Testimony Of Deputy Commissioner Lockhart before the
House Ways and Means Subcommittee on Social Security and the House
Judiciary Subcommittee on Immigration, Border Security and Claims, on
Preserving the Integrity of Social Security Numbers and Preventing Their
Misuse by Terrorists and Identity Thieves.
September 19, 2002Mr.
Chairmen and Members of the Subcommittees:
Thank you for asking me to be here today to discuss the process of
assigning and issuing Social Security Numbers (SSN), and the role that the
SSN has in our society today. As the number of legitimate uses for SSNs
increases, especially in the private sector so does the potential for
misuse-and the resulting consequences of misuse.
Social Security Number misuse can lead directly to identity theft and
the resulting personal and economic consequences to the individual whose
identity is stolen. But SSN misuse also can create far-reaching
consequences to our economy and our society as a whole.
The tragic events of September 11, and reports that some of the
terrorists fraudulently used SSNs, have brought home the need to
strengthen the safeguards to protect against the misuse of the SSN. Since
Commissioner Barnhart and I have been at Social Security we have made
protecting the SSN a major stewardship priority. We have made many
important enhancements this year and are reviewing other improvements.
Original Purpose of the Social Security Number and Card
To begin, I would like to discuss the original purpose of the SSN and
the Social Security card. Following the passage of the Social Security Act
in 1935, the SSN was devised administratively as a way to keep track of
the earnings of people who worked in jobs covered under the new program.
The requirement that workers covered by Social Security apply for an SSN
was published in Treasury regulations in 1936.
The SSN card is the document SSA provides to show what SSN is assigned
to a particular individual. The SSN card, when shown to an employer,
assists the employer in properly reporting earnings. Early public
education materials counseled workers to share their SSNs only with their
employers. Initially, the only purpose of the SSN was to keep an accurate
record of earnings covered under Social Security so that we could pay
benefits based on those earnings.
Growth of SSN as an Identifier for Other Federal Purposes
In spite of the narrowly drawn purpose of the SSN, use of the SSN as a
convenient means of identifying people in records systems has grown over
the years. In 1943, Executive Order 9397 required Federal agencies to use
the SSN in any new system for identifying individuals. This use proved to
be a precursor to a continuing explosion in SSN usage which came about
during the computer revolution of the 1960's and 70's and which continues
today. The simplicity of using a unique number that most people already
possessed encouraged widespread use of the SSN by Government agencies and
private organizations as they adapted their record-keeping and business
applications to automated data processing.
In 1961, the Federal Civil Service Commission established a numerical
identification system for all Federal employees using the SSN as the
identifying number. The next year, the Internal Revenue Service (IRS)
decided to use the SSN as its taxpayer identification number (TIN) for
individuals. And, in 1967, the Defense Department adopted the SSN as its
identification number for military personnel. Use of the SSN for computer
and other record keeping systems spread throughout State and local
governments, and to banks, credit bureaus, hospitals, educational
institutions and other areas of the private sector. At the time, there
were no legislative authorizations for, or prohibitions against, such
uses.
Statutory Expansion of SSN Use in the Public Sector
The first explicit statutory authority to issue SSNs did not occur
until 1972, when Congress required that SSA assign SSNs to all noncitizens
authorized to work in this country and take affirmative steps to assign
SSNs to children and anyone receiving or applying for a benefit paid for
by Federal funds. This change was prompted by Congressional concerns about
welfare fraud and about noncitizens working in the U.S. illegally.
Subsequent Congresses have enacted legislation which requires an SSN as a
condition of eligibility for applicants for SSI, Aid to Families with
Dependent Children (now called Temporary Assistance to Needy Families),
Medicaid, and food stamps. Additional legislation authorized States to use
the SSN in the administration of any tax, general public assistance,
drivers license, or motor vehicle registration law within its
jurisdiction.
The Privacy Act was enacted in 1974 when Congress became concerned
about the widespread use of the SSN. It provides that, except when
required by Federal statute or regulation adopted prior to January 1975,
no Federal, State or local government agency could withhold benefits from
a person simply because the person refused to furnish his or her SSN.
In the 1980's, separate legislation provided for additional uses of the
SSN including employment eligibility verification, military draft
registration, driver's licenses, and for operators of stores that redeem
food stamps. Legislation was also enacted that required taxpayers to
provide a taxpayer identification number (SSN) for each dependent age 5 or
older. The age requirement was lowered subsequently, and an SSN is now
required for dependents, regardless of age.
In the 1990's, SSN use continued to expand with legislation that
authorized its use for jury selection and for administration of Federal
workers' compensation laws. A major expansion of SSN use was provided in
1996 under welfare reform. Under welfare reform, to enhance child support
enforcement, the SSN is to be recorded in the applications for
professional licenses, driver's licenses, and marriage licenses; it must
be placed in the records relating to a divorce decree, support order, or
paternity determination or acknowledgment; and it must be recorded in the
records relating to death and on the death certificate. When an individual
is hired, an employer is required to report this event to the State's New
Hire Registry. This "New Hire Registry" is part of the expanded Federal
Parent Locator Service which enables States to find non-custodial parents
by using the SSN.
Private Sector Use of the SSN
Currently, Federal law places no restrictions on the use of the SSN by
the private sector. People may be asked for an SSN for such things as
renting a video, getting medical services, and applying for public
utilities. They may refuse to give it. However, the provider may, in turn,
decline to furnish the product or service.
There are two basic ways the providers use the SSN. Within an
organization, the SSN is typically used to identify specific persons and
to maintain or retrieve data files. The second use is for external
exchange of information, typically to transfer or to match data. For
example, individual companies can track buying habits and customer
preferences through the use of such data.
Continuing advances in computer technology and the ready availability
of computerized data have spurred the growth of information brokers who
amass and sell vast amount of personal information including SSNs. When
possible, information brokers retrieve data by SSN because it is more
likely than any other identifier to produce records for a specific
individual.
The SSN as an Identifier
As you can see, Mr. Chairman, the current use of the SSN as a personal
identifier in both the public and private sectors is not the result of any
single step; but rather, from the gradual accretion over time of extending
the SSN to a variety of purposes. The implications for personal privacy of
the widespread use of a single identifier have generated concern both
within the government and in society in general.
The advent of broader access to electronic data through the Internet
and the World Wide Web has generated a growing concern about increased
opportunities for access to personal information. Some people fear that
the competition among information service providers for customers will
result in broader data linkages with questionable integrity and potential
for harm, and make it easier for identity thieves to ply their trade.
On the other hand, there are some who believe that the public interests
and economic benefits are well served by these uses of the SSN. They argue
that use of the SSN would enhance the ability to more easily recognize,
control and protect against fraud and abuses in both public and private
activities. All Federal benefit-paying agencies rely on data matches to
verify not only that the applicant is eligible for benefits, but also to
ensure that the benefit paid is correct. Other federal agencies may be
able to provide information about other socially beneficial uses of the
SSN, including its use in research and statistical activities. The SSN
often is the key that facilitates the ability to perform the matches.
e-VITAL
I also want to mention that SSA is actively involved in an interagency
initiative (e-VITAL) which is pursuing electronic data exchanges between
other federal agencies and the States. This "e-VITAL" program consists of
2 projects that are being undertaken to maximize efficiency and improve
customer service to citizens and businesses. One project is working with
State agencies and funeral homes to expand and improve electronic
notification of deaths. The second project is an electronic query system
that allows State and Federal agencies to access birth and death
information. This information would be used to improve the accuracy of our
records and ensure that proper benefits are paid to individuals.
Identity Theft
When most people think of identity theft they are referring to the use
of the personal identifying information of another person to "become" that
person. Identity theft and fraud also include enumeration fraud, which
uses fraudulent documents to obtain an original SSN for establishing
identity. Finally, identity theft and fraud also includes identity
creation, which uses false identity, false documents and a false SSN.
Skilled identity thieves may use a variety of low and hi-tech methods
to gain access to personal data. We at the Social Security Administration
want to do what we can to help prevent identity theft, to assist those who
become victims of identity theft, and to assist in the apprehension and
conviction of those who perpetrate the crime.
Preventing identity theft can play a role in the prevention of any
future terrorism. Identification documents are critically important to
terrorists, and a key to such documents is the SSN. The integrity of the
SSN must be ensured to the maximum extent possible because of the
fundamental role it can play in helping unscrupulous individuals steal
identities and obtain false identification documents.
Identity thieves may get personal information by stealing wallets and
purses, mail, personal information on an unsecured Internet site, from
business or personnel records at work, buying personal information from
"inside" sources, or posing as someone who legitimately needs the
information such as an employer or landlord. We ask that people be careful
with their SSN and card to prevent identity theft. The card should be
shown to an employer when an individual starts working, so that the
employment records are correct and then it should be put in a safe place.
SSA Response to SSN Misuse
In response to the events of September 11, SSA formed a high-level
response team which has met regularly ever since to recommend and track
progress towards policy and procedural enhancements to help ensure that we
are strengthening our capability to prevent those with criminal intent
from using SSNs and cards to advance their operations. Just as there have
been delays at airports as a result of heightened security, we recognize
that some of these initiatives may result in a delay in the receipt of
SSNs for some citizens and non-citizens. However, these measures are
necessary to ensure the integrity of the SSN and to ensure that only those
who should receive an SSN do so. Soon after September 11th, we began a new
training emphasis on the rules for enumeration, and especially for
enumerating non-citizens. We started with refresher training for all
involved staff, but are following this up with periodic special training
and additional management oversight. On March 1 we stopped assigning SSNs
to non-citizens for the sole purpose of applying for a driver's license,
so that non-citizens can now only get an SSN if they are authorized to
work or where needed for a Federal funded or state public assistance
benefit to which the person has established entitlement. On June 1, we
began verifying with the custodians of the records, any birth records
submitted by U.S. born citizens over the age of one applying for an SSN.
Further, we are currently piloting an online system for employers to
verify the names and SSNs of newly hired employees. I must note that SSA
has had systems for employers to verify employees SSNs for wage reporting
purposes for more than twenty years.
Throughout this year we are also implementing a range of new
initiatives with the Immigration and Naturalization Service (INS) and the
Department of State (DoS) that will improve integrity goals with respect
to enumeration of non-citizens. We expect to have in place by the end of
the year the first phase of what we are calling Enumeration at Entry
(EAE). EAE is an integrity measure we have been working on collaboratively
with the INS and DoS for some time. EAE will work similarly to our highly
successful Enumeration at Birth program under which most U.S.-born infants
are assigned SSNs based on requests by their parents in the hospital right
at birth, eliminating the potential for the use of fraudulent documents.
EAE will also eliminate the use of fraudulent immigration documents from
the process. Under EAE, SSA will assign SSNs to newly arrived immigrants
based on data collected by the DoS, as it approves the immigrant visa in
the foreign service post, and by the INS, as entry into the country is
authorized. SSA would receive electronically the information needed to
enumerate the individual from the INS with no need for further document
review and verification.
In July, we began verifying any documents issued by the INS with them
before assigning an SSN. We are verifying many of these electronically.
But if the immigration document is not recorded in the INS system within
ten days, we request written confirmation from INS that the documents
submitted are bona fide and that the individual is authorized to work.
This new verification process was fully implemented earlier this month.
We are also planning to pilot a Social Security Card Center that would
be an interagency specialist group designed to provided quick and
efficient service while ensuring the integrity of the enumeration process.
We have developed this multi-pronged approach to make SSNs less
accessible to those with criminal intent as well as prevent individuals
from using false or stolen birth records or immigration documents to
obtain an SSN.
We also implemented changes to speed up the distribution of our Death
Master File. SSA receives reports of deaths from a number of sources, and
from computer matches with death data from Federal and State agencies.
This information is critical to the administration of our program and is
made available to facilitate the prevention of identify theft of the SSN's
of deceased persons. Many of the private sector companies purchasing this
information are credit card companies and financial institutions.
Furthermore, we are also limiting the display of SSNs on our
correspondence. As of October 1, 2001 we no longer include the first five
digits of the SSN on Social Security Statements and as of December 2001 on
Social Security Cost-of-Living Notices. We do use the full SSN on other
correspondence because there may be legal requirements for display of the
SSN on the notice especially on termination and award notices. However, to
ensure the confidentiality of the SSN on mail we do not show the
addressee's SSN on the envelope, if mailing an envelope to an individual.
If requesting information from third parties, we do not show the SSN for
the purpose of associating the reply with the file when it is returned.
The good news is that over 80% of our beneficiaries receive their
payments by direct deposit, which means for this large group there are no
SSNs to be stolen or paper checks that can be lost or stolen. For those
that do not use direct deposit, the Department of the Treasury prepares
and mails all government checks including those for Social Security and
Supplemental Security Income recipients. Effective with the September 1,
2000 benefit payments, the SSN printed on Social Security and Supplemental
Security Income checks is no longer visible through the envelope window.
Additionally, to protect the privacy of recipients who are paid by check
and help prevent identity theft, Treasury is taking steps to remove all
personal identification numbers, including the SSN, on all check payments.
The goal for completing the project is early 2004.
Detecting SSN Misuse
One way that a person can find out whether someone is misusing their
number to work is to check their earning records. About three months
before their birthday, anyone 25 or older and not already receiving Social
Security benefits, automatically receives a Social Security statement each
year. The statement lists earnings posted, to their Social Security record
as well as providing an estimate of benefits and other Social Security
facts about the program. If there is a mistake in the earnings posted they
are asked to contact us right away, so their record can be corrected. We
investigate, correct the earnings record and if appropriate, we refer any
suspected misuse of an SSN to the appropriate authorities.
SSA may learn about misused SSNs in a variety of other ways including
alerts from our computer systems while matching Federal and State data,
processing wages, claims or post entitlement actions, reports from
individuals contacting our field offices or teleservice centers and
inquiries from the IRS concerning two or more individuals with the same
SSN on their income tax returns.
We have another tool that has been used successfully to detect
instances of fraud and abuse. This tool, called the Comprehensive
Integrity Review Process (CIRP), is a review and anomaly detection system.
This system first identifies known fraudulent patterns and then
transactions that fit these fraudulent patterns are provided to SSA
managers for their review. If upon investigation, the SSA manager believes
that fraud or misuse has occurred, they prepare a referral to the Office
of the Inspector General (OIG).
Of course SSA's OIG has played an ongoing role in the investigation of
fraud and misuse of the SSN, as shown in the following examples. As you
know, SSA OIG agents have participated along with the US Department of
Justice in "Operation Tarmac". In this joint effort, individuals have been
identified who misused SSN's to fraudulently obtain security badges, and
to date, a significant number have been sentenced. Further, SSA's OIG,
INS, and local law enforcement authorities investigated an organization in
Utah that manufactured and sold counterfeit documents. To date, nine
individuals have been sentenced to jail time and/or deportation, and the
investigation continues. In another combined effort, OIG, Postal Service,
Federal Bureau of Investigations and the Secret Service investigated and
arrested individuals in Seattle who established more than 50 false
identities to open bank accounts.
Another important pillar in the effort to safeguard program integrity
is the joint SSA-OIG General Cooperative Disability Investigations Program
(CDI). Its mission is to detect fraud in the early stages-at the time of
application for Social Security benefits or during the appeals process.
The results of CDI investigations were used to support over 2,700 denials
or terminations, allowing SSA to avoid improper payments to individuals.
Assisting Victims
To help victims, SSA provides hotline numbers to SSA's Fraud Hotline
and the Federal Trade Commission ID Theft Hotline. We provide up-to-date
information about steps that the person can take to work with credit
bureaus and law enforcement agencies to reclaim their identity. We issue a
replacement card if their Social Security Card is stolen. We help to
correct their earnings record and issue a new SSN in certain
circumstances. If the victim alleges that a specific individual is using
the SSN, SSA develops the case as a possible fraud violation. If
appropriate, we refer the case to the OIG for an investigation and work
closely with the OIG to facilitate their investigation.
Suspense File
As I mentioned earlier, the primary purpose of the SSN has always been
to allow us to accurately record and keep track of a worker's earnings.
This is SSA's core business process, and it ensures that a worker and his
family receive benefits that reflect his work history. The earnings
suspense file is an electronic holding file for reported earnings items
that cannot be recorded to the earnings records of individual workers
because the name and SSN on the items do not match SSA's records.
Currently, we receive and process about 250 million annual wage reports
(Forms W-2) for employees from about 6.5 million employers. In recent
years, after electronic and manual processing, about 97 percent of these
items are ultimately posted to the Master Earnings File (MEF), which
contains a record of the lifetime earnings of each individual worker. The
remaining items, about 3 percent, are ultimately placed in the earnings
suspense file. For 2000, after electronic processing, 10 million reports
of wages were sent to the suspense file representing over $54 billion in
wages. The suspense file contains all mismatches since 1937 about 237
million reports of wages representing $376 billion in earnings.
So, why is this issue significant? As I stated earlier, the wages
reported to SSA on the Forms W-2 are used to maintain a record of every
working individual's earnings. This earnings record is the basis for
computing retirement, survivors, and disability benefits. If a worker's
earnings are not recorded, he or she may not qualify for benefits or the
benefit amount may be lower. When a person files for benefits, the
earnings record is reviewed and an effort is made to establish any
earnings that are not shown. However, it may be difficult to accurately
recall past earnings and to obtain evidence of them. Thus, it is better to
establish and maintain accurate records at the time the wages are paid.
We have a number of initiatives to assure that wage items are credited
to the correct individual's earnings record and do not go into suspense.
These include:
- Encouraging the filing of wage reports electronically or on magnetic
media which has increased to 78.0% percent in 2001.
- Using over 23 software routines to match names to SSNs which
initially do not match SSA records-for TY1999, software matched 16
million (about 60 percent) of the initial mismatches.
- Notifying employees of name/SSN errors and requesting corrections.
In the last five years we have sent an average of 8 million letters a
year to individuals or to their employers if we do not have a record of
the employee's address.
- Notifying employers of name/SSN errors. In 2002, we increased these
"no match" letters from about 110,000 to 870,000. This is because we
sent these letters to all employers who submitted W-2 forms with
information that did not match our records instead of only to employers
with relatively large number of mismatches. We will be reviewing the
effectiveness of this change.
- Providing outreach to the employer community to reinforce the need
for accurate name/SSN reporting.
We are building a new Earnings Suspense File process that looks
promising. It would electronically find millions of additional matches and
post them to the correct earnings record. Under this new process, we are
estimating that at least 30 million items will be removed from the
suspense file and credited to the records of individual workers. If so,
benefits for several hundred thousand beneficiaries would be increased. If
the test we have planned for the fall of this year is successful, we
expect to begin the new process early in 2003 and have it completed by the
end of 2004.
Improving Enforcement
Mr. Shaw's bill (H.R. 2036) is aimed at the need to limit private and
public sector use, display and sale of the SSN and to increase penalties
for misuse of the number. We appreciate Mr. Shaw's commitment to these
objectives.
We support efforts to strengthen the penalties and enforcement for SSN
misuse, which would be of great help to the agency in our consistent
efforts to locate and eliminate abuses to the program. While current law
provides criminal penalties for SSN misuse, the addition of civil monetary
penalties for SSN misuse would provide another level of deterrence for
those who would misuse the SSN. Such measures would help to strengthen our
ability to deal with instances of misuse that are not criminally
prosecuted by the Department of Justice.
Closing
I would like to conclude by emphasizing that we at the Social Security
Administration are committed to protecting the integrity of the SSN. We
want to do what we can to help prevent identity theft, to assist those who
become victims and to assist in the apprehension and conviction of those
who perpetrate the crime. We are committed to improving the accuracy of
the records of workers earnings and thereby helping to ensure accurate
retiree, disability, survivors and SSI payments.
In a larger view, the Social Security Administration is on guard for
identity theft. This is a challenging task. In our experience, most
instances of identity theft have resulted not from any action or failure
to act by SSA, but from the proliferation of personal information in our
society. The disclosure of SSNs by private citizens and organizations are
prime among them. While SSA cannot control the disclosure of SSNs, we can
and are doing a better job in areas that we can control, such as
enumeration and misuse detection.
Thank you for asking us to testify on this issue.
Top of Page
|