheme.\21\ The defendants ``spammed'' thousands of AOL users with emails containing fake electronic greeting cards. When the subscribers tried to open the friendly greeting, they were instead met with a software trojan that prevented the users from accessing AOL without entering sensitive information including bank account, address, and Social Security numbers. The defendants used the stolen information to make counterfeit debit cards, which they swiped at ATM machines to get cash, and used at online and retail stores to buy goods and services. It appears that we've gone from ``Hello, you've got mail!'' to ``Hello, you got your identity stolen!'' --------------------------------------------------------------------------- \21\ Id. --------------------------------------------------------------------------- Another defendant was paid to fraudulently use Social Security numbers and other confidential info to get personal phone records of reporters and Hewlett-Packard officials, as well as their family members.\22\ This case is a clear example of ``pretexting'' or posing as somebody else to obtain sensitive calling records. And these are just the cases the DOJ chose to highlight. --------------------------------------------------------------------------- \22\ Id. --------------------------------------------------------------------------- There's also the case of 19 year-old Irving Escobar who bought stacks of $400 gift cards from Wal-Mart and cashed them in to buy electronics.\23\ Escobar went on lavish shopping sprees, charging as much as $112,000 in goods at gift stores. Escobar purchased, in total, an estimated $1 million in goods. Amy Osteryoung, assistant statewide prosecutor who handled the case for Florida Attorney General Bill McCollum referred to Escobar's actions as ``[m]odern day money laundering.'' \24\ Also, ``Investigators believe it is the boldest tangible evidence of criminals cashing in on hacked data from TJX--the nation's largest reported computer data breach, which TJX disclosed in January.'' \25\ TJX says it will pay for a credit-monitoring service to help avert identity theft for customers whose driver's license numbers were the same as their Social Security numbers and were believed stolen. For others, the damage has already been done. --------------------------------------------------------------------------- \23\ Jon Swartz and Byron Acohido, TJX data theft leads to money- laundering scam, USA Today, June 12, 2007, available at http:// www.usatoday.com/money/2007-06-11-tjx-data-theft_N.htm. \24\ Id. \25\ Id. --------------------------------------------------------------------------- V. Recent Social Security Number Breaches in the Federal Government The Social Security Administration's Office of Inspector General said that 16 percent of the 99,000 fraud cases it investigated in the one-year period ending Sept. 30, 2006 involved the misuse of Social Security numbers.\26\ Considering the following cases of breaches in Social Security number data storage, that number might be on the rise. --------------------------------------------------------------------------- \26\ Id. --------------------------------------------------------------------------- Recently, a woman named Marsha Bergmeier was bored and did an Internet search for her farm's name in Illinois.\27\ She discovered a link to fedspending.org, a Web site created by OMB Watch to monitor federal spending. While clicking around the site, a searchable database popped up for her, containing information about her farm loan amount under an Agriculture Department program. Not only that, she also discovered the list of 28,000 SSNs, including her own. Published right there for everybody with an Internet connection to see.\28\ The site had been up since 1996. And that's just the United States Department of Agriculture. --------------------------------------------------------------------------- \27\ Ellen Nakashima, U.S. Exposed Personal Data: Census Bureau Posted 63,000 Social Security Numbers Online, supra note 18. \28\ Id. --------------------------------------------------------------------------- The Department of Defense uses Social Security numbers for just about everything; \29\ from troop rosters to the dog tags dangling from soldiers' necks. Since 2006, data about almost 30 million active and retired service members has been stolen from four Veterans Affairs offices. That's approximately 30 percent of the 100 million total reported lost or stolen personal data in the United States.\30\ That's a lot. --------------------------------------------------------------------------- \29\ Byron Acohido and Jon Swartz, Military personnel prime targets for ID theft, USA Today, June 15, 2007, available at http:// www.usatoday.com/tech/news/computersecurity/infotheft/2007-06-14- military-id-thefts_N.htm?csp=34. \30\ Id. --------------------------------------------------------------------------- And that's a lot more than an active military service member needs to be dealing with. With increasing frequency, scam artists are setting their sights on military personnel. As USA Today reported, Marine Corporal Jacob Dissmore, 22, returned from Iraq in 2006 to learn that someone in San Diego had opened a credit card account, started a T- Shirt business and even purchased a house with Dissmore's money using his personal information.\31\ --------------------------------------------------------------------------- \31\ Id. --------------------------------------------------------------------------- A retired Navy chief petty officer that keeps meticulous financial records suspects the theft of laptops from the Veterans Affairs office is directly responsible for suspicious activity on his accounts.\32\ Earl Laurie Jr. takes care of his private info very well; he uses a P.O. Box, shreds his papers, and avoids online banking. Mr. Laurie never had a problem until right after the laptop was stolen when he started getting phone calls asking him to confirm strange credit card applications on his account. --------------------------------------------------------------------------- \32\ Id. --------------------------------------------------------------------------- And the American Red Cross has even had to issue warnings to military families. Identity thieves have stooped to the lowest level. The families of active military officers have reportedly been receiving phone calls from scammers pretending to be with the Red Cross delivering unfortunate news about a soldier stationed in Iraq.\33\ The scammers tell the families that their loved one is being airlifted to a hospital in Germany and will not receive medical treatment unless they offer up personal information immediately. One moment you'll think the Red Cross is helping you out, the next thing you know you're a victim. --------------------------------------------------------------------------- \33\ Jerry Carnes, Scammers Target Soldiers' Families, 11 Alive News, May 30, 2007, available at http://www.11alive.com/news/ article_news.aspx?storyid=97757. --------------------------------------------------------------------------- It doesn't stop there. Residents in every state of every member of this Subcommittee have experienced massive data breaches in the past year.\34\ --------------------------------------------------------------------------- \34\ Privacy Rights Clearinghouse, A Chronology of Breaches, http:/ /www.privacyrights.org/ar/ChronDataBreaches.htm. In Michigan, Congressman Levin, the details of a scientific study were lost on a small flash drive at the Michigan Department of Community Health in Detroit. The small flash drive contained the personal information and SSNs of 4,000 Michigan residents.\35\ --------------------------------------------------------------------------- \35\ Id. --------------------------------------------------------------------------- The Medicare drug benefit applications of 268 residents from Minnesota and North Dakota were recently stolen from an insurance agent's unlocked car. The applications contained applicants' name, address, date of birth, SSN, and bank routing information.\36\ --------------------------------------------------------------------------- \36\ Id. --------------------------------------------------------------------------- The Pennsylvania Department of Transportation's driver's license facility in Dunmore had computer equipment containing the Social Security of over 11,000 drivers. Also stolen were supplies used to create driver's licenses and photo IDs.\37\ --------------------------------------------------------------------------- \37\ Id. --------------------------------------------------------------------------- In February of last year, Congressman Davis, a computer was stolen at the University of Alabama-Birmingham, containing nearly 10,000 Social Security numbers and the personal information of potential kidney donors and recipients.\38\ --------------------------------------------------------------------------- \38\ Id. --------------------------------------------------------------------------- In California, it is difficult to figure out which data breach to highlight----there were just too many to pick just one. Last year, hackers gained access to a UCLA database containing the Social Security numbers and personal information for over 800,000 current and former students, applicants, parents, and staff members.\39\ --------------------------------------------------------------------------- \39\ Privacy Rights Clearinghouse, A Chronology of Breaches, supra note 35. --------------------------------------------------------------------------- And Texas. Everything is bigger in Texas, even the data breaches. Texas Guaranteed Student Loan Corp. announced last year that a total of 1.7 million people's information had been compromised.\40\ --------------------------------------------------------------------------- \40\ Id. --------------------------------------------------------------------------- Congresswoman Tubbs Jones, Ohio was in the news just last week when an intern's car was broken into, and somebody made off with the Social Security numbers of approximately 75,000 state employees.\41\ --------------------------------------------------------------------------- \41\ Id. --------------------------------------------------------------------------- State employees in Kentucky received mail last year from Kentucky Personnel Cabinet. The mail had their Social Security numbers visible from the see-through plastic windows in the envelope.\42\ --------------------------------------------------------------------------- \42\ Id. --------------------------------------------------------------------------- And, Congressman Ryan, documents containing the personal information of Wisconsin's state assembly members were recently stolen from a legislative employee's car while she exercised at a local gym.\43\ --------------------------------------------------------------------------- \43\ Id. Social Security numbers are being stolen in every state in this --------------------------------------------------------------------------- country. VI. Solutions to the use of SSNs in Identity Theft Although the Presidential Task Force on Identity Theft correctly identified many of the problems associated with SSN usage and identify theft, it failed to propose many of the obvious solutions. The Task Force noted that, as long as SSNs continue to be used as forms of authentication, thieves must be prevented from obtaining them, but it did not come up with any substantive improvement that could bring about that end.\44\ --------------------------------------------------------------------------- \44\ ID Theft Task Force Report at 23, supra note 8. --------------------------------------------------------------------------- The Task Force did note that unnecessary usage of SSNs in the public sector must be decreased \45\ and suggested that the ``[Office of Personnel Management] should take steps to eliminate, restrict, or conceal the use of SSNs (including assigning employee identification numbers where practicable), in calendar year 2007.'' \46\ Furthermore the Task Force suggested that ``[i]f necessary to implement this recommendation, Executive Order 9397, effective November 23, 1943, which requires federal agencies to use SSNs in `any system of permanent account numbers pertaining to individuals,' should be partially rescinded.'' \47\ Unfortunately, however, the Task Force did not propose that the SSN stop being used for purposes beyond its original intent. Instead, the Task Force conceded that ``[t]he use by federal agencies of SSNs for the purposes of employment and taxation, employment verification, and sharing of data for law enforcement purposes, however, is expressly authorized by statute and should continue to be permitted.'' \48\ --------------------------------------------------------------------------- \45\ Id. at 24. \46\ Id. \47\ Id. \48\ Id. --------------------------------------------------------------------------- Although the Task Force recommended that the Office of Personnel Management take a leading role in issuing policy guidance on appropriate use of SSNs \49\ and create a list of acceptable SSN practices in order to determine best practices,\50\ the Task Force did not lay out any basic framework for this policy guidance or any suggested best practices. Furthermore, although the Task Force suggested that a comprehensive record on the private sector use of SSNs should be developed,\51\ it failed to detail how the information comprising this record ought to be recorded or what legislative changes would be necessary to reduce the crime of identity theft. The absence of a legislative recommendation on this key point is significant; in many other areas of the report, the Department of Justice recommend legislative changes to expand its own investigative and prosecutorial authority. --------------------------------------------------------------------------- \49\ ID Theft Task Force Report at 26, supra note 8. \50\ Id. \51\ Id. --------------------------------------------------------------------------- The task force recognizes the dangers of Social Security numbers' dual role in identification and authentication, but it fails to recommend that the Social Security number's role in authenticating an identity be completely eliminated and its use in the private sector limited. Although the Task Force adequately highlights some of the problems associated with SSN usage, it fails to provide a meaningful starting point for the government to act to correct the problems and it does not recommend, as it ought to, that the private sector immediately cease use of SSN for authentication purposes. What else should be done? For starters, an effective law would limit the collection and the use of the SSN. It would be far preferable to reduce the crime of identity theft at its source than to create new enforcement authority for a problem that is clearly out of control. The use of the SSN should be limited to those circumstances that are explicitly authorized by law. For example, an employer should be permitted to ask an employee for an SSN for tax-reporting purposes (as long as the SSN remains the Taxpayer Identification Number), but a health club should not be permitted to ask a customer for an SSN as a condition of membership. Prevent companies from compelling consumers to disclose their SSN as a condition of service or sale unless there is a statutory basis for the request. Prohibit the sale and limit the display of the SSN by government agencies. It is simply inconsistent with Section 7 of the Privacy Act to allow the Federal Government to disseminate the SSN. Penalize the fraudulent use of another person's SSN but not the use of an SSN that is not associated with an actual individual. This would permit, for example, a person to provide a number such as the ``867-00-0909'' where there is no intent to commit fraud. (The number displayed could not be an actual SSN.) Encourage the continued development of alternative, less intrusive means of identification. We believe that the National Research Council should be funded to undertake further research on new techniques that enable records management while minimizing privacy risks.\52\ --------------------------------------------------------------------------- \52\ See also Nat'l Research Council, Who Goes There? Authentication Through the Lens of Privacy (Stephen Kent & Lynette Millett eds. 2003); Nat'l Research Council, Engaging Privacy and Information Technology in a Digital Age (James Waldo, Herbert S. Lin & Lynette Millett eds. 2007). It is also important not to preempt innovative state laws that reduce the risk of SSN misuse. Many states have enacted legislative protections for the SSN. They vary from comprehensive frameworks of protection for the SSN to highly-specific laws that shield the SSN from disclosure in specific contexts. For example, a 2005 Arizona law prohibits the disclosure of the SSN to the general public, the printing of the identifier on government and private-sector identification cards, and establishes technical protection requirements for online transmission of SSNs.\53\ The law also prohibits printing the SSN on materials mailed to residents of Arizona. Exceptions to protections are limited--companies that wish to continue to use the SSN must do so continuously, must disclose the use of the SSN annually to consumers, and must afford consumers a right to opt-out of continued employment of the SSN. --------------------------------------------------------------------------- \53\ Ariz. Rev. Stat. Sec. 44-1373. --------------------------------------------------------------------------- In 2004 Ohio law limits the collection of the SSN and its incorporation in licenses, permits, passes, or certificates issued by the state.\54\ The law requires the establishment of policies for safe destruction of documents containing the SSN. Insurance companies operating in the state must remove the SSN from consumers' identification cards. Finally, the legislation creates penalties for individuals who use others' personal information to injure or defraud another person. --------------------------------------------------------------------------- \54\ Available at http://www.state.co.us/gov_dir/leg_dir/olls/ sl2004a/sl_393.htm. --------------------------------------------------------------------------- In Georgia, businesses are now required to safely dispose of records that contain personal identifiers.\55\ The Georgia law requires that business records--including data stored on computer hard drives-- must be shredded or in the case of electronic records, completely wiped clean where they contain SSNs, driver's license numbers, dates of birth, medical information, account balances, or credit limit information. The Georgia law carries penalties up to $10,000. --------------------------------------------------------------------------- \55\ Available at http://www.epic.org/privacy/ssn/sb475.html. --------------------------------------------------------------------------- In the past year, Illinois has passed several laws to protect consumer privacy, including measures that address identity theft, limit the use of the Social Security number, require notification of security breaches, and allow state residents to put a security freeze on their credit report if they believe their personal information has been compromised.\56\ --------------------------------------------------------------------------- \56\ Press Release, Office of the Governor, Governor Blagojevich calls on Veterans Administration to provide immediate protection to veterans whose personal information was stolen (May 24, 06), available at http://www.illinois.gov/PressReleases/ ShowPressRelease.cfm?RecNum=4920&SubjectID=26. --------------------------------------------------------------------------- Six state legislatures, in the past two months, have passed laws going against a new federal ID requirement.\57\ The law would require 240 million Americans to get new licenses by 2013. The new identification cards would contain residents' SSN, home address, and that they are in the USA legally. Implementation of this new ID program would cost states more than $11 billion,\58\ according to the National Conference of State Legislatures. The Federal Government has estimated that REAL ID will cost $23.1 billion.\59\ Some state lawmakers have gone as far to call this federal effort an attempt to create a `` `papers-please' society.'' \60\ Without all 50 states complying, it's not really a National ID card. In the end states will have their way. --------------------------------------------------------------------------- \57\ Thomas Frank, 6 States defy law requiring ID cards, USA Today, June 18, 2007, available at http://www.usatoday.com/news/nation/2007- 06-18-id-cards_N.htm? loc=interstitialskip. \58\ Id.. \59\ Dep't of Homeland Sec., Notice of Proposed Rulemaking: Minimum Standards for Driver's Licenses and Identification Cards Acceptable by Federal Agencies for Official Purposes, 72 Fed. Reg. 10,819, 10,845 (Mar. 9, 2007), available at http://a257.g.akamaitech.net/7/257/2422/ 01jan20071800/edocket.access.gpo.gov/2007/07-1009.htm; see generally, EPIC, Page on National ID Cards and the REAL ID Act, http:// www.epic.org/privacy/id_cards/. \60\ Thomas Frank, 6 States defy law requiring ID cards, supra note 57. --------------------------------------------------------------------------- The innovative solutions that state legislatures are developing to address privacy concerns should be encouraged. The states are laboratories of democracy, and are moving effectively on emerging issues. A federal privacy baseline ensures safeguards in those states where they do not currently exist, and leaves states free to develop better protection. Even a sensible national law will become outdated as technology and business practices evolve. EPIC also favors technological innovation that enables the development of context-dependent identifiers. Such a decentralized approach to identification is consistent with our commonsense understanding of identification. If you're going to do banking, you should have a bank account number. If you're going to the library, you should have a library card number. If you're renting videos from a video rental store, you should have a video rental store card number. Utility bills, telephone bills, insurance, the list goes on. These context-dependent usernames and passwords enable authentication without the risk of a universal identification system. That way, if one number gets compromised, all of the numbers are not spoiled and identity thieves cannot access all of your accounts. All of your accounts can become compartmentalized, enhancing their security. We believe that this is also the approach favored by businesses and cutting-edge technology firms that think carefully about the issue, though it has taken us some work to make this clear. EPIC filed a complaint with the Federal Trade Commission in 2001 about Microsoft Passport, an identity scheme proposed for the Internet.\61\ Microsoft was signing up users for a service that produced a single username and password for all of their Web services, including credit card information and a vast user profile. Microsoft Passport stored user information in a central database. The problem was that while Microsoft Passport claimed to enhance security, it actually had a lot of holes. And, if you accidentally left your user profile up on a public computer terminal or a malicious hacker gained access to one of your accounts, they would have access to everything associated with your user profile. --------------------------------------------------------------------------- \61\ EPIC maintains an archive of information about Microsoft Passport at http://www.epic.org/privacy/consumer/microsoft/ passport.html. --------------------------------------------------------------------------- We urged the Federal Trade Commission to investigate, and the FTC eventually agreed with EPIC's position.\62\ Microsoft backed off Passport, developed an approach to identity management that allowed for multiple forms of online identification, and other companies, including open source developers, followed a similar approach.\63\ --------------------------------------------------------------------------- \62\ Fed. Trade Comm'n, Agreement, In Re Microsoft, FTC Docket No. C-4069 (Dec. 20, 2002). \63\ Kim Cameron, The Laws of Identity, Identity Weblog, Dec. 9, 2004, http://www.identityblog.com/stories/2004/12/09/thelaws.html; Windows CardSPace, http://cardspace.netfx3.com/; OpenCard, http:// www.opencard.org/. --------------------------------------------------------------------------- I believe there is now consensus in the online community about the need to avoid single identifiers and to promote multiple identification schemes, and that this approach is best not only for privacy but also for security. The critical question is whether Congress can make physical identity systems similarly robust. VII. The Social Security Number Protection Act, H.R. 948 H.R. 948, the Social Security number Protection Act of 2007, has passed before the Committee on Energy and Commerce and has been reported to the House. The purpose of H.R. 948 is to prohibit the display and purchase of Social Security numbers in interstate commerce pursuant to rules to be promulgated subsequent to the passage of the bill. Although we generally favor the bill, we believe it can be strengthened in several key areas. Most critically, there should be clear guidance to the FTC to limit the sale and purchase of Social Security numbers, there should be private right of action for individual citizens to ensure that the law is effective, and there should be no preemption of state law. Sections 3(a)(1) through (3)(a)(3) of H.R. 948 create a facially broad prohibition on the public display of Social Security numbers on the Internet, the requirement to use an individual's Social Security number as a password for access to any goods or services, and the display of Social Security cards on any membership or identity card. However, Section 3(c) grants the Federal Trade Commission open-ended authority to promulgate exceptions to the prohibitions contained within the bill. If exceptions concerning the display of Social Security numbers and requirement of their use as passwords are necessary, then they should be contained within the statute itself. Failing that, the authorization granted to the FTC should be narrowly tailored to areas in which exceptions are clearly needed. As currently formed, there is no way to know whether the exceptions will undermine the safeguards that are vitally important. Although the purpose of the bill is, in part, to prohibit the sale and purchase of Social Security numbers, Section 4(a) only authorizes the FTC to create regulations to this end. Section 4(b)(1) requires the FTC to issue regulations but it provides little meaningful guidance on baselines standards the FTC should adopt. Furthermore, although Section 4(b)(2) appears to offer the Commission some substantive guidance, its language actually defines the ceiling for the FTC's rules rather than the floor. While the dual purposes of providing assurance that Social Security numbers are not to be used to commit fraud and to prevent undue harm are laudable, these should be the minimum requirements the FTC must meet under the act and should not define the boundary of the Commission's authority to regulate. Also troubling are the laundry list of required exceptions contained within Section 4(b)(3). Not only are the exceptions contained in Sections 4(b)(3)(A) through 4(b)(3)(F) requirements of any future FTC regulation, but also Section 4(b)(3)(G) gives the FTC open ended authority to create further exceptions pursuant to the general considerations in Section 4(b)(2). Despite its strongly worded purpose, the bill lacks adequate limitation on the sale or purchase of Social Security numbers and, instead, devotes more space to explicitly authorizing uses of Social Security numbers that were not originally intended. Although it is laudable that the bill creates a right of action for states' attorneys general in Section 4(e)(2)(A), H.R. 948 fails to authorize a private right of action. Experience has shown that a private right of action is necessary in order to ensure vigorous enforcement of the law. While State and Federal Governments are often consumed with pursuing other issues and may be unable to pursue every indiscretion to the fullest extent of the law, individuals are always motivated to vindicate their own rights. The possibility of expansive litigation indicates the importance of this problem; it does not provide a reason to restrict an individual's ability to protect his identity. I should add further that EPIC has had significant success bringing privacy complaints to the Federal Trade Commission. In fact, it was our complaint regarding the practices of the data broker ChoicePoint that led to the largest fine in the Commission's history.\64\ Nonetheless, we would urge the Committee to include a private right of action, specifically where an individual or company misuses an SSN in violation of the Act. That will be critical to limit the problem of identity theft. --------------------------------------------------------------------------- \64\ EPIC, Past FTC Review of ChoicePoint Privacy Practices, http:/ /epic.org/privacy/ftc/google/#cpoint; see generally EPIC, ChoicePoint, http://www.epic.org/privacy/choicepoint/. --------------------------------------------------------------------------- Finally, while a national standard may appear attractive, preempting state law will be a mistake. The preemption of state law will mean simply that certain practices that contribute to the crime of identity theft that are currently and appropriately outlawed by the states will become legal if this bill passes in its current form. Experience in other areas has made clear that a federal baseline for privacy protection is the best way to both create a national standard and to preserve innovation in the states. VIII. Conclusion There is little dispute that identity theft is one of the greatest problems facing consumers in the United States today. There are many factors that have contributed to this crime, but there is no doubt that the misuse of the Social Security and the failure to establish privacy safeguards are key parts of the problem. The Congress should pass strong and effective legislation that will limit the use of the SSN, that will provide effective means of oversight, that will not limit the ability of the states to develop better safeguards, and that will encourage the development of more robust systems for identification that safeguard privacy and security. Thank you for your interest in this issue. I will be pleased to answer your questions. Chairman MCNULTY. Thank you very much, Mr. Rotenberg. Mr. Schwartz. STATEMENT OF GILBERT T. SCHWARTZ, PARTNER, SCHWARTZ & BALLEN, LLP, ON BEHALF OF THE FINANCIAL SERVICES COORDINATING COUNCIL Mr. SCHWARTZ. Mr. Chairman, Ranking Member Johnson, and Members of the Subcommittee, I am Gilbert Schwartz, and I am pleased to appear today before the Subcommittee to present the view of the Financial Services Coordinating Council on the important issue of protecting the privacy of the Social Security number from identity theft. FSCC is composed of the American Bankers' Association, American Council of Life Insurers, American Insurance Association, and the Securities Industry and Financial Markets Association. These organizations represent thousands of small and large banks, insurance companies and securities firms that provide financial services to virtually every household in the United States. As was mentioned by several witnesses today, Social Security numbers play an important and integral role in the daily operations of financial institutions. They are used to make sound credit decisions, for underwriting insurance, for reporting to Federal and state authorities and they are a central element in customer identification programs required by the U.S.A. Patriot Act. Most importantly, Social Security numbers are used by financial institutions to prevent and detect fraud, root out identity theft, and to identify and report transactions that may involve money laundering, as well as activities involving terrorist financing. The FSCC strongly supports efforts by the government and the private sector to protect Social Security numbers from being used to commit identity theft. However, in view of the important and essential role that they play in our financial system, legislation should avoid overly broad and unduly restrictive limitations on their use that could have unintended consequences. Banks, insurance companies and securities firms have robust systems to protect the security of financial transactions conducted by their customers and their personal information. Financial institutions have a long history of using Social Security numbers responsibly. It is important to underscore the fact that financial institutions do not sell or publicly display Social Security numbers to the general public. Congress addressed the issue of consumer privacy and security safeguards for financial institutions in the Gramm- Leach-Bliley Act. That Act provides comprehensive and rigorous protections for consumers non-public personal information, which includes Social Security numbers. However, the GLB Act and implementing regulations specifically permit financial institutions to use Social Security numbers for specified legitimate business functions. Federal regulators have also adopted guidance for depository institutions in the event of unauthorized access to consumer information. The guidance includes notification of customers if the institution determines that misuse of sensitive information has occurred or is reasonably possible so that they can take steps to protect themselves against possible identity theft. In 2003, Congress also enacted the FACT Act to help consumers remedy the effects of identity theft. The FSCC believes that the continuing efforts of the agencies to implement the FACT Act has had a positive effect on reducing incidents of identity theft and will continue to do so as more and more regulations are implemented by the agencies. In addition, many states have enacted legislation to protect sensitive customer information, such as Social Security numbers. This legislation provides strong protections for the use of personal information by financial institutions. We are concerned, however, that any Federal legislation could have unintended consequences if it restricts the ability of financial institutions to use Social Security numbers. It could disrupt the flow of credit and other financial services to consumers and hurt our ability to detect fraud and prevent identity theft. A prohibition on the sale and purchase of Social Security numbers could also affect securitization activities of financial institutions, as well as merger and acquisition activities because these numbers are embedded in the files that are required in connection with those securitization and mergers and activities. Many institutions also use public records in connection with antifraud activities, as well as to identify and detect identity theft. Limits on access to public record information could jeopardize financial institutions' ability to protect customers' assets and prevent illegal activities. Many institutions are deeply involved in providing information to the public about how to prevent from becoming a victim of identity theft and how to assist victims of identity theft. We strongly support these efforts by financial institutions as well as by the government. We also support, as I said, efforts by Congress to protect Social Security numbers in order to prevent identity theft. However, in view of the strong protections financial institutions have in place to protect this information and existing Federal and state laws applicable to the use and disclosure of customer information, the FSCC believes that there is no need for further restrictions on the ability of financial institutions to use and disclose Social Security numbers. Mr. Chairman, we appreciate the opportunity to appear before the Subcommittee today, and we will be glad to respond to any questions you may have. [The prepared statement of Mr. Schwartz follows:] Prepared Statement of Gilbert T. Schwartz, Partner, Schwartz & Ballen LLP, on behalf of the Financial Services Coordinating Council Introduction The Financial Services Coordinating Council (``FSCC'') is pleased to present this statement to the Subcommittee on Social Security in connection with its hearing on ``Protecting the Privacy of the Social Security number from Identity Theft.'' The FSCC is comprised of American Bankers Association, American Council of Life Insurers, American Insurance Association, and Securities Industry and Financial Markets Association. The FSCC represents thousands of large and small banks, insurance companies and securities firms in the United States. Together, these financial institutions provide financial services to virtually every household in the United States. How Financial Institutions Use Social Security Numbers Social Security numbers are unique personal identifiers. While originally created as a means of tracking earnings and determining eligibility for Social Security benefits, they have evolved well beyond their original purpose. SSNs are the most effective means of identifying individuals and matching people with personal data. They are the identifier of choice for both the public and private sector, and are used widely throughout the economy and the financial system. They are a window into the financial and personal history of virtually every consumer. When combined with certain other personal information, SSNs can be used to create false identities and financial mischief. That is why SSNs are often sought by identity thieves. The FSCC strongly supports proactive efforts by the government and the private sector to protect SSNs from the national problem of identity theft. However, it is also vitally important to our nation's financial system to avoid overly broad and unduly restrictive limitations on the use of SSNs that could have significant unintended consequences. SSNs play an integral role in the operations of every financial institution in our country. Financial institutions use SSNs in conjunction with other personal information to make sound credit decisions, for underwriting and other insurance functions, and for screening in connection with customer identification programs. Our nation's credit reporting system relies on SSNs to gather information to compile consumer credit files. This information is used by financial institutions to make credit available to customers and to provide other services to consumers. Most importantly, SSNs are used to prevent and detect fraud, root out identity theft and to identify and report transactions that may involve money laundering and activities involving terrorist financing. They are also used by financial institutions to comply with reporting requirements of federal and state tax and securities laws; to transfer assets and accounts to third parties; to comply with ``deadbeat spouse'' laws; to verify appropriate Department of Motor Vehicle records when underwriting auto insurance; to obtain medical information used in underwriting life, disability income, and long-term care insurance polices; to locate missing beneficiaries to pay insurance proceeds; to locate insurance policies for owners that have lost their policy numbers; and to facilitate myriad administrative functions. As you can see, SSNs play a critically important role in the daily functions of virtually every financial institution. The use of SSNs increases efficiency, reduces costs and makes it possible to offer innovative products and services that would not otherwise be available to consumers economically. Not only are SSNs critical to the smooth functioning of the financial system, they also serve as a means of detecting and preventing fraudulent transactions as well as combating identity theft. Any SSN legislation that may be considered must recognize the essential role that SSNs play in facilitating the delivery of financial products and services to consumers throughout the nation. Restrictions on the ability of financial institutions to use SSNs for everyday business purposes could have significant unintended consequences on their ability to serve consumers. Moreover, limitations on the use of SSNs by financial institutions may have the unintended effect of increasing fraud and identity theft and impede law enforcement programs designed to thwart money laundering and terrorist financing. How Financial Institutions Protect SSNs and Combat Identity Theft Financial institutions take the problem of identity theft very seriously. We have long recognized the importance of protecting our customers' personal information, including SSNs. Public confidence in financial institutions is based in large part on the recognition that banks, insurance companies and securities firms are trusted intermediaries that have established robust policies, procedures and systems to protect the security of their customers' transactions, financial assets and personal information. Financial institutions have a long history of using SSNs responsibly and in a manner that protects them from abuse. It is important to underscore that financial institutions do not sell or display SSNs to the general public. Congress formally addressed the issue of consumer privacy and financial institution security safeguards in 1999 when it enacted the Gramm-Leach-Bliley Act. The GLB Act was landmark legislation that expanded the ability of banks, insurers and securities firms to affiliate in order to provide more customers a full range of financial services more efficiently. The GLB Act requires all financial institutions throughout the nation to provide comprehensive, and rigorous protection of consumers' nonpublic personal information, including SSNs. The GLB Act establishes overarching Congressional policy that every financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of its customers' nonpublic personal information. Moreover, under the GLB Act, each customer has the ability to instruct his or her financial institution not to disclose the customer's personal information, including an SSN, to nonaffiliated third parties or to the general public. In recognition of the fact that financial institutions have legitimate reasons to request, use and disclose personal information such as SSNs, the GLB Act and regulations of the federal agencies and state authorities charged with implementing the Act permit financial institutions to use such information for legitimate business functions, such as to effect, administer or provide a transaction requested or authorized by the consumer or in connection with servicing a customer's account. These laws also permit financial institutions to disclose such information in order to prevent fraud or unauthorized transactions, as well as to comply with federal, state or local laws. Under the authority of the GLB Act, federal agencies require financial institutions to develop a written information security program that describes how they protect customer information. An institution must: Designate one or more employees to coordinate its information security program; Identify and assess the risks to customer information in each relevant area of the company's operation and evaluate the effectiveness of safeguards for controlling these risks; Design and implement a safeguards program, and monitor and test it on a regular basis; Select service providers that can maintain appropriate safeguards; and Evaluate and adjust the program in light of relevant circumstances and changes in the company's business. Financial institutions have established information systems that maintain and store sensitive consumer information in a safe and secure manner. These facilities are subject to periodic audit by internal and external auditors as well as by state and federal examiners. Federal regulators also have adopted guidance relating to procedures depository institutions are to follow in the event of unauthorized access to customer information. The guidance includes notification of customers if the institution determines that misuse of sensitive customer information has occurred or is reasonably possible. Notice to customers under these circumstances enables them to take steps to protect themselves against possible identity theft. Congress also enacted the Fair and Accurate Credit Transactions (``FACT'') Act of 2003 which contains provisions intended to help consumers remedy the effects of identity theft. Many of the FACT Act's provisions have been implemented by regulations and guidance issued by the federal agencies. The FSCC strongly believes that continuing efforts of the agencies to implement the FACT Act have had a positive effect on reducing incidents of identity theft. In addition to the numerous state insurance laws implementing the GLB Act requirements, thirty six states and the District of Columbia have enacted security breach legislation. States have also enacted legislation that prohibits specific uses of SSNs, including the public display of SSNs. The FSCC believes that existing federal and state laws and guidance provide strong protections for the use of personal information such as SSNs by financial institutions. Accordingly, the FSCC believes that there is no need for Congress to enact legislation restricting the use and disclosure of SSNs by financial institutions. Restrictions May Have Unintended Consequences The FSCC is concerned about unintended consequences of legislation that restricts the ability of financial institutions to use SSNs. Unintended consequences have the potential to disrupt the flow of financial services to consumers and to harm the smooth operation of the U.S. financial system. Such effects could have serious consequences for the nation's economy. Legislation could adversely affect the ability of financial institutions to use SSNs to verify the identities of consumers and customers. This could disrupt the flow of information creditors receive from credit bureaus and have adverse consequences for consumers seeking credit, insurance, securities and other financial services. It is essential that financial institutions obtain SSNs from consumers and disclose the SSNs to credit bureaus in order access their credit histories. If such access and use of SSNs is disrupted, the flow of credit, and other financial services will be undoubtedly be curtailed. Prohibitions or restrictions on the sale or use of SSNs could seriously impede the ability of financial institutions to provide seamless administrative services to customers. For example, insurers use SSNs to verify the identity of an individual who requests a change to his or her insurance policy, such as a change in beneficiary. If an insurer is unable to verify the identity of the person making the request, the potential for fraudulent transactions and identity theft will increase. Restrictions on the use and disclosure of SSNs could adversely affect the ability of financial institutions to detect fraud. Banks, insurance companies and securities firms rely on information they obtain from various sources to verify a consumer's identity. Financial institutions maintain sophisticated procedures, which are based upon SSNs as a means of identification, to accurately verify the identity of customers and to prevent and detect fraud or identity theft. A prohibition on the sale or purchase of SSNs could be interpreted as restricting activities such as the sale of assets among financial institutions. Financial institutions often sell assets such as credit card and vehicle loans in connection with their securitization activities. Merger and acquisition activities may also result in a transfer or sale of all of the institutions' accounts and policies. SSNs are necessarily included in account and policy files that are transferred in connection with these routine business transactions. Of necessity, legislation that addresses the sale and purchase of SSNs must exclude these and other similar legitimate transactions from the scope of its coverage. Restrictions on the ability to obtain SSNs could have an adverse effect on the ability of financial institutions to comply with anti- money laundering rules and anti-terrorism activities. Section 326 of the USA PATRIOT Act requires many financial institutions to obtain a taxpayer identification number, typically an SSN, before opening an account for an individual. The financial institution also must verify the identity of the individual. These measures are intended to prevent the ability of money launderers and terrorists to use financial institutions for illicit purposes. Limitations on the ability of financial institutions to use SSNs to verify the identity of customers could thwart their ability to prevent money laundering and financing of terrorist activities. Access to Public Records We understand that legislation may also address the use of SSNs that are available in public records. Many financial institutions use public records in connection with their anti-fraud activities as well as to prevent and detect identity theft. Public records facilitate the ability of financial institutions to verify consumer identities when opening accounts, issuing insurance policies and conducting various transactions. They also assist in verifying an employee's background. The ability to match SSNs ensures that the information included in these records matches the correct individual. Limits on access to public record information could jeopardize a financial institution's ability to protect its customer's assets and prevent illegal activities. Customer Education Financial institutions strongly support efforts to combat identity theft. Many institutions post extensive information on their websites, and distribute statement stuffers and brochures to inform consumers about steps they can take to prevent from becoming victims of identity theft. Financial institutions also maintain identity theft hotlines and participate in community outreach programs to spread the word about measures consumers can take to prevent identity theft. And financial institutions strongly support efforts by the federal agencies to educate consumers through various booklets, brochures and programs about preventing identity theft. Conclusion The FSCC strongly supports efforts by Congress to protect SSNs to prevent the national problem of identity theft. Under existing law, financial institutions have developed robust safeguards to protect the security of personal customer information such as SSNs. Financial institutions use SSNs in connection with normal business functions or to comply with critically important requirements established by Congress. In view of the strong protections currently in place, the FSCC believes that there is no need for further restrictions on the ability of financial institutions to use SSNs. Chairman MCNULTY. Thank you, Mr. Schwartz. I want to thank all of the Members of the panel for their patience and for their excellent testimony. Some of us are a little bit under the gun as far as other commitments are concerned but before I yield to my colleagues to inquire, I just want to say that what I have heard from this panel and what I have heard from previous panels just strengthens my belief that obviously there are legitimate uses for the Social Security number, there are a lot of illegitimate uses. I just happen to think that the vast majority of entities that ask individuals for their Social Security numbers have absolutely no need to have that information. I think part of the solution is education and doing what Nancy and I did when I related our own personal story about when we went to make a retail purchase, and we were giving them all kinds of information about us, then they asked for the Social Security number. They had absolutely no need to have it. I think more people need to do what we do, which was ``Just Say No.'' However, I think we need to go beyond that and to have some legislation that further defines what are the legitimate reasons for seeking to know someone's Social Security number so that more people do not suffer the fate of Charlie W. and the others who have had these horrible experiences, which have disrupted their lives for years. With that, I will yield to the Ranking Member, Mr. Johnson. Mr. JOHNSON. What was your question? Chairman MCNULTY. I think what I gave was my conclusion. [Laughter.] Mr. JOHNSON. I sense there is quite a difference between our people who testified out there and how you believe number use should be accomplished. It is interesting to me, we tried to get the military to stop using as a serial number the Social Security number, and they will not do it because it costs too much to change it all. So, having said that, in the financial industry, if we use private sources to verify a person's identification instead of going through the government let's say, what would it cost to do that? You would use the Social Security number, I assume? Mr. PRATT. Our Members make extensive use of the Social Security number for--I want to distinguish between, it was in the testimony, but between using the Social Security number to build a database to match information together, and I think the professor did a good job of explaining the difference between matching and building a database and authenticating, verifying the identity of the consumer. The SSN is used in part to build the database and you need consistency. Even a driver's license, for example, Mr. Chairman, if you move around the country, your number will change of course and not everybody moves, but we have at least 40 million consumers who are changing their addresses every year, so the SSN remains a good database matching tool, not perfect, and we use other matching elements of course to build the totality of the database. It is not unique to the Social. On the authentication side, I think one thing that is very important that has been said several times, if every one of the transactions shared here had involved proper authentication, there would not have been records of arrest and there would not have been public records and there would not have been a driver's license issued in that individual's name. Maybe at the core of this hearing, I think it runs parallel with the discussion of the Social Security number, is that you must authenticate properly and it does involve using many different types of tests. What you do online to authenticate an identity is different than what you would do if I was in person speaking with you as a loan officer and that would be yet again different if I was on the phone. Mr. JOHNSON. Well, focus for a minute on us having to have employer verification of legal residence, for example, can you do that? Mr. PRATT. Again, identity verification is a risk assessment. Mr. JOHNSON. That is what I mean. Mr. PRATT. I do not think there is any way in this country to perfectly identify a consumer unless we are going to carry around identifying document, which will create a whole host of other problems, by the way, if we are carrying everything with us. Mr. JOHNSON. We have got too many in our pocket now. Mr. PRATT. Yes, sir. I was asked just today to provide a copy of my Social Security card in a lending transaction. Mr. JOHNSON. You carry that around all the time, don't you? Mr. PRATT. I do not have it and could not find it. Mr. JOHNSON. Of course not. Mr. PRATT. In fact, I recall it is a kind of fuzzy blue card that I received. By the way, my Social Security number matches up with my sister's almost perfectly because at my age the family obtained all of them sequentially at the same time and so there are two S. Pratts, and when we graduated from college, we lived in the same address, and so there were two S. Pratts at the same address with one digit difference in our Social Security numbers. So I think that explains why identity verification will never be solely the Social. But, on the other hand, I think what Mr. Schwartz said is right, it is part of the tool box. For example, if we can identify in a fraud database that a SSN has been used in other fraudulent transactions, that is not going to stop the transaction, but the user, the authenticator, should take additional steps and say, ``I am sorry, we cannot push you through until we get to the point of knowing who you are, and we need to try to find a way to know who you are and we are going to ask you another question.'' Mr. JOHNSON. So, all you are saying is it is just another ID method? Mr. PRATT. It is part of the system but it is very important to database---- Mr. JOHNSON. But wants to get rid of them totally. Mr. PRATT. I do not see any way that you can pull the Social Security number out of a, for example, a credit reporting database because every other data element is going to change. So if you pull the one stable identifier out of that database, we are causing another kind of problem that will be dealt with another Committee and that is the problem of inaccurate data being used to stop transactions. Mr. JOHNSON. We are running out of time, but I would like to hear Dr. Anton's comment on that. Ms. ANTON. Thank you, Congressman. We found a study in The Journal of Public Health that showed that we can identify people very accurately in the Social Security death master index by simply with their first initial, last name, date of birth and/or the birthplace, and that is without the Social Security number. So, it is possible to identify. This is why I was trying to make a point about not using the Social Security number as an authenticator as well. Our names and addresses and phone numbers have been published in the phone book for over 55 years, probably more than that, and we were not struggling with identity theft at that time. Mr. JOHNSON. Well, the credit companies have to be more accurate than that, and I think it is just another source of identification for them. Is that true? Mr. PRATT. That is true. By the way, we have also done a death master file analysis where you can have more than 90 John Smith's with the last four digits of a Social Security number that match, so our challenge is in fact to use the Social in combination with an address, again 40 million of them changing every year, in combination with marriages and divorces where last names change. Candidly, our hit or miss ratio in the financial services space may be very different than in a retail space that does not have to deal with the Fair Credit Reporting Act or Gramm-Leach-Bliley Act or a USA Patriot Act, Section 326 obligation. Ms. ANTON. Not to be argumentative, but you do not need those four digits of the Social Security number to be able to accurately identify those people in a database. Mr. JOHNSON. Thank you. I am out of time. I appreciate your comments. Chairman MCNULTY. Ms. Tubbs Jones may inquire. Ms. TUBBS JONES. Thank you, Mr. Chairman. I want to get a ``shout out'' to an organization. In case you all do not know what a ``shout out'' is, that means you are saying something about somebody you know. It is done over the radio more often than not, it is a slang term that my son has taught me, he is 24. But I am going to get a ``shout out'' to Axiom from my congressional district, who is a Member of Mr. Pratt's organization. Thank you, Mr. Pratt, for your testimony. Let me also say to Mr. Gingerich I am a former common pleas judge out of Kyle County, Ohio, and I want to celebrate the great work that the Center for State Courts does because it is through the work that you do that we have continually improved the level of the judiciary in the United States of America. So, that is a ``shout out'' for the Center for State Courts. I am interested, I would love to be in a courtroom and let two or three of you all really debate this in-depth because it is very clear that there are differing opinions. Dr. Anton, so when I go to Macy's and I am getting ready to buy something and I do not have my credit card with me and they say, ``Okay, put your name in there,'' and then this little machine says, ``Put in your Social Security number,'' is that authentication? Ms. ANTON. Yes. Ms. TUBBS JONES. Okay, all right, just checking to see if I am on the same terms. But I should not have to do that? What should I have to do if I really want--no, I am kidding, what should be the way in which they would know who I am, what else should they be using, my birth date, not my mother's maiden name? Ms. ANTON. On every single one of my credit cards, I have not signed one of them, it always says, ``See ID.'' So, if someone steals my card, they have to see the picture on my driver's license to make sure that it is me. Ms. TUBBS JONES. I am with you, Dr. Anton, I do not sign my credit cards either. Ms. ANTON. That is how I authenticate. Ms. TUBBS JONES. Okay, all right. Mr. JOHNSON. But you should put on the back, ``Ask for ID.'' Ms. TUBBS JONES. I should write that on it? Mr. JOHNSON. Yes, you should. Ms. TUBBS JONES. Okay, I will remember that one. I have just about thrown them all out the door though. I really do not have a lot of questions, I am interested in spending some time reading your testimony and having a little more opportunity to address it, but I want to say on behalf of all the people that I represent, we need your input in trying to walk through this dilemma that we are in. We are in a true dilemma because, as Mr. Pratt and Mr. Gingerich said, the Social Security number has become such an integral part of whatever it is we are doing, that to yank it immediately would cause havoc. But, on the other hand, we really need to be doing something to prohibit its use. I thank you, Mr. Chairman, for the time. I know my friend, Mr. Ryan, down there really wants to talk, so I yield you my time. Mr. RYAN. Yes, sure, thank you. I appreciate it. Chairman MCNULTY. Thank you, Ms. Tubbs Jones. Mr. Ryan may inquire. Mr. RYAN. Well, I will just pick up where you left off then. I like making these conversations flow. Boy, this is a good hearing, Mr. Chairman, again another good one. Correct me if I am wrong, Dr. Anton, I liked your testimony, it was very interesting, it helped logically set this up. Using the cart in front of the horse or the horse in front of the cart analogy, we have to come up with authenticating system and then an identifier, right, so first authenticate, then operate through society by identifying, correct? If you cannot authenticate who you are, all the rest is academic. Ms. ANTON. In most transactions it seems that your first identified and then authenticated. Mr. RYAN. Right. Ms. ANTON. So, you do not use your name to authenticate yourself, and you should not use your Social Security number and you should not use your mother's maiden name. These are all weak authenticators. Mr. RYAN. Right. Ms. ANTON. That is the problem. Mr. RYAN. So, to prevent all these problems we have in society, whether it be terrorism, illegal immigration, identity theft, we have to have a better system for authenticating our identity? Ms. ANTON. Yes. Mr. RYAN. Okay, so now what we are trying to figure out, what should government do to do this? What is it that we can do to facilitate this, to make that happen in the 21st century? Then whatever we do, will it be obsolete in a couple of years, will we throw money down a hole with ID cards that are going to be obsolete, which we saw on the last panel, what path should we put ourselves on so that people can get their IDs--get themselves authenticated so that the system can work, what do you recommend? Mr. Rotenberg, I know that you have put a lot of work into that too, as well? Mr. ROTENBERG. Well, thank you, Mr. Ryan, I am going to put something on the table, which Professor Anton will understand, but it is going to sound a little confusing. It does answer your question, however. I think the long-term solution to this problem, and it is an enormous problem, is to separate authentication from identification. Mr. RYAN. Right. Mr. ROTENBERG. Let me give you an example of what I mean. A young person walks into a liquor store to purchase alcohol. There is one thing that the owner of that store needs to know in most states, is this person over the age of 21? To have a legal transaction in that context, there needs to be a way to authenticate the fact that person is over the age of 21. It turns out that his actual identity is irrelevant and in truth from a privacy perspective and a security perspective, it would be best if his identity was not disclosed because that information does not need to be made available. Mr. RYAN. Can I have my time now, Mr. Chairman? Chairman MCNULTY. Yes. Mr. ROTENBERG. As I said, and we have done a lot of work on this issue over the years, it comes up a lot, particularly in the Internet economy where you have people on Ebay, for example, relying on the reputation of others, whose actual identity is not known. But the reputation value of the pseudonym they use is extraordinarily useful. If someone's reputation is high, they will do business with them online. It does not matter who they actually are. I think we are going to need to get a handle on this problem. You see what has happened is that the Social Security number is actually at the opposite end of the ideal system. The Social Security number is both an identifier and authenticator and it fails completely. A good identity system actually separates these functions. You would agree with this, would you not? Ms. ANTON. Yes, absolutely. Mr. ROTENBERG. Yes. Mr. RYAN. Now, we have the two financial services and consumer data people, so we are going to have to figure out here as legislators what is the way to go, what is the happy median, where is it that you really do not need the Social Security number even though it may be convenient and easy to use, where do you really not need it? For instance, my bank, just a small community bank in Wisconsin, just sent out--I do my online banking and at first you needed to use your Social Security number as your password, as your ID and then you had your own password. They just sent out an email, if you want to get back on, no more, we are getting rid of this, you come up with your own ID and password and then that will from now on henceforth get you access to your bank accounts. So, it seems to me, just using that one little example, that financial services firms and other firms can, if they choose to do so, change this data that is required to ID and authenticate who you are. So, where is it that, and I know each of you are going to have a different answer to this question, where is it that you absolutely have to have the Social Security number and where is it that you would like to have it but you really do not need it? I would just like to ask the four of you who are involved in this your answer to that question? Mr. PRATT. I believe at the front-end of every transaction, when you are in the process of authenticating, and I think to that extent we agree, you must have a system of authentication, not the same as do you have a Social Security number. Using the Social Security number though as part of the complete set of data that is gathered at the point of the opening of the transaction is important because later you may close that account and open up another account and that bank may use a different authenticating system. Later you may close that account and open up a different account with a different authenticating system. Mr. RYAN. This presumes that you cannot really authenticate who you are, right? This presumes that there is no other better authenticating method, right? Mr. PRATT. Well, no, actually what it presumes is there is no silver bullet to authentication and paralleling authentication strategies will be criminals chasing down the strategy, trying to pull it apart and to defeat it. That will always happen, always has, always will. So, paralleling authentication will be the need to have a definitive identifier. I have authenticated you through a variety of means, which could include using data off your consumer report to say tell me about your mortgage, you can get this online, for example, with whom do you have a mortgage, and you can identify that. Approximately what is the payment you make per month, and you can authenticate that. By doing that, you actually end up closer to authenticating the identity of that consumer. But with the Social, no matter which financial institution you are doing business with, I will be able to say that account is going to go into this record in the Credit Bureau database. The irony of what we have heard with some of the testimony is I was in a hearing a floor up and was being criticized, we were being criticized where a data match might use just an initial, so one of the challenges is I have other Committees with other opinions in other contexts, such as the Fair Credit Reporting Act, where if we do not use full and complete identifying data, I have excerpts from Federal Trade Commission reports on data matching. Mr. RYAN. I want to hear these other folks. Mr. PRATT. So, I just want you to know that it is--you need data to match and build accuracy and you need authentication strategies to authenticate. Mr. RYAN. Dr. Anton, Mr. Rotenberg, Mr. Schwartz. Ms. ANTON. I would just like to note that if we published everyone's Social Security numbers in the phone book along with their name and telephone number but never used it as an authenticator, we could eliminate some identity theft in this country. Mr. ROTENBERG. I think that would be a risky strategy. [Laughter.] Mr. ROTENBERG. Until everybody got on board with that plan but food for thought. I do think we need to move away from the Social Security number as an identifier. As I described in my testimony, Congress understood this problem. They saw what was happening. What preceded the Privacy Act was a very good detailed report that said the SSN is going to become a universal identifier if we do not put some brakes on it, and we are living with the consequences. It is not cost-free for the financial services to be using the SSN. It is the number one complaint that consumers have to the FTC and the cost is over $50 billion. Mr. SCHWARTZ. Mr. Ryan, I would say that it would be very difficult for the financial services industry to move away from Social Security numbers. First, obviously, for tax reporting purposes, the Social Security number is required. Under the USA Patriot Act, one of the requirements of a customer identification program is to get a Social Security number to make certain that that person is a legitimate person, that a Social Security number has been legitimately issued. I agree that the authentication--and that is the reason why your bank has moved away from that--the authentication issue is an important one and because of the proliferation of Social Security numbers and the availability of them, many financial institutions are now requiring other types of vehicles for getting access to your account. Mr. RYAN. So, you might need it to open up the account to begin with, but you do not need it to proceed thereafter as an identifier? Mr. SCHWARTZ. Well, sometimes, too, for example, if you call and you wanted to find out what your balance is in your account or to find out if a check has been paid or to transfer funds, there are many Mr. Ryan's in this world who are dealing with banks, and you do not remember your account number, for example, I have no idea what my account number is, but that would be one element that you would be asked for, your Social Security number, and that---- Mr. RYAN. But it could be something else other than the Social Security number? Mr. SCHWARTZ. Well, what are you going to use, the bank would not know what your account number is because you do not know what your account number is, so that is at least one way of getting the first level of information. Then they will ask you, for example, what has been a recent transaction or give me your address, your date of birth, there are other identifiers. Mr. RYAN. All these other things. Mr. SCHWARTZ. You do not know your date of birth? Mr. RYAN. No, I said you could use all these other things other than the Social Security number. Mr. SCHWARTZ. They are, they are. If you call a bank, they will not give you--most institutions will not give you access to your account simply by giving your name and your Social Security number, there will be other questions that they will ask you to verify that you are who you say you are. Mr. RYAN. The challenge for the industry is going to be, it may be easy, it may be the path of least resistance to use the SSN, but clearly not necessary. Maybe to open up an account, maybe for taxes but not necessarily as an identifier or as an authenticator, I guess I am using these words correctly. You could move forward with other pieces of information that people could navigate to use as identifiers and authenticators prospectively once an account is opened, could you not? Mr. SCHWARTZ. I think it would be very difficult in many industries to do that. For example, if you have many accounts at a bank and have many different numbers, one thing that ties them all together is your Social Security number so that, for example, if you call and say, ``How much do I have in my checking account, when is my CD going to be maturing, what is the balance on my credit card?'' If you do not know the numbers on those accounts and you cannot give them to the person that you are talking to. Your Social Security number is a way in which the central information files of many institutions tie all these accounts together. Mr. RYAN. That is just the way the programs are running right now. Mr. SCHWARTZ. Excuse me? Mr. RYAN. It is the way the programs are running right now. Mr. SCHWARTZ. But then for each institution, you would have separate identification numbers and then we would have the same problem we have now, every time you go online, who can remember what your passwords are? Most people are now using of course their birth dates because it is easier to remember. Mr. RYAN. I know I am being liberal with the time, but I can see you are shaking ahead a thousand times, Dr. Anton. Ms. ANTON. In my written testimony, I would just like to point out that I talk about the dangers of using Social Security numbers as primary keys in a database and that that is another problem area, and so I just encourage your staff to look at that. Mr. RYAN. Thank you. Chairman MCNULTY. Thank you very much, Mr. Ryan. If there are no further inquiries, I want to thank our staff for the tremendous work they did in preparing the Members for this hearing. I want to thank all of the witnesses, all of the guests who have been so patient for the past three hours. I especially want to thank Senator Schumer, Congressman Barton and Congressman Markey for leaving other markups to come here today and to testify. When Senator Schumer was here, he was talking about old phrases and sayings that people might not relate to, let me use one more, it seems to me that there are legitimate reasons why in certain cases people should reveal their Social Security number. They, in my opinion, are finite in number. The old phrase I am going to use is that it seems to me today that ``every Tom, Dick and Harry'' is asking people across the country to reveal what their Social Security number is. We heard many individual instances today that people went through. Mr. Barton related the story about purchasing a cell phone and being asked for his Social Security number. Ms. Tubbs Jones had one and I mentioned the time Nancy and I were going out to buy an appliance. Now, think for a moment about the information, which we gave to this retailer. We gave them our names, our address, our zip code, our home telephone number, a picture identification card, and our driver's license number to buy a refrigerator. This must stop. After we did that, the clerk, who recognized me, asked me for my Social Security number, and I said, ``No.'' Before I said ``no,'' I said, ``I do not think you should be asking me for that information. Why are you asking me that information?'' She said, ``We ask everybody.'' I said, ``No, I am not going to do that.'' I said, ``Check with your supervisor.'' She went and checked with her supervisor and came back and said, ``No, we do not really need to have that.'' So I just hope that reason can prevail as we go forward. I hope two things as a result of today's hearing as we move on. Number one is that before we get to any legislative fixes at all, that people within the sound of my voice will be a bit more careful about giving out this very sensitive information and doing basically what Mr. O'Carroll suggested, that unless you really know there is a legitimate reason why that person has to have that information, ``Just say no.'' The second thing we need to do, beyond that, is just because it has proliferated to the point where it is really quite a crisis and has really destroyed some lives, we need to take some legislative action to restrict the ability of some folks to be asking for this very sensitive information. We are going to move forward on that. I thanked the folks before who have been working on this issue for years but, in my opinion, the time for talk has ended and the time for action is now, and we intend to move forward. Again, I want to thank all of you for your expert testimony, for spending so much time with us today. This hearing is concluded. [Whereupon, at 12:50 p.m., the hearing was adjourned.] [Submissions for the Record follow:] LexisNexis, Letter LexisNexis Reed Business July 3, 2007 The Honorable Michael R. McNulty, Chairman Subcommittee on Social Security Committee on Ways and Means 1102 Longworth House Office Building Washington, DC 20515 Dear Chairman McNulty: Reed Elsevier Inc., on behalf of its LexisNexis division, appreciates the opportunity to submit comments for the record on Social Security number (SSN) privacy. We would like to commend the Subcommittee for its leadership on this important issue over the years, and hope that our experience in this area will be useful as you develop legislation regarding SSNs and identity theft. Reed Elsevier is one of the world's leading publishing and information companies, employing more than 20,000 people in the United States. LexisNexis leads the information industry with the largest online information service, providing critical information to legal, business, and government professionals. Products and services provided by LexisNexis help businesses and government manage risk through fraud detection and prevention, identity authentication, and intelligent risk scoring and modeling. LexisNexis' identity authentication products help detect and prevent identity theft and fraud by allowing financial institutions, insurance companies, government agencies, and others to determine whether people are who they say they are. In addition, LexisNexis provides products and services that are used to help professionals locate people and assets, support national security initiatives, and facilitate background checks on prospective employees. LexisNexis staff includes subject matter experts in identity theft, identity management, and identity authentication. One of the distinguishing aspects of the LexisNexis service is our extensive collection of public records information. Use of our public records information is an indispensable tool for gathering information and providing accurate answers to prevent and detect fraud, verify identities, locate individuals, perform due diligence searches, and provide risk management solutions and employment screening for businesses and governments worldwide. The overwhelming majority of the information sources on the LexisNexis service are public in nature, all of which are available to the general public through their public libraries, the local newsstand or bookstore, or from government offices. Many of these public records contain SSNs, which we use for indexing, matching and verifying data to help ensure the accuracy of the information in our databases. LexisNexis is committed to the responsible use of information and has been at the forefront of the privacy debate, leading industry efforts to balance consumer privacy interests with responsible uses of information for important and socially beneficial purposes. We recognize that key to the SSN issue is striking the appropriate balance between protecting consumer privacy and ensuring that important uses of this information can continue. We share the Subcommittee's concern about the potential misuse of data for identity theft and other harmful purposes. Indeed, in the fight against identity theft, where verifying an individual's identity is crucial, information from commercial databases such as LexisNexis is absolutely essential. Due in large part to the efforts of members of the Subcommittee and the important record built through hearings it has held, there has been increased recognition of the importance of striking a proper balance between protecting privacy and ensuring continued access to SSNs by business and government for important and socially beneficial uses. There have been other legislative proposals before this committeeand other committees to restrict SSNsin a way that would limit many of the critical and societally beneficial uses of SSNs. Ironically, such restrictions would actually inhibit many of the tools critical to fighting identity theft and fraud. We urge the committee to ensure that such uses are not restricted as it considers legislation in this area. We appreciate the opportunity to provide you with the following comments that we hope will be useful to the Subcommittee as it considers legislative options. Our comments below focus on the following two main areas: First, we will highlight the many important business-to-business and business-to-government uses of SSNs. Second, we will discuss several important issues that should be considered in developing any legislation in this area. I. Important and Beneficial Uses of SSNs by Business and Government Government agencies, businesses, researchers, and others rely on information contained in commercial databases to do their jobs. Commercial database companies like LexisNexis play a vital role in this effort by collecting information from numerous sources and creating comprehensive data collections that allow users to easily search and locate information. Without this critical public records information, the effectiveness of these government agencies, businesses, and researchers would be dramatically reduced. The use of SSNs is essential for person identification and record matching purposes and is critical in ensuring the accuracy of the information in these databases. SSNs allow persons to be identified accurately and ensure that records for different individuals do not get co-mingled, providing a false result. There are more than 43,000 Robert Jones' in the U.S. today. How else can someone distinguish one from another? A unique identifying number like the SSN is important to ensure that information collected about individuals is pertinent and accurate. The following examples describe some of the important ways in which commercial database services, such as LexisNexis, are used by our customers to help people, protect consumers, locate missing children, prevent fraud, and assist law enforcement efforts: Locating sex offenders--SSNs are used to locate registered and unregistered sex offenders. There are more than 560,000 sex offenders in the U.S. Approximately 24 percent of these individuals fail to comply with address registration requirements mandated by law. LexisNexis provides products to law enforcement entities to help them locate registered and unregistered sex offenders. Use of SSNs for record matching and retrieval allows law enforcement to locate sex offenders even when the registration address has not been kept current. Preventing and investigating terrorist activities-- The use of commercial databases like LexisNexis is an important tool in the global battle against terrorism. Information provided by LexisNexis was instrumental in locating suspects wanted in connection with the September 11 terrorist attacks. Since September 11, the Department of Justice found that LexisNexis public records were mission critical in bolstering cases against terrorists. As a result, agents, investigators, attorneys, and analysts have full access to LexisNexis public records and other information. The SSNs contained in the LexisNexis database are a critical tool used by the FBI and other federal law enforcement agencies to locate suspects and witnesses and in investigating and building cases against suspected terrorists. Locating and recovering missing, abducted and exploited children--LexisNexis has partnered with the National Center for Missing and Exploited Children to help that organization locate missing and abducted children. Locating a missing child within the first 48 hours is critical; after that time, the chance of recovering the child drops dramatically. In many of these cases, it is the non-custodial parent who has taken the child. The use of SSNs is critical in quickly locating the non-custodial parent and recovering the missing child. Identifying and preventing fraud--Banks and other financial institutions routinely rely on SSNs to accurately match and retrieve public record information contained in LexisNexis' databases to detect fraudulent credit card applications. Through the use of LexisNexis, credit card companies have significantly reduced losses due to fraud. Insurance companies have experienced similar successes through the ability to use SSNs in data matching and retrieval. The use of SSNs in public records and other sources is key to preventing fraud. Locating witnesses and helping make arrests--Lawyers are major users of person locator databases. Use of SSN information in these databases, even when it is not displayed, is critical to tracking down witnesses in connection with civil litigation. Law enforcement agencies also are major users of commercial databases. For example, in 1998, the FBI made over 53,000 inquiries to commercial online databases. This information led to the arrests of 393 fugitives and the location of nearly 2,000 suspects and more than 3,000 witnesses.\1\ --------------------------------------------------------------------------- \1\ Statement of Louis J. Freeh, Director, Federal Bureau of Investigation, before the U.S. Senate Committee on Appropriations Subcommittee for the Departments of Commerce, Justice, State and the Judiciary and Related Agencies, March 24, 1999. --------------------------------------------------------------------------- Preventing and investigating financial crime-- LexisNexis provides information to the Financial Crimes Enforcement Network (FinCEN), which supports federal, state and local law enforcement agencies in financial investigations and is heavily reliant on SSNs in these investigations. In addition, LexisNexis worked with the American Bankers Association to develop best practices to be used by banks and other financial institutions to prevent money laundering and ensure compliance with the USA PATRIOT Act. The use of SSNs by financial institutions to verify and validate information about prospective customers is critical to the success of that program. Recovery of child support and other debts--Public and private agencies rely on SSNs and other information contained in information solutions and services products to locate persons who are delinquent in child support payments, other lawful debts, and to locate and attach assets in satisfying court-ordered judgments. The Association for Children for Enforcement of Support (ACES), a private child support recovery organization, has stated that SSNs are the most important tool for locating parents who have failed to pay child support. ACES has had tremendous success using LexisNexis products to locate nonpaying parents. Helping locate pension fund beneficiaries--The task of locating former employees is becoming increasingly difficult. Americans move on average every five years, particularly when they change jobs. Their names may change as a result of marriage or they may list slightly different names (e.g., leaving out a middle initial) on employment documents. To ensure that pension fund beneficiaries receive the money owed them, plan administrators and sponsors are required by federal law to use a commercial locator service, such as LexisNexis, to search for missing pension beneficiaries. These services are by far the most cost-effective and efficient way to find these former workers. Pension Benefit Information, a leading service locating these workers, reports that searching with a retiree's SSN results in an 85-90 percent success rate in locating an individual, compared to a success rate of only 8 percent without use of this information. Loss of SSNs from public records and commercial locator services would dramatically increase the costs of locating former employees. Moreover, in many cases, employers would be unable to find former employees, resulting in a loss of pension benefits to the individual. II. Important Issues To Be Considered in Developing Legislation We applaud members of the Subcommittee for recognizing legitimate business and government uses of SSNs, and we will continue to work with the Subcommittee to help ensure that any legislation accomplishes its important objective of preventing the misuse of SSNs, while ensuring the continued use of SSNs for legitimate business and government uses. There are several important issues that should be considered by the Subcommittee in developing any legislation in this area. Our specific comments are focused in the following four areas: A. Business-to-Business and Business-to-Government Exemptions It is critical that any legislation restricting access, use or display of SSNs contain exceptions for important business-to-business (B-to-B) and business-to-government (B-to-G) uses. Among the exemptions needed are those that would preserve uses permitted under the Gramm- Leach-Bliley Act (GLBA) and the Fair Credit Reporting Act (FCRA). It is critical to ensure the continued use of SSNs consistent with GLBA for identity authentication and verification to assist in fraud detection, prevention, and investigation efforts, to perform an array of background checks, and to effectuate and enforce transactions requested by the consumer. Similarly, an exception should be included to ensure the continued use of SSNs for the permissible purposes under the FCRA. Moreover, it will be important to ensure that any legislation clarifies the scope of exemptions for law enforcement or national security purposes to ensure that information service providers, such as LexisNexis, can continue to access and acquire this information to be able to provide information tools to its law enforcement customers, as well as to users who, although not government officials, undertake law enforcement activities. Groups with which LexisNexis works, such as the National Center for Missing and Exploited Children, would be severely hampered if they could no longer access databases containing SSNs to do their jobs. If the law enforcement/national security exemption included in legislation is too narrowly crafted to only include government law enforcement agencies, many of the important law enforcement and national security applications performed by non-governmental entities will be excluded. Finally, exceptions should be included for locating individuals, pension fund beneficiaries, missing heirs, and individuals delinquent in the payment of child support or other debts. B. Public Records The issue of SSNs in public records is highly complex, and legislation in this area will have far-reaching implications. As explained above, public records are an important source of information used by LexisNexis in compiling data for our online service. We routinely use SSNs in public records to accurately match records from disparate data sources and to enhance the accuracy of record retrieval. In addition, our clients, including financial institutions, insurance companies, government agencies and others routinely rely on our public record databases containing SSNs for identity verification and validation purposes, to identify, prevent, and investigate identity theft and fraud and for other important purposes. When we refer to public records, we mean government records that typically and historically have been made available to the public. Examples of public records include titles to real property, real property tax assessor records, bankruptcy records, judgments, liens, state professional licenses (and their suspension and revocation), corporation filings, and death records. This information traditionally has been available to members of the general public upon request. As the General Accounting Office confirms in its June 2007 Report to Congressional Requesters on Social Security numbers, redacting SSNs from public records would be a difficult and challenging process.\2\ The summary of results reports that removal or truncation of SSNs in all public records may be ``costly and may not fully protect SSNs.'' For example, the report states that it cost Palm Beach County more than $2 million to complete software and manual removal of SSNs and other identifiers in approximately 40 million pages of records (Report at 25). In small cities or towns that do not have the resources to remove or truncate SSNs in public records, many may choose to simply cut off access to these records. --------------------------------------------------------------------------- \2\ See GAO Report 07-752 on Social Security Numbers (June 2007) (``Report''). --------------------------------------------------------------------------- Public records are a unique class of information that historically has been made available for public inspection. Therefore, we are concerned about any limits on the dissemination of this information. Any legislation being considered should provide an exception for an SSN that is incidental to the sale or provision of a document lawfully obtained from the Federal Government or state or local government made available to the general public, or from a document that has been made available to the general public via widely distributed media. This is the approach taken in S. 1208 and S. 1178. C. Rulemaking The proposed rulemaking provisions in some of the proposals being considered provide only limited guidance and wide discretion that could result in excessively restricted access to SSNs. Legislation should clearly delineate the restrictions on the sale and purchase of SSNs and provide a complete list of exceptions. To the extent that any rulemaking language is included, any discretionary authority should be limited, and the factors to be considered in promulgating the regulations limited to those specific factors necessary to balance restrictions on use and continued use of SSNs by legitimate businesses. D. Preemption Given the uniquely federal nature of SSNs and their importance to businesses engaged in interstate commerce, legislation regulating the use of SSNs should preempt state laws. It is important that a single, national law governing the sale, purchase, and display of SSNs be applied consistently on a nationwide basis. LexisNexis is committed to the responsible acquisition and use of SSNs and other personally identifiable information. LexisNexis shares the Subcommittee's concern about the potential misuse of this information for identity theft and other harmful purposes. Nevertheless, as many of the Subcommittee members and witnesses recognized during the June 21 hearing, legitimate uses of SSN information are absolutely essential in the fight against identity theft and fraud and other important uses. Congress should not take any steps that would jeopardize the usefulness of such services.We thank the Subcommittee for having held this hearing on these important issues, and look forward to working with the members of the Subcommittee and others to develop an appropriate solution. We appreciate the opportunity to submit comments and hope that our comments will help the Subcommittee as it considers these issues and develops legislation. If you have any questions, please call me at 202/ 857-8253 or Steve Emmert of my staff at 202/857-8254. Sincerely, Steven M. Manzo Vice President, Government Affairs Bruce Hulme, Legislative Director, National Council of Investigation and Security Services, statement Thank you for the opportunity to provide testimony on protecting the privacy of the Social Security number from identity theft. I am Bruce Hulme, Legislative Director of The National Council of Investigation & Security Services (NCISS) which represents professional private investigators and security officers across the nation. Our members agree that personal data, including Social Security numbers (SSNs), should not be readily disseminated and available to anyone with an Internet connection and a few dollars. We support efforts to limit the sale of the SSN except where there is a legitimate need for it. NCISS supports prohibitions on the display of Social Security numbers on checks, drivers' licenses and employee ID badges. These provisions were in legislation previously considered by the Ways and Means Committee. We support the prohibition of the sale of personal data over the Internet to the general public. Such a prohibition, along with limitations on the use of the number on the documents cited above, would solve many of the issues related to identity theft. It is critical, however, that care be taken to provide clear exceptions for purposes that serve the public good. The exceptions in Section 3, as reported by the Energy and Commerce Committee, are insufficient and would result in unintended consequences. Financial institutions, schools, state and local governments and others have used the SSN as an identifier because it is uniquely attached to an individual. Private investigators have utilized the SSN for the same reason. It is the best way to assure that the John Smith we're attempting to locate is the correct John Smith, and not one of 50,000 others. There are many John Smiths sharing the same birthday and living in the same town. Often the Social Security number is the only way to distinguish people sharing a name and other identifiers. Section 3 of HR 948 would deny private investigators access to this unique identifier by making it unlawful to sell or purchase the number. This will affect the accuracy of databases we access to locate the right John Smith. The SSN is also critically important for identifying women who often change surnames through marriage and divorce. The SSN does not change and allows us to locate these otherwise difficult to find witnesses. In California, database searches led directly to witnesses who recanted testimony and helped free a man wrongly imprisoned for twenty years. Without the ability to use the database, it is unlikely these witnesses would have been located. Due Process Issues The exceptions listed in Section 3(b)(3) include one for law enforcement. The absence of an exception for private investigators denies a critical tool to persons accused of crime. This is particularly important for indigent defendants because of the small expense budgets available to public defenders and appointed counsels. They need a cost effective way to locate witnesses. They don't have the resources of the state. The lack of such an exception provides an obvious due process issue where the police have access to a database not available to defendants. Civil Trials These disparities can exist in civil cases as well. An individual consumer considering a lawsuit against a major corporation will be disadvantaged if this inexpensive tool for locating witnesses is made unavailable. Some meritorious cases would likely never be brought. In both civil and criminal trials, justice is served best by all parties getting access to all possible witnesses. Access to a fair trial is a fundamental right of American citizens. Without the ability to identify and locate all witnesses, that right is threatened. Investigators do not have access to the central criminal history database that law enforcement officials do, so it is essential to have addresses when seeking information about prior convictions. With prior address data, investigators know which courthouse records to search. Without the address, we may not even know in which states to look. This information is important for more than pre-employment purposes. In both civil and criminal trials, attorneys need to know the backgrounds of witnesses and potential witnesses. In testimony before this Subcommittee last year, I described how I was able to solve a case in which a 97 year old New Yorker was robbed of hundreds of thousands of dollars by a caregiver who attempted to hide his ill-gotten gains with relatives in South Carolina. Had I not been able to use a database, I never would have known to look for records in that state in which the funds were used to purchase real estate and for other purposes. Fighting White Collar Crime It is no secret that law enforcement does not have all the resources it needs to fight white collar crime, including identity theft. That crime is difficult to solve and often involves multiple jurisdictions. Many victims turn to investigators for assistance. In some instances, when accessing databases investigators have discovered that the criminal is using multiple SSNs. Under HR 948, we would be denied that information, which can assist other victims besides our client. In one instance we cited in testimony last year, a private investigator solved a case that authorities would not investigate because the client's $80,000 in losses did not meet or exceed the law enforcement agency's minimum threshold to investigate. Using the SSN, the investigator discovered that a former employee had stolen the client's identity and had three aliases and at least three SSNs. The SSN is critical to investigators for conducting other fraud investigations as well. It can be particularly important for matters involving theft of intellectual property, ranging from copyrighted music and motion pictures to design of computer chips. These databases, using the SSN, have also been important for locating lost heirs and enforcing child support orders. Last year, the committee also heard from a witness about how critical the information can be for assisting in finding pension beneficiaries. We urge that a new exception be added to HR 948 in Section 3(b)(3): ``to identify or locate missing or abducted persons, witnesses, criminals and fugitives, persons suspected of fraud, persons who are or may become parties to litigation, parents delinquent in child support payments, organ and bone marrow donors, pension fund beneficiaries, missing heirs and persons material to due diligence inquiries.'' During consideration of S-1178, the Senate Committee on Commerce, Science and Transportation adopted an amendment including similar language. Such an exception would permit appropriate uses of databases. NCISS supports strong sanctions for anyone who would misuse this data. Our association stands ready to assist the Committee as it develops legislation to protect Social Security numbers. National Organization of Social Security Claimants' Representatives, Englewood Cliffs, New Jersey, statement I am the Executive Director of the National Organization of Social Security Claimants' Representatives (NOSSCR). Founded in 1979, NOSSCR is a professional association of attorneys and other advocates who represent individuals seeking Social Security disability and Supplemental Security Income (SSI) disability benefits. NOSSCR members represent these individuals with disabilities in proceedings at all SSA administrative levels, but primarily at the hearing level, and also in federal court. NOSSCR is a national organization with a current membership of nearly 3,900 members from the private and public sectors and is committed to the highest quality legal representation for claimants. As demonstrated by the testimony at the Subcommittee hearing on June 21, 2007, the impact of identity theft on individuals can be catastrophic. The cost of recovering from identity theft has the potential to be astronomical and it can take years to repair the damage. Given the repeated warnings from agencies, including the Social Security Administration (SSA), our Statement for the Record describes what we believe is an unnecessary requirement by SSA that attorneys and others who represent claimants repeatedly disclose their own Social Security numbers (SSNs). BACKGROUND The Internal Revenue Service has advised SSA that it must set up a procedure to issue Forms 1099-MISC to attorneys and eligible non- attorneys who receive direct payment of fees for representation from SSA. The IRS Forms 1099-MISC will first go out in January 2009, covering fee payments made in calendar year 2008. SSA plans to issue Forms 1099- MISC to all appointed claimants' representatives who receive payment of aggregate fees of $600 or more in a calendar year. Generally, the payment amounts will be reflected in Box 7 (Nonemployee compensation) on Form 1099-MISC. This includes representatives who are sole proprietors and those who have made the election to the IRS to be classified as a single-member Limited Liability Company (LLC) or single-member Limited Liability Partnership (LLP). In those situations where SSA is notified that the representative is an employee or partner, and the firm or other entity provides the necessary taxpayer information via this registration process, SSA will issue two Forms 1099-MISC: One Form 1099-MISC will be issued to the representative reflecting aggregate payments made to the representative in his or her capacity as an employee or partner in Box 14 (Gross Proceeds Paid to an Attorney). The other Form 1099-MISC will be issued to the firm or other entity reflecting aggregate payments made to its employees/partners in Box 7. The IRS has indicated to SSA that, while it performs a matching process for amounts reported in Box 7 of the Form 1099-MISC, it does not match against the amounts reported in Box 14. Box 14 might be termed ``nonactionable'' and is not used by the IRS to match with income reported on that individual's tax return. NOSSCR has urged SSA to work with the IRS to eliminate this ``nonactionable'' reporting, which seems to serve no purpose. THE REGISTRATION PROCESS Starting January 1, 2007, SSA will make direct payment (through fee withholding) only to those attorneys and eligible non-attorneys who have completed the registration process.\1\ As described below, there are three forms that must be filed. Two forms are filed one-time only. However, one form, SSA-1695, must be filed for every new client and it is this form that requires disclosure of the representative's own SSN. --------------------------------------------------------------------------- \1\ SSA provides an explanation of the new registration process at its website: http://www.ssa.gov/representation/ direct_payment_of_approval_fees_forms_1099.htm. --------------------------------------------------------------------------- STEP ONE: All attorneys and eligible non-attorneys who want to receive direct payment of fees must complete and submit Form SSA-1699, ``Request for Appointed Representative's Direct Payment Information.'' In addition, law firms, partnerships, corporations and multi-member LLCs/LLPs that have attorneys and/or non-attorney representatives as partners or employees who receive direct payment should provide tax ID information for that business entity, using Form SSA-1694, ``Request for Business Entity Taxpayer Information.'' Both of these forms, the SSA-1699 and SSA-1694, are submitted one time only. They also can be submitted online through a secure site. STEP TWO: In contrast, attorneys and eligible non-attorneys must submit the new Form SSA-1695, ``Identifying Information for Possible Direct Payment of Authorized Fees,'' in every case where they become the representative on or after January 1, 2007. This form is completed by the individual representative, not the firm, for each client. It must be filed in the SSA field office and in paper form only. Unlike the other two forms (which are submitted one time only), Form SSA-1695 cannot be filed online. The form requires not only the client's Social Security number (SSN), but also the representative's SSN. In addition, the firm's Employment Identification Number (EIN) must be included. The instructions which appear at the bottom of the form state, ``To SSA Staff: After the information on this form is entered into the appropriate system(s), immediately shred the form. Under no circumstances should this form be scanned, placed in a claims file or otherwise retained.'' Our main concerns with the new registration process relate to use of the Form SSA-1695. Attorneys and eligible non-attorneys are understandably uneasy about the prospect of their SSNs appearing on the SSA-1695s. We have contacted SSA about our concerns regarding confidentiality and the increased potential for identity theft and have recommended alternative ways to deal with the process. First, we believe that there is no reason to require the representative to include his or her SSN. In most cases, the law firm employing the attorney (as a solo practitioner, partner or associate) is the entity that is responsible for payment of income taxes on the fees received. And, the attorney is required to provide that law firm's EIN on the SSA-1695. Unlike the other two new forms in the new registration process (Forms SSA-1694 and SSA-1699), the SSA- 1695 cannot be completed online and only a paper copy can be submitted to the SSA field office. While SSA instructions state that district office workers must shred the forms after processing the information, we have received reports from some NOSSCR members that mistakes are being made and that, in some cases, these forms are appearing in claims folders. In our interactions with SSA, we have maintained that the form should require only the submission of the EIN for the firm that is liable for payment of the taxes. We also have proposed an alternate individual identifier, such as a PIN. CONCLUSION We believe that these repeated disclosures of a representative's SSN on Form SSA-1695 are unnecessary and, potentially, an invitation to identity theft. We are constantly bombarded with warnings from many sources, including SSA, about privacy concerns and protection of our SSNs. From attorney bar rosters to health insurance to state departments of motor vehicles, we are told not to maintain records according to SSNs and to use other identifiers. Because of concerns with possible SSN misuse, many NOSSCR members have now opted to sign up for credit protection service. Questions for SSA regarding this process include: Why must the SSN be submitted in every case, through an unsecure process, when in fact SSA already has this information from the secure one-time filing? If SSA must have this information on this particular form, why can't this information be submitted in a secure manner? How can SSA guarantee that the representatives' SSNs will not be subject to identity theft? Property Records Industry Association, Morrisville, North Carolina, statement As you most assuredly are aware, the hottest buzzwords of the millennium include ``Identity Theft'' and ``Personally Identifiable Information.'' Everyone is wrestling with what is the solution to the problem of protecting individual privacy rights while at the same time encouraging commerce and improving compliance with government regulations. When serious consideration is given to the various facets of this topic, it quickly becomes clear that there is no easy, ``one-size-fits- all'' solution. There are many factors to be considered. However, there is little disagreement that something needs to be done to counter the abuses that undermine faith in existing institutions. The Property Records Industry Association (PRIA) is a coalition of public and private participants of the property records industry, cooperating to formulate positions on issues of common interest. Among other objectives, the Association works to identify problems, opportunities and solutions that will make property records systems more efficient, effective and responsive to the public. The Association also works to identify areas of consensus within the industry, leading to recommendations for national standards pertaining to recordable documents. PRIA began seriously engaging the issue of social security numbers appearing in real estate documents in early 2003. As part of its Winter Conference in March 2003, PRIA hosted a ``Privacy/Access Roundtable'' in Washington DC. At the conclusion of the Roundtable, PRIA moved to establish a Privacy/Access Workgroup. The workgroup then initiated an email listserv discussion around a number of privacy-in-public-records topics. Those discussions led to various presentations and open forum sessions at PRIA conferences in 2003 and 2004. In July of 2004, PRIA was invited to testify before the House Ways and Means Committee Social Security Sub-Committee regarding HR 2971, the Social Security number Privacy and Identity Theft Prevention Act of 2003. Both PRIA Winter and Summer conferences in 2005, 2006 and 2007 include presentations and open forum discussions of this privacy and information security dynamic. PRIA wrote a White Paper in January of 2006 titled, ``Privacy and Public Records: Making Practical Policy'' and drafted Model Legislation called the ``Social Security number and Privacy Protection Act'' (SSNAPP Act) in July of 2006 (see Appendix A). Our focus is on the importance of social security numbers to the real estate and public record industry. Identity theft Before the turn of the last century, one would have to take a ride on horseback to the county seat to pull the original Deed books to find information about a parcel of real estate. This is the concept of ``practical obscurity'' of public records--personal information could be found in a public record, but there was little risk of harm to an individual because someone had to take the time to search the records at the recorder's office. Technology undeniably has had a significant impact on access to public records. Technological developments raise concerns about how much information is too much information and whether there should be global access to public records. It is a common misconception that easy access to public records has facilitated identity theft or land fraud. While posting documents that contain certain key information on the Internet, such as credit card numbers, social security numbers, and signatures, can provide a criminal with some of the information needed to commit identity fraud or theft, there is no evidence to support any claim that this is systematically being done to perpetuate identity theft crimes. There are many easier, and far more efficient, ways for identity thieves to obtain this information in today's world, as opposed to combing through public records and hoping to find something--a ``needle in the haystack'' approach. That being said, a proactive approach to apply greater discretion to what public land record information is disclosed online is a reasonable approach to discourage the use of public land records to perpetuate identity theft and fraud. An accommodation between information privacy and access is appropriate and necessary. It is important in any discussion involving the protection of social security numbers that legislators consider the full impact of these actions on their constituents as well as the industries that serve them. Public land records contain information critical to the economy of the United States because much of the information collected by the private sector comes from public records and that information is key to the proper function of the real estate industry. Both the public custodians and the private business sectors that use the public records to facilitate critical functions within the real estate transaction; i.e. listings, mortgages, title insurance, closings, escrows and others; need to be considered when deciding how best to protect social security numbers from identity theft. The Role of Public Records in Combating Identity Theft and Fraud It is important to understand that access to public records data is actually a very effective weapon in combating identity fraud and theft. Social security numbers compiled from public records (including court records) have proven to be the most reliable tool in verifying an individual's identity, which helps prevent the rapid increase in identity fraud victims. Commercial databases compiled using public records for identity authentication are routinely used to detect fraud, including credit card application fraud, insurance application fraud, and other types of fraud. Thus, efforts to restrict the collection and use of personal information contained in public records, though well intended, actually may hinder efforts to prevent identity theft by depriving businesses, government and law enforcement officials of valuable data that is used to authenticate identities and protect the public. Security must be balanced with access. Prohibiting Complete Social Security Numbers on Public Land Records As you review testimony to enhance the privacy of your constituents, most are more than likely looking to prohibit the use and disclosure of an individual's social security number in public records. However, it is important to understand for which purposes and how social security numbers are used by government and the private sector, as well as what impact redaction and truncation have on record custodians, business, and the public. Privacy Focus: Social Security Numbers A number of privacy advocates warn that the display of social security numbers in public records must be reduced as they are a primary piece of information in the commission of identity theft crimes. At least forty-one states and the District of Columbia maintain at least one record that displays an individual's social security number, according to a U.S. Government Accountability Office (GAO) study conducted in November 2004. Given the nature of the social security number as a unique identifier for important records and services, advocates are concerned that display of the numbers in public records makes it easier for identity thieves, both domestic and international, to obtain new credit and bank accounts in the names of their victims. As outlined in a white paper created by the PRIA, ``Privacy and Public Land Records: Making Practical Policy'' available for your review at www.pria.us, under a section entitled ``Identity Theft,'' at this time there does not appear to be evidence supporting the claim that information derived from public records, including social security numbers, is systematically used to perpetuate identity theft crimes. That being said, it is reasonable to expect that government should, and must, institute reasonable safeguards to protect citizens from becoming victims of identity theft as a result of public land record abuse. Legitimate Business and Government Uses of the Social Security Number Several legitimate business and governmental uses exist for social security numbers. These include preventing and investigating terrorist activities, locating and recovering missing children, identifying and preventing fraud, locating witnesses and helping make arrests, preventing and investigating financial crime, enforcing child support obligations and government assistance programs, helping locate pension fund beneficiaries, helping locate blood, bone marrow, and organ donors, contributing to important medical research efforts,notifying families about environmental hazards. The benefits gained from the legitimate use of a social security number need to be balanced with the potential for abuse. Balancing Benefits Versus Abuse of Public Records/Access to Social Security Numbers The Federal Government, states and businesses are either legally obligated, or choose to voluntarily control, the disclosure of records containing social security numbers. While privacy advocates call for greater control of access to social security numbers in public records, such a restrictive approach would threaten the ability of the government and businesses to accurately and efficiently verify the identification of citizens or consumers and authenticate that they are who they say they are. Identity thieves are using a number of methods to obtain personal identification information, including ``phishing'' scams in which thieves send bulk or targeted emails to consumers impersonating legitimate businesses asking consumers to provide personal information such as social security numbers. ``Phishing'' has recently been expanded to include ``spear-phishing.'' ``Spear-phishing'' is where identity thieves send bulk or targeted emails falsely appearing as a commanding officer, in the case of military personnel, or as a superior or executive within an organization. These thieves ask that the employee email the supervisor or executive, at the false email address, their personal information to update records or to confirm their personal information. Another new scam is ``pharming,'' where identity thieves redirect visitors from legitimate websites to ``spoofed'' websites (websites which look legitimate, but are not), and then collect personally identifiable information from these visitors. It is important then that any legislative or regulatory attempts to restrict the access to, the display of, or use of social security numbers in public land records should carefully weigh the actual threat of identity theft with the efficient and current use of social security numbers in public land records by state and local governments, business and citizens. Considerations for Federal Legislation Prior to the development of federal legislation that affects the use of social security numbers and other data elements in public records policymakers should consider the following points: Before exempting any specific data element from collection by a government entity or from disclosure to the public, policymakers should first set out to understand what records contain that data element and the reason for its presence in that record. Data elements are necessary in certain records and have a clear purpose. For example, without complete social security numbers in certain critical documents, such as tax liens, government and the private sector lose the ability to match data about individuals. Studying the potential impact of redaction or limits on collection of information is highly recommended before making any policy changes. Policymakers should solicit direct input from the custodians of the records and those that use them to determine how a proposed policy will affect the records themselves as well as the ability of custodians to perform their duties. Policymakers must identify, or provide, funding mechanisms to carry out the redaction of public records so as to avoid an unfunded mandate. In this regard, a ``go forward'' recording fee for creating electronic versions of all recorded documents could be used to carry out the redacting process as well. Suggested Elements for Social Security Number Legislation The PRIA has drafted model legislation, the Social Security number and Privacy Protection Act (SSNAPP Act), which is included in Appendix A and incorporates the elements below. Legislation Relating to Public Records Should be on a ``Day-Forward'' Basis Any legislation impacting a governmental agency's acceptance, redaction, or truncation of documents which contain social security numbers should be effective on a ``day-forward'' basis only. This means that any legislation should not require redaction or expungement of records already filed or recorded. In particular, recorders will be faced with a nightmarish task of redacting records that are already filed, or recorded, including those in other mediums such as microfilm or microfiche. Depending on the method used for redaction, the recorder may be faced with managing two databases or two sets of redacted documents. It is possible that mistakes or omissions could occur in the public record if recorders are required to manage and maintain two sets of databases, or redacted and unredacted images. Redaction of official records and updating archival and security copies could mean having to delve into technology or methods of preservation that are no longer available to the recorder or archiving facility. Immunity of Recorders Recorders are custodians, or stewards, of the information they are required by law to maintain. It should be the responsibility of document preparers and individual consumers, and not recorders, to make sure that documents presented to recorders for recording do not contain social security numbers if the inclusion of social security numbers is prohibited by law. Therefore, recorders should be immune from suits relating to documents filed or recorded that include social security numbers, and any liability should be imposed on the document preparers. Authority to Redact Post Effective Date Model legislation may grant recorders the authority to redact social security numbers from documents that are recorded after the effective date of that legislation. This authority should not affect the integrity of the original recorded document. This can be accomplished by masking the information available to the general public, for example, on the Internet, using redaction software that allows disclosure of the unredacted image on certified documents used for official purposes, such as probate. This provision provides an important ministerial function--that of providing certified copies of records from government offices. Certification of public documents requires recorders and clerks to provide an exact copy of a recorded document. Recorders need to be explicitly empowered to redact the social security number after the effective date of the legislation, without compromising the integrity of future certified copies. Voluntary Redaction by Public Prior to Delivery for Recording Legislation may grant members of the general public the opportunity to remove social security numbers and other private identifying information prior to the filing of their documents, such as provided in Texas (Texas Property Code Section 11.008). This provision removes discretionary issues from the government official and provides members of the general public with a self-help remedy if they are concerned about the privacy of their personally identifiable information. We recommend an individual be able to remove, or request removal of, a social security number or other personally identifiable information from the document before or after it is recorded. Recorders Not to Redact Information from Documents to be Recorded Legislation may provide that recorders not have the responsibility of redacting social security numbers or other personally identifiable information from documents prior to recording. Recorders would continue to record whatever they receive. This provision continues the important ministerial, non- discretionary function--that of creating a public record of documents exactly as they were presented to the government offices. Certification of public documents then complies with the recorders' and clerks' responsibility to provide an exact copy of the document as it was when recorded. CONCLUSION Practical and informed policy making is a must to further solidify the integrity of our public records system and to achieve a meaningful balance between the public's concern about privacy and businesses' legitimate use of data. Enlightened policymakers have an opportunity to resolve these issues in a way that empowers consumers, enables business, and enhances our nation's economy. __________ Appendix A SOCIAL SECURITY NUMBER AND PRIVACY PROTECTION ACT 1. Definitions (a) ``Personally Identifiable Information`` means one or more of the following specific unique identifiers when combined with an individual's name: (1) Soocial security number. (2) Driver's license number or state identification card number. (3) Financial institution account number, credit, debit or charge card number. (4) Date of birth. (b) ``Preparer'' means the person or entity who creates, drafts, edits, revises or last changes the documents that are recorded with the [Recorder]. 2. Inclusion of Personally Identifiable Information The Preparer of a document shall not include an individual's Personally Identifiable Information in a document that is prepared and presented for recording in the office of the [Recorder]. This Section shall not apply to documents that were executed by an individual prior to the effective date of this Act. All documents described by this Act are subject to inspection and copying by the public. 3. Reduction on Recorder's Publicly Available Internet Web site If a document that includes an individual's Personally Identifiable Information was recorded with the [Recorder] and is available on the [Recorder's] public Internet website, the individual may request that the [Recorder] redact such information from the Internet record. The [Recorder] shall establish a procedure by which individuals may request that such Personally Identifiable Information be redacted from the Internet record available on the [Recorder]'s public Internet website, at no fee to the requesting individual. The [Recorder] shall comply with an individual's request to redact Personally Identifiable Information. 4. Liability of Preparer A Preparer who enters Personally Identifiable Information in a document that is prepared and presented for recording is liable to the individual whose Personally Identifiable Information appears in the recorded public document in violation of Section 2 of this Act for damages of up to five hundred dollars ($500.00) for each act of recording. 5. Liability of Recorder The [Recorder] shall not be liable for any claims arising from a violation of this act. 6. Applicability (a) This Act shall not apply to state or federal tax liens, certified copies of death certificates or other documents required by law to contain Personally Identifiable Information that are filed or recorded in the office of the [Recorder]. 7. Effective Date This Act shall be effective on___.