[House Hearing, 115 Congress]
[From the U.S. Government Publishing Office]



 
                    SECURING AMERICANS' IDENTITIES:

                THE FUTURE OF THE SOCIAL SECURITY NUMBER

=======================================================================

                                HEARING

                               before the

                    SUBCOMMITTEE ON SOCIAL SECURITY

                                 of the

                      COMMITTEE ON WAYS AND MEANS
                     U.S. HOUSE OF REPRESENTATIVES

                     ONE HUNDRED FIFTEENTH CONGRESS

                             SECOND SESSION

                               __________

                              MAY 17, 2018

                               __________

                          Serial No. 115-SS09

                               __________

         Printed for the use of the Committee on Ways and Means
         
         
         
         
         
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]         




               U.S. GOVERNMENT PUBLISHING OFFICE
                   
33-871                   WASHINGTON : 2019       




                      COMMITTEE ON WAYS AND MEANS

                      KEVIN BRADY, Texas, Chairman

SAM JOHNSON, Texas                   RICHARD E. NEAL, Massachusetts
DEVIN NUNES, California              SANDER M. LEVIN, Michigan
DAVID G. REICHERT, Washington        JOHN LEWIS, Georgia
PETER J. ROSKAM, Illinois            LLOYD DOGGETT, Texas
VERN BUCHANAN, Florida               MIKE THOMPSON, California
ADRIAN SMITH, Nebraska               JOHN B. LARSON, Connecticut
LYNN JENKINS, Kansas                 EARL BLUMENAUER, Oregon
ERIK PAULSEN, Minnesota              RON KIND, Wisconsin
KENNY MARCHANT, Texas                BILL PASCRELL, JR., New Jersey
DIANE BLACK, Tennessee               JOSEPH CROWLEY, New York
TOM REED, New York                   DANNY DAVIS, Illinois
MIKE KELLY, Pennsylvania             LINDA SANCHEZ, California
JIM RENACCI, Ohio                    BRIAN HIGGINS, New York
KRISTI NOEM, South Dakota            TERRI SEWELL, Alabama
GEORGE HOLDING, North Carolina       SUZAN DELBENE, Washington
JASON SMITH, Missouri                JUDY CHU, California
TOM RICE, South Carolina
DAVID SCHWEIKERT, Arizona
JACKIE WALORSKI, Indiana
CARLOS CURBELO, Florida
MIKE BISHOP, Michigan
DARIN LAHOOD, Illinois
BRAD R. WENSTRUP, Ohio

                     Gary J. Andres, Staff Director

                 Brandon Casey, Minority Chief Counsel

                                 ______

                    SUBCOMMITTEE ON SOCIAL SECURITY

                      SAM JOHNSON, Texas, Chairman

MIKE BISHOP, Michigan                JOHN B. LARSON, Connecticut
VERN BUCHANAN, Florida               BILL PASCRELL, JR., New Jersey
MIKE KELLY, Pennsylvania             JOSEPH CROWLEY, New York
TOM RICE, South Carolina             LINDA SANCHEZ, California
DAVID SCHWEIKERT, Arizona
DARIN LAHOOD, Illinois


                            C O N T E N T S

                               __________

                                                                   Page

Advisory of May 17, 2018 announcing the hearing..................     2

                               WITNESSES

Nancy Berryhill, Acting Commissioner, Social Security 
  Administration.................................................     6
Elizabeth Curda, Director, Education, Workforce, and Income 
  Security, Government Accountability Office.....................    16
Samuel Lester, Consumer Privacy Counsel, Electronic Privacy 
  Information Center.............................................    39
Paul Rosenzweig, Senior Fellow, R Street Institute...............    51
Steve Grobman, Senior Vice President and Chief Technology 
  Officer, McAfee, LLC...........................................    61
Jeremy A. Grant, Coordinator, Better Identity Coalition..........    72
James Lewis, Senior Vice President, Technology Policy Program, 
  Center for Strategic and International Studies.................    85

                    MEMBER QUESTIONS FOR THE RECORD

Rep. Sam Johnson to Elizabeth Curda..............................   108
Elizabeth Curda Response.........................................   109
Rep. Sam Johnson to Jeremy A. Grant..............................   111
Jeremy A. Grant Response.........................................   112
Rep. Sam Johnson to Steve Grobman................................   122
Steve Grobman Response...........................................   123
Rep. Sam Johnson to Paul Rosenzweig..............................   126
Paul Rosenzweig Response.........................................   127

                   PUBLIC SUBMISSIONS FOR THE RECORD

NAPBS, statement.................................................   128


                    SECURING AMERICANS' IDENTITIES:



                THE FUTURE OF THE SOCIAL SECURITY NUMBER

                              ----------                              


                         THURSDAY, MAY 17, 2018

             U.S. House of Representatives,
                       Committee on Ways and Means,
                           Subcommittee on Social Security,
                                                    Washington, DC.
    The Subcommittee met, pursuant to notice, at 10:08 a.m., in 
Room 1100, Longworth House Office Building, the Honorable Sam 
Johnson [Chairman of the Subcommittee] presiding.
    [The advisory announcing the hearing follows:]
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]    
       
                               
    Chairman JOHNSON. Good morning and welcome to today's 
hearing on the future of the Social Security number.
    The Social Security card and the Social Security number 
were created in 1936, believe it or not, so the Social Security 
Administration could track earnings and correctly determine 
benefits. Today's use of Social Security numbers for 
everything--you need one. So when you get a job, buy a house, 
or open a new credit card (sic).
    Given all the ways we use it, it is no wonder Social 
Security numbers are a valuable target for identity thieves. 
For years, I have been dedicated to doing all I can to protect 
America--Americans from identity theft by protecting the 
privacy of Social Security numbers. Military IDs no longer use 
Social Security numbers, and Medicare is now sending new cards 
without numbers, Social Security numbers, to seniors across the 
country. And last year Congress made all federal agencies stop 
mailing documents that contain Social Security numbers unless 
it is absolutely necessary.
    For a long time keeping Social Security numbers secret 
meant keeping them safe. But after so many high-profile data 
breaches like Equifax, OPM, and Anthem, where hundreds of 
millions of Social Security numbers were stolen, it is clear 
they aren't a secret anymore. And it is time we stop pretending 
that they are.
    Make no mistake, it is still important to limit the 
unnecessary use of Social Security numbers. But if we want to 
keep pace with identity thieves, we need to think beyond just 
keeping them.
    As we will hear today, what makes these numbers so valuable 
to identity thieves is how we use them. Using Social Security 
numbers both to identify someone and to prove their identity 
doesn't make sense. But we have been doing it forever. We need 
to break the link between identification and authentication.
    We will also hear from Social Security about what it takes 
get a new Social Security number when it has been stolen and 
why it is often harder to do than it should be. I recently 
learned of a case in Arizona where the mother of a child whose 
Social Security number had been stolen was told she needed to 
change her daughter's name and last name--first, middle, and 
last name--before her daughter could get a new Social Security 
number. Can you believe that? That is wrong.
    But what is worse is that having to change your name isn't 
Social Security's policy. It was an extra hoop to jump through 
made up by a field office employee. While I am happy the little 
girl eventually got a new number without having to change her 
name, getting a new number shouldn't be so difficult. It 
shouldn't take a local news story or a call from a 
congressional office for Social Security to do right by those 
looking for help.
    Identity theft is on the rise, and we must take a hard look 
at the future of Social Security numbers, both how it is used, 
and if Social Security needs to do things differently. We have 
a responsibility to do all we can to better protect Americans 
from identity theft.
    I want to thank our witnesses for being here today and I 
look forward to hearing your testimony, all of you.
    And I will now recognize Mr. Larson for his opening 
statement.
    Mr. LARSON. Well, thank you, Mr. Chairman, and let me echo 
your sentiments and also acknowledge that you have been a 
leader in the United States Congress, both in protecting the 
integrity of the Social Security program from fraud and abuse, 
and certainly, in this case, of identity theft which threatens 
the entire system.
    As you indicated, Mr. Chairman, the recent data breach at 
Equifax has left more than 145 million people wondering whether 
they will have their identity stolen or credit damaged. Their 
ability to get a mortgage, a small-business loan, or even a job 
is at the whim of criminals, who have stolen information to 
wreak havoc on their financial security.
    It doesn't matter if you are in Plano, Texas or you are in 
East Hartford, Connecticut, or whether you are 6 weeks old or 
96 years old. Cyber criminals don't care. Their only interest 
is in profiting from your identity in a way that makes them as 
much money as possible. Unfortunately, Equifax is just one in a 
long list of data breaches where personal information about 
hard-working men and women has been compromised, including 
Social Security numbers, which is the subject of today's 
hearing.
    The problem of identity theft is well known and it affects 
our entire economy. We need to come together in a bipartisan 
way to strengthen privacy protections and safeguard financial 
security. And I thank you, Mr. Chairman, for your continued 
efforts in reaching out along those lines, as well.
    What is clear, that all users of Social Security numbers, 
both government and business, need to change their ways. The 
widespread use of Social Security numbers as a way to both 
identify and authenticate individuals poses an ongoing risk of 
identity theft. This practice assumes that only I have access 
to my Social Security Number.
    But given the extensive data breaches, this is no longer a 
safe assumption, as I believe our witnesses will all agree. 
There is a role here both for government and for industry.
    Unfortunately, there are steep headwinds in this fight. The 
pace of innovation in the technologies used by cyber criminals 
present a very difficult and foreboding challenge. At the same 
time, we must be sure that the solutions to better protect 
personal information are accessible to all Americans, even 
those of us who are less adept at the new technologies.
    Finally, we must keep Americans' privacy concerns in mind 
about how data is collected about individuals, how it is used, 
and who controls it. Just as we must come together to protect 
Americans' personal identity information, we should also come 
together to protect the future of Social Security itself.
    I know my dear friend and colleague shares my concern in 
this. I think we need to have a hearing on the future of Social 
Security itself. We have proposed bills and legislation. It is 
time that we expand the most successful program in the Nation's 
history, knowing that as we go forward it is important to 
protect it at its very heart to secure it from fraud and abuse, 
but also to understand that this is an insurance program that 
needs to be made actuarially sound, that was last touched in 
1983, when Ronald Reagan was President and Tip O'Neill was 
Speaker of the House.
    It is an actuarial problem that can and should be addressed 
to not only protect the future of Americans, but also, as 
disparity grows in this great country of ours, the one thing 
that every single person in this Nation can count on is that 
Social Security has never missed a payment. We have an 
obligation on this Committee, and as Members of Congress, to 
make sure that the integrity of the program and also its 
viability goes beyond the 75-year requirement that we are sworn 
to serve.
    And with that, Mr. Chairman, I yield back and look forward 
to the questions and what we are--look forward to asking 
questions, and look forward to hearing from our distinguished 
panel.
    Chairman JOHNSON. Well, thank you for your comments. As is 
customary, any Member is welcome to submit a statement for the 
record.
    And before we move on to testimony, I want to remind our 
witnesses to please limit your oral statements to five minutes. 
However, without objection, all of the written testimony will 
be made a part of the hearing record.
    We have seven witnesses today. Seated at the table are 
Nancy Berryhill, acting commissioner of Social Security 
Administration; Elizabeth Curda, director, education, 
workforce, and income security for Government Accountability 
Office; Samuel Lester, consumer privacy counsel, Electronic 
Privacy Information Center; Paul Rosenzweig--and that is not 
right--Paul----
    Mr. ROSENZWEIG. It is Rosenzweig, sir, but----
    Mr. JOHNSON. Rosenzweig?
    Mr. ROSENZWEIG. Yes, sir.
    Mr. JOHNSON. Thank you. Senior fellow, R Street 
Institution. Steve Grobman, senior vice president and chief 
technology officer, McAfee; Jeremy Grant, coordinator, Better 
Identity Coalition; James Lewis, senior vice president, 
technology policy program, Center for Strategic and 
International Studies.
    Acting Commissioner Berryhill, please begin your testimony.

   STATEMENT OF NANCY BERRYHILL, ACTING COMMISSIONER, SOCIAL 
                    SECURITY ADMINISTRATION

    Ms. BERRYHILL. Chairman Johnson, Ranking Member Larson, and 
Members of the Subcommittee, thank you for inviting me to 
discuss identity theft and the future of the Social Security 
number. I am Nancy Berryhill, Social Security's acting 
commissioner.
    The scope of our programs is enormous. We pay monthly 
benefits to over 62 million Social Security beneficiaries and 8 
million supplemental security income recipients. During fiscal 
year 2017 we paid about $934 billion to Social Security 
beneficiaries, and $55 billion to SSI recipients. In addition, 
we posted 279 million earning items to workers' records last 
year.
    The SSN underpins the programs we administer. We designated 
this 9-digit number in 1936 to allow employers to accurately 
report earnings and determine eligibility for benefits. To date 
we have issued around 505 million unique numbers to eligible 
individuals.
    Although we created the Social Security number for our 
programs, it has become a personal identifier used most broadly 
across government and the private sector. For example, in 1943 
the executive order required federal agencies to use the SSN. 
Advances in computer technology and data processing in the 
1960s further increased the use of the number within federal 
agencies.
    For example, in 1961 the Federal Civil Service Commission 
began using the SSN as identification number for all federal 
employees. The next year the IRS began using the number as a 
taxpayer identification number. Beginning in the 1970s, 
Congress enacted legislation requiring the number for a variety 
of federal programs. Over the decades use of the SSN grew, not 
just in Federal Government, but throughout the state and local 
government, banks, credit bureaus, hospitals, and other parts 
of the private sector.
    As use of the SSN has increased, so have the opportunities 
for misuse. We and Congress have made changes to try to protect 
the integrity of the number, including strengthening the 
security of the SSN card, and requiring additional proofs to 
issue them; establishing programs and ensure accurate and 
timely of the SSN (sic), such as enumeration at birth, program 
that assigns SSNs to newborns, and verifying SSNs for 
federally-funded programs, employment eligibility, and other 
programs.
    Unfortunately, SSN misuse and identity theft continues to 
increase. We understand the distress and economic hardship 
victims of identity theft face. We advise suspected victims on 
how to contact the Federal Trade Commission and law 
enforcement, and we refer cases of misuse to our office of 
inspector general for investigation. In certain circumstances 
we assign a new number to a victim of SSN misuse who has been 
disadvantaged due to misuse of the number.
    It is important to note that assigning a new number is 
often a last resort, because it can cause more problems than it 
solves. For example, the absence of a credit history under a 
new number makes it more difficult to obtain credit to buy a 
house or a car. Nevertheless, in recognition of devastating 
effects identity theft can have, we continue to refine our 
policies in this area. Our goal is to serve the needs of the 
victims.
    Over the years we have added flexibilities to our policies 
where needed, and we encourage front-line employees to 
coordinate with experts in our regional offices. We will 
continue to do what we can to mitigate the effects of SSN 
misuse.
    We--but we cannot alone solve the problem that over-
reliance of the SSN has caused. As long as the SSN remains key 
to assessing things of value, particularly credit, the SSN 
itself will have commercial value, and it will continue to be 
targeted by fraudsters for misuse.
    Identity theft is a broad public policy issue that must be 
addressed. I applaud the chairman and the Subcommittee for 
their efforts to protect the SSN, including mandating the 
removal of the SSN from the Medicare cards and documents mailed 
by federal agencies. These bills are an important step.
    However, addressing identity theft requires a unified 
effort that includes this Subcommittee and Congress, the 
Administration, public and private experts throughout the 
country.
    Our chief information officer, who is sitting behind me, 
Rajive Mathur, is here with me today. He and I look forward to 
hearing the ideas raised during today's hearing.
    Thank you, and I will be happy to answer any questions that 
you may have. Thank you.
    Chairman JOHNSON. I appreciate your testimony.
    [The prepared statement of Ms. Berryhill follows:]
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]    
    
    Chairman JOHNSON. Ms. Curda, welcome again. Please proceed.

 STATEMENT OF ELIZABETH CURDA, DIRECTOR, EDUCATION, WORKFORCE, 
     AND INCOME SECURITY, GOVERNMENT ACCOUNTABILITY OFFICE

    Ms. CURDA. Chairman Johnson, Ranking Member Larson, and 
Members of the Subcommittee, thank you for inviting me here to 
discuss GAO's observations on the extent to which the paper 
Social Security card is currently used, and what it costs to 
produce.
    SSA has issued about 500 million Social Security numbers 
and cards since the Social Security program began in 1935. 
Originally, the SSN was not intended to serve as a personal 
identifier outside of SSA's programs. But due to its 
universality and uniqueness, government agencies and private-
sector entities increasingly use the SSN as a convenient means 
of identifying people.
    However, as everyday transactions are increasingly 
conducted electronically, it raises questions about whether a 
paper card is still needed or desirable to communicate or 
verify a person's SSN.
    Today I will first discuss whether there are any federal 
requirements to present a Social Security card. Second, I will 
discuss common situations in which other public or private-
sector stakeholders may ask to see the card to conduct 
business. And finally, I will discuss stakeholder views about 
the potential implications of eliminating the cards, including 
potential cost savings.
    Although there are many federal requirements to provide an 
SSN, we found no statutory requirements and only two regulatory 
requirements to show a card. Both requirements were to verify 
an individual's SSN under certain narrow circumstances such as 
for uniformed service members seeking to change their SSNs.
    To identify requirements or customary uses of the cards 
outside of the Federal Government we spoke to a variety of 
associations representing human resource managers, the finance 
sector, higher education institutions, and state agencies. The 
stakeholders we spoke with described a variety of instances in 
which individuals may present a card among other acceptable 
forms of documentation in order to verify their identity or 
their SSN.
    For employment, all U.S. employers must verify and document 
a newly-hired employee's employment eligibility. Although the 
Social Security card is the most commonly used document for 
this purpose, the card is one of several acceptable documents 
that employees may present to prove they are eligible to work 
in the United States. Other examples of acceptable documents 
include a U.S. passport or permanent residence card, among 
others.
    A common reason employers may ask to see a card is to 
verify the accuracy of the employee's SSN because employers can 
be fined for submitting inaccurate W-2 forms, for example.
    The card is also commonly used to apply for a driver's 
license under the Real ID Act of 2005. The card is one of 
several options for documents that an applicant must provide to 
verify their identity.
    The card may also be used as documentation when setting up 
financial accounts or to resolve SSN discrepancies when 
processing educational loans. However, providing the card is 
not required.
    SSA and the stakeholders we interviewed also provided their 
perspectives on the implications of eliminating the card. One 
advantage of showing the card is to ensure the accuracy of the 
SSN, instead of relying on someone's memory. A disadvantage 
stakeholders cited included that the card alone is not 
sufficient to ensure the identity of the card holder, so other 
forms of identification are usually needed.
    However, most of the stakeholders we interviewed indicated 
that their processes would not change significantly if the card 
were eliminated. They would continue to collect SSNs, as 
required, but would use other documents for identification or 
verification purposes, or electronically verify the SSN with 
SSA.
    SSA officials also provided their perspective that 
eliminating the card may result in limited cost savings, if 
any. In 2016, SSA estimated that the cost to produce a card 
ranged from $6 for a replacement card requested online to $34 
for a card requested in person at a field office. These 
estimates include staff time, technology, paper, printing, 
postage, and overhead. If the card were eliminated, only some 
of these costs would be saved because of the labor and other 
costs still needed to generate new SSNs.
    A conservative estimate of the savings based on the 
printing, paper, and mailing costs accounts for only $.60 of 
the cost of the card. SSA officials stated that the agency 
spent about $8 million in fiscal year 2016 on paper, printing, 
and delivery of the cards. However, implementing a new system 
to replace the card could offset these savings.
    Other implications of a cardless electronic system, 
stakeholders cited, included security and control over personal 
information and potential barriers for people with limited 
access to technology.
    This concludes my prepared statement, and I would be happy 
to answer the Committee's questions.
    Chairman JOHNSON. Thank you. I appreciate your testimony.
    [The prepared statement of Ms. Curda follows:]
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]    
    
    Chairman JOHNSON. Mr. Lester, welcome. Please go ahead.

     STATEMENT OF SAMUEL LESTER, CONSUMER PRIVACY COUNSEL, 
             ELECTRONIC PRIVACY INFORMATION CENTER

    Mr. LESTER. Chairman Johnson, Ranking Member Larson, 
Members of the Subcommittee, thank you for the opportunity to 
testify today. My name is Sam Lester. I am the consumer privacy 
counsel at the Electronic Privacy Information Center. EPIC is 
an independent, non-profit research organization here in 
Washington, D.C. established in 1994 to focus public attention 
on emerging privacy and civil liberties issues.
    I appreciate your interest in this critical topic. I cannot 
overstate the urgency that we update our privacy laws. There is 
no other form of personal information that poses a greater 
threat to privacy than the Social Security number. The recent 
Equifax breach exposed the Social Security numbers of over half 
of the U.S. adult population.
    The SSN was never meant to be an all-purpose identifier in 
the private sector. When it was first introduced in 1936 it was 
to be used only for the administration of Social Security 
taxes. The fact that it is now so pervasive as both an 
identifier and authenticator, a user name and a password, has 
undoubtedly contributed to the alarming rise in data breaches, 
identity theft, and financial fraud.
    SSNs are the keys to the kingdom for identity thieves. A 
criminal in possession of your SSN can file fraudulent taxes in 
your name, open new accounts in your name, take out lines of 
credit, and many other forms of fraud.
    If you are about to buy a home, for instance, you could 
experience your worst nightmare when a lender pulls your credit 
and sees that your FICA score is too low to qualify for a loan 
because someone has fraudulently run up debt in your name. For 
someone who has experienced new account fraud, it can take 
years to recover, financially.
    In 2017 identity theft impacted almost 17 million 
consumers. More importantly, consumers cannot protect 
themselves from the misuse of the SSN. As others have stressed, 
the Social Security Administration will only replace your SSN 
in the most extreme circumstances.
    And furthermore, the credit reporting industry makes it 
even more difficult for consumers. A credit freeze is 
burdensome and costly, and credit monitoring and fraud alert 
services do not adequately protect consumers. The CEO of 
LifeLock had his identity stolen 13 times after he displayed 
his real Social Security number in a commercial that was 
supposed to demonstrate how effective his product was at 
preventing identity theft.
    There have been recent efforts to limit the use of the SSN, 
but much more needs to be done. For example, in 2017 Medicare 
finally announced it would remove SSNs from cards, the result 
of an effort led by Chairman Johnson and Representative Doggett 
of this Committee.
    Also, a number of states have taken steps in the right 
direction. For instance, Alaska now prohibits the use of SSNs 
by both private companies and the government without explicit 
legal authorization. This would be a good model for federal 
legislation, and also shows why federal law should not prevent 
states from enacting their own safeguards.
    To limit the devastating financial harm caused by the 
misuse of the SSN, Congress should take the following measures.
    Firstly, the SSN should be prohibited in the private sector 
without explicit legal authorization, and companies should be 
prohibited from compelling consumers to disclose their SSN as a 
condition of sale or service unless authorized by law.
    Secondly, Congress should promote the development of 
context-specific identifiers. For example, if you are going to 
do banking, you have a bank account number. If you are 
obtaining a driver's license, you have a driver's license 
number. The advantage of these context-specific identifiers is 
that if one number gets compromised, an identity thief does not 
have access to all your accounts.
    Finally, Congress must not replace the SSN with a national 
biometric identifier. This would be a very bad idea. This 
approach would pose serious privacy and security risks. In the 
massive breach of the Office of Personnel Management in 2015, 
foreign hackers targeted digitized fingerprints stored in 
federal databases. These risks would only be compounded if the 
U.S. were to move towards a national biometric identifier.
    Thank you for the opportunity to testify today, and I will 
be happy to answer your questions.
    Chairman JOHNSON. Thank you, sir. I appreciate your 
testimony, as well.
    [The prepared statement of Mr. Johnson follows:]
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]    
    
    Chairman JOHNSON. Mr. Rosenzweig.
    Mr. ROSENZWEIG. Thank you very much.
    Chairman JOHNSON. Is that the right pronunciation?
    Mr. ROSENZWEIG. Rosenzweig, but----
    Chairman JOHNSON. Weig, okay.
    Mr. ROSENZWEIG. Thank you very much.
    Chairman JOHNSON. Pardon me. Well, please proceed.

STATEMENT OF PAUL ROSENZWEIG, SENIOR FELLOW, R STREET INSTITUTE

    Mr. ROSENZWEIG. Thank you very much, Chairman Johnson, 
Ranking Member Larson, Members of the Subcommittee. I too am 
pleased to be able to speak with you today about the future of 
the Social Security number.
    The Social Security number has a long history of utility as 
an identifier. I don't think that is the problem. The use of it 
as an identifier is no different than the use of my phone 
number as an identifier or the use of my name as an identifier. 
The problem is that the Social Security number has mutated in 
its use, so it is now also an authenticator of my identity.
    Authenticators are classically only useful if they involve 
something that you know exclusively, something you have, or 
something you are, and they are kept confidential. Today Social 
Security numbers are so deeply compromised and so widely 
available in public--albeit often through criminal means--that 
they can no longer be used as an authenticator. This is because 
recent incidents like the Equifax breach that we have already 
spoken of, and whose anniversary occurs this week, have 
effectively disclosed the vast majority of previously 
confidential Social Security numbers. My own Social Security 
number, to my knowledge, has been breached at least three times 
in the past four years. So I feel this quite personally.
    As a result, in my view, any enterprise that continues to 
use a Social Security number as an authenticator is engaging in 
borderline privacy and security malpractice. Yet some do. Just 
the other day I was shocked that a bar renewal membership used 
my--the last four of my Social Security as a way of 
authenticating my identity. And this was a governmental use.
    So what should we do about that? What should we do in 
response to the problem? In my judgement, Congress has three 
logical options.
    The first is to, as Mr. Lester has just suggested, regulate 
or outlaw Social Security numbers. That is a plausible 
solution, but one that I respectfully think is not appropriate. 
That comes with all the usual disadvantages of government 
intervention: regulatory gridlock, administrative costs, 
enforcement mechanisms that are necessary, along with 
procedural safeguards, as well.
    In short, I think a regulatory response will come with a 
great deal of expense and be a relatively slow result, perhaps 
even no quicker than the next solution, which is to do nothing.
    In a lot of ways, the market is addressing this problem. 
The disutility of SSNs as an authenticator has become widely 
known and is increasingly on the decline (sic). Eventually, the 
market will take care of the problem. The problem with that 
answer, of course, is that before it does, a great number of 
Americans will suffer from data breach and identity theft. So I 
think that is a second-best solution.
    The best solution, in my judgement--and one of the joys of 
being in a think tank is your ability to think creatively about 
problems and think outside the box--is to eliminate the utility 
of the Social Security number as an authenticator. Make it 
impossible, in practice, for anyone to continue to use it in 
this way.
    One simple and quite elegant solution that I offer both as 
a thought experiment and also as a possible practical solution 
is to simply publish a phone book with every citizen's Social 
Security number in it. In other words, by publishing it 
publicly, we would make it impossible for any enterprise to 
continue to legitimately use it as an authenticator of 
identity. To continue to do so after that and after a suitable 
transition time would, in my judgement, be per se negligence of 
the sort that ought to involve liability for the enterprise.
    One final point that I would make. Congress needs to look 
to its own house. Repeatedly in law we have mandated the 
collection of Social Security numbers as identifiers, and 
sometimes continued to use them as authenticators, as my 
colleague has already testified to. At a minimum, I think it is 
incumbent upon Congress to review government's use of the 
Social Security number and its processes, if only so that by 
cleaning up our own house we can speak to the private sector 
with authority.
    I thank you for the opportunity to testify before you, and 
I look forward to the chance to answer questions.
    Chairman JOHNSON. Thank you, sir. I appreciate your 
testimony.
    [The prepared statement of Mr. Rosenzweig follows:]
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]    
    
    Chairman JOHNSON. Mr. Grobman, you are recognized.

  STATEMENT OF STEVE GROBMAN, SENIOR VICE PRESIDENT AND CHIEF 
                TECHNOLOGY OFFICER, MCAFEE, LLC

    Mr. GROBMAN. All right, good morning, Chairman Johnson, 
Ranking Member Larson, and Members of the Subcommittee. It is a 
proud honor to testify today. And Chairman Johnson, it is an 
honor to work in your district. McAfee actually has its largest 
U.S. location in Plano, Texas. So it is an honor to testify 
today.
    As McAfee's senior vice president and CTO I set our 
technical strategy to protect connected computing worldwide for 
both consumers and business architectures. I have worked in the 
field of cyber security for 2 decades, and have 24 U.S. and 
international patents in the fields of security, software, and 
computer architecture.
    McAfee is one of the world's leading independent cyber 
security companies providing solutions for both business and 
consumers.
    The nine-digit Social Security number first appeared as an 
identifier in 1936, but has since become the de facto national 
identifier and federal credential, uses for which it was never 
intended. Simply knowing a Social Security number has become 
accepted as a mechanism to impersonate an individual, and the 
Social Security number has become the premier target for cyber 
criminals.
    Social Security numbers are sold in bulk in the black 
market for as little as $1 each. And once stolen, a Social 
Security number cannot easily be reissued or replaced. Last 
year's Equifax breach resulting in 145 million U.S.-based users 
having their personal information compromised reminds us that 
the U.S. needs to modernize its national identification 
standard.
    There are three elements that need to be discussed when we 
transition to a next-generation personal identifier: identity, 
authentication, and authorization. In our current model Social 
Security numbers play a role in all three. Identity is an 
identifier that can be public. It is like an individual's 
Twitter handle; it identifies an individual, but simply knowing 
the handle doesn't enable someone to impersonate the account 
holder.
    Whereas, authentication is the process of proving that you 
are a specific identity, and generally relies on one of three 
types of factors: either something you know, like a password; 
something you have, like a smart card; or something you are, 
such as a biometric. An authorization is granting a specific 
capability or benefit to a specific entity. All three parts 
need to be in scope for a next generation system.
    We have all the technology pieces to move towards a high-
quality, high-security, well-thought-out, next-generation 
identity management system based on strong authentication. What 
is more difficult is understanding the requirements that will 
be acceptable for both government and the citizens.
    We need to ask questions such as is this a solution 
exclusively for government-related services? How can a system 
be inclusive to all citizens, regardless of wealth or access to 
advanced technologies? Does a government biometrics database 
create unacceptable privacy issues? How will recovery 
mechanisms work when technology assets are lost or stolen? What 
are the cost constraints, funding options, and timelines for 
implementing and maintaining a solution into the next 
generation, and how long does the underlying cryptography need 
to last?
    This last question is interesting, in that we are on the 
verge of quantum computing becoming a viable reality. Quantum 
computing is well suited to break the underlying cryptography 
that protects the world's data. Specifically, RSA, but public 
key algorithm which is the heart of most protection and 
identity solutions. A next-generation architecture must 
comprehend the quantum computing world we will likely face in 
the next few decades.
    We need to look at what technology options are available, 
and I have been asked whether things such as blockchain could 
be useful. I do not recommend it. While a powerful technology 
providing properties such as decentralized trust, blockchain 
also brings scalability, complexity, and its own security 
challenges. In the case of our next-generation system, we do 
have a trusted central authority: the U.S. Government. We need 
to focus on the problem that we are trying to solve, and the 
one thing that we must do is not use the current system that we 
have.
    A few quick recommendations: We need an identity management 
executive order that outlaws the use of Social Security numbers 
as authenticators; We need to push federal agencies to act as 
validators of identity and mandate all federal e-government 
services require the use of strong authentication; We need to 
let innovation flourish. NIST and the private sector can work 
together on this. And we need to move faster in implementing 
quantum-safe algorithms to protect both data protection and 
identity solutions.
    It is an honor to testify to this Subcommittee. I 
appreciate your interest in considering my recommendations, and 
look forward to answering your questions.
    Chairman JOHNSON. Thank you for coming all the way from 
Plano.
    Mr. GROBMAN. You bet.
    [The prepared statement of Mr. Grobman follows:]
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]    
    
    Chairman JOHNSON. Mr. Grant, welcome. Please go ahead.

  STATEMENT OF JEREMY A. GRANT, COORDINATOR, BETTER IDENTITY 
                           COALITION

    Mr. GRANT. Thank you. Good morning, Chairman Johnson, 
Ranking Member Larson, Members of the Committee. Thank you for 
the opportunity to discuss the future of the Social Security 
number with you today.
    I am here on behalf of the Better Identity Coalition, an 
organization launched earlier this year focused on bringing 
together leading firms from different sectors to develop a set 
of consensus, cross-sector policy recommendations that promote 
the adoption of better solutions for identification and 
authentication.
    The Coalition's founding members include recognized leaders 
from diverse sectors of the economy, including financial 
services, health care and technology, telecommunications, fin 
tech, payments, and security. Our members are united by a 
common recognition that the way we handle identity today in the 
U.S. is broken, and by a common desire to see both the public 
and private sectors each take steps to make identity work 
better.
    As background I have worked for more than 20 years at the 
intersection of identity and cyber security. In 2011 I was 
selected to lead the National Strategy for Trusted Identities 
in Cyber Space, which was a White House initiative focused on 
improving security, privacy, choice, and innovation through 
better approaches to digital identity. In that role I also led 
the identity team up at NIST.
    I left government three years ago, and now lead the 
technology business strategy practice at Venable, a law firm 
here in town with the country's leading privacy and cyber 
security practice. And in that role I serve as the coordinator 
of the Better Identity Coalition.
    Let me say I am grateful to the Committee for calling this 
hearing today. The SSN is a key component of our identity 
infrastructure, and the future of this number impacts every 
American. Up front, I would submit that many of our challenges 
here are linked to more than 80 years of contradictions in 
policy around how this number should be managed and used.
    Among the biggest contradictions, the SSN is simultaneously 
presumed to be both secret and public: secret, because we tell 
individuals to guard their SSN closely; public, because we have 
multiple laws that require individuals to give it out to 
facilitate all sorts of interactions with industry and 
government; secret, because we then tell those entities to 
ensure that, if they store it, which the law often requires 
them to do, that it be protected; and public, because that has 
proven quite hard to do, to the point that the majority of 
Americans' SSNs have been compromised multiple times over the 
last several years, amidst a wave of data breaches.
    Now, these contradictions are not the result of anything 
malicious. On the contrary, they reflect years of trying to 
balance several important roles played by the SSN and the 
Social Security Administration. What is most important now is 
that the government, one, recognizes these contradictions and, 
two, takes steps to put policies in place that are more 
consistent, and that put us on a path towards a system that 
enhances security, privacy, and convenience for Americans.
    I believe there are five areas where change is needed.
    Firstly, when talking about the future of the SSN and 
whether it needs to be replaced, it is essential, as Chairman 
Johnson noted and many members of the panel have noted, to 
understand the difference between the number's role as an 
identifier, which is a number used to sort out which Jeremy 
Grant I am among the hundreds in the U.S., and its use as an 
authenticator, which is something that can prove I am actually 
this Jeremy Grant.
    SSNs should no longer be used as authenticators. That 
means, as a country, we stop pretending this number is a 
secret, or that knowledge of an SSN can be used to prove that 
someone is who they claim to be.
    Secondly, just because SSNs should no longer be used as 
authenticators does not mean that we need to replace them with 
some sort of new SSA-issued identifier. I have yet to see any 
proposal here that does not involve spending billions of 
dollars and confusing hundreds of millions of Americans with 
very little security benefit.
    Rather than create a new identifier, our focus ought to be 
on crafting better authentication solutions that are not 
dependent on the Social Security number and are resilient 
against modern vectors of attack.
    Thirdly, on the authentication topic, there is good news. 
Multi-stakeholder efforts like the FIDO Alliance and the World 
Wide Web Consortium have developed standards for next-
generation authentication that are now being embedded in most 
devices, operating systems, and browsers in a way that enhances 
security privacy and the user experience. The government can 
play a role in accelerating the pace of adoption.
    Fourthly, even if we assume the SSN is publicly known, that 
does not mean it needs to be used everywhere. Many of the 
members of the Better Identity Coalition would love to reduce 
where they use the SSN, due to the risks that it presents to 
them, relative to other identifiers. However, they are running 
up against laws and regulations that require them to collect 
and retain the SSN.
    Finally, we need to focus not just on the SSN, but also the 
future of the Social Security Administration. The issue here 
goes beyond the future use of a nine-digit number to encompass 
a broader topic: What role should the government play in the 
future of the identity ecosystem?
    Now, while identity may not be a part of the SSA's mission 
statement, there is no question that in 2018 the SSA is in the 
identity business. It is time to acknowledge that fact and then 
take a step back to contemplate what that means.
    Having agencies like SSA accept their role here may be the 
most impactful thing that the government can do to help solve 
our identity challenges. Specifically, like allowing consumers 
to start asking agencies that have their personal information 
to vouch for them to parties they seek to do business with.
    The SSA and state departments of motor vehicles have the 
most to offer here, and this concept was embraced in the 2016 
report from the Bipartisan Commission on Enhancing National 
Cyber Security. The Federal Government should work to, one, 
develop a framework of standards and rules to make sure this is 
done in a secure, privacy-protecting way; and second, fund work 
to get it started.
    I appreciate the opportunity to testify today and look 
forward to answering your questions.
    Chairman JOHNSON. Thank you, sir.
    [The prepared statement of Mr. Grant follows:]
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]    
    
    Chairman JOHNSON. Mr. Lewis, welcome. Thank you for being 
here. Please proceed.

  STATEMENT OF JAMES LEWIS, SENIOR VICE PRESIDENT, TECHNOLOGY 
 POLICY PROGRAM, CENTER FOR STRATEGIC AND INTERNATIONAL STUDIES

    Mr. LEWIS. Thank you, Mr. Chairman and Ranking Member 
Larson. I thank the Committee for the opportunity to testify.
    One of the leading scientists of the 20th century said that 
an expert is a individual who has made all possible errors in a 
particular field. And I think that qualifies me as a expert in 
this issue, since I have been involved in programs like this 
since 1992, none of which have worked.
    So let's give it a try.
    We have all heard how the SSN is the key identifier. It is 
unique to each individual. It is issued by a trusted source. 
And most importantly, it links to different databases. So your 
SSN can link to your bank, your tax account, your driver's 
license. It is irreplaceable.
    It is invaluable for business. But as we have heard, it is 
also invaluable for crime. One estimate is that somewhere 
between 60 and 80 percent of all Social Security numbers have 
been stolen. Another estimate puts the cost of stolen Social 
Security numbers at $16 billion annually. I think the Committee 
is on the right track here by looking at ways to modernize and 
strengthen the SSN, the Social Security number, because this 
will provide real benefits and reduce crime.
    Our goal should be to provide the same level of service and 
security that citizens expect from the private sector, or that 
citizens enjoy in other developed economies.
    There are several options for modernizing the SSN. These 
include federated authentication of identity, public 
encryption, blockchain, and smart cards. Some of these have 
been tried in the past, but they faced problems of complexity, 
cost, and they raise privacy concerns.
    Simply publishing the SSN, as you heard, is a--is the least 
expensive option, but it doesn't fix all the problems we face.
    An easy first step would be to replace the Social Security 
card with a smart card, a plastic card with an embedded chip, 
like the credit cards that most of us carry. Millions of 
commercial transactions are carried out with these cards every 
day. Most people are familiar with them, which would ease the 
burden of both acceptance and transition.
    A smart card provides a foundation for a secure Social 
Security number. When your credit card is stolen, your 
financial institution cancels the old one and issues you a new 
number. You are still linked to your account, you are still 
responsible for any legitimate charges, but you are not linked 
to the old number. And a similar approach might help us in 
thinking about how to streamline, modernize, and make the 
Social Security number more secure.
    Social Security Administration could use a similar 
approach. It could administer a smart card approach, or it 
could contract it out to the private sector, a solution that 
other countries have used. Further debate is required, and I 
think we all recognize that, to decide which modernization 
option is best and, equally important, how we will pay for it, 
because there is no free replacement for the SSN.
    Blockchain technology may offer an option for a modernized 
SSN, but it is not ready, as you have heard. It is not yet 
mature.
    The best argument for smart cards is that we already use 
them on a massive scale. Companies and citizens are familiar 
with them. Implementation, of course, would be difficult. Any 
change for so venerable an institution is going to be 
difficult. But we have the advantage of knowing the technology 
and processes already work because of our experience with 
credit cards and banks.
    Thank you for the opportunity to testify. I look forward to 
your questions.
    [The prepared statement of Mr. Lewis follows:]
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]    
    

    Chairman JOHNSON. Thank you, sir. I appreciate that. We 
will now look to questions.
    As is customary, for each round of questions I will limit 
my time to five minutes, and I ask my colleagues to also limit 
their questioning time to five minutes, as well.
    Acting Commissioner Berryhill, the alarming story about the 
child in Arizona raises many questions about how Social 
Security treats identity theft victims. Are you taking a close 
look at how you handle requests for new Social Security 
numbers?
    Ms. BERRYHILL. Mr. Chairman, I am very aware of the case 
that you are referencing in Arizona, and thank you for bringing 
that to our attention. We have worked very hard with our staff 
to issue clarification policies to all of our front-line 
employees. We have also held national calls with all managers, 
area directors, and we also decided that we would have regional 
experts available to the front-line employees at the time, when 
the time comes, where they have a complex case. In this 
situation, we would consider that a complex case.
    So having those regional experts that are well-trained on 
enumeration, on replacement cards, on new--issuing new SSNs I 
think will help. So we took that immediate action, and all 
those actions have been accomplished.
    Chairman JOHNSON. Well, with more than 1,200 field offices, 
what are you doing to make sure that your policies are being 
followed?
    Ms. BERRYHILL. That is why we held national calls with all 
of our managers and our area directors that have oversight to 
our managers, and we will continue to do checks and balances to 
make sure that those policies are followed.
    I really believe having a regional expert there so the 
front line employees can consult if they have questions is 
really going to be a key change for SSA.
    Chairman JOHNSON. You know, I was shocked to learn that 
Social Security employees' voicemails tell callers to record 
their Social Security number with their name and phone number 
to get a return call. How is that a good practice, given all 
the concerns with identity theft and phone scams?
    Ms. BERRYHILL. I certainly understand that, and I am aware 
of that situations that we have (sic).
    We do use the Social Security number to look up our 
records. Certainly, if an individual is not comfortable leaving 
their Social Security number, they should not do that. However, 
it does expedite the transaction when they call us back. We can 
certainly, in the front line, pull up someone's record, have 
that available so when we return that call we can quickly go 
through the process with them and answer any questions.
    But again, if someone is uncomfortable, they should not 
leave their Social Security number.
    Chairman JOHNSON. Okay. Well, maybe we ought to take 
another look at that.
    Mr. Grobman, this panel has talked about some big ideas 
today. What do you think?
    Mr. GROBMAN. I think the----
    Chairman JOHNSON. Is now the time to take action?
    Mr. GROBMAN. Absolutely. I think the one thing that we 
heard universally across this panel is using Social Security 
numbers as authenticators is something that needs to be 
addressed as the most time-critical element of the issue.
    There are clearly other issues on the fringe of Social 
Security number as an identifier. But from a magnitude 
perspective, looking to remove Social Security knowledge as an 
authenticator is something that we must act on immediately, and 
invest whatever it takes in order to make that a practical 
reality.
    Chairman JOHNSON. Yes, we have been trying to do that for 
20 years.
    Mr. Larson, you are recognized.
    Mr. LARSON. Thank you, Mr. Chairman. I want to thank the 
panelists. It is--we have an awful lot of hearings, but it is 
always refreshing when you actually have panelists who give you 
some solutions, as well.
    Acting Secretary Berryhill, first of all, let me commend 
you for your service.
    Let me also acknowledge that there is no one who has been 
working harder to make sure that we have a permanent chair of--
the Secretary of Social Security than the chairman himself. And 
we have--support him in those efforts, and hope that the 
administration will act soon, but want to thank you for your 
service.
    I think there is unanimity on the Committee with respect to 
authentification (sic). How would you go about implementing 
that? And what is the cost of that?
    Ms. BERRYHILL. So certainly, any ideas--I think there has 
been some great ideas listed by the panel Members today--we 
will take all of them and review them and cost them out. 
Certainly not something I could address today. Lots of ideas 
are good, but then you have to look at the price tag that is 
attached to them.
    So again, we will go back and take a look at any ideas that 
the Committee would like us to look at.
    Mr. LARSON. Any idea on that price, Mr. Grobman?
    Mr. GROBMAN. I think one thing that we need to recognize 
when we look at the price is the price of not taking action.
    So if you look at the cost related to fraud or misuse of 
Social Security numbers as authenticators, my opinion is that 
is a staggering figure that needs to be comprehended when 
looked at the cost of implementing a new plan.
    Mr. LARSON. Mr. Lester, you had the--a number of solutions. 
But one of the things that you emphasized is that you--we make 
sure that we steer clear of any biometric solution. Would you 
explain why?
    Mr. LESTER. When Congress passed the Privacy Act in 1974, 
they were explicitly responding to and rejecting calls for a 
national identification system. There are national 
identification systems that rely on biometrics in other 
countries that raise really grave civil liberties and privacy 
concerns.
    For example, in India their new biometric system--AADHAR, I 
think--was recently breached, compromising the biometric data 
on its 1.2 billion citizens. I think that any problems with a 
biometric system are demonstrated by the recent breach of the 
OPM.
    Mr. LARSON. Would all the panelists agree that that is a 
reasonable concern?
    Mr. GROBMAN. I think it very much depends on the problem 
that you are trying to solve. In India, part of what they were 
trying to solve was there was no starting point, and they 
needed to ensure that an individual only registered a single 
time for benefits. So, by using biometrics, it prevented an 
individual from registering in one town and then walking down 
the road to another town and registering again.
    So, in that case, biometrics was a practical technology in 
order to solve that specific problem. I don't believe we have 
that problem at scale in the U.S. And therefore, I think the 
points are well taken that we should look for other, less 
privacy-intrusive mechanisms as a first step. And as Mr. Lewis 
mentioned, things such as smart cards can be a much more rapid 
practical option that could be distributed without requiring 
every citizen to have biometrics----
    Mr. LARSON. Is there consensus amongst the panel with 
respect to smart cards?
    Mr. Rosenzweig.
    Mr. ROSENZWEIG. I--Rosenzweig. I think it is a good interim 
solution. But to be honest, you know, the smart card security 
system is not itself terribly robust. We have all experienced 
credit card fraud, as well, that is a result of a lot of that.
    On the issue of biometrics, I think it really is the 
difference between a centralized database and a distributed 
database. Biometrics, as a localized identifier, is actually 
something that the--President Obama's White House supported as 
a substitute for passwords because they are more readily usable 
by most citizens than the password system.
    So I wouldn't write with such a broad brush----
    Mr. LARSON. You also objected to one of Mr. Lester's 
solutions. Could you explain why? And hopefully Mr. Lester will 
get a chance to reply.
    Mr. ROSENZWEIG. Well, I don't so much object. Regulation is 
clearly one of the normal tools in our toolkit here in 
Washington, alongside taxation----
    Mr. LARSON. Is it regulation or the efficiency of the 
ability to regulate?
    Mr. ROSENZWEIG. Well, we all live in Washington. I am not a 
fan of our efficiency in the regulatory system. To take just--
to be brief about it, we have already acknowledged that it 
would have to exclude legal uses----
    Mr. LARSON. City of northern charm and southern efficiency?
    Mr. ROSENZWEIG. Indeed.
    Mr. LARSON. No disrespect to anyone from the South, but----
    Mr. ROSENZWEIG. I think it would cost us quite a bit and 
take far too long.
    Chairman JOHNSON. The gentleman's time has expired.
    Mr. Kelly, you are recognized.
    Mr. KELLY. I thank you, Chairman, and thank you all for 
being here today.
    Mr. Rosenzweig, I had a coach in high school had the same 
name, we just called him Rosie. So maybe the rest of the panel 
can do that.
    [Laughter.]
    Mr. KELLY. First of all, thank you all for being here. But, 
you know, Ms. Berryhill, I am--I think when we look at the size 
and scope of the program, and the number of beneficiaries, is 
there anybody in the private sector that even comes close to 
facing these types of problems, as far as making sure we are 
sending the right money to the right people, and the fact that 
there is so much fraud in the system already?
    Is there any approach out there that people are looking at 
that would make sense?
    Ms. BERRYHILL. So, you know, first of all, we need to 
protect our records. And our focus for the Social Security 
number has been collecting wage information and paying 
benefits.
    We have a robust, anti-fraud process that we put in place, 
so we review claims ahead of time, we will flag certain high-
risk claims. But as far as comparing that to the private 
sector, we have to make sure that, in government, that our 
beneficiaries, our recipients are protected, and their data is 
protected.
    Mr. KELLY. Well, it just seems to me the very nature of the 
way we do things today--we have a safe that we put things into 
that we cannot lock. There is somebody finding a way to get 
into this data all the time, and yet we keep thinking, well, 
you know what? This is just the way we do things today. We are 
going to just have to keep going down that path. I just--I am 
really fascinated.
    Mr. Grobman, you said something I have written down here. 
Is there any information that indicates the cost of not finding 
a remedy to this? I think those numbers would be so staggering 
that most of us would not even want to discuss it.
    Is there any idea of what the cost of not fixing this is--
because it seems to me--there is an old saying. You keep doing 
the same thing over and over again, expecting a different 
result--I don't see how we fix this the way we are going right 
now. So that cost of not fixing it, any ideas?
    Mr. GROBMAN. I don't have a quantitative number.
    Mr. KELLY. Yes. Nobody does.
    The Chairman is right; it is the definition of insanity, 
but----
    Mr. GROBMAN. There is one estimate, and it was from The 
Economist, and it was $16 billion a year.
    Mr. KELLY. Sixteen?
    Mr. GROBMAN. Billion.
    Mr. KELLY. Billion, with a B. That is--down here. One, six, 
and with a B, billion. So--okay.
    Mr. Grant, some companies have recognized problems with the 
Social Security number and have shifted their business models 
in response. Can you share some examples in the private sector 
of how people are addressing this?
    Mr. GRANT. Sure. So one of the founding members of our 
coalition is Aetna, who--their chief security officer, Jim 
Routh, and the team there led an effort I think they launched 
in 2014 focused on reducing the instances of the Social 
Security number within their systems.
    Talking about costs, this is a 6-year, roughly $60 million 
investment that the company is voluntarily undertaking because 
they think that they can reduce their risk profile by reducing 
the instances of the SSN across their enterprise. And I think 
to date they have eliminated about 10 billion instances, 
which--not that they have 10 billion beneficiaries, but it 
shows you, if I am one of theirs, that I probably had my SSN in 
a dozen different systems.
    So, you know, companies are willing to do this today, and I 
think you are starting to see, you know, particularly Fortune 
500 companies who are holding on to SSN are looking at it as a 
liability. But the cost is significant. It can't happen 
overnight.
    They are also hindered in that, as a health insurer, they 
are required by the government to leverage the SSN for pretty 
much all of their government business, as well as any 
beneficiary who they have to report to the government had 
health insurance.
    So, you know, I highlighted this a little in my opening 
testimony. There is a lot of government requirements that are 
out there that state that private industry has to collect the 
SSN. As long as we have those out there, it is going to be 
quite hard to eliminate it entirely.
    Mr. KELLY. As we keep going forward, then, I--and we all 
look at this program and we refer to it as an entitlement, and 
some people say that is a negative term. No, entitlement means 
you are entitled to this benefit because you have paid into it 
your whole life.
    I think there is total agreement on this Committee and 
throughout the whole Congress that we have to protect this 
program because it is so vital to our folks.
    Listen, I really appreciate you all being here today, but 
could you please continue weighing in and give us other 
examples and other solutions to what it is we are trying to 
fix? It is just this is so massive right now, I think it is one 
of those things you sit back and say it is too big for us to 
work with.
    But I like Mr. Grobman--it is only going to get bigger and 
bigger and more expensive if we don't do it.
    Mr. GROBMAN. Absolutely. And I think, following up on that 
comment, one of the things we need to look at is the 
opportunity cost of continuing to try to protect Social 
Security numbers from becoming public, when we know that they 
are already public in so many cases.
    So, although there are a number of interesting efforts put 
forward in the last few years to reduce the disclosure of 
Social Security numbers, what I would ask is what if we re-
purposed all of those efforts into building a modern 
authentication system so that we just simply use Social 
Security number as an identity, not an authenticator.
    Mr. KELLY. Very good. Thank you.
    Chairman JOHNSON. The gentleman's time has expired.
    Mr. Pascrell, you are----
    Mr. PASCRELL. Thank you, Mr. Chairman. A great panel.
    I want to start by--Mr. Lester, would you respond to Mr. 
Larson's question that you didn't get a chance to respond to 
before?
    Mr. LESTER. Sure. So I think you are talking about the 
cost----
    Mr. PASCRELL. You got 30 seconds.
    Mr. LESTER. I think you are talking about the costs of 
regulation, right? So Mr. Rosenzweig talked about the cost of 
regulating this, and I would just like to mention a cost which 
is 16.7 billion, to be precise. That is the amount that was 
stolen as a result of identity theft in 2017. The cost of not 
regulating is in the billions.
    And furthermore, what we are talking about is restoring the 
Social Security number to its original purpose, which is to be 
used only by the Social Security Administration. That is what 
it was intended for. Congress has many times looked at this. 
When they passed the Privacy Act in 1974, that is originally 
what it was intended to do. So----
    Mr. PASCRELL. Thank you.
    Mr. LESTER. Yes.
    Mr. PASCRELL. Thank you.
    Last month, Mr. Grant, the Ways and Means Committee marked 
up a bill to protect children and consumers from identity 
theft--it was H.R. 5192--by helping reduce the prevalence of 
synthetic identity fraud. The bill would do this by 
facilitating the validation of identifying information provided 
by lenders, and upon the consent of the customer--consumer, 
rather, I am sorry--through a database maintained by the Social 
Security Administration. The bill is considered an important 
step that Congress took to help prevent identity theft.
    But I wanted to get your view very quickly about what the 
extent this validation system will solve the problem or not. 
What is your thoughts?
    Mr. GRANT. So I actually talked about this a bit in my 
written testimony, but didn't get to it in my opening 
statement. I think it is a great first step.
    The idea actually goes to a key point that I flagged in my 
opening statement, which is can we shift the model a little bit 
when it comes to identity verification services, so that 
government agencies like the SSA that are the authoritative 
roots of trust when it comes to my data--they have got the 
truth, in terms of what my name and my SSN are--why can't I ask 
them when I am opening an account to let my bank check to see 
if there really is a Jeremy Grant with my SSN and date of birth 
in their system?
    And so this new bill, if it passes--and I think it is also 
in the Senate reg reform package for banking that is currently 
in front of the House--will be a good first step.
    But two things I would add to that. It is only limited to 
account openings covered under the Fair Credit Reporting Act. I 
can't imagine, as a consumer, why I wouldn't want to ask SSA to 
validate that for everybody. And then I think the other 
question that has come up is if we are worried about synthetic 
identity fraud, this will take care of new account openings 
going forward. But there is probably, you know, thousands, if 
not millions of synthetic accounts that are out there today.
    And so, one question has been should financial institutions 
have an opportunity to have a one-time window where they could 
retroactively put existing accounts out there to make sure that 
things match?
    Mr. PASCRELL. Thanks, Mr. Grant, I appreciate that. Look, 
there is widespread data breaches at the Office of the 
Personnel Management, Home Depot, J.P. Morgan, Target, U.S. 
Postal Service, and, of course, Equifax. And they highlight the 
need to focus our attention on how better to authenticate 
identities.
    From a consumer protection standpoint, this is outrageous. 
Hackers assessed--accessed personally-identifiable information 
from millions of customer accounts. In the wrong hands, access 
to Social Security numbers, birth data, address, driver's 
license number could turn someone's life upside down. We must 
do everything possible to establish privacy safeguards Social 
Security (sic). Protecting the individual's personal 
information to ensure their identities are protected must be 
one of our top priorities.
    Should the burden be on the government to create a unique 
identifier to identify individuals, or should it be on the 
private corporations to establish unique identifiers with their 
clients? Anybody?
    Mr. Lester.
    Mr. LESTER. Right. So I think that is where the importance 
of context-specific identifiers comes into play. So if you are 
transacting with a company you have a unique identifier for 
that company. That way, if an identity thief steals that 
identifier, they do not have access to all your accounts, and 
they cannot open new accounts in your name and destroy your 
financial life.
    Mr. LEWIS. Congressman, if I could just add, in the many 
attempts we have had to come up with a national identifier, we 
have learned that there is only one trusted source, and that is 
the government. And that is why SSA is the default identifier. 
People don't trust other sources.
    Mr. PASCRELL. Mr. Chairman--thank you, but I must add this 
point to you. Are we really serious about doing this? Are we 
really serious about changing the culture, which is a different 
thing? And why haven't we done more? We need to ask ourselves 
that question.
    Chairman JOHNSON. You are right. Thank you for your 
questions.
    Mr. Rice, you are recognized.
    Mr. RICE. You know, this is a incredibly complicated 
problem, but it is not new. This is not new. Identity theft has 
existed since people had identities, right?
    Our--thinking back to law school and commercial paper, and 
in order to allow for the free flow of commerce, we had laws to 
protect consumers with commercial paper. So a bank had a duty 
to know your signature, right? So if somebody forged your 
check, that wasn't your problem, it was the bank's problem. And 
that kind of applies here, too, doesn't it?
    I mean if somebody negligently releases your personal 
information, don't they have a liability for that?
    Mr. Lester.
    Mr. LESTER. Absolutely. The burden is on the companies that 
collect this information. It is important to stress that 
Equifax chose to collect the information on consumers. 
Consumers did not provide that information to Equifax. And in 
fact, when Equifax is breached, they are the ones that put the 
cost on the consumer by charging them for credit freezes and 
fraud monitoring. And I think it is also important to stress 
that there needs to be----
    Mr. RICE. Did Equifax----
    Mr. LESTER [continuing]. A private right of action----
    Mr. RICE. Did Equifax have liability for that?
    Mr. LESTER. Absolutely, which is why I need to stress that 
there needs to be, in any privacy law, private right of action 
for consumers to get redress.
    Mr. RICE. So you are advocating for specific identifiers 
for everything.
    And I think I heard Mr. Grant say he didn't have a problem 
with Social Security as a national identifier. I think you said 
the same thing, Mr. Grobman, and you did, too, Mr. Rosenzweig. 
And I kind of agree with you.
    I mean everybody has got an identifier, right? It is their 
name, at the very least. But the name is not unique. I mean 
there is a lot of Tom Rices out there.
    So you need some type of a national identifier, I would 
think, to make commerce work. And I don't know why Social 
Security couldn't be that. But it can't be an authenticator, 
because it is not private any more. Right?
    Mr. Rosenzweig.
    Mr. ROSENZWEIG. Using my Social Security number as an 
authenticator is as stupid as using the last four letters of my 
last name as my authenticator. It--or the last four digits of 
my phone number, which is another--mobile phone numbers, now 
that they are mobile, everybody has one and it is probably one 
you are going to keep for the rest of your life, even if you 
move to Washington.
    Mr. RICE. And I just think that--I mean, personally, just 
as a matter of common sense, I think completely--the idea that 
you would completely identify--I mean eliminate any sort of 
unique identifier is just not practical. I mean we have got to 
have some kind of unique identifier, and I don't know why it 
couldn't be your Social Security number.
    So I would think that the way to attack this problem--
because this--I don't care what we do, I don't care if we come 
up with the most, you know, beautiful and complex system that 
would do away with any hacking today, tomorrow the hacker is 
going to figure out something different. This is not new, it 
has been going on since the beginning of time, and it is going 
to keep on going on.
    So I would think that the way to attack this is kind of 
like they did with commercial paper, and that we should put 
liability on people who negligently release your information.
    Mr. Rosenzweig.
    Mr. ROSENZWEIG. Well, there has been at least one proposal 
by a colleague of mine who was in the last Administration to 
make people strictly liable for that.
    For myself, I would probably prefer a negligence standard 
over strict liability, but I do think that what you are onto is 
exactly the right economic answer, which is putting the 
obligations on the least cost avoider. One of the reasons that 
I kind of like my fanciful proposal of publication is that it 
makes it impossible for anyone to maintain the idea of security 
for the Social Security number as an authenticator. Liability 
would be another opportunity.
    Mr. RICE. What do you think about that, Mr. Grobman?
    Mr. GROBMAN. Oh, cyber crime is a market-driven enterprise. 
Cyber criminals are looking to steal things of value. And the 
reason that cyber criminals are looking to steal Social 
Security numbers is in today's world they have value because 
they can be used as an authenticator.
    One of the most practical ways to stop the theft is to de-
value what they are going after. And that is, in general, a 
much more practical mechanism at scale than trying to have the 
world----
    Mr. RICE. Okay, I got to stop because I only have 10 
seconds. If you all would respond to this by raising your hand, 
do any of you--who of you have a problem with using Social 
Security numbers as an identifier, but not an authenticator? 
One. One out of eight. Thank you.
    Chairman JOHNSON. The time has expired.
    Ms. Sanchez, you are recognized.
    Ms. SANCHEZ. Thank you, Mr. Chairman, and thank you to all 
of our witnesses.
    Social Security numbers were originally created as a way to 
track earnings, and were never meant to be used as an 
identifier in the private sector. The Social Security number 
has since morphed into a tool used to identify and authenticate 
individuals in a number of different situations, greatly 
expanding the universe of people and companies who have access 
to this incredibly valuable information.
    The ubiquity and widespread use of Social Security numbers 
has left consumers vulnerable to identity theft helpless to 
stop it.
    As we all know, Social Security numbers are incredibly 
valuable for identity thieves, and can be used to open new 
accounts and credit cards, or even take out mortgages, often 
leading to financial ruin for unsuspecting and innocent 
consumers.
    And as technology continues to advance at alarming rates, 
our unique Social Security numbers are increasingly vulnerable 
to cyber theft and fraudulent use. Recent data breaches 
demonstrate the urgent need to secure this information and just 
how valuable Social Security numbers and other personal data 
are.
    The Equifax hack alone comprised over 145 million 
American--pardon me, compromised over 145 million Americans' 
personal data, including their Social Security numbers. That is 
almost half of the U.S. population who are now at risk for 
identity theft or financial fraud.
    Social Security numbers have become the default identifier 
because they are truly unique, standardized, and can be 
verified. But as more and more of our personal information is 
available on the dark web for cheap, we need to start thinking 
about the best ways to identify and verify individuals.
    Mr. Lester, I would like to begin by asking you. Americans, 
consumers, don't have a full picture of what information is 
being collected about them. What kind of data is being 
collected about Americans? And are companies required to 
protect it?
    Mr. LESTER. Thank you. So first I would just like to 
clarify raising my hand to Representative Rice's poll question, 
because it wasn't a yes or no answer. I don't have a problem 
with the Social Security number being used as an identifier for 
Social Security.
    To answer your question, companies are now collecting vast 
amounts of data on consumers, and the problem is that consumers 
do not have control over this data.
    When Equifax collects data from consumers it is getting it 
from other commercial sources, and consumers are not providing 
it to Equifax. And so, in addition to limiting the use of the 
Social Security number in the private sector, consumers need to 
have control over their personal information.
    There needs to be a default credit freeze so that companies 
like Equifax can only disclose your information when consumers 
have affirmatively opted in. This would solve the problem of 
identity thieves opening up new accounts in your name, if 
Equifax could only pull your credit when you, as the consumer, 
have affirmatively given them permission to do so.
    Ms. SANCHEZ. Great. And--but I want to get at a--sort of a 
larger question that folks wonder from time to time: Are 
companies required to protect that information?
    Mr. LESTER. There is no federal standard right now for data 
security. The Federal Trade Commission does enforce data 
security when companies--you know, they have authority over 
unfair and deceptive practices. So if a company is representing 
they have good data security, like in the case with Uber, they 
represented over and over again our data security is great, 
when in fact it was non-existent.
    But no, there needs to be national standards that set a 
baseline, because states need to have the freedom to regulate 
upward in this area, because it is a dynamic and evolving 
field. So there needs to be a federal standard that sets a 
floor for data security.
    Ms. SANCHEZ. I would agree with that, and I would just say 
that I believe most consumers believe that companies are 
required to protect their information.
    Mr. Lester, could you talk a little more about how context-
specific identifiers work, and the medical identification 
number that they use in Canada?
    Mr. LESTER. Oh. Oh, yes. So the medical identification 
number in Canada, as I understand it, it is a unique context-
specific identifier. I am not super familiar with it. So I can 
certainly get back to you with more information on that.
    Ms. SANCHEZ. I would appreciate it, because I would be 
interested in knowing how that specifically works, because it 
might be instructive in terms of setting policy for how we 
begin to reign in the ubiquitous use of the Social Security 
number.
    Mr. LESTER. And there are many other examples of context-
specific identifiers. In my statement I mention, like, the 
university identifier that is a recent innovation by 
universities like Georgetown, my school, where they give you a 
nine-digit ID number in lieu of using your Social Security 
number.
    Ms. SANCHEZ. Thank you, and I yield back.
    Chairman JOHNSON. Thank you.
    Dr. Wenstrup, you are recognized.
    Mr. WENSTRUP. Thank you, Mr. Chairman. I appreciate it. 
Thank you all for being here.
    Mr. Rosenzweig, I don't have a question for you, I just 
wanted a shot at saying your name, and I hope I got it right.
    [Laughter.]
    Mr. ROSENZWEIG. Perfect.
    Mr. WENSTRUP. Thank you. My question is for Ms. Berryhill. 
But listening to Mr. Johnson's story earlier, I am reminded of 
a song called ``Secret Agent Man,'' you know, and it says we 
are giving you a number and taking away your name. And that is 
a concern, obviously.
    But I want to ask you about getting a new Social Security 
number. You know, when you lose your credit card, or it gets 
stolen, I tell you what. That bank wants to get you a new one 
right away: one, because they want you to use it again; and 
two, they want to make sure that no more money comes out of 
their account, because it personally affects them, as well.
    And I don't see the same for the Social Security 
Administration in that environment because, if you think about 
it, when somebody's Social Security number is taken, the fraud 
is either at the bank, or through the IRS, a taxpayer. Maybe, 
if somebody is getting your Social Security check, it may 
affect you. I don't know. I am kind of asking about that.
    But why do we make it so difficult to get a new number when 
that really is the problem? Because I don't know that there is 
the same amount of concern on the Social Security 
Administration like there is at the bank when your credit card 
gets taken. And I know somebody mentioned it might be, like, 
$34 to get a new card. Well, that may be a lot on your end, but 
it is pretty small on the other end, where the fraud is taking 
place.
    So why is it so difficult to get a new number?
    Ms. BERRYHILL. So usually it is a last resort to issue a 
Social Security--new card, a new number, because it doesn't 
always solve the problem. Many times banks, other companies, 
will cross-reference the old number to the new number. So you 
haven't really solved the problem in many situations.
    We do look at misused--are people disadvantaged? Are they 
not getting a loan for their house? Are their IRS tax returns 
and so forth--but again, I hope that our recent change in 
looking at our instructions to our front line will help that.
    But our number, again, is really designed to collect wage 
information and to pay benefits. As you can see, many of the 
examples are really about credit card fraud, banking fraud, not 
about our programs.
    Mr. WENSTRUP. But let me get back----
    Ms. BERRYHILL. Our----
    Mr. WENSTRUP. Let me get back to my question. There is no 
harm, monetarily or otherwise, to the Social Security 
Administration's budget. It is usually affecting someone else. 
So you don't have the vested interest that the bank does in 
this situation. And the cross-referencing, that doesn't need to 
happen. They get rid of the old number. They don't need to keep 
that data. So I don't find that as a very good answer as to 
that being a problem.
    So I really think you need to take a look at what can be 
done to get somebody a new number, because that is exactly what 
a business is going to do. If your identifier is stolen, they 
have a motive to get you a new one to protect themselves. But I 
don't find that you are at risk when somebody's Social Security 
number is taken away in any way. So there is not this desire to 
solve this problem.
    But $34, if that is what it actually costs to give somebody 
a new card, new number, whatever the case may be, that is a 
pittance to the hundreds or thousands of dollars that are going 
out on the other end. I just want to--I want to clarify that, 
because there is really no detriment to the Social Security 
Administration, is that right?
    Ms. BERRYHILL. Well, I don't know if I would agree with 
that. Certainly, if we open up the flood gates and said 
everybody that wants a number come on and get one, we 
probably----
    Mr. WENSTRUP. No, no, no, you would have to have a reason, 
not just say I don't like the number, it ends in an odd number 
and I want an even number. That--let's be realistic here. We 
are talking about people that have been victimized, not just 
anyone who wants a new number.
    Ms. BERRYHILL. And again, we believe that we want to do due 
diligence, we want to know what has happened with that number, 
we want to make sure that it is appropriate to assign them a 
new number.
    Mr. WENSTRUP. I get that. But why is it so hard? Why is 
somebody told they have to change their name?
    Ms. BERRYHILL. That was not an appropriate answer to say 
you change your name.
    Mr. WENSTRUP. Well, thank you. I think we need to look into 
that further.
    I yield back, thank you.
    Chairman JOHNSON. Thank you. Is Mr. Schweikert here?
    Mr. SCHWEIKERT. Mr. Chairman, I apologize. We also have 
the--running at the same time, so----
    Chairman JOHNSON. You are recognized if you care to make 
some questions.
    Mr. SCHWEIKERT. And I actually had a couple--have you ever 
actually started to write down a couple questions and--where 
some of us have brutal disagreements on the utilization of node 
networks and--but it is also a threat to certain companies.
    So I want to go--I want to take one gigantic step 
backwards, because I have missed a number of the questions 
here. If I came to all of you, either as policy, technology 
experts and said how do we design almost a single portal in our 
society that, whether--have a combination of multi--I am a big 
fan of certain token tradeoffs with the biometric and a 
password.
    So you could go on there and see your last 10 years of your 
IRS tax returns, or of your Social Security benefits, your 
veterans discharge, your--you know, where all these things that 
we, as government--all of us, as government--hold on you, and 
create a single portal so you could see them, but in a way that 
would be safe, robust, elegant.
    And we have actually been sketching out a concept of sort 
of a, you know, pass code biometric to a token back--if I was 
to run down the line, A, is that just techno-Utopian; but B, 
would it actually not only solve our issue here on the misuse 
of Social Security numbers, but also some of the other policy 
decisions we as Congress and the bureaucracy have made of 
starting to blind documents for our Medicare population, and 
those things, and now having to get unique identifiers, and the 
re-issuing of such things, and the confusion and cascade of 
chaos I expect to come from that?
    And could--run down. Let's start. If I came to you and said 
I don't want a simple, incremental solution, I want a 
disruption of more--of a unified portal, can it be done?
    Ms. BERRYHILL. So my first concern was if that unified 
portal was breached, does that mean all of my information is 
then out there from all different----
    Mr. SCHWEIKERT. It wouldn't if we designed permissions. 
So--and we will probably get to that, but there is a way to--so 
let's right now, for theoretically, just say it is--we were 
able to level--produce levels of security.
    Ms. BERRYHILL. I would certainly be willing to work with 
you on any ideas that you have. But again, my concern that if 
one portal--everything was breached, we would be in a worse 
situation today.
    Mr. SCHWEIKERT. Okay.
    Ms. CURDA. It sounds like a nice, aspirational idea. And 
the Federal Government, in terms of designing such complex 
systems, does not have a great track record. And it is 
extremely costly, so----
    Mr. SCHWEIKERT. We were thinking we would go to McAfee 
and----
    Ms. CURDA. Very difficult to do.
    Mr. LESTER. So, moving towards centralized database is 
exactly the wrong approach. I would use the example of 
container ships. They are compartmentalized, so that if there 
is a rocky wave, all the oil is not in one container to capsize 
the ship. It is the same with identity. As----
    Mr. SCHWEIKERT. So why do countries like Estonia and others 
have incredible success because you create levels of permission 
that require--that--it is a unified portal, but different 
levels of permission and pass and security?
    Mr. LESTER. Is that for me?
    Mr. SCHWEIKERT. Yes.
    Mr. LESTER. I don't know about the case of Estonia. As I 
understand, it is a much smaller----
    Mr. SCHWEIKERT. Yes, what is your coding background?
    Mr. LESTER. I am sorry?
    Mr. SCHWEIKERT. Your coding----
    Mr. LESTER. My coding background? I don't have a coding 
background.
    Mr. SCHWEIKERT. Okay, sorry. And I am sorry, I was trying 
to go more technical than that. I am not being mean.
    Mr. ROSENZWEIG. I would say that Estonia is a good case 
study. My concerns would mostly be about scalability issues.
    Mr. SCHWEIKERT. Yes, that is actually fair.
    Mr. ROSENZWEIG. It is much smaller. I think that such a 
system is at least feasible within the context of design.
    I do share some people's concerns that U.S. Government 
large-scale procurement programs like this never seem to 
actually get there. So even if we could idealize it, the 
government sector might----
    Mr. SCHWEIKERT. Oh, yes.
    Mr. ROSENZWEIG [continuing]. Not quite get it----
    Mr. SCHWEIKERT. And let's be brutally honest. There will be 
a knife fight because----
    Mr. ROSENZWEIG. Yes.
    Mr. SCHWEIKERT [continuing]. You are interrupting a lot of 
bureaucracies, layers of power and authority.
    Mr. GROBMAN. It can absolutely be done. I think if you look 
at the large-scale systems that exist today for authentication, 
whether it is financial services, whether it is some of the 
models that--there is numerous capabilities. The private sector 
has built a set of protocols that enable one entity to do 
authentication, and then allow that authentication to be 
honored by others. Things like SAML and OATH.
    Really, the discussion needs to be about getting the right 
balance between privacy and security----
    Mr. SCHWEIKERT. Well, you hit one thing I fixate on, and 
that is--we hit quantum. I will absolutely have to have a 
token, because I think--because an algorithmic is under threat 
(sic).
    Mr. GROBMAN. So one of the key points I made in my written 
testimony is although we haven't settled on exactly what 
quantum-safe algorithms to use, in the design of a new system 
we can design it such that we have the ability to swap 
algorithms out as we----
    Mr. SCHWEIKERT. Well, you don't think a token system would 
be more robust?
    Mr. GROBMAN. I think that it is part of the solution, but I 
think that the underlying cryptography that needs to be used in 
the solution does need to eventually be----
    Mr. SCHWEIKERT. I need to learn more. If you have something 
I can read----
    Chairman JOHNSON. The time of the gentleman has expired.
    Mr. SCHWEIKERT. Oh, all right. I will talk after. But thank 
you for tolerating me. I need to disclose I have had a lot of 
caffeine.
    [Laughter.]
    Chairman JOHNSON. Thank you.
    To keep pace with the identity thieves we need to start 
thinking beyond just protecting Social Security numbers, and 
start thinking about how to make the numbers less valuable to 
criminals in the first place.
    You know, it is time to take a hard look, I think, at the 
future of Social Security numbers, and to decide what needs to 
change to better protect Americans from identity theft. This 
hearing has given us a good starting point, and I look forward 
to working with my colleagues in the future to figure out the 
next steps forward.
    Americans are counting on us to get this right. They want, 
need, and deserve nothing else.
    Thank you to all our witnesses for your testimony today, 
and I thank you to our Members for being here.
    With that, the--you want to?
    Mr. LARSON. Yes.
    Chairman JOHNSON. I recognize Mr. Larson----
    Mr. LARSON. I want to thank----
    Chairman JOHNSON [continuing]. For a comment.
    Mr. LARSON. I want to thank the chairman. This is indeed 
one of the more interesting panels that we have. And as you can 
tell, a number of our Members still have a lot of questions.
    What we would like to ask of you is that if you could 
submit to us in writing--because it was very valuable to get 
your input--we don't--and the chairman has already indicated 
that we, as a Committee, will meet internally to digest what 
you send us in writing, in terms of your solution and also the 
urgency that you all attach with this, especially, as the 
chairman has already outlined, under authentification (sic), 
and how we might proceed. Because there is a--this was a very 
fertile and productive meeting. I thank the chairman.
    Chairman JOHNSON. Thank you.
    Mr. LARSON. And I appreciate the opportunity to respond.
    Chairman JOHNSON. Thank you. And thank you all for being 
here. We appreciate your presence.
    With that, the Subcommittee stands adjourned.
    [Whereupon, at 11:36 a.m., the Subcommittee was adjourned.]
    [Member Submissions for the Record follow:]
    
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]    
    


               
    [Public Submission for the Record follow:]
    
    
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]