[House Report 115-636]
[From the U.S. Government Publishing Office]


115th Congress    }                                    {        Report
                        HOUSE OF REPRESENTATIVES
 2d Session       }                                    {       115-636

======================================================================



 
              PROTECTING CHILDREN FROM IDENTITY THEFT ACT

                                _______
                                

 April 13, 2018.--Committed to the Committee of the Whole House on the 
              State of the Union and ordered to be printed

                                _______
                                

Mr. Brady of Texas, from the Committee on Ways and Means, submitted the 
                               following

                              R E P O R T

                        [To accompany H.R. 5192]

      [Including cost estimate of the Congressional Budget Office]

    The Committee on Ways and Means, to whom was referred the 
bill (H.R. 5192) to authorize the Commissioner of Social 
Security to provide confirmation of fraud protection data to 
certain permitted entities, and for other purposes, having 
considered the same, report favorably thereon with an amendment 
and recommend that the bill as amended do pass.

                                CONTENTS

                                                                   Page
 I. SUMMARY AND BACKGROUND............................................4
        A. Purpose and Summary...................................     4
        B. Background and Need for Legislation...................     4
        C. Legislative History...................................     6
II. EXPLANATION OF THE BILL...........................................6
        A. Short Title (Section 1 of Bill).......................     6
        B. Reducing Identity Fraud (Section 2 of Bill)...........     7
III.VOTES OF THE COMMITTEE............................................9

IV. BUDGET EFFECTS OF THE BILL.......................................10
        A. Committee Estimate of Budgetary Effects...............    10
        B. Statement Regarding New Budget Authority and Tax 
            Expenditures Budget Authority........................    10
        C. Cost Estimate Prepared by the Congressional Budget 
            Office...............................................    10
 V. OTHER MATTERS TO BE DISCUSSED UNDER THE RULES OF THE HOUSE.......11
        A. Committee Oversight Findings and Recommendations......    11
        B. Statement of General Performance Goals and Objectives.    11
        C. Information Relating to Unfunded Mandates.............    11
        D. Congressional Earmarks, Limited Tax Benefits, and 
            Limited Tariff Benefits..............................    12
        E. Duplication of Federal Programs.......................    12
        F. Disclosure of Directed Rule Makings...................    12
    The amendment is as follows:
  Strike all after the enacting clause and insert the 
following:

SECTION 1. SHORT TITLE.

  This Act may be cited as the ``Protecting Children from Identity 
Theft Act''.

SEC. 2. REDUCING IDENTITY FRAUD.

  (a) Purpose.--The purpose of this section is to reduce the prevalence 
of synthetic identity fraud, which disproportionally affects vulnerable 
populations, such as minors and recent immigrants, by facilitating the 
validation by permitted entities of fraud protection data, pursuant to 
electronically received consumer consent, through use of a database 
maintained by the Commissioner.
  (b) Definitions.--In this section:
          (1) Commissioner.--The term ``Commissioner'' means the 
        Commissioner of the Social Security Administration.
          (2) Financial institution.--The term ``financial 
        institution'' has the meaning given the term in section 509 of 
        the Gramm-Leach-Bliley Act (15 U.S.C. 6809).
          (3) Fraud protection data.--The term ``fraud protection 
        data'' means a combination of the following information with 
        respect to an individual:
                  (A) The name of the individual (including the first 
                name and any family forename or surname of the 
                individual).
                  (B) The Social Security account number of the 
                individual.
                  (C) The date of birth (including the month, day, and 
                year) of the individual.
          (4) Permitted entity.--The term ``permitted entity'' means a 
        financial institution or a service provider, subsidiary, 
        affiliate, agent, contractor, or assignee of a financial 
        institution.
  (c) Efficiency.--
          (1) Reliance on existing methods.--The Commissioner shall 
        evaluate the feasibility of making modifications to any 
        database that is in existence as of the date of enactment of 
        this Act or a similar resource such that the database or 
        resource--
                  (A) is reasonably designed to effectuate the purpose 
                of this section; and
                  (B) meets the requirements of subsection (d).
          (2) Execution.--The Commissioner shall establish a system to 
        carry out subsection (a), in accordance with section 1106 of 
        the Social Security Act. In doing so, the Commissioner shall 
        make the modifications necessary to any database that is in 
        existence as of the date of enactment of this Act or similar 
        resource, or develop a database or similar resource.
  (d) Protection of Vulnerable Consumers.--The database or similar 
resource described in subsection (c) shall--
          (1) compare fraud protection data provided in an inquiry by a 
        permitted entity against such information maintained by the 
        Commissioner in order to confirm (or not confirm) the validity 
        of the information provided, and in such a manner as to deter 
        fraudulent use of the database or similar resource;
          (2) be scalable and accommodate reasonably anticipated 
        volumes of verification requests from permitted entities with 
        commercially reasonable uptime and availability; and
          (3) allow permitted entities to submit--
                  (A) one or more individual requests electronically 
                for real-time machine-to-machine (or similar 
                functionality) accurate responses; and
                  (B) multiple requests electronically, such as those 
                provided in a batch format, for accurate electronic 
                responses within a reasonable period of time from 
                submission, not to exceed 24 hours.
  (e) Certification Required.--Before providing confirmation of fraud 
protection data to a permitted entity, the Commissioner shall ensure 
that the Commissioner has a certification from the permitted entity 
that is dated not more than 2 years before the date on which that 
confirmation is provided that includes the following declarations:
          (1) The entity is a permitted entity.
          (2) The entity is in compliance with this section.
          (3) The entity is, and will remain, in compliance with its 
        privacy and data security requirements, as described in title V 
        of the Gramm-Leach-Bliley Act (15 U.S.C. 6801 et seq.) and as 
        required by the Commissioner, with respect to information the 
        entity receives from the Commissioner pursuant to this section.
          (4) The entity will retain sufficient records to demonstrate 
        its compliance with its certification and this section for a 
        period of not less than 2 years.
  (f) Consumer Consent.--
          (1) In general.--Notwithstanding any other provision of law 
        or regulation, a permitted entity may submit a request to the 
        database or similar resource described in subsection (c) only--
                  (A) pursuant to the written, including electronic, 
                consent received by a permitted entity from the 
                individual who is the subject of the request; and
                  (B) in connection with any circumstance described in 
                section 604 of the Fair Credit Reporting Act (15 U.S.C. 
                1681b).
          (2) Electronic consent requirements.--For a permitted entity 
        to use the consent of an individual received electronically 
        pursuant to paragraph (1)(A), the permitted entity must obtain 
        the individual's electronic signature, as defined in section 
        106 of the Electronic Signatures in Global and National 
        Commerce Act (15 U.S.C. 7006). Permitted entities must develop 
        and use an electronic signature process in accordance with all 
        Federal laws and requirements as designated by the 
        Commissioner.
          (3) Effectuating electronic consent.--No provision of law or 
        requirement, including section 552a of title 5, United States 
        Code, shall prevent the use of electronic consent for purposes 
        of this subsection or for use in any other consent based 
        verification under the discretion of the Commissioner.
  (g) Compliance and Enforcement.--
          (1) Audits and monitoring.--
                  (A) In general.--The Commissioner--
                          (i) shall conduct audits and monitoring to--
                                  (I) ensure proper use by permitted 
                                entities of the database or similar 
                                resource described in subsection (c); 
                                and
                                  (II) deter fraud and misuse by 
                                permitted entities with respect to the 
                                database or similar resource described 
                                in subsection (c); and
                          (ii) may terminate services for any permitted 
                        entity that prevents or refuses to allow the 
                        Commissioner to carry out the activities 
                        described in clause (i) and may terminate or 
                        suspend services for any permitted entity as 
                        necessary to enforce any violation of this 
                        section or of any certification made under this 
                        section.
          (2) Enforcement.--
                  (A) In general.--Notwithstanding any other provision 
                of law, including the matter preceding paragraph (1) of 
                section 505(a) of the Gramm-Leach-Bliley Act (15 U.S.C. 
                6805(a)), any violation of this section and any 
                certification made under this section shall be enforced 
                in accordance with paragraphs (1) through (7) of such 
                section 505(a) by the agencies described in those 
                paragraphs.
                  (B) Relevant information.--Upon discovery by the 
                Commissioner of any violation of this section or any 
                certification made under this section, the Commissioner 
                shall forward any relevant information pertaining to 
                that violation to the appropriate agency described in 
                subparagraph (A) for evaluation by the agency for 
                purposes of enforcing this section.
  (h) Recovery of Costs.--
          (1) In general.--
                  (A) In general.--Amounts obligated to carry out this 
                section shall be fully recovered from the users of the 
                database or verification system by way of advances, 
                reimbursements, user fees, or other recoveries as 
                determined by the Commissioner. The funds recovered 
                under this paragraph shall be deposited as an 
                offsetting collection to the account providing 
                appropriations for the Social Security Administration, 
                to be used for the administration of this section 
                without fiscal year limitation.
                  (B) Prices fixed by commissioner.--The Commissioner 
                shall establish the amount to be paid by the users 
                under this paragraph, including the costs of any 
                services or work performed, such as any appropriate 
                upgrades, maintenance, and associated direct and 
                indirect administrative costs, in support of carrying 
                out the purposes described in this section, by 
                reimbursement or in advance as determined by the 
                Commissioner. The amount of such prices shall be 
                periodically adjusted by the Commissioner to ensure 
                that amounts collected are sufficient to fully offset 
                the cost of the administration of this section.
          (2) Initial development.--The Commissioner shall not begin 
        development of a verification system to carry out this section 
        until the Commissioner determines that amounts equal to at 
        least 50 percent of program start-up costs have been collected 
        under paragraph (1).
          (3) Existing resources.--The Commissioner of Social Security 
        may use funds designated for information technology 
        modernization to carry out this section, but in all cases shall 
        be fully reimbursed under paragraph (1)(A).
          (4) Annual report.--The Commissioner of Social Security shall 
        annually submit to the Committee on Ways and Means of the House 
        of Representatives and the Committee on Finance of the Senate a 
        report on the amount of indirect costs to the Social Security 
        Administration arising as a result of the implementation of 
        this section.

                       I. SUMMARY AND BACKGROUND


                         A. Purpose and Summary

    The Protecting Children from Identity Theft Act (H.R. 
5192), as reported by the Committee on Ways and Means, requires 
the Social Security Administration (SSA) to match the name, 
Social Security number (SSN), and date of birth submitted by 
permitted entities against the SSA's records. The bill seeks to 
protect individuals, firms and the economy by allowing 
financial institutions to verify the accuracy of their 
customers' personal identity information, in order to guard 
against the establishment of synthetic identities based on a 
valid SSN and a false name.
    The bill would require the SSA to develop or improve an 
existing system which verifies name-SSN matches and require SSA 
to accept an electronic signature as authorization of the 
consent required to conduct this verification. Currently, the 
SSA requires a wet signature on a paper form as proof of 
consent. However, many credit applications occur online where a 
wet signature cannot be obtained.
    The bill protects the confidentiality of consumers' 
information and guards against fraudulent misuse of the system 
by requiring valid consent; limiting the system to certified 
users; requiring users to comply with requirements for data 
security and privacy in federal law and as required by the 
Commissioner; requiring compliance audits of users; and 
authorizing the Commissioner to terminate or suspend 
verification services for users that do not comply with these 
requirements.
    The bill also ensures the verification system does not 
detract from the SSA's ability to conduct its mission-critical 
work, by requiring users of the system to pay for all start-up 
and ongoing costs, both direct and indirect, of the 
verification system.

                 B. Background and Need for Legislation

    Synthetic identity fraud is a form of identity theft that 
begins when fraudsters combine a real SSN and fictitious 
information, such as a name and date of birth, to apply for 
credit. Even though the financial institution may reject this 
initial application, credit bureaus create a record from this 
transaction based on the fraudulent credentials. This record 
can then be nurtured by the fraudster over time to establish a 
synthetic identity based on the valid SSN but false name, which 
eventually is used to commit financial or other fraud.
    Synthetic identity fraud is a growing form of identity 
theft. According to TransUnion, a record $355 million in 
outstanding credit card balances was owed by ``people'' whom it 
suspects did not exist in 2017, up more than eightfold from 
2012.\1\ Synthetic identity fraud accounted for 85 percent of 
all identity fraud, 80 percent of all credit card fraud losses, 
and 74 percent of the total dollars lost by U.S. business in 
2014.\2\ In 2016, credit card companies had approximately $1 
billion in losses due to synthetic identity fraud.\3\
---------------------------------------------------------------------------
    \1\The New ID Theft: Millions of Credit Applicants Who Don't Exist, 
The Wall Street Journal, (March 2018).
    \2\Synthetic Identity Fraud A Fast Growing Category, Information 
Week, (October 2014).
    \3\Highlights of a Forum--Combating Synthetic Identity Fraud, 
Government Accountability Office, (July 2017).
---------------------------------------------------------------------------
    Children and other individuals with limited or non-existent 
credit histories are especially vulnerable to having their SSNs 
misused for a synthetic identity. Since children do not work, 
drive, or establish credit, an identity thief can misuse a 
child's SSN for a longer period of time before being noticed. 
According to the Detroit Free Press, over one million children 
have their identity stolen annually.\4\ Children are 50 times 
more likely than adults to be identity theft victims, according 
to a study by Carnegie Mellon's CyLab.\5\
---------------------------------------------------------------------------
    \4\1.3 million kids have identity stolen annually, 50% under 6-
years-old, Detroit Free Press, (August 2016).
    \5\New Evidence Indicates Identity Thieves are Targeting Children 
for Unused Social Security Numbers, Carnegie Mellon CyLab, (2011).
---------------------------------------------------------------------------
    The Privacy Act and Social Security law set forth 
circumstances under which consumers can give consent for 
information about them held in government records to be shared. 
SSA has verified for private companies whether an individual's 
name, SSN and date of birth matches agency records since 2002. 
From 2002 to 2005, the SSA conducted a pilot program, the 
Social Security Number Verification Pilot for Private Business, 
to verify names and SSNs against the SSA's records for 
companies. The SSA launched the Consent Based Social Security 
Number Verification system (CBSV) in fiscal year (FY) 2009. 
Using CBSV, authorized users can verify the name, SSN, and date 
of birth of consenting individuals. CBSV responds with a match 
verification of ``yes'' or ``no,'' and if records show that the 
SSN holder is deceased, CBSV returns a death indicator. The SSA 
does not respond with the reason for the mismatch, nor does it 
provide corrected information. Users enroll and agree to the 
terms and conditions in the SSA's CBSV User Agreement. Users 
must pay an enrollment fee of $5,000 plus an additional fee of 
$1.00 for each verification request. Since 2008, the SSA has 
processed about 16 million verification requests for 78 
enrolled users. In FY 2017, the SSA completed 2,875,770 
verification requests through CBSV. The SSA determined that 
147,100 of those requests, or 5.1 percent, did not match the 
SSA's records. In addition to those mismatches, there were 100 
instances where the SSA's records indicated the individual was 
deceased.
    The user is required to obtain consent from the individual 
for SSA to provide the verification. However, the SSA requires 
the user to obtain the individual's wet signature, on the SSA's 
paper form SSA-89, to demonstrate consent. Since the SSA does 
not accept electronic consent, the CBSV is only useful in 
situations where the user can obtain and retain a signature on 
a paper form. (The user does not submit the signed form to SSA, 
but is required to retain it in its own records.) As a result, 
CBSV is of limited use for transactions that are done in real 
time without paper documentation, as is the case with most 
modern financial transactions.
    Under a previous version of the user agreement, users were 
required to hire an independent Certified Public Accountant 
(CPA) to conduct compliance reviews to ensure they were 
following the requirements of the agreement, including the 
consent requirement.\6\ However, an October 2012 audit by the 
SSA's Office of the Inspector General determined that the ``SSA 
did not always require that participating companies conduct an 
annual compliance review to ensure companies were complying 
with the terms and conditions of the User Agreement, especially 
the consent requirement.''\7\ The SSA has since strengthened 
its compliance procedures, and the SSA now contracts with a CPA 
firm to conduct annual onsite compliance reviews of every CBSV 
user. According to the SSA, during the most recent audit in FY 
2016, 14 out of 72 audited users (19 percent) had instances of 
missing consent forms. In addition, 6 users (8 percent) had 
instances of consent forms that were unsigned, and 9 users (13 
percent) had instances of accepting an electronically-signed 
consent form, without a wet signature.
---------------------------------------------------------------------------
    \6\User Agreement Between the Social Security Administration (SSA) 
And (Requesting Party) for Consent Based Social Security Number 
Verification (CBSV), Social Security Administration, (October 2016).
    \7\Monitoring Controls for the Consent Based Social Security Number 
Verification Program, Office of the Inspector General, Social Security 
Administration, (October 2012). A-03-12-11201.
---------------------------------------------------------------------------

                         C. Legislative History


                               BACKGROUND

    H.R. 5192 was introduced on March 7, 2018, and was referred 
to the Committee on Ways and Means. The bill was introduced as 
a companion bill to section 215 of the Economic Growth, 
Regulatory Relief, and Consumer Protection Act (S. 2155).

                           COMMITTEE HEARINGS

    None.

                            COMMITTEE ACTION

    The Committee on Ways and Means marked up H.R. 5192, the 
Protecting Children from Identity Theft Act, on April 11, 2018, 
and ordered the bill, as amended, favorably reported (with a 
quorum being present).

                      II. EXPLANATION OF THE BILL


                   A. Short Title (Section 1 of Bill)


                              PRESENT LAW

    No provision.

                           REASON FOR CHANGE

    The Committee believes that the short title reflects the 
policy and intent included in the legislation.

                       EXPLANATION OF PROVISIONS

    This section contains the short title of the bill, the 
``Protecting Children from Identity Theft Act.''

                             EFFECTIVE DATE

    The provision is effective upon the date of enactment.

             B. Reducing Identity Fraud (Section 2 of Bill)


                              PRESENT LAW

    The Privacy Act, the Social Security Act, and other laws 
guard the confidentiality of information about individuals 
maintained by the government. They also set forth circumstances 
under which consumers can give consent for this information to 
be shared. Using this authority, the SSA established the CBSV 
to permit authorized users to verify whether an individual's 
name, SSN and date of birth match SSA's records, if the 
individual has given consent.

                           REASON FOR CHANGE

    The Committee believes that Americans must be protected 
from all forms of identity theft. Because SSA is the agency 
which issues SSNs to individuals and maintains these records, 
it is in a unique position to help guard against the growing 
problem of synthetic identity fraud. The Protecting Children 
from Identity Theft Act will facilitate the verification of 
name-SSN matches against this authoritative source, with the 
individual's consent, and thus will help to combat synthetic 
identity fraud. The SSA's current CBSV is not useful for many 
types of financial transactions because it requires consent in 
the form of a wet signature. By requiring SSA to accept 
electronic consent, with appropriate safeguards, the 
legislation allows access for entities that conduct business 
online and electronically, thus protecting SSNs more widely.

                       EXPLANATION OF PROVISIONS

    The SSA must establish a system to validate the name, SSN, 
and date of birth of an individual, if submitted by an 
authorized, permitted entity who has the consent of the 
individual, for purposes related to circumstances under which 
consumer reports may be provided under the Fair Credit 
Reporting Act. In establishing the verification system, the 
Commissioner may update a current SSA system, such as CBSV, or 
develop a new one. Permitted entities include financial 
institutions and their service providers, subsidiaries, 
affiliates, agents, contractors or assignees. The individual's 
consent may be obtained electronically, in accordance with 
federal e-signature laws, other relevant laws such as the 
Privacy Act, and in compliance with requirements specified by 
the Commissioner so as to ensure that the consent is valid and 
the individual providing it is authenticated by the entity.
    The SSA's existing verification system, CBSV, was 
established under existing SSA authority, which was not changed 
by the legislation. It has a variety of users, including those 
who qualify as permitted entities under this legislation. The 
Committee recognizes the importance of CBSV to users and notes 
the legislation does not prohibit access to the improved 
verification system by other users, provided that those users 
also meet all SSA and Privacy Act requirements.
    The system must be scalable and be able to accommodate 
reasonably anticipated volumes of verification requests, with 
commercially reasonable uptime and availability. Users are 
permitted to send individual or multiple requests to the SSA, 
via electronic means. The Commissioner must provide the match/
no-match response in real time, or within 24 hours in the case 
of batch-format requests.
    While the Committee recognizes the importance of timely 
responses to verification requests, the SSA must design the 
system in such a way as to deter fraudulent use of the system. 
One potential for misuse is a user who tries to guess an 
individual's identifying information by submitting multiple, 
iterative verification requests in an attempt to eventually 
discover a valid name-number match. The Committee expects the 
SSA to monitor verification requests from users, and to take 
action against users who appear to be using the system in this 
or other fraudulent ways.
    The ability of financial institutions to receive real-time 
responses is critical to combatting synthetic identity fraud. 
The Committee's intent is to provide a workable and efficient 
mechanism that protects children and other vulnerable 
populations from synthetic identity fraud, and that reflects 
the operational environment of the modern financial services 
industry, while protecting the SSA's ability to ensure the 
confidentiality and security of Americans' personal identity 
information.
    The SSA requires users of CBSV to sign and comply with a 
user agreement that details the terms and conditions for use of 
the system. In order to ensure that only authorized entities 
have access to the verification system established by the 
legislation, that they are obtaining valid consent from 
individuals, and that they are adhering to privacy and data 
security standards, the Committee expects the SSA to establish 
a user agreement for the new system, using similar requirements 
and protections to those already in place for CBSV. The 
language provides that permitted entities must adhere to 
privacy and data security standards, as well as authentication 
and electronic signature standards, required by the 
Commissioner of Social Security. The Committee expects that 
these standards would be based on Federal laws, such as the 
Privacy Act, and related guidance, under which the Commissioner 
is required to protect the security and integrity of personal 
information in Social Security records and prevent against its 
unauthorized disclosure.
    Users must have a valid certification with the SSA in order 
to receive verifications. The certification must be dated not 
more than two years prior to the date of the verification 
provided to the user. The certification must state that the 
user is a permitted entity; that it is in compliance with the 
provisions of the legislation; that it is in and will maintain 
compliance with privacy and data security requirements in 
banking law, and as required by the Commissioner; and that it 
will retain sufficient records to demonstrate compliance for at 
least two years. The Committee expects the SSA to effectively 
manage and track user certifications to ensure it only provides 
verifications to users with a valid certification. The SSA's 
authority regarding privacy and data security requirements for 
users is limited to their use of the verification system, 
including their use of data received from the new system, and 
does not extend to other activities of the users.
    The Commissioner is required to audit and monitor users to 
ensure they are complying with the requirements of the law and 
the user agreement. The Commissioner has the authority to 
terminate or suspend verification services for users who do not 
cooperate with such audits or monitoring, or to enforce any 
violation of the law, user agreement, or certification. It is 
the Committee's expectation that SSA will exercise its 
monitoring and enforcement authority promptly to protect 
consumers' information.
    In addition to the Commissioner's authority to terminate or 
suspend a user's access, bank regulatory agencies also have 
enforcement authority regarding violations of the legislation. 
The Commissioner is required to report any violation to the 
appropriate regulatory agency.
    The Committee does not intend for the implementation of the 
verification system to interfere with the SSA's ability to 
conduct its primary mission, which is to serve the American 
public by administering Social Security, Supplemental Security 
Income, and parts of Medicare. Thus, users of the verification 
system are required under the legislation to pay for all start-
up and ongoing costs, including all direct and indirect costs, 
through fees as determined by the Commissioner. Development of 
the system may not begin until at least fifty percent of all 
projected start-up costs has been collected via fees; however, 
the Committee expects that the SSA will establish and implement 
the new system as quickly as possible thereafter. If additional 
funds are necessary to develop the system, the Commissioner may 
temporarily draw on funds from SSA's Limitation on 
Administrative Expenses account designated for information 
technology modernization; however, these expenditures shall be 
fully reimbursed via fees, so that all funds appropriated for 
information technology modernization are ultimately used for 
that purpose. The SSA will also provide an annual report to the 
Committee on Ways and Means and the Senate Finance Committee on 
the indirect costs associated with this new workload.

                             EFFECTIVE DATE

    The provision is effective upon the date of enactment.

                      III. VOTES OF THE COMMITTEE

    In compliance with clause 3(b) of rule XIII of the Rules of 
the House of Representatives, the following statement is made 
concerning the vote of the Committee on Ways and Means in its 
consideration of H.R. 5192, the Protecting Children from 
Identity Theft Act, on April 11, 2018.
    The Chairman's amendment in the nature of a substitute was 
adopted by a voice vote (with a quorum being present).
    The bill, H.R. 5192, was ordered favorably reported as 
amended by a roll call vote of 38 yeas to 0 nays (with a quorum 
being present). The vote was as follows:

----------------------------------------------------------------------------------------------------------------
          Representative             Yea      Nay     Present      Representative      Yea      Nay     Present
----------------------------------------------------------------------------------------------------------------
Mr. Brady........................       X   .......  .........  Mr. Neal...........       X   .......  .........
Mr. Johnson......................       X   .......  .........  Mr. Levin..........       X   .......  .........
Mr. Nunes........................       X   .......  .........  Mr. Lewis..........       X   .......  .........
Mr. Reichert.....................       X   .......  .........  Mr. Doggett........       X   .......  .........
Mr. Roskam.......................       X   .......  .........  Mr. Thompson.......       X   .......  .........
Mr. Buchanan.....................       X   .......  .........  Mr. Larson.........       X   .......  .........
Mr. Smith (NE)...................       X   .......  .........  Mr. Blumenauer.....       X   .......  .........
Ms. Jenkins......................       X   .......  .........  Mr. Kind...........       X   .......  .........
Mr. Paulsen......................       X   .......  .........  Mr. Pascrell.......       X   .......  .........
Mr. Marchant.....................       X   .......  .........  Mr. Crowley........       X   .......  .........
Ms. Black........................       X   .......  .........  Mr. Davis..........       X   .......  .........
Mr. Reed.........................  .......  .......  .........  Ms. Sanchez........       X   .......  .........
Mr. Kelly........................       X   .......  .........  Mr. Higgins........       X   .......  .........
Mr. Renacci......................       X   .......  .........  Ms. Sewell.........       X   .......  .........
Mr. Meehan.......................       X   .......  .........  Ms. DelBene........       X   .......  .........
Ms. Noem.........................  .......  .......  .........  Ms. Chu............       X   .......  .........
Mr. Holding......................       X   .......  .........
Mr. Smith (MO)...................       X   .......  .........
Mr. Rice.........................       X   .......  .........
Mr. Schweikert...................       X   .......  .........
Ms. Walorski.....................       X   .......  .........
Mr. Curbelo......................       X   .......  .........
Mr. Bishop.......................       X   .......  .........
Mr. LaHood.......................       X   .......  .........
----------------------------------------------------------------------------------------------------------------

                     IV. BUDGET EFFECTS OF THE BILL


               A. Committee Estimate of Budgetary Effects

    In compliance with clause 3(d) of rule XIII of the Rules of 
the House of Representatives, the following statement is made 
concerning the effects on the budget of the bill, H.R. 5192, as 
reported. The Committee agrees with the estimate prepared by 
the Congressional Budget Office (CBO), which is included below.

B. Statement Regarding New Budget Authority and Tax Expenditures Budget 
                               Authority

    In compliance with clause 3(c)(2) of rule XIII of the Rules 
of the House of Representatives, the Committee states that the 
bill involves no new or increased budget authority. The 
Committee states further that the bill involves no new or 
increased tax expenditures.

      C. Cost Estimate Prepared by the Congressional Budget Office

    In compliance with clause 3(c)(3) of rule XIII of the Rules 
of the House of Representatives, requiring a cost estimate 
prepared by the CBO, the following statement by CBO is 
provided.

                                     U.S. Congress,
                               Congressional Budget Office,
                                    Washington, DC, April 12, 2018.
Hon. Kevin Brady,
Chairman, Committee on Ways and Means,
House of Representatives, Washington, DC.
    Dear Mr. Chairman: The Congressional Budget Office has 
prepared the enclosed cost estimate for H.R. 5192, the 
Protecting Children from Identity Theft Act.
    If you wish further details on this estimate, we will be 
pleased to provide them. The CBO staff contact is Noah 
Meyerson.
            Sincerely,
                                      Keith Hall, Director.
    Enclosure.

H.R. 5192--Protecting Children from Identity Theft Act

    The Social Security Administration (SSA) operates the 
Consent Based Social Security Number Verification (CBSV) 
service, a fee-based program that allows financial institutions 
to verify that their records of a person's name, date of birth, 
and Social Security Number match SSA's data. SSA tells 
institutions only whether the data does or does not match; no 
other detail is provided. The fees are classified as offsetting 
collections that are credited against SSA's discretionary 
appropriations.
    H.R. 5192 would change the CBSV program by allowing people 
to electronically verify their consent to allow SSA to provide 
this information, rather than with a physical signature. CBO 
expects that change would expand the number of verification 
requests submitted to SSA.
    Under H.R. 5192, SSA would set fees to equal the total 
administrative costs of the program. SSA would incur the direct 
costs of administering the service and the indirect costs in 
some cases of resolving errors that are discovered. CBO 
projects that fees would, on average, fully offset SSA's 
administrative costs. However, in any given fiscal year, the 
total amount of fees collected probably would differ slightly 
from actual costs.
    CBO estimates that implementing the bill would result in 
net costs or savings of less than $500,000 in each year; the 
total effect would be negligible over the 2019-2028 period.
    Enacting H.R. 5192 would not affect direct spending; 
therefore, pay-as-you-go procedures do not apply.
    CBO estimates that enacting H.R. 5192 would not increase 
net direct spending or on-budget deficits in any of the four 
consecutive 10-year periods beginning in 2029.
    H.R. 5192 contains no intergovernmental or private-sector 
mandates as defined in the Unfunded Mandates Reform Act.
    The CBO staff contact for this estimate is Noah Meyerson. 
The estimate was reviewed by H. Samuel Papenfuss, Deputy 
Assistant Director for Budget Analysis.

     V. OTHER MATTERS TO BE DISCUSSED UNDER THE RULES OF THE HOUSE


          A. Committee Oversight Findings and Recommendations

    With respect to clause 3(c)(1) of rule XIII of the Rules of 
the House of Representatives, the Committee made findings and 
recommendations that are reflected in this report.

        B. Statement of General Performance Goals and Objectives

    With respect to clause 3(c)(4) of rule XIII of the Rules of 
the House of Representatives, the Committee advises that the 
bill does not authorize funding, so no statement of general 
performance goals and objectives is required.

              C. Information Relating to Unfunded Mandates

    This information is provided in accordance with section 423 
of the Unfunded Mandates Reform Act of 1995 (Pub. L. No. 104-
4).
    The Committee has determined that the bill does not contain 
Federal mandates on the private sector. The Committee has 
determined that the bill does not impose a Federal 
intergovernmental mandate on State, local, or tribal 
governments.

  D. Congressional Earmarks, Limited Tax Benefits, and Limited Tariff 
                                Benefits

    With respect to clause 9 of rule XXI of the Rules of the 
House of Representatives, the Committee has carefully reviewed 
the provisions of the bill, and states that the provisions of 
the bill do not contain any congressional earmarks, limited tax 
benefits, or limited tariff benefits within the meaning of the 
rule.

                   E. Duplication of Federal Programs

    In compliance with clause 3(c)(5) of rule XIII of the Rules 
of the House of Representatives, the Committee states that no 
provision of the bill establishes or reauthorizes: (1) a 
program of the Federal Government known to be duplicative of 
another Federal program; (2) a program included in any report 
from the Government Accountability Office to Congress pursuant 
to section 21 of Public Law 111-139; or (3) a program related 
to a program identified in the most recent Catalog of Federal 
Domestic Assistance, published pursuant to the Federal Program 
Information Act (Pub. L. No. 95-220, as amended by Pub. L. No. 
98-169).

                 F. Disclosure of Directed Rule Makings

    In compliance with Sec. 3(i) of H. Res. 5 (115th Congress), 
the following statement is made concerning directed rule 
makings: The Committee advises that the bill requires no 
directed rulemakings within the meaning of such section.

                                  [all]