SSA wants stronger safeguards for SSNs
- By Mary Mosquera
- Jun 21, 2007
Congress should approve legislation that limits the use and collection of Social Security numbers to those purposes the federal law requires or reduces SSNs as convenient identifiers, said Patrick O’Carroll, inspector general at the Social Security Administration.
SSA has tried to educate organizations outside government to better protect this sensitive information, and some have done so. Others, however, say change could be costly and don’t want to switch from the convenient identifier.
“To convince these parties, we believe SSA needs more help,” O’Carroll told lawmakers today at a hearing of the House Ways and Means Committee’s Social Security Subcommittee. “Any legislative provisions that reduce the display of SSNs or limit or eliminate trafficking in SSNs by information brokers and others would be of great help to our efforts.”
No federal law requires comprehensive confidentiality protection for SSNs, said Rep. Michael McNulty (D-N.Y.), subcommittee chairman. He intends to move legislation during this session. Lawmakers introduced several bills last year, but they did not pass.
“SSA has essentially no control over how the Social Security number is used by other governmental agencies or the private sector,” he said.
The SSN is a popular and universal identifier in state and local governments, schools, hospitals and many businesses. It has become easier for criminals to steal and counterfeit SSNs because they are so pervasive. SSA receives about 10,000 allegations of SSN misuse a year and investigates about 1,500 criminal cases of misuse.
In recent examples, SSA’s IG played a role with the Homeland Security Department in the discovery and arrest of six men who used fake SSNs and allegedly planned an attack on Fort Dix in New Jersey. SSA also seeks prosecution of a staffing agency that allegedly provided illegal workers with fraudulent SSNs.
The overall SSN debate centers on whether an entity should develop a new identification card and system at a cost of about $10 billion or keep current cards and add more protections, O’Carroll said. SSNs already are effective identifiers for tracking wage data for SSA, he said.
Federal agencies have started reducing the availability of SSNs by truncating the number, such as providing only the final four digits, in documents provided to state and local record-keepers. But truncation does not provide complete protection against identity theft, said Daniel Bertoni, director of education, workforce and income security issues at the Government Accountability Office.
“Identity thieves may still be able to reconstruct full SSNs by combining different truncated versions of the SSN available from public and private sources,” he said.
The Federal Trade Commission recommended multiple layers of authentication for SSNs, such as biometrics -- fingerprint or iris scans -- to make it more difficult to misuse them, said Joel Winston, FTC’s associate director of the Privacy and Identity Protection Division.
“Government can facilitate and encourage authentication, but it can’t come in and say how it should be for consumers,” he said.
FTC is a member of the President’s Identity Theft Task Force, which in April urged federal agencies -- including the Office of Personnel Management in human resources data -- to reduce their use of SSNs.