|
House Committee on Government Reform, Subcommittee on Government
Management, Information and Technology (Horn)
On Legislation That Would
Prevent The Federal Government From Establishing National Identification
Cards (H.R. 220, Paul, R-TX)
Frederick G. Streckewald, Associate
Commissioner for Program Benefits Testified
May 18,
2000Mr. Chairman and Members of the Subcommittee:
Thank you for inviting the Social Security Administration (SSA) to
testify on H.R. 220, the Freedom and Privacy Restoration Act of 1999, a
bill designed to limit the use of the Social Security number, or SSN.
Today, I will discuss the original purpose of the SSN, and how its use has
expanded over the years. I will also talk about what effect this expansion
has had on SSA and the conditions under which we disclose or verify an SSN
for third parties. In addition, I will discuss how the number facilitates
the data matches used in program integrity to verify eligibility for and
benefit amounts of Social Security, Supplemental Security Income (SSI),
and other Federal and State benefits.
At the outset, let me emphasize that SSA has always taken its
responsibility to protect the privacy of personal information in Agency
files very seriously. When the Social Security program began, people were
concerned that information they provided to Social Security could be
misused. The Social Security Board, charged with implementation of the
Social Security Act, issued press releases and public statements to
provide reassurance that information provided by individuals and employers
would be regarded as confidential and would be available only to the
individuals to whom it pertains and to Government personnel who need
access to carry out their official responsibilities.
Almost immediately, these broad pledges of confidentiality were
translated into official binding policy when the Board published its first
regulation in 1937. This pledge of confidentiality has been an important
factor in the cooperation which employers and employees have shown over
the years in providing required information.
For almost 65 years, SSA has honored its commitment to the American
people to maintain the confidentiality of the records in our possession.
We have longstanding and effective practices and procedures to maintain
individuals' privacy.
Original Purpose of the Social Security Number and Card
To begin, I'd like to talk about the original purpose of the SSN and
the Social Security card. Following the passage of the Social Security Act
in 1935, the SSN was devised administratively as a way to keep track of
the earnings of people who worked in jobs covered under the new program.
The requirement that workers covered by Social Security apply for an SSN
was published in Treasury regulations in 1936.
Initially, the only purpose of the SSN was to keep an accurate record
of earnings covered under Social Security and to pay benefits based on
those earnings. The SSN card is the document SSA provides to show what SSN
is assigned to a particular individual. The SSN card, when shown to an
employer, assists the employer in properly reporting earnings.
Growth of SSN as an Identifier for Other Federal Purposes
In spite of the narrowly drawn purpose of the SSN, use of the SSN as a
convenient means of identifying people in records systems has grown over
the years in steps often taken for good reasons such as, in the public
sector to help enforce laws, protect the public treasury, and collect
funds from delinquent non-custodial parents.
In 1943, Executive Order 9397 required Federal agencies to use the SSN
in any new system for identifying individuals. This use proved to be a
precursor to an explosion in SSN usage which came about during the
computer revolution of the 1960's. The simplicity of using a unique number
that most people already possessed encouraged widespread use of the SSN by
Government agencies and private organizations as they adapted their
record-keeping and business applications to automated data processing.
In 1961, the Federal Civil Service Commission established a numerical
identification system for all Federal employees using the SSN as the
identifying number. The next year, the Internal Revenue Service (IRS)
decided to use the SSN as its taxpayer identification number (TIN) for
individuals. And, in 1967, the Defense Department adopted the SSN as its
identification number for military personnel. Use of the SSN for computer
and other record-keeping systems spread throughout State and local
governments, and to banks, credit bureaus, hospitals, educational
institutions and other areas of the private sector. At the time, there
were no legislative authorizations for, or prohibitions against, such
uses.
Statutory Expansion of SSN Use in the Public Sector
The first explicit statutory authority to issue SSNs did not occur
until 1972, when Congress required that SSA assign SSNs to all aliens
authorized to work in this country and take affirmative steps to assign
SSNs to children and anyone receiving or applying for a benefit paid for
by Federal funds. This change was prompted by Congressional concerns about
welfare fraud and about noncitizens working in the U.S. illegally.
Subsequent Congresses have enacted legislation which requires an SSN as a
condition of eligibility for applicants for SSI, Aid to Families with
Dependent Children (now called Temporary Assistance to Needy Families),
Medicaid, and food stamps. Additional legislation authorized States to use
the SSN in the administration of any tax, general public assistance,
drivers license, or motor vehicle registration law within its
jurisdiction.
At the same time legislation was being enacted to expand the use of the
SSN, Congress became concerned about the widespread use of the SSN as an
identifier. As a result, the Privacy Act was enacted in 1974. It provides
that, except when required by Federal statute or regulation adopted prior
to January 1975, no Federal, State or local government agency could
withhold benefits from a person simply because the person refused to
furnish his or her SSN.
However, Congress continued to enact legislation that authorizes
certain uses of SSNs in the public sector or required governmental
agencies to collect the SSN, limiting the effect of the Privacy Act.
In the 1980's, separate legislation provided for additional uses of the
SSN including employment eligibility verification, military draft
registration, commercial motor vehicle operators licenses, and for
operators of stores that redeem food stamps. Legislation was also enacted
that required taxpayers to provide a taxpayer identification number (SSN)
for each dependent age 5 or older. The age requirement was lowered
subsequently, and an SSN is now required for dependents, regardless of
age. The expansion of use of the SSN continued through the late 1980's
with the requirement that an SSN be provided by applicants for Housing and
Urban Development programs and authorizing blood donation facilities to
use the SSN to identify blood donors.
In the 1990's, SSN use continued to expand with legislation that
authorized its use for jury selection and for administration of Federal
workers' compensation laws. A major expansion of SSN use was provided in
1996 under welfare reform. Under welfare reform, to enhance child support
enforcement, the SSN is to be recorded on almost every official document
an individual may obtain; e.g., professional licenses, drivers licenses,
death certificates, birth records, divorce decrees, marriage licenses,
support orders, or paternity determinations. When an individual is hired,
an employer is required to send the individual's SSN and identifying
information to the State which will verify the information with SSA. This
"New Hire Registry" is part of the expanded Federal Parent Locator which
enables States to find non-custodial parents by using the SSN.
Private Sector Use of the SSN
Unlike public sector use of the SSN, private sector use of the SSN is
not specifically authorized but neither are there any restrictions. People
may be asked for an SSN for such things as renting a video, getting
medical services, and applying for public utilities. They may refuse to
give it. However, the provider may, in turn, decline to furnish the
product or service.
Officials from financial services companies advised the General
Accounting Office (GAO) for their February 1999 report, "Use of the Social
Security Number is Widespread," that, although they ask for an SSN, they
generally do not use SSNs as internal identifiers but instead assign an
account number as a customer's primary identifier. They expressed concern,
however, that if prohibited from using an SSN, their ability to conduct
routine internal activities and correctly match a specific individual to a
corresponding record of information would be severely hampered.
The SSN as an Identifier
As you can see, Mr. Chairman, the current use of the SSN as a personal
identifier in both the public and private sectors is not the result of any
single step; but rather, from the gradual accretion over time of extending
the SSN to a variety of purposes. The implications for personal privacy of
the widespread use of a single identifier have generated concern both
within the government and in society in general. Opposition to the use of
such an identifier stems from the fear that it will be used improperly to
exchange information among organizations or could possibly lead to
dossiers about people which would follow them throughout life, make
identity theft easier, or compromise a person's privacy.
The advent of broader access to electronic data through the Internet
and the World Wide Web has generated a growing concern about increased
opportunities for access to personal information. Some people fear that
the competition among information service providers for customers will
result in broader data linkages with questionable integrity and potential
for harm.
On the other hand, there are some who believe that the public interests
and economic benefits are well-served by these uses of the SSN. They argue
that it would enhance the ability to more easily recognize, control and
protect against fraud and abuses in both public and private activities.
All Federal benefit-paying agencies rely on data matches to verify, not
only that the applicant is eligible for benefits, but also to ensure that
the benefit paid is correct. The SSN is the key that facilitates the
ability to perform the matches.
SSA Verification Workload
SSA verification workloads relating both to use and misuse of the
number have increased as the number's use has expanded. Such verifications
are done primarily through regular automated data exchanges. We actively
participate in data matches to ensure the accuracy of Federal and State
benefit payments, to verify whether applicants are eligible for benefits,
to undertake debt collection activities, and to safeguard program
integrity. The SSN, as the common identifier, is the key to these matches.
In addition, we verify SSNs for employers to ensure the correct posting of
wages and for other Federal benefit-paying programs to help reduce their
program costs. Where required by law and, in certain circumstances where
permitted by law, we verify that the name and SSN in the files of third
parties are the same as those on our SSN records.
Examples of disclosures or verifications we perform required by statute
include:
- to the Office of Personnel Management for the purpose of
administering its pension program for retired Federal Civil Service
employees;
- to the Immigration and Naturalization Service to identify and locate
aliens in the United States;
- to the Department of Education for verifying the SSNs of student
loan applicants;
- to the Department of Veterans Affairs to determine eligibility for,
or amount of, veterans benefits; and
- to State agencies and courts to locate absent parents owing child
support.
Disclosures we make that are permitted by the Privacy Act include:
- to the Department of Justice for investigating and prosecuting
violations of the Social Security Act or for litigation involving SSA
components or employees;
- to the Department of Treasury for tax administration and for
investigating the alleged forgery or unlawful negotiation of Social
Security checks; and
- to Federal, State and local entities for the purpose of
administering income maintenance and health maintenance programs, where
use of the SSN is authorized by Federal statute.
Matches for Program Integrity Purposes
We rely on data matches to verify eligibility factors, that is, that
the applicant is eligible for the benefit, to protect the integrity of our
programs, and for debt collection activities. Use of the SSN facilitates
our ability and that of other agencies to perform the matches. Many of the
data matches are mandated by statute, such as the State death data match
which provides State death certificate information to SSA, as well as
providing death data to other benefit-paying Federal agencies for them to
determine if recipients are fraudulently claiming benefits. We also do
matches for prisoner reporting which provides information on incarceration
so that SSA can suspend benefits.
While these data matches are invaluable to us, nothing is more
important in the operation of our programs than ensuring that the public
has confidence that the information placed in our trust is secure. This is
a cornerstone of our philosophy. SSA uses state-of-the art encryption
software that protects data sent to us and systems firewalls that protect
access to our databases. We are constantly reevaluating the security
features necessary to protect the information we receive and maintain.
How Does Matching Work?
SSA computer matching, as is true for matching by other Federal and
State agencies, is regulated by the Computer Matching and Privacy
Protection Act of 1988, which amended the Privacy Act. The Act prescribes
a procedural framework for matching activities, to include mandatory
provisions that an individual be provided due process before a benefit is
denied or terminated, that appropriate safeguards are adopted to preserve
the confidentiality of the data being exchanged, and prohibitions on
duplication and redisclosure of the data other than for purposes covered
by the match.
Because of our overriding concern for the confidentiality of the
personal information in our records, and as required by the Computer
Matching and Privacy Protection Act of 1988, SSA establishes an agreement
with another agency to conduct computer matches for a specified purpose.
This agreement is specific as to what the receiving agency can do with the
information it receives from SSA.
A computer comparison of an entire non-SSA database of information is
matched against an entire SSA database (e.g., all Federal Workers
Compensation cases compared to all disability beneficiaries). The computer
compares the records for discrepant information, and may also identify
characteristics of highly suspicious cases. After the computer comparison
discovers discrepancies, an alert is sent to an SSA employee to
investigate. The employee notifies the beneficiary, advising him or her
that information produced by matching may disqualify the individual from
receiving benefits or result in a reduction of benefits, but no adverse
action will be taken until he or she has had an opportunity to contest the
information. Only after due process has been satisfied will SSA take
action, if warranted, to change the benefits.
This process is highly efficient for programmatic benefits and allows
SSA to quickly determine eligibility and ensure correct payment amount.
Our computer matches comply with the due process, notice and individual
privacy safeguards required by the Computer Matching and Privacy Act of
1988. SSA estimates savings to the trust funds of $332 million annually
from computer matches for title II benefit purposes.
In order to improve the payment accuracy rate in the SSI program,
designated by the General Accounting Office (GAO) as a "high risk"
program, we are pursuing improved matching of our data with available
records on wages, nursing home admissions, and financial accounts. GAO
recommended that data matches were an effective means of reducing
overpayments in the SSI program. In response to the recommendations,
Congress included in the Foster Care Independence Act of 1999 (enacted on
December 14, 1999) authority for SSA to conduct certain matches to capture
information that directly affect eligibility and payment amount. The SSN
is the key to those data matches. Matching information with various
databases holds great promise in preventing SSI overpayments in these
areas. Access to such data is vitally important in our efforts to
strengthen the management of the SSI program.
Our actions are already showing results. For example, the data matches
performed in FY 1999, along with other improvements, are projected to
result in substantial savings in overpayment collection and prevention for
the SSI program at a comparatively low administrative cost. In FY 1999,
SSA saved almost $700 million in both title II and title XVI by sharing
data with other Federal and State agencies. Similarly, according to agency
estimates, other Federal, State and local agencies also saved about $1.5
billion. SSA and many other Federal agencies use data sharing for three of
the most important debt collection tools. The debt collection tools
provided for under the Debt Collection Improvement Act of 1996 that rely
on data sharing are: Tax Refund Offset where SSA refers delinquent debts
to Treasury; Treasury Offset Program which expands offset to government
payments other than tax refunds; and Credit Bureau Reporting where
delinquent debtors are reported to Equifax and Trans Union.
Public concern over the availability of personal information has
encouraged some to consider ways to limit using SSNs to disclose such
information. However, GAO's February 1999 report on the widespread use of
the SSN indicates that officials from both private businesses and State
governments have stated that if the Federal government passed laws that
limited their use of SSNs, their ability to reliably identify individuals'
records would be limited as would their subsequent ability to administer
programs and conduct data exchanges with others.
H.R. 220
Which leads to my discussion of H.R. 220. Let me begin by briefly
summarizing the provisions that affect SSA. The stated purpose of H.R. 220
is to prohibit the use of the Social Security number as an identifier.
Specifically, the bill would:
- amend title II (Old Age, Survivors and Disability Insurance) of the
Social Security Act and the Internal Revenue Code to prohibit any
Federal, State, or local government agency or instrumentality from using
a Social Security number or any derivative as the means of identifying
any individual, except for Social Security and certain tax purposes.
- amend the Privacy Act of 1974 to prohibit any Federal, State, or
local government agency or instrumentality from requesting an individual
to disclose their Social Security account number on either a mandatory
or a voluntary basis except for Social Security and tax purposes.
- prohibit any two Federal agencies or instrumentalities from
implementing the same identifying number with respect to any individual,
except for Social Security and tax purposes.
- prohibit a Federal agency from establishing a uniform standard for
identification of an individual that is required to be used by any other
Federal agency, State agency, or a private person for any purpose other
than the purpose of conducting the authorized activities of the Federal
agency.
- prohibit a Federal agency from establishing a uniform standard for
identification of an individual that is required to be used for a
purpose to which the Federal Government is not a party; or for
administrative simplification.
Conclusion
Mr. Chairman, H.R. 220 would severely limit SSA's ability to perform
data matches. The bill would restrict data exchanges which benefit the
public. SSA and other Federal, State and local governments use these data
exchanges to ensure accurate payment of benefits and to verify
eligibility. Limitations or foreclosure of such data exchanges would
undermine SSA program integrity initiatives, cost about $1 billion in lost
savings, and erode public confidence in SSA's stewardship of Social
Security programs. Even though there are attempts to provide an exception
for Social Security use of the SSN, the language is not clear as to
whether the SSN could be used as a Social Security claim number for
benefits. It is also not clear as to whether the exception would apply to
use of the SSN for SSI purposes.
In conclusion, I want to reiterate SSA's longstanding and ardent
protection of the confidentiality of the personal information in our
records. We share Representative Paul's concern about the expanded use of
the SSN in every phase of society. However, at the same time, we have an
obligation to ensure that benefits are paid only to eligible individuals
and that the correct benefit is paid.
The way for SSA and other benefit paying agencies to validate that a
benefit in the correct amount is paid only to an eligible beneficiary is
to verify the information he or she provided. Without a unique identifier,
trying to obtain information from other agencies would be
cost-prohibitive, as well as, labor intensive.
In the use of SSNs, we must carefully weigh the balance between
protection of individual privacy rights and the integrity of the Social
Security programs and other benefit paying programs. We look forward to
working with you to find the right balance.
I will be glad to answer any questions you may have.
Top of Page
|
|