[House Hearing, 112 Congress]
[From the U.S. Government Publishing Office]
SOCIAL SECURITY'S DEATH RECORDS
=======================================================================
HEARING
before the
SUBCOMMITTEE ON SOCIAL SECURITY
of the
COMMITTEE ON WAYS AND MEANS
U.S. HOUSE OF REPRESENTATIVES
ONE HUNDRED TWELFTH CONGRESS
SECOND SESSION
__________
FEBRUARY 2, 2012
__________
Serial No. 112-SS13
__________
Printed for the use of the Committee on Ways and Means
----------
U.S. GOVERNMENT PRINTING OFFICE
78-179 PDF WASHINGTON : 2013
For sale by the Superintendent of Documents, U.S. Government Printing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800;
DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC,
Washington, DC 20402-0001
SUBCOMMITTEE ON SOCIAL SECURITY
SAM JOHNSON, Texas, Chairman
KEVIN BRADY, Texas XAVIER BECERRA, California,
PATRICK J. TIBERI, Ohio Ranking
AARON SCHOCK, Illinois LLOYD DOGGETT, Texas
RICK BERG, North Dakota SHELLEY BERKLEY, Nevada
ADRIAN SMITH, Nebraska FORTNEY PETE STARK, California
KENNY MARCHANT, Texas
Jon Traub, Staff Director
Janice Mays, Minority Chief Counsel
Pursuant to clause 2(e)(4) of Rule XI of the Rules of the House, public
hearing records of the Committee on Ways and Means are also published
in electronic form. The printed hearing record remains the official
version. Because electronic submissions are used to prepare both
printed and electronic versions of the hearing record, the process of
converting between various electronic formats may introduce
unintentional errors or omissions. Such occurrences are inherent in the
current publication process and should diminish as the process is
further refined.
C O N T E N T S
__________
Page
Advisory of February 2, 2012, announcing the hearing............. 2
WITNESSES
PANEL 1:
Honorable Michael J. Astrue, Commissioner, Social Security
Administration................................................. 6
PANEL 2:
Jonathan Eric Agin, Esq., Arlington, Virginia.................... 61
Stuart K. Pratt, Chief Executive Officer, Consumer Data Industry
Association.................................................... 68
John D. Breyault, Vice President of Public Policy,
Telecommunications and Fraud, National Consumers League........ 77
Honorable Patrick P. O'Carroll, Jr., Inspector General, Social
Security Administration........................................ 85
Patricia W. Potrzebowski, Ph.D., Executive Director, National
Association for Public Health Statistics and Information
Systems, Silver Spring, Maryland............................... 92
QUESTIONS FOR THE RECORD
Honorable Michael J. Astrue...................................... 110
Stuart K. Pratt.................................................. 115
Honorable Patrick P. O'Carroll, Jr............................... 119
Patricia Potrzebowski............................................ 123
SUBMISSIONS FOR THE RECORD
AAGHSC, statement................................................ 130
AGRWD, statement................................................. 131
Alex Friedlander, statement...................................... 132
Al Poulin, statement............................................. 133
Andrea Dudley, statement......................................... 134
Anita Scarborough, statement..................................... 135
Anthony DiBartolo, statement..................................... 136
APG, statement................................................... 137
APPFA, statement................................................. 142
Arthur Whelan, statement......................................... 144
Bette Ritchotte, statement....................................... 145
Blanch Wallace, statement........................................ 146
CAFG, statement.................................................. 147
Charlene Pipkin, statement....................................... 151
Charles Green, statement......................................... 152
Christine Rauckis, statement..................................... 153
Christopher Cowan, statement..................................... 154
Christy Bergen, statement........................................ 155
Constance Shotts, statement...................................... 156
CPGC, statement.................................................. 157
David Hogan, statement........................................... 158
Debbie Gurtler, statement........................................ 159
Dee Dee King, statement.......................................... 160
Doris Rodin, statement........................................... 162
FGS, statement................................................... 163
Florence Stoneberg, statement.................................... 166
Frances Neuvirth, statement...................................... 167
Frederick Hart, statement........................................ 168
Garbara Garrard, statement....................................... 169
GRNC, statement.................................................. 171
Hallie Garner, statement......................................... 172
Helen Ullmann, statement......................................... 173
IAJGS, statement................................................. 174
James Brann, statement........................................... 180
Janet Armstrong, statement....................................... 181
Jason Miller, statement.......................................... 182
Jay Fuller, statement............................................ 184
Jay Johnson, statement........................................... 185
Jerry Sherard, statement......................................... 186
Joette Kunse, statement.......................................... 187
John Mackintosh, statement....................................... 188
John Wright, statement........................................... 189
Judy Darnell, statement.......................................... 190
Karen Isaacson, statement........................................ 191
Kathleen Johnson, statement...................................... 192
Kathryn George, statement........................................ 193
Keith Riggle, statement.......................................... 195
Kenneth Ryesky, statement........................................ 197
Laura Peritore, statement........................................ 203
Leslie Lawson, statement......................................... 204
Linda Dodge, statement........................................... 206
Linda Vixie, statement........................................... 207
LPCIGS, statement................................................ 208
Marilyn Hamill, statement........................................ 211
Marion Newey, statement.......................................... 212
Mary Langdon, statement.......................................... 213
Megan Peterson, statement........................................ 214
Melinde Byrne, statement......................................... 215
MGC, statement................................................... 217
Michael Burnette, statement...................................... 220
Michael Diamant, statement....................................... 221
NBER, statement.................................................. 222
NCISS, statement................................................. 224
NCOIL, statement................................................. 227
NGS, statement................................................... 232
Patricia Champion, statement..................................... 236
Patricia Stinson, statement...................................... 237
Patricia Wales, statement........................................ 239
Raphael Whelan, statement........................................ 240
RPAC, statement.................................................. 241
Ruth Foster, statement........................................... 245
SAGS, statement.................................................. 247
Sandra Miarecki, statement....................................... 248
Sandra Trapp, statement.......................................... 249
Scott Shenton, statement......................................... 250
Sean Furniss, statement.......................................... 252
Selma Blackmon, statement........................................ 254
SHHR, statement.................................................. 255
SIGI, statement.................................................. 257
Stephanie Nordlinger, statement.................................. 259
STS, statement................................................... 262
Susan Lubow, statement........................................... 266
Susan Williams, statement........................................ 267
TCAS, statement.................................................. 268
Terese Vekteris, statement....................................... 269
Tina Daggett, statement.......................................... 270
VGS, statement................................................... 271
William Josey, statement......................................... 275
SOCIAL SECURITY'S DEATH RECORDS
----------
THURSDAY, FEBRUARY 2, 2012
U.S. House of Representatives,
Committee on Ways and Means,
Subcommittee on Social Security,
Washington, DC.
The Subcommittee met, pursuant to notice, at 9:09 a.m., in
Room B318, Rayburn House Office Building, Hon. Sam Johnson
[Chairman of the Subcommittee] presiding.
[The advisory announcing the hearing follows:]
ADVISORY
FROM THE
COMMITTEE
ON WAYS
AND
MEANS
SUBCOMMITTEE ON SOCIAL SECURITY
CONTACT: (202) 225-1721
FOR IMMEDIATE RELEASE
Thursday, February 2, 2012
SS-13
Chairman Johnson Announces a Hearing on
Social Security's Death Records
U.S. Congressman Sam Johnson (R-TX), Chairman of the House
Committee on Ways and Means Subcommittee on Social Security announced
today that the Subcommittee will hold a hearing on the accuracy and
uses of the Social Security Administration's Death Master File. The
hearing will take place on Thursday, February 2, 2012 in B-318 Rayburn
House Office Building, beginning at 9:00 a.m.
In view of the limited time available to hear witnesses, oral
testimony at this hearing will be from invited witnesses only. However,
any individual or organization not scheduled for an oral appearance may
submit a written statement for consideration by the Subcommittee and
for inclusion in the printed record of the hearing.
BACKGROUND:
The Social Security Administration (SSA) collects death information
to administer its programs. Approximately 2.5 million death reports are
received each year from relatives, friends, funeral homes, financial
institutions, postal authorities, States and Federal agencies. Verified
death information is then used to stop benefits to those who have died
and provide benefits to surviving spouses and children.
A 1980 Freedom of Information Act (FOIA) court-mandated settlement
required the SSA to make publicly available the surname, Social
Security Number (SSN) and date of death of deceased SSN holders. As a
result, the SSA created the Death Master File (DMF), a file of all
deaths reported to the SSA since 1936 from sources other than States.
The public file includes 84 million records and approximately 1.5
million records are added each year. At subscriber request, the file
also includes date of birth and first and middle name for each SSN
holder, in addition to the information required under the settlement.
The SSA makes the DMF, often referred to as the Public DMF,
available to the National Technical Information Service (NTIS) of the
Department of Commerce through a contractual agreement. There is a
broad commercial interest in the DMF to prevent fraud, waste, abuse and
identity theft. NTIS sells the DMF to private and public sector
customers, including government agencies, financial institutions,
investigative entities, credit reporting organizations, medical
researchers, genealogical researchers and other industries. Workers'
compensation, pension, annuity, unemployment and other benefit plans
use the DMF to detect improper payments sent to those who are deceased.
In 1983, Congress amended the Social Security Act (P.L. 98-21) to
require the SSA to enter into contractual agreements to obtain death
records from States, established the conditions under which the SSA may
provide State information to other Federal and State agencies and
exempted death reports the SSA receives from the States from disclosure
under FOIA.
States play a key role in the death reporting process. The SSA is
working with States who are building a streamlined death registration
process known as Electronic Death Registration (EDR).
Certain death records that appeared to be coming from non-State
independent sources but were in fact State EDR data were for years
included in the DMF. Following a recent review of the EDR, the SSA
determined that as of November 1, 2011, all death records received
through the EDR will be removed from the DMF. It is expected that as
the use of the EDR expands through the States, the mandated FOIA
settlement will apply to less death information and the number of
records that may be entered on the DMF will be further reduced.
As many news reports have accounted, incorrect death reports have
created severe personal and financial hardship for those who are
erroneously listed as deceased, including the termination of benefits
and the public disclosure of information that the SSA normally keeps
confidential. According to the SSA, each year approximately 14,000
individuals are incorrectly listed as deceased on the DMF. Those
affected have experienced termination of benefits, rejected credit,
declined mortgages and other devastating consequences while their
personal and private information is publicly exposed.
Further, the DMF reportedly has become a source for thieves to
capitalize on the identities of children and others who have died.
Criminals appear to be exploiting the easy access to death information
to submit fraudulent tax returns that include the decedent's SSN.
Parents of the deceased child do not know their child's identity has
been stolen until the IRS rejects their legitimately filed return and
the theft has been exposed. In fact, ``The National Taxpayer Advocate's
2011 Annual Report to Congress,'' released on December 31, 2011,
included a section entitled ``The Federal Government Facilitates Tax-
Related Identity Theft by Publicly Releasing Significant Personal
Information of Deceased Individuals.''
In announcing the hearing, Chairman Sam Johnson (R-TX) stated,
``Since 1980, Social Security has been required to publicly make
available Americans' personal information through the so-called Death
Master File. Nearly anyone can get this information, including identity
thieves. Identity theft affects swindled businesses, American taxpayers
and grieving families. Also any one of us could find ourselves on that
list by mistake--a mistake which could cause severe financial hardship.
Americans deserve better so I introduced H.R. 3475, the `Keeping IDs
Safe Act of 2011,' a bill that would stop Social Security from making
this information public.''
FOCUS OF THE HEARING:
The hearing will focus on the history, accuracy, use and impacts of
the Death Master File along with options for change.
DETAILS FOR SUBMISSION OF WRITTEN COMMENTS:
Please Note: Any person(s) and/or organization(s) wishing to submit
for the hearing record must follow the appropriate link on the hearing
page of the Committee website and complete the informational forms.
From the Committee homepage, http://waysandmeans.house.gov, select
``Hearings.'' Select the hearing for which you would like to submit,
and click on the link entitled, ``Click here to provide a submission
for the record.'' Once you have followed the online instructions,
submit all requested information. ATTACH your submission as a Word or
WordPerfect document, in compliance with the formatting requirements
listed below, by the close of business on Tuesday, February 16, 2012.
Finally, please note that due to the change in House mail policy, the
U.S. Capitol Police will refuse sealed-package deliveries to all House
Office Buildings. For questions, or if you encounter technical
problems, please call (202) 225-1721 or (202) 225-3625.
FORMATTING REQUIREMENTS:
The Committee relies on electronic submissions for printing the
official hearing record. As always, submissions will be included in the
record according to the discretion of the Committee. The Committee will
not alter the content of your submission, but we reserve the right to
format it according to our guidelines. Any submission provided to the
Committee by a witness, any supplementary materials submitted for the
printed record, and any written comments in response to a request for
written comments must conform to the guidelines listed below. Any
submission or supplementary item not in compliance with these
guidelines will not be printed, but will be maintained in the Committee
files for review and use by the Committee.
1. All submissions and supplementary materials must be provided in
Word format and MUST NOT exceed a total of 10 pages, including
attachments. Witnesses and submitters are advised that the Committee
relies on electronic submissions for printing the official hearing
record.
2. Copies of whole documents submitted as exhibit material will not
be accepted for printing. Instead, exhibit material should be
referenced and quoted or paraphrased. All exhibit material not meeting
these specifications will be maintained in the Committee files for
review and use by the Committee.
3. All submissions must include a list of all clients, persons and/
or organizations on whose behalf the witness appears. A supplemental
sheet must accompany each submission listing the name, company,
address, telephone, and fax numbers of each witness.
The Committee seeks to make its facilities accessible to persons
with disabilities. If you are in need of special accommodations, please
call 202-225-1721 or 202-226-3411 TTD/TTY in advance of the event (four
business days notice is requested). Questions with regard to special
accommodation needs in general (including availability of Committee
materials in alternative formats) may be directed to the Committee as
noted above.
Note: All Committee advisories and news releases are available on
the World Wide Web at http://www.waysandmeans.house.gov.
Chairman JOHNSON. We are going to sit here for a few
minutes. Our guys went to a prayer breakfast this morning, some
of them, and they are on the way, but not here yet. And legally
we can't start a hearing without at least two of us. And so as
soon as someone arrives, we will let Mr. Astrue begin his
remarks. Until then, don't attack him.
[Laughter.]
Okay, we have another Member, Mr. Marchant.
Mr. MARCHANT. Good morning. Sorry, I got turned around in
the basement.
[Laughter.]
Chairman JOHNSON. Did you? I get lost over here, too.
Well, since my fellow Texan has arrived, we will begin the
hearing. I want to thank all of you for being here this
morning. The hearing will come to order.
Social Security has always collected death information so
it can stop benefits to those who have died and start benefits
for their survivors. Today about 2.5 million death reports are
received from many sources, including families, funeral homes,
hospitals, financial institutions, States and Federal agencies.
Social Security shares death records with other Federal
benefit-paying agencies, like the Veterans Administration, for
instance.
The 1980 Freedom of Information Act court-mandated
settlement required Social Security to also make information
about deceased Social Security number holders available to the
public. Under the Freedom of Information Act, deceased
individuals have no privacy rights, so their personal
information can be disclosed. In response, Social Security
created the so-called Death Master File. Soon afterward, in
1983, Congress changed the law to protect death reports
received from States. The information in the Death Master File
comes from non-State sources and the file is sold to the public
by the Department of Commerce.
Over time, a broad commercial interest has developed in the
Death Master File for use in private benefit management and as
a tool to prevent fraud and identity theft. Many groups
purchase the file from the Commerce Department, including
government agencies, credit reporting agencies, financial
institutions, law enforcement organizations, and medical and
genealogical researchers.
But what made sense 30 years ago, no longer makes sense
today. Identity thieves who get their hands on a Social
Security number can reap instant rewards, while the rightful
owner has no idea what has happened. And that is partly due to
our technology today.
With 84 million listed individuals and 1.5 million new
individuals added each year, it appears that this File has
become a resource for criminals seeking to capitalize on
Americans' identities, particularly the identities of deceased
children.
In her recent annual report to Congress, the National
Taxpayer Advocate found that the Federal Government facilitates
tax-related ID theft through the release of the Death Master
File. In no uncertain terms, the National Taxpayer Advocate
states in the report that she ``is appalled that the Federal
Government is making sensitive personal information so readily
available, when such information can easily be used to commit
identity theft.''
We will hear the heartbreaking story of the Agin family,
whose four-year-old daughter had her identity stolen shortly
after she passed away. Only when their tax return was rejected
by the IRS, did they learn that an identity thief had already
filed a return claiming their child as a dependent.
Worrying about a lost loved one's Social Security number is
a burden no grieving family should bear. That's why I, along
with a number of my colleagues, introduced H.R. 3475, the
``Keeping IDs Safe Act of 2011,'' to protect this information.
Even Social Security reports that approximately 14,000 living
individuals are wrongly placed on the Death Master File each
year. Any one of us could find ourselves mistakenly on that
list--an inexcusable mistake that exposes our personal
information and could cause severe personal and financial
hardship.
Through our witnesses today we will learn more about the
history of the Death Master File, its accuracy, and how it is
used. Soon this Subcommittee will hold a joint hearing with the
Ways and Means Oversight Subcommittee to more closely examine
identity theft in the tax system.
Americans rightfully deserve action to stop thieves from
exploiting our deceased loved ones.
Do you have any comments to make before we allow your
witness to make his opening remarks?
Mr. MARCHANT. Well, thank you, Mr. Chairman. I have looked
forward to this hearing for some time. I apologize for being
late.
This issue really came to the forefront in my mind a couple
of years ago, when I had a family contact me about the theft of
their Social Security card from their mailbox for an infant
that was just born. And of course, that does not parallel the
tragedy of a child that has died having their Social Security
number stolen, but this family was very distraught. And I
became distraught as well, when I contacted the Social Security
Administration on their behalf and was told that, unless we
could prove that the child had come to some financial harm,
they would not be able to be issued a new Social Security card
or a new number.
I understand that a person that has had several jobs or has
had a credit report and has had their number circulated for
many, many years, I can understand that. We cannot just begin
to issue Social Security numbers just because someone has had
their identity stolen.
But in the case of infants, which my two granddaughters--my
son, one of the first things my son was told that he had to do
when the grandbabies were born was, ``You have to go get a
Social Security card, and you have to have a Social Security
number''--when I tried to open a savings account for them to
start putting some money in there for their college education,
I had to have a Social Security number. I mean I had to do
this. So, he didn't feel like, as a parent, he had the option
of not having a Social Security number.
And so, I am looking forward to the hearing today. Thank
you for doing it. I am very interested in learning more about
the Master Death File. With the amount of fraud going on in the
country today, I mean the amount of fraud going on in this
system, and with trillion-dollar deficits, I, as a Congressman,
feel like I owe it to my constituents and the American public
to make sure that we are good stewards of Social Security.
Chairman JOHNSON. Yes, thank you for your comments.
Mr. MARCHANT. Thank you.
Chairman JOHNSON. We have two panels today. And seated at
the table is our first panel, and the only witness in the first
panel, Commissioner of Social Security Michael J. Astrue.
Welcome, Commissioner. You may proceed with your comments.
STATEMENT OF HON. MICHAEL J. ASTRUE, COMMISSIONER,
SOCIAL SECURITY ADMINISTRATION
Mr. ASTRUE. Thank you, Mr. Chairman. Chairman Johnson,
Ranking Member Becerra, and Members of the Subcommittee, thank
you for this opportunity to testify about the Social Security
Death Master File and identity theft. This hearing marks our
first opportunity to express our views to Congress on this
important subject, and I commend you for adding it to your
agenda.
Identity theft is a plague on our Nation, and one that is
spreading. A hacker successfully targeted me just a few weeks
ago, and so I know the frustration, anger, anxiety, and sense
of violation that comes with this crime.
The Federal Government must do all that we can to reduce
this plague, and we certainly should not make it worse. As my
written testimony explains in detail, unintended application of
the Freedom of Information Act to data in the Death Master File
has created a new opening for cyberthieves. This form of
identity theft is fairly recent, but appears to be growing.
Accordingly, we must move swiftly to shut this activity down.
For that reason we support the principles of Chairman Johnson's
bill H.R. 3475, which would strike a fair and better balance
between transparency and respect for privacy.
I should note that the Office of Management and Budget has
been leading a review of this issue by interested Federal
agencies, and we expect to offer a few improvements clarifying
the terms and conditions by which Federal agencies and certain
private organizations would have access to these data. These
suggestions, however, should not slow Congress from moving
forward aggressively with this important initiative.
In addition, we acknowledge that this legislation does not
remove the need for us, at the Social Security Administration,
to maintain the most accurate records possible.
Again, I commend the Committee for holding this hearing,
and I would be happy to answer any questions you may have.
[The prepared statement of Mr. Astrue follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman JOHNSON. As is customary for each round of
questions, I will limit my time to 5 minutes and ask my
colleagues to also limit their questioning to 5 minutes.
Commissioner, in your testimony you talk about your
obligations under the Freedom of Information Act. And I am glad
you did. In past audit reports, the Social Security Inspector
General has criticized the agency for putting personal
information of the deceased on the Death Master File, that the
court settlement really did not require, according to him.
For example, you list a person's date of birth, the zip
code, and the settlement did not require that information to be
made public. You said you recently tried to do one simple
thing, remove the zip code from the Death Master File, and you
are already getting picked to death--excuse the pun--by
inquiries and lawyers. Lawyers are going to pick you apart,
regardless.
Fixing the death data system to protect both the living and
dead from identity theft, and to allow the agency to go on with
its important business, is Congress's responsibility, in my
view. Isn't eliminating the publication of the Death Master
File, as I propose, the best way to make sure none of this
information about deceased is made public?
Mr. ASTRUE. Absolutely, Mr. Chairman. There has been some
confusion. I think some of it has been fostered in the press. I
think that some of the auditors, with all due respect for the
Inspector General, are confused on this point.
The Perholtz Settlement in 1980, is based on the view that
the Department of Justice came to in that litigation, that
basically we had no choice, that we had to turn over the
specific items requested in that litigation, so we entered into
a consent decree.
The same rationale applies to other information. The legal
analysis is exactly the same. So the fact that the settlement
agreement does not specifically address certain data elements
really isn't relevant at all, nor does Mr. Perholtz, as some
irresponsible reporters have suggested, have the authority to
dictate this to the Federal Government.
You are exactly right. Congress has said in the Freedom of
Information Act, ``You must release data of certain profile,
unless Congress has provided you with an exception.'' Congress
had not done that in 1980, hasn't done it now, and quite
understandably, because it was not a problem back in that time
period. But to your credit, Mr. Chairman, and to the credit of
other Members of Congress, you have seen that the world has
changed, you know that it is a problem now, and you know that
we need action. And we support all that, and we want to support
you in that action.
Chairman JOHNSON. Thank you, sir. You know, information is
almost instant today. And if you put the wrong stuff out there,
you are in trouble.
Mr. ASTRUE. That is for sure.
Chairman JOHNSON. Social Security has also been criticized
by the Inspector General for putting individuals on the Death
Master File who are not dead; 20,000 people over a 3-year
period ending in April 2007, to be exact, according to one of
their audits.
Your agency estimates the number to be about 14,000 per
year. Countless news reports tell the horrifying stories of the
personal and financial hardship these people endure when these
terrible mistakes are made. Isn't eliminating the Death Master
File the only certain way to prevent these errors and potential
ID thefts from occurring?
Mr. ASTRUE. Yes, it is, Mr. Chairman. And again, we have a
remarkably accurate system overall, and we strive to make it
more accurate. But it is a voluntary system. In some ways it is
remarkable that we do as well as we do. No matter how we
improve our own internal processes, we are not going to be able
to eliminate all mistakes.
And potentially, the cost of those mistakes could be
substantial. I think, up to this point, the living have been
fortunate in that the big problems have been with the theft of
identities from people who have, in fact, passed away.
But it is a horrible thing that people go through. And I
have seen it. In one week, one of my closest relatives and one
of my closest friends and neighbors were declared dead, one by
our agency and one by one of our other Federal agencies. So I
was right in the middle--it is a horrible thing to go through,
and I understand that. We need to reduce that, irrespective of
what we do on the Death Master File.
But you are absolutely right. The only way to make sure
that when we make a mistake it doesn't have devastating public
consequences, is to enact legislation that keeps the Death
Master File more confidential than it is today.
Chairman JOHNSON. Yes. The Inspector General also found
that Social Security's policy is not to inform Americans when
they are victims of these kind of errors. Why can't you tell
the victims, and let them take immediate action to protect
themselves?
Mr. ASTRUE. Mr. Chairman, we are relooking at this now. We
have been complying with OMB guidance in this area. We contract
for monitoring of the credit of individuals who have had a
brief exposure in the public. Then we notify them if there was
any indication that there had been any irregularity in their
credit or their finances.
But we are relooking at that now. Hopefully, it will be
irrelevant very soon, because some version of your bill will be
enacted by Congress this year.
Chairman JOHNSON. Thank you. Mr. Becerra has arrived. Do
you want to question?
Mr. BECERRA. Of course, Mr. Chairman. And I want to
apologize for being detained, because this is one of those
hearings where I think we actually can get some things done
pretty quickly, because there is strong bipartisan support, we
have demonstrated that in the past. And so my apologies. It is
an important hearing.
Chairman JOHNSON. You mean you agree with me?
Mr. BECERRA. Absolutely, Mr. Chairman. Absolutely. And that
is on the record.
[Laughter.]
And Commissioner, it is great to see you here.
Mr. ASTRUE. Thank you.
Mr. BECERRA. And thank you very much. I know that you have
been trying to tackle this, as well. I think every Member who
sits on this Subcommittee has heard the stories. And I know we
are going to hear a pretty devastating story from one of our
witnesses. So I think it is one of those things that we have to
tackle.
Obviously, the issue is making sure we provide information
out there to our government agencies and to the private sector
entities that deal with personal data, so that they can make
sure they have the tools to detect and prevent fraudulent use
of personal information. But clearly, too much of the
information is getting out to those who use it for the wrong
reasons.
And so, Mr. Chairman, rather than go into any opening
statement, if I could just ask for unanimous consent to enter
my written statement into the record, I will go straight to
some questions.
Chairman JOHNSON. Without objection, so ordered.
[The prepared statement of Hon. Xavier Becerra follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. BECERRA. Thank you, Mr. Chairman. Commissioner, I guess
the troubling aspect of this is that trying to find that
balance in giving the information to those who need it so they
can start to check records to make sure people aren't filing
false applications for credit cards and so forth, and of course
figuring out a way to make sure that that information stays
tightly in the hands of those who need it. Is SSA looking at
the possibility of trying to limit access to the records of
deceased individuals?
Because my understanding is today the Master File
essentially is sold once you have packaged it, once Commerce
goes out there to sell it, they sell it to anyone who is
willing to pay for it.
Mr. ASTRUE. Right. I am not speaking for the agency now, I
am speaking on behalf of the Administration. As I mentioned in
my remarks, we have a group that OMB has been leading for a
while working on this issue. We have a lot of interested
agencies.
So, we think the general principle--that the starting point
is that instead of assuming that everything should be disclosed
unless there is an exception, we should be moving the other
way, with the presumption that information is withheld unless
there are very specific rules as to who should get it, and what
should be the protections and conditions that are built in to
those arrangements.
Also, within the Federal Government, there is a little bit
of a gap in the statute that I know has frustrated the
President. The President is very interested in what used to be
called the Do Not Pay List, which is now called GOVerify, and
has directed everyone in the executive branch who is
participating in that to use the Death Master File for program
integrity purposes.
Unfortunately, the statute does not permit all the agencies
that could benefit from program integrity efforts with the
Death Master File to use those records, because right now we
are only allowed to share with the benefit-paying agencies. We
can, on a discretionary basis, share the Death Master File for
research. But there is an area--I think very legitimate Federal
use--where we can improve the operations of government
significantly if we also have clearer and broader authority to
share death information within the Federal agencies.
Mr. BECERRA. Do you think there is--can you answer this
question? Is there a problem with the disclosure of the Death
Master File to Federal agencies? Is there any evidence that it
has been misused or loosely guarded by the agencies, so that we
would have to put constraints on Federal agencies?
Mr. ASTRUE. I am not aware of any. From everything I know--
--
Mr. BECERRA. So it is mostly the fact that----
Mr. ASTRUE [continuing]. All Federal agencies have been
careful in this regard. On the other hand----
Mr. BECERRA. So, let me ask this----
Mr. ASTRUE [continuing]. It would be appropriate to
consider that.
Mr. BECERRA. Right. So we may want to take a look at what
we need to do to safeguard it when other Federal agencies get
the information.
Mr. ASTRUE. Right.
Mr. BECERRA. And making sure that they safeguard it as much
as necessary as they use it.
This issue of outside entities getting to purchase, that is
where we really have to be careful, because there is less
control over that. Is there something that we can do quickly,
where if it is, as you indicate there seems to be general
agreement within the Federal Government, that we have to try to
figure out a way to not give it out, this information out, so
quickly.
Is there something that we can act on bipartisanly quickly
so that we can not just send messages that we want to try to
safeguard the information, but that we can actually get
underway with something that actually requires those that
obtain this information to keep it secure? And, quite honestly,
punishes those who misuse the information?
Mr. ASTRUE. Right. So--and I am not trying to be cute
here-- it depends a little bit on your definition of
``quickly.'' I know from participating in this interagency
group, which has been working hard, that this is a lot more
difficult than it looks at first. And if you do it quickly, as
in a month, 6 weeks, the chances are pretty high that you will
get it wrong, because there are hard and important balances
here.
Mr. BECERRA. I agree with that.
Mr. ASTRUE. And this needs to be crafted extremely
carefully.
On the other hand, if you are defining ``quickly'' as can
we get it passed this year, my answer to that would be yes, we
have to go pedal to the metal, work in a way between the
Houses, between the parties, between the Congress and the
executive branch, that doesn't happen very often these days.
But I think that we can do it, because I have talked to a lot
of Members, both Houses, both parties. I don't think this is
one of those issues where you are badly divided.
Mr. BECERRA. I agree.
Mr. ASTRUE. I think this is largely working out the
technical issues. So I think that if we can focus, we get help,
get the spirit, work openly with the group at OMB, I think that
we can get this done. I think it probably will take a couple
months to work through all the details and craft the actual
language that draws these difficult balances the right way. But
I think it is doable in a few months.
Mr. BECERRA. Mr. Chairman, maybe one thing we can really
concentrate on is working with the Commissioner and whatever
agencies are appropriate to have at the table and see if we
can--I wouldn't want to rush it, either. I know you wouldn't
want to rush it, either. But to the degree that there might be
a chance, I think we should explore that.
Chairman JOHNSON. Yes, I agree. And I mentioned earlier,
before you got here, that we are going to have a joint hearing
with another Committee to try to see if we can't figure
something out.
Mr. BECERRA. Excellent, excellent.
Chairman JOHNSON. It is a continuous problem that can't be
solved right now, but needs to be addressed, certainly.
Mr. ASTRUE. And I want to say I will do everything I know
how to do to do this. I want to commend OMB, because I think
Martha Coven and Shelley Metzenbaum have done a great job
trying to get agencies with very different perspectives to work
on this issue.
I had been hopeful that maybe I could come up with more
specificity today. But I think it is more important to get it
right than to get it fast.
Mr. BECERRA. Yes, yes.
Mr. ASTRUE. So I would encourage you, as you figure out the
best way to work on it with your staffs, to also reach out
directly to the folks at OMB who I think are doing a----
Mr. BECERRA. And let us know----
Chairman JOHNSON. You need to work on your guys down there
and make sure they don't make injuring errors any more.
Mr. BECERRA. And, Mr. Chairman, let us--Mr. Commissioner,
you should let us know if we can help you excite some of the
other agencies to participate. And while they may be very busy,
they may not be as enthusiastic or animated in moving this
quickly. And let us know if we can help you animate them.
Mr. ASTRUE. I think----
Chairman JOHNSON. Well, this is one of those issues that--
--
Mr. ASTRUE. I think there are occasions, Mr. Becerra, where
we do appreciate that help. I think in this particular case it
is fair to say that in the beginning it took a little while
because it is a new issue, and I think we have the agencies,
whose attention needs to be focused on this, very focused on
it.
Chairman JOHNSON. Yes.
Mr. ASTRUE. And in fact, we have had very animated
discussions about this. It is going to take us another month or
so, probably, to give you the more detailed feedback that you
probably need to go forward.
Mr. BECERRA. Great. Thank you.
Chairman JOHNSON. Thank you. And, Mr. Marchant, do you care
to question?
Mr. MARCHANT. I have one question. A constituent has
contacted me recently, and this constituent is heavily into
research of her ancestry. And I suspect that there are millions
like her. How can we be careful in what we do to make sure that
the people that are harmed are protected, but those people that
are vitally interested in their ancestry can still access
accurate information?
Mr. ASTRUE. I know that there is concern with the
genealogists. I think that raises some challenges that we don't
have when we are talking about large institutions that can be
fined and penalized easily by the Federal Government if there
is inappropriate use.
I do think that in most cases, genealogists can find the
information that they really want from other sources. I have
seen some of the communications from those groups, and I do
think it is an over-reaction right now.
I think that probably what we need to do is to talk about a
different framework, in terms of perhaps eventual release. That
is what happens with Census data.
But I honestly am not persuaded that, in the short run,
withholding it for some period of years is going to seriously
impair genealogical research, which I have done myself. I have
been working on a project in my own family. So I appreciate the
dedication that people have to it. But at some point I think
what comes first has to be families that have four-year-olds
whose identity is stolen, and those types of things. I think
that is what comes first.
And then I think the question is, is there a way, or what
is the best way, to accommodate those other interests, and does
that mean a delay in release for some extended period of time?
Whether that is 10 years, whether that is 75 years, like the
Census. Those are questions that we have talked about in the
interagency group, but we have not come to resolution on those
or a lot of the related issues yet, because they are hard
issues.
Mr. MARCHANT. Thank you. Thank you, Mr. Chairman.
Chairman JOHNSON. Let me just ask a question that kind of
follows up on what he said. When are we going to receive your
recommendations to address this problem?
Mr. ASTRUE. I would hope, Mr. Chairman, that it would be
piecemeal in real time. I think that as many of these
conversations that we can have as quickly as possible would be
the best.
I think there are certain ones that are fairly easy. If you
go back and look at the congressional hearings in the wake of
9/11, Congress had a lot of interest in us getting more, better
Death Master File data out faster to the financial communities
to try to prevent money laundering and the kinds of things that
can fund terrorism.
There are court orders right now requiring life insurance
companies to use the Death Master File so that they pay
insurance claims that are due, and don't use the fact that some
claims are not pursued as a way of just making more money. So
there is a bunch of issues.
I think the financial corporations are probably the
easiest. I think we have had a fair amount of usage from
educational and health care institutions. I think those are
probably fairly easy. I think questions like the genealogists
are much trickier and will take some time.
So what I would say is I would hope that we would be
talking substantially more guidance on some issues within a
matter of weeks. But maybe not everything, because we have a
lot of agencies that, quite candidly, right now, have a
different perspective on some of these issues. So I can't come
up and speak to you authoritatively until we coordinate
agreement on that. In some issues that should be very soon, in
some it will probably take a little bit longer.
Chairman JOHNSON. Okay. Well, let's work together and try
to get it done as quickly as we can.
Social Security, in the past, has provided funds to the
National Association for Public Health Statistics and
Information Systems to develop and implement the electronic
verification of vital events. This is an online system that
verifies birth and death information through a single
interface. Does this system have the potential, in your view,
to be the go-to agency for the death information now provided
by the Death Master File?
Mr. ASTRUE. We will certainly take a look at that, Mr.
Johnson. I think it has been difficult enough getting a
database the way that we are doing it now. I would be a little
bit reluctant to start over. But I will certainly look into
this. It is a question that just came to my attention recently.
I was not terribly aware of this. So we will look at that in
good faith.
What I will say also, regarding funding to support our
electronic death registration, authority moved over to HHS on
that, and there has not been money appropriated to accelerate
that process. We have, I believe, 32 States and 2 jurisdictions
that are at least partially participating in that system. The
relatively small amount of money to get the other 18 States on
board, I think, would do a lot to make the system more
accurate, faster, and better for everybody that is using it.
[The statement of Mr. Astrue #1 follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
[The statement of Mr. Astrue #2 follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman JOHNSON. Do you think that Social Security could
develop a system that could be a source for death information?
And should Congress change the law to prevent the Death Master
File from being made public?
Mr. ASTRUE. I do believe that Congress should start with
the proposition that we should not be releasing this
information, except for very specific purposes that the
Congress has thought hard about, with protections for the
public so that the Federal agencies have full authority to
protect the data, as best as possible, if it is used for any
other reason. I think the American people really expect no less
from us.
Chairman JOHNSON. Thank you, sir. I think that concludes
your testimony, and we will proceed to our second panel. And
while our witnesses are taking their seats, I just want to
thank you for being here, and thank you for the job you are
doing over there.
Mr. ASTRUE. Well, thank you. We are really pleased that you
have raised this issue, and that you have bipartisan support.
And we are looking forward to working with you on the issue.
Chairman JOHNSON. Thank you, sir. The witnesses in the
second panel who are taking their seats are Jonathan Agin, from
Arlington, Virginia; Stuart Pratt, who is the chief executive
officer of the Consumer Data Industry Association; John
Breyault, who is the Vice President of Public Policy,
Telecommunications and Fraud at the National Consumers League;
the Honorable Patrick O'Carroll, who is the Social Security
Administration's Inspector General; Dr. Patricia Potrzebowski,
Executive Director of the National Association for Public
Health Statistics and Information Systems in Silver Spring,
Maryland.
You are all seated.
Mr. Agin, welcome. You may proceed.
STATEMENT OF JONATHAN ERIC AGIN, ESQ.
ARLINGTON, VIRGINIA
Mr. AGIN. Good morning, Mr. Chairman, Mr. Becerra, and
Members of the Committee. Thank you for inviting me to testify
today on this issue that I believe is of vital importance.
Our story begins with the diagnosis of our amazing
daughter, Alexis Gina Agin, with a terminal brain tumor on
April 10, 2008, when she was just 2 years old. This terrible
disease took her life on January 14, 2011, just 2 weeks shy of
her fifth birthday. Alexis was and is my hero. Fighting
valiantly until the end, she has inspired thousands around the
world with her journey.
In 2010, my wife and I traveled with Alexis up and down the
East Coast trying several experimental treatments in a
desperate attempt to save her life. With each trip, Alexis's
medical bills grew. When our 2010 taxes were due, we filed an
extension in order to focus on Alexis's treatment, and compiled
the vast medical bills that we had.
As we finalized the return in October 2011, I received a
call from our accountant to let us know that somebody had
stolen Alexis's Social Security number to file a fraudulent tax
return. We were forced then to file a paper return, and then
prove that Alexis was, in fact, our daughter to proceed with
our tax filing.
Thankfully, with the help of our congressional
representative, our personal tax situation was resolved
favorably.
Within hours of learning of this crime, I personally was
contacted by no fewer than 14 other families whose children had
died from cancer, and advised that the same thing had happened
to them. Since that time, this number has grown significantly.
That demonstrates to me that this community is being singularly
targeted for this type of theft.
In a matter of 30 seconds, I personally was able to find my
daughter's complete Social Security number, birth and date--
death dates, full address, and zip code on several websites
intended for genealogical research.
After investigating more, we learned about the 1980 and
1982 consent judgment with Mr. Perholtz. It because obvious at
that point in time that the Federal Government, through the
publication of the Death Master File, was aiding in the
commission of this crime. It is my belief that the Federal
Government is responsible for providing identity thieves the
information to commit this crime.
The common denominator in this story is the Death Master
File. The Social Security Administration, as you have just
heard from the Commissioner, makes this Death Master File
publicly available to anybody who wishes to purchase it. Some
of the intended recipients are government agencies. And some
are services which allow people to do genealogical research.
Some of these purchasers make the information free and
available to anybody with a computer.
As a taxpayer and a parent of a child who passed away from
cancer, I am outraged that the most private information of our
children is being made commercially available. Not only is this
an invasion of my child's privacy, but it adds to the
tremendous grief that my wife and I live with on a daily basis.
While trivial to some, Alexis's Social Security number is one
of the only things that we have left of her identity.
Recently, the IRS estimated that approximately 350,000
fraudulent filings occurred in 2010. According to IRS
officials, these fraudulent filings claimed $1.25 billion in
refunds.
One of the problems is that the Federal Government, as we
have heard, is disclosing more information than is necessary,
pursuant to the terms of the consent judgement. In June 2008,
as we have heard, the Inspector General of the Social Security
Administration issued a very critical report detailing how
publication of the Death Master File, or the DMF, has resulted
in the breach of citizens' personally-identifiable information.
The report concludes that the Social Security Administration
discloses far more detailed personal information in the DMF
than required under the original consent judgement.
H.R. 3475 is a solution to a significant problem that
affects not only grieving parents, but every family who loses a
loved one. Some argue that this bill will not stop widespread
fraud. Some argue that the DMF is critical to combat and
conduct genealogical research. This bill is not intended to
prevent or limit the lawful use of the DMF, and I think that is
an important distinction that everybody needs to understand.
Nobody is trying to limit the availability of the DMF to track
down fraud. My point is that we need to limit it to ensure that
nobody else has to suffer as my wife and the vast number of
cancer families have suffered.
In closing, this is not a victimless crime. My daughter is
a victim. She was victimized twice, once by the cancer that
stole her from this Earth, and then by a coldhearted criminal
who stalked her and utilized her death for profit. It disgusts
me to no end to know that somebody preyed upon my daughter's
death for his or her own gain. It is nothing short of a
despicable crime. And the release of Alexis's complete Social
Security number and other personal identifiers in the DMF to
the general public facilitated this crime. I have no doubt of
that.
This simply is not an emotionally-charged issue, as some
argue. Fraud is not something that we simply should accept as a
necessary consequence of easy access to information. It is time
that this loophole is closed, and this legislation is the
manner in which to accomplish this aim. It is simple and to the
point. And in this era, when our government is struggling to
find ways to save money for the taxpayer, it is a very easy fix
with little to no consequences, repercussions, or detriment to
the citizens of this country.
Thank you, Mr. Chairman.
[The prepared statement of Mr. Agin follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman JOHNSON. Thank you, sir. That is a beautiful girl.
Mr. AGIN. Thank you.
Chairman JOHNSON. Mr. Pratt, welcome. Please go ahead.
STATEMENT OF STUART K. PRATT, CHIEF EXECUTIVE OFFICER, CONSUMER
DATA INDUSTRY ASSOCIATION
Mr. PRATT. Mr. Chairman, Ranking Member Becerra, Members of
the Committee, thank you for the chance to appear and testify.
Thank you for holding this hearing. And, candidly, thank you
for the opportunity for the CDIA and its members to contribute
to solving the problem, so that we don't have other families
who have suffered the way the Agins have suffered. And that is,
I think, the balance that we are looking for.
Mr. Becerra, in many ways, some of the questions you asked
in the first round of testimony are just right on. And really,
without going through all the testimony that we have submitted
for the record, there are important uses for the Death Master
File.
In our world, it is a business-to-business transaction. In
our world, it is a contractual transaction. In our world, it is
a secured and closed transaction. And in our world, it is a
nonpublic use. So the information and the data itself is
subject to information security standards. So, in our world, it
is using the Death Master File to stop identity theft, to stop
entitlement fraud, to stop--to enable a life insurance
company--in fact, in some cases, by law, but in most States
not--to track down individuals who are the beneficiaries of
life insurance, to ensure that claims are processed properly
and effectively and quickly for individuals who have lost a
loved one.
Our members deliver approximately--our members' data is
involved in probably 9 billion transactions every year in the
United States. We are probably the best channel of distribution
for this kind of information in a private sector marketplace,
to make sure that the data is used quickly. In fact, I
testified on this very topic right after 9/11. The Commissioner
mentioned this issue in his testimony, as well.
And, in fact, we were involved in working with the
Department of Commerce, and our own members were involved in
working to ramp up the speed with which we could, in a secure
manner, get the Death Master File, move it into data centers so
that it could be used for all of these types of transactions we
have just discussed.
In our view, it is not the use of the Death Master File in
the business-to-business context which is creating the risk.
That is the reason we are here, and that is the reason we have
already had some meetings with staff to explain how we think
the bill could be clarified, to make sure that appropriate uses
are codified, and that you can still protect the Death Master
File from otherwise being subject to a Freedom of Information
Act type of request that makes it available to anyone. We would
support amendments to do that.
We appreciate this opportunity to testify, and I am honored
to be on the panel with Mr. Agin. Thank you.
[The prepared statement of Mr. Pratt follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman JOHNSON. Thank you, sir. I appreciate your
testimony.
Mr. Breyault, welcome. You may proceed, sir.
STATEMENT OF JOHN D. BREYAULT, VICE PRESIDENT OF PUBLIC POLICY,
TELECOMMUNICATIONS AND FRAUD, NATIONAL CONSUMERS LEAGUE
Mr. BREYAULT. Good morning, Mr. Chairman, Ranking Member
Becerra, and Members of the Subcommittee. My name is John
Breyault, and I am Vice President of Public Policy,
Telecommunications and Fraud for the National Consumers League.
Founded in 1899, NCL is the Nation's oldest consumer
organization. Our nonprofit mission is to protect and promote
social and economic justice for consumers and workers in the
United States and abroad. I greatly appreciate the opportunity
to discuss the impact that the misuse of the Social Security
Administration's Death Master File data has on consumers.
As the director of NCL's fraud center, I hear on a daily
basis about the personal and financial toll that identity theft
and other fraud takes on consumers and their families. The
statistics are sobering. In 2011 we received nearly 9,000
complaints from victims of a variety of scams. Consumers
reporting fraud to NCL lost, on average, $990. And, in many
cases, these unscrupulous con artists financially ruined their
victims.
NCL statistics represent only a small fraction of the fraud
problem, however. In 2010, the Federal Trade Commission
received over 1.3 million complaints, of which more than
250,000 involved identity theft. And even that number
represents only those victims who knew enough to complain to
the FTC. According to one estimate, 8.1 million adults were
victims of identity theft in 2010, with each incident costing
$631 to resolve.
Despite these numbers, it never ceases to amaze me, the
lengths to which scam artists will go to defraud consumers. As
the father of two young daughters, the reports I have seen of
the misuse of dead children's identities to commit tax fraud
sickens me. The vulnerability of children to identity theft is
well established. It is estimated that as many as 140,000
minors fall victim to ID fraud annually. According to Carnegie
Mellon researchers, 10.2 percent of children have had their
Social Security number misused by someone else, a rate 51 times
higher than the rate for adults.
While it is unknown how many deceased children's identities
have been used to commit tax fraud, the volume of news reports
about this scam, and anecdotal evidence from their parents,
such as Mr. Agin, suggest it is not limited to a few isolated
cases. It is also clear that by using websites that publish DMF
data, identity thieves can quickly and cheaply gain access to
recently-deceased children's full names, dates of birth, and
full Social Security numbers: the so-called holy trinity of
personally-identifying information.
Clearly, the role that the public availability of the SSA's
DMF data plays in these scams requires additional study.
Consumers are also harmed when they are mistakenly listed as
deceased on the DMF. The SSA has stated that approximately
14,000 living Americans are affected by these errors annually.
Such mistakes can lead to frozen bank accounts, canceled cell
phone service, loan denials, and refused job interviews. It can
require months for the SSA to correct these errors. And even
then, living individuals' personally-identifiable information
may still be exposed.
The public availability of the SSA's DMF data is certainly
not the sole driver of identity theft. Indeed, many
organizations use DMF data regularly to deter fraud, administer
pension benefits, and conduct medical research, among other
uses. That said, it is clear that reform is needed to address
the likelihood that identity thieves will continue to make use
of the public DMF to harm consumers.
While NCL generally supports transparency of government
data, in this case we believe that the risk that the public DMF
could be used for nefarious purposes outweighs the benefit.
However, in the interest of protecting legitimate uses of the
DMF, we do not believe that a total ban on the sale of this
data would be in the best interest of consumers. Instead, we
would urge Congress and the SSA to undertake a number of
reforms.
First, personally-identifiable information included in the
public DMF should be limited, and alternatives to the inclusion
of the full Social Security number in the file should be
explored.
Second, living Americans who have been mistakenly listed in
the DMF should be notified that their personally-identifiable
information may have been compromised, and steps to safeguard
their identities should be recommended.
Third, access to the DMF should be restricted to
organizations that can certify they have a legitimate need for
the information, such as for fraud prevention, or benefits
administration purposes.
Fourth, penalties should be increased for DMF recipients
who fail to keep DMF data up to date, or who misuse or
redisclose DMF information.
Finally, the SSA should undertake a study, in conjunction
with DMF data recipients, to evaluate the usefulness of DMF
data in preventing identity theft.
In conclusion, I would like to take this opportunity once
again to thank you, Mr. Chairman and the Members of the
Subcommittee, for inviting me to testify today on behalf of the
National Consumers League, and consumers nationwide.
I look forward to answering your questions.
Thank you.
[The prepared statement of Mr. Breyault follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman JOHNSON. Thank you, sir. I appreciate your
testimony.
Mr. O'Carroll, you are recognized. Thank you for being
here.
STATEMENT OF HON. PATRICK P. O'CARROLL, JR.
INSPECTOR GENERAL, SOCIAL SECURITY ADMINISTRATION
Mr. O'CARROLL. Good morning, Chairman Johnson, Mr. Becerra,
Mr. Marchant, and Members of the Subcommittee. Thank you for
this invitation to testify today.
My office believes that limiting public access to the
agency's Death Master File, or DMF, to what is required by law,
and taking all possible steps to ensure the file's accuracy are
critical elements in preventing SSN misuse and identity theft.
Only Congress is authorized to alter what the law requires,
so my office works closely with SSA on the second element,
ensuring the accuracy of the DMF.
We have conducted multiple audits and made many
recommendations with this obligation in mind. In a 2008 report
on SSA's death records, we reported that thousands of living
individuals were mistakenly listed as deceased on the DMF.
These errors can have a serious financial impact on the
affected individuals, and the errors can lead to identity
theft.
To protect personal information and improve SSN integrity,
we recommended that SSA consider implementing a several-month
delay in the release of the DMF updates, so the agency could
correct erroneous death entries before they are made public;
limit the amount of information included on the DMF to the
absolute minimum required by law; and explore alternatives to
the inclusion of a person's full SSN on the DMF.
The agency has not taken action on these recommendations
for the following reasons: SSA said government and financial
organizations depend on the DMF data to combat fraud and
identity theft, so they must have timely, up-to-date death
information; and SSA said that the DMF data does not have to be
limited to what the law requires, because a deceased individual
does not have privacy rights, according to the Freedom of
Information Act.
There are about 1,000 cases each month in which a living
individual is mistakenly included in the DMF. We have found
that these errors usually occurred when SSA processed death
information that came from a family member or a funeral home.
SSA said it moves quickly to correct the situation when errors
occur. The agency reports it has not found evidence of past
data misuse. However, we remain concerned that these errors can
lead to premature benefit termination and cause financial
hardship and distress.
Death Master Files with active SSNs belonging to living
persons can serve as a source of information that would be
useful in committing SSN misuse and identity theft. DMF updates
reveal to potential criminals the personal information of
individuals who are alive. The information could be used to
apply for credit or benefits, or assume a whole new identity.
Limiting or discontinuing the availability of the DMF is a
serious legislative and policy decision for Congress and the
SSA. In November 2011, Chairman Johnson and several Members of
the Subcommittee introduced the Keeping IDs Safe Act. The bill
would end the sale of the DMF to the public. The public
distribution of SSA's death records raises serious concerns.
Valid SSNs can, in essence, be purchased from the
government by clever identity thieves. However, DMF data has
important productive uses in government and in the financial
industry, including verifying deaths, ensuring benefit payment
accuracy, and identifying and preventing ID theft. The SSN's
key uses in government and finance make the SSN a valuable
commodity for criminals. And both SSN misuse and identity theft
remain a significant public risk. Failure to take action
creates an unnecessary public hazard.
In conclusion, we encourage efforts to limit public access
to the DMF through legislative or policy changes, such as the
Keeping the IDs Safe Act. Pending such changes, we will
continue to examine the issue and recommend steps to limit the
information made available to the extent permitted by law, and
advocate a risk-based approach to the distribution of the DMF.
We look forward to continuing to work with the Subcommittee
and SSA in these and future efforts to protect personal
information, and to prevent identity theft. Thank you for this
invitation to testify today, and I will be happy to answer any
questions.
[The prepared statement of Mr. O'Carroll follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman JOHNSON. Thank you, sir. I appreciate your
testimony. I hope we can resolve that. I didn't realize until
we got started on this that Social Security was responsible for
that Death File. You know, it seems to me if Commerce is
selling it, they ought to be responsible for it, or the States,
not Social Security. Do you agree?
Mr. O'CARROLL. Or just restricting the use, in general----
Chairman JOHNSON. Yes.
Mr. O'CARROLL [continuing]. Is what----
Chairman JOHNSON. Thank you.
Mr. O'CARROLL [continuing]. Helpful.
Chairman JOHNSON. Dr. Potrzebowski?
Ms. POTRZEBOWSKI. Very good.
Chairman JOHNSON. Got it.
[Laughter.]
Ms. POTRZEBOWSKI. Thank you.
Chairman JOHNSON. You are recognized. Please go ahead.
Thank you.
STATEMENT OF PATRICIA W. POTRZEBOWSKI, PH.D., EXECUTIVE
DIRECTOR, NATIONAL ASSOCIATION FOR PUBLIC HEALTH STATISTICS AND
INFORMATION SYSTEMS, SILVER SPRING, MARYLAND
Ms. POTRZEBOWSKI. Thank you. Good morning, Mr. Chairman,
Mr. Becerra, and Members of the Subcommittee. My name is
Patricia Potrzebowski, and I serve as Executive Director of the
National Association for Public Health Statistics and
Information Systems, or NAPHSIS.
NAPHSIS represents the 57 jurisdictions responsible for
vital records in the United States, including the 50 States,
the District of Columbia, New York City, and the 5 territories.
I am pleased to offer this testimony on the important civil
registration function of vital records, and more specifically,
enhancements the vital records jurisdictions are making to
improve the accuracy, security, and timeliness of death
registration.
Vital records are permanent legal documents, and include
live births, deaths, fetal deaths, marriages, and divorces. The
57 vital records jurisdictions, not the Federal Government,
have legal authority for the registration of these vital
events. As such, the records themselves, how they are
collected, with whom they may be shared, and how they may be
used are governed by State laws. The Federal Government does
not maintain a national database that contains all of this
information.
Many organizations and millions of Americans use vital
records or certified copies of them for legal, health,
personal, and other purposes. Birth certificates are used to
obtain official IDs, such as driver's licenses and passports,
as well as for school entry and qualifying for State and
Federal benefits. Death certificates are used to collect life
insurance, stop benefit payments, and settle estates.
The information contained on birth and death certificates
comes from a variety of sources. For birth, these are primarily
hospitals and the mothers of newborns. Funeral directors are
generally responsible for completing death certificates, based
on information supplied by next of kin. Physicians, medical
examiners, or coroners certify the cause and manner of death.
After data providers submit these data, the vital records
jurisdictions then review process and officially register the
event. The jurisdictions maintain the official registries of
vital events, and issue certified copies of birth and death
records. The jurisdictions also provide the Federal Government
with selected vital records data to compile national health
statistics, to facilitate secure Social Security number
issuance for newborns, and to report individuals' deaths.
Paper-based death certificate systems contribute to
inaccuracies and delay data availability. In such systems,
funeral home staff often hand-deliver records to physicians for
signature, which is both time-consuming and costly. Electronic
death registration systems, or EDRS, are now replacing manual
systems to better meet administrative and public health needs.
To date, 37 vital records jurisdictions have implemented an
EDRS. A chart showing that EDRS implementation by jurisdiction
is included in my written statement.
An EDRS solves many long-standing issues related to
accuracy, security, and timeliness of death data. An EDRS
includes built-in real-time edits and cross-checks. Automatic
reminders and work-flow prompts notify the physician by email
when a death certificate is ready for electronic signature.
This results in more timely registration of the death, as well
as faster submission of death records to SSA.
While vital records jurisdictions have made great strides
in implementing EDRS, there is still much to be done.
Installation of an EDRS in a vital records office is just one
part. To be effective, all data providers, especially funeral
homes, health care facilities, physicians and coroners must
also use the EDRS. Full implementation of EDRS may take years,
and involves a significant financial commitment by State health
departments. Lack of adequate resources, both financial and
human capital, are the biggest barriers to more widespread EDRS
adoption.
In the past, SSA provided funding to many vital records
jurisdictions to help support their EDRS implementation
efforts. NAPHSIS estimates that $20 million is needed to
complete EDRS implementation in all 57 vital records
jurisdictions, and to increase EDRS use among data providers.
For your consideration, my written statement provides
information about another electronic system, the electronic
verification of vital events system, or EVVE, that Chairman
Johnson mentioned. Developed by NAPHSIS with initial funding
from SSA, EVVE is an online system that quickly, reliability,
and securely verifies birth and death information in any
participating vital records jurisdiction, without the need for
a national database.
Several State and Federal agencies, including SSA, are
currently using EVVE to verify birth certificate information.
EVVE is a significant tool that can be used to verify the
authenticity and accuracy of death certificate information.
Thank you for the opportunity to testify. I am happy to
address your questions.
[The prepared statement of Ms. Potrzebowski follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman JOHNSON. Thank you, ma'am. You know, Mr. Pratt
recommended we change the law to codify certain business access
to the Death Master File, including State records. Can you tell
Mr. Pratt the history of the powers assigned to the States and
their legal authority?
Ms. POTRZEBOWSKI. Well, I am certainly not a constitutional
lawyer, Mr. Chairman.
Chairman JOHNSON. No, but you do understand that. And what
is the legal authority regarding vital records concerning the
States?
Ms. POTRZEBOWSKI. Right. So the States have the legal
authority, because it is not mentioned in the Constitution. So
that is clearly the States' authority, to set the rules for
registering the vital events, for determining how the data
shall be used, the confidentiality of the information, and the
sharing of that information with whomever they wish.
Chairman JOHNSON. Yes. So each State is different, is it
not?
Ms. POTRZEBOWSKI. And every State is different. You know
how that works.
Chairman JOHNSON. Yes. And they probably have different
records, too.
Ms. POTRZEBOWSKI. Unfortunately, there is a little bit of
variation. Most of the States have a general basic data set
that they follow.
Chairman JOHNSON. Mr. Agin, how did you connect the theft
of your daughter's Social Security number to the Death Master
File?
Mr. AGIN. I mean this is my personal belief, based upon my
research and based upon our discussions with other families.
When the information is so readily available to anybody
with a computer, there is only several manners in which
somebody could have found, number one, that my child died--we
do maintain a blog, so anybody who is following along, or
people, I believe, troll these blogs to see how children are
doing, could have connected the dots. And then I believe that
people know that that information is readily available on these
genealogical websites. So I think that that connects the dots,
in terms of the readily available information.
The only other possible explanation for obtaining her
Social Security number could be somebody at one of the
institutions where she was treated that maintain her medical
records. But, you know, I would like to believe that that is
not the case.
Chairman JOHNSON. No, I kind of agree with you on that.
You have heard the testimony of the other witnesses. Is
there any reason that Social Security, the Commerce Department,
or any Federal agency, for that matter, ought to be disclosing
private death information to the general public?
Mr. AGIN. To the general public? In my opinion, no. I think
that the Death Master File does have its obvious stated
purposes, which include foreclosing fraud, as Mr. Pratt
discussed. And I think that is a vital use of the Death Master
File.
I think that the publication of the Death Master File in
the manner in which we do it today is serving identity thefts
with this type of information on a silver platter. There are
several ways to try to go about foreclosing that: withhold
individuals recently deceased for a period of time, disclose
only a handful, the last four digits of the Social Security
numbers. There is a number of manners and methods that I think
would satisfy all the communities involved that use the Death
Master File.
So, as it stands, does somebody need my daughter's full
Social Security number, date of birth, date of death, full
address, and her zip code? Absolutely not.
Chairman JOHNSON. I hear you. Thank you for your testimony.
Mr. AGIN. Thank you, Mr. Chairman.
Chairman JOHNSON. Mr. Becerra, you are recognized.
Mr. BECERRA. Thank you, Mr. Chairman. Mr. Agin, first I
would like to begin with you and ask, because you have gone
through this, it seems to me that our biggest issue is going to
be in trying to convince a lot of the private sector entities
that use this information that they have to covet the
information once they get it.
You--I would assume you believe that some of these private
sector businesses need to get accurate information so that they
can make sure that people don't receive benefits, income that
they are no longer eligible for, because someone has died, is
deceased. But how do you constrain the use of the information?
And I am looking at this chart. I wouldn't have guessed
this. It shows the major customers for the Death Master File.
We talked about those who help determine our genealogy. One
percent. They constitute 1 percent of the customers who
purchase this Death Master File information, your daughter's
information. The biggest customers for all those bits of data?
Businesses. Then you have the Federal, State, city, county
governments, financial organizations, health care
organizations, insurance, education, research. And, at the end,
genealogical.
[Insert of The Honorable Xavier Becerra follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
And so, I would imagine Mr. Pratt would say, ``This is
valuable information that helps us avoid fraud from the other
side.'' And so, is there something that you--and you mentioned
legislation that you are supportive of. Some people think that
it is a little too narrow in its scope. And Mr. Pratt
suggested, I think, some possible ways to address that.
Mr.--is it Breyault?
Mr. BREYAULT. Breyault, yes.
Mr. BECERRA. Mr. Breyault also suggested some potential
changes.
Having heard your testimony, do you agree with what they
have said could be a good way forward to try to have
legislation that avoids the situation you and your wife faced?
Mr. AGIN. Thank you, Mr. Becerra. Absolutely. I think there
is no question of balance that can be struck with respect to
the lawful stated purposes for the use of the Death Master
File.
As a parent who has gone through this, I am not interested
in foreclosing the use of the Death Master File to go after
other fraudulent uses and the financial institutions in the
business sector who rely upon that data in ensuring that their
claims are managed properly, that they are paying the right
individuals, that they are not paying the wrong individuals.
Again, I think there are a number of ways to do that:
stiffer penalties, registration for anybody who is interested
in purchasing the information, certifying that they will not
use it for widespread distribution.
With respect to the chart that you showed, regardless of
whether or not the genealogical services only make up 1 percent
of the purchasers, they are still the individuals who are
putting it out for free on their websites. So anybody sitting
in this room with a computer can find my daughter's Social
Security number. Anybody can find any of your relatives who
have passed away. They can find their Social Security numbers.
Mr. BECERRA. Good point.
Mr. AGIN. So, regardless of the amount on that pie chart, I
would submit to you that that is the largest factor for the
commission of this type of fraud against individuals in my
community.
So, I am very interested to strike a balance so that the
lawful use of this information is not foreclosed.
Mr. BECERRA. And, Mr. Chairman, to me, when we passed that
bipartisan bill out of this Committee a while ago dealing with
identity theft--actually dealing with those who are still
living--we ran into a brick wall with the Financial Services
Committee, because so many financial services companies were
very concerned that we would close the door to their access to
information they believe they need. And before you knew it, the
bill was dead.
Mr. Pratt, my sense is that there are going to be a lot of
folks out there in the business community who legitimately make
use of this, including the folks who do genealogical studies,
who say, ``Wait a minute, you know, this information is out
there.'' What do we do to make sure that we address the
legitimate concerns of those in the private sector that need
this information, but still constrain its use?
I happen to agree with Mr. Agin, that I think you have--
and, Mr. Chairman, I would say that I think you have to act
with a swift and stiff penalty against anyone who abuses this
information. And I would love to have someone, some entity, be
the poster child of what happens to you if you take Mr. Agin's
daughter's information and use it the wrong way.
Mr. PRATT. Again, I think we are starting to move down into
the details of exactly how you accomplish--I think the big
goal--there seems to be a lot of agreement on the large goal.
There is a difference between the problem we have, which is,
because of FOIA, the Social Security Administration, through
Commerce, is disclosing the record to anybody. And some are
making it available in a very public way, so that there is no
process on the front end to evaluate why I want to have access
to that record.
We are somewhere else on that pie chart that you held up.
And that is why we feel very confident that there is a way to
draw a distinction between, yes, I understand there may be some
process by which we have to validate who we are and why we need
the information for those reasons, and to stipulate those
reasons. We live with some of that in the data world, always.
And we are happy to work in that context, to try to find a way
forward.
You are absolutely right. We need the information. We need
the full Social. We have done studies where common names,
amazingly enough, you can find two different Smiths with the
same last four digits of a Social. And because a Death Master
File annotation is a big event--you either are dead or you are
not; consumers generally don't appreciate being declared
deceased when they are not--we really feel a full Social is
important.
But we are happy to live--like I said before, we live in a
contract world, we live in a data security world. We live in a
business-to-business context. We want to stop fraud. That is
the motivation for doing this. There is no other business model
we are trying to build that sort of colors outside those lines.
I am really confident that there is a way to get this done. And
it is different than perhaps the debate that we went through
last time.
Mr. BECERRA. Yes, I think it is. I appreciate your words.
Thank you, Mr. Chairman.
Chairman JOHNSON. Thank you for your questions. Mr.
Marchant, you are recognized.
Mr. MARCHANT. Thank you, Mr. Chairman. Mr. Breyault, is
that the way you say it?
Mr. BREYAULT. Yes, that is correct, sir.
Mr. MARCHANT. I thought I heard you say that 10.2 percent
of children have had their identity compromised in some way.
Mr. BREYAULT. They have had their Social Security number
misused by someone else.
Mr. MARCHANT. Okay. Do you have that from a study?
Mr. BREYAULT. Yes, sir. It is from Carnegie Mellon
University. It is a researcher by the name of Richard Power.
The full citation is in my written statement, sir.
Mr. MARCHANT. Okay. Well, thank you very much. For that--
Mr. O'Carroll, for that small group of people, or children that
for some reason have not gotten an assigned Social Security
number, how do they appear, when they pass away, on the Death
Master File? Or do they not appear?
Mr. O'CARROLL. What will happen is with the State match,
the State is going to match against Social Security numbers.
And if the child wasn't issued a Social Security number, that
wouldn't then be part of the Death Master File for SSA, since
they weren't recognized with an SSN yet on that one. So that is
part of the matching process that we do.
But as you said before, in the case of your grandchildren,
virtually every child now is, at the time of birth, being
enumerated. And it is an extremely rare occasion that a child
wouldn't be enumerated.
Mr. MARCHANT. So any parent that found themselves in the
same situation as Mr. Agin, there would not be a situation
where they could protect themselves--probably because of your
health benefits, enrolling them in a health care plan, you
would have to get that information?
Mr. O'CARROLL. The enumeration of birth has been a process
with Social Security now for a number of years. It has been
accepted by most of the medical institutions, and it is a very
effective way of enumerating people. What was happening in the
past was, within the first year for tax purposes or whatever,
the parents were coming in for a Social Security number. So, by
doing it this way, it is a more controlled way and effective
way of doing it.
So, there really isn't an opt-out, at least to my
knowledge. I am sure you could, but it is very, very rare that
anybody has.
Mr. MARCHANT. Well, I think that parents find themselves in
the situation where this information is out there. I think it
is vital that we move quickly on this. I do understand the--I
think we will find--I think this Committee will find very
quickly that that 1 percent group that is on that chart will
begin to be very vocal, and we need to make sure that they
understand the difficulty that we are dealing with.
We faced a similar problem at the--when I was in the State
legislature about the release of vital information. And we
experienced a--it was a--quite a fight to ultimately strike the
balance between these groups. But I am committed to do it.
Mr. Chairman, I appreciate you bringing this issue to the
forefront, and committed to help you with it.
Chairman JOHNSON. Thank you, Mr. Marchant.
Let me ask one more question, Mr. Pratt. The Death Master
File has always been an incomplete record of deaths, as Social
Security will admit. The Death Master File may be a starting
point for death databases, but you have to confirm the data.
What are your other sources of death data?
Mr. PRATT. For example, in the case of credit reporting,
when an individual passes away, then the trustee or the
executor of the estate will likely begin to notify financial
institutions in order to pay out that last bill. And those
financial institutions will report that data back into the
credit reporting system, as well.
But it is an incomplete system. Our concern here, of
course, is losing the Death Master File removes just another
critical component, and we are more blind than we otherwise
would be. It is true, there are going to be times where we will
still, in this country, not know that somebody is deceased
until much----
Chairman JOHNSON. Aren't you able to get the death data
from the State?
Mr. PRATT. States are--you know, it is a very
disintermediated process. It is very hard to go out and gather
that information on a State-by-State basis. There are--we have
even heard here testimony about new technologies that may be
making that easier on a go-forward basis. Some of these
technologies appear to be look-up--in other words, a record-by-
record, rather than bulk types of delivery technologies.
And so, Mr. Chairman, there may be ways, going forward, to
improve and build on what we have today. We are just trying to
preserve what we have today.
Chairman JOHNSON. Well, you, I am sure, are willing to pay
something for it. What price do you think Mr. Agin would put on
his daughter's Social Security number?
Mr. PRATT. Yes, I don't think there is any price. I am a
parent myself, and I have had a number of my board members who
are parents call me directly about this very same thing, Mr.
Chairman. We all are focused on trying to find the right way
forward.
Chairman JOHNSON. Okay. Well, we are going to work on it,
and Mr. Becerra has agreed to help me. And we will do that.
I thank you all for being here today, and for your
testimony. We do need to act now to stop thieves from
exploiting our deceased loved ones. And, Mr. Becerra, I look
forward to working with you on this issue.
With that, I thank you all for being here; the Committee
stands adjourned.
[Whereupon, at 10:23 a.m., the Subcommittee was adjourned.]
[Questions for the Record follow:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
[Submissions for the Record follow:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
�