House panel eyes solutions to SSA on-line privacy problem

Social Security Administration officials under fire for a system that allowed easy access to personal earnings and benefits records over the World Wide Web were told at a House hearing last week that the agency's actions could serve as a blueprint for other federal agencies that use the Web to distribute sensitive information.

Media reports last month made millions of Americans aware that anyone could gain on-line access to an individual's earnings and benefits reports by using a few easily obtained keys such as a person's name Social Security number date and place of birth and mother's maiden name. The earnings information available on SSA's Web site (www.ssa.gov) as a Personal Earnings and Benefit Estimate Statement (PEBES) also includes information on taxes.

Within days of the reports SSA shut down the month-old on-line service and planned a series of public forums to collect public comment and search for possible remedies to the privacy problem.

The first of the forums was held on May 5 in Hartford Conn. and served to air many of the suggestions that have been discussed to bring greater privacy and security to PEBES on-line. The next day members of the House Ways and Means Committee's subcommittee on Social Security began winnowing through some of those suggestions.

Several Possible Solutions

One solution SSA may consider is requiring personal identification numbers passwords or digital signatures to access private information via the Internet but that solution presents its own logistical challenges and requires cost-benefit analyses panelists told subcommittee members.

Acting SSA commissioner John J. Callahan expressed optimism that future technologies could present an entree for greater security and privacy on SSA's Web site. "Technology changes incredibly rapidly " he said. "There may be a variety of changes in technology wherein we can enhance" the security of the information.

Another solution offered would require individuals to provide more information when trying to access their data. But Marc Rotenberg director of the Electronic Privacy Information Center told the subcommittee he believed that solution was "too costly and too inefficient."

Panelists and subcommittee members also considered allowing taxpayers to opt out of having their information made available. A box could be included in future federal income tax forms that Americans could choose to check if they did not want their information accessible over the Internet.

As the agency searches for a solution it is likely that what it decides to do will lay the groundwork for other agencies that collect sensitive data and are considering making that information available electronically.

"I hope you're working with the IRS on this since they're facing many of the same problems " Rep. Rob Portman (R-Ohio) told Callahan. The Internal Revenue Service one of the largest federal custodians of private information on computers has come under criticism for failing to prevent employees from browsing through taxpayers' records.

Others testifying Tuesday echoed Portman's call for cooperation across agencies.

"There may be some need to coordinate privacy standards within the federal government " Rotenberg said.

Featured

  • FCW Perspectives
    remote workers (elenabsl/Shutterstock.com)

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

  • Management
    shutterstock image By enzozo; photo ID: 319763930

    Where does the TMF Board go from here?

    With a $1 billion cash infusion, relaxed repayment guidelines and a surge in proposals from federal agencies, questions have been raised about whether the board overseeing the Technology Modernization Fund has been scaled to cope with its newfound popularity.

Stay Connected