Theft task force: Stop SSN use

Policy experts point to deficiencies in how government manages citizen identification

The President’s Identity Theft Task Force said government agencies must bolster their defenses against identity thieves by limiting the use of Social Security numbers. The group, which includes representatives from the Justice Department, Social Security Administration and Federal Trade Commission, called last week for a more appropriate and coordinated use of Social Security numbers.

The proposal for securing Social Security numbers was one of 31 recommendations the task force submitted to White House officials to improve public- and private-sector identity theft protections.

“There is no quick solution to this problem,” wrote Attorney General Alberto Gonzales and FTC Chairwoman Deborah Platt Majoras, co-chairs of the task force, in a letter to President Bush. However, they wrote that “a coordinated strategic plan can go a long way toward stemming the injuries caused by identity theft and, we hope, putting identity thieves out of business.”

The letter states that the task force recommendations would strengthen the efforts of federal, state and local law enforcement officers; educate consumers and businesses about deterring, detecting and defending against identity theft; and assist law enforcement officers in apprehending and prosecuting identity thieves.

However, some policy experts objected to the task force’s focus, saying it should have concentrated its efforts on how government agencies manage the problem of identifying citizens. “The heart of the problem is the poor design of our identity system,” said Jim Harper, director of information policy studies at the Cato Institute.

Harper said that at a two-day FTC workshop this month, identity theft experts proposed using multiple forms of citizen identification. Agencies could issue their own identity numbers for citizens or recognize privately issued identification such as credit cards, he said.

The risk of identity theft is never far from public consciousness. The Agriculture Department disclosed last week that it had publicly exposed 63,000 citizens’ Social Security numbers posted on a USDA Web site.
 
“Data security breaches remain too common, and schemes for committing ID theft are growing more sophisticated,” Majoras said at a press conference following the release of the report.
 
The task force called on the Office of Personnel Management to eliminate, restrict or conceal the use of SSNs. It recommended that SSA develop a clearinghouse for agency best practices and initiatives that minimize use and display of SSNs.
 
Both projects should be completed in 2007, according to the task force recommendations.
 
Harper said, however, that restricting the use of SSNs could be difficult because the private sector finds it to be a convenient identifier. “If [its use] was limited, there’d be a lot of economic damage,” Harper said. “It’s certainly not the silver bullet,” he added, “but I do agree that government can take the lead on this.”

The task force report calls on the Office of Management and Budget and Homeland Security Department to outline best security and privacy practices. It proposes that agency chief information officers be responsible for securing all portable storage and communications devices used for work at their agencies.

Task force members said they seek to establish national standards for protecting personal data in the private sector, to expand identity theft crime statutes and to establish a national law enforcement center. They also seek to establish national standards for identity protection and theft reporting in the private sector.






Legislative proposals focus on notificationSens. Jeff Sessions (R-Ala.) and Diane Feinstein (D-Calif.) have introduced bills, S 239 and S 1202, respectively, that would require agencies and other organizations to report data breaches that could result in identity theft.

  • Sessions introduced a bill April 23 that would require any agencies that hold sensitive personal information to report data breaches where “a significant risk of identity theft to an individual exists.” Personal information would include Social Security and driver’s license numbers and financial information. Sessions’ bill also calls for greater accountability for securing databases that contain sensitive personal information. It would require database owners to protect data against “unauthorized access, destruction, use, modification or disclosure.”
  • Feinstein renewed calls in March for passage of her bill, the Notification of Risk to Personal Data Act. The legislation, which she introduced in January, covers government and businesses. Both would be required to notify individuals, the news media and credit reporting agencies if a data breach could potentially affect more than 1,000 people. Government and businesses would be required to notify the Secret Service if more than 10,000 people were potentially at risk of identity theft. 
— Wade-Hahn Chan

Who's Fed 100-worthy?

Nominations are now open for the 2015 Federal 100 awards. Get the details and submit your picks!

Featured

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above