[House Hearing, 110 Congress]
[From the U.S. Government Publishing Office]





                  PROTECTING THE PRIVACY OF THE SOCIAL
                  SECURITY NUMBER FROM IDENTITY THEFT

=======================================================================

                                HEARING

                               before the

                    SUBCOMMITTEE ON SOCIAL SECURITY

                                 of the

                      COMMITTEE ON WAYS AND MEANS
                     U.S. HOUSE OF REPRESENTATIVES

                       ONE HUNDRED TENTH CONGRESS

                             FIRST SESSION

                               __________

                             JUNE 21, 2007

                               __________

                           Serial No. 111-33

                               __________

         Printed for the use of the Committee on Ways and Means






[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]





                  U.S. GOVERNMENT PRINTING OFFICE
 63-017                   WASHINGTON : 2011
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC 
area (202) 512-1800 Fax: (202) 512-2104  Mail: Stop IDCC, Washington, DC 
20402-0001







                      COMMITTEE ON WAYS AND MEANS

                 CHARLES B. RANGEL, New York, Chairman

FORTNEY PETE STARK, California       JIM McCRERY, Louisiana
SANDER M. LEVIN, Michigan            WALLY HERGER, California
JIM McDERMOTT, Washington            DAVE CAMP, Michigan
JOHN LEWIS, Georgia                  JIM RAMSTAD, Minnesota
RICHARD E. NEAL, Massachusetts       SAM JOHNSON, Texas
MICHAEL R. McNULTY, New York         PHIL ENGLISH, Pennsylvania
JOHN S. TANNER, Tennessee            JERRY WELLER, Illinois
XAVIER BECERRA, California           KENNY HULSHOF, Missouri
LLOYD DOGGETT, Texas                 RON LEWIS, Kentucky
EARL POMEROY, North Dakota           KEVIN BRADY, Texas
STEPHANIE TUBBS JONES, Ohio          THOMAS M. REYNOLDS, New York
MIKE THOMPSON, California            PAUL RYAN, Wisconsin
JOHN B. LARSON, Connecticut          ERIC CANTOR, Virginia
RAHM EMANUEL, Illinois               JOHN LINDER, Georgia
EARL BLUMENAUER, Oregon              DEVIN NUNES, California
RON KIND, Wisconsin                  PAT TIBERI, Ohio
BILL PASCRELL JR., New Jersey        JON PORTER, Nevada
SHELLEY BERKLEY, Nevada
JOSEPH CROWLEY, New York
CHRIS VAN HOLLEN, Maryland
KENDRICK MEEK, Florida
ALLYSON Y. SCHWARTZ, Pennsylvania
ARTUR DAVIS, Alabama

             Janice Mays, Chief Counsel and Staff Director

                  Brett Loper, Minority Staff Director

                    Subcommittee on Social Security

                 MICHAEL R. MCNULTY, New York, Chairman

SANDER M. LEVIN, Michigan            SAM JOHNSON, Texas
EARL POMEROY, North Dakota           RON LEWIS, Kentucky
ALLYSON Y. SCHWARTZ, Pennsylvania    KEVIN BRADY, Texas
ARTUR DAVIS, Alabama                 PAUL RYAN, Wisconsin
XAVIER BECERRA, California           DEVIN NUNES, California
LLOYD DOGGETT, Texas
STEPHANIE TUBBS JONES, Ohio

Pursuant to clause 2(e)(4) of Rule XI of the Rules of the House, public 
hearing records of the Committee on Ways and Means are also, published 
in electronic form. The printed hearing record remains the official 
version. Because electronic submissions are used to prepare both 
printed and electronic versions of the hearing record, the process of 
converting between various electronic formats may introduce 
unintentional errors or omissions. Such occurrences are inherent in the 
current publication process and should diminish as the process is 
further refined.









                            C O N T E N T S

                               __________

                                                                   Page
Advisory of June 14, 2007, announcing the hearing................     2

                               WITNESSES

Hon. Charles E. Schumer, a Senator from New York.................     6
Hon. Ed Markey, a Representative in Congress from Massachusetts..    59
Hon. Joe Barton, a Representative in Congress from Texas.........    68

                                 ______

Hon. Patrick O'Carroll, Inspector General, Social Security 
  Administration.................................................    63
Joel Winston, Director, Division of Privacy and Information 
  Protection, Federal Trade Commission...........................    74
Dan Bertoni, Associate Director, Education, Workforce, and Income 
  Security, Government Accountability Office.....................    96

                                 ______

Justin Yurek, President, ID Watchdog, Denver, Colorado...........   118
Stuart Pratt, President, Consumer Data Industry Association......   123
James D. Gingerich, Director, Administrative Office of the 
  Courts, Supreme Court of Arkansas, on behalf of the Conference 
  of State Court Administrators, Williamsburg, Virginia..........   131
Annie I. Anton, Associate Professor of Software Engineering, 
  North Carolina State University, Raleigh, North Carolina, on 
  behalf of the Association for Computing Machinery..............   138
Marc Rotenberg, Executive Director, Electronic Privacy 
  Information Center.............................................   158
Gilbert T. Schwartz, Partner, Schwartz & Ballen LLP, on behalf of 
  the Financial Services Coordinating Council....................   169

                       SUBMISSIONS FOR THE RECORD

LexisNexis, letter...............................................   183
Bruce Hulme, Legislative Director, National Council of 
  Investigation and Security Services, statement.................   187
National Organization of Social Security Claimants' 
  Representatives, statement.....................................   188
Property Records Industry Association, statement.................   190

 
  PROTECTING THE PRIVACY OF THE SOCIAL SECURITY NUMBER FROM IDENTITY 
                                 THEFT

                              ----------                              


                        THURSDAY, JUNE 21, 2007

             U.S. House of Representatives,
                       Committee on Ways and Means,
                           Subcommittee on Social Security,
                                                    Washington, DC.
     [The advisory announcing of the hearing follows:]

ADVISORY

FROM THE 
COMMITTEE
 ON WAYS 
AND 
MEANS

  McNulty Announces a Hearing on Protecting the Privacy of the Social 
                  Security Number from Identity Theft

    June 21, 2007
    By (202) 225-9263

    Congressman Michael R. McNulty (D-NY), Chairman, Subcommittee on 
Social Security of the Committee on Ways and Means, today announced 
that the Subcommittee will hold a hearing to examine the role of Social 
Security numbers (SSNs) in identity theft and options to enhance their 
protection. The hearing will take place on Thursday, June 21, in room 
B-318 Rayburn House Office Building, beginning at 10 a.m.
      
    In view of the limited time available to hear witnesses, oral 
testimony at this hearing will be from invited witnesses only. However, 
any individual or organization not scheduled for an oral appearance may 
submit a written statement for consideration by the Subcommittee and 
for inclusion in the printed record of the hearing.
      

BACKGROUND

      
    As many as ten million Americans fall victim to identity theft 
every year. The effects of identity theft can be catastrophic to the 
lives of affected individuals. The reported costs are significant--
according to the Federal Trade Commission, businesses lose $50 billion 
and consumers expend another $5 billion annually to recover from 
identity theft. The SSN is a critical tool for identity thieves looking 
to establish a credit account in someone else's name. And it is often 
the key that identity thieves use to gain access to other personal 
information such as bank accounts.
      
    Because it is a unique piece of personal information that does not 
change over time, the SSN provides a convenient way to track 
individuals throughout public and private records. As a result, SSNs 
have become ubiquitous in these records, and they are being used for 
purposes far beyond their original role of tracking earnings in order 
to compute Social Security benefits. While the widespread use of SSNs 
can be advantageous to business and government, it is also useful for 
identity thieves and other criminals. Moreover, records containing the 
SSN are increasingly available in electronic form, and easily 
accessible over the Internet. Thus, the need for streamlined business 
processes and openness of public records must be balanced against the 
increasing risks of identity theft and other crimes.
      
    Despite its widespread usage, there is no Federal law that requires 
comprehensive confidentiality protection for the SSN. An SSN may be 
found on display to the general public on employee badges and in court 
documents, or offered for sale on the Internet. Some limited protection 
of SSN confidentiality is provided by the Fair Credit Reporting Act 
(P.L. 91-508) and the Gramm-Leach-Bliley Act (P.L. 106-102), which 
restrict the use and disclosure of SSNs by financial institutions. 
Also, many states have enacted legislation to restrict the use, 
disclosure or display of SSNs. Still most private sector use of the 
number remains unregulated.
      
    In the 108th Congress, the Committee on Ways and Means approved 
comprehensive legislation to enhance SSN privacy to protect against 
identity theft (H.R. 2971; H. Rept. 108-685). Among other provisions, 
the bill would restrict the use, sale, purchase or display of SSNs. 
Members of Congress concerned about the magnitude of identity theft and 
its devastating effects on victims have introduced similar legislation 
this year.
      
    In announcing the hearing, Chairman McNulty stated ``there is no 
question that we need stronger protections for Social Security numbers 
to combat the growing crime of identity theft. Identity theft can 
destroy an individual's or family's financial well-being with a touch 
of a button. We must begin to place some common-sense limits on the use 
of the SSN by government and business in order to ensure the privacy of 
the information and prevent theft.''
      

FOCUS OF THE HEARING:

      
    The Subcommittee will examine what role the SSN plays in identity 
theft, and the steps that can be taken to increase SSN privacy and 
thereby limit its availability to identity thieves and other criminals. 
The hearing will examine how SSNs are currently used, what risks to 
individuals and businesses arise from its widespread use and options to 
restrict its use in the public and private sectors.
      

DETAILS FOR SUBMISSION OF WRITTEN COMMENTS:

      
    Please Note: Any person(s) and/or organization(s) wishing to submit 
for the hearing record must follow the appropriate link on the hearing 
page of the Committee website and complete the informational forms. 
From the Committee homepage, http://democrats.waysandmeans.house.gov, 
select ``110th Congress'' from the menu entitled, ``Committee 
Hearings'' (http://democrats.waysandmeans.house.gov/
Hearings.asp?congress=18). Select the hearing for which you would like 
to submit, and click on the link entitled, ``Click here to provide a 
submission for the record.'' Once you have followed the online 
instructions, completing all informational forms and clicking 
``submit'' on the final page, an email will be sent to the address 
which you supply confirming your interest in providing a submission for 
the record. You MUST REPLY to the email and ATTACH your submission as a 
Word or WordPerfect document, in compliance with the formatting 
requirements listed below, by close of business Thursday, July, 5, 
2007. Finally, please note that due to the change in House mail policy, 
the U.S. Capitol Police will refuse sealed-package deliveries to all 
House Office Buildings. For questions, or if you encounter technical 
problems, please call (202)225-1721.
      

FORMATTING REQUIREMENTS:

      
    The Committee relies on electronic submissions for printing the 
official hearing record. As always, submissions will be included in the 
record according to the discretion of the Committee. The Committee will 
not alter the content of your submission, but we reserve the right to 
format it according to our guidelines. Any submission provided to the 
Committee by a witness, any supplementary materials submitted for the 
printed record, and any written comments in response to a request for 
written comments must conform to the guidelines listed below. Any 
submission or supplementary item not in compliance with these 
guidelines will not be printed, but will be maintained in the Committee 
files for review and use by the Committee.
      
    1. All submissions and supplementary materials must be provided in 
Word or WordPerfect format and MUST NOT exceed a total of 10 pages, 
including attachments. Witnesses and submitters are advised that the 
Committee relies on electronic submissions for printing the official 
hearing record.
      
    2. Copies of whole documents submitted as exhibit material will not 
be accepted for printing. Instead, exhibit material should be 
referenced and quoted or paraphrased. All exhibit material not meeting 
these specifications will be maintained in the Committee files for 
review and use by the Committee.
      
    3. All submissions must include a list of all clients, persons, 
and/or organizations on whose behalf the witness appears. A 
supplemental sheet must accompany each submission listing the name, 
company, address, telephone and fax numbers of each witness.

    Note: All Committee advisories and news releases are available on 
the World Wide Web at http://democrats.waysandmeans.house.gov.
      
    The Committee seeks to make its facilities accessible to persons 
with disabilities. If you are in need of special accommodations, please 
call 202-225-1721 or 202-226-3411 TTD/TTY in advance of the event (four 
business days notice is requested). Questions with regard to special 
accommodation needs in general (including availability of Committee 
materials in alternative formats) may be directed to the Committee as 
noted above.
                                 
    The Subcommittee met, pursuant to notice, at 10:00 a.m., in 
room B-318 Rayburn House Office Building, Hon. Michael R. 
McNulty (Chairman of the Subcommittee) presiding.
    Chairman MCNULTY. The hearing will come to order. I want to 
welcome all of our witnesses and all of our guests. You will 
notice on the list of witnesses that we have three Members of 
Congress scheduled to be here today, Senator Schumer, 
Congressman Markey and Congressman Barton. They are involved in 
markups today so we do not know exactly what time they will 
arrive, but as they arrive, we will ask the indulgence of the 
other witnesses to accommodate their statements so that they 
can come in, make their statement, if they have time, answer a 
couple of questions and then get back to their markup.
    Our hearing today will focus on the role that the Social 
Security number plays in the crime of identity theft and 
options to enhance the privacy and security of the Social 
Security number so that it is not as useful a tool for identity 
thieves.
    Stealing or obtaining Social Security numbers through 
illegitimate means is a key part of identity fraud. Our 
Subcommittee is deeply concerned about identity theft and how 
to better protect the Social Security number. In fact, this is 
the 16th hearing on this topic we have held in the past 7 
years. Identify theft is one of the fastest growing crimes in 
the United States. Research by the Federal Trade Commission 
suggests that almost 5 percent of the adult population of the 
United States, some 10 million people, were victims of some 
kind of identity theft in just a single 12-month period. 
Through its Web site and toll free hotline, the FTC receives 
between 15,000 and 20,000 contacts each week from those who 
have been victimized by identify thieves, as well as people 
seeking information about how to protect themselves from 
identity theft. Identity theft ruins individuals' good names 
and destroys their credit ratings. Identity thieves have stolen 
the homes of elderly retirees and have caused innocent persons 
to be arrested when crimes are committed under a falsified 
identity. It has even ruined the future credit ratings of young 
children.
    The FTC reports that individuals spend $5 billion a year 
attempting to recover their good names and credit histories. 
Annual surveys find that businesses lose more than $50 billion 
per year to identity theft-related fraud. Victims also spend 
years cleaning up the damage done by such thieves. In fact, we 
have learned that a victim who testified before this 
Subcommittee in the previous Congress, Nicole Robinson, still 
has not been able to correct her credit record. Even though she 
testified before Congress and our staff intervened with the 
credit bureaus, she continues to experience problems relating 
from the theft of her identity 7 years after her identity was 
first stolen.
    The Social Security Administration and its inspector 
general have worked diligently to increase the integrity and 
security of the Social Security number and the procedures used 
in issuing it. But SSA has essentially no control over how the 
Social Security number is used by other governmental agencies 
or the private sector.
    Today, we will hear about the problem of identity theft 
from Government agencies who have studied it and 
representatives of those who suffer from it. We will hear from 
businesses and Government agencies that use the Social Security 
and we will hear suggestions on how to better protect the 
Social Security number by limiting its use by Government and 
the private sector. I am committed to moving forward with 
legislation and of making it more difficult for thieves and 
other wrongdoers to obtain a Social Security number and use it 
to commit identity theft or other crimes. I welcome the 
testimony we will receive today that will help us better 
understand the nature of the problem and the potential 
solutions.
    I am now pleased to yield to the Ranking Member of the 
Committee, a distinguished veteran and one of my heroes in 
life, Mr. Johnson.
    Mr. JOHNSON. Thank you, Mr. Chairman. I appreciate Chairman 
McNulty for holding this hearing on protecting the privacy of 
Social Security numbers from identity theft. You know Americans 
are rightly worried about the security of their personal 
information, including their Social Security number. We hear 
reports on a daily basis about another data breach in the 
private or public sector where hundreds, if not thousands, of 
people's personal identity information is stolen.
    According to the Privacy Rights Clearinghouse, the total 
number of known records that have been compromised due to 
security breaches beginning in January 2005 through last week 
was over 155 million. The fact is that even though Social 
Security numbers were created to track earnings for determining 
eligibility and benefit amounts under Social Security, these 
numbers are widely used as personal identifiers.
    As we will hear today, Social Security numbers are vital to 
many commercial and Government transactions to verify identity 
and prevent fraud. Examples include enforcing child support, 
aiding law enforcement, compiling information from many sources 
to help ensure the accuracy of credit reports. Unfortunately, 
as pointed out by the GAO in testimony before this 
Subcommittee, Social Security numbers have become the 
identifier of choice and are used for everyday business 
transactions. In fact, in their April 2007 report, the 
President's Identity Theft Task Force identified the Social 
Security number as the most valuable commodity for an identity 
thief. So, it is no wonder that concerns about identity theft 
remain high.
    According to the Federal Trade Commission, identity theft 
is the number one consumer complaint, amounting to 36 percent 
of complaints received in 2006. Americans are right to be 
concerned. According to the latest data provided by the FTC, 
over a 1-year period, nearly 10 million, or about 5 percent of 
the adult population, discovered they were victims of identity 
theft. Even worse, the true number of victims in this 
devastating crime is unknown since most victims do not report 
it. Losses due to these thefts were estimated to exceed $50 
billion. Also, it has been reported that ID theft victims spend 
roughly 300 million hours a year trying to resolve the negative 
effects of ID theft, including re-establishing their hard-
earned good credit and clearing their good name. Even worse, 
identity theft continues to threaten our national security. As 
said in the 9/11 Commission Report, and this is a quote, 
``Fraud in identification documents is no longer just a problem 
of theft. At many entry points to vulnerable facilities, 
including gates for board aircraft, sources of identification 
are the last opportunity to ensure that people are who they say 
they are and to check whether or not they are terrorists.''
    Our Subcommittee has been working on a bipartisan basis to 
protect the privacy of Social Security numbers and prevent 
identity theft since the 106th Congress when it first approved 
the Social Security number Privacy and Identity Theft 
Prevention Act to restrict the sale and public display of 
Social Security numbers. This legislation was introduced on a 
bipartisan basis by then Subcommittee Chairman Clay Shaw and 
then Ranking Member, the late Bob Matsui. We know that 
providing for uses of Social Security numbers that benefit the 
public while protecting their privacy is a complex balancing 
act. However, I believe we must act and with your help, Mr. 
Chairman, we will act to stop rampant abuse of Social Security 
numbers, help prevent ID theft and further protect American 
privacy.
    I look forward to hearing from each of our witnesses and 
thank them in advance for sharing with us their experiences and 
recommendations. Thank you, sir.
    Chairman MCNULTY. I thank the Ranking Member. Other Members 
will be allowed to insert opening statements for the record. We 
are pleased at this time to be joined by Senator Schumer, who 
is involved in another markup, and we are going to go to him 
right away. He is the senior Senator from the State of New 
York. He has a long history on this subject of trying to 
protect our constituents across the country from identity 
theft. He is a dear friend of mine and before he leaves, I am 
going to give him a little editorial from one of the local 
newspapers in my district because when he was first elected to 
the Senate back in 1998, many people in upstate New York were 
wondering how much they would see of the new Senator, and he 
made a pledge that he would visit each of the 62 counties in 
the State of New York every single year that he was in office. 
The editorial from the newspaper cites the fact that you have 
kept that pledge every single year that you have served in the 
Senate. Thank you for going over and visiting my friend John 
Redcliffe and the farmers over there, they deeply appreciate 
it.
    Senator Schumer.

STATEMENT OF CHARLES E. SCHUMER, A U.S. SENATOR FROM THE STATE 
                          OF NEW YORK

    Senator SCHUMER. Well, thank you, Mr. Chairman. I very much 
appreciate the introduction. I am so glad to be here for a 
whole lot of reasons. First, it is great to call you ``Mr. 
Chairman,'' my good friend Mike McNulty, who does such a 
wonderful job both in the capital region and down here. Second, 
for the 18 years in the House, or at least the first 9 and 10, 
I really wanted to be on this Committee, and I never got on so 
I am glad to get here at least on this side of the table. I am 
now on Senate Finance. Things work a little faster in the 
Senate in terms of seniority.
    I thought I might just tell a quick story in reference to 
the Chairman's mention. It is true I visit every county every 
year, so I am pretty diligent. I go to the little counties and 
big counties. In 2004, when I ran for re-election, I carried 61 
of the 62 counties. I did not carry one, Hamilton County, not 
that far from where you are. Hamilton is a beautiful county. It 
is as large as Rhode Island. It is in the middle of 
Adirondacks, great forests and rivers and mountains, great 
hunting, great fishing, but it is our smallest county 
population-wise. It has a little bit fewer than 5,000 people. I 
had visited it six times since re-election, which was a lot. I 
asked my chief of staff, ``Why do you think I lost Hamilton 
County,'' Martin Brennan. Martin Brennan said, ``It is easy, 
Chuck, it is the only county where you actually met every 
single voter.''
    Anyway, it is good to be here. I want to thank all of my 
friends, so many of whom I served with in the House, and my 
friend, Eddy Markey, who was senior to me then and senior to me 
now, and I thank you for your leadership on this issue, Mr. 
Chairman. Let me thank Congressman Rangel, our colleague from 
New York as well.
    We all know when it comes to identity theft, the Social 
Security number is the golden key that opens all doors. If you 
can get a person's Social Security number, you can impersonate 
him, steal his money, ruin his credit and literally devastate 
his life. In my testimony, I am going to focus on one 
particular risk of identity theft and what Congress can do 
about it. I am pleased that today the GAO, the Government 
Accountability Office, prepared at my request a report which 
focuses on the insidious problem of Social Security numbers 
displayed online in public records, and that report is being 
release coincident with this hearing.
    Now, it used to be that when your tax lien or your divorce 
decree was filed as a public record, it sat in an office 
building. You had to go there in person to track down a record 
but in recent years, more and more Government agencies are 
putting public records on the Internet. In fact, the GAO found 
that in 40 out of 50 States, one or more offices are displaying 
people's public records right on the Internet. Anyone with a 
computer can now view these online records, often for free. The 
recordkeepers who put files online probably just want to 
provide more transparency and access to information and those 
are important values I think we all support, but we need to 
have public access in a way that does not expose people to 
identity theft.
    In the words of the GAO, these online records provide 
``potentially unlimited access'' to personal information, 
including Social Security numbers. It is not surprising that 
there are known cases where identity thieves use online public 
records to prey on their victims. Yet, the GAO reports that 
online display of public records is on the rise. We cannot let 
this practice continue unchecked. The report shows that online 
public records may be doing more harm than good. The world has 
changed but our laws are lagging far behind.
    Here is what we can do about it, Mr. Chairman, and I look 
forward to working with you and Chairman Rangel to try and 
accomplish some good changes here. First, we need to have 
uniform standards for protecting Social Security numbers by 
hiding either the first five digits or the last four digits. 
The good news is that Federal agencies have started hiding the 
first five digits of Social Security numbers in public record 
documents. The very bad news is that data brokers and other 
entities are going in the opposite direction and hiding the 
last four digits. So, it is a classic case of the Federal 
Government where one hand does not know what the other is 
doing. It makes it very easy to use public sources to get the 
whole nine numbers. It is sort of a little bit like an Abbott 
and Costello routine.
    You get the first five from the Social Security records--
you get the last four from the Social Security records, the 
first five from the others, the data brokers and others, and 
you sort of have straight flush for identity theft. It is like 
a slap stick routine, each group points the finger at the other 
but it is not a joke when ordinary citizens are paying the 
price. The GAO was able to piece together people's full nine 
digit numbers even though they were always hidden, one half or 
the second half, in just one hour from their desks. An identity 
thief could do this anywhere in the world. So, I am proposing 
legislation that would require the Social Security 
Administration to set standards, telling public agencies and 
private businesses what method of truncation to use so everyone 
will be protected. It is sort of a tragedy of errors, everyone 
is trying to help by masking part of the number but no one is 
paying attention to the big picture and that is where they need 
a Federal role.
    Congress should act now because the numbers of records 
involved are growing everyday, a little coordination in this 
area will go a long way toward stopping identity theft and it 
seems to me that this simple bill should pass by a wide margin. 
I do not know who would oppose it.
    Second, we need to make sure that state and local 
recordkeepers are never displaying full Social Security numbers 
on the Internet. I will be re-introducing my bill from the last 
Congress to ban these recordkeepers from showing complete 
numbers on the Internet. Again, I hope this bill can be passed 
quickly given the evidence of the report. The legislation is 
feasible and practical given the advanced technology we have 
today, like software to help find and hide Social Security 
numbers. County clerks and other public recordkeepers are 
public servants and they should be taking steps to protect 
people. They cannot say, ``Well, it is not my problem.''
    So, if recordkeepers want to put documents online, they 
should but they should hide all or part of the Social Security 
number that appears in those documents. Under this bill, the 
Department of Justice will be able to enforce the ban by 
imposing fines on any office that ignores the law. It will also 
help recordkeepers by authorizing grants to their offices if 
they want to redact Social Security numbers from the older 
records because that takes a job to go back and do it, and we 
do not think that the local taxpayer should have to foot the 
entire bill for that.
    Finally, the GAO reports that private businesses have been 
buying public records in bulk for years. We need to know more 
about this practice, and I have asked the GAO to investigate 
it. Currently, we have no idea how frequently our records are 
being sold or why or where they go. This report reveals there 
may be large sets of records that are overseas and that these 
Social Security numbers may be beyond the protections of 
American law. When the GAO reports back on their investigation, 
we should try to work together to close any loopholes. The 
buying and selling of our private information is not the kind 
of thing that should be happening in the dark of night without 
any oversight even from people who are 10,000 miles away.
    With the great power of today's technology, Mr. Chairman, 
in conclusion, comes a great responsibility to regulate that 
technology and avoid unintended harms. The measures I have 
mentioned today will address the risks uncovered in today's 
report, excellent report by the Government Accountability 
Office, great job, and I hope that my colleagues will join me 
in moving these measures forward to protect Americans from 
identity theft.
    In conclusion, finally, I want to thank the Subcommittee 
and your leadership, Mr. Chairman, and the Ranking Member, Mr. 
Johnson, so that we can--this is an important step, this 
hearing, on rising to the challenge of protecting our Social 
Security numbers. I very much thank you for allowing me to be 
here today.
    [The prepared statement of Senator Schumer follows:]
         Prepared Statement of the Honorable Charles E. Schumer
                        a Senator from New York
    Good morning, Chairman McNulty and Ranking Member Johnson. Thank 
you for inviting me to testify.
    I want to commend Subcommittee Chairman McNulty and Committee 
Chairman Rangel, my esteemed colleagues from the New York delegation, 
for holding this important hearing on protecting Social Security 
numbers.
    We all know that when it comes to identity theft, the Social 
Security number is the golden key that opens all doors. If you can get 
a person's Social Security number, you can impersonate him, steal his 
money, ruin his credit, and literally devastate his life.
    In my testimony, I'm going to focus on one particular risk of 
identity theft, and what Congress can do about it. I am pleased to 
announce today's release of a new report, prepared at my request by the 
Government Accountability Office, that focuses on the insidious problem 
of Social Security numbers displayed online in public records.
    It used to be that when your tax lien or your divorce decree was 
filed as a public record, it sat in an office building. You had to go 
there in person to track down a record. But in recent years, more and 
more government agencies are putting public records on the Internet.
    In fact, the GAO found that in 40 out of 50 states, one or more 
offices are displaying people's public records right on the Internet. 
Anyone with a computer can now view these online records, often for 
free.
    The record-keepers who put files online probably just want to 
provide more transparency and access to information, which are 
important values that I support.
    But we need to have public access in a way that doesn't expose 
people to identity theft.
    In the words of the GAO, these online records provide ``potentially 
unlimited access'' to personal information, including Social Security 
numbers.
    It's not surprising that there are known cases where identity 
thieves used online public records to prey on their victims.
    And yet the GAO reports that online display of public records is on 
the rise. We cannot let this practice continue unchecked.
    This report shows that online public records may be doing more harm 
than good. The world has changed, but our laws are lagging far behind.
    Here's what Congress can do about it, and I hope that my good 
colleagues here on the House side will lend their support to these 
measures.
    First, we need to have uniform standards for protecting Social 
Security numbers by hiding either the first five digits or the last 
four digits.
    The good news is that federal agencies have started hiding the 
first five digits of Social Security numbers in public record 
documents. The very bad news is that data brokers and other entities 
are going in the opposite direction of hiding the last four digits.
    This is a case of classic Federal Government where one hand doesn't 
know what the other is doing.
    This makes it very easy to use public sources to piece together a 
full nine-digit Social Security number that could be used for identity 
theft. The GAO was able to do this in just one hour, from their desks. 
An identity thief could do the exact same thing--from anywhere in the 
world.
    It's almost like a slapstick routine--each group is pointing the 
finger at the other. But it's not a joke when ordinary citizens are 
paying the price.
    That's why I am proposing new legislation that will require the 
Social Security Administration to set standards telling public agencies 
and private businesses exactly what method of truncation to use.
    It's a tragedy of errors--everyone is trying to help by masking 
part of the number, but no one is paying attention to the big picture. 
It's time for a federal role.
    Congress should act now, because the numbers of records involved 
are growing every day. Just a little coordination here will go a long 
way toward stopping identity theft, and it seems to me that this simple 
bill should pass by a wide margin.
    Second, we need to make sure that state and local record-keepers 
are never displaying full Social Security numbers on the Internet. I 
will be reintroducing my bill from the last Congress to ban these 
record-keepers from showing complete numbers on the Internet.
    I hope that my bill can be passed quickly, given the new evidence 
in this report. This legislation is both feasible and practical given 
the advanced technology we have today, like software to help find and 
hide Social Security numbers.
    County clerks and other record-keepers are public servants--they 
should be taking steps to protect people. If record-keepers want to put 
documents online, they are welcome to do so, but they should hide all 
or part of any Social Security number that appears in those documents.
    Under this bill, the Department of Justice will be able to enforce 
the ban by imposing fines on any office that ignores the law. My 
legislation will also help record-keepers by authorizing grants to 
offices that want to redact Social Security numbers from older records, 
but need more resources.
    Finally, the GAO reports that private businesses have been buying 
public records in bulk for years. We need to know more about this 
practice, and I have already asked the GAO to investigate it.
    Currently, we have no idea how frequently our records are being 
sold, or why, or where they go. This report reveals that there may be 
large sets of records that are overseas, and that these Social Security 
numbers may be beyond the protections of American law.
    When the GAO reports back on their investigation, the Congress 
should move quickly to close any loopholes. The buying and selling of 
our private information is not the kind of thing that should be 
happening in the dark of night, without any oversight.
    With the great power of today's technology comes a great 
responsibility to regulate that technology and to avoid unintended 
harms. The measures that I've highlighted will address the risks 
uncovered in today's report, and I hope that my colleagues will join me 
in moving these measures forward to protect Americans from identity 
theft.
    In closing, let me say that I appreciate the excellent work of the 
Government Accountability Office in preparing this study.
    Again, I thank the Subcommittee for recognizing that we must rise 
to the challenge of protecting our Social Security numbers, and thank 
you for having me here today.

                                 

    Chairman MCNULTY. Thank you very much, Senator Schumer. I 
know you are on the run but I just wanted to thank you for your 
testimony, to assure you that we will work together with you on 
legislation. I also want to thank you for a statement you made 
in another trip upstate recently about properly funding the 
Social Security agency so that we can start to cut back on this 
tremendous backlog that we have with regard to disability 
claims, which is not only a tremendous hardship on many of our 
constituents, it is a national embarrassment to every Member of 
Congress when someone comes in with a legitimate claim for a 
government benefit, and we tell them they have to wait a year 
and a half or 2 years before they even get an answer, so we 
really need to do something about that.
    I want to thank you for your commitment in that regard. On 
the House side, we have taken some steps in moving toward that. 
We have got $100 million over the President's request out of 
the Appropriations Committee, I asked for more than that but we 
got that far anyway. In recent years, the President's request 
has been under-funded, we are $100 million over. I am hoping 
that on the Senate side you can help us get to at least that 
number, or hopefully higher, so that we can begin to make a 
serious dent in this backlog. I do not know if you have time, 
do you have time to take a couple of questions? Then we will 
get immediately to Ed Markey after that. Does any Member wish 
to pose a question to the Senator? Yes, Lloyd?
    Mr. DOGGETT. Chuck, thanks so much for what you have been 
doing on this. Can you update us on where this legislation is 
in the Senate and how you think it is moving over there?
    Senator SCHUMER. I think it is moving very well. We are 
just going to update it because of the GAO report, particularly 
the first thing I mentioned, but it seems to have support. The 
one place where there was objection, the old or the local 
officials who used and put these things online, we have dealt 
with their objections, and I think the new legislation should 
have smooth sailing. Thank you, Lloyd.
    Chairman MCNULTY. I also want to ask unanimous consent that 
we insert into the record the new GAO report, which the Senator 
referenced in his testimony. Mr. Levin.
    [The provided material follows:]

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]




    Mr. LEVIN. Welcome.
    Senator SCHUMER. Glad to be here, Sandy.
    Mr. LEVIN. Both of you and everybody else. Just quickly, 
and I will ask the same of Ed Markey, what is the source of the 
hesitation or the resistance?
    Senator SCHUMER. The only resistance, it is a good 
question, was from the local officials who said, ``Look, we 
have an obligation to put it online, you do something about 
it.'' So, the fact that we are both mandating that in the 
future they treat things one way, that is not too hard for them 
to do. There is software that does that easily. For past 
records that are on display, which of course an identity thief 
anywhere in the world could go back to, we help give them some 
funding to cover those up because that is a little harder. You 
have got to go back in the records and re-enter them. I think 
now most of the opposition is gone.
    Mr. LEVIN. By the way, I am not sure, as I look around, if 
everybody is old enough to remember Abbott and Costello.
    Your reference to them--they are going into different 
doors.
    Senator SCHUMER. Right.
    Mr. LEVIN. But it sounds very much like these actions would 
be attributed to Abbott and Costello.
    Senator SCHUMER. I find with my staff, and I am blessed, I 
have a great, great staff, but most of them are half of my age 
and I mention all these cultural things, and they look at me 
like I am from another planet. Now, I know how it feels, how my 
parents felt when we mentioned things like the Beatles or Elvis 
Presley or something like that.
    Mr. LEVIN. Thank you.
    Chairman MCNULTY. Well, I think most of them have seen the 
clips of ``Who's on first.''
    [Laughter.]
    Chairman MCNULTY. If there are no further questions, I want 
to thank the senior Senator from New York.
    Senator SCHUMER. I thank you, Mr. Chairman, and all my 
colleagues. It is great to finally make it to the Committee on 
Ways and Means after all these years.
    [Laughter.]
    Chairman MCNULTY. Your staff has that editorial, Chuck.
    Senator SCHUMER. Great, thanks.
    Chairman MCNULTY. We would now like to go to our colleague 
from Massachusetts from Malden, Massachusetts, 7th District, 
the Honorable Ed Markey, who has been a real leader on this 
issue for a number of years.

STATEMENT OF HON. ED MARKEY, A REPRESENTATIVE IN CONGRESS FROM 
                   THE STATE OF MASSACHUSETTS

    Mr. MARKEY. Thank you, Mr. Chairman, very much and thank 
Mr. Johnson, and I thank each of you for inviting me here 
today. This is a very important issue. Mr. Barton of Texas and 
I have introduced legislation, the Social Security number 
Protection Act, in order to bring a halt to unregulated 
commerce in Social Security numbers. It does not establish an 
absolute prohibition on all commercial use of the number but it 
would make it a crime for a person to sell or purchase Social 
Security numbers in violation of rules promulgated the Federal 
Trade Commission. The Federal Trade Commission would be given 
the power to restrict the sale of Social Security numbers, 
determine appropriate exemptions, and to enforce civil 
compliance with the bill's restrictions.
    Why is this legislation necessary? Let me share with you 
just one story. Several years ago, a man named Liam Youens was 
stalking a 21-year-old New Hampshire named Amy Boyer. Youens 
reportedly purchased Amy Boyer's Social Security number from an 
Internet Web site for $45. Using this information, he was able 
to track her down, a process that he chillingly detailed on an 
Internet Web site that he named after his target. Finally, this 
demented stalker fatally shot Amy Boyer in front of the dental 
office where she worked. Afterward, he turned the gun on 
himself.
    The terrible tragedy of Amy Boyer's murder underscores the 
fact that while the Social Security number was originally 
intended to be used only for the purposes of collecting Social 
Security taxes and administering the program's benefit, it has 
over the years evolved into a ubiquitous national personal 
identification number, which is subject to misuse and abuse. 
The unregulated sale and purchase of these numbers is a 
significant factor in a growing range of illegal activities, 
including fraud, identity theft, stalkings and tragically even 
murders. If you do the simple Internet search in which you 
enter the words ``Social Security numbers,'' you will turn up 
links to dozens of Web sites that offer to provide you for a 
fee Social Security numbers for other citizens or to link up a 
Social Security number that you might have with a name, address 
and telephone number.
    Where are the data mining firms and private detection 
agencies obtaining these numbers? In all likelihood, they are 
accessing information from the databases of credit bureaus, 
financial service companies, data brokers or other commercial 
firms. Unfortunately, this has become a business. The privacy 
of all Americans has become a business. It becomes valuable 
information, all of these secrets about American families. 
While there is a purpose to which all of that information can 
be placed, it just should not be a commodity that can be used 
by anyone that feels that if they can combine enough of it, it 
becomes a product valuable to someone who wishes to purchase 
it.
    If someone actually obtains a Social Security number from 
one of these sites, they have a critically important piece of 
information that can be used to locate the individual, get 
access to information about the individual's personal finances 
or engage in a variety of illegal activities. By bringing to a 
halt, unregulated commerce in Social Security numbers, this 
bill, and what you are doing, Mr. Chairman, will help to reduce 
the incidence of pretext in crimes, identity thefts, and other 
frauds or crimes involving misuse of a person's Social Security 
number. We need to take action now if we are going to fully 
protect the public's right to privacy by preventing the sale of 
Social Security numbers.
    Under the legislation which Mr. Barton and I have 
introduced, the Federal Trade Commission would be given 
rulemaking authority to restrict the sale of Social Security 
numbers, determine appropriate exemptions and to enforce civil 
compliance with the bill's restrictions. On May 10th of this 
year, that legislation passed through the Energy and Commerce 
Committee. This, of course, is the other key Committee in terms 
of dealing with this issue, and you have to take action in a 
way that reflects your expertise on the whole issue of Social 
Security since that subject is here in the Committee on Ways 
and Means. But together we should find a way of affording real 
protection to American families on this legislation. Taking 
action now can help us to prevent further Amy Boyer's from 
being victimized.
    But even at a lower level, this whole idea that all of our 
information is now out there for anyone to be able to crack is 
wrong. These data miners have no regard for the personal 
privacy of us as a society. We are reaching a point now, to be 
honest with you, where some kid today who is googling some 
sites right now, unless we figure out a way of ensuring that 
that information is destroyed, 15 or 18 years from now, some 
employer will be saying, ``Let's go back and find out what that 
kid was googling to get some insight into who they are.'' So 
all of this is becoming increasingly an important part of our 
society, to determine what kind of privacy we want to provide 
to American families. You are providing the leadership, Mr. 
Chairman, I thank you for that.
    [The prepared statement of Mr. Markey follows:]
             Prepared Statement of the Honorable Ed Markey
      a Representative in Congress from the State of Massachusetts
    Mr. Chairman, thank you for inviting me to testify at today's 
hearing.
    The Gentleman from Texas (Mr. Barton), and I have introduced H.R. 
948, the``Social Security Number Protection Act,'' in order to bring a 
halt to unregulated commerce in Social Security numbers. It does not 
establish an absolute prohibition on all commercial use of the number, 
but it would make it crime for a person to sell or purchase Social 
Security numbers in violation of rules promulgated by the FTC. The FTC 
would be given the power to restrict the sale of Social Security 
numbers, determine appropriate exemptions, and to enforce civil 
compliance with the bill's restrictions.
    Why is this legislation necessary? Let me share with you just one 
story. About six years ago, a man named Liam Youens was stalking a 21-
year old New Hampshire woman named Amy Boyer. Youens reportedly 
purchased Amy Boyer's Social Security number from an Internet Web site 
for $45. Using this information, he was able to track her down, a 
process that he chillingly detailed on an Internet Web site that he 
named after his target. Finally, this demented stalker fatally shot Amy 
Boyer in front of the dental office where she worked. Afterwards, he 
turned the gun on himself.
    The terrible tragedy of Amy Boyer's murder underscores the fact 
that while the Social Security number was originally intended to be 
used only for the purposes of collecting Social Security taxes and 
administering the program's benefits, it has over the years evolved 
into a ubiquitous national personal identification number which is 
subject to misuse and abuse. The unregulated sale and purchase of these 
numbers is a significant factor in a growing range of illegal 
activities, including fraud, identity theft, stalkings and tragically, 
even murders.
    If you do a simple Internet search in which you enter the words 
``Social Security numbers,'' you will turn up links to dozens of web 
sites that offer to provide you, for a fee, Social Security numbers for 
other citizens, or to link up a Social Security number that you might 
have with a name, address and telephone number. Where are the data-
mining firms and private detective agencies that offer these services 
obtaining these numbers? In all likelihood, they are accessing 
information from the databases of credit bureaus, financial services 
companies, data brokers, or other commercial firms.
    If someone actually obtains a Social Security number from one of 
these sites, they have a critically important piece of information that 
can be used to locate the individual, get access to information about 
the individual's personal finances, or engage in a variety of illegal 
activities. By bringing a halt to unregulated commerce in Social 
Security numbers, my amendment will help reduce the incidence of 
pretexting crimes, identity thefts and other frauds or crimes involving 
misuse of a person's Social Security number.
    We need to take this action now if we are going to fully protect 
the public's right to privacy by preventing sales of Social Security 
numbers. Under the Markey-Barton bill, the FTC would be given 
rulemaking authority to restrict the sale of Social Security numbers, 
determine appropriate exemptions, and to enforce civil compliance with 
the bill's restrictions. As you know, on May 10th of this year, the 
Energy and Commerce Committee approved this legislation. The Speaker 
has now referred the bill to the Ways and Means Committee until July 
20th, for consideration of such provisions that may fall within the 
Committee's jurisdiction. I would strongly urge the Committee to 
approve this bill, so that this Congress can put in place stronger 
protections to restrict the purchase and sale of Social Security 
numbers. Taking action now will help us prevent a recurrence of 
tragedies like the Amy Boyer case, as well as the much more frequent 
incidences of misuse of the Social Security number to perpetrate 
identity thefts.
    I look forward to working with you, Mr. Chairman, and with the 
Chairman of the full Committee, Mr Rangell, and Ranking Members McCrery 
and Johnson as the Committee moves forward to consider this important 
legislation.

                                 

    Chairman MCNULTY. Thank you, Mr. Markey. I want to thank 
you for your passionate activism on this issue for a long 
period of time. The part of your testimony I agree with the 
most is the time for talk should be over, and we should 
actually do something. I am in the process of putting together 
a proposal, which I am going to share with Mr. Johnson, 
hopefully get bipartisan support on this Committee, and then 
what I would like to do, Mr. Markey, is to talk to you and the 
gentleman from Ennis, Texas, Mr. Barton, and try to meld our 
proposals and get a united front and actually do something.
    Does anyone which to inquire of Mr. Markey? Yes, Ms. 
Schwartz?
    Ms. SCHWARTZ. Thank you. Good morning. Just a question, you 
leave the question of exemptions or possible appropriate use in 
your legislation rather open, basically to be set later. I 
understand that is a little bit of a difference between your 
legislation and Senator Schumer's, is that correct? So, just to 
inquire about whether you think there are any appropriate uses 
that we ought to articulate in legislation and are you open to 
that?
    Mr. MARKEY. Yes, well, what Senator Schumer I think was 
referring to is the fact that, for example, in the financial 
services industry, we have to find a way where they can use 
some of these identifiers so you can use the first five or the 
last four or some combination and so that there is some use 
that it can be placed but it doesn't unlock the whole key to 
who the individual is. We are actually working together on that 
for the financial services industry and others but only that a 
part of it is available, that the entire number is not made 
available unnecessarily because it is not necessary in order to 
provide an identification. All of us when we go down, and we 
punch in our little code when we are trying to take money out 
of the ATM machine, we only need four numbers, we do not need a 
nine number code. So, there is a way of doing it that can still 
protect the number.
    Ms. SCHWARTZ. Okay, and I think this question has somewhat 
been asked, I am somewhat new to this Committee but I 
understand there have been quite a few hearings on this and it 
feels like this is an issue that has been around, and we just 
have not taken action on. As you move forward as we do, as the 
Chairman does, it certainly seems that it is time for us to do 
something about it, to reach some understanding and agreement 
about this and provide some of this protection. All of us are 
asked for Social Security numbers all the time. We had an 
interesting hearing actually, the full Committee, just about 
people being appropriately afraid to share their Social 
Security number because of such failure to protect it once you 
give it out. So, I look forward to working with you and, of 
course, working with the Senate as well to actually move this 
along. Thank you.
    Chairman MCNULTY. Does anyone else wish to inquire? Mr. 
Markey, thank you very much for your testimony. We look forward 
to working with you on actually enacting some legislation.
    Mr. MARKEY. Thank you, Mr. Chairman, and I thank all of you 
very much.
    Chairman MCNULTY. We will now go to panel number two. Mr. 
Barton is on his way. When he gets here, because he is in 
another markup, we will accommodate him as well. Panel number 
two consists of The Honorable Patrick O'Carroll, inspector 
general of the Social Security Administration; Joel Winston, 
associate director, the Division of Privacy and Information 
Protection of the Federal Trade Commission; and Dan Bertoni, 
the director of Education, Work force, and Income Security of 
the GAO.
    I want to thank all of you for being here today. Your 
entire testimony will appear in the record. We ask you to 
summarize it in about 5 minutes so that we can have some time 
for some questions by the panel Members. If you could just keep 
your eye on the little indicator there, when the green light 
goes off and the amber light goes on, it is time to kind of 
wrap up. When the red light goes on, we would appreciate if you 
would try to conclude so we can get some questions in and also 
have time to get to the third panel.
    We will start with the inspector general.

STATEMENT OF HON. PATRICK O'CARROLL, INSPECTOR GENERAL, SOCIAL 
                    SECURITY ADMINISTRATION

    Mr. O'CARROLL. Good morning, Chairman McNulty. Good 
morning, Mr. Johnson and Members of the Subcommittee. I want to 
thank you for your interest in protecting the Social Security 
number and for your interest in the work of the Office of the 
Inspector General. It is a pleasure to be here today to discuss 
this issue, which is at the heart of my office's mission: 
protecting the Social Security number. I suggest that in order 
to do so the time has come to strike an appropriate balance 
between convenience and security. You have my comprehensive 
written statement, and now I want to discuss some of its 
highlights.
    Over the past decade, we have worked in partnership with 
the Social Security Administration and with this Subcommittee 
to bring about improvements in the process by which SSA issues 
Social Security numbers, new SSN cards and replacement cards. 
However, we believe the greatest vulnerability is the theft of 
the number. I assure you that it is harder than ever to obtain 
a SSN or a Social Security card based on fraudulent information 
or false pretense. Unfortunately, we cannot report the same 
degree of progress in protecting the SSN once it legitimately 
leaves SSA. Our audit and investigative work has taught us that 
the more SSNs are used unnecessarily, the higher the 
probability that they might become improperly disclosed and 
then used to commit crimes. We have highlight vulnerabilities 
and have suggested ways SSA can try to persuade organizations 
to limit their use of the number and better protect sensitive 
data.
    However, legislation may be required to compel these 
organizations to forego the convenience the SSN represents. One 
of our most expansive reviews involved Federal agencies' 
controls over the access and use of SSNs by external entities. 
Recently, 15 Federal offices of inspectors general joined us 
with this review. We provided a comprehensive report with 
recommendations to improve the security the SSN at the Federal 
Government level. While we believe our work brought about 
improvements, recent OMB guidance makes it clear that the use 
of the SSN in Federal agencies will have to be further 
curtailed and security measures further improved.
    Of course, the Federal Government is not the only 
repository of SSN information. Schools, hospitals, businesses 
and state and local governments request SSNs for a variety of 
purposes, very few of which are actually required by law. Many 
of these entities use the SSN simply as a matter of convenience 
and do not provide adequate controls to protect the data. For 
example, our auditors have studied by universities' and 
hospitals' use of the SSN. While these institutions may have a 
legitimate use for the number with respect to certain 
functions, we found that once collected, the number was used 
for other purposes and was not always given the level of 
protection it deserves.
    In response to our audits, SSA's outreach efforts and their 
own experiences with data loss, many universities are now 
moving away from the SSN as a student identifier. In an audit 
currently underway, we are disturbed to learn though that 43 
states still collect Social Security numbers for students in 
kindergarten through 12th grade despite the fact that only 
three of these states have laws that require it. Some of these 
schools and school districts still print the student's SSN on 
their attendance rosters, making it clear that they are placing 
convenience ahead of security. It may be the time for 
legislation barring the use of the SSN for all those but uses 
required by law.
    Our Social Security Number Integrity Protection Team 
encouraged banning the display of SSNs on driver's licenses, 
and this is one example of legislation enacted as part of the 
Intelligence Reform and Terrorism Prevention Act of 2004 that 
we believe has made a significant difference in SSN integrity. 
We frequently remind people do not carry your Social Security 
card in your wallet, so having the SSN on their driver's 
license undermine these efforts. In the same vein, consider the 
wisdom of SSNs displayed on the Medicare card or other forms of 
identification. So, the IRTPA provided a degree of assistance 
but more is needed.
    H.R. 745, introduced in the last Congress, and Senate bill 
238, which was just discussed in the current Congress, each 
seek to address the display of SSNs and the sale of SSNs by 
information brokers, practices not currently prohibited by law. 
H.R. 948 would also prohibit the sale of SSNs under many 
circumstances, which would help reduce the largely unfettered 
trafficking in SSNs that are being done by information brokers.
    Legislative action to limit the sale and display of SSNs is 
critical to the security of the SSN, and I applaud these 
efforts just as I applaud the Subcommittee's commitment to 
improving the integrity of the SSN protection for all. In 
summary, far from its original intent, the SSN has become a 
convenient tracking number, whose proliferation has 
significantly detrimental consequences. We cannot allow the 
public security to be jeopardized over a matter of convenience.
    Thank you.
    [The prepared statement of Mr. O'Carroll follows:]
         Prepared Statement of the Honorable Patrick O'Carroll,
           Inspector General, Social Security Administration
    Good morning, Chairman McNulty, Mr. Johnson, and members of the 
Subcommittee. Thank you for the invitation to be here today to discuss 
the Social Security number (SSN) and how we can better protect it and 
the American people.
    The Office of the Inspector General (OIG) at the Social Security 
Administration (SSA) came into being in 1995, with the implementation 
of the Social Security Independence and Program Improvements Act of 
1994. As a new entity charged with preventing and detecting fraud, 
waste, and abuse in SSA's programs and operations, we were well aware 
of the central role that the SSN played in American society, and the 
critical need for us to protect its integrity. With SSA, we have made 
significant strides towards that end since our early days. However, we 
are keenly aware that much more needs to be done. Today, I will provide 
you a brief history of our audit and investigative efforts, which have 
played an important role in strengthening SSN integrity--especially in 
the way these important numbers are assigned. But, more importantly, I 
will provide you with perspective on areas in which action is still 
needed--perhaps through additional legislation--to better protect SSNs 
from unnecessary collection and improper disclosure. I believe the 
American people expect and deserve our attention to address this vital 
matter.
    Well before 9/11, and even before identity theft became as 
significant an issue as it is today, we knew we had much work to do to 
strengthen SSN integrity. We were especially aware of the broad uses of 
SSNs throughout U.S. society and their importance to noncitizens while 
they are in the U.S. We also recognized that SSNs are the cornerstone 
of SSA's programs and, therefore, before we could turn too much of our 
attention outward--to the use and misuse of SSNs--we first needed to 
make sure that everything was in order within SSA. As a result, much of 
our early SSN work was in the area of enumeration--the process by which 
SSA assigns SSNs. If SSA's enumeration processes were not sound, no 
amount of improvement to the use and security of the SSN after it was 
issued would be of much value.
    Since 1999, when we issued a Management Advisory Report emphasizing 
the importance of proper SSN assignment and use, we have worked closely 
with SSA to improve controls in the enumeration process. Based on our 
recommendations, collaborative efforts and new legislative 
requirements, SSA has improved the enumeration at birth and enumeration 
at entry programs, heightened the awareness of SSA employees to 
fraudulent identification documents presented with applications for 
SSNs, tightened controls over the issuance of replacement Social 
Security cards, and otherwise made it much more difficult to obtain a 
valid SSN through the use of a fraudulent application.
    During this period, my predecessors testified before this 
Subcommittee and other Committees and Subcommittees of both houses of 
Congress on SSN-related issues many times, presenting the results of 
our work, responding to requests from Members, proposing legislation, 
and seeking ways to further improve SSN integrity.
    The September 11 attacks underscored the need to continue those 
efforts, but with respect to SSNs, did not teach us anything we did not 
already know about the critical role of the SSN in our society. In the 
months following 9/11, we worked with the FBI and other law enforcement 
agencies to provide critical information, and began a series of SSN-
based Homeland Security initiatives. These projects sought to ensure, 
through review of SSNs and other information, that individuals with 
access to critical infrastructure sites such as airports, seaports, 
nuclear power plants, and similar locations, were who they claimed to 
be, and not imposters who would do us harm.
    Even while working on Homeland Security matters, our investigators 
continued their day-to-day work on individual SSN misuse cases, 
bringing to justice scam artists, identity thieves, counterfeit 
document artists, and other criminals whose tool of the trade was the 
purloined SSN. On an annual basis, we receive about 10,000 allegations 
of SSN misuse a year, and investigate approximately 1,500 criminal 
cases of misuse. After years of increases, these numbers have now held 
steady for several years, indicating that not only our investigative 
work, but also our audit work, is having a significant impact.
    Having completed numerous audits that helped SSA strengthen its 
enumeration processes, in more recent years our auditors have begun to 
address the far more challenging issue of SSN misuse. While SSA can 
implement controls to prevent the improper assignment of SSNs, it has 
very few mechanisms to curb the improper--or simply the unnecessary--
use of an SSN. Our audit and investigative experiences have taught us 
that the more SSNs are used unnecessarily, the higher the probability 
that these numbers could be improperly disclosed and used to commit 
crimes throughout society. We read about these occurrences in the 
newspaper every day, but we've yet to develop meaningful ways to stem 
the tide.
    As I'll discuss in a moment, our recent audit work has highlighted 
vulnerabilities and suggested some ways in which SSA can try to 
persuade organizations that use SSNs to limit this use and better 
protect this sensitive information. To some extent, these efforts, 
along with the users' own experiences with improper disclosures, have 
convinced some organizations to do as we and SSA have suggested. 
However, because it is such a convenient and unique number, and change 
may be costly, others appear to discount the risk and continue on with 
business as usual. To convince these parties, we believe SSA needs more 
help. Specifically, we believe the time has come to consider 
legislation limiting the collection and use of SSNs to those purposes 
mandated by Federal law, or otherwise reducing the use of SSNs as 
convenient identifiers.
    In 2002, the Federal inspector general community joined with us to 
look more closely at one high-risk issue regarding SSNs: agencies' 
controls over access, disclosure, and use of SSNs by external entities, 
such as contractors, within their respective agencies. A total of 15 
Offices of Inspector General participated in this effort, each 
conducting an audit within their respective Agencies. We combined our 
results and provided a comprehensive report, which included 
recommendations to improve the security of the SSN at the Federal 
Government level.While we believe that our work, and the work of our 
fellow inspectors general, brought about improvements in SSN security 
and heightened awareness of the issue, there is more to be done. Recent 
OMB guidance makes it clear that at least at the Federal level, uses of 
the SSN must be curtailed, and security measures enhanced. We will 
continue to monitor the Federal sector's progress in accomplishing this 
mandate.
    Of course, the Federal Government is not the only source of SSN 
information. As I'm sure you're aware, schools, businesses, and State 
and local governments request SSNs for a multitude of purposes--very 
few of which are required by law. Rather, many of these organizations 
use the SSN as an identifier simply because it is convenient. For 
example, our auditors have looked at the use of SSNs by universities 
and hospitals as student and patient identifiers, respectively. While 
both of these types of organizations may have had some reason for 
collecting SSNs, such as financial aid or Medicare coverage, we found 
that once collected, the number was used too frequently for other 
purposes and not always given the level of protection necessary.
    In response to our audits, SSA outreach, and their own experiences 
with data exposures, many universities are moving away from using SSNs 
as student identifiers. However, in an audit currently underway, we 
were disturbed to learn that 43 States collect the SSNs of students in 
kindergarten through 12th (K-12) grade. In only three of these States 
is the collection of these numbers required by law. The No Child Left 
Behind Act of 2001 requires that each State implement an accountability 
program that measures the progress of students and schools through the 
collection and analysis of data. However, the law does not require that 
States use SSNs to identify and track students. Rather, we believe that 
some K-12 schools use SSNs as a matter of convenience. For example, 
while we did not perform a statistical sample, we know of some schools 
and districts that still print the students' SSNs on attendance 
rosters. We would suggest that the security of individuals' personal 
information--in this instance, the personal information of children--
not take a back seat to administrative convenience. For the 2004/2005 
school year, the National Education Association estimated that there 
were more than 48 million K-12 students in over 15,000 school districts 
across the country. We believe that the collection and use of SSNs 
without proper controls is a huge vulnerability for this young 
population. Recent data indicate the number of children under age 18 
whose identities have been stolen is growing. This is particularly 
troubling given that some of these individuals may not become aware of 
such activity until they apply for a credit card or student loan.
    We also found that State and local governments use the SSN as an 
identifier for other programs, such as prescription drug monitoring, 
when other identifiers such as drivers license numbers might be more 
appropriate. Additionally, these entities don't always provide 
sufficient protection of this data.
    We even conducted an audit that looked at the access prisoners are 
sometimes given to SSNs while doing work in prison on State records or 
other documents containing SSNs and other personal information. The 
possibility of giving a convicted identity thief access to the tools of 
his or her trade while in prison is certainly alarming.
    I'm proud of the work that has been done, and continues to be done, 
by both our Office of Audit and our Office of Investigations, but our 
focus on SSN integrity does not stop there. Several years ago, in order 
to keep track of our many-faceted effort to protect the SSN, we formed 
the Social Security Number Integrity Protection Team, or SSNIPT. That 
group, comprised of attorneys, auditors, and investigators, has had its 
own quiet--but important--successes. It was in part the efforts of the 
SSNIPT team that led to the eradication of the display of SSNs on 
Selective Service mailings and the Thrift Savings Plan website--two 
practices in which the Federal Government was itself putting the SSN at 
risk. The team has also worked to propose legislation, which was 
ultimately enacted as part of the Intelligence Reform and Terrorism 
Prevention Act of 2004 (IRTPA), to eliminate the practice of displaying 
SSNs on drivers licenses. All of our exhortations over the years aimed 
at getting Americans to stop carrying their Social Security cards in 
their wallets would be of little value if the one document they were 
required to carry also displayed their SSN.
    The OIG will not waver in our commitment to protect the integrity 
of the Social Security number through our timely audit, investigative, 
and other work, and we welcome Congress' help. Legislation has been, 
and will always be, a key factor in our ability to protect the SSN and 
protect the American people. Legislation has, to some degree, improved 
enforcement mechanisms in this area (the Identity Theft Penalty 
Enhancement Act), but legislation that would limit the display of SSNs 
on public documents or eliminate the sale of SSNs by information 
brokers has not yet been passed, with the exception of the IRTPA 
provision concerning drivers' licenses. Similarly, no law has been 
passed to address the unnecessary collection of SSNs by schools, 
hospitals, or other entities that use this number as a matter of 
convenience but fail to adequately protect this personal information.
    There are, however, a number of bills that have been introduced. In 
the last Congress, H.R. 1745, as well as the current Congress' S. 238, 
each seek to address both the display and the sale of SSNs, and H.R. 
948, while silent on the display of SSNs, would also prohibit their 
sale under many circumstances. Any legislative provisions that reduce 
the display of SSNs or limit or eliminate trafficking in SSNs by 
information brokers and others would be of great help to our efforts.
    It is important, however, not only to stop intentional criminal 
behavior, but to place an onus on those who use the SSN--either because 
they are required to do so by law, or because the SSN is a convenient 
identifier--to protect the information they are holding.
    Consider an investigation we recently concluded in which several 
people were convicted of SSN misuse on a large scale. The primary 
subject of the investigation was a manufacturer of fraudulent 
identification documents that he created using real names and SSNs that 
his co-conspirators obtained. The documents were then used to defraud 
banks, businesses, and individuals out of more than half a million 
dollars. The names, SSNs, and other data were stolen from banks and 
from a hospital where security measures were obviously inadequate to 
prevent or detect the theft.
    This individual and his co-conspirators are being criminally 
prosecuted, but criminal prosecution is not always an option. One 
proposal we have made in the past is that the OIG's Civil Monetary 
Penalty authority be extended to include SSN misuse. Providing the 
authority to penalize those who misuse SSNs but are not criminally 
prosecuted, or to penalize institutions that collect, but fail to 
protect, SSNs could create a strong deterrent and an effective tool.
    The OIG has proven its ability to administer such a program through 
its administration of the existing provisions of Sections 1129 and 1140 
of the Social Security Act--and we are prepared to take on this new 
challenge.
    Indeed, we are faced with new challenges on a daily basis, as we 
constantly find new ways to close gaps in the SSN's protection. We are 
currently examining the practice of assigning SSNs to noncitizens who 
will only be in the United States for a few months--but are allowed to 
obtain an SSN that will be good forever. Consider, for example, the 
practice of allowing noncitizens who enter the country with a fiance 
visa to obtain an SSN. While deciding whether they will marry, these 
noncitizens are allowed to stay in the United States for 3 months--
after which time they must marry, leave the country or apply for a new 
immigration status with DHS. By approving their request for an SSN 
during this 3-month period, we might be giving those who have no 
intentions to marry a much-needed tool for overstaying their visas. We 
believe a wiser course of action would be to approve the SSN 
application after the marriage has occurred, but we may need a 
legislative remedy to implement such a policy. Additional opportunities 
exist to restrict SSN access to other populations that might take 
advantage of similar programs.
    We've also just undertaken an audit concerning the display of the 
SSN on Medicare cards, a document that many Americans carry in their 
wallets. I mentioned earlier our attempts to remove the SSN from 
drivers' licenses; while the use of the SSN in the Medicare program may 
be necessary, the display of the SSN on the card is something we'll be 
taking a critical look at.
    As we have stated before this Subcommittee on many occasions, the 
SSN was never intended to do more than track a worker's earnings and 
pay that worker benefits. As the uses of the SSN have expanded over the 
decades, through acts of Congress and through the SSN's adoption simply 
as a matter of convenience, its value has increased as a tool for 
criminals. The Social Security card itself, which states on its face 
that it is not to be used for identification, is frequently cited as 
needing improvement. But spending billions of dollars to try and stay 
one step ahead of counterfeiters is not the answer. The answer lies in 
doing everything we can to ensure the integrity of the enumeration 
process; limit the collection, use, and public display of the SSN; 
encourage the protection of the SSN by those who use it legitimately; 
and provide meaningful sanctions for those who fail to protect it or 
who misuse it themselves.
    We will continue our audit work in these areas, such as the fiance 
visa audit I just mentioned. We will continue our investigations, such 
as those I've described today. We will continue working to ensure 
Homeland Security, as reflected in the role we played in the recent 
arrests of terrorists planning an attack on Fort Dix. We will continue 
to seek the prosecution of employers or others who knowingly provide 
false SSNs to employees otherwise not authorized to work in the United 
States, as we did just last week in the Pacific Northwest, where a 
staffing agency was allegedly providing illegal workers with fraudulent 
SSNs. And we will continue to work with SSA and with this Subcommittee 
in hearings such as this, and in seeking legislation to make our 
efforts still more effective.
    Thank you, and I'd be happy to answer any questions.

                                 

    Chairman MCNULTY. Thank you, Mr. O'Carroll. In accordance 
with my previous announcement, we want to accommodate 
Congressman Barton, who is in another markup. I want to thank 
you, Joe, for making the time to come over and at this time, I 
would like to recognize the gentleman from Ennis, Texas, 
Congressman Barton. His entire testimony will appear in the 
record, and we now invite him to summarize his testimony.

STATEMENT OF HON. JOE BARTON, A REPRESENTATIVE IN CONGRESS FROM 
                       THE STATE OF TEXAS

    Mr. BARTON. Thank you, Chairman McNulty. I apologize for my 
tardiness. We do have a full Committee markup upstairs on nine 
bills to reauthorize and approve the Food and Drug 
Administration. I did not know Ways and Means had a hearing 
room in the Rayburn Building. I headed out to the Longworth 
Building, and I had to be turned around and brought back here, 
but this is pretty nice. We can make a trade or something. I 
also thank Ranking Member Johnson for his many courtesies over 
the years.
    ----I want to thank this Subcommittee for holding this 
important hearing on the vulnerability of the Social Security 
number and how we should protect our Social Security number. 
Twenty years ago, nobody gave a second thought to showing a 
Social Security number on a driver's license. Now times have 
changed. In the Internet age, the Social Security is the key to 
our personal, medical and financial history. If we do not 
protect it, other people can unlock our lives and steal both 
our money, our reputations and sometimes our identities. The 
thought of a universal identifier, like the Social Security 
number, falling into the hands of an identity thief strikes a 
chord of fear in every consumer in this country, as it well 
should.
    The Federal Government is partly to blame for allowing 
Social Security numbers to morph into something so crucial. 
When Social Security was being invented, they needed a way to 
uniquely identify every participant. Since 1936, the government 
has issued roughly 420 million Social Security numbers. No one 
then imagined the ubiquitousness and the critical role that 
these numbers would assume because records were on paper, 
credit was a luxury for the elite, and identity theft was 
literally something out of science fiction. Unfortunately, a 
Social Security number now can be used to wreck a person's 
finances. Our Social Security numbers are everywhere. They are 
vulnerable to abuse and the government largely has failed to do 
anything about it.
    Last year, I applied for a cell phone at Radio Shack. I had 
to give my Social Security number to three different people in 
the course of getting that cell phone within a 30 minute 
period. That is simply unacceptable in my opinion.
    Technology is part of the problem and fortunately 
technology is beginning to offer solutions. Businesses which 
use Social Security numbers as commercial identifiers can often 
authenticate customers effectively and in a flash with other 
identifiers. Moreover, there are numerous situations in which 
no benefit exists for the business to require a Social Security 
number at all. I think some of them simply do it out of habit. 
Once a business does have your Social Security number, can they 
share it? Can they sell it? For that matter, can a business buy 
your Social Security number from another business? None of that 
to me seems like a very good idea, and I hope this Subcommittee 
would agree with that. These are important questions and the 
answers are even more important.
    Erasing the link between our Social Security number and our 
personal information I think and Congressman Markey thinks is 
the best idea. Lacking that, there are a few easy steps that 
each of us can take to cut the risk of our number falling into 
the wrong hands. H.R. 948, the Social Security Number 
Protection Act, is a good start. This bill accomplishes 
something so simple that it is hard to believe that it has not 
already been done. It makes the sale and purchase of our Social 
Security number illegal. Buying and selling people's Social 
Security numbers I think is intolerable in a modern society. 
Internet information brokers should not have the ability to 
sell information to anyone who walks in the front door and 
plunks down a few dollars. As additional protection, H.R. 948 
restricts the display of Social Security numbers online and 
prohibits requiring your number on any identification or 
Membership card.
    I am well aware of the benefits Social Security numbers 
provide in preventing fraud and protecting me from being a 
victim. Despite comments from the critics, the intent of H.R. 
948 does not affect legitimate uses of Social Security numbers. 
The Federal Trade Commission has given rulemaking authority to 
exempt honest purposes from the prohibitions that protect 
consumers.
    Mr. Chairman, Ranking Member, and Members of this 
Subcommittee, the Energy and Commerce Committee, on which I 
serve and Congressman Markey serves, voted unanimously to 
report H.R. 948 last month. That does not happen often on the 
Energy and Commerce Committee, let me tell you. Last night, we 
were up here until 11 o'clock and passed six bills, all on a 
party line vote, so an unanimous consent report of H.R. 948 is 
an accomplishment. I hope that your Committee will now take up 
either the bill that Mr. Markey and I are sponsoring or 
discharge it so that we can take this important step in 
protecting our consumers' identities and their privacy.
    With that, Mr. Chairman, and Members of the Subcommittee, I 
yield back.
    Chairman MCNULTY. Thank you, Mr. Barton, and thank you for 
your many years of work on this issue. I think most people have 
their own personal stories about being asked for their Social 
Security number. I have a similar one to yours. It was a retail 
purchase. My wife and I were out a few years ago, and we were 
buying a refrigerator. We made selection and filled out the 
paperwork, and I was paying by personal check. I know you have 
additional ID, so I had my driver's license, which is a picture 
ID, and the driver's license number, which is not the Social 
Security number, and I wrote that on the check and gave it to 
the cashier. She then asked me for my Social Security to buy a 
refrigerator. Now, the difference between you and me is I 
refused.
    Mr. BARTON. Good for you.
    Chairman MCNULTY. I still got the refrigerator, but how 
many people are in circumstances like that and they just freely 
give their Social Security number? So, I think before we even 
get to legislation, we have a tremendous job ahead of ourselves 
in educating people about the proper circumstances under which 
they should share their Social Security number. Thank you for 
that news about reporting the bill out of the Committee. Mr. 
Johnson reminded me that in the last Congress, we reported out 
a bill out of Committee on Ways and Means but for some reason 
or another, these bills never get enacted into law. I mentioned 
to your colleague, Ed Markey, and to Senator Schumer earlier 
that while everybody is grateful for what everyone has done in 
the past in focusing on this issue, now is the time we need to 
actually do something, to pass something and get enacted into 
law. I want to thank you for your continued commitment to see 
to it that that happens.
    Does any Member wish to inquire of Congressman Barton? Ms. 
Tubbs Jones?
    Ms. TUBBS JONES. Just an inquiry, Congressman Barton. I was 
reading a newspaper article from the Cleveland Plain Dealer, 
which is my hometown newspaper, and what happened in the state 
of Ohio was that an intern had a copy of a disk of a number of 
people who were receiving, I guess it was back-up checks and so 
it says that thousands of state workers rushed to sign up for 
identity fraud protection after learning their personal 
information was on a back-up computer tape stolen from an 
intern's car. There are all kinds of crazy things that happen 
that expose people's information to possible identity theft.
    For the record, Mr. Chairman, I seek unanimous consent to 
have two articles from the Plain Dealer entered into today's 
record.
    Chairman MCNULTY. Is there objection? The Chair hears none, 
so ordered.
    The first provided article follows:

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    The second provided article follows:


[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    Ms. TUBBS JONES. It ended up that the state decided that 
they would hire a company to provide identity theft protection 
for all these workers whose information had been lost in the 
process. But you think about it, this is a legitimate use of 
the Social Security number but being put in jeopardy as a 
result of some stupid activity, or maybe I should not say 
``stupid,'' someone not thinking about where they kept up with 
information on behalf of workers. Having coming from a criminal 
justice background, as a prosecutor, as a judge, sometimes I 
think we try and implement laws to protect a certain situation, 
it really may not be the criminal justice system that we need 
to implement but having to safeguard this place to make 
appropriate conduct for the use of information. I am like you, 
I have to call into the bank to get my information, I have to 
give them my full Social Security number to get the $2 that I 
have in the bank. But it is really kind of a crazy situation.
    Mr. BARTON. Can I borrow a dollar?
    Ms. TUBBS JONES. Can you borrow a dollar? Let's see, maybe 
I can help you out.
    Well, I want to thank you for the work that you are doing 
in this area and like to be supportive. Thank you, Mr. 
Chairman.
    Chairman MCNULTY. Does anyone else wish to inquire? If not, 
we wish to thank Congressman Barton. Thanks, Joe.
    Mr. BARTON. Thank you, Mr. Chairman.
    Chairman MCNULTY. That concludes the testimony of panel 
one. We will continue on panel two with Mr. Winston.

STATEMENT OF JOEL WINSTON, DIRECTOR OF PRIVACY AND INFORMATION 
              PROTECTION, FEDERAL TRADE COMMISSION

    Mr. WINSTON. Thank you, Chairman McNulty, Ranking Member 
Johnson, and Members of the Subcommittee. I am Joel Winston, 
associate director of the Division of Privacy and Identity 
Protection at the Federal Trade Commission. I appreciate the 
opportunity to testify today about Social Security numbers and 
identity theft.
    As we have heard, identity theft afflicts millions of 
Americans every year. One telling example illustrates the 
damage it can cause. A few months ago, a consumer from Los 
Angeles contacted the FTC Identity Theft Hotline. He reported 
that his employer had suffered a data breach in which the 
consumer's employee records, including his Social Security 
number, had been compromised. Soon thereafter, an identity 
thief opened five credit card accounts in the consumer's name, 
resulting in thousands of dollars of unauthorized charges. But 
the thief did not stop there, he also emptied the consumer's 
checking account of almost $2,000. In the first month or so 
after discovering the theft, this consumer spent hundreds of 
hours trying to repair the damage.
    The Social Security number is often the key item of 
information that an identity thief needs to commit his crime. 
It is therefore critical to make SSNs less accessible to 
identity thieves. At the same time, it is important to remember 
that SSNs serve legitimate and useful purposes in our economy, 
including their widespread use to match individuals to 
information about them. For that reason, any restrictions on 
SSNs should be carefully tailored to reduce disclosures or uses 
that are unnecessary without inadvertently eliminating or 
burdening those that are necessary.
    Although SSNs sometimes are used for legal compliance or 
essential business purposes, too often they are used simply as 
a matter of convenience or habit. For example, some 
organizations still use SSNs on employee badges or ID cards 
when a different and less sensitive identifier would work just 
as well.
    The President's Identity Theft Task Force, in its report 
issued this April, concluded that, ``More must be done to 
eliminate unnecessary uses of SSNs, both in the public sector 
and the private sector.'' The government has already begun to 
address its own SSN policies. This week, for example, the 
Office of Personnel Management issued guidance to all Federal 
agencies on limiting the collection and use of SSNs for human 
resource purposes. With respect to the private sector, the Task 
Force calls for a comprehensive review of SSN usage, and this 
review has already begun. We will be looking at the extent to 
which SSN uses are driven by business necessity and what the 
benefits and costs would be of restricting them.
    In the meantime, the Federal Trade Commission has taken, 
and is continuing to take aggressive action to address identity 
theft. The first priority is prevention, stopping thieves from 
obtaining SSNs or other sensitive information. Businesses must 
be vigilant in protecting sensitive data they collect from 
consumers. To re-enforce this message, the Commission has 
brought 14 law enforcement actions against businesses that fail 
to reasonably safeguard consumers' personal information.
    Consumers, too, must be more careful about guarding their 
information and so consumer education is a key part of our 
strategy. The Commission reaches out to the public in a variety 
of ways, including our identity theft Web site and hotline, and 
our highly successful multi-media national education campaign 
named, ``Deter, Detect, Defend.''
    But restrictions on SSN usage and disclosure and better 
data security are not enough. Some sensitive information 
inevitably will find its way to identity thieves. Therefore, we 
must make it more difficult for criminals to use SSNs once they 
obtain them. Creating better methods of authenticating 
consumers would further this goal.
    When a thief steals personal data, he can use it to open an 
account only if he can convince the account provider that he is 
the person whose data he stole. In April, the Commission hosted 
a workshop on authentication. We learned some encouraging new 
techniques to authenticate consumers that are being developed 
and deployed, and we discussed how the government and private 
sector can encourage their adoption.
    I would like to turn now briefly to the issue of 
legislation. As we have heard today, several bills have been 
introduced in Congress over the past few years that would 
restrict SSNs in various ways. Generally, these bills would 
prohibit the display, purchase, sale or use of SSNs, subject to 
several exceptions, such as for law enforcement, public health 
and credit reporting purposes. The Commission has not taken a 
formal position on these bills, but I believe that they have an 
appropriate objective: to eliminate gratuitous SSN transfers or 
use while recognizing that there are certain necessary and 
legitimate transfers or uses that should be permitted. The 
challenge is to draw the right line. As Mr. Johnson said, it is 
a complex balancing act.
    As I stated earlier, the Task Force is in the process of 
developing a comprehensive record on the factors that impact on 
where that line might be drawn. We support the idea that 
rulemaking authority be granted to the appropriate Federal 
agencies to implement and flesh out these exceptions, and I 
note that H.R. 948 gives that authority to the FTC.
    Identity theft is one of the most important consumer 
protection issues of our time and must be attacked at every 
angle. The Commission will continue to place a high priority on 
preventing this crime and helping victims to recover. We look 
forward to continuing our work with Congress in this effort, 
and I would be happy to answer any questions that you might 
have.
    The prepared statement of Mr. Winston follows:]
       Prepared Statement of Joel Winston, Director, Division of
      Privacy and Information Protection, Federal Trade Commission

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


    Chairman MCNULTY. Thank you, Mr. Winston.
    Mr. Bertoni.

  STATEMENT OF DAN BERTONI, EDUCATION, WORKFORCE, AND INCOME 
           SECURITY, GOVERNMENT ACCOUNTABILITY OFFICE

    Mr. BERTONI. Good morning, Mr. Chairman, and Members of the 
Subcommittee. I am pleased to be here to discuss ways to 
protect the Social Security number, which was originally 
created as a means to track worker earnings and administer 
retirement benefits. Over time, the SSN has evolved beyond its 
intended purpose, become the identifier of choice and is now 
used for myriad non-Social Security purposes. This is 
significant because a person's SSN, along with name and date of 
birth, are key pieces of information used to commit identity 
theft. Potential for misuse of the SSN has raised concerns 
about how the public and private entities are obtaining, using 
and protecting SSNs. My testimony today is based on our prior 
work, as well as the report issued today for Senator Schumer 
and will focus on describing SSN use in the public and private 
sector, as well as vulnerabilities that remain to protecting 
them.
    In summary, a number of Federal laws and regulations 
authorize or require agencies at all levels of government to 
collect SSNs to administer their programs. For example, the 
Debt Collection Act 1996 requires any individual doing business 
with the Federal Government or applying for a grant or service 
to furnish a valid SSN. Certain state and local government 
agencies also collect SSNs as part of their responsibility for 
maintaining public records. In a prior work, we reported that 
41 states and the District of Columbia display SSNs in public 
records, as well as 75 percent of all U.S. counties. SSNs were 
most often found in court and property records.
    As noted earlier, in our report issued today, we found that 
the Internal Revenue Service and the Department of Justice are 
the only Federal agencies commonly providing records containing 
SSNs to state and local recordkeepers. IRS and Justice provide 
thousands of property liens annually to recordkeepers in which 
they have traditionally included full SSNs for identity 
verification purposes.
    Historically, access to public records occurred by visiting 
local offices and search through electronic or paper records. 
However, today, more recordkeepers provide potentially 
unlimited access to sensitive information through bulk sales to 
private companies and to the public via the Internet.
    Some states, however, have begun to restrict how they 
display or provide access to SSNs in such records. For example, 
Florida counties we recently visited are currently using 
special software to search for and remove millions of SSNs and 
other sensitive information from their records.
    In the private sector, information re-sellers, credit 
bureau reporting agencies and health care organizations collect 
SSNs from various sources and use this information primarily 
for identification verification purposes. Large information re-
sellers obtain SSNs from various public records, such as 
bankruptcy notices, tax liens, civil judgments and property 
transactions. In addition to their own direct use of SSNs, 
entities such as banks, securities firms, telecommunications 
firms and tax preparers also share this information--SSN 
information with third party contractors who perform services 
for them.
    Although new Federal and state laws have helped restrict 
SSN use and display, vulnerabilities remain. For example, we 
are concerned that SSNs are still displayed on certain 
federally-issued cards. In particular, the Center for Medicare 
and Medicaid Services has not yet acted to remove SSNs from 
over 40 million Medicare cards despite our report citing this 
weakness. We are also concerned that current Federal laws 
restricting the sale of SSNs and other personal information 
applied to certain types of entities, such as financial 
institutions, but not to information re-sellers, who are 
obtaining and using the same sensitive data.
    However, recently proposed legislation, the Social Security 
Protection Act of 2007, as discussed by Mr. Markey earlier, if 
enacted, may help address this vulnerability by placing 
additional restrictions on the sale and purchase of SSNs. H.R. 
1745, which was introduced in the last Congress, also includes 
provisions to address this issue.
    Further, Federal oversight regarding the sharing of SSNs 
with contractors is less stringent for the telecommunications 
and tax preparation industries, which poses potential 
additional challenges for protecting SSNs and other sensitive 
data in those industries.
    Finally, although Federal agencies have begun truncating 
SSNs on documents provided to state and local recordkeepers, 
different truncation methods between the public and private 
sectors have implications for identity theft. Current Federal 
lien records display the last four digits of SSNs, while 
private re-sellers often provide the first five digits of the 
SSN to the customer. Consequently, with minimal effort, our 
analysts were able to electronically access private sector 
databases, compare this information to Federal liens, and 
reconstruct full identity and SSN information for 10 liens for 
10 individuals from 10 states. The entire process took less 
than an hour or about an hour or about 6 minutes per SSN and it 
was all done from their desks. In light of this finding, we 
continue to urge the Congress to consider enacting a single 
truncation standard or assign an agency to do so.
    Mr. Chairman, this concludes my remarks. I will be happy to 
answer any questions that you or other Members of the 
Subcommittee may have. Thank you.
    [The prepared statement of Mr. Bertoni follows:]
        Prepared Statement of Dan Bertoni, Director, Education,
    Workforce, and Income Security, Government Accountability Office
    Mr. Chairman and Members of the Subcommittee:
    I am pleased to be here today to discuss ways to better protect the 
Social Security number (SSN), which was originally created as a means 
to track workers' earnings and eligibility for Social Security 
benefits. Since its creation, the SSN has evolved beyond its intended 
purpose to become the identifier of choice for public and private 
sector entities and is now used for myriad non-Social Security 
purposes. This is significant because a person's SSN, along with name 
and date of birth, are the key pieces of personal information used to 
perpetrate identity theft. Consequently, the potential for misuse of 
the SSN has raised questions about how private and public sector 
entities obtain, use, and protect SSNs.
    Over the last several years, the Congress and some states have 
recognized the importance of restricting the use and display of SSNs by 
both the public and private sectors. As a result, federal and state 
laws have been enacted that to some degree protect individuals' 
personal information, including SSNs. However, the continued use of and 
reliance on SSNs by public and private sector entities, as well as the 
potential for their misuse, underscore the importance of identifying 
areas that can be further strengthened. GAO has issued a number of 
reports and testified before this Subcommittee about the various 
aspects of SSN use in both the public and private sectors. Accordingly, 
my remarks today will focus on describing the (1) use of SSNs by 
government agencies, (2) use of SSNs by the private sector, and (3) 
vulnerabilities that remain to protecting SSNs.
    In summary, a number of federal laws and regulations require 
agencies at all levels of government to frequently collect and use SSNs 
for various purposes. For example, agencies frequently collect and use 
SSNs to administer their programs, link data for verifying applicants' 
eligibility for services and benefits, and conduct program evaluations. 
In the private sector, certain entities, such as information resellers, 
collect SSNs from public sources, private sources, and their customers 
and use this information for identity verification purposes. In 
addition, banks, securities firms, telecommunication firms, and tax 
preparers sometimes share SSNs with their contractors for limited 
purposes. Although laws at both the federal and state levels have 
helped to restrict SSN use and display, and both public and private 
sector entities have taken some steps to further protect this 
information, several vulnerabilities remain. For example, federal laws 
addressing SSN use and collection in the private sector continue to 
leave SSNs maintained by certain industries vulnerable to misuse by 
identity thieves and others.
    For this testimony, we primarily relied on information from our 
prior reports and testimonies that address public and private sector 
use and protection of SSNs. These products were issued between 2002 and 
2006 and are listed in the Related GAO Products section at the end of 
this statement. We conducted our reviews in accordance with generally 
accepted government auditing standards.

Background

    The Social Security Act of 1935 authorized the Social Security 
Administration(SSA) to establish a record-keeping system to manage the 
Social Security program, which resulted in the creation of the SSN. 
Through a process known as ``enumeration,'' unique numbers are created 
for every person as a work and retirement benefit record. Today, SSA 
issues SSNs to most U.S. citizens, as well as non-citizens lawfully 
admitted to the United States with permission to work. Because the SSN 
is unique for every individual, both the public and private sectors 
increasingly use it as a universal identifier. This increased use, as 
well as increased electronic record keeping by both sectors, has eased 
access to SSNs and potentially made this information more vulnerable to 
misuse, including identity theft.
    Specifically, SSNs are a key piece of information used to create 
false identities for financial misuse or to assume another individual's 
identity. Most often, identity thieves use SSNs belonging to real 
people. However, the Federal Trade Commission's (FTC) identity theft 
victim complaint data has shown that only 30 percent of identity theft 
victims know how thieves obtained their personal information. The FTC 
estimated that over a 1-year period, nearly 10 million people 
discovered they were victims of identity theft, translating into 
estimated losses of billions of dollars.

Federal Laws Affecting SSN Use and Disclosure

    There is no one law that regulates the overall use of SSNs by all 
levels and branches of government. However, the use and disclosure of 
SSNs by the Federal Government is generally restricted under the 
Privacy Act of 1974. Broadly speaking, this act seeks to balance the 
government's need to maintain information about individuals with the 
rights of individuals to be protected against unwarranted invasions of 
their privacy. Section 7 of the act requires that any federal, state, 
or local government agency, when requesting an SSN from an individual, 
tell individuals whether disclosing the SSN is mandatory or voluntary, 
cite the statutory or other authority under which the request is being 
made, and state what uses it will make of the individual's SSN.
    Additional federal laws also place restrictions on public and 
private sector entities' use and disclosure of consumers' personal 
information, including SSNs, in specific instances. As shown in table 
1, some of these laws require certain industries, such as the financial 
services industry, to protect individuals' personal information to a 
greater degree than entities in other industries.

[Table 1: NOT AVAILABLE AT TIME OF PRINT.]

    In 1998, Congress also enacted a federal statute that criminalizes 
fraud in connection with the unlawful theft and misuse of personal 
identifiable information, including SSNs. The Identity Theft and 
Assumption Deterrence Act made it a criminal offense for a person to 
``knowingly transfer, possess, or use without lawful authority,'' 
another person's means of identification ``with the intent to commit, 
or to aid or abet, or in connection with, any unlawful activity that 
constitutes a violation of Federal law, or that constitutes a felony 
under any applicable state or local law.'' Under the act, an 
individual's name or Social Security number is considered a ``means of 
identification.'' In addition, in 2004, the Identity Theft Penalty 
Enhancement Act established the offense of aggravated identity theft in 
the federal criminal court, which is punishable by a mandatory two-year 
prison term.

State Laws Affecting SSN Use and Disclosure

    Many states have also enacted laws to restrict the use and display 
of SSNs. For example, in 2001, California enacted a law that generally 
prohibited companies and persons from engaging in certain activities 
with SSNs, such as posting or publicly displaying SSNs, or requiring 
people to transmit an SSN over the Internet unless the connection is 
secure or the number is encrypted. In our prior work, we identified 13 
states--Arizona, Arkansas, Connecticut, Georgia, Illinois, Maryland, 
Michigan, Minnesota, Missouri, Oklahoma, Texas, Utah, and Virginia--
that have passed laws similar to California's. While some states, such 
as Arizona, have enacted virtually identical restrictions on the use 
and display of SSNs, other states have modified the restrictions in 
various ways. For example, unlike the California law, which prohibits 
the use of the full SSN, the Michigan statute prohibits the use of more 
than four sequential digits of the SSN.
    Some states have also enacted other types of restrictions on the 
uses of SSNs. For example, Arkansas, Colorado, and Wisconsin prohibit 
the use of a student's SSN as an identification number. Other recent 
state legislation places restrictions on state and local government 
agencies, such as Indiana's law that generally prohibits state agencies 
from releasing SSNs unless otherwise required by law.

Government Agencies Collect and Use SSNs for a Variety of Purposes

    A number of federal laws and regulations require agencies at all 
levels of government to frequently collect and use SSNs for various 
purposes. Beginning with a 1943 Executive Order issued by President 
Franklin D. Roosevelt, all federal agencies were required to use the 
SSN exclusively for identification systems of individuals, rather than 
set up a new identification system. In later years, the number of 
federal agencies and others relying on the SSN as a primary identifier 
escalated dramatically, in part, because a number of federal laws were 
passed that authorized or required its use for specific activities. For 
example, agencies use SSNs

      for internal administrative purposes, which include 
activities such as identifying, retrieving, and updating records;
      to collect debts owed to the government and conduct or 
support research and evaluations, as well as use employees' SSNs for 
activities such as payroll, wage reporting, and providing employee 
benefits;
      to ensure program integrity, such as matching records 
with state and local correctional facilities to identify individuals 
for whom the agency should terminate benefit payments; and
      for statistics, research, and evaluation.

    Table 2 provides an overview of federal statutes that address 
government collection and use of SSNs. In some cases, these statutes 
require that state and local government entities collect SSNs.

[Table 2: NOT AVAILABLE AT TIME OF PRINT.]

    Some government agencies also collect SSNs because of their 
responsibility for maintaining public records, which are those records 
generally made available to the public for inspection by the 
government. Because these records are open to the public, such 
government agencies, primarily at the state and local levels, provide 
access to the SSNs sometimes contained in those records. Based on a 
survey of federal, state, and local governments, we reported in 2004 
that state agencies in 41 states and the District of Columbia displayed 
SSNs in public records; this was also true in 75 percent of U.S. 
counties. We also found that while the number and type of records in 
which SSNs were displayed varied greatly across states and counties, 
SSNs were most often found in court and property records.
    Public records displaying SSNs are stored in multiple formats, such 
as electronic, microfiche and microfilm, or paper copy. While our prior 
work found that public access to such records was often limited to 
inspection of the individual paper copy in public reading rooms or 
clerks' offices, or request by mail, some agencies also made public 
records available on the Internet.
    In recent years, some agencies have begun to take measures to 
change the ways in which they display or provide access to SSNs in 
public records. For example, some state agencies have reported removing 
SSNs from electronic versions of records, replacing SSNs with 
alternative identifiers in records, restricting record access to 
individuals identified in the records, or allowing such individuals to 
request the removal of their SSNs from these records.

Private Sector Entities Collect SSNs from Various Sources for Identity 
        Verification Purposes

    Certain private sector entities, such as information resellers, 
consumer reporting agencies (CRAs), and healthcare organizations 
collect SSNs from public and private sources, as well as their 
customers, and primarily use SSNs for identity verification purposes. 
In addition, banks, securities firms, telecommunication firms, and tax 
preparers engage in third party contracting and sometimes share SSNs 
with their contractors for limited purposes, generally when it is 
necessary and unavoidable.

Private Sector Entities Collect SSNs from Both Public and Private 
        Sources

    Information resellers are businesses that specialize in amassing 
personal information, including SSNs, and offering informational 
services. They provide their services to a variety of customers, such 
as specific businesses clients or through the Internet to the general 
public. Large or well known information resellers reported that they 
obtain SSNs from various public records, such as records of 
bankruptcies, tax liens, civil judgments, criminal histories, deaths, 
and real estate transactions. However, some of these resellers said 
they are more likely to rely on SSNs obtained directly from their 
clients, who may voluntarily provide such information, than those found 
in public records. In addition, in our prior review of information 
resellers that offer their services through the Internet, we found that 
their Web sites most frequently identified public or nonpublic sources, 
or both, as their sources of information. For example, a few Internet 
resellers offered to conduct background investigations on individuals 
by compiling information from court records and using a credit bureau 
to obtain consumer credit data.
    CRAs, also known as credit bureaus, are agencies that collect and 
sell information about the creditworthiness of individuals. Like 
information resellers, CRAs also obtain SSNs from public and private 
sources. For example, CRA officials reported that they obtain SSNs from 
public sources, such as bankruptcy records. We also found that these 
companies obtain SSNs from other information resellers, especially 
those that specialize in collecting information from public records. 
However, CRAs are more likely to obtain SSNs from businesses that 
subscribe to their services, such as banks, insurance companies, 
mortgage companies, debt collection agencies, child support enforcement 
agencies, credit grantors, and employment screening companies.
    Organizations that provide health care services, including health 
care insurance plans and providers, are less likely to obtain SSNs from 
public sources. These organizations typically obtain SSNs either from 
individuals themselves or from companies that offer health care plans. 
For example, individuals enrolling in a health care plan provide their 
SSNs as part of their plan applications. In addition, health care 
providers, such as hospitals, often collect SSNs as part of the process 
of obtaining information on insured people.

Private Sector Entities Primarily Use SSNs to Verify Individuals' 
        Identities

    We found that the primary use of SSNs by information resellers, 
CRAs, and health care organizations is to help verify the identity of 
individuals. Large information resellers reported that they generally 
use the SSN as an identity verification tool, though they also use it 
for matching internal databases, identifying individuals for their 
product reports, or conducting resident or employment screening 
investigations for their clients. CRAs use SSNs as the primary 
identifier of individuals in order to match information they receive 
from their business clients with information on individuals already 
stored in their databases. Finally, health care organizations also use 
the SSN, together with information such as name, address, and date of 
birth, for identity verification.
    In addition to their own direct use of customers' SSNs, private 
sector entities also share this information with their contractors. 
According to experts, approximately 90 percent of businesses contract 
out some activity because they find either it is more economical to do 
so or other companies are better able to perform these activities. 
Banks, investment firms, telecommunication companies, and tax 
preparation companies we interviewed for our prior work routinely 
obtain SSNs from their customers for authentication and identification 
purposes and contract with other companies for various services, such 
as data processing, administrative, and customer service functions. 
Company officials reported that customer information, such as SSNs, is 
shared with contractors for limited purposes, generally when it is 
necessary or unavoidable. Further, these companies included certain 
provisions in their standard contact forms aimed at safeguarding 
customer's personal information. For example, forms included electronic 
and physical data protections, audit rights, data breach notifications, 
subcontractor restrictions, and data handling and disposal 
requirements.

Vulnerabilities Remain to Protecting SSNs in both the Public and 
        Private Sectors

    Although federal and state laws have helped to restrict SSN use and 
display, and public and private sector entities have taken some steps 
to further protect this information, our prior work identified several 
remaining vulnerabilities. While government agencies have since taken 
actions to address some of the identified SSN protection 
vulnerabilities in the public sector, private sector vulnerabilities 
that we previously identified have not yet been addressed. 
Consequently, in both sectors, vulnerabilities remain to protecting 
SSNs from potential misuse by identity thieves and others.

Government Agencies Have Taken Additional Actions to Address SSN 
        Protection, yet Vulnerabilities Remain

    In our prior work, we found that several vulnerabilities remain to 
protecting SSNs in the public sector, and in response, some of these 
vulnerabilities have since been addressed by agencies. For example, in 
our review of government uses of SSNs, we found that some federal, 
state, and local agencies do not consistently fulfill the Privacy Act 
requirements that they inform individuals whether SSN disclosure is 
mandatory or voluntary, provide the statutory or other authority under 
which the SSN request is made, or indicate how the SSN will be used, 
when they request SSNs from individuals. To help address this 
inconsistency, we recommended that the Office of Management and Budget 
(OMB) direct federal agencies to review their practices for providing 
required information, and OMB has since implemented this 
recommendation.
    Actions have also been taken by some federal agencies in response 
to our previous finding that millions of SSNs are subject to exposure 
on individual identity cards issued under federal auspices. 
Specifically, in 2004, we reported that an estimated 42 million 
Medicare cards, 8 million Department of Defense (DOD) insurance cards, 
and 7 million Department of Veterans Affairs (VA) beneficiary cards 
displayed entire 9-digit SSNs. While the Centers for Medicare and 
Medicaid Services, with the largest number of cards displaying the 
entire 9-digit SSN, does not plan to remove the SSN from Medicare 
identification cards, VA and DOD have begun taking action to remove 
SSNs from cards. For example, VA is eliminating SSNs from 7 million VA 
identification cards and will replace cards with SSNs or issue new 
cards without SSNs between 2004 and 2009, until all such cards have 
been replaced.
    However, some of the vulnerabilities we identified in public sector 
SSN protection have not been addressed. For example, while the Privacy 
Act and other federal laws prescribe actions agencies must take to 
assure the security of SSNs and other personal information, we found 
that these requirements may not be uniformly observed by agencies at 
all levels of government. In addition, in our review of SSNs in 
government agency-maintained public records, we found that SSNs are 
widely exposed to view in a variety of these records. While some 
agencies reported taking actions such as removing SSNs from electronic 
versions of records, without a uniform and comprehensive policy, SSNs 
in these records remain vulnerable to potential misuse by identity 
thieves. Consequently, in both instances, we suggested that Congress 
consider convening a representative group of federal, state, and local 
officials to develop a unified approach to safeguarding SSNs used in 
all levels of government. Some steps have since been taken at the 
federal level to promote inter-agency discussion of SSN protection, 
such as creation of the President's Identity Theft Task Force in 2006 
to increase the safeguards on personal data held by the Federal 
Government.
    In April 2007, the Task Force completed its work, which resulted in 
a strategic plan aimed at making the Federal Government's efforts more 
effective and efficient in the areas of identity theft awareness, 
prevention, detection, and prosecution. The plan's recommendations 
focus in part on increasing safeguards employed by federal agencies and 
the private sector with respect to the personal data they maintain, 
including decreasing the unnecessary use of SSNs in the public sector. 
To that end, last month, OMB issued a memorandum requiring federal 
agencies to examine their use of SSNs in systems and programs in order 
to identify and eliminate instances in which collection or use of the 
SSN is unnecessary. In addition, the memo requires federal agencies to 
participate in governmentwide efforts to explore alternatives to agency 
use of SSNs as personal identifiers for both federal employees and in 
federal programs.

Vulnerabilities Persist in Federal Laws Addressing SSN Collection and 
        Use by Private Sector Entities

    In our reviews of private sector entities' collection and use of 
SSNs, we found variation in how different industries are covered by 
federal laws protecting individuals' personal information. For example, 
although federal laws place restrictions on reselling some personal 
information, these laws only apply to certain types of private sector 
entities, such as financial institutions. Consequently, information 
resellers are not covered by these laws, and there are few restrictions 
placed on these entities' ability to obtain, use, and resell SSNs. 
However, recently proposed federal legislation, if implemented, may 
help to address this vulnerability. For example, the SSN Protection Act 
of 2007, as introduced by Representative Edward Markey, would give the 
Federal Trade Commission (FTC) rulemaking authority to restrict the 
sale and purchase of SSNs and determine appropriate exemptions. The 
proposed legislation would therefore improve SSN protection while also 
permitting limited exceptions to the purchase and sale of SSNs for 
certain purposes, such as law enforcement or national security.
    Vulnerabilities also exist in federal law and agency oversight for 
different industries that share SSNs with their contractors. For 
example, while federal law and oversight of the sharing of personal 
information in the financial services industry is very extensive, 
federal law and oversight of the sharing of personal information in the 
tax preparation and telecommunications industries is somewhat lacking. 
Specific actions to address these vulnerabilities in federal laws have 
not yet been taken, leaving SSNs maintained by information resellers 
and contractors in the tax preparation and telecommunications 
industries potentially exposed to misuse, including identity theft.
    We also found a gap in federal law addressing SSN truncation, a 
practice that would improve SSN protection if standardized. 
Specifically, in our Internet resellers report, several resellers 
provided us with truncated SSNs showing the first five digits, though 
other entities truncate SSNs by showing the last four digits. 
Therefore, because of the lack of SSN truncation standards, even 
truncated SSNs remain vulnerable to potential misuse by identity 
thieves and others. While we suggested that the Congress consider 
enacting standards for truncating SSNs or delegating authority to SSA 
or some other governmental entity to do so, SSN truncation standards 
have yet to be addressed at the federal level.

Concluding Observations

    The use of SSNs as a key identifier in both the public and private 
sectors will likely continue as there is currently no other widely 
accepted alternative. However, because of this widespread use of SSNs, 
and the vulnerabilities that remain to protecting this identifier in 
both sectors, SSNs continue to be accessible to misuse by identity 
thieves and others. Given the significance of the SSN in committing 
fraud or stealing an individual's identity, it would be helpful to take 
additional steps to protect this number. As the Congress moves forward 
in pursuing legislation to address SSN protection and identity theft, 
focusing the debate on vulnerabilities that have already been 
documented may help target efforts and policy directly toward immediate 
improvements in SSN protection. To this end, we look forward to 
supporting the Subcommittee and the Congress however we can to further 
ensure the integrity of SSNs. Related to this, we have issued a report 
on the Federal Government's provision of SSNs to state and local public 
record keepers, and we have also recently begun a review of the bulk 
sale of public records containing SSNs, including how federal law 
protects SSNs in these records when they are sold to entities both here 
and overseas.
    Mr. Chairman, this concludes my prepared testimony. I would be 
pleased to respond to any questions you or other members of the 
subcommittee may have.

                                 

    Chairman MCNULTY. I thank all of the witnesses. Thank you, 
Mr. Bertoni, especially for this new report, which you issued I 
believe today as a result of the inquiry by Senator Schumer.
    Mr. BERTONI. Yes.
    Chairman MCNULTY. That is now a part of the record of the 
Subcommittee, and we will certainly consider that in our 
deliberations. I want to thank Mr. O'Carroll for the time we 
spent together recently to talk about issues generally 
regarding Social Security, and I want to thank you for your 
commitment to helping us to reduce the backlog, to keep the 
agency focused on its core mission and also the subject of 
today's hearing, protecting the American people from identity 
theft. I am glad to know we are on the same wavelength and 
working for the same purposes.
    Mr. Winston, thank you also for your testimony. You 
mentioned this review of the Social Security number uses. Where 
are you on that, how long will that take, when can we expect to 
see some kind of a product on that?
    Mr. WINSTON. As I mentioned, the Task Force issued its 
report in April, at which point we immediately put together a 
group of FTC and other agency employees to begin this review. 
In fact, this week, we are meeting with a number of officials 
from trade associations and business groups and others to try 
to find out more not only about how they use Social Security 
numbers but why and what it would cost in terms of money, as 
well as inconvenience of change.
    Chairman MCNULTY. But just in line with my previous 
thoughts about this Congress actually doing something, when 
could we expect to see the results of your review?
    Mr. WINSTON. The Task Force report calls for a report to 
the President by the first quarter of 2008. I suspect we will 
have information well before that that would be useful.
    Chairman MCNULTY. Well, we would really appreciate any data 
that you could give us prior to that because some of us do not 
intend to wait around until 2008 to start moving legislation. 
At this time, I would yield to the ranking Member, Mr. Johnson.
    Mr. JOHNSON. Thank you, Mr. Chairman. We are not going to 
wait until 2008, huh? Mr. O'Carroll, I remember some years ago 
the Social Security Administration was handing out new Social 
Security numbers to upward of 100 people--or 100 times to the 
same guy just by a phone call. Have we stopped that because we 
passed legislation to do it?
    Mr. O'CARROLL. Yes, Mr. Johnson, that was one of the 
recommendations that came out after 9/11 when we started to 
ratchet down on the security of the number of it, and what we 
were looking at was multiple SSNs being reissued on it. We now 
have in the SSA systems because of our recommendations and 
because of your legislation, we are now being much more 
attentive to the number of cards going out, it is into the 
system. There are flags put up. We are taking a look at numbers 
of cards going to the same address, sort of the same type of 
similar thing with replacement cards. When 300 cards go to one 
address, it is what we call a ``clue.'' So, we have been trying 
to plug up that hole.
    Mr. JOHNSON. How do you do that?
    Mr. O'CARROLL. Well, what we are doing with that is it is 
flagged, we get the information on it, and in our case we have 
been doing audit work on it where we actually go to the address 
what the address is. In some cases, it is legitimate in terms 
of it is a university or something where it is one entity but 
where it is an apartment building in some locale, we actually 
recommend that to our investigators and our investigators are 
going there, and we are looking to find who is collecting those 
false cards and making arrests.
    Mr. JOHNSON. Well, you mentioned your ongoing role to 
ensure homeland security, as reflected in the recent arrest of 
terrorists planning an attack on Fort Dix. Based on your 
experience to date, how are Social Security numbers and 
document fraud, how is that fraud being committed by potential 
terrorists or do you know?
    Mr. O'CARROLL. Well, as we know with terrorists and in fact 
all criminals, everyone is trying to assimilate into the 
public. What happens is that we are finding in a lot of cases 
people trying to do that illegal assimilation are going to 
identity mills, and they are going to places where they are 
able to get immigration documents, Social Security cards, and 
we monitor that all the time and keep track in terms of the 
prices that going for it and just ways of monitoring. But we 
work very closely with Immigration, with FBI, in the case of 
Fort Dix, with the New Jersey State Police, all of them are a 
part of the Joint Terrorism Task Force up there, which we are a 
member.
    What had happened in the case of Fort Dix was we found out 
that several of the suspects in it, in previous occasions in 
dealing with law enforcement, used false identities up to and 
including Social Security card fraud. I have got to tell you 
prosecutors use Social Security misuse, which is part of the 
legislation that came out this Congress, we use that as an 
enforcement tool, the misuse of the SSN to identify and arrest 
terrorist suspects.
    Mr. JOHNSON. Good for you. Are you finding people from 
overseas asking for Social Security cards before they come over 
here?
    Mr. O'CARROLL. Well, yes, and there are two stories to it. 
In terms of one, it is a good one because what is happening is 
before they get here, they go into an enumeration process where 
they are dealing with embassies overseas and they are being 
vetted by the embassy before they come here, which is a good 
technique. What we are finding, though, and we have done it in 
our audit reports, is that we find that only Social Security 
employees really put the due diligence into checking all the 
documentation, checking all the information, and we are finding 
that when SSA delegates that responsibility to other agencies 
to be doing it, we are not getting the same type of quality. 
So, in our audit report we recommended that Social Security 
work with State Department on making sure that the documents 
that are taken in those applications overseas are valid, are 
good and that they are legitimate needs for SSNs.
    Mr. JOHNSON. Do we need to put anything in legislation to 
reaffirm that or is it clear enough now?
    Mr. O'CARROLL. If you do not mind, let me check that and 
get back to you because I think at this point it does seem to 
be--it has been brought to State Department's attention, and I 
have got to tell you, it is a good program, and it is a fairly 
new one so we might be at a point now of monitoring it before 
we do any more recommendations for it. But I will check it and 
get back to you.
    Mr. JOHNSON. Thank you, sir. I appreciate it.
    Chairman MCNULTY. Thank you, Mr. Johnson. Mr. Levin may 
inquire.
    Mr. LEVIN. Thank you, Mr. Chairman and Mr. Johnson, for 
having this hearing. When I read your opening statements, you 
mentioned, Mr. Chairman, this is the sixteenth hearing on this 
topic.
    Chairman MCNULTY. It is time for action.
    Mr. LEVIN. That the FTC receives between 15,000 and 20,000 
contacts each week from those who have been victimized. Mr. 
Johnson, my pal, you say in your statement, according to the 
Privacy Rights Clearinghouse, since January 2005, that breaches 
have been over 155 million. So, the staff, as usual, has 
prepared some really incisive questions, but could I ask you 
this because this kind of jumps off the pages, what is the 
problem? What is taking so long? Why have we been having all 
these hearings and there are all these breaches and all these 
thefts? What is holding this up, what is holding you up? What 
is holding Washington up?
    Mr. WINSTON. I guess I cannot answer the question about why 
you have had so many hearings but as far as what is holding up 
the FTC and the other agencies that have been working on this 
problem, we have been working diligently on it. We have done a 
lot of law enforcement. We have done a lot of outreach. I think 
additional legislation would be very helpful in making it 
easier for us to tackle this problem.
    Mr. LEVIN. You are an active participant in crafting this 
legislation?
    Mr. WINSTON. Yes, we have been involved. We have provided 
technical assistance to different Committees and the different 
sponsors. We have urged Congress to pass national data breach 
notification standards and national data securities standards. 
We think that is critical in this fight.
    There are a lot of steps that are being taken but it is a 
complex problem and it is an ever-evolving problem. Identity 
theft is everything from your cousin going up in your bedroom 
and stealing your wallet to international crime rings hacking 
into computer databases and getting records. In tackling it, we 
need to tackle it from every angle, as I mentioned.
    Mr. LEVIN. Okay, so it is complex but if we go home and 
talk to our constituents and we say about any problem, it is 
complex, it changes their complexion, they get kind of red. So, 
I will ask the two of you, Mr. O'Carroll and Mr. Bertoni, what 
is the problem? Why is it so difficult? Why haven't we acted 
besides its complexity?
    Mr. BERTONI. As far as why you have not acted?
    Mr. LEVIN. Congress and the Executive and all of you?
    Mr. BERTONI. I think as far as the pressures on the 
Congress, there are interests on the other side of this issue 
that make the case that commerce and business to business 
information sharing and ultimately customer service will 
deteriorate. I think that argument has been heard. It points--
it stalled forward progress in terms of making sure that other 
industries have similar protections in terms of their 
information security and disclosure similar to the financial 
services institutions, in particular the telecommunications and 
tax preparer industry. That bar is lower, and we have concerns 
that that bar is lower, and we believe at a minimum it should 
be raised at least to the level of the financial services 
community. So, I guess the roundabout answer is there are 
arguments on both sides and at some point which one will win or 
which compromise will prevail, that is something for you all as 
policy-makers to work out.
    Mr. LEVIN. I think that is a useful answer. Mr. O'Carroll, 
you get 30 seconds to explain why there has not been more 
action.
    Mr. O'CARROLL. I guess I better talk quick. I think there 
has been a lot of action in terms of when I came to this 
inspector general's office 10 years ago, the Social Security 
number was out there, it was being used as the primary 
identifier on virtually every document up to and including the 
driver's license. In the time that I have been here, it is now 
off of the driver's licenses. The Social Security statement, 
which goes out every year to every citizen, has a truncated 
number on it now. When government checks went out, they had a 
Social Security number in the window on the check, that 
stopped. I got to say it has been a long haul doing it because 
of the convenience factor. Everyone used the Social Security 
number as a convenient tracking number, and it has been really 
our mission to try to get it back into the box through all this 
time. The Social Security Protection Act was some steps in the 
right direction, it took us a number of years with this 
Committee to get that through, and I think if you could do 
another act of this kind with more controls over the Social 
Security number, that would probably be the benefit of this 
Congress.
    Mr. LEVIN. Thank you. Thank you.
    Chairman MCNULTY. Thank you, Mr. Levin. Mr. Lewis may 
inquire.
    Mr. LEWIS OF KENTUCKY. Thank you, Mr. Chairman. Going back 
to the balance that you were talking about there, Mr. Winston, 
in your testimony you stated that restrictions on the Social 
Security number should be reduced to unnecessary use without 
inadvertently burdening necessary use. Could you explain what 
you believe to be necessary and unnecessary use?
    Mr. WINSTON. Yes, I think the H.R. 948 really goes at it 
the right way. It lists--it basically bans sale and purchase of 
the Social except for certain specific purposes, law 
enforcement, public health and safety, for credit verification, 
for fraud prevention. Then it says that the FTC should do 
rulemaking in order to flesh out those exceptions and add 
additional ones if it determines that it is appropriate. I 
think that is the right approach.
    Mr. LEWIS OF KENTUCKY. Mr. Bertoni, would you want to 
comment on that too?
    Mr. BERTONI. In terms of the balance, striking a better 
balance, as I said before, I think it is important that actions 
taken do not upset the free flow of commerce, the ability of 
businesses to share information. But as our report, as we 
continue to say in our reports, there are still industries that 
still fall we believe way out of the parameters in terms of a 
reasonable amount of regulation and control in terms of their 
information security and disclosure policies. Again, at a 
minimum, if you looked at what has happened in the financial 
services sector, that sector has not grinded to a halt. There 
have been changes made. We are asking the Congress to look at 
some of these other sectors to see if that bar could be raised. 
Again, there would be some compromises to be made, but we also 
believe there are soft spots and areas to be strengthened in 
several of those areas.
    Mr. LEWIS OF KENTUCKY. Mr. Winston, of course all of you I 
think would agree that if we could authenticate the consumer or 
the customer, we would go a long way in stopping thieves. I 
know you have been looking at that, Mr. Winston. What have you 
come up with as far as finding a good way to authenticate the 
people who are out there?
    Mr. WINSTON. We did hold a 2-day workshop on this subject 
with lots of people from all over the world coming in to talk 
about their experiences. I think what came out of that was that 
there is no panacea. There is no one perfect way to 
authenticate. If there were, thieves, who are very smart, would 
come up with a way to defeat it. So, what we are seeing more 
and more of are multiple layers of authentication, not just one 
piece of information but a biometric, a thumb print, an iris 
scan, plus an identification number or pin number. So, there is 
a lot of movement in that direction and government can 
facilitate that and encourage it. It probably is not a wise 
thing for government to come in and say this is how you have to 
authenticate consumers.
    Mr. LEWIS OF KENTUCKY. Okay, thank you.
    Chairman MCNULTY. Thank you, Mr. Lewis. Mr. Becerra may 
inquire.
    Mr. BECERRA. Thank you, Mr. Chairman. Thank you all for 
your testimony. Let me ask a question. My understanding is if 
we were to try to re-issue the Social Security number to try to 
take care of discrepancies and to try to give people a new 
number that is not out there in the public domain, and if we 
were to try to give it some type of enhanced security, a 
photograph or some type of biometric, we are looking at 
somewhere in the order of about $10 billion to do that. Is 
that--I know a rough estimate but is that still more or less an 
estimate, Mr. O'Carroll?
    Mr. O'CARROLL. It is a moving target, Congressman, in that 
it depends on the type of--what features would go into the new 
card, whether it was a biometric.
    Mr. BECERRA. Give me a rough estimate.
    Mr. O'CARROLL. I say that just a rough off-the-top of my 
head number, that would be a good number, the $10 billion but 
with a lot more ``but's'' to it.
    Mr. BECERRA. I understand because I want to move off of 
that, I am just trying to get a rough sense of things, so about 
$10 billion gives you a new card that might give Americans 
enhanced security. Right now SSA would swallow that cost, 
Congress would have to provide you with the money to do that, 
otherwise it would be impossible to actually administer because 
there will be tremendous cost trying to get folks to come in 
with their birth certificates and whatever else they will need 
to try to identify themselves for purposes of getting this new 
card. Okay, so let me ask this, who should pay for the 
establishment and maintenance of a new identity system, 
identification system, taxpayers or the users? Because right 
now the Social Security number imposes no cost on any consumer, 
any business if it is used solely for the purpose of 
identifying how much you have earned for Social Security 
purposes in the future.
    That the taxpayers I think we are willing to bear because 
we are going to get the benefits of the Social Security system 
in the future. But as it is right now with identity theft, with 
business losses mounting into the billions, tens of billions of 
dollars, there are lots of costs involved in trying to secure 
your identity or restore your identity or for a business to try 
to reclaim losses. I hear no talk about who is going to pay for 
giving us a more secure system, the taxpayers or all the 
consumers, meaning the businesses and actual individual 
consumers, who would utilize that increased security that would 
come from a new identification system that may be housed within 
Social Security?
    Mr. O'CARROLL. Okay, not to be argumentative but why would 
Social Security be the vehicle for this new identifier?
    Mr. BECERRA. That is a good question.
    Mr. O'CARROLL. Be put back on to the management of the 
Social Security Administration when we have a good number now 
that is doing what it is supposed to do in terms of tracking 
wages and tracking benefits on it and the commercial half is 
the other one.
    Mr. BECERRA. Let's take that path, say we say the Social 
Security number will be used only for Social Security purposes. 
Disability benefits, retirement benefits, death benefits.
    Mr. O'CARROLL. Tax purposes.
    Mr. BECERRA. That is not necessarily Social Security but we 
have ventured into at least taxes for purposes of the use of 
the Social Security number but for other reason, but then what 
would you suggest or does Social Security what would be used as 
that identifier that used nationally for whether it is consumer 
purposes or other types of purposes?
    Mr. O'CARROLL. I thought I did a pretty good job of batting 
this away from Social Security.
    [Laughter.]
    Mr. O'CARROLL. I am thinking I might yield my time to one 
of my esteemed panel members.
    Mr. BECERRA. Let me ask Mr. Bertoni that question is 
because what I am trying to get a sense--those must all be the 
folks from GAO who are laughing back there, I am just trying to 
get a sense, we are going to have do something but who should 
pay it? My sense is that the taxpayer should pay something 
because ultimately we are all taxpayers, most of us are 
taxpayers, and we want to have that security. But I am not out 
there selling my identification number to identity thieves. I 
am not the one that tells a particular business or government 
agency use my number for some other purpose, whether it is for 
purposes of registering a divorce or buying a refrigerator. So 
why should the taxpayer then foot the bill to make this card, 
if it is used for Social Security, to make it more secure?
    Mr. BERTONI. Again, that is certainly a policy question. I 
can tell you how it is now. SSA has certainly----
    Mr. BECERRA. I do not want to know how it is now, give me a 
sense, who should pay?
    Mr. BERTONI. I think there are models out there where you 
could construct a different model where others could pay 
outside of the agency.
    Mr. BECERRA. ``Others,'' identify ``others''?
    Mr. BERTONI. I am just considering say the driver's, and I 
am not advocating, I am just kicking something around here, 
there are models where people who are buying the card or buying 
the service, which is a driver's license, would be asked to pay 
a fee for that. I am not aware of any models where say 
beneficiaries of a particular card or identity card, such as a 
SSN, like an information re-seller, would have to pay. I cannot 
talk to that because I am not aware of that model. The only two 
models I am aware of are the agency footing the bill or the 
purchaser of the license or the card, historically that has not 
been something that SSA has wanted to do. Beyond that, again, I 
think that is an option, a policy option for Congress to 
consider.
    Mr. BECERRA. A user fee of sorts?
    Mr. BERTONI. There are models but I am not advocating that.
    Mr. BECERRA. No, I understand and I thank you for your 
comments. Mr. Chairman, thank you very much. I know my time has 
expired.
    Chairman MCNULTY. Thank you, Mr. Becerra. Mr. Ryan may 
inquire.
    Mr. RYAN. Thank you, Mr. Chairman. I guess I will pick up 
where Mr. Becerra left off because this issue has so many 
sources, so many directions. It interweaves all of these 
problems we have got, terrorism, immigration, all of these 
things, so we have some no-brainers, unify the truncation 
standards, right, and some other easy low-hanging fruit things. 
At the end of the day, it seems like what we are headed to is 
how do we, A, authenticate people and, B, kind of clean up the 
database in Social Security and stop the mission creep of the 
number being used, these are pretty much the two issues here, 
right? So now we are being faced with this sort of fork in the 
road, do we do a Social Security card, do we just fix the 
Social Security card, put $11.7 billion, $10 billion, whatever 
this number is, and make the Social Security card better with 
biometrics and a centralized Federal database or do we go a 
different route? I guess that is kind of the fork we are in 
right now.
    Let me ask just each of the three of you, if we go down 
this path of a better 21st Century Social Security card with 
the biometrics and all of this, do you believe that given the 
way the market works, given the way identity thieves work, that 
a Social Security card under today's technology can be 
implemented and can be successful for the long term from 
preventing identity theft and all that. I will just ask the 
three of you, just go down the line, however you want to start, 
Mr. O'Carroll?
    Mr. O'CARROLL. I will tell you, Mr. Ryan, we have done a 
lot of looking at Social Security cards in terms of whether to 
use different type of stock for it, different printing for it, 
whether to put biometrics into it, everything else, and I have 
got to tell you what we have found by looking at just history 
in general is when whenever the government comes up with any 
type of a document, a form or whatever, especially if there is 
going to be some financial gain in figuring out a way of 
compromising it, the counterfeiters usually do figure out a way 
to compromise it. So, even when you say, if we come up with 
one, do you think we will get a few years out of it before 
somebody does it, then all of a sudden you are going to go back 
to the thought of another $10 billion of coming up with a new 
card.
    Mr. RYAN. Yes.
    Mr. O'CARROLL. So, what we are advocating on this is that 
it is the number, it is not the card, and if we can put more 
time, effort, whatever into the system work on it, where we are 
getting good, positive hits on terms of when information is put 
in, is this the right person for it, and that is again what I 
am saying with this is that the first step on this thing is 
really with the government in terms of right now the agencies 
going to each other, basically work on that type of thing, the 
technology for it, that is a big step in the right direction.
    Then at the time, which kind of goes back to what we were 
talking about before, is when you are talking in terms of the 
financial sector and all the other forms of identity that are 
being used, our recommendation is to use different numbers than 
the Social Security number for it. The one that I am always 
sort of cautious on with this thing is with the Social Security 
number, I think we have done a very good job about it, is 
keeping it, at least in terms of the government, for the 
government uses of it, and not having it become a national 
identity document, which is kind of the role where if you got 
into biometrics and hard cards and that, it is a whole other 
step.
    Mr. RYAN. So, we could get ourselves on the slippery slope, 
but I want the other two of you to comment. Let me throw this 
at you as well. Tell me if I am wrong, we are at this fork, do 
we go down this sort of unifying national ID card route, which 
has all of the Orwellian and privacy and obsolete issues 
associated with it, or can the market produce ever upgraded 
standards on helping people authenticate who they are and give 
people the tools in the marketplace to be able to authenticate 
their identity and then you clean up the Social Security number 
itself and then people can operate through society by 
preventing identity theft and being able to authenticate who 
they are and the government does a job of basically saying this 
particular authenticating agency or company is correct, they do 
a good job. The government can do a job of making sure that a 
business that wants to market itself as an authenticating 
entity, has the Good Housekeeping Seal of Approval, can do 
that, is that the path that we go down, meaning instead of the 
national ID card, do we have institutions that are out there in 
the private sector that can be authenticators of people or not? 
Do you understand what I am trying to get to? I would like to 
just ask you to consider that as well and give me your take on 
that.
    Mr. WINSTON. Sure. Mr. Ryan, I think what you are----
    Mr. RYAN. Yes, I am not doing a good job of explaining 
myself.
    Mr. WINSTON. No, actually you are.
    Mr. RYAN. Okay.
    Mr. WINSTON. What you are playing out I think is the very 
debate that is going on with the real ID act. There are certain 
advantages to that, of course, of having one ID card for 
everything. It is easy to use, hopefully it is secure, but 
there are down sides and there are privacy issues and there are 
cost issues that are very serious. My own view is that maybe 
another way to go is to further develop what is happening now, 
which is multiple forms of authentication, not having one form 
of authentication for every purpose but in different sectors 
having different forms of authentication. It can be a pin, it 
can be a biometric. That is much harder for an identity thief 
to break into. There are convenience issues, of course. 
Consumers do not want to memorize 15 different passwords, but I 
think there is ongoing a development of better, useable forms 
of authentication that I think have a good chance of solving 
this problem.
    Mr. RYAN. Mr. Bertoni.
    Mr. BERTONI. There is a lot in that question. I think one 
thing we need to consider early on is given that we have real 
ID there, do we want to go forward with a parallel path of 
having a Social Security card with very similar secure 
features? I think you could create some redundancies that do 
not need to be there. So, there is an issue for the country to 
consider in terms of what will it be, will it be real ID, will 
it be the Social Security number? We issued a report last year 
that talked about the pro's and con's and options, and I can 
provide you some of that.
    But, again, to step back, even before we talk about who 
does it and what we might use, there are real implementation 
issues to consider with just the Social Security 
Administration. With 300 million cards issued out there, how do 
we do it? Is it laddered? Is it all at once? Who gets it first? 
Prior to 1978, there was very little fraud verification for 
people seeking a SSN. These people could come forward now, get 
their Social Security card, and we really did not do a good job 
of verifying who they were in the first place. So, we have 
millions of people with these pre-1978 cards that they are 
going to walk away with an ID card that is going to be what 
most people conceive to be bullet proof, and they may not be 
who they say they are. That is an issue.
    I think in terms of data cross-matching, we have gone on 
record at GAO that short of new cards, biometrics, there is a 
lot that the public and private sector can do in terms of data 
cross-matching, using various elements, not just the Social 
Security number. Truncation is a great protection. It should be 
part of the verification scheme, but there are new models out 
there where they use multiple data points to give the verifier 
a higher comfort level that you are who you say you are. So, 
that to us is certainly something that needs to be considered 
and moved on.
    Mr. RYAN. I assume my time is up. Thank you, Mr. Chairman.
    Chairman MCNULTY. Thank you, Mr. Ryan. Ms. Schwartz.
    Ms. SCHWARTZ. Well, thank you. I am going to try and take 
us off the discussion of a national ID card. I am not sure we 
are anywhere near any agreement about the need for such a thing 
and who would do it and how we would pay for it and how we 
would protect people's identification. I think pulling us back 
if we could just a little bit to the use of the Social Security 
number and kind of risks we are already engaged in. It seems to 
me we ought to take care of that first, and we have not done 
that yet. So, let me just understand here, the feeling so far 
is that you do not, and I guess it would be the Social Security 
Administration, does not have the authority to restrict the use 
of Social Security numbers, I think that is a simple yes or no?
    Mr. O'CARROLL. Yes.
    Ms. SCHWARTZ. You do not have the authority, you do not?
    Mr. O'CARROLL. Correct. There is no authority. Once it is 
outside of Social Security, it is out in the public, we have no 
authority to restrict.
    Ms. SCHWARTZ. So, individuals ask for it, they give it--we 
all have, as you pointed out, hospitals, universities, 
schools----
    Mr. O'CARROLL. But we can recommend people say no but we 
cannot enforce them not to ask.
    Ms. SCHWARTZ. You do not also feel that you have the 
authority to set standards about its use? For example, you 
mentioned display, I think all of us have actually seen from 
what hospitals used it at some time or health centers might 
have used it as their patient chart number. It was on my Blue 
Shield insurance card for years, how hard was that to figure 
out, it said Allison Schwartz and my Social Security number, I 
think they would probably have assumed it was my husband's just 
out of sexism but it was actually mine, and I had my insurance. 
They only just recently have changed that, I assume, because of 
the concerns about identity theft. So, the question is do you 
feel like you could not even or you do not have the authority 
now to set standards about display or use or protection of a 
Social Security number used by any kind of private entity?
    Mr. O'CARROLL. Correct. There is very limited use. One of 
the limits that is on it is that when it is falsely used in 
advertising, and we can enforce that. That is the one where you 
get in your mail a document that looks like it came from the 
Social Security Administration, it is using the logo, and that 
type of stuff. We can restrict that type of use but the other 
types of uses where Radio Shack is asking for your Social 
Security number, we cannot. That is where this is very 
difficult because once it got out of SSA and got into the 
economy, it started becoming that financial tracker.
    Ms. SCHWARTZ. Hence, the need for us to take some action 
to----
    Mr. O'CARROLL. Yes.
    Ms. SCHWARTZ [continuing].--Limit the use in the private 
sector and attempt to set some standards or suggest who does 
set the standards on how they protect this very sensitive 
information.
    One other question for you. The IRS, as you well know, has 
been subcontracting with private collection agencies to collect 
taxes. The first thing they ask is for the Social Security 
number. We had a hearing which revealed the fact that 
individuals are very hesitant, appropriately, to give someone 
who just says, ``Hi, I am Susan, I cannot tell you why I am 
calling, I have to make sure I know who I am talking to first, 
would you give me your Social Security number?'' It is just 
stunning actually that this is a government-authorized 
activity. Now, many people do not give their Social Security 
appropriately but some do. Now, do you know if you or the IRS 
has set very careful limits on the protection of those Social 
Security numbers once they get them, these are now private 
agencies?
    Mr. O'CARROLL. Well, it is interesting that you bring that 
up. One is that you, as you noticed there, what we are saying 
is when somebody calls you up on the phone and asks for your 
Social Security number, do not give it, which reinforces that. 
But then with secondary information and back and forth, trust 
with information and know that what they are calling about is a 
transaction with the government, there is that. But what we 
have done, and we have gone to the Department of Treasury, is 
that we have asked all other--we have asked 15 other inspectors 
general to take a look at their departments and the use that 
they have of Social Security numbers, up to and including 
contractors, which is what you are talking about, and in 2001, 
six years ago, there was very little control over that. There 
were no real limits on it, nothing was in the contract about 
safeguarding the Social Security information and that.
    In a follow-up that we did about a year ago, those same 15 
agencies were finding out--and they are all the biggest 
departments--were finding out that, yes, they are safeguarding 
their own information, one, they are too cautious on 
disclosures of it, so any of their documents, they are very 
cautious to not have Social Security numbers.
    Ms. SCHWARTZ. The department is or the subcontractors are?
    Mr. O'CARROLL. These are the departments and then each of 
the departments are asked at their subcontractors and whether 
the contractors were abiding by security of any Social Security 
number information, and we found that they were.
    Ms. SCHWARTZ. So, you have done a study?
    Mr. O'CARROLL. Yes, and so we keep doing that to make sure 
that the Federal agencies are looking at subcontractors and 
making sure, like in this instance, that there is protection on 
it. OMB, under the new PII guidance, is also reinforcing that. 
So, I have got to say at least government-wise and government 
contractor-wise, we are being very--much more astute or much 
more attentive to that issue.
    Ms. SCHWARTZ. So, the concern is really much more in the 
private sector and the use of these numbers in the private 
sector.
    Mr. O'CARROLL. Yes.
    Ms. SCHWARTZ. We have had other hearings but we really need 
to do something to give you the tools and the authority, I am 
looking at both you actually, exactly how we will write all 
this legislation I guess remains to restrict the use of the 
Social Security number and to set very clear standards about 
its use. It is pretty stunning how it has been used. So, thank 
you very much. Mr. Chairman, I think my time is up.
    Chairman MCNULTY. Thank you, Ms. Schwartz. Ms. Tubbs Jones.
    Ms. TUBBS JONES. Thank you, Mr. Chairman. You do, sir, 
however the authority to restrict more than one person using 
the same Social Security number though, do you not?
    Mr. O'CARROLL. Yes, we do.
    Ms. TUBBS JONES. That is as big a dilemma in government as 
anything else is with regards to Social Security numbers, 
correct?
    Mr. O'CARROLL. The misuse of the SSN and the legal use, 
yes.
    Ms. TUBBS JONES. Yes, and so we have many employers who 
employ people in the United States of America and they in the 
same company and more than one person using the same Social 
Security card number, Social Security number, excuse me, not a 
card but the number?
    Mr. O'CARROLL. Yes.
    Ms. TUBBS JONES. What are we doing about that?
    Mr. O'CARROLL. Well, we are working in terms with 
Immigration to be taking a look at what is called the basic 
pilot, which is the verification program, that when an employee 
applies for a job, we verify the SSN as being a legitimate SSN 
and a legitimate name and the basic information of male, 
female, date of birth on it. That is being done.
    Ms. TUBBS JONES. So, what is your enforcement?
    Mr. O'CARROLL. Excuse me?
    Ms. TUBBS JONES. I am going to interrupt you because I do 
not have but 5 minutes.
    Mr. O'CARROLL. Sure, hey, we are coming from the same 
place.
    Ms. TUBBS JONES. So, what are your enforcement tools for 
that purpose?
    Mr. O'CARROLL. Well, enforcement tools on it is the misuse 
of the SSN, we use that violation when people are misusing it, 
and as an example when we were talking about the Fort Dicks 
terrorist investigation, we worked with ICE every day of the 
year where people are misusing SSNs and where they are charged 
with it. Unfortunately, prosecutors are not the most thrilled 
with that type of a prosecution unless it is in large numbers.
    Ms. TUBBS JONES. I am not talking about terrorists, I am 
talking about the employers who allow the use of more than one 
person to use a Social Security number, what are we doing about 
those employers and what are our enforcement tools and what 
have we done?
    Mr. O'CARROLL. We are going after them. We just had a 
recent case in Massachusetts in which an employer was telling 
any new employee coming in if they did not have a Social 
Security number, go to this location and they will give you a 
Social Security number. They were getting counterfeit Social 
Security numbers going to work for this employer and the 
employer was arrested.
    Ms. TUBBS JONES. Do you have any numbers? If you do not 
have them with you today, I would be interested on how many 
employers we have prosecuted for allowing employees to use--
more than one employee to use the same Social Security number, 
I would be interested in having that?
    Mr. O'CARROLL. I would have to respond back on that. I am 
not sure whether it is a large number but it is a number, and I 
will get it for you.
    Ms. TUBBS JONES. I will tell you what, I am not sure 
either, but I bet money that it is a large number. I am 
laughing--not laughing but I just pulled out my Ohio Public 
Employees Retirement System prescription drug card, it has got 
my Social Security number on it, broad as day. That is my ID 
number. I guarantee you there are a whole lot of others out 
there that are using that.
    It is easy for us to sit in this room, and I am not going 
to be a holier than thou person, but it is easy for us to sit 
in the room and have a discussion and be congenial in the 
course of our discussion about what we are going to do about 
Social Security numbers, and I have only been in Congress 9 
years and I am sure, as we said, we have been sitting here 
having these nice little collegial discussions about the impact 
and that is why we end up where we are right now with the 
misuse and identity theft of Social Security numbers.
    I just would hope that even in our collegiality, that in 
2007, that we will move forward to accomplishing some real 
things because all of us sit here and say, ``It is right here 
on my card. I call in to the bank, I want to get my bank 
account number. I have got to give my Social Security number, 
my mother's maiden name,'' and on and on. We have accepted it 
as just part of the living in the United States of America and 
accessing information, but we have got to get further ahead and 
be serious about how we involve this. After that nice little 
piece I have done, Mr. Chairman, I thank all of you for the 
work that you do, but tell us what you need, let's do it, let's 
not just sit here and allow people to continue to be put in 
harm's way as a result of misuse. I thank you, Mr. Chairman, 
for your time.
    Chairman MCNULTY. I thank Ms. Tubbs Jones, and I want to 
assure her that Mr. Johnson and I have expressed our 
determination to move forward with some legislation rather than 
just talking about the issue. Mr. Ryan has an additional 
inquiry.
    Mr. RYAN. Thank you, Mr. Chairman. Mr. O'Carroll, I wanted 
to follow-up on Ms. Tubbs Jones question, I want to ask you 
about these no-match letters. This happens to us all the time 
where we will have an employer that will call or write us and 
say they have received a no-match letter from the Social 
Security agency where they said, ``Well, we have found that 
five people are claiming the same number, we do not know if 
your employee is the right person or the wrong person. You 
cannot fire the person, we are going to do the investigation.'' 
Then they typically have no follow-up from thereafter. So they 
are caught.
    So can you just walk me through what is the process and the 
procedure at SSA, do you have what you need to do to find out 
who people are or who they are not? How do you do this, do you 
just do random audits of your database to see more than one 
claim on a Social Security number? What do you do when you find 
four or five people claiming the same number? What is the 
outcome? Can you just explain this briefly to me?
    Mr. O'CARROLL. Well, when the tax information goes to SSA 
and that information is run against the SSA database, that is 
where the no-match's are coming out. It is all automated, it is 
automatic, a letter is automatically sent out to the employer.
    Mr. RYAN. So, every no-match that comes in is identified?
    Mr. O'CARROLL. Yes.
    Mr. RYAN. Those that can be identified with an employer, a 
letter is generated on it to that employer. Really it is an 
automated process. On occasion, if there are a lot of them, SSA 
will contact employers with a liaison service to see if they 
can help them but for the most part it is a pretty passive 
action, where the letter goes out, the employer is notified, 
the employer knows that the information that he is given is 
incorrect and basically he or she is instructed to contact the 
employee and straighten it out. Then also the employee is 
recommended to go to Social Security and Social Security will 
then straighten it out with the employee.
    Mr. RYAN. But since the employer just has an I-9 Form he or 
she has to fill out, which they have to have some document, one 
of what 29, I think thrown in front of them, they do not know 
whether the person is legitimate or not, whether they are 
illegal or not, how then does the person proceed? They send the 
person to the local Social Security office and then it is up to 
the Social Security to use their best judgment to determine 
whether the person they say they are or not, is that basically 
how this follow-up occurs?
    Mr. O'CARROLL. A lot of people follow up with the employee 
on it, yes. But I have got to tell you in most cases, it can be 
rectified at the employer/employee level in terms of the person 
does have the work documents, the other documents for the 
employer to look at and it can be resolved at that level. I 
have to tell you one of the down sides of this one is that in 
many cases by the time the employers are getting these no-match 
letters, especially in transient type industries, that employee 
is long gone and that is probably the biggest issue on this 
thing is that, and it is one of the biggest problems with 
misuse of SSNs in the application process of it is that if that 
person used false identification or purported to have a false 
identification, was turned away from SSA initially or whatever, 
we are never able to find that person because the information 
was all false that they had and they are gone into society.
    That is probably the biggest problem with the no-match 
letters is that most cases are the biggest violators--or not 
violators, the biggest recipients of no-match letters are large 
industries are very transient. That is probably the biggest 
issue of it is that that employee is no longer there because it 
is a year later when the tax information comes in.
    Mr. RYAN. But it also seems like the way the system is 
configured now, a person could still get away with possessing a 
wrong Social Security number even through this system, correct?
    Mr. O'CARROLL. Yes.
    Mr. RYAN. Even after the no-match letter person who really 
is not who they say the are, using some other Social Security 
number, could still continue using it?
    Mr. O'CARROLL. That does happen, yes.
    Mr. RYAN. All right, thank you. Mr. Bertoni?
    Mr. BERTONI. Yes, we did some work on that last year, the 
electronic suspense file whereby wages that do not match, the 
name, date of birth, Social Security, end up in this file with 
billions of records and, yes, in fact we have seen Social 
Security numbers with all zeros, all 9s, all 8s, ``ABCDEFG'' 
that are being used and people are working under them. We have 
recommended to IRS, DHS to pick up the enforcement effort.
    Mr. RYAN. Thank you.
    Chairman MCNULTY. Thank you, Mr. Ryan. If there are no 
further inquiries, I want to thank Mr. Bertoni, Mr. Winston and 
Mr. O'Carroll for your testimony. It has been very helpful. We 
do intend to try to move legislation. I would ask that the 
witnesses continue to be available to the Members and our staff 
as we try to move in that direction, thank you very much.
    In the interest of time, while panel three is coming to the 
podium, I would just like to introduce the Members of the 
panel. We have Justin Yurek, president of ID Watchdog of 
Denver, Colorado; Stuart Pratt, president of Consumer Data 
Industry Association; James D. Gingerich, director, 
Administrative Office of the Courts of the Supreme Court of 
Arkansas, on behalf of the Conference of State Court 
Administrators; Annie Anton, associate professor of Software 
Engineering, North Carolina State University, on behalf of the 
Association for Computing Machinery; Marc Rotenberg, executive 
director of the Electronic Privacy Information Center; and 
Gilbert Schwartz, partner of Schwartz & Ballen, LLP, on behalf 
of the Financial Services Coordinating Council.
    I want to thank all the witnesses for being here and 
sharing your expertise today and for your patience in waiting 
for the other two panels to testify. All of your statements 
will appear in the record in their entirety. We would ask each 
one of you to summarize your statement in as close to 5 minutes 
as you can. Just keep an eye on the little device in front of 
you to give you an indication when you should wrap up. So with 
a summary of your testimony, it leaves a little bit more time 
for Members to make inquiries. I think we will start with Mr. 
Yurek and go right down the line and hear everyone's testimony 
first and then allow the Members to inquire. Mr. Yurek?

  STATEMENT OF JUSTIN YUREK, PRESIDENT, ID WATCHDOG, DENVER, 
                            COLORADO

    Mr. YUREK. Thank you, Mr. Chairman and Members of the 
Committee. My name is Justin Yurek and I am the president of ID 
Watchdog Corp. ID Watchdog is an identity theft detection and 
resolution company that helps consumers to protect themselves 
from, and resolve issues related to, identity theft. Our firm 
experiences firsthand the pain and suffering of the consumer at 
the hands of identity thieves and it is this pain that I wish 
to highlight to do. Ultimately, the question of legislative 
reform comes down to an analysis of the expenses incurred by 
business and government and restricting access to sensitive 
data, such as Social Security numbers, versus the benefit such 
action would afford consumers. I wish to illustrate these 
benefits to consumer victims by way of case study. Rather than 
dealing with faceless statistics, I would like to tell the 
story of one of ID Watchdog's clients. I believe there is great 
benefit in looking at the specifics of his one case to 
determine general facts about all identity theft.
    We first met our client, Charlie W., in April of 2006. 
Initially, Charlie asked us to perform a full background check 
to ensure that his personal data records were accurate. ID 
Watchdog pulled data from thousands of databases that cover 13 
crucial areas of consumer information. The shocking results 
revealed the following incidents in Charlie's name which he was 
not responsible for. I apologize for the laundry list I am 
about to say, but I think all the details are important: Four 
traffic citations in Florida, Washington and Arizona; three 
felony arrests for assault and harassment in Washington; a 
conviction for assault where he served, supposedly, 144 days in 
jail in Washington; an active national warrant for arrest in 
Washington for bail jumping; an active warrant for arrest in 
Arizona for failure to appear; a newly issued driver's license 
in Florida; several thousand dollars of unpaid medical bills in 
Washington and Florida; and several thousand dollars of phantom 
1099 income dating back to 1996.
    A practicing Buddhist, Charlie had never had so much as a 
speeding ticket, let alone felony arrests for assault. 
Additionally, Charlie was a resident of Colorado and had never 
been to Florida, Washington or Arizona. Dismayed, he 
immediately engaged us to assist in restoring his name.
    A few weeks after Charlie engaged ID Watchdog to help him, 
his employer did a routine background check. As a result, 
Charlie was called into an office where he was to be fired, 
arrested and sent to Washington to face the active warrants 
there. We quickly intervened on Charlie's behalf and by 
providing photographs and fingerprints were able to save 
Charlie, termination, arrest and extradition.
    Along side these very direct problems, Charlie also 
suffered significant secondary problems. First, his access to 
loans in order to finance and expand his business was limited 
due to his damaged credit reports. Second, he paid inflated car 
and medical insurance rates as a result of his damaged driving 
and medical records. Third, Charlie paid inflated interest 
rates on his mortgage and other lines of credit due to his 
unfairly lowered credit score.
    A month later, the thief who was plaguing Charlie's 
identity was tracked to a car dealership in Louisiana where he 
was attempting to purchase a new vehicle using Charlie's 
identity. We immediately alerted the local sheriff's office who 
dispatched an officer to confront the thief. Once on the scene, 
the officer found that without an active warrant in Louisiana, 
he did not have proper cause to arrest the thief and planned to 
let him go. In response, ID Watchdog quickly called law 
enforcement officials in Washington state to have them fax over 
the active national warrant to the Louisiana authorities. After 
the Louisiana parish sheriff's office was able to verify that 
the warrant was still active, the thief was finally arrested.
    The thief's real name was Hugh P. For more than 10 years 
prior, Hugh had stolen Charlie's wallet, which contained his 
driver's license and health insurance card. The health 
insurance card had Charlie's Social Security number printed on 
it. Over the years, Hugh had used Charlie's identity in every 
brush with law enforcement, whenever he needed medical 
treatment, and whenever he had 1099 income which he did not 
want to claim for tax reasons. In Hugh's own words, ``It was 
very easy to use his ID and Social Security number. No one ever 
looks twice at them. To be honest, I never dreamt I would be 
caught.''
    The case of Hugh and Charlie illustrates the key problems 
with the system as it stands today. Social Security numbers are 
overexposed and overused, giving thieves too much access to 
sensitive data. Entities lack standard client authentication 
procedures leading to easy proliferation of the crime and law 
enforcement agencies lack multi-jurisdictional cooperation and 
effective laws leading to ineffective investigation and 
prosecution of the crime, as well as fearless criminals.
    I applaud the Committee's commitment to this topic. As 
discussions continue, I would ask that you focus on the three 
previously mentioned areas when considering new legislation: 
Easily accessible Social Security numbers, lack of client 
authentication practices and lack of multi-jurisdictional 
cooperation and effective laws are at the heart of the crime's 
popularity with criminals and therefore must be at the heart of 
any legislation aimed to stop identity theft.
    Finally, as the Committee continues to develop improved 
legislation, I would ask they keep in mind individual stories, 
such as Charlie's, and the trials and tribulation that he 
experienced. After all, hardworking, innocent, upstanding 
individuals like him will be the true beneficiaries of 
effective legislative change.
    Thank you very much.
    [The prepared statement of Mr. Yurek follows:]
             Prepared Statement of Justin Yurek, President,
                     ID Watchdog, Denver, Colorado
    Mr. Chairman and members of the Subcommittee,
    My name is Justin Yurek. I am the president and co-founder of ID 
Watchdog, a Denver-based identity theft detection and resolution 
company. Since2005, ID Watchdog has assisted identity theft victims in 
resolving identity theft related problems.
    Our comprehensive process encompasses all aspects of identity theft 
from detection of the crime, to scoping and resolution. During the 
process, ID Watchdog takes a limited power of attorney and actually 
carries out the recovery process on behalf of our clients. Based on 
this experience, we believe that we have a unique perspective on 
identity theft as we have interfaced with all applicable entities 
involved in the problem--from law enforcement, to government, to 
creditors, to collection agencies, to reporting agencies, and so on. In 
addition, our diverse client base has given us the opportunity to deal 
with all types of identity theft--from financial, to criminal, to 
medical, to family identity theft, etc.
    I appreciate the opportunity to share our broad-based familiarity 
with the topic of identity theft and am happy to speak today about the 
role of Social Security numbers (SSNs) in identity theft and about the 
need to enhance SSN privacy.

Introduction:

    The purpose of my testimony is to underscore the plight of the 
consumer in the problem of identity theft. Often the problems of the 
consumer are overshadowed by losses sustained by business interests 
affected by the crime. Unlike the direct-losses absorbed by businesses, 
the effects of identity theft to an individual victim are consequential 
damages, and therefore less quantifiable. Nonetheless, the effects of 
identity theft to individual victims are devastating. The problem of 
identity theft is not a simple one and unfortunately continues to grow 
at an alarming rate. Identity theft is the fastest growing white collar 
crime in America; growing from fewer than 100,000 cases in 2000 to over 
10 million new cases in 2006. At the same time that raw incidents of 
identity theft have grown, so has the scope and nature of the crime 
itself. While largely associated with financial consequences, identity 
theft crimes have gone well beyond credit reports into other more 
troubling areas. According to Federal Trade Commission statistics, only 
30 percent of crimes reported last year were related to financial and 
credit report relevant matters. The newest and fastest growing segments 
of identity theft include medical, tax, and criminal related identity 
theft.
    As the scope and nature of the crime broadens, we also see the time 
and energy required to recover from the crime increasing. We are now 
faced with a crime that is happening to more individuals and is 
simultaneously escalating in severity and consequence for the victims. 
With current protections, identity theft is not a matter of ``if'' for 
consumers; it is a matter of ``when,'' as everyone will ultimately 
become a victim to some degree. These trends cannot be allowed to 
continue and the Subcommittee is in an excellent position to affect 
significant improvement on the current identity theft epidemic by 
enacting legislation that would directly affect the dissemination, use, 
and misuse of the social security number--undoubtedly the most 
important weapon in an identity thief's arsenal.
    The Social Security number was not designed to serve as a 
universal, unique, personal identifier. However, it has developed over 
time to fill that role in government, military, public and private 
sectors. Despite becoming the de facto standard, there have been very 
few formal development efforts for the protection of this important 
identifier, resulting in a dangerous imbalance between the importance 
and accessibility of the SSN on one hand, and the protections afforded 
to the individual on the other.
    I will detail a few case studies from ID Watchdog's own client base 
to show the problem of identity theft from a consumer point of view. I 
hope to illustrate the desperate need for legislative reform to ease 
the damage inflicted to a rapidly growing number of citizens.


    Case Study 1_Charlie W. (Colorado)Charlie W. realized that he was 
an identity theft victim when we performed a full background check on 
him in April of 2006. Analyzing thousands of reports in 13 crucial 
areas, ID Watchdog found the following fraudulent activity in Charlie's 
name: 2 traffic citations in Florida, several thousand dollars in 
medical bills in Washington, a traffic citation in Washington for 
driving with a suspended license, 3 felony convictions in Washington, a 
record of 144 days spent in jail in Washington, a warrant for his 
arrest for bail jumping in Washington, an arrest for DUI in Arizona, a 
second warrant for his arrest for failure to appear in Arizona, a new 
drivers license in Florida, a bill for an ambulance ride in Florida, 
and unaccounted-for 1099 income for work done in several states. 
Shortly after contracting with ID Watchdog to resolve these issues, 
Charlie's employer pulled a routine background check and found all of 
this data as well. Charlie was threatened with termination from his 
job, arrest, and extradition based on his active warrants. ID Watchdog 
intervened on his behalf and Charlie was neither arrested nor fired. 
However, it took several months of additional work to quash the 
outstanding warrants and to absolve him of the fraudulent debts.
    Charlie's problems started a decade ago when the perpetrator of his 
identity theft stole his wallet. The thief used Charlie's 
identification documents including his Social Security number to 
perfect his impersonation of Charlie. Despite not realizing that he was 
a victim, Charlie suffered numerous damages during this 10-year period. 
First, he paid inflated car insurance rates as a result of his damaged 
driving record. Second, his access to loans in order to finance and 
expand his business was limited due to his damaged credit reports. 
Third, Charlie paid inflated interest rates on his mortgage and other 
loans and credit lines due to his erroneously negative credit reports. 
These monetary damages were then coupled with the emotional damage 
related to his close call with his employer as well as the stress of 
completing the restoration process.


    Case Study 2_Anita J. (Colorado)Anita J. became a victim of 
identity theft after she began applying for mortgages online. Shortly 
after submitting her personal data to several mortgage brokerage sites, 
fraudulent activity began occurring within Anita's identity. Over the 
next several months an industrious identity thief purchased four 
properties in Anita's name. The combined value of the mortgages 
attached to these properties approached $1 million. Anita took a hiatus 
from her mortgage shopping and it wasn't until several months later, 
when she began investigating new mortgages again, that she realized she 
had been victimized. By the time she became aware of her problem; all 
four properties had been placed in foreclosure. Non-payment of the 
mortgages had dropped her credit scores more than 200 points. 
Collection companies eventually found Anita and began to demand payment 
for the delinquent accounts. Anita's credit card companies noticed the 
sudden drop in her credit scores and began to ratchet up her once low 
interest rates to above 20 percent. Appalled that all of this had 
occurred, Anita began the arduous process of repairing this damage and 
winning back her good name. Her efforts began to take a toll on her 
work. The long hours she spent writing letters to credit bureaus, 
dealing with title companies related to the properties, and phone calls 
made patiently trying to explain to unsympathetic collection agencies 
that ``they had the wrong person,'' eventually raised Anita's stress to 
unhealthy levels. She began to log the time she was spending on the 
problem and surpassed 400 hours before finally enlisting our help.
    Anita was quickly absolved of the debts that had illegally been 
acquired in her name. However, the rest of her case demanded more 
attention. Removing the delinquent mortgages and foreclosures from each 
one of her three credit reports presented a significant challenge--even 
with police reports and clear evidence of her innocence. Harder still 
was the removal of her name from public records related to the 
foreclosure and title work of the properties. This kind of straight 
forward ``new account'' ID theft is one of the most classic forms of 
the crime. Although the dollar amount involved is extremely high, this 
case and the steps required to solve it represent a very large portion 
of the 10 million cases of identity theft reported last year.


    Case Study 3_David H. (Illinois)David H. realized that he was a 
victim of identity theft after he returned to the United States from 
Japan, where he served in the US Air Force. David was victimized not by 
one, but two separate thieves in different parts of the country. After 
receiving a couple of mysterious calls from collection agents, David 
checked his credit report to find over 20 fraudulent accounts in his 
name. David was shocked to find cell phone accounts, credit cards, 
utilities, and hospital bills that were in his name, but that he did 
not open. Not only did David have no prior knowledge of these accounts, 
he was not even in the United States when they had been opened. David's 
predicament quickly became worse when he was informed by his manager at 
work that he was being fired because a background check found a felony 
drug conviction in Arizona. Once again, these alleged incidents 
occurred when David was abroad in the Air Force. After a long, drawn 
out process that involved filing extensive paperwork with the local 
magistrate in Arizona and reissuing a new driver's license, the arrest 
records were purged from David's background. Additionally, he was 
eventually reinstated to his old job; however, David's troubles were 
not yet over. Several months later, David received notice from the 
state of Illinois that 60 percent of David's wages were to be garnished 
due to unpaid child support payments. Not surprisingly, David had never 
met the woman who was receiving the payments, and was not in the 
country at the time the child was conceived or born. After two weeks of 
work and several in-person interviews with child services personnel, 
David was absolved from the payments.
    Military personnel have traditionally been at high-risk for 
identity theft because of the military's use of Social Security numbers 
for identification. The number is often prominently displayed on ID 
cards and even on an individual's bunks in some cases. To date, David 
has spent one and a half years defending himself from false accusations 
and restoring his good name. He has been subjected to harassment from 
collection agencies, his credit score has been crushed, and he had to 
endure the humiliation of being fired from his job under the stigma of 
a false criminal conviction. He has been falsely accused of fathering 
illegitimate children and nearly lost 60 percent of his income as a 
result. Adding final insult to injury, these problems all occurred 
while David was actively serving his country during wartime. David's 
case is an example of how there is probably too much reliance by data 
brokers on the Social Security number to authenticate the identity of 
persons in records from many different sources. Today, the majority of 
David's problems have been resolved and deleted from his records, 
however he lives in constant vigilance, because the thieves could go 
back to work at anytime.


    RecommendationsIn the criminal world, identity theft continues to 
grow in popularity. It is our opinion that 3 driving factors have 
contributed to this rise in popularity, and that these factors need to 
be addressed by any new legislation. These factors are:

    1.  The availability of the Social Security number.
    2.  The ease of use of this data to commit fraud due to lack of 
effective authentication procedures.
    3.  The lack of legal consequences for a thief.

    Identity thieves perceive identity theft as a low risk/high payoff 
crime. This perception will need to be altered to affect significant 
changes in the growth trends of the crime.

The Availability of the Social Security Number

    Social Security numbers are simply used too much. Before using an 
identity to perform a crime, identity thieves must harvest personal 
identifying information such as name and Social Security number. The 
flow and availability of this information today affords thieves too 
many ways to obtain this data. Possible legislative changes to consider 
in order to improve this situation could include the following:
    Companies should be restricted from using the Social Security 
number for customer identification purposes. The Social Security number 
should be removed from easily accessible public records. Social 
Security numbers should be removed from all forms of identification 
that might be lost or stolen. Social Security numbers should never be 
sold to unaffiliated 3rd parties for any reason.

The Ease of Use of This Data to Commit Fraud Due to Lack of Effective 
        Authentication Procedures

    Once a thief has harvested a victim's identifying information, he 
must now use it for his own benefit. In almost all cases, slight 
modifications need to be made to a victim's identity before a crime can 
be committed. For example, a thief opening a new credit card account 
would need to fill out a credit application. On this application he 
would write the victim's name and Social Security number, but his own 
address and telephone number. With his own address on the application, 
the thief is ensured that the new card will be shipped to him rather 
than to the victim himself. With his own phone number, the thief will 
be able to call to activate the card from a phone number that he 
controls. Additionally, the thief would sign the application with his 
own signature, rather than the victim's.
    Standardized client authentication practices would greatly curtail 
potential identity thieves' ability to materially use identifying 
information to commit crimes and should be considered for new anti-
identity theft legislation. These practices should include both high-
tech approaches such as cross matching address history and name against 
Social Security number; and low-tech approaches such as signature 
verification. Such standards should be implemented universally for all 
entities that maintain and use the Social Security number and should 
come with meaningful penalties for non-compliance and negligence.

The Lack of Legal Consequences for a Thief

    Other than the potentially easy and lucrative payouts of identity 
theft, thieves are motivated to commit the crime due to a low prospect 
of facing prosecution. Two sub-factors contribute to this perception of 
safety. First, existing legislation is too vague and oftentimes too 
different from jurisdiction to jurisdiction to be effective. Further 
clarification of penalties for the misuse of Social Security numbers 
and identity theft along with stricter penalties should be considered 
in any new legislation. Second, thieves currently exploit an 
environment of non-cooperation and non-communication that exists among 
the many entities involved in the investigation of identity theft. The 
result is a very low arrest rates for identity thieves. The multi-
jurisdictional nature of the crime is at the heart of this problem. It 
is imperative for an over-reaching entity such as the Federal Trade 
Commission or the President's Identity Theft Task Force to coordinate 
between the various entities and jurisdictions involved in the 
investigation and prosecution and to facilitate open channels of 
cooperation and communication. With identity theft the thief and the 
victim are seldom in the same place, and as such it is imperative that 
disparate law enforcement agencies have the means to share information 
and resources.


    ConclusionThe statistics about identity theft are frightening. The 
sheer number of victims stands at an overwhelming 10 million per year. 
With such proportions, it is easy to become numb to these figures; 
however, it is a useful exercise to look at specific case studies to 
find general guidance for meaningful solutions. Additionally, it is 
vital for all of us to remain in tune with the specific pain and 
suffering that these crimes cause in order to maintain the proper 
motivation to find a solution. The Subcommittee has shown great 
leadership and tenacity over the past seven years in continuing to 
explore measures to limit identity theft. I implore you to continue 
your efforts and hope that when considering the costs associated with 
changes in legislation (especially costs to business), those costs 
should be weighed against the benefits that would be afforded to 
consumers such as Charlie W., Anita J., and David H.

                                 

    Chairman MCNULTY. Thank you, Mr. Yurek.
    Mr. Pratt.

 STATEMENT OF STUART PRATT, PRESIDENT, CONSUMER DATA INDUSTRY 
                          ASSOCIATION

    Mr. PRATT. Mr. Chairman, Ranking Member Johnson, and 
Members of the Committee, thank you for this opportunity to 
appear before you today. My name is Stuart Pratt. I am 
president and chief executive officer of the Consumer Data 
Industry Association.
    Let me start by saying that the CDIA supports efforts to 
limit the sale and display of the Social Security number to the 
general public. We also believe that sensitive personal 
information, like a Social Security number, should be secured. 
But we also believe in preserving the Social Security for 
legitimate uses for business to business and business to 
government transactions. Some context I think for that point is 
important. Forty million addresses change in this country every 
year. Three million last names change due to marriage and 
divorce. There are many other examples in our written testimony 
but in fact most identifiers change and our names are not 
unique. A unique identifier is important to fair information 
uses.
    Consumers have expectations and the Social Security number 
plays a role in meeting these expectations. Consumers expect 
data about them to be accurate. Consumers want to be protected 
from fraud. Data about them should be protected and secured. 
There are Federal laws that exist today, and they are effective 
and the operation of these should be preserved. Some examples 
are the Gramm-Leach-Bliley Act and the Fair Credit Reporting 
Act and there are other examples in our testimony. But these 
laws restrict the use and display of the Social Security 
number. They restrict how it can be used, who can use it, and 
under what circumstances.
    Responsible uses of the SSNs do meet, I think, consumer 
expectations. This really just is not our view, the GAO 
concluded in a 2004 study that Social Security numbers are used 
to build tools that verify an individual's identity or match 
existing records since there is no widely accepted alternative, 
and we agree. The report further states that restricting 
business access to Social Security numbers would hurt consumers 
and possibly aid identity thieves, since it would be more 
difficult for businesses to verify an individual's identity. 
Again, we agree.
    The Federal Trade Commission in its own testimony has 
stated that SSNs play a vital role in our economy, enabling 
businesses and government and others to match information to 
proper individuals. For example, consumer reporting agencies 
use SSNs to ensure the data furnished to them is placed in the 
correct file, that they are providing the right report for the 
consumer. SSNs are used for locator services, to find lost 
beneficiaries, witnesses, law violators, to collect child 
support, to enforce judgments.
    But the SSN is not the final word on identity verification, 
and I think that this point is very important. The SSN plays a 
role, it is an important role, but data matching does not 
equate to identity verification or authentication. Our Members 
in fact produce one billion fraud likelihood assessments each 
year. We also produce 1.4 billion identity verification 
assessments each year. It is not just about data matching. 
Identity verification is much more. It is a risk assessment 
based on the deployment of a range of tools that consider 
matches of data, but they also consider application data. They 
also consider timing of application and various components of 
identity and whether or not they have been used previously in 
fraudulent applications.
    We also recognize that the Social Security number has value 
in public records and this is important for this Committee's 
consideration. Public records play a vital role in our society. 
Bankruptcy records, tax liens and judgments are part of a 
credit report. Public records help in the location of missing 
and exploited children. Validating professional licenses is 
critical for the health care industry. Without an SSN to tie 
these records together, a consumer can simply alter an address, 
change a name and separate himself or herself from the record. 
Preserving the SSN in public records is essential, but our 
Members do support State Government efforts to redact the SSN 
from the display to the general public, and we think there is 
good progress being made on that front.
    Finally, some building blocks of good public policy should 
include preemption. If you are going to establish a national 
standard, let's get it right and have a national standard and 
not a fifty-first state law. Preserve the operation of current 
laws, like the Fair Credit Reporting Act, and I think this is 
where we may differ with some of the approaches thus far. The 
Fair Credit Reporting Act is a well-established statute, as is 
the Gramm-Leach-Bliley Act, including information safeguards. 
Ensure that the appropriate rulemaking authority is bounded and 
that it takes into consideration small business implications 
and the Regulatory Flexibility Act.
    In conclusion, our Member's uses of the SSN meet consumer 
expectations. Data used is accurate, fraud can be prevented, 
identities can be better verified, public records are useful in 
our society. We appreciate this opportunity to testify, and we 
look forward to your questions.
    [The prepared statement of Mr. Pratt follows:]
             Prepared Statement of Stuart Pratt, President,
                   Consumer Data Industry Association
    Chairman McNulty, Ranking Member Johnson and members of the 
subcommittee, thank you for this opportunity to appear before you today 
to discuss the importance of Social Security numbers. For the record, 
my name is Stuart Pratt and I am president and CEO of the Consumer Data 
Industry Association.\1\
---------------------------------------------------------------------------
    \1\ CDIA, as we are commonly known, is the international trade 
association representing over 300 consumer data companies that provide 
fraud prevention and risk management products, credit and mortgage 
reports, tenant and employment screening services, check fraud and 
verification services, systems for insurance underwriting and also 
collection services. As we will discuss below, the secure and protected 
use of the social security number (SSN) is an important key to the 
effectiveness of these systems and services.
---------------------------------------------------------------------------
    Our members applaud this committee for the thoughtful and open 
dialogue that you have fostered regarding how Social Security numbers 
are used, to identify risks associated with such use, and to address 
these risks in a reasonable, targeted fashion.
    As a preliminary matter, CDIA supports efforts to limit the sale 
and public display of Social Security numbers. CDIA's members do not 
publicly sell or display Social Security numbers to the general public, 
and we oppose such activity. However, as will be discussed below, such 
restrictions have to be carefully considered, balanced and bounded so 
that restrictions on use do not interfere with legitimate business uses 
of SSNs to detect and prevent ID theft and financial fraud and for 
other beneficial purposes.

      The SSN is the only unique, individual identifier that 
follows a person throughout their lives, literally from the time they 
are born.

    SSNs are important to the smooth operation of today's economy 
because there is no other single identifier that serves the same 
purpose as effectively as the SSN.
    Although there are other identifiers that may serve similar 
purposes in some contexts, there are no other identifiers that serve 
this role across all individuals and circumstances.
    For instance, name and address can't be used because they are too 
common, change due to marriage and divorce, and, according to the U.S. 
Census Bureau, 42 million consumers move every year. Even for consumers 
who's address and name are constant, they do not always use their 
identifiers inconsistently (i.e., in some instances they will use a 
nickname, and may inconsistently use their generational designations 
(e.g., III, or Sr.)). There are also times where consumers themselves 
make mistakes when completing applications. Thus, a consumer's 
identifiers may be presented in different ways in different databases 
and, in some cases, the data may be partially incorrect. Further, 
personal identifiers such as name and birthday, are generally not as 
unique as we may believe they are.
    Further, the use of other alternatives that could possibly serve as 
a substitute for an SSN, such as a cell phone number or driver's 
license number, is often restricted by law.
    Thus, the SSN is a truly unique identifier.
    As the only unique identifier, the use of the SSN has migrated 
beyond simply keeping track of social security payments, even within 
the Federal Government itself. For example, it is used for tax 
purposes, Selective Service registration, employment verification, the 
provision of government benefits and a host of other uses. In addition, 
the use of the SSN is often mandated by the Federal Government. For 
instance, the Treasury Department regulations regarding PATRIOT Act 
compliance for financial institutions in many instances requires 
financial institutions to use the consumer's full SSN, as obtained from 
``trusted [private] sources,'' such as credit bureaus.
    Additionally, many State laws require the use of the SSN for a wide 
range of important purposes dependent on accurate identification. For 
instance, to meet requirements of the law, government data often must 
be cross-checked or enhanced with data from private sector databases.
    For the private sector, the role of the SSN is that it serves as a 
unique identifier that is permanent, so a consumer cannot voluntarily 
relinquish it in bad times, and it is consistent across various 
systems. For example, a financial institution, a wireless 
communications company and a hospital can all rely on the same 
identifier for widely divergent purposes, all to help ensure that the 
individual before them is the person they believe is before them. Said 
differently, after having verified that a consumer is legitimate, a 
bank, for example, can then create a unique identifier such as a 
customer or PIN number. But as long as the bank is dependent on third-
party sources to cross-check applicant data, unique identifiers must 
cut across external data sources.
         CURRENT LAW PROTECTS THE PUBLIC FROM INAPPROPRIATE USE
    There are several federal and state laws and regulations that 
restrict the use or disclosure of SSNs, including: the Gramm-Leach-
Bliley Act (15 U.S.C. 6826(b)) and its implementing regulations 
(``Privacy Rule''); the Fair Credit Reporting Act (15 U.S.C. 1681 et 
seq.); Section 5 of the FTC Act (15 U.S.C. 41-51); the Fair Debt 
Collection Practices Act (15 U.S.C. 1601 et seq.); the Health Insurance 
Portability and Accountability Act (Pub. L. 104-191); and the Drivers 
Privacy Protection Act (18 U.S.C. 2721 et seq.). Together, these laws 
restrict the use and display of SSNs, how they can be used, who they 
can (and can't) be shared with, and under what circumstances.
    The use of the SSN by Credit Reporting Agencies (CRAs), for 
instance, is governed by both the FCRA and, in most instances, GLB as 
well. These statutes limit how and when CRAs can disclose SSNs, to 
whom, and under what circumstances.
    For instance, many CDIA-member products are focused on helping 
consumers to gain access to the goods and services for which they 
apply--assisting a lender or other service provider in determining a 
consumer's eligibility. These products are regulated under the Fair 
Credit Reporting Act (15 U.S.C. 1681 et seq.) as ``consumer reports.'' 
Eligibility determinations include applications for any type of credit 
including unsecured credit, home purchases, auto financing, home equity 
loans, as well as for insurance of all types, employment, government 
benefits, apartment rentals, and for other business transactions 
initiated by the consumer.
    The FCRA, enacted in 1970, has been the focus of careful oversight 
by the Congress, resulting in significant changes in both 1996 and 
again in 2003. There is no other law that is so current in ensuring 
consumer rights and protections are adequate.
    Similarly, some fraud detection tools are regulated under GLBA, and 
the use of data regarding those products is similarly circumscribed.
                       Beneficial Uses of the SSN
    Because the SSN allows for consistency across various systems and 
data bases, there are a number of ways that the SSN is used that 
benefits consumers. Further, without the availability of the SSN, many 
of the products and services that consumers take for granted today 
could become more scarce.
    For instance, CDIA's members produce a range of critical consumer 
data products which bring great value to individual consumers, to 
society, and to the nation's economy. Our members design products used 
for determinations of a consumer's eligibility for a product or 
service, to prevent identity theft and fraud and to aid in the location 
of consumers for a variety of reasons.

    (1) Proper File matching: Ensuring that data goes to the right 
file, and is reported about the right individual.

    Lydia Parnes, Director of the Bureau of Consumer Protection at the 
Federal Trade Commission, recently testified about the importance of 
Social Security numbers before the Senate Judiciary Subcommittee on 
Terrorism, Technology and Homeland Security:
    ``SSNs play a vital role in our economy, enabling businesses, 
government, and others to match information to the proper individual. 
For example, consumer reporting agencies use SSNs to ensure that the 
data furnished to them is placed in the correct file, and that they are 
providing the right credit report for the right consumer. SSNs also are 
used in locator databases to find lost beneficiaries, witnesses, and 
law violators and to collect child support and other judgments. 
Employers must collect SSNs for tax reporting purposes, and health care 
providers may need them to facilitate Medicare reimbursement.'' She 
went on to say that ``the SSN is valuable in enabling entities to match 
information to consumers. With 300 million Americans, many of whom 
share the same name, the SSN presents significant advantages as a means 
of identification because of its uniqueness and permanence.''
    Financial institutions and others rely on full and complete 
information from credit bureaus. Complete information is necessary if 
the appropriate information is to be placed in the proper consumer 
account. As an example, a financial institution may obtain information 
from a credit bureau on its customer named Tom Jones. As you can 
imagine, there are thousands of Tom Joneses in the country. In fact, it 
is likely that many Tom Joneses share the same last four digits of 
their SSN. Therefore, a report with information pertaining to Tom Jones 
with the last four digits of 1234 may not provide the financial 
institution with sufficient information to determine to WHICH Tom Jones 
the report refers.
    SSNs, therefore, help to ensure that our members are more likely to 
load data to the correct file with a high degree of precision. This is 
particularly true where a new account has been opened and is being 
added to the consumer's file for the first time. Consumer reporting 
agencies of all types have, under the Fair Credit Reporting Act, a duty 
to maintain reasonable procedures to ensure the maximum possible 
accuracy of the file; SSNs help them meet this requirement.
    SSNs also help to ensure that the proper consumer's file is 
produced when a consumer applies for a benefit under the FCRA. If a 
consumer reporting agency cannot, with precision, identify the proper 
file of the consumer, it returns a message to the creditor indicating 
that no record was found. This result would likely lead to far higher 
credit denials for consumers due to the inability of the creditor to 
review the consumer's credit history. Said differently, the Fair Credit 
Reporting Act certainly does not contemplate the consumer reporting 
agency ``taking a guess`` as to which consumer's file must be accessed 
and thus this current liability coupled with the absence of the SSN 
would seriously impinge on the way in which credit is granted in this 
country today.

    (2) Identity Verification to Prevent Identity Theft and Fraud

    A number of CIDA members produce products that are used by 
financial institutions, insurance companies and others to verify the 
identity of an individual and ensure that the person they are 
interacting with is who they say they are. These products are very 
effective in detecting and preventing identity theft and financial 
fraud before it happens.
    The SSN helps businesses to prevent fraud by cross-checking 
applicant data against various other data sources in order to 
authenticate the consumers' identity. Absent the use of an SSN, these 
systems will be far less likely to trigger security protocols, which 
prevent the crime of identity theft.
    In 2004, the GAO conducted a study on Social Security numbers, and 
concluded that ``information resellers, credit reporting agencies and 
health care organizations use social security numbers to build tools 
that verify an individual's identity or match existing records since 
there is no widely accepted alternative.'' The report further states 
that ``restricting business access to social security numbers would 
hurt customers and possibly aid identify thieves since it would be more 
difficult for business to verify an individual's identity.''

    (3) Other specific products and services are enabled and enhanced 
through the availability of the SSN:

    Access to home ownership: Every homeowner benefits from a credit 
reporting system that reduces the costs of all mortgage loans by a full 
two percentage points, thus putting literally thousands of dollars in 
disposable income into their pockets. Homeownership is no longer a 
luxury of the well-to-do, but is a truly democratized American dream 
enjoyed by nearly seventy percent of the population.\2\ The SSN helps 
to facilitate the efficient operation of this system, as described 
above.
---------------------------------------------------------------------------
    \2\ Kitchenman, Walter., U.S. Credit Reporting: Perceived Benefits 
Outweigh Privacy Concerns, Pp. 5 (1998).
---------------------------------------------------------------------------
    Child support payment enforcement: Access to SSNs dramatically 
increases the ability of child support enforcement agencies to locate 
non-custodial, delinquent parents (often reported in the news with the 
moniker ``deadbeat dads''). For example, the Financial Institution Data 
Match program required by the Personal Responsibility and Work 
Opportunity Reconciliation Act of 1996 (PL 104-193) led to the location 
of 700,000 delinquent individuals being linked to accounts worth nearly 
$2.5 billion. Child support enforcement agencies report that their 
efforts are far more effective when they have access to the parent's 
SSN. One agency reports that they are able to locate fully 80 percent 
more delinquent non-custodial parents when the SSN is available, and 
the Association for Children for Enforcement of Support (ACES), a 
private child support recovery organization, has stated that social 
security numbers are the most important tool for locating parents who 
have failed to pay child support.
    Locator Services--SSNs are used routinely by law enforcement to 
locate missing children, fugitives and witnesses to crimes. The ability 
to conduct an information search using an SSN is essential. 
Restrictions on access to SSNs in government records would hamper the 
ability of law enforcement to obtain this vital information. Further a 
number of states report that use of SSNs to match across data bases has 
greatly reduced entitlement fraud. For example, Pension Benefit 
Information (PBI), a private company that locates former employees that 
are due pension benefits, has indicated that in many cases the SSN 
becomes the only link between an employer and their former employees 
with vested benefits. Employees move, marry and change their name, but 
the one thing that remains constant is their SSN.
    Locating sex offenders--SSNs are used to locate registered and 
unregistered sex offenders. There are over 560,000 sex offenders in the 
U.S. Approximately twenty-four percent of these individuals fail to 
comply with address registration requirements mandated by law. Access 
to SSNs allows law enforcement to locate sex offenders even when the 
registration address has not been kept current.
    Employment/security screening: As discussed above, SSNs serve as 
vital links among disparate records that help businesses verify 
prospective employees' identities and conduct thorough, accurate 
background checks to ensure workplace safety and business security.
    Small business B-to-B transactions: An SSN is the key business 
entity identifier to virtually all sole proprietorships or 
partnerships; as a result, SSNs are necessary to facilitate business-
to-business transactions between small businesses.
    Securitized credit markets: Confidence in the U.S. securities 
market is made possible by accurate financial histories compiled using 
the SSN as a key identifier. Restricting use of the SSN could undermine 
confidence in these securities, resulting in substantially higher 
consumer costs for credit, including mortgages and auto loans.
    Insurance fraud prevention--Insurance companies use public record 
information compiled using social SSNs to detect fraudulent insurance 
claims. According to the National Fraud Center, the average American 
household pays $200 to $400 a year in additional insurance premiums to 
offset the cost of fraud. This cost would likely increase if companies 
do not have the information they need to detect and prevent fraud.

    (4) Additionally, without the use of the SSN, consumers would 
suffer harm:

    Incomplete data harms consumers: There would likely be an decrease 
in the ability of consumer reporting agencies to properly match 
incoming information to the correct consumer about whom the information 
relates. Think about the consequence to consumers of having a consumer 
credit report that does not contain all of the accounts that they pay 
on time and which makes them eligible for the lowest cost loans.
    Incomplete data harms our banking system: The absence of the SSN 
would also put at risk the safety and soundness of lending decisions 
due to less information being included in consumer credit reports due 
to data matching problems.
    Incomplete data prevents consumer access to goods and services: 
Think about the consequence for consumers when a consumer reporting 
agency cannot locate the proper file on a consumer and thus a lender, 
insurer or other service provider wanting to do business with the 
consumer has to deny the application, or the consumer has to pay higher 
rates.

                    INFORMATION SECURITY AND THE SSN

    As discussed above, the use of data like the SSN actually helps to 
prevent fraud and identity theft, by enabling better authentication of 
consumers, so that a lender knows that a loan applicant is you, and not 
an identity thief.
    However, concerns have been raised that the SSN is a ``key,'' and 
all a potential identity thief needs to ``unlock'' a consumer's 
credit--that simply is not true.
    There are 2 basic types of financial fraud that may be perpetrated 
against an individual. The first is fraud against a person's existing 
accounts, such as credit card fraud, where a thief obtains your account 
number or credit card, and charges items to that card or drains your 
existing bank account. While those instances are problematic, and may 
cause a consumer some stress while getting those problems rectified, 
they do not cause any long-term harm to the consumer; they suffer no 
financial liability, and such fraud does not impact their credit in any 
way. More than 2/3rds of all ``identity theft,'' as identified by the 
FTC, falls into this category.
    The second, and more serious type of financial fraud is what we 
term ``real name'' fraud, where a fraudster obtains a person's 
sensitive personal information, such as their SSN and other 
information, and somehow fools a lender into thinking that they are 
that person. This may enable the thief to open new credit accounts in a 
victim's name without the knowledge of the victim. While the victim is 
ultimately not responsible for the financial harm, this type of fraud 
can have serious repercussions for the victim.
    As discussed, while obtaining a person's SSN may potentially make 
them susceptible to identity theft, it takes a lot more information, 
and the ability to use it in a way that thwarts the fraud detection 
tools in place, to commit ``real'' identity theft. Further, the SSN 
plays a major role in helping to stop such fraud, as well.
    The availability of MORE information, rather than less, is the key 
to reducing reliance on the SSN. Database matching is often like 
finger-print matching--the more unique data points there are, the more 
ability there is to identify and authenticate an individual. Further, 
each piece of data reduces the reliance on every other piece. However, 
Congress has limited the use of alternatives, increasing the reliance 
on SSNs.
    For instance, there are other unique identifiers that could help 
reduce the reliance on SSNs, such as Driver's License numbers, that do 
exist. However, the Driver's Privacy Protection Act (DPPA) has limited 
the ability of data base companies to utilize those to supplement, or 
even supplant, the use of SSNs.
    Wireless cell phone numbers also have the potential to serve that 
purpose. However, while those numbers are not used for telemarketing, 
Congress has, in other contexts, considered limiting the utility of 
these numbers for identification and fraud detection purposes, as well.

                       PUBLIC RECORDS AND THE SSN

    Public records play a vital in our society and bring value to the 
consumer. Bankruptcy records, tax liens and judgments are part of 
consumer ``credit'' reports used by lenders to make decisions that 
implicate safety and soundness. Records of eviction are critical to 
landlords who must themselves pay the bills and attempt to lease 
properties to consumers who will do the same. Validating professional 
licenses for employment screening agencies is yet another use of public 
records, as is accessing criminal histories.
    Through the development of nationwide databases of public record 
information, our members have solved the problems inherent in having to 
search through tens of thousands of federal and state court houses and 
agency databases. In this way, the SSN is as important an identifier in 
a public document as it is in a private-sector database. It is a 
critical identifier for all of the data management reasons we discuss 
above. Without an SSN, a consumer can simply alter a few items of 
information, such as moving to a new address, or even changing a name 
and thus separate himself/herself from a bankruptcy record, a tax lien, 
a record of eviction and even a criminal history, in some cases. 
Clearly this is not a positive outcome for consumers or for American 
businesses which are on the front lines of making, for example, fair 
and accurate risk based lending and employment decisions, while at the 
same time fighting identity theft and fraud.
    Some federal proposals have suggested that state agencies must 
limit access to the SSN. The concern of the CDIA's members is that this 
apparent unfunded mandate will drive under-funded state agencies to 
either stop requesting the SSN when processing vital records, or to 
simply deny all access to public records containing SSNs.
    It is important that public records, including those records 
containing SSNs, continue to be made available. The open public records 
system is the cornerstone of the U.S. democracy and economy.
    The debate about the presence of the SSN in public records has 
suggested a possible binary solution, where SSNs could be made 
available electronically for certain entities, but could possibly be 
redacted for publicly available electronic documents, though costs 
associated with such an unfunded mandate will have to be addressed. It 
is encouraging to hear state court organizations discussing strategies 
for protecting SSNs, and CDIA will continue to engage in these 
dialogues.
    However, while CDIA believes that disclosure of the SSN to the 
general public must be addressed, we also believe that public records 
must be made available, including SSNs, to those with an appropriate 
need. Ultimately, dialogue with state and federal agencies coupled with 
the advancement of technologies will address concerns about public 
records which contain SSNs. An unfunded mandate will destabilize the 
system of public records which is so important to our democracy.

          Some Additional Notes on Other Important Issues:

    Finally, there are a few additional issues I would like to 
highlight before I conclude:

          Legitimate business uses:

    It is important that any restrictions imposed on the sale or 
display of SSNs contain exceptions for legitimate business uses such as 
identity verification; detecting, preventing and investigating ID theft 
and fraud; locating individuals; collecting child support and other 
lawful debts; and for any purposes permitted under the Fair Credit 
Reporting Act and Gramm-Leach-Bliley Act.

          Preemption:

    Ensuring that the Social Security number issue is addressed in a 
uniform fashion, so that all consumers are protected, is a vital 
component of this debate. Any legislation that would restrict the sale 
or display of SSNs must contain federal preemption so that businesses 
are subject to a single, national law rather than having to comply with 
various state laws all with differing and potentially conflicting 
requirements.

          Exempt Current Law

    As discussed previously, SSNs are broadly covered by a whole host 
of current statutes. Instead of adding an additional compliance burden 
on top of those laws, we would urge the Committee to exempt practices 
already covered under existing laws.

          Minimize Rulemaking Authority

    Because so many business practices rely on stable laws, CDIA would 
urge the Committee to codify any changes to current law, to the extent 
possible, rather than granting broad authority to the regulatory 
agencies.

          Further Assisting Identity Theft Victims: Provide the 
        Ability to ``Ping'' the SSN Database

    CRAs utilize very sophisticated tools to ensure the accuracy of 
their systems. However, in rare cases of identity theft, it would be 
useful for us to have the ability to cross-check our databases to 
determine if a particular SSN is associated with a particular person. 
This would be very useful in further helping ensure the accuracy of our 
databases, and could help contribute to the accuracy of our databases 
and the ability to help correct the records of Identity Theft victims.

CONCLUSION

    In conclusion, you can see that the underlying theme in the 
discussion of SSN uses is that of balance and ultimately ensuring the 
security of the number. Law that imposes national uniform information 
security regulations on all who possesses the SSN in combination with a 
person's name and address, is the most responsible and constructive 
focus for Congress. In contrast, law that overreaches in attempting to 
limit use of the SSN is likely to merely take fraud prevention tools 
out of the hands of legitimate businesses at the expense of consumers.
    Ironically, to prevent fraud you must be able to crosscheck 
information. To maintain accurate databases, you must be able to 
maintain a range of identifying elements. Absent the availability of 
the SSN, we will be less able to build accurate databases, to 
accurately identify records and to help prevent identity theft through 
the development of fraud prevention and authentication tools.
    Ultimately consumers expect us all to accomplish the goals of 
protecting and securing the SSN, and also ensuring the accuracy and 
effectiveness of databases which contain information about them.
    Thank you for this opportunity to testify.

                                 

    Mr. JOHNSON. Thank you, Mr. Pratt.
    Mr. Gingerich, you may testify.

   STATEMENT OF JAMES D. GINGERICH, DIRECTOR, ADMINISTRATIVE 
 OFFICE OF THE COURTS, SUPREME COURT OF ARKANSAS, ON BEHALF OF 
  THE CONFERENCE OF STATE COURT ADMINISTRATORS, WILLIAMSBURG, 
                            VIRGINIA

    Mr. GINGERICH. Thank you, Mr. Johnson and Members of the 
Committee. It is an honor to appear before you to have the 
opportunity to share with you some of the work which has 
already been done and is being actively considered in our 
Nation's state court systems in this very important area of 
balancing the public access to court records with privacy 
concerns of individuals.
    As to the specific topic of the hearing today, our 
country's state court systems have been quite active, as this 
Committee has, in recognizing the serious threat to personal 
privacy which comes from public access to personally 
identifying information, such as the Social Security number. 
Previously, in hearings of this Committee, members of COSCA 
have testified about the work undertaken by the Conference of 
Chief Justices and the Conference of State Court Administrators 
in 2000 and 2001 to develop a recommended comprehensive policy 
on access to court records and suggested that those guidelines 
be adopted by every state supreme court in the United States. 
On August 1, 2002, CCJ and COSCA adopted the resolution 
endorsing the guidelines and encouraging their adoption.
    I am pleased to report that since that testimony, 20 state 
supreme courts have adopted the guidelines, another eight 
states have made revisions to their previously adopted rules 
based upon the guidelines and five states have commissions 
currently underway considering adoption of the guidelines.
    About 60 days ago, my own state of Arkansas became the most 
recent state to adopt a comprehensive policy after almost 2 
years of study and debate. We utilized the recommended 
guidelines, as well as the good work which has been done in 
many of our sister states. As it relates to the Social Security 
number, let me just read you the rule that has now been adopted 
by the Arkansas Supreme Court. It applies to every court record 
in the state, whether it is a paper record or an automated 
record and whether it lies in the supreme court building or any 
rural courthouse in the state.
    ``The following information in case records is excluded 
from public access and is confidential absent a court order to 
the contrary . . . number four, Social Security numbers; number 
five, account numbers of specific assets, liabilities, 
accounts, credit cards and personal identification numbers; and 
number eight litigant addresses and phone numbers.'' Those 
three exceptions were all borne out of our concern about, and 
our many hours of debate about, the very real problem of 
identity theft. I have to suggest however that there were some 
things that we learned along the way to guide how we now 
implement that policy, which I think are consistent with your 
purposes.
    First of all, the suggestion that we should simply ban the 
use of the Social Security number from any non-Social Security 
related activity is not good public policy and has serious 
negative consequences on the efficient and accurate operation 
of State court systems. It also conflicts with many other 
important public policy goals, adopted both at the state level 
and at the Federal level, which require the use of a Social 
Security number. I will not go into all of the issues, but I 
think my written testimony recites the many, many ways in which 
courts legitimately and appropriately have need for that 
information to do the work of a court system; for example when 
judges need accurate and verifiable information in order to 
enter decisions about assets and income, especially in family 
law cases, and in some states for the accurate identification 
of parties. In Arkansas, we do not use the Social Security 
number at all in criminal cases but, for example, in our 
juvenile justice system, both in dependency and in delinquency 
cases we use it in order to accurately identify an individual. 
Our state public policy suggests that we are not going to 
fingerprint children and so it is the only way in which we can 
accomplish that. Those records are segregated and sealed but 
nonetheless it is an appropriate use of the Social Security 
number. There many other ways. So, for Arkansas it was not the 
case of barring the use of the Social Security number but in 
implementing policies to protect the information from 
unnecessary disclosure.
    There is a second thing we learned; eliminating or 
restricting access to the Social Security number when the 
collection of the Social Security number has been required by 
the court or is otherwise required by state or Federal law in 
the future is an appropriate policy which we support and which 
we intend to implement.
    As to the ``in the future,'' our own rule adopted by the 
Supreme Court in Arkansas provides that the implementation date 
will apply only to records that are created after January 1, 
2009. After looking at the scope of the issues for those files 
that resided in courthouses in millions of records in 75 county 
courthouses across Arkansas, it is simply impossible for us to 
expect that local officials in those courthouses were going to 
have any ability to go back and redact all of those records. 
So, we looked forward in terms of doing the best we could.
    I should add, however, that our court specifically provided 
authority for the local court officials to redact earlier 
records if they are able to, and that will probably happen on a 
case by case basis. To the extent that collection of the Social 
Security number is required by the court, when courts are 
asking people for the information ourselves, we can control it, 
we can manage it; and so in Arkansas we will adopt a rule 
similar to that which already exists in Washington, Minnesota 
and North Dakota to separate that information in a separate 
court file, with only the main file being available to the 
public. The information like the Social Security numbers will 
be in a separate file and will be unavailable, either in paper 
or in the automated record. When the Social Security number is 
otherwise provided in a pleading, for example, or in something 
that is presented by a lawyer to the court, we have very little 
control over that; but Arkansas will adopt a rule that requires 
the attorneys or parties to protect that information.
    I realize I am out of time, Mr. Chairman, and I would just 
say in conclusion that we recognize the problem. I think our 
state supreme courts are doing a pretty good job of trying to 
get to the implementation of the policy which you desire, and 
we are looking forward to working with you and the Committee in 
that effort.
    Thank you.
    [The prepared statement of Mr. Gingerich follows:]
   Prepared Statement of James D. Gingerich, Director, Administrative
   Office of the Courts, Supreme Court of Arkansas, on behalf of the
    Conference of State Court Administrators, Williamsburg, Virginia
    Mr. Chairman and Members of the Subcommittee,
    The Conference of State Court Administrators (COSCA) is pleased to 
present testimony on today's hearing on protecting the privacy of the 
social security number from identity theft.
                                SUMMARY
    Mr. Chairman and members of the subcommittee, the state court 
community has been grappling with the issue of protecting privacy as it 
relates to court records for the past few years. We are taking a 
proactive stance in protecting the privacy of individuals and their 
social security numbers, while at the same time maintaining traditional 
open court access. Today, we will share examples of what state courts 
that are doing on this via the approval of court rules.
    In collaboration with the Conference of Chief Justices (CCJ), we 
established a project entitled ``Public Access to Court Records: CCJ/
COSCA Guidelines for Policy Development by State Courts,'' which 
outlines the issues that a jurisdiction must address in developing its 
own rules, and provides one approach. The Guidelines touch on the use 
of social security numbers (SSNs) in court records as well as other 
private information. The entire text of the Guidelines can be found 
online at http://www.courtaccess.org/modelpolicy/
18Oct2002FinalReport.pdf. Both CCJ and COSCA, adopted a resolution 
endorsing the Guidelines and urged the states to address them.
    Mr. Chairman, SSNs are pervasive in state court documents and 
procedures. The testimony that follows gives the subcommittee numerous 
examples of how we use SSNs in day-to-day court proceedings. For 
example, we use SSNs to insure that judges have the best evidence 
available to them. We also use SSNs to collect fines and restitution. 
In addition, many SSNs appear in the public record in many types of 
court cases including, but not limited to, bankruptcy, divorce and 
child support cases. My testimony also details the federal requirements 
imposed on us to collect SSNs for various reasons, for example, to 
track parents who are not paying child support.
    Mr. Chairman, we stand ready to work with you to craft solutions to 
address the problem of identity theft. We want to do our part to 
eliminate it. We are at the same time concerned about the effort to 
require us to redact or expunge SSNs that appear in public records. We 
feel that this type of requirement would impose an unfunded mandate on 
state courts in this country. The cost to fulfill this requirement 
would be high because many SSNs appear in paper documents as well as 
other hard-to-redact microfilm/microfiche.
                              ABOUT COSCA
    Before I begin my remarks, I would like to provide some background 
on our group and our membership. I submit this testimony on behalf of 
the Conference of State Court Administrators (COSCA). The National 
Center for State Courts, of which I am President, serves as secretariat 
to COSCA. COSCA was organized in 1955 and is dedicated to the 
improvement of state court systems. Its membership consists of the 
principal court administrative officer in each of the fifty states, the 
District of Columbia, the Commonwealth of Puerto Rico, the Commonwealth 
of the Northern Mariana Islands, and the Territories of American Samoa, 
Guam, and the Virgin Islands. A state court administrator implements 
policy and programs for a statewide judicial system. COSCA is a 
nonprofit corporation endeavoring to increase the efficiency and 
fairness of the nation's state court systems. As you know, state courts 
handle 98 percent of all judicial proceedings in the country. The 
purposes of COSCA are:

      To encourage the formulation of fundamental policies, 
principles, and standards for state court administration;
      To facilitate cooperation, consultation, and exchange of 
information by and among national, state, and local offices and 
organizations directly concerned with court administration;
      To foster the utilization of the principles and 
techniques of modern management in the field of judicial 
administration; and
      To improve administrative practices and procedures and to 
increase the efficiency and effectiveness of all courts.

    Although I do not speak for them today, I also would like to tell 
you about the Conference of Chief Justices (CCJ), a national 
organization that represents the top judicial officers of the 58 
states, commonwealths, and U.S. territories. Founded in 1949, CCJ is 
the primary voice for state courts before the federal legislative and 
executive branches and works to promote current legal reforms and 
improvements in state court administration. COSCA works very closely 
with CCJ on policy development and administration of justice issues.
            STATE COURTS ARE RESPONDING TO PRIVACY CONCERNS
    Mr. Chairman, let me begin by informing you of the progress that 
many state courts are making to protect individual privacy rights, 
while maintaining the American tradition of open courts. Through court 
rules, state court systems are changing their procedures for viewing 
and accessing court records as they relate to the appearance of social 
security numbers. Washington State, for example, is establishing a 
procedure for ``sealing'' family case court records containing 
privileged information such as social security numbers and financial 
information. In effect, Washington is creating two sets of records: a 
public and a private one. Vermont is placing the burden on parties to 
expunge or redact social security numbers from papers filed with the 
court. Minnesota is requiring that parties in a divorce case fill out a 
confidential information sheet, which contains social security numbers, 
to be kept separate from the official record. South Dakota adopted a 
rule that protects SSNs and financial account number information by 
requiring these numbers to be redacted from documents and submitted to 
the Court on confidential information forms.
    In addition to the proactive stance we are taking to this issue, we 
are also responding to some of the demands placed on our court systems 
by state legislatures and governors. In 2005, 53 bills were signed into 
law by governors dealing with social security number privacy. That's 17 
more than in 2004; an increase of 46 percent. These bills range from 
simple prohibition of displays of SSNs on public records to new 
expansive criminal and civil statutes that punish wrongdoers and those 
that traffic in social security numbers as a means to steal a person's 
identity. In the 2006 sessions, state legislatures considered 176 
measures dealing with social security numbers and privacy. Again, this 
number is an increase over the prior year.
    At the direction of the CCJ and COSCA leadership, we established a 
special subcommittee of the CCJ/COSCA Court Management Committee to 
explore privacy protection innovations and share them with the Congress 
and the Administration. This committee meets twice a year at our annual 
and mid-year meetings. This subcommittee has been researching the issue 
and is responsible for compiling examples of best practices in this 
area that I am presenting today.
   NATIONAL EFFORT TO CRAFT PUBLIC ACCESS GUIDELINES TO COURT RECORDS
    Our project entitled, ``Public Access to Court Records: CCJ/COSCA 
Guidelines for Policy Development by State Courts'' was a joint effort 
of CCJ/COSCA and the NCSC to give state court systems and local trial 
courts assistance in establishing policies and procedures that balance 
the concerns of personal privacy, public access and public safety.
    The State Justice Institute (SJI) funded this project in 2001 and 
it was staffed by the NCSC and the Justice Management Institute. The 
project received testimony, guidance and comments from a broad-based 
national committee that included representatives from courts (judges, 
court administrators, and clerks), law enforcement, privacy advocates, 
the media, and secondary users of court information.
    The Guidelines recommend the issues that a jurisdiction must 
address in developing its own rules governing public access. The 
Guidelinesare based on the following premises:

      Retention of the traditional policy that court records 
are presumptively open to public access
      The criteria for access should be the same regardless of 
the form of the record (paper or electronic), although the manner of 
access may vary
      The nature of certain information in some court records 
is such that remote public access to the information in electronic form 
may be inappropriate, even though public access at the courthouse is 
maintained
      The nature of the information in some records is such 
that all public access to the information should be precluded, unless 
authorized by a judge
      Access policies should be clear, consistently applied, 
and not subject to interpretation by individual courts or court 
personnel

    The Guidelines Committee examined the use of SSNs in current court 
practices. They looked at the inclusion of SSNs in bulk distribution of 
court records, and in other private information that courts 
traditionally protect, such as addresses, phone numbers, photographs, 
medical records, family law proceedings, and financial account numbers. 
Finally, the Committee examined various federal laws and requirements 
governing SSN display and distribution by state and local entities.
    On August 1, 2002, CCJ and COSCA endorsed and commended ``the 
Guidelines to each state as a starting point and means to assist local 
officials as they develop policies and procedures for their own 
jurisdictions.''
 STATE COURTS' INTEREST IN COLLECTING AND USING SOCIAL SECURITY NUMBERS
    A question we are often asked is why do state courts utilize SSNs? 
What is the state court interest in collecting SSNs? Why do state 
courts need to require parties to provide their SSNs in the course of 
state court litigation? The following are some of the reasons we use 
them:
    Accurate determination of assets/income Judges need the most 
accurate information on assets and income when making their decisions, 
especially in family law cases. In many instances this involves 
examining assets by a social security number. There are numerous 
examples of individuals giving a false social security number to avoid 
paying child support, for example. The same logic applies in dealing 
with divorce cases in dividing assets.
    Identification of parties A growing number of court systems are 
using case management information systems in which an individual's 
name, address, and telephone number are entered once, regardless of the 
number of cases in which the person is a party. The advantage of these 
systems is to be able to update an address or telephone number for all 
cases in which the person is a party by a single computer entry. SSNs 
provide a unique identifier by which court personnel can determine 
whether the current ``John Smith'' is the same person as a previous 
``John Smith'' who appeared in an earlier case.
    Courts have often used SSNs to identify criminal defendants as well 
as parties to civil cases. In the future, persons accused of crime will 
be identified by automated fingerprint identification systems (AFIS) 
which scan fingerprints and classify them electronically. The primary 
future need for SSNs as a means to identify individuals will therefore 
be in civil, not criminal, litigation.
    Collection of fees, fines and restitution by courts SSNs are the 
universal personal identifier for credit references, tax collection, 
and commercial transactions.
    When courts give a litigant an opportunity to pay an assessment 
resulting from a judgment in periodic payments, the court needs to be 
able to function as a collection agency. Having the convicted person's 
social security number is necessary for use of state tax intercept 
programs (in which a debt to the state is deducted from a taxpayer's 
state income tax refund) and other collection activities. Some states 
use additional means to enforce criminal fines and restitution orders, 
such as denial of motor vehicle registration; SSNs are often used for 
these purposes as well.
    Creation of jury pools and payment of jurors SSNs are a necessary 
part of the process by which multiple lists (for instance, registered 
voters and registered drivers) are merged by computer programs to 
eliminate duplicate records for individual citizens in the creation of 
master source lists from which citizens are selected at random for jury 
duty. Duplicate records increase an individual's chance of being called 
for jury duty and reduce the representativeness of jury panels. Some 
courts use SSNs to pay jurors as well.
    Making payments to vendors SSNs are used as vendor identification 
numbers to keep track of individuals providing services to courts and 
to report their income to state and federal taxing authorities.
    Facilitating the collection of judgments by creditors and 
government agencies Courts are not the only entities that need to 
collect judgements. Judgment creditors need SSNs to locate a judgment 
debtor's assets and levy upon them. Courts often require that the 
judgment debtor make this information available without requiring 
separate discovery proceedings that lengthen the collection process and 
increase its costs. Federal law now requires state courts to place the 
parties' SSNs in the records relating to divorce decrees, child support 
orders, and paternity determinations or acknowledgements in order to 
facilitate the collection of child support. On October 1, 1999, that 
requirement was extended to include the SSNs of all children to whom 
support is required to be paid.
    Notification to the Social Security Administration of the names of 
incarcerated and absconded persons The Social Security Administration 
cuts off all payments to persons incarcerated in federal, state or 
local prison or jails, and to person who are currently fugitives from 
justice. The savings to the federal budget from this provision are 
substantial. To implement this process, Social Security Administration 
needs to identify persons who have been sentenced to jail or prison and 
persons for whom warrants have been issued. The agency has 
traditionally obtained this information from state and local 
correctional agencies. See 42 USC Sec. ?1A402(x)(3) requiring Federal 
and State agencies to provide names and SSNs of confined persons to the 
Social Security Administration. The state courts of Maryland are 
involved in an experimental program to provide such information 
directly from court records. The Maryland program has two additional 
future advantages for state courts. First, the program offers the 
possibility of obtaining better addresses for many court records; 
social security and other welfare agencies have the very best address 
records because of beneficiaries' obvious interest in maintaining their 
currency. Second, cutting off benefits may provide a useful incentive 
for persons receiving benefits to clear up outstanding warrants without 
requiring the expenditure of law enforcement resources to serve them.
    Transmitting information to other agencies In addition to the 
Social Security Administration, many states provide information from 
court records to other state agencies. A frequently occurring example 
is the Motor Vehicle Department, to which courts send records of 
traffic violations for enforcement of administrative driver's license 
revocation processes. These transfers of information often rely upon 
SSNs to ensure that new citations are entered into the correct driver 
record.
                         POTENTIAL LEGISLATION
    Mr. Chairman, in the past, this subcommittee has considered various 
pieces of legislation that would, in some form or another, prohibit the 
display of a person's social security number on a public record. 
Blanket prohibitions like these will place courts in the position of 
trying to comply with conflicting public policies. We submit the 
following questions for your consideration:
    The Welfare Reform Law requires courts to collect SSNs on court 
orders granting divorces or child support or determining paternity. 
State laws contain similar requirements in other types of cases in some 
states. What steps must a court take to restrict access to these 
documents, which are matters of public record in most states?
    SSNs appear in many financial documents, such as tax returns, which 
are required to be filed in court (e.g., for child support 
determinations) or are appended to official court documents, such as 
motions for summary judgments. What steps must a court take to restrict 
access to these documents, which are also matters of public record in 
most states?
    We were encouraged by language in the report accompanying HR 2971 
(Rept.108-685, Part 1, p. 21) in the 108th Congress dealing with 
incidental vs. non-incidental appearances of SSNs in public records:
    During Social Security Subcommittee hearings on the bill, court and 
other public records administrators testified they receive numerous 
documents filed by individuals, businesses, and attorneys that often 
include SSNs the government did not require to be submitted, and of 
which they are therefore unaware. They stated redaction of 
``incidentally'' included SSNs would create a serious administrative 
burden, and it would require significant resources to review each 
document and redact such incidental SSNs . . . With respect to SSNs 
submitted in court documents absent the court's requirement to do so, 
the individual communicating the SSN in the document, not the court, 
would be held responsible according to Section 108 of the bill. 
(Emphasis ours)
    In drafting social security legislation, we respectfully ask that 
you expand on the above sentiments in actual legislative language of 
any future bill.
    Courts will have substantial increased labor costs in staff time to 
redact or strike the appearance of SSNs in paper records or in 
microfilm/microfiche if a redaction requirement is imposed.
    In the event you draft legislation dealing with redaction, we urge 
you to make a distinction between existing court records/documents and 
future documents. For example, requiring a court to retroactively 
redact or expunge old records would be a nightmarish task due to the 
cost in staff time and the actual compiling of said court records.
    Finally, in an effort to make courts and court records more open, 
many courts are now beginning to make available many public records on 
the internet either as text/character documents or by scanning and 
placing them online through imaging software (PDF files). While the 
removal of SSNS in text/character documents may be relatively easy in 
some computer generated records (XML), other scanned records, such as 
PDF files, will be harder to change necessitating more staff and an 
increase in labor costs.
                      OUR FUTURE COURSE OF ACTION
    CCJ and COSCA have recommended that state courts adopt the 
following policies, unless state law directs them otherwise, to protect 
citizen privacy while providing service to litigants:
    Official court files State courts should not attempt to expunge or 
redact SSNs that appear in documents that are public records. As was 
mentioned earlier, federal law requires state courts to place the 
parties' SSNs in the records relating to divorce decrees, child support 
orders, and paternity determinations or acknowledgement in order to 
facilitate the collection of child support. The purpose of placing that 
data on judgments is not just to provide it to child support 
enforcement agencies; it is also to provide it to the parties 
themselves for their own private enforcement efforts. Any other 
interpretation puts the courts in an untenable position--having an 
affirmative obligation to provide judgments in one form to parties and 
child support enforcement agencies and in another form to all other 
persons.
    This same reasoning applies to income tax returns or other 
documents containing SSNs filed in court. It would be unreasonable, and 
expensive, to expect courts to search every document filed for the 
existence of SSNs. Further, court staff has no authority to alter 
documents filed in a case; the social security number may have 
evidentiary value in the case--at the very least to confirm the 
identity of the purported income tax filer.
    Case management information databases Data in automated information 
systems raises more privacy concerns than information in paper files. 
Automated data can be gathered quickly and in bulk, can be manipulated 
easily, and can be correlated easily with other personal data in 
electronic form. Data in an automated database can also be protected 
more easily from unauthorized access than data in paper files. It is 
feasible to restrict access to individual fields in a database 
altogether or to limit access to specific persons or to specific 
categories of persons. Consequently, state courts should take steps to 
restrict access to SSNs appearing in court databases. They should not 
be available to public inquirers. Access to them should be restricted 
to court staff and to other specifically authorized persons (such as 
child support enforcement agencies) for whose use the information has 
been gathered.
    Staff response to queries from the public When court automated 
records include SSNs for purposes of identifying parties, court staff 
should be trained not to provide those numbers to persons who inquire 
at the public counter or by telephone. However, staff may confirm that 
the party to a case is the person with a particular social security 
number when the inquirer already has the social security number and 
provides it to the court staff member.
    In short, staff may not read aloud a social security number, but 
may listen to a social security number and confirm that the party in 
the court's records is the person with that number. This is the same 
distinction applied to automated data base searches. This distinction 
is one commonly followed in federal and state courts.
                               CONCLUSION
    Mr. Chairman, we recognize the role of SSNs in the incidence of 
identity theft cases. The current state of affairs with regards to the 
treatment of SSNs provides lawbreakers the continued opportunity to 
exploit the current system at the expense of ordinary Americans. The 
threat of identity theft is real and we want to do our part to 
eliminate it.
    I have presented several ways our courts utilize SSNs. Finding 
solutions to protect an individual's privacy will be complex and 
difficult. Many state courts are already taking steps to fashion 
solutions in response to the problem. I remind you of the earlier 
mentioned approaches from Washington, Vermont, Minnesota and South 
Dakota. Other states are experimenting with different approaches.
    Thank you for asking for our input on this important matter. The 
Conference of State Court Administrators stands ready to work 
collaboratively and cooperatively to craft solutions to this important 
issue. I will be happy to answer any questions you may have.

                                 

    Chairman MCNULTY. Thank you, Mr. Gingerich.
    Dr. Anton.

 STATEMENT OF ANNIE I. ANTON, ASSOCIATE PROFESSOR OF SOFTWARE 
 ENGINEERING, NORTH CAROLINA STATE UNIVERSITY, RALEIGH, NORTH 
 CAROLINA, ON BEHALF OF THE ASSOCIATION FOR COMPUTING MACHINERY

    Ms. ANTON. Good morning, Chairman McNulty, Ranking Member 
Johnson and members of the Subcommittee. Thank you for the 
opportunity to testify today. This statement represents my own 
personal position as well as that of the Association for 
Computing Machinery's U.S. Public Policy Committee.
    By way of introduction, I am an associate professor at 
North Carolina State University and director of an academic 
privacy research center. In addition, I serve on several 
industry and government boards of technical advisors, including 
the DHS State of Privacy and Integrity Advisory Committee.
    Right now, personal information about you, me and millions 
of Americans is being compiled, accessed, sold and exchanged 
among businesses and government agencies. Yet, we should all be 
concerned. Is that personal information protected? Is it being 
shared only among those with a legitimate need for it? Can 
criminals easily access our personal information? These 
concerns are compounded by three factors: First, the widespread 
use of Social Security numbers has made it a de facto national 
identification number; second, computing technologies enable us 
to collect and exchange and analyze personal information on an 
unprecedented scale; and, third, there are widespread problems 
with cyber security leading to frequent and large security 
breaches. In particular, technology allows personal information 
to be combined with Social Security numbers, thus creating a 
convenient way to track individuals across public and private 
records. This raises privacy concerns, and these concerns are 
exacerbated because many businesses use the Social Security 
number as both an identifier and an authenticator.
    The terms ``identifier'' and ``authenticator'' have 
specific technical meanings that are often confused. An 
``identifier'' is a label associated with a person. An 
``authenticator'' provides the basis to believe that somebody 
is accurately labeled by some given identifier. So, 
authenticators might be something you know, like a secret 
password or a pin, something you have, like the key to your 
house, and something you are, such as a biometric. A Social 
Security number is an identifier. It is something that anyone 
can know, and many will, so it is not a secret. Hence, it is 
unuseable as an authenticator.
    Even though many organizations use it in this way, and this 
is a very big problem. My passport picture coupled with a 
tamper evidence security seal is an authenticator because it 
links me, something I am, as embodied my photograph, with my 
identity. Using Social Security numbers for both identification 
and authentication makes them much more valuable to a criminal 
who is intent on stealing someone's identity. This is a problem 
of our own making and it is a problem that we can eliminate.
    In the time remaining, I will highlight a few 
recommendations from my written testimony. First, we should 
move away from authentication based on information that is 
easily compromised. Social Security numbers or mother's maiden 
names are poor choices for authentication.
    Second, individuals should be empowered to control the 
dissemination of their Social Security numbers. Congress can 
support this by protecting citizens who prefer not to provide a 
Social Security number when conducting business that does not 
legally require it.
    Third, we should reduce the exposure of citizen Social 
Security numbers by prohibiting their display on ID cards and 
in public records and by redacting them from existing public 
records. For example, Choice Point is now redacting Social 
Security numbers and other personal information from reports 
that it provides to its clients. This practice should be 
required at other companies and organizations, especially data 
brokers and credit bureaus.
    Finally, we should require stronger security practices 
during the transmission and storage of Social Security numbers 
and all other personal information.
    In conclusion, Congress is the only entity that can make 
meaningful changes to protect the privacy and identities of 
U.S. citizens. We are encouraged by your attention to these 
issues, and the computing professionals that I represent stand 
ready to help you in your efforts.
    Thank you for your attention. I will be happy to answer any 
questions.
    [The prepared statement of Ms. Anton follows:]
     Prepared Statement of Ana I. Anton, Ph.D. Associate Professor,
                     North Carolina State University

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


    Chairman MCNULTY. Thank you, Dr. Anton.
    Welcome back, Mr. Rotenberg.

  STATEMENT OF MARC ROTENBERG, EXECUTIVE DIRECTOR, ELECTRONIC 
                   PRIVACY INFORMATION CENTER

    Mr. ROTENBERG. I seem to have a technological problem but 
thank you, Mr. Chairman, Mr. Johnson and Members of the 
Subcommittee. It is nice to be with you this morning, and I 
appreciate the opportunity to testify on this issue. I have 
over the years appeared before the Subcommittee on the Social 
Security number issue. I have also litigated a number of the 
leading Social Security number privacy cases, one of which 
involved a resident in Virginia a number of years ago who was 
asked by the state secretary to provide his Social Security 
number when he went to register to vote. He did not object to 
that, what he objected to was the fact that the state of 
Virginia was publishing his Social Security number in the 
public voting rolls, and he said that that was a threat to his 
personal privacy. We wrote a brief for the Federal Appeals 
Court at that time, before people even used the phrase 
``identity theft'' and we said if you make the Social Security 
number available, it will make it easier for people to commit 
the crime of financial fraud.
    Fortunately, the court agreed with us. The state of 
Virginia and many other states changed their practices. 
Unfortunately, as you know, this problem has become quite a bit 
more severe over the last several years. I am going to say a 
few words about that today.
    One of the key points I wanted to make this morning is 
actually I think the Privacy Act 1974 saw this problem coming 
and there is a provision in the Privacy Act that says very 
clearly that the Federal Government should try to minimize the 
collection and use of the Social Security number. It really 
should only be used for the original intended purposes, as well 
as a few others that have been authorized by law, including the 
use as a taxpayer identification number. But, as we all know, 
today the Social Security number is widely used across the 
Federal Government.
    It is used also in the financial services sector, which for 
some of the reasons that Professor Anton has described, creates 
a particular problem for consumers in this country. The Social 
Security number is both an identifier and a password. If you 
have access to someone else's Social Security number, there is 
a very good chance that you are going to be able to pull up the 
records on that person and also use the number to get access to 
the content of those records, and that is precisely what 
identity thieves do when they use the Social Security number to 
get access to someone's credit record information.
    Now, I describe in my testimony the problem has not escaped 
the notice of the White House. The President established a Task 
Force on Identity Theft, it was cochaired by the Attorney 
General, the chair of the Federal Trade Commission. We spent a 
lot of time on that task force, and we made some very specific 
recommendations. The task force rightly said that Social 
Security numbers were contributing to this problem but in our 
view, they did not go far enough to recommend strong solutions 
to diminish the problem. They wanted more enforcement authority 
to go after people who committed the crime of identity theft, 
but they did not do enough in our opinion to limit the 
collection and use of the Social Security number to really get 
to the problem at its source.
    So the rest of my testimony talks about some of the 
specific suggestions and actions that I believe the Congress 
could take to limit the problems associated with the misuse of 
the Social Security number, not using it for example as a 
record identifier, particularly in the private sector, not 
publicly displaying it on Web sites, not putting it on identity 
cards. As I also describe, and it speaks to an issue that you 
raised earlier, Mr. Ryan, I think the more difficult we make it 
for people to use the Social Security number as a general 
purpose identifier, the more likely it is that businesses will 
come up with other systems of identification that are 
appropriate for a specific context.
    If we think about it, this is actually our commonsense 
understanding of what an identifier should be. You have a bank 
account number for your banking relationship. You have a credit 
card number for your credit relationship. You probably have a 
number for your utility bill. That is actually a very good 
thing because if one of those numbers are compromised, it does 
not create a risk for you that all the other account 
information will be compromised. But part of the way to make 
that system work is to not let businesses cut corners by using 
the Social Security number in place of their own record 
identifier. So, that is a very important part of our 
recommendation for you today.
    Regarding the bill that has passed out of the Committee on 
Energy and Commerce, we think it is a good bill. It includes a 
lot of important provisions, but we do have a couple of 
specific recommendations that we think could make it a bit 
stronger. One issue we are particularly concerned about, and I 
know it is something that this Committee has considered in the 
past, and that is the issue of state pre-emption.
    Now, you know if you pre-empt the states in this area, a 
lot of legislation that has already been passed that protects 
the privacy of the Social Security number will be effectively 
overwritten, and I think that could be very problematic, 
particularly in this area where things are developing so 
quickly. So, what I would urge you to do on that issue is to 
establish a Federal base line, make the national standard the 
floor. For the states where there is not protection, you will 
give them protection. But if it is a baseline, you allow the 
states that are doing more and trying to anticipate some of the 
new problems to go forward and maybe give you some material for 
the next bill.
    So, thank you very much for the opportunity to testify.
    [The prepared statement of Mr. Rotenberg follows:]
       Prepared Statement of Marc Rotenberg, Executive Director,
                 Electronic Privacy Information Center
I. Introduction

    Chairman McNulty, Ranking Member Johnson, and Members of the 
Subcommittee, thank you for the opportunity to testify on the misuse of 
the Social Security number and the escalating problem of identity theft
    My name is Marc Rotenberg and I am Executive Director of the 
Electronic Privacy Information Center. EPIC is a non-partisan research 
organization based in Washington, D.C.\1\ Founded in 1994, EPIC has 
participated in the leading cases involving the privacy of the Social 
Security number and has frequently testified in Congress about the need 
to establish privacy safeguards for the Social Security number to 
prevent the misuse of personal information.\2\
---------------------------------------------------------------------------
    \1\ EPIC maintains an archive of information about the SSN online 
at http://www.epic.org/privacy/ssn/ [``EPIC SSN Page''].
    \2\ See, e.g., Greidinger v. Davis, 988 F.2d 1344 (4th Cir. 1993) 
(``Since the passage of the Privacy Act, an individual's concern over 
his SSN's confidentiality and misuse has become significantly more 
compelling''); Beacon Journal v. Akron, 70 Ohio St. 3d 605 (Ohio 1994) 
(``the high potential for fraud and victimization caused by the 
unchecked release of city employee SSNs outweighs the minimal 
information about governmental processes gained through the release of 
the SSNs''); Marc Rotenberg, Exec. Dir., EPIC, Testimony at a Joint 
Hearing on Social Security Numbers & Identity Theft, Before the H. Fin. 
Serv. Subcom. on Oversight & Investigations and the H. Ways & Means 
Subcom. on Social Security, 104th Cong. (Nov. 8, 2001), available 
athttp://www.epic.org/privacy/ssn/testimony_11_08_2001.html; Chris Jay 
Hoofnagle, Legislative Counsel, EPIC, Testimony at a Joint Hearing on 
Preserving the Integrity of Social Security Numbers and Preventing 
Their Misuse by Terrorists and Identity Thieves Before the H. Ways & 
Means Subcom. on Social Security & the H. Judiciary Subcom. on 
Immigration, Border Sec. & Claims, 105th Cong. (Sept. 19, 2002), 
available at http://www.epic.org/privacy/ssn/ssntestimony9.19.02.html.
---------------------------------------------------------------------------
    Two weeks ago in testimony, I urged the Subcommittee to strengthen 
the privacy safeguards for the proposed Employment Eligibility 
Verification Systems and warned that the errors in the Basic Pilot will 
be exacerbated by the increased dependence on the SSN.\3\ And, about a 
year ago, I urged Members of this Subcommittee to reject the use of the 
SSN as a national identifier and to ensure the development of adequate 
privacy and security safeguards to address the growing crisis of 
identity theft.\4\
---------------------------------------------------------------------------
    \3\ Marc Rotenberg, President, EPIC, Testimony at a Hearing on 
Employment Eligibility Verification Systems Before the H. Ways & Means 
Subcom. on Social Security, 110th Cong. (June 7, 2007), available at 
http://www.epic.org/privacy/ssn/eevs_test_060707.pdf.
    \4\ Marc Rotenberg, President, EPIC, Testimony at a Hearing on 
Social Security Number High-Risk Issues Before the H. Ways & Means 
Subcom. on Social Security, 109th Cong. (Mar. 16, 2006), available at 
http://www.epic.org/privacy/ssn/mar_16test.pdf.
---------------------------------------------------------------------------
    Today, my statement will focus on the dramatic increase in identity 
theft in the United States that has resulted directly from the misuse 
of SSN and the need to pass comprehensive legislation to limit the use 
of the SSN as well the need to develop better systems of identification 
that are more robust.

II. Summary of Social Security Number History

    Social Security numbers have become a classic example of ``mission 
creep,'' where a program designed for a specific, limited purpose has 
been transformed for additional, unintended purposes, some times with 
disastrous results. The pervasiveness of the SSN and its use to both 
identify and authenticate individuals threatens privacy and financial 
security.
    These risks associated with the expanded use of the Social Security 
number and identification cards underscore the importance of the 
hearing today.
    The SSN was created in 1936 for the purpose of administering the 
Social Security laws. SSNs were intended solely to track workers' 
contributions to the Social Security fund. Legislators and the public 
were immediately distrustful of such a tracking system, which can be 
used to index a vast amount of personal information and track the 
behavior of citizens. Public concern over the potential abuse of the 
SSN was so high that the first regulation issued by the new Social 
Security Board declared that the SSN was for the exclusive use of the 
Social Security system.
    Over time, however, legislation allowed the SSN to be used for 
purposes unrelated to the administration of the Social Security system. 
For example, in 1961 Congress authorized the Internal Revenue Service 
to use SSNs as taxpayer identification numbers.
    A major government report on privacy in 1973 outlined many of the 
concerns with the use and misuse of the Social Security number that 
show a striking resemblance to the problems we face today. Although the 
term ``identify theft'' was not yet in use, Records Computers and the 
Rights of Citizens described the risks of a ``Standard Universal 
Identifier,'' how the number was promoting invasive profiling, and that 
many of the uses were clearly inconsistent with the original purpose of 
the 1936 Act. The report recommended several limitations on the use of 
the SSN and specifically said that legislation should be adopted 
``prohibiting use of an SSN, or any number represented as an SSN for 
promotional or commercial purposes.'' \5\
---------------------------------------------------------------------------
    \5\ Dep't of Health, Educ. & Welfare, Secretary's Advisory Comm. on 
Automated Personal Data Systems, Records, Computers, and the Rights of 
Citizens 125-35 (MIT1973), available at http://www.epic.org/privacy/
hew1973report/.
---------------------------------------------------------------------------
    In enacting the landmark Privacy Act of 1974, Congress recognized 
the dangers of widespread use of SSNs as universal identifiers, and 
included provisions to limit the uses of the SSN. The Privacy Act makes 
it unlawful for a government agency to deny a right, benefit or 
privilege because an individual refuses to disclose his or her SSN. 
Section 7 of the Privacy Act specifically provides that any agency 
requesting that an individual disclose his or her SSN must ``inform 
that individual whether that disclosure is mandatory or voluntary, by 
what statutory authority such number is solicited, and what uses will 
be made of it.'' \6\ The Privacy Act makes clear Congress' recognition 
of the dangers of widespread use of SSNs as universal identifiers.
---------------------------------------------------------------------------
    \6\ Privacy Act of 1974, 5 U.S.C. Sec. ?1A552 (a) (2006).
---------------------------------------------------------------------------
    The Senate Committee report stated that the widespread use of SSNs 
as universal identifiers in the public and private sectors is ``one of 
the most serious manifestations of privacy concerns in the Nation.'' 
Short of prohibiting the use of the SSN outright, Section 7 of the 
Privacy Act provides that any agency requesting that an individual 
disclose his SSN must ``inform that individual whether that disclosure 
is mandatory or voluntary, by what statutory authority such number is 
solicited, and what uses will be made of it.'' This provision attempts 
to limit the use of the number to only those purposes where there is 
clear legal authority to collect the SSN. It was hoped that citizens, 
fully informed that the disclosure was not required by law and facing 
no loss of opportunity in failing to provide the SSN, would be unlikely 
to provide an SSN and institutions would not pursue the SSN as a form 
of identification.
    But the reality is that today the SSN is the key to some of our 
most sensitive and personal information. The financial services sector, 
for instance, has created a system of files, keyed to individuals' 
SSNs, containing personal and financial information on nearly 90 
percent of the American adult population. This information is sold and 
traded freely, with virtually no legal limitations. In addition, credit 
grantors rely upon the SSN to authenticate a credit applicant's 
identity. Many cases of identity theft occur when thieves apply using a 
stolen SSN and their own name. Despite the fact that the names, 
addresses, or telephone numbers of the thief and victim do not match, 
accounts are opened and credit granted using only the SSN as a means of 
authentication.\7\
---------------------------------------------------------------------------
    \7\ See, e.g., TRW, Inc. v. Andrews, 534 U.S. 19 (2001) (Credit 
reporting agencies issued credit reports to identity thief based on SSN 
match despite address, birth date, and name discrepancies); Dimezza v. 
First USA Bank, Inc., 103 F. Supp.2d 1296 (D. N.M. 2000) (same). See 
also United States v. Peyton, 353 F.3d 1080 (9th Cir. 2003) (Credit 
issued based solely on SSN and name, despite clear location 
discrepancies); Aylward v. Fleet Bank, 122 F.3d 616 (8th Cir. 1997) 
(same); Vazquez-Garcia v. Trans Union De P.R., Inc., 222 F. Supp.2d 150 
(D. P.R. 2002) (same).
---------------------------------------------------------------------------
    Even the government is susceptible to identity theft based solely 
on obtaining an SSN and the name associated with it. Stolen SSNs are 
used to file fraudulent tax returns and to seek refunds owed to other 
citizens. When the proper owner of the SSN files his tax return it may 
be rejected as a duplicate and he may be required to spend time fixing 
his records in order to receive his tax refund.\8\
---------------------------------------------------------------------------
    \8\ President's Identity Theft Task Force, Combating Identity 
Theft: A Strategic Plan 21 (April 23, 2007) [``ID Theft Task Force 
Report''], available at http://www.idtheft.gov/reports/
StrategicPlan.pdf.

III. President's ID Theft Task Force and Nexus Between SSNs and 
---------------------------------------------------------------------------
        Identity Theft

    The growing misuse of the Social Security number and the associated 
problem of Identity Theft have not escaped the notice of the White 
House. In May 2006, the President established an Identity Theft Task 
Force to ``track down on the criminals who traffic in stolen identities 
and protect American families from this devastating crime.'' \9\ The 
Task Force, chaired by the Attorney General and the FTC Chair, was 
expected to protect the financial information of citizens and reduce 
the threat of identity theft, which the FTC now annually reports is the 
number one concern of American consumers.\10\
---------------------------------------------------------------------------
    \9\ Press Release, Office of the Press Sec'y, Fact Sheet: The 
President's Identity Theft Task Force (May 10, 2006), available at 
http://www.whitehouse.gov/news/releases/2006/05/20060510-6.html.
    \10\ Fed. Trade Comm'n, Consumer Fraud and Identity Theft Compliant 
Data: January-December 2006 (Feb. 7, 2007), available at http://
www.consumer.gov/sentinel/pubs/Top10Fraud2006.pdf.
---------------------------------------------------------------------------
    EPIC participated in the task force proceedings and provided 
extensive comments.\11\ We supported the Task Force's recommendation to 
reduce reliance on SSNs at all levels of government. We said:
---------------------------------------------------------------------------
    \11\ EPIC, Comments to the Federal Identity Theft Task Force, 
P065410 (Jan. 19, 2007), available at http://www.epic.org/privacy/
idtheft/EPIC_FTC_ID_Theft_Comments.pdf.
---------------------------------------------------------------------------
    Reducing use of SSNs and limiting the amount of data collected by 
government bodies is fundamental to maintaining the security of 
consumer data. This is an especially critical limitation upon the 
public sector, since government has the power to compel individuals to 
disclose personally identifiable information. The personal data 
collected by government entities should never be disseminated in public 
records or sold to the private sector. The Task Force should curtail 
the publicly available sources of the SSN, including the Social 
Security Death Register; bankruptcy filings and other court records; 
birth and death records; and records of other life events.\12\
---------------------------------------------------------------------------
    \12\ Id. at 8.
---------------------------------------------------------------------------
    EPIC also pointed to the growing problem of the misuse of the SSN 
by businesses:
    The Task Force should also carefully investigate and analyze SSN 
use in the private sector, as there is evidence that private sector use 
of SSNs contributes substantially to the problem of identity theft. 
Restricting the sale, purchase and display of SSNs by private entities 
is a critical consideration in combating identity theft. The private 
sector must move away from using SSNs as identifiers, a goal which is 
feasible as demonstrated by Empire Blue Cross' transition from SSNs to 
alternative identification numbers for its 4.8 million customers.\13\
---------------------------------------------------------------------------
    \13\ Id. at 8-9.
---------------------------------------------------------------------------
    The President's Task Force recognized the connection between the 
misuse of the Social Security number and the crime of identity theft 
but failed to propose adequate safeguards. According to the President's 
Identity Theft Task Force, ``the SSN is especially valuable to identity 
thieves, because often it is the key piece of information used in 
authenticating the identities of consumers.'' \14\ The SSN is also 
commonly used by the government and entities in the private sector to 
identify individuals. As the Task Force noted, ``SSNs--are widely used 
in our current marketplace to match consumers with their records 
(including their credit files) and as part of the authentication 
process.'' \15\ In short, SSNs function as both a username and a 
password--a single piece of information that both identifies an 
individual and authenticates that identification, a lock and a key 
rolled into one. Because of the way in which the SSN is used for 
identification and the prevalence of that use, much of your most 
sensitive information does not even have the same sort of rudimentary 
security as your email account.
---------------------------------------------------------------------------
    \14\ ID Theft Task Force Report at 23, supra note 8.
    \15\ Id. at 44.
---------------------------------------------------------------------------
    As noted by the Task Force, ``the SSN is a critical piece of 
information for the thief, and its wide availability increases the risk 
of identity theft.'' \16\ Despite the problems associated with using 
the SSN as an identifier, the Federal Government routinely uses SSNs in 
order to identify individuals within governmental programs. SSNs have 
been included as part of Medicare's Health Insurance Claim Number,\17\ 
and as part of a federal award identifier used by the USDA.\18\
---------------------------------------------------------------------------
    \16\ Id. at 42.
    \17\ Id.
    \18\ Ellen Nakashima, U.S. Exposed Personal Data: Census Bureau 
Posted 63,000 Social Security Numbers Online, Wash. Post, Apr. 21, 
2007, at A05, available at http://www.washingtonpost.com/wp-dyn/
content/article/2007/04/20/AR2007042002208.html.

---------------------------------------------------------------------------
IV. Identity Theft as a Result of Social Security Number Misuse

    During the past fiscal year, the Department of Justice charged 507 
defendants with aggravated identity theft. The DOJ highlighted a number 
of these prosecutions in a recent press release.\19\ A handful of the 
cases the DOJ put on display involved defendants misusing Social 
Security numbers for illegal purposes.
---------------------------------------------------------------------------
    \19\ Press Release, Dep't of Justice, Fact Sheet: The Department of 
Justice's Efforts to Combat Identity Theft (Apr. 23, 2007), available 
at http://www.usdoj.gov/opa/pr/2007/April/07_opa_278.html.
---------------------------------------------------------------------------
    In one of the cases, a woman was sentenced to 75 months 
imprisonment for defrauding FEMA in the wake of Hurricane Katrina.\20\ 
The defendant filed 28 fraudulent claims for disaster relief to FEMA 
using other people's Social Security numbers. After receiving money 
from FEMA, the defendant went out to buy real estate, a mobile home, 
vehicles, electronics, furnishings, and other goods and services.
---------------------------------------------------------------------------
    \20\ Id.
---------------------------------------------------------------------------
    In another case, six defendants victimized AOL subscribers with a 
``phishing'' scheme.\21\ The defendants ``spammed'' thousands of AOL 
users with emails containing fake electronic greeting cards. When the 
subscribers tried to open the friendly greeting, they were instead met 
with a software trojan that prevented the users from accessing AOL 
without entering sensitive information including bank account, address, 
and Social Security numbers. The defendants used the stolen information 
to make counterfeit debit cards, which they swiped at ATM machines to 
get cash, and used at online and retail stores to buy goods and 
services. It appears that we've gone from ``Hello, you've got mail!'' 
to ``Hello, you got your identity stolen!''
---------------------------------------------------------------------------
    \21\ Id.
---------------------------------------------------------------------------
    Another defendant was paid to fraudulently use Social Security 
numbers and other confidential info to get personal phone records of 
reporters and Hewlett-Packard officials, as well as their family 
members.\22\ This case is a clear example of ``pretexting'' or posing 
as somebody else to obtain sensitive calling records. And these are 
just the cases the DOJ chose to highlight.
---------------------------------------------------------------------------
    \22\ Id.
---------------------------------------------------------------------------
    There's also the case of 19 year-old Irving Escobar who bought 
stacks of $400 gift cards from Wal-Mart and cashed them in to buy 
electronics.\23\ Escobar went on lavish shopping sprees, charging as 
much as $112,000 in goods at gift stores. Escobar purchased, in total, 
an estimated $1 million in goods. Amy Osteryoung, assistant statewide 
prosecutor who handled the case for Florida Attorney General Bill 
McCollum referred to Escobar's actions as ``[m]odern day money 
laundering.'' \24\ Also, ``Investigators believe it is the boldest 
tangible evidence of criminals cashing in on hacked data from TJX--the 
nation's largest reported computer data breach, which TJX disclosed in 
January.'' \25\ TJX says it will pay for a credit-monitoring service to 
help avert identity theft for customers whose driver's license numbers 
were the same as their Social Security numbers and were believed 
stolen. For others, the damage has already been done.
---------------------------------------------------------------------------
    \23\ Jon Swartz and Byron Acohido, TJX data theft leads to money-
laundering scam, USA Today, June 12, 2007, available at http://
www.usatoday.com/money/2007-06-11-tjx-data-theft_N.htm.
    \24\ Id.
    \25\ Id.

---------------------------------------------------------------------------
V. Recent Social Security Number Breaches in the Federal Government

    The Social Security Administration's Office of Inspector General 
said that 16 percent of the 99,000 fraud cases it investigated in the 
one-year period ending Sept. 30, 2006 involved the misuse of Social 
Security numbers.\26\ Considering the following cases of breaches in 
Social Security number data storage, that number might be on the rise.
---------------------------------------------------------------------------
    \26\ Id.
---------------------------------------------------------------------------
    Recently, a woman named Marsha Bergmeier was bored and did an 
Internet search for her farm's name in Illinois.\27\ She discovered a 
link to fedspending.org, a Web site created by OMB Watch to monitor 
federal spending. While clicking around the site, a searchable database 
popped up for her, containing information about her farm loan amount 
under an Agriculture Department program. Not only that, she also 
discovered the list of 28,000 SSNs, including her own. Published right 
there for everybody with an Internet connection to see.\28\ The site 
had been up since 1996. And that's just the United States Department of 
Agriculture.
---------------------------------------------------------------------------
    \27\ Ellen Nakashima, U.S. Exposed Personal Data: Census Bureau 
Posted 63,000 Social Security Numbers Online, supra note 18.
    \28\ Id.
---------------------------------------------------------------------------
    The Department of Defense uses Social Security numbers for just 
about everything; \29\ from troop rosters to the dog tags dangling from 
soldiers' necks. Since 2006, data about almost 30 million active and 
retired service members has been stolen from four Veterans Affairs 
offices. That's approximately 30 percent of the 100 million total 
reported lost or stolen personal data in the United States.\30\ That's 
a lot.
---------------------------------------------------------------------------
    \29\ Byron Acohido and Jon Swartz, Military personnel prime targets 
for ID theft, USA Today, June 15, 2007, available at http://
www.usatoday.com/tech/news/computersecurity/infotheft/2007-06-14-
military-id-thefts_N.htm?csp=34.
    \30\ Id.
---------------------------------------------------------------------------
    And that's a lot more than an active military service member needs 
to be dealing with. With increasing frequency, scam artists are setting 
their sights on military personnel. As USA Today reported, Marine 
Corporal Jacob Dissmore, 22, returned from Iraq in 2006 to learn that 
someone in San Diego had opened a credit card account, started a T-
Shirt business and even purchased a house with Dissmore's money using 
his personal information.\31\
---------------------------------------------------------------------------
    \31\ Id.
---------------------------------------------------------------------------
    A retired Navy chief petty officer that keeps meticulous financial 
records suspects the theft of laptops from the Veterans Affairs office 
is directly responsible for suspicious activity on his accounts.\32\ 
Earl Laurie Jr. takes care of his private info very well; he uses a 
P.O. Box, shreds his papers, and avoids online banking. Mr. Laurie 
never had a problem until right after the laptop was stolen when he 
started getting phone calls asking him to confirm strange credit card 
applications on his account.
---------------------------------------------------------------------------
    \32\ Id.
---------------------------------------------------------------------------
    And the American Red Cross has even had to issue warnings to 
military families. Identity thieves have stooped to the lowest level. 
The families of active military officers have reportedly been receiving 
phone calls from scammers pretending to be with the Red Cross 
delivering unfortunate news about a soldier stationed in Iraq.\33\ The 
scammers tell the families that their loved one is being airlifted to a 
hospital in Germany and will not receive medical treatment unless they 
offer up personal information immediately. One moment you'll think the 
Red Cross is helping you out, the next thing you know you're a victim.
---------------------------------------------------------------------------
    \33\ Jerry Carnes, Scammers Target Soldiers' Families, 11 Alive 
News, May 30, 2007, available at http://www.11alive.com/news/
article_news.aspx?storyid=97757.
---------------------------------------------------------------------------
    It doesn't stop there. Residents in every state of every member of 
this Subcommittee have experienced massive data breaches in the past 
year.\34\
---------------------------------------------------------------------------
    \34\ Privacy Rights Clearinghouse, A Chronology of Breaches, http:/
/www.privacyrights.org/ar/ChronDataBreaches.htm.

          In Michigan, Congressman Levin, the details of a 
        scientific study were lost on a small flash drive at the 
        Michigan Department of Community Health in Detroit. The small 
        flash drive contained the personal information and SSNs of 
        4,000 Michigan residents.\35\
---------------------------------------------------------------------------
    \35\ Id.
---------------------------------------------------------------------------
          The Medicare drug benefit applications of 268 
        residents from Minnesota and North Dakota were recently stolen 
        from an insurance agent's unlocked car. The applications 
        contained applicants' name, address, date of birth, SSN, and 
        bank routing information.\36\
---------------------------------------------------------------------------
    \36\ Id.
---------------------------------------------------------------------------
          The Pennsylvania Department of Transportation's 
        driver's license facility in Dunmore had computer equipment 
        containing the Social Security of over 11,000 drivers. Also 
        stolen were supplies used to create driver's licenses and photo 
        IDs.\37\
---------------------------------------------------------------------------
    \37\ Id.
---------------------------------------------------------------------------
          In February of last year, Congressman Davis, a 
        computer was stolen at the University of Alabama-Birmingham, 
        containing nearly 10,000 Social Security numbers and the 
        personal information of potential kidney donors and 
        recipients.\38\
---------------------------------------------------------------------------
    \38\ Id.
---------------------------------------------------------------------------
          In California, it is difficult to figure out which 
        data breach to highlight----there were just too many to pick 
        just one. Last year, hackers gained access to a UCLA database 
        containing the Social Security numbers and personal information 
        for over 800,000 current and former students, applicants, 
        parents, and staff members.\39\
---------------------------------------------------------------------------
    \39\ Privacy Rights Clearinghouse, A Chronology of Breaches, supra 
note 35.
---------------------------------------------------------------------------
          And Texas. Everything is bigger in Texas, even the 
        data breaches. Texas Guaranteed Student Loan Corp. announced 
        last year that a total of 1.7 million people's information had 
        been compromised.\40\
---------------------------------------------------------------------------
    \40\ Id.
---------------------------------------------------------------------------
          Congresswoman Tubbs Jones, Ohio was in the news just 
        last week when an intern's car was broken into, and somebody 
        made off with the Social Security numbers of approximately 
        75,000 state employees.\41\
---------------------------------------------------------------------------
    \41\ Id.
---------------------------------------------------------------------------
          State employees in Kentucky received mail last year 
        from Kentucky Personnel Cabinet. The mail had their Social 
        Security numbers visible from the see-through plastic windows 
        in the envelope.\42\
---------------------------------------------------------------------------
    \42\ Id.
---------------------------------------------------------------------------
          And, Congressman Ryan, documents containing the 
        personal information of Wisconsin's state assembly members were 
        recently stolen from a legislative employee's car while she 
        exercised at a local gym.\43\
---------------------------------------------------------------------------
    \43\ Id.

    Social Security numbers are being stolen in every state in this 
---------------------------------------------------------------------------
country.

VI. Solutions to the use of SSNs in Identity Theft

    Although the Presidential Task Force on Identity Theft correctly 
identified many of the problems associated with SSN usage and identify 
theft, it failed to propose many of the obvious solutions. The Task 
Force noted that, as long as SSNs continue to be used as forms of 
authentication, thieves must be prevented from obtaining them, but it 
did not come up with any substantive improvement that could bring about 
that end.\44\
---------------------------------------------------------------------------
    \44\ ID Theft Task Force Report at 23, supra note 8.
---------------------------------------------------------------------------
    The Task Force did note that unnecessary usage of SSNs in the 
public sector must be decreased \45\ and suggested that the ``[Office 
of Personnel Management] should take steps to eliminate, restrict, or 
conceal the use of SSNs (including assigning employee identification 
numbers where practicable), in calendar year 2007.'' \46\ Furthermore 
the Task Force suggested that ``[i]f necessary to implement this 
recommendation, Executive Order 9397, effective November 23, 1943, 
which requires federal agencies to use SSNs in `any system of permanent 
account numbers pertaining to individuals,' should be partially 
rescinded.'' \47\ Unfortunately, however, the Task Force did not 
propose that the SSN stop being used for purposes beyond its original 
intent. Instead, the Task Force conceded that ``[t]he use by federal 
agencies of SSNs for the purposes of employment and taxation, 
employment verification, and sharing of data for law enforcement 
purposes, however, is expressly authorized by statute and should 
continue to be permitted.'' \48\
---------------------------------------------------------------------------
    \45\ Id. at 24.
    \46\ Id.
    \47\ Id.
    \48\ Id.
---------------------------------------------------------------------------
    Although the Task Force recommended that the Office of Personnel 
Management take a leading role in issuing policy guidance on 
appropriate use of SSNs \49\ and create a list of acceptable SSN 
practices in order to determine best practices,\50\ the Task Force did 
not lay out any basic framework for this policy guidance or any 
suggested best practices. Furthermore, although the Task Force 
suggested that a comprehensive record on the private sector use of SSNs 
should be developed,\51\ it failed to detail how the information 
comprising this record ought to be recorded or what legislative changes 
would be necessary to reduce the crime of identity theft. The absence 
of a legislative recommendation on this key point is significant; in 
many other areas of the report, the Department of Justice recommend 
legislative changes to expand its own investigative and prosecutorial 
authority.
---------------------------------------------------------------------------
    \49\ ID Theft Task Force Report at 26, supra note 8.
    \50\ Id.
    \51\ Id.
---------------------------------------------------------------------------
    The task force recognizes the dangers of Social Security numbers' 
dual role in identification and authentication, but it fails to 
recommend that the Social Security number's role in authenticating an 
identity be completely eliminated and its use in the private sector 
limited. Although the Task Force adequately highlights some of the 
problems associated with SSN usage, it fails to provide a meaningful 
starting point for the government to act to correct the problems and it 
does not recommend, as it ought to, that the private sector immediately 
cease use of SSN for authentication purposes.
    What else should be done?

          For starters, an effective law would limit the 
        collection and the use of the SSN. It would be far preferable 
        to reduce the crime of identity theft at its source than to 
        create new enforcement authority for a problem that is clearly 
        out of control.
          The use of the SSN should be limited to those 
        circumstances that are explicitly authorized by law. For 
        example, an employer should be permitted to ask an employee for 
        an SSN for tax-reporting purposes (as long as the SSN remains 
        the Taxpayer Identification Number), but a health club should 
        not be permitted to ask a customer for an SSN as a condition of 
        membership.

      Prevent companies from compelling consumers to disclose 
their SSN as a condition of service or sale unless there is a statutory 
basis for the request.
      Prohibit the sale and limit the display of the SSN by 
government agencies. It is simply inconsistent with Section 7 of the 
Privacy Act to allow the Federal Government to disseminate the SSN.
      Penalize the fraudulent use of another person's SSN but 
not the use of an SSN that is not associated with an actual individual. 
This would permit, for example, a person to provide a number such as 
the ``867-00-0909'' where there is no intent to commit fraud. (The 
number displayed could not be an actual SSN.)
      Encourage the continued development of alternative, less 
intrusive means of identification. We believe that the National 
Research Council should be funded to undertake further research on new 
techniques that enable records management while minimizing privacy 
risks.\52\
---------------------------------------------------------------------------
    \52\ See also Nat'l Research Council, Who Goes There? 
Authentication Through the Lens of Privacy (Stephen Kent & Lynette 
Millett eds. 2003); Nat'l Research Council, Engaging Privacy and 
Information Technology in a Digital Age (James Waldo, Herbert S. Lin & 
Lynette Millett eds. 2007).

    It is also important not to preempt innovative state laws that 
reduce the risk of SSN misuse. Many states have enacted legislative 
protections for the SSN. They vary from comprehensive frameworks of 
protection for the SSN to highly-specific laws that shield the SSN from 
disclosure in specific contexts.
    For example, a 2005 Arizona law prohibits the disclosure of the SSN 
to the general public, the printing of the identifier on government and 
private-sector identification cards, and establishes technical 
protection requirements for online transmission of SSNs.\53\ The law 
also prohibits printing the SSN on materials mailed to residents of 
Arizona. Exceptions to protections are limited--companies that wish to 
continue to use the SSN must do so continuously, must disclose the use 
of the SSN annually to consumers, and must afford consumers a right to 
opt-out of continued employment of the SSN.
---------------------------------------------------------------------------
    \53\ Ariz. Rev. Stat. Sec. 44-1373.
---------------------------------------------------------------------------
    In 2004 Ohio law limits the collection of the SSN and its 
incorporation in licenses, permits, passes, or certificates issued by 
the state.\54\ The law requires the establishment of policies for safe 
destruction of documents containing the SSN. Insurance companies 
operating in the state must remove the SSN from consumers' 
identification cards. Finally, the legislation creates penalties for 
individuals who use others' personal information to injure or defraud 
another person.
---------------------------------------------------------------------------
    \54\ Available at http://www.state.co.us/gov_dir/leg_dir/olls/
sl2004a/sl_393.htm.
---------------------------------------------------------------------------
    In Georgia, businesses are now required to safely dispose of 
records that contain personal identifiers.\55\ The Georgia law requires 
that business records--including data stored on computer hard drives--
must be shredded or in the case of electronic records, completely wiped 
clean where they contain SSNs, driver's license numbers, dates of 
birth, medical information, account balances, or credit limit 
information. The Georgia law carries penalties up to $10,000.
---------------------------------------------------------------------------
    \55\ Available at http://www.epic.org/privacy/ssn/sb475.html.
---------------------------------------------------------------------------
    In the past year, Illinois has passed several laws to protect 
consumer privacy, including measures that address identity theft, limit 
the use of the Social Security number, require notification of security 
breaches, and allow state residents to put a security freeze on their 
credit report if they believe their personal information has been 
compromised.\56\
---------------------------------------------------------------------------
    \56\ Press Release, Office of the Governor, Governor Blagojevich 
calls on Veterans Administration to provide immediate protection to 
veterans whose personal information was stolen (May 24, 06), available 
at
    http://www.illinois.gov/PressReleases/
ShowPressRelease.cfm?RecNum=4920&SubjectID=26.
---------------------------------------------------------------------------
    Six state legislatures, in the past two months, have passed laws 
going against a new federal ID requirement.\57\ The law would require 
240 million Americans to get new licenses by 2013. The new 
identification cards would contain residents' SSN, home address, and 
that they are in the USA legally. Implementation of this new ID program 
would cost states more than $11 billion,\58\ according to the National 
Conference of State Legislatures. The Federal Government has estimated 
that REAL ID will cost $23.1 billion.\59\ Some state lawmakers have 
gone as far to call this federal effort an attempt to create a `` 
`papers-please' society.'' \60\ Without all 50 states complying, it's 
not really a National ID card. In the end states will have their way.
---------------------------------------------------------------------------
    \57\ Thomas Frank, 6 States defy law requiring ID cards, USA Today, 
June 18, 2007, available at http://www.usatoday.com/news/nation/2007-
06-18-id-cards_N.htm? loc=interstitialskip.
    \58\ Id..
    \59\ Dep't of Homeland Sec., Notice of Proposed Rulemaking: Minimum 
Standards for Driver's Licenses and Identification Cards Acceptable by 
Federal Agencies for Official Purposes, 72 Fed. Reg. 10,819, 10,845 
(Mar. 9, 2007), available at http://a257.g.akamaitech.net/7/257/2422/
01jan20071800/edocket.access.gpo.gov/2007/07-1009.htm; see generally, 
EPIC, Page on National ID Cards and the REAL ID Act, http://
www.epic.org/privacy/id_cards/.
    \60\ Thomas Frank, 6 States defy law requiring ID cards, supra note 
57.
---------------------------------------------------------------------------
    The innovative solutions that state legislatures are developing to 
address privacy concerns should be encouraged. The states are 
laboratories of democracy, and are moving effectively on emerging 
issues. A federal privacy baseline ensures safeguards in those states 
where they do not currently exist, and leaves states free to develop 
better protection. Even a sensible national law will become outdated as 
technology and business practices evolve.
    EPIC also favors technological innovation that enables the 
development of context-dependent identifiers. Such a decentralized 
approach to identification is consistent with our commonsense 
understanding of identification. If you're going to do banking, you 
should have a bank account number. If you're going to the library, you 
should have a library card number. If you're renting videos from a 
video rental store, you should have a video rental store card number. 
Utility bills, telephone bills, insurance, the list goes on. These 
context-dependent usernames and passwords enable authentication without 
the risk of a universal identification system. That way, if one number 
gets compromised, all of the numbers are not spoiled and identity 
thieves cannot access all of your accounts. All of your accounts can 
become compartmentalized, enhancing their security.
    We believe that this is also the approach favored by businesses and 
cutting-edge technology firms that think carefully about the issue, 
though it has taken us some work to make this clear. EPIC filed a 
complaint with the Federal Trade Commission in 2001 about Microsoft 
Passport, an identity scheme proposed for the Internet.\61\ Microsoft 
was signing up users for a service that produced a single username and 
password for all of their Web services, including credit card 
information and a vast user profile. Microsoft Passport stored user 
information in a central database. The problem was that while Microsoft 
Passport claimed to enhance security, it actually had a lot of holes. 
And, if you accidentally left your user profile up on a public computer 
terminal or a malicious hacker gained access to one of your accounts, 
they would have access to everything associated with your user profile.
---------------------------------------------------------------------------
    \61\ EPIC maintains an archive of information about Microsoft 
Passport at http://www.epic.org/privacy/consumer/microsoft/
passport.html.
---------------------------------------------------------------------------
    We urged the Federal Trade Commission to investigate, and the FTC 
eventually agreed with EPIC's position.\62\ Microsoft backed off 
Passport, developed an approach to identity management that allowed for 
multiple forms of online identification, and other companies, including 
open source developers, followed a similar approach.\63\
---------------------------------------------------------------------------
    \62\ Fed. Trade Comm'n, Agreement, In Re Microsoft, FTC Docket No. 
C-4069 (Dec. 20, 2002).
    \63\ Kim Cameron, The Laws of Identity, Identity Weblog, Dec. 9, 
2004, http://www.identityblog.com/stories/2004/12/09/thelaws.html; 
Windows CardSPace, http://cardspace.netfx3.com/; OpenCard, http://
www.opencard.org/.
---------------------------------------------------------------------------
    I believe there is now consensus in the online community about the 
need to avoid single identifiers and to promote multiple identification 
schemes, and that this approach is best not only for privacy but also 
for security. The critical question is whether Congress can make 
physical identity systems similarly robust.

VII. The Social Security Number Protection Act, H.R. 948

    H.R. 948, the Social Security number Protection Act of 2007, has 
passed before the Committee on Energy and Commerce and has been 
reported to the House. The purpose of H.R. 948 is to prohibit the 
display and purchase of Social Security numbers in interstate commerce 
pursuant to rules to be promulgated subsequent to the passage of the 
bill. Although we generally favor the bill, we believe it can be 
strengthened in several key areas. Most critically, there should be 
clear guidance to the FTC to limit the sale and purchase of Social 
Security numbers, there should be private right of action for 
individual citizens to ensure that the law is effective, and there 
should be no preemption of state law.
    Sections 3(a)(1) through (3)(a)(3) of H.R. 948 create a facially 
broad prohibition on the public display of Social Security numbers on 
the Internet, the requirement to use an individual's Social Security 
number as a password for access to any goods or services, and the 
display of Social Security cards on any membership or identity card. 
However, Section 3(c) grants the Federal Trade Commission open-ended 
authority to promulgate exceptions to the prohibitions contained within 
the bill. If exceptions concerning the display of Social Security 
numbers and requirement of their use as passwords are necessary, then 
they should be contained within the statute itself. Failing that, the 
authorization granted to the FTC should be narrowly tailored to areas 
in which exceptions are clearly needed. As currently formed, there is 
no way to know whether the exceptions will undermine the safeguards 
that are vitally important.
    Although the purpose of the bill is, in part, to prohibit the sale 
and purchase of Social Security numbers, Section 4(a) only authorizes 
the FTC to create regulations to this end. Section 4(b)(1) requires the 
FTC to issue regulations but it provides little meaningful guidance on 
baselines standards the FTC should adopt. Furthermore, although Section 
4(b)(2) appears to offer the Commission some substantive guidance, its 
language actually defines the ceiling for the FTC's rules rather than 
the floor. While the dual purposes of providing assurance that Social 
Security numbers are not to be used to commit fraud and to prevent 
undue harm are laudable, these should be the minimum requirements the 
FTC must meet under the act and should not define the boundary of the 
Commission's authority to regulate. Also troubling are the laundry list 
of required exceptions contained within Section 4(b)(3). Not only are 
the exceptions contained in Sections 4(b)(3)(A) through 4(b)(3)(F) 
requirements of any future FTC regulation, but also Section 4(b)(3)(G) 
gives the FTC open ended authority to create further exceptions 
pursuant to the general considerations in Section 4(b)(2). Despite its 
strongly worded purpose, the bill lacks adequate limitation on the sale 
or purchase of Social Security numbers and, instead, devotes more space 
to explicitly authorizing uses of Social Security numbers that were not 
originally intended.
    Although it is laudable that the bill creates a right of action for 
states' attorneys general in Section 4(e)(2)(A), H.R. 948 fails to 
authorize a private right of action. Experience has shown that a 
private right of action is necessary in order to ensure vigorous 
enforcement of the law. While State and Federal Governments are often 
consumed with pursuing other issues and may be unable to pursue every 
indiscretion to the fullest extent of the law, individuals are always 
motivated to vindicate their own rights. The possibility of expansive 
litigation indicates the importance of this problem; it does not 
provide a reason to restrict an individual's ability to protect his 
identity.
    I should add further that EPIC has had significant success bringing 
privacy complaints to the Federal Trade Commission. In fact, it was our 
complaint regarding the practices of the data broker ChoicePoint that 
led to the largest fine in the Commission's history.\64\ Nonetheless, 
we would urge the Committee to include a private right of action, 
specifically where an individual or company misuses an SSN in violation 
of the Act. That will be critical to limit the problem of identity 
theft.
---------------------------------------------------------------------------
    \64\ EPIC, Past FTC Review of ChoicePoint Privacy Practices, http:/
/epic.org/privacy/ftc/google/#cpoint; see generally EPIC, ChoicePoint, 
http://www.epic.org/privacy/choicepoint/.
---------------------------------------------------------------------------
    Finally, while a national standard may appear attractive, 
preempting state law will be a mistake. The preemption of state law 
will mean simply that certain practices that contribute to the crime of 
identity theft that are currently and appropriately outlawed by the 
states will become legal if this bill passes in its current form. 
Experience in other areas has made clear that a federal baseline for 
privacy protection is the best way to both create a national standard 
and to preserve innovation in the states.

VIII. Conclusion

    There is little dispute that identity theft is one of the greatest 
problems facing consumers in the United States today. There are many 
factors that have contributed to this crime, but there is no doubt that 
the misuse of the Social Security and the failure to establish privacy 
safeguards are key parts of the problem. The Congress should pass 
strong and effective legislation that will limit the use of the SSN, 
that will provide effective means of oversight, that will not limit the 
ability of the states to develop better safeguards, and that will 
encourage the development of more robust systems for identification 
that safeguard privacy and security.
    Thank you for your interest in this issue. I will be pleased to 
answer your questions.

                                 

    Chairman MCNULTY. Thank you very much, Mr. Rotenberg.
    Mr. Schwartz.

 STATEMENT OF GILBERT T. SCHWARTZ, PARTNER, SCHWARTZ & BALLEN, 
 LLP, ON BEHALF OF THE FINANCIAL SERVICES COORDINATING COUNCIL

    Mr. SCHWARTZ. Mr. Chairman, Ranking Member Johnson, and 
Members of the Subcommittee, I am Gilbert Schwartz, and I am 
pleased to appear today before the Subcommittee to present the 
view of the Financial Services Coordinating Council on the 
important issue of protecting the privacy of the Social 
Security number from identity theft.
    FSCC is composed of the American Bankers' Association, 
American Council of Life Insurers, American Insurance 
Association, and the Securities Industry and Financial Markets 
Association. These organizations represent thousands of small 
and large banks, insurance companies and securities firms that 
provide financial services to virtually every household in the 
United States. As was mentioned by several witnesses today, 
Social Security numbers play an important and integral role in 
the daily operations of financial institutions.
    They are used to make sound credit decisions, for 
underwriting insurance, for reporting to Federal and state 
authorities and they are a central element in customer 
identification programs required by the U.S.A. Patriot Act. 
Most importantly, Social Security numbers are used by financial 
institutions to prevent and detect fraud, root out identity 
theft, and to identify and report transactions that may involve 
money laundering, as well as activities involving terrorist 
financing.
    The FSCC strongly supports efforts by the government and 
the private sector to protect Social Security numbers from 
being used to commit identity theft. However, in view of the 
important and essential role that they play in our financial 
system, legislation should avoid overly broad and unduly 
restrictive limitations on their use that could have unintended 
consequences. Banks, insurance companies and securities firms 
have robust systems to protect the security of financial 
transactions conducted by their customers and their personal 
information. Financial institutions have a long history of 
using Social Security numbers responsibly. It is important to 
underscore the fact that financial institutions do not sell or 
publicly display Social Security numbers to the general public.
    Congress addressed the issue of consumer privacy and 
security safeguards for financial institutions in the Gramm-
Leach-Bliley Act. That Act provides comprehensive and rigorous 
protections for consumers non-public personal information, 
which includes Social Security numbers. However, the GLB Act 
and implementing regulations specifically permit financial 
institutions to use Social Security numbers for specified 
legitimate business functions.
    Federal regulators have also adopted guidance for 
depository institutions in the event of unauthorized access to 
consumer information. The guidance includes notification of 
customers if the institution determines that misuse of 
sensitive information has occurred or is reasonably possible so 
that they can take steps to protect themselves against possible 
identity theft.
    In 2003, Congress also enacted the FACT Act to help 
consumers remedy the effects of identity theft. The FSCC 
believes that the continuing efforts of the agencies to 
implement the FACT Act has had a positive effect on reducing 
incidents of identity theft and will continue to do so as more 
and more regulations are implemented by the agencies.
    In addition, many states have enacted legislation to 
protect sensitive customer information, such as Social Security 
numbers. This legislation provides strong protections for the 
use of personal information by financial institutions. We are 
concerned, however, that any Federal legislation could have 
unintended consequences if it restricts the ability of 
financial institutions to use Social Security numbers. It could 
disrupt the flow of credit and other financial services to 
consumers and hurt our ability to detect fraud and prevent 
identity theft. A prohibition on the sale and purchase of 
Social Security numbers could also affect securitization 
activities of financial institutions, as well as merger and 
acquisition activities because these numbers are embedded in 
the files that are required in connection with those 
securitization and mergers and activities.
    Many institutions also use public records in connection 
with antifraud activities, as well as to identify and detect 
identity theft. Limits on access to public record information 
could jeopardize financial institutions' ability to protect 
customers' assets and prevent illegal activities. Many 
institutions are deeply involved in providing information to 
the public about how to prevent from becoming a victim of 
identity theft and how to assist victims of identity theft. We 
strongly support these efforts by financial institutions as 
well as by the government.
    We also support, as I said, efforts by Congress to protect 
Social Security numbers in order to prevent identity theft. 
However, in view of the strong protections financial 
institutions have in place to protect this information and 
existing Federal and state laws applicable to the use and 
disclosure of customer information, the FSCC believes that 
there is no need for further restrictions on the ability of 
financial institutions to use and disclose Social Security 
numbers.
    Mr. Chairman, we appreciate the opportunity to appear 
before the Subcommittee today, and we will be glad to respond 
to any questions you may have.
    [The prepared statement of Mr. Schwartz follows:]
     Prepared Statement of Gilbert T. Schwartz, Partner, Schwartz &
  Ballen LLP, on behalf of the Financial Services Coordinating Council
Introduction

    The Financial Services Coordinating Council (``FSCC'') is pleased 
to present this statement to the Subcommittee on Social Security in 
connection with its hearing on ``Protecting the Privacy of the Social 
Security number from Identity Theft.'' The FSCC is comprised of 
American Bankers Association, American Council of Life Insurers, 
American Insurance Association, and Securities Industry and Financial 
Markets Association. The FSCC represents thousands of large and small 
banks, insurance companies and securities firms in the United States. 
Together, these financial institutions provide financial services to 
virtually every household in the United States.

How Financial Institutions Use Social Security Numbers

    Social Security numbers are unique personal identifiers. While 
originally created as a means of tracking earnings and determining 
eligibility for Social Security benefits, they have evolved well beyond 
their original purpose. SSNs are the most effective means of 
identifying individuals and matching people with personal data. They 
are the identifier of choice for both the public and private sector, 
and are used widely throughout the economy and the financial system. 
They are a window into the financial and personal history of virtually 
every consumer. When combined with certain other personal information, 
SSNs can be used to create false identities and financial mischief. 
That is why SSNs are often sought by identity thieves.
    The FSCC strongly supports proactive efforts by the government and 
the private sector to protect SSNs from the national problem of 
identity theft. However, it is also vitally important to our nation's 
financial system to avoid overly broad and unduly restrictive 
limitations on the use of SSNs that could have significant unintended 
consequences.
    SSNs play an integral role in the operations of every financial 
institution in our country. Financial institutions use SSNs in 
conjunction with other personal information to make sound credit 
decisions, for underwriting and other insurance functions, and for 
screening in connection with customer identification programs. Our 
nation's credit reporting system relies on SSNs to gather information 
to compile consumer credit files. This information is used by financial 
institutions to make credit available to customers and to provide other 
services to consumers. Most importantly, SSNs are used to prevent and 
detect fraud, root out identity theft and to identify and report 
transactions that may involve money laundering and activities involving 
terrorist financing. They are also used by financial institutions to 
comply with reporting requirements of federal and state tax and 
securities laws; to transfer assets and accounts to third parties; to 
comply with ``deadbeat spouse'' laws; to verify appropriate Department 
of Motor Vehicle records when underwriting auto insurance; to obtain 
medical information used in underwriting life, disability income, and 
long-term care insurance polices; to locate missing beneficiaries to 
pay insurance proceeds; to locate insurance policies for owners that 
have lost their policy numbers; and to facilitate myriad administrative 
functions.
    As you can see, SSNs play a critically important role in the daily 
functions of virtually every financial institution. The use of SSNs 
increases efficiency, reduces costs and makes it possible to offer 
innovative products and services that would not otherwise be available 
to consumers economically. Not only are SSNs critical to the smooth 
functioning of the financial system, they also serve as a means of 
detecting and preventing fraudulent transactions as well as combating 
identity theft. Any SSN legislation that may be considered must 
recognize the essential role that SSNs play in facilitating the 
delivery of financial products and services to consumers throughout the 
nation. Restrictions on the ability of financial institutions to use 
SSNs for everyday business purposes could have significant unintended 
consequences on their ability to serve consumers. Moreover, limitations 
on the use of SSNs by financial institutions may have the unintended 
effect of increasing fraud and identity theft and impede law 
enforcement programs designed to thwart money laundering and terrorist 
financing.

How Financial Institutions Protect SSNs and Combat Identity Theft

    Financial institutions take the problem of identity theft very 
seriously. We have long recognized the importance of protecting our 
customers' personal information, including SSNs. Public confidence in 
financial institutions is based in large part on the recognition that 
banks, insurance companies and securities firms are trusted 
intermediaries that have established robust policies, procedures and 
systems to protect the security of their customers' transactions, 
financial assets and personal information. Financial institutions have 
a long history of using SSNs responsibly and in a manner that protects 
them from abuse. It is important to underscore that financial 
institutions do not sell or display SSNs to the general public.
    Congress formally addressed the issue of consumer privacy and 
financial institution security safeguards in 1999 when it enacted the 
Gramm-Leach-Bliley Act. The GLB Act was landmark legislation that 
expanded the ability of banks, insurers and securities firms to 
affiliate in order to provide more customers a full range of financial 
services more efficiently. The GLB Act requires all financial 
institutions throughout the nation to provide comprehensive, and 
rigorous protection of consumers' nonpublic personal information, 
including SSNs. The GLB Act establishes overarching Congressional 
policy that every financial institution has an affirmative and 
continuing obligation to respect the privacy of its customers and to 
protect the security and confidentiality of its customers' nonpublic 
personal information. Moreover, under the GLB Act, each customer has 
the ability to instruct his or her financial institution not to 
disclose the customer's personal information, including an SSN, to 
nonaffiliated third parties or to the general public.
    In recognition of the fact that financial institutions have 
legitimate reasons to request, use and disclose personal information 
such as SSNs, the GLB Act and regulations of the federal agencies and 
state authorities charged with implementing the Act permit financial 
institutions to use such information for legitimate business functions, 
such as to effect, administer or provide a transaction requested or 
authorized by the consumer or in connection with servicing a customer's 
account. These laws also permit financial institutions to disclose such 
information in order to prevent fraud or unauthorized transactions, as 
well as to comply with federal, state or local laws.
    Under the authority of the GLB Act, federal agencies require 
financial institutions to develop a written information security 
program that describes how they protect customer information. An 
institution must:

          Designate one or more employees to coordinate its 
        information security program;
          Identify and assess the risks to customer information 
        in each relevant area of the company's operation and evaluate 
        the effectiveness of safeguards for controlling these risks;
          Design and implement a safeguards program, and 
        monitor and test it on a regular basis;
          Select service providers that can maintain 
        appropriate safeguards; and
          Evaluate and adjust the program in light of relevant 
        circumstances and changes in the company's business.

    Financial institutions have established information systems that 
maintain and store sensitive consumer information in a safe and secure 
manner. These facilities are subject to periodic audit by internal and 
external auditors as well as by state and federal examiners. Federal 
regulators also have adopted guidance relating to procedures depository 
institutions are to follow in the event of unauthorized access to 
customer information. The guidance includes notification of customers 
if the institution determines that misuse of sensitive customer 
information has occurred or is reasonably possible. Notice to customers 
under these circumstances enables them to take steps to protect 
themselves against possible identity theft.
    Congress also enacted the Fair and Accurate Credit Transactions 
(``FACT'') Act of 2003 which contains provisions intended to help 
consumers remedy the effects of identity theft. Many of the FACT Act's 
provisions have been implemented by regulations and guidance issued by 
the federal agencies. The FSCC strongly believes that continuing 
efforts of the agencies to implement the FACT Act have had a positive 
effect on reducing incidents of identity theft.
    In addition to the numerous state insurance laws implementing the 
GLB Act requirements, thirty six states and the District of Columbia 
have enacted security breach legislation. States have also enacted 
legislation that prohibits specific uses of SSNs, including the public 
display of SSNs. The FSCC believes that existing federal and state laws 
and guidance provide strong protections for the use of personal 
information such as SSNs by financial institutions. Accordingly, the 
FSCC believes that there is no need for Congress to enact legislation 
restricting the use and disclosure of SSNs by financial institutions.

Restrictions May Have Unintended Consequences

    The FSCC is concerned about unintended consequences of legislation 
that restricts the ability of financial institutions to use SSNs. 
Unintended consequences have the potential to disrupt the flow of 
financial services to consumers and to harm the smooth operation of the 
U.S. financial system. Such effects could have serious consequences for 
the nation's economy.
    Legislation could adversely affect the ability of financial 
institutions to use SSNs to verify the identities of consumers and 
customers. This could disrupt the flow of information creditors receive 
from credit bureaus and have adverse consequences for consumers seeking 
credit, insurance, securities and other financial services. It is 
essential that financial institutions obtain SSNs from consumers and 
disclose the SSNs to credit bureaus in order access their credit 
histories. If such access and use of SSNs is disrupted, the flow of 
credit, and other financial services will be undoubtedly be curtailed.
    Prohibitions or restrictions on the sale or use of SSNs could 
seriously impede the ability of financial institutions to provide 
seamless administrative services to customers. For example, insurers 
use SSNs to verify the identity of an individual who requests a change 
to his or her insurance policy, such as a change in beneficiary. If an 
insurer is unable to verify the identity of the person making the 
request, the potential for fraudulent transactions and identity theft 
will increase.
    Restrictions on the use and disclosure of SSNs could adversely 
affect the ability of financial institutions to detect fraud. Banks, 
insurance companies and securities firms rely on information they 
obtain from various sources to verify a consumer's identity. Financial 
institutions maintain sophisticated procedures, which are based upon 
SSNs as a means of identification, to accurately verify the identity of 
customers and to prevent and detect fraud or identity theft.
    A prohibition on the sale or purchase of SSNs could be interpreted 
as restricting activities such as the sale of assets among financial 
institutions. Financial institutions often sell assets such as credit 
card and vehicle loans in connection with their securitization 
activities. Merger and acquisition activities may also result in a 
transfer or sale of all of the institutions' accounts and policies. 
SSNs are necessarily included in account and policy files that are 
transferred in connection with these routine business transactions. Of 
necessity, legislation that addresses the sale and purchase of SSNs 
must exclude these and other similar legitimate transactions from the 
scope of its coverage.
    Restrictions on the ability to obtain SSNs could have an adverse 
effect on the ability of financial institutions to comply with anti-
money laundering rules and anti-terrorism activities. Section 326 of 
the USA PATRIOT Act requires many financial institutions to obtain a 
taxpayer identification number, typically an SSN, before opening an 
account for an individual. The financial institution also must verify 
the identity of the individual. These measures are intended to prevent 
the ability of money launderers and terrorists to use financial 
institutions for illicit purposes. Limitations on the ability of 
financial institutions to use SSNs to verify the identity of customers 
could thwart their ability to prevent money laundering and financing of 
terrorist activities.

Access to Public Records

    We understand that legislation may also address the use of SSNs 
that are available in public records. Many financial institutions use 
public records in connection with their anti-fraud activities as well 
as to prevent and detect identity theft. Public records facilitate the 
ability of financial institutions to verify consumer identities when 
opening accounts, issuing insurance policies and conducting various 
transactions. They also assist in verifying an employee's background. 
The ability to match SSNs ensures that the information included in 
these records matches the correct individual. Limits on access to 
public record information could jeopardize a financial institution's 
ability to protect its customer's assets and prevent illegal 
activities.

Customer Education

    Financial institutions strongly support efforts to combat identity 
theft. Many institutions post extensive information on their websites, 
and distribute statement stuffers and brochures to inform consumers 
about steps they can take to prevent from becoming victims of identity 
theft. Financial institutions also maintain identity theft hotlines and 
participate in community outreach programs to spread the word about 
measures consumers can take to prevent identity theft. And financial 
institutions strongly support efforts by the federal agencies to 
educate consumers through various booklets, brochures and programs 
about preventing identity theft.

Conclusion

    The FSCC strongly supports efforts by Congress to protect SSNs to 
prevent the national problem of identity theft. Under existing law, 
financial institutions have developed robust safeguards to protect the 
security of personal customer information such as SSNs. Financial 
institutions use SSNs in connection with normal business functions or 
to comply with critically important requirements established by 
Congress. In view of the strong protections currently in place, the 
FSCC believes that there is no need for further restrictions on the 
ability of financial institutions to use SSNs.

                                 

    Chairman MCNULTY. Thank you, Mr. Schwartz. I want to thank 
all of the Members of the panel for their patience and for 
their excellent testimony. Some of us are a little bit under 
the gun as far as other commitments are concerned but before I 
yield to my colleagues to inquire, I just want to say that what 
I have heard from this panel and what I have heard from 
previous panels just strengthens my belief that obviously there 
are legitimate uses for the Social Security number, there are a 
lot of illegitimate uses. I just happen to think that the vast 
majority of entities that ask individuals for their Social 
Security numbers have absolutely no need to have that 
information.
    I think part of the solution is education and doing what 
Nancy and I did when I related our own personal story about 
when we went to make a retail purchase, and we were giving them 
all kinds of information about us, then they asked for the 
Social Security number. They had absolutely no need to have it. 
I think more people need to do what we do, which was ``Just Say 
No.'' However, I think we need to go beyond that and to have 
some legislation that further defines what are the legitimate 
reasons for seeking to know someone's Social Security number so 
that more people do not suffer the fate of Charlie W. and the 
others who have had these horrible experiences, which have 
disrupted their lives for years. With that, I will yield to the 
Ranking Member, Mr. Johnson.
    Mr. JOHNSON. What was your question?
    Chairman MCNULTY. I think what I gave was my conclusion.
    [Laughter.]
    Mr. JOHNSON. I sense there is quite a difference between 
our people who testified out there and how you believe number 
use should be accomplished. It is interesting to me, we tried 
to get the military to stop using as a serial number the Social 
Security number, and they will not do it because it costs too 
much to change it all. So, having said that, in the financial 
industry, if we use private sources to verify a person's 
identification instead of going through the government let's 
say, what would it cost to do that? You would use the Social 
Security number, I assume?
    Mr. PRATT. Our Members make extensive use of the Social 
Security number for--I want to distinguish between, it was in 
the testimony, but between using the Social Security number to 
build a database to match information together, and I think the 
professor did a good job of explaining the difference between 
matching and building a database and authenticating, verifying 
the identity of the consumer. The SSN is used in part to build 
the database and you need consistency. Even a driver's license, 
for example, Mr. Chairman, if you move around the country, your 
number will change of course and not everybody moves, but we 
have at least 40 million consumers who are changing their 
addresses every year, so the SSN remains a good database 
matching tool, not perfect, and we use other matching elements 
of course to build the totality of the database. It is not 
unique to the Social.
    On the authentication side, I think one thing that is very 
important that has been said several times, if every one of the 
transactions shared here had involved proper authentication, 
there would not have been records of arrest and there would not 
have been public records and there would not have been a 
driver's license issued in that individual's name. Maybe at the 
core of this hearing, I think it runs parallel with the 
discussion of the Social Security number, is that you must 
authenticate properly and it does involve using many different 
types of tests. What you do online to authenticate an identity 
is different than what you would do if I was in person speaking 
with you as a loan officer and that would be yet again 
different if I was on the phone.
    Mr. JOHNSON. Well, focus for a minute on us having to have 
employer verification of legal residence, for example, can you 
do that?
    Mr. PRATT. Again, identity verification is a risk 
assessment.
    Mr. JOHNSON. That is what I mean.
    Mr. PRATT. I do not think there is any way in this country 
to perfectly identify a consumer unless we are going to carry 
around identifying document, which will create a whole host of 
other problems, by the way, if we are carrying everything with 
us.
    Mr. JOHNSON. We have got too many in our pocket now.
    Mr. PRATT. Yes, sir. I was asked just today to provide a 
copy of my Social Security card in a lending transaction.
    Mr. JOHNSON. You carry that around all the time, don't you?
    Mr. PRATT. I do not have it and could not find it.
    Mr. JOHNSON. Of course not.
    Mr. PRATT. In fact, I recall it is a kind of fuzzy blue 
card that I received. By the way, my Social Security number 
matches up with my sister's almost perfectly because at my age 
the family obtained all of them sequentially at the same time 
and so there are two S. Pratts, and when we graduated from 
college, we lived in the same address, and so there were two S. 
Pratts at the same address with one digit difference in our 
Social Security numbers. So I think that explains why identity 
verification will never be solely the Social.
    But, on the other hand, I think what Mr. Schwartz said is 
right, it is part of the tool box. For example, if we can 
identify in a fraud database that a SSN has been used in other 
fraudulent transactions, that is not going to stop the 
transaction, but the user, the authenticator, should take 
additional steps and say, ``I am sorry, we cannot push you 
through until we get to the point of knowing who you are, and 
we need to try to find a way to know who you are and we are 
going to ask you another question.''
    Mr. JOHNSON. So, all you are saying is it is just another 
ID method?
    Mr. PRATT. It is part of the system but it is very 
important to database----
    Mr. JOHNSON. But wants to get rid of them totally.
    Mr. PRATT. I do not see any way that you can pull the 
Social Security number out of a, for example, a credit 
reporting database because every other data element is going to 
change. So if you pull the one stable identifier out of that 
database, we are causing another kind of problem that will be 
dealt with another Committee and that is the problem of 
inaccurate data being used to stop transactions.
    Mr. JOHNSON. We are running out of time, but I would like 
to hear Dr. Anton's comment on that.
    Ms. ANTON. Thank you, Congressman. We found a study in The 
Journal of Public Health that showed that we can identify 
people very accurately in the Social Security death master 
index by simply with their first initial, last name, date of 
birth and/or the birthplace, and that is without the Social 
Security number. So, it is possible to identify. This is why I 
was trying to make a point about not using the Social Security 
number as an authenticator as well. Our names and addresses and 
phone numbers have been published in the phone book for over 55 
years, probably more than that, and we were not struggling with 
identity theft at that time.
    Mr. JOHNSON. Well, the credit companies have to be more 
accurate than that, and I think it is just another source of 
identification for them. Is that true?
    Mr. PRATT. That is true. By the way, we have also done a 
death master file analysis where you can have more than 90 John 
Smith's with the last four digits of a Social Security number 
that match, so our challenge is in fact to use the Social in 
combination with an address, again 40 million of them changing 
every year, in combination with marriages and divorces where 
last names change. Candidly, our hit or miss ratio in the 
financial services space may be very different than in a retail 
space that does not have to deal with the Fair Credit Reporting 
Act or Gramm-Leach-Bliley Act or a USA Patriot Act, Section 326 
obligation.
    Ms. ANTON. Not to be argumentative, but you do not need 
those four digits of the Social Security number to be able to 
accurately identify those people in a database.
    Mr. JOHNSON. Thank you. I am out of time. I appreciate your 
comments.
    Chairman MCNULTY. Ms. Tubbs Jones may inquire.
    Ms. TUBBS JONES. Thank you, Mr. Chairman. I want to get a 
``shout out'' to an organization. In case you all do not know 
what a ``shout out'' is, that means you are saying something 
about somebody you know. It is done over the radio more often 
than not, it is a slang term that my son has taught me, he is 
24. But I am going to get a ``shout out'' to Axiom from my 
congressional district, who is a Member of Mr. Pratt's 
organization. Thank you, Mr. Pratt, for your testimony.
    Let me also say to Mr. Gingerich I am a former common pleas 
judge out of Kyle County, Ohio, and I want to celebrate the 
great work that the Center for State Courts does because it is 
through the work that you do that we have continually improved 
the level of the judiciary in the United States of America. So, 
that is a ``shout out'' for the Center for State Courts.
    I am interested, I would love to be in a courtroom and let 
two or three of you all really debate this in-depth because it 
is very clear that there are differing opinions. Dr. Anton, so 
when I go to Macy's and I am getting ready to buy something and 
I do not have my credit card with me and they say, ``Okay, put 
your name in there,'' and then this little machine says, ``Put 
in your Social Security number,'' is that authentication?
    Ms. ANTON. Yes.
    Ms. TUBBS JONES. Okay, all right, just checking to see if I 
am on the same terms. But I should not have to do that? What 
should I have to do if I really want--no, I am kidding, what 
should be the way in which they would know who I am, what else 
should they be using, my birth date, not my mother's maiden 
name?
    Ms. ANTON. On every single one of my credit cards, I have 
not signed one of them, it always says, ``See ID.'' So, if 
someone steals my card, they have to see the picture on my 
driver's license to make sure that it is me.
    Ms. TUBBS JONES. I am with you, Dr. Anton, I do not sign my 
credit cards either.
    Ms. ANTON. That is how I authenticate.
    Ms. TUBBS JONES. Okay, all right.
    Mr. JOHNSON. But you should put on the back, ``Ask for 
ID.''
    Ms. TUBBS JONES. I should write that on it?
    Mr. JOHNSON. Yes, you should.
    Ms. TUBBS JONES. Okay, I will remember that one. I have 
just about thrown them all out the door though. I really do not 
have a lot of questions, I am interested in spending some time 
reading your testimony and having a little more opportunity to 
address it, but I want to say on behalf of all the people that 
I represent, we need your input in trying to walk through this 
dilemma that we are in. We are in a true dilemma because, as 
Mr. Pratt and Mr. Gingerich said, the Social Security number 
has become such an integral part of whatever it is we are 
doing, that to yank it immediately would cause havoc. But, on 
the other hand, we really need to be doing something to 
prohibit its use.
    I thank you, Mr. Chairman, for the time. I know my friend, 
Mr. Ryan, down there really wants to talk, so I yield you my 
time.
    Mr. RYAN. Yes, sure, thank you. I appreciate it.
    Chairman MCNULTY. Thank you, Ms. Tubbs Jones. Mr. Ryan may 
inquire.
    Mr. RYAN. Well, I will just pick up where you left off 
then. I like making these conversations flow. Boy, this is a 
good hearing, Mr. Chairman, again another good one. Correct me 
if I am wrong, Dr. Anton, I liked your testimony, it was very 
interesting, it helped logically set this up. Using the cart in 
front of the horse or the horse in front of the cart analogy, 
we have to come up with authenticating system and then an 
identifier, right, so first authenticate, then operate through 
society by identifying, correct? If you cannot authenticate who 
you are, all the rest is academic.
    Ms. ANTON. In most transactions it seems that your first 
identified and then authenticated.
    Mr. RYAN. Right.
    Ms. ANTON. So, you do not use your name to authenticate 
yourself, and you should not use your Social Security number 
and you should not use your mother's maiden name. These are all 
weak authenticators.
    Mr. RYAN. Right.
    Ms. ANTON. That is the problem.
    Mr. RYAN. So, to prevent all these problems we have in 
society, whether it be terrorism, illegal immigration, identity 
theft, we have to have a better system for authenticating our 
identity?
    Ms. ANTON. Yes.
    Mr. RYAN. Okay, so now what we are trying to figure out, 
what should government do to do this? What is it that we can do 
to facilitate this, to make that happen in the 21st century? 
Then whatever we do, will it be obsolete in a couple of years, 
will we throw money down a hole with ID cards that are going to 
be obsolete, which we saw on the last panel, what path should 
we put ourselves on so that people can get their IDs--get 
themselves authenticated so that the system can work, what do 
you recommend? Mr. Rotenberg, I know that you have put a lot of 
work into that too, as well?
    Mr. ROTENBERG. Well, thank you, Mr. Ryan, I am going to put 
something on the table, which Professor Anton will understand, 
but it is going to sound a little confusing. It does answer 
your question, however. I think the long-term solution to this 
problem, and it is an enormous problem, is to separate 
authentication from identification.
    Mr. RYAN. Right.
    Mr. ROTENBERG. Let me give you an example of what I mean. A 
young person walks into a liquor store to purchase alcohol. 
There is one thing that the owner of that store needs to know 
in most states, is this person over the age of 21? To have a 
legal transaction in that context, there needs to be a way to 
authenticate the fact that person is over the age of 21. It 
turns out that his actual identity is irrelevant and in truth 
from a privacy perspective and a security perspective, it would 
be best if his identity was not disclosed because that 
information does not need to be made available.
    Mr. RYAN. Can I have my time now, Mr. Chairman?
    Chairman MCNULTY. Yes.
    Mr. ROTENBERG. As I said, and we have done a lot of work on 
this issue over the years, it comes up a lot, particularly in 
the Internet economy where you have people on Ebay, for 
example, relying on the reputation of others, whose actual 
identity is not known. But the reputation value of the 
pseudonym they use is extraordinarily useful. If someone's 
reputation is high, they will do business with them online. It 
does not matter who they actually are.
    I think we are going to need to get a handle on this 
problem. You see what has happened is that the Social Security 
number is actually at the opposite end of the ideal system. The 
Social Security number is both an identifier and authenticator 
and it fails completely. A good identity system actually 
separates these functions. You would agree with this, would you 
not?
    Ms. ANTON. Yes, absolutely.
    Mr. ROTENBERG. Yes.
    Mr. RYAN. Now, we have the two financial services and 
consumer data people, so we are going to have to figure out 
here as legislators what is the way to go, what is the happy 
median, where is it that you really do not need the Social 
Security number even though it may be convenient and easy to 
use, where do you really not need it? For instance, my bank, 
just a small community bank in Wisconsin, just sent out--I do 
my online banking and at first you needed to use your Social 
Security number as your password, as your ID and then you had 
your own password. They just sent out an email, if you want to 
get back on, no more, we are getting rid of this, you come up 
with your own ID and password and then that will from now on 
henceforth get you access to your bank accounts.
    So, it seems to me, just using that one little example, 
that financial services firms and other firms can, if they 
choose to do so, change this data that is required to ID and 
authenticate who you are. So, where is it that, and I know each 
of you are going to have a different answer to this question, 
where is it that you absolutely have to have the Social 
Security number and where is it that you would like to have it 
but you really do not need it? I would just like to ask the 
four of you who are involved in this your answer to that 
question?
    Mr. PRATT. I believe at the front-end of every transaction, 
when you are in the process of authenticating, and I think to 
that extent we agree, you must have a system of authentication, 
not the same as do you have a Social Security number. Using the 
Social Security number though as part of the complete set of 
data that is gathered at the point of the opening of the 
transaction is important because later you may close that 
account and open up another account and that bank may use a 
different authenticating system. Later you may close that 
account and open up a different account with a different 
authenticating system.
    Mr. RYAN. This presumes that you cannot really authenticate 
who you are, right? This presumes that there is no other better 
authenticating method, right?
    Mr. PRATT. Well, no, actually what it presumes is there is 
no silver bullet to authentication and paralleling 
authentication strategies will be criminals chasing down the 
strategy, trying to pull it apart and to defeat it. That will 
always happen, always has, always will. So, paralleling 
authentication will be the need to have a definitive 
identifier. I have authenticated you through a variety of 
means, which could include using data off your consumer report 
to say tell me about your mortgage, you can get this online, 
for example, with whom do you have a mortgage, and you can 
identify that. Approximately what is the payment you make per 
month, and you can authenticate that. By doing that, you 
actually end up closer to authenticating the identity of that 
consumer.
    But with the Social, no matter which financial institution 
you are doing business with, I will be able to say that account 
is going to go into this record in the Credit Bureau database. 
The irony of what we have heard with some of the testimony is I 
was in a hearing a floor up and was being criticized, we were 
being criticized where a data match might use just an initial, 
so one of the challenges is I have other Committees with other 
opinions in other contexts, such as the Fair Credit Reporting 
Act, where if we do not use full and complete identifying data, 
I have excerpts from Federal Trade Commission reports on data 
matching.
    Mr. RYAN. I want to hear these other folks.
    Mr. PRATT. So, I just want you to know that it is--you need 
data to match and build accuracy and you need authentication 
strategies to authenticate.
    Mr. RYAN. Dr. Anton, Mr. Rotenberg, Mr. Schwartz.
    Ms. ANTON. I would just like to note that if we published 
everyone's Social Security numbers in the phone book along with 
their name and telephone number but never used it as an 
authenticator, we could eliminate some identity theft in this 
country.
    Mr. ROTENBERG. I think that would be a risky strategy.
    [Laughter.]
    Mr. ROTENBERG. Until everybody got on board with that plan 
but food for thought. I do think we need to move away from the 
Social Security number as an identifier. As I described in my 
testimony, Congress understood this problem. They saw what was 
happening. What preceded the Privacy Act was a very good 
detailed report that said the SSN is going to become a 
universal identifier if we do not put some brakes on it, and we 
are living with the consequences. It is not cost-free for the 
financial services to be using the SSN. It is the number one 
complaint that consumers have to the FTC and the cost is over 
$50 billion.
    Mr. SCHWARTZ. Mr. Ryan, I would say that it would be very 
difficult for the financial services industry to move away from 
Social Security numbers. First, obviously, for tax reporting 
purposes, the Social Security number is required. Under the USA 
Patriot Act, one of the requirements of a customer 
identification program is to get a Social Security number to 
make certain that that person is a legitimate person, that a 
Social Security number has been legitimately issued.
    I agree that the authentication--and that is the reason why 
your bank has moved away from that--the authentication issue is 
an important one and because of the proliferation of Social 
Security numbers and the availability of them, many financial 
institutions are now requiring other types of vehicles for 
getting access to your account.
    Mr. RYAN. So, you might need it to open up the account to 
begin with, but you do not need it to proceed thereafter as an 
identifier?
    Mr. SCHWARTZ. Well, sometimes, too, for example, if you 
call and you wanted to find out what your balance is in your 
account or to find out if a check has been paid or to transfer 
funds, there are many Mr. Ryan's in this world who are dealing 
with banks, and you do not remember your account number, for 
example, I have no idea what my account number is, but that 
would be one element that you would be asked for, your Social 
Security number, and that----
    Mr. RYAN. But it could be something else other than the 
Social Security number?
    Mr. SCHWARTZ. Well, what are you going to use, the bank 
would not know what your account number is because you do not 
know what your account number is, so that is at least one way 
of getting the first level of information. Then they will ask 
you, for example, what has been a recent transaction or give me 
your address, your date of birth, there are other identifiers.
    Mr. RYAN. All these other things.
    Mr. SCHWARTZ. You do not know your date of birth?
    Mr. RYAN. No, I said you could use all these other things 
other than the Social Security number.
    Mr. SCHWARTZ. They are, they are. If you call a bank, they 
will not give you--most institutions will not give you access 
to your account simply by giving your name and your Social 
Security number, there will be other questions that they will 
ask you to verify that you are who you say you are.
    Mr. RYAN. The challenge for the industry is going to be, it 
may be easy, it may be the path of least resistance to use the 
SSN, but clearly not necessary. Maybe to open up an account, 
maybe for taxes but not necessarily as an identifier or as an 
authenticator, I guess I am using these words correctly. You 
could move forward with other pieces of information that people 
could navigate to use as identifiers and authenticators 
prospectively once an account is opened, could you not?
    Mr. SCHWARTZ. I think it would be very difficult in many 
industries to do that. For example, if you have many accounts 
at a bank and have many different numbers, one thing that ties 
them all together is your Social Security number so that, for 
example, if you call and say, ``How much do I have in my 
checking account, when is my CD going to be maturing, what is 
the balance on my credit card?'' If you do not know the numbers 
on those accounts and you cannot give them to the person that 
you are talking to. Your Social Security number is a way in 
which the central information files of many institutions tie 
all these accounts together.
    Mr. RYAN. That is just the way the programs are running 
right now.
    Mr. SCHWARTZ. Excuse me?
    Mr. RYAN. It is the way the programs are running right now.
    Mr. SCHWARTZ. But then for each institution, you would have 
separate identification numbers and then we would have the same 
problem we have now, every time you go online, who can remember 
what your passwords are? Most people are now using of course 
their birth dates because it is easier to remember.
    Mr. RYAN. I know I am being liberal with the time, but I 
can see you are shaking ahead a thousand times, Dr. Anton.
    Ms. ANTON. In my written testimony, I would just like to 
point out that I talk about the dangers of using Social 
Security numbers as primary keys in a database and that that is 
another problem area, and so I just encourage your staff to 
look at that.
    Mr. RYAN. Thank you.
    Chairman MCNULTY. Thank you very much, Mr. Ryan. If there 
are no further inquiries, I want to thank our staff for the 
tremendous work they did in preparing the Members for this 
hearing. I want to thank all of the witnesses, all of the 
guests who have been so patient for the past three hours. I 
especially want to thank Senator Schumer, Congressman Barton 
and Congressman Markey for leaving other markups to come here 
today and to testify.
    When Senator Schumer was here, he was talking about old 
phrases and sayings that people might not relate to, let me use 
one more, it seems to me that there are legitimate reasons why 
in certain cases people should reveal their Social Security 
number. They, in my opinion, are finite in number. The old 
phrase I am going to use is that it seems to me today that 
``every Tom, Dick and Harry'' is asking people across the 
country to reveal what their Social Security number is. We 
heard many individual instances today that people went through. 
Mr. Barton related the story about purchasing a cell phone and 
being asked for his Social Security number. Ms. Tubbs Jones had 
one and I mentioned the time Nancy and I were going out to buy 
an appliance.
    Now, think for a moment about the information, which we 
gave to this retailer. We gave them our names, our address, our 
zip code, our home telephone number, a picture identification 
card, and our driver's license number to buy a refrigerator. 
This must stop.
    After we did that, the clerk, who recognized me, asked me 
for my Social Security number, and I said, ``No.'' Before I 
said ``no,'' I said, ``I do not think you should be asking me 
for that information. Why are you asking me that information?'' 
She said, ``We ask everybody.'' I said, ``No, I am not going to 
do that.'' I said, ``Check with your supervisor.'' She went and 
checked with her supervisor and came back and said, ``No, we do 
not really need to have that.'' So I just hope that reason can 
prevail as we go forward.
    I hope two things as a result of today's hearing as we move 
on. Number one is that before we get to any legislative fixes 
at all, that people within the sound of my voice will be a bit 
more careful about giving out this very sensitive information 
and doing basically what Mr. O'Carroll suggested, that unless 
you really know there is a legitimate reason why that person 
has to have that information, ``Just say no.'' The second thing 
we need to do, beyond that, is just because it has proliferated 
to the point where it is really quite a crisis and has really 
destroyed some lives, we need to take some legislative action 
to restrict the ability of some folks to be asking for this 
very sensitive information. We are going to move forward on 
that.
    I thanked the folks before who have been working on this 
issue for years but, in my opinion, the time for talk has ended 
and the time for action is now, and we intend to move forward.
    Again, I want to thank all of you for your expert 
testimony, for spending so much time with us today. This 
hearing is concluded.
    [Whereupon, at 12:50 p.m., the hearing was adjourned.]

    [Submissions for the Record follow:]

                           LexisNexis, Letter
                                                         LexisNexis
                                                      Reed Business
                                                       July 3, 2007
The Honorable Michael R. McNulty, Chairman
Subcommittee on Social Security
Committee on Ways and Means
1102 Longworth House Office Building
Washington, DC 20515

Dear Chairman McNulty:

    Reed Elsevier Inc., on behalf of its LexisNexis division, 
appreciates the opportunity to submit comments for the record on Social 
Security number (SSN) privacy. We would like to commend the 
Subcommittee for its leadership on this important issue over the years, 
and hope that our experience in this area will be useful as you develop 
legislation regarding SSNs and identity theft.
    Reed Elsevier is one of the world's leading publishing and 
information companies, employing more than 20,000 people in the United 
States. LexisNexis leads the information industry with the largest 
online information service, providing critical information to legal, 
business, and government professionals. Products and services provided 
by LexisNexis help businesses and government manage risk through fraud 
detection and prevention, identity authentication, and intelligent risk 
scoring and modeling.
    LexisNexis' identity authentication products help detect and 
prevent identity theft and fraud by allowing financial institutions, 
insurance companies, government agencies, and others to determine 
whether people are who they say they are. In addition, LexisNexis 
provides products and services that are used to help professionals 
locate people and assets, support national security initiatives, and 
facilitate background checks on prospective employees. LexisNexis staff 
includes subject matter experts in identity theft, identity management, 
and identity authentication.
    One of the distinguishing aspects of the LexisNexis service is our 
extensive collection of public records information. Use of our public 
records information is an indispensable tool for gathering information 
and providing accurate answers to prevent and detect fraud, verify 
identities, locate individuals, perform due diligence searches, and 
provide risk management solutions and employment screening for 
businesses and governments worldwide. The overwhelming majority of the 
information sources on the LexisNexis service are public in nature, all 
of which are available to the general public through their public 
libraries, the local newsstand or bookstore, or from government 
offices. Many of these public records contain SSNs, which we use for 
indexing, matching and verifying data to help ensure the accuracy of 
the information in our databases.
    LexisNexis is committed to the responsible use of information and 
has been at the forefront of the privacy debate, leading industry 
efforts to balance consumer privacy interests with responsible uses of 
information for important and socially beneficial purposes. We 
recognize that key to the SSN issue is striking the appropriate balance 
between protecting consumer privacy and ensuring that important uses of 
this information can continue. We share the Subcommittee's concern 
about the potential misuse of data for identity theft and other harmful 
purposes. Indeed, in the fight against identity theft, where verifying 
an individual's identity is crucial, information from commercial 
databases such as LexisNexis is absolutely essential.
    Due in large part to the efforts of members of the Subcommittee and 
the important record built through hearings it has held, there has been 
increased recognition of the importance of striking a proper balance 
between protecting privacy and ensuring continued access to SSNs by 
business and government for important and socially beneficial uses. 
There have been other legislative proposals before this committeeand 
other committees to restrict SSNsin a way that would limit many of the 
critical and societally beneficial uses of SSNs. Ironically, such 
restrictions would actually inhibit many of the tools critical to 
fighting identity theft and fraud. We urge the committee to ensure that 
such uses are not restricted as it considers legislation in this area.
    We appreciate the opportunity to provide you with the following 
comments that we hope will be useful to the Subcommittee as it 
considers legislative options. Our comments below focus on the 
following two main areas: First, we will highlight the many important 
business-to-business and business-to-government uses of SSNs. Second, 
we will discuss several important issues that should be considered in 
developing any legislation in this area.

I. Important and Beneficial Uses of SSNs by Business and Government

    Government agencies, businesses, researchers, and others rely on 
information contained in commercial databases to do their jobs. 
Commercial database companies like LexisNexis play a vital role in this 
effort by collecting information from numerous sources and creating 
comprehensive data collections that allow users to easily search and 
locate information. Without this critical public records information, 
the effectiveness of these government agencies, businesses, and 
researchers would be dramatically reduced.
    The use of SSNs is essential for person identification and record 
matching purposes and is critical in ensuring the accuracy of the 
information in these databases. SSNs allow persons to be identified 
accurately and ensure that records for different individuals do not get 
co-mingled, providing a false result. There are more than 43,000 Robert 
Jones' in the U.S. today. How else can someone distinguish one from 
another? A unique identifying number like the SSN is important to 
ensure that information collected about individuals is pertinent and 
accurate.
    The following examples describe some of the important ways in which 
commercial database services, such as LexisNexis, are used by our 
customers to help people, protect consumers, locate missing children, 
prevent fraud, and assist law enforcement efforts:

          Locating sex offenders--SSNs are used to locate 
        registered and unregistered sex offenders. There are more than 
        560,000 sex offenders in the U.S. Approximately 24 percent of 
        these individuals fail to comply with address registration 
        requirements mandated by law. LexisNexis provides products to 
        law enforcement entities to help them locate registered and 
        unregistered sex offenders. Use of SSNs for record matching and 
        retrieval allows law enforcement to locate sex offenders even 
        when the registration address has not been kept current.
          Preventing and investigating terrorist activities--
        The use of commercial databases like LexisNexis is an important 
        tool in the global battle against terrorism. Information 
        provided by LexisNexis was instrumental in locating suspects 
        wanted in connection with the September 11 terrorist attacks. 
        Since September 11, the Department of Justice found that 
        LexisNexis public records were mission critical in bolstering 
        cases against terrorists. As a result, agents, investigators, 
        attorneys, and analysts have full access to LexisNexis public 
        records and other information. The SSNs contained in the 
        LexisNexis database are a critical tool used by the FBI and 
        other federal law enforcement agencies to locate suspects and 
        witnesses and in investigating and building cases against 
        suspected terrorists.
          Locating and recovering missing, abducted and 
        exploited children--LexisNexis has partnered with the National 
        Center for Missing and Exploited Children to help that 
        organization locate missing and abducted children. Locating a 
        missing child within the first 48 hours is critical; after that 
        time, the chance of recovering the child drops dramatically. In 
        many of these cases, it is the non-custodial parent who has 
        taken the child. The use of SSNs is critical in quickly 
        locating the non-custodial parent and recovering the missing 
        child.
          Identifying and preventing fraud--Banks and other 
        financial institutions routinely rely on SSNs to accurately 
        match and retrieve public record information contained in 
        LexisNexis' databases to detect fraudulent credit card 
        applications. Through the use of LexisNexis, credit card 
        companies have significantly reduced losses due to fraud. 
        Insurance companies have experienced similar successes through 
        the ability to use SSNs in data matching and retrieval. The use 
        of SSNs in public records and other sources is key to 
        preventing fraud.
          Locating witnesses and helping make arrests--Lawyers 
        are major users of person locator databases. Use of SSN 
        information in these databases, even when it is not displayed, 
        is critical to tracking down witnesses in connection with civil 
        litigation. Law enforcement agencies also are major users of 
        commercial databases. For example, in 1998, the FBI made over 
        53,000 inquiries to commercial online databases. This 
        information led to the arrests of 393 fugitives and the 
        location of nearly 2,000 suspects and more than 3,000 
        witnesses.\1\
---------------------------------------------------------------------------
    \1\ Statement of Louis J. Freeh, Director, Federal Bureau of 
Investigation, before the U.S. Senate Committee on Appropriations 
Subcommittee for the Departments of Commerce, Justice, State and the 
Judiciary and Related Agencies, March 24, 1999.
---------------------------------------------------------------------------
          Preventing and investigating financial crime--
        LexisNexis provides information to the Financial Crimes 
        Enforcement Network (FinCEN), which supports federal, state and 
        local law enforcement agencies in financial investigations and 
        is heavily reliant on SSNs in these investigations. In 
        addition, LexisNexis worked with the American Bankers 
        Association to develop best practices to be used by banks and 
        other financial institutions to prevent money laundering and 
        ensure compliance with the USA PATRIOT Act. The use of SSNs by 
        financial institutions to verify and validate information about 
        prospective customers is critical to the success of that 
        program.
          Recovery of child support and other debts--Public and 
        private agencies rely on SSNs and other information contained 
        in information solutions and services products to locate 
        persons who are delinquent in child support payments, other 
        lawful debts, and to locate and attach assets in satisfying 
        court-ordered judgments. The Association for Children for 
        Enforcement of Support (ACES), a private child support recovery 
        organization, has stated that SSNs are the most important tool 
        for locating parents who have failed to pay child support. ACES 
        has had tremendous success using LexisNexis products to locate 
        nonpaying parents.
          Helping locate pension fund beneficiaries--The task 
        of locating former employees is becoming increasingly 
        difficult. Americans move on average every five years, 
        particularly when they change jobs. Their names may change as a 
        result of marriage or they may list slightly different names 
        (e.g., leaving out a middle initial) on employment documents. 
        To ensure that pension fund beneficiaries receive the money 
        owed them, plan administrators and sponsors are required by 
        federal law to use a commercial locator service, such as 
        LexisNexis, to search for missing pension beneficiaries. These 
        services are by far the most cost-effective and efficient way 
        to find these former workers. Pension Benefit Information, a 
        leading service locating these workers, reports that searching 
        with a retiree's SSN results in an 85-90 percent success rate 
        in locating an individual, compared to a success rate of only 8 
        percent without use of this information. Loss of SSNs from 
        public records and commercial locator services would 
        dramatically increase the costs of locating former employees. 
        Moreover, in many cases, employers would be unable to find 
        former employees, resulting in a loss of pension benefits to 
        the individual.

II. Important Issues To Be Considered in Developing Legislation

    We applaud members of the Subcommittee for recognizing legitimate 
business and government uses of SSNs, and we will continue to work with 
the Subcommittee to help ensure that any legislation accomplishes its 
important objective of preventing the misuse of SSNs, while ensuring 
the continued use of SSNs for legitimate business and government uses. 
There are several important issues that should be considered by the 
Subcommittee in developing any legislation in this area. Our specific 
comments are focused in the following four areas:

A. Business-to-Business and Business-to-Government Exemptions

    It is critical that any legislation restricting access, use or 
display of SSNs contain exceptions for important business-to-business 
(B-to-B) and business-to-government (B-to-G) uses. Among the exemptions 
needed are those that would preserve uses permitted under the Gramm-
Leach-Bliley Act (GLBA) and the Fair Credit Reporting Act (FCRA). It is 
critical to ensure the continued use of SSNs consistent with GLBA for 
identity authentication and verification to assist in fraud detection, 
prevention, and investigation efforts, to perform an array of 
background checks, and to effectuate and enforce transactions requested 
by the consumer. Similarly, an exception should be included to ensure 
the continued use of SSNs for the permissible purposes under the FCRA.
    Moreover, it will be important to ensure that any legislation 
clarifies the scope of exemptions for law enforcement or national 
security purposes to ensure that information service providers, such as 
LexisNexis, can continue to access and acquire this information to be 
able to provide information tools to its law enforcement customers, as 
well as to users who, although not government officials, undertake law 
enforcement activities. Groups with which LexisNexis works, such as the 
National Center for Missing and Exploited Children, would be severely 
hampered if they could no longer access databases containing SSNs to do 
their jobs.
    If the law enforcement/national security exemption included in 
legislation is too narrowly crafted to only include government law 
enforcement agencies, many of the important law enforcement and 
national security applications performed by non-governmental entities 
will be excluded. Finally, exceptions should be included for locating 
individuals, pension fund beneficiaries, missing heirs, and individuals 
delinquent in the payment of child support or other debts.

B. Public Records

    The issue of SSNs in public records is highly complex, and 
legislation in this area will have far-reaching implications. As 
explained above, public records are an important source of information 
used by LexisNexis in compiling data for our online service. We 
routinely use SSNs in public records to accurately match records from 
disparate data sources and to enhance the accuracy of record retrieval. 
In addition, our clients, including financial institutions, insurance 
companies, government agencies and others routinely rely on our public 
record databases containing SSNs for identity verification and 
validation purposes, to identify, prevent, and investigate identity 
theft and fraud and for other important purposes.
    When we refer to public records, we mean government records that 
typically and historically have been made available to the public. 
Examples of public records include titles to real property, real 
property tax assessor records, bankruptcy records, judgments, liens, 
state professional licenses (and their suspension and revocation), 
corporation filings, and death records. This information traditionally 
has been available to members of the general public upon request.
    As the General Accounting Office confirms in its June 2007 Report 
to Congressional Requesters on Social Security numbers, redacting SSNs 
from public records would be a difficult and challenging process.\2\ 
The summary of results reports that removal or truncation of SSNs in 
all public records may be ``costly and may not fully protect SSNs.'' 
For example, the report states that it cost Palm Beach County more than 
$2 million to complete software and manual removal of SSNs and other 
identifiers in approximately 40 million pages of records (Report at 
25). In small cities or towns that do not have the resources to remove 
or truncate SSNs in public records, many may choose to simply cut off 
access to these records.
---------------------------------------------------------------------------
    \2\ See GAO Report 07-752 on Social Security Numbers (June 2007) 
(``Report'').
---------------------------------------------------------------------------
    Public records are a unique class of information that historically 
has been made available for public inspection. Therefore, we are 
concerned about any limits on the dissemination of this information. 
Any legislation being considered should provide an exception for an SSN 
that is incidental to the sale or provision of a document lawfully 
obtained from the Federal Government or state or local government made 
available to the general public, or from a document that has been made 
available to the general public via widely distributed media. This is 
the approach taken in S. 1208 and S. 1178.

C. Rulemaking

    The proposed rulemaking provisions in some of the proposals being 
considered provide only limited guidance and wide discretion that could 
result in excessively restricted access to SSNs. Legislation should 
clearly delineate the restrictions on the sale and purchase of SSNs and 
provide a complete list of exceptions. To the extent that any 
rulemaking language is included, any discretionary authority should be 
limited, and the factors to be considered in promulgating the 
regulations limited to those specific factors necessary to balance 
restrictions on use and continued use of SSNs by legitimate businesses.

D. Preemption

    Given the uniquely federal nature of SSNs and their importance to 
businesses engaged in interstate commerce, legislation regulating the 
use of SSNs should preempt state laws. It is important that a single, 
national law governing the sale, purchase, and display of SSNs be 
applied consistently on a nationwide basis.
    LexisNexis is committed to the responsible acquisition and use of 
SSNs and other personally identifiable information. LexisNexis shares 
the Subcommittee's concern about the potential misuse of this 
information for identity theft and other harmful purposes. 
Nevertheless, as many of the Subcommittee members and witnesses 
recognized during the June 21 hearing, legitimate uses of SSN 
information are absolutely essential in the fight against identity 
theft and fraud and other important uses. Congress should not take any 
steps that would jeopardize the usefulness of such services.We thank 
the Subcommittee for having held this hearing on these important 
issues, and look forward to working with the members of the 
Subcommittee and others to develop an appropriate solution.
    We appreciate the opportunity to submit comments and hope that our 
comments will help the Subcommittee as it considers these issues and 
develops legislation. If you have any questions, please call me at 202/
857-8253 or Steve Emmert of my staff at 202/857-8254.
            Sincerely,

                                                    Steven M. Manzo
                                 Vice President, Government Affairs

                                 

         Bruce Hulme, Legislative Director, National Council of
             Investigation and Security Services, statement
    Thank you for the opportunity to provide testimony on protecting 
the privacy of the Social Security number from identity theft. I am 
Bruce Hulme, Legislative Director of The National Council of 
Investigation & Security Services (NCISS) which represents professional 
private investigators and security officers across the nation.
    Our members agree that personal data, including Social Security 
numbers (SSNs), should not be readily disseminated and available to 
anyone with an Internet connection and a few dollars. We support 
efforts to limit the sale of the SSN except where there is a legitimate 
need for it. NCISS supports prohibitions on the display of Social 
Security numbers on checks, drivers' licenses and employee ID badges. 
These provisions were in legislation previously considered by the Ways 
and Means Committee.
    We support the prohibition of the sale of personal data over the 
Internet to the general public. Such a prohibition, along with 
limitations on the use of the number on the documents cited above, 
would solve many of the issues related to identity theft. It is 
critical, however, that care be taken to provide clear exceptions for 
purposes that serve the public good. The exceptions in Section 3, as 
reported by the Energy and Commerce Committee, are insufficient and 
would result in unintended consequences.
    Financial institutions, schools, state and local governments and 
others have used the SSN as an identifier because it is uniquely 
attached to an individual. Private investigators have utilized the SSN 
for the same reason. It is the best way to assure that the John Smith 
we're attempting to locate is the correct John Smith, and not one of 
50,000 others.
    There are many John Smiths sharing the same birthday and living in 
the same town. Often the Social Security number is the only way to 
distinguish people sharing a name and other identifiers.
    Section 3 of HR 948 would deny private investigators access to this 
unique identifier by making it unlawful to sell or purchase the number. 
This will affect the accuracy of databases we access to locate the 
right John Smith. The SSN is also critically important for identifying 
women who often change surnames through marriage and divorce. The SSN 
does not change and allows us to locate these otherwise difficult to 
find witnesses. In California, database searches led directly to 
witnesses who recanted testimony and helped free a man wrongly 
imprisoned for twenty years. Without the ability to use the database, 
it is unlikely these witnesses would have been located.

Due Process Issues

    The exceptions listed in Section 3(b)(3) include one for law 
enforcement. The absence of an exception for private investigators 
denies a critical tool to persons accused of crime. This is 
particularly important for indigent defendants because of the small 
expense budgets available to public defenders and appointed counsels. 
They need a cost effective way to locate witnesses. They don't have the 
resources of the state. The lack of such an exception provides an 
obvious due process issue where the police have access to a database 
not available to defendants.

Civil Trials

    These disparities can exist in civil cases as well. An individual 
consumer considering a lawsuit against a major corporation will be 
disadvantaged if this inexpensive tool for locating witnesses is made 
unavailable. Some meritorious cases would likely never be brought.
    In both civil and criminal trials, justice is served best by all 
parties getting access to all possible witnesses. Access to a fair 
trial is a fundamental right of American citizens. Without the ability 
to identify and locate all witnesses, that right is threatened.
    Investigators do not have access to the central criminal history 
database that law enforcement officials do, so it is essential to have 
addresses when seeking information about prior convictions. With prior 
address data, investigators know which courthouse records to search. 
Without the address, we may not even know in which states to look. This 
information is important for more than pre-employment purposes. In both 
civil and criminal trials, attorneys need to know the backgrounds of 
witnesses and potential witnesses.
    In testimony before this Subcommittee last year, I described how I 
was able to solve a case in which a 97 year old New Yorker was robbed 
of hundreds of thousands of dollars by a caregiver who attempted to 
hide his ill-gotten gains with relatives in South Carolina. Had I not 
been able to use a database, I never would have known to look for 
records in that state in which the funds were used to purchase real 
estate and for other purposes.

Fighting White Collar Crime

    It is no secret that law enforcement does not have all the 
resources it needs to fight white collar crime, including identity 
theft. That crime is difficult to solve and often involves multiple 
jurisdictions. Many victims turn to investigators for assistance. In 
some instances, when accessing databases investigators have discovered 
that the criminal is using multiple SSNs. Under HR 948, we would be 
denied that information, which can assist other victims besides our 
client. In one instance we cited in testimony last year, a private 
investigator solved a case that authorities would not investigate 
because the client's $80,000 in losses did not meet or exceed the law 
enforcement agency's minimum threshold to investigate. Using the SSN, 
the investigator discovered that a former employee had stolen the 
client's identity and had three aliases and at least three SSNs.
    The SSN is critical to investigators for conducting other fraud 
investigations as well. It can be particularly important for matters 
involving theft of intellectual property, ranging from copyrighted 
music and motion pictures to design of computer chips.
    These databases, using the SSN, have also been important for 
locating lost heirs and enforcing child support orders. Last year, the 
committee also heard from a witness about how critical the information 
can be for assisting in finding pension beneficiaries.
    We urge that a new exception be added to HR 948 in Section 3(b)(3):
    ``to identify or locate missing or abducted persons, witnesses, 
criminals and fugitives, persons suspected of fraud, persons who are or 
may become parties to litigation, parents delinquent in child support 
payments, organ and bone marrow donors, pension fund beneficiaries, 
missing heirs and persons material to due diligence inquiries.''
    During consideration of S-1178, the Senate Committee on Commerce, 
Science and Transportation adopted an amendment including similar 
language. Such an exception would permit appropriate uses of databases. 
NCISS supports strong sanctions for anyone who would misuse this data.
    Our association stands ready to assist the Committee as it develops 
legislation to protect Social Security numbers.

                                 

          National Organization of Social Security Claimants'
        Representatives, Englewood Cliffs, New Jersey, statement
    I am the Executive Director of the National Organization of Social 
Security Claimants' Representatives (NOSSCR). Founded in 1979, NOSSCR 
is a professional association of attorneys and other advocates who 
represent individuals seeking Social Security disability and 
Supplemental Security Income (SSI) disability benefits. NOSSCR members 
represent these individuals with disabilities in proceedings at all SSA 
administrative levels, but primarily at the hearing level, and also in 
federal court. NOSSCR is a national organization with a current 
membership of nearly 3,900 members from the private and public sectors 
and is committed to the highest quality legal representation for 
claimants.
    As demonstrated by the testimony at the Subcommittee hearing on 
June 21, 2007, the impact of identity theft on individuals can be 
catastrophic. The cost of recovering from identity theft has the 
potential to be astronomical and it can take years to repair the 
damage. Given the repeated warnings from agencies, including the Social 
Security Administration (SSA), our Statement for the Record describes 
what we believe is an unnecessary requirement by SSA that attorneys and 
others who represent claimants repeatedly disclose their own Social 
Security numbers (SSNs).

BACKGROUND

    The Internal Revenue Service has advised SSA that it must set up a 
procedure to issue Forms 1099-MISC to attorneys and eligible non-
attorneys who receive direct payment of fees for representation from 
SSA.
    The IRS Forms 1099-MISC will first go out in January 2009, covering 
fee payments made in calendar year 2008. SSA plans to issue Forms 1099-
MISC to all appointed claimants' representatives who receive payment of 
aggregate fees of $600 or more in a calendar year. Generally, the 
payment amounts will be reflected in Box 7 (Nonemployee compensation) 
on Form 1099-MISC. This includes representatives who are sole 
proprietors and those who have made the election to the IRS to be 
classified as a single-member Limited Liability Company (LLC) or 
single-member Limited Liability Partnership (LLP).
    In those situations where SSA is notified that the representative 
is an employee or partner, and the firm or other entity provides the 
necessary taxpayer information via this registration process, SSA will 
issue two Forms 1099-MISC:

          One Form 1099-MISC will be issued to the 
        representative reflecting aggregate payments made to the 
        representative in his or her capacity as an employee or partner 
        in Box 14 (Gross Proceeds Paid to an Attorney).
           The other Form 1099-MISC will be issued to the firm 
        or other entity reflecting aggregate payments made to its 
        employees/partners in Box 7.

    The IRS has indicated to SSA that, while it performs a matching 
process for amounts reported in Box 7 of the Form 1099-MISC, it does 
not match against the amounts reported in Box 14. Box 14 might be 
termed ``nonactionable'' and is not used by the IRS to match with 
income reported on that individual's tax return. NOSSCR has urged SSA 
to work with the IRS to eliminate this ``nonactionable'' reporting, 
which seems to serve no purpose.

THE REGISTRATION PROCESS

    Starting January 1, 2007, SSA will make direct payment (through fee 
withholding) only to those attorneys and eligible non-attorneys who 
have completed the registration process.\1\ As described below, there 
are three forms that must be filed. Two forms are filed one-time only. 
However, one form, SSA-1695, must be filed for every new client and it 
is this form that requires disclosure of the representative's own SSN.
---------------------------------------------------------------------------
    \1\ SSA provides an explanation of the new registration process at 
its website: http://www.ssa.gov/representation/
direct_payment_of_approval_fees_forms_1099.htm.
---------------------------------------------------------------------------
    STEP ONE: All attorneys and eligible non-attorneys who want to 
receive direct payment of fees must complete and submit Form SSA-1699, 
``Request for Appointed Representative's Direct Payment Information.'' 
In addition, law firms, partnerships, corporations and multi-member 
LLCs/LLPs that have attorneys and/or non-attorney representatives as 
partners or employees who receive direct payment should provide tax ID 
information for that business entity, using Form SSA-1694, ``Request 
for Business Entity Taxpayer Information.'' Both of these forms, the 
SSA-1699 and SSA-1694, are submitted one time only. They also can be 
submitted online through a secure site.
    STEP TWO: In contrast, attorneys and eligible non-attorneys must 
submit the new Form SSA-1695, ``Identifying Information for Possible 
Direct Payment of Authorized Fees,'' in every case where they become 
the representative on or after January 1, 2007.
    This form is completed by the individual representative, not the 
firm, for each client. It must be filed in the SSA field office and in 
paper form only. Unlike the other two forms (which are submitted one 
time only), Form SSA-1695 cannot be filed online. The form requires not 
only the client's Social Security number (SSN), but also the 
representative's SSN. In addition, the firm's Employment Identification 
Number (EIN) must be included. The instructions which appear at the 
bottom of the form state, ``To SSA Staff: After the information on this 
form is entered into the appropriate system(s), immediately shred the 
form. Under no circumstances should this form be scanned, placed in a 
claims file or otherwise retained.''
    Our main concerns with the new registration process relate to use 
of the Form SSA-1695. Attorneys and eligible non-attorneys are 
understandably uneasy about the prospect of their SSNs appearing on the 
SSA-1695s. We have contacted SSA about our concerns regarding 
confidentiality and the increased potential for identity theft and have 
recommended alternative ways to deal with the process.

          First, we believe that there is no reason to require 
        the representative to include his or her SSN. In most cases, 
        the law firm employing the attorney (as a solo practitioner, 
        partner or associate) is the entity that is responsible for 
        payment of income taxes on the fees received. And, the attorney 
        is required to provide that law firm's EIN on the SSA-1695.
          Unlike the other two new forms in the new 
        registration process (Forms SSA-1694 and SSA-1699), the SSA-
        1695 cannot be completed online and only a paper copy can be 
        submitted to the SSA field office. While SSA instructions state 
        that district office workers must shred the forms after 
        processing the information, we have received reports from some 
        NOSSCR members that mistakes are being made and that, in some 
        cases, these forms are appearing in claims folders.
          In our interactions with SSA, we have maintained that 
        the form should require only the submission of the EIN for the 
        firm that is liable for payment of the taxes. We also have 
        proposed an alternate individual identifier, such as a PIN.

CONCLUSION

    We believe that these repeated disclosures of a representative's 
SSN on Form SSA-1695 are unnecessary and, potentially, an invitation to 
identity theft. We are constantly bombarded with warnings from many 
sources, including SSA, about privacy concerns and protection of our 
SSNs. From attorney bar rosters to health insurance to state 
departments of motor vehicles, we are told not to maintain records 
according to SSNs and to use other identifiers. Because of concerns 
with possible SSN misuse, many NOSSCR members have now opted to sign up 
for credit protection service.

    Questions for SSA regarding this process include:

          Why must the SSN be submitted in every case, through 
        an unsecure process, when in fact SSA already has this 
        information from the secure one-time filing?
          If SSA must have this information on this particular 
        form, why can't this information be submitted in a secure 
        manner?
          How can SSA guarantee that the representatives' SSNs 
        will not be subject to identity theft?


                                 

                 Property Records Industry Association,
                 Morrisville, North Carolina, statement
    As you most assuredly are aware, the hottest buzzwords of the 
millennium include ``Identity Theft'' and ``Personally Identifiable 
Information.'' Everyone is wrestling with what is the solution to the 
problem of protecting individual privacy rights while at the same time 
encouraging commerce and improving compliance with government 
regulations.
    When serious consideration is given to the various facets of this 
topic, it quickly becomes clear that there is no easy, ``one-size-fits-
all'' solution. There are many factors to be considered. However, there 
is little disagreement that something needs to be done to counter the 
abuses that undermine faith in existing institutions.
    The Property Records Industry Association (PRIA) is a coalition of 
public and private participants of the property records industry, 
cooperating to formulate positions on issues of common interest. Among 
other objectives, the Association works to identify problems, 
opportunities and solutions that will make property records systems 
more efficient, effective and responsive to the public. The Association 
also works to identify areas of consensus within the industry, leading 
to recommendations for national standards pertaining to recordable 
documents.
    PRIA began seriously engaging the issue of social security numbers 
appearing in real estate documents in early 2003. As part of its Winter 
Conference in March 2003, PRIA hosted a ``Privacy/Access Roundtable'' 
in Washington DC. At the conclusion of the Roundtable, PRIA moved to 
establish a Privacy/Access Workgroup. The workgroup then initiated an 
email listserv discussion around a number of privacy-in-public-records 
topics. Those discussions led to various presentations and open forum 
sessions at PRIA conferences in 2003 and 2004. In July of 2004, PRIA 
was invited to testify before the House Ways and Means Committee Social 
Security Sub-Committee regarding HR 2971, the Social Security number 
Privacy and Identity Theft Prevention Act of 2003. Both PRIA Winter and 
Summer conferences in 2005, 2006 and 2007 include presentations and 
open forum discussions of this privacy and information security 
dynamic. PRIA wrote a White Paper in January of 2006 titled, ``Privacy 
and Public Records: Making Practical Policy'' and drafted Model 
Legislation called the ``Social Security number and Privacy Protection 
Act'' (SSNAPP Act) in July of 2006 (see Appendix A). Our focus is on 
the importance of social security numbers to the real estate and public 
record industry.

Identity theft

    Before the turn of the last century, one would have to take a ride 
on horseback to the county seat to pull the original Deed books to find 
information about a parcel of real estate. This is the concept of 
``practical obscurity'' of public records--personal information could 
be found in a public record, but there was little risk of harm to an 
individual because someone had to take the time to search the records 
at the recorder's office.
    Technology undeniably has had a significant impact on access to 
public records. Technological developments raise concerns about how 
much information is too much information and whether there should be 
global access to public records.
    It is a common misconception that easy access to public records has 
facilitated identity theft or land fraud. While posting documents that 
contain certain key information on the Internet, such as credit card 
numbers, social security numbers, and signatures, can provide a 
criminal with some of the information needed to commit identity fraud 
or theft, there is no evidence to support any claim that this is 
systematically being done to perpetuate identity theft crimes. There 
are many easier, and far more efficient, ways for identity thieves to 
obtain this information in today's world, as opposed to combing through 
public records and hoping to find something--a ``needle in the 
haystack'' approach.
    That being said, a proactive approach to apply greater discretion 
to what public land record information is disclosed online is a 
reasonable approach to discourage the use of public land records to 
perpetuate identity theft and fraud. An accommodation between 
information privacy and access is appropriate and necessary.
    It is important in any discussion involving the protection of 
social security numbers that legislators consider the full impact of 
these actions on their constituents as well as the industries that 
serve them. Public land records contain information critical to the 
economy of the United States because much of the information collected 
by the private sector comes from public records and that information is 
key to the proper function of the real estate industry. Both the public 
custodians and the private business sectors that use the public records 
to facilitate critical functions within the real estate transaction; 
i.e. listings, mortgages, title insurance, closings, escrows and 
others; need to be considered when deciding how best to protect social 
security numbers from identity theft.

The Role of Public Records in Combating Identity Theft and Fraud

    It is important to understand that access to public records data is 
actually a very effective weapon in combating identity fraud and theft. 
Social security numbers compiled from public records (including court 
records) have proven to be the most reliable tool in verifying an 
individual's identity, which helps prevent the rapid increase in 
identity fraud victims. Commercial databases compiled using public 
records for identity authentication are routinely used to detect fraud, 
including credit card application fraud, insurance application fraud, 
and other types of fraud. Thus, efforts to restrict the collection and 
use of personal information contained in public records, though well 
intended, actually may hinder efforts to prevent identity theft by 
depriving businesses, government and law enforcement officials of 
valuable data that is used to authenticate identities and protect the 
public. Security must be balanced with access.

Prohibiting Complete Social Security Numbers on Public Land Records

    As you review testimony to enhance the privacy of your 
constituents, most are more than likely looking to prohibit the use and 
disclosure of an individual's social security number in public records. 
However, it is important to understand for which purposes and how 
social security numbers are used by government and the private sector, 
as well as what impact redaction and truncation have on record 
custodians, business, and the public.

Privacy Focus: Social Security Numbers

    A number of privacy advocates warn that the display of social 
security numbers in public records must be reduced as they are a 
primary piece of information in the commission of identity theft 
crimes. At least forty-one states and the District of Columbia maintain 
at least one record that displays an individual's social security 
number, according to a U.S. Government Accountability Office (GAO) 
study conducted in November 2004. Given the nature of the social 
security number as a unique identifier for important records and 
services, advocates are concerned that display of the numbers in public 
records makes it easier for identity thieves, both domestic and 
international, to obtain new credit and bank accounts in the names of 
their victims.
    As outlined in a white paper created by the PRIA, ``Privacy and 
Public Land Records: Making Practical Policy'' available for your 
review at www.pria.us, under a section entitled ``Identity Theft,'' at 
this time there does not appear to be evidence supporting the claim 
that information derived from public records, including social security 
numbers, is systematically used to perpetuate identity theft crimes. 
That being said, it is reasonable to expect that government should, and 
must, institute reasonable safeguards to protect citizens from becoming 
victims of identity theft as a result of public land record abuse.

Legitimate Business and Government Uses of the Social Security Number

    Several legitimate business and governmental uses exist for social 
security numbers. These include preventing and investigating terrorist 
activities, locating and recovering missing children, identifying and 
preventing fraud, locating witnesses and helping make arrests, 
preventing and investigating financial crime, enforcing child support 
obligations and government assistance programs, helping locate pension 
fund beneficiaries, helping locate blood, bone marrow, and organ 
donors, contributing to important medical research efforts,notifying 
families about environmental hazards. The benefits gained from the 
legitimate use of a social security number need to be balanced with the 
potential for abuse.

Balancing Benefits Versus Abuse of Public Records/Access to Social 
        Security Numbers

    The Federal Government, states and businesses are either legally 
obligated, or choose to voluntarily control, the disclosure of records 
containing social security numbers. While privacy advocates call for 
greater control of access to social security numbers in public records, 
such a restrictive approach would threaten the ability of the 
government and businesses to accurately and efficiently verify the 
identification of citizens or consumers and authenticate that they are 
who they say they are.
    Identity thieves are using a number of methods to obtain personal 
identification information, including ``phishing'' scams in which 
thieves send bulk or targeted emails to consumers impersonating 
legitimate businesses asking consumers to provide personal information 
such as social security numbers. ``Phishing'' has recently been 
expanded to include ``spear-phishing.'' ``Spear-phishing'' is where 
identity thieves send bulk or targeted emails falsely appearing as a 
commanding officer, in the case of military personnel, or as a superior 
or executive within an organization. These thieves ask that the 
employee email the supervisor or executive, at the false email address, 
their personal information to update records or to confirm their 
personal information. Another new scam is ``pharming,'' where identity 
thieves redirect visitors from legitimate websites to ``spoofed'' 
websites (websites which look legitimate, but are not), and then 
collect personally identifiable information from these visitors.
    It is important then that any legislative or regulatory attempts to 
restrict the access to, the display of, or use of social security 
numbers in public land records should carefully weigh the actual threat 
of identity theft with the efficient and current use of social security 
numbers in public land records by state and local governments, business 
and citizens.

Considerations for Federal Legislation

    Prior to the development of federal legislation that affects the 
use of social security numbers and other data elements in public 
records policymakers should consider the following points:

          Before exempting any specific data element from 
        collection by a government entity or from disclosure to the 
        public, policymakers should first set out to understand what 
        records contain that data element and the reason for its 
        presence in that record. Data elements are necessary in certain 
        records and have a clear purpose. For example, without complete 
        social security numbers in certain critical documents, such as 
        tax liens, government and the private sector lose the ability 
        to match data about individuals. Studying the potential impact 
        of redaction or limits on collection of information is highly 
        recommended before making any policy changes. Policymakers 
        should solicit direct input from the custodians of the records 
        and those that use them to determine how a proposed policy will 
        affect the records themselves as well as the ability of 
        custodians to perform their duties.
          Policymakers must identify, or provide, funding 
        mechanisms to carry out the redaction of public records so as 
        to avoid an unfunded mandate. In this regard, a ``go forward'' 
        recording fee for creating electronic versions of all recorded 
        documents could be used to carry out the redacting process as 
        well.

Suggested Elements for Social Security Number Legislation

    The PRIA has drafted model legislation, the Social Security number 
and Privacy Protection Act (SSNAPP Act), which is included in Appendix 
A and incorporates the elements below.

Legislation Relating to Public Records Should be on a ``Day-Forward'' 
        Basis

    Any legislation impacting a governmental agency's acceptance, 
redaction, or truncation of documents which contain social security 
numbers should be effective on a ``day-forward'' basis only. This means 
that any legislation should not require redaction or expungement of 
records already filed or recorded.
    In particular, recorders will be faced with a nightmarish task of 
redacting records that are already filed, or recorded, including those 
in other mediums such as microfilm or microfiche. Depending on the 
method used for redaction, the recorder may be faced with managing two 
databases or two sets of redacted documents. It is possible that 
mistakes or omissions could occur in the public record if recorders are 
required to manage and maintain two sets of databases, or redacted and 
unredacted images. Redaction of official records and updating archival 
and security copies could mean having to delve into technology or 
methods of preservation that are no longer available to the recorder or 
archiving facility.

Immunity of Recorders

    Recorders are custodians, or stewards, of the information they are 
required by law to maintain. It should be the responsibility of 
document preparers and individual consumers, and not recorders, to make 
sure that documents presented to recorders for recording do not contain 
social security numbers if the inclusion of social security numbers is 
prohibited by law. Therefore, recorders should be immune from suits 
relating to documents filed or recorded that include social security 
numbers, and any liability should be imposed on the document preparers.

Authority to Redact Post Effective Date

    Model legislation may grant recorders the authority to redact 
social security numbers from documents that are recorded after the 
effective date of that legislation. This authority should not affect 
the integrity of the original recorded document. This can be 
accomplished by masking the information available to the general 
public, for example, on the Internet, using redaction software that 
allows disclosure of the unredacted image on certified documents used 
for official purposes, such as probate.
    This provision provides an important ministerial function--that of 
providing certified copies of records from government offices. 
Certification of public documents requires recorders and clerks to 
provide an exact copy of a recorded document. Recorders need to be 
explicitly empowered to redact the social security number after the 
effective date of the legislation, without compromising the integrity 
of future certified copies.

Voluntary Redaction by Public Prior to Delivery for Recording

    Legislation may grant members of the general public the opportunity 
to remove social security numbers and other private identifying 
information prior to the filing of their documents, such as provided in 
Texas (Texas Property Code Section 11.008). This provision removes 
discretionary issues from the government official and provides members 
of the general public with a self-help remedy if they are concerned 
about the privacy of their personally identifiable information. We 
recommend an individual be able to remove, or request removal of, a 
social security number or other personally identifiable information 
from the document before or after it is recorded.
    Recorders Not to Redact Information from Documents to be Recorded
    Legislation may provide that recorders not have the responsibility 
of redacting social security numbers or other personally identifiable 
information from documents prior to recording. Recorders would continue 
to record whatever they receive.
    This provision continues the important ministerial, non-
discretionary function--that of creating a public record of documents 
exactly as they were presented to the government offices. Certification 
of public documents then complies with the recorders' and clerks' 
responsibility to provide an exact copy of the document as it was when 
recorded.

CONCLUSION

    Practical and informed policy making is a must to further solidify 
the integrity of our public records system and to achieve a meaningful 
balance between the public's concern about privacy and businesses' 
legitimate use of data. Enlightened policymakers have an opportunity to 
resolve these issues in a way that empowers consumers, enables 
business, and enhances our nation's economy.

                               __________

Appendix A

SOCIAL SECURITY NUMBER AND PRIVACY PROTECTION ACT

1. Definitions

    (a) ``Personally Identifiable Information`` means one or more of 
the following specific unique identifiers when combined with an 
individual's name:

        (1)  Soocial security number.
        (2)  Driver's license number or state identification card 
        number.
        (3)  Financial institution account number, credit, debit or 
        charge card number.
        (4)  Date of birth.

    (b) ``Preparer'' means the person or entity who creates, drafts, 
edits, revises or last changes the documents that are recorded with the 
[Recorder].

2. Inclusion of Personally Identifiable Information

    The Preparer of a document shall not include an individual's 
Personally Identifiable Information in a document that is prepared and 
presented for recording in the office of the [Recorder]. This Section 
shall not apply to documents that were executed by an individual prior 
to the effective date of this Act. All documents described by this Act 
are subject to inspection and copying by the public.

3. Reduction on Recorder's Publicly Available Internet Web site

    If a document that includes an individual's Personally Identifiable 
Information was recorded with the [Recorder] and is available on the 
[Recorder's] public Internet website, the individual may request that 
the [Recorder] redact such information from the Internet record. The 
[Recorder] shall establish a procedure by which individuals may request 
that such Personally Identifiable Information be redacted from the 
Internet record available on the [Recorder]'s public Internet website, 
at no fee to the requesting individual. The [Recorder] shall comply 
with an individual's request to redact Personally Identifiable 
Information.

4. Liability of Preparer

    A Preparer who enters Personally Identifiable Information in a 
document that is prepared and presented for recording is liable to the 
individual whose Personally Identifiable Information appears in the 
recorded public document in violation of Section 2 of this Act for 
damages of up to five hundred dollars ($500.00) for each act of 
recording.

5. Liability of Recorder

    The [Recorder] shall not be liable for any claims arising from a 
violation of this act.

6. Applicability

    (a) This Act shall not apply to state or federal tax liens, 
certified copies of death certificates or other documents required by 
law to contain Personally Identifiable Information that are filed or 
recorded in the office of the [Recorder].

7. Effective Date This Act shall be effective on___.

                                 
