[House Hearing, 107 Congress]
[From the U.S. Government Publishing Office]



 
              PRESERVING THE INTEGRITY OF SOCIAL SECURITY

 NUMBERS AND PREVENTING THEIR MISUSE BY TERRORISTS AND IDENTITY THIEVES
=======================================================================

                             JOINT HEARING

                               before the

                    SUBCOMMITTEE ON SOCIAL SECURITY

                                 of the

                      COMMITTEE ON WAYS AND MEANS

                                and the

                      SUBCOMMITTEE ON IMMIGRATION,
                      BORDER SECURITY, AND CLAIMS

                                 of the

                       COMMITTEE ON THE JUDICIARY

                                 of the

                        HOUSE OF REPRESENTATIVES

                      ONE HUNDRED SEVENTH CONGRESS

                             SECOND SESSION

                               __________

                           SEPTEMBER 19, 2002

                               __________

                           Serial No. 107-81

                     (Committee on Ways and Means)

                             Serial No. 102

                      (Committee on the Judiciary)

                               __________

    Printed for the use of the Committee on Ways and Means and the 
                       Committee on the Judiciary










                           U.S. GOVERNMENT PRINTING OFFICE
84-170                            WASHINGTON : 2003
___________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512-1800  
Fax: (202) 512-2250 Mail: Stop SSOP, Washington, DC 20402-0001





                      COMMITTEE ON WAYS AND MEANS

                   BILL THOMAS, California, Chairman

PHILIP M. CRANE, Illinois            CHARLES B. RANGEL, New York
E. CLAY SHAW, Jr., Florida           FORTNEY PETE STARK, California
NANCY L. JOHNSON, Connecticut        ROBERT T. MATSUI, California
AMO HOUGHTON, New York               WILLIAM J. COYNE, Pennsylvania
WALLY HERGER, California             SANDER M. LEVIN, Michigan
JIM McCRERY, Louisiana               BENJAMIN L. CARDIN, Maryland
DAVE CAMP, Michigan                  JIM McDERMOTT, Washington
JIM RAMSTAD, Minnesota               GERALD D. KLECZKA, Wisconsin
JIM NUSSLE, Iowa                     JOHN LEWIS, Georgia
SAM JOHNSON, Texas                   RICHARD E. NEAL, Massachusetts
JENNIFER DUNN, Washington            MICHAEL R. McNULTY, New York
MAC COLLINS, Georgia                 WILLIAM J. JEFFERSON, Louisiana
ROB PORTMAN, Ohio                    JOHN S. TANNER, Tennessee
PHIL ENGLISH, Pennsylvania           XAVIER BECERRA, California
WES WATKINS, Oklahoma                KAREN L. THURMAN, Florida
J.D. HAYWORTH, Arizona               LLOYD DOGGETT, Texas
JERRY WELLER, Illinois               EARL POMEROY, North Dakota
KENNY C. HULSHOF, Missouri
SCOTT McINNIS, Colorado
RON LEWIS, Kentucky
MARK FOLEY, Florida
KEVIN BRADY, Texas
PAUL RYAN, Wisconsin

                     Allison Giles, Chief of Staff

                  Janice Mays, Minority Chief Counsel

                                 ______

                    Subcommittee on Social Security

                  E. CLAY SHAW, Jr., Florida, Chairman

SAM JOHNSON, Texas                   ROBERT T. MATSUI, California
MAC COLLINS, Georgia                 LLOYD DOGGETT, Texas
J.D. HAYWORTH, Arizona               BENJAMIN L. CARDIN, Maryland
KENNY C. HULSHOF, Missouri           EARL POMEROY, North Dakota
RON LEWIS, Kentucky                  XAVIER BECERRA, California
KEVIN BRADY, Texas
PAUL RYAN, Wisconsin
                       COMMITTEE ON THE JUDICIARY

            F. JAMES SENSENBRENNER, Jr., Wisconsin, Chairman

HENRY J. HYDE, Illinois              JOHN CONYERS, Jr., Michigan
GEORGE W. GEKAS, Pennsylvania        BARNEY FRANK, Massachusetts
HOWARD COBLE, North Carolina         HOWARD L. BERMAN, California
LAMAR SMITH, Texas                   RICK BOUCHER, Virginia
ELTON GALLEGLY, California           JERROLD NADLER, New York
BOB GOODLATTE, Virginia              ROBERT C. SCOTT, Virginia
STEVE CHABOT, Ohio                   MELVIN L. WATT, North Carolina
BOB BARR, Georgia                    ZOE LOFGREN, California
WILLIAM L. JENKINS, Tennessee        SHEILA JACKSON LEE, Texas
CHRIS CANNON, Utah                   MAXINE WATERS, California
LINDSEY O. GRAHAM, South Carolina    MARTIN T. MEEHAN, Massachusetts
SPENCER BACHUS, Alabama              WILLIAM D. DELAHUNT, Massachusetts
JOHN N. HOSTETTLER, Indiana          ROBERT WEXLER, Florida
MARK GREEN, Wisconsin                TAMMY BALDWIN, Wisconsin
RIC KELLER, Florida                  ANTHONY D. WEINER, New York
DARRELL E. ISSA, California          ADAM B. SCHIFF, California
MELISSA A. HART, Pennsylvania
JEFF FLAKE, Arizona
MIKE PENCE, Indiana
J. RANDY FORBES, Virginia

             Philip G. Kiko, Chief of Staff-General Counsel

               Perry H. Apelbaum, Minority Chief Counsel

                                 ______

        Subcommittee on Immigration, Border Security, and Claims

                GEORGE W. GEKAS, Pennsylvania, Chairman

DARRELL E. ISSA, California          SHEILA JACKSON LEE, Texas
MELISSA A. HART, Pennsylvania        BARNEY FRANK, Massachusetts
LAMAR SMITH, Texas                   HOWARD L. BERMAN, California
ELTON GALLEGLY, California           ZOE LOFGREN, California
CHRIS CANNON, Utah, Vice Chair       MARTIN T. MEEHAN, Massachusetts
JEFF FLAKE, Arizona
J. RANDY FORBES, Virginia

                     George Fishman, Chief Counsel

                           Lora Ries, Counsel

                   Art Arthur, Full Committee Counsel

                  Cindy Blackston, Professional Staff

                      Leon Buck, Minority Counsel

Pursuant to clause 2(e)(4) of Rule XI of the Rules of the House, public 
hearing records of the Committee on Ways and Means are also published 
in electronic form. The printed hearing record remains the official 
version. Because electronic submissions are used to prepare both 
printed and electronic versions of the hearing record, the process of 
converting between various electronic formats may introduce 
unintentional errors or omissions. Such occurrences are inherent in the 
current publication process and should diminish as the process is 
further refined.




                            C O N T E N T S

                               __________
                                                                   Page

Advisory of September 12, 2002, announcing the hearing...........     2

                               WITNESSES

Social Security Administration, Hon. James B. Lockhart III, 
  Deputy Commissioner............................................    11
U.S. Department of State, Charisse M. Phillips, Director, Office 
  of Fraud Prevention Programs, Bureau of Consular Affairs.......    48
U.S. Secret Service, Robert Bond, Deputy Special Agent in Charge, 
  Financial Crimes Division......................................    54
Federal Bureau of Investigation, Grant D. Ashley, Assistant 
  Director, Criminal Investigative Division......................    62
Social Security Administration, Hon. James G. Huse, Jr., 
  Inspector General..............................................    66

                                 ______

Stylecraft Interiors Inc., Matthew James Reindl..................    73
Electronic Privacy Information Center, Chris Jay Hoofnagle.......    78

                       SUBMISSIONS FOR THE RECORD

Social Security Advisory Board, Hon. Hal Daub, statement.........   104

                                 ______

American Federation of Government Employees, National Council of 
  SSA Field Operations Locals, Baltimore, MD, Witold 
  Skwierczynski, statement.......................................   108
American Immigration Lawyers Association, letter.................   111
ERISA Industry Committee, National Association of State 
  Retirement Administrators, National Council on Teacher 
  Retirement, National Rural Electric Cooperative Association, 
  and Profit Sharing/401(k) Council of America, joint statement..   112
Federation for American Immigration Reform, Dan Stein, letter....   114
National Council of La Raza, and National Immigration Law Center, 
  joint letter...................................................   115


                        PRESERVING THE INTEGRITY



                       OF SOCIAL SECURITY NUMBERS



                     AND PREVENTING THEIR MISUSE BY



                   TERRORISTS AND IDENTITY THIEVES

                              ----------                              


                      THURSDAY, SEPTEMBER 19, 2002

                  House of Representatives,
                       Committee on Ways and Means,
                           Subcommittee on Social Security,

                                  and

                        Committee on the Judiciary,
                               Subcommittee on Immigration,
                               Border Security, and Claims,
                                                    Washington, DC.

    The Subcommittees met, pursuant to notice, at 1:05 p.m., in 
room 1100 Longworth House Office Building, Hon. E. Clay Shaw, 
Jr., and Hon. George W. Gekas (Chairmen of the Subcommittees) 
presiding.
    [The advisory announcing the hearing follows:]

ADVISORY

FROM THE 
COMMITTEE
 ON WAYS 
AND 
MEANS

                    SUBCOMMITTEE ON SOCIAL SECURITY

                                                CONTACT: (202) 225-9263
FOR IMMEDIATE RELEASE
September 12, 2002
No. SS-16

                    Shaw Announces Joint Hearing on

              Preserving the Integrity of Social Security

                 Numbers and Preventing Their Misuse by

                    Terrorists and Identity Thieves

    Congressman E. Clay Shaw, Jr. (R-FL), Chairman, Subcommittee on 
Social Security of the Committee on Ways and Means, today announced 
that the Subcommittee will hold a joint hearing with the Subcommittee 
on Immigration, Border Security, and Claims of the Committee on 
Judiciary, chaired by Congressman George W. Gekas (R-PA), on preserving 
the integrity of Social Security numbers and preventing their misuse by 
terrorists and identity thieves. The hearing will take place on 
Thursday, September 19, 2002, in 1100 Longworth House Office Building, 
beginning at 1:00 p.m.

    In view of the limited time available to hear witnesses, oral 
testimony at this hearing will be from invited witnesses only. However, 
any individual or organization not scheduled for an oral appearance may 
submit a written statement for consideration by the Subcommittee and 
for inclusion in the printed record of the hearing.

BACKGROUND:

    Although Social Security numbers (SSNs) are used for many 
legitimate purposes, wide availability, and easy access to this very 
personal information has greatly facilitated Social Security number-
related crimes and fueled growing concern for safeguarding individuals' 
privacy.

    Identity theft is considered the fastest growing financial crime in 
the country, affecting an estimated 500,000 to 700,000 people annually, 
regardless of age, gender, or race. Older Americans will become an 
increasingly attractive target by criminal elements, since they hold 
substantial wealth and because seniors are often dependent on 
caregivers. In addition, the rising cost of this crime increases the 
cost of banking, insurance, and credit cards for all Americans.

    Worse yet, according to the Federal Bureau of Investigation, 
terrorists have utilized Social Security number fraud and identity 
theft to obtain employment, access secure locations, and finance their 
operations, thereby posing a significant threat to our national 
security. Forged documents, whether bogus birth certificates, fake SSN 
cards, or false immigration documents, are increasingly available from 
those who make their living selling false identities. There are now 
illegal markets throughout the cities of the United States where anyone 
can acquire a false or stolen identity.

    The Social Security Administration (SSA) serves as the front line 
of defense in ensuring SSN integrity, because it is responsible for 
accurately assigning SSNs and ensuring the wages earned and Social 
Security benefits claimed on that number are only those of the number 
holder. Last year, SSA issued 18.1 million SSN cards, of which 5.8 
million were new and 12.3 million were replacement SSN cards. The SSA's 
Inspector General (IG) has long criticized the agency's failure to 
verify the authenticity of identification documents, and in a recent 
report estimated that of the 1.2 million SSNs issued to non-citizens in 
2000, nearly 100,000 were based on invalid or inappropriate immigration 
documents. This year, the SSA began verifying supporting immigration 
records before issuing SSN cards. The agency is also working with the 
Immigration and Naturalization Service (INS) and the U.S. Department of 
State (DoS) to implement new data sharing initiatives and an 
Enumeration at Entry initiative.

    Each year the SSA receives about 250 million wage reports from 
employers covering approximately 150 million workers. For tax year 
2000, employers reported almost 9.6 million wage items, equaling almost 
$50 billion in wages, that could not be credited to individuals due to 
lack of key information or submission of erroneous information, 
although further efforts to reduce these discrepancies is ongoing. 
According to the SSA, after all processing is complete, 2 to 3 percent 
of wage items will remain unmatched. Earnings that cannot be matched to 
a particular worker are recorded in separate file known as the Earnings 
Suspense File (ESF).

    According to the SSA IG, the ESF contains over 237 million wage 
items and $375 billion in wages accrued between tax years 1937 and 
2000. However, approximately two-thirds of growth in the file occurred 
between 1990 and 2000. The IG has referred to the ESF as a ``major 
management challenge'' for the agency because of its potential impact 
on benefit amounts and administrative costs, and because it represents 
a significant portion of SSN misuse. This year, the SSA extended its 
outreach to employers by sending letters to all employers who submitted 
earnings records that did not match SSA's records and asking them to 
provide corrected information. In addition, the SSA began piloting an 
on-line system to supplement existing verification procedures and more 
quickly enable employers to verify the names and SSNs of newly hired 
employees.

    Although SSA issues SSNs in order to track individual's wages and 
right to Social Security benefits, the agency assigns SSNs for limited 
non-work purposes to certain individuals who are not U.S. citizens and 
are not authorized to work by the INS. Today, SSA only issues non-work 
SSNs to these individuals if Federal statute requires one to access a 
particular benefit or service, or State or local law requires one to 
get general assistance benefits. However, despite their ``non-work'' 
designation, in tax year 2000 approximately 600,000 individuals with 
non-work SSNs earned over $21 billion, though in some cases individuals 
may have become authorized to work without notifying the SSA.

    In announcing the hearing, Chairman Shaw stated: ``This 
Subcommittee has extensively examined identity theft by criminals and 
heard first-hand testimony of the personal devastation caused by this 
type of robbery. In the year since the September 11 attacks, we have 
also learned how SSN fraud can enable terrorism. That is why my 
legislation to improve the privacy of SSNs has generated bipartisan 
support. The SSN protection must be an integral part of a comprehensive 
effort to strengthen homeland security. It is one very tangible way we 
can help prevent the American public from being further victimized by 
terrorists.''

    Chairman Gekas added: ``The privacy of the Social Security numbers 
of every American is under attack by terrorists, international 
criminals, and an increasing number of identity thieves. I believe the 
Social Security Administration can do more to tighten up its procedures 
for issuing Social Security Cards to prevent fraud.''

FOCUS OF THE HEARING:

    The Subcommittees will examine: the role SSN fraud plays in crime 
and terrorist activities and methods by which criminal fraud is 
accomplished utilizing stolen SSNs; the integrity of the SSA's 
enumeration and wage crediting process; Federal agency coordination and 
cooperation, including data sharing, to verify identification 
documents, and to detect and prevent fraud; and recommended legislative 
proposals aimed at combating SSN misuse and protecting privacy.

DETAILS FOR SUBMISSION OF WRITTEN COMMENTS:

    Please Note: Due to the change in House mail policy, any person or 
organization wishing to submit a written statement for the printed 
record of the hearing should send it electronically to 
[email protected], along with a fax copy to 
(202) 225-2610, by the close of business, Thursday, October 3, 2002. 
Those filing written statements who wish to have their statements 
distributed to the press and interested public at the hearing should 
deliver their 200 copies to the Subcommittee on Social Security in room 
B-316 Rayburn House Office Building, in an open and searchable package 
48 hours before the hearing. The U.S. Capitol Police will refuse 
sealed-packaged deliveries to all House Office Buildings.

FORMATTING REQUIREMENTS:

    Each statement presented for printing to the Committee by a 
witness, any written statement or exhibit submitted for the printed 
record or any written comments in response to a request for written 
comments must conform to the guidelines listed below. Any statement or 
exhibit not in compliance with these guidelines will not be printed, 
but will be maintained in the Committee files for review and use by the 
Committee.

    1. Due to the change in House mail policy, all statements and any 
accompanying exhibits for printing must be submitted electronically to 
[email protected], along with a fax copy to 
(202) 225-2610, in Word Perfect or MS Word format and MUST NOT exceed a 
total of 10 pages including attachments. Witnesses are advised that the 
Committee will rely on electronic submissions for printing the official 
hearing record.

    2. Copies of whole documents submitted as exhibit material will not 
be accepted for printing. Instead, exhibit material should be 
referenced and quoted or paraphrased. All exhibit material not meeting 
these specifications will be maintained in the Committee files for 
review and use by the Committee.

    3. Any statements must include a list of all clients, persons, or 
organizations on whose behalf the witness appears. A supplemental sheet 
must accompany each statement listing the name, company, address, 
telephone and fax numbers of each witness.

    Note: All Committee advisories and news releases are available on 
the World Wide Web at http://waysandmeans.house.gov.

    The Committee seeks to make its facilities accessible to persons 
with disabilities. If you are in need of special accommodations, please 
call (202) 225-1721 or (202) 226-3411 TTD/TTY in advance of the event 
(four business days notice is requested). Questions with regard to 
special accommodation needs in general (including availability of 
Committee materials in alternative formats) may be directed to the 
Committee as noted above.

                                 

    Chairman SHAW. Thank you for being here. Mr. Gekas and I 
have sat in these chairs before at a joint meeting, and he just 
reminded me how well he did the last time we were here in 
cross-examining a certain witness and sort of nailed his hide 
to the barn door. When the newspaper----
    Chairman GEKAS. The New York Times.
    Chairman SHAW. When the New York Times wrote about it, they 
said how Clay Shaw tore this witness apart.
    [Laughter.]
    Chairman GEKAS. This time I sat in front of the right 
nameplate.
    Chairman SHAW. Okay, today our Subcommittees will join 
together to examine efforts to preserve the integrity of Social 
Security numbers and how we can better prevent terrorists and 
identity thieves from using these numbers to abet their heinous 
activities.
    I welcome my friend, Chairman Gekas. We were partners 
against crime on Judiciary a number of years ago, before I came 
to this Subcommittee.
    I welcome Ms. Jackson Lee and all of the Members of the 
Judiciary Committee on the Immigration, Border Security, and 
Claims Subcommittee to the Committee on Ways and Means.
    I appreciate the opportunity to work with you as we look 
for ways to ensure the security of individuals and the security 
of our Nation.
    Although created solely for the purpose of tracking 
workers' Social Security earnings, our culture is hooked on 
Social Security numbers. Business and governments use the 
numbers as primary identifiers of individuals. Even the most 
trivial transactions, such as renting a video, require us to 
hand over our nine-digit ID before services can be rendered.
    The Social Security number has become so woven into the 
fabric of American society that it has become the key that 
unlocks the door to an individual's identity for any 
unscrupulous individual who gains access to it. If someone such 
as a criminal or a terrorist unlocks the door, at their 
fingertips are all of the essential elements needed to carry 
out whatever dastardly act they can conceive.
    Worse, as each day passes, we learn more about the degree 
to which terrorists use stolen identities and false Social 
Security numbers to establish cover employment, drivers' 
licenses, and credit cards, all enabling them to live within 
our borders and plan their crime against Americans.
    No longer is Social Security number fraud simply a tool of 
common criminals. Sadly, it is now a tool of terrorists.
    As we will hear today from our witnesses from the U.S. 
Department of State, the Federal Bureau of Investigation (FBI), 
U.S. Secret Service, and the Social Security Administration's 
Inspector General (IG), there is no limit to the creativity of 
the reprehensible acts perpetrated by criminals and terrorists.
    Our Nation and this Congress has forced our attention on 
America's first line of defense since the attacks of September 
11; the war on terrorism and protecting our borders. Next, we 
must enact increased privacy protections for Social Security 
numbers and more powerful tools for law enforcement.
    To that end, I along with several of my Committee on Ways 
and Means colleagues introduced H.R. 2036, the Social Security 
Number Privacy and Identity Theft Prevention Act of 2001. It is 
a vital component of our country's response to terrorism.
    The Social Security Administration serves as the frontline 
of defense in ensuring the integrity of Social Security 
numbers, a responsibility it takes very seriously. It is 
responsible for accurately assigning Social Security numbers as 
well as ensuring the wages earned and the Social Security 
benefits claimed on that number are only those of the holder.
    As we will soon hear, since September 11, the agency has 
implemented a number of initiatives to help prevent identity 
theft. Yet, we will also hear there is more to do, particularly 
with regard to interagency cooperation. A solo approach by 
Federal agencies is not acceptable, as President Bush 
recognizes through his proposal to create a U.S. Department of 
Homeland Security.
    Our Nation has been forever changed by the horrible attacks 
on our country. No longer can we sit idly by and not protect 
ourselves from domestic and foreign terrorists. Also, long 
before these attacks, individuals were fighting more personal 
battles with identity thefts.
    We must implement changes that will prevent and deter 
future attacks on our national security and our personal 
financial security.
    I look forward to hearing from each of our witnesses and 
thank them in advance for sharing with us their experience and 
their recommendation.
    I now yield to my Co-Chair at this hearing, Mr. Gekas of 
Pennsylvania.
    [The opening statement of Chairman Shaw follows:]
 Opening Statement of the Hon. E. Clay Shaw, Jr., a Representative in 
   Congress from the State of Florida, and Chairman, Subcommittee on 
                            Social Security
    Today, our Subcommittees join together to examine efforts to 
preserve the integrity of Social Security numbers and how we can better 
prevent terrorists and identity thieves from using these numbers to 
abet their heinous activities. I welcome Chairman Gekas, Ms. Jackson-
Lee, and all of the Members of the Judiciary Subcommittee on 
Immigration, Border Security, and Claims to the Committee on Ways and 
Means and appreciate the opportunity to work with you as we look for 
ways to ensure the security of individuals and our Nation.
    Although created solely for the purpose of tracking workers' Social 
Security earnings, our culture is hooked on Social Security numbers. 
Businesses and governments use the number as the primary identifier of 
individuals. Even the most trivial transactions, such as renting a 
video, require us to hand over our 9-digit ID before services can be 
rendered.
    The Social Security number has become so woven into the fabric of 
American society, it has become the key that unlocks the door to an 
individual's identity for any unscrupulous individual who gains access 
to it. If someone, such as a criminal or terrorist, unlocks the door, 
at their fingertips is all the essential elements needed to carry out 
whatever dastardly act they can conceive.
    Worse, as each day passes we learn more about the degree to which 
terrorists use stolen identities and false Social Security numbers to 
establish cover employment, drivers' licenses, and credit cards--all 
enabling them to live within our borders and plan their crimes against 
Americans. No longer is Social Security number fraud simply a tool of 
common criminals; sadly, it's now a tool of terrorists.
    As we will hear today from our witnesses from the Department of 
State, FBI, Secret Service, and the Social Security Administration's 
Inspector General, there is no limit to the creativity of the 
reprehensible acts perpetrated by criminals and terrorists.
    Our Nation, and this Congress, has focused our attention on 
America's first line of defense since the attacks of September 11th--
the war on terrorism and protecting our borders. Next, we must enact 
increased privacy protections for Social Security numbers and more 
powerful tools for law enforcement. To that end I, along with several 
of my Ways and Means colleagues, introduced H.R. 2036, the ``Social 
Security Number Privacy and Identity Theft Prevention Act of 2001.'' It 
is a vital component of our country's response to terrorism.
    The Social Security Administration serves as the front line of 
defense in ensuring the integrity of Social Security numbers--a 
responsibility it takes very seriously. It is responsible for 
accurately assigning Social Security numbers, as well as ensuring the 
wages earned and Social Security benefits claimed on that number are 
only those of the number holder. As we will soon hear, since 9/11 the 
agency has implemented a number of initiatives to help prevent identity 
theft. Yet we will also hear there is more to do, particularly with 
regard to inter-agency cooperation. A silo approach by Federal agencies 
is not acceptable, as President Bush recognized through his proposal to 
create a Department of Homeland Security.
    Our Nation has been forever changed by the horrible attacks on our 
country. No longer can we sit idlely by and not protect ourselves from 
domestic and foreign terrorists. Also, long before these attacks, 
individuals were fighting more personal battles with identity thieves. 
We must implement changes that will prevent and deter future attacks on 
our national security and our personal financial security.
    I look forward to hearing from each of our witnesses, and thank 
them in advance for sharing with us their experiences and their 
recommendations.

                                 

    Chairman GEKAS. I thank the Chairman. I begin by asking 
unanimous consent that the written statement that I have 
prepared to be my opening statement be received in the record.
    Chairman SHAW. Without objection.
    [The opening statement of Chairman Gekas follows:]
  Opening Statement of the Hon. George W. Gekas, a Representative in 
Congress from the State of Pennsylvania, and Chairman, Subcommittee on 
                Immigration, Border Security, and Claims
    Chairman Shaw, it's a pleasure to join with you and your colleagues 
on the Committee on Ways and Means. Thanks for your kind words of 
welcome.
    I agree with your concerns about the overuse of the Social Security 
Number and its lack of privacy.
    Times have changed since the Social Security Administration began 
producing the little green cards in 1937. We in the Congress need to 
determine what remedies can be applied to the use of the card and to 
the practices of the Social Security Administration.
    I am very supportive of the efforts of Chairman Shaw to bolster 
protection of the Social Security Number. At the same time, we need to 
look at what else is needed to address the problem comprehensively.
    In some cases, old laws need to be updated.
    There's no question in my mind that the criminal penalties for 
identity theft and for Social Security Number fraud, in particular, 
need to be strengthened.
    We also need to look at whether tougher legal rules are needed so 
that the Social Security Administration will move faster to work with 
federal law enforcement agencies to stop the growth of identity fraud.
    All Americans, especially Seniors and those approaching retirement, 
need to hear that the Social Security Administration is aggressive in 
preventing ineligible people from obtaining Social Security Numbers. It 
is only a short step from fraudulently obtaining Social Security 
Numbers to fraudulently obtaining benefits.
    The structural problems of the Social Security program are well 
known and publicly debated. The problems with Social Security number 
fraud are much less well known, but equally important to protect 
benefits and the financial well being of the fund. I believe we can do 
much more to make it very difficult for terrorists, crooks and illegal 
workers to obtain Social Security Numbers.
    Terrorists and crooks and the purveyors of illegal documents are 
getting smarter and many are experts in use of the Internet. We have to 
compel our government agencies and especially the Social Security 
Administration to get smarter too. We have to look at changing the 
business practices of the Social Security Administration to raise the 
bar against fraudulent and counterfeit source documents. We have to 
make it much more difficult for people to obtain two and three valid 
Social Security Numbers from this government agency.
    The Social Security Number is the most common form of 
identification confirmation by Americans. It is absolutely vital that 
we make it extremely difficult for terrorists to abuse this fundamental 
key to the American identity.
    I look forward to the testimony from the Deputy Commissioner of the 
Social Security Administration, and from our other excellent witnesses. 
I want to particularly recognize Mr. Matthew Reindl. He has come here 
today from Great Neck, New York, to tell us about the difficulty of 
operating a small family business with strict adherence to federal 
laws, when his competition freely employs illegal workers because of 
the lack of enforcement by federal agencies, including especially, the 
INS.

                                 

    Chairman GEKAS. Hearing no objection from my colleagues, I 
will proceed to underline and endorse the concepts enunciated 
by the gentleman from Florida, Mr. Shaw, the Chairman, on the 
importance of the hearing and on the subject matter itself.
    Perhaps the most ironic outcome of Social Security fraud 
and identity theft is that this great social program, one of 
the greatest ever attempted by any society in the history of 
the world, is also a potential and actual vehicle for 
terrorists who threaten our Nation and actually attack our 
Nation.
    That is reason enough to convene such a meeting and to 
determine, once and for all, what we as legislators can do to 
prevent this kind of result that threatens the very lives of 
the people who are Social Security recipients and Social 
Security contributors across the land.
    If that weren't enough to put us on guard on what has been 
happening to our Social Security number system, then we have to 
consider as well the attack on the system that identity fraud 
perpetrates with respect to diminution of the funding and the 
assets of the Social Security program. For everyone who falsely 
secures a Social Security number and starts to receive 
benefits, the pot of available funding is diminished by that 
much, to the detriment of the current recipients and future 
recipients, not to mention the budgetary problems facing the 
Nation every single year, vis-a-vis the health of the Social 
Security fund and all that it touches in our society.
    So, when we begin to listen to the witnesses here, we will 
have an eye and ear pinned to what it means in the day of the 
terrorist and what it means in the day of watchfulness on the 
health of the Social Security fund, what it means to try to 
prevent identity fraud and Social Security fraud in all its 
aspects.
    I thank the Chair, and I yield back the balance of my time.
    Chairman SHAW. Mr. Becerra, do you have an opening 
statement?
    Mr. BECERRA. Thank you, Mr. Chairman.
    First, let me say to the Chairman of the Subcommittee on 
Social Security of the Committee on Ways and Means, thank you 
very much for the several hearings that you have held on this 
issue of the Social Security number identity fraud and the 
importance to not just the people who will be recipients of 
Social Security but to all Americans who depend on such an 
important program, and, of course, to our government, which 
must dispense and implement this valuable program that has 
existed for over 75 years.
    To our Co-Chair who is here today, Mr. Gekas, it is a 
pleasure to again have an opportunity to sit with him on a 
panel, as I did before when I served on the Committee on the 
Judiciary. I am pleased to join with my colleague, the Ranking 
Member of the Subcommittee on Immigration and Claims, Ms. 
Sheila Jackson Lee as well.
    With all our colleagues that are here, I am looking forward 
to a hearing that will help us gain better insight on how we 
protect not just the Social Security number but Americans from 
identity fraud, how we protect them against invasions of that 
security that they had grown accustomed to. Now that we have 
seen what happened after September 11 and the fact that the 19 
terrorists used Social Security numbers to help them obtain 
that fraudulent identity, it is important for us to try to move 
forward to see how we can secure not just our freedom and our 
privacy, but also the security of this country.
    So, I am very much looking forward to the hearing, building 
upon what has been done through the Chairman's and the Members' 
good work on the Subcommittee on Social Security, and hoping 
that the testimony enlightens us on how to move forward and 
move forward quickly.
    So, I thank you, Mr. Chairman. I yield back the balance of 
my time.
    Chairman SHAW. Thank you, Mr. Becerra. Ms. Jackson Lee?
    Ms. JACKSON LEE. Thank you very much, Mr. Chairman, and 
might I add my appreciation to Chairman Shaw and as well 
Chairman Gekas for having a hearing that gives example to 
government working at its best, Committees with their 
respective jurisdictions coming together. I'm pleased, of 
course, to join with the fellow Ranking Member of the Committee 
on Ways and Means and a former colleague on the Committee on 
the Judiciary, Xavier Becerra, and I think this very important 
issue.
    It is good to see the Inspector General will be here. You 
testified earlier on some matters that we have before the 
Committee on the Judiciary, and I believe you gave great 
insight.
    It is, of course, natural and important that we take 
leadership on the issues of Social Security fraud, theft, and 
issues that would impact negatively on the identity and the 
security of this Nation. Serving on the Subcommittee on 
Immigration and Claims, of course, I have to add my additional 
concern in words that I reflect most often; as we look to 
secure the Nation, we must also realize that we are a nation of 
immigrants, a nation of laws, even after September 11 and the 
unfortunate and tragic and horrific event that occurred, where 
so many of the terrorists and the perpetrators came in on legal 
visas that we still do not equate terrorism to immigration.
    So I would hope, as look to this question, you will also 
have as a backdrop the fact that the recently passed 
immigration reform bill did not include a national identity 
card. We thought that that was not the direction to go, but it 
certainly is a direction to go with Mr. Shaw's concern about 
Social Security card fraud and identity fraud.
    I hope that we will be cognizant of the technology that may 
put together a national Social Security card and the abuses 
that could occur. I also hope that we will avoid steps in this 
hearing and any legislation that would increase rather than 
diminish immigration-related discrimination that has already 
become a problem with the use of Social Security numbers by 
some employers.
    So, we have our job cut out for us. I believe the American 
people will challenge us to do the right thing together, to 
provide enhanced security, but at the same time balance and 
respect the laws of this land, and certainly the civil rights 
and civil liberties of the people of this land.
    With that, Mr. Chairman, I would ask that my entire 
statement be put into the record.
    Chairman SHAW. Without objection, and without objection, 
any statement that any of the Members of this joint Committee 
hearing would like to put into the record will be made part of 
the record.
    [The opening statement of Ms. Jackson Lee follows:]
 Opening Statement of the Hon. Sheila Jackson Lee, a Representative in 
                    Congress from the State of Texas
    Good Afternoon Mr. Chairman. I would like to thank the Chairman and 
the Ranking Member of the Subcommittee on Social Security for inviting 
me and other member of the Subcommittee on Immigration, Border Security 
and Claims to participate in this important hearing on the importance 
of ensuring the integrity of Social Security Numbers (SSN) and 
preventing their misuse by terrorist and identity thieves. As many will 
note, the SSN is probably the most important number as it is the first 
step in access to so many things in our culture. If you need a drivers 
license you need a social security number. If you need credit you need 
a social security. It is central to American life.
    On September 11, the United States experienced the worst attack on 
its soil since World War II. In the weeks following the attack, the 
U.S. government initiated a nationwide investigation into the reasons 
behind the failure of U.S. police and intelligence agencies to uncover 
the plot to destroy the Trade Center. In Washington Post stories 
earlier this year it was revealed that some of the September 11, 2001, 
hijackers had used identity theft and fraud to obtain false SSNs and 
other identification documents to facilitate training and preparation 
for the September 11, attacks.
    First, let me emphasize that I, like you, condemn SSN fraud and its 
negative impact. None of us would approve of the fraudulent use of 
identification cards or any other documentation. People who 
fraudulently use SSNs can and should be punished.
    Our subcommittee held another Joint Hearing in Identity Theft and 
Fraud in June of this year with the Judiciary Subcommittee on Crime. 
Mr. Huse testified there, and I would like to let him know that it is 
good to hear from him again. I will say now as I said then, that 
efforts at stopping terrorism beg the question at which point is it 
best to stop the terrorist. Clearly, the best point to stop terrorists 
is prior to their entry into the country, before they have access to 
our social security administration, departments of motor vehicles and 
other infrastructure critical to secure identification documents. It 
should be pointed out that ``18 of the 19 hijackers entered the United 
States on visitors visas.'' They made ``concerted efforts to do so, so 
it is logical to assume that they believed that this type of entry, as 
visitors, made them less likely to come to the attention of federal 
authorities.'' This glaring fact underscores the difficulties faced by 
agencies in preventing terrorists from obtaining fraudulent SSNs and 
other identification. Again, it is better to get to terrorists prior to 
their entry into our country.
    Effective measures will be difficult to achieve. The integrity of 
any SSN verification system hinges on the security of the documents 
which underlie it, and such ``breeder'' documents must also be secure. 
The birth certificate is a ``breeder'' document in that it can be used 
to obtain an identity document such as a U.S. passport, driver's 
license, military I.D. and a SSN.
    However, if we are going to examine these issues, let us do so in 
in a balanced fashion. We need to decide just how far we are willing to 
go in dealing with this problem. For instance, birth and death records 
are certain to be used, and we need to examine just what resources we 
need to dedicated to revamping these record-keeping systems. We must 
deal with issues of efficiency and resources in a complimentary fashion 
as opposed to pitting these issues against one another. The same is 
true of revising SSA and INS databases. Are we willing to bear the 
costs of developing and maintaining such gigantic data bases? Again, 
examination of these issues must be done in a fair and equitable way.
    The fight against SSN fraud and counterfeit documents should not 
become a fight against personal privacy that leads to a national ID 
card. I do not want a national ID card to be demanded of Americans 
every time they engage in what should be routine activity that can be 
conducted anonymously and without government intervention.
    Technology has played a vital role in advancing freedom around the 
world, but it also has laid new temptations at the doorstep of 
business, government and criminals. Once the technology and a database 
are in place for a system such as a national ID, alternative uses for 
the system will arise. This potential abuse of such a system by 
unscrupulous businesses and governments and plain criminals could be 
devastating to our nation's average citizen.
    Congress must also take care to avoid steps that would increase 
rather than diminish immigration-related discrimination that has 
already become a problem with the use of SSNs by some employers. In 
response to employer sanctions, some--but not all employers have 
screened out all ``foreign-looking'' or ``accented'' job applicants; or 
conversely have adopted the practice of looking only for illegal 
immigrants to hire in order to hold their status over these employees 
heads. They have selectively applied verification procedures only to 
``suspect'' employees and demanded documents when hiring foreign-
sounding employees when compared to other employees.
    We also have to be mindful of states' rights. We should not become 
so aggressive in this area that states are turned into mere tools of 
the Federal Government in connection with the identity documents they 
issue.
    Finally, Mr. Chairman, I hope that we can work cooperatively, and 
in the true spirit of bipartisanship to eliminate SSN fraud and make 
the necessary changes in the law that must be made. However, I would 
like to say for the record that although there is ample and substantial 
SSN fraud and theft, this hearing should in no way be used as a vehicle 
to discourage talented men and women from different countries from 
coming to the United States to study, to exchange creative thought and 
ideas, or to discourage businesses from temporarily moving their 
employees to contribute to our economy and our way of life. We should 
discourage SSN fraud, but not discourage fair and equal opportunity.
    Thank-you Mr. Chairman.

                                 

    Chairman SHAW. Now it is my pleasure to recognize the 
Honorable James B. Lockhart III, who is the Deputy Commissioner 
of Social Security. I believe this may be the first time you 
have appeared before the Social Security Subcommittee.
    Mr. LOCKHART. Yes, Mr. Chairman.
    Chairman SHAW. It is my privilege to welcome you.
    Please proceed as you see fit. We have your full statement 
which, without objection, will be made a part of the record, as 
will the full statements of all the witnesses this afternoon. 
So, you may summarize or proceed as you see fit, Mr. Lockhart.

      STATEMENT OF THE HON. JAMES B. LOCKHART III, DEPUTY 
          COMMISSIONER, SOCIAL SECURITY ADMINISTRATION

    Mr. LOCKHART. Chairman Shaw, Chairman Gekas, and Members of 
the Subcommittees, thank you for asking me here today to 
discuss our work to preserve the integrity of the Social 
Security number and to prevent its misuse.
    Commissioner Barnhart and I have made protecting the Social 
Security number a major stewardship priority. We have made many 
important enhancements and are reviewing other improvements.
    We all know that Social Security number misuse can lead 
directly to identity theft with serious personal and economic 
consequences. On September 11, we also learned that it can have 
more far-reaching consequences, as the terrorists used made-up 
Social Security numbers.
    As you know, the original purpose of the Social Security 
number was solely for tracking the earnings of people who 
worked in jobs covered by Social Security. Ever since, the use 
of the Social Security number has mushroomed as a way to 
identify people in records systems. It has become the 
identifying number for Federal and many other employee systems, 
taxpayers, noncitizens authorized to work in this country, 
beneficiaries of Federal- and State-funded programs, and some 
drivers' licenses.
    By 1974, Congress became concerned about the widespread use 
of the Social Security number and passed the Privacy Act. It 
provides that except when required by Federal law, no 
government agency could withhold benefits from a person simply 
because of a refusal to give his or her Social Security number. 
Federal law does not restrict Social Security number use by 
private businesses or organizations.
    As you can see, the Social Security number has become the 
personal identifier through a buildup over time. Unfortunately, 
it also has become the identifier of choice for criminals, 
including terrorists.
    After September 11, the Social Security Administration 
formed a high-level response team to better prevent those with 
criminal intent from using Social Security numbers. We have put 
a new training emphasis on what we call enumeration for the 1.5 
million noncitizens that we give numbers to every year.
    On March 1, we stopped assigning Social Security numbers to 
noncitizens for the purpose of applying for a drivers' license. 
Noncitizens can now only get a Social Security number if they 
are authorized to work or if they need it for public 
assistance.
    On June 1, we began verifying birth records of U.S.-born 
citizens older than age 1 who apply for a Social Security 
number, and we are piloting an online system that lets 
employers verify the names and Social Security numbers of newly 
hired employees. That should help to strengthen our present 
verification systems.
    We are also leading the government-wide e-VITAL project to 
improve the death master file and electronic birth records 
verification systems.
    We are implementing a range of new initiatives with the 
Immigration and Naturalization Service (INS) and the State 
Department, which will be consistent with the requirements of 
the Privacy Act. We now verify all INS documents with that 
agency.
    By the end of the year, under the Enumeration at Entry 
Project, we will assign directly Social Security numbers to 
newly arrived immigrants based on the information the State 
Department and INS collect as they authorize noncitizen entry 
into the country.
    We are also taking major steps to improve the accuracy of 
the 250 million annual wage reports that we receive, as they 
are critical for correctly calculating benefits. Despite 
improving our matching routines, almost 10 million of those 250 
million wage reports a year are placed in the suspense file 
because the name and the Social Security number do not match. 
We have been writing letters to employees, asking them to 
correct the information. Over the last several years, we have 
greatly increased the no-match letters to employers.
    Let me say that we appreciate the Subcommittee's effort to 
strengthen Social Security number privacy and prevent identity 
theft. The provisions in H.R. 2036 which strengthen the 
penalties and enforcement for Social Security number misuse 
would help in our efforts to locate and eliminate abuses.
    Adding civil monetary penalties as proposed to existing 
criminal penalties for Social Security number misuse would 
provide another level of deterrence. We believe it would 
strengthen our ability to deal with cases of misuse that are 
not criminally prosecuted by the U.S. Department of Justice.
    In closing, I would like to emphasize that the Social 
Security Administration is committed to doing all that it can 
to protect the integrity of the Social Security number by 
strengthening our enumeration and misuse detection 
capabilities. Commissioner Barnhart and I look forward to 
continuing to work with you on this vital national issue. I 
would be happy to answer any questions.
    [The prepared statement of Mr. Lockhart follows:]
    Statement of the Hon. James B. Lockhart III, Deputy Commissioner
                     Social Security Administration
Mr. Chairmen and Members of the Subcommittees:

    Thank you for asking me to be here today to discuss the process of 
assigning and issuing Social Security Numbers (SSN), and the role that 
the SSN has in our society today. As the number of legitimate uses for 
SSNs increases, especially in the private sector so does the potential 
for misuse--and the resulting consequences of misuse.
    Social Security Number misuse can lead directly to identity theft 
and the resulting personal and economic consequences to the individual 
whose identity is stolen. But SSN misuse also can create far-reaching 
consequences to our economy and our society as a whole.
    The tragic events of September 11, and reports that some of the 
terrorists fraudulently used SSNs, have brought home the need to 
strengthen the safeguards to protect against the misuse of the SSN. 
Since Commissioner Barnhart and I have been at Social Security we have 
made protecting the SSN a major stewardship priority. We have made many 
important enhancements this year and are reviewing other improvements.
Original Purpose of the Social Security Number and Card

    To begin, I would like to discuss the original purpose of the SSN 
and the Social Security card. Following the passage of the Social 
Security Act in 1935, the SSN was devised administratively as a way to 
keep track of the earnings of people who worked in jobs covered under 
the new program. The requirement that workers covered by Social 
Security apply for an SSN was published in Treasury regulations in 
1936.
    The SSN card is the document SSA provides to show what SSN is 
assigned to a particular individual. The SSN card, when shown to an 
employer, assists the employer in properly reporting earnings. Early 
public education materials counseled workers to share their SSNs only 
with their employers. Initially, the only purpose of the SSN was to 
keep an accurate record of earnings covered under Social Security so 
that we could pay benefits based on those earnings.
Growth of SSN as an Identifier for Other Federal Purposes

    In spite of the narrowly drawn purpose of the SSN, use of the SSN 
as a convenient means of identifying people in records systems has 
grown over the years. In 1943, Executive Order 9397 required Federal 
agencies to use the SSN in any new system for identifying individuals. 
This use proved to be a precursor to a continuing explosion in SSN 
usage which came about during the computer revolution of the 1960's and 
70's and which continues today. The simplicity of using a unique number 
that most people already possessed encouraged widespread use of the SSN 
by Government agencies and private organizations as they adapted their 
record-keeping and business applications to automated data processing.
    In 1961, the Federal Civil Service Commission established a 
numerical identification system for all Federal employees using the SSN 
as the identifying number. The next year, the Internal Revenue Service 
(IRS) decided to use the SSN as its taxpayer identification number 
(TIN) for individuals. And, in 1967, the Defense Department adopted the 
SSN as its identification number for military personnel. Use of the SSN 
for computer and other record-keeping systems spread throughout State 
and local governments, and to banks, credit bureaus, hospitals, 
educational institutions and other areas of the private sector. At the 
time, there were no legislative authorizations for, or prohibitions 
against, such uses.
Statutory Expansion of SSN Use in the Public Sector

    The first explicit statutory authority to issue SSNs did not occur 
until 1972, when Congress required that SSA assign SSNs to all 
noncitizens authorized to work in this country and take affirmative 
steps to assign SSNs to children and anyone receiving or applying for a 
benefit paid for by Federal funds. This change was prompted by 
Congressional concerns about welfare fraud and about noncitizens 
working in the U.S. illegally. Subsequent Congresses have enacted 
legislation which requires an SSN as a condition of eligibility for 
applicants for SSI, Aid to Families with Dependent Children (now called 
Temporary Assistance to Needy Families), Medicaid, and food stamps. 
Additional legislation authorized States to use the SSN in the 
administration of any tax, general public assistance, drivers license, 
or motor vehicle registration law within its jurisdiction.
    The Privacy Act was enacted in 1974 when Congress became concerned 
about the widespread use of the SSN. It provides that, except when 
required by Federal statute or regulation adopted prior to January 
1975, no Federal, State or local government agency could withhold 
benefits from a person simply because the person refused to furnish his 
or her SSN.
    In the 1980's, separate legislation provided for additional uses of 
the SSN including employment eligibility verification, military draft 
registration, driver's licenses, and for operators of stores that 
redeem food stamps. Legislation was also enacted that required 
taxpayers to provide a taxpayer identification number (SSN) for each 
dependent age 5 or older. The age requirement was lowered subsequently, 
and an SSN is now required for dependents, regardless of age.
    In the 1990's, SSN use continued to expand with legislation that 
authorized its use for jury selection and for administration of Federal 
workers' compensation laws. A major expansion of SSN use was provided 
in 1996 under welfare reform. Under welfare reform, to enhance child 
support enforcement, the SSN is to be recorded in the applications for 
professional licenses, driver's licenses, and marriage licenses; it 
must be placed in the records relating to a divorce decree, support 
order, or paternity determination or acknowledgment; and it must be 
recorded in the records relating to death and on the death certificate. 
When an individual is hired, an employer is required to report this 
event to the State's New Hire Registry. This ``New Hire Registry'' is 
part of the expanded Federal Parent Locator Service which enables 
States to find non-custodial parents by using the SSN.
Private Sector Use of the SSN

    Currently, Federal law places no restrictions on the use of the SSN 
by the private sector. People may be asked for an SSN for such things 
as renting a video, getting medical services, and applying for public 
utilities. They may refuse to give it. However, the provider may, in 
turn, decline to furnish the product or service.
    There are two basic ways the providers use the SSN. Within an 
organization, the SSN is typically used to identify specific persons 
and to maintain or retrieve data files. The second use is for external 
exchange of information, typically to transfer or to match data. For 
example, individual companies can track buying habits and customer 
preferences through the use of such data.
    Continuing advances in computer technology and the ready 
availability of computerized data have spurred the growth of 
information brokers who amass and sell vast amount of personal 
information including SSNs. When possible, information brokers retrieve 
data by SSN because it is more likely than any other identifier to 
produce records for a specific individual.
The SSN as an Identifier

    As you can see, Mr. Chairman, the current use of the SSN as a 
personal identifier in both the public and private sectors is not the 
result of any single step; but rather, from the gradual accretion over 
time of extending the SSN to a variety of purposes. The implications 
for personal privacy of the widespread use of a single identifier have 
generated concern both within the government and in society in general.
    The advent of broader access to electronic data through the 
Internet and the World Wide Web has generated a growing concern about 
increased opportunities for access to personal information. Some people 
fear that the competition among information service providers for 
customers will result in broader data linkages with questionable 
integrity and potential for harm, and make it easier for identity 
thieves to ply their trade.
    On the other hand, there are some who believe that the public 
interests and economic benefits are well served by these uses of the 
SSN. They argue that use of the SSN would enhance the ability to more 
easily recognize, control and protect against fraud and abuses in both 
public and private activities. All Federal benefit-paying agencies rely 
on data matches to verify not only that the applicant is eligible for 
benefits, but also to ensure that the benefit paid is correct. Other 
federal agencies may be able to provide information about other 
socially beneficial uses of the SSN, including its use in research and 
statistical activities. The SSN often is the key that facilitates the 
ability to perform the matches.
e-VITAL

    I also want to mention that SSA is actively involved in an 
interagency initiative (e-VITAL) which is pursuing electronic data 
exchanges between other federal agencies and the States. This ``e-
VITAL'' program consists of 2 projects that are being undertaken to 
maximize efficiency and improve customer service to citizens and 
businesses. One project is working with State agencies and funeral 
homes to expand and improve electronic notification of deaths. The 
second project is an electronic query system that allows State and 
Federal agencies to access birth and death information. This 
information would be used to improve the accuracy of our records and 
ensure that proper benefits are paid to individuals.
Identity Theft

    When most people think of identity theft they are referring to the 
use of the personal identifying information of another person to 
``become'' that person. Identity theft and fraud also include 
enumeration fraud, which uses fraudulent documents to obtain an 
original SSN for establishing identity. Finally, identity theft and 
fraud also includes identity creation, which uses false identity, false 
documents and a false SSN.
    Skilled identity thieves may use a variety of low and hi-tech 
methods to gain access to personal data. We at the Social Security 
Administration want to do what we can to help prevent identity theft, 
to assist those who become victims of identity theft, and to assist in 
the apprehension and conviction of those who perpetrate the crime.
    Preventing identity theft can play a role in the prevention of any 
future terrorism. Identification documents are critically important to 
terrorists, and a key to such documents is the SSN. The integrity of 
the SSN must be ensured to the maximum extent possible because of the 
fundamental role it can play in helping unscrupulous individuals steal 
identities and obtain false identification documents.
    Identity thieves may get personal information by stealing wallets 
and purses, mail, personal information on an unsecured Internet site, 
from business or personnel records at work, buying personal information 
from ``inside'' sources, or posing as someone who legitimately needs 
the information such as an employer or landlord. We ask that people be 
careful with their SSN and card to prevent identity theft. The card 
should be shown to an employer when an individual starts working, so 
that the employment records are correct and then it should be put in a 
safe place.
SSA Response to SSN Misuse

    In response to the events of September 11, SSA formed a high-level 
response team which has met regularly ever since to recommend and track 
progress towards policy and procedural enhancements to help ensure that 
we are strengthening our capability to prevent those with criminal 
intent from using SSNs and cards to advance their operations. Just as 
there have been delays at airports as a result of heightened security, 
we recognize that some of these initiatives may result in a delay in 
the receipt of SSNs for some citizens and non-citizens. However, these 
measures are necessary to ensure the integrity of the SSN and to ensure 
that only those who should receive an SSN do so.
    Soon after September 11th, we began a new training emphasis on the 
rules for enumeration, and especially for enumerating non-citizens. We 
started with refresher training for all involved staff, but are 
following this up with periodic special training and additional 
management oversight. On March 1 we stopped assigning SSNs to non-
citizens for the sole purpose of applying for a driver's license, so 
that non-citizens can now only get an SSN if they are authorized to 
work or where needed for a Federal funded or state public assistance 
benefit to which the person has established entitlement. On June 1, we 
began verifying with the custodians of the records, any birth records 
submitted by U.S. born citizens over the age of one applying for an 
SSN. Further, we are currently piloting an online system for employers 
to verify the names and SSNs of newly hired employees. I must note that 
SSA has had systems for employers to verify employees SSNs for wage 
reporting purposes for more than twenty years.
    Throughout this year we are also implementing a range of new 
initiatives with the Immigration and Naturalization Service (INS) and 
the Department of State (DoS) that will improve integrity goals with 
respect to enumeration of non-citizens. We expect to have in place by 
the end of the year the first phase of what we are calling Enumeration 
at Entry (EAE). EAE is an integrity measure we have been working on 
collaboratively with the INS and DoS for some time. EAE will work 
similarly to our highly successful Enumeration at Birth program under 
which most U.S.-born infants are assigned SSNs based on requests by 
their parents in the hospital right at birth, eliminating the potential 
for the use of fraudulent documents. EAE will also eliminate the use of 
fraudulent immigration documents from the process. Under EAE, SSA will 
assign SSNs to newly arrived immigrants based on data collected by the 
DoS, as it approves the immigrant visa in the foreign service post, and 
by the INS, as entry into the country is authorized. SSA would receive 
electronically the information needed to enumerate the individual from 
the INS with no need for further document review and verification.
    In July, we began verifying any documents issued by the INS with 
them before assigning an SSN. We are verifying many of these 
electronically. But if the immigration document is not recorded in the 
INS system within ten days, we request written confirmation from INS 
that the documents submitted are bona fide and that the individual is 
authorized to work. This new verification process was fully implemented 
earlier this month.
    We are also planning to pilot a Social Security Card Center that 
would be an interagency specialist group designed to provided quick and 
efficient service while ensuring the integrity of the enumeration 
process.
    We have developed this multi-pronged approach to make SSNs less 
accessible to those with criminal intent as well as prevent individuals 
from using false or stolen birth records or immigration documents to 
obtain an SSN.
    We also implemented changes to speed up the distribution of our 
Death Master File. SSA receives reports of deaths from a number of 
sources, and from computer matches with death data from Federal and 
State agencies. This information is critical to the administration of 
our program and is made available to facilitate the prevention of 
identify theft of the SSN's of deceased persons. Many of the private 
sector companies purchasing this information are credit card companies 
and financial institutions.
    Furthermore, we are also limiting the display of SSNs on our 
correspondence. As of October 1, 2001 we no longer include the first 
five digits of the SSN on Social Security Statements and as of December 
2001 on Social Security Cost-of-Living Notices. We do use the full SSN 
on other correspondence because there may be legal requirements for 
display of the SSN on the notice especially on termination and award 
notices. However, to ensure the confidentiality of the SSN on mail we 
do not show the addressee's SSN on the envelope, if mailing an envelope 
to an individual. If requesting information from third parties, we do 
not show the SSN for the purpose of associating the reply with the file 
when it is returned.
    The good news is that over 80% of our beneficiaries receive their 
payments by direct deposit, which means for this large group there are 
no SSNs to be stolen or paper checks that can be lost or stolen. For 
those that do not use direct deposit, the Department of the Treasury 
prepares and mails all government checks including those for Social 
Security and Supplemental Security Income recipients. Effective with 
the September 1, 2000 benefit payments, the SSN printed on Social 
Security and Supplemental Security Income checks is no longer visible 
through the envelope window. Additionally, to protect the privacy of 
recipients who are paid by check and help prevent identity theft, 
Treasury is taking steps to remove all personal identification numbers, 
including the SSN, on all check payments. The goal for completing the 
project is early 2004.
Detecting SSN Misuse

    One way that a person can find out whether someone is misusing 
their number to work is to check their earning records. About three 
months before their birthday, anyone 25 or older and not already 
receiving Social Security benefits, automatically receives a Social 
Security statement each year. The statement lists earnings posted, to 
their Social Security record as well as providing an estimate of 
benefits and other Social Security facts about the program. If there is 
a mistake in the earnings posted they are asked to contact us right 
away, so their record can be corrected. We investigate, correct the 
earnings record and if appropriate, we refer any suspected misuse of an 
SSN to the appropriate authorities.
    SSA may learn about misused SSNs in a variety of other ways 
including alerts from our computer systems while matching Federal and 
State data, processing wages, claims or post entitlement actions, 
reports from individuals contacting our field offices or teleservice 
centers and inquiries from the IRS concerning two or more individuals 
with the same SSN on their income tax returns.
    We have another tool that has been used successfully to detect 
instances of fraud and abuse. This tool, called the Comprehensive 
Integrity Review Process (CIRP), is a review and anomaly detection 
system. This system first identifies known fraudulent patterns and then 
transactions that fit these fraudulent patterns are provided to SSA 
managers for their review. If upon investigation, the SSA manager 
believes that fraud or misuse has occurred, they prepare a referral to 
the Office of the Inspector General (OIG).
    Of course SSA's OIG has played an ongoing role in the investigation 
of fraud and misuse of the SSN, as shown in the following examples. As 
you know, SSA OIG agents have participated along with the US Department 
of Justice in ``Operation Tarmac''. In this joint effort, individuals 
have been identified who misused SSN's to fraudulently obtain security 
badges, and to date, a significant number have been sentenced. Further, 
SSA's OIG, INS, and local law enforcement authorities investigated an 
organization in Utah that manufactured and sold counterfeit documents. 
To date, nine individuals have been sentenced to jail time and/or 
deportation, and the investigation continues. In another combined 
effort, OIG, Postal Service, Federal Bureau of Investigations and the 
Secret Service investigated and arrested individuals in Seattle who 
established more than 50 false identities to open bank accounts.
    Another important pillar in the effort to safeguard program 
integrity is the joint SSA-OIG General Cooperative Disability 
Investigations Program (CDI). Its mission is to detect fraud in the 
early stages-at the time of application for Social Security benefits or 
during the appeals process. The results of CDI investigations were used 
to support over 2,700 denials or terminations, allowing SSA to avoid 
improper payments to individuals.
Assisting Victims

    To help victims, SSA provides hotline numbers to SSA's Fraud 
Hotline and the Federal Trade Commission ID Theft Hotline. We provide 
up-to-date information about steps that the person can take to work 
with credit bureaus and law enforcement agencies to reclaim their 
identity. We issue a replacement card if their Social Security Card is 
stolen. We help to correct their earnings record and issue a new SSN in 
certain circumstances. If the victim alleges that a specific individual 
is using the SSN, SSA develops the case as a possible fraud violation. 
If appropriate, we refer the case to the OIG for an investigation and 
work closely with the OIG to facilitate their investigation.
Suspense File

    As I mentioned earlier, the primary purpose of the SSN has always 
been to allow us to accurately record and keep track of a worker's 
earnings. This is SSA's core business process, and it ensures that a 
worker and his family receive benefits that reflect his work history. 
The earnings suspense file is an electronic holding file for reported 
earnings items that cannot be recorded to the earnings records of 
individual workers because the name and SSN on the items do not match 
SSA's records.
    Currently, we receive and process about 250 million annual wage 
reports (Forms W-2) for employees from about 6.5 million employers. In 
recent years, after electronic and manual processing, about 97 percent 
of these items are ultimately posted to the Master Earnings File (MEF), 
which contains a record of the lifetime earnings of each individual 
worker. The remaining items, about 3 percent, are ultimately placed in 
the earnings suspense file. For 2000, after electronic processing, 10 
million reports of wages were sent to the suspense file representing 
over $54 billion in wages. The suspense file contains all mismatches 
since 1937 about 237 million reports of wages representing $376 billion 
in earnings.
    So, why is this issue significant? As I stated earlier, the wages 
reported to SSA on the Forms W-2 are used to maintain a record of every 
working individual's earnings. This earnings record is the basis for 
computing retirement, survivors, and disability benefits. If a worker's 
earnings are not recorded, he or she may not qualify for benefits or 
the benefit amount may be lower. When a person files for benefits, the 
earnings record is reviewed and an effort is made to establish any 
earnings that are not shown. However, it may be difficult to accurately 
recall past earnings and to obtain evidence of them. Thus, it is better 
to establish and maintain accurate records at the time the wages are 
paid.
    We have a number of initiatives to assure that wage items are 
credited to the correct individual's earnings record and do not go into 
suspense. These include:

         LEncouraging the filing of wage reports electronically 
        or on magnetic media which has increased to 78.0% percent in 
        2001.

         LUsing over 23 software routines to match names to 
        SSNs which initially do not match SSA records--for TY1999, 
        software matched 16 million (about 60 percent) of the initial 
        mismatches.

         LNotifying employees of name/SSN errors and requesting 
        corrections. In the last five years we have sent an average of 
        8 million letters a year to individuals or to their employers 
        if we do not have a record of the employee's address.

         LNotifying employers of name/SSN errors. In 2002, we 
        increased these ``no match'' letters from about 110,000 to 
        870,000. This is because we sent these letters to all employers 
        who submitted W-2 forms with information that did not match our 
        records instead of only to employers with relatively large 
        number of mismatches. We will be reviewing the effectiveness of 
        this change.

         LProviding outreach to the employer community to 
        reinforce the need for accurate name/SSN reporting.

    We are building a new Earnings Suspense File process that looks 
promising. It would electronically find millions of additional matches 
and post them to the correct earnings record.
    Under this new process, we are estimating that at least 30 million 
items will be removed from the suspense file and credited to the 
records of individual workers. If so, benefits for several hundred 
thousand beneficiaries would be increased. If the test we have planned 
for the fall of this year is successful, we expect to begin the new 
process early in 2003 and have it completed by the end of 2004.
Improving Enforcement 

    Mr. Shaw's bill (H.R. 2036) is aimed at the need to limit private 
and public sector use, display and sale of the SSN and to increase 
penalties for misuse of the number. We appreciate Mr. Shaw's commitment 
to these objectives.
    We support efforts to strengthen the penalties and enforcement for 
SSN misuse, which would be of great help to the agency in our 
consistent efforts to locate and eliminate abuses to the program. While 
current law provides criminal penalties for SSN misuse, the addition of 
civil monetary penalties for SSN misuse would provide another level of 
deterrence for those who would misuse the SSN. Such measures would help 
to strengthen our ability to deal with instances of misuse that are not 
criminally prosecuted by the Department of Justice.
Closing

    I would like to conclude by emphasizing that we at the Social 
Security Administration are committed to protecting the integrity of 
the SSN. We want to do what we can to help prevent identity theft, to 
assist those who become victims and to assist in the apprehension and 
conviction of those who perpetrate the crime. We are committed to 
improving the accuracy of the records of workers earnings and thereby 
helping to ensure accurate retiree, disability, survivors and SSI 
payments.
    In a larger view, the Social Security Administration is on guard 
for identity theft. This is a challenging task. In our experience, most 
instances of identity theft have resulted not from any action or 
failure to act by SSA, but from the proliferation of personal 
information in our society. The disclosure of SSNs by private citizens 
and organizations are prime among them. While SSA cannot control the 
disclosure of SSNs, we can and are doing a better job in areas that we 
can control, such as enumeration and misuse detection.
    Thank you for asking us to testify on this issue.

                                 

    Chairman SHAW. Mr. Lockhart, if someone comes into this 
country, perhaps on a student visa or whatever, opens a bank 
account, the bank will require that person to supply their 
Social Security number. This is needed for the reporting of 
interest and things of that nature that account might be 
subject to.
    Is there any indicator on the Social Security number as to 
the status of that particular person? Is there any indication 
on the Social Security card as to the status of that particular 
person? Now, this is not on a work visa.
    Mr. LOCKHART. Yes. First of all, if a student comes into 
the country with a J-1 or F-1 visa, and is not authorized to 
work, we will not give him a Social Security card. So, that's 
the first step. They have to be authorized to work to get a 
Social Security number.
    Let's assume that the university tells us that they are 
authorized to work, and we get a letter from the university to 
that effect, and we do the verification with the INS about the 
visa, we would then give them a Social Security number. The 
Social Security number itself has nothing special on it, but 
the card would say that the employer should check the INS 
documents in that case.
    Chairman SHAW. If the person who the card is issued to then 
decides to go to work and supplies that identification number 
to the employer without showing him that card, what happens at 
that particular time, assuming then that the person takes the 
job and the Federal Insurance Contributions Act (FICA) wages 
are paid into the Social Security Administration?
    Mr. LOCKHART. Again, assuming that he or she got the card 
legitimately, there is no problem. That is what is supposed to 
happen, that they will pay the FICA taxes in, and assuming we 
have verified the documents with the INS, the card was given 
legitimately. The employer still is supposed to look at the 
documents to make sure that they are legitimate.
    Chairman SHAW. I understand the employer would be liable 
for other penalties for not properly checking the resident 
status or exactly why that person happens to be in the country, 
whether they be a citizen or a noncitizen.
    Mr. LOCKHART. Now, in the circumstances that you posed at 
the beginning, if they were not authorized to work, if we did 
not give them a Social Security number, in theory, they can go 
to the U.S. Department of the Treasury and get a taxpayer 
number. That is a 900 series. It looks like a Social Security 
number, but that is a separate series and is not part of the 
Social Security system.
    Mr. JOHNSON. Would the gentleman yield?
    Chairman SHAW. I am a little confused here. I will be glad 
to yield in just a moment, but I am a little confused here 
because the person who you issued the Social Security number to 
may not be authorized to work or may not be here on an actual 
work visa. Is that not correct?
    Mr. LOCKHART. Under our new procedure, that should not 
happen. As of September 1, we are verifying all documents with 
the INS, and they are telling us that the document is good 
before we give the Social Security number out.
    Unfortunately, I think in the past, before the new 
procedure, there was a procedure at Social Security, where, if 
someone had been in the country only 30 days, our field office 
looked at the documents, put them under black lights and 
checked them to see if they were real. If they were a really 
good forgery, they might have been faked or something, and they 
could have possibly gotten a Social Security number on 
documents that were counterfeit.
    Chairman SHAW. The gentleman from Texas?
    Mr. JOHNSON. Thank you, Mr. Chairman.
    I would like to follow up on that because just in Dallas, 
Texas, this month, they caught a bunch of illegals in an 18-
wheeler, some of which died. You are aware of that case, I am 
sure.
    My question is, there were 26 of them that were released on 
the spot in the United States and told they could get a Social 
Security number from you and go to work. Now, how do you 
account for that kind of thing?
    Mr. LOCKHART. I am not actually aware of who made that 
statement.
    Mr. JOHNSON. The lady who runs the district office for the 
Immigration and Naturalization Service there in Dallas. They 
let them go for 2 months, and she told me that they would get 
Social Security numbers and be given work permits. Three of 
them were allowed to go, one to Chicago and two to New York 
City, from Dallas.
    Mr. LOCKHART. Well, under our present procedures, they 
would have had to have a document from the INS saying that it 
was valid for them to work. If the INS had given that document 
to them, yes, if you bring in a valid document----
    Mr. JOHNSON. You give them a Social Security number just on 
the basis of the Immigration and Naturalization Service letting 
an illegal have a work document temporarily? Do you put any 
time limit on the Social Security number? How do you know they 
are not all terrorists?
    Mr. LOCKHART. Again, our job is to give a Social Security 
number when we have valid documents from the Immigration and 
Naturalization Service. We get the documents, we look at them, 
we check them, we go into the INS system, we check it against 
the INS system. If it is not in the INS system, then we send a 
paper request to the INS to get them to verify that there is a 
real document that authorizes them to work.
    It is not the Social Security Administration's job to 
decide whether they are authorized to work. It is our job to 
give them a number once they are authorized to work, so that 
they will pay taxes into the Social Security fund and to the 
Internal Revenue Service (IRS).
    Chairman SHAW. Reclaiming my time, there are situations 
where someone can get a nonworking Social Security number. Now, 
that Social Security number, can an employer or anybody look at 
that number and say, ``Hey, that's a nonworking Social Security 
number''? That is my question.
    Mr. LOCKHART. Yes, there are circumstances. Historically, 
there were more circumstances. As of March this year, we are 
only giving them to people who are not working that are 
required by some benefit system--I think we will give about 
20,000 or 30,000 out a year from now on. Previously, we did it 
for a driver's license, but those cards themselves say ``not 
eligible for work.'' There is no special number, and we are 
looking at a special number. It is one of the things we are 
looking at.
    Chairman SHAW. That is what I wanted to get at. I think 
that when we do issue a nonwork Social Security number, it 
ought to have something on it, a letter, a prefix, or 
something, that would identify it as ``this is not for purposes 
of work.''
    Mr. LOCKHART. We are looking at a special series, just 
like, as I mentioned, the Treasury Department has the 900 
series. We are looking, potentially, at a special series for 
anybody that doesn't have a permanent right to work in this 
country.
    Chairman SHAW. Do you know if you can do that without 
legislation from us? I believe you can.
    Mr. LOCKHART. I believe we can. Yes, sir.
    Chairman SHAW. If you need legislation, come back, and we 
will work on it. Mr. Gekas?
    Chairman GEKAS. Yes, I thank the Chair.
    Mr. Lockhart, pursuing some of the questions that emerged 
from the statements and questions that were posed by the 
gentleman from Texas, Mr. Johnson, you said that after 
September 11, you undertook several initiatives to pin down the 
ability to grant Social Security numbers to only those who 
deserved them. The questions posed by Mr. Johnson implicate the 
Immigration and Naturalization Service in the wholesale 
admission of people first into the country and then to allow 
them to seek and gain Social Security numbers. Were there any 
recommendations made by the Social Security Inspector General 
in his recent report with respect to this problem, the reliance 
of Social Security on INS in its processing of prospective new 
numbers?
    Mr. LOCKHART. Well, the Inspector General has recommended, 
I think for several years, to do what we just implemented. One 
of the points I would like to make is that both Commissioner 
Barnhart and I came in after September 11, and we looked at all 
these things, and we saw that there were holes in our system, 
and we want to correct them. We have corrected a lot, but we 
have more room to go. We are very concerned about this issue, 
and we will work on it.
    The key recommendation that the Inspector General had made 
is that we verify every document with the INS. Every document 
that authorizes someone to work, we first go into the computer 
system. If it is not in their computer system, then we actually 
send a copy of the document to the INS and ask them to verify 
it.
    So, that is our procedure, and we are following it now. It 
may, in some cases, slow up persons getting a Social Security 
number, but we think it is well worth it.
    Chairman GEKAS. Do you hold up issuance of the number until 
submissions are made to you by the INS so that you are 
perfectly----
    Mr. LOCKHART. Under our new procedure that we began 
implementing about 3 months ago and finished September 1, that 
is correct. We do not issue a Social Security number if the 
documents have not been verified by the INS.
    Chairman GEKAS. Speaking of the recommendations of the 
Inspector General, were they before September 11 or after, or 
both?
    Mr. LOCKHART. As I remember, they were both.
    Chairman GEKAS. Do you have a scorecard on the 
recommendations made and where you are in implementing or 
attempting to implement those recommendations?
    Mr. LOCKHART. Yes, Mr. Chairman, we do have a scorecard. We 
have been working very diligently. This task force that I 
mentioned in my testimony has a whole series of initiatives. We 
have implemented a lot of the major ones, but we are looking at 
other ones. For instance, the one that Chairman Shaw mentioned 
about a special series of numbers for nonpermanent Social 
Security cards.
    So, we are working very diligently through this list. As I 
said, both Commissioner Barnhart and myself are really 
extremely serious about making sure that only people who are 
authorized to work, only people who should get Social Security 
numbers, are getting them in this country.
    Chairman GEKAS. I would like, personally, and perhaps the 
other Members would also benefit from it, if we could actually 
produce such a scorecard, that is, to list the recommendations 
on the left and then give us completed or implemented or about 
to be implemented or on the way, some kind of indication as to 
what the recommendations were and what progress has been made 
in implementing those recommendations. I would be interested in 
that kind of graph.
    Mr. LOCKHART. We certainly will be happy to provide that 
for the record, Mr. Chairman. I think as you talk to our 
Inspector General when he comes up in the next panel, I think 
he will tell you that we are making extremely good progress on 
this issue.
    Chairman GEKAS. Well, you will have time to do it right 
before he takes the stand.
    [Laughter.]
    Mr. LOCKHART. Well, I have some versions of it here, but--
--
    Chairman GEKAS. You can start the conversation now. I yield 
back the balance of my time.
    Chairman SHAW. Thank you, Mr. Gekas. Mr. Becerra?
    Mr. BECERRA. Thank you, Mr. Chairman.
    Thank you for you testimony, Mr. Lockhart. I appreciate it.
    Let me make sure, before I ask the particular questions 
that I have, I want to make sure that I understand something 
correctly. There are some 600,000 Social Security numbers that 
come to your attention that are based on nonwork-authorization 
Social Security numbers, correct?
    Mr. LOCKHART. Yes, let me explain it. We have, really, 
three major categories of Social Security cards.
    One is, you are authorized to work. You are either a 
citizen and you got it at birth, you have been authorized to 
work, or you have been permanently allowed in the country. The 
second one is that you are authorized to work with INS 
documentation, and the third one is that you are not authorized 
to work. We used to give those out because many State driver's 
license departments required them, and we have given out, 
unfortunately, many millions of those.
    Every year, as we get the wage earnings reports in, those 
250 million that I mentioned in my testimony, we get about half 
a million wages on nonwork Social Security numbers. Now, that 
doesn't mean that they are not authorized to work because they 
may not have come in to us again to get their Social Security 
card updated.
    Mr. BECERRA. That was going to be my point, because I am 
familiar, being from California, that there are a lot of folks 
who start with a nonwork Social Security number but then 
ultimately obtain the authorization to work. Then, for whatever 
reasons, either they or the employer, somehow the information 
doesn't get to the Social Security Administration immediately. 
So, until that information gets to you, they are categorized as 
nonwork-authorized Social Security numbers.
    Mr. LOCKHART. That is correct.
    Mr. BECERRA. Okay. Let me get back to the whole issue, 
because it is becoming clear, now that Social Security has been 
able to give us more and more information, that you are trying 
to clean up these files, which for years have been building up 
and up in terms of the number of cases where we haven't been 
able to identify all the pertinent information for an 
individual.
    My understanding is you obtain, on a yearly basis, claims 
or numbers or information on cases for about 250 million Social 
Security numbers.
    Mr. LOCKHART. What we receive are wage reports from 
employers. Oftentimes, people change jobs, so there are 
actually less people working than the number of wage reports.
    Mr. BECERRA. The information I have is that there are some 
250 million wage reports on an annual basis, representing about 
150 million workers. When you run those through your checks, at 
the onset, there is about a 1 in 10 nonmatch for those wage 
reports, incorrect name, some information doesn't correspond. 
It doesn't mean that it is not a valid Social Security number. 
It just means that, of those 250 million, 1 in every 10 or so 
came up with some red flag.
    Mr. LOCKHART. Right. It didn't match.
    Mr. BECERRA. It didn't match. You are then able to reduce 
that to about 2 or 3 percent, versus about 10 percent, correct?
    Mr. LOCKHART. Well, 3 percent yes.
    Mr. BECERRA. Three percent, and that is your suspense file?
    Mr. LOCKHART. Exactly.
    Mr. BECERRA. Within that suspense file, my understanding is 
that you have a caseload of about--is it 250 million of these?
    Mr. LOCKHART. Yes. We have, in the suspense file----
    Mr. BECERRA. About 237 million.
    Mr. LOCKHART. Yes, 237 million. Exactly.
    Mr. BECERRA. So, 237 million. In tax year 2000, you 
received some 9.6 million more of these wage reports that went 
into the suspense file. Give me a sense of what it takes to 
close a case on one of these files. What does it take to do the 
final check, to determine if there was just an error or if we 
have to do some further checks?
    Mr. LOCKHART. We have computer teams that catch about two-
thirds, as you mentioned, of the mistakes. It can be typos. 
Someone's maiden name hadn't been changed in our records. Some 
Hispanic names get transposed. They are having that problem 
right now at the California Department of Motor Vehicles. I was 
out there a week or so ago, and there is a lot of activity 
there.
    So, our routines catch some of that. So, as we have done 
for many years, we then send out to the employees whose wage 
report we are getting, a letter telling him we are having a 
problem with mismatching. We send close to 10 million of these 
letters out a year, and we have been doing it for years, and 
about 1 million-plus, we don't have a good address for the 
employee, so we actually send it just to the employer. We ask 
them to come to the Social Security office and straighten it 
out, submit a form called a W-2C for correction.
    Mr. BECERRA. What is the resource requirement for you to do 
that along with administering all the retirement benefits, 
dealing with survivors' benefits, disability claims? What is 
the separate resource requirement to deal with the suspense 
file?
    Mr. LOCKHART. I don't really know the number, to tell you 
the truth. The initial piece of it is pretty computerized, and 
so, the cost is reasonable, but when they start coming in with 
the information, then it takes up a lot of field office time.
    It is an important thing to do because what we are trying 
to do is correct the record so that when people are disabled, 
when people are retiring, that we have the right amount of 
money and we give them the proper benefits. We think it is an 
important function of the agency.
    Mr. BECERRA. My time has expired, so I will close and say 
that perhaps, Mr. Chairman, we can try to follow up and try to 
get a sense of what it takes for the Social Security 
Administration to really do the job of getting through that 
suspense file, because as Mr. Lockhart just mentioned, that is 
important work.
    Thank you, Mr. Lockhart. Thank you, Mr. Chairman.
    Chairman SHAW. Ms. Jackson Lee?
    Ms. JACKSON LEE. Thank you very much, Mr. Chairman.
    Mr. Lockhart, thank you again. Would you restate for me the 
categories of immigrants that you give a Social Security card 
to?
    Mr. LOCKHART. There are a whole series of different visas 
that are created by the INS, and I am not an expert on all 
this, but really, there are two main categories, if you look at 
it that way. One is that they are permanently authorized to 
work, and maybe about a half million of the cards we give each 
year are that group. The other million or so that we give are 
temporarily authorized to work under a whole series of things. 
A lot of them are student-related. Then there are the whole 
series of people coming in for software firms. The whole series 
that are given by the INS, but those are temporary.
    Ms. JACKSON LEE. Do you feel comfortable in the procedures 
at the Administration, that you are accurately providing those 
who have documentation to work, that you are fairly accurate, 
or do you need additional resources or additional assistance in 
making sure you are accurate on the issuance of those types of 
cards?
    Mr. LOCKHART. We feel, with the new procedures, we are 
doing a lot better job. Now what we are doing is verifying 
every document with the INS.
    Now, new and better systems are needed because it is still 
a pretty paper-intensive process. The INS is starting to get 
more and more of the documents quickly into the system called 
the Systematic Alien Verification for Entitlements (SAVE) 
program. They have a student system coming up next year, which 
will help a lot.
    We also have some other important procedures that I think 
will really help this and really put the workload where it 
should be. One of these that we are looking at is called 
Enumeration at Entry, which I mentioned, which would be that 
the State Department and the INS, when they are giving these 
work-authorizing documents, that they just send us an 
electronic message that this person is authorized, so we can 
issue them a Social Security number. Then we don't have to go 
through this roundabout procedure.
    So that is the long-term solution, I think, for a lot of 
this.
    Ms. JACKSON LEE. What kind of efforts are you making to get 
to that point? Certainly, it makes a lot of sense to me. You 
are talking about, by technology, send an e-mail, a note, a 
notice, if you will, to the Social Security Administration. 
Where are you on that?
    Mr. LOCKHART. We have been working on that for several 
years. Our systems are all ready for it, and it is supposed to 
start next month, actually, with the State Department. Then, we 
will roll it out over time throughout the State Department and 
the INS.
    Ms. JACKSON LEE. I think that is an important step to 
announce or to at least make known that you are moving toward 
that, because then that helps, if you will, keep the pathway of 
legality even more on track, because you are getting 
information as it comes. I think one of the difficulties is 
trying to go back and restructure documents and to look at what 
happened as opposed to getting that information as it is 
happening.
    Mr. LOCKHART. That is correct. I think that will be a very 
important step forward. We are going to put a lot of resources 
in it. As I said, our systems are already ready to do it, and 
we hope to have it as a very high priority over the next year 
or two.
    Ms. JACKSON LEE. To capture of the essence of the problem, 
you said millions of cards are issued for those with documents 
and allowed to work. Then there are about a million, if I 
understand, you left of an ``S.'' You said there are about a 
million that may come in that don't have documentation or don't 
have authorization to work but ultimately may secure that. What 
kind of monitoring do you have to know the ones that are 
securing it and ultimately may need the right kind of Social 
Security card?
    Mr. LOCKHART. Well, what I said, I think, is that there are 
about a half a million who have permanent authorization to work 
and about a million a year that we give cards have some sort of 
temporary work permit.
    Ms. JACKSON LEE. Then there is a group that----
    Mr. LOCKHART. Then there is a whole group that is not 
authorized to work, and we do not give them Social Security 
cards. We do not give them Social Security numbers, except for 
a very, very small group, about now 20,000 to 30,000 a year, 
that get these nonwork cards because they are authorized for 
some benefit program, but generally, they would not be a major 
threat.
    Ms. JACKSON LEE. So you feel fairly confident that you are 
not giving now Social Security cards to those without the 
documentation to work? Do you feel fairly confident of that, in 
terms of immigrants?
    Mr. LOCKHART. I visited our field offices in California a 
couple of weeks ago and watched them work, and it seems to be 
working, the new procedure. Again, we rolled it out over the 
last 3 or 4 months. We have 1,300 field offices countrywide. 
The last one just implemented it September 1.
    We are very hopeful that this procedure will work and that 
people will follow it, and they seem to be following it very 
well.
    Ms. JACKSON LEE. I thank you. My time is out. I will just 
simply say the suggestion or maybe what we might have read or 
heard of millions of individuals who may be immigrants who 
don't have authorization to work, such as that figure you gave, 
20,000 to 30,000, is not as accurate as we may have heard. The 
number of cards that you are dealing with that are unauthorized 
to work are about 20,000 to 30,000, and not millions.
    Mr. LOCKHART. Those that are nonwork cards. Now, there is 
obviously a whole series of people that are working in this 
country that do not have legitimate Social Security numbers. As 
we were talking earlier, some of those are showing up in our 
suspense file. A lot of our suspense file just may be typos and 
stuff like that, but there are people that are working, and it 
is probably in the millions, without proper Social Security 
cards and numbers in this country.
    Ms. JACKSON LEE. We will work through that. Thank you very 
much.
    Mr. JOHNSON. [Presiding.] Thank you, Ms. Jackson Lee. The 
Chair recognizes Mr. Hayworth.
    Mr. HAYWORTH. I thank you, Mr. Chairman.
    Mr. Lockhart, thank you for coming to testify today. I want 
to make sure that I understand exactly the status of foreign 
students who come to the United States to study at our colleges 
and universities, vis-a-vis Social Security cards. Now, you 
mentioned some distinctions here; those who come who are 
authorized to work, those who are on public assistance.
    Help me nail down the student status. Do we classify that 
as an authorization to work? Authorized to study? What 
classification are they given?
    Mr. LOCKHART. The general student status at, say, a 
university is, they are authorized to study. Then the INS, as I 
understand it, has authorized the universities to authorize 
them to work within the college, not somewhere else, just 
within the university.
    The way the statute works is, if they come in with a letter 
from an authorized person from that university to say this 
person is authorized to work at the university and is expected 
to work at the university, then we will give them a Social 
Security number.
    Now, what has happened, frankly, is some universities, 
because they may need Social Security numbers for these 
individuals for their records or something, are not actually 
putting these people to work, so that they are not actually 
working. And yet, we are getting a letter that says----
    Mr. HAYWORTH. So, what you have are universities engaged in 
defrauding the Federal Government, saying they have people 
working who are not working, to get Social Security numbers?
    Mr. LOCKHART. We may have some universities sending 
letters, and they may be interpreting differently than we are.
    Mr. HAYWORTH. No, no. Let's get down to brass tacks here. 
If people are attempting to defraud and deceive the Federal 
Government in wartime for easy bucks, this is serious.
    Mr. LOCKHART. Yes sir, and I know our Inspector General has 
looked at some cases. I have heard of situations where a 
university has actually advertised in foreign newspapers that 
``come to our school and we'll get you a Social Security 
number.'' You know, that is not right.
    Mr. HAYWORTH. What is the name of the university that has 
done that?
    Mr. LOCKHART. I am not sure. I heard about it in our 
Oklahoma City office, though.
    Mr. HAYWORTH. Let me ask you a further question. This is 
very disturbing, to say the least. Maybe this is a question 
better suited for INS, but do we keep track of the 
nationalities of those who come to study? Do we know, for 
example, the number of Iraqi students who are in the United 
States on study programs or work study programs? Do you have 
any estimate today how many Iraqi students are here in the 
United States on a work study program?
    Mr. LOCKHART. You are right, it is an INS question. We 
would not have that information in any of our databases.
    Mr. HAYWORTH. Is there any particular reason not to keep 
that information?
    Mr. LOCKHART. Again, what we are looking at is to make sure 
that people are paying their FICA taxes, and that is what the 
Social Security number has been created for. It is the INS's 
job to authorize people to work. That is what they are there 
for. That is their law. It is not our law.
    Mr. HAYWORTH. Let me ask you this question. You say things 
have changed under the new programs, the combination of pre-
September 11 reforms and post-September 11 reforms, and we are 
about 4 months into the situation now. How would you evaluate 
the level of communication between Immigration and 
Naturalization Service and the Social Security Administration? 
Are your computers able to talk to each other?
    Mr. LOCKHART. Well, first of all, I think we are doing a 
lot better with communicating with the INS. In fact, I just 
talked to the Deputy Commissioner there this morning, and we 
are trying to work better than we have in the past. So, I think 
on the human level, it is working better. We are having many 
more meetings. I think they understand our issues now a lot 
better, and we are beginning to understand theirs.
    From the computer standpoint, they do have this SAVE 
program that does tell us when someone is authorized to work. 
We have access to it in our field office. A person right at the 
service window who is reviewing a document will have access to 
the system. I saw them bring one up when I was in California. 
Momentarily it comes up, and it says whether this person is 
authorized to work or not.
    The problem is not all of the data is in there.
    Mr. HAYWORTH. So, we have incomplete data. Again, as we 
opened this questioning period, I am very concerned about the 
status of some colleges and universities who seem to be playing 
fast and loose with work study.
    There is perhaps, Mr. Chairman, an appropriate role 
legislatively to crack down on those who would deceive the 
government for work study dollars.
    I see my time has expired. I thank you, and thank you, Mr. 
Chairman.
    Mr. JOHNSON. The time of the gentleman has expired. The 
Chair recognizes Mr. Collins.
    Mr. COLLINS. Thank you, Chairman Johnson.
    Mr. Lockhart, you know, we talk about these Social Security 
numbers, and it seems as though we kind of hand them out in a 
manner that has no system to it. Do we do benefits the same 
way? They get these Social Security numbers and they are here 
and they work temporarily----
    Mr. LOCKHART. First of all, I would say that we do have a 
system for handing out Social Security numbers. We do handout 
approximately 18 million a year. A major portion of those are 
actually replacement cards, but we handout about 5 million new 
cards a year.
    We do have systems in place. We have significantly 
strengthened those systems, as I have already said, but there 
were systems in place before September 11 as well. There were 
procedures in place.
    On the benefits side, we have a whole series of systems. I 
think I can say, having come to Social Security only 7 or 8 
months ago, that the systems at Social Security are some of the 
best in government, and we are always well-rated that way.
    For benefits, obviously we have some issues with the 
suspense file, which we already talked about, but I think we do 
a reasonable job of keeping track of people's benefits. We have 
maybe that 3-percent error rate, but we have a 97-percent match 
every year, which is significant. We are talking about $4 
trillion in wages a year.
    So, our systems are doing what I consider a good job. We 
could do better, and I am not trying to say that we couldn't do 
better. We could do significantly better, and we are continuing 
to work on it. Commissioner Barnhart and I have made it very 
clear since we arrived here that we are not going to accept the 
status quo. We want to improve this agency dramatically.
    Mr. COLLINS. Well, that is encouraging, and truthfully, I 
think you have. I have talked with the Commissioner on several 
occasions, and you too, and I think you have made some good 
strides.
    I have a situation that has occurred in my district, which 
includes Fort Benning, Georgia. We have a local judge there who 
has called on a number of occasions, but his first call was in 
reference to several who had appeared in his court. They were 
here illegally, didn't have any kind of identification.
    This is really an INS problem, too, because when he called 
INS to report them and ask them to pick them up, and this was 
after September 11 of last year, they said they didn't have the 
time, didn't have the money, couldn't do it. It was very 
frustrating to this particular judge.
    He did call 1 day and said that they had incarcerated a 
person who was working at Fort Benning. He had a work pass, a 
work permit, and on that work permit was a Social Security 
number, and this person was here illegally also.
    So, he sent a copy of the work permit over the office, and 
we double-checked it with your office and found that the number 
had not been issued.
    How much of that exists? Do we have any idea? That is what 
this judge said, how much? Fort Benning, too, says, you know, 
this is not an isolated incident.
    Mr. LOCKHART. It is a big issue. People make up Social 
Security numbers. As far as we can tell, all 19 terrorists, or 
however many that did have a Social Security number, they were 
all made up, and that is a big, big issue. As I said earlier to 
a question, there are probably millions in this country with 
made up Social Security numbers.
    What we are trying to do is develop--and we do already have 
in place for employers, for State agencies, the ability to 
check those numbers with us, either in person or by computers. 
The idea is that, if they bring in a name, and they bring in a 
Social Security number, we can tell them if it is real or not. 
If there is a mismatch, then they should know that there is an 
issue with the individual.
    Mr. COLLINS. I am glad that you are communicating with the 
people over at INS, because it seemed like there was a lot of 
slack there. For an INS office to inform a judge we don't have 
the time to pick up people who are here illegally, already 
incarcerated, something is wrong with that type of system.
    I think it is a real threat and a danger to us to have 
people with work permits file Social Security numbers here 
illegally, working on a military installation.
    Mr. LOCKHART. Yes. As you may have read in the newspaper, 
many of the agencies represented on the next panel, including 
our Inspector General, have been very active at the airports in 
this area, in verifying Social Security numbers. We are very 
committed to helping out in those kinds of law enforcement 
activities because we do believe it is extremely important for 
this country.
    Mr. COLLINS. Well, in closing, the Office of the Inspector 
General for Social Security has been very helpful in this case, 
too. They are investigating this and investigating the 
employer.
    Thank you.
    Mr. LOCKHART. Thank you.
    Mr. JOHNSON. Some of my colleagues and myself would like to 
clarify the statement you made. Did you indicate that all the 
terrorists had illegal Social Security numbers?
    Mr. LOCKHART. Well, what I said is, I am not sure if all of 
them had Social Security numbers, but as far as we can tell--
and the Inspector General has talked to the FBI, and the FBI I 
guess will be up--as far as we know at this time, none of the 
terrorists received a Social Security number at one of our 
offices. That is why we need to use the kinds of systems that 
we are building. We have had in place systems for 20 years for 
employers and other people to verify Social Security numbers. 
They just have not been used.
    We now have a test, which, again, I mentioned in my 
testimony, with about eight major employers of an online 
system. I think over time, if we can do that, it will help 
protect the Social Security number from people that just make 
it up.
    Ms. JACKSON LEE. Mr. Chairman, if you would just yield for 
just a brief moment?
    Mr. JOHNSON. I yield to the gentlelady.
    Ms. JACKSON LEE. There is a question that I left on the 
table, when you said millions of made-up numbers, you are not 
saying that there are millions of immigrants with made-up 
numbers? There are people all over the United States with made-
up numbers. Is that what you are saying?
    Mr. LOCKHART. You have to go back to that suspense file we 
were talking about. There are 10 million that we can't match 
every year. A lot of it is typos, wrong names, but there are 
certainly people in there that are working, whether they are 
immigrants, illegal or not, I don't know. There are certainly--
I think most people would say many millions that are working 
without a proper Social Security number.
    Ms. JACKSON LEE. Not all of one label?
    Mr. LOCKHART. What?
    Ms. JACKSON LEE. Not all of one label, one type of people, 
there are many----
    Mr. LOCKHART. We just don't have the data. I mean, if we 
could find them, we could match them.
    Ms. JACKSON LEE. We would find out.
    Mr. Chairman, thank you. I do want to say that the INS is 
really trying to work on this issue, to the extent that I have 
visited sites, airports around the country I spent my time 
visiting. I will tell the Committee, if they have interest, 
that I literally saw the INS recognize undocumented individuals 
coming in from a country overseas, and was able to match the 
fact that their documents were fraudulent and was there to 
greet them. I saw the action when I was there. They were able 
to greet them immediately as they deplaned.
    This is happening across the Nation. I think that we can be 
assured that they listen to Congress on the responsibilities 
that they have.
    I thank the Chairman for yielding.
    Mr. JOHNSON. I thank the lady for her comments. The Chair 
recognizes Mr. Hulshof.
    Mr. HULSHOF. Thank you, Mr. Chairman. Welcome, Mr. 
Lockhart. We certainly welcome our colleagues from the 
Subcommittee on Immigration, Border Security, and Claims.
    A lot of the questions to you, Mr. Lockhart, have been 
referenced around the issue of illegal immigrants that are 
here. What I would like to do is focus, as is also the subject 
of our hearing, on identity theft. Our Subcommittee, the Social 
Security Subcommittee, has heard some heart-wrenching stories 
from citizens, sometimes elderly citizens, who have been bilked 
of thousands of dollars in personal savings, with credit 
histories being just turned upside down because of identity 
theft. So, I would like to ask a couple of questions along that 
line.
    You mentioned about 18 million cards a year, some of those 
are replacement cards. What percentage per year are replacement 
cards?
    Mr. LOCKHART. About 12.5 million of those, so two-thirds.
    Mr. HULSHOF. A couple of hypotheticals. If I come in to get 
a replacement card, I presume I could get one. What if I had 
just been given a replacement card the week before?
    Mr. LOCKHART. You can get one with the proper 
documentation. You just can't ask for it. Yes, assuming you had 
the proper documentation, you can come in.
    At the moment, we don't have a limit. It is one of the 
areas we are really looking at, because not only is there an 
integrity issue here, there is also a tremendous workload 
issue. Some of our offices are spending a third of their time 
issuing replacement cards. So, we are looking at it to see if 
we should limit the number, to see if we should charge, to see 
if they even need a replacement card.
    I mean, what is happening in many of these offices is we 
have the Supplemental Security Income, SSI, population that we 
serve, and many of them have mental impairments, are homeless, 
and they are always losing the cards. We have people that have 
had 30 or 40 cards, and they are being required by some State 
agency to produce it. Now, if we can go to more of a 
verification electronically, that might relieve some of that 
workload as well.
    Mr. HULSHOF. So, the Inspector General's recommendation to 
put perhaps some limit on the number of replacement cards, with 
some exception for extraordinary circumstances, that would be 
something that you would support?
    Mr. LOCKHART. I am about ready to get a white paper on the 
topic. There is a series of issues. Some of the people I have 
talked to in the field office say why not charge them something 
for it. Maybe that will discourage them. A limit would be 
another way. There is a whole series of ways.
    I mean, what is important is actually the number, not the 
card, when you really think about it.
    Mr. HULSHOF. A couple of other quick areas, as my time is 
dwindling. If the Social Security Administration receives a 
report from an employer that indicates that somebody is working 
in America, say in Phoenix, Arizona, using my Social Security 
number, do you let me know that?
    Mr. LOCKHART. What we do, if there is more than one wage 
report on a Social Security number, we try to unscramble it, 
and that unscrambling may mean that we call someone. By the 
time we receive the information, we are receiving information 
well over a year old on wage reports by the time it is entered 
in the system. It is probably not very helpful, if your 
identity has been stolen. You would probably know by then 
anyway.
    The other thing we do, though, is we also put out annually 
the Social Security statement, as you know. In that, when you 
see it, if there is an incorrect wage, you could call us, and 
we would unscramble it that way.
    Mr. HULSHOF. Okay, the final area of questioning regards 
data sharing with law enforcement agencies. Of course, the 
Privacy Act does say that agencies can share information with 
another information for the purpose of civil or criminal law 
enforcement purposes, if the head of that agency makes a 
written request.
    Yet, it is my understanding that regulations within your 
agency limit disclosure to law enforcement activities relating 
to serious crimes like murder and crimes of violence. What 
about identity theft itself? I mean, for instance, if law 
enforcement were to contact the Social Security Administration 
and say, ``We are working on an identity theft case. We need 
some data from your agency to be shared with us,'' would you 
provide it to them?
    Mr. LOCKHART. It is not only serious crimes but it also is 
fraud against a Social Security number, and it is also if our 
IG opens a case. So, if the law enforcement person comes to the 
IG, which is where they would come, and the IG opens a case, we 
would certainly provide the information. We are not protecting 
identity thieves, in any sense of the word.
    Mr. HULSHOF. Local law enforcement would then have to go 
the Inspector General.
    Mr. LOCKHART. Which is part of Social Security, yes.
    Mr. HULSHOF. Okay. Thank you, Mr. Chairman. I yield back.
    Mr. JOHNSON. Thank you. Mr. Brady, do you care to question? 
The gentleman is recognized for 5 minutes.
    Mr. BRADY. Thank you, Mr. Chairman.
    I want to follow up on Congressman Hulshof's questions on 
collaboration. First, I want to thank the Social Security 
Administration for your collaboration with law enforcement on 
Operation Tarmac, which was launched after September 11. It has 
uncovered a large number of individuals with security 
clearances working at our Nation's airports under false 
pretenses, obviously a practice that cannot be allowed to 
continue.
    On the 9th of this month, in my community, just 2 days 
before September 11's anniversary, Operation Tarmac indicted 
143 individuals working at Houston's Bush International 
Airport, the airport that I and many of my neighbors fly in and 
out of on a weekly basis.
    These people acquired airport security badges by using a 
nonexistent Social Security number of someone else's Social 
Security number.
    From my viewpoint, the operation was a very solid 
preventative measure because these individuals each had access 
to airplanes, ramps, and tarmacs, regardless of their security 
clearance.
    You have really addressed the question of what we can do to 
prevent this type of fraud in the future, but following on to 
Congressman Hulshof's question, is there not a way to increase 
cooperation with law enforcement, short of the IG opening up a 
case? Obviously, what we are tying to do here, the 143 who were 
indicted, perhaps and most likely there isn't a terrorist among 
them. Just as you arrest speeders before they cause an 
accident, someone who tries to buy a gun illegally, in hopes to 
prevent harm from happening later, it is important that we have 
these measures in place, even though they may seem to be small, 
preventative measures.
    What can we do to increase, short of having to open up a 
case, to increase this type of cooperation with law 
enforcement?
    Mr. LOCKHART. Really, the best way is for the security 
companies, everybody that is hiring at the airports or anywhere 
else, to use our systems. We have the systems, and any employer 
can come in and verify Social Security numbers when a hiring 
decision is made. That is the best prevention by far, just not 
to employ them to start with.
    It is not being used as well as it should, and we are 
trying to get the word out that we have those systems in place, 
and they should be using them. So, that is the first thing that 
should be done.
    The second thing is, we are continuing to work with our IG 
and our IG is continuing to work with all law enforcement to 
see how we can better fit our constraints.
    Our constraint really is that this is taxpayer information. 
It is protected by the Internal Revenue Code, and it is a very 
important issue with them, that taxpayer information is secure.
    So, we are working with the IRS, and we are working through 
our IG with the various law enforcement officials.
    Mr. BRADY. That is a very good answer. My thought was, in 
the case with Houston's airport, Federal agents went through, 
under the leadership of our U.S. attorney, Mike Shelby, went 
through some more than 21,000 individual files to make those 
match. The good news is, there are only 143 who didn't, which 
tells you there is a level of security there.
    My thought was, can we not make it, with certain 
restrictions, as easy for law enforcement, again, under certain 
restrictions, to match those numbers as it would be for 
employers to go online to do it?
    Mr. LOCKHART. It is an issue we talked about in the agency, 
and certainly we talked it over with the Inspector General, and 
he is certainly recommending it. Again, it is an issue that is 
partially out of our hands, from the standpoint that the 
taxpayer information belongs to the IRS. So, it is one of the 
issues that we have to continue to work with them on, as to 
what are the procedures.
    We have certainly, as you said, been able to do it for 
Operation Tarmac, and we hope that we can do it whenever 
necessary.
    Mr. BRADY. I was just thinking, if there was some law 
enforcement clearinghouse at some level that works directly 
with the Social Security Administration and the appropriate 
authorities to be able to access, so that you don't have 10,000 
going on from different jurisdictions, but actually a good, 
cooperative, laid-out, disciplined process that speeds up 
having to run through 21,000 files, where we can do more 
security because we save time.
    Mr. LOCKHART. It is certainly something we should consider, 
yes.
    Mr. BRADY. Thank you, sir. Thank you, Mr. Chairman.
    Mr. JOHNSON. Thank you. Let me follow up on that for just a 
second. I am told, and I would like for you to verify it, that 
if an employer called you with a number for you to check, you 
say it is okay or not, but you don't tell them whether the guy 
is dead or if he is on a nonwork Social Security number. Is 
that true?
    Mr. LOCKHART. Yes, sir. That is true. That is a flaw in our 
system that we are in the process of correcting. I was not 
aware of that until very recently myself, and I had the same 
concern that you do, that it doesn't make any sense to verify 
in that circumstance, if someone is dead or they have a nonwork 
number. We are making the system changes so that our 
verification systems will tell that.
    Mr. JOHNSON. You will be in the near future, then?
    Mr. LOCKHART. We are implementing those changes. Yes, sir.
    Mr. JOHNSON. Okay. Let me ask you one other thing. I 
believe the Social Security Administration Inspector General is 
on record as supporting Social Security privacy legislation. 
This bill would prevent numbers from being used as ID numbers 
for many purposes, including military ID. At a time when 
military personnel are deployed worldwide, and terrorists are 
trying to exploit our weaknesses in everything from the 
Internet to our own financial systems, I don't know if it is 
wise for the military to be using their Social Security number 
for everything from checking out equipment to cashing a check. 
I would like to hear your comments on that.
    Mr. LOCKHART. There is certainly an overuse of the Social 
Security number in our society. It has become a de facto 
identifier one way or another. The problem is that, in many 
ways, something else will have to be substituted for it. In 
some cases, it is useful for prevention of fraud and prevention 
of terrorists. So, there are pluses and minuses to all this.
    Certainly, in your legislation, there are a lot of 
reasonable things that we can think about on how to limit the 
use of the Social Security number, because it has really grown 
dramatically more than it was ever supposed to do in this 
country.
    Mr. JOHNSON. You agree with the original concept, as far as 
Social Security and tax purposes, period?
    Mr. LOCKHART. That is the original concept. Unfortunately, 
I think the cat's out of the bag.
    [Laughter.]
    Mr. JOHNSON. Okay. Let me ask you one other quick question. 
In reference to the illegals that I spoke of earlier, I 
recognize it is mostly an Immigration and Naturalization 
Service problem, but if you issue a temporary work permit and 
the Immigration and Naturalization Service then follows up 2 
months later with a letter to these guys, saying, ``You are 
going to be deported. Come on back home,'' maybe some of them 
will, how do you get termination on that Social Security 
number?
    Mr. LOCKHART. The procedures of the agency have been that, 
once a Social Security number is issued, it is issued. If we 
think there has been some fraud, we do put in the record that 
there has been some fraud, and we won't issue a replacement 
card, but the numbers are not canceled.
    Mr. JOHNSON. So, they are out there indefinitely? So, if 
the guy is deported back to Mexico, let's say, and then comes 
back across the border, he still has a good Social Security 
number?
    Mr. LOCKHART. He still has a Social Security number. If we 
have entered into our records that we think fraud has been 
involved, if they came into our office, we could find that out, 
but it is something that we need to look at. It is an issue 
that I think we need to look at, as to whether we should do 
anything to cancel a number. Historically, we never have. We 
have issued 415 million numbers.
    Mr. JOHNSON. Thank you. I appreciate your honest testimony 
and openness with us. We thank you for the job you all are 
doing over there. Keep up the good work.
    With that, we will close your testimony and ask the second 
panel to step up. I am going to turn the meeting over the 
Chairman Gekas.
    Mr. LOCKHART. Thank you, Mr. Chairman.
    [Questions submitted by Chairman Shaw to Mr. Lockhart, and 
his responses follow:]

                                     Social Security Administration
                                          Baltimore, Maryland 21235

1. During the hearing, Mr. Lockhart stated that SSA has a scorecard on 
the recommendations the Inspector General had made to tighten controls 
related to issuing Social Security numbers (SSNs). As requested by 
Chairman Gekas, we would appreciate your providing a copy of that 
scorecard to both of our Subcommittees.

------------------------------------------------------------------------
  Scorecard on Inspector General Recommendations to Tighten Controls on
                     Issuing Social Security Numbers
-------------------------------------------------------------------------
              RECOMMENDATION                           STATUS
------------------------------------------------------------------------
   Congressional Response Report--Terrorist Misuse of Social Security
                                 Numbers
                              A-08-02-32041
                             October 3, 2001
------------------------------------------------------------------------
Expand the Agency's data matching
 activities with other Federal, State and
 local Government entities.
--------------------------------------------Ongoing. The Enumeration----
                                             Response Team (ERT) is
                                             considering this as part of
                                             its long-term efforts.
------------------------------------------------------------------------
Explore the use of other innovative         Ongoing. The ERT is
 technologies, such as Biometrics, in the    exploring the use of
 enumeration process.                        biometrics in the
                                             enumeration process.
------------------------------------------------------------------------
Increase the number of investigative and    Ongoing. The FY 2003 IG
 enforcement resources provided for SSN      budget request includes an
 misuse cases                                additional 29 FTEs, which
                                             will be used for
                                             investigative and audit and
                                             the OIG technology plan.
------------------------------------------------------------------------
Authorize SSA and SSA's OIG to disclose     Partially Completed. OIG
 information from SSA files as requested     will take the lead for
 by the DoJ and FBI in times of national     completing this initiative.
 emergency and in connection with
 terrorist investigations.
------------------------------------------------------------------------
           Audit of enumeration at Birth Program A-08-00-10047
                           September 27, 2001
------------------------------------------------------------------------
Reinvest some of the savings realized by    Ongoing. The current EAB
 the Enumeration at Birth (EAB) program      contracts expire on
 and provide necessary funding, during       December 31, 2002.
 future contract modifications, for the      Negotiations for the new
 Bureaus of Vital Statistics (BVS) to        contracts with the States
 perform periodic independent                began in March 2002. We
 reconciliations of registered births with   have proposed the
 statistics obtained from hospital's labor   recommended review to the
 and delivery units and to periodically      states in negotiations for
 verify the legitimacy of sample birth       the new contracts. We
 records obtained from the hospitals.        expect the negotiations to
                                             be completed by December
                                             2002, with the new
                                             contracts effective from
                                             January 1, 2003 through
                                             December 31, 2007.
------------------------------------------------------------------------
Enhance its duplicate record detection and  Ongoing. SSA plans to
 prior Social Security number (SSN)          enhance its system to
 detection routines to provide greater       prevent the assignment of
 protection against the assignment of        multiple SSNs for identical
 multiple SSNs.                              cases with different birth
                                             certificate numbers, but an
                                             implementation date for
                                             this enhancement has not
                                             been determined.
------------------------------------------------------------------------
Instruct FO personnel to exercise greater   Completed. Instruction
 care when resolving enumeration feedback    issued via Emergency
 messages generated by the system.           Message on December 27,
                                             2001.
------------------------------------------------------------------------
Cross-reference multiple SSNs assigned to   Completed. SSA has completed
 the 178 children within the sample.         the cross-referencing of
                                             these SSNs.
------------------------------------------------------------------------
Continue to monitor the timeliness of BVS   Completed. SSA has taken a
 submissions and work with those BVSs that   number of actions with the
 are having difficulty complying with the    States to assist them in
 timeframes specified in the contracts.      complying with current
                                             contract timeframes. These
                                             include attending a yearly
                                             conference of all State
                                             registrars, presenting EAB
                                             findings to the
                                             participants, and
                                             establishing a ``Frequently
                                             Asked Question'' or FAQ, on
                                             SSA's Internet site.
------------------------------------------------------------------------
 Obstacles to Reducing Social Security Number Misuse in the Agriculture
                                Industry.
                              A-08-09-41004
                            January 22, 2001
------------------------------------------------------------------------
Expedite implementation of the initiative   Partially Completed. SSA
 to improve communication of name/SSN        began a pilot of its online
 errors to employers and employees.          Social Security Number
                                             Verification System (SSNVS)
                                             in April 2002, and expects
                                             to expand the pilot in
                                             early 2003.
------------------------------------------------------------------------
Introduce legislation that would provide    Ongoing. Currently IRS has
 SSA the authority to require chronic        the authority to penalize
 problem employers to use Enumeration        employers who do not comply
 Verification System (EVS).                  with wage reporting
                                             requirements. IRS has
                                             recently announced that
                                             they will impose penalties.
                                             SSA is working with IRS to
                                             support them in this
                                             effort.
------------------------------------------------------------------------
Collaborate with the INS to develop a       Ongoing. IRS has implemented
 better understanding of the extent that     a task force to review
 immigration issues contribute to SSN        their policies and
 misuse and growth of the Earnings           procedures regarding
 Suspense File (ESF). Additionally,          penalizing employers who
 reevaluate its application to existing      send SSA bad names and
 disclosure laws or seek legislative         SSNs. We are reviewing our
 authority to remove barriers that would     regulations to determine if
 allow the Agency to share information       current SSA regulations
 regarding chronic problem employers with    provide sufficient
 the INS.                                    authority to share
                                             information with other
                                             agencies, including INS, in
                                             situations that are
                                             consistent with the purpose
                                             of Social Security programs
                                             and SSA's disclosure
                                             policy.
------------------------------------------------------------------------
 Procedures for Verifying Evidentiary Documents Submitted with Original
            Social Security Number Applications A-08-98-41009
                           September 19, 2000
------------------------------------------------------------------------
Accelerate negotiations with United States  Partially Completed. SSA
 Immigration and Naturalization Service      implemented the first phase
 (INS) and Department of State (DOS) to      of EaE in October 2002, and
 implement the Enumeration at Entry (EaE)    is working with INS on
 program. Once implemented, all non-         identification of the next
 citizens should be required to obtain       phases.
 their SSNs applying at one of these
 Agencies.
------------------------------------------------------------------------
Continue efforts and establish an           Partially Completed. The
 implementation date for planned systems     Comprehensive Integrity
 controls that will interrupt SSN            Review Process (CIRP) was
 assignment when multiple cards are mailed   implemented in 1999. Based
 to common addresses not previously          on certain characteristics
 determined to be legitimate recipients      of the information input
 (for example, charitable organizations)     into Modernized Enumeration
 and/or when parents claim to have had an    System (MES), CIRP
 improbably large number of children.        identifies high-risk
                                             transactions that are
                                             subject to a monthly
                                             management review (such as
                                             too many cards being sent
                                             to one address). SSA
                                             continues its efforts to
                                             implement enhancements to
                                             the MES, however, the
                                             timeline for these
                                             enhancements has been
                                             impacted by the
                                             implementation of the near-
                                             term changes recommended by
                                             the Enumeration Response
                                             Team.
------------------------------------------------------------------------
Obtain independent verification from the    Completed. SSA now obtains
 issuing agency for all alien evidentiary    independent verification
 documents before approving the respective   for all alien evidentiary
 Social Security number applications until   documents.
 the Enumeration at Entry program is
 implemented.
------------------------------------------------------------------------
Propose legislation that disqualifies       Unable to implement. We are
 individuals who improperly obtain SSNs      unable to implement this
 from receiving work credits for periods     recommendation because INS
 that that they were not authorized to       does not have historical
 work or reside in the U.S.                  information on when an
                                             individual was or was not
                                             authorized to work.
------------------------------------------------------------------------
Effectiveness of Internal Controls in the Modernized Enumeration System.
                              A-08-97-41003
                           September 14, 2000
------------------------------------------------------------------------
Require field office (FO) management to     Ongoing. Management is
 perform periodic quality reviews of         required to perform quality
 processed exception messages (EMs) and      reviews and as additional
 provide appropriate feedback and related    enumeration training needs
 training to FO personnel.                   are identified refresher
                                             training is provided to FO
                                             personnel.
------------------------------------------------------------------------
Require FO personnel to document the basis  Ongoing. Most EMs require
 of all resolution actions taken on EMs      only routine review and
 for an appropriate period of time to        decision; FO managers
 facilitate management review.               receive and review listing
                                             of pending EMs that are
                                             coded as suspect or
                                             fraudulent.
------------------------------------------------------------------------
 The Social Security Administration is Pursuing Matching Agreements with
  New York and other States using Biometric Technologies A-08-98-41007
                            January 19, 2000
------------------------------------------------------------------------
Pursue a matching agreement with New York   Ongoing. SSA will begin a
 so that the Agency can use the results of   pilot for verifying
 the State's biometric technologies to       claimant identity by
 reduce and/or recover any improper          picture ID in early 2003,
 benefit payments.                           and is exploring the
                                             possibility of using
                                             matching agreements.
------------------------------------------------------------------------
Initiate pilot reviews to assess the cost-  Ongoing. SSA continues to
 efficiency of matching data with other      discuss its privacy
 States that have employed biometrics in     concerns with such matches
 their social service programs.              with the OIG.
------------------------------------------------------------------------
           Review of Controls over Nonwork SSNs A-08-97-41003
                             September, 1999
------------------------------------------------------------------------
Conduct periodic quality reviews of         Completed. SSA's Office of
 processed SSN applications and provide      Quality Assurance (OQA)
 timely feedback to field office (FO)        conducts periodic reviews
 personnel.                                  of processed SSN
                                             applications and timely
                                             feedback is provided based
                                             on their findings. SSA has
                                             expanded our performance
                                             indicators for enumeration
                                             for Fiscal Year (FY) 2003
                                             and beyond.
------------------------------------------------------------------------
Propose legislation to prohibit the         Unable to implement. We are
 crediting of nonwork earnings and related   unable to implement this
 quarters of coverage for purposes of        recommendation because INS
 benefit entitlement.                        does not have historical
                                             information on when an
                                             individual was or was not
                                             authorized to work.
------------------------------------------------------------------------
SSA should perform its own actuarial        Unable to implement. Because
 calculations of the effects of nonwork      it is not feasible to
 quarters of coverage on benefit payments,   accomplish this
 if deemed necessary to support changes in   recommendation, SSA has not
 legislation.                                pursued this analysis.
------------------------------------------------------------------------
Review the 452 unrestricted SSN's           Completed. It was
 processed by the California FO's            established that the
 temporary SR to identify other coding       employee misunderstood
 errors that resulted in the incorrect       operating instructions,
 issuance of SSN cards containing work       resulting in the employee
 authorization.                              making the same error on
                                             all of the incorrectly
                                             processed applications. The
                                             situation has been
                                             corrected.
------------------------------------------------------------------------
       Using Social Security Numbers to Commit Fraud A-08-99-42002
                              May 28, 1999
------------------------------------------------------------------------
Incorporate preventive controls in          Ongoing. SSA continues its
 Modernized Enumeration System (MES) that    efforts to implement
 address 1) multiple SSNs to a common        enhancements to the
 address, 2) parents claiming an             Modernized Enumeration
 improbably large number of children, 3)     System (MES). 1) There is
 known fraudulent documentation used as      an end-of-line integrity
 evidence in support of SSN applications.    review for too many cards
                                             to the same address, 2)
                                             software changes in 2003
                                             will interrupt the
                                             assignment of the SSN to
                                             parents claiming an
                                             improbably large numbers of
                                             children, and 3) currently
                                             in place is software which
                                             interrupts the issuance of
                                             a card where there is a
                                             fraud indicator on a prior
                                             application.
------------------------------------------------------------------------
Continue efforts to have INS and the State  Partially Completed. SSA
 Department collect and certify              implemented the first phase
 enumeration information for aliens.         of its Enumeration at Entry
                                             (EaE) program with the
                                             State Department in October
                                             2002, and is working with
                                             INS on identification of
                                             the next phases.
------------------------------------------------------------------------
SSA should require verification from the    Completed. Effective June
 issuing state when an out-of-state birth    2002, we started collateral
 certificate is presented as evidence for    verification of birth
 an SSN application.                         records for all U.S. born
                                             SSN applicants age one and
                                             older.
------------------------------------------------------------------------
SSA should require that the field offices   Completed. SSA now obtains
 obtain independent verification of the      independent verification
 alien's evidentiary documentation from      for all alien evidentiary
 the issuing agency (e.g., State             documents.
 Department, INS) before approving the SSN
 application, if an alien chooses to visit
 a SSA office to apply for his or her SSN.
------------------------------------------------------------------------

2. During the hearing, Mr. Johnson, who represents the Dallas area in 
Texas, mentioned that illegal aliens in an 18-wheeler had been 
apprehended. Approximately 26 of the individuals were released and told 
by the local Immigration and Naturalization Service (INS) office that 
they could get a Social Security number from SSA and go to work. Can 
you provide more details on this situation?

    Our understanding is that approximately two dozen Mexican 
immigrants survived a harrowing journey that began in El Paso and ended 
in North Texas aboard an unventilated tractor trailer rig. Two men died 
of heat exhaustion and nearly a dozen others were hospitalized briefly 
for heat stress. Because of the need for witnesses against the 
smugglers when the cases come to trial, the INS granted the immigrants 
permission to work.
    The Attorney General pursuant to Sec. 212(d) [8 U.S.C. 
Sec. 1182(d)] of the Immigration and Nationality Act has the authority 
to parole individuals into the United States for reasons specified in 
the Act and provide them with work authorization. Inquiries should be 
directed to the Department of Justice because once the Attorney General 
exercises his discretion and issues work authorization, SSA has no 
discretion. Section 205 (c)(2)(B)(i) of the Social Security Act 
requires that the Commissioner of Social Security issue a work Social 
Security Number if an individual has a valid INS work authorization.

3. The Earnings Suspense File (ESF) has increased more than fourfold in 
the last 10 years. The SSA's Office of Inspector General (OIG) found 
there are patterns of reporting errors among certain employers, 
including identical Social Security numbers (SSNs) used for more than 
one employee, non-issued SSNs, and consecutively numbered SSNs--all of 
which end up in the Earnings Suspense File. There are also many 
instances of employers and industries that continually submit erroneous 
wage reports--one study of 20 agriculture employers in which 60% of 
their wage reports had inaccurate names or SSNs and who submitted 
almost $250 million in mismatched wages between 1996 and 1998--and that 
three industries (agriculture, food and beverage and services) account 
for almost half of wage items in the suspense file. What is the agency 
doing to address this growing file? Is SSA making any special endeavor 
to refer these employers to the Immigration and Naturalization Service 
(INS) or the Internal Revenue Service (IRS) or to otherwise target them 
for corrective action in submitting erroneous wage reports? What else 
can be done? Please also provide information requested by Mr. Becerra 
regarding the administrative costs associated with the ESF (sending out 
letters responding to workers/employers' questions, and so forth).

    The ESF contains approximately 238.2 million items (name/SSN 
mismatches). This covers items submitted for tax years (TY) 1937 
through 2000. Approximately 25 percent or 61.6 million items were added 
to the ESF for TYs 1991-2000, which is an increase of about one-third.
    SSA developed a tactical plan to address the growth and management 
of the ESF. As a result SSA:

         LHas instituted multiple computer-matching routines to 
        increase SSA's ability to match a reported name/SSN that does 
        not match SSA's record with the correct record.
         LIs building a new process that would electronically 
        find millions of additional matches and post them to the 
        correct earnings record. The new process would compare earnings 
        items to the Master Earnings File (which includes the Employer 
        Identification Number), the benefit record, and the Numident 
        (the record of SSNs assigned to individual names). (The current 
        matching process compares earnings items only to the Numident.) 
        The new process would also employ new techniques with earnings 
        record patterns to match the earnings to the correct 
        individual. It is estimated that at least 30 million items 
        would be removed from the suspense file and credited to the 
        records of individual workers. If so, benefits for several 
        hundred thousand beneficiaries would be increased.
         LProvides regional office assistance to employers with 
        a high volume of mismatches to assist them in improving the 
        accuracy of their records.
         LIs discussing with IRS its existing authorities to 
        penalize employers who contribute a large number of or a high 
        percentage of name/SSN mismatches to the ESF. (The penalties 
        for submitting erroneous records are in the Internal Revenue 
        Code.) We understand that the IRS has begun to pilot a process 
        to penalize these employers.
         LCurrently piloting with a small group of employers 
        the Social Security Number Verification Service (SSNVS), an 
        Internet option to verify the accuracy of employees' names and 
        Social Security Numbers (SSN) by matching the employee-provided 
        information to SSA's records. SSA's current system provided to 
        the employer community through SSA's 800 number and through 
        electronic (magnetic tape, diskettes) and paper processing is 
        time consuming for employers. An Internet option will be more 
        efficient and encourage more employers to use SSA's name/SSN 
        verification program for new employees, thereby reducing items 
        posted to the suspense file.
         LDeveloped and conducted outreach programs to the 
        employer and payroll communities to address the issue of 
        correctly matching names and SSNs. SSA staff have spoken to 
        numerous employers and payroll groups on this and related 
        issues. SSA has made changes to our publications to help 
        employers better understand the issues. In our quarterly 
        publication, the ``SSA/IRS Reporter,'' which is sent to over 
        6.5 million businesses, we have had numerous articles on the 
        importance of providing correct name/SSN information on the 
        Form W-2. SSA has built a website that is designed specifically 
        for employers to address their payroll reporting issues and 
        provide guidance.
         LHas worked with both the INS and IRS on the mismatch 
        issue. Both agencies have incorporated training on the 
        importance of name/SSN information into their training programs 
        for businesses.
         LHas revised the letters sent to the employer to 
        provide more detailed information about name/SSN mismatches. 
        SSA also provides detailed step-by-step instructions of what 
        the employer should do to resolve the discrepancy. The letters 
        highlight the responsibilities of employers and the rights of 
        employees when there are name/SSN mismatches.
         LWorked with the IRS to revise the Form W-2 and its 
        magnetic and electronic formats to provide separate first and 
        last name fields to facilitate capturing the proper last name. 
        This separation of the last name better assures that the 
        information reported can be properly matched to SSA's records, 
        especially in cases where a person has a multiple or hyphenated 
        last name. Similar name presentation changes have also been 
        made to the Form W-4.
         LModified the Spanish version of the Form SS-5 
        (Application for a Social Security Card) to separate the first 
        name from the last name. There are plans to make similar 
        changes to the English version of the Form SS-5.
         LImproved the timeliness of the notices sent to every 
        employee whose name and SSN do not match requesting correction 
        information.
         LHas engaged Price Waterhouse Coopers to review the 
        Agency's management practices of the ESF and make 
        recommendations as appropriate for improvement.

    You asked if SSA is making any special endeavor to refer these 
employers to the INS or the IRS or to otherwise target them for 
corrective action in submitting erroneous wage reports. SSA shares name 
and SSN mismatch data reported on the Form W-2 with the IRS since SSA 
processes these forms on behalf of the IRS. SSA is working with IRS 
cooperatively in the development of its penalty program.
    SSA is precluded from making referrals of name/SSN mismatch 
information to the INS due to section 6103 of the Internal Revenue 
Code, which prevents SSA from sharing tax information with other 
agencies.
    In response to your question concerning what else can be done, SSA 
is now piloting an Internet based SSNVS. This is a free service where 
employers can verify that the name and SSN on their payroll records 
matches SSA's records. Expanding this limited pilot to the entire 
employer community will offer an inexpensive and easy way for all 
employers to verify their employee's names and SSNs.
    As far as the administrative costs associated with the earnings 
suspense file, SSA sends a notice to every individual whose name and 
SSN does not match SSA's records. For TY 2001 (calendar year 2002), it 
costs SSA approximately $5.4 million to send these notices.
    SSA also sends notices to employers. For TY 2001, SSA sent notices 
to all employers that had an item go into the ESF at a cost of $600,000 
for the 944,000 notices sent.
    There are additional costs associated with both types of notices:

         LOver $200,000 for system maintenance and cyclical 
        changes; and
         LAn average of $9.00 for each call to our National 800 
        number generated by the notices. We estimate that we received 
        about 100,000 inquiries about the TY 2001 letters.

4. SSA shares information on work credited to non-work SSNs with INS 
annually (worker name, address, employer, wages). What does INS tell 
you they do with the information? In 2000, about 9.6 million wage items 
representing $49 billion in wages did not match SSA's records. The SSA 
IG recommended that SSA share information on wage records that do not 
match SSA files. The IG also recommended that SSA match Office of Child 
Support Enforcement files with non-work SSNs and share that data with 
INS. What are your views and do you plan to take action on these 
recommendations?

    With regard to the INS' use of information on work credited to non-
work SSNs, we defer to the INS for an explanation of what they do with 
the information and its usefulness.
    Concerning IG's recommendation that SSA share information with INS 
on wage records that do not match SSA files, SSA does not have the 
legal authority to share such records with INS. Whether or not the wage 
records submitted to SSA match SSA records, they constitute tax return 
information subject to the disclosure restrictions in the Internal 
Revenue Code (IRC) (26 U.S.C. 6103). section 6103 of the IRC prohibits 
sharing of wage records when SSNs on those records do not match 
information in SSA records.
    With respect to the IG recommendation that SSA match Office of 
Child Support Enforcement files with non-work SSNs and share that data 
with INS, SSA cannot act on this recommendation for reasons similar to 
those cited above regarding sharing wage data with INS. SSA's access to 
and use of OCSE data is subject to limitations specified in section 453 
of the Social Security Act (the Act) (42 U.S.C. 653). Section 453(l)(1) 
of the Act prohibits SSA from sharing this information with INS.

5. Do you believe it would make it easier for employers to identify 
illegal workers if the SSN number itself was changed to indicate 
whether the person is not authorized to work? If so, are you planning 
to implement this change and if yes, when?

    It is not clear if the SSN itself were changed to indicate whether 
the person is not authorized to work whether it would significantly 
help employers identify ``illegal'' workers. Most illegal workers use 
made up numbers. The best way for employers to identify them is to use 
one of SSA's matching systems.

6. An article published by The Deseret News, of Phoenix, Arizona, on 
Tuesday, October 01, 2002 entitled ``Thefts of Social Security ID 
rising fast,'' by Pat Reavy, Deseret News staff writer, described the 
substantial problems of a retired woman named Frances Stone, aged 70. 
According to the article:

L``. . . in 1992, Stone noticed her Social Security checks were getting 
smaller. After some investigating, Stone discovered that the woman who 
allegedly took her wallet, an illegal immigrant, had gotten a job and 
was earning wages using her Social Security number. The government 
thought Stone was earning more money than she really was. Now, 10 years 
later, the problem still hasn't been settled. Each year Stone's Social 
Security checks are cut, and each year she has to go through a lot of 
red tape to prove somebody else is using her Social Security number. 
And each year it takes three to four months' worth of phone calls and 
letter writing to get the matter cleared up.''

The SSA sent some eight million letters to people identified with 
``mismatched SSNs.'' How many of these were to people who are using 
someone else's SSN? Has the SSA compiled any reports as to how many 
people receiving SSA benefits are experiencing the same kind of fraud 
experienced by Frances Stone? How many citizens and lawful residents 
are now subject to erroneous records of SSA benefits and don't 
recognize the problem? If SSA receives a report from an employer that 
indicates someone else is working using another's SSN, would SSA 
contact the true owner to let him or her know? Doesn't the SSA have a 
responsibility to the person to whom the SSN was lawfully issued? Why 
not?

    SSA is committed to achieving the results our citizens expect. We 
regret the difficulties that Frances Stone experienced resulting from 
the theft of her wallet. Her earnings record is now correct.
    SSA/OIG does not have enough information to determine how many no-
match letters went to people who are using someone else's SSN. For Tax 
Year 1999, SSA has over 8.3 million wage items in suspense because the 
name/SSN on the employer wage reports failed to match SSA's records. 
SSA produced no-match letters in an attempt to resolve these suspended 
items. About 2.6 million wage reports could not be matched due to zero 
SSNs, invalid SSNs, no names, and so forth. About 5.7 million wage 
reports contained SSNs that matched SSA's records; however, the names 
did not match. SSA/OIG does not know how many of the 5.7 million 
letters were mailed to individuals who used someone else's valid SSN. 
Without a valid name/SSN match, these earnings could not be posted to 
an individual's master earnings record.
    Although 5.7 million of the wage items could have led to letters 
going to people who are using someone else's SSN, they could have also 
gone to the owner of the SSN who used an incorrect name (i.e. married 
name, improperly hyphenated name, and so forth.) Since these items are 
still in need of resolution, SSA/OIG cannot determine the actual number 
of people who are using someone else's SSN.
    You asked, if SSA receives a report from an employer that indicates 
someone is working using another's SSN, would SSA contact the true 
owner to let him or her know? SSA does not notify the actual SSN holder 
if someone is using his or her SSN. SSA has a number of ongoing 
processes to obtain the correct name and SSN associated with the wages, 
including manual and automated edits. Due to these internal efforts, 
notifying the actual number holder of this situation may be premature 
and create unnecessary alarm. In addition, the earnings history of the 
SSN owner, as well as their status with SSA's programs, has not been 
impacted since the wages earned by the other user (who may or may not 
have fraudulently used the number) remain in suspense.
    SSA does not have reports as to how many people receiving SS 
benefits are experiencing the same kind of fraud experienced by Frances 
Stone. SSA's IG is currently completing an audit of Internal Revenue 
Service referrals to SSA where a taxpayer has claimed that someone else 
is working under their name and SSN. IRS refers such cases to SSA so 
that their earnings history within SSA's records can also be corrected. 
SSA/OIG's audit work has found numerous instances of potential and 
actual identity theft. While SSA/OIG does not know how many other 
citizens and lawful residents do not recognize this problem, SSA does 
send annual Social Security statements to the public which allow the 
individuals to identify anomalies in their earnings records.
    SSA has a responsibility to ensure that the earnings recorded on 
all wage reports with names/SSNs that match SSA's records are properly 
posted to employees' earnings records. In addition, should the SSN 
owner request a correction to their earnings history, SSA has the 
ability to do so.
    SSA also has the ability to assign a new SSN if this is the only 
means of resolving an identity theft situation. SSA allows a second SSN 
to be issued when: (1) attempts to locate the individual using the 
number holder's SSN have been unsuccessful; (2) the number holder has 
earnings posted to his/her account in the last 2 years which belong to 
someone else; (3) the number holder requests or agrees to accept a new 
SSN; and (4) the number holder has cooperated with SSA.

7. What is the timeframe for merging your data systems so that 
employers who verify SSNs will be notified that an SSN is a non-work 
SSN or that the individual assigned the SSN is deceased?

    Modifications to include additional verification information are 
planned for the Internet based SSNVS (Social Security Number 
Verification Service) now in an initial pilot phase. The next step in 
that process is to expand the pilot to include additional employers.

8. The Privacy Act says an agency can share information with another 
agency for purposes of civil or criminal law enforcement activity if 
the head of that agency makes a written request. However, your 
regulations limit disclosure to law enforcement activities related to 
serious crimes (e.g., murder, kidnapping) where the person has been 
indicted or convicted and to criminal activity involving the Social 
Security program or similar programs, correct? Does this mean that 
employers can request verification of basic information, but law 
enforcement agencies cannot?

    SSA's authority for verifying SSNs for employers and law 
enforcement entities is separate and distinct. SSA verifies SSNs for 
employers under the Privacy Act's routine use provision (5 U.S.C. 
552a(b)(3)). For law enforcement, the disclosure authority is 5 U.S.C. 
552a(b)(7).
    SSA's verification of SSNs for employers is for a compatible 
purpose, i.e., routine use, because employers' submittal of wage 
reports to SSA is a part of SSA's business process. It is in SSA's 
interest that employers submit wage reports with correct SSNs so that 
the Agency can post wages to the correct individual's record. These 
verifications enable the Agency to maintain correct wage records on 
which to base individuals' future retirement, survivors or disability 
benefits.
    Unlike verifying SSNs for employers, the disclosures SSA makes for 
law enforcement purposes generally are for non-program related 
purposes; thus are more limited. These disclosures are based on a 
balanced policy that provides service to the law enforcement community 
while maintaining the confidentiality and integrity of personal 
information in SSA's records. We provide information to law enforcement 
organizations in connection with an individual who has been indicted or 
convicted of a violent crime. We also provide information if an 
individual is suspected of committing fraud against the Social Security 
program or any other government health or income program.
    SSA has ad hoc authority (under the ad hoc provision in Regulation 
20 CFR 401.195) allowing the Commissioner to make one-time disclosures 
to law enforcement authorities upon written requests from law 
enforcement agencies in special situations of national emergency or 
security.
    On September 13, 2001 the Commissioner exercised this ad hoc 
authority to law enforcement requests concerning the events of 
September 11. SSA's Inspector General and our then Office of Disclosure 
Policy established a streamlined process to handle law enforcement 
requests pertaining to these tragic events.

9. The SSA Inspector General mentioned in his testimony that a person 
is able to receive credit toward Social Security benefits based on 
illegal work. Does current statute explicitly say SSA may credit work 
toward Social Security eligibility and benefits, regardless of whether 
the person is a citizen or authorized to work in the U.S.? Would you 
describe how SSA would process this application for benefits? What 
proof would SSA request, and would SSA use the illegal work to 
determine his eligibility and benefit amount? Would SSA refer him INS 
for the illegal work?

    Section 210 of the Social Security Act states that all work 
performed in the United States is considered employment under the 
Social Security program with specific, but limited, exceptions. The Act 
does not specifically address ``employment'' of persons who lack INS 
authorization to work and, therefore, these aliens working without 
authorization are not specifically ``excepted'' from engaging in 
covered employment. The Act concerns itself with the kind of work done, 
rather than who is performing the work.
    As long as the individual has worked in employment covered by the 
Act, and once they meet all the other factors of entitlement including 
lawful presence in this country, and submit the required proofs, they 
can receive benefits. If the individual had worked under an assumed or 
invalid SSN, we would request evidence of this and develop to determine 
which earnings belong to him/her.
    Thus, the receipt of benefits hinges on work in covered employment 
rather than immigration status at the point of employment. However, 
lawful presence in this country at the point of entitlement is 
required.

10. Under current law, a non-citizen applying for benefits today cannot 
collect Social Security benefits if he is not legally residing in the 
United States, but he can get credit toward Social Security for illegal 
work. Also, a person can earn credit toward Social Security while 
breaking immigration law. Should these inconsistencies be rectified in 
your view?

    Under present law, a non-citizen living in the United States will 
only receive benefits if he is legally residing in this country. If 
Congress wished to reconsider the issue, a key concern would be whether 
a change would drive more employees into the non-tax-paying 
underground.

11. The Inspector General has recommended that legislation be enacted 
preventing Social Security from using wages from unauthorized work to 
determine eligibility and benefit amounts. A previous administration 
did not agree with the recommendation--where does the current 
Administration stand? What would be the policy arguments for and 
against the SSA OIG's proposal to prohibit crediting wages earned from 
illegal work toward Social Security benefits and eligibility? Could you 
also elaborate on whether INS has sufficiently complete data on 
immigrants' work authorization status over time to enable SSA to pursue 
this recommendation?

    A proposal to deny credit for covered earnings on which the 
employee and employer paid the required Social Security taxes would be 
a major shift in public policy. The Administration has not reviewed 
this proposal.
    Current law already provides that individuals can be paid benefits 
within the United States only if they are lawfully present. Thus, this 
proposal would reduce benefits primarily for individuals who are, at 
the time they apply for benefits, either U.S. citizens or otherwise 
legally within the country.
    To administer such a change, it would be necessary to know exactly 
which periods in the past that a person was authorized to work and not 
authorized to work. However, it is our understanding that INS does not 
maintain an electronic historical record of the alien status of each 
noncitizen in this country. Without this information it would be 
impossible to implement this change. We defer to INS for a more 
thorough explanation of their databases.

12. This year, SSA began mailing letters to all employers who submit 
information in which the name or SSN of the employee does not match 
SSA's records. Could you explain what the purpose of this letter is, 
since some employers may mistakenly believe they should no longer 
employ a worker because of the letter?

    The Internal Revenue Code provides that employers are responsible 
for providing correct name/SSN information on the Form W-2. When an 
employee's reported name and SSN do not match SSA's records, SSA may 
send a ``no match'' letter informing the employer of the discrepancy 
and requesting the employer's assistance in resolving the error. Our 
purpose in sending these letters is to obtain the necessary information 
to clean up our suspense file and ensure that number holders receive 
proper credit for their earnings.
    These letters are intended to remind employers about the importance 
of providing SSA with correct names and SSNs of employees. They also 
encourage employers to correct their records and to use SSA's Employee 
Verification Service.
    We are concerned that some employers may use SSA's letters to take 
inappropriate adverse action against affected employees. We therefore 
specifically advise employers not to take adverse action against an 
employee because of the ``no-match'' letter, as indicated in the 
following paragraph from the letter used for tax year 2001:

        L``This letter does not imply that you or your employee 
        intentionally provided incorrect information about the 
        employee's name or SSN. It is not a basis, in and of itself, 
        for you to take any adverse action against the employee, such 
        as laying off, suspending, firing, or discriminating against an 
        individual who appears on the list. Any employer that uses the 
        information in this letter to justify taking adverse action 
        against an employee may violate state or Federal law and be 
        subject to legal consequences. Moreover, this letter makes no 
        statement about your employee's immigration status.''

13. It appears that many employers do not understand what they need to 
do to fix the record mismatch, and may inadvertently violate other 
laws. What guidance does SSA give to employers to help them fix the 
problems identified?

    SSA provides detailed, step-by-step guidance with every ``no-
match'' letter in order to help employers resolve the reported records 
discrepancy. Instructions are provided for correcting SSNs and Filing 
Tips for accurate annual wage reporting are automatically included when 
``no-match'' letters are mailed.

Is this guidance consistent with that provided by INS, IRS, and the 
Department of Justice (DOJ) regarding hiring practices and 
documentation of an individual's work authorization status?

    Yes.

    Have you had discussions with these agencies to develop clear, 
consistent guidelines for employers so that they do not violate other 
laws in their efforts to comply with SSA's letters or out of fear of 
IRS penalties associated with non-matching wage reports?

    INS, IRS, and DOJ have been consistently involved in the 
development of the no-match policy guidelines. SSA has met with various 
agencies to discuss the Earnings Suspense File, ``no-match'' letters 
and related policies to assure that the guidance SSA provides to 
employers is consistent with INS, IRS and the DOJ policies.

14. Did SSA consult with business groups and others before implementing 
the new policy of sending out no-match letters to all employers with 
mismatched information? If not, why?

    SSA discussed changes to the ``no-match'' letter process with both 
the employer and payroll communities. We meet with groups such as 
American Payroll Association, the American Society of Payroll 
Management and the Payroll Service Bureau Consortium at our annual 
National Payroll Reporting Conference. ``No Match'' was a major topic 
at the Payroll Conference held in August, 2002. At this as well as 
other meetings, employers consistently indicate willingness to actively 
cooperate with SSA in order to resolve wage reporting discrepancies.

15. What has SSA heard back from employers and others since the mass 
mailing of no-match letters began?

    There has been an increased interest by employers in verifying 
SSN's for their employees. Representatives of labor unions, immigrant 
advocacy groups, and employer associations have expressed concerns 
about possible misinterpretation and misuse of the mismatch 
information. SSA has worked to address the issues identified by these 
groups to try to alleviate their concerns.

16. How many employers have contacted SSA attempting to verify their 
employee's SSNs?

    Employers can verify their employees' SSNs in a variety of ways:

         LApproximately 7,400 employers are registered to use 
        the batch verification system. In calendar year 2001, there 
        were 218 employers who used the batch verification system.
         LEmployers can visit a local SSA field office or call 
        a teleservice center. We have no data on the verification 
        requests to SSA field offices and teleservice centers, but we 
        believe they probably receive thousands of SSN verification 
        requests from employers.
         LThey can use the Employer Reporting Services Center 
        (an 800 number). SSA has very recently begun tracking the 
        numbers of SSN verification requests received here. For 
        September, October and November 2002 the average monthly volume 
        of verification requests received though the 800 number at the 
        Employer Reporting Service Center is about 60,000. No breakout 
        on the numbers of employers involved is available.
         LIn addition, there are a select number of 
        participants using the pilot Social Security Number 
        Verification (online) Service (SSNVS). There are six companies 
        participating in the SSNVS pilot.

17. The INS is responsible for assisting State and Federal agencies to 
train employees of those agencies in examining immigration documents 
such as visas. Isn't it true that the SSA only reversed its policy on 
checking INS records before issuing Social Security cards to aliens 
after September 11, 2001?

    SSA has had longstanding policies to verify documents with INS. 
However, until recently we could not electronically confirm the 
legitimacy of documents with the INS until the person had been in this 
country for at least 30 days. Therefore we relied on visual inspection, 
pursuant to security guidelines provided by INS, to verify documents. 
In every case in which our own scrutiny led to any doubts about the 
authenticity of the documents, we held up assignment of the SSN until 
INS verified the documents, no matter how recent the entry.
    The events of September 11, 2001, caused SSA's new management to 
reexamine many of our internal processes and our interactions with 
other agencies, including INS. INS has made improvements in the 
timeliness of their data entry, and earlier this year gave SSA expanded 
access to non-immigrant data. Based on a decision by Commissioner 
Barnhart, no alien's SSN application is processed until SSA receives 
verification of the alien's INS documents from INS. Full implementation 
of this procedure was rolled out from July 15, 2002 through September 
2002. Where the verification still cannot be done electronically, we 
will request verification from INS, which could be for as many as a 
half million of the 1.5 million non-citizens we enumerate each year.

18. More than 6 months after the initial request by the SSA, the INS 
still has not completed any arrangements to provide automated record 
checking against INS records, despite public statements that this was a 
``top priority.'' Is the problem with INS or is the SSA request more 
complicated than the press releases suggest?

    SSA is now able to verify most INS documents online, using INS' 
Systematic Alien Verification for Entitlements (SAVE) system. Online 
access was provided by INS on May 25, 2002. The system was piloted in 
SSA field offices in June 2002, and implemented in all SSA field 
offices on September 1, 2002. For documents that cannot be verified 
online, SSA sends a manual request to INS for verification.

19. Beginning in June 2002, SSA started contacting the State bureau of 
vital statistics to verify a birth certificate presented for a SSN 
application. Starting in July 2002 and nationwide by September 2002, 
SSA started verifying immigration documents with INS. Before these 
changes, SSA generally examined the documents and accepted them if they 
appeared genuine. Did SSA consult with employers before changing its 
verification procedures?

    As indicated above, SSA's general policy prior to September 11 was 
to verify documents with INS, except for certain new arrivals whose 
records were scrutinized by our employees. The events of September 11 
made it necessary for SSA to aggressively move forward in instituting 
additional verification measures to further ensure the integrity and 
security of the enumeration process. While we are working with the 
employer community and others to make them aware of the additional 
verification, we did not consult with them before changing our 
procedures.

20. What feedback has SSA heard from employers, particularly those 
employing seasonal workers, about the new verification procedures? Does 
SSA plan to make any exceptions or accommodations for temporary/
seasonal workers? Under the new verification procedures, how long does 
it take a non-citizen to obtain an original SSN?

    We recognize that our efforts to enhance the integrity of the 
enumeration process may result in a delay in receipt of an SSN or 
replacement card and therefore could hamper employment of temporary or 
seasonal workers. However, our procedural changes are designed to 
assure that only those who meet the enumeration requirements receive an 
SSN or replacement card. SSA is making no exceptions to its rules for 
any applicant.
    Some employers have contacted SSA expressing their concern about 
the length of time it may take for us to verify records manually with 
INS if the documents cannot be verified electronically. Any delays 
affect how quickly their newly hired employees obtain SSN cards. SSA's 
commitment is to assign an SSN within no more than a few days after 
receiving verification from the INS. Paper verification from INS may 
require as little as about a week or some number of weeks. SSA is 
working with INS to minimize these delays. Generally, employers are 
attempting to adjust their operations accordingly. Under IRS 
regulations 26 CFR Ch.1 Sec. 31.6011(b)-2 employers may hire an 
individual before he or she receives his/her SSN card.
    SSA is committed to doing all we can to protect the SSN while 
striking a balance among the needs of individuals, employers and SSN 
integrity. We believe that this new process should provide adequate 
safeguards for the integrity of the SSN while permitting individuals 
and their employers to move forward with hiring decisions.

21. Is it true that State benefit agencies, via your data matches with 
them, receive confirmation of their data or correct information from 
SSA's databases if their data is incorrect, for purposes of preventing 
fraud? State Departments of Motor Vehicles (DMVs) and employers only 
receive information on whether their data matches SSA's data or a note 
saying which piece of information did not match (without the correct 
information from SSA), even though they are also trying to prevent 
fraud, correct? In addition, is it also correct that the match with 
State DMVs may not provide information on whether the person on whom 
information was submitted shows up as deceased in SSA's records, 
depending on the system the State is using (online vs. batch file)? Why 
does SSA provide different levels of information to State DMVs than to 
State benefit agencies when they request matches with SSA data? Why 
don't the matches with Departments of Motor Vehicles or employers 
consistently include notification that a SSN belongs to a deceased 
individual? When do you expect SSA will provide information to 
employers and DMVs on whether a SSN is for a deceased person in these 
data matches?

    It is true that SSA provides different levels of information to 
State benefit paying agencies, DMVs and employers. We are working to 
enhance our verification systems as part of SSNVS. The next step in 
that process is to expand the pilot to additional employers.

22. Why doesn't SSA require a photo ID with SSN and benefit 
applications? Do you plan to change your procedures to require a 
picture ID when anyone does business with you? If not, why? If so, what 
is your time frame?

    SSA requires convincing evidence of identity (evaluated on a case-
by-case basis) from all applicants for original or replacement SSN 
cards. Most people can provide some reliable evidence of identity, such 
as a drivers license, passport, or school ID, that is acceptable for 
SSA purposes.
    In determining what identity documents to accept, SSA is mindful of 
the public burden, considering:

         LNot all SSN card applicants are adults;
         LNot every applicant, even if age 16 and older, has a 
        picture identity document; and
         LNot every applicant has more than one identity 
        document that meets SSA's criteria.

    It must be noted that there are many commercial organizations that 
sell identity cards with photographs. Anyone can easily purchase a 
photo ID card on the Internet. SSA does not accept these because they 
are generally issued based solely upon the person's allegations and the 
issuing agents cannot verify them. A photo ID is only as good as the 
documentation used to obtain it.
    However, SSA has a pilot in certain SSA offices that will test and 
gather photographic identification to address the issue of complicit 
impersonation in the disability claims process. The pilot is expected 
to start in mid 2003, once necessary actions resulting from the 
publication of the Federal Register notice on November 15, 2002 are 
completed.

23. The SSA IG suggested in a September 2001 report that SSA limit the 
number of replacement cards to 3 in a year and 10 over a lifetime, 
except in extraordinary circumstances. Does SSA agree with the 
recommendation? If so, when will SSA implement it? If not, what other 
actions will SSA undertake to prevent misuse of replacement SSN cards? 
Also is SSA planning to take any action to restrict replacement cards 
issued to persons with non-work SSNs who report earnings?

    We are currently considering various options for limiting the 
number of replacement cards an individual can receive.

24. I understand that the Federal statute does not specifically 
prohibit somebody from selling his or her own validly issued SSN with 
intent to deceive. Is this correct? If so, do you think Congress should 
consider changing the law to make this illegal?

    Section 208 of the Social Security Act (42 U.S.C. 408) does 
prohibit a person from selling a Social Security card that is, or 
purports to be, a card issued by SSA. This provision also prohibits a 
person from possessing a Social Security card with the intent to sell 
it, for the purpose of obtaining anything of value ``or for any other 
purpose.'' See 42 U.S.C. 408(a)(7). However, the section does not 
prohibit selling an SSN.
    Nonetheless, that section does prohibit unlawful use of another 
person's SSN. If the number holder (NH) conspired with another person 
to unlawfully use the SSN, including selling it, knowing that it would 
be used unlawfully, then the NH could be charged with conspiracy and, 
perhaps other offenses (e.g., aiding and abetting).
    Moreover, selling the SSN might violate State laws concerning 
fraud, consumer protection, and so forth., depending on how the SSN is 
used.
    We note that the Subcommittees' bill, H. R. 2036, would remedy 
this. SSA would be glad to continue to work with you on such 
legislation.

25. When do you expect to have the first Enumeration at Entry Center 
running? What has been the reason for delay? Will only persons admitted 
for lawful permanent residence be processed through these centers? Does 
SSA have any near-term plans to expand these centers to persons 
temporarily admitted to the Untied States who are authorized to work?

    Enumeration at Entry (EAE) is a process that enables aliens 
applying for immigrant visas at DoS's Foreign Service posts to apply 
for SSNs at the same time. The process started in October 2002. DoS 
passes the SSN application data to INS along with the visa application 
data. INS, in turn, passes the SSN application data on to SSA for 
issuance of the SSN. Significant programming and systems modifications 
on the part of all three agencies were necessary to make EAE a reality. 
Furthermore, EAE implementation requires that DoS staff physically 
install software containing the EAE changes at each post.
    EAE is already operational in the posts in Manila, Philippines; 
London, England; and Cuidad Juarez, Mexico. As of December 18, 2002, we 
have issued 1,943 SSNs using this process.
    Beginning January 2003, DoS will begin to install EAE software at 
other Foreign Service posts around the world. When this phase is fully 
implemented, more than 90 per cent of the people applying for immigrant 
visas at DoS posts will be able to apply for SSNs at the same time.
    SSA, INS and DoS will soon begin discussions on expanding the 
process to other groups of aliens.

26. The IG has urged SSA to implement additional protections against 
issuance of multiple SSNs to children and to help State bureau of vital 
statistics to ensure records of hospital birth units and registered 
births match. For example, it can take a couple of months to get a SSN 
through enumeration at birth, and parents may come into the Social 
Security office to request a SSN at the same time it is processing the 
information from the State BVS, sometimes causing infants to be issued 
multiple SSNs. Also, some hospitals do not separate the duties of 
clerks gathering birth information from parents and clerks entering 
information into the hospital database, making it easier for someone to 
enter births for children who do not exist. Is SSA implementing any of 
the SSA IG's suggestions?

    The current Enumeration at Birth (EAB) contract expires on December 
31, 2002. SSA is pursuing OIG's recommendation for the Bureaus of Vital 
Statistics to perform periodic independent reconciliation of registered 
births with statistics obtained from the hospitals to verify the 
legitimacy of sample birth records by building it into its negotiations 
for the new EAB contracts, which will be effective January 1, 2003.

27. Fingerprints and photos have been accepted biometric identification 
for government documents for more than fifty years. Why does the Social 
Security Administration not employ any sort of biometric identification 
to confirm identity? Doesn't the absence of biometric identity 
confirmation put at risk innocent citizens with regard to their bank 
accounts, their credit, sometimes even their mortgage loans?

    From the inception of the program, the Social Security number (SSN) 
card was never intended for use as an identity document. If the Social 
Security Administration were to use biometrics to link the SSN card to 
the bearer to allow identity confirmation, the agency would become the 
trusted authority and authenticator of individual identity in the U.S. 
We believe this task would have an adverse impact on our ability to 
fulfill our mission. In addition, the use of biometrics would require 
the re-enumeration of every Social Security number holder at 
considerable cost.
    We provided a report to Congress in 1997 on replacing the Social 
Security card with a plastic card that could include identifying 
information, such as a picture or biometric identifiers. Several of the 
prototypes developed in this study are still valid examples of the kind 
of identity document in question. The report found that issuing new 
Social Security cards with biometric information would cost from about 
$4 billion to $9 billion (in 1996 dollars), depending on the form of 
the card, and would require about 70,000 work years.
    SSA's Office of Inspector General and other SSA components continue 
to actively pursue information about potential technologies that we 
could use to support more accurate earnings reporting and to reduce 
benefit and SSN fraud.

28. The Social Security card is generally accepted to be very easily 
counterfeited. Has the SSA looked into the processes used by the State 
Department for passports or visas or by the INS for the ``Permanent 
Resident Card (green card)'' or the Border Crossing Card?

    We do not agree that the SSN card is ``very easily'' counterfeited. 
It has numerous sophisticated security features that help to prevent 
counterfeiting. These include:

         LThe front contains a marbleized light blue security 
        tint, with the words ``Social Security'' in white.
         LIntaglio printing is used in some areas on the front 
        of the card. (Intaglio printing can be done only by certain 
        security printing companies, on registered machinery.)
         LThe front and back contain yellow, pink, and blue 
        planchettes (small discs). These can appear anywhere on the 
        card, including the area on the card that contains the 
        Department of Health and Human Services or Social Security 
        Administration seal and the number holder's name and SSN.

    Further, there are additional security features that we do not make 
a matter of public record.
    While we have confidence in the current security features of the 
card, we are open to considering options that would make it even less 
subject to counterfeiting and use by identity thieves.

29. Should the Social Security Administration, or another federal 
agency such as the INS start issuing a number that can be used for 
identification, so that the SSN can be reserved only for payroll tax 
withholding and benefit awards?

    SSA does not have a position on whether it or another Federal 
agency should issue numbers that could be used for identification. We 
believe that this is an issue for the new Department of Homeland 
Security, and we will be happy to work with them and provide any 
support needed.

30. How many individuals have been issued more than one SSN? How does 
this happen? What measures exist to prevent this from happening?

    Before SSA implemented the Systems controls explained below, there 
were occasional rare instances where more than one SSN was erroneously 
assigned to a single individual. We also know that there are limited 
cases where SSA has purposefully assigned a new SSN for domestic 
violence victims, those suffering continued harm due to identity theft, 
and so forth.
    In July 1990, SSA implemented the Modernized Enumeration System 
(MES), which gave FO personnel the capability to take an SSN 
application using online screens rather than on a paper application 
form. As part of the application process, MES searches the SSN database 
and returns possible matches when an application for a new SSN is 
entered. This helps the field office identify a previously assigned 
SSN, and prevents assignment of a new one.

31. We know that non-citizens who are authorized to work are able to 
legitimately obtain SSNs for work purposes. However, if they no longer 
are working in this country or have left the country, the SSN issued to 
them remains on record as being assigned to them. Should some notation 
on SSA's record be placed to indicate that the individual is no longer 
working and/or residing in this country? Should that number be valid 
for all times?

    It should remain an INS responsibility to determine who is 
authorized to work, and to keep track of entry/exit from the U.S. 
Employers, as part of the hiring process, can determine current status 
and work authorization by following INS' I-9 rules. We do not think SSA 
should duplicate this function.
    Regarding the validity of the SSN for all times, the SSN needs to 
remain valid in case the number holder returns to the United States and 
is once again authorized to work. The number is used to keep an 
accurate record of each individual's earnings and to pay and monitor 
benefits, including those paid under a Totalization agreement.
                                 

    Chairman GEKAS. Thank you, Sam.
    Yes, we invite the second panel to begin to take their 
places at the witness table. We call upon Charisse Phillips, 
Director of Fraud Prevention Programs, Bureau of Consular 
Affairs, U.S. Department of State; Robert Bond, Deputy Special 
Agent in Charge, Financial Crimes Division, U.S. Secret 
Service; Grant D. Ashley, Assistant Director, Criminal 
Investigative Division, Federal Bureau of Investigation; Hon. 
James G. Huse Jr., Inspector General, Social Security 
Administration in Baltimore; Matthew Reindl, Operator of 
Stylecraft Interiors Inc. of Great Neck, New York; and, Chris 
Hoofnagle, Legislative Counsel, Electronic Privacy Information 
Center.
    We state to the witnesses that their written statements 
will be accorded a place in the record, without objection. We 
will ask them each to try to limit their remarks, their reviews 
of their written testimony, to about 5 minutes. We will begin 
in the manner in which we introduced the panel, starting with 
Charisse Phillips.
    You may proceed.

 STATEMENT OF CHARISSE M. PHILLIPS, DIRECTOR, OFFICE OF FRAUD 
     PREVENTION PROGRAMS, BUREAU OF CONSULAR AFFAIRS, U.S. 
                      DEPARTMENT OF STATE

    Ms. PHILLIPS. Mr. Chairman, thank you very much. I am very 
pleased to be here to testify before the Subcommittee this 
afternoon.
    I have had the privilege of serving as the Director of 
Fraud Prevention Programs in the Bureau of Consular Affairs for 
2 years now. Previously, I served in a number of consular 
sections abroad, where I had frontline experience with document 
fraud, and with attempts by criminals, terrorists, and hostile 
governments to obtain U.S. travel documents. I have been a 
consular officer for almost 17 years now.
    The State Department has an integral interest in the 
quality of identity documents and vital records produced in the 
United States because those documents form the basis of U.S. 
passport issuance. The U.S. passport is perhaps the most highly 
valued document in the world, because of the many benefits and 
privileges it confers. It is not ``just a document,'' it is the 
passkey into our country.
    Let me tell you about the methadone moms. As these low-
income women leave their drug-rehab clinics, they are targeted 
by alien smugglers. They are offered money, maybe a couple 
hundred dollars, to apply for passports for their own kids, but 
here's the catch. They will substitute photos of different 
kids, photos supplied by the alien smugglers.
    Who are these substitute kids? In the majority of cases, 
they are the children of people who cannot bring those kids to 
the United States legally immediately. Those parents pay 
thousands of dollars for these fraudulent passports.
    How do we know about this? Well, the proverbial alert 
passport employee. We are fortunate to have a cadre of trained, 
experienced, and loyal personnel who detect these attempts to 
obtain our passports through fraud.
    The Bureau of Consular Affairs is in the business of 
preventing this kind of abuse of children and of travel 
documents. We have developed an extremely tamper-resistant 
passport. In fact, just last week, Members of the Five Nations 
Conference told me what we have noticed ourselves, that our 
passports are now so good that alien smugglers have stopped 
trying to alter them.
    Instead, now they are trying to get hold of them by other 
means. They are using look-alike travelers to match passports 
stolen from American tourists overseas. They are helping 
imposters apply for U.S. passports, using identities stolen 
from U.S. citizens in the United States. They are selling 
counterfeit documents--birth certificates, drivers' licenses, 
Social Security cards--to aliens for use in applying for 
passports. All these documents are available cheap on the 
Internet.
    We are pretty good at detecting these false documents. We 
have done studies of our passport issuances, and we provide 
training and information to our passport staff to keep them 
alert. As home computers, the Web, and high-tech scanners, and 
photocopiers become more accessible, we need more and better 
tools for our people.
    We need to be able to confirm Social Security numbers 
easily and routinely. Right now, our people put a lot of energy 
into developing informal contacts to help them confirm Social 
Security numbers and work histories. They rely on this 
information in suspect cases to help them quickly identify 
Americans who are just taking an innocent trip from the aliens, 
sometimes criminal aliens, who are seeking U.S. passports to 
evade the scrutiny of immigration officials around the world.
    Our people also need help in confirming the bone fides of 
U.S. birth certificates. This country has more than 8,000 
authorities issuing birth certificates and more than 50,000 
different versions issued by States, counties, and 
municipalities.
    We also need an easy way to verify drivers' licenses, the 
usual proof of ID submitted with passport applications. High-
quality duplicates of State drivers' licenses are available on 
the Internet with only a removable sticker warning ``novelty 
item'' to deter criminals. Our passport workers have no way of 
verifying drivers' licenses either online or through routine 
access.
    We call these kinds of documents ``breeder documents'' 
because they can all be used to obtain more identity documents. 
My office has, therefore, purchased the Social Security CD-ROM 
with death records of Social Security recipients going back to 
1936. We have made this available to our passport and our visa 
personnel online.
    We have begun to brief Social Security fraud investigators. 
We are trying to work with Social Security on a way to identify 
Social Security numbers online.
    [The prepared statement of Ms. Phillips follows:]
Statement of Charisse M. Phillips, Director, Office of Fraud Prevention 
     Programs, Bureau of Consular Affairs, U.S. Department of State
    Mr. Chairman and Members of the Committees:
    Thank you for the opportunity to appear at this hearing on 
Preserving the Integrity of Social Security Numbers and Preventing 
Their Misuse by Terrorists.
    I have had the privilege of serving as the Director of Fraud 
Prevention Programs, in the Bureau of Consular Affairs, for two years 
now. Previously I served in a number of consular sections abroad where 
I had front-line experience with document fraud, and with attempts by 
criminals, terrorists, and hostile governments to gain U.S. travel 
documents. I have been a consular officer for almost 17 years.
    The Bureau of Consular Affairs is in the business of preventing 
travel document fraud. We have an integral interest in the quality of 
identity documents and vital records produced in the United States, 
because those documents form the basis of U.S. passport issuance. The 
U.S. passport is perhaps the most highly valued document in the world, 
because of the many benefits and privileges it confers. It is not 
``just a document''--it is the pass-key into our country.
    We have developed an extremely tamper-resistant passport. In fact, 
passport and immigration authorities in other countries have told us 
what we have found ourselves--the U.S. passports now being issued are 
now so difficult to alter or counterfeit that alien smugglers have 
stopped trying to alter them.
    Instead they are acquiring authentic passports that have been lost 
or stolen and then using ``look-alike'' travelers to match passports 
stolen from American tourists overseas. They are helping impostors 
apply for U.S. passports using identities stolen from U.S. citizens in 
the USA. They are also producing and selling counterfeit documents--
birth certificates, driver's licenses, Social Security cards--to aliens 
to use in applying for passports. All these documents are available--
cheap--on the Internet.
    Personnel of the Bureau of Consular Affairs are experienced at 
detecting these false documents. We have done studies of our passport 
issuances, and we provide training and information to our passport 
staff to kept them alert. But as home computers, the Web, and high tech 
scanners and copiers become more accessible, we need more and better 
tools for our people.
    One tool that will help our officers is on-line access to Social 
Security Administration records. Comparing the documents submitted in 
support of passport and visa applications against the official 
databases of the issuing authorities will greatly improve the accuracy 
and integrity of the citizenship and identity confirmation process. We 
are currently working closely with the Social Security Administration 
and state vital records offices toward this goal.
    I will begin by giving some examples of document fraud cases.
Alien Smuggling Ring Exposed
    Let me tell you about the methadone moms. As these low-income women 
leave their drug-rehab clinics, they are targeted by alien smugglers. 
They are offered money--several hundred dollars, maybe--to apply for 
passports for their own kids. But, here's the catch. They will submit 
photos of different kids, supplied by the alien smugglers. Who are 
these substitute kids? In the majority of cases, they are the children 
of people in the U.S. either illegally, or as permanent residents, but 
who cannot bring their kids to the U.S. immediately through any legal 
means. Their parents pay thousands of dollars for those fraudulent 
passports. How do we know about this? An alert passport employee. We 
are fortunate to have a cadre of trained, experienced and loyal 
personnel who detect these attempts to obtain our passports through 
fraud.
Operation Oak Park: Passport Agency Uncovers Criminal Document Ring
    Late in 2000, the Chicago Passport Agency's Fraud Program Manager 
(FPM) linked 25 passport applications to a document fraud ring 
involving Nigerian nationals. A subsequent investigation conducted by 
the State Department's Diplomatic Security Field Office in Chicago 
revealed the fraud ring involved one document broker, who was already 
under investigation by the U.S. Postal Inspector's Office, the Social 
Security Administration's Inspector General's Office, the Immigration 
and Naturalization Service (INS), and the Drug Enforcement Agency. With 
Diplomatic Security as the catalyst, the agencies and others formed a 
task force, ``Operation Oak Park,'' under the direction of the U.S. 
Attorney.
    The ringleader and his associates provided young women with 
computer-generated counterfeit birth certificates and immunization 
records that named the women as the mothers of non-existent newborn 
babies. They used those documents to apply for Social Security cards, 
which they passed on to the ringleader. He then created other 
counterfeit birth certificates, using the name on the Social Security 
card but with the date of birth of the ultimate recipient or purchaser 
of the documents. The recipients could then use the birth certificates 
and Social Security cards to obtain driver's licenses and apply for 
passports. The ringleader charged about $5,000 for each fraudulent 
identity.
    The investigation developed leads into Jamaican and Nigerian 
community-based criminal activities and implicated two Illinois State 
Bureau of Vital Statistics employees and one Federal employee, who 
actively participated in the broader fraudulent documents scheme.
Operation Blind Date
    When Federal investigators arrested the ringleader, he agreed to 
cooperate, spawning a subsidiary investigation, Operation Blind Date. 
Under guidance from the task force he arranged for his network of 
brokers to fly to Chicago to pick up their documents and meet a 
supposedly corrupt Social Security supervisor, who was in reality an 
undercover Secret Service agent. The Chicago Police Department was 
included in the operation and arrested eight of the ringleader's 
associates ostensibly in routine traffic stops as they left his office 
so they wouldn't suspect him of turning them in. Those arrested 
included six Nigerian nationals, a Kenyan and a Jamaican posse street 
gang leader who was sought at the time by U.S. Customs and the DEA for 
narcotics trafficking.
    As part of a plea agreement, the ringleader took responsibility for 
preparing more than 100 sets of false documents. He was charged with 
fraudulently obtaining and selling passports and Social Security cards 
and counterfeiting birth certificates. He faced a possible sentence of 
10 years imprisonment and a $250,000 fine. However, he did not give up 
as easily as it appeared at the time. In December 2001, his family 
informed Federal agents that the individual, who was at home on 
electronic detention while awaiting sentencing, had passed away. 
However, when a Secret Service agent went to the morgue to identify the 
body he discovered that the corpse was not the ringleader's. The family 
and their doctor allegedly conspired to kidnap and murder a homeless 
man, pass him off as the convicted individual and planned to have the 
body cremated as soon as the morgue released it. A manhunt for the 
ringleader ensued, and Federal agents were able to track him to 
Massachusetts. He was apparently planning to flee the country to Poland 
where he had ties. He is still awaiting sentencing. The U.S. Attorney 
in Chicago has added capital murder charges to the document fraud 
charges.
West African Fraud in Texas
    Interagency cooperation is also active in other parts of the 
country to combat document fraud. The Houston Passport Agency's region 
has two of the country's largest enclaves of West African nationals in 
the U.S. The majority resides in Dallas and Houston, which has over 
50,000 Nigerian residents. The number of scams involving West African 
nationals in this region grew so great that a Federal task force 
comprised of various Federal and local law enforcement agencies 
convened several years ago in an effort to share case information and 
develop joint strategies. The majority of passport fraud cases by West 
Africans detected involved additional crimes, such as marriage fraud, 
narcotics trafficking, credit card fraud, insurance fraud and Social 
Security fraud.
Falsified Visas Also Used for Social Security Fraud
    Another type of fraud we have seen involves altered visas used by 
people who are already in the U.S. to obtain a benefit. Copies of 
fraudulent visas have been submitted to the Social Security 
Administration and the INS. The SSA applications are most commonly 
submitted by citizens of the Former Soviet Union who have legitimately 
issued visitor visas. The visas are altered, however, to show work 
classification so that the person will appear eligible for a Social 
Security number.
Why Social Security Number Checking is Critical to Passport and Visa 
        Processing
Passport Applications
    As state and local vital statistics offices improve the security 
features of their birth certificates to deter counterfeiters, deceased 
identity fraud will become an increasingly popular mode of fraud. 
Confirming a deceased identity is often difficult for Passport Agency 
Fraud Program Managers (FPMs) since many states have not cross-matched 
out-of-state birth and death records. Social Security data can be very 
useful in exposing attempts at passport fraud.
    FPMs have learned to recognize potential fraud cases by spotting 
anomalies in passport applications. Among the most frequent indicators 
of passport fraud are:

         LThe breeder document phenomenon

    In this scenario, a birth certificate is used to generate a series 
of new documents, culminating in an application for a passport. One 
hallmark of such activity is a readily identifiable timeline sequence 
of the respective transactions. First, a birth certificate appears, 
then a Social Security card or a document such as a state ID or 
driver's license, and finally, the passport application is executed.

         LLittle evidence to support the deposed facts

    Often, a passport application shows omissions and references to 
third parties (e.g., a friend as the person-to-be-notified in the event 
of an emergency). In person, the applicant is generally unfamiliar with 
the assumed identity, thus tending to respond evasively and making 
claims that are generally inconsistent with his appearance.

         LUnusual signatures

    Signatures on the applications may appear labored or obviously 
forged. FPMs are trained to detect handwriting that is not American in 
style.
    Passport agency personnel frequently check whether a previously 
issued passport was issued in error. The most useful method to do so is 
to obtain a copy of the previous application and verify the subject's 
Social Security number and check birth/death records and the FBI's 
National Crime Information Center files.
    If the passport was issued in a deceased identity a possible 
indicator would be a recently issued SSN or a record of two SSN's 
issued in that identity. There will also be minimal personal data on 
the original application. If the passport was obtained based on a 
counterfeit or falsely filed delayed birth certificate, a new SSN in 
the applicant's identity may have been issued weeks after the first 
passport was issued. The previous application may show a different SSN.
Immigrant Visa Utility
    Consular sections at U.S. Embassies and Consulates also rely on 
Social Security records when handling immigrant visa cases. Consular 
Sections overseas are sometimes hard pressed to determine whether an 
elderly petitioner in an immigrant visa case is still alive, 
particularly in cases where the petition was filed many years before. 
In other cases, the follow-to-join beneficiaries may claim the original 
petitioner is deceased in order to avoid a likely visa refusal 
resulting from ineligibility under the public charge section of the 
Immigration and Nationality Act. Sometimes there are also fraud 
problems when employment-based immigrant visa cases filed many years 
before for beneficiaries to care for elderly or seriously ill 
individuals raise questions whether the individuals still need such 
assistance. A check of the SSA database will in some cases provide 
definitive evidence of misrepresentation.
How the Department of State Combats the Fraud
Purchasing SSA Database
    My office has purchased from Social Security a CD ROM with death 
records of Social Security recipients dating back to 1936. We have made 
this available to our passport and visa personnel on-line. Fraud 
Prevention Managers in consular sections and passport agencies now have 
access to over 77 million U.S. death records via the Office of Fraud 
Prevention Programs' Intranet Web page. Over 98% of the death records 
in the database are for individuals who died after 1962. However, the 
database only includes death records of individuals for whom a death 
benefit claim was made to SSA. It may therefore not provide a positive 
response if the decedent never worked or never had a Social Security 
number, even if that person is indeed deceased.
LMultiple Passport Issuance Verification Helps Detect Fraudulent 
        Passport Applications
    Passport Services' Multiple Passport Issuance Verification (MIV) 
feature of the new Photodigitized Passport Issuance System is a quantum 
leap forward in fraud prevention technology that is already paying 
handsome dividends.
    Acting much like a name-check system, MIV automatically searches 
the passport files database for records of passport issuance during the 
past ten years and notifies the adjudicating officer if an applicant 
was issued a previous passport. It tells the officer how many passports 
were issued and for each issuance provides the name, date and place of 
birth, passport number, issuance and expiration dates. Some records 
also provide the Social Security number. This is proving to be a 
powerful tool for passport agency FPMs. A recent survey of ten passport 
agencies revealed that the MIV system detected an average of 25 
additional fraud cases per month.
Liaison with Vital Records Offices
    When questions arise concerning the authenticity of a U.S. birth 
certificate submitted with a passport application, FPMs often seek to 
verify the questioned document with appropriate local authorities. Over 
the years, FPMs have established informal working relationships with 
most of the state registrars in their regions.
    Consular personnel also work with the National Association for 
Public Health Statistics and Information Systems (NAPHSIS). At their 
annual conference in 2001 NAPHSIS members approved a Consular Affairs-
drafted resolution recommending cooperation with the Department of 
State's anti-fraud program. In the resolution, NAPHSIS recognized that 
cooperation with the State Department is essential to the integrity of 
the passport issuance process and the states' vital records operations. 
The resolution encouraged all vital statistics offices to establish and 
maintain liaison with the FPM whose passport agency is responsible for 
their state.

         What the Problem Needs Now

    We need to be able to confirm Social Security numbers easily and 
routinely. Right now our people put a lot of energy into developing 
informal contacts to help them confirm Social Security numbers and work 
histories. They rely on this information in suspect cases to help them 
quickly identify the bona fide Americans taking an innocent trip from 
the aliens, sometimes criminal aliens, who are seeking U.S. passports 
to evade the scrutiny of immigration officials around the world.
    Our people also need help with confirming the bona fides of U.S. 
birth certificates and driver's licenses. This country has more than 
8,000 authorities issuing birth certificates, and more than 50,000 
different versions issued by states, counties and municipalities. One 
commonly accepted proof of identity is the driver's license. It is not 
commonly known, however, that high-quality duplicates of state licenses 
are available on the Internet, with only a removable sticker warning 
``novelty item'' to deter criminals. Our passport workers have no way 
of verifying driver's licenses, either on-line or through routine 
access. We call these documents ``breeder documents'' because they can 
all be used to obtain more identity documents. Over the past several 
years we have been working with other agencies to combat fraudulent use 
of these documents and detect counterfeits and other fraud.
    We have begun to brief Social Security fraud investigators in 
identifying foreign passports presented with Social Security number 
applications. We are also working closely with the Social Security 
Administration to identify a way for us to routinely verify Social 
Security numbers on-line.
    We are working with the National Association of Public Health 
Statistics and Information Systems and the Social Security 
Administration to encourage states to automate their birth and death 
records. My office is also building a database of lost-or-stolen blank 
documents, such as birth certificates. We are also part of an 
interagency working group, headed by INS, on developing standards for 
U.S. birth certificates, to make it easier to identity counterfeits.
    In addition, we are talking to the American Association of Motor 
Vehicle Administrators on standardizing driver's license features. My 
office recently sponsored a pilot program at one passport agency to 
purchase readers to verify that the information on the front of 
driver's licenses at least matches that on the barcodes or magnetic 
strips on the back--police departments use these same devices to detect 
underage drinkers. We are also developing a pilot program with one 
state Department of Motor Vehicles to construct a train-the-trainers 
program on foreign passports, and share information on trends in 
document fraud.
    If we have this much difficulty with fraudulent documents in the 
United States, it is easy to imagine the problem encountered in our 
consular sections overseas. Some countries have automated, centralized 
records that are verified before passports are issued, and their 
documents are therefore easy to accept. In others, wars and natural 
disasters have destroyed vital local records, where they even existed. 
Poorly paid civil registry workers are also subject to pressure to 
fraudulently issue legitimate documents.
    To counter this problem, my office maintains information on lost-
or-stolen blank foreign travel documents. Every consular section has a 
designated Fraud Prevention Manager who is responsible for helping new 
officers learn the local documents, and for maintaining exemplars for 
reference. We have on-line country fraud summaries available for visa 
adjudicators to refer to. We train consular officers to detect altered 
or counterfeit documents, even when they have never seen such documents 
before. In addition, the U.S. Government has several programs to 
encourage countries to centralize and automate their vital records.
    As much progress as we believe we have made, we continue to explore 
possibilities for improving our fraud detection. For instance, we would 
like to explore the use of commercial databases to help identify 
fraudulent applications. We will work with INS to obtain additional 
information from its records that would be helpful.
    We in the State Department are proud of our fraud prevention 
programs and the technological improvements we are making. We will 
continue to work with the Social Security Administration, other Federal 
agencies, and the states to aggressively combat document fraud.

                                 

    Chairman GEKAS. We thank the lady for the testimony. I take 
it she is not completed with all that she wants to render, but 
perhaps during the question and answer period, some commentary 
will be forthcoming.
    We will go to the second witness. You may proceed.

   STATEMENT OF ROBERT BOND, DEPUTY SPECIAL AGENT IN CHARGE, 
         FINANCIAL CRIMES DIVISION, U.S. SECRET SERVICE

    Mr. BOND. Mr. Chairman, thank you. Members of both 
Subcommittees, thank you for the opportunity to address the 
subject of identity theft and the Secret Service's efforts to 
combat this problem. I am particularly pleased to be here with 
my colleagues and partners in fighting identity theft from the 
Federal Bureau of Investigation, the State Department, and the 
Social Security Administration.
    With the passage of new Federal laws in 1982 and 1984, the 
Secret Service was given primary jurisdiction for the 
investigation of access device fraud and parallel authority 
with other law enforcement agencies in identification fraud 
cases. The explosive growth of these crimes has resulted in the 
evolution of the Secret Service into an agency that is 
recognized worldwide for its expertise in the investigation of 
all types of financial crimes.
    While advances in technology and the burgeoning use of the 
Internet has provided numerous benefits to the consumer through 
readily available credit and consumer-oriented financial 
services, it has also created a target-rich environment for 
today's sophisticated criminals, many of whom are organized and 
operate across international borders.
    Identity theft is almost always a component of one or more 
crimes, such as financial crimes, violent crimes, or, possibly, 
the facilitation of terrorist activities.
    Identity theft can affect all Americans, regardless of age, 
gender, nationality, or race.
    The events of September 11 have focused the priorities and 
actions of law enforcement throughout the world, including the 
Secret Service. Immediately following the attacks, the Secret 
Service assisted the FBI and the joint terrorism task forces 
with their investigations through the leveraging of our 
established relationships, especially within the financial 
sector, in an attempt to gather information as expeditiously as 
possible.
    The Secret Service is also involved in a collaborative 
effort to analyze the potential for identity theft to be used 
in conjunction with terrorist activities through our liaison 
efforts with Operation Green Quest, Operation Direct Action, 
FinCEN, and the Terrorist Financing Operations section of the 
FBI.
    Since our inception in 1865, the twin pillars of the Secret 
Service have been prevention and partnership building.
    We simply could not fulfill our dual missions of protecting 
our Nation's elected leaders and safeguarding our financial 
infrastructure without two essential elements, incorporating 
preventative strategies and training, and building cooperative, 
trusted relationships with our local and Federal law 
enforcement partners.
    A central component of the Secret Service's preventive and 
investigative efforts with regard to identity theft has been 
educate consumers and provide training to law enforcement 
personnel through a variety of partnerships and initiatives, 
including our 37 financial and cybercrime task forces the 
Secret Service has developed throughout the country.
    The Secret Service has already undertaken a number of 
unique initiatives aimed at increasing awareness and providing 
the training necessary to combat identity theft and assist 
victims in rectifying damage done to their credit. This 
includes the development of a number of training tools designed 
to assist local law enforcement partners.
    Ultimately, most identity theft cases are reported to and 
investigated at the local level, but too often, local law 
enforcement agencies lack the expertise, experience, and 
resources to sufficiently investigate electronic-based crimes 
such as identity theft.
    In partnership with the International Association of Chiefs 
of Police, the Secret Service produced the ``Best Practices for 
Seizing Electronic Evidence Manual.'' This pocketsize guide 
instructs law enforcement officers in seizure of evidence from 
personal computers to wireless telephones to digital cameras. 
To date, the Secret Service has distributed over 315,000 copies 
of this guide free of charge to local law enforcement 
officials.
    We have also worked with this group and our private sector 
partners to produce the interactive and computer-based training 
program known as ``Forward Edge,'' and this is ``Forward 
Edge.'' It is a computer-based training program that takes the 
next step in training officers to conduct electronic crimes 
investigations. ``Forward Edge'' incorporates virtual reality 
features as it presents different investigative scenarios to 
the trainee.
    Copies of State computer crime laws for each of the 50 
States, as well as corresponding sample affidavits, are also 
part of the training program and are immediate accessible for 
instant implementation.
    In short, any police department in the country, regardless 
of the size and the resources that they may have, now has 
access to state-of-the-art training on the seizure and 
preservation of electronic forensics evidence, which can be 
central to an identity theft investigation. To date, we have 
distributed over 35,000 of these training CDs, again, free of 
charge, to our local law enforcement partners.
    Finally, the Secret Service and the International 
Association of Chiefs of Police are developing an ``Identity 
Theft Roll-Call Video'' geared toward local police officers 
throughout the Nation. This video will emphasize the need for 
police to document a citizen's complaint of identity theft, 
regardless of the location of the suspects. The video will also 
provide officers with instructions to assist victims who are 
seeking their reputations and credit worthiness.
    In addition to preventive measures, legislation currently 
pending in Congress can further enhance law enforcement efforts 
to combat identity theft. Stronger penalties, increased 
enforcement, and continued focus on prevention and training are 
the ingredients to successfully combating identity theft in the 
future.
    Mr. Chairman, that concludes my prepared statement. I will 
be happy to answer any questions that you or the other Members 
of the Subcommittee may have. Thank you, sir.
    [The prepared statement of Mr. Bond follows:]
  Statement of Robert Bond, Deputy Special Agent in Charge, Financial 
                  Crimes Division, U.S. Secret Service
    Mr. Chairman, I would like to thank you for the opportunity to 
address both Subcommittees on the issue of identity theft and the 
Secret Service's efforts to combat this problem. I am particularly 
pleased to be here with my colleagues and partners in fighting identity 
theft from the Federal Bureau of Investigation, the Department of 
State, and the Social Security Administration.
    The Secret Service was originally established within the Department 
of the Treasury in 1865 to combat the counterfeiting of U.S. currency. 
Since that time, this agency has been tasked with the investigation of 
other Treasury related crimes, as well as the protection of our 
Nation's leaders, visiting foreign dignitaries and events of national 
significance. With the passage of new Federal laws in 1982 and 1984, 
the Secret Service was given primary authority for the investigation of 
access device fraud and parallel authority with other law enforcement 
agencies in identification fraud cases. The explosive growth of these 
crimes has resulted in the evolution of the Secret Service into an 
agency that is recognized worldwide for its expertise in the 
investigation of all types of financial crimes.
    The burgeoning use of the Internet and advanced technology coupled 
with increased investment and expansion has led to fierce competition 
within the financial sector. Although this provides benefits to the 
consumer through readily available credit and consumer oriented 
financial services, it also creates a target rich environment for 
today's sophisticated criminals, many of whom are organized and operate 
across international borders.
    Information collection has become a common byproduct of the newly 
emerging e-commerce. Internet purchases, credit card sales, and other 
forms of electronic transactions are being captured, stored, and 
analyzed by entrepreneurs intent on increasing their market share. This 
has led to an entirely new business sector being created which promotes 
the buying and selling of personal information. Consumers routinely 
provide personal, financial and health information to companies engaged 
in business on the Internet. They may not realize that the information 
they provide in credit card applications, loan applications, or with 
merchants they patronize are valuable commodities in this new age of 
information trading. With the advent of the Internet, companies have 
been created for the sole purpose of data mining, data warehousing, and 
brokering of this information. These companies collect a wealth of 
information about consumers, including information as confidential as 
their medical histories. Like all businesses, data collection companies 
are profit motivated, and as such, may be more concerned with 
generating potential customers rather than safeguarding their 
information to prevent its misuse by unscrupulous individuals. The 
private sector represents the first line of defense in identity theft 
and has a responsibility to safeguard the data that it has collected. 
The greater the protections that industry provides to the public, the 
fewer the opportunities for identity theft.
    Based upon this wealth of available personal information, the crime 
of identity theft can be perpetrated with minimal effort on the part of 
even relatively unsophisticated criminals.
    There is no area today that is more relevant or topical than that 
of identity theft. Simply stated, identity theft is the use of another 
person's identity to commit fraudulent activity.
    Identity theft is not typically a ``stand alone'' crime. It is 
almost always a component of one or more crimes, such as financial 
crimes, violent crimes, or possibly, the facilitation of terrorist 
activities. In many instances, an identity theft case encompasses 
multiple types of fraud. According to statistics compiled by the FTC 
for the year 2001, 20% of the 86,168 victim complaints reported 
involved more than one type of fraud. The major complaints compiled by 
the FTC, which include multiple types of fraud reported in multiple 
categories, were:

         L42% of complaints involved credit card fraud--i.e. 
        someone either opened up a credit card account in the victim's 
        name or ``took over'' their existing credit card account;
         L20% of complaints involved the activation of 
        telephone, cellular, or other utility service in the victim's 
        name;
         L13% of complaints involved bank accounts that had 
        been opened in the victim's name, and/or fraudulent checks had 
        been negotiated in the victim's name;
         L7% of complaints involved consumer loans or mortgages 
        that were obtained in the victim's name;
         L9% of complaints involved employment-related fraud;
         L6% of complaints involved government documents/
        benefits fraud; and
         L17% of miscellaneous fraud, such as medical, 
        bankruptcy and securities fraud.

IMPACT

    Identity theft, unlike many types of crime, affects all types of 
Americans, regardless of age, gender, nationality, or race. Victims 
include everyone from restaurant workers, telephone repair technicians, 
and police officers, to corporate and government executives, 
celebrities and high-ranking military officers. What victims do have in 
common is the difficult, time consuming, and potentially expensive task 
of repairing the damage that has been done to their credit, their 
savings, and their reputation. Obviously, the impact is magnified when 
it affects one of America's most valued assets, our senior citizens, as 
they represent a generation with a trusting nature that is easy to 
exploit. This group is particularly dependent on other caregivers for 
assistance, such as relatives, medical staff, service personnel, and 
oftentimes, complete strangers. This dependency increases their 
vulnerability to certain schemes involving identity theft.
LEGISLATION

    In past years, victims of financial crimes such as bank fraud or 
credit card fraud were identified by statute as the person, business, 
or financial institution that incurred a financial loss. All too often 
the individuals whose credit was ruined through identity theft were not 
even recognized as victims. This is no longer the case. The Identity 
Theft and Assumption Deterrence Act was passed by Congress in 1998. 
This represented the first comprehensive effort to re-write the Federal 
criminal code to address the insidious effects of identity theft on 
private citizens. This new law amended Section 1028 of title 18 of the 
United States Code to provide enhanced investigative authority to 
battle the growing problem of identity theft. These protections 
included:

         LExpanding the scope of the statute to include as 
        victims those individuals whose identity information was stolen 
        and whose primary loss is creditworthiness and reputation 
        rather than financial loss;
         LThe establishment of the Federal Trade Commission 
        (FTC) as the central clearinghouse for victims to report 
        incidents of identity theft. This centralization of all 
        identity theft cases allows for the identification of systemic 
        weaknesses and provides law enforcement with the ability to 
        retrieve investigative data at one central location. It further 
        allows the FTC to provide victims with the information and 
        assistance they need in order to take the steps necessary to 
        correct their credit records;
         LAsset forfeiture provisions were enhanced to allow 
        for the repatriation of funds to victims; and
         LThe closing of a significant gap in existing 
        statutes. Previously, only the production or possession of 
        false identity documents was unlawful. With advances in 
        technology such as e-commerce and the Internet, criminals did 
        not need actual, physical identity documents to assume an 
        identity. This legislative change made it illegal to steal 
        another person's personal identification information with the 
        intent to commit a violation, regardless of actual possession 
        of identity documents.

    We believe that the passage of this legislation was the catalyst 
needed to bring together both Federal and state government resources in 
a focused and unified response to the identity theft problem. Today, 
law enforcement, regulatory and community assistance organizations have 
joined forces through a variety of working groups, task forces, and 
information sharing initiatives to assist victims of identity theft.
    The United States Sentencing Guidelines have also been amended 
since the passage of the 1998 Act to better address identity theft. 
Section 2B1.1 now provides an offense level of 12 in cases involving 
the possession of device-making equipment, the production of or 
trafficking in an unauthorized or counterfeit access device, the 
unauthorized transfer or use of any means of identification to 
unlawfully produce or obtain any other means of identification, or the 
possession of five or more means of identification that were lawfully 
produced from, or obtained by the use of, another means of 
identification.
    The guidelines amendments also provide a revised minimum loss rule 
for offenses involving counterfeit or unauthorized access devices. 
Specifically, a minimum loss amount of $500 per access device is to be 
used when calculating the loss involved in the offense, with the 
exception of the possession, not the use of, telecommunications access 
devices, in which case the minimum loss per unused device is $100.
    Finally, the guidelines now include grounds for an upward departure 
in identity theft cases in which the penalty range, which is largely 
based on financial loss, does not adequately reflect the seriousness of 
the offense. Specifically, courts may now consider whether the offense 
conduct harmed the victim's reputation or credit record, whether the 
victim suffered substantial inconvenience related to repairing that 
reputation or credit record, whether the victim was erroneously 
arrested or denied a job due to the theft, and whether the defendant 
produced or obtained numerous means of identification such that he or 
she essentially assumed the victim's identity.
    Violations of the Act are investigated by Federal law enforcement 
agencies, including the Secret Service, the U.S. Postal Inspection 
Service, the Social Security Administration (Office of the Inspector 
General), and the Federal Bureau of Investigation. Schemes to commit 
identity theft or fraud may also involve violations of other statutes, 
such as credit card fraud, computer fraud, mail fraud, wire fraud, 
financial institution fraud, or Social Security fraud, as well as 
violations of state law. Because identity theft is often connected to 
criminal activity that falls under the jurisdiction of the Secret 
Service, we have taken an aggressive stance and continue to be a 
leading agency for the investigation and prosecution of such criminal 
activity.
    Given the relative ease with which criminals can steal the 
identities of others and the allure of enormous profits with few, if 
any, repercussions, relying on the current sentencing structure to 
deter the victimization of our citizens, is shortsighted. Recently, S. 
2541, the Identity Theft Penalty Enhancement Act of 2002 was introduced 
in the Senate with the intent to establish increased penalties for 
aggravated identity theft, that is, identity theft committed during and 
in relation to certain specified felonies. This Act, in part, would 
provide for two (2) years imprisonment for aggravated offenses, in 
addition to the punishment associated with the related felony; 
committing the crime of identity theft in relation to specified felony 
violations, in addition to the punishment provided for such felony; and 
five (5) years imprisonment for the same related felonies associated 
with terrorism. Additionally, the Act prohibits the imposition of 
probation for those convicted of such violations and allows for 
consecutive sentences. While this particular legislation cannot be 
expected to completely suppress identity theft, it does recognize the 
impact identity theft has on society and the need to punish those 
engaging in criminal activity for personal or financial gain. The 
Administration strongly supports this bill.

SECRET SERVICE INVESTIGATIONS

    Although financial crimes are often referred to as ``white collar'' 
by some, this characterization can be misleading. The perpetrators of 
such crimes are increasingly diverse and today include organized 
criminal groups, street gangs and convicted felons. This can be 
attributed to many factors including:

         LThe probability of high financial gain versus low 
        sentencing exposure;
         LThe increased availability of goods or services which 
        can be obtained on credit; and
         LThe proliferation of computer technology in our 
        society that provides easy access to the information needed to 
        commit many financial crimes, as well as a means for committing 
        them remotely.

    The personal identifiers most often sought by criminals are those 
generally required to obtain goods and services on credit. These are 
primarily Social Security numbers, names, and dates of birth.
    The methods of identity theft vary. It has been determined that 
many ``low tech'' identity thieves obtain personal identifiers by going 
through commercial and residential trash, a practice known as 
``dumpster diving.'' The theft of both incoming and outgoing mail from 
mailboxes is a practice used equally as often by individuals and 
organized groups, along with thefts of wallets and purses.
    With the proliferation of computers and increased use of the 
Internet, many identity thieves have used information obtained from 
company databases and web sites. A case investigated by the Secret 
Services that illustrates this method involved an identity thief 
accessing public documents to obtain the Social Security numbers of 
military officers. In some cases, the information obtained is in the 
public domain, and in others, it is proprietary, and is obtained by 
means of a computer intrusion.
    The method that may be most difficult to prevent is theft by a 
collusive employee. The Secret Service has discovered that individuals 
or groups who wish to obtain personal identifiers or account 
information for a large-scale fraud ring will often pay or extort an 
employee who has access to this information through their employment at 
workplaces such as a financial institution, medical office, or 
government agency.
    In most of the cases our agency has investigated involving identity 
theft, criminals have used another individual's personal identifiers to 
apply for credit cards or consumer loans. Less commonly, they are used 
to establish bank accounts, leading to the laundering of stolen or 
counterfeit checks, or are used in a check-kiting scheme.
    The majority of identity theft cases investigated by the Secret 
Service are initiated on the local law enforcement level. In most 
cases, the local police department is the first responder to the 
victims once they become aware that their personal information is being 
used unlawfully. Credit card issuers as well as financial institutions 
will also contact a local Secret Service field office to report 
possible criminal activity.
    It is quite probable that older Americans will become an 
increasingly attractive target by criminal elements given the fact that 
70% of our Nation's wealth is controlled by those 50 years of age and 
older. Additionally, the common perception is that it is difficult for 
elderly victims to repair the effects of identity theft due to a lack 
of technical knowledge and uncertainty on how to protect themselves. 
Often, the level of diligence in monitoring personal finances decreases 
among the elderly or, after discovering the fraudulent activity, some 
are embarrassed and unsure of the steps necessary to report the 
compromise.

TERRORISM

    The events of September 11, 2001 have altered the priorities and 
actions of law enforcement throughout the world, including the Secret 
Service. Immediately following the attacks, Secret Service assisted the 
FBI with their terrorism investigation through the leveraging of our 
established relationships, especially within the financial sector, in 
an attempt to gather information as expeditiously as possible.
    The Secret Service has become involved in several collaborative 
efforts with respect to the investigation of terrorist activities 
through our liaison efforts with Operation Green Quest, Operation 
Direct Action, FinCEN, and the Terrorist Financing Operations Section 
of the FBI. As part of these collaborative efforts, the Federal law 
enforcement community is analyzing the potential for identity theft to 
be used in conjunction with terrorist activities.

COORDINATION

    The Secret Service continues to attack identity theft by 
aggressively pursuing our core Title 18 investigative violations, 
including access and telecommunications device fraud, financial 
institution fraud, computer fraud and counterfeiting. Many of these 
schemes would not be possible without compromising the personal 
financial information of an innocent victim.
    Our own investigations have frequently involved the targeting of 
organized criminal groups that are engaged in financial crimes on both 
a national and international scale. Many of these groups are prolific 
in their use of stolen financial and personal information to further 
their financial crime activity.
    It has been our experience that the criminal groups involved in 
these types of crimes routinely operate in a multi-jurisdictional 
environment. This has created problems for local law enforcement 
agencies that generally act as the first responders to their criminal 
activities. By working closely with other Federal, state, and local law 
enforcement, as well as international police agencies, we are able to 
provide a comprehensive network of intelligence sharing, resource 
sharing, and technical expertise that bridges jurisdictional 
boundaries. This partnership approach to law enforcement is exemplified 
by our financial and electronic crime task forces located throughout 
the country, pursuant to our section 1030 computer crime authority. 
These task forces primarily target suspects and organized criminal 
enterprises engaged in financial and electronic criminal activity that 
falls within the investigative jurisdiction of the Secret Service. 
Members of these task forces, who include representatives from local 
and state law enforcement, private industry and academia, pool their 
resources and expertise in a collaborative effort to detect and prevent 
electronic crimes.
    While our task forces do not focus exclusively on identity theft, 
we recognize that a stolen identity is often a central component of 
other electronic or financial crimes. Consequently, our task forces 
devote considerable time and resources to the issue of identity theft.

OUTREACH EFFORTS

    Another important component of the Secret Service's preventative 
and investigative efforts has been to increase awareness of issues 
related to financial crime investigations in general, and of identity 
theft specifically, both in the law enforcement community and the 
general public. The Secret Service has tried to educate consumers and 
provide training to law enforcement personnel through a variety of 
partnerships and initiatives.
    For example, criminals increasingly employ technology as a means of 
communication, a tool for theft and extortion, and a repository for 
incriminating information. As a result, the investigation of all types 
of criminal activity, including identity theft, now routinely involves 
the seizure and analysis of electronic evidence. In response to this 
trend, the Secret Service developed, in conjunction with the 
International Association of Chiefs of Police (IACP), the ``Best 
Practices for Seizing Electronic Evidence Manual,'' to assist law 
enforcement officers in recognizing, protecting, seizing and searching 
electronic devices in accordance with applicable statutes and policies.
    As a follow-up to this guide, the Secret Service and the IACP 
developed ``Forward Edge,'' a computer-based training application 
designed to allow officers to ``virtually'' seize different types of 
evidence, including electronic evidence, at various crime scenes.
    Further, the Secret Service, in conjunction with the U.S. Postal 
Inspection Service and the Federal Reserve Bank System, produced an 
identity theft awareness video. The video, which explains how easily 
one can become a victim and what steps should be taken to minimize 
damage, has been made available to Secret Service offices for use in 
public education efforts.
    In April of 2001, the Secret Service assisted the FTC in the design 
of an identity theft brochure, containing information to assist victims 
on how to restore their ``good name,'' as well as how to prevent their 
information and identities from becoming compromised.
    Finally, the IACP and the Secret Service have partnered to produce 
an ``Identity Theft Roll-Call Video'' geared toward local police 
officers throughout the Nation. The purpose of this video is to 
emphasize the need for police to document a citizen's complaint of 
identity theft, regardless of the location of the suspects. In 
addition, the video and its companion reference card will provide 
officers with information that can assist victims desperate to restore 
their reputations and creditworthiness.
    The Secret Service is also actively involved with a number of 
government-sponsored initiatives. At the request of the Attorney 
General, the Secret Service joined an interagency identity theft 
subcommittee that was established by the Department of Justice. This 
group, which is comprised of Federal, state, and local law enforcement 
agencies, regulatory agencies, and professional agencies, meets 
regularly to discuss and coordinate investigative and prosecutive 
strategies as well as consumer education programs.
    Last spring, the Secret Service's Financial Crimes Division 
assigned a full-time special agent to the Federal Trade Commission 
(FTC) to support all aspects of their program to encourage the use of 
the Identity Theft Data Clearinghouse as a law enforcement tool. The 
Identity Theft and Assumption Deterrence Act established the FTC as the 
central point of contact for identity theft victims to report all 
instances of identity theft. The FTC has done an excellent job of 
providing people with the information and assistance they need in order 
to take the steps necessary to correct their credit records, as well as 
undertaking a variety of ``consumer awareness'' initiatives regarding 
identity theft. To date, the Secret Service representative at the FTC 
has:

         LMet with and made presentations to Federal, state and 
        local law enforcement about the FTC's Identity Theft Data 
        Clearinghouse and it's victim assistance program;
         LWorked closely with agents in the field to ensure 
        that they have access to the Consumer Sentinel system and are 
        comfortable using the Identity Theft Data Clearinghouse 
        database;
         LUsed the Identity Theft Data Clearinghouse to 
        identify possible case leads, and developed a protocol for 
        selecting which victim complaints are most likely to be 
        successful case leads for criminal law enforcement agencies;
         LDeveloped points of contact at the local, state and 
        Federal levels of government to receive case lead referrals 
        from the Identity Theft Data Clearinghouse database, and also 
        identified routines and procedures to be followed when 
        referring such cases; and
         LServed as both a presenter and an instructor at 11 
        law enforcement training conferences hosted by various law 
        enforcement agencies or organizations, such as the 
        International Association of Financial Crimes Investigators 
        (IAFCI) and the U.S. Marshal's Investigators Conference.

    It is important to recognize that public education efforts can only 
go so far in combating the growth of identity theft. Because Social 
Security numbers, in conjunction with other personal identifiers, are 
used for such a wide variety of record keeping and credit related 
applications, even a consumer who takes appropriate precautions to 
safeguard such information is not immune from becoming a victim.

PRECAUTIONS AND REMEDIES

    The Secret Service recommends that consumers take the following 
steps to protect themselves from credit card fraud and identity theft:

         LMaintain a list of all credit card accounts that is 
        not carried in a wallet or purse so that immediate notification 
        can occur if any cards are lost or stolen;
         LAvoid carrying any more credit cards in a wallet or 
        purse than is actually needed;
         LCancel any accounts that are not in use;
         LBe conscious of when billing statements should be 
        received, and if they are not received during that window, 
        contact the sender;
         LCheck credit card bills against receipts before 
        paying them;
         LAvoid using a date of birth, Social Security number, 
        name or similar information as a password or PIN code, and 
        change passwords at least once a year;
         LShred or burn pre-approved credit card applications, 
        credit card receipts, bills and other financial information 
        that you do not want to save;
         LOrder a credit report once a year from each of the 
        three major credit bureaus to check for inaccuracies and 
        fraudulent use of accounts; and
         LAvoid providing any personal information over the 
        telephone unless you initiated the call, and be aware that 
        individuals and business contacted via the Internet may 
        misrepresent themselves.

    Should an individual become the victim of identity theft, the 
Secret Service recommends the following steps:

         LReport the crime to the police immediately and get a 
        copy of the police report;
         LImmediately notify your credit card issuers and 
        request replacement cards with new account numbers. Also 
        request that the old account be processed as ``account closed 
        at consumers' request'' for credit record purposes. Ask that a 
        password be used before any inquiries or changes can be made on 
        the new account. Follow up the telephone conversation with a 
        letter summarizing your requests;
         LCall the fraud units of the three credit reporting 
        bureaus, and report the theft of your credit cards and/or 
        numbers. Ask that your accounts be flagged, and add a victim's 
        statement to your report that requests that they contact you to 
        verify future credit applications. Order copies of your credit 
        reports so you can review them to make sure no additional 
        fraudulent accounts have been opened in your name;
         LNotify the Social Security Administration's Office of 
        Inspector General if your Social Security number has been used 
        fraudulently;
         LFile a complaint with the Federal Trade Commission 
        (FTC) by calling 1-877-ID-THEFT or writing to them at Consumer 
        Response Center, Federal Trade Commission, 600 Pennsylvania 
        Ave. NW, Washington, DC 20580. Their web site can also be 
        accessed at www.ftc.gov/ftc/complaint.htm; and
         LFollow up with the credit bureaus every three months 
        for at least a year and order new copies of your reports so 
        that you can verify that corrections have been made, and to 
        make sure that no new fraudulent accounts have been 
        established.

CONCLUSION

    For law enforcement to properly prevent and combat identity theft, 
steps must be taken to ensure that local, state and Federal agencies 
are addressing victim concerns in a consistent manner. All levels of 
law enforcement should be familiar with the resources available to 
combat identity theft and to assist victims in rectifying damage done 
to their credit. It is essential that law enforcement recognize that 
identity theft must be combated on all fronts, from the officer who 
receives a victim's complaint, to the detective or Special Agent 
investigating an organized identity theft ring. The Secret Service has 
already undertaken a number of initiatives aimed at increasing 
awareness and providing the training necessary to address these issues, 
but those of us in the law enforcement and consumer protection 
communities need to continue to reach out to an even larger audience. 
We need to continue to approach these investigations with a coordinated 
effort--this is central to providing a consistent level of vigilance 
and addressing investigations that are multi-jurisdictional while 
avoiding duplication of effort. The Secret Service is prepared to 
assist this committee in protecting and assisting the Nation's largest 
growing population segment, with respect to the prevention, 
identification and prosecution of identity theft criminals.
    Mr. Chairman, that concludes my prepared remarks and I would be 
happy to answer any questions that you or other Members of the 
Committee may have.

                                 

    Chairman GEKAS. We thank the gentleman, we turn to the next 
witness, Mr. Ashley.

  STATEMENT OF GRANT D. ASHLEY, ASSISTANT DIRECTOR, CRIMINAL 
    INVESTIGATIVE DIVISION, FEDERAL BUREAU OF INVESTIGATION

    Mr. ASHLEY. Thank you, Mr. Chairman and Members of the 
Subcommittee. The FBI, along with Federal, State, and other 
agencies investigates persons who assume the identities of 
others to carry out violations of Federal law. These crimes 
include bank fraud, credit card fraud, violent crimes, mail 
fraud, money laundering, drug trafficking, bankruptcy fraud, 
computer crimes, terrorism, organized crime, and fugitive 
cases.
    These crimes, as has been previously mentioned, include the 
use of false identity, both at the planning of as well as 
carrying out and continuation of the crime.
    The false identity is providing a cloak of anonymity for 
the offender to prepare their crime, obtaining things such as 
covert mail drops, residence, office space, vehicles, and such, 
and then, finally, to carry on with the deception. This theft 
of identity or assumption of identity is not new to law 
enforcement. What is new is the pervasiveness through all the 
crimes. We are seeing it throughout most of our investigative 
programs in the FBI.
    We do not see it as a separate and distinct crime in the 
FBI, but it is a component of the various investigative 
programs.
    As has been previously mentioned, possession of a Social 
Security number is key to laying the groundwork for the process 
of taking over someone's identification and then obtaining 
other false documents, which can lead to drivers' licenses, 
loans, credit cards, and so on. It is also a crucial step in 
actually taking over a person's existing identity and then 
possibly, as has been mentioned before, depleting people's 
financial accounts, destroying their credit, and so on.
    The FBI works very closely with other law enforcement 
agencies at the Federal, State, and local level to address 
crimes which are carried out through the use of stolen 
identities, as well as with the Inspector General of the Social 
Security Administration.
    The FBI has participated in a recent identity theft sweep, 
which the Attorney General discussed earlier in May, as well as 
efforts to strengthen existing Federal laws and penalties with 
respect to identity theft. I believe that is in Senate bill 
2541.
    I was asked to provide an example of a case. Our New York 
division investigated the identity theft of six corporate 
executives, whose names were drawn from ``Who's Who in 
America.'' Three of them were deceased. This case has been 
adjudicated. The victims were executives from Hilton, Coca-
Cola, other major corporations. Essentially through an online 
information-broker, the offender obtained Social Security 
numbers and then other identification, and then made online 
purchases and others, using these persons' names. The total 
attempted amount was almost $1 million, and I think about 
$340,000 was obtained before this was shut down.
    We are also seeing where people in positions of trust, both 
inside government and outside, are abusing their positions to 
access information about people that they can subsequently use 
for obtaining false identification. Our cyberdivision, which 
was recently created in our reorganization, will have a 
component of it that will address online identity theft issues, 
which will support our other investigative programs.
    That concludes my remarks.
    [The prepared statement of Mr. Ashley follows:]
      Statement of Grant D. Ashley, Assistant Director, Criminal 
        Investigative Division, Federal Bureau of Investigation
    Good afternoon Chairmen and Members of the Subcommittees. On behalf 
of the Federal Bureau of Investigation (FBI), I would like to express 
my gratitude to the Subcommittees for affording us the opportunity to 
participate in this forum and to provide comment regarding preserving 
the integrity of Social Security numbers and preventing their misuse by 
terrorists and identity thieves.
    As the Subcommittees are well aware, the FBI, along with other 
Federal law enforcement agencies, investigates individuals who use the 
identities of others to carry out violations of Federal criminal law. 
These crimes include bank fraud, credit card fraud, wire fraud, mail 
fraud, money laundering, bankruptcy fraud, computer crimes, terrorism, 
organized crime, and fugitive cases. These crimes, carried out using a 
stolen identity, make the investigation of the offenses much more 
complicated. The use of a stolen identity enhances the chances of 
success in the commission of almost all financial crimes. The stolen 
identity provides a cloak of anonymity for the subject while the 
groundwork is laid to carry out the crime. This includes the rental of 
mail drops, post office boxes, apartments, office space, vehicles, and 
storage lockers as well as the activation of pagers, cellular 
telephones, and various utility services.
    Identity theft is not new to law enforcement. For decades fugitives 
have changed identities to avoid capture, and check forgers have 
assumed the identity of others to negotiate stolen or counterfeit 
checks. What is new today is the pervasiveness of the problem. The FBI 
does not view identity theft as a separate and distinct crime problem. 
Rather, it sees identity theft as a component of many types of crimes 
which we investigate.
    The recent ``sweep'' of identity theft prosecutions that the 
Attorney General announced on May 2, 2002, reflects how widespread 
identity theft has become and how it is associated with a wide range of 
criminal activities. The sweep involved 73 criminal prosecutions 
against 135 individuals in 24 districts. The crimes charged in these 
cases involving identity theft ranged from traditional fraud to murder. 
In one indictment in the Northern District of Illinois, for example, 
the defendant, who was facing Federal counterfeiting charges, allegedly 
murdered a homeless man and tried to fake his own death by making it 
look as though the deceased victim was the defendant. Other cases 
involved defendants who allegedly located houses owned by elderly 
citizens and assumed their identities in order to fraudulently sell or 
refinance the properties; a defendant charged with selling Social 
Security numbers on eBay; and a hospital employee allegedly stole the 
identities of 393 hospital patients to obtain credit cards using the 
false identities.
    This sweep, it should be noted, was the first part of a two-pronged 
strategy by Federal law enforcement to combat identity theft. The 
second prong involves efforts to strengthen existing Federal identity 
theft criminal statutes. Under S. 2541, which the Administration 
strongly supports, sentencing in a wide range of cases involving 
identification document fraud would be subject to a mandatory two-year 
enhanced penalty (over and above the sentence that would otherwise 
apply in a particular case). S. 2541 also would amend 18 U.S.C. 
1028(b)(2) to increase the maximum imprisonment for a section 
1028(a)(3) offense from three to five years, and would otherwise 
broaden the reach of the identity theft offense. In addition, S. 2541 
specifically would allow judges the discretion to impose consecutive 
sentences in cases involving multiple counts of aggravated identity 
theft, and it authorizes the Sentencing Commission to issue guidelines 
and policy statements governing the exercise of such discretion. We 
believe that these changes, if enacted, would go a long way to 
strengthening the penalties that could apply when defendants are 
dealing in multiple identification documents.
    Possession of someone else's Social Security number is key to 
laying the groundwork to take over someone's identity and obtain a 
driver's license, loans, credit cards, cars, and merchandise. It is 
also key to taking over an individual's existing account and wiring 
money from the account, charging expenses to an existing credit line, 
writing checks on the account or simply withdrawing money.
    The FBI works closely with other law enforcement agencies at the 
Federal, state and local level to address crimes which are carried out 
through the use of stolen identities. This includes working closely 
with the Social Security Administration's (SSA) Office of Inspector 
General to confirm the authenticity (i.e., the existence or non 
existence, of Social Security numbers being utilized by criminals).\1\ 
Our Detroit and St. Louis offices participate in official task forces 
established specifically to investigate crimes involving identity 
theft. In Memphis and Mobile, official task forces are being created 
and our offices will be participating in these task forces which will 
specifically investigate crimes involving identity theft. Numerous 
field offices have task forces that investigate various financial 
crimes which include an element of identity theft. Other offices simply 
address the crimes the FBI has always investigated, but now include an 
element of identity theft.
---------------------------------------------------------------------------
    \1\ In addition to the SSA's Office of Inspector General, the 
Federal Trade Commission and the United States Secret Service, among 
others, do important work in combatting identity fraud at the Federal 
level.
---------------------------------------------------------------------------
    A number of identity theft related problems are being seen by law 
enforcement that are caused by people in trusted positions within a 
business or government office that misuse the personal identifying 
information to which they have access. Additionally, people are 
improperly obtaining Social Security numbers without any legitimate 
access. Increases in security features on Social Security cards, alone, 
would not solve this problem as an actual card is seldom required for 
verifying someone's Social Security number. However, additional 
security and safeguards of the actual Social Security numbers could 
have a substantial impact.
    One case under investigation by one of our offices in conjunction 
with the U.S. Postal Inspection Service involves an individual who 
obtained personal identifying information such as the names, and dates 
of birth of attorneys in the Boston area from the Martindale-Hubbell 
directory of attorneys. Using this information, his co-conspirator 
visited the Massachusetts Bureau of Vital Records which has an open 
records policy and was able to obtain copies of birth certificates of 
his victims. According to interviews with the defendants, using the 
combined information, they were able to contact the Social Security 
Administration and obtain the victims' Social Security numbers. Once 
they obtained the Social Security numbers, they were able to order 
credit reports and look at the credit scores for these victims to 
determine their creditworthiness and where accounts already existed. 
Using this information they were able to make pretext calls to at least 
one bank and obtain the account number. This enabled them to wire 
transfer $96,000 from one of the victim's bank accounts, half of which 
went to a casino and the remainder went to one of the subject's 
personal accounts. One of these suspects also added authorized users to 
the victims' credit card accounts and ordered emergency replacement 
cards which were sent to them by overnight delivery. At the time of 
arrest, this individual was found to be in possession of at least 12 
different license or identification cards from three states and at 
least four or five credit cards, all in the names of the victims whose 
identity he had stolen. Although there are a number of enabling flaws 
in the system, including open records policies in some states, there 
was also an apparent lack of verification by the Social Security 
Administration as to whether or not the person armed with the 
information and requesting the Social Security number was truly the 
person to whom the Social Security number belonged.
    One of our field offices is currently investigating a case whereby 
Social Security numbers for children of various ages have been sold to 
individuals with bad credit for future use in obtaining credit. It is 
unknown at this time as to how these numbers were obtained. However, 
individuals who obtained these numbers acted as middlemen. As part of 
the sale of the Social Security numbers to the actual users, they 
formed companies which they used to falsely report positive credit 
information on these Social Security numbers to the credit reporting 
agencies. Such information included loan payoffs and information on 
other fictitious credit accounts which were paid off. This information 
boosted the user of the number's credit history and thereby the user's 
credit score. Next the users applied to legitimate credit issuers, 
including mortgage companies and were able to obtain credit. The users 
were instructed they could use their true names with these Social 
Security numbers, but not to use any previous addresses or other 
information similar to their previous credit record that could cause 
the credit reporting agencies to possibly merge their old and new 
credit files. Since the victims are children and are not applying for 
any credit, they are not aware their Social Security numbers were used 
in this way. As a result, these victims are not filing any complaints 
with law enforcement, the credit reporting agencies or any of the 
defrauded creditors. When these victims later become old enough to 
attempt to establish credit, they will learn about this activity.
    A case our New York office investigated included the use of the 
personal identifying information of six prominent executives, three of 
whom were deceased. Although this information was not received directly 
from the Social Security Administration, using the names of these 
deceased executives, this individual, who was later convicted, paid 
Internet information brokers to obtain these executives' Social 
Security numbers. After obtaining their Social Security numbers, he 
fraudulently obtained bank account and credit card numbers as well as 
other personal identifying information for these executives. He then 
impersonated these executives and purchased diamonds and Rolex watches 
over the Internet, and either wire transferred money from one of his 
victim's bank accounts or used one of his victim's credit card numbers. 
This individual had ordered approximately $730,000 in diamonds and 
Rolex watches but was only able to take delivery on just over half of 
this merchandise. There needs to be some serious review of the 
availability of personal identifying information, including the Social 
Security number, over the Internet, especially through these types of 
information brokers who can provide this information for a fee.
    Like some other States, Hawaii utilizes the drivers' Social 
Security number as its drivers license number. One significant case in 
our Honolulu field office, operation CARD SHARKS, was a financial 
institution fraud investigation that also targeted businesses dealing 
in the production of false identifications. Several of the subjects 
identified during the investigation utilized stolen Hawaii driver's 
licenses, including real identities and Social Security numbers to make 
their false identifications. These individuals then opened bank 
accounts under their assumed names to commit financial institution 
fraud. Other aspects of this investigation included subjects who 
utilized real names and addresses, but would make up Social Security 
numbers to commit their crimes. This was a joint investigation with 
Federal and local law enforcement that resulted in seventeen 
indictments. Search warrants were executed on six different locations 
and all six sites had evidence of violations of Title 18, United States 
Code, Section 1028.
    As far as terrorism matters are concerned, since December 2001, the 
Social Security Administration has provided prompt support to the FBI's 
Terrorist Financing Operations Section's initiative of identifying 
misuse of Social Security numbers. The FBI has been taking Social 
Security numbers identified through past or ongoing terrorist 
investigations and providing them to the Social Security Administration 
for verification. This multi-phase project seeks to identify potential 
terrorist related individuals through Social Security number misusage 
analysis.
    Once the validity or non-validity of a Social Security number has 
been established, investigators look for misuse of Social Security 
numbers by checking immigration records, Department of Motor Vehicle 
records, and other military, government, and fee-based data sources. 
Incidents of Social Security number misusage are separated according to 
type and forwarded to the appropriate investigative and prospective 
entity for follow-up.
    With assistance from the Social Security Administration, 
approximately 150 instances of potential Social Security number 
misusage have been identified. Each identified instance of potential 
Social Security number misuse must be resolved through field 
investigation. This process is continuing with ongoing investigations.
    The Social Security Administration's information should have very 
stringent limitations placed on its access and availability to the 
general public. However, we must be careful not to make it more 
difficult for law enforcement to conduct their investigations and 
access this information. There appears to be a need for various 
businesses, including the banking community, as well as government 
agencies to run verifications of the legitimacy of Social Security 
numbers used by individuals when conducting business. However, this 
could be accomplished without providing broad access to the universe of 
Social Security numbers.
    In addition to these general concerns, there are some other, more 
specific potential issues involving access to Social Security 
Administration information that I would prefer not to discuss in open 
session so as not inadvertently to aid potential criminals.
    Mr. Chairmen and Members of the Subcommittees, that concludes my 
prepared remarks. I would be happy to attempt to answer your questions 
at this time.

                                 

    Chairman GEKAS. Thank you, Mr. Ashley. We now turn to Mr. 
Huse, the Inspector General of Social Security.

 STATEMENT OF THE HON. JAMES G. HUSE, JR., INSPECTOR GENERAL, 
                 SOCIAL SECURITY ADMINISTRATION

    Mr. HUSE. Good afternoon, Mr. Chairman, Mr. Johnson, and 
Members of both Subcommittees. I am pleased to be back here for 
the seventh time to talk about Social Security number integrity 
issues this year. So, I guess this is a pretty important topic.
    Chairman GEKAS. You have to get it right this time.
    [Laughter.]
    Mr. HUSE. I will get it right this time.
    [Laughter.]
    Mr. HUSE. I am going to dispense with most of these oral 
comments because I think they've been made by others and just 
try to sum my testimony up into some key points.
    One, I think as you heard from our Deputy Commissioner, the 
Social Security Administration has made an awful lot of 
progress since September 11 in dealing with the enumeration 
business process and trying to strengthen it. I have to 
acknowledge that.
    However, there are still some things that have to be done. 
One of the most critical areas is the need for some 
legislation, and I know Chairman Shaw has his bill introduced, 
and that would be a big help.
    The legislation we need would limit the use and display of 
the Social Security number already in circulation in the public 
and private sectors; enhance the present arsenal of criminal, 
civil, and administrative penalties to deter and/or punish 
identity thieves; and require cross-verification of Social 
Security numbers through both governmental and private sector 
systems of records to identify and address those anomalies that 
will come out of that process.
    This is the most common-sense way and readily available way 
to bring back some integrity into the Social Security number 
without a lot of new bureaucracy. I can't urge anything more. 
That is what I really came to say this afternoon.
    I think that there has been a significant amount of focus 
on these issues, but we come to a point where there is a 
natural dilemma that is present between the legitimate 
interests of law enforcement and the legitimate interests of 
social insurance and privacy. These all collide, and we need 
the Congress's help in determining how we go forward from here, 
while we preserve the best intentions of each of those pieces 
of legislative action in the past.
    There is a tension there, and it can't be ignored. Some of 
the problems that we speak to here today come from those issues 
that need to be addressed.
    That is the substance of why I came here this afternoon, 
and I would be glad to answer any questions during the question 
period.
    [The prepared statement of Mr. Huse follows:]
  Statement of the Hon. James G. Huse, Jr., Inspector General, Social 
                        Security Administration
Introduction
    Good afternoon, Chairman Shaw, Chairman Gekas, Ranking Member 
Matsui, Ranking Member Jackson Lee, and Members of the Subcommittees on 
Social Security and Immigration, Border Security, and Claims. I welcome 
the opportunity to be here today to discuss homeland security as it 
relates to the integrity of the Social Security number (SSN). This is 
my seventh appearance before a congressional hearing this year to 
discuss the importance of extending protections for SSN integrity, and 
I cannot bring this message to Congress too often.
    My testimony today follows up my June 25th testimony before 
Chairman Gekas, Ranking Member Jackson Lee, and Members of the 
Subcommittee on Immigration, Border Security, and Claims. Today I would 
like to examine further the role SSN fraud plays in crime and terrorist 
activity, and some methods by which criminal fraud is executed 
utilizing stolen or fraudently-obtained SSNs.
    The problem of SSN fraud as it applies to terrorist activities can 
be very different from using the SSN for illicit gain. Let me focus on 
the challenge of homeland security, because while the financial crimes 
involving SSN misuse are also serious, they are perhaps less deadly and 
yet better known to Congress. Both aspects are part of the growing 
phenomenon of false identity, and both call for protecting the 
integrity of the SSN.
    Let me say at the outset that the Social Security Administration 
(SSA) has worked very hard in recent years and made significant 
progress in strengthening the defenses of the SSN, implementing 
important suggestions our office has made and working with us to find 
solutions. There is more to be done, and it includes legislative 
action.
    Our audit and investigative work identifies three distinct 
approaches to SSN integrity for which legislation is critically needed. 
The first area is limiting the use and display of the SSN already in 
circulation in the public and private sectors. Second, the present 
arsenal of criminal, civil, and administrative penalties is clearly 
insufficient to deter and/or punish identity thieves. The third 
approach is requiring the cross-verification of SSNs through both 
governmental and private sector systems of records to identify and 
address anomalies in SSA's files, and in data bases at various levels 
of government and the financial sector. I will discuss these further 
below.
The Risk to Homeland Security
    In calendar year 2000 alone, SSA issued approximately 1.2 million 
SSNs to non-citizens, out of some 5.5 million SSNs issued in all. A 
recently conducted Office of Inspector General (OIG) study indicates 
that 8 percent (about 96,000) of those 1.2 million SSNs were based on 
invalid immigration documents, which SSA processes did not detect. We 
have no way of determining how many SSNs have been improperly assigned 
to non-citizens.
    The issuance of SSNs based on invalid documentation creates a 
homeland security risk. My office has participated in 24 airport 
security operations across the country with the Department of Justice 
(DOJ) and its Joint Terrorism Task Forces and other Federal agencies 
since the 9/11 terrorist attacks a year ago. The aim is to ensure that 
no airport employee who has misrepresented his or her SSN and identity 
has access to secure areas of the Nation's airports. OIG's focus in 
airport security operations has been SSN misuse and false statements. 
Hundreds of people have been arrested to date, and more importantly, 
have been denied access to the secure areas that represent a 
significant vulnerability to terrorism.
    Immediately after the terrorist attack of September 11, 2001, we 
sought to determine if and how the hijackers might have obtained SSN's. 
We may never know with absolute certainty how many of the 19 hijackers 
of September 11th used improperly obtained SSNs, or how they obtained 
them. The investigation into the events of that day, and related work, 
revealed the importance of the SSN in any attempt at assimilation into 
American society. Today, it is unrealistic to believe that the SSN is 
simply a number for tracking workers' earnings and the payment of 
social insurance benefits. The SSN has become the de facto national 
identifier. Protecting the integrity of that identifier is as important 
to our homeland security as any border patrol or airport screening.
    Let me give you an example of this threat from a case that is just 
completing the sentencing phase. The Anti-Terrorist Task Force arrested 
a naturalized American citizen who had trained with Palestinian 
guerrilla groups in Lebanon since he was 12 years old. He was carrying 
a loaded semi-automatic pistol and an assault rifle in the back seat of 
his car, along with four loaded 30-round magazines for the rifle and 
hundreds of rounds of additional ammunition. In his home were a 
calendar with September 11th circled in red, three different Social 
Security cards in his name, a false Alien Registration Card, evidence 
of credit card fraud and $20,000 in cash, as well as a wood carved 
plaque with the name of the terrorist group ``Hamas'' on it. We 
determined he had obtained the three different SSNs from SSA by 
falsifying two of his three SSN applications. He had used them to get 
jobs as a security guard and as an employee with the multi-billion-
dollar Intel Corporation, when a criminal history check would have kept 
him from getting either job under his true identity.
    Failure to protect the integrity of the SSN has enormous financial 
consequences for the Government, the people, and the business 
community. We must protect the number that has become our national 
identifier and the key to social, legal, and financial assimilation in 
our country.
    It is becoming more and more apparent that those connected with 
terrorism will at some point obtain SSNs. They may buy them, they may 
create them, or they may obtain them from SSA directly through the use 
of falsified immigration records. But to operate in the United States, 
they need those numbers, and we must take those steps necessary to 
ensure that those numbers do not come from SSA.
    While SSA alone cannot solve the complicated problem of homeland 
security, no government agency, system or policy should be ignored. 
Congress and SSA, as public stewards, must continue their efforts to 
strengthen the systems and processes that minimize the use of SSNs for 
illegal purposes. SSN integrity is a link in our homeland security that 
must be strengthened and sustained.
Federal Interagency Coordination and Cooperation
    You have asked that I comment on Federal interagency coordination 
and cooperation to verify identification documents and to detect and 
prevent fraud. We recently issued a Management Advisory Report entitled 
Social Security Number Integrity: An Important Link in Homeland 
Security. This report said it is critical that SSA independently verify 
the authenticity of the birth records with States, immigration records 
with Immigration and Naturalization Service (INS), as well as other 
identification documents presented by an applicant for an SSN.
    Additionally, in other reports, we have urged full and expedited 
implementation of a joint Enumeration at Entry program in which the 
Agency would issue SSNs to non-citizens upon their entry into the 
United States, based on information obtained from INS and the 
Department of State. Until September 11th, SSA had limited success 
encouraging INS to move quickly on these planned initiatives.
    We continue to work with other Federal officials to ensure that we 
are doing all that we can to assist the DOJ and others to use SSN 
information in the homeland security context. We are in constant 
contact with these Federal officials and agencies and with other 
committees of both houses of Congress to provide expertise and 
assistance in the analysis of data and the creation of legislation 
aimed at protecting the SSN and preventing it from being used 
improperly. We appreciate your interest in these issues, and your 
support of increasing cooperation, coordination, and information 
sharing between SSA and the Departments of Justice, State, and 
Treasury.
Legislative Proposals to Combat SSN Misuse and Protect Privacy
    Let me take this opportunity to recommend some legislative 
proposals aimed at combating SSN misuse and protecting privacy. While 
no legislation can eradicate SSN misuse and identity theft altogether, 
the criminal penalties that exist today are clearly insufficient to 
either deter or punish identity thieves. Members of both houses of 
Congress have introduced legislation over the past several years to 
deal with the national dilemma presented by SSN misuse and identity 
theft.
    The felony provisions of the Social Security Act have no civil or 
administrative counterparts. Federal prosecutors cannot pursue every 
SSN violation criminally, or even civilly. We have found the Civil 
Monetary Penalty program to be an effective tool in the similar area of 
program fraud, and could have a useful impact in the area of SSN misuse 
if Congress would grant us such authority. We have asked before, and I 
ask again--vest in us the authority to impose penalties against those 
who misuse SSNs.
    We also believe it is time to consider enhancing the penalties for 
identity theft violations. Congress should also move beyond the 
penalties for the improper use of another person's identity to address 
the problem of selling SSNs and other Social Security information. We 
should strengthen the laws on sales and enhance the sentencing 
guidelines to allow us to better address this aspect of identity theft 
today. Congress might consider something on the order of escalating 
penalties, perhaps parallel to the treatment of drug cases.
Controlling SSNs in Circulation
    Another area in which legislation is sorely needed is in limiting 
the use and display of the SSN in the public and private sectors. 
Although we cannot return the SSN to its simple status of a half-
century ago, we must take steps to limit its use and to limit the 
expansion of its use. First and foremost, it is time to make the 
difficult determinations as to those uses that are appropriate and 
necessary, and those that are merely convenient.
    One easy decision can be made now. The public display of SSNs--on 
identification cards, motor vehicle records, court documents, and the 
like--must be curtailed immediately. Those who use the SSN must share 
the responsibility for ensuring its integrity. We can prevent identity 
thieves and other criminals from walking out of a municipal courthouse 
with the means of committing state-facilitated identity theft. The cost 
to the victims of identity theft, and to all of us, is too great. And 
the potential for using SSNs to support acts of violence and terrorism 
is unthinkable.
    Congress should consider requiring the cross-verification of SSNs 
through both governmental and private sector systems of records to 
identify and address anomalies in SSA's files, and in data bases at 
various levels of government and the financial sector. Only in such a 
way can we combat and limit the spread of false of identification and 
SSN misuse. In this way can we correct errors on a timely basis that 
might otherwise keep workers from receiving full credit for years of 
labor, credit that can be nullified by simple typographical errors in 
submitting their data. Similarly, all law enforcement agencies should 
be provided the same SSN cross-verification capabilities currently 
granted to employers. The rewards of cross-verification can be great, 
and it does not require major expenditures of money or the creation of 
new offices or agencies. It would use data the Federal, State and local 
governments and the financial sector already have.
    I have come before you today not only to report on what has been 
done so far, but also to ask that Congress instruct us on the path to 
follow in resolving conflicts of law and policy. We face contradictions 
among serious and legitimate interests regarding the sharing of 
information between agencies--and, indeed, often within a single 
agency--and privacy, and between Federal laws pertaining to immigration 
and our Nation's economic interests.
    In this vein, I would urge Congress to examine whether sufficient 
authority--and, indeed, requirement--for data-sharing exists in current 
law. In recent months, SSA has sent about 800,000 letters to employers 
and some 7 million letters to workers in an attempt to clean up 
discrepancies created when employers submit employee names and SSNs 
which do not match information in SSA files. SSA provides the Internal 
Revenue Service (IRS) with information on the employers with the 
highest volume of discrepancies, because only the IRS can levy 
penalties. SSA has no authority to levy penalties when employers submit 
invalid name and SSN combinations. SSA does not have a similar process 
in place to share this mismatched data with the INS. As we have learned 
since September 11 of last year, agencies must be able to share 
information that can make linkages that will help head off threats and 
enforce our laws. That authority must be made clear in statute.
    We still need legislation that regulates the use of the SSN and 
provides enforcement tools to punish its misuse. If we are to head off 
the many crimes identity theft breeds--the fraud against public and 
private institutions, the ruin of people's security, possibly even the 
disguising of terrorists as ordinary people--we need legislation with 
provisions such as:

         LRestrictions on the private and governmental use of 
        SSNs. This should include restrictions on the sale of SSNs by 
        governmental agencies, prohibition of the display of SSNs on 
        government checks and driver's licenses or motor vehicle 
        registrations, and some prohibitions of the sale, purchase, or 
        display of the SSN in the private sector.
         LProhibitions of prison inmate access to SSNs.
         LRestrictions on unfair or deceptive acts or 
        practices, such as refusals to do business without receipt of 
        an SSN.
         LConfidential treatment of credit header information.
Two Small Changes in Existing Law Would Strengthen SSN Integrity
    We have recently had several cases in which an individual with a 
legitimate SSN sells that SSN to a third person. The seller may or may 
not then go to SSA and request a replacement Social Security card. This 
furthers the phenomenon of false identity.
    The issue is this: how can we charge the individual who sells his 
SSN? The identity theft statute forbids the use of another person's 
means of identification without lawful authority. Likewise, the Social 
Security Act prohibits a person from presenting another person's SSN as 
his or her own. It does not appear to address the situation of a person 
selling his or her own SSN to a third person.
    We are currently researching whether there is a criminal statute 
such as conspiracy or aiding and abetting that may be applicable. We 
are also looking at whether such people may be prosecuted for making 
false statements if they return to SSA and request a replacement card.
    Legislative action should resolve this problem. A suggested 
solution may be to amend section 208 of the Social Security Act, 42 
U.S.C. 408, to add a subsection prohibiting the sale of an individual's 
SSN by that individual. SSA assigns an individual a unique SSN to 
accurately track the wages and earnings of the individual. SSA 
regulations state that ``Social Security number cards are the property 
of SSA and must be returned upon request.'' Such language should also 
apply to the number itself. The SSN was not meant to be the property of 
the individual it identifies, and its sale by any person, including the 
persons identified by the number, should be made illegal.
    I would mention one other problem that could be easily remedied 
with minor changes in the law. Current language in 18 U.S.C. Sec. 1028 
primarily addresses fraud in connection with identification documents. 
It has been a problem to proceed under the statute when we arrest 
someone with a sheet or printout of, say, 50 to 100 SSNs as these SSNs 
are not technically on a Social Security card. Therefore, in any 
amendment or new legislation put forth, I would urge you to address 
both the Social Security card and SSN.
SSNs, Immigrants, and the Earnings Suspense File
    SSA's Earnings Suspense File (ESF) is an indicator of the problem. 
The ESF is the Agency's record of annual wage reports submitted by 
employers for which employee names and SSNs fail to match SSA's 
records.
    Most immigrants--about 75 percent--come to the United States 
legally, many to join close family members. However, INS estimated the 
illegal immigrant population reached about 5 million in 1996, not 
including the 3 million who were given amnesty under the Immigration 
Reform and Control Act of 1986. INS estimates the number of 
undocumented (i.e., illegal) immigrants continues to grow by about 
275,000 each year.
    To acquire an SSN improperly, undocumented immigrants either apply 
for a ``legitimate'' SSN using false documents, or they create or 
purchase a counterfeit Social Security card. Since an undocumented 
immigrant is not required to show a Social Security card prior to 
hiring, he or she may simply invent a nine-digit number. These are all 
criminal acts. This SSN may be one the Agency has already assigned to 
another individual (stolen SSN) or one never assigned (fake SSN).
    SSA acknowledges that illegal immigrants account for a significant 
portion of items in the ESF. Three industries--agriculture, food and 
beverage, and services--account for almost half the wage items in the 
ESF. Agriculture is the largest contributor, representing about 17 
percent of all ESF items. In one study of 20 agriculture employers, we 
determined that 6 of every 10 wage reports submitted by these employers 
had incorrect names or SSNs. From 1996 through 1998, these 20 employers 
submitted over 150,000 wage items for which the employee's name and/or 
SSN did not match SSA records, representing almost $250 million in 
suspended wages over the 3-year period.
    A moment ago, I discussed SSA's letters to employers and workers 
aimed at clearing up discrepancies in the ESF. As I noted, SSA has no 
legal authority to levy fines and penalties against employers or 
employees who submit incorrect SSN information on wage reports. As 
provided by law, SSA must rely on the IRS to enforce penalties for 
inaccurate wage reporting and upon the INS to enforce immigration laws. 
IRS has been reluctant to apply penalties, and SSA and the INS have had 
limited collaboration on the issue.
    Applying penalties would have a ripple effect on employers who 
consistently submit wage reports for employees whose names and SSNs do 
not match SSA's records. Although SSA is primarily interested in 
penalizing the most egregious employers, IRS staff expressed concern 
with the application of even these penalties. IRS senior staff members 
believe they and SSA would have a difficult time determining whether an 
employer exercised appropriate diligence in obtaining the necessary 
information from employees. We believe SSA could provide the IRS with 
sufficient evidence to show an employer knew or should have known its 
employees' SSNs were incorrect. Despite the concerns of IRS, the two 
agencies held discussions to explore the enforcement of an existing 
penalty provision ($50 per incorrect wage report) for employers who 
repeatedly submit erroneous name and/or SSN information.
    In calendar year 2000, based on this agreement, SSA provided a list 
of 100 of the most egregious employers to the IRS. These employers 
submitted the largest number of name/SSN match failures in consecutive 
years. The IRS expressed interest in the listing but, to date, has not 
assessed penalties.
    SSA's coordination with the INS has been minimal. For example, SSA 
does not provide the INS a list of employers who repeatedly submit 
erroneous name and/or SSN information. In a previous audit report, we 
recommended that SSA:

        (1) Lcollaborate with INS to develop a better understanding of 
        the extent that immigration issues contribute to SSN misuse and 
        growth of the ESF, and
        (2) Lre-evaluate its application of existing disclosure laws or 
        seek legislative authority to remove barriers and allow SSA to 
        share with the INS information regarding employers who 
        chronically submitted incorrect wage reports. SSA disagreed 
        with our recommendations and stated that its interpretation of 
        the privacy and disclosure issues is accurately applied and 
        continues to provide appropriate disclosure guidance within 
        existing authority.

    The intent of our recommendations was to suggest that the Agency 
look for avenues under current law and regulations first before seeking 
legislative authority. We acknowledge SSA's efforts to combat SSN 
misuse and reduce the ESF's growth. However, given the magnitude of SSN 
misuse by unauthorized non-citizens, we continue to believe SSA should 
take preemptive and preventive measures to ensure the SSN's integrity. 
We continue to believe that the sharing of such information in certain 
situations would stem the growth of SSN misuse for employment purposes.
The Fruits of Illegal Labors
    SSA allows an individual to present evidence of a work history on a 
non-work SSN or as an illegal alien, and to receive credit for the work 
towards Old-Age, Survivors and Disability Insurance (OASDI) benefits. 
SSA provides these benefits to people based upon their lifetime 
earnings reported under a valid SSN. The number of quarters of earnings 
maintained on the ESF determines whether an individual has enough 
credits for insured status. SSA creates a work history for all 
individuals with a valid SSN, even when:

         Lthose earnings are based on a non-work SSN, or
         Lthose earnings are added later for an individual who 
        was in the country illegally at the time of earnings but who 
        subsequently becomes eligible for a valid SSN.

    As long as an individual can prove that earnings belong to him or 
her, SSA will provide earnings credits to that individual. Once these 
earnings are recorded, these individuals are essentially treated as any 
other individual applying for OASDI benefits.
    One problem is the widespread use of non-work SSNs by people who 
work in the economy illegally. The earnings from illegal work from 
these people is recorded directly in the SSA claims systems for their 
future credit. In our September 1999 report, Review of Controls Over 
Non-work Social Security Numbers (A-08-97-1002), we estimated that 
unauthorized earnings associated with non-work SSNs may have already 
cost SSA's trust funds $287 million, and could cost the trust funds as 
much as $63 million annually. In our report, we recommended that SSA 
propose legislation to prohibit the crediting of non-work earnings and 
related quarters of coverage for purposes of benefit entitlement.
    In addition, people who are in the country illegally and working 
under a created SSN, or misusing someone else's SSN, can later rebuild 
their earnings record from wage items posted to the ESF. In such a 
case, an individual could work illegally in the United States for 25 
years, later request and receive a valid SSN, and then ask SSA to 
locate those suspended earnings that SSA could not post due to an 
invalid name/SSN combination. Once found, SSA can reinstate these 
earnings to this individual's earnings record. The individual claiming 
the wages would only need to provide corroborating documents, such as 
relevant wage reports, for the period of claimed earnings. These newly 
posted earnings can then be used to make the individual eligible for 
OASDI benefits.
    Our reviews of the suspended wages in the ESF suggest that illegal 
work is the primary cause of suspended wages. These claims represent a 
future obligation to the SSA that is growing at a rapid rate. Under 
current SSA procedures, workers who are subsequently issued a legal 
residency card under an amnesty or other INS procedures can 
subsequently recover most of these wage claims.
    In addition, we do not have a good number for illegal aliens 
receiving work credits. We routinely identify some of them through our 
audits and investigations, but these are not all-encompassing. For 
example, in a recent report, we projected that almost 100,000 non-
citizens obtained SSNs in calendar year 2000 with false documents. 
Approximately 42 percent of those had earnings posted to their 
accounts, thereby receiving work credits. Nonetheless, this figure does 
not take into account any future wages these 100,000 may earn. 
Furthermore, the 100,000 figure does not include illegal aliens using 
other people's SSNs for work purposes and whose earnings either end up 
in the ESF or incorrectly posted to the legitimate number-holders' 
accounts.
    SSA has recently changed its policies governing the issuance of 
non-work SSNs so that it is likely that fewer than 30,000 non-work SSNs 
will be issued in 2002. However, many non-work SSNs remain in 
circulation. Prior to the recent curtailment, SSA had issued roughly 
7.3 million non-work SSNs since 1974.
    Viewed another way, although such aliens may be residing and 
working illegally in our country, they are doing work for pay, they are 
paying taxes, and they are accumulating earnings records with SSA in 
the same manner as legal workers. SSA's policy of allowing such workers 
who subsequently obtain bona fide SSNs to recreate their files so as to 
capture the fruits of their labors are drawn from the agency's mission, 
history, and understanding of the Social Security Act, rather than from 
a lack of concern for immigration law.
    Here, once again, I submit that we are in need of this body's 
guidance to resolve a dilemma of legitimate interests. We find 
ourselves stuck in a quagmire of contradictory interests that has 
resulted in the absense of clear, controlling laws and regulations, or 
in the ignoring of those laws and regulations that do exist.
Conclusion
    We believe SSA has a clear and important role in homeland security. 
We appreciate your interest in these issues, and your support of 
increasing cooperation, coordination, and information sharing between 
SSA and the Departments of Justice, State, and Treasury. We believe our 
earlier recommendations and legislative proposals should be considered 
in any future discussion on homeland security. It is also important 
that we be able to reduce the growth of the ESF, and I commend SSA for 
the efforts it has made. More needs to be done, even though the ESF 
problem is more a symptom of the undermining of SSN integrity rather 
than a cause of it. Finally, we need to change the current laws which 
allow illegal work to be used in obtaining Federal benefits. Ours is a 
Nation of laws, and those laws originate here. I ask for your help in 
clarifying and strengthening the laws, and toughening the penalties 
that are designed to improve the integrity of the SSN, which is a key 
component of homeland security.
    Thank you.

                                 

    Chairman GEKAS. We thank you, and now we turn to Mr. Reindl 
from New York.

    STATEMENT OF MATTHEW JAMES REINDL, OPERATOR, STYLECRAFT 
              INTERIORS INC., GREAT NECK, NEW YORK

    Mr. REINDL. Chairman Gekas and Members, thank you for the 
privilege to testify today. My name is Matthew Reindl. I 
operate of a small family owned woodworking factory. I am here 
to speak for the tens of thousands of law-abiding small-
businessowners who are being adversely affected, many forced to 
close, because of the illegal hiring practices of some of our 
competitors. These unlawful employers are able to operate 
because of the lack of enforcement by some Federal agencies, 
such as INS and IRS.
    On behalf of the majority of businesses who carefully 
comply with Federal tax and wage reporting requirements, I want 
applaud Commissioner Barnhart for directing the Social Security 
Administration to send out the much-publicized letters to 
employers and employees with mismatched W-2 wage items.
    If a mismatch of Social Security numbers is not a typo, it 
means that the person has false identification. The government 
has no idea who this person is, where this person came from, or 
what the person is doing in the country. We have no way of 
knowing if this undocumented person is a terrorist here with 
the intent to harm our Nation.
    In the wake of the September 11 murders, no American can 
oppose the Social Security Administration's need to share 
information with the INS. The INS needs to investigate those 
companies which knowingly employ illegal workers and penalize 
them.
    I hope that President Bush will require the other Federal 
agencies to enforce wage and labor laws so that my company will 
no longer have to compete from a disadvantage. Our company is a 
family business formed by my grandfather in 1951. It took him 
20 years from when he entered the country legally to open a 
woodworking factory with the money he saved.
    With other legal immigrants at his side, he made the 
American dream happen. The factory was passed on to my father 
and now on to me, the third generation.
    Our company has employed Turks, Armenians, Haitians, 
Italians, Yugoslavians, and also a Jewish Holocaust survivor 
from Holland. The diversity of our shop makes our conversations 
lively.
    Many of my employees waited 5 to 7 years to enter our 
country legally. They did the right thing. They obeyed our 
laws. Now people who broke the law are keeping down their 
wages. They wonder why both the Federal and State governments 
refuse to enforce any laws when it comes to illegal immigrants.
    Our company pays withholding taxes and fair wages to our 
workers. We pay the entire cost of health insurance. However, 
with increasing competition from employers using illegal 
aliens, I fear we will not be able to provide health insurance 
to our employees. In fact, I may even be forced out of 
business. Unfortunately, my company has to compete with 
employers who are paying off the books and committing workers' 
compensation fraud, unemployment fraud, Federal and State tax 
fraud, and Social Security fraud.
    In my written testimony, I have created a simple 
illustration that compares the cost of a legitimate employer to 
that of a lawbreaking employer who pays $500 per week off the 
books. My example shows that the labor costs for the honest, 
law-abiding employer are roughly 80 percent higher than for the 
employers hiring illegal workers.
    Chairman and Members of the Subcommittee, Federal law 
prohibits anyone from hiring illegal aliens. Local governments, 
private and church organizations, are setting up so-called 
hiring sites so that legal and illegal immigrants can work off 
the books and disregard Federal and State laws. Long Island 
towns, such as Farmingville, Glen Cove, Freeport, Huntington, 
and Farmingdale, have these unorganized and organized hiring 
sites and many more are emerging.
    Without employment or the hope of employment, illegal 
aliens would not be tempted to enter our country in violation 
of our laws. Employers need to be prosecuted for hiring illegal 
workers, and legal immigrant workers need to believe that all 
employers respect our laws.
    I honestly believe that there are a growing number of 
businesses that hire illegal aliens. If there is no 
enforcement, that number will grow and grow and grow.
    The Federal Government cannot allow a criminal minority of 
employers to profit from illegal labor practices. It undermines 
the founding principles of our Nation. When employers ignore 
immigration law, it tends to lead to other laws being broken, 
such as Social Security fraud, workers' compensation fraud, and 
income tax fraud. Because of the lax enforcement from other 
agencies of government, honest, law-abiding employers are being 
punished.
    That concludes my testimony, and I look forward to your 
questions. Thank you.
    [The prepared statement of Mr. Reindl follows:]
Statement of Matthew James Reindl, Operator, Stylecraft Interiors Inc., 
                          Great Neck, New York
    Mr. Chairman and Members of the Subcommittee: I am extremely 
honored, and I thank you for the privilege to testify at today's 
hearing. My name is Matthew Reindl and I am an operator of a small 
family owned woodworking factory. I am not a paid lobbyist, and I do 
not draw a salary from any political or social advocacy group. I 
believe I am speaking for the tens of thousands of law abiding small 
business owners, who are being adversely affected, many forced to 
close, because of illegal hiring practices of employers.
    I am thankful that President Bush has appointed someone to the 
Social Security Administration who has taken steps to have businesses 
comply with the law. On behalf of those tens of thousands of small 
businesses who carefully comply with Federal tax and wage reporting 
requirements, I want to applaud Commissioner Barnhart for directing the 
agency to send out the much publicized letters to employers and 
employees with mismatched W-2 wage items.
    A mismatch of Social Security numbers could mean two things. In 
many cases it could be a simple typographical error. Our company is 
familiar with this type of error. The correct number can be resubmitted 
to the Social Security Administration, and the problem will be solved.
    However, if it is not the case of a simple mix-up, it means that 
the person supplying the documents has falsified his or her 
identification, and neither the employer nor the government has any 
idea who this person is, or where this person came from or what this 
person is doing here in this country. We have no way of knowing if this 
unknown undocumented person is a terrorist here with the intent to 
destroy this Nation. If verifying Social Security numbers can prevent 
terrorism it is a necessity. In the wake of the 9/11 murders, no 
American can be opposed to the Social Security Administrations need to 
share this information with INS. INS needs to investigate those 
companies which knowingly employ illegal workers and penalize them.
    Our country has maintained rational laws for legal immigrants. Our 
immigration laws provide an organized procedure for people to enter our 
country legally and obtain legal employment. Our company has been 
employing legal immigrants with for more than fifty years. Seven of our 
ten current employees were legal immigrants when they joined us. In 
fact, our company's skilled workforce has been built by the positive 
effects of our immigration laws.
                       The Reindl Family Business
    Many Americans emigrated from another country. Parents, 
grandparents, great grandparents made a journey for America and came 
for the opportunities America had to offer. My grandfather, who was a 
trained cabinetmaker, made that journey from Europe in 1930. Back in 
those days an immigrant had to be sponsored in order to enter our 
Nation legally, and thus he did so. He was a man that always obeyed the 
law and taught his family to respect the rules and laws of the country.
    In 1951, 20 years after he entered this country, he was bold enough 
to open a woodworking factory with the money he saved through the 
years. With other legal immigrants at his side he made the American 
dream happen. Hand in hand different cultures working together to 
fulfill many dreams. The factory was passed onto my father and now onto 
me, the 3rd generation. Today as it was 50 years ago I work with 
American citizens and legal immigrants. Our company has employed Turks 
and Armenians, Jamaicans and Haitians, Italians and French, Polish and 
Germans, Yugoslavians and Dutch, El Salvadorians and also a Jewish 
holocaust survivor from Holland. The diversity of our shop makes our 
conversations lively. It seems like a UN assembly meeting. Our employee 
with the longest longevity (25 years) is a Muslim immigrant from 
Turkey. The company went through all the legal channels to sponsor him. 
In addition to him, our company has sponsored other employees 
throughout the years. We work hard. And no job is too demeaning for 
anyone, including myself. I normally work at least 60 hours a week. 
This is what is required to run a small business. This is the strength 
of America.
    One thing I am grateful for is the fact that my grandfather 
instilled in my father excellent morals and taught him to always abide 
by the law. This philosophy too, was passed on to me. Our company has 
always paid its fare share of taxes and its fair share of salary. We do 
everything ethically and by the book. We also have always paid the 
entire cost for the employee's health benefits, years before others in 
our industry did. However, if illegal immigration continues to drive 
our selling price down, I fear we will not be able to provide health 
insurance to our employees in the future. In fact, I may even be forced 
out of business.
    The following is the diversified representation of the current 
employees in my shop.

    Ahmet                           LLegal immigrant now American 
                                    citizen born in Turkey
    Luis                            LLegal immigrant from Colombia
    Alrick                          LLegal immigrant from Jamaica
    Chaplin                         LLegal immigrant from Jamaica
    John                            LAmerican born citizen
    Roberto                         LAmerican born citizen from Puerto 
                                    Rico
    Borgdan                         LLegal immigrant from Croatia
    Krzystof                        LPolish legal alien under 1986 
                                    amnesty
    Mark Reindl                     LAmerican born family member
    Fred Reindl                     LAmerican born father of family
                       Employer's Responsibility
    The INS has placed the responsibility of immigration enforcement on 
American employers. Every employer receives a handbook for completing 
form I-9, and in this handbook it states:

          L``Employment is often the magnet that attracts persons to 
        come to or stay in the United States illegally. The purpose of 
        the law is to remove the magnet by requiring employers to hire 
        only citizens and aliens who are authorized to work here.''

    This law requires that every newly hired employee and employer to 
fill out an I-9 and proper documentation must be verified by the 
employer. As a small business, we certainly know the requirements of 
the law and how to pick one from column A--OR--one from column B and 
one from column C. It is hard to believe that a big corporation with a 
professional staff cannot figure out how to fill this I-9 out.

    Stylecraft Interiors Inc. complies with these Federal laws:

        LVerify immigration status and complete Federal form I-9.
        LDeduct Federal income tax and process W-4 forms.
        LDeduct Social Security and Medicare contributions.
        LMatch Social Security and Medicare contributions.
        LPay Federal Unemployment Tax.

    Stylecraft Interiors Inc. also complies with these New York State 
Laws:

        LDeduct state income tax.
        LDeduct Disability Insurance.
        LPay New York State Workers Compensation Insurance.
        LPay New York State Unemployment insurance tax.
        LPay New York State disability insurance.
        LFill out State form N-96-2. And send that and a copy of W-4 or 
        equivalent to the State.

    These are the labor laws that every New York State employer is 
required to obey. However, from the newspapers articles it is clear 
that a growing percentage of businesses are not complying. If laws are 
not enforced, even a greater number of businesses will not comply with 
these labor laws thus driving wages down.
    If the laws, which I just mentioned, were enforced and obeyed, I 
believe that there WOULD BE MUCH LESS ILLEGAL IMMIGRATION. I know 
people in my community are well aware that many day workers who are 
illegal aliens work for employers who are paying off the books and 
committing workers compensation fraud, unemployment fraud, Federal and 
State tax fraud, and Social Security fraud.
    Several years ago a hiring site emerged in Glen Cove, NY. In 1995 
we lost two legal immigrant employees to this Glen Cove site. They both 
left our company because they made more money standing at the Glen Cove 
site, or street corner working off the books and not paying taxes. They 
told me they were clearing between $75 to $100 a day off the books, 
much more than what I could pay them after taxes. They where very happy 
that the local government set up a site where they would be hired 
illegally, and not pay into the tax system. When I asked about health 
insurance for their family they replied if I get sick, I go to the 
hospital and it is free. Organized and unorganized hiring sites are 
popping up on Long Island. Towns such as Farmingville, Farmingdale, 
Freeport and Huntington have these sites and many more are emerging. 
Bishop Murphy of the Roman Catholic Church has gone on record saying 
the Catholic Church will do everything it can to help establish day 
laborer sites. Local governments and Catholic Charity organizations 
seem eager to build them. Illegitimate contractors are not getting 
audited at these sites. Business owners and we the taxpayers foot the 
bill for our ex-employees health care. Also, the employers who hire 
illegal aliens are not paying into workers compensation insurance. When 
they get hurt, guess who pays the bill?--The law abiding business owner 
and taxpayer. I believe that the sole purpose of hiring sites is to try 
to indoctrinate the American people into believing that it is somehow 
legal for illegal aliens to be here and to be hired at these sites.
    I believe that the endorsement of any hiring of illegal aliens is 
an attack on our laws and on every single law abiding employer. All it 
is doing is undermining the labor laws of this great country.
                  Economics of Illegal Labor Practices
    The contractors and factory owners that disregard immigration laws 
and disregard labor and insurance laws result in a profitable but 
illegal advantage over legitimate business owners who play by the 
rules. I am not an accountant but I do pay bills, and our company has 
prepared the following breakdown for a single person with himself as a 
dependent. It compares the cost of a legitimate employer to that of a 
lawbreaking employer who pays $500 per week off the books.

    Gross pay on the books would have to be $670 to net $500 because:

    Social Security & Medicare      L$51.26
    Federal withholding             L$83.63
    N.Y. State withholding          L$35.62
    N.Y. State disability           L$00.60

    This equals $499 net pay.

    Now the legitimate employer also has additional costs. He has to 
match Social Security, Medicare and pay New York State workers 
compensation and New York State unemployment insurance.

    Social Security & Medicare      L$51.26
    Workers Comp (+/-)              L$50.25
    N.Y. State unemployment (+/-)   L $5.06

    The legitimate employer is now paying $776.57 a week compared to 
$500 net pay ``off the books.'' This represents a 55% higher cost to 
the honest law-abiding employer.

        Add health insurance, which is $77.86 a week.
        And 1 week vacation and 5 holidays averages out to $35.00 a 
        week.

    The total cost a legitimate employer would be paying to equal that 
$500 net pay a week now adds up to $889.43. This represents a 78% 
higher cost to the honest law-abiding employer.
    The Federal Government loses $83.63 in Federal withholding when 
employers pay ``off the books.'' However, in view of the fact that 
current Federal accounting standards comingle Social Security & 
Medicare contributions into the Federal budget (not into a separate 
trust fund) we must add the $51.26 employee contribution plus the 
$51.26 employer contribution, totaling $102.52 for the total Social 
Security & Medicare contribution. Add $83.63 plus $102.52 and the total 
cost to the Federal Government becomes $186.15--37% of the $500 net pay 
a law-abiding worker would receive.
    Please note unemployment and workers compensation rates are 
variable. Low rates were used, and Federal unemployment contributions 
were not included. Also note that only 1 week vacation and 5 holidays 
create a very low comparison. The actual cost to a legitimate employer 
would probably be higher.
    Due to the unscrupulous employers that hire illegal aliens I do not 
know if Stylecraft Interiors can continue to survive. Illegal 
immigration lowers my wage and that of my employees too. The legal 
immigrants in my shop are very aware of this. Many of my employees 
waited 5 to 7 years to enter our country legally. They did the right 
thing. They obeyed our laws, and now people who broke the law are 
keeping down their wages. They wonder why both our Federal and State 
governments refuse to enforce any laws when it comes to illegal 
immigrants. They ask me why people who did not wait their turn are 
being rewarded.
                               Conclusion
    Without employment or the hope of employment, illegal aliens would 
not be tempted to enter our country in violation of our immigration 
laws. Employers need to be actively penalized for hiring illegal 
workers, and legal immigrant workers need to believe that all employers 
respect our laws. I honestly believe that there are a growing number of 
businesses that hire illegal aliens. If there is no enforcement, that 
number will grow and grow and grow. The Federal Government can't allow 
a criminal minority of employers to profit from illegal labor 
practices, because it undermines the founding principles of this 
country.
    As an employer, I am pleased to know that the Social Security 
Administration is finally cracking down on workplace fraud.
    When employers ignore immigration laws it tends to lead to other 
laws being broken, such as Social Security fraud, workers compensation 
fraud, and income tax fraud. Because of the lax enforcement from all 
other agencies of the government, honest employers are being punished.
    Lax enforcement of immigration and labor laws penalizes all those 
employers that comply with Federal and State laws. Our company obeys 
the law and we refuse to hire illegal aliens. If my competitors are 
allowed to break the law, and hire low-wage illegal immigrant workers, 
they gain an unfair and illegal advantage over my company. My 
competitors will undercut my prices, and take away my business and 
could possibly cause me to be put out of business.

                                 

    Chairman GEKAS. Thank you. We turn to the final witness, 
Mr. Hoofnagle.

    STATEMENT OF CHRIS JAY HOOFNAGLE, LEGISLATIVE COUNSEL, 
             ELECTRONIC PRIVACY INFORMATION CENTER

    Mr. HOOFNAGLE. Good afternoon. Mr. Chairman and Members of 
the Subcommittee, my name is Chris Hoofnagle, and I am 
Legislative Counsel with the Electronic Privacy Information 
Center (EPIC). The EPIC is a not-for-profit research center 
that focuses on privacy and civil liberties.
    Since our founding in 1994, we have been extensively 
involved in the privacy of the Social Security number. Most 
recently, we submitted an amicus brief in Remsburg v. 
Docusearch, the Amy Boyer case.
    As many of you probably remember, in that case, a young 
woman was stalked and killed based on information provided by a 
commercial Social Security number lookup company.
    We believe that good privacy can make good security, and 
that in this area, we need to protect the Social Security 
number so that criminals and terrorists do not use it to attack 
us and our country.
    The Social Security number plays an unparalleled role in 
the identification, authentication, and tracking of all 
Americans. Identity thieves know the value of a Social Security 
number, and that is why we believe that limiting the collection 
and the use of the Social Security number is critical to 
stemming the growing tide of identity theft.
    My colleagues on this panel have outlined the extreme harm 
that identity theft causes. According the Privacy Rights 
Clearinghouse, somewhere between 500,000 and 700,000 Americans 
are victimized by this crime every year. Victims often do not 
discover the crime has occurred until many months after their 
identity has been stolen. They spend many hours of their time 
and substantial sums of their money to fix their credit report 
and to expunge criminal records that might have been created in 
their name.
    Since September 11, 2001, there has been a renewed focus on 
this crime, as identity theft could be used both to raise funds 
for and to actually commit acts of incredible destruction.
    The majority of identity thieves still use low-tech methods 
to acquire our personal data. While there are general fears of 
transmitting credit card numbers and other personal information 
over the Internet, the biggest risk from identity theft still 
comes from criminals who steals our mail or sorts through our 
trash in order to get our personal identifiers.
    Other low-tech methods to steal identifiers are also 
common. Employees of businesses that collect the Social 
Security numbers are in a unique position to obtain many 
personal identifiers. In my written testimony, I cite to a 
recent case involving a branch of Bally's Health Spa in 
Cambridge, Massachusetts. There an employee was caught stealing 
Social Security numbers to open bank accounts, possibly for the 
commission of terrorism.
    The Bally's case raises an important point about private 
sector use of the Social Security number. In most cases, it is 
wholly unnecessary for a business to even collect the Social 
Security number. Collecting the Social Security number creates 
risk for the individual. Businesses should be encouraged to use 
alternative identifiers.
    Discouraging the use of the Social Security number should 
be a primary concern of Congress, especially when one considers 
how the business community uses the identifier. Some businesses 
use the Social Security number to identify individuals while 
other businesses use it as a password. This means that the 
Social Security number is used widely as both an identifier and 
as an authenticator.
    From a security perspective, this doesn't make sense. It is 
the equivalent of using the same user name and password to 
access your e-mail, for instance, but identity theft risks are 
not only created by bad business practices. Public records are 
increasingly playing an increasing role identity theft. As 
Americans have more interaction with our growing government, we 
leave trails of our activities in the form of public records. 
Court case files, marriage license, and other public records 
are creating a trail of our personal identifiers from cradle to 
grave.
    It is important that Congress act now to remove the Social 
Security number from public records.
    Two States, California and Georgia, have both recently 
enacted common-sense Social Security number legislation that 
will likely stem the tide of some identity theft.
    In California, Senate bill 168 was signed into law last 
year. The bill prohibits public posting of the Social Security 
number. It also prohibits the printing of the Social Security 
number on an identity card. Most importantly, it prevents the 
mailing of an invoice or a bill to a consumer with an Social 
Security number on it.
    In Georgia, Senate bill 475 now requires businesses to 
safely dispose of documents that might contain personal 
identifiers on it. They have to shred records, or they have to 
actually erase computer hard drives.
    Despite these significant steps forward, we still lack 
comprehensive protections. We believe that H.R. 2036, the 
Social Security Number Privacy and Identity Theft Protection 
Act of 2001, which enjoys strong bipartisan support, would 
create a framework of protection to reduce identity theft and 
to protect privacy.
    With that, let me conclude my remarks, as I have run out of 
time. Thank you.
    [The prepared statement of Mr. Hoofnagle follows:]
   Statement of Chris Jay Hoofnagle, Legislative Counsel, Electronic 
                       Privacy Information Center
    My name is Chris Hoofnagle and I am legislative counsel with the 
Electronic Privacy Information Center (EPIC), a not-for-profit research 
organization based in Washington, D.C.
    Founded in 1994, EPIC has participated in cases involving the 
privacy of the Social Security number (SSN) before Federal courts and, 
most recently, before the Supreme Court of New Hampshire.\1\ EPIC has 
also taken a leading role in campaigns against the use of globally 
unique identifiers (GUIDs) involving the Intel Processor Serial Number 
and the Microsoft Corporation's Passport identification and 
authentication system.
---------------------------------------------------------------------------
    \1\ Estate of Helen Remsburg v. Docusearch, Inc., et al, C-00-211-B 
(N.H. 2002). In Remsburg, the ``Amy Boyer'' case, Liam Youens was able 
to locate and eventually murder Amy Boyer through hiring private 
investigators who tracked her by her date of birth, Social Security 
number, and by pretexting. EPIC maintains information about the Amy 
Boyer case online at http://www.epic.org/privacy/boyer/.
---------------------------------------------------------------------------
    I appreciate the opportunity to testify this afternoon. I will 
briefly summarize identity theft developments, review historical and 
recent attempts to regulate the use of the SSN, and make 
recommendations.\2\
---------------------------------------------------------------------------
    \2\ EPIC maintains an archive of information about the SSN online 
at http://www.epic.org/ privacy/ssn/.
---------------------------------------------------------------------------
    The states have taken effective, common sense steps to reduce 
private and public-sector reliance on use of the SSN. Congress should 
take action now to implement these protections on a national level. 
Long-term approaches to the problem of privacy and identity theft need 
a comprehensive legislative framework of protections for individuals. 
Accordingly, it will be necessary for Congress to pass legislation 
limiting the collection and use of the SSN to mitigate risks of 
identity theft and the risk that terrorists will use credit or identity 
fraud to harm the Nation. H.R. 2036, the Social Security Number Privacy 
and Identity Theft Protection Act of 2001, which enjoys bipartisan 
support, would establish much of the framework needed to address these 
risks.
I. The Problem of Identity Theft is Far Reaching
    Identity theft accounts for over 80 percent of Social Security 
number misuses reported to the Social Security Administration.\3\ The 
cost of identity theft is expected to reach eight billion dollars by 
the year 2005.\4\ However, this represents one tenth of a percent of 
the credit industry's income and only a small fraction of the amount of 
loss due to fraud and stolen credit cards. The average loss to the 
financial industry is $17,000 per identity loss, but the loss to the 
victim is potentially much greater, especially because most victims do 
not discover the crime until many months after its occurrence.\5\
---------------------------------------------------------------------------
    \3\ Analysis of Social Security Number Misuse Allegations Made to 
the Social Security Administration's Fraud Hotline, Management Advisory 
Report, SSA (Aug. 1999).
    \4\ Identity Theft Complaint Data, Identity Theft Data 
Clearinghouse, Federal Trade Commission (2001).
    \5\ Statewide Grand Jury Report: Identity Theft in Florida, Case 
No. SC 01-1095 (Jan. 10, 2002).
---------------------------------------------------------------------------
    Most victims of identity theft face significant credit bills and 
the destruction of their credit history. The immediate consequence 
could be the loss of securing a job or purchasing a home, or worse.\6\ 
Other victims face arrest for crimes that an impersonator has committed 
in their name. If the arrest occurs, it may be impossible to expunge 
the criminal record. Identity theft has been used to obtain employment, 
drivers' licenses, receive government benefits, and evade criminal 
prosecution. Identity theft indirectly affects everyone because it 
causes interest rates to increase to cover the industry's losses.
---------------------------------------------------------------------------
    \6\ Id.
---------------------------------------------------------------------------
    Identity thieves have proven themselves to be crafty criminals. 
Earlier this year, Experian, one of the principal credit reporting 
agencies, experienced an unprecedented breach of security involving 
individuals' personal information. In that case, identity thieves posed 
as Ford Motor Credit employees to gain access to almost 13,000 credit 
files of wealthy individuals.\7\ In another case this year, identity 
thieves used stolen SSNs to engage in a series of fraudulent sales 
designed to strip equity from elderly homeowners in the Detroit 
area.\8\
---------------------------------------------------------------------------
    \7\ Security: Hackers pose as Ford Motor Credit workers to take 
confidential data about wealthy individuals, Los Angeles Times, May 17, 
2002.
    \8\ Thieves Steal Homeowners' Identities and Their Equity, New York 
Times, May 28, 2002.
---------------------------------------------------------------------------
    But criminals do not necessarily have to be resourceful to obtain 
credit or identification in another person's name. The problem of 
identity theft has been exacerbated by the financial service industry's 
hunger to issue credit. Aggressive marketing of credit, including 
unsolicited direct mail credit advertising, gives ``dumpster divers'' 
and people with access to mailboxes opportunity to obtain credit in 
another's name.
    Since September 11, 2001, public attention has also focused on how 
identity theft can facilitate terrorism or raise funds for terrorist 
activities. For instance, a terrorist suspect reportedly connected to 
the Al Qaeda network was recently charged with selling the SSNs of 
twenty-one people who were members of the Bally's Health Club in 
Cambridge, Massachusetts. The SSNs were sold in order to create false 
passports and credit lines for bank accounts.\9\ The situation could be 
avoided by not collecting the SSN and by issuing health club members 
alternative identifiers. If the SSN was collected in order to run a 
credit check, the health club could have purged the SSN after the check 
was complete.
---------------------------------------------------------------------------
    \9\ Robert Ellis Smith, Privacy Protects Against Terror, Privacy 
Journal, Mar. 2002.
---------------------------------------------------------------------------
    Several times this year, news reports have been published outlining 
theft of blank identity cards, equipment, and personal information.\10\ 
Most recently, burglars entered a Colorado DMV office, and stole all 
the equipment and information necessary to manufacture identity cards 
that include a biometric identifier.\11\ It is clear that the burglars 
involved are sophisticated criminals who disabled alarms and performed 
two different break-ins in one week. It is unclear how the criminals 
will use the identification cards and equipment.
---------------------------------------------------------------------------
    \10\ A series of these reports are online at http://www.aamva.org/
weekinreview/branchtheftnotices.asp.
    \11\ A major identity crisis: Info stolen from motor vehicles 
offices has residents worried, Rocky Mountain News, August 20, 2002, at 
http://www.rockymountainnews.com/drmn/state/article/
0,1299,DRMN__21__1336085,00.html.
---------------------------------------------------------------------------
II. LCongress and the Courts Have Regulated the Collection and Use of 
        the SSN
    The Social Security number (SSN) was created in 1936 as a nine-
digit account number assigned by the Secretary of Health and Human 
Services for the purpose of administering the Social Security laws. 
SSNs were first intended for use exclusively by the Federal Government 
as a means of tracking earnings to determine the amount of Social 
Security taxes to credit to each worker's account. Over time, however, 
SSNs were permitted to be used for purposes unrelated to the 
administration of the Social Security system. For example, in 1961 
Congress authorized the Internal Revenue Service to use SSNs as 
taxpayer identification numbers.
    A major government report on privacy in 1973 outlined many of the 
risks with the use and misuse of the Social Security number. Although 
the term ``identify theft'' was not yet in use, Records Computers and 
the Rights of Citizens described the risks of a ``Standard Universal 
Identifier,'' how the number was promoting invasive profiling, and that 
many of the uses were clearly inconsistent with the original purpose of 
the 1936 Act. The report recommended several limitations on the use of 
the SSN and specifically said that legislation should be adopted 
``prohibiting use of an SSN, or any number represented as an SSN, for 
promotional or commercial purposes.'' \12\
---------------------------------------------------------------------------
    \12\ Department of Health, Education, and Welfare, Records, 
Computers, and the Rights of Citizens 108-35 (MIT 1973) (Social 
Security Number as a Standard Universal Identifier and Recommendations 
Regarding Use of Social Security Number).
---------------------------------------------------------------------------
    In response to growing risks over the accumulation of massive 
amounts of personal information and the recommendations contained in 
the 1973 report, Congress passed the Privacy Act of 1974.\13\ Among 
other things, this Act makes it unlawful for a governmental agency to 
deny a right, benefit, or privilege merely because the individual 
refuses to disclose his SSN. This is a critical principle to keep in 
mind today because consumers in the commercial sphere often face the 
choice of giving up their privacy, their SSN, to obtain a service or 
product. The drafters of the 1974 law tried to prevent citizens from 
facing such unfair choices, particularly in the context of government 
services. But there is no reason that this principle could not apply 
equally to the private sector, and that was clearly the intent of the 
authors of the 1973 report.
---------------------------------------------------------------------------
    \13\ 5 U.S.C. 552a. Marc Rotenberg, Privacy Law Sourcebook: United 
States Law, International Law, and Recent Developments (EPIC 2001).
---------------------------------------------------------------------------
    Section 7 of the Privacy Act further provides that any agency 
requesting an individual to disclose his SSN must ``inform that 
individual whether that disclosure is mandatory or voluntary, by what 
statutory authority such number is solicited, and what uses will be 
made of it.'' At the time of its enactment, Congress recognized the 
dangers of widespread use of SSNs as universal identifiers. In its 
report supporting the adoption of this provision, the Senate Committee 
stated that the widespread use of SSNs as universal identifiers in the 
public and private sectors is ``one of the most serious manifestations 
of privacy concerns in the Nation.'' Short of prohibiting the use of 
the SSN outright, the provision in the Privacy Act attempts to limit 
the use of the number to only those purposes where there is clear legal 
authority to collect the SSN. It was hoped that citizens, fully 
informed where the disclosure was not required by law and facing no 
loss of opportunity in failing to provide the SSN, would be unlikely to 
provide an SSN and institutions would not pursue the SSN as a form of 
identification.
    It is certainly true that the use of the SSN has expanded 
significantly since the provision was adopted in 1974. This is 
particularly clear in the financial services sector. In an effort to 
learn and share financial information about Americans, companies 
trading in financial information are the largest private-sector users 
of SSNs, and it is these companies that are among the strongest 
opponents of SSN restrictions. For example, credit bureaus maintain 
over 400 million files, with information on almost ninety percent of 
the American adult population. These credit bureau records are keyed to 
the individual SSN. Such information is freely sold and traded, 
virtually without legal limitations.
    Outside the financial services sector, many companies require the 
SSN instead of assigning an alternative identifier. These requirements 
appear in a myriad of commercial interchanges, many of which absolutely 
do not require the SSN. For instance, Golden Tee, a popular golf video 
game, requires players to enter their SSN in order to engage in 
``tournament play.'' \14\ The company could assign its own identifier 
for players, but instead relies upon the SSN, which puts players at 
risk by requiring them to further circulate personal information.
---------------------------------------------------------------------------
    \14\ Official ITS Rules, at http://www.itsgames.com/ITS/
its__rules.htm.
---------------------------------------------------------------------------
    It is critical to understand that the legal protection to limit the 
collection and use of the SSN is still present in the Privacy Act and 
can be found also in recent court decisions that recognize that there 
is a constitutional basis to limit the collection and use of the SSN. 
When a Federal Appeals court was asked to consider whether the State of 
Virginia could compel a voter to disclose an SSN that would 
subsequently be published in the public voting rolls, the Court noted 
the growing concern about the use and misuse of the SSN, particularly 
with regard to financial services.\15\ The Fourth Circuit said:
---------------------------------------------------------------------------
    \15\ Greidinger v. Davis, 988 F.2d 1344 (4th Cir. 1993) and brief 
amicus curiae for CPSR (Marc Rotenberg and David Sobel) (SSN 
requirement for voter registration) (lead case on privacy of Social 
Security number).

        LSince the passage of the Privacy Act, an individual's concern 
        over his SSN's confidentiality and misuse has become 
        significantly more compelling. For example, armed with one's 
        SSN, an unscrupulous individual could obtain a person's welfare 
        benefits or Social Security benefits, order new checks at a new 
        address on that person's checking account, obtain credit cards, 
        or even obtain the person's paycheck. . . . Succinctly stated, 
        the harm that can be inflicted from the disclosure of a SSN to 
        an unscrupulous individual is alarming and potentially 
        financially ruinous.\16\
---------------------------------------------------------------------------
    \16\ Id.

---------------------------------------------------------------------------
    The Court said that:

        LThe statutes at issue compel a would-be voter in Virginia to 
        consent to the possibility of a profound invasion of privacy 
        when exercising the fundamental right to vote. As illustrated 
        by the examples of the potential harm that the dissemination of 
        an individual's SSN can inflict, Greidinger's decision not to 
        provide his SSN is eminently reasonable. In other words, 
        Greidinger's fundamental right to vote is substantially 
        burdened to the extent the statutes at issue permit the public 
        disclosure of his SSN.\17\
---------------------------------------------------------------------------
    \17\ Id.

    The Court concluded that to the extent the Virginia voting laws, 
``permit the public disclosure of Greidinger's SSN as a condition of 
his right to vote, it creates an intolerable burden on that right as 
protected by the First and Fourteenth Amendments.'' \18\
---------------------------------------------------------------------------
    \18\ Id.
---------------------------------------------------------------------------
    In a second case, testing whether a state could be required to 
disclose the SSNs of state employees under a state open record law 
where there was a strong presumption in favor of disclosure, the Ohio 
Supreme Court held that there were privacy limitations in the Federal 
Constitution that weighed against disclosure of the SSN.\19\ The court 
concluded that:
---------------------------------------------------------------------------
    \19\ Beacon Journal v. City of Akron, 70 Ohio St. 3d 605 (Ohio 
1994) and brief amicus curiae for CPSR (Marc Rotenberg and David Sobel) 
(SSN disclosure of city employees).

        LWe find today that the high potential for fraud and 
        victimization caused by the unchecked release of city employee 
        SSNs outweighs the minimal information about governmental 
        processes gained through the release of the SSNs. Our holding 
        is not intended to interfere with meritorious investigations 
        conducted by the press, but instead is intended to preserve one 
        of the fundamental principles of American constitutional law--
        ours is a government of limited power. We conclude that the 
        United States Constitution forbids disclosure under the 
        circumstances of this case. Therefore, reconciling Federal 
        constitutional law with Ohio's Public Records Act, we conclude 
        that [the provision] does not mandate that the city of Akron 
        discloses the SSNs of all of its employees upon demand.\20\
---------------------------------------------------------------------------
    \20\ Id.

    In an important recent case from the U.S. Court of Appeals for the 
D.C. Circuit, a Court upheld the Federal Trade Commission's 
determination that SSNs are nonpublic personal information under the 
Gramm-Leach-Bliley Act.\21\ The Court rejected First and Fifth 
Amendment challenges to regulations that restricted the use of the SSN 
without giving the individual notice and opportunity to opt-out. 
Additionally, the Court upheld regulations that prohibited the reuse of 
SSNs that are furnished to credit reporting agencies.\22\
---------------------------------------------------------------------------
    \21\ Trans Union L.L.C. v. Fed. Trade Comm'n, No. 01-5202, 2002 
U.S. App. LEXIS 14321 (D.C. Cir. July 16, 2002), at http://
pacer.cadc.uscourts.gov/common/opinions/200207/01-5202a.txt.
    \22\ Id. In another recent case, the D.C. Circuit rejected a First 
Amendment challenge to the use of credit reports for marketing 
purposes. Trans Union v. FTC, No. 00-1141 (D.C. Cir. 2001), cert. 
denied, 536 U.S. ________ (2002).
---------------------------------------------------------------------------
    While it is true that many companies and government agencies today 
use the Social Security number indiscriminately as a form of 
identification and authentication, it is also clear from the 1936 Act, 
the 1974 Privacy Act, and these three cases--Greidinger v. Davis, 
Beacon Journal v. City of Akron, and Trans Union v. FTC--that there is 
plenty of legislative and judicial support for limitations on the 
collection and use of the SSN. The question is therefore squarely 
presented whether the Congress will at this point in time follow in 
this tradition, respond to growing public concern, and establish the 
safeguards that are necessary to ensure that the problems associated 
with the use of the SSN do not increase.
III. States Have Acted to Address Privacy and Identity Theft
    California and Georgia have both recently enacted legislation that 
will increase protections against identity theft. Recognizing that most 
identity theft occurs when malicious actors steal personal identifiers 
from invoices and solicitations from mail or waste bins, California and 
Georgia have enacted legislation to limit the reproduction of the SSN 
in the private sector. Both states have incorporated common sense 
protections that could be adopted at the Federal level to reduce 
identity theft.
    In California, Senate Bill 168 was signed into law in October 
2001.\23\ The bill gives individuals the ability to request that a 
``security alert'' be placed on their credit record via a toll-free 
phone number. The bill also enables Californians to request a 
``security freeze'' that prevents credit agencies from releasing 
personal information from an individual's credit report. The bill 
places important restrictions on use of the SSN--public posting of a 
SSN and printing the SSN on an identity card or document used to obtain 
a product or service is prohibited. Businesses that use the SSN to 
identify customers, such as utility companies, will no longer be 
permitted to print the SSN on invoices or bills sent through the mail.
---------------------------------------------------------------------------
    \23\ California Senate Bill 168, at http://info.sen.ca.gov/pub/
bill/sen/sb__0151-0200/sb__168__bill__20010914__enrolled.html.
---------------------------------------------------------------------------
    In Georgia, businesses are now required to safely dispose of 
records that contain personal identifiers.\24\ Business records--
including data stored on computer hard drives--must be shredded or in 
the case of electronic records, completely wiped clean where they 
contain SSNs, driver's license numbers, dates of birth, medical 
information, account balances, or credit limit information. The Georgia 
law carries penalties up to $10,000.
---------------------------------------------------------------------------
    \24\ Georgia Senate Bill 475, at http://www.legis.state.ga.us/
Legis/2001__02/fulltext/sb475.htm; New law takes effect to fight 
identity theft; Businesses face fines of up to $10,000 for not 
protecting data, Atlanta Journal-Constitution, July 4, 2002.
---------------------------------------------------------------------------
IV. LH.R. 2036, The Social Security Number Privacy and Identity Theft 
        Protection Act of 2001, Is a Good Proposal
    The Social Security Number Privacy and Identity Theft Protection 
Act of 2001, sponsored by Chairman Shaw, contains a comprehensive set 
of rights to protect individuals from identity theft. As of this 
writing, the bill enjoys the bipartisan support of 77 Representatives.
    Title I establishes important protections against public-sector 
sale or display of SSNs. We commend the Chairman for including language 
in the Act that would stem the unnecessary publication of the SSN. 
These provisions will prohibit the display of the SSN on checks and 
government-issued employment cards. We also commend the Chairman for 
including a prohibition on disclosure of the SSN to inmates. Perhaps 
most importantly, the language sweeps broadly enough to prohibit the 
display of SSNs in public records. Increasingly, public records are a 
source for the collection of personal identifiers that then can be 
reused for any purpose. It is important now more than ever to limit the 
appearance of SSNs in publicly-available case files and other public 
records, such as marriage licenses.
    Title II places needed restrictions on private sector sale of the 
SSN. I believe it especially important that Section 202 of the bill 
prohibits ``coercive disclosure''--the practice of denying a product or 
service when an individual refuses to give a SSN. Additionally, Section 
203 would place the SSN ``below the line'' on credit reports. This is 
an important and much needed protection that would stem unregulated 
trafficking in SSNs.
    Title II, however, suffers a weakness that needs attention: the 
rulemaking authority of the Department of Justice must be guided by the 
principle that the private sector should minimize the use of SSNs. This 
could be accomplished by adding another factor to the balancing test in 
Section 201(c) that requires the Department of Justice to consider 
whether an alternate identifier could be used in place of the SSN. In 
many circumstances, private entities could use an alternate identifier, 
and reduce privacy risk to individuals by stemming the circulation of 
the SSN.
    Title III creates a framework of accountability of civil and 
criminal penalties for misuse of the SSN. We recommend that this 
provision be expanded to include a private right of action for the 
misuse of SSNs that provides for actual, liquidated, and punitive 
damages and that provides for the awarding of attorneys fees and costs 
to a plaintiff who has substantially prevailed in litigation. 
Additionally, provisions allowing attorneys general to enforce these 
protections should also be included. In recent years, state attorneys 
general have zealously pursued privacy violators; the application of 
their resources to identity theft prevention and privacy protection 
should be expressly encouraged.
    I believe it is important that individuals do not assume civil or 
criminal liability for inadvertent disclosure of a false SSN, or for 
intentional disclosure of a false SSN when the individual is attempting 
to protect her privacy. Individuals often provide false information to 
businesses when attempting to protect their privacy. Section 302 would 
prohibit this form of ``privacy self-defense.'' That section prohibits 
the false representation of one's Social Security number to any 
individual. We recommend that this section be amended to only prohibit 
individuals from falsifying a SSN when there is intent to commit fraud 
or a crime.
V. Conclusion
    Without a framework of restrictions on the collection and use of 
the SSN and other personal identifiers, identity theft will continue to 
increase, endangering individuals' privacy and perhaps the security of 
the Nation. The best legislative strategy is one that discourages the 
collection and dissemination of the SSN and that encourages 
organizations to develop alternative systems of record identification 
and verification. It is particularly important that such legislation 
not force consumers to make unfair or unreasonable choices that 
essentially require trading the privacy interest in the SSN for some 
benefit or opportunity.
    It is important to emphasize the unique status of the SSN in the 
world of privacy. There is no other form of individual identification 
that plays a more significant role in record-linkage and no other form 
of personal identification that poses a greater risk to personal 
privacy. Given the unique status of the SSN, its entirely inappropriate 
use as a national identifier for which it is also inherently 
unsuitable, and the clear history in Federal statute and case law 
supporting restrictions, it is fully appropriate for Congress to pass 
legislation.
    I am grateful for the opportunity to testify this afternoon and 
would be pleased to answer your questions.

                                 

    Chairman GEKAS. I think we all have.
    [Laughter.]
    Chairman GEKAS. The Chair, in consultation with the Co-
Chair here, we have decided that we will pose whatever 
questions we can with the remaining Members, and then ask the 
panel to acquiesce to written interrogatories that we my submit 
to them pertinent to their testimony.
    Very quickly, I would like to ask Mr. Reindl if he believes 
that there is more to this than the failure of the INS to crack 
down on illegal aliens. Is the Social Security Administration 
also at fault, in your view?
    Mr. REINDL. I think it is good that they are putting out 
those letters and putting people on notice if there is a 
mismatch. So, in a way, it is kind of helping the illegal 
immigration situation. So it is beneficial.
    Chairman GEKAS. It is beneficial that the Social Security 
Administration is using that procedure.
    Mr. REINDL. Right, with the INS. I think so.
    Chairman GEKAS. The sharing the information.
    Mr. REINDL. The sharing information is good, yes.
    Chairman GEKAS. The first three witnesses, I would like to 
ask this question, having to do with the tamper-resistant 
passport, which was mentioned, and also the fact that the 
passport is the universal key to entry into the United States.
    I remember an incident--in fact, we were briefed on it--
where, in Afghanistan, our personnel found in a cave many, many 
different passports fraudulently produced that could have 
ostensibly been used for the passkey to the United States.
    How would we have stopped the use of such a passport, if it 
were expertly, fraudulently produced? Would that have allowed a 
terrorist to come in and do his worst?
    Ms. PHILLIPS. Well, I can say that, for instance, my office 
has created a database of blank foreign travel documents that 
are reported missing, so that they cannot be used. We share 
this information with INS. In fact, we put them out in the form 
of intelligence alerts that goes to a number of Federal 
agencies and State law enforcement offices, even to the 
military.
    We also train our personnel to detect counterfeit or 
altered passports that people are presenting in the course of a 
visa application.
    Chairman GEKAS. So, you are saying that the routine conduct 
of checking the passport would probably yield the fact that 
this was fraudulently produced?
    Ms. PHILLIPS. Most of the foreign passports that are 
altered are something that we can train people to detect.
    Chairman GEKAS. Do you have any comment on that?
    Mr. BOND. From the Secret Service's perspective, we have 
noticed in the cases where we are working identity theft, where 
we seize an electronic piece of equipment--be it a computer, 
Palm Pilot, whatever; in most cases, computers--that they will 
have all different kinds of identities on those computers that 
are being counterfeited. Some of the identity is changed or 
altered off of originals that are stolen, and then they use 
those base plates, I guess, for a passport or a driver's 
license or a Social Security number, to then change different 
numbers and identification pieces of information on that 
document to make it look like an original document.
    So, we are training our investigators in the field to take 
a close look at computers when they are seized. It is a 
partnership with law enforcement, be it at the State level, the 
local level, or the Federal level, to ensure that we are 
getting those guys that are in the process of making 
identification out there.
    Chairman GEKAS. From the FBI, how would you assess this 
batch of passports found in a cave?
    Mr. ASHLEY. Well, they do present a risk, obviously. It is 
another means for somebody to try and get into our country. We 
are fortunate with our joint task forces that there is presence 
of INS and State Department on many of them.
    In my previous experience, before I reported earlier this 
year, I was assigned to Las Vegas as the agent in charge. We 
had some issues, and the State Department personnel were very 
helpful in resolving those on the scene.
    So, I think that while it is a problem, the agencies are 
working well together.
    Chairman GEKAS. I begin to get the theme of what we are all 
hoping will be the case, a complete sharing of information, and 
helping one another find the culprit and produce investigations 
and convictions and expulsions, and so forth.
    I yield back the balance of my time.
    Chairman SHAW. [Presiding.] Mr. Chairman, I would yield, 
since we have only about 2 minutes before we are going to have 
to go over the Capitol in order to cast our votes.
    Are there any Members who wish for me to yield to them? Mr. 
Hayworth?
    Mr. HAYWORTH. Thank you, Mr. Chairman.
    Ms. Phillips, hearing the testimony of the Deputy 
Commissioner who proceeded you on panel one, I have real 
questions about student visas and the issuance of same. Do you 
have any documentation on the numbers of Iraqi students who 
have come into this country to study?
    Ms. PHILLIPS. We can tell how many visas we have issued to 
people who are Iraqi citizens, but we are unable to say if they 
have actually entered the United States or if they have entered 
the United States in some other manner and then gained 
permission from INS for student status. We could say how many 
people of Iraqi heritage have gotten student visas.
    Mr. HAYWORTH. So, again, for the student status, we would 
look to the Immigration and Naturalization Service?
    Ms. PHILLIPS. Right.
    Mr. HAYWORTH. Okay, I thank you.
    Chairman SHAW. I yield to anyone on the minority side. Mr. 
Becerra?
    Mr. BECERRA. Quick question. Thank you, Mr. Chairman.
    To Mr. Hoofnagle, the laws that you mentioned, the State 
laws in Georgia and California, since they have been 
implemented, can you tell us how they have worked? Any results 
yet? Have they worked well?
    Mr. HOOFNAGLE. It is still too early to tell. The 
California law takes effect partially in 2003, and then it will 
take full effect in 2005. The Georgia law took effect in July 
of this year, and many businesses are now coming into 
compliance with it.
    If I could use this opportunity to address Social Security 
number use, Representative Hayworth earlier mentioned during 
the previous panel that there is a problem with universities 
requesting Social Security numbers perhaps fraudulently. That 
practice could be limited. The problem we have is that many 
universities and other places are requiring the Social Security 
number as an identifier. If we can cut down on that practice, 
we can cut down on circulation of Social Security numbers, just 
how Georgia and California have.
    Mr. BECERRA. Good point. Thank you very much, all of you, 
for your testimony.
    Chairman SHAW. Ms. Jackson Lee?
    Ms. JACKSON LEE. Let me thank both Chairmen for this very 
important hearing, and I just want to restate something--
Chairman Shaw, I don't think you were in the room. It is that 
the task force is working, the combination of the State 
Department and I believe the FBI and others along with the INS. 
I want to state for the record that false passports are still 
being made, but the technology and the expertise is more 
enhanced, Mr. Chairman, inasmuch as I viewed firsthand the 
connection between the State Department and the INS by Chinese 
smugglers smuggling people into an international airport. 
Because of a list that was given, the passports were checked 
and scanned, determined to be false, and the individuals were 
immediately intercepted as they got off the plane.
    Systems are working. We just need to improve them and, as 
well, to be able to provide the resources necessary.
    Thank you, Mr. Chairman.
    Chairman SHAW. I want to thank this very distinguished 
panel. I have particularly a very long question, which I will 
submit in writing, regarding seaport security, which is 
something I am very concerned about, representing two very 
active deepwater ports, Port of Everglades and the Port of Palm 
Beach, which I will submit, together with some other questions.
    I want to thank you all for being here. You have added 
tremendously to our knowledge in trying to work through this 
whole situation of the fraudulent use of Social Security 
numbers. Both in the area of crime as well as we are finding in 
the area of terrorism. It is becoming a big, big problem, and 
it is something the Congress needs to address, and it something 
the administration needs to address.
    We will be very busy doing so for the balance of this 
Congress and well into next year.
    Thank you all very much for being here, and we are now 
adjourned.
    [Whereupon, at 2:57 p.m., the hearing was adjourned.]
    [Questions submitted from Chairman Shaw to the panel, and 
their responses follow:]

                                           U.S. Department of State
                                               Washington, DC 20502

    1. Mrs. Phillips' testimony stated, ``One tool that will help our 
officers is online access to Social Security Administration records.'' 
To what degree does the Department of State's Bureau of Consular 
Affairs require information or other assistance from the Social 
Security Administration (SSA)? For example, does the Bureau of Consular 
Affairs currently have any automated data exchange with the SSA to 
facilitate confirmation of valid Social Security numbers (SSNs) and the 
associated identity of the person to whom the SSN was originally issued 
included in U.S. Passport applications? Is there information you 
currently need that you are not receiving or are not receiving timely 
from the Social Security Administration? If so, what information, and 
do you know the reasons for the non-receipt or the delay in receipt? 
What results would receiving such information or receiving such 
information more timely produce?

    The Department needs access to the Social Security Administration's 
(SSA) compilation of Social Security Numbers (SSNs), including year and 
state of issuance, and death records. The death records consist of 70 
million names of individuals whose estates have filed for death 
benefits under their social security numbers. We could use these 
databases to verify that SSNs provided by passport applicants are valid 
and refer to the respective applicant, and were not issued to an 
individual who is deceased.
    Passport Services currently has very limited electronic 
verification of SSNs. Our Passport Specialists use a static table 
populated with SSN data, including the year and State of issuance, 
covering the period 1951 through 1999. The Department is working with 
the SSA to establish an electronic link that will give us more complete 
access to current SSN data and to death records.

    2. Operation Tarmac has just scratched the surface of the 
potentially tens of thousands of illegal aliens and smaller number of 
U.S. citizens using false identities who hold security clearances 
issued by private companies under contract to municipal and government 
agencies. If such people represent an unacceptable risk at airports, 
aren't they also a risk for buildings and facilities operated by the 
U.S. Department of State within the United States and worldwide? What 
is the Department of State doing, going forward, to ``clear out'' these 
high-risk workers?''

    Perhaps the term ``security clearances'' used in this context, is a 
misnomer. ``Access authorization'' may be a more fitting term. It 
should be noted that private companies do not issue security 
clearances. It is standard procedure to require all contract employees 
be put through a vetting process, prior to granting access to the 
Department's facilities. This is designed to mitigate the threat of 
``high-risk'' employees in the workplace. The vetting process is 
similar to the one used for determining eligibility for a secret level 
clearance. This includes a national Agency Name Check to verify 
identity, conduct criminal records inquiries, and determine hiring 
eligibility. Upon successful completion of the vetting process, the 
contract employee is granted authorization to access the Department's 
facilities under escort by a direct-hire employee with Top Secret 
clearance. We note that contract employees are not permitted to escort 
others.
    Access to national security information carries further 
restrictions, limited on a case-by-case basis; granted only to those 
having a ``need to know.'' Authorization is rescinded when the 
employee's duties no longer require such access. Looking to the future, 
the Department is proceeding with a revitalized security updating 
program for all employees, and recently implemented a ``smart card'' 
identification card system to provide tighter access controls.

    3. We know that identity theft is pervasive and is increasing at an 
exponential rate. The U.S. Passport is the only equivalent to a 
national identity document issued by an agency of the Federal 
Government. Has the State Department any initiatives under 
consideration to provide a ``wallet sized, tamper proof'' U.S. Passport 
equivalent to U.S. Passport holders who would be willing to pay for 
such an identity card?

    The Department is researching the possibility of issuing an 
advanced memory card to be used as a travel document that attests to 
U.S. citizenship and identity. Eventual implementation requires 
bilateral agreements with other governments willing to accept such 
documents. An important first step has been taken by the international 
community (through the International Civil Aviation Organization 
(ICAO)) by defining a basic ``passport card'' standard. However, we in 
the United States are focusing on technical capacity to produce such a 
document. We are not yet ready to engage in formal discussions with 
other governments as to acceptability.
    The concept of a passport card has been discussed for at least 10 
years, and early models of passport cards date back to the 1960's. With 
recent technological advances, and advances in specifications that 
enable the technology to be standardized, the concept of an 
interoperable passport card is now closer to reality.

    4. A March 2002 GAO study described a 40% increase in identity 
thefts reported to the Social Security hotline during a 7-month period 
in 2001, over the same period in 2000. Mrs. Phillips' testimony 
described the assistance provided by the Consular Affairs' Office of 
Fraud Prevention Programs to the SSA's fraud investigators. She also 
described assistance to the National Association of Public Health 
Statistics and Information Systems and Social Security Administration 
to automate their birth and death records. What additional resources 
are required from Federal Government agencies to stop the increasing 
levels of identity theft?

    First: Standardization of birth records and electronic access to 
state birth and death records. These are most important--the birth 
certificate is the primary document used to establish entitlement to 
U.S. citizenship and is easy to obtain.
    Also, access to the INS' naturalization database is a resource that 
would benefit us immensely. Access to this database would help our 
passport adjudication and identity confirmation process, prevent 
citizenship fraud and avoid duplication of data entry and adjudicative 
effort by both agencies. The Bureau of Consular Affairs has opened 
discussions with INS on this.
    Recently introduced bills in the Congress would mandate a common 
national format and security features for driver's licenses. The 
Department supports enactment of legislation to standardize U.S. 
driver's licenses. The driver's license is a principal form of 
identification that passport applicants present and is critical to our 
adjudication process.

    5. What should Congress consider to stop the wholesale document 
fraud that has made it very difficult to distinguish illegal aliens 
from U.S. citizens and made it easy for terrorists to obtain 
counterfeit documents?

    Determining an individual's identity and citizenship, whether in 
the context of an application for a U.S. passport or otherwise, is 
certainly complicated by the lack of uniformity between local 
governments in the creation and maintenance of vital records, and in 
the issuance of drivers licenses or state ID's. Nevertheless, the 
Department of State believes that our passport process is quite secure 
and that our process serves to both deter and to detect attempts to 
commit citizenship fraud.
    Local governments should not be in the position of adjudicating an 
individual's citizenship. Nationality law cases can be both legally and 
factually complex. In a small minority of cases, even individuals born 
in the US may not have acquired US citizenship, or may have lost 
citizenship at some point in time. At present, a US passport, a 
Certificate of Naturalization, or a Consular report of Birth Abroad are 
the principal documents establishing an individual's citizenship. 
Because only twenty percent of US citizens have a passport, the 
majority of citizens never apply for any official document attesting to 
their citizenship.

    6. It sounds like the INS has been the only agency that has 
actively pursued organized criminals who manufacture counterfeit Social 
Security cards for ``wholesale distribution.'' What programs has your 
agency initiated to combat the widespread use of counterfeit Social 
Security cards and false or stolen SSNs?''

    Statutory authority limits the Department's involvement, through 
the Bureau of Diplomatic Security (DSS), to violations pertaining to 
passports and visas. Fraudulent social security cards, however, can and 
indeed frequently do provide a nexus. Accordingly, DSS has conducted, 
and continues to conduct undercover operations with a view toward 
dismantling organizations, and apprehending individuals engaged in the 
production or procurement of fraudulent documentation. Indeed, the bulk 
of recently implemented DSS undercover operations are being conducted 
with the active participation of INS, USCS, DEA, state and local law 
enforcement entities. Recent DSS undercover operations have been 
successful in closing down organizations engaged in the full-scale 
production of fraudulent identity packages, which included birth 
certificates, driver's licenses, and Social Security cards, used in 
application for U.S. passports. Additionally, our undercover operations 
successfully targeted organizations that had obtained genuine U.S. 
passports, which were later altered for use by individuals who were not 
entitled to them. Further, standard procedure calls for referring 
developed case information to the appropriate authority whenever DSS 
investigations uncover criminal activity outside of its core statutes. 
It should be noted that fraudulently obtained Social Security cards are 
often used as a means of identification, along with driver's licenses, 
when submitting bogus passport applications (DSP-11). In block 6 of the 
DSP-11, the applicant is requested to write or type his/her Social 
Security number. Use of a fraudulent Social Security card for 
identification purposes or providing a false Social Security number on 
the DSP-11 constitutes a violation of 42 USC 408, a 5-year felony. For 
this reason, DS agents in the field often conduct joint investigations 
with Special Agents assigned to the Social Security Administration OIG.

    7. The SSA IG has emphasized the need to quickly implement the 
Enumeration at Entry (EAE) initiative, which will assign SSNs to 
certain immigrants who need one at the point they are legally admitted 
to the United States. Could you explain the Department of State's role 
in EAE? Do you think it will help prevent fraud in assigning SSNs to 
non-citizens? What other benefits do you think will result from EAE? 
SSA has been working on this initiative since 1999; what has caused the 
delay in implementation? What has the State Department been doing to 
help get this initiative under way?

    The Bureau of Consular Affairs welcomes the Social Security 
Administration's efforts to obtain immigrant visa records 
electronically to support its enumeration of newly arrived immigrants 
admitted for permanent residence. We have updated the software in our 
modernized immigrant visa system to accommodate Social Security's data 
needs. We just deployed a beta test of this system to Manila. After 
Manila, several other posts will also test it. This datasharing has 
three partners, the Bureau of Consular Affairs at State, the 
Immigration and Naturalization Service and Social Security. All parties 
are working together very closely. The initiative will reduce fraud in 
enumeration and encourage interagency cooperation in providing benefits 
to immigrants.

    8. We understand that the EAE initiative will assign numbers to 
persons legally admitted for permanent residence. Will this initiative 
be expanded to persons temporarily admitted to the U.S. for work 
purposes (e.g. seasonal workers, au pairs, and so forth)? If not, what 
would you suggest to help ensure SSNs are properly assigned to these 
individuals in a timely manner?

    The Social Security Administration has contacted the Bureau of 
Consular Affairs about extending this initiative beyond immigrants to 
nonimmigrants, such as temporary workers or exchange visitors, who need 
Social Security numbers. The Bureau of Consular Affairs welcomes the 
idea and our Bureau and Social Security are planning to hold an 
interagency meeting, hosted by Social Security, on this topic before 
the end of October.

    9. In light of troubling reports from law enforcement at both the 
Federal and State level that counterfeit birth certificates and loose 
local control of birth and death certificates exist, what can Congress 
do legislatively to tighten up such lax controls and make it more 
difficult to counterfeit a birth certificate? What revisions and/or new 
laws would provide law enforcement the necessary tools needed to stop 
these types of crimes? What further recommendations can you provide to 
Congress in this area?

    The Department supports implementation of the provisions of IRAIRA 
'96 which established the interagency Task Force, chaired by INS, to 
define and publish as regulations security standards for State birth 
certificates. The Task Force has been slow to act.
    The Department also supports the enactment of legislation that 
would mandate that only birth certificates issued by State authorities 
(as opposed to local authorities) are valid for Federal uses. We also 
believe that unrestricted public access to birth records via the 
Internet should be prohibited.
    More and more local governments across the nation are establishing 
websites on the Internet that permit direct, unrestricted, on-line 
access to actual birth records.
    Since the Department generally accepts certified copies of state 
and local U.S. birth records as primary evidence of U.S. citizenship 
for passport application purposes, we are very concerned about the 
vulnerability of vital records accessible over the Internet.
    Records posted to the Internet can be accessed, downloaded, altered 
and/or printed out by anyone with a home computer. Individuals can 
match their age, gender or other facts of birth and request certified 
copies of genuine records from the county or state.
    The National Association of Public Health Statistics and 
Information Systems (NAPHSIS), a locally based national association of 
State vital records and public health offices, has contracted with the 
Social Security Administration (SSA) to design the Electronic 
Verification of Vital Events system (EVVE), an online verification 
process. Short-term pilots began in August 2002. While we are 
enthusiastic about the EVVE process, we recognize that this is a long-
term project involving non-government organizations and the fifty 
states, each of which has different rules as to document availability, 
systems development and funding. We anticipate that the project could 
take 10 or more years to complete, but we believe that the project 
could be expedited through increased Federal Government emphasis on the 
initiative.

    10. Terrorists exploited the weak procedures for document issuance 
of several States to obtain valid, but improperly issued, identity 
cards, which allowed them to engage in their terrorist activities on 
September 11, 2001. Virginia has made reforms to drivers' license 
procedures since then. Mrs. Phillips' testimony suggests it is still a 
problem in many States. How do we get other States to reform their 
practices to make it more difficult for terrorists to get State issued 
identification?

    Recent bills introduced in the Congress would mandate a common 
national format and security features for driver's licenses. The 
Department supports enactment of legislation to standardize U.S. 
driver's licenses. The driver's license is a principal form of 
identification that passport applicants present and is critical to our 
adjudication process.
    The American Association of Motor Vehicle Administrators (AAMVA) is 
a voluntary, non-profit, tax exempt, educational organization. AAMVA 
represents the state and provincial driver license and law enforcement 
officials in the United States and Canada, who are responsible for 
administration and enforcement of laws pertaining to the motor vehicle 
and its use, including licensing. AAMVA encourages uniformity and 
reciprocity among the States and provinces, and liaison with other 
levels of government and the private sector. The States are generally 
willing to accept standardization and AAMVA is developing uniform 
standards, but we believe that implementation of a common national 
format for U.S. driver's licenses could be expedited through a Federal 
mandate.

    11. Federal law enforcement has informed the Congress and the 
public of a continuing threat from terrorists using false identities. 
The practices of some Federal agencies and many State agencies have 
made it relatively easy to obtain valid identity documents using 
counterfeit source documents. Should there be Federal laws setting 
minimum standards for confirming identity before issuing identity 
documents to reduce this vulnerability?

    The Federal law defining a passport states that it is a document 
showing the bearer's origin, identity and nationality. The Department 
may not issue a passport until it is satisfied with an applicant's 
identity. See 8 USC 1101 (a) (30) and the supporting passport 
regulations, 22 CFR, Part 51. We believe at this point that the present 
broad cooperation among the states and Federal agencies creates the 
right environment for achieving the national goal of secure basic 
identity documents.

    12. Mrs. Phillip's testimony indicated that on-line access to 
Social Security records will enable your agency to compare documents 
submitted against official data bases, and will improve the accuracy 
and integrity of the citizenship and identity confirmation processes. 
She also said that your Agency has done preliminary work with SSA and 
State Vital Statistics Offices toward this goal. Can you describe 
specifically what work has been done? Will this goal be achieved? What 
is your timeframe?

    The Department has discussed with the Social Security 
Administration (SSA), the feasibility of establishing a data link that 
would provide the Department with access to current SSN data and death 
records. Both agencies have identified the fields that are available 
that might be used in the data exchange process to confirm identities. 
The next step will be to determine the feasibility of establishing a 
communications network between the two organizations. Systems groups 
from both organizations would need to be heavily involved in the 
development process to ensure that the final goal is achieved.
    Until the data link can be established, passport specialists 
continue to have access to static SSN reference tables that assist in 
determining that SSN data provided by passport applicants is accurate. 
In addition, the Department recently upgraded its Photodig Travel 
Document Issuance System to include a new Social Security matrix that 
provides information that can be used to validate a Social Security 
number and the state and date of birth provided by the applicant.
    The Department has held discussions with SSA and NAPHSIS regarding 
getting access to EVVE database that is currently being designed and 
tested to bring all State-level records of births and deaths together. 
Access to this database will enhance the integrity of the passport 
issuance process by significantly inhibiting the use of false or 
misappropriated supporting documents.
    This is a long-term project that could take 10 or more years to 
complete, but we believe that the project could be expedited through 
increased Federal Government emphasis on the initiative.

                                 

                                                U.S. Secret Service
                                               Washington, DC 20223
                                                   October 31, 2002

The Honorable Clay Shaw
Chairman
Subcommittee on Social Security
House Committee on Ways and Means
U.S. House of Representatives
Washington, D.C. 20515

Dear Mr. Chairman:

    I am writing to respond to a series of questions the Subcommittee 
has submitted for the record, pursuant to my testimony before the House 
Ways and Means Subcommittee on Social Security and the House Judiciary 
Subcommittee on Immigration on September 19, 2002. The subject of the 
hearing was ``Preserving the Integrity of Social Security Numbers and 
Preventing Their Misuse by Terrorists and Identity Thieves''. I hope 
the information below is useful to the Subcommittee as it further 
examines this important issue.

    1. Sheik Mohamed Abdirahman Kariye is currently being held without 
bail in Portland, Oregon under charges that include false information 
while applying for and receiving three different Social Security cards 
between 1983 and 1995. Does the Secret Service request information from 
the Social Security Administration that would identify people who have 
received multiple Social Security numbers and/or who have requested/
received multiple Social Security cards?

    Answer: The Secret Service requests information from the Social 
Security Administration when there is a specific investigative need in 
a case involving a Secret Service core violation.

    Does the Secret Service utilize ``data mining'' techniques to 
identify investigative leads for professional identity thieves and 
terrorists?

    Answer: As part of our efforts to investigate identity theft and 
other financial crimes, the Secret Service does apply such techniques 
to data our agency receives from other sources.

    Is there information you currently need that you are not receiving 
or are not receiving in a timely manner from the Social Security 
Administration?

    Answer: No. The Secret Service consistently receives sufficient 
information in a timely manner from the Social Security Administration.

    2. Operation Tarmac has just scratched the surface of the 
potentially tens of thousands of illegal aliens and smaller numbers of 
U.S. citizens using false identities who hold security clearances 
issued by private companies under contract to municipal and government 
agencies. The Secret Service is an important security element for 
Federal Government buildings and for key government officials. Has the 
Secret Service sought the assistance from Immigration and 
Naturalization Service (INS) and/or the Social Security Office of the 
Inspector General to initiate similar reviews of security clearance 
documents for contract employees with access to Federal buildings? If 
not, why?

    Answer: The Secret Service is responsible for the security of the 
White House Complex--which includes the White House itself, the 
Eisenhower Executive Office Building and the Department of the 
Treasury--and the Naval Observatory, which serves as the residence of 
the Vice President. The Secret Service follows a number of well-
established procedures to ensure that only appropriate individuals have 
access to those buildings and sites under our control.

    If people who have obtained security clearances using false 
identity documents represent an unacceptable risk at airports, aren't 
they also a risk for subway systems, railroads, Federal Government 
offices, hazardous material sites, and government weapons laboratories 
and nuclear power plants?

    Answer: Individuals who obtain security clearances by any type of 
deception are always of concern, especially when such individuals 
access sensitive venues. However, security clearances are typically 
provided by the government agency with oversight authority for a 
specific location. The Secret Service has no jurisdiction to implement 
security programs at subway systems, railroads, most Federal Government 
offices, hazardous material sites, weapons laboratories and nuclear 
plants.

    Doesn't the Secret Service have a responsibility to initiate 
actions to ``clear out'' these high risk workers?

    Answer: The Secret Service does not have statutory authority to 
initiate investigations of ``high risk'' workers other than those 
employees or contractors who may be working at Federal buildings 
secured by the Secret Service.

    3. We know that identity theft is pervasive and is increasing at an 
exponential rate. In your testimony, you noted that the Administration 
strongly supports the provisions of S. 2541, the ``Identity Theft 
Enhancement Act of 2002'' introduced in the Senate. Will the increased 
penalties for identity thieves proposed in the bill be sufficient to 
curb this kind of crime?

    Answer: The Secret Service strongly supports the enhanced penalties 
set forth in S. 2541. These increased penalties will not only provide 
the appropriate level of punishment, but also serve as an effective 
deterrent for those considering engaging in this form of fraud.

    Are there other changes in law you would recommend?

    Answer: The Secret Service supports any initiatives that will make 
identity theft more difficult and our personal information more secure. 
Specifically, we note that while section 1028 of Title 18 criminalizes 
the use of another individual's information to commit a crime, it does 
not address the sale of personal data. Currently, there are no Federal 
criminal statutes to address such sales by brokers who are often found 
in computer ``chat rooms'' and other similar forums.

    4. What do you see as the next frontier for identity thieves, as 
far as emerging sources of personal information? What changes in 
current law could be made to cut off new avenues of information that 
identity thieves would use?

    Answer: The continued growth of the Internet, e-commerce, and the 
increased connectivity between individuals, businesses, and government 
will only increase the availability of personal information. We should 
expect that as technology continues to evolve, so will its criminal 
abuses. In order to preserve the security of confidential personal 
information, there must be incentives for private industry to take 
steps necessary to safeguard it.

    5. A March, 2002 GAO study described a 40% increase in identity 
thefts reported to the Social Security hotline during a 7-month period 
in 2001, over the same period in 2000. Should we expect a continuation 
of this rate increase?

    Answer: The number of cases reported is likely to continue to 
increase as the public becomes better educated about identity theft, 
and greater efforts are made to statistically document the various 
forms of identity theft.

    6. What should Congress consider to stop wholesale document fraud 
that has made it very difficult to distinguish illegal aliens from U.S. 
citizens and made it easy for terrorists to obtain counterfeit 
documents?

    Answer: The issue of counterfeit documents, particularly 
``breeder'' documents such as drivers' licenses and birth certificates, 
has been a growing problem within the United States. Of particular 
concern is the dependency of terrorist organizations on counterfeit 
documents, particularly travel-related documents, which are used to 
facilitate unimpeded travel between countries. Congress may wish to 
further examine potential remedies to this problem, and include in that 
discussion any interested law enforcement and government agencies, as 
well as private sector representatives, who could provide valuable 
insight and expertise with respect to this issue.

    7. It sounds like the INS has been the only agency that has 
actively pursued organized criminals who manufacture counterfeit Social 
Security cards ``wholesale.'' What programs has the Secret Service 
initiated to combat widespread use of counterfeit Social Security cards 
and false or stolen SSNs?

    Answer: As part of our investigative mission, the Secret Service 
actively investigates the manufacturing of counterfeit Social Security 
cards, birth certificates, driver's licenses, employment identification 
cards and other counterfeit government documents. The Secret Service, 
both individually and with task forces throughout the country, is 
focused on the suppression of counterfeit identification plants.

    8. Are operations similar to ``Operation Tarmac: (i.e., ID checks 
conducted at airports) being considered at other entry points, such as 
seaports? To what degree are full background checks being conducted? 
Can you provide any particular details regarding recent arrests or 
investigations relative to entry points into our country? What 
suggestions do you have relative to the issues we are discussing today, 
particularly preventing SSN fraud, to help secure our seaports?

    Answer: The Secret Service does not have jurisdictional authority 
over security at entry points and does not conduct background checks 
for entry points.

    I hope this information is helpful to the Subcommittees. If I can 
answer any additional questions, or provide any further information, 
please do not hesitate to contact me.

            Sincerely,
                                                        Robert Bond
                                     Deputy Special Agent in Charge

                                 

                                    Federal Bureau of Investigation
                                               Washington, DC 20535

Question #1: Is there information you currently need that you are not 
receiving or are not receiving timely from the Social Security 
Administration? If so, what information, and do you know the reasons 
for the non-receipt or the delay in receipt? What results would 
receiving such information or receiving such information more timely 
produce?
Response #1
    As a whole, there does not appear to be a problem for the FBI in 
receiving necessary information from the Social Security Administration 
(SSA). However, there is no way to identify whether or not on a case-
by-case basis there is an existing problem. The FBI does not routinely 
receive fraud referrals from the SSA.

Question #2: Operation Tarmac has just scratched the surface of the 
potentially tens of thousands of illegal aliens and smaller numbers of 
U.S. citizens using false identities who hold security clearances 
issued by private companies under contract to municipal and government 
agencies. If such people represent an unacceptable risk at airports, 
aren't they also a risk for subway systems, railroads, Federal 
Government offices, hazardous materials sites, and so on? Is the 
Federal Government going to take further initiatives beyond the airport 
investigations? Shouldn't such agencies ``clear out'' these high-risk 
workers?
Response #2
    A number of FBI field offices participated in Operation Tarmac, 
which was an Immigration and Naturalization Service (INS) initiative 
mainly through government fraud task forces. Some offices have also 
been active in similar type operations, with the Department of 
Transportation and the U.S. Customs Service targeting individuals 
employed in the same type of capacity. In cities such as Miami, Dallas, 
Houston, Salt Lake City, and New York there have in the past few months 
been hundreds of arrests in such sweeps. History has shown the 
vulnerability of our airports. These sweeps were priorities due to the 
vast number of workers and the fact that they were either in, had 
unfettered access to, or controlled secured areas of the airport.
    Any other immigration initiatives of this type would typically be 
initiated by the INS, since these matters are primarily under their 
jurisdiction. Such people targeted in Operation Tarmac would also be a 
risk if employed in subway systems, railroads, Federal Government 
offices, hazardous materials sites, and other such locations.

Question #3: We know that identity theft is pervasive and is increasing 
at an exponential rate. The Attorney General has endorsed S. 2541, 
introduced in the Senate. Will the increased penalties in that bill be 
sufficient to curb this kind of crime?
Response #3
    S. 2541 would substantially increase the criminal penalties 
applicable to the most serious forms of identity theft, and would 
streamline the requirements for prosecuting Federal identity theft 
offenses. The actual deterrent effect of such measures can only be 
determined over time, but we believe that these important reforms, 
together with other measures designed to combat identity theft, will 
strengthen the ability of federal law enforcement to address this 
growing and serious problem.

Question #4: A March 2002 GAO study described a 40% increase in 
identity thefts reported to the Social Security hotline during a 7-
month period in 2001, over the same period in 2000. Should we expect a 
continuation of this rate of increase?
Response #4
    It is difficult for the FBI to predict future increases in identity 
theft reported to the SSA Hotline. However, without changes being made 
to the availability of personal identifying information and without any 
standardization of documents used to take over someone's identity such 
as birth certificates, state issued identification cards, and state 
issued driver's licenses, further identity theft increases are 
probable.

Question #5: What should the Congress consider to stop the wholesale 
document fraud that has made it very difficult to distinguish illegal 
aliens from U.S. citizens and made it easy for terrorists to obtain 
counterfeit documents?
Response #5
    The safeguarding of personal identifying information, including 
Social Security Numbers, appears to be a key component in protecting 
one's identity from fraud. Safeguarding includes security features on 
actual documents as well as limitations on the sale and distribution of 
personal account information.

Question #6: It sounds like the INS has been the only agency that has 
actively pursued organized criminals who manufacture counterfeit Social 
Security cards for ``wholesale''. What programs has the FBI initiated 
to combat the widespread use of counterfeit Social Security cards and 
false or stolen SSNs?
Response #6
    The FBI typically investigates fraudulent Social Security cards and 
the use of false or stolen Social Security Numbers in conjunction with 
other criminal matters, such as check fraud, credit card fraud, loan 
fraud, mail fraud, wire fraud, computer crimes, and terrorism matters. 
The FBI typically investigates organized groups involved in identity 
theft activities including the misuse of someone's Social Security 
Number.
    An example of one of these cases investigated by the Detroit 
Division relates to five subjects who used the identity of their 
victims to obtain mortgages on the victims' homes, which had no liens. 
Over $1.2 million was obtained by the subjects through this scheme. 
They used the victims' identities, including their Social Security 
Numbers, to complete documentation to receive these loans. At the 
closings, they presented counterfeit Social Security cards and fake 
driver's licenses to the title company representatives as 
identification.
    Another example of an FBI investigation involved 15 subjects and 
over one half million dollars in fraud. These subjects used sources 
inside businesses, such as car rental companies and hospitals, to 
provide forms that had personal identifying information regarding their 
customers. These forms were used to extract such information, as well 
as to obtain the credit card number used as payment. The subjects then 
contacted the credit card issuer purporting to be this person. They 
used the information from the form to provide the Social Security 
Number, date of birth, and home address of their victims to confirm 
they were the accountholders. Then they requested to add authorized 
users to the accounts and get additional cards issued. The subjects 
then intercepted these cards, which were going to be delivered to the 
various victims' homes, and used them to obtain merchandise as well as 
cash advances.

Question #7: Are operations similar to ``Operation Tarmac'' (i.e., ID 
checks conducted at airports) being conducted at airports being 
considered at other entry points such as our seaports? To what degree 
are full background checks being conducted? Can you provide any 
particular details regarding recent arrests or investigations relative 
to entry points into our country, particularly our seaports? What 
suggestions do you have relative to the issues we are discussing today, 
particularly preventing SSN fraud, to help secure our seaports?
Response #7
    As stated in question number 2, the FBI participated in Operation 
Tarmac, which was an INS operation as well as being actively involved 
in other operations regarding airport workers. However, this question 
would be better directed to the INS, the U.S. Customs Service, and any 
other agency that has jurisdiction regarding matters occurring at entry 
points into the United States. The FBI does not typically investigate 
point of entry matters but may get involved in such matters where the 
criminal violation is also under the FBI's jurisdiction. The U.S. Coast 
Guard has also played a traditional role inside the international 
waters contiguous to the United States.
    Full background checks at the airports are conducted by the 
employing companies, and spot checks of these background checks have 
been made by FAA in past years. With the entrance of Homeland Security, 
and through the Transportation Security Administration, oversight of 
these background checks may indeed intensify. Such an intensification 
would appear to be in line with their regulatory oversight of 
transportation and transportation facilities.

                                 

                                     Social Security Administration
                                     Baltimore, Maryland 21235-0001
                                                   November 8, 2002

The Honorable E. Clay Shaw, Jr.
Chairman, Subcommittee on Social Security
Committee on Ways and Means
House of Representatives
Washington, D.C. 20515-0922

Dear Mr. Shaw:

    In response to your letter of October 10, 2002, we submit the 
following answers to your questions for the record to supplement my 
testimony at your Subcommittees' joint hearing on Preserving the 
Integrity of Social Security Numbers (SSN) and Preventing Their Misuse 
by Terrorists and Identity Thieves held on September 19, 2002.

    1. Expanding from the Operation Tarmac investigations by the 
Immigration and Naturalization Service (INS) with the support of other 
Federal agencies, there are potentially tens of thousands of illegal 
aliens and smaller numbers of U.S. citizens using false identities who 
hold security clearances issued by private companies under contract to 
municipal and government agencies.

    a. If such people represent an unacceptable risk at airports, 
aren't they also a risk for subway systems, railroads, Federal 
Government offices, hazardous materials sites, and so on?

    Yes. Such people could present risks to facilities deemed part of 
our nation's critical infrastructure. We recommend that the workload 
required to address these vulnerabilities be prioritized in accordance 
with the harm potential of each individual site. It is important to 
stratify our priorities in order to meet these challenges in a cogent 
manner.

    b. Is the Federal Government going to take further initiatives 
beyond the airport investigations?

    Yes. Under the auspices of many United States Attorney's Offices 
across the nation, we are reviewing nuclear plants, and informal 
discussions are underway to expand our efforts to include sites such as 
dams, bridges and seaports. Additionally, SSA/OIG has begun to review 
Federal sites which employ contract guards under the purview of the 
Federal Protective Service (FPS) and GSA.

    c. Shouldn't it be made incumbent on such agencies to ``clear out'' 
such high-risk workers?

    SSA/OIG believes that agencies should periodically review their 
work force to identify high-risk workers. It is the responsibility of 
each individual agency that employs high-risk workers at such sites to 
review their own personnel files and take such steps as necessary to 
properly screen their work force. SSA/OIG stands ready to assist these 
agencies in matching files and records as allowed by law.

    2. We know that identity theft is pervasive and is increasing at an 
exponential rate. The Attorney General has endorsed legislation 
introduced in the Senate to increase the penalties for identity theft. 
Will that bill be sufficient to curb this kind of crime?

    While SSA/OIG cannot state that S. 2541, the ``Identity Theft 
Penalty Enhancement Act of 2002'' will, in and of itself, be sufficient 
to curb identity theft, we are supportive of the legislation. In our 
view it builds upon and strengthens the identity theft legislation 
enacted in 1998 and codified at 18 U.S.C. Sec. 1028(a)(7). We have 
reviewed and compared the felonies listed in the legislation with 
felonies which Special Agents from our Office of Investigations have 
used, or could use, in SSN misuse cases. Based on this review, we 
suggest the addition of the following four felony violations to section 
1028A(c), created by S. 2541. The four sections are: (1) 18 U.S.C. 
Sec. 371 (Conspiracy to commit offense or to defraud the United 
States); (2) 18 U.S.C. Sec. 641 (Public money, property or records); 
(3) section 811 of the Social Security Act (42 U.S.C. Sec. 1011); and, 
(4) section 1632 of the Social Security Act (42 U.S.C. Sec. 1683a). We 
believe the addition of these four felony violations will strengthen S. 
2541.
    As discussed in more detail in response to the last part of 
question 7 and to question 9, we also recommend additional legislative 
initiatives we believe will help address SSN misuse and identity theft.

    3. A March 2002 GAO study described a 40% increase in identity 
thefts reported to the Social Security hotline during a seven-month 
period in 2001, over the same period in 2000. Should we expect a 
continuation of this rate of increase?

    While SSA/OIG expects the calls reporting identity theft to 
increase, SSA/OIG is currently taking steps to forward a significant 
portion of these reports directly to the Federal Trade Commission 
(FTC), which has been designated the national clearinghouse, in 
accordance with Congress' wishes. Many of these are allegations 
involving issues such as credit card misuse or obtaining loans, goods, 
and/or services not directly related to SSA's programs and operations. 
In this way, the callers information will be immediately available to 
Federal, State and local law enforcement who have access to FTC's 
Identity Theft database. SSA/OIG is also updating its brochure and 
website information to direct victims of SSN misuse to the FTC. 
Consequently, SSA/OIG will focus its resources on SSN misuse 
allegations related to SSA programs and operations.

    4. What should Congress consider to stop the wholesale document 
fraud that has made it very difficult to distinguish illegal aliens 
from U.S. citizens, and made it easy for terrorists to obtain 
counterfeit documents?

    SSA/OIG audit and investigative work has identified three distinct 
approaches to SSN integrity for which legislation is critically needed. 
The first area is limiting the use and display of the SSN already in 
circulation in the public and private sectors. Second, the present 
arsenal of criminal, civil, and administrative penalties is clearly 
insufficient to deter and/or punish identity thieves. The third 
approach is requiring the cross-verification of SSNs through both 
governmental and private sector systems of records to identify and 
address anomalies in SSA's files, and in data bases at various levels 
of government and the financial sector (we discuss SSN verification 
later in this document).
    Specific needs for legislation to curtail the use of counterfeit 
documents include:

         LApplying the Civil Money Penalty to the felony 
        provisions of the Social Security Act in the area of SSN 
        misuse;
         LEnhancing the penalties for identity theft 
        violations, to include selling SSNs and other Social Security 
        information;
         LImmediately curtailing the public display of SSNs on 
        identification cards, motor vehicle records, court documents, 
        and the like;
         LRestricting private and governmental use of SSNs, 
        including the display of SSNs on government checks and driver's 
        licenses or motor vehicle registrations, and some prohibitions 
        of the sale, purchase, or display of the SSN in the private 
        sector;
         LProhibiting prison inmate access to SSNs;
         LRestricting unfair or deceptive acts or practices, 
        such as refusals to do business without receipt of an SSN; and
         LTreating credit header information as confidential.

    5. What programs has your office initiated to combat the widespread 
use of counterfeit Social Security cards and false or stolen SSNs?

    SSA/OIG actively pursues cases involving the trafficking of SSNs. 
SSA/OIG's Office of Investigations (OI) Field Divisions regularly 
investigate allegations of SSN misuse related to program fraud. 
Furthermore, five OI Field Divisions are active Members of identity 
theft task forces, focusing on counterfeit documents and the 
trafficking of documents.
    Immediately after the tragic events of September 11, 2001, we 
intensified our efforts to combat the enumeration of individuals who 
use false evidentiary documents to suborn the enumeration process. As 
part of these efforts, we continue our close liaison with Anti-
Terrorism Task Forces around the nation. With other Federal, State and 
local law enforcement agencies, we continue to investigate allegations 
of SSN misuse that affect the Nation's critical infrastructure, such as 
airports.
    SSA/OIG/OI personnel have been trained in the identification of 
fraudulent documents. We are in the process of expanding and upgrading 
our training efforts in the detection and identification of fraudulent 
documents during the enumeration process. In conjunction with regional 
antifraud initiatives, SSA/OIG/OI Field Divisions conduct training in 
an effort to assist SSA Field Office personnel in detecting false 
documentation.
    Additionally, SSA/OIG, in partnership with SSA, has been heavily 
involved in several pilot projects designed to detect fraudulent 
documents. SSA/OIG continues to meet with SSA to enhance the Modernized 
Enumeration System and subsequently reduce the enumeration of 
individuals presenting false documents. SSA/OIG has also been 
instrumental in effecting a policy change mandating that all INS 
evidentiary documents be verified by INS, as discussed below.
    Recognizing the SSN's importance in non-citizens' assimilation in 
U.S. society, SSA established an Enumeration Task Force in November 
2001 to examine and establish policy that would strengthen SSA's 
procedures. As a Member of this Task Force, SSA/OIG has shared many 
insights and ideas with SSA, which we believe will help increase 
integrity of the enumeration process.
    SSA/OIG's Office of Audit (OA) has issued numerous reports 
addressing SSN integrity. These reports included recommendations that 
addressed vulnerabilities in several SSA processes including assignment 
and issuance, employer wage reporting, and death master file reporting 
and issuance. SSA elected to implement many of these recommendations. 
Additionally, after the events of September 11, 2001, SSA revisited its 
position on many of our prior recommendations that it had either not 
yet disagreed with or implemented. In several cases, SSA decided to 
escalate the implementation of some recommendations, and reversed its 
position on others.
    In our May 2002 Management Advisory Report, Social Security Number 
Integrity: An Important Link in Homeland Security, we provided insight 
into what more needs to be done to ensure SSN integrity in a post-
September 11th environment. Our audit and investigative work has shown 
that there are three stages at which protections for the SSN must be 
put in place: upon issuance, during the life of the number holder, and 
upon that individual's death. To address vulnerabilities at each of 
these three stages, we suggested that SSA and Congress pursue the 
following actions: (1) independently verify birth and immigration 
records; (2) limit the SSN's public availability; (3) prohibit the sale 
and limit the display of SSNs; (4) enact strong enforcement mechanisms 
and stiff penalties; and (5) do more to protect the SSN after the 
number holder's death.
    We have also reviewed SSA programs that assist employers in 
recognizing incorrect name and SSN combinations on their wage reports, 
which could include false or stolen SSNs. Our September 2002 audit The 
Social Security Administration's Employee Verification Service for 
Registered Employers (A-03-02-22008) evaluated the policies and 
procedures SSA had in place to provide information to registered users 
of the Employee Verification Service (EVS). The purpose of the EVS 
program is to ensure that employees' names and SSNs are valid before 
employers' wage reports are submitted to SSA. The use of EVS is 
voluntary, and can assist employers in eliminating common SSN reporting 
errors. Employers who wish to verify 51 or more SSNs at one time are 
encouraged to register for the EVS program. There are approximately 
7,400 registered employers in the EVS program--including about 260 
third-party users who submit requests on behalf of their clients.
    However, while the number of employers registering with EVS has 
increased since 1997, less than 1 percent of all U.S. employers are 
registered to use the service. Furthermore, only 392 employers (5 
percent of those registered) submitted data to SSA since 1999. Finally, 
EVS did not disclose pertinent information that could have assisted 
registered employers to detect potential SSN problems. Specifically, 
SSA did not inform employers when a submitted SSN belonged to a 
deceased individual. In response to our report, SSA states it planned 
to review the information shared with employers. In addition, SSA is 
piloting an online version of EVS, the Social Security Number 
Verification Service, which SSA hopes will increase employer usage of 
the SSA verification program.

    6. Your office has issued several reports related to the Earnings 
Suspense File and cited many instances of employers and industries that 
continually submit erroneous wage reports.

    a. Has your office initiated any investigations based on these 
findings?

    SSA/OIG's Offices of Investigation and Audit reviewed the instances 
of employers and industries that submit erroneous wage reports. It is 
our view that under the current statutory scheme, the IRS was best 
equipped to address this situation and issue penalties. Therefore, we 
have met with IRS auditors and shared this information, while 
encouraging them to review IRS enforcement actions related to erroneous 
wage reports. In addition, it is our understanding that SSA has also 
shared specific problem employer information with the IRS.

    b. Will your office utilize ``data mining'' techniques to identity 
employers that consistently make questionable mistakes in large numbers 
of wage reports?

    Yes. SSA/OIG's September 1999 audit report, Patterns of Reporting 
Errors and Irregularities by 100 Employers with the Most Suspended Wage 
Items (A-03-98-31009), identified those employers with the most 
suspended wage items from Tax Years (TY) 1993-1996. In the report, we 
concluded that a relatively small number of employers account for a 
disproportionate share of the suspended items and dollars in the ESF, 
which is the repository for wage items that fail to match name and SSN 
to SSA records. The types of reporting errors and irregularities by the 
Top 100 employers for the 4-year period included large numbers of: 
unassigned SSNs, e.g., one employer had over 6,500 unassigned SSNs; 
zero SSNs, e.g., one employer had 663 SSNs in which all 9 digits were 
`0'; consecutively numbered SSNs in which the first 6 digits were 
identical; and duplicate mailing addresses for 3 or more employees.
    In this report, we stated that many of the wage reporting problems 
warranted follow-up action by SSA. Therefore, we recommended that SSA:

         Ldevelop and implement a corrective action plan for 
        the 100 employers and continue its efforts to contact those 
        employers responsible for large numbers of suspended wage 
        items;
         Lestablish preventive controls to detect wage 
        reporting errors and irregularities;
         Lidentify those employers who continually submit 
        annual wage reports with large numbers and/or percentages of 
        unassigned, identical, and/or consecutively numbered SSNs; and
         Lrun address standardization software as soon as 
        practical after employers submit their annual wage reports to 
        identify employers who report the same address for many 
        employees.

    In addition, OA has recently started an audit to revisit the issues 
highlighted in the 1999 report. Our review will assess SSA's 
implementation of the recommendations made in the top 100 employers' 
report as well as other actions or initiatives related to employers 
with large numbers of suspended earnings. In addition, later this 
fiscal year we plan to initiate another ``data mining'' audit to 
identify the top 100 employers with reporting irregularities during Tax 
Years 1997 through 2000. We also understand that the Internal Revenue 
Service will be reviewing employer reporting for this same 4-year 
period to identify non-compliant employers and determine what 
corrective actions are necessary--to include penalties.

    c. Are there legal or policy barriers to making the names of such 
``scoff law'' employers public?

    Wage and earnings information provided by employers that is placed 
in SSA's Earnings Suspense File is taxpayer return information and its 
disclosure is subject to 26 U.S.C. Sec. 6103, which controls the 
disclosure of Internal Revenue Service data.

    7. In your testimony, you ask for civil monetary penalty authority 
to impose penalties against those who misuse SSNs. Can you provide more 
details as to what authorities you are specifically looking for?

    SSA/OIG is seeking authority to impose civil monetary penalties for 
those criminal provisions of section 208 of the Social Security Act (42 
U.S.C. 408). This would include those who:

         LUse a SSN obtained by false information;
         LFalsely represent a SSN to be theirs;
         LKnowingly alter a SSN, or intend to alter it;
         LKnowingly buy or sell a card that is or purports to 
        be a card issued by the Commissioner of Social Security;
         LCounterfeit a Social Security card, or possess a 
        counterfeit Social Security card with intent to buy or sell it;
         LDisclose, use or compel the disclosure of, or 
        knowingly purchase the SSN of any person in violation of any 
        law of the United States; and
         LFurnishes false information to the Commissioner in 
        connection with the establishment and maintenance of the 
        records provided for in section 205(c)(2) of the Social 
        Security Act.

    In addition, SSA/OIG is requesting civil monetary penalty authority 
for (1) the circumstance of an individual offering, for a fee, to 
assist in acquiring for another individual, an additional SSN or a 
number that purports to be a SSN; and, (2) violations of certain 
provisions of H.R. 2036.
    These proposals are designed to supplement the current criminal 
penalties in section 208 of the Social Security Act as well as the 
criminal provisions in H.R. 2036.
    Based on our OA audit reports regarding SSA's Earnings Suspense 
File, we would also request authority to impose civil monetary 
penalties on employers who knowingly submit incorrect SSNs.
    Since the submission of these proposals, another circumstance has 
arisen that we feel merits inclusion for both criminal and civil 
penalties. SSA/OIG Special Agents have encountered instances of 
individuals selling or otherwise allowing another person to use their 
identity for fraudulent purposes. As discussed in more detail in the 
last part to this question, we believe this should be prohibited.

    Do such authorities lie with other agencies now?

    The SSN is required by Federal law for the administration of 
several Federal programs, including Medicaid, Temporary Assistance for 
Needy Families and food stamps. It is our understanding that each of 
these programs provides for criminal and civil penalties for improperly 
receiving benefits. We would defer to the appropriate oversight agency 
for a complete list of applicable statutes.
    In addition, from our reading of the Internal Revenue Code, it 
appears the IRS may impose a civil monetary penalty against an employer 
that files an incorrect W-2.

    How would you coordinate?

    In those instances where the SSN misuse occurred in the program or 
operation of another agency, we anticipate that we would defer to that 
agency. We would conduct a joint investigation with that agency should 
we be requested or if the circumstances warranted. This would also 
apply to the imposition of civil monetary penalties.
    SSN misuse that ends up in SSA's Earnings Suspense File has a 
direct impact on the programs and operations of SSA. We believe that we 
should be able to impose civil monetary penalties in these cases. We 
recognize the IRS has a civil penalty for employers providing incorrect 
information. We believe that coordination, through a Memorandum of 
Understanding as to who would initially proceed in these types of 
cases, could be entered into. However, we would defer to the direction 
of Congress as to which agency should have the lead.

    Don't available resources limit your ability to pursue SSN misuse 
today?

    Available resources do limit the number of SSN misuse cases SSA/OIG 
Special Agents can investigate and the number of audits that can be 
performed on SSN misuse. However, from a civil monetary penalty 
standpoint, currently, the biggest limitation to pursuing SSN misuse is 
the lack of statutory ability to impose a civil monetary penalty, not 
necessarily resources. Imposition of a civil monetary penalty under 
section 1129 of the Social Security Act is by the Office of the Chief 
Counsel to the Inspector General.

    What additional resources would you need?

    SSA/OIG is acutely aware of the problem of SSN misuse and related 
crimes, such as identity theft, where the SSN is a key component. We 
believe we have a duty to the American public to safeguard the 
integrity of SSN. Additionally, we, as SSA's investigative arm, have a 
duty to detect, investigate, and seek prosecution of crimes involving 
SSN misuse. Equally important is the responsibility for finding methods 
of preventing these crimes from occurring, through process and systems 
enhancements.
    To address this issue, we propose establishing a core SSN Misuse 
Response Team. This integrated model combines the talents of our 
auditors, investigators, and attorneys. This team will focus its 
efforts on identifying patterns and trends to better target our audit 
work, refer cases for investigation, and liaison with other relevant 
public and private sector entities. Using the combined skills of its 
Members, the team will manage incoming allegations, and using 
established protocols, evaluate the investigative merit of each 
allegation and determine whether it should be referred to an SSA/OIG 
Field Division. This team will also work with the SSA/OIG Office of 
Audit to conduct official audits based on leads developed as a result 
of the team's analysis and investigations.
    Additional audit resources would enable SSA/OIG to target more 
reviews at determining how SSA might prevent SSN misuse fraud. Reducing 
crimes involving SSN misuse would help SSA meet the expectations of the 
American public and improve the public's confidence in SSA's ability to 
ensure the privacy of sensitive and personal information.
    The team would also act as liaison on projects and initiatives with 
task forces involving SSN misuse, credit bureaus, motor vehicle 
administrations, the Federal Trade Commission, credit card companies, 
and other entities. This is a comprehensive approach, yet focused 
enough to allow us to more effectively address this issue and provide 
assistance to SSA, Congress, the public, and other law enforcement.
    To staff this initiative we would request the following personnel 
over the next 5 years. Twenty-two staff for Fiscal Years (FY) 2004, 
2205 and 2006. Twenty-four staff for FYs 2007 and 2008. This would be 
utilized by the hiring of 88 investigative staff, 14 forensic auditors, 
10 attorneys, and 2 computer specialists.
    From a civil monetary penalty standpoint, we anticipate that the 
recommended legislation would, if enacted, generate a substantial new 
civil monetary penalty workload. Significant attorney resources will be 
required to process and evaluate such cases.

    Are there provisions you would change or add in H.R. 2036?

    SSA/OIG would recommend the following additions to H.R. 2036 that 
we believe will enhance our ability to combat SSN misuse.

         LCurrent legislation requires that an individual needs 
        to be in possession of five or more false identification 
        documents before being subject to prosecution. We recommend 
        that legislation be amended to eliminate the specific number of 
        documents an individual needs to have in his possession before 
        being charged.
         LCurrent legislation does not prohibit an individual 
        from selling his/her own identity documents. We recommend that 
        a legislative enhancement be introduced to prohibit the sale of 
        one's own identifiers or identification documents to another. 
        In addition to a criminal penalty, there should also be a 
        corresponding civil monetary penalty.
         LThe ability of SSA or the OIG to verify the SSN of a 
        felony subject for Federal, State and local law enforcement 
        officials, similar to the current process whereby SSA verifies 
        the SSN of individuals for employers.
         LEnhance penalties for violations of section 208 of 
        the Social Security Act, 42 U.S.C. Sec. 408. Potential 
        structured enhancement of the punishment could be:
                 LIf the SSN is used to facilitate an act of 
                terrorism--up to 25 years.
                 LIf the SSN is used to facilitate drug 
                trafficking or in connection with a crime of violence--
                up to 20 years.
                 LAfter a prior offense under section 208, a 
                conviction could result in up to 10 years in prison, 
                double the current sentence.
                 LLeave the rest of the violations at the 
                current punishment--up to 5 years. This would apply to 
                those individuals who improperly receive benefits from 
                SSA using a false SSN.
         LAmend 18 U.S.C. Sec. 641 to provide for the 
        aggregation of individual Social Security payments improperly 
        made to individuals.
         LLaw Enforcement Authority for SSA/OIG Special Agents, 
        codifying the current Memorandum of Understanding between the 
        Department of Justice and the SSA/OIG, with the additional 
        ability for the Inspector General to cross-designate State and 
        local law enforcement officials on a case by case basis.
         LAuthority to impose civil monetary penalties on 
        employers who knowingly submit false SSN information on the 
        submitted wage and earnings statements.
         LEnhanced sentencing guidelines for SSA employees 
        convicted of improperly providing SSA information or SSNs.
         LAuthority to disclose SSA information to law 
        enforcement to assist in an investigation involving a serious 
        crime.

    8. In light of the widespread use of fraudulent Social Security 
documents, the fact they assisted the 9/11 terrorists in committing the 
attacks, and the exponential increase of 40% in identity theft reported 
to the SSA, should Congress consider giving the SSA/OIG statutory law 
enforcement authority?

    Yes, Congress should consider giving SSA/OIG statutory law 
enforcement. Due to its uniqueness and prevalence in society, the SSN 
has become our de facto national identifier, used as a key means of 
identification in both the public and private sectors. Today 
approximately 300 million people have SSNs. Since the program began in 
1936, SSA has issued approximately 390 million SSNs. Since it is so 
heavily relied upon as an identifier, it is a valuable commodity for 
criminals. It can be obtained in many ways: presenting false 
documentation to SSA; stealing another person's SSN; purchasing an SSN 
on the black market; and, simply making one up. Congress recognized the 
importance of the SSN in enacting the Identity Theft and Assumption 
Deterrence Act 1998, P.L. 105-318, by specifically listing the SSN as a 
``means of identification.''
    From organized crime to illegal aliens, there is an ever-increasing 
market for SSNs. More and more, the SSN is being used for 
identification purposes. Based on our experience, the SSN is a prime 
``breeder document,'' used to obtain other documents including credit 
cards, driver's licenses, and so forth. This can be the first step to 
committing crimes involving financial transactions, banking, false 
identities, and benefit programs. This could also allow the individual 
to improperly obtain benefits, items of value, conceal bad debt, avoid 
arrest, and if the individual is an alien, to work. Private businesses, 
including credit-reporting agencies, cite the value of the SSN in 
tracking individuals.
    Because of its use as a breeder document, ensuring the integrity of 
the SSN has taken on added significance since September 11, 2001. SSA/
OIG Special Agents have been active participants in the Department of 
Justice's Anti-Terrorism Task Forces throughout the country, providing 
valuable investigative assistance. We have played a key role in 37 
airport operations around the country, targeting airport employees who 
misrepresent their SSN's to gain access to secure areas. To date, these 
operations have resulted in 741 arrests and numerous deportations. A 
number of other Homeland Security operations are pending.
    With the importance of the SSN in identifying and eliminating 
potential threats to our Nation's airports, nuclear power plants and 
other critical sites, SSA/OIG has become a vital participant in our 
Nation's Homeland Security efforts. With SSA/OIG's role in identity 
theft and SSN misuse, as well as its interrelationship to Homeland 
Security efforts, it is imperative that SSA/OIG be afforded full 
statutory law enforcement authority.

    How would your office use these new powers to combat the widespread 
use of counterfeit Social Security cards and false or stolen SS 
numbers?

    Statutory law enforcement authority would reduce SSA/OIG's 
administrative burden and provide the most effective use of our 
resources. This authority would allow the Inspector General to cross-
designate State and local law enforcement agents to assist OIG Special 
Agents in the investigation of Social Security cases, including SSN 
misuse. This would provide greater opportunity for additional 
undercover operations, identity theft task force involvement and 
expanded Homeland Security operations.

    9. Are there additional law enforcement tools that you need in 
order to address document trafficking, such as increased penalties or 
increased information sharing?

    We would recommend the enactment of the legislation listed in the 
last part of question 7, where we responded as to what additions we 
would make to H.R. 2036.

    10a. Are operations similar to ``Operation Tarmac'' (i.e., 
conducting ID checks at airports) being considered at other entry 
points such as our seaports?

    Please refer to our answers to question 1.

    b. What degree is a full background check being conducted?

    Since each agency conducts security background checks to the level 
they deem appropriate, this office does not know whether a full 
background check is being utilized. However, we are available to assist 
each agency in matching SSA records under the auspices of the DOJ or 
otherwise as allowed by law.

    c. Can you provide any particular details regarding recent arrests 
or investigations relative to entry points into our country, 
particularly our seaports?

    There have been no arrests at seaports. However, to date there have 
been 741 criminal arrests by SSA/OIG personnel at 37 airports. Other 
Federal, State and local law enforcement agencies participating in 
airport operations effected many more arrests, as well as INS 
administrative detentions.

    What suggestions do you have relative to the issues we are 
discussing today, particularly preventing SSN fraud, to help secure our 
seaports?

    It is our belief that the same focus and methodology used in 
airport operations throughout the country can also be employed at other 
points of entry, including seaports.

    11. What are your views regarding SSA ``deactivating'' SSNs of 
certain individuals?
    a. Is it possible?
    b. Would it work?

    Although ``deactivating'' SSNs is possible, it may be difficult to 
share this information with those who encounter these SSNs throughout 
the economy. SSA could place an indicator on the record of an 
individual with a deactivated record. For example, SSA already places 
indicators on an individual's records when they have died or were 
issued an SSN for nonwork purposes. In addition, SSA has already 
established a special indicator when the Agency believes an SSN was 
issued based on fraudulent documents. Nonetheless, we have seen 
instances where this information is not being shared with the users of 
this information.
    As discussed above, EVS allows employers to verifyemployees' names 
and SSNs before they submit wage reports to SSA. However, very few 
employers actually utilize this service. For this reason, we have 
recommended that certain employers be mandated to use this service. In 
addition, EVS does not disclose pertinent information that could assist 
employers in detecting potential SSN problems. For example, although 
SSA knows an SSN belongs to a deceased individual or knows the Agency 
issued the number based on fraudulent documents, EVS does not provide 
such information to employers. As a result, employers have no way of 
knowing that an employee is not entitled to use the SSN.
    SSA also shares the SSNs of deceased individuals in a publicly 
available Death Master File. Other indicators, such as deactivated 
SSNs, could also be shared with the public in a similar way. However, 
this information is sold for a fee, which could limit the number of 
interested users, and we do not know the full extent of its usage 
throughout the economy. We have also found that the Death Master File 
has disclosed SSN information when the SSN owner was improperly listed 
as deceased. As a result, SSA would need to ensure the integrity of any 
data shared in any similar file.
    To ensure SSN integrity, we believe SSA has the responsibility to 
be the sole source for verifying SSN information and alerting external 
entities when they have information that indicates an individual may be 
improperly using an SSN. This responsibility supports the need for SSA 
to cross verify its data with other Federal, State and local 
authorities. However, SSA is not appropriately sharing current 
indicators with the public, so a new special indicator to deactivate an 
SSN would have to overcome these existing shortcomings. We believe SSA 
could improve public notification by modifying and expanding EVS and 
its other SSN verification services, including the online SSN 
Verification System pilot, the Employer 800-Number, and local field 
offices.

    12. As discussed in the hearing, have you confirmed whether there 
are universities promoting the fact that they will help foreign 
students obtain SSNs?

    No. Although we have not conducted an audit for the sole purpose of 
verifying this situation, previous audit work has identified situations 
where SSN applicants have claimed to be students authorized to work, 
but INS later confirmed that these individuals were not students and 
not authorized to work. In addition, we received an inquiry regarding a 
Web site instructing foreign students to go to a certain SSA field 
office in New York in order to be enumerated. We advised the SSA 
Regional Commissioner of this inquiry. In general, the schemes alluded 
to on the subject Web site were known to SSA. In addition, in OA's 2000 
audit report on the The Social Security Administration's Procedures for 
Verifying Evidentiary Documents Submitted with Original Social Security 
Number Applications, we described a large case in California in which 
several students of one University used false documents to obtain SSNs. 
The case was investigated by our Office of Investigations and it was 
determined that store-front ethnic language schools were involved, not 
legitimate universities. It was further determined that an SSA employee 
was involved in the improper issuance of SSNs in this case, which were 
then sold by a middleman. The employee in this case resigned during the 
investigation and the middleman has been indicted. Further judicial 
action is still pending in this case. Currently, we have no ongoing 
audit work in this area. However, we are willing to work with DOJ OIG 
as well as SSA and INS to determine if there is sufficient information 
available to conduct additional audit work in this area.
    An identical letter has also been sent to George W. Gekas, 
Chairman, Subcommittee on Immigration, Border Security and Claims. We 
are also including a copy of this response on an IBM compatible 3.5-
inch diskette in Microsoft Word format per your directions. If you have 
any questions regarding these answers, or need additional information, 
please contact H. Douglass Cunningham of my staff at 202-358-6319.

            Sincerely,
                                                 James G. Huse, Jr.
                                                  Inspector General

                                 

                              Electronic Privacy Information Center
                                               Washington, DC 20009
                                                   October 25, 2002

The Honorable E. Clay Shaw
Chairman
Subcommittee on Social Security
U.S. House of Representatives
B-316 Rayburn House Office Building
Washington, DC 20515

The Honorable George W. Gekas
Chairman
Subcommittee on Immigration, Border Security, and Claims
U.S. House of Representatives

Dear Chairmen Shaw and Gekas:

    Thank you for soliciting additional information from the Electronic 
Privacy Information Center (EPIC) following the September 19, 2002 
Joint Hearing on Preserving the Integrity of Social Security Numbers 
and Preventing Their Misuse by Terrorists. I am honored to have been 
called upon to assist the Committee on these issues.
    In order the complete the hearing record, I have reprinted the 
questions posed below along with answers.

        L1. What limitations on sale, purchase, and display of SSNs do 
        you think Congress should consider? What exceptions, if any, do 
        you think are necessary to ensure the public can still conduct 
        business in a reasonably efficient way, but without sacrificing 
        their privacy and protecting their identity?

    Individuals would be best protected from identity theft if serious 
limitations were placed on both governmental and commercial use of the 
SSN. It is critical that we craft legislation that encourages these 
entities to use alternative identifiers. Some entities already have 
created alternative identifiers that are not based on the SSN for 
customer identification.\1\
---------------------------------------------------------------------------
    \1\ Robert Ellis Smith, Alternatives to Using Social Security 
Numbers in Large Organizations, Privacy Journal, at http://
www.epic.org/privacy/ssn/alternatives__ssn.html.
---------------------------------------------------------------------------
    Exceptions may be made for situations where other Federal laws 
require the disclosure of the SSN, for instance, for the reporting of 
taxable income. However, there should not be blanket exemptions to 
protections for personal information.
    If a substantial interest exists in creating an exemption for a 
particular use of the SSN, statutory protections for the collection and 
use of the SSN should be established. Under section 7 of the Privacy 
Act, entities that collect the SSN must give notice to the individual 
stating whether collection of the information is mandatory or 
voluntary, the statutory authority for the collection of the SSN, and 
the uses for which it will be employed.\2\ A similar set of protections 
should be created for entities that are allowed to collect and use 
SSNs. This set of protections should include the ability of individuals 
to gain access to all records keyed by the SSN, an obligation on the 
data collector to securely store the SSN, limits on the use and 
disclosure of the SSN, and a cause of action for the individual if any 
of these provisions are violated.
---------------------------------------------------------------------------
    \2\ 5 U.S.C. Sec. 552a(7)(b).
---------------------------------------------------------------------------
    Additionally, we recommend that where possible, exemptions for 
continued sale, purchase, or display of the SSN should sunset. We 
believe that the guiding principle of SSN protection should be one that 
encourages use of alternative identifiers. Sunset provisions will allow 
business to be conducted in a reasonably efficient way, and motivate 
data holders to migrate to more privacy-friendly practices.
    Congress should also explore technical measures to ensure secure 
storage and transmission of the SSN. When the SSN must be collected and 
used, it should be stored in an encrypted format. In doing so, the data 
collector can still use the encrypted result for matching without 
exposing the full SSN to employees or others.

        L2. You mentioned the pervasiveness of use of SSNs in 
        conducting business and the need to curb use of the SSNs. To 
        what extent would you carryover the same concerns to use of 
        derivatives of SSNs?

    The problem with the use of ``derivative'' or partial SSNs is that 
the individual pieces may be obtained and the complete SSN then 
reconstructed.
    Derivative use of the SSN, when done properly, presents less risk 
than using the entire identifier. It is important that derivative users 
only employ the last four digits of the SSN. Proper derivative use will 
reduce risk of identity theft.
    I hope these answers adequately address your concerns. If I can be 
of further help, please do not hesitate to contact me.

            Sincerely,
                                                    Chris Hoofnagle
                                                Legislative Counsel

                                 

    [Submissions for the record follow:]
  Statement of the Hon. Hal Daub, Chairman, Social Security Advisory 
                  Board, and Former Member of Congress
    Chairman Shaw, Chairman Gekas, Ranking Member Matsui, Ranking 
Member Jackson Lee, and Members of the Subcommittees. I welcome the 
opportunity today to share with you, for the record, the views of the 
Social Security Advisory Board on the importance of protecting the 
integrity of Social Security numbers.
    Since its inception, the Advisory Board has actively examined both 
the authorized and unauthorized uses of Social Security numbers, 
weaknesses in SSA's enumeration processes and systems, and SSA's role 
in deterring identity-related crimes, illegal immigration and other 
security issues related to Social Security numbers. In addition, we 
have been keeping abreast of developments in the Congress, public 
sentiments, and SSA's progress in responding to the ever-changing needs 
of the system.
    The Board has grown increasingly concerned about rapidly growing 
incidences of Social Security number misuse, other identity-related 
crimes, fraud, and acts of terrorism that are often facilitated by the 
misappropriation or misuse of Social Security numbers. According to 
SSA's Inspector General, the vast majority of identity crimes--most of 
which are financial in nature--involve the misuse of an individual's 
Social Security number. But despite the seriousness with which these 
concerns were being debated both inside and outside of government 
circles before September 11th, 2001, it was not until the recent 
terrorist attacks against the United States that we have seen such 
widespread awareness of the vulnerabilities and the weaknesses inherent 
in the current systems. This awareness is accompanied by an equally 
strong commitment to resolve unanswered questions about the appropriate 
roles each agency must fill in protecting the integrity of individual 
identity systems and safeguarding our citizens and our nation against 
crime and acts of terrorism.
    As I indicated earlier, these debates are not new. But in light of 
the new urgency they have taken on since September 11th, 2001, we find 
ourselves at a pivotal time in our nation's history. Our civic leaders, 
our business leaders, our social and religious organizations, and our 
citizens need to join forces, share information, and come to agreement 
on three very important questions regarding the use of Social Security 
numbers as a key to validating identity. What role, if any, should the 
Social Security number play in terms of identity validation for 
purposes both inside and outside the scope of Social Security programs? 
What procedures and systems are needed at all levels of our society to 
prevent the continued misuse of identity information to facilitate acts 
of terror, violence, mayhem, and abuse? And what safeguards are needed 
to achieve our security and integrity goals, without unduly 
compromising individual privacy and freedom?
    On many occasions over recent years, the Board has heard SSA 
Inspector General Jim Huse urge the agency, the Congress, the business 
community, and the public to come to grips with the reality that the 
Social Security number has become a de facto national identifier. Many 
times, we have heard Inspector General Huse say that it is too late to 
``put this runaway horse back in the barn''. But perhaps we should not 
be looking to put the horse back in the barn. Perhaps, instead, we 
should be thinking about building a stronger fence to keep the horse 
from escaping the farm as well.
Slowing the Runaway Horse
    The Federal Bureau of Investigation (FBI) recently recognized 
identity fraud as the fastest growing white-collar crime in America, 
making it a significant public policy issue. And, according to other 
recent reports from SSA's Inspector General and the FBI, improperly 
obtained Social Security numbers present a significant vehicle for 
would-be terrorists to infiltrate themselves into our society--making 
Social Security number abuse a national security concern as well. 
Likewise, the Board has heard from SSA officials and the agency's 
Inspector General that improper attainment or theft of Social Security 
numbers, including counterfeit Social Security cards, plays a major 
role in unauthorized work and the growing inaccuracies in wage 
reporting that have resulted in huge increases in SSA's earnings 
suspense file.
    In preparation for its reports on improving service to the public 
and on SSA's responsibilities to safeguard the responsible collection 
and expenditure of the public's funds, the Board has met with SSA 
executives, managers and staff all over the nation. We have met with 
managers and staff in both headquarters and in the agency's field 
structure, including more than a thousand SSA field office employees 
who work on the front lines each day, delivering important services to 
the American people. We have met with representatives and staff from 
SSA's Office of Inspector General, the agency's Enumeration Task Force, 
Regional Security and Integrity Centers in both New York City and 
Denver, and with the new Enumeration Center established in Denver to 
begin developing specialized expertise on these issues within the 
service delivery structure. We have held public hearings all over the 
nation and have spoken to victims of identity theft, migrant worker 
groups, employers, and even the Consul General of Mexico, in our 
attempt to grasp the vast dimensions of these problems.
    Throughout our work, we have heard one message overwhelmingly--SSA, 
alone, cannot do all that is necessary to protect our society from 
identity-related crimes and the other crimes that they enable. SSA must 
also rely on the expertise, efficiency and effectiveness of the 
Immigration and Naturalization Service (INS), the Department of State, 
the Internal Revenue Service (IRS), and law enforcement, as they carry 
out their own important responsibilities. We have heard, loud and 
clear, that it is imperative for these other agencies to do their part 
by delivering prompt and effective identity validation and effective 
enforcement of statutory work requirements--including the use of 
appropriate penalties and prosecution in cases where individuals, 
groups or employers are found to be abusing the system or perpetrating 
criminal acts.
Building Stronger Fences
    The importance of the Social Security number and the Social 
Security card to the government and to any individual who wants to work 
or transact some other kind of business in the United States cannot be 
overstated. Employers are required to ask for an individual's Social 
Security number before hiring, and the number is the identifier used in 
all claims for Social Security or SSI benefits, as well as for many 
other Federal and State programs, such as Medicare, Medicaid, and 
public assistance benefits. The IRS uses the SSN as an identifier for 
individual taxpayers, for identifying taxpayer dependents, and for 
tracking income and payroll tax contributions. Many States use it in 
their individual driver's license systems. Many businesses and 
organizations in the private sector, including banks and credit card 
companies, also depend on the Social Security number as an identifier 
for maintaining their records. The law specifically authorizes many of 
these uses. Additional uses have developed over time. While these 
additional uses may not be specifically authorized by statute, the law 
does not prohibit them either.
    In recent testimony before the House Committee on Ways and Means, 
officials from the General Accounting Office (GAO) reported that many 
federal agencies are not taking the necessary precautions to safeguard 
personal information, including the Social Security number, from 
improper display and disclosure. GAO officials have also urged agencies 
to look at alternatives to using Social Security numbers as identifiers 
wherever this is a possibility. It is imperative that government 
agencies, at all levels of government--federal, state, and local--take 
the necessary steps to protect the privacy and integrity of individual 
identifying information. What is lacking here--according to GAO and 
other observers--is a uniform system of safeguards and policies about 
how an individual's personal information can be used, displayed or 
disclosed. Some agencies, businesses, organizations and even State 
governments have responded to these concerns responsibly--but far too 
many have failed to understand the importance of keeping identity 
information safe and ensuring the integrity of the data they maintain 
and disclose.
    To illustrate this point, I would like to tell you about a recent 
interaction that the Board had with the Selective Service System. As 
Chairman of the Advisory Board, I contacted the Director of Selective 
Service to voice my concerns about the manner in which his agency 
captures personal information from the young men who are required by 
law to register. Registration forms are distributed in U.S. Postal 
Service offices throughout the nation. They are double-sided, tear-away 
``postcards'' that registrants must fill out and mail back to an agency 
processing center. The form collects such personal identifiers as the 
young man's name, address, date-of-birth, Social Security number and 
signature. While I fully understand the need for the system to collect 
and maintain personal identifying information on the young men who 
register, the open format for supplying this information does not 
adequately protect its privacy. The sum total of personal data elements 
that are reported on this form, if misappropriated, could easily be 
used by unscrupulous individuals to facilitate crime, immigration 
fraud, and terrorism. The Office of Management and Budget approved this 
form for use in September 2001.
    In response to the issues that I raised, the Board was told that, 
while the Selective Service System prefers to have men register using 
electronic methods, they are also given the option to register by mail. 
Mail-back postcards are used instead of a more secure option because it 
minimizes postage costs. For those young men who are concerned about 
the privacy of their information, the throw-away part of the form 
contains a suggestion that they place the registration card in an 
envelope before they mail it back. To me, this approach seems pennywise 
and pound foolish--to save a few cents on postage, are we truly willing 
to expect and trust that the average eighteen-year-old will recognize 
the importance of keeping his data secure? While the Selective Service 
System has agreed to move their ``privacy concern'' instruction to a 
more prominent location on the registration card itself, the Board 
believes that this remains an insufficient effort to protect the 
privacy, integrity and security of the vital information contained on 
this document. We believe that more responsible measures are needed to 
address this situation, and countless similar situations in other 
agencies and organizations.
    For many years, Committees and Members of Congress have emphasized 
the importance of maintaining the integrity of the Social Security 
number and the Social Security card. Hearings have been held and bills 
have been introduced. In 1996, the Congress passed legislation 
requiring SSA to study the feasibility of issuing a secure Social 
Security card. The agency issued a report in 1997, but no action was 
taken. During the last session of Congress, the Chairman and Ranking 
Minority Member of the House Social Security Subcommittee, along with 
other members of Congress, introduced a bill to limit the display of 
the Social Security number by public and private entities, including on 
motor vehicle licenses and registration. It provided for making refusal 
to do business without receipt of an SSN an unfair or deceptive act or 
practice, and provided new criminal penalties for misuse of SSNs. A 
similar bill was reintroduced during the current session of Congress to 
even wider support. This bill establishes important parameters and 
safeguards that apply to both government agencies and the private 
sector. We believe that it is a step in the right direction.
Strengthening SSA to Meet the Challenge
    While SSA cannot do the job alone, and while we applaud the 
progress made by the agency since September 11th, 2001, further 
improvements in SSA's enumeration processes and systems are needed.
    As the Board has documented elsewhere, many of those individuals 
who present themselves daily at one of SSA's over-crowded field office 
waiting rooms around the country have come to apply for a new or--more 
often--a replacement Social Security card. In fact, handling 
applications for new and replacement cards is the largest category of 
work that field offices perform. In fiscal year 2001, the agency issued 
18.1 million cards, a 16 percent increase since 1997. Currently, about 
32 percent of all Social Security number-related requests are for new 
numbers and about 68 percent are for replacement cards for people with 
existing numbers.
    SSA's performance standards for issuing cards reflect a concern for 
both speed of issuance and quality. With regard to speed, the agency's 
statistics show that in fiscal year 2001, 96.8 percent of Social 
Security number applicants were advised of their assigned number within 
24 hours of initial processing. Agency statistics for 2000 show that 
99.8 percent of numbers were issued accurately. Nonetheless, SSA's 
Office of the Inspector General has expressed a high level of concern 
about the integrity of the agency's enumeration process and the 
validity of the agency's performance measurement system. It points out 
that given the importance of the Social Security number, many 
unscrupulous individuals have a strong motive for fraudulently 
acquiring a number and using it for illegal purposes. Problems that the 
OIG has identified include using an illegally obtained number to 
receive government services or benefits, obtain employment, or enter 
the country, and using another individual's number to steal their 
identity and commit crimes, usually financial crimes, in that person's 
name.
    Among other concerns, the OIG has criticized the agency's 
procedures for validating identity documents that are used by 
individuals to illegally obtain cards. In 1999, PriceWaterhouseCoopers 
conducted an independent study that also found that SSA's front-end 
controls for enumeration were deficient. In one recent review the OIG 
conducted, it found that significant numbers of cards had been issued 
based on invalid or inappropriate evidentiary documents presented as 
evidence of age, identity, citizenship, or legal alien status. These 
included INS forms that were never issued, and forms that INS had 
issued to individuals other than the Social Security number applicants, 
or had issued with a different alien classification. SSA had also 
assigned many numbers to applicants whose U.S. birth certificates were 
counterfeit.
    The OIG has also concluded that SSA employees in the field do not 
have adequate training or the tools they need to determine the validity 
of evidentiary documents. Some within SSA have observed, however, that 
SSA employees are not and should not be expected to become expects on 
the latest counterfeiting technologies, capable of identifying the 
highly sophisticated false documents that are now commonly available. 
The Board also has heard repeated complaints about the integrity of the 
enumeration process from SSA managers and employees. They believe that 
many of the documents they are seeing are not valid, but as one field 
office employee noted, the policy is that ``Unless you have a specific 
reason to suspect the validity of a document, you should go ahead and 
process.'' A field office manager told the Board that false identity 
documents are easily gotten. For example, a false driver's license 
``can be bought down the street,'' and there is no cross check with the 
Department of Motor Vehicles. Employees in one office the Board visited 
observed that every office follows its own processing procedures. Some 
are stricter than others, and the result is that people shop around for 
the office that is most likely to issue a card. One SSA executive told 
the Board that in his area the selling of Social Security numbers is 
one of the agency's biggest stewardship problems. There are gangs who 
routinely approach SSA employees who might be vulnerable. These gangs 
are sophisticated in finding out about employees' personal situations 
and they use this information as leverage to coerce or entice employees 
to steal numbers or provide them with sufficient personal information 
from SSA's databases, information that can then be used to establish 
fraudulent identities. Another problem that concerns many employees is 
that, without a photo ID or some form of biometric identification, 
neither of which is required, there is no way they can be sure that 
individuals who come into the office are who they say they are. This is 
an issue that goes beyond the issuance of a number and includes 
individuals who claim benefits as well.
    Employees in field offices have told the Board that interviews with 
individuals who are applying for Social Security numbers--and who want 
them right away--are the most contentious that they must face. There is 
also a concern within the agency that more careful checking of 
documentation or developing a more secure card would require additional 
resources, which the agency does not currently have.
    In March of 2002, the Board issued its report on the agency's 
responsibility to ensure program integrity, outlining many of the same 
issues addressed here today. In that report, we recommended that SSA 
work more aggressively with the INS and with the Department of State to 
resolve any outstanding loopholes or gaps in data sharing and in the 
identity verification process. In addition, we have recommended that 
SSA work more aggressively to encourage the IRS to exercise its 
statutory authority and begin sanctioning chronic abusers of work 
authorization requirements. We applaud the progress that has been made 
by SSA since that time. The agency has taken giant steps forward in 
closing many of the loopholes that we have discussed in our stewardship 
report and elsewhere. But, as outlined above, and as is apparent from 
the testimony of others here today, further efforts are needed.
    SSA does not and should not work in a vacuum. The agency depends 
upon the support of the Administration and the Congress to provide the 
resources necessary for the agency to do its job and uphold its 
responsibilities. As we have learned from recent events in our country, 
it is imperative that those critical functions of the agency--including 
the protection of the Social Security number from misuse and abuse--be 
fully staffed, fully funded and provided the same level of serious 
consideration as other agencies that have a responsibility for 
protecting our security and national well-being. The Board intends to 
continue monitoring these critical stewardship and security issues. We 
look forward to working with the Congress and the Administration on 
these very important matters.

                                 
   Statement of Witold Skwierczynski, National Council of SSA Field 
  Operations Locals, American Federation of Government Employees, AFL-
                        CIO, Baltimore, Maryland
    Chairman Shaw, Chairman George W. Gekas, Ranking Member Matsui, 
Ranking Member Jackson Lee and members of the Subcommittees, I thank 
you for the opportunity to present this statement regarding Social 
Security's ability to preserve the integrity of Social Security numbers 
and preventing their misuse by terrorists and identity thieves.
    As a representative of the AFGE Social Security General Committee 
and President of the National Council of SSA Field Operations Locals, I 
speak on behalf of approximately 50,000 Social Security Administration 
(SSA) employees in over 1400 facilities. These employees work in Field 
Offices, Offices of Hearings & Appeals, Program Service Centers, 
Teleservice Centers, Regional Offices of Quality Assurance, and other 
facilities throughout the country where retirement and disability 
benefit applications and appeal requests are received, processed, and 
reviewed.
    AFGE is committed to serve, as we always have in the past, as not 
only the employees' advocate, but also as a watchdog for clients, 
taxpayers, and their elected representatives.
    Let me begin by stating we agree with Chairman Gekas' comments that 
the privacy of the Social Security numbers of every American is under 
attack and that the Social Security Administration can do more to 
tighten up its procedures for issuing Social Security Cards to prevent 
fraud.
    Accuracy on the part of the SSA employees processing requests for 
Social Security numbers is greater than those of the agency charged 
with safeguarding immigration records. In SSA, we process 6 million 
Social Security Number requests annually. According to SSA's OIG, less 
than 1.6% of Social Security Number requests have been issued with 
false INS documents. That figure was based on FY2000 statistics. 
However, since FY2000, SSA has implemented new systems enhancements and 
policies that require all INS documents of foreign-born applicants to 
be verified by INS before the issuance of a Social Security number. The 
Union believes that these measures have further safeguarded the privacy 
and integrity of the SSN records.
    Unfortunately, SSA has also implemented initiatives that we believe 
are harmful to the integrity of all SSA records leaving every American 
vulnerable to attack by terrorists, international criminals, and an 
increasing number of identity thieves.
Employer Access

    In May 2002, the Union became aware that the Agency implemented a 
program that allowed employers to gain access to SSN records of their 
newly hired employees via the Internet. This program has been approved 
by OMB for 630 major employers and may be soon expanding. According to 
approved procedures, SSA business partners and companies are nominated 
by SSA's Senior Financial Executive under the Deputy Commissioner 
Finance Assessment and Management, then approved by SSA's Commissioner.
    The Union believes that employer access to SSN records will result 
in misuse, fraud and abuse of individual privacy. On the issue of 
privacy, if the employer can obtain this information about an 
individual, anyone with an EIN may gain access to personal information. 
The gatekeeper of SSN records thus becomes the employer and its 
employees authorized access to ``verify'' Social Security records.
    SSA has notified the Union that audits were not conducted by any 
private or governmental entity, i.e. SSA, OIG, or GAO, of the initial 
``Employer Access'' pilot, prior to implementing expansion. SSA went 
forward with full implementation without assurances that:

         LInformation sought on individuals were actual 
        employees hired by their companies,
         LEmployee verifications were conducted by approved 
        employers only,
         LThe public's privacy was not compromised, and to 
        determine if the integrity of SSA programs had been compromised 
        by inappropriate or unauthorized use of this program,
         LEmployers accessed SSN records only for new hires 
        rather than access to discriminate and/or violate individual 
        privacy.
         LInformation obtained through this program was not 
        relied upon to justify adverse action against a worker, which 
        would violate State or Federal law.
         LSigned statements were obtained, acknowledging there 
        are criminal penalties for making a knowing and willful request 
        for access to records concerning another individual under false 
        pretences. Such abuses are considered criminal and punishable 
        by law and carry penalties.

    Additionally, the Union has learned that details needed to 
determine an individual's identity are not being required by SSA for 
these employers to obtain information about SSN records. This would 
include the date of birth, place of birth, mother's maiden name. 
Therefore, SSN records of someone with a similar or same name may be 
provided to the employer, making it easier for someone to use another 
person's SSN. Therefore, the employer would further compromise the 
integrity of SSN records.
    SSA has developed an alert system to determine if employers may be 
verifying an excess of SSN records. If an employer requests 
verification on more than 200 percent of the number of W-2s processed 
in the preceding tax year, an alert will be issued. The Union strongly 
believes that this ``alert'' system is a facade to provide concerned 
parties with a false sense of security of individual privacy. This 
``system'' provides a means for employers to abuse their privilege and 
allow the abuse to go undetected and unexposed. For example, a 
corporation with 100,000 employees would be able to access 200,000 SSN 
records of individuals for family, friends and colleagues without 
detection. Although SSA's own reports indicate that one employer has 
already exceeded its number of employees by more than 500%, SSA has 
failed to conduct an audit.
    Furthermore, SSA has not developed or communicated a written policy 
to hold companies legally liable for misuse of employer access of SSN 
records.
    It is the Union's understanding that SSA plans to expand other 
services and/or records to employers in the future. OMB must give 
approval to SSA to expand the number of employers who can gain access 
to SSN records. We strongly believe that Congress should urge the OMB 
to rescind this program to insure integrity of SSN records and 
individual privacy.
INS Involvement--Enumeration Centers and Enumeration at Entry

    In January 2002, SSA signed an agreement with the Immigration and 
Naturalization Service (INS) to implement the Enumeration at Entry 
project. This allows INS, during the initial phase, to electronically 
forward to SSA enumeration data from certain aliens lawfully admitted 
for permanent residence. SSA will then electronically assign an SSN and 
issue a Social Security card to the alien.
    As members of the Judiciary Committee are painfully aware, the INS 
has a lengthy history of being severely mismanaged. Its workers are 
faced with tremendous backlogs approaching 2 million applications. In 
January 2002, the GAO made Congress aware that immigration benefit 
fraud at the INS is a significant problem that threatens the integrity 
of the legal immigration system. INS officials believe that the problem 
is pervasive and serious and they also believe that some aliens are 
using the benefit application process to enable them to carry out 
illegal activities, such as crimes of violence, narcotics trafficking, 
and terrorism.
    Until the INS and Congress can successfully address these problems, 
how can SSA consider allowing the INS to provide SSA with accurate, 
legal information to ``electronically'' assign a Social Security number 
when the integrity of INS records cannot be maintained?
    SSA now intends to implement an Enumeration Center as a pilot in 
the Brooklyn, NY area. This Enumeration Center will be staffed by SSA 
field office employees, SSA's OIG and INS employees. SSA intends to 
rotate field office employees in/out of the Enumeration Center. All 
requests for Social Security cards will be handled at the Enumeration 
Center, rather than an SSA field office. This means that if someone 
walks into a SSA field office to apply for a SSN, the SSA employee who 
normally would help the applicant will have to refer him or her to the 
Enumeration Center for assistance. This would include referring clients 
who have other business at an SSA field office.
    AFGE opposes Enumeration Centers. SSA's field offices have always 
been full-service facilities. The taxpayer deserves full-service and 
one stop shopping. To refer SSN applicants to an Enumeration Center 
that may be miles away, will create barriers and greatly inconvenience 
folks who rely on public transportation or have physical disabilities. 
Foreign-born applicants should not have to be subjected to the 
intimidation of SSA-OIG and INS workers when applying for a Social 
Security card.
    The security issues raised by SSA are unfounded. SSA employees are 
highly trained. Systems enhancements and new policies have virtually 
eliminated the unknowing acceptance of fraudulent INS documents.
    To prevent highly qualified SSA employees from providing the 
services they were trained to do, at the convenience of the public, is 
a disservice. This Congress is already aware of the human capital 
crisis at SSA, particularly in its field offices. Detailing employees 
to enumeration centers is needless and not a good use of our precious 
resources.
Integrity of SSA Internet Services

    Two months after SSA gave employers access to SSA records via the 
``Employer Access'' program, SSA discovered weaknesses in the Internet 
firewalls, which compromises SSN records to hackers.
    Rather than inform the public or Congress of this possible breach 
of privacy and possibility of identity theft, SSA posted a message that 
misled the public to believe that routine maintenance was the cause for 
SSA Internet access to be down for 3 days.
    This was not a surprise to AFGE. Computer specialists had 
previously advised SSA that its database would be difficult, if not 
impossible, to protect from hackers. In spite of warnings and protests, 
SSA decided to move forward with its ``E-Gov'' goals. AFGE informed 
Congress of its objections to SSA's plans to expand online services. 
The American public trusts SSA to guard and protect the very source of 
their livelihood, their Social Security numbers. AFGE strongly believes 
that the protection all SSA records against identity theft, fraud and 
misuse should be guaranteed and never compromised. Now, when identity 
theft poses its greatest threat to our nation in the way of terrorism 
and ciminal acts, SSA's records need to be more secure than ever. 
Instead, SSA is taking actions that we strongly believe will ultimately 
be harmful to the integrity of all SSA records.
    We urge your Committees to consider the following:

         LAt a minimum, request GAO to audit SSA Employer 
        Access initiative to insure the proper access of SSA records.
         LUrge SSA to cease and desist giving access of SSA 
        records to third party entities (governmental and private).
         LRequest GAO to assess and/or audit the SSA Internet 
        firewall protections of all SSA records.
         LUrge SSA to rescind it plans to create SSA/INS 
        Enumeration Centers and direct SSA to seek Congressional 
        approval for the creation of such a flawed bureaucracy, which 
        will only serve to undermine SSA's public service and the 
        integrity of its records.

    I thank you for your time and your consideration of our concerns.

                                 

                           American Immigration Lawyers Association
                                               Washington, DC 20004

The Honorable E. Clay Shaw, Jr.
Chairman, House Social Security Subcommittee
B-316 Rayburn House Office Building
Washington, DC 20515-6353

The Honorable George Gekas
Chairman, House Immigration, Border Control and Claims Subcommittee
B-370B Rayburn House Office Building
Washington, DC 20515-6353

    The American Immigration Lawyers Association (AILA) thanks the 
committees for the opportunity to submit our comments on the September 
19, 2002 joint hearing on Preserving the Integrity of the Social 
Security Number and Preventing Misuse by Terrorists and Identity 
Thieves. AILA supports taking constructive steps to ensure that 
identifying documents, such as the social security card, are not 
subject to fraud and misuse. AILA urges the committees to consider how 
positive reforms to our immigration laws can help achieve this goal.
    The testimony seemed to indicate that a large number of the 
employees who were the subject of the 800,000 no-match letters the 
Social Security Administration (SSA) sent to employers this year are 
undocumented workers. This, if true, underscores that there are 
millions of undocumented workers in the United States who are here to 
fill ``essential worker'' positions, those unskilled and semi-skilled 
jobs vital to all sectors of our economy. These essential workers fill 
jobs that U.S. workers are unwilling to take, despite the general 
downturn in the economy.
    Reports from the Bureau of Labor Statistics reinforce the need for 
essential workers and the fact that this need is rising. During the 
labor force expansion that took place from 1996-2000, foreign labor 
filled the lesser skilled positions native-born workers left. As a 
result, over 55% of the foreign-born work force is concentrated in 
service and labor occupations. Projections for the next ten years 
indicate that the need for workers in these occupations will continue 
to rise as new jobs are created: the service-producing sector alone is 
expected to create over 12 million new positions. 57 percent of all job 
openings will be for essential worker positions and will only require 
modest or on the job training. In order to keep our economy strong, the 
U.S. needs these essential workers to fill these positions.
    This nation has long benefited from the large number of 
undocumented worker who fill unskilled and semi skilled positions 
essential to our economy. It is long past due that we change our 
immigration laws to provide legalization for the hard-working, 
taxpaying workers in this country and create a legal means for workers 
we will need in the future.
    That these workers are here illegally is a symptom of an 
immigration system that is out of touch with the needs of our economy. 
Simply put, there is no way for workers currently here to legalize 
their status and there is no visa category through which semi-skilled 
and unskilled workers can legally enter the United States in order to 
perform full-time, year-round work. These workers do not want to be 
undocumented. Many are paying taxes and social security, the same as 
legal workers. However, the lack of any legal means to regularize the 
status of those who are here and the absence of any temporary 
immigration program through which people can legally enter and leave 
the country is not good for our communities, our economy, or our 
security.
    In fact, both a legalization program and an essential worker 
temporary visa program will help us to enhance our security. A 
legalization program that rewards work would bring hardworking, well 
meaning individuals out of the shadows and would allow us to properly 
identify and document them. We would know who they are and why they are 
here. A temporary program that designates legal channels for entry 
would allow us to focus our resources at the border on those who mean 
to do us harm, not those who fill our labor needs, and reduce the 
number of tragic deaths associated with border crossings. Both these 
initiatives would further enhance our security by permanently reducing 
the demand for counterfeit documents and other related acts associated 
with unauthorized work. These positive changes would allow free up our 
agencies' time and resources and allow them to concentrate their 
efforts on achieving security goals that actually enhance our security.
    The legalization of these workers also would provide a second 
benefit to the SSA through the reduction of the Earnings Suspense Fund 
(ESF). When the SSA announced its no-match letter program for this 
year, reduction of this file was touted as one of the goals. A 
legalization program will help reduce the ESF, and the agency will be 
able to reduce administrative costs associated with maintaining such a 
large fund.
    AILA strongly opposes initiatives that would prohibit foreign 
nationals who legalize their status from receiving credit for the 
social security contributions they made while they were in an 
undocumented status. America needed the contributions these workers 
made in the labor force when they were undocumented. We should 
recognize their contribution by allowing them to access their social 
security benefits once they are legalized.
    In this time of heightened security, we must foster an environment 
that that will encourage individuals to emerge from the shadows and 
participate as productive members of our society in order to separate 
them from those that are here to do us harm. Positive immigration 
reform in conjunction with constructive reforms to protect the 
integrity of the social security numbers and prevent identity theft 
will greatly improve our nation's efforts to provide effective 
security.

            Sincerely,

                                 

 Statement of ERISA Industry Committee (ERIC), National Association of 
 State Retirement Administrators (NASRA), National Council on Teacher 
  Retirement (NCTR), National Rural Electric Cooperative Association 
        (NRECA), Profit Sharing/401(k) Council of America (PSCA)
    The undersigned organizations urge you to carefully consider the 
unintended consequences of legislation being currently pending before 
the House Ways and Means, Energy and Commerce, and Financial Services 
committees. Without amendment, the Social Security Number Privacy and 
Identity Theft Prevention Act of 2001 (H.R.2036) could unintentionally 
hinder the delivery of benefits from, and the efficient administration 
of, public and private employee benefit plans.
    We strongly support the bill's purpose of ensuring the integrity of 
the social security number (SSN). We are extremely concerned about the 
proliferation of identity theft and other financial crimes that exploit 
individual SSNs, and believe strong legislation should be enacted to 
combat such nefarious acts. As currently drafted, however, H.R.2036 
could make it more difficult to deliver comprehensive health and 
retirement benefits to public and private employees alike.
    In general, public and private employee benefit plans use SSNs in 
plan administration because of the SSNs utility as a common identifier 
for a highly mobile workforce, and because of tax reporting 
requirements. Plan administrators take seriously the responsibility 
that the use of SSNs requires, and they use the utmost caution and 
security when SSNs are used in plan administration and communications.
    Public and private sector defined benefit and defined contribution 
pension and savings plans, like 401(k), 403(b), and 457 plans, use SSNs 
to identify plan participants, account for employee contributions, 
implement the employee's investment directions, track ``rollovers'' 
from other plans, and allow employees to view their account activity or 
benefit accrual online (typically in conjunction with a secure 
``PIN''). H.R.2036's broad prohibitions could impede, for example, an 
individual's ability to stay current on the accumulation of benefits 
for his or her retirement.
    SSNs are also used as the primary identifier in many medical and 
health benefit and prescription drug plans to coordinate communications 
between the doctor, the medical service provider, and the plan. 
H.R.2036's broad prohibitions could, for example, put at risk the 
delivery of appropriate medications to the individual.
    The application of H.R.2036's broad prohibitions could:

         LUnintentionally restrict access to employee benefit 
        plans. Section 202 of H.R.2036 makes it a violation of the 
        Federal Trade Commission Act for ``any person'' to refuse to 
        ``do business'' with an individual because the individual 
        refuses to give his or her social security number to the 
        person. While the commonly understood definition of 
        ``business'' would not include employee benefit plan 
        administration, we are concerned the broad prohibition 
        unintentionally would restrict plan operation. We recommend 
        making it clear that section 202 applies only to commercial 
        transactions, and not in the context of employment of an 
        individual, including the provision of compensation or 
        benefits.

         LUnnecessarily limit the legitimate and beneficial use 
        of SSNs. Section 201 prohibits the ``sale,'' ``purchase,'' or 
        ``display to the general public'' of an individual's social 
        security number. While the intention of that prohibition is 
        clear, the definitions of ``sale,'' purchase,'' and ``display 
        to the general public'' are not. Those ambiguous definitions 
        risk making legitimate and beneficial uses of social security 
        numbers a violation of Federal criminal law.
                L  For example, many benefit plan sponsors require 
                participants to submit their social security number to 
                the plan in order to be enrolled in and receive 
                benefits from the plan. While such a transaction would 
                not meet the commonly understood definition of 
                ``sale,'' the definition of ``sale'' in section 201 
                encompasses an exchange of ``anything of value'' for a 
                social security number.
                L  Expressly excluded from the definition is the 
                application of ``any type of Government benefits or 
                program'' (which would cover government assistance 
                programs, not necessarily the employment benefits 
                governments offer their employees). The limited 
                exclusion from the definition of ``sale'' for the 
                application of social security benefits creates a risk 
                that a court will read the exchange-for-value 
                formulation to encompass everything not expressly 
                excluded, including employee benefits. We recommend 
                that the bill's exclusions be modified to encompass the 
                administration and provision of employee benefit plans.
                L  Section 201 also prohibits the intentional placing 
                of a social security number, or derivative thereof, 
                ``in a viewable manner on an Internet site that is 
                available to the general public or in any other manner 
                intended to provide access to such number or derivative 
                to the general public.'' This definition, too, may 
                sweep in routine benefit plan administration. For 
                example, individual social security numbers may appear 
                on correspondence between the plan, the plan 
                administrator, the individual, and an outside third 
                party, like a medical care provider. We are unclear if 
                such ``displays'' are to the ``general public.'' We 
                recommend the bill be amended to include a more precise 
                definition of ``general public'' to ensure that secured 
                and private displays of social security numbers typical 
                in benefit plan administration are not construed to be 
                to the ``general public.''
                L  Section 201 provides an exception to the prohibition 
                if ``voluntary and affirmative written consent'' of 
                each affected individual is obtained. Our plans may 
                cover tens of thousands of individuals. Thus, obtaining 
                affirmative written consent would be wholly 
                impracticable and extremely costly. Moreover, if an 
                individual not consenting to the use of his or her 
                social security number is dropped from the benefit 
                plan, the plan sponsor would be exposed to a 
                significant risk of litigation, enforcement actions, 
                civil penalties, excise tax penalties, and plan 
                disqualification for violation of the federal laws that 
                govern pension and other benefit plans. Thus, we 
                recommend that relief for employee benefit plans be 
                provided by narrowing the bill's definition of ``sale'' 
                and ``general public'' as discussed above.

         LUnwisely subject public and private employee benefit 
        plans to regulations promulgated by a federal agency with no 
        expertise in employee benefit plans. Section 201 also gives 
        authority to the U.S. Attorney General to promulgate 
        regulations to ensure, among other things, that the 
        prohibitions contained in section 201 are ``no broader than 
        necessary'' to accomplish its purpose. If the bill is not 
        amended, as we have recommended, to exclude routine benefit 
        plan administration from the definitions of ``sale'' and 
        ``purchase,'' we strongly recommend that the rulemaking 
        authority granted to the Attorney General be done in 
        consultation with a federal agency familiar with the workings 
        of employer-sponsored benefit plans with the clear direction 
        that regulations accommodate legitimate uses of social security 
        numbers in employee benefit plans.

    Please do not hesitate to contact Janice Gregory (202-789-1400) at 
ERIC, Jeannine Markoe Raymond (202-624-1417) at the NASRA, Cynthia 
Moore (703-243-1667) at the NCTR, Chris Stephen at the NRECA (703-907-
6026) or Edward Ferrigno at PSCA (202-626-3634) to discuss this matter 
in more detail.

                                 

                         Federation for American Immigration Reform
                                               Washington, DC 20011
                                                 September 18, 2002

The Honorable E. Clay Shaw, Jr.
Chairman, House Social Security Subcommittee
B-316 Rayburn House Office Building
Washington, DC 20515-6353

The Honorable George Gekas
Chairman, House Immigration, Border Control and Claims Subcommittee
B-370B Rayburn House Office Building
Washington, DC 20515-6217

    In connection with the hearing that you jointly are holding on 
September 19, 2002 on Protecting Integrity of Social Security Numbers, 
I would appreciate your consideration of the views of the Federation 
for American Immigration Reform (FAIR).
    Shortly after the tragic terrorist attacks last year FAIR issued a 
blueprint outlining several urgently needed measures to protect 
homeland security. Recently, on the anniversary of the attacks, we 
issued a report card on the progress towards adopting these earlier 
recommended measures. In that report card, we singled out the 
significance of the actions taken by the Social Security Administration 
(SSA) toward improving our national security.
    In particular, two actions merit the recognition and strong support 
of Congress and the American public. First, the decision by SSA to stop 
issuing social security cards to aliens in order to satisfy the 
requirements of some state departments of motor vehicles for Social 
Security Numbers (SSNs). The prior practice meant that the SSA was 
issuing SSNs to aliens who were illegally in the country to facilitate 
their applications for state-issued driver's licenses. The tragic 
effects of that policy were revealed when it became clear that all 19 
of the 9/11 terrorists had state-issued driver's licenses, some of them 
from multiple states. Under the circumstances, we strongly urge each of 
the subcommittees to underscore your support for sustaining the current 
practice of SSA in this regard.
    Second, the SSA has finally begun to insist on the need to 
reestablish the integrity of the SSN as an identifier for payroll 
purposes. It is a well-documented fact that counterfeit document 
operations have proliferated in the period since adoption in 1986 of 
the Immigration Reform and Control Act (IRCA) prohibition against 
hiring illegal aliens. One of the most frequently counterfeited 
documents has been the Social Security card. This abundance of 
fraudulent documentation has made it difficult for employers--even the 
vast majority who have no intention of hiring illegal aliens--to 
discern the authenticity of the work eligibility documents presented by 
prospective employees.
    The SSA's failure in the past to compare the SSNs on payroll 
documents with the SSNs they have issued has actually encouraged growth 
in the numbers of employers willing to hire illegal aliens. Beginning 
with agriculture and meatpacking industries and spreading throughout 
the hospitality industry, employers have been so motivated by the 
spread of illegal alien hiring by their competitors and the by the lack 
of enforcement against illegal employment that many have looked the 
other way and become fully dependent on cheap illegal employees. As a 
consequence, illegal immigration has been further encouraged, and 
qualified American and legal resident workers have been displaced as 
once prevailing wages have been dramatically depressed.
    While the SSA has offered a free online service to employers to 
verify the work eligibility of potential employees, there has been no 
real incentive to use the service. That may change now as a result of 
the SSA's recent actions systematically to notify employers of 
mismatches between SSNs listed on payroll documents and the SSNs 
issued.
    Complaints that this program of advising employers of no-matches 
may cost legal workers their jobs in unfounded, because the 
notification process specifically advises employers that they should 
allow the employee to reconcile with the SSA any possible data error 
that has led to a false no-match notification before a no-match 
notification leads to the termination of employment.
    Once again, we applaud the Administration and the SSA for taking 
these steps. Our concern, however, is that if they could be 
accomplished as policy changes, they similarly could be discontinued by 
a new policy decision. We urge you to assure that this program of 
issuing no-match letters to employers becomes a permanent requirement.
    There remain, however, two outstanding actions that would help to 
buttress the new SSA program. The first of these would apply the law 
sanctioning employers who continue to ignore the SSA alerts that 
employees do not have valid SSNs. The Internal Revenue Service (IRS) 
should be required to begin immediately fining businesses that 
flagrantly continue to ignore the SSA notifications.
    Secondly, the SSA has long maintained a policy of non-cooperation 
with the INS in identifying workplaces with potential illegal alien 
employees. This has changed somewhat in the Basic Pilot employment 
verification system mandated by the Illegal Immigrant Reform and 
Immigrant Responsibility Act of 1996. In that program, the SSA was 
required to verify SSN data and forward employment data on foreign-born 
workers to the INS for verification of work eligibility status. 
Although that program is still ongoing, its trial period has been 
completed and successfully evaluated by an outside contractor.
    Until such time as Congress enacts the Basic Pilot program as a 
permanent fixture in the nation's efforts to regain control over its 
borders, the SSA should require that no-match notifications to 
employers be retained by the employer for potential audit by the INS at 
the time that it may investigate whether employers are in compliance 
with the requirements of the IRCA prohibition against hiring illegal 
alien workers.
    The nation must never again return to the luxury of ignorance about 
the threat of international terrorism, and it can never relax in a hope 
that all foreigners will respect our sovereign right to have our 
nation's immigration policy respected. Instead, we must take the 
necessary steps to deter both threatening terrorists and illegal 
immigration by gaining control over our borders and denying safe haven 
to those who enter or stay in the United States illegally. Assuring the 
integrity of the SSN system, because it is the universal identifier for 
may purposes in our society, is critical to achievement of this 
objective.
    We trust the members of the House Social Security Subcommittee and 
the House Immigration, Border Control and Claims Subcommittee will 
agree that the recent advances in restoring integrity to the SSN system 
must be locked in place so that they are not subject to erosion as a 
result of pressures from whoever has the attention of any given 
Administration at the moment.

            Sincerely,
                                                          Dan Stein
                                                 Executive Director

                                 

   National Council of La Raza, and National Immigration Law Center
                                               Washington, DC 20036
                                                    October 3, 2002

The Honorable E. Clay Shaw, Jr.
Chairman, House Social Security Subcommittee
B-316 Rayburn House Office Building
Washington, DC 20515-6353

The Honorable George Gekas
Chairman, House Immigration, Border Security and Claims Subcommittee
B-370B Rayburn House Office Building
Washington, DC 20515-6353

RE: LPreserving the Integrity of Social Security Numbers and Preventing 
Their Misuse by Terrorists, Hearing held before the U.S. House of 
Representatives Subcommittee on Social Security and Subcommittee on 
Immigration, Border Security, and Claims, September 19, 2002

Dear Chairmen and Members of the U.S. House of Representatives 
Subcommittee on Social Security and Subcommittee on Immigration, Border 
Security, and Claims:

    The National Council of La Raza and the National Immigration Law 
Center appreciate the opportunity to submit comments on the issue of 
the Social Security Administration's no-match letters.
    Sent by the Social Security Administration (SSA) to certain 
employers, no-match letters have had a devastating impact on immigrant 
worker communities throughout the country. For the last several years, 
advocates have been expressing deep concern about the continued use of 
these no-match letters by employers to discourage immigrant workers 
from asserting their workplace rights. Advocates have also been working 
hard to educate employers who, due to the confusion caused by these 
letters, feel pressured to take some action against employees listed in 
the no-match letters. The recent hearing before the Subcommittee on 
Social Security and the Subcommittee on Immigration, Border Security, 
and Claims of the U.S. House of Representatives highlighted many of our 
concerns regarding the no-match letters. The hearing also clearly 
demonstrated the need for a balanced and thoughtful approach to 
immigration policy that recognizes the contributions that immigrant 
workers make to the U.S. economy as well as our nation's economic and 
security needs.
    In an effort to update its database, the SSA sends no-match letters 
to employers when the names or Social Security Numbers listed on an 
employer's W-2 forms do not agree with SSA records. Attached to each 
no-match letter is a list of employees for whom the SSA database could 
not find a match. The no-match letter is intended to be an educational 
correspondence that informs companies that their employees' wages are 
not being properly credited to their Social Security accounts. The SSA 
aims to correct its records so that employees' earnings are accurately 
tracked and can be used to calculate benefit levels when applications 
for retirement or disability benefits are made with SSA. Correcting the 
SSA database is certainly a commendable goal. However, the 
effectiveness of these no-match letters is unproven, and the resulting 
consequences on immigrant worker communities have been devastating.
    The SSA's use of the no-match letters has increased dramatically 
over the past year. While fewer than 100,000 letters were sent in 2000, 
110,00 were issued in 2001 and 870,000 were reportedly sent to 
employers in 2002. However, despite this increase in letters, the 
Earnings Suspense Fund (ESF) has not decreased. Rather than identify a 
more effective means to decrease the suspense file, the SSA has 
increased substantially the use of the ineffective no-match letters. 
During Mr. Lockhart's testimony, the Social Security Administration 
itself admitted that it must review the effectiveness of this policy.
    However, the system's ineffectiveness is not its gravest 
consequence. The impact of the no-match letters on the immigrant 
community has been profound and widespread. The failure of the no-match 
letters to safeguard workers effectively against unfair and illegal 
practices on the part of employers has had devastating effects on the 
workers and their families.
    As the SSA admits, there are many reasons for computer no-matches, 
and the no-match letters themselves do not prove any wrongdoing by 
either employer or employee. For example, a large proportion of the 
names on the no-match letters are Latino, Asian, or other names 
frequently misspelled by employers resulting in computer no-matches. 
These honest data-entry mistakes disproportionately affect immigrant 
workers. However, employer misuse of the no-match letters has caused 
great harm to workers nationwide. While the letter explicitly warns 
employers not to take adverse action against workers listed on the 
letter, layoffs, suspensions, firings, retaliations, and discrimination 
against these workers are widespread and well-documented. Some 
employers have simply fired all workers on the list; others have 
incorrectly reverified the work authorization of workers on the list. 
In many cases, only Latino or other ``immigrant'' workers, or workers 
involved in union organizing campaigns, have been fired or harassed 
(See Aaron Nathans, UW and Janitors Settle; Tentative Deal: $24,000 for 
Latinos, Capital Times, Dec. 8, 2001 at A1). And since a 
disproportionate number of names on the no-match lists are ``foreign-
sounding'' names, many employers fear that they will face sanctions if 
they hire additional workers who look or sound ``foreign'' resulting in 
increased citizenship or national origin discrimination in the hiring 
process.
    Low-wage immigrant workers are the most likely to be affected by 
all of these illegal practices. In fact, our communities have reported 
widespread abuse of the SSA no-match letters resulting in greatly 
increased anxiety within the immigrant community. Many legal permanent 
residents and even U.S. citizens have been affected, and the 
undocumented worker community has been pushed even further underground. 
Because many immigrants live in mixed-status families and close-knit 
communities, when one worker is fired entire families including U.S. 
citizen children suffer.
    Thus the SSA's no-match letter policy has not resulted in reducing 
the suspense file, has not eliminated computer no-matches, and has not 
diminished unfair hiring practices. In fact, the consequences have been 
quite the contrary. Particularly in this time of heightened security, 
we must foster an environment that that will encourage individuals to 
emerge from the shadows and participate as productive members of our 
society in order to separate them from those who are here to do us 
harm. Rather than pour the SSA's resources and energies into an 
ineffective and harmful policy, we must be prepared to step back and 
look at the larger picture.
    The testimony of Mr. Matthew James Reindl highlighted the advantage 
that unscrupulous employers who hire undocumented workers have over 
law-abiding employers. For years, immigrant advocates have argued that 
unlawful hiring practices harm both immigrant workers and U.S. workers. 
The recent Supreme Court decision in the Hoffman Plastic Compounds Inc. 
vs. NLRB, ____ U.S. __, 122 S. Ct. 1275 (2002),--further exacerbates 
that advantage and gives added incentive to employers to hire 
unauthorized workers. In that decision the Court found that 
undocumented workers who are illegally fired are not eligible for 
certain backpay remedies under the NLRA. This decision means that 
employers can continue to hire unauthorized workers and subject them to 
exploitative conditions and even fire them for union organizing 
activities--all of which are illegal regardless of a worker's 
immigration status--with no out-of-pocket costs. The Social Security 
Administration's no-match policy will not punish these employers nor 
resolve the underlying problems associated with the hiring of 
undocumented labor. Instead, it provides added incentives for employers 
to take unlawful action against the workers whom they have knowingly 
hired with no legal ramifications. The answer to the problem raised by 
Mr. Reindl is to enact legislation reversing Hoffman, thus leveling the 
playing field by removing the incentive to hire undocumented workers to 
whom they will never owe backpay.
    The problems highlighted during the hearing clearly demonstrate the 
need for comprehensive immigration reform. The existence of the SSA 
suspense file shows that immigrant workers, regardless of their 
immigration status, are paying Social Security taxes and are not 
receiving the benefits of those taxes. The evidence presented also 
demonstrates that immigrant workers are essential to the U.S. economy 
and that U.S. employers have knowingly and unknowingly hired many 
undocumented workers needed to fill jobs in key sectors of the economy. 
These hardworking, taxpaying immigrants should be rewarded for their 
contributions by getting the opportunity to legalize their immigration 
status and obtain permanent residence in the U.S. Only in this way can 
these workers come out from the shadows, be known to U.S. authorities, 
properly pay all of their taxes, and be compensated appropriately. Such 
a legalization program would also greatly reduce document fraud by 
virtually eliminating the market for falsified Social Security Numbers 
and other identifying documents, and the Social Security Administration 
could continue its primary mission of administering the Social Security 
program.
    We urge you to reflect upon the ineffectiveness of the no-match 
letter policy and work towards effective and comprehensive solutions to 
the problems associated with unauthorized labor in the U.S. We look 
forward to working with you in the future.

            Sincerely,

                                   - 
