Skip to content
Social Security Online		 Office of the Inspector General
Blank Spacer Imagewww.socialsecurity.gov
 
OIG Seal image
Blank Spacer Image

Audit Report - A-13-96-52001


Office of Audit

The Social Security Administration’s Program for Monitoring the Quality of Telephone Service Provided to the Public A-13-96-52001 - 7/31/97

TABLE OF CONTENTS

EXECUTIVE SUMMARY

INTRODUCTION

RESULTS OF REVIEW

AUTHORITY TO MONITOR TELEPHONE CONVERSATIONS

SSA COMPLIANCE WITH LAWS AND REGULATIONS

• Consensual Monitoring Under FIRMR

• Continuous Positive Action to Inform the Public of Monitoring

• Minimum Sampling Requirement

• Statistically Valid Sample

• Recording Information of the Calling Public

• SSA’s Authority to Monitor Calls Since the Rescission of FIRMR

• Action Needed by SSA

• Agreement to Comply with State Laws

INTERNAL CONTROLS TO ENSURE COMPLIANCE WITH LAWS, REGULATIONS, AND SSA’s MOU

• No Record or Audit Trail of Monitored Calls

• Access Controls to Monitoring Software Are Minimal

• Software Configuration Allows Improper Monitoring

• SSA Reviews to Assess Compliance with Laws, FIRMR, and MOUs

SUMMARY AND CONCLUSIONS

APPENDICES

Appendix B - Major Contributors

RESULTS OF REVIEW

AUTHORITY TO MONITOR TELEPHONE CONVERSATIONS

Our review addresses conditions that existed while FIRMR applied, discusses the effect of its rescission on SSA’s current authority to monitor calls, and recommends actions that SSA should take in the absence of regulations.

The Omnibus Crime Control and Safe Streets Act of 1968, as amended, 18 U.S.C. sections 2510-2522, prohibit the intentional interception of telephone communication by means of any electronic, mechanical, or other device. However, there are two exceptions to this general prohibition: (1) consent exception; and (2) business telephone exception.

Consent Exception - Under this exception, it is permissible to intercept and record telephone conversations if one or both of the parties to the communication has given prior consent to the interception.

Business Telephone Exception - This exception permits telephone monitoring in a business setting if: (1) the telephone or telephone equipment has been provided by the telephone company or by the subscriber for connection to the subscriber’s telephone service; and (2) the telephone or telephone equipment must be used in the ordinary course of business. This provision generally permits employers to monitor business related calls of their employees without their consent.

FIRMR section 201-21.603 provided additional restrictions to limit the circumstances under which Federal agencies were authorized to listen to or record telephone conversations. FIRMR required:

Consensual Listening In - Agencies may only listen to or record calls when at least one party to a telephone conversation knows it is happening or has given prior consent.

Public Service Monitoring - Agencies may only listen to or record calls when performed by an agency official to determine the quality of service, but only after an analysis of alternatives and a written determination by the agency head or a designee that telephone conversation monitoring is required to perform the agency mission.

FIRMR also required that each agency that conducted listening in or recording associated with public service monitoring establish controls and issue written policies and procedures that provided for:

  • the agency head or designee to name in writing those agency officials authorized to listen in to telephone conversations;
  • continuous positive action to inform the public of monitoring;
  • no recording of identifying information of the public callers;
  • keeping the number of monitored calls to the minimum necessary to obtain a statistically valid sample;
  • conspicuous labeling of telephone instruments subject to monitoring;
  • no use of the information obtained by monitoring against the public party; and
  • calling party consent for calls that are recorded.

Although FIRMR has been rescinded, we believe it recognized the need to limit the circumstances for which monitoring is permitted and provided Federal agencies essential guidelines to ensure it is not abused. While SSA is no longer legally obligated to comply with FIRMR, SSA officials informed us that it will continue to follow it. We agree with that decision and believe that FIRMR provides a "best business practice" necessary for the protection of privacy rights, while at the same time allowing SSA to determine whether the public is receiving world-class service.

SSA COMPLIANCE WITH LAWS AND REGULATIONS

Consensual Monitoring Under FIRMR

Section 201-21.603 (b) of FIRMR stated that it applied only to consensual listening in of telephone conversations. This required that at least one party to a telephone conversation knew it was happening or had given prior consent. FIRMR also required SSA to establish controls and written policies and procedures covering seven areas, three of which pertain to obtaining consent. SSA was required to: (1) take continuous positive action to inform the public of monitoring; (2) place conspicuous labeling of telephone instruments subject to monitoring; and (3) obtain calling party consent for calls that are recorded.

In analyzing the FIRMR provisions for consensual listening in of telephone conversations, we reviewed case law interpreting the consent requirements for telephone monitoring under 18 U.S.C. sections 2510-2520. Based on our analysis of the case law, the determination of whether someone has consented to the monitoring of their telephone conversations is dependent on a number of factors. Consent may take one of two forms, express or implied. Express consent is not difficult to establish because one of the parties expressly agrees to the monitoring. Implied consent, on the other hand, cannot be casually inferred and is more difficult to establish. The circumstances giving rise to implied consent ordinarily include language or acts which tend to prove or disprove that a party knows of, or assents to, encroachments on the routine expectation that conversations are private. In addition, knowledge of the capability of monitoring alone cannot be considered implied consent. Lastly, implied consent is not necessarily an all or nothing proposition. It can be of a limited nature, such as a consent to monitor business, but not personal calls.

Based on our review of SSA’s monitoring program, SSA may be subject to legal challenges with respect to whether it has the necessary employees’ or public’s consent. SSA does not obtain the express consent to monitor telephone calls from either the employees or the calling public. Consequently, the required consent must be implied. Although there are several factors to suggest that consent can be implied, there are additional factors to suggest that SSA may not have the required consent to monitor calls.

Employee Consent--With respect to SSA employees, the circumstances that support implied consent are:

  • SSA usually requires that employees be notified when monitoring will take place;
  • SSA labels telephones that are subject to monitoring;
  • SSA employees continue to use telephones that are subject to monitoring; and
  • SSA and AFGE have negotiated procedures for telephone monitoring.

However, there are circumstances that may not support a finding of implied consent. They include:

  • the monitoring of calls without notifying the employee;
  • the SSA/AFGE MOU which expressly states that an employee’s utilization of a telephone subject to service observation (monitoring) will not be construed as consent to being service observed.

Public Consent--With respect to public consent, the only notification to the public about monitoring is a brief statement in SSA’s public information pamphlets that some telephone calls may be monitored by a second SSA representative. Currently, an outside caller to the SSA 800 number is given no notification of the possibility of monitoring. We would agree that such notification might suffice for any person who has actually read the SSA publications; however, there is no legal requirement to read SSA publications. Consequently, we do not believe that notification in SSA publications is evidence of implied consent to telephone monitoring by every person who contacts SSA.

In summary, SSA may have litigation risks in its telephone monitoring practices. The implied consent from the public is questionable because it is based on a presumed voluntary reading of SSA publications. In addition, the implied consent obtained from SSA employees is questionable in light of SSA’s monitoring practices which allow monitoring without notice and SSA’s MOUs which acknowledge that employees’ utilization of telephones should not be construed as implying employee consent.

Recommendation:

We recommend that SSA:

1. Take corrective actions to ensure that it meets the legal requirements for consent. This could include actions such as:

  • Modifying the SSA/AFGE MOUs with respect to the provision on employees’ consent for monitoring telephone conversations.
  • Including a message on the 800 number to request the consent of the public to have their calls monitored.

SSA Comment

SSA believes the Office of the Inspector General’s (OIG) interpretation of the statement concerning employees’ consent is inconsistent with the purpose of the MOUs, which deal with the impact and implementation of management’s decision to conduct service observations (monitoring). SSA also remarked that it has begun the process of promulgating regulations which will address concerns regarding the parties’ consent of service observation.

OIG Response

The Commissioner’s authorization for monitoring telephone calls at SSA states that it is for the conduct of consensual public service monitoring. In addition, it also states that the authorization may be used only after SSA has fulfilled its duty to bargain with the AFGE. The applicable MOUs specify the agreements between SSA and the AFGE with respect to telephone monitoring. A general provision of the MOUs is that employees do not consent to being monitored. Consequently, we continue to believe that any implied consent from SSA employees is questionable. We believe this concern is best remedied by either modifying the MOUs or by including a message on the 800 number to request the consent of the public to have their calls monitored.

Continuous Positive Action to Inform the Public of Monitoring

FIRMR requires SSA to take continuous positive action to inform the public of monitoring. FIRMR is silent as to what type of notice is required. SSA believes that it satisfies this requirement by its notification to the public through its public information pamphlets. Certainly, SSA publications provide some notification to the public. However, we disagree that this requirement of FIRMR is being met by notification through SSA pamphlets. In addition, officials at GSA stated that they believe SSA should have a pre-recorded message on SSA’s 800 number to inform the public of monitoring since many callers may never receive SSA’s public information pamphlets.

Recommendation:

We recommend that SSA:

2. Provide a message on the 800 number to satisfy the FIRMR requirement of continuous positive action to inform the public of SSA’s monitoring practice.

SSA Comment

SSA commented that since FIRMR has been repealed, there is no current requirement for continuous positive action to inform the public of monitoring. However, it is reconsidering whether it will provide the recommended notice to the public.

OIG Response

We believe FIRMR recognized the actual and perceived effect of monitoring telephone calls on the privacy rights of individuals. The requirement for continuous positive notice to inform the public of monitoring addressed those concerns. Although SSA is not legally obligated to follow FIRMR, we believe the public has the right to know that their calls are being monitored. A message on the 800 number provides the best assurance that the public is aware that their calls may be monitored.

Minimum Sampling Requirement

FIRMR requires that SSA keep the number of monitored calls to the minimum necessary to obtain a statistically valid sample. During our review, we learned that SSA monitors calls in excess of the minimum number necessary to obtain a statistically valid sample. SSA guidelines for monitoring telephone conversations allow for unlimited monitoring of TSRs’ calls for training purposes and for conduct problems.

As part of TSRs’ training, a unit supervisor will monitor up to 100 percent of trainees’ calls in their first year on the phone. They also have new TSRs listen to numerous calls of experienced TSRs to learn how to best respond to calls. While we understand that monitoring additional calls for trainees may be desirable, it is not permitted by FIRMR. Unlimited monitoring of trainees exceeds the minimum sampling requirements and is targeted at specific employees. We believe SSA should address new TSRs’ proficiency in their training program and that new TSRs should be fully trained before answering calls from the public.

SSA will also monitor calls in excess of the minimum necessary when it believes there is a conduct problem with a particular TSR, e.g., rudeness to the calling public. In these situations, supervisors will monitor additional calls to evaluate the TSR’s courtesy. This practice also is not permitted by FIRMR. The regulations do not specify any circumstances for additional monitoring of calls when conduct is a problem. We believe SSA can address problems with rude behavior on the phone without monitoring numerous conversations. The rude behavior can be easily noticed and addressed by a supervisor walking through the unit and observing TSRs while on the phone.

Back to top

Recommendations:

We recommend that SSA:

3. Monitor the minimum number of calls necessary to obtain a statistically valid sample.

4. Address training needs and conduct problems by means other than additional monitoring.

SSA Comment

SSA does not believe the monitoring of 100 percent of a TSR’s telephone calls violates the minimum sampling requirement of FIRMR. It also does not believe it is practical to expect new TSRs to be proficient in responding to calls without extensive monitoring by mentors.

SSA also took exception to the statement that "rude behavior can be easily noticed and addressed by a supervisor walking through the unit and observing TSRs while on the phone." It noted that the elimination of supervisory positions and new systems furniture make visual observation of rude behavior more difficult.

OIG Response

The FIRMR requirement recognized that monitoring should be limited and kept to a minimum. We agree that this may present challenges to SSA trainers and supervisors. However, the GSA specifically stated that this was not permitted by FIRMR since it is not sampling and is targeted at specific individuals. GSA also noted that SSA needs to consider the impact on the calling public of having additional conversations monitored.

Statistically Valid Sample

FIRMR states that the monitoring should be of a statistically valid sample of calls. Statistical sampling requires that the sample be representative of the population of calls. In order to achieve this, the sample should be selected by a random process. In using a random selection process, every item in the population has a known probability of being selected. The process will eliminate personal bias or subjective considerations for the selection of sample items. Judgment sampling is not statistical sampling; it is discretionary. For example, selecting a few calls "at random" is usually included in the category of judgment sampling. Only by the use of statistical sampling can SSA quantify, with any mathematical reliability, the quality of telephone service provided to the public.

During our audit, we interviewed unit supervisors and technical assistants who conduct most of the monitoring in TSCs. As part of the interviews, we inquired about how calls are selected for monitoring. We found that the sample of calls monitored are not statistical (representative) and are not selected randomly. Unit supervisors and/or technical assistants determine when they will monitor a call, which is usually when their schedules permit. They usually listen to a few calls in succession at their discretion and judgment. As a result, the information gathered from monitoring does not provide reliable evidence to assess the overall quality of service provided to the public.

Recommendation:

We recommend that SSA:

5. Use statistical sampling for the monitoring of telephone calls as required by FIRMR.

SSA Comment

SSA has a proposed revision to its monitoring process which recommends that unit level service observations be conducted at random. SSA is also looking into purchasing software to do this for the 800 number answering sites.

Recording Information of the Calling Public

FIRMR prohibits those who monitor calls from recording the identity (name, Social Security number, or telephone number) of the public callers. Whenever a call is monitored by a supervisor, he/she will provide documented feedback to the TSR. The feedback provides a summary of the call and whether it was answered correctly by the TSR.

As part of our review, we randomly selected a sample of documented feedback forms for 85 calls that were monitored. The forms were reviewed to determine whether identifying information of the calling public was recorded on the feedback forms. Our review showed that, in four cases, identifying information of the calling public was improperly recorded on the feedback forms.

SSA has reminded supervisors that identifying information of the calling public cannot be recorded on the feedback forms. To ensure that this is not overlooked, we believe there should be a notice on the feedback forms to alert the monitor that identifying information of the public callers cannot be recorded.

Recommendations:

We recommend that SSA:

6. Modify the feedback forms to include a statement that identifying information of the public callers cannot be recorded.

7. Periodically review feedback forms to ensure identifying information of the public callers is not recorded.

SSA Comment

SSA will remind monitors that identifying information of the calling public should not be recorded on feedback forms. SSA’s service observation regulations will also address this issue.

SSA’s Authority to Monitor Calls Since the Rescission of FIRMR

Although FIRMR has been rescinded, SSA must continue to meet one of the required exceptions in 18 U.S.C. sections 2510, et seq., in order to continue its service observations. SSA can monitor calls only if the requirements of the consent exception or the business telephone exception are met.

Consent Exception - This exception permits telephone monitoring at least one party consents to the monitoring. We have discussed the relevant case law and elements of this requirement in the section, Consensual Monitoring Under FIRMR. Based on our review, we continue to believe SSA may be subject to legal challenges with respect to whether it has the employees’ or public’s consent to monitor their telephone calls. Therefore, we reaffirm our recommendation for SSA to ensure that the legal requirements for consent are met in all cases of telephone monitoring.

Business Telephone Exception - This exception permits telephone monitoring in a business setting if: (1) the telephone or telephone equipment has been provided by the telephone company or by the subscriber for connection to the subscriber’s telephone service; and (2) the use of the telephone or telephone equipment must be used in the ordinary course of business. Consequently, SSA could monitor calls without the consent of either party if it meets both exceptions.

The type of listening devices SSA uses has a direct bearing on whether the business telephone exception is met. Our review of the relevant case law indicates that some interception devices are specifically prohibited by law. SSA uses several different devices to monitor telephone conversations. However, since SSA’s monitoring program has been based on the consent provisions of FIRMR, we did not determine whether any of these devices are prohibited under the business telephone exception. We have concerns that some equipment SSA uses may be prohibited. This concern was also noted in a recent legal opinion by SSA’s Office of the General Counsel (OGC) that suggested some of the monitoring equipment SSA uses might not qualify for the business telephone exception.

If SSA plans to use the business telephone exception as the legal basis for its monitoring program, it should determine whether any of the equipment it uses is prohibited by law. In addition, if SSA plans to use the business exception, it will have to modify the applicable SSA/AFGE MOUs since they are based on the consent provisions of FIRMR.

Back to top

Recommendations:

We recommend that SSA:

8. Determine whether any of the monitoring equipment SSA uses is prohibited under the business telephone exception.

9. Modify the applicable SSA/AFGE MOUs if it plans to use the business telephone exception.

SSA Comment

SSA responded that the facts of a given case determine whether or not a particular call was permissibly monitored. It will use the consent exception as its primary legal defense to challenges to its program. It may rely on the business telephone exception as a secondary defense where applicable and necessary.

SSA also commented that it could find nothing in the current MOUs that implies that its monitoring practices do not fall within the business telephone exception, nor could it find anything in the MOUs that state it has agreed to follow the consent provisions of the FIRMR. Lastly, the FIRMR did not address or limit SSA’s reliance on the business telephone exception.

OIG Response

The Commissioner’s authorization for monitoring telephone calls at SSA states that it is for the conduct of consensual public service monitoring. It does not authorize monitoring under the business telephone exception. While the MOUs do not specifically state that SSA will follow the consent provisions of FIRMR, they are based on the Commissioner’s authorization. Lastly, we strongly disagree that FIRMR did not limit or prevent SSA from using the business telephone exception. The FIRMR clearly specified that telephone monitoring must be consensual.

If SSA plans to use the business telephone exception as a secondary defense to its program, it can only be done prospectively after the Commissioner authorizes it. If the business telephone exception is authorized by the Commissioner, then SSA must still address whether the equipment it uses is permitted under the business telephone exception and must still modify the MOUs to allow for it.

Action Needed by SSA

We believe the repeal of FIRMR raises serious concerns for SSA and other Federal agencies that monitor telephone calls. It is unclear under what authority agencies are engaging in telephone monitoring. FIRMR had very specific requirements which carefully prescribed the manner in which agencies should monitor calls to the public. There are also significant criminal or civil penalties when telephone monitoring is improperly used.

Given these concerns, we believe new regulations are needed. However, we encountered varying opinions as to which Federal agency has the authority to promulgate regulations. We have been advised by GSA that it retains the authority to prescribe regulations on telephone monitoring; however, SSA’s OGC believes SSA has the authority to promulgate its own regulations. Regardless of where that authority rests, we believe SSA needs to take expeditious action to resolve this issue to ensure its telephone monitoring program is legally supportable.

Recommendation:

We recommend that SSA:

10. Meet with GSA and OMB to determine SSA’s authority to monitor telephone conversations.

SSA Comment

SSA replied that it could find no current GSA or OMB guidance that prohibits telephone monitoring. It asserts that the only current Federal limitation on telephone monitoring is 18 U.S.C. sections 2510-2520.

OIG Response

We recommend that SSA confirm with appropriate officials at GSA and OMB that it is authorized to promulgate regulations with respect to telephone monitoring.

Agreement to Comply with State Laws

We believe that Federal law has preempted the issue of telephone monitoring, therefore, State laws would not affect SSA’s telephone monitoring program. This is because the Supremacy Clause of the U.S. Constitution prevents State regulation unless Congress affirmatively declares that Federal agencies are subject to State laws. We found nothing in our review of the Federal law to indicate that Congress has affirmatively declared that a Federal agency would be required to submit to State laws for telephone monitoring.

However, the SSA/AFGE MOUs include provisions which SSA and AFGE have agreed to follow. Included in the MOUs is the agreement that SSA will be bound by applicable State laws. This is a contract provision and may be binding on SSA even though SSA would not otherwise be compelled to obey State laws. We found no indication that SSA has identified the conditions of the applicable State laws it has agreed to follow. This could have a significant effect on the manner in which SSA monitors calls. For example, several States require that both or all parties to a telephone conversation must have knowledge and consent to the monitoring. In addition, some States do not recognize the business telephone exception.

Recommendation:

We recommend that SSA:

11. Identify and review any applicable State laws it has agreed to follow and develop policies and procedures to ensure compliance. Modify any MOUs to reflect SSA’s interpretation with respect to the applicability of State laws.

SSA Comment

Although SSA agreed that the Supremacy Clause of the Constitution prevents State regulation unless Congress affirmatively declares that Federal agencies are subject to State laws, it does not believe that the statement in the MOUs requires them to follow applicable State laws. SSA’s interpretation of the MOUs is that it obligates SSA to comply with State statutes only if Congress acts to make the State statutes applicable to SSA.

OIG Response

We agree that the Supremacy Clause ordinarily exempts SSA from State regulations. However, the fact that the provision in the MOU is subject to interpretation presents a litigation risk that a Court could find that State laws apply to SSA’s telephone monitoring program.

Back to top

INTERNAL CONTROLS TO ENSURE COMPLIANCE WITH LAWS, REGULATIONS, AND SSA’s MOU

FIRMR required agencies to establish controls to ensure compliance with its regulations. In addition, OMB Circular A-123 requires agencies to establish general management controls to ensure compliance with the law and to provide reasonable assurance that assets are safeguarded against unauthorized use.

A-123 requires that:

  • Access to resources and records should be limited to authorized individuals and accountability for the custody and use of resources should be assigned and maintained.
  • Transactions should be promptly recorded, properly classified, and accounted for in order to prepare timely accounts and reliable financial and other reports. The documentation for transactions, management controls, and other significant events must be clear and readily available for examination.

During our review, we found that SSA has limited or no controls in place to ensure compliance with 18 U.S.C. sections 2510, et seq., or applicable laws and regulations. We identified the following weaknesses with the Service Observation System which SSA uses to monitor telephone calls.

No Record or Audit Trail of Monitored Calls

As part of our audit, we planned to review an historical sample of telephone calls that were monitored by SSA personnel. This was necessary so we could determine whether SSA’s monitoring practices were in compliance with FIRMR, SSA policy, and the various AFGE MOUs. We were unable to review any records of monitored calls because SSA’s monitoring software does not produce any type of record or audit trail when calls are monitored. In addition, SSA cannot provide basic management information on the number and types of calls that are being monitored.

Since there is no historical record of telephone calls that have been monitored, we could not determine whether:

  • unauthorized officials are monitoring telephone calls;
  • authorized or unauthorized officials are illegally monitoring personal calls of employees;
  • authorized or unauthorized officials are monitoring calls in excess of the numbers allowed; or
  • authorized or unauthorized officials are illegally recording telephone conversations while monitoring calls from remote locations (employees’ home phones, offices, etc.).

We believe the absence of an audit trail for monitored telephone conversations does not meet the criteria for recording and documenting transactions as specified by OMB Circular A-123. Given this limitation, SSA does not have reasonable assurance that monitoring is always being used for its authorized purposes.

Access Controls to Monitoring Software Are Minimal

The ability to monitor calls should be restricted only to authorized individuals. In an automated system, access is normally restricted by the assignment of a personal identification number (PIN) to identify users, passwords to authenticate their identity, and profiles to specify what functions may be performed by a user.

As part of our review, we evaluated the controls that restrict access to SSA’s monitoring software. We found that the access controls were minimal. In most cases, observers are not required to enter a PIN or password in order to monitor telephone conversations. Consequently, there is no systematic means to prevent or detect unauthorized users from monitoring calls. In addition, there are no means to determine and authenticate the identity of individuals who use the monitoring software.

We noted that SSA has some safeguards against unauthorized access to monitoring. Access to monitoring calls is restricted since usually it can only be done from a supervisor’s or technical assistant’s telephone. However, in our opinion this provides only limited assurance against unauthorized access to monitoring calls. This limited assurance is exacerbated by the following conditions we identified with the monitoring software.

Software Configuration Allows Improper Monitoring

In order to ensure that authorized individuals are monitoring calls in accordance with FIRMR, SSA policy, and the various AFGE MOUs, there should be some safeguards to ensure persons are acting within the scope of their authority. Based on our review of SSA’s monitoring software, we found there were only limited controls to ensure individuals do not exceed the scope of their authority. We identified the following weaknesses with the software:

  • It does not restrict observers from listening to calls of employees outside their areas of authority or responsibility. For example, any of the 46 unit supervisors and 45 technical assistants at the Baltimore and Auburn TSCs can listen to calls in their respective units and in all of the other units within the TSC.
  • It allows for unauthorized monitoring of calls that take place on administrative phones and employees’ personal phone lines. For example, in the Baltimore TSC, the 23 unit supervisors and 22 technical assistants can listen to calls on 23 administrative phones and on the personal phone lines of 487 TSRs.
  • It allows for monitoring of calls from administrative and clerical phones to which no one is personally assigned, and by individuals who do not have the authority to monitor calls. For example, in the Auburn TSC, there are 39 phones that improperly have monitoring capability. This includes administrative or unit phones, secretarial phones, phones in the mail room, and a phone in the local AFGE union office.
  • It allows for monitoring from phones outside of the Agency. Monitoring can be performed from remote locations outside of SSA’s phone system. Any touch tone telephone can be used (including individuals’ home phones) to monitor telephone conversations.

We believe the monitoring software should be revised to prevent these types of improper monitoring. This condition is exacerbated by the fact that improper monitoring can be done without any record or audit trail being established. Consequently, there is also no systematic means to detect instances in which individuals have improperly exceeded their authority to monitor telephone conversations.

Recommendations:

We recommend that SSA modify the monitoring software to:

12. Establish a record and/or audit trail whenever a call is monitored.

SSA Comment

SSA will explore this recommendation to determine if it would be cost effective and beneficial to the monitoring process and will make a final determination by the end of the calendar year.

13. Require a PIN/password for access.

SSA Comment

SSA will explore this recommendation and make a final determination no later than the end of this calendar year.

14. Prevent observers from listening to calls of employees outside their areas of authority or responsibility.

SSA Comment

SSA will not pursue this recommendation. Because of the limited number of supervisory positions, they must have the flexibility to monitor calls of employees in other units.

OIG Response

Some limits should be established to prevent observers from listening to calls of employees for whom they have no supervisory responsibilities. In cases where it is not practical to do so, SSA should use the audit trail as suggested in recommendation 12 to detect and investigate monitoring of this type to ensure it is proper.

15. Prevent the monitoring of calls on administrative phones, as well as employees’ personal phone lines.

SSA Comment

SSA agreed with this recommendation and will instruct offices to ensure that all telephones not subject to monitoring be blocked.

16. Remove the monitoring capability from all unauthorized administrative and clerical phones.

SSA Comment

SSA agreed with this recommendation and will instruct offices to remove the monitoring capability from all telephones that will not be used for monitoring calls.

17. Prevent the monitoring of calls from any phone that is outside of SSA’s phone system.

SSA Comment

SSA will explore the technical feasibility of this recommendation and reach a final decision within 90 days.

18. Use the audit trail to identify and investigate instances of improper monitoring.

SSA Comment

If SSA decides to establish an audit trail, it will be used to investigate instances of improper monitoring.

SSA Reviews to Assess Compliance with Laws, FIRMR, and MOUs

OMB Circular A-123 states that agency managers should continuously monitor and improve the effectiveness of management controls associated with their programs. This includes periodic evaluations and reviews expressly for the purpose of assessing management controls.

During our review, we learned that SSA had received congressional inquiries in1993 that expressed concerns about SSA’s telephone monitoring practices. As a result of these concerns, SSA’s Deputy Commissioner for Operations requested that each Regional Commissioner provide a plan to do periodic reviews of the telephone monitoring practices in his/her region to ensure compliance with FIRMR and AFGE MOUs. The Deputy Commissioner for Operations noted that, despite attempts to correct the problems, some TSC managers continue to violate the regulations and MOUs regarding the proper monitoring of calls.

In our review of the Baltimore, Maryland, and Auburn, Washington, TSCs, we found that neither office has performed, nor plans to perform, any periodic reviews of the monitoring practices in their offices.

Recommendation:

We recommend that SSA:

19. Conduct periodic reviews of the telephone monitoring program to ensure it is in compliance with applicable laws and regulations, SSA policy, and SSA/AFGE MOUs. The result of these reviews should be reported to the Commissioner.

SSA Comment

SSA agreed that it would be a good practice to periodically review the Agency’s monitoring practices.

Back to top

SUMMARY AND CONCLUSIONS

SSA’s monitoring of telephone conversations is a valuable assessment method. It is likely the most effective method to determine the quality of service SSA is providing to the public through its 800 number. However, this practice must be designed with appropriate safeguards because of the actual and perceived effect on the privacy rights of the employees and the calling public. This practice also exposes SSA to criminal or civil penalties imposed by Federal laws when monitoring is improperly applied. FIRMR recognized the need to limit the circumstances for which monitoring is permitted and to carefully control telephone monitoring activities to ensure it is not abused. Since FIRMR has been rescinded, we believe the authority to monitor telephone conversations is questionable and there is a compelling need for new regulations.

We also believe the conditions noted in this report represent an unacceptable risk of noncompliance with the Federal laws and regulations and that the telephone monitoring practice is not being used for its intended purpose. The corrective actions recommended, if implemented, will improve the legal basis for SSA’ s telephone monitoring practices and will minimize the likelihood of improper monitoring.

Back to top

APPENDICES

APPENDIX B

MAJOR CONTRIBUTORS

Office of the Inspector General

Judith Kidwell, Counsel to the Inspector General
Jim Klein, Senior Auditor
Jerry Hockstein, Program Analyst

  Link to FirstGov.gov: U.S. Government portal Privacy Policy | Website Policies & Other Important Information | Site Map
Need Larger Text?
  Last reviewed or modified Monday Jan 14, 2008