b"<html>\n<title> - PROTECTING AMERICANS' IDENTITIES: EXAMINING EFFORTS TO LIMIT THE USE OF SOCIAL SECURITY NUMBERS</title>\n<body><pre>[House Hearing, 115 Congress]\n[From the U.S. Government Publishing Office]\n\n\n                   PROTECTING AMERICANS' IDENTITIES:\n                     EXAMINING EFFORTS TO LIMIT THE\n                     USE OF SOCIAL SECURITY NUMBERS\n\n=======================================================================\n\n                             JOINT HEARING\n\n                               BEFORE THE\n\n                 SUBCOMMITTEE ON INFORMATION TECHNOLOGY\n\n                                 OF THE\n\n              COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM\n\n                                AND THE\n\n                    SUBCOMMITTEE ON SOCIAL SECURITY\n\n                                 OF THE\n\n                      COMMITTEE ON WAYS AND MEANS\n                     U.S. HOUSE OF REPRESENTATIVES\n\n                     ONE HUNDRED FIFTEENTH CONGRESS\n\n                             FIRST SESSION\n\n                               __________\n\n                              MAY 23, 2017\n\n                               __________\n\n                          Serial No. 115-SS02\n\n                               __________\n\n         Printed for the use of the Committee on Ways and Means\n         \n         \n[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]\n                               \n                               __________\n                               \n\n                    U.S. GOVERNMENT PUBLISHING OFFICE                    \n33-427                     WASHINGTON : 2019                     \n          \n-----------------------------------------------------------------------------------          \n\n\n                      COMMITTEE ON WAYS AND MEANS\n\n                      KEVIN BRADY, Texas, Chairman\n\nSAM JOHNSON, Texas                   RICHARD E. NEAL, Massachusetts\nDEVIN NUNES, California              SANDER M. LEVIN, Michigan\nPATRICK J. TIBERI, Ohio              JOHN LEWIS, Georgia\nDAVID G. REICHERT, Washington        LLOYD DOGGETT, Texas\nPETER J. ROSKAM, Illinois            MIKE THOMPSON, California\nVERN BUCHANAN, Florida               JOHN B. LARSON, Connecticut\nADRIAN SMITH, Nebraska               EARL BLUMENAUER, Oregon\nLYNN JENKINS, Kansas                 RON KIND, Wisconsin\nERIK PAULSEN, Minnesota              BILL PASCRELL, JR. New Jersey\nKENNY MARCHANT, Texas                JOSEPH CROWLEY, New York\nDIANE BLACK, Tennessee               DANNY DAVIS, Illinois\nTOM REED, New York                   LINDA SANCHEZ, California\nMIKE KELLY, Pennsylvania             BRIAN HIGGINS, New York\nJIM RENACCI, Ohio                    TERRI SEWELL, Alabama\nPAT MEEHAN, Pennsylvania             SUZAN DELBENE, Washington\nKRISTI NOEM, South Dakota            JUDY CHU, California\nGEORGE HOLDING, North Carolina\nJASON SMITH, Missouri\nTOM RICE, South Carolina\nDAVID SCHWEIKERT, Arizona\nJACKIE WALORSKI, Indiana\nCARLOS CURBELO, Florida\nMIKE BISHOP, Michigan\n\n                     David Stewart, Staff Director\n\n                 Brandon Casey, Minority Chief Counsel\n\n                                 ______\n\n                    SUBCOMMITTEE ON SOCIAL SECURITY\n\n                      SAM JOHNSON, Texas, Chairman\n\nTOM RICE, South Carolina             JOHN B. LARSON, Connecticut\nDAVID SCHWEIKERT, Arizona            BILL PASCRELL, JR., New Jersey\nVERN BUCHANAN, Florida               JOSEPH CROWLEY, New York\nMIKE KELLY, Pennsylvania             LINDA SANCHEZ, California\nJIM RENACCI, Ohio\nJASON SMITH, Missouri\n              COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM\n\n                     JASON CHAFFETZ, Utah, Chairman\n\nJOHN DUNCAN, Tennessee               ELIJAH CUMMINGS, Maryland\nDARRELL ISSA, California             CAROLYN MALONEY, New York\nJIM JORDAN, Ohio                     ELEANOR HOLMES NORTON, District of \nMARK SANFORD, South Carolina         Columbia\nJUSTIN AMASH, Michigan               WM. LACY CLAY, Missouri\nPAUL GOSAR, Arizona                  STEPHEN LYNCH, Massachusetts\nSCOTT DESJARLAIS, Tennessee          JIM COOPER, Tennessee\nTREY GOWDY, South Carolina           GERALD E. CONNOLLY, Virginia\nBLAKE FARENTHOLD, Texas              ROBIN KELLY, Illinois\nVIRGINIA FOXX, North Carolina        BRENDA LAWRENCE, Michigan\nTHOMAS MASSIE, Kentucky              BONNIE WATSON COLEMAN, New Jersey\nMARK MEADOWS, North Carolina         STACEY E. PLASKETT, Virgin Islands\nRON DESANTIS, Florida                VAL BUTLER DEMINGS, Florida\nDENNIS ROSS, Florida                 RAJA KRISHNAMOORTHI, Illinois\nB. MARK WALKER, North Carolina       JAMIE RASKIN, Maryland\nROD BLUM, Iowa                       PETER WELCH, Vermont\nJODY HICE, Georgia                   MATT CARTWRIGHT, Pennsylvania\nSTEVE RUSSELL, Oklahoma              MARK DESAULNIER, California\nGLENN GROTHMAN, Wisconsin            JOHN SARBANES, Maryland\nWILL HURD, Texas\nGARY PALMER, Alabama\nJAMES COMER, Kentucky\nPAUL MITCHELL, Michigan\n\n                     David Stewart, Staff Director\n\n                 Brandon Casey, Minority Chief Counsel\n\n                                 ______\n\n                 SUBCOMMITTEE ON INFORMATION TECHNOLOGY\n\n                       WILL HURD, Texas, Chairman\n\nPAUL MITCHELL, Michigan              ROBIN KELLY, Illinois\nDARRELL ISSA, California             JAMIE RASKIN, Maryland\nJUSTIN AMASH, Michigan               STEPHEN LYNCH, Massachusetts\nBLAKE FARENTHOLD, Texas              GERALD E. CONNOLLY, Virginia\nSTEVE RUSSELL, Oklahoma              RAJA KRISHNAMOORTHI, Illinois\n\n\n                            C O N T E N T S\n\n                               __________\n                                                                   Page\n\nAdvisory of May 23, 2017 announcing the hearing..................     2\n\n                               WITNESSES\n\nGregory C. Wilshusen, Director, Information Security Issues, \n  Government Accountability Office...............................    13\nMarianna LaCanfora, Acting Deputy Commissioner, Office of \n  Retirement and Disability Policy, Social Security \n  Administration.................................................    29\nDavid DeVries, Chief Information Officer, Office of Personnel \n  Management.....................................................    38\nKaren Jackson, Deputy Chief Operating Officer, Centers for \n  Medicare and Medicaid Services.................................    43\nJohn Oswalt, Executive Director for Privacy, Office of \n  Information and Technology, Department of Veterans Affairs.....    55\n\n                       SUBMISSIONS FOR THE RECORD\n\nAmerican Joint Replacement Registry, letter......................   105\nElectronic Privacy Information Center, statement.................   107\nNational Council of Nonprofits, statement........................   110\n\n                        QUESTIONS FOR THE RECORD\n\nHearing Deliverables.............................................    80\nThe Honorable Sam Johnson:\n  United States Office of Personnel Management...................    82\n  Centers for Medicare and Medicaid Services.....................    86\n  Office of Retirement and Disability Policy.....................    90\n  Office of Information and Technology...........................    95\n  United States Government Accountability Office.................   100\n\n \n                   PROTECTING AMERICANS' IDENTITIES:\n                     EXAMINING EFFORTS TO LIMIT THE\n                     USE OF SOCIAL SECURITY NUMBERS\n\n                              ----------                              \n\n\n                         TUESDAY, MAY 23, 2017\n\n             U.S. House of Representatives,\n                       Committee on Ways and Means,\n                           Subcommittee on Social Security,\n\n                             joint with the\n\n      Committee on Oversight and Government Reform,\n                    Subcommittee on Information Technology,\n                                                    Washington, DC.\n    The subcommittees met, pursuant to call, at 2:00 p.m., in \nRoom 1100, Longworth House Office Building, the Honorable Tom \nRice presiding.\n    [The advisory announcing the hearing follows:]\n\n \n             ADVISORY FROM THE COMMITTEE ON WAYS AND MEANS\n\n                    SUBCOMMITTEE ON SOCIAL SECURITY\n                    \n\n           FROM THE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM\n\n                 SUBCOMMITTEE ON INFORMATION TECHNOLOGY\n\n                                                CONTACT: (202) 225-1721\nFOR IMMEDIATE RELEASE\nWednesday, May 23, 2017\nSS-02\n\n              Chairman Johnson and Chairman Hurd Announce\n\n                 Joint Oversight Hearing on Protecting\n\n              Americans' Identities: Examining Efforts to\n\n                Limit the Use of Social Security Numbers\n\n    House Ways and Means Social Security Subcommittee Chairman Sam \nJohnson (R-TX) and House Oversight and Government Reform Information \nTechnology Subcommittee Chairman Will Hurd (R-TX) announced today that \nthe Subcommittees will hold a joint hearing entitled ``Protecting \nAmericans' Identities: Examining Efforts to Limit the Use of Social \nSecurity Numbers.'' The hearing will focus on efforts by federal \nagencies to reduce the use of Social Security numbers, and the \nchallenges these agencies face in doing so. The hearing will take place \non Tuesday, May 23, 2017 in 1100 Longworth House Office Building, \nbeginning at 2:00 PM.\n      \n    In view of the limited time to hear witnesses, oral testimony at \nthis hearing will be from invited witnesses only. However, any \nindividual or organization may submit a written statement for \nconsideration by the Committee and for inclusion in the printed record \nof the hearing.\n      \n\nDETAILS FOR SUBMISSION OF WRITTEN COMMENTS:\n\n      \n    Please Note: Any person(s) and/or organization(s) wishing to submit \nwritten comments for the hearing record must follow the appropriate \nlink on the hearing page of the Committee website and complete the \ninformational forms. From the Committee homepage, http://\nwaysandmeans.house.gov, select ``Hearings.'' Select the hearing for \nwhich you would like to make a submission, and click on the link \nentitled, ``Click here to provide a submission for the record.'' Once \nyou have followed the online instructions, submit all requested \ninformation. ATTACH your submission as a Word document, in compliance \nwith the formatting requirements listed below, by the close of business \non June 6, 2017. For questions, or if you encounter technical problems, \nplease call (202) 225-3625.\n      \n\nFORMATTING REQUIREMENTS:\n\n      \n    The Committee relies on electronic submissions for printing the \nofficial hearing record. As always, submissions will be included in the \nrecord according to the discretion of the Committee. The Committee will \nnot alter the content of your submission, but we reserve the right to \nformat it according to our guidelines. Any submission provided to the \nCommittee by a witness, any materials submitted for the printed record, \nand any written comments in response to a request for written comments \nmust conform to the guidelines listed below. Any submission not in \ncompliance with these guidelines will not be printed, but will be \nmaintained in the Committee files for review and use by the Committee.\n    All submissions and supplementary materials must be submitted in a \nsingle document via email, provided in Word format and must not exceed \na total of 10 pages. Witnesses and submitters are advised that the \nCommittee relies on electronic submissions for printing the official \nhearing record.\n    All submissions must include a list of all clients, persons and/or \norganizations on whose behalf the witness appears. The name, company, \naddress, telephone, and fax numbers of each witness must be included in \nthe body of the email. Please exclude any personal identifiable \ninformation in the attached submission.\n    Failure to follow the formatting requirements may result in the \nexclusion of a submission. All submissions for the record are final.\n      \n    The Committee seeks to make its facilities accessible to persons \nwith disabilities. If you are in need of special accommodations, please \ncall 202-225-1721 or 202-226-3411 TTD/TTY in advance of the event (four \nbusiness days' notice is requested). Questions with regard to special \naccommodation needs in general (including availability of Committee \nmaterials in alternative formats) may be directed to the Committee as \nnoted above.\nNote: All Committee advisories and news releases are available at \n        http://www.waysandmeans.house.gov/\n\n                                 <F-dash>\n\n           OPENING STATEMENT OF ACTING CHAIRMAN RICE\n\n    Mr. RICE. Good afternoon and welcome to today's hearing on \nthe Federal Government's use of Social Security numbers.\n    Unfortunately, Chairman Sam Johnson was unable to be here \nwith us today to discuss one of his favorite topics: ending the \nunnecessary use of Social Security numbers. I know everyone \nhere joins me in wishing Chairman Johnson a speedy recovery.\n    I would like to welcome Chairman Hurd of the Oversight and \nGovernment Reform Committee's IT Subcommittee and all of the IT \nSubcommittee members for joining us in the Ways and Means \nCommittee hearing room today.\n    Back in 1936, when Social Security began issuing Social \nSecurity numbers, they were only used to track earnings and \nadminister the Social Security Program. Back then, it wasn't \nmuch thought about keeping your number a secret, but today, \nSocial Security numbers are the keys to the kingdom for \nidentity thieves. Social Security and identity security experts \nmake a point of telling Americans how important it is to \nprotect their numbers. Social Security numbers are valuable \ntargets for identity theft because of their regular use by both \nFederal Government and private sector as a unique identifier, \nespecially by the financial industry.\n    Time and again, we are reminded to protect our Social \nSecurity cards in order to avoid identity theft and to be \ncareful with what documents we throw away in the trash. Our \nSocial Security numbers are connected to so many personal \naspects of our lives, from our Social Security benefits and \nfinances to our medical histories and our education. But in \nrecent years, privacy concerns have become more and more \ncritical.\n    When I was in law school back in the dark ages, our grades \nused to be posted on the wall to keep secret whose grades they \nwere by Social Security number. Of course, they were posted \nalphabetically. So it wasn't that hard to figure out whose was \nwhose. In fact, one of my very good friends in law school's \nlast name was Ziegler, and he was the smartest guy in the \nclass, and he always made an A and blew the curve. So everybody \njust gave him a hard time. But his Social Security number was \nalways the one at the bottom of the list. And until not long \nago, I probably could recite to you Mr. Ziegler's Social \nSecurity number.\n    While colleges and universities have since changed their \nways, the Federal Government has yet to fully catch up. Just \nover 10 years ago, under President Bush's leadership, the \nOffice of Management and Budget issued a memorandum for the \nsafeguarding of personally identifiable information, including \nthe Social Security number. The memo called for Federal \ndepartments and agencies to reduce or replace the use of Social \nSecurity numbers across the Federal Government.\n    Unfortunately, while some progress has been made in \nreducing the use of Social Security numbers, 10 years later, \nthere is still much work to be done. This hearing is about \nmaking sure that Social Security numbers are only used when \nnecessary and that the Federal Government is doing what it can \nand what it should to make sure that, when Social Security \nnumbers are used and collected, they are kept safe.\n    The Office of Personnel Management hack in 2015 is an \nexample of what happens when the Federal Government collects \nSocial Security numbers but does not keep them safe. And that \nnegligence comes with a cost to both the affected individuals \nand to the taxpayers. The American people rightly deserve and \nexpect that the Federal Government protect their Social \nSecurity numbers and only use them when necessary.\n    I thank all of our witnesses for being here. I look forward \nto hearing from you about how your agencies are working to \ntackle this challenge and what more needs to be done.\n    I now recognize Mr. Larson for his opening statement.\n\n            OPENING STATEMENT OF HON. JOHN B. LARSON\n\n    Mr. LARSON. Thank you, Mr. Chairman.\n    We join with you in certainly wishing our dear friend and \ncolleague Sam Johnson a speedy recovery and would like to add \nhow fortunate we are on the Ways and Means Committee to have \ntwo iconic American heroes serving on the same committee. When \nyou think about Sam Johnson and his service to this country and \nall that he endured on behalf of this Nation, nearly beaten to \ndeath by the Viet Cong and then you think about John Lewis and \nall he endured in this country and nearly beaten to death in \nhis own country, so we have these two iconic legends. And I am \nso proud to serve with Sam and was happy that he asked me to \nintroduce with him the Social Security Must Avert Identity \nLoss, or H.R. 1513, that required the Social Security \nAdministration to remove Social Security numbers from mailed \nnotices. And Mr. Johnson, as I think everybody on the committee \nknows, is such an incredible gentleman. We also have taken \nevery opportunity in the subcommittee to renew a request, A, \nthat I hope the committee will travel to Plano, Texas, and that \nwe have an opportunity to, in as much as Mr. Johnson has \nindicated this is his last term, to have a meeting there in \nPlano, Texas, that would honor Mr. Johnson and the committee in \nthis particular topic area that he is so vitally concerned \nabout.\n    I also want to recognize Chairman Hurd, who is with us, and \nthe lead Democrat, Robin Kelly, for being here in our meeting \nroom as well.\n    Since 2014, hundreds of millions of Americans have lost \ntheir personally identified information, including their Social \nSecurity numbers, to large-scale cyber attacks. The number was \noriginally created in 1936 for the purpose of running the \nNation's new Social Security system. However, its usefulness as \na unique governmental identifier has made it near ubiquitous \nacross government and the private sector. To date, the Social \nSecurity Administration has not suffered any large-scale data \nbreach, but ongoing vigilance is needed, including adequate \nsupport for updating and modernizing the Social Security \nAdministration's IT structure.\n    All together, the Social Security Administration has been \nable it to remove the 9-digit SSN from about one-third of the \nmailings it sends out. Moving forward, they have committed to \nremoving them from the remaining notices wherever they revise a \nnotice, which requires computer upgrades. The severe \nconstraints on Social Security Administration's budget, \nhowever, are preventing the agency from removing numbers from \nall the notices right away. As they estimated, it would cost \n$14 million to do so immediately rather than piecemeal.\n    More alarmingly, since 2010, the number of beneficiaries \nhas grown by 13 percent as the baby boomers enter retirement, \nbut Social Security's operating budget has fallen by more than \n10 percent in that same period. The Social Security \nAdministration simply cannot serve more and more people with \nless and less money each year. Social Security Administration \nis already struggling to serve its beneficiaries at the level \nthey deserve. My constituents are experiencing multiyear wait \ntimes on disability appeals and hearings. Their phone calls are \ngoing unanswered. They face delays in correcting errors in \ntheir benefits and payments.\n    To make matters worse, the President's fiscal year 2018 \nbudget released today also attacks Social Security benefits for \nthose with disabilities as much as $70 billion over 10 years.\n    Mr. Chairman, I would like to submit for the record the 13 \ntimes that Donald Trump promised not to cut Social Security, \nMedicare, and Medicaid.\n    [The following was received from Mr. Larson:]\n    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT] \n\n                                 <F-dash>\n\n    Mr. LARSON. President Trump has promised repeatedly and \nexplicitly throughout the campaign not to cut Social Security \nor Medicare. This broken promise should be especially alarming \nto millions of people who voted for the President, who spent \ntheir working lives paying premiums into the system, believing \nthose benefits would be there for them in retirement or should \nthey become disabled.\n    The bottom line is this: Social Security is the Nation's \ninsurance program. It is not an entitlement. It is the \ninsurance that individuals have paid for throughout a lifetime. \nThe problems with Social Security at its core--this issue that \nwe're taking up today, especially as it relates to theft is \nvitally important to protect people's identity. But equally \nimportant and the responsibility of this committee is actuarial \nsoundness.\n    This is the most efficient government-operated program in \nthe history of the Nation. Ask any private sector insurance \ncompany if they could have a 99-percent loss ratio. They would \ndie for that. And there's no product on the open market where \nyou could produce old age and survivors benefits, disability, \nand a pension plan, and survivors benefits. That is the \nuniqueness of Social Security. That is why it is America's \ninsurance plan that our citizens have paid for. This is not an \nentitlement, and we'll continue to make that point. I hope \nlater this year, Mr. Chairman--and Mr. Johnson has been very \ngracious about saying that we'll get an opportunity to have \nhearings on our bills that will look at expanding and making \nsolvent, well into the next century Social Security for all of \nits American citizens. It's the Nation's insurance program.\n    Mr. RICE. Thank you.\n    I now recognize Mr. Hurd for his opening statement.\n\n               OPENING STATEMENT OF CHAIRMAN HURD\n\n    Mr. HURD. Thank you, Mr. Chairman.\n    In the 2 years plus that I've been in Congress, I've \nlearned one thing, and that is that Americans expect the \nFederal Government to protect their personal information. \nSadly, as evidenced by the devastating data breach at OPM, \nwhich affected more than 20 million people, this is simply not \nthe case.\n    American people deserve better from their government. If \nstolen, we all know that Social Security numbers can be used to \nperpetuate identity theft or worse. You never know what a piece \nof personal information the bad actors need to achieve their \ngoals, whether they are looking to steal money or threaten the \nnational security of our Nation. The Oversight Committee \nrecently held a hearing on the IRS data breach where bad actors \nhacked in the Department of Education and stole income \ninformation from financial aid applications and then used that \ninformation to file fraudulent tax returns with the IRS.\n    All of the agencies appearing before us today collect and \nretain a wealth of information on individual Americans, \nparticularly Social Security numbers. It is essential that we \nreduce the unnecessary use of Social Security numbers, both on \nprinted forms and electronically, in transition and at rest. In \nfact, tomorrow, the House is scheduled to consider \nRepresentative Valadao's Social Security Number Fraud \nPrevention Act of 2017, which was passed out of committee on a \nvoice vote and prohibits agencies from sending Social Security \nnumbers by mail, unless the head of the agency deems it \nabsolutely necessary.\n    The Social Security Administration has 174 million wage \nearners and records on pretty much everybody living and dead. \nIt is a treasure trove of information that must be protected.\n    The Veterans Administration has health records on over 8 \nmillion veterans and their families. I can imagine a few other \nrecords as intimate as an individual's health record. The VA \ncurrently uses Social Security numbers as a patient identifier.\n    Protecting these numbers is critically important for all \nAmericans, but given that Social Security numbers are \nfrequently exchanged with our most at-risk members of society, \nsuch as our seniors, disabled, and veterans, we must take \nutmost precaution to prevent the unnecessary risk of exposure \nfor these populations.\n    One of recommendations that came out of the committee's \ninvestigation of the OPM breach was that agencies reduced their \nuse of Social Security numbers in order to mitigate the risk of \nidentity theft. As agencies undertake this transition, it is \nessential that they rethink how they use, collect, and store \nSocial Security numbers and indeed all pieces of personal \ninformation they collect.\n    I am proud to be here today with my colleagues from the \nOversight Committee as well as my colleagues from the Ways and \nMeans Committee in this important joint hearing to examine \nwhat's working and what we can do better. Today, I hope to \nlearn more about what efforts the Federal Government is taking \nto reduce its collection, use, and storage of Social Security \nnumbers. And thank you for being here today, and I look forward \nto hearing from all of our witnesses.\n    Mr. RICE. Thank you.\n    I now recognize Ms. Kelly for her opening statement.\n\n             OPENING STATEMENT OF HON. ROBIN KELLY\n\n    Ms. KELLY. Thank you, Chairmen Rice and Hurd and Ranking \nMember Larson, for holding this important hearing.\n    Originally created to track the earnings of individuals and \ndetermine eligibility for Social Security benefits, the Social \nSecurity number has become the principal method used to verify \nan individual's identity. But the proliferation of their use \nposes serious challenges to data security and identity theft \nprotection.\n    In 2007, when the Office of Management and Budget \nrecognized that reducing the use of Social Security numbers at \nagencies could reduce the risk of identity theft, 10 years ago \nthis week, OMB issued a memorandum directing agencies to reduce \ntheir use of Social Security numbers by examining where their \ncollection was unnecessary and creating plans to end such \ncollection within 18 months. Now, on the 10-year anniversary of \nthe guidance, we have the opportunity to examine the challenges \nthat have stymied agencies' efforts while learning from those \nagencies who have had success in their initiative.\n    The Social Security Administration no longer prints Social \nSecurity numbers on statements, cost-of-living notices, or \nbenefits checks. The Centers for Medicare and Medicaid Services \nis in the middle of efforts to remove the numbers from all \nMedicare cards by April 2019. Likewise, the Department of \nVeterans Affairs has ceased printing Social Security numbers on \nprescription bottles, certain forms, and correspondence, and is \nworking to find an alternate means of identification that will \nmaintain patient safety while reducing the visibility of Social \nSecurity numbers on patient wristbands.\n    These concrete steps represent real progress, and I commend \nthe agencies on their work so far. But barriers still exist to \nfull implementation of the OMB's guidance. One of those \nbarriers is the lack of a strong coordinative approach from OMB \nitself. GAO found that the 2007 memorandum did not define \nunnecessary use, nor did it outline requirements such as \ntimeline or performance goals. As a result, many agencies were \nvague and subject to varied interpretation over the years. \nAdditionally, OMB did not require agencies to update their \ninventories of Social Security number collection points, making \nit difficult to determine whether agencies were actually \nreducing collection and use. OMB must provide clear direction \nto agencies and strengthen its monitoring of compliance.\n    In addition to poor coordination by OMB, Federal efforts to \nreduce Social Security numbers used have faced other \nchallenges. Agencies are statutorily and legally required to \ncollect Social Security numbers for identity verification in a \nnumber of programs. And Social Security numbers remain the \nstandard for identity verification across government programs. \nOPM briefly took steps to address this issue by working to \ncreate an alternate identifier in 2008 and again in 2015. \nHowever, a lack of approved funding prevented these efforts \nfrom going forward. Until Congress refines the requirements \nmandating Social Security number collection and an alternate \ngovernmentwide identifier is created, significant reductions in \nSocial Security numbers use seems unlikely.\n    Outdated legacy IT systems also cause agencies to struggle \nto obtain their reduction goals. Agencies do not have the funds \nto replace these systems and start anew. This subcommittee has \nspoken at great length about the need to update the Federal \nGovernment's IT infrastructure. And we must put our money where \nour mouth is. I'm concerned that across-the-board budget and \npersonnel cuts proposed by the Trump administration will take \nus in the opposite direction and make it harder to accomplish \nour Social Security number reduction goals.\n    I hope my colleagues will keep this and the need to protect \nAmericans from identity theft in mind as we discuss fiscal year \n2018 budget proposals. I look forward to hearing from our \nwitnesses today, and I yield back the balance of my time. Thank \nyou.\n    Mr. RICE. Thank you. As is customary, any member is welcome \nto submit a statement for the hearing record. Before we move on \nto our testimony today, I want to remind our witnesses to \nplease limit their oral statements to 5 minutes. However, \nwithout objection, all of the written testimony will be made \npart of the hearing record.\n    We have 5 witnesses today. Seated at the table are: Gregory \nWilshusen, Director of Information Security Issues, Government \nAccountability Office; Marianna LaCanfora, Acting Deputy \nCommissioner, Office of Retirement and Disability Policy, \nSocial Security Administration; David DeVries, Chief \nInformation Officer, Office of Personnel Management; and Karen \nJackson, Deputy Chief Operating Officer, Centers for Medicare \nand Medicaid Services; and, finally, John Oswalt, Executive \nDirector for Privacy, Office of Information and Technology, \nDepartment of Veterans Affairs. Welcome to you all and thank \nyou for being here.\n    Pursuant to the committee on Oversight and Government \nReform rules, all witnesses will be sworn in before they \ntestify. Please rise and raise your right hand.\n    [Witnesses sworn.]\n    Mr. RICE. Please be seated.\n    Mr. Wilshusen, welcome and thanks for being here. Please \nproceed. If I butchered your name, I'm sorry.\n\n   STATEMENT OF GREGORY C. WILSHUSEN, DIRECTOR, INFORMATION \n       SECURITY ISSUES, GOVERNMENT ACCOUNTABILITY OFFICE\n\n    Mr. WILSHUSEN. No, you did perfect. Thank you, Chairmen \nRice and Hurd, Ranking Members Larson and Kelly, and Members of \nthe Subcommittee. Thank you for inviting me today to testify at \ntoday's hearing on executive branch efforts to reduce the \nunnecessary use of Social Security numbers.\n    My statement is based on our draft report on Federal \nefforts to reduce the collection, use, and display of these \nnumbers. We have provided a draft report to 25 agencies for \ncomment. We anticipate issuing the final report to you later \nthis summer after we receive agency comments.\n    Before I begin, if I may, I'd like to recognize several \nmembers of my team who were instrumental in developing my \nstatement or performing the work underpinning it. With me is \nJohn de Farrari and Marisol Cruz, who led this work, and \nQuintin Dorsey. In addition, Andrew Beggs, Shaunyce Wallace, \nDave Plocher, Priscilla Smith, and Scott Pettis made \nsignificant contributions.\n    Beginning in 2007, OPM, OMB, and the Social Security \nAdministration undertook several actions aimed at reducing or \neliminating the unnecessary collection, use, and display of \nSocial Security numbers on a governmentwide basis. However, \nthese actions have had limited success. OPM issued guidance to \nagencies and acted to eliminate or mask Social Security numbers \non personnel forms used throughout the Federal Government. It \nalso promulgated a draft regulation to limit Federal \ncollection, use, and display of Social Security numbers, but \nwithdrew the proposed rule because no alternate Federal \nemployee identifier was available that would provide the same \nutility.\n    In 2007, OMB required agencies to establish plans for \neliminating the unnecessary collection and use of Social \nSecurity numbers. OMB also began requiring agency reporting on \nreduction efforts as part of its annual FISMA reporting \nprocess. In 2007, the Social Security Administration developed \nan online clearinghouse on agency's best practices for \nminimizing the use and display of Social Security numbers. \nHowever, this clearinghouse is no longer available.\n    At the individual agency level, each of the 24 CFO Act \nagencies report taking a variety of steps to reduce the \ncollection, use, and display of Social Security numbers. These \nsteps included developing and using alternate identifiers; \nmasking, truncating, or blocking the display of these numbers \non printed forms, correspondence, and computer screens; and \nfiltering email to prevent transmittal of unencrypted numbers.\n    However, agency officials noted that Social Security \nnumbers cannot be completely eliminated from Federal IT systems \nand records in part because no other identifier offers the same \ndegree of universal awareness and applicability. They \nidentified three other challenges. First, several statutes and \nregulations require collection and use of Social Security \nnumbers. Second, interactions with other Federal agencies and \nexternal entities require the use of the number. And a third \nchallenge pertained to technological hurdles that can slow \nreplacement of the numbers in information systems.\n    Reduction efforts in the executive branch have also been \nlimited by more readily addressable shortcomings. Lacking \ndirection from OMB, many agencies' reduction plans did not \ninclude key elements, such as timeframes or performance \nindicators, calling into question the plans' utility.\n    In addition, OMB has not required agencies to maintain up-\nto-date inventories of Social Security number collections and \nhas not established criteria for determining when the number's \nuse or display is unnecessary, leading to inconsistent \ndeterminations and definitions across the agencies.\n    OMB has also not ensured that all agencies have submitted \nup-to-date progress reports and has not established performance \nmetrics to measure and monitor agencies' efforts.\n    Accordingly, in our draft report, we are making five \nrecommendations to OMB to address these shortcomings. Until OMB \nand agencies adopt better and more consistent practices, their \nreduction efforts will likely remain limited and difficult to \nmeasure. Moreover, the risk of Social Security numbers being \nexposed and used to commit identity theft will remain greater \nthan it need be.\n    Chairman Rice, Chairman Hurd, Ranking Members Larson and \nKelly, this concludes my statement. I'd be happy to answer your \nquestions.\n    [The prepared statement of Mr. Wilshusen follows:]\n    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n    \n\n                                 <F-dash>\n    Mr. RICE. Thank you, sir.\n    Ms. LaCanfora, welcome and thanks for being here. Please \nproceed.\n\n STATEMENT OF MARIANNA LACANFORA, ACTING DEPUTY COMMISSIONER, \n  OFFICE OF RETIREMENT AND DISABILITY POLICY, SOCIAL SECURITY \n                         ADMINISTRATION\n\n    Ms. LACANFORA. Acting Chairman Rice, Chairman Hurd, Ranking \nMember Larson, Ranking Member Kelly, and Members of the \nSubcommittees, thank you, for inviting me to discuss the \nhistory of the Social Security number, how the Social Security \nAdministration uses it to administer its programs, and efforts \nto reduce the number's use. I am Mariana LaCanfora, Acting \nDeputy Commissioner for Retirement and Disability Policy.\n    There's a rich history surrounding the Social Security \nnumber. Those responsible for implementing the new Social \nSecurity Program understood that crediting earnings to the \ncorrect individual would be critical to the program's success. \nNames alone would not ensure accurate reporting. Accordingly, \nin 1936, we designed the 9-digit SSN and SSN card to allow \nemployers to accurately report earnings.\n    Today, over 80 years since the program's inception, we have \nissued around 500 million unique numbers to eligible \nindividuals. The SSN continues to be essential to how we \nmaintain records. Without it, we could not carry out our \nmission. However, the SSN and SSN card were never intended, nor \ndo they serve, as identification. We strongly encourage other \nagencies and the public to minimize their use.\n    We also provide electronic verifications of SSNs to our \nFederal and State partners to prevent improper payments. In \n2016, we performed over 2 billion automated SSN verifications.\n    Although we created the SSN, its use has increased \ndramatically by other entities over time. A 1943 executive \norder require Federal agencies to use the SSN. Advances in \ncomputer technology and data processing in the 1960s further \nincreased the use of the number. Congress also enacted \nlegislation requiring the number for a variety of Federal \nprograms. Use of the SSN grew not just in the Federal \nGovernment but throughout State and local governments to banks, \ncredit bureaus, hospitals, educational institutions, and other \nparts of the private sector.\n    As use of the SSN has become more pervasive so has the \nopportunity for misuse. We have taken numerous measures to help \nprotect the integrity of the SSN.\n    In 2001, we removed the full SSN from two of our largest \nmailings: the Social Security statement and the Social Security \ncost-of-living adjustment notice. These notices account for \nabout a third of the roughly 352 million notices that we send \nout each year.\n    In 2007, OMB issued a memo requiring agencies to review \ntheir use of the SSN and identify unnecessary use of the \nnumber. We recognized that although we need the SSN to \nadminister our programs, we could and did refine all of our \npersonnel policies to reduce reliance on the number.\n    Still, we recognize that we need to do more. Two-thirds of \nour notices have the Social Security number. Our notice \ninfrastructure is complex. About 60 different applications \ngenerate notices and every notice is created to respond to an \nindividual's unique circumstances. Nevertheless, we are \ncommitted to replacing the SSN with a beneficiary notice code, \nor BNC, as we modify existing notices or create new ones. The \nBNC is a secure, 13-character, alphanumeric code that helps our \nemployees identify the notice and the beneficiary and respond \nto inquiries quickly. We initially developed the BNC for use in \nthe Social Security cost-of-living adjustment notice.\n    Additionally, next year, we will replace the SSN with the \nBNC on benefit verification letters as well as appointed \nrepresentative and Social Security post-entitlement notices. \nTogether these mailings account for 42 million annual notices.\n    We take great care to protect the integrity of the SSN and \nthe personal information of the public we serve.\n    Thank you for the opportunity to describe our efforts. I'd \nbe happy to answer any questions.\n    [The prepared statement of Ms. LaCanfora follows:]\n    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n    \n\n                                 <F-dash>\n    Mr. RICE. Thank you, Ms. LaCanfora.\n    Mr. DeVries, welcome and thanks for being here. Please \nproceed.\n\n STATEMENT OF DAVID DEVRIES, CHIEF INFORMATION OFFICER, OFFICE \n                    OF PERSONNEL MANAGEMENT\n\n    Mr. DEVRIES. Thank you, Chairman Rice, Chairman Hurd, \nRanking Member Larson, Ranking Member Kelly, and Members of the \nSubcommittees, thank you for the opportunity to appear before \nyou today to represent the Office of Personnel Management with \nrespect to reducing the use of Social Security numbers as a \npersonal identifier.\n    In 1962, the Civil Service Commission adopted the SSN to \nidentify Federal employees. Over time, the SSN became universal \nto almost every piece of paper or its digital form in a Federal \nemployee's official personnel file. It became a de facto \npersonnel identifier. The SSN was used for routine personal \nactions to record training, to request health benefits, and for \nmany other purposes.\n    In 2007, OPM issued guidance to Federal agencies to develop \nconsistent and effective measures for use in safeguarding of \nFederal employees' SSNs. The intent of these measures was to \nminimize the risk of identity theft and fraud in two ways, one \nby eliminating the unnecessary use of SSN as an identifier and \nby strengthening the protection of personal information, \nincluding SSNs, from theft or loss. Examples of the measures \nthat we recommended were eliminating the unnecessary printing \ndisplay of the Social Security number on forms, reports, and \nyour computer displays, and restricting access to only those \nindividuals who had a need to know, and they were notified of \ntheir additional responsibilities to safeguard that. We also \nincluded privacy and confidentiality statements to go along \nwith the--and, finally, we came up with how do you mask it or \nhow do you take the Social Security numbers out of the forms \nitself there.\n    Internal to the OPM, we examined our internal policies with \nrespect to the use of SSNs and, in 2012, issued an addendum to \nour information security and privacy policy. The updated policy \nidentifies acceptable uses of the SSN, describes how the \nauthorized use will be documented, and presented alternatives \nfor SSN. This internal policy addendum notes that acceptable \nuse of the SSN are only those that are provided for by law, \nexecutive order, require interoperability with organizations \noutside the OPM, or are required by operational necessities to \nachieve agency mission. For example, the SSN is a single \nidentifier that is consistent across the security investigation \nprocess and may be necessary to complete an individual's \nbackground investigation. But it is now protected in both \ntransit and in storage.\n    OPM has taken other efforts to reduce the use of SSNs since \nissuing the 2012 policy. OPM modified the USAJOBS and the USA \nStaffing Systems so that neither collect SSNs from applicants. \nWe also undertook an effort in 2016 to understand which IT \nsystems maintain SSNs and how they use those to communicate \nwith other programs. The initial inventory was completed in \nSeptember 2016, and we are now using it to validate the \nprogress made and identify other opportunities. In addition, we \nare updating the internal 2012 policy this year.\n    It is difficult to completely eliminate the Federal use of \nSSNs without a governmentwide coordinated effort and dedicated \nfunding. SSNs are generally the common element linking \ninformation among agencies, OPM shared service providers, and \nbenefit providers. In the fall 2016, OMB and OPM proposed the \nprogram unique identifier, or PUID, initiative to reduce the \nuse of SSNs in many government systems and programs. The PUID \ninitiative sought to facilitate the exchange of information \nwithout SSNs. This would be accomplished by providing an \nalternative numbering scheme to uniquely identify records \nacross various programs and agencies. An initial proof of \nconcept shows potential for continued study.\n    Members of the subcommittee, thank you for having me here \ntoday to discuss OPM's rule in reducing the use of SSNs and for \nyour interest and support in this important issue here. \nSafeguarding the PI of our Federal employees and others whose \ninformation we hold is of paramount importance to OPM. I would \nbe happy to address any questions you may have. Thank you.\n    [The prepared statement of Mr. DeVries follows:]\n    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n    \n\n                                 <F-dash>\n    Mr. RICE. Thank you, Mr. DeVries.\n    Ms. Jackson, thank you for being here. You can proceed.\n\n  STATEMENT OF KAREN JACKSON, DEPUTY CHIEF OPERATING OFFICER, \n            CENTERS FOR MEDICARE & MEDICAID SERVICES\n\n    Ms. JACKSON. Chairman Rice and Hurd, Ranking Members Larson \nand Kelly, and Members of the Subcommittees, thank you for this \nopportunity to discuss the Centers for Medicare and Medicaid \nServices' work to safeguard the personally identifiable \ninformation of the beneficiaries whom we serve, including our \nongoing work to eliminate use of the Social Security number on \nMedicare cards.\n    This effort is an important step in protecting \nbeneficiaries from becoming victims of identity theft, one of \nthe fastest growing crimes in the country. As we all know, \nidentity theft can disrupt lives, damage credit ratings, and \nresult in inaccuracies in medical records. Thanks to \ncongressional leadership and, in particular, Chairman Johnson, \nwhom I am sorry is not here today, and members of the Ways and \nMeans Committee, and based on the recommendations of our \ncolleagues from the Government Accountability Office, CMS will \neliminate the Social Security number-based identifier on \nMedicare cards by April 2019, as Congress directed us, as part \nof the Medicare Access and CHIP Reauthorization Act of 2015, \nknown as MACRA. We very much appreciate Congress providing us \nwith the resources necessary to undertake this important \nproject.\n    Beginning in April 2018, all newly enrolled Medicare \nbeneficiaries will receive a Medicare card with a new Medicare \nBeneficiary Identifier, known as the MBI. At the same time, CMS \nwill begin distributing the new Medicare cards to our current \nbeneficiaries. This new Medicare number will have the same \nnumber of characters as the current 11-digit Social Security \nnumber-based health insurance claim number, known as the HICN, \nbut will be visibly different and distinguishable from the \nHICN. With the introduction of the MBI, for the first time, CMS \nwill have the ability to terminate the Medicare number and \nissue a new number to a beneficiary in instances where they are \na victim of identity theft or their Medicare number has been \ncompromised in some way.\n    Transitioning to the MBI will help beneficiaries to better \nsafeguard their personal information by reducing the exposure \nof their Social Security numbers. CMS has already removed the \nSocial Security number from many types of our communications, \nincluding the Medicare summary notices that are mailed to \nbeneficiaries on a quarterly basis. We have prohibited private \nMedicare Advantage Plans and Medicare Part D prescription drug \nplans from using Social Security numbers on their enrollees' \ninsurance cards.\n    Many people wonder why CMS has used an identifier based on \nthe Social Security number in the first place. When the \nMedicare program was established in 1965, it was actually the \nSocial Security Administration who administered the program. \nWhile CMS is now responsible for management of Medicare, the \nSocial Security Administration still enrolls beneficiaries and \nboth CMS and the Social Security Administration rely on \ninterrelated systems to coordinate eligibility for Medicare \nbenefits and for Social Security benefits.\n    Currently, healthcare providers use the HICN when they \nsubmit claims in order to receive payment for healthcare \nservices and also for supplies. And CMS and its contractors use \nthe HICN to process those claims, authorize payments, and to \nissue some beneficiary communications.\n    We're in the process of making changes to over 75 of our \naffected systems to replace those systems' indicators with the \nMBI over the HICN, and we have developed the software that will \ngenerate MBIs and assign them to beneficiaries. We are working \nwith our key partners, such as SSA, Railroad Retirement Board, \nStates and territories, the Indian Health Service, the \nDepartment of Defense, Department of Veterans Affairs, \nhealthcare providers, and other key stakeholders--there are a \nlot of them--to ensure that beneficiaries continue to receive \naccess to services and our partners will be able to process \nusing the new MBI.\n    We are implementing an extensive and phased outreach and \neducation program for the estimated 60 million beneficiaries \nwho will be receiving new cards, as well as to providers, \nprivate health plans, other insurers, clearinghouses, and other \nstakeholders. This fall, we will tell Medicare beneficiaries \nthey will be receiving a new card, instruct them on when they \nwill be receiving it, and what to do with their old cards.\n    We are also working to make sure that physicians and other \nhealthcare providers are prepared to serve patients throughout \nthe transition by creating information for providers both for \nthem to update their records with the new MBI and also for them \nto help remind beneficiaries that they need to bring their new \ncards with them when they see their doctors.\n    We know from other successful large-scale implementations \nthat it helps to allow time for all stakeholders to adjust to \nthe changes. And so, beginning in April of 2018, when we begin \nto mail out the cards, CMS will have a 21-month long transition \nperiod, during which our systems will accept transactions both \ncontaining the MBI and also the HICN.\n    Throughout our programs, we are committed to safeguarding \npersonal information. Redesigning the Medicare card to remove \nthe Social Security number-based identifier is a very important \nstep for CMS in helping to combat identity theft and further \nprotect our beneficiaries.\n    Thank you very much for your interest in our progress \ntoday, and I look forward to answering your questions.\n    [The prepared statement of Ms. Jackson follows:]\n    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]   \n\n\n                                 <F-dash>\n    Mr. RICE. Thank you, Ms. Jackson.\n    Mr. Oswalt, thank you for being here. You can proceed.\n\n   STATEMENT OF JOHN OSWALT, EXECUTIVE DIRECTOR FOR PRIVACY, \n   OFFICE OF INFORMATION TECHNOLOGY, DEPARTMENT OF VETERANS \n                            AFFAIRS\n\n    Mr. OSWALT. Good afternoon, Chairman Rice, Chairman Hurd, \nRanking Member Larson, Ranking Member Kelly, and distinguished \nMembers of the Subcommittees. Thank you for this opportunity to \nparticipate in your joint hearing on government use of Social \nSecurity numbers across the government and VA, and the steps \nthat VA has taken to find ways to reduce, eliminate Social \nSecurity numbers from VA's systems.\n    VA's mission is to serve with dignity and compassion \nAmerica's veterans and their families. This mission is \ncontingent upon accurate and timely information being readily \navailable. If we are to advocate for veterans, ensure they \nreceive the medical care, benefits, social support, and lasting \nmemorials they have rightfully earned in service to our Nation, \nVA most properly identify, verify, and coordinate this \nprotected information entrusted to us.\n    The Department interfaces with many other Federal agencies, \nincluding but not limited to, the Department of Defense, the \nSocial Security Administration, the Internal Revenue Service, \nand the Department of Education.\n    VA's primary uses of SSNs are threefold: One, locate \nveterans and their dependents to ensure correct identification \nassociated with the delivery of healthcare and services; second \nidentify employees for employment related recordkeeping; and, \nthree, ensure 100 percent accuracy in patient identification. \nMistaken identity in the delivery of healthcare can result in \ncatastrophic and tragic outcomes. Until such time when the \ncomprehensive and equally accurate means to do so is \nestablished and implemented, the use of SSNs remains the best \nmeans of ensuring patient identification.\n    In addition, SSNs must be used if required by law or \nregulation for purposes such as background investigations, \nincome verification, and the matching of computer records \nbetween government agencies.\n    Elimination of the SSN use is not solely a function of \ninformation technology, IT. The business processes used by the \nVeterans Health Administration, VHA; the Veterans Benefit \nAdministration, VBA; and VA offices require a complete overhaul \nin how they establish absolute identity verification inside VA \nand, equally important, outside VA.\n    IT solutions to eliminate SSN use can only occur after our \nintegrated and comprehensive review of SSN's use and its \ninterconnectedness is complete. VA recognizes the growing \nthreat posed by identity theft and the impact on veterans, \ndependents, and employees. In 2009, VA created and implemented \nthe enterprisewide Social Security reduction effort--Social \nSecurity Number Reduction Effort. The goal of an SSNR is to \ngather and catalog SSN use, leading to the reduction and/or \nelimination of the SSN as the VA's primary identifier, all \nwhile maintaining the 100 percent requirement for proper \nveteran patient identification.\n    For example, VHA has eliminated the full SSN use on \nappointment letters, routine correspondence, and the veteran's \nhealth identification card. VA mailout pharmacy has eliminated \nthe SSN from prescription bottles and mailing labels. As a \nwhole, VA has removed SSNs from several forms where such use \nwas deemed not necessary. VBA is modifying an existing contract \nto replace SSNs with barcode labels on all outgoing \ncorrespondence. Completion of that effort is expected in \nNovember of this year.\n    As VA migrates away from SSN use, the Office of Information \nTechnology is collaborating with stakeholders to continue \nexpanding the use of the Master Veteran Index, MVI, a registry \nof veterans, their beneficiaries and other eligible persons. \nMVI serves as the authoritative identity source within VA and \ngenerates an assigned and integrated control number, or ICN, \nfor each veteran. The use of MVI as a unique identifier \ncontinues to expand with the ultimate goal being replacement of \nthe SSN as a primary identifier.\n    There are many challenges facing VA regarding the \nelimination of the unnecessary collection and use of the SSN. \nThis includes an enterprisewide system analysis that needs to \nbe conducted to find and identify the large volume of interface \nsystems that VA needs for clinical care and administrative \nfunctions, undertaking a robust education and retraining \nprogram for employees to implement any now unique identifier--\nthis has already begun, but it will take time to integrate \nfully into our work processes--and acceptance by the veteran \ncommittee community. A change of this magnitude across the \nentire VA system will require substantial outreach and \neducation.\n    VA has made considerable progress toward eliminating \nunnecessary use of SSNs and continues to reduce the use of SSNs \nwith the goal to replace it with an alternative primary \nidentifier. This concludes my testimony, and I'm prepared to \nanswer any questions you or other Members of the Subcommittee \nmay have. Thank you.\n    [The prepared statement of Mr. Oswalt follows:]\n    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]    \n\n                                 <F-dash>\n    Mr. RICE. Thank you, Mr. Oswalt.\n    We now turn to questions. As is customary for each round of \nquestions, I will limit my time to 5 minutes, and I will ask my \ncolleagues to also limit their questioning time to 5 minutes as \nwell.\n    Mr. Oswalt, I want to start with you. You were just \nspeaking of the hurdles that the VA has to cross to eliminate \nthe Social Security number and, of course, how critical it is \nthat we make sure that we identify each patient, as their lives \nare in the balance, right, and make sure they get the right \nmedication and so forth.\n    So you were saying that, as a replacement for the Social \nSecurity number, you started implementing an ICN. What you \ndidn't tell us is how long it's going to take to get that done. \nWhat would be your best estimate for when you can get that \ndone?\n    Mr. OSWALT. Well, the MVI, which is the registry of all \ncertain types of identifiers, has been in place in various \nincarnations since 1999.\n    Mr. RICE. So you don't use Social Security numbers anymore?\n    Mr. OSWALT. We do use Social Security, but its use as a \nprimary identifier is still in the VA processes. The ICN is \ngenerated by all the information that the MVI collects. So \nusing that ICN as a means to identify a veteran as their \ninformation traverses the system or a machine talking to a \nmachine; that has happened to a large extent already. It's \nprimarily the SSN use is when there's a human-to-human \ninterface between the clinician and the patient.\n    Mr. RICE. Do you still have their Social Security numbers \non their little wristbands?\n    Mr. OSWALT. Yes, we do. There is an effort underway, I \nbelieve, on a pilot level. Right now, we are seeking to \neliminate the full SSN with the goal of being a complete \nelimination, and there's also a barcode----\n    Mr. RICE. Do you have any kind of timetable for that?\n    Mr. OSWALT. Sir, I would have to take that and provide that \nfor the record because I'm not aware of the project status.\n    Mr. RICE. Thank you, Mr. Oswalt.\n    Ms. Jackson, your testimony was very interesting and \nexciting to me. You said, by 2018, you will eliminate Social \nSecurity numbers from the Medicare cards. You are moving at \nlightning speed for the Federal Government. Thank you for your \nefforts.\n    Mr. DeVries, you said something that was very interesting \nto me. You have stopped collecting Social Security numbers for \napplicants for employment for the Federal Government?\n    Mr. DEVRIES. Correct, sir. When an applicant is going to \nenter into or wants to come into the Federal Government and \nthey go to the USAJOB site, we no longer collect their Social \nSecurity number from them at that time, correct.\n    Mr. RICE. When do you collect their Social Security \nnumbers?\n    Mr. DEVRIES. So we don't collect it. The agency--once we \nmatch up the job applicants against the job posting, to what we \ncall U.S. Staffing, and the agency takes that referral list and \nthe list of applicants and they narrow it down and they make \nthe selection, when they bring that person on to make them \nemployment offer, that's when the agency that's hiring them \ncollects that from them then.\n    Mr. RICE. I know they would use their Social Security \nnumber for tax withholdings and such. What else would they use \nthe Social Security number for when they were looking to hire \nsomebody?\n    Mr. DEVRIES. So it is mostly that. It is your status of \nemployment and then the benefits that come with it, whether it \nbe the pay and then reporting back to the IRS and the Social \nSecurity side of the house.\n    Mr. RICE. Do you do criminal background checks in any \nagency of the government?\n    Mr. DEVRIES. So, once you become an employee and if your \nposition requires that, then, when you submit for the \nbackground investigation, that would also be the primary use. \nAnd similar to what we do in the VA, though, once it gets into \nthe background investigation system, then it is a different \nnumber that becomes the controlling number for it.\n    Mr. RICE. And since this massive hacking that occurred \nseveral years ago, I assume you've implemented a lot more \nprotections to prevent that from happening again.\n    Mr. DEVRIES. Yes, sir.\n    Mr. RICE. Ms. LaCanfora, gosh, amazing statistics. Did I \nhear you correctly that you respond, that you verify 2 billion \nrequests per year? Is that right?\n    Ms. LACANFORA. Two billion verifications, yes.\n    Mr. RICE. Wow. So that would be like six for every single \nliving person in the country.\n    Ms. LACANFORA. Yes. It is worth noting that more than half \nof those are Federal and State agencies that are verifying \nnumbers with us, and that can happen multiple times throughout \na year if they are processing, for example, an application for \nbenefits.\n    Mr. RICE. All right.\n    OMB has required agencies to eliminate the unnecessary use \nof Social Security numbers, but they never defined what \nnecessary use is. How does each of your agencies define \nnecessary use? I'll start with you, Mr. Wilshusen.\n    Mr. WILSHUSEN. Actually, I don't know how my agency has \ndefined unnecessary use. What we did in terms of our audit of \nthe other agencies is determine to what extent that they have \ndefined unnecessary use. We found that of the 24 CFO Act \nagencies, a number of them, four I believe, did not define what \n``unnecessary use'' is and another eight didn't have it \ndocumented or did not have a formal definition. Rather the \nagencies, based it on the judgment of the individuals who are \nmaking the particular assessment on Social Security use.\n    Mr. RICE. Thank you, sir.\n    Mr. Larson.\n    Mr. LARSON. Thank you, Mr. Chairman.\n    And I want to thank the witnesses again.\n    What a credit to government service you are, and I thank \nyou for being here today.\n    Just a couple of questions. First, it has got to be \nincredibly hard to operate an agency that is the largest \ninsurer in the Nation and to do so with a 99-percent loss \nratio, the envy of any private sector insurance company. Kudos \nto you. Not without its problems and complexities, one of which \nwe are exploring here today in terms of making sure we get \nafter fraud and abuse. And as we said many times on the \ncommittee, anyone who abuses this system, a sacred trust, ought \nto get the ultimate penalty. And I'm all for strengthening \nanything that we can do to further crack down on this.\n    What we've heard in your testimony today is a couple of \nthings that strike me. Number one, we have a 13-percent \nincrease overall with the baby boomers coming through the \nsystem, and yet you have had a 10-percent overall cut in your \nbudget. One has to ask, how are you able to manage with these \nincreases and the complexity of the problems that you face, \nincluding hacking?\n    Now, listen I am one of those people that would also concur \nthat, hey, listen, some--you don't always--you know, cuts in \nservice, if they are replaced by technology that is current, \ncan overcome those things. But it seems to me like you're also \nsaddled with legacy IT that needs to be updated and improved, \nand yet there aren't the resources that we funneled you to do \nthat. Is that a fair assessment?\n    Ms. LACANFORA. You have cited some of our challenges, yes. \nI think I will mention, though, that we are embarking on a very \nambitious IT modernization plan. We know that we cannot \ncontinue to operate the way that we are operating.\n    Mr. LARSON. When you say you are embarking on it, do you \nhave the money for it? And where are we going? It seems like a \nlot of the problems and concerns that we are confronted with, \nespecially in the area of veterans, et cetera--and I noticed \nthe wristband concerns that were brought up in terms of \nidentification--that if we have the resources, and certainly we \nhave the technological capability, why wouldn't we protect what \nis the government's leading program to protect and assist its \ncitizens? Could you--do you need more money?\n    Ms. LACANFORA. I think our budget folks are coming up to \nbrief your staff on the 2018 budget, but I will say that the \n2018 budget attempts to balance service and stewardship, as \nwell as improving the efficiency with which we operate--the IT \nmodernization plan that I mentioned is something that we are \nlooking forward to advancing, and we're considering that to be \nan agency priority. So we are going to dedicate the funding to \nsupport that. Part of that will help us to modernize our \ncommunications infrastructure and remove the SSN from the \nremaining notices.\n    Mr. LARSON. What it is very alarming to us--and I know that \nmy colleagues on the other side of the aisle share this as \nwell--is that we know how vital this program is to all of our \ncitizens. We know and everyone can attest to the long waits on \ndisability in terms of processing claims. It seems the country, \nas gifted as we are with IT, this ought to be something that we \nought to be able to solve rather easily. So it is further \nfrustrating when we continue to see cuts in the budget and \nquite alarming today when we have the President's budget is \nrevealed with about a $70 billion cut in Social Security, \nwhich, to me, is unconscionable, especially given the \nPresident's previous statements about preserving and saving, if \nnot expanding, these benefits to keep pace actuarially where \nthey should be from where we were in 1983, when we actually \nlast looked at this from in a business actuarially sound \nposition. I really believe that we can close a lot of these \ngaps with appropriate technology and assistance from the rank \nand file, who I would also note, according to testimony in \nprevious hearings, that frontline members in Social Security \noffices are our best line of defense against fraud and abuse \nand waste. And they don't get enough credit. And continuing to \ncut the budget, instead of looking at investments in both IT \nand where we can be more efficient and successful, I think is \nwhere we need to go. Thank you.\n    Mr. RICE. Just to clarify, the President is not talking \nabout cutting benefits. He's talking about cutting \nadministrative costs.\n    Mr. Schweikert.\n    Mr. SCHWEIKERT. Thank you, Mr. Chairman.\n    Forgive me, who would be the most technical of all of you. \nAll right. I need you to work through something with me and \ncorrect me if I'm not hearing something correctly. I have a \nBNC. I have a PUID. I have an MBI. I have an ICN. Are these all \non a common registry that, a derivation table, that you tag in \ntechnology and you pull back and tag?\n    Mr. DEVRIES. No, sir\n    Mr. SCHWEIKERT. In that case, forgive me, and look, I've \nonly been reading the testimony and the things here, but what I \nsee is absurd technologywise. Without a common central token \nsystem--and forgive me, but if you use Apple Pay here, Apple \nPay does not hold your credit card number. What it does is it \ncreates a one-time-use token. The token hands off, matches, is \nhanded back a number, reflects back. You all have IT budgets. \nYou're trying to solve a problem, but in many ways--I need you \nto walk me through--it's my fear that the problem may have just \ngotten worse because I have the VA now with one set of numbers. \nI have Medicare with a different set of numbers. I have OPM \nwith a different set. I'm now going to have Social Security \nwith another blind identifier. Have we just made the problems \nmuch worse at least for the customer service aspect?\n    Mr. DEVRIES. Sir, if I could, let me address that to a \nlimited degree here. What you just heard here was exactly the \ncase. We took the one common field--it is called 9-digit Social \nSecurity number--that grew up for decades. It became ubiquitous \nin every form that we filled out. And then we said we can't \nshow that, we can't display it out, we have to cut the use of \nthat to where it is not publicly used----\n    Mr. SCHWEIKERT [continuing]. Blind it.\n    Mr. DEVRIES. We created a scheme for each of these things. \nI came from several years inside DOD. And so when I become a \nDOD member, I become a veteran at the end of that thing, yet I \nget a different number. Now I am a civil servant; I get a \ndifferent number yet. How do we unite that thing? That's where \nwe need the unification at the top there to help drive the \nstandardization of these things and then how do you link them \nback, because, at the end of day, I still need to tie the \ndifferent benefits that come at it from the various employment \nopportunities and----\n    Mr. SCHWEIKERT. Does everyone see what I'm observing is we \nmay be actually, in our attempt to blind these numbers, \ncreating another cascade effect that's going to create a whole \nnew level of complication, and that is when my veteran happens \nto also be working on his Medicare, who also is dealing with a \nSocial Security dispute, that may be wanting to go back to work \nfor the Federal Government at the Park Service, and now I have \na handful of different numbers.\n    Off just the top of my head--and I'm on the edge of my \ntechnical expertise--I could come to you right now and, whether \nit be in a distributed ledger model, but some sort of common \ntokenization, where I hand this number, I get the hand off, and \nI would get a constant match. It wouldn't stop you all from \ndoing what you're doing, but we would have to actually build a \ncommon unified clearinghouse data system that would reflect all \nthe numbers and then hand back the one-time-use token. But that \nmay be a unifying solution to solve actually a number of our \nproblems, which is I can actually take you all the way to \nSocial Security earned income tax credit fraud and a whole \nnumber of other things that could actually help on. Am I way \nout of my league here from your area of expertise? Am I seeing \na unifying problem here?\n    Mr. DEVRIES. You are correct, sir. In my opening remarks, I \ntalked about the program unique identifier. The concept there \nwas to keep the Social Security number as the gold place. You \nprotect that. You surround it, but you don't bring it out. And \nthen you have programs, and so each of these could be a unique \nprogram. And they would have structures to their numbering \nschemes, and they own the numbering schemes, just like we \ntalked about today here, but then it gets associated back to \nit, and that's what gets shared out. If his Medicare card gets \nconfiscated or lost, we cut him a new one; it does not start \nthe whole process.\n    Mr. SCHWEIKERT. Obviously, it would be easier if every time \nsomeone used a Medicare benefit, they had a chip card that \nhanded off a new token, but the fact of the matter is you are \nnot going to design the same thing where I type in this time \nthe unique number; it hands off. It may be worth a conversation \nfor those who are interested in this type of technology. Maybe \nas the committee here, we need to sort of--it is going to take \nsome resources, but there has to be a unified theory we could \nget to make this simpler.\n    I yield back Mr. Chairman.\n    Mr. RICE. Thank you.\n    Ms. Kelly.\n    Ms. KELLY. Thank you, Mr. Chairman.\n    Social Security numbers have become used as a principal \nmethod of identity verification in and across agencies. \nHowever, that very fact makes them lucrative targets for \nidentity thieves.\n    Mr. Wilshusen----\n    Mr. WILSHUSEN. Wilshusen.\n    Ms. KELLY. You testified that SSNs are particularly risky \nbecause they can, quote, ``connect an individual's PII across \nmany agencies' information systems and databases.'' Can you \nexplain how the widespread use of Social Security numbers \nincreases the risk of identity theft?\n    Mr. WILSHUSEN. Certainly. And thank you for the question. \nOne of the reasons is that they are available, and if the \nnumbers are not properly secured, they are vulnerable to theft. \nIn our work on information security at Federal agencies, we \nlooked at the examination of--or examined the security controls \nover the agency's information. We have often found that the \nsecurity controls are not effective to the extent to where they \ncan adequately protect the confidentiality, integrity, and \navailability of the information and systems at those agencies. \nSo, by having stores of Social Security numbers in a particular \nagency and they are not adequately protected, then that \ninformation can be stolen and used not only at that agency but \ncan be used as an identifier for that individual at other \nagencies and indeed in the private sector as well.\n    Just last year, in fiscal year 2016, agencies reported \nabout 8,300 incidents involving PII to the US-CERT for fiscal \nyear 2016. So it's a present problem.\n    Ms. KELLY. How could the use of such an alternate \nidentifier reduce the risk of identity theft?\n    Mr. WILSHUSEN. Well, for one, it may limit the extent to \nwhich an alternative ID may be used to identify that individual \nwith other databases at other entities. So it's an opportunity \nto limit the extent that that identifier can be used across \nvarious different organizations.\n    Ms. KELLY. And you talked about in your testimony no such \nidentifier was available. Can you expound on that?\n    Mr. WILSHUSEN. Well, there are other identifiers but none \nthat's universally as accepted and applicable as the Social \nSecurity number. We did report that, in certain instances and \nat certain organizations, including DOD and VA or VHA, they've \nstarted to use an alternate identifier other than Social \nSecurity numbers to provide their members and require one.\n    Ms. KELLY. Despite OPM's failure to implement an alternate \nin 2008, the agency proposed a program unique identifier \ninitiative in 2015 to provide an alternative way for \nidentifying records in government systems.\n    Mr. DeVries, is that correct? And can you elaborate on \nthat?\n    Mr. DEVRIES. Ma'am, could I get the last part of your \nquestion there?\n    Ms. KELLY. I asked about the proposed program unique \nidentifier initiative in 2015 to provide an alternate way for \nidentifying records in government systems. And can you \nelaborate on that?\n    Mr. DEVRIES. Yes, ma'am.\n    So, again, going back to, from a program perspective, if \nyou define a program as being a functional area of interest, so \nlike say CMS, VA, DOD and some other ones, there are benefits \nand other things that must get reported and attributed back to \nthe individual. When I was born, I got a Social Security \nnumber. I went up and I worked as a teenager. I went to \ncollege. I started in the work force. Along the way, I accrued \nthese different benefits. But each one gets recorded in their \nown way. So, by uniting--and kind of going with what we talked \nabout before with a ledger that says here's the program owner \nfor this numbering scheme and we standardize the numbering, \nthen you can reuse those things. And, again, just as he pointed \nout, we would not--if you lose your Medicare card, you lose the \nconnectivity of what that thing represented in the Medicare \nbusiness but not across the whole financial institutions and \nall the other ones.\n    The challenge is, how do I work that thing not only at the \nFederal level at the agencies here but then down to the \nagencies that report into us and also to the State and local \ngovernment things. Because everything is coded into these \nvarious programs, the Social Security Administration talked \nabout the number system she has. They keep on exploding when \nyou go down to the State and local government side of the house \ntoo. And all those have to be linked together there at some \npoint in time. But I think we can take it one phase at a time.\n    Ms. KELLY. I worked for the State of Illinois, and it was \nthe same issue there. And I wonder, do States change it on \ntheir own one by one or how does that--do they decide to make \nchanges? Because I think, before I left, they did can make some \nchanges because they had Social Security numbers on everything.\n    Mr. DEVRIES. I'll let my esteemed colleagues talk here, but \nwithin the Department of Defense, where we have moved from \nmoving away from Social Security numbers on all of our ID cards \nand so forth, that did not happen overnight. It came with \nputting out a standard, coming up with a schema, as we talked \nabout, and then enforcing it.\n    Mr. RICE. Thank you Ms. Kelly.\n    Mr. Mitchell.\n    Mr. MITCHELL. Thank you, Mr. Chair.\n    Mr. Wilshusen, let me start with you. One of the things \nthat I haven't seen referenced here is the use of Social \nSecurity numbers and the hacking that goes on with the IRS. It \nprobably won't surprise you to know that I--among how many \nmillion others of Americans have had their Security number \nhacked for IRS purposes.\n    The solution to that was we'll issue a PIN number. So you \nget a PIN number mailed to you so you can file your taxes.\n    Do you know what happened this year on that?\n    Mr. WILSHUSEN. I understand that those PIN numbers were \nalso compromised to some extent.\n    Mr. MITCHELL. They were. So I didn't get a PIN number.\n    I can only begin to describe to you the entertainment of \ntrying to file my taxes, as well as I don't know how many other \nmillion of Americans, when in fact they don't have PIN numbers \nthat will work either and they can't file electronically or any \nother way with their Social Security number.\n    The reason I raise it is the point that Mr. Schweikert \nraised, which is, if, in fact, rather than independent agencies \ncreating their own identifiers, a PIN number, all of the \nacronyms--I don't know if anybody is watching this or will \nwatch this tape, but most Americans, their eyes will glaze over \nwith acronyms--the private sector has a variety of approaches \nto creating an identifier, a token system. I'm shocked, at this \npoint, there hasn't been substantial conversations as to why we \ndon't set a centralized process so someone can trigger that and \ncreate a token for not only benefits but when they pay their \ntaxes. Why is that not a more active effort at this point in \ntime rather than individual efforts?\n    Mr. WILSHUSEN. I think that's definitely a possibility. But \nI think you also touch upon the fact that these numbers, \nregardless of their provenance, if you will, need to be \nadequately protected by agencies in their information systems. \nAnd we have found traditionally that the security controls over \nagency systems need to be improved.\n    Mr. MITCHELL. Oh, I wouldn't disagree with you one bit.\n    You've got two issues. One is the user using their number \nand the agency securing it. And those are two separate dilemmas \nin the problem. But we seem to be making one harder by issuing \nall kinds of different identifiers, which in the case of the \nIRS, that was compromised as well.\n    So what's to prevent being compromised, this additional \neffort we've made and all the money we've put into it, rather \nthan have an encrypted token-based system that allows you to do \nthat? And that technology has existed in the private sector for \na fair amount of time. So I would encourage the agencies to \nbegin actively, and we should talk about it further, Mr. Chair, \nabout how it is we actually encourage doing something that is \nintegrated that secures it to a token system that's encrypted. \nAt least protects that end, the user end.\n    If I can real quick, Mr. Oswalt, before my time runs out, I \nwas looking through your testimony and listening to you--I \nreturned a little late from the floor to hear everyone, and I \napologize. There's some notations here that I guess troubled me \na bit. VA is currently evaluating the elimination of Social \nSecurity numbers from correspondence.\n    I'm trying to find a polite way to word my response on \nthat. It's nice that they're evaluating that. How long does it \ntake VA to evaluate that?\n    Mr. OSWALT. Sir, since we began the SSN reduction effort, I \nmean, a number of correspondence and forms generally have been \nscrubbed. If there's a compelling business need for it, we \nwould--it would remain. We have an SSN number review board that \nreviews things from a departmentwide standpoint. I can't attest \nright now--I can submit it for the record--what forms and \nletters, correspondence still has that. But as I said in my \noral testimony----\n    Mr. MITCHELL. I've only got a couple minutes. Let me ask \nfor the record that you do submit the number of forms, \ncorrespondence, and what their purpose is and what their \njustification is for the record.\n    Because I don't understand why it is on correspondence we \nare sending out, that we still put the Social Security number \non there. And in fact, if we are putting the Social Security \nnumber, are we putting the whole Social Security number? My \ngoodness gracious, guys.\n    Question number two for you, you made a comment about the \nSocial Security numbers still being on their wristbands. Now, \nmy guess is everybody in the room has been in the hospital for \none purpose or another or been to a lab, and you get a \nwristband. I haven't seen a Social Security number on a \nwristband in a medical institution in close to a decade, maybe \n7 years. Why in the world would you still put it on when \nthey're hospitalized?\n    Mr. OSWALT. There is a barcoded SSN that allows the \nclinician to talk to a machine to the barcode. So that's used \nas a form of patient identification and verification. As I \nthink I mentioned in my oral testimony, there's a pilot at a \nnumber of VA sites underway where we're using the last four. \nEventually, we'll move away from the full human-readable SSN, \nand the integration control number, the ICN, will replace that.\n    Mr. MITCHELL. Thank you, Mr. Chair. I yield back.\n    Thank you, sir.\n    Mr. RICE. Thank you, Mr. Mitchell.\n    Mr. Pascrell.\n    Mr. PASCRELL. Thank you, Mr. Chairman. Thank you for having \nthis hearing.\n    Ms. Jackson, I sat on the Ways and Means Health \nSubcommittee. We had extensive conversations with the Social \nSecurity agency about the process for removing Social Security \nnumbers from Medicare cards. Hearing again about this process \nis enough to make your head spin. At the time we had this \ndialogue, it was quite clear that Social Security, quote-\nunquote, ``did not have the funding to do this.'' That's what \nyou said to us.\n    Now, can you explain how what seems like a pretty simple \ntask of removing of Social Security numbers from Medicare cards \ncan be such a challenge that CMS'--to the system that you use \nin terms of information technology? Tell me what's going on.\n    Ms. JACKSON. Thank you very much for the opportunity to \nspeak to that.\n    We have, at CMS, been looking into the removal of the \nSocial Security number from the Medicare card for a number of \nyears. But it was not until Congress gave us the resources to \nbe able to implement the system changes both in our internal \nsystems and also in the data exchanges and the updates that we \nmust do with the Social Security Administration, with the \nRailroad Retirement Board, who also use a HICN-based \nidentification card, updating information in our internal \nsystems as well as informing providers, healthcare providers, \nand Medicare beneficiaries about their need to use a new card \nwhen they both provide care on the healthcare provider side and \nfor billing purposes and also when a beneficiary goes to \nreceive care from their doctor or from their hospital.\n    To move forward with implementation of the Medicare \nbeneficiary identifier, we have made system changes over the \npast couple of years. We hit a major milestone this past \nweekend in assigning new Medicare beneficiary identifiers to \nall Medicare beneficiaries, which now will allow us to begin \nthe testing process with all of our systems and our data \nexchange partners to then be able to mail the card and begin \nthe transition period.\n    We expect to have this completely implemented by April of \n2019, with the beginning of mailing of cards in April of 2018.\n    The transition period for us is very important so that all \nstakeholders are able to receive the new MBI, submit bills and \nclaims using the new MBI, and to assure that healthcare is \nstill available and provided to Medicare beneficiaries.\n    Mr. PASCRELL. The new identifiers will be the same number \nas the past?\n    Ms. JACKSON. No. The new identifier, it's an 11-digit code. \nBut it is an alphanumeric code that is randomly assigned--was \nrandomly assigned when we did the enumeration over the weekend, \nand does not look anything like the current health insurance \nclaim number.\n    Mr. PASCRELL. So we've done it with some resources, and you \nproved it could be done, and the system will be complete in \n2019?\n    Ms. JACKSON. That's correct.\n    Mr. PASCRELL. Am I correct in saying that?\n    Ms. JACKSON. Yes.\n    Mr. PASCRELL. That's pretty big. And you're standing by \nthat?\n    Ms. JACKSON. I am standing by that.\n    Mr. PASCRELL. Good.\n    Ms. JACKSON. We actually will be ready to receive the MBI \non claim submissions by April of 2018.\n    Mr. PASCRELL. Thank you.\n    Mr. DeVries, in your testimony--where are you? Oh, there \nyou are. Am I pronouncing that correctly, sir?\n    Mr. DEVRIES. Yes, sir.\n    Mr. PASCRELL. You stated that it was difficult to \ncompletely eliminate the Federal use of Social Security numbers \nwithout a governmentwide, coordinated effort and dedicated--you \nsaid--dedicated funding. That's what you said, right?\n    Mr. DEVRIES. Yes, sir.\n    Mr. PASCRELL. Okay. Can you explain how OPM would use \nadditional funding to try to achieve the goal of limiting the \nFederal Government's use of Social Security numbers?\n    Mr. DEVRIES. In the case of OPM, where we exchange the \nimportant data between a Federal retiree with the Social \nSecurity and the IRS for tax purposes there, that underlying \nthing would still be coded and still be exchanging through the \nSocial Security number. But, again, the communication that goes \nout to the Federal retiree benefit is a different number. We do \nin fact do that today for the retirement services, where you \nget a different control number when you become a Federal \nretiree. And that's how all action is tracked back to you.\n    In terms of the money to change the systems, it is--we're \noperating systems today, and, just as CMS probably experienced, \nyou need an infusion of money to do coding and other changes \nand testing, as you prepare this parallel highway, if you will, \nof how we're doing it there.\n    Mr. PASCRELL. Thank you.\n    Mr. Chairman, may I just add this into the record? I heard \nfrom one of our members--and I need to correct the record--said \nthat the President's budget does not cut Social Security \nbenefits. But it does. In the budget, it cuts Social Security \ndisability by up to $64 billion. I think the record needs to be \ncorrected. And maybe the Congressman who said it needs to be \ncorrected.\n    Mr. RICE. Thank you, sir.\n    Mr. Hurd.\n    Mr. PASCRELL. You're welcome. Thank you.\n    Mr. HURD. Thank you, Chairman.\n    Mr. Oswalt, I was confused by an earlier exchange. Do we \nknow how many documents within the VA have the Social Security \nnumber printed on it?\n    Mr. OSWALT. We know what we know right now. It's an \nongoing, expanding effort. There is a Social Security number \nreduction tool.\n    Mr. HURD. I get that. So, correct me if I'm wrong, there's \na bunch of forms that the VA sends out. We should know how many \nthose are. One of the data elements on that form is Social \nSecurity. Why does it take years to go through each form and \ndelete that data element or not show it on the underlying form?\n    Mr. OSWALT. Sir, I would have to submit for the record the \nhistory of why it's taken so long. But there are a number of \ninstances where it's in the----\n    Mr. HURD. Ms. Jackson, how many forms does your \norganization have that print the Social Security number on it?\n    Ms. JACKSON. With the implementation of the Medicare \nBeneficiary Identifier, we won't have any forms that will issue \nthe Social Security number. Over the past couple of years, we--\n--\n    Mr. HURD. So you're saying 2019 is when we're going to be \nsuccessful in achieving that. Again, we currently, right now, \nthere is X number of forms that produce, when they're printed \nout, on that form, it includes the Social Security number, \ncorrect?\n    Ms. JACKSON. No, sir. I'm sorry. I should have been \nclearer. Our correspondence with Medicare beneficiaries, we \nhave truncated the Social Security number on all of that \ncorrespondence, with the exception of one document, which is \nour Medicare premium billing form. That still does include the \nhealth insurance claim number. I'm sorry. I can't remember if \nit is truncated. That will be the document that will be \nreplaced with the MBI when we implement.\n    Mr. HURD. Great.\n    Ms. LaCanfora, how many forms does your organization \nproduce that has the full Social Security number on it?\n    Ms. LACANFORA. Currently, we send out about 233 million \nnotices or forms of correspondence each year that still have \nthe Social Security number.\n    Mr. HURD. Is it that many unique, or is it five different \nkinds of correspondence?\n    Ms. LACANFORA. There's over a thousand separate types of \nnotices.\n    Mr. HURD. So we have a thousand documents, and one of those \nelements, when it gets printed out, is Social Security number. \nWhy can you not just delete that when you run a batch?\n    Ms. LACANFORA. So we have deleted the number or removed the \nnumber and replaced it with a beneficiary notice code on over a \nhundred million notices and we have another 42 million that \nwe're doing in fiscal year 2018. The challenge that we have is \ntwofold. One is that there are 60 separate disparate systems \nthat produce those 1,000-plus notices. So the resources needed \nto make the changes are significant.\n    Beyond that, the other significant issue or challenge that \nwe have is that the Social Security number was created to do \nbusiness with our agency. And so, when we mail out a notice to \nsomeone and they, for example, are being told that they have an \noverpayment, they might pick up the phone and call us. And we \nhave got to be able to quickly identify who they are and what \ntheir issues are.\n    Mr. HURD. Mr. DeVries, Estonia has done this. Estonia has \nmoved to a system where it is a tokenization. Now, they're 1.3 \nmillion people, so the size of my hometown of San Antonio. A \nlittle bit different. But they've achieved the ability to have \nthis interoperable number across all of their government \nagencies. We've talked about tokenization here. In your role \nwith OPM, what do you need--ultimately, it's a shared service. \nAnd how do we implement a shared service at OPM when it comes \nto an identifier across all the Federal Government?\n    Mr. DEVRIES. Chairman Hurd, that's a great question. I'm \nnot sure the exact answer, because what you're talking about is \nthrough the token and the bitchain type technology and so \nforth. That's the one I think that we need to work with \nindustry closer on and bring that to the Federal Government \nside of the house, because it's not the same thing as it is on \nthe industry side of the house. I'm desperately trying to reach \nout there for it. We're still stymied by how do you bring that \ntechnology in and infuse it into--it's really our application \nsystems. It's not our hardware systems. It's the applications \nthat are writing it and changing that.\n    Mr. HURD. Mr. Wilshusen, in the last 30 minutes of my time, \nyou reference legacy IT being a barrier. What do we need to do \nin order to prevent that from being a barrier?\n    Mr. WILSHUSEN. Well, that's one of the problems in terms of \nwith legacy systems. Often they may not be able to handle newer \nnumbers. And so, in order to be able to do that, it requires \nsignificant system change or modification.\n    Mr. HURD. I yield back, Chairman.\n    Mr. RICE. Thank you, sir.\n    Mr. Lynch.\n    Mr. LYNCH. Thank you, Mr. Chairman.\n    I thank the witnesses for your help with the committee's \nwork.\n    Mr. DeVries, back in 2015, I think it was July, OPM \ndisclosed that its information technology systems had \nexperienced a massive data breach, compromising the Social \nSecurity numbers, names, addresses, background information, \nbirth dates, and the background investigation records for about \n22 million people who had applied for sensitive positions with \nthe FBI, CIA, NSA. And we had a hearing subsequent to that \nbreach. And I actually asked your predecessor, Ms. Archuleta, I \nasked her if she was even taking the most rudimentary steps to \nprotect Social Security numbers; are we even encrypting them \nwithin the system at OPM? And I was very sad to hear her \ntestify that, no, at that time, in 2015, we were not \nencrypting. And I urged them to do that.\n    Then, a year later, we had a followup hearing with Ms. \nCobert. I think she had some operational responsibility there. \nI asked her the same question a year later if that job was \ncomplete. She testified that, no, it was not complete.\n    And so we come full cycle here, and you're here. And I got \nto ask you: Now, Ms. Cobert said our system did not allow \nencryption of Social Security numbers. And I just want you to \ntell me something good. Tell me that we've encrypted these \nSocial Security numbers. You know, it would be laughable if it \nwasn't so serious.\n    Mr. DEVRIES. It is serious.\n    Mr. LYNCH. I read an article last Sunday in The New York \nTimes where a bunch of our sources in China are being killed \noff, either killed or imprisoned, U.S. sources, foreign \nintelligence sources. And, you know, I gotta think that--well, \nthat hack was attributed to the Chinese Government. The hack \nactually came after--at least we found out about it after many \nof these people were executed in China for cooperating with the \nUnited States Government. They were shot as spies or imprisoned \nas spies. But you see, especially with sensitive information \nlike this for secure positions, we're really exposing our \npersonnel, our intelligence officers, and anyone who cooperates \nwith them to grave, mortal threat. And so we've really got to \nstep up our game here.\n    So let me go back to my question. Are we encrypting these \nSocial Security numbers?\n    Mr. DEVRIES. Representative Lynch, yes, we are. Regarding \nthe background investigations records incident, I have all the \ndatabases that contained the Social Security numbers and other \nPIs encrypted, with the exception of one database that resides \nin the mainframe, which is now sitting behind other security \ncontrols and detection systems. And that is scheduled for \ncompletion, which is a little bit more of a challenge because \nit's on the mainframe, to be completed this calendar year.\n    Mr. LYNCH. Okay. So we had this hack about 10 days ago, \nthis ransomware attack. It was basically not stealing our \ninformation, but preventing people from utilizing that. Most of \nthe impact was overseas. They tell me that that was because \nmany of the--much of that software was bootlegged software, \nthat Microsoft Windows--well, they bought it bootleg so that \nthe fixes and all that were not available for those people. But \nare we--do you feel that we have major vulnerability from that \ntype of hack as far as our user population goes?\n    Mr. DEVRIES. Sir, I would say yes. And I think that's the \nlowest common denominator that we all got to take steps to keep \non educating, both the families at home as well as the \nworkforce itself. Within OPM, there was no choice. Their \nsystems are patched. That's a call that the Director supports, \nand I make it as the CIO, and I think that is the right \napproach to take, just as you would in any kind of corporation \nthere.\n    Mr. LYNCH. All right.\n    Mr. Chairman, thank you for your courtesy. I yield back the \nbalance of my time.\n    Mr. RICE. Thank you, sir.\n    Ms. Sanchez.\n    Ms. SANCHEZ. Thank you, Mr. Chairman.\n    And I want to thank the witnesses for being here with us \ntoday to talk about this important issue.\n    Identity theft affects over 12 million Americans per year, \nand it costs the victims just over $350 on average. That's on \naverage. You hear cases of it taking people years and a lot \nmore money to sort of get it straightened out. And I've been \none of those people that have, unfortunately, been a victim of \nidentity theft.\n    Social Security numbers and other personal information, \nlike dates of birth, are--that information is very coveted by \nhackers who steal that personally identifiable information from \nbreaches of the Office of Personnel Management, from health \ninsurance companies, the United States Postal Service, and even \nretailers like Target. And while I'm encouraged with the Office \nof Management and Budget's initiative when they issued the 2007 \nmemo calling for agencies to reduce collected and retained \ninformation and to strengthen the security of sensitive \ninformation, these recent hacks show that OPM and other \nagencies are still fundamentally very ill-prepared, and many \nAmericans' sensitive information is still very vulnerable to \nattack.\n    That's why, you know, reducing the superfluous collection \nand retention of Social Security numbers is so important. It's \ntroubling to see that, after 10 years, Government \nAccountability Office reports show that only 2 of 24 agencies \nexamined met the requirements for a complete plan to reduce \nunnecessary usage of Social Security numbers. And it's even \nmore troubling that the Office of Management and Budget has \nprovided very little guidance to agencies to help with the \ntransition. In addition, to exacerbate matters, the President's \nbudget proposal guts agency personnel and operating budgets, \nfurther limiting their capacity to protect information and to \nimprove their systems.\n    Whether it's a lack of funding or a lack of guidance, 10 \nyears after the issuance of the memo, we should be in a better \nposition to safeguard Americans' personal information.\n    And I know--I recognize that there are clear barriers that \nagencies face in reducing the collection of Social Security \nnumbers. For example, in many cases, States mandate the \ncollection of that information. I just wanted to note, before I \ndelve into questions, that I think it's interesting that today \nwe're discussing the progress of agencies to reduce the \ncollection of Social Security numbers when tomorrow this same \ncommittee will be marking up a bill to add a new requirement on \nan agency to collect and verify Social Security numbers. So, on \nthe one hand, we are saying, ``Don't collect them and don't \ncollect them superfluously,'' and then, on the other hand, we \nare going to be mandating the collection of that information. \nAnd I think it's both ironic and hypocritical of us on this \ndais to be doing both things.\n    But aside from that comment, Mr. DeVries, in the GAO's \nreport, it mentions that OPM proposed using an alternate \nFederal employee identifier but withdrew that regulation \nbecause the identifier wasn't available. What are the barriers \nto creating a new identifier for Federal employees or for \nagencies to use in their administration of benefits?\n    Mr. DEVRIES. Representative Sanchez, thank you for that \nquestion. Again, I think the complexity or the barriers to \novercome here is the size and complexity of the government. \nJust as the witnesses here at the table represent a few of the \nagencies, every agency really has a collection thing that kind \nof ties back to an individual and the benefits that get tied to \nit, whether it be their pay, their benefits, medical and so \nforth. How do you then create that architecture--and again, \ngoing back to what Chairman Hurd talked about, you would have \nto have that architecture in hand as you begin to even talk \nabout the token to use or the other bitchain type stuff. How do \nyou then promulgate that down? My colleague to my left here \ntalked about how they rolled out the whole Medicare new number \nthere. It is not done overnight. It's a process. It's based \nupon the architecture there.\n    Ms. SANCHEZ. And cuts in funding, how does that affect the \nability to protect sensitive information effectively?\n    Mr. DEVRIES. So, in every agency, there is probably just \nenough dollars to make that go. When I am going to try and do \nsomething else, I have got to have that infusion to create \nsomething that goes alongside what I am currently operating and \nbring in something new. And I must turn off what I just got rid \nof.\n    Ms. SANCHEZ. Would you say that right now you are operating \nwith the very best equipment that money can buy?\n    Mr. DEVRIES. No, ma'am.\n    Ms. SANCHEZ. Would you say that the equipment that you have \nto work with, on a scale of 1 to 10 in terms of modern and \nefficient, where would it lie on that scale?\n    Mr. DEVRIES. Ma'am, I would say, from an overall \narchitecture and operating perspective, I would say it would be \nabout a 0.3 or a 0.4.\n    Ms. SANCHEZ. So further budget cuts not necessarily helpful \nto rectifying that?\n    Mr. DEVRIES. No.\n    Ms. SANCHEZ. Thank you. No more questions.\n    Mr. RICE. Thank you, Ms. Sanchez.\n    The Federal Government needs to ensure it is doing all it \ncan to protect Americans' identities and that Social Security \nnumbers are not being used unnecessarily. While progress has \nbeen made, based on what we have heard today, there is still a \nlong way to go.\n    Thank you to our witnesses for their testimony.\n    Thank you also to our members for being here.\n    With that, the subcommittee stands adjourned.\n    [Whereupon, at 3:35 p.m., the subcommittees were \nadjourned.]\n    [Questions for the Record follow:]\n    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n\n                                 [all]\n</pre></body></html>\n"