Theft task force: Stop SSN use

Policy experts point to deficiencies in how government manages citizen identification

The President’s Identity Theft Task Force said government agencies must bolster their defenses against identity thieves by limiting the use of Social Security numbers. The group, which includes representatives from the Justice Department, Social Security Administration and Federal Trade Commission, called last week for a more appropriate and coordinated use of Social Security numbers.

The proposal for securing Social Security numbers was one of 31 recommendations the task force submitted to White House officials to improve public- and private-sector identity theft protections.

“There is no quick solution to this problem,” wrote Attorney General Alberto Gonzales and FTC Chairwoman Deborah Platt Majoras, co-chairs of the task force, in a letter to President Bush. However, they wrote that “a coordinated strategic plan can go a long way toward stemming the injuries caused by identity theft and, we hope, putting identity thieves out of business.”

The letter states that the task force recommendations would strengthen the efforts of federal, state and local law enforcement officers; educate consumers and businesses about deterring, detecting and defending against identity theft; and assist law enforcement officers in apprehending and prosecuting identity thieves.

However, some policy experts objected to the task force’s focus, saying it should have concentrated its efforts on how government agencies manage the problem of identifying citizens. “The heart of the problem is the poor design of our identity system,” said Jim Harper, director of information policy studies at the Cato Institute.

Harper said that at a two-day FTC workshop this month, identity theft experts proposed using multiple forms of citizen identification. Agencies could issue their own identity numbers for citizens or recognize privately issued identification such as credit cards, he said.

The risk of identity theft is never far from public consciousness. The Agriculture Department disclosed last week that it had publicly exposed 63,000 citizens’ Social Security numbers posted on a USDA Web site.
“Data security breaches remain too common, and schemes for committing ID theft are growing more sophisticated,” Majoras said at a press conference following the release of the report.
The task force called on the Office of Personnel Management to eliminate, restrict or conceal the use of SSNs. It recommended that SSA develop a clearinghouse for agency best practices and initiatives that minimize use and display of SSNs.
Both projects should be completed in 2007, according to the task force recommendations.
Harper said, however, that restricting the use of SSNs could be difficult because the private sector finds it to be a convenient identifier. “If [its use] was limited, there’d be a lot of economic damage,” Harper said. “It’s certainly not the silver bullet,” he added, “but I do agree that government can take the lead on this.”

The task force report calls on the Office of Management and Budget and Homeland Security Department to outline best security and privacy practices. It proposes that agency chief information officers be responsible for securing all portable storage and communications devices used for work at their agencies.

Task force members said they seek to establish national standards for protecting personal data in the private sector, to expand identity theft crime statutes and to establish a national law enforcement center. They also seek to establish national standards for identity protection and theft reporting in the private sector.

Legislative proposals focus on notificationSens. Jeff Sessions (R-Ala.) and Diane Feinstein (D-Calif.) have introduced bills, S 239 and S 1202, respectively, that would require agencies and other organizations to report data breaches that could result in identity theft.

  • Sessions introduced a bill April 23 that would require any agencies that hold sensitive personal information to report data breaches where “a significant risk of identity theft to an individual exists.” Personal information would include Social Security and driver’s license numbers and financial information. Sessions’ bill also calls for greater accountability for securing databases that contain sensitive personal information. It would require database owners to protect data against “unauthorized access, destruction, use, modification or disclosure.”
  • Feinstein renewed calls in March for passage of her bill, the Notification of Risk to Personal Data Act. The legislation, which she introduced in January, covers government and businesses. Both would be required to notify individuals, the news media and credit reporting agencies if a data breach could potentially affect more than 1,000 people. Government and businesses would be required to notify the Secret Service if more than 10,000 people were potentially at risk of identity theft. 
— Wade-Hahn Chan


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected