Cybersecurity

Why OMB needs to lead on reducing federal SSN use

broken lock 

The government's effort to reduce its reliance on social security numbers is slow and continues to face challenges on the agency level.

In a recent report, the Government Accountability Office states that part of the reason for the difficulties agencies face is that they lack central guidance from the Office of Management and Budget.

While the numbers serve as a unique identifier for Americans, they were never intended to serve as a proxy ID, and their widespread use potentially exposes citizens to risks of identity theft.

Around 2007, OMB and the Social Security Administration made pushes to migrate from the number, and the 2015 Office of Personnel Management breach, which exposed some 22 million personnel records, renewed the effort's urgency.

Auditors reported that all 24 CFO Act agencies have developed plans to curb the use and display of social security numbers, but agencies continue to struggle in actually reducing their collection of and reliance on the numbers.

The agencies' reduction plans are supposed to comprise four criteria -- performance goals and indicators, measurable activities, timelines for completion, as well as roles and responsibilities. However, their thoroughness varies significantly.

Only two agencies -- the Departments of Commerce and Education -- address all four elements, and two -- the Department of Energy and the General Services Administration -- address none.

However, individual agencies are using IT to cut down on the transmittal of SSNs. For example, the Bureau of Economic Analysis within the Department of Commerce implemented a filter to block e-mails containing SSNs, and the Department of Justice's systems automatically block e-mails to external, nongovernmental users when an SSN is detected.

Even where reductions can be made, regulatory, operational and technical obstacles stand in the way. Agency officials told auditors that SSNs cannot be entirely eliminated from federal IT systems and records because of a mix of laws and longstanding practice.

Officials from 14 agencies said that reducing the use, collection and display of SSNs would require complex technological challenges to key software applications and information systems.

"SSN reduction efforts in the federal government have also been limited by more readily addressable shortcomings," the report states. Specifically, GAO points a finger at OMB's poor planning and ineffective monitoring for agencies' shortcomings.

Reduction plans are supposed to be based on unnecessary use and display of social security numbers, but OMB hasn't provided criteria for determining what "unnecessary" constitutes, leaving interpretations up to agencies' interpretations.

Additionally, OMB does not require agencies to submit progress updates or to maintain inventories of systems that contain SSNs, which makes measuring agencies' progress in reducing SSNs difficult, the report states.

"Until OMB requires agencies to adopt better practices for managing their SSN reduction processes, overall government-wide reduction efforts will likely remain limited and difficult to measure," the report states.

Auditors recommended OMB to require all agencies to develop and maintain SSN reduction plans, to inventory which of their systems contain SSNs and to submit annual status reports.

Additionally, auditors recommend that OMB define "unnecessary" collection and use of SSNs and establish performance measures of agency progress.

OMB did not provide comments on the recommendations.

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.