SSA wants stronger safeguards for SSNs

Congress should approve legislation that limits the use and collection of Social Security numbers to those purposes the federal law requires or reduces SSNs as convenient identifiers, said Patrick O’Carroll, inspector general at the Social Security Administration.

SSA has tried to educate organizations outside government to better protect this sensitive information, and some have done so. Others, however, say change could be costly and don’t want to switch from the convenient identifier.

“To convince these parties, we believe SSA needs more help,” O’Carroll told lawmakers today at a hearing of the House Ways and Means Committee’s Social Security Subcommittee. “Any legislative provisions that reduce the display of SSNs or limit or eliminate trafficking in SSNs by information brokers and others would be of great help to our efforts.”

No federal law requires comprehensive confidentiality protection for SSNs, said Rep. Michael McNulty (D-N.Y.), subcommittee chairman. He intends to move legislation during this session. Lawmakers introduced several bills last year, but they did not pass.

“SSA has essentially no control over how the Social Security number is used by other governmental agencies or the private sector,” he said.

The SSN is a popular and universal identifier in state and local governments, schools, hospitals and many businesses. It has become easier for criminals to steal and counterfeit SSNs because they are so pervasive. SSA receives about 10,000 allegations of SSN misuse a year and investigates about 1,500 criminal cases of misuse.

In recent examples, SSA’s IG played a role with the Homeland Security Department in the discovery and arrest of six men who used fake SSNs and allegedly planned an attack on Fort Dix in New Jersey. SSA also seeks prosecution of a staffing agency that allegedly provided illegal workers with fraudulent SSNs.

The overall SSN debate centers on whether an entity should develop a new identification card and system at a cost of about $10 billion or keep current cards and add more protections, O’Carroll said. SSNs already are effective identifiers for tracking wage data for SSA, he said.

Federal agencies have started reducing the availability of SSNs by truncating the number, such as providing only the final four digits, in documents provided to state and local record-keepers. But truncation does not provide complete protection against identity theft, said Daniel Bertoni, director of education, workforce and income security issues at the Government Accountability Office.

“Identity thieves may still be able to reconstruct full SSNs by combining different truncated versions of the SSN available from public and private sources,” he said.

The Federal Trade Commission recommended multiple layers of authentication for SSNs, such as biometrics -- fingerprint or iris scans -- to make it more difficult to misuse them, said Joel Winston, FTC’s associate director of the Privacy and Identity Protection Division.

“Government can facilitate and encourage authentication, but it can’t come in and say how it should be for consumers,” he said.

FTC is a member of the President’s Identity Theft Task Force, which in April urged federal agencies -- including the Office of Personnel Management in human resources data -- to reduce their use of SSNs.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected