COMMITTEE ON WAYS AND MEANS BILL THOMAS, California, Chairman
PHILIP M. CRANE, Illinois E. CLAY SHAW, Jr., Florida NANCY L. JOHNSON, Connecticut AMO HOUGHTON, New York WALLY HERGER, California JIM MCCRERY, Louisiana DAVE CAMP, Michigan JIM RAMSTAD, Minnesota JIM NUSSLE, Iowa SAM JOHNSON, Texas JENNIFER DUNN, Washington MAC COLLINS, Georgia ROB PORTMAN, Ohio PHIL ENGLISH, Pennsylvania WES WATKINS, Oklahoma J. D. HAYWORTH, Arizona JERRY WELLER, Illinois KENNY C. HULSHOF, Missouri SCOTT MCINNIS, Colorado RON LEWIS, Kentucky MARK FOLEY, Florida KEVIN BRADY, Texas PAUL RYAN, Wisconsin	CHARLES B. RANGEL, New York FORTNEY PETE STARK, California ROBERT T. MATSUI, California WILLIAM J. COYNE, Pennsylvania SANDER M. LEVIN, Michigan BENJAMIN L. CARDIN, Maryland JIM MCDERMOTT, Washington GERALD D. KLECZKA, Wisconsin JOHN LEWIS, Georgia RICHARD E. NEAL, Massachusetts MICHAEL R. MCNULTY, New York WILLIAM J. JEFFERSON, Louisiana JOHN S. TANNER, Tennessee XAVIER BECERRA, California KAREN L. THURMAN, Florida LLOYD DOGGETT, Texas EARL POMEROY, North Dakota
Allison Giles, Chief of Staff Janice Mays, Minority Chief Counsel  SUBCOMMITTEE ON SOCIAL SECURITY E. CLAY SHAW, JR., Florida, Chairman
SAM JOHNSON, Texas MAC COLLINS, Georgia J.D. HAYWORTH, Arizona KENNY C. HULSHOF, Missouri RON LEWIS, Kentucky KEVIN BRADY, Texas PAUL RYAN, Wisconsin	ROBERT T. MATSUI, California LLOYD DOGGETT, Texas BENJAMIN L. CARDIN, Maryland EARL POMEROY, North Dakota XAVIER BECERRA, California

 

COMMITTEE ON THE JUDICIARY F. JAMES SENSENBRENNER, JR., Wisconsin, Chairman

HENRY J. HYDE, Illinois GEORGE W. GEKAS, Pennsylvania HOWARD COBLE, North Carolina LAMAR SMITH, Texas ELTON GALLEGLY, California BOB GOODLATTE, Virginia STEVE CHABOT, Ohio BOB BARR, Georgia WILLIAM L. JENKINS, Tennessee CHRIS CANNON, Utah LINDSEY O. GRAHAM, South Carolina SPENCER BACHUS, Alabama JOHN N. HOSTETTLER, Indiana MARK GREEN, Wisconsin RIC KELLER, Florida DARRELL E. ISSA, California MELISSA A. HART, Pennsylvania JEFF FLAKE, Arizona MIKE PENCE, Indiana J. RANDY FORBES, Virginia

JOHN CONYERS, JR., Michigan BARNEY FRANK, Massachusetts HOWARD L. BERMAN, California RICK BOUCHER, Virginia JERROLD NADLER, New York ROBERT C. SCOTT, Virginia MELVIN L. WATT, North Carolina ZOE LOFGREN, California SHEILA JACKSON LEE, Texas MAXINE WATERS, California MARTIN T. MEEHAN, Massachusetts WILLIAM D. DELAHUNT, Massachusetts ROBERT WEXLER, Florida TAMMY BALDWIN, Wisconsin ANTHONY D. WEINER, New York ADAM B. SCHIFF, California

Philip G. Kiko, Chief of Staff-General Counsel
Perry H. Apelbaum, Minority Chief Counsel 

SUBCOMMITTEE ON IMMIGRATION, BORDER SECURITY, AND CLAIMS
GEORGE W. GEKAS, Pennsylvania, Chairman

 

DARRELL E. ISSA, California MELISSA A. HART, Pennsylvania LAMAR SMITH, Texas ELTON GALLEGLY, California CHRIS CANNON, Utah, Vice Chair JEFF FLAKE, Arizona J. RANDY FORBES, Virginia

SHEILA JACKSON LEE, Texas BARNEY FRANK, Massachusetts HOWARD L. BERMAN, California ZOE LOFGREN, California MARTIN T. MEEHAN, Massachusetts

George Fishman, Chief Counsel
Lora Ries, Counsel
Art Arthur, Full Committee Counsel
Cindy Blackston, Professional Staff
Leon Buck, Minority Counsel

Pursuant to clause 2(e)(4) of Rule XI of the Rules of the House, public hearing records of the Committee on Ways and Means are also published in electronic form. The printed hearing record remains the official version. Because electronic submissions are used to prepare both printed and electronic versions of the hearing record, the process of converting between various electronic formats may introduce unintentional errors or omissions. Such occurrences are inherent in the current publication process and should diminish as the process is further refined.

Advisory of September 12, 2002, announcing the hearing

Social Security Administration, Hon. James B. Lockhart III, Deputy Commissioner

U.S. Department of State, Charisse M. Phillips, Director, Office of Fraud Prevention Programs, Bureau of Consular Affairs

U.S. Secret Service, Robert Bond, Deputy Special Agent in Charge, Financial Crimes Division

Federal Bureau of Investigation, Grant D. Ashley, Assistant Director, Criminal Investigative Division

Social Security Administration, Hon. James G. Huse, Jr., Inspector General

Stylecraft Interiors Inc., Matthew James Reindl

Electronic Privacy Information Center, Chris Jay Hoofnagle

Social Security Advisory Board, Hon. Hal Daub, statement

Thursday, September 19, 2002

House of Representatives,
Committee on Ways and Means,
Subcommittee on Social Security,
and
Committee on the Judiciary,
Subcommittee on Immigration, Border Security, and Claims,
Washington, DC.

The Subcommittees met, pursuant to notice, at 1:05 p.m., in room 1100 Longworth House Office Building, Hon. E. Clay Shaw, Jr., and Hon. George W. Gekas (Chairmen of the Subcommittees) presiding.

[The advisory announcing the hearing follows:]

Chairman SHAW. Thank you for being here. Mr. Gekas and I have sat in these chairs before at a joint meeting, and he just reminded me how well he did the last time we were here in cross-examining a certain witness and sort of nailed his hide to the barn door. When the newspaper--

Chairman GEKAS. The New York Times.

Chairman SHAW. When the New York Times wrote about it, they said how Clay Shaw tore this witness apart.

[Laughter.]

Chairman GEKAS. This time I sat in front of the right nameplate.

Chairman SHAW. Okay, today our Subcommittees will join together to examine efforts to preserve the integrity of Social Security numbers and how we can better prevent terrorists and identity thieves from using these numbers to abet their heinous activities.

I welcome my friend, Chairman Gekas. We were partners against crime on Judiciary a number of years ago, before I came to this Subcommittee.

I welcome Ms. Jackson Lee and all of the Members of the Judiciary Committee on the Immigration, Border Security, and Claims Subcommittee to the Committee on Ways and Means.

I appreciate the opportunity to work with you as we look for ways to ensure the security of individuals and the security of our Nation.

Although created solely for the purpose of tracking workers' Social Security earnings, our culture is hooked on Social Security numbers. Business and governments use the numbers as primary identifiers of individuals. Even the most trivial transactions, such as renting a video, require us to hand over our nine-digit ID before services can be rendered.

The Social Security number has become so woven into the fabric of American society that it has become the key that unlocks the door to an individual's identity for any unscrupulous individual who gains access to it. If someone such as a criminal or a terrorist unlocks the door, at their fingertips are all of the essential elements needed to carry out whatever dastardly act they can conceive.

Worse, as each day passes, we learn more about the degree to which terrorists use stolen identities and false Social Security numbers to establish cover employment, drivers' licenses, and credit cards, all enabling them to live within our borders and plan their crime against Americans.

No longer is Social Security number fraud simply a tool of common criminals. Sadly, it is now a tool of terrorists.

As we will hear today from our witnesses from the U.S. Department of State, the Federal Bureau of Investigation (FBI), U.S. Secret Service, and the Social Security Administration's Inspector General (IG), there is no limit to the creativity of the reprehensible acts perpetrated by criminals and terrorists.

Our Nation and this Congress has forced our attention on America's first line of defense since the attacks of September 11; the war on terrorism and protecting our borders. Next, we must enact increased privacy protections for Social Security numbers and more powerful tools for law enforcement.

To that end, I along with several of my Committee on Ways and Means colleagues introduced H.R. 2036, the Social Security Number Privacy and Identity Theft Prevention Act of 2001. It is a vital component of our country's response to terrorism.

The Social Security Administration serves as the front line of defense in ensuring the integrity of Social Security numbers, a responsibility it takes very seriously. It is responsible for accurately assigning Social Security numbers as well as ensuring the wages earned and the Social Security benefits claimed on that number are only those of the holder.

As we will soon hear, since September 11, the agency has implemented a number of initiatives to help prevent identity theft. Yet, we will also hear there is more to do, particularly with regard to interagency cooperation. A solo approach by Federal agencies is not acceptable, as President Bush recognizes through his proposal to create a U.S. Department of Homeland Security.

Our Nation has been forever changed by the horrible attacks on our country. No longer can we sit idly by and not protect ourselves from domestic and foreign terrorists. Also, long before these attacks, individuals were fighting more personal battles with identity thefts.

We must implement changes that will prevent and deter future attacks on our national security and our personal financial security.

I look forward to hearing from each of our witnesses and thank them in advance for sharing with us their experience and their recommendation.

I now yield to my Co-Chair at this hearing, Mr. Gekas of Pennsylvania.

[The opening statement of Chairman Shaw follows:]

Chairman GEKAS. I thank the Chairman. I begin by asking unanimous consent that the written statement that I have prepared to be my opening statement be received in the record.

Chairman SHAW. Without objection.

[The opening statement of Chairman Gekas follows:]

Chairman GEKAS. Hearing no objection from my colleagues, I will proceed to underline and endorse the concepts enunciated by the gentleman from Florida, Mr. Shaw, the Chairman, on the importance of the hearing and on the subject matter itself.

Perhaps the most ironic outcome of Social Security fraud and identity theft is that this great social program, one of the greatest ever attempted by any society in the history of the world, is also a potential and actual vehicle for terrorists who threaten our Nation and actually attack our Nation.

That is reason enough to convene such a meeting and to determine, once and for all, what we as legislators can do to prevent this kind of result that threatens the very lives of the people who are Social Security recipients and Social Security contributors across the land.

If that weren't enough to put us on guard on what has been happening to our Social Security number system, then we have to consider as well the attack on the system that identity fraud perpetrates with respect to diminution of the funding and the assets of the Social Security program. For everyone who falsely secures a Social Security number and starts to receive benefits, the pot of available funding is diminished by that much, to the detriment of the current recipients and future recipients, not to mention the budgetary problems facing the Nation every single year, vis-à-vis the health of the Social Security fund and all that it touches in our society.

So, when we begin to listen to the witnesses here, we will have an eye and ear pinned to what it means in the day of the terrorist and what it means in the day of watchfulness on the health of the Social Security fund, what it means to try to prevent identity fraud and Social Security fraud in all its aspects.

I thank the Chair, and I yield back the balance of my time.

Chairman SHAW. Mr. Becerra, do you have an opening statement?

Mr. BECERRA. Thank you, Mr. Chairman.

First, let me say to the Chairman of the Subcommittee on Social Security of the Committee on Ways and Means, thank you very much for the several hearings that you have held on this issue of the Social Security number identity fraud and the importance to not just the people who will be recipients of Social Security but to all Americans who depend on such an important program, and, of course, to our government, which must dispense and implement this valuable program that has existed for over 75 years.

To our Co-Chair who is here today, Mr. Gekas, it is a pleasure to again have an opportunity to sit with him on a panel, as I did before when I served on the Committee on the Judiciary. I am pleased to join with my colleague, the Ranking Member of the Subcommittee on Immigration and Claims, Ms. Sheila Jackson Lee as well.

With all our colleagues that are here, I am looking forward to a hearing that will help us gain better insight on how we protect not just the Social Security number but Americans from identity fraud, how we protect them against invasions of that security that they had grown accustomed to. Now that we have seen what happened after September 11 and the fact that the 19 terrorists used Social Security numbers to help them obtain that fraudulent identity, it is important for us to try to move forward to see how we can secure not just our freedom and our privacy, but also the security of this country.

So, I am very much looking forward to the hearing, building upon what has been done through the Chairman's and the Members' good work on the Subcommittee on Social Security, and hoping that the testimony enlightens us on how to move forward and move forward quickly.

So, I thank you, Mr. Chairman. I yield back the balance of my time.

Chairman SHAW. Thank you, Mr. Becerra. Ms. Jackson Lee?

Ms. JACKSON LEE. Thank you very much, Mr. Chairman, and might I add my appreciation to Chairman Shaw and as well Chairman Gekas for having a hearing that gives example to government working at its best, Committees with their respective jurisdictions coming together. I'm pleased, of course, to join with the fellow Ranking Member of the Committee on Ways and Means and a former colleague on the Committee on the Judiciary, Xavier Becerra, and I think this very important issue.

It is good to see the Inspector General will be here. You testified earlier on some matters that we have before the Committee on the Judiciary, and I believe you gave great insight.

It is, of course, natural and important that we take leadership on the issues of Social Security fraud, theft, and issues that would impact negatively on the identity and the security of this Nation. Serving on the Subcommittee on Immigration and Claims, of course, I have to add my additional concern in words that I reflect most often; as we look to secure the Nation, we must also realize that we are a Nation of immigrants, a Nation of laws, even after September 11 and the unfortunate and tragic and horrific event that occurred, where so many of the terrorists and the perpetrators came in on legal visas that we still do not equate terrorism to immigration.

So I would hope, as look to this question, you will also have as a backdrop the fact that the recently passed immigration reform bill did not include a national identity card. We thought that that was not the direction to go, but it certainly is a direction to go with Mr. Shaw's concern about Social Security card fraud and identity fraud.

I hope that we will be cognizant of the technology that may put together a national Social Security card and the abuses that could occur. I also hope that we will avoid steps in this hearing and any legislation that would increase rather than diminish immigration-related discrimination that has already become a problem with the use of Social Security numbers by some employers.

So, we have our job cut out for us. I believe the American people will challenge us to do the right thing together, to provide enhanced security, but at the same time balance and respect the laws of this land, and certainly the civil rights and civil liberties of the people of this land.

With that, Mr. Chairman, I would ask that my entire statement be put into the record.

Chairman SHAW. Without objection, and without objection, any statement that any of the Members of this joint Committee hearing would like to put into the record will be made part of the record.

[The opening statement of Ms. Jackson Lee follows:]

Chairman SHAW. Now it is my pleasure to recognize the Honorable James B. Lockhart III, who is the Deputy Commissioner of Social Security. I believe this may be the first time you have appeared before the Social Security Subcommittee.

Mr. LOCKHART. Yes, Mr. Chairman.

Chairman SHAW. It is my privilege to welcome you.

Please proceed as you see fit. We have your full statement which, without objection, will be made a part of the record, as will the full statements of all the witnesses this afternoon. So, you may summarize or proceed as you see fit, Mr. Lockhart.

Mr. LOCKHART. Chairman Shaw, Chairman Gekas, and Members of the Subcommittees, thank you for asking me here today to discuss our work to preserve the integrity of the Social Security number and to prevent its misuse.

Commissioner Barnhart and I have made protecting the Social Security number a major stewardship priority. We have made many important enhancements and are reviewing other improvements.

We all know that Social Security number misuse can lead directly to identity theft with serious personal and economic consequences. On September 11, we also learned that it can have more far-reaching consequences, as the terrorists used made-up Social Security numbers.

As you know, the original purpose of the Social Security number was solely for tracking the earnings of people who worked in jobs covered by Social Security. Ever since, the use of the Social Security number has mushroomed as a way to identify people in records systems. It has become the identifying number for Federal and many other employee systems, taxpayers, noncitizens authorized to work in this country, beneficiaries of Federal- and State-funded programs, and some drivers' licenses.

By 1974, Congress became concerned about the widespread use of the Social Security number and passed the Privacy Act. It provides that except when required by Federal law, no government agency could withhold benefits from a person simply because of a refusal to give his or her Social Security number. Federal law does not restrict Social Security number use by private businesses or organizations.

As you can see, the Social Security number has become the personal identifier through a buildup over time. Unfortunately, it also has become the identifier of choice for criminals, including terrorists.

After September 11, the Social Security Administration formed a high-level response team to better prevent those with criminal intent from using Social Security numbers. We have put a new training emphasis on what we call enumeration for the 1.5 million noncitizens that we give numbers to every year.

On March 1, we stopped assigning Social Security numbers to noncitizens for the purpose of applying for a drivers' license. Noncitizens can now only get a Social Security number if they are authorized to work or if they need it for public assistance.

On June 1, we began verifying birth records of U.S.-born citizens older than age 1 who apply for a Social Security number, and we are piloting an online system that lets employers verify the names and Social Security numbers of newly-hired employees. That should help to strengthen our present verification systems.

We are also leading the government-wide e-VITAL project to improve the death master file and electronic birth records verification systems.

We are implementing a range of new initiatives with the Immigration and Naturalization Service (INS) and the State Department, which will be consistent with the requirements of the Privacy Act. We now verify all INS documents with that agency.

By the end of the year, under the Enumeration at Entry Project, we will assign directly Social Security numbers to newly-arrived immigrants based on the information the State Department and INS collect as they authorize noncitizen entry into the country.

We are also taking major steps to improve the accuracy of the 250 million annual wage reports that we receive, as they are critical for correctly calculating benefits. Despite improving our matching routines, almost 10 million of those 250 million wage reports a year are placed in the suspense file because the name and the Social Security number do not match. We have been writing letters to employees, asking them to correct the information. Over the last several years, we have greatly increased the no-match letters to employers.

Let me say that we appreciate the Subcommittee's effort to strengthen Social Security number privacy and prevent identity theft. The provisions in H.R. 2036 which strengthen the penalties and enforcement for Social Security number misuse would help in our efforts to locate and eliminate abuses.

Adding civil monetary penalties as proposed to existing criminal penalties for Social Security number misuse would provide another level of deterrence. We believe it would strengthen our ability to deal with cases of misuse that are not criminally prosecuted by the U.S. Department of Justice.

In closing, I would like to emphasize that the Social Security Administration is committed to doing all that it can to protect the integrity of the Social Security number by strengthening our enumeration and misuse detection capabilities. Commissioner Barnhart and I look forward to continuing to work with you on this vital national issue. I would be happy to answer any questions.

[The prepared statement of Mr. Lockhart follows:]

Chairman SHAW. Mr. Lockhart, if someone comes into this country, perhaps on a student visa or whatever, opens a bank account, the bank will require that person to supply their Social Security number. This is needed for the reporting of interest and things of that nature that account might be subject to.

Is there any indicator on the Social Security number as to the status of that particular person? Is there any indication on the Social Security card as to the status of that particular person? Now, this is not on a work visa.

Mr. LOCKHART. Yes. First of all, if a student comes into the country with a J-1 or F-1 visa, and is not authorized to work, we will not give him a Social Security card. So, that's the first step. They have to be authorized to work to get a Social Security number.

Let's assume that the university tells us that they are authorized to work, and we get a letter from the university to that effect, and we do the verification with the INS about the visa, we would then give them a Social Security number. The Social Security number itself has nothing special on it, but the card would say that the employer should check the INS documents in that case.

Chairman SHAW. If the person who the card is issued to then decides to go to work and supplies that identification number to the employer without showing him that card, what happens at that particular time, assuming then that the person takes the job and the Federal Insurance Contributions Act (FICA) wages are paid into the Social Security Administration?

Mr. LOCKHART. Again, assuming that he or she got the card legitimately, there is no problem. That is what is supposed to happen, that they will pay the FICA taxes in, and assuming we have verified the documents with the INS, the card was given legitimately. The employer still is supposed to look at the documents to make sure that they are legitimate.

Chairman SHAW. I understand the employer would be liable for other penalties for not properly checking the resident status or exactly why that person happens to be in the country, whether they be a citizen or a noncitizen.

Mr. LOCKHART. Now, in the circumstances that you posed at the beginning, if they were not authorized to work, if we did not give them a Social Security number, in theory, they can go to the U.S. Department of the Treasury and get a taxpayer number. That is a 900 series. It looks like a Social Security number, but that is a separate series and is not part of the Social Security system.

Mr. JOHNSON. Would the gentleman yield?

Chairman SHAW. I am a little confused here. I will be glad to yield in just a moment, but I am a little confused here because the person who you issued the Social Security number to may not be authorized to work or may not be here on an actual work visa. Is that not correct?

Mr. LOCKHART. Under our new procedure, that should not happen. As of September 1, we are verifying all documents with the INS, and they are telling us that the document is good before we give the Social Security number out.

Unfortunately, I think in the past, before the new procedure, there was a procedure at Social Security, where, if someone had been in the country only 30 days, our field office looked at the documents, put them under black lights and checked them to see if they were real. If they were a really good forgery, they might have been faked or something, and they could have possibly gotten a Social Security number on documents that were counterfeit.

Chairman SHAW. The gentleman from Texas?

Mr. JOHNSON. Thank you, Mr. Chairman.

I would like to follow up on that because just in Dallas, Texas, this month, they caught a bunch of illegals in an 18-wheeler, some of which died. You are aware of that case, I am sure.

My question is, there were 26 of them that were released on the spot in the United States and told they could get a Social Security number from you and go to work. Now, how do you account for that kind of thing?

Mr. LOCKHART. I am not actually aware of who made that statement.

Mr. JOHNSON. The lady who runs the district office for the Immigration and Naturalization Service there in Dallas. They let them go for 2 months, and she told me that they would get Social Security numbers and be given work permits. Three of them were allowed to go, one to Chicago and two to New York City, from Dallas.

Mr. LOCKHART. Well, under our present procedures, they would have had to have a document from the INS saying that it was valid for them to work. If the INS had given that document to them, yes, if you bring in a valid document--

Mr. JOHNSON. You give them a Social Security number just on the basis of the Immigration and Naturalization Service letting an illegal have a work document temporarily? Do you put any time limit on the Social Security number? How do you know they are not all terrorists?

Mr. LOCKHART. Again, our job is to give a Social Security number when we have valid documents from the Immigration and Naturalization Service. We get the documents, we look at them, we check them, we go into the INS system, we check it against the INS system. If it is not in the INS system, then we send a paper request to the INS to get them to verify that there is a real document that authorizes them to work.

It is not the Social Security Administration's job to decide whether they are authorized to work. It is our job to give them a number once they are authorized to work, so that they will pay taxes into the Social Security fund and to the Internal Revenue Service (IRS).

Chairman SHAW. Reclaiming my time, there are situations where someone can get a nonworking Social Security number. Now, that Social Security number, can an employer or anybody look at that number and say, "Hey, that's a nonworking Social Security number"? That is my question.

Mr. LOCKHART. Yes, there are circumstances. Historically, there were more circumstances. As of March this year, we are only giving them to people who are not working that are required by some benefit system--I think we will give about 20,000 or 30,000 out a year from now on. Previously, we did it for a driver's license, but those cards themselves say "not eligible for work." There is no special number, and we are looking at a special number. It is one of the things we are looking at.

Chairman SHAW. That is what I wanted to get at. I think that when we do issue a nonwork Social Security number, it ought to have something on it, a letter, a prefix, or something, that would identify it as "this is not for purposes of work."

Mr. LOCKHART. We are looking at a special series, just like, as I mentioned, the Treasury Department has the 900 series. We are looking, potentially, at a special series for anybody that doesn't have a permanent right to work in this country.

Chairman SHAW. Do you know if you can do that without legislation from us? I believe you can.

Mr. LOCKHART. I believe we can. Yes, sir.

Chairman SHAW. If you need legislation, come back, and we will work on it. Mr. Gekas?

Chairman GEKAS. Yes, I thank the Chair.

Mr. Lockhart, pursuing some of the questions that emerged from the statements and questions that were posed by the gentleman from Texas, Mr. Johnson, you said that after September 11, you undertook several initiatives to pin down the ability to grant Social Security numbers to only those who deserved them. The questions posed by Mr. Johnson implicate the Immigration and Naturalization Service in the wholesale admission of people first into the country and then to allow them to seek and gain Social Security numbers. Were there any recommendations made by the Social Security Inspector General in his recent report with respect to this problem, the reliance of Social Security on INS in its processing of prospective new numbers?

Mr. LOCKHART. Well, the Inspector General has recommended, I think for several years, to do what we just implemented. One of the points I would like to make is that both Commissioner Barnhart and I came in after September 11, and we looked at all these things, and we saw that there were holes in our system, and we want to correct them. We have corrected a lot, but we have more room to go. We are very concerned about this issue, and we will work on it.

The key recommendation that the Inspector General had made is that we verify every document with the INS. Every document that authorizes someone to work, we first go into the computer system. If it is not in their computer system, then we actually send a copy of the document to the INS and ask them to verify it.

So, that is our procedure, and we are following it now. It may, in some cases, slow up persons getting a Social Security number, but we think it is well worth it.

Chairman GEKAS. Do you hold up issuance of the number until submissions are made to you by the INS so that you are perfectly--

Mr. LOCKHART. Under our new procedure that we began implementing about 3 months ago and finished September 1, that is correct. We do not issue a Social Security number if the documents have not been verified by the INS.

Chairman GEKAS. Speaking of the recommendations of the Inspector General, were they before September 11 or after, or both?

Mr. LOCKHART. As I remember, they were both.

Chairman GEKAS. Do you have a scorecard on the recommendations made and where you are in implementing or attempting to implement those recommendations?

Mr. LOCKHART. Yes, Mr. Chairman, we do have a scorecard. We have been working very diligently. This task force that I mentioned in my testimony has a whole series of initiatives. We have implemented a lot of the major ones, but we are looking at other ones. For instance, the one that Chairman Shaw mentioned about a special series of numbers for nonpermanent Social Security cards.

So, we are working very diligently through this list. As I said, both Commissioner Barnhart and myself are really extremely serious about making sure that only people who are authorized to work, only people who should get Social Security numbers, are getting them in this country.

Chairman GEKAS. I would like, personally, and perhaps the other Members would also benefit from it, if we could actually produce such a scorecard, that is, to list the recommendations on the left and then give us completed or implemented or about to be implemented or on the way, some kind of indication as to what the recommendations were and what progress has been made in implementing those recommendations. I would be interested in that kind of graph.

Mr. LOCKHART. We certainly will be happy to provide that for the record, Mr. Chairman. I think as you talk to our Inspector General when he comes up in the next panel, I think he will tell you that we are making extremely good progress on this issue.

Chairman GEKAS. Well, you will have time to do it right before he takes the stand.

[Laughter.]

Mr. LOCKHART. Well, I have some versions of it here, but--

Chairman GEKAS. You can start the conversation now. I yield back the balance of my time.

Chairman SHAW. Thank you, Mr. Gekas. Mr. Becerra?

Mr. BECERRA. Thank you, Mr. Chairman.

Thank you for you testimony, Mr. Lockhart. I appreciate it.

Let me make sure, before I ask the particular questions that I have, I want to make sure that I understand something correctly. There are some 600,000 Social Security numbers that come to your attention that are based on nonwork-authorization Social Security numbers, correct?

Mr. LOCKHART. Yes, let me explain it. We have, really, three major categories of Social Security cards.

One is, you are authorized to work. You are either a citizen and you got it at birth, you have been authorized to work, or you have been permanently allowed in the country. The second one is that you are authorized to work with INS documentation, and the third one is that you are not authorized to work. We used to give those out because many State driver's license departments required them, and we have given out, unfortunately, many millions of those.

Every year, as we get the wage earnings reports in, those 250 million that I mentioned in my testimony, we get about half a million wages on nonwork Social Security numbers. Now, that doesn't mean that they are not authorized to work because they may not have come in to us again to get their Social Security card updated.

Mr. BECERRA. That was going to be my point, because I am familiar, being from California, that there are a lot of folks who start with a nonwork Social Security number but then ultimately obtain the authorization to work. Then, for whatever reasons, either they or the employer, somehow the information doesn't get to the Social Security Administration immediately. So, until that information gets to you, they are categorized as nonwork-authorized Social Security numbers.

Mr. LOCKHART. That is correct.

Mr. BECERRA. Okay. Let me get back to the whole issue, because it is becoming clear, now that Social Security has been able to give us more and more information, that you are trying to clean up these files, which for years have been building up and up in terms of the number of cases where we haven't been able to identify all the pertinent information for an individual.

My understanding is you obtain, on a yearly basis, claims or numbers or information on cases for about 250 million Social Security numbers.

Mr. LOCKHART. What we receive are wage reports from employers. Oftentimes, people change jobs, so there are actually less people working than the number of wage reports.

Mr. BECERRA. The information I have is that there are some 250 million wage reports on an annual basis, representing about 150 million workers. When you run those through your checks, at the onset, there is about a 1 in 10 nonmatch for those wage reports, incorrect name, some information doesn't correspond. It doesn't mean that it is not a valid Social Security number. It just means that, of those 250 million, 1 in every 10 or so came up with some red flag.

Mr. LOCKHART. Right. It didn't match.

Mr. BECERRA. It didn't match. You are then able to reduce that to about 2 or 3 percent, versus about 10 percent, correct?

Mr. LOCKHART. Well, 3 percent yes.

Mr. BECERRA. Three percent, and that is your suspense file?

Mr. LOCKHART. Exactly.

Mr. BECERRA. Within that suspense file, my understanding is that you have a caseload of about--is it 250 million of these?

Mr. LOCKHART. Yes. We have, in the suspense file--

Mr. BECERRA. About 237 million.

Mr. LOCKHART. Yes, 237 million. Exactly.

Mr. BECERRA. So, 237 million. In tax year 2000, you received some 9.6 million more of these wage reports that went into the suspense file. Give me a sense of what it takes to close a case on one of these files. What does it take to do the final check, to determine if there was just an error or if we have to do some further checks?

Mr. LOCKHART. We have computer teams that catch about two-thirds, as you mentioned, of the mistakes. It can be typos. Someone's maiden name hadn't been changed in our records. Some Hispanic names get transposed. They are having that problem right now at the California Department of Motor Vehicles. I was out there a week or so ago, and there is a lot of activity there.

So, our routines catch some of that. So, as we have done for many years, we then send out to the employees whose wage report we are getting, a letter telling him we are having a problem with mismatching. We send close to 10 million of these letters out a year, and we have been doing it for years, and about 1 million-plus, we don't have a good address for the employee, so we actually send it just to the employer. We ask them to come to the Social Security office and straighten it out, submit a form called a W-2C for correction.

Mr. BECERRA. What is the resource requirement for you to do that along with administering all the retirement benefits, dealing with survivors' benefits, disability claims? What is the separate resource requirement to deal with the suspense file?

Mr. LOCKHART. I don't really know the number, to tell you the truth. The initial piece of it is pretty computerized, and so, the cost is reasonable, but when they start coming in with the information, then it takes up a lot of field office time.

It is an important thing to do because what we are trying to do is correct the record so that when people are disabled, when people are retiring, that we have the right amount of money and we give them the proper benefits. We think it is an important function of the agency.

Mr. BECERRA. My time has expired, so I will close and say that perhaps, Mr. Chairman, we can try to follow up and try to get a sense of what it takes for the Social Security Administration to really do the job of getting through that suspense file, because as Mr. Lockhart just mentioned, that is important work.

Thank you, Mr. Lockhart. Thank you, Mr. Chairman.

Chairman SHAW. Ms. Jackson Lee?

Ms. JACKSON LEE. Thank you very much, Mr. Chairman.

Mr. Lockhart, thank you again. Would you restate for me the categories of immigrants that you give a Social Security card to?

Mr. LOCKHART. There are a whole series of different visas that are created by the INS, and I am not an expert on all this, but really, there are two main categories, if you look at it that way. One is that they are permanently authorized to work, and maybe about a half million of the cards we give each year are that group. The other million or so that we give are temporarily authorized to work under a whole series of things. A lot of them are student-related. Then there are the whole series of people coming in for software firms. The whole series that are given by the INS, but those are temporary.

Ms. JACKSON LEE. Do you feel comfortable in the procedures at the Administration, that you are accurately providing those who have documentation to work, that you are fairly accurate, or do you need additional resources or additional assistance in making sure you are accurate on the issuance of those types of cards?

Mr. LOCKHART. We feel, with the new procedures, we are doing a lot better job. Now what we are doing is verifying every document with the INS.

Now, new and better systems are needed because it is still a pretty paper-intensive process. The INS is starting to get more and more of the documents quickly into the system called the Systematic Alien Verification for Entitlements (SAVE) program. They have a student system coming up next year, which will help a lot.

We also have some other important procedures that I think will really help this and really put the workload where it should be. One of these that we are looking at is called Enumeration at Entry, which I mentioned, which would be that the State Department and the INS, when they are giving these work-authorizing documents, that they just send us an electronic message that this person is authorized, so we can issue them a Social Security number. Then we don't have to go through this roundabout procedure.

So that is the long-term solution, I think, for a lot of this.

Ms. JACKSON LEE. What kind of efforts are you making to get to that point? Certainly, it makes a lot of sense to me. You are talking about, by technology, send an e-mail, a note, a notice, if you will, to the Social Security Administration. Where are you on that?

Mr. LOCKHART. We have been working on that for several years. Our systems are all ready for it, and it is supposed to start next month, actually, with the State Department. Then, we will roll it out over time throughout the State Department and the INS.

Ms. JACKSON LEE. I think that is an important step to announce or to at least make known that you are moving toward that, because then that helps, if you will, keep the pathway of legality even more on track, because you are getting information as it comes. I think one of the difficulties is trying to go back and restructure documents and to look at what happened as opposed to getting that information as it is happening.

Mr. LOCKHART. That is correct. I think that will be a very important step forward. We are going to put a lot of resources in it. As I said, our systems are already ready to do it, and we hope to have it as a very high priority over the next year or two.

Ms. JACKSON LEE. To capture of the essence of the problem, you said millions of cards are issued for those with documents and allowed to work. Then there are about a million, if I understand, you left of an "S." You said there are about a million that may come in that don't have documentation or don't have authorization to work but ultimately may secure that. What kind of monitoring do you have to know the ones that are securing it and ultimately may need the right kind of Social Security card?

Mr. LOCKHART. Well, what I said, I think, is that there are about a half a million who have permanent authorization to work and about a million a year that we give cards have some sort of temporary work permit.

Ms. JACKSON LEE. Then there is a group that--

Mr. LOCKHART. Then there is a whole group that is not authorized to work, and we do not give them Social Security cards. We do not give them Social Security numbers, except for a very, very small group, about now 20,000 to 30,000 a year, that get these nonwork cards because they are authorized for some benefit program, but generally, they would not be a major threat.

Ms. JACKSON LEE. So you feel fairly confident that you are not giving now Social Security cards to those without the documentation to work? Do you feel fairly confident of that, in terms of immigrants?

Mr. LOCKHART. I visited our field offices in California a couple of weeks ago and watched them work, and it seems to be working, the new procedure. Again, we rolled it out over the last 3 or 4 months. We have 1,300 field offices countrywide. The last one just implemented it September 1.

We are very hopeful that this procedure will work and that people will follow it, and they seem to be following it very well.

Ms. JACKSON LEE. I thank you. My time is out. I will just simply say the suggestion or maybe what we might have read or heard of millions of individuals who may be immigrants who don't have authorization to work, such as that figure you gave, 20,000 to 30,000, is not as accurate as we may have heard. The number of cards that you are dealing with that are unauthorized to work are about 20,000 to 30,000, and not millions.

Mr. LOCKHART. Those that are nonwork cards. Now, there is obviously a whole series of people that are working in this country that do not have legitimate Social Security numbers. As we were talking earlier, some of those are showing up in our suspense file. A lot of our suspense file just may be typos and stuff like that, but there are people that are working, and it is probably in the millions, without proper Social Security cards and numbers in this country.

Ms. JACKSON LEE. We will work through that. Thank you very much.

Mr. JOHNSON. [Presiding.] Thank you, Ms. Jackson Lee. The Chair recognizes Mr. Hayworth.

Mr. HAYWORTH. I thank you, Mr. Chairman.

Mr. Lockhart, thank you for coming to testify today. I want to make sure that I understand exactly the status of foreign students who come to the United States to study at our colleges and universities, vis-à-vis Social Security cards. Now, you mentioned some distinctions here; those who come who are authorized to work, those who are on public assistance.

Help me nail down the student status. Do we classify that as an authorization to work? Authorized to study? What classification are they given?

Mr. LOCKHART. The general student status at, say, a university is, they are authorized to study. Then the INS, as I understand it, has authorized the universities to authorize them to work within the college, not somewhere else, just within the university.

The way the statute works is, if they come in with a letter from an authorized person from that university to say this person is authorized to work at the university and is expected to work at the university, then we will give them a Social Security number.

Now, what has happened, frankly, is some universities, because they may need Social Security numbers for these individuals for their records or something, are not actually putting these people to work, so that they are not actually working. And yet, we are getting a letter that says--

Mr. HAYWORTH. So, what you have are universities engaged in defrauding the Federal Government, saying they have people working who are not working, to get Social Security numbers?

Mr. LOCKHART. We may have some universities sending letters, and they may be interpreting differently than we are.

Mr. HAYWORTH. No, no. Let's get down to brass tacks here. If people are attempting to defraud and deceive the Federal Government in wartime for easy bucks, this is serious.

Mr. LOCKHART. Yes sir, and I know our Inspector General has looked at some cases. I have heard of situations where a university has actually advertised in foreign newspapers that "come to our school and we'll get you a Social Security number." You know, that is not right.

Mr. HAYWORTH. What is the name of the university that has done that?

Mr. LOCKHART. I am not sure. I heard about it in our Oklahoma City office, though.

Mr. HAYWORTH. Let me ask you a further question. This is very disturbing, to say the least. Maybe this is a question better suited for INS, but do we keep track of the nationalities of those who come to study? Do we know, for example, the number of Iraqi students who are in the United States on study programs or work study programs? Do you have any estimate today how many Iraqi students are here in the United States on a work study program?

Mr. LOCKHART. You are right, it is an INS question. We would not have that information in any of our databases.

Mr. HAYWORTH. Is there any particular reason not to keep that information?

Mr. LOCKHART. Again, what we are looking at is to make sure that people are paying their FICA taxes, and that is what the Social Security number has been created for. It is the INS's job to authorize people to work. That is what they are there for. That is their law. It is not our law.

Mr. HAYWORTH. Let me ask you this question. You say things have changed under the new programs, the combination of pre-September 11 reforms and post-September 11 reforms, and we are about 4 months into the situation now. How would you evaluate the level of communication between Immigration and Naturalization Service and the Social Security Administration? Are your computers able to talk to each other?

Mr. LOCKHART. Well, first of all, I think we are doing a lot better with communicating with the INS. In fact, I just talked to the Deputy Commissioner there this morning, and we are trying to work better than we have in the past. So, I think on the human level, it is working better. We are having many more meetings. I think they understand our issues now a lot better, and we are beginning to understand theirs.

From the computer standpoint, they do have this SAVE program that does tell us when someone is authorized to work. We have access to it in our field office. A person right at the service window who is reviewing a document will have access to the system. I saw them bring one up when I was in California. Momentarily it comes up, and it says whether this person is authorized to work or not.

The problem is not all of the data is in there.

Mr. HAYWORTH. So, we have incomplete data. Again, as we opened this questioning period, I am very concerned about the status of some colleges and universities who seem to be playing fast and loose with work study.

There is perhaps, Mr. Chairman, an appropriate role legislatively to crack down on those who would deceive the government for work study dollars.

I see my time has expired. I thank you, and thank you, Mr. Chairman.

Mr. JOHNSON. The time of the gentleman has expired. The Chair recognizes Mr. Collins.

Mr. COLLINS. Thank you, Chairman Johnson.

Mr. Lockhart, you know, we talk about these Social Security numbers, and it seems as though we kind of hand them out in a manner that has no system to it. Do we do benefits the same way? They get these Social Security numbers and they are here and they work temporarily--

Mr. LOCKHART. First of all, I would say that we do have a system for handing out Social Security numbers. We do hand out approximately 18 million a year. A major portion of those are actually replacement cards, but we hand out about 5 million new cards a year.

We do have systems in place. We have significantly strengthened those systems, as I have already said, but there were systems in place before September 11 as well. There were procedures in place.

On the benefits side, we have a whole series of systems. I think I can say, having come to Social Security only 7 or 8 months ago, that the systems at Social Security are some of the best in government, and we are always well-rated that way.

For benefits, obviously we have some issues with the suspense file, which we already talked about, but I think we do a reasonable job of keeping track of people's benefits. We have maybe that 3-percent error rate, but we have a 97-percent match every year, which is significant. We are talking about $4 trillion in wages a year.

So, our systems are doing what I consider a good job. We could do better, and I am not trying to say that we couldn't do better. We could do significantly better, and we are continuing to work on it. Commissioner Barnhart and I have made it very clear since we arrived here that we are not going to accept the status quo. We want to improve this agency dramatically.

Mr. COLLINS. Well, that is encouraging, and truthfully, I think you have. I have talked with the Commissioner on several occasions, and you too, and I think you have made some good strides.

I have a situation that has occurred in my district, which includes Fort Benning, Georgia. We have a local judge there who has called on a number of occasions, but his first call was in reference to several who had appeared in his court. They were here illegally, didn't have any kind of identification.

This is really an INS problem, too, because when he called INS to report them and ask them to pick them up, and this was after September 11 of last year, they said they didn't have the time, didn't have the money, couldn't do it. It was very frustrating to this particular judge.

He did call one day and said that they had incarcerated a person who was working at Fort Benning. He had a work pass, a work permit, and on that work permit was a Social Security number, and this person was here illegally also.

So, he sent a copy of the work permit over the office, and we double-checked it with your office and found that the number had not been issued.

How much of that exists? Do we have any idea? That is what this judge said, how much? Fort Benning, too, says, you know, this is not an isolated incident.

Mr. LOCKHART. It is a big issue. People make up Social Security numbers. As far as we can tell, all 19 terrorists, or however many that did have a Social Security number, they were all made up, and that is a big, big issue. As I said earlier to a question, there are probably millions in this country with made up Social Security numbers.

What we are trying to do is develop--and we do already have in place for employers, for State agencies, the ability to check those numbers with us, either in person or by computers. The idea is that, if they bring in a name, and they bring in a Social Security number, we can tell them if it is real or not. If there is a mismatch, then they should know that there is an issue with the individual.

Mr. COLLINS. I am glad that you are communicating with the people over at INS, because it seemed like there was a lot of slack there. For an INS office to inform a judge we don't have the time to pick up people who are here illegally, already incarcerated, something is wrong with that type of system.

I think it is a real threat and a danger to us to have people with work permits file Social Security numbers here illegally, working on a military installation.

Mr. LOCKHART. Yes. As you may have read in the newspaper, many of the agencies represented on the next panel, including our Inspector General, have been very active at the airports in this area, in verifying Social Security numbers. We are very committed to helping out in those kinds of law enforcement activities because we do believe it is extremely important for this country.

Mr. COLLINS. Well, in closing, the Office of the Inspector General for Social Security has been very helpful in this case, too. They are investigating this and investigating the employer.

Thank you.

Mr. LOCKHART. Thank you.

Mr. JOHNSON. Some of my colleagues and myself would like to clarify the statement you made. Did you indicate that all the terrorists had illegal Social Security numbers?

Mr. LOCKHART. Well, what I said is, I am not sure if all of them had Social Security numbers, but as far as we can tell--and the Inspector General has talked to the FBI, and the FBI I guess will be up--as far as we know at this time, none of the terrorists received a Social Security number at one of our offices. That is why we need to use the kinds of systems that we are building. We have had in place systems for 20 years for employers and other people to verify Social Security numbers. They just have not been used.

We now have a test, which, again, I mentioned in my testimony, with about eight major employers of an online system. I think over time, if we can do that, it will help protect the Social Security number from people that just make it up.

Ms. JACKSON LEE. Mr. Chairman, if you would just yield for just a brief moment?

Mr. JOHNSON. I yield to the gentlelady.

Ms. JACKSON LEE. There is a question that I left on the table, when you said millions of made-up numbers, you are not saying that there are millions of immigrants with made-up numbers? There are people all over the United States with made-up numbers. Is that what you are saying?

Mr. LOCKHART. You have to go back to that suspense file we were talking about. There are 10 million that we can't match every year. A lot of it is typos, wrong names, but there are certainly people in there that are working, whether they are immigrants, illegal or not, I don't know. There are certainly--I think most people would say many millions that are working without a proper Social Security number.

Ms. JACKSON LEE. Not all of one label?

Mr. LOCKHART. What?

Ms. JACKSON LEE. Not all of one label, one type of people, there are many--

Mr. LOCKHART. We just don't have the data. I mean, if we could find them, we could match them.

Ms. JACKSON LEE. We would find out.

Mr. Chairman, thank you. I do want to say that the INS is really trying to work on this issue, to the extent that I have visited sites, airports around the country I spent my time visiting. I will tell the Committee, if they have interest, that I literally saw the INS recognize undocumented individuals coming in from a country overseas, and was able to match the fact that their documents were fraudulent and was there to greet them. I saw the action when I was there. They were able to greet them immediately as they deplaned.

This is happening across the Nation. I think that we can be assured that they listen to Congress on the responsibilities that they have.

I thank the Chairman for yielding.

Mr. JOHNSON. I thank the lady for her comments. The Chair recognizes Mr. Hulshof.

Mr. HULSHOF. Thank you, Mr. Chairman. Welcome, Mr. Lockhart. We certainly welcome our colleagues from the Subcommittee on Immigration, Border Security, and Claims.

A lot of the questions to you, Mr. Lockhart, have been referenced around the issue of illegal immigrants that are here. What I would like to do is focus, as is also the subject of our hearing, on identity theft. Our Subcommittee, the Social Security Subcommittee, has heard some heart-wrenching stories from citizens, sometimes elderly citizens, who have been bilked of thousands of dollars in personal savings, with credit histories being just turned upside down because of identity theft. So, I would like to ask a couple of questions along that line.

You mentioned about 18 million cards a year, some of those are replacement cards. What percentage per year are replacement cards?

Mr. LOCKHART. About 12.5 million of those, so two-thirds.

Mr. HULSHOF. A couple of hypotheticals. If I come in to get a replacement card, I presume I could get one. What if I had just been given a replacement card the week before?

Mr. LOCKHART. You can get one with the proper documentation. You just can't ask for it. Yes, assuming you had the proper documentation, you can come in.

At the moment, we don't have a limit. It is one of the areas we are really looking at, because not only is there an integrity issue here, there is also a tremendous workload issue. Some of our offices are spending a third of their time issuing replacement cards. So, we are looking at it to see if we should limit the number, to see if we should charge, to see if they even need a replacement card.

I mean, what is happening in many of these offices is we have the Supplemental Security Income, SSI, population that we serve, and many of them have mental impairments, are homeless, and they are always losing the cards. We have people that have had 30 or 40 cards, and they are being required by some State agency to produce it. Now, if we can go to more of a verification electronically, that might relieve some of that workload as well.

Mr. HULSHOF. So, the Inspector General's recommendation to put perhaps some limit on the number of replacement cards, with some exception for extraordinary circumstances, that would be something that you would support?

Mr. LOCKHART. I am about ready to get a white paper on the topic. There is a series of issues. Some of the people I have talked to in the field office say why not charge them something for it. Maybe that will discourage them. A limit would be another way. There is a whole series of ways.

I mean, what is important is actually the number, not the card, when you really think about it.

Mr. HULSHOF. A couple of other quick areas, as my time is dwindling. If the Social Security Administration receives a report from an employer that indicates that somebody is working in America, say in Phoenix, Arizona, using my Social Security number, do you let me know that?

Mr. LOCKHART. What we do, if there is more than one wage report on a Social Security number, we try to unscramble it, and that unscrambling may mean that we call someone. By the time we receive the information, we are receiving information well over a year old on wage reports by the time it is entered in the system. It is probably not very helpful, if your identity has been stolen. You would probably know by then anyway.

The other thing we do, though, is we also put out annually the Social Security statement, as you know. In that, when you see it, if there is an incorrect wage, you could call us, and we would unscramble it that way.

Mr. HULSHOF. Okay, the final area of questioning regards data sharing with law enforcement agencies. Of course, the Privacy Act does say that agencies can share information with another information for the purpose of civil or criminal law enforcement purposes, if the head of that agency makes a written request.

Yet, it is my understanding that regulations within your agency limit disclosure to law enforcement activities relating to serious crimes like murder and crimes of violence. What about identity theft itself? I mean, for instance, if law enforcement were to contact the Social Security Administration and say, "We are working on an identity theft case. We need some data from your agency to be shared with us," would you provide it to them?

Mr. LOCKHART. It is not only serious crimes but it also is fraud against a Social Security number, and it is also if our IG opens a case. So, if the law enforcement person comes to the IG, which is where they would come, and the IG opens a case, we would certainly provide the information. We are not protecting identity thieves, in any sense of the word.

Mr. HULSHOF. Local law enforcement would then have to go the Inspector General.

Mr. LOCKHART. Which is part of Social Security, yes.

Mr. HULSHOF. Okay. Thank you, Mr. Chairman. I yield back.

Mr. JOHNSON. Thank you. Mr. Brady, do you care to question? The gentleman is recognized for 5 minutes.

Mr. BRADY. Thank you, Mr. Chairman.

I want to follow up on Congressman Hulshof's questions on collaboration. First, I want to thank the Social Security Administration for your collaboration with law enforcement on Operation Tarmac, which was launched after September 11. It has uncovered a large number of individuals with security clearances working at our Nation's airports under false pretenses, obviously a practice that cannot be allowed to continue.

On the 9th of this month, in my community, just 2 days before September 11's anniversary, Operation Tarmac indicted 143 individuals working at Houston's Bush International Airport, the airport that I and many of my neighbors fly in and out of on a weekly basis.

These people acquired airport security badges by using a nonexistent Social Security number of someone else's Social Security number.

From my viewpoint, the operation was a very solid preventative measure because these individuals each had access to airplanes, ramps, and tarmacs, regardless of their security clearance.

You have really addressed the question of what we can do to prevent this type of fraud in the future, but following on to Congressman Hulshof's question, is there not a way to increase cooperation with law enforcement, short of the IG opening up a case? Obviously, what we are tying to do here, the 143 who were indicted, perhaps and most likely there isn't a terrorist among them. Just as you arrest speeders before they cause an accident, someone who tries to buy a gun illegally, in hopes to prevent harm from happening later, it is important that we have these measures in place, even though they may seem to be small, preventative measures.

What can we do to increase, short of having to open up a case, to increase this type of cooperation with law enforcement?

Mr. LOCKHART. Really, the best way is for the security companies, everybody that is hiring at the airports or anywhere else, to use our systems. We have the systems, and any employer can come in and verify Social Security numbers when a hiring decision is made. That is the best prevention by far, just not to employ them to start with.

It is not being used as well as it should, and we are trying to get the word out that we have those systems in place, and they should be using them. So, that is the first thing that should be done.

The second thing is, we are continuing to work with our IG and our IG is continuing to work with all law enforcement to see how we can better fit our constraints.

Our constraint really is that this is taxpayer information. It is protected by the Internal Revenue Code, and it is a very important issue with them, that taxpayer information is secure.

So, we are working with the IRS, and we are working through our IG with the various law enforcement officials.

Mr. BRADY. That is a very good answer. My thought was, in the case with Houston's airport, Federal agents went through, under the leadership of our U.S. attorney, Mike Shelby, went through some more than 21,000 individual files to make those match. The good news is, there are only 143 who didn't, which tells you there is a level of security there.

My thought was, can we not make it, with certain restrictions, as easy for law enforcement, again, under certain restrictions, to match those numbers as it would be for employers to go online to do it?

Mr. LOCKHART. It is an issue we talked about in the agency, and certainly we talked it over with the Inspector General, and he is certainly recommending it. Again, it is an issue that is partially out of our hands, from the standpoint that the taxpayer information belongs to the IRS. So, it is one of the issues that we have to continue to work with them on, as to what are the procedures.

We have certainly, as you said, been able to do it for Operation Tarmac, and we hope that we can do it whenever necessary.

Mr. BRADY. I was just thinking, if there was some law enforcement clearinghouse at some level that works directly with the Social Security Administration and the appropriate authorities to be able to access, so that you don't have 10,000 going on from different jurisdictions, but actually a good, cooperative, laid-out, disciplined process that speeds up having to run through 21,000 files, where we can do more security because we save time.

Mr. LOCKHART. It is certainly something we should consider, yes.

Mr. BRADY. Thank you, sir. Thank you, Mr. Chairman.

Mr. JOHNSON. Thank you. Let me follow up on that for just a second. I am told, and I would like for you to verify it, that if an employer called you with a number for you to check, you say it is okay or not, but you don't tell them whether the guy is dead or if he is on a nonwork Social Security number. Is that true?

Mr. LOCKHART. Yes, sir. That is true. That is a flaw in our system that we are in the process of correcting. I was not aware of that until very recently myself, and I had the same concern that you do, that it doesn't make any sense to verify in that circumstance, if someone is dead or they have a nonwork number. We are making the system changes so that our verification systems will tell that.

Mr. JOHNSON. You will be in the near future, then?

Mr. LOCKHART. We are implementing those changes. Yes, sir.

Mr. JOHNSON. Okay. Let me ask you one other thing. I believe the Social Security Administration Inspector General is on record as supporting Social Security privacy legislation. This bill would prevent numbers from being used as ID numbers for many purposes, including military ID. At a time when military personnel are deployed worldwide, and terrorists are trying to exploit our weaknesses in everything from the Internet to our own financial systems, I don't know if it is wise for the military to be using their Social Security number for everything from checking out equipment to cashing a check. I would like to hear your comments on that.

Mr. LOCKHART. There is certainly an overuse of the Social Security number in our society. It has become a de facto identifier one way or another. The problem is that, in many ways, something else will have to be substituted for it. In some cases, it is useful for prevention of fraud and prevention of terrorists. So, there are pluses and minuses to all this.

Certainly, in your legislation, there are a lot of reasonable things that we can think about on how to limit the use of the Social Security number, because it has really grown dramatically more than it was ever supposed to do in this country.

Mr. JOHNSON. You agree with the original concept, as far as Social Security and tax purposes, period?

Mr. LOCKHART. That is the original concept. Unfortunately, I think the cat's out of the bag.

[Laughter.]

Mr. JOHNSON. Okay. Let me ask you one other quick question. In reference to the illegals that I spoke of earlier, I recognize it is mostly an Immigration and Naturalization Service problem, but if you issue a temporary work permit and the Immigration and Naturalization Service then follows up 2 months later with a letter to these guys, saying, "You are going to be deported. Come on back home," maybe some of them will, how do you get termination on that Social Security number?

Mr. LOCKHART. The procedures of the agency have been that, once a Social Security number is issued, it is issued. If we think there has been some fraud, we do put in the record that there has been some fraud, and we won't issue a replacement card, but the numbers are not canceled.

Mr. JOHNSON. So, they are out there indefinitely? So, if the guy is deported back to Mexico, let's say, and then comes back across the border, he still has a good Social Security number?

Mr. LOCKHART. He still has a Social Security number. If we have entered into our records that we think fraud has been involved, if they came into our office, we could find that out, but it is something that we need to look at. It is an issue that I think we need to look at, as to whether we should do anything to cancel a number. Historically, we never have. We have issued 415 million numbers.

Mr. JOHNSON. Thank you. I appreciate your honest testimony and openness with us. We thank you for the job you all are doing over there. Keep up the good work.

With that, we will close your testimony and ask the second panel to step up. I am going to turn the meeting over the Chairman Gekas.

Mr. LOCKHART. Thank you, Mr. Chairman.

[Questions submitted by Chairman Shaw to Mr. Lockhart, and his responses follow:]

Social Security Administration
Baltimore, Maryland 21235

1. During the hearing, Mr. Lockhart stated that SSA has a scorecard on the recommendations the Inspector General had made to tighten controls related to issuing Social Security numbers (SSNs).  As requested by Chairman Gekas, we would appreciate your providing a copy of that scorecard to both of our subcommittees.

2. During the hearing, Mr. Johnson, who represents the Dallas area in Texas, mentioned that illegal aliens in an 18-wheeler had been apprehended.  Approximately 26 of the individuals were released and told by the local Immigration and Naturalization Service (INS) office that they could get a Social Security number from SSA and go to work.  Can you provide more details on this situation?

Our understanding is that approximately two dozen Mexican immigrants survived a harrowing journey that began in El Paso and ended in North Texas aboard an unventilated tractor trailer rig.  Two men died of heat exhaustion and nearly a dozen others were hospitalized briefly for heat stress. Because of the need for witnesses against the smugglers when the cases come to trial, the INS granted the immigrants permission to work.

The Attorney General pursuant to §212(d) [8 U.S.C. §1182(d)] of the Immigration and Nationality Act has the authority to parole individuals into the United States for reasons specified in the Act and provide them with work authorization.  Inquiries should be directed to the Department of Justice because once the Attorney General exercises his discretion and issues work authorization, SSA has no discretion. Section 205 (c)(2)(B)(i) of the Social Security Act requires that the Commissioner of Social Security issue a work Social Security Number if an individual has a valid INS work authorization.

3. The Earnings Suspense File (ESF) has increased more than four-fold in the last 10 years.  The SSA's Office of Inspector General (OIG) found there are patterns of reporting errors among certain employers, including identical Social Security numbers (SSNs) used for more than one employee, non-issued SSNs, and consecutively numbered SSNs - all of which end up in the Earnings Suspense File.  There are also many instances of employers and industries that continually submit erroneous wage reports - one study of 20 agriculture employers in which 60% of their wage reports had inaccurate names or SSNs and who submitted almost $250 million in mismatched wages between 1996 and 1998 - and that three industries (agriculture, food and beverage and services) account for almost half of wage items in the suspense file.  What is the agency doing to address this growing file?  Is SSA making any special endeavor to refer these employers to the Immigration and Naturalization Service (INS) or the Internal Revenue Service (IRS) or to otherwise target them for corrective action in submitting erroneous wage reports?  What else can be done?  Please also provide information requested by Mr. Becerra regarding the administrative costs associated with the ESF (sending out letters responding to workers/employers' questions, etc.).

The ESF contains approximately 238.2 million items (name/SSN mismatches).  This covers items submitted for tax years (TY) 1937 through 2000.  Approximately 25 percent or 61.6 million items were added to the ESF for TYs 1991-2000, which is an increase of about one-third.

SSA developed a tactical plan to address the growth and management of the ESF.  As a result SSA:

• Has instituted multiple computer-matching routines to increase SSA’s ability to match a reported name/SSN that does not match SSA’s record with the correct record.
• Is building a new process that would electronically find millions of additional matches and post them to the correct earnings record.  The new process would compare earnings items to the Master Earnings File (which includes the Employer Identification Number), the benefit record, and the Numident (the record of SSNs assigned to individual names).  (The current matching process compares earnings items only to the Numident.)  The new process would also employ new techniques with earnings record patterns to match the earnings to the correct individual.  It is estimated that at least 30 million items would be removed from the suspense file and credited to the records of individual workers.  If so, benefits for several hundred thousand beneficiaries would be increased.
• Provides regional office assistance to employers with a high volume of mismatches to assist them in improving the accuracy of their records.
• Is discussing with IRS its existing authorities to penalize employers who contribute a large number of or a high percentage of name/SSN mismatches to the ESF.  (The penalties for submitting erroneous records are in the Internal Revenue Code.)  We understand that the IRS has begun to pilot a process to penalize these employers.
• Currently piloting with a small group of employers the Social Security Number Verification Service (SSNVS), an Internet option to verify the accuracy of employees’ names and Social Security Numbers (SSN) by matching the employee-provided information to SSA’s records.  SSA's current system provided to the employer community through SSA's 800 number and through electronic (magnetic tape, diskettes) and paper processing is time consuming for employers.  An Internet option will be more efficient and encourage more employers to use SSA's name/SSN verification program for new employees, thereby reducing items posted to the suspense file.
• Developed and conducted outreach programs to the employer and payroll communities to address the issue of correctly matching names and SSNs.  SSA staff have spoken to numerous employers and payroll groups on this and related issues.  SSA has made changes to our publications to help employers better understand the issues.  In our quarterly publication, the “SSA/IRS Reporter,” which is sent to over 6.5 million businesses, we have had numerous articles on the importance of providing correct name/SSN information on the Form W-2.   SSA has built a website that is designed specifically for employers to address their payroll reporting issues and provide guidance.
• Has worked with both the INS and IRS on the mismatch issue.  Both agencies have incorporated training on the importance of name/SSN information into their training programs for businesses.
• Has revised the letters sent to the employer to provide more detailed information about name/SSN mismatches.  SSA also provides detailed step-by-step instructions of what the employer should do to resolve the discrepancy.  The letters highlight the responsibilities of employers and the rights of employees when there are name/SSN mismatches.
• Worked with the IRS to revise the Form W-2 and its magnetic and electronic formats to provide separate first and last name fields to facilitate capturing the proper last name. This separation of the last name better assures that the information reported can be properly matched to SSA’s records, especially in cases where a person has a multiple or hyphenated last name.  Similar name presentation changes have also been made to the Form W-4.
• Modified the Spanish version of the Form SS-5 (Application for a Social Security Card) to separate the first name from the last name.  There are plans to make similar changes to the English version of the Form SS-5.
• Improved the timeliness of the notices sent to every employee whose name and SSN do not match requesting correction information.
• Has engaged Price Waterhouse Coopers to review the Agency’s management practices of the ESF and make recommendations as appropriate for improvement.

You asked if SSA is making any special endeavor to refer these employers to the INS or the IRS or to otherwise target them for corrective action in submitting erroneous wage reports.  SSA shares name and SSN mismatch data reported on the Form W-2 with the IRS since SSA processes these forms on behalf of the IRS.  SSA is working with IRS cooperatively in the development of its penalty program.

SSA is precluded from making referrals of name/SSN mismatch information to the INS due to section 6103 of the Internal Revenue Code, which prevents SSA from sharing tax information with other agencies.

In response to your question concerning what else can be done, SSA is now piloting an Internet based SSNVS.  This is a free service where employers can verify that the name and SSN on their payroll records matches SSA's records.  Expanding this limited pilot to the entire employer community will offer an inexpensive and easy way for all employers to verify their employee's names and SSNs.

As far as the administrative costs associated with the earnings suspense file, SSA sends a notice to every individual whose name and SSN does not match SSA's records. For TY 2001 (calendar year 2002), it costs SSA approximately $5.4 million to send these notices.

SSA also sends notices to employers. For TY 2001, SSA sent notices to all employers that had an item go into the ESF at a cost of $600,000 for the 944,000 notices sent.

There are additional costs associated with both types of notices:

• Over $200,000 for system maintenance and cyclical changes; and
• An average of $9.00 for each call to our national 800 number generated by the notices.  We estimate that we received about 100,000 inquiries about the TY 2001 letters.

4. SSA shares information on work credited to non-work SSNs with INS annually (worker name, address, employer, wages).  What does INS tell you they do with the information?  In 2000, about 9.6 million wage items representing $49 billion in wages did not match SSA's records.  The SSA IG recommended that SSA share information on wage records that do not match SSA files.  The IG also recommended that SSA match Office of Child Support Enforcement files with non-work SSNs and share that data with INS.  What are your views and do you plan to take action on these recommendations?

With regard to the INS' use of information on work credited to non-work SSNs, we defer to the INS for an explanation of what they do with the information and its usefulness.

Concerning IG’s recommendation that SSA share information with INS on wage records that do not match SSA files, SSA does not have the legal authority to share such records with INS.  Whether or not the wage records submitted to SSA match SSA records, they constitute tax return information subject to the disclosure restrictions in the Internal Revenue Code (IRC) (26 U.S.C. 6103). Section 6103 of the IRC prohibits sharing of wage records when SSNs on those records do not match information in SSA records.

With respect to the IG recommendation that SSA match Office of Child Support Enforcement files with non-work SSNs and share that data with INS, SSA cannot act on this recommendation for reasons similar to those cited above regarding sharing wage data with INS.  SSA’s access to and use of OCSE data is subject to limitations specified in section 453 of the Social Security Act (the Act) (42 U.S.C. 653).  Section 453(l)(1) of the Act prohibits SSA from sharing this information with INS.

5. Do you believe it would make it easier for employers to identify illegal workers if the SSN number itself was changed to indicate whether the person is not authorized to work?  If so, are you planning to implement this change and if yes, when?

It is not clear if the SSN itself were changed to indicate whether the person is not authorized to work whether it would significantly help employers identify “illegal” workers.  Most illegal workers use made up numbers.  The best way for employers to identify them is to use one of SSA's matching systems.

6. An article published by The Deseret News, of Phoenix, Arizona, on Tuesday, October 01, 2002 entitled "Thefts of social security ID rising fast," by Pat Reavy, Deseret News staff writer, described the substantial problems of a retired woman named Frances Stone, aged 70.  According to the article:

"…in 1992, Stone noticed her Social Security checks were getting smaller.  After some investigating, Stone discovered that the woman who allegedly took her wallet, an illegal immigrant, had gotten a job and was earning wages using her Social Security number.  The government thought Stone was earning more money than she really was.  Now, 10 years later, the problem still hasn't been settled.  Each year Stone's Social security checks are cut, and each year she has to go through a lot of red tape to prove somebody else is using her Social security number.  And each year it takes three to four months' worth of phone calls and letter writing to get the matter cleared up."

The SSA sent some eight million letters to people identified with "mismatched SSNs."  How many of these were to people who are using someone else's SSN?  Has the SSA compiled any reports as to how many people receiving SSA benefits are experiencing the same kind of fraud experienced by Frances Stone?  How many citizens and lawful residents are now subject to erroneous records of SSA benefits and don't recognize the problem?  If SSA receives a report from an employer that indicates someone else is working using another's SSN, would SSA contact the true owner to let him or her know?   Doesn't the SSA have a responsibility to the person to whom the SSN was lawfully issued?  Why not?

SSA is committed to achieving the results our citizens expect.  We regret the difficulties that Frances Stone experienced resulting from the theft of her wallet.  Her earnings record is now correct.

SSA/OIG does not have enough information to determine how many no-match letters went to people who are using someone else's SSN.  For Tax Year 1999, SSA has over 8.3 million wage items in suspense because the name/SSN on the employer wage reports failed to match SSA's records.  SSA produced no-match letters in an attempt to resolve these suspended items.  About 2.6 million wage reports could not be matched due to zero SSNs, invalid SSNs, no names, etc.  About 5.7 million wage reports contained SSNs that matched SSA's records; however, the names did not match.  SSA/OIG does not know how many of the 5.7 million letters were mailed to individuals who used someone else's valid SSN.  Without a valid name/SSN match, these earnings could not be posted to an individual's master earnings record.

Although 5.7 million of the wage items could have led to letters going to people who are using someone else's SSN, they could have also gone to the owner of the SSN who used an incorrect name (i.e. married name, improperly hyphenated name, etc.)  Since these items are still in need of resolution, SSA/OIG cannot determine the actual number of people who are using someone else's SSN.

You asked, if SSA receives a report from an employer that indicates someone is working using another's SSN, would SSA contact the true owner to let him or her know? SSA does not notify the actual SSN holder if someone is using his or her SSN.  SSA has a number of ongoing processes to obtain the correct name and SSN associated with the wages, including manual and automated edits. Due to these internal efforts, notifying the actual number holder of this situation may be premature and create unnecessary alarm.  In addition, the earnings history of the SSN owner, as well as their status with SSA's programs, has not been impacted since the wages earned by the other user (who may or may not have fraudulently used the number) remain in suspense.

SSA does not have reports as to how many people receiving SS benefits are experiencing the same kind of fraud experienced by Frances Stone.  SSA's IG is currently completing an audit of Internal Revenue Service referrals to SSA where a taxpayer has claimed that someone else is working under their name and SSN.  IRS refers such cases to SSA so that their earnings history within SSA's records can also be corrected.  SSA/OIG's audit work has found numerous instances of potential and actual identity theft.  While SSA/OIG does not know how many other citizens and lawful residents do not recognize this problem, SSA does send annual Social Security statements to the public which allow the individuals to identify anomalies in their earnings records.

SSA has a responsibility to ensure that the earnings recorded on all wage reports with names/SSNs that match SSA’s records are properly posted to employees' earnings records.  In addition, should the SSN owner request a correction to their earnings history, SSA has the ability to do so.

SSA also has the ability to assign a new SSN if this is the only means of resolving an identity theft situation.  SSA allows a second SSN to be issued when: (1) attempts to locate the individual using the number holder's SSN have been unsuccessful; (2) the number holder has earnings posted to his/her account in the last 2 years which belong to someone else; (3) the number holder requests or agrees to accept a new SSN; and (4) the number holder has cooperated with SSA.

7. What is the timeframe for merging your data systems so that employers who verify SSNs will be notified that an SSN is a non-work SSN or that the individual assigned the SSN is deceased?

Modifications to include additional verification information are planned for the Internet based SSNVS (Social Security Number Verification Service) now in an initial pilot phase.  The next step in that process is to expand the pilot to include additional employers.

8. The Privacy Act says an agency can share information with another agency for purposes of civil or criminal law enforcement activity if the head of that agency makes a written request.  However, your regulations limit disclosure to law enforcement activities related to serious crimes (e.g., murder, kidnapping) where the person has been indicted or convicted and to criminal activity involving the Social Security program or similar programs, correct?  Does this mean that employers can request verification of basic information, but law enforcement agencies cannot?

SSA’s authority for verifying SSNs for employers and law enforcement entities is separate and distinct.  SSA verifies SSNs for employers under the Privacy Act’s routine use provision (5 U.S.C. 552a(b)(3)).  For law enforcement, the disclosure authority is 5 U.S.C. 552a(b)(7).

SSA’s verification of SSNs for employers is for a compatible purpose, i.e., routine use, because employers’ submittal of wage reports to SSA is a part of SSA’s business process. It is in SSA’s interest that employers submit wage reports with correct SSNs so that the Agency can post wages to the correct individual’s record.  These verifications enable the Agency to maintain correct wage records on which to base individuals’ future retirement, survivors or disability benefits.

Unlike verifying SSNs for employers, the disclosures SSA makes for law enforcement purposes generally are for non-program related purposes; thus are more limited.  These disclosures are based on a balanced policy that provides service to the law enforcement community while maintaining the confidentiality and integrity of personal information in SSA's records. We provide information to law enforcement organizations in connection with an individual who has been indicted or convicted of a violent crime.  We also provide information if an individual is suspected of committing fraud against the Social Security program or any other government health or income program.

SSA has ad hoc authority (under the ad hoc provision in Regulation 20 CFR 401.195) allowing the Commissioner to make one-time disclosures to law enforcement authorities upon written requests from law enforcement agencies in special situations of national emergency or security.

On September 13, 2001 the Commissioner exercised this ad hoc authority to law enforcement requests concerning the events of September 11.  SSA's Inspector General and our then Office of Disclosure Policy established a streamlined process to handle law enforcement requests pertaining to these tragic events.

9. The SSA Inspector General mentioned in his testimony that a person is able to receive credit toward Social Security benefits based on illegal work.  Does current statute explicitly say SSA may credit work toward Social Security eligibility and benefits, regardless of whether the person is a citizen or authorized to work in the U.S?  Would you describe how SSA would process this application for benefits?  What proof would SSA request, and would SSA use the illegal work to determine his eligibility and benefit amount?  Would SSA refer him INS for the illegal work?

Section 210 of the Social Security Act states that all work performed in the United States is considered employment under the Social Security program with specific, but limited, exceptions.  The Act does not specifically address “employment” of persons who lack INS authorization to work and, therefore, these aliens working without authorization are not specifically “excepted” from engaging in covered employment.  The Act concerns itself with the kind of work done, rather than who is performing the work.

As long as the individual has worked in employment covered by the Act, and once they meet all the other factors of entitlement including lawful presence in this country, and submit the required proofs, they can receive benefits.  If the individual had worked under an assumed or invalid SSN, we would request evidence of this and develop to determine which earnings belong to him/her.

Thus, the receipt of benefits hinges on work in covered employment rather than immigration status at the point of employment.  However, lawful presence in this country at the point of entitlement is required.

10. Under current law, a non-citizen applying for benefits today cannot collect Social Security benefits if he is not legally residing in the United States, but he can get credit toward Social Security for illegal work.  Also, a person can earn credit toward Social Security while breaking immigration law.  Should these inconsistencies be rectified in your view?

Under present law, a non-citizen living in the United States will only receive benefits if he is legally residing in this country.  If Congress wished to reconsider the issue, a key concern would be whether a change would drive more employees into the non-tax-paying underground.

11. The Inspector General has recommended that legislation be enacted preventing Social Security from using wages from unauthorized work to determine eligibility and benefit amounts.  A previous administration did not agree with the recommendation - where does the current administration stand?  What would be the policy arguments for and against the SSA OIG’s proposal to prohibit crediting wages earned from illegal work toward Social Security benefits and eligibility?  Could you also elaborate on whether INS has sufficiently complete data on immigrants’ work authorization status over time to enable SSA to pursue this recommendation?

A proposal to deny credit for covered earnings on which the employee and employer paid the required Social Security taxes would be a major shift in public policy.  The Administration has not reviewed this proposal.

Current law already provides that individuals can be paid benefits within the United States only if they are lawfully present.  Thus, this proposal would reduce benefits primarily for individuals who are, at the time they apply for benefits, either U. S. citizens or otherwise legally within the country.

To administer such a change, it would be necessary to know exactly which periods in the past that a person was authorized to work and not authorized to work.  However, it is our understanding that INS does not maintain an electronic historical record of the alien status of each noncitizen in this country.  Without this information it would be impossible to implement this change.  We defer to INS for a more thorough explanation of their databases.

12. This year, SSA began mailing letters to all employers who submit information in which the name or SSN of the employee does not match SSA’s records.  Could you explain what the purpose of this letter is, since some employers may mistakenly believe they should no longer employ a worker because of the letter?

The Internal Revenue Code provides that employers are responsible for providing correct name/SSN information on the Form W-2.  When an employee's reported name and SSN do not match SSA's records, SSA may send a  "no match" letter informing the employer of the discrepancy and requesting the employer's assistance in resolving the error.  Our purpose in sending these letters is to obtain the necessary information to clean up our suspense file and ensure that number holders receive proper credit for their earnings.

These letters are intended to remind employers about the importance of providing SSA with correct names and SSNs of employees.  They also encourage employers to correct their records and to use SSA’s Employee Verification Service.

We are concerned that some employers may use SSA’s letters to take inappropriate adverse action against affected employees. We therefore specifically advise employers not to take adverse action against an employee because of the “no-match” letter, as indicated in the following paragraph from the letter used for tax year 2001:

"This letter does not imply that you or your employee intentionally provided incorrect information about the employee's name or SSN.  It is not a basis, in and of itself, for you to take any adverse action against the employee, such as laying off, suspending, firing, or discriminating against an individual who appears on the list.  Any employer that uses the information in this letter to justify taking adverse action against an employee may violate state or federal law and be subject to legal consequences. Moreover, this letter makes no statement about your employee's immigration status.”

13. It appears that many employers do not understand what they need to do to fix the record mismatch, and may inadvertently violate other laws.  What guidance does SSA give to employers to help them fix the problems identified?

SSA provides detailed, step-by-step guidance with every “no-match” letter in order to help employers resolve the reported records discrepancy.  Instructions are provided for correcting SSNs and Filing Tips for accurate annual wage reporting are automatically included when “no-match” letters are mailed.

Is this guidance consistent with that provided by INS, IRS, and the Department of Justice (DOJ) regarding hiring practices and documentation of an individual’s work authorization status?

Yes.

Have you had discussions with these agencies to develop clear, consistent guidelines for employers so that they do not violate other laws in their efforts to comply with SSA’s letters or out of fear of IRS penalties associated with non-matching wage reports?

INS, IRS, and DOJ have been consistently involved in the development of the no-match policy guidelines.  SSA has met with various agencies to discuss the Earnings Suspense File, “no-match” letters and related policies to assure that the guidance SSA provides to employers is consistent with INS, IRS and the DOJ policies.

14. Did SSA consult with business groups and others before implementing the new policy of sending out no-match letters to all employers with mismatched information?  If not, why?

SSA discussed changes to the “no-match” letter process with both the employer and payroll communities.  We meet with groups such as American Payroll Association, the American Society of Payroll Management and the Payroll Service Bureau Consortium at our annual National Payroll Reporting Conference. “No Match” was a major topic at the Payroll Conference held in August, 2002.  At this as well as other meetings, employers consistently indicate willingness to actively cooperate with SSA in order to resolve wage reporting discrepancies.

15. What has SSA heard back from employers and others since the mass mailing of no-match letters began?

There has been an increased interest by employers in verifying SSN’s for their employees. Representatives of labor unions, immigrant advocacy groups, and employer associations have expressed concerns about possible misinterpretation and misuse of the mismatch information.  SSA has worked to address the issues identified by these groups to try to alleviate their concerns.

16. How many employers have contacted SSA attempting to verify their employee’s SSNs?

Employers can verify their employees’ SSNs in a variety of ways:

• Approximately 7,400 employers are registered to use the batch verification system. In calendar year 2001, there were 218 employers who used the batch verification system.
• Employers can visit a local SSA field office or call a teleservice center.  We have no data on the verification requests to SSA field offices and teleservice centers, but we believe they probably receive thousands of SSN verification requests from employers.
• They can use the Employer Reporting Services Center (an 800 number).  SSA has very recently begun tracking the numbers of SSN verification requests received here.  For September, October and November 2002 the average monthly volume of verification requests received though the 800 number at the Employer Reporting Service Center is about 60,000.  No breakout on the numbers of employers involved is available.
• In addition, there are a select number of participants using the pilot Social Security Number Verification (online) Service (SSNVS). There are six companies participating in the SSNVS pilot.

17. The INS is responsible for assisting State and federal agencies to train employees of those agencies in examining immigration documents such as visas.  Isn't it true that the SSA only reversed its policy on checking INS records before issuing Social Security cards to aliens after September 11, 2001?

SSA has had longstanding policies to verify documents with INS. However, until recently we could not electronically confirm the legitimacy of documents with the INS until the person had been in this country for at least 30 days.  Therefore we relied on visual inspection, pursuant to security guidelines provided by INS, to verify documents.   In every case in which our own scrutiny led to any doubts about the authenticity of the documents, we held up assignment of the SSN until INS verified the documents, no matter how recent the entry.

The events of September 11, 2001, caused SSA's new management to reexamine many of our internal processes and our interactions with other agencies, including INS.  INS has made improvements in the timeliness of their data entry, and earlier this year gave SSA expanded access to non-immigrant data.  Based on a decision by Commissioner Barnhart, no alien’s SSN application is processed until SSA receives verification of the alien’s INS documents from INS.  Full implementation of this procedure was rolled out from July 15, 2002 through September 2002.  Where the verification still cannot be done electronically, we will request verification from INS, which could be for as many as a half million of the 1.5 million non-citizens we enumerate each year.

18. More than six months after the initial request by the SSA, the INS still has not completed any arrangements to provide automated record checking against INS records, despite public statements that this was a "top priority."  Is the problem with INS or is the SSA request more complicated than the press releases suggest?

SSA is now able to verify most INS documents online, using INS’ Systematic Alien Verification for Entitlements (SAVE) system.   Online access was provided by INS on May 25, 2002.  The system was piloted in SSA field offices in June 2002, and implemented in all SSA field offices on September 1, 2002.  For documents that cannot be verified online, SSA sends a manual request to INS for verification.

19. Beginning in June 2002, SSA started contacting the State bureau of vital statistics to verify a birth certificate presented for a SSN application.  Starting in July 2002 and nationwide by September 2002, SSA started verifying immigration documents with INS.  Before these changes, SSA generally examined the documents and accepted them if they appeared genuine.  Did SSA consult with employers before changing its verification procedures?

As indicated above, SSA’s general policy prior to September 11 was to verify documents with INS, except for certain new arrivals whose records were scrutinized by our employees.  The events of September 11 made it necessary for SSA to aggressively move forward in instituting additional verification measures to further ensure the integrity and security of the enumeration process.  While we are working with the employer community and others to make them aware of the additional verification, we did not consult with them before changing our procedures.

20. What feedback has SSA heard from employers, particularly those employing seasonal workers, about the new verification procedures?  Does SSA plan to make any exceptions or accommodations for temporary/seasonal workers?  Under the new verification procedures, how long does it take a non-citizen to obtain an original SSN?

We recognize that our efforts to enhance the integrity of the enumeration process may result in a delay in receipt of an SSN or replacement card and therefore could hamper employment of temporary or seasonal workers.  However, our procedural changes are designed to assure that only those who meet the enumeration requirements receive an SSN or replacement card. SSA is making no exceptions to its rules for any applicant.

Some employers have contacted SSA expressing their concern about the length of time it may take for us to verify records manually with INS if the documents cannot be verified electronically.  Any delays affect how quickly their newly hired employees obtain SSN cards. SSA’s commitment is to assign an SSN within no more than a few days after receiving verification from the INS.   Paper verification from INS may require as little as about a week or some number of weeks.  SSA is working with INS to minimize these delays. Generally, employers are attempting to adjust their operations accordingly.  Under IRS regulations 26 CFR Ch.1 §31.6011(b)-2 employers may hire an individual before he or she receives his/her SSN card.

SSA is committed to doing all we can to protect the SSN while striking a balance among the needs of individuals, employers and SSN integrity.   We believe that this new process should provide adequate safeguards for the integrity of the SSN while permitting individuals and their employers to move forward with hiring decisions.

21. Is it true that State benefit agencies, via your data matches with them, receive confirmation of their data or correct information from SSA's databases if their data is incorrect, for purposes of preventing fraud?  State Departments of Motor Vehicles (DMVs) and employers only receive information on whether their data matches SSA's data or a note saying which piece of information did not match (without the correct information from SSA), even though they are also trying to prevent fraud, correct?  In addition, is it also correct that the match with State DMVs may not provide information on whether the person on whom information was submitted shows up as deceased in SSA's records, depending on the system the State is using (on-line vs. batch file)?  Why does SSA provide different levels of information to State DMVs than to State benefit agencies when they request matches with SSA data?  Why don't the matches with Departments of Motor Vehicles or employers consistently include notification that a SSN belongs to a deceased individual?  When do you expect SSA will provide information to employers and DMVs on whether a SSN is for a deceased person in these data matches?

It is true that SSA provides different levels of information to State benefit paying agencies, DMVs and employers.  We are working to enhance our verification systems as part of SSNVS.  The next step in that process is to expand the pilot to additional employers.

22. Why doesn't SSA require a photo ID with SSN and benefit applications?  Do you plan to change your procedures to require a picture ID when anyone does business with you?  If not, why?  If so, what is your time frame?)

SSA requires convincing evidence of identity (evaluated on a case-by-case basis) from all applicants for original or replacement SSN cards. Most people can provide some reliable evidence of identity, such as a drivers license, passport, or school ID, that is acceptable for SSA purposes.

In determining what identity documents to accept, SSA is mindful of the public burden, considering:

• Not all SSN card applicants are adults;
• Not every applicant, even if age 16 and older, has a picture identity document; and
• Not every applicant has more than one identity document that meets SSA’s criteria.

It must be noted that there are many commercial organizations that sell identity cards with photographs.  Anyone can easily purchase a photo ID card on the Internet.  SSA does not accept these because they are generally issued based solely upon the person’s allegations and the issuing agents cannot verify them.  A photo ID is only as good as the documentation used to obtain it.

However, SSA has a pilot in certain SSA offices that will test and gather photographic identification to address the issue of complicit impersonation in the disability claims process.  The pilot is expected to start in mid 2003, once necessary actions resulting from the publication of the Federal Register notice on November 15, 2002 are completed.

23. The SSA IG suggested in a September 2001 report that SSA limit the number of replacement cards to 3 in a year and 10 over a lifetime, except in extraordinary circumstances.  Does SSA agree with the recommendation?  If so, when will SSA implement it?  If not, what other actions will SSA undertake to prevent misuse of replacement SSN cards?  Also is SSA planning to take any action to restrict replacement cards issued to persons with non-work SSNs who report earnings?

We are currently considering various options for limiting the number of replacement cards an individual can receive.

24. I understand that the Federal statute does not specifically prohibit somebody from selling his or her own validly issued SSN with intent to deceive.  Is this correct?  If so, do you think Congress should consider changing the law to make this illegal?

Section 208 of the Social Security Act (42 U.S.C. 408) does prohibit a person from selling a social security card that is, or purports to be, a card issued by SSA.  This provision also prohibits a person from possessing a social security card with the intent to sell it, for the purpose of obtaining anything of value "or for any other purpose."  See 42 U.S.C. 408(a)(7).  However, the section does not prohibit selling an SSN.

Nonetheless, that section does prohibit unlawful use of another person's SSN.  If the number holder (NH) conspired with another person to unlawfully use the SSN, including selling it, knowing that it would be used unlawfully, then the NH could be charged with conspiracy and, perhaps other offenses (e.g., aiding and abetting).

Moreover, selling the SSN might violate State laws concerning fraud, consumer protection, etc., depending on how the SSN is used.

We note that the Subcommittees' bill, H. R. 2036, would remedy this. SSA would be glad to continue to work with you on such legislation.

25. When do you expect to have the first Enumeration at Entry Center running?  What has been the reason for delay?  Will only persons admitted for lawful permanent residence be processed through these centers?  Does SSA have any near-term plans to expand these centers to persons temporarily admitted to the Untied States who are authorized to work?

Enumeration at Entry (EAE) is a process that enables aliens applying for immigrant visas at DoS’s Foreign Service posts to apply for SSNs at the same time.  The process started in October 2002.  DoS passes the SSN application data to INS along with the visa application data.  INS, in turn, passes the SSN application data on to SSA for issuance of the SSN.  Significant programming and systems modifications on the part of all three agencies were necessary to make EAE a reality.  Furthermore, EAE implementation requires that DoS staff physically install software containing the EAE changes at each post.

EAE is already operational in the posts in Manila, Philippines; London, England; and Cuidad Juarez, Mexico.  As of December 18, 2002, we have issued 1,943 SSNs using this process.

Beginning January 2003, DoS will begin to install EAE software at other Foreign Service posts around the world.  When this phase is fully implemented, more than 90 per cent of the people applying for immigrant visas at DoS posts will be able to apply for SSNs at the same time.

SSA, INS and DoS will soon begin discussions on expanding the process to other groups of aliens.

26. The IG has urged SSA to implement additional protections against issuance of multiple SSNs to children and to help State bureau of vital statistics to ensure records of hospital birth units and registered births match.  For example, it can take a couple of months to get a SSN through enumeration at birth, and parents may come into the Social Security office to request a SSN at the same time it is processing the information from the State BVS, sometimes causing infants to be issued multiple SSNs.  Also, some hospitals do not separate the duties of clerks gathering birth information from parents and clerks entering information into the hospital database, making it easier for someone to enter births for children who do not exist.  Is SSA implementing any of the SSA IG's suggestions?

The current Enumeration at Birth (EAB) contract expires on December 31, 2002.  SSA is pursuing OIG's recommendation for the Bureaus of Vital Statistics to perform periodic independent reconciliation of registered births with statistics obtained from the hospitals to verify the legitimacy of sample birth records by building it into its negotiations for the new EAB contracts, which will be effective January 1, 2003.

27. Fingerprints and photos have been accepted biometric identification for government documents for more than fifty years.  Why does the Social Security Administration not employ any sort of biometric identification to confirm identity?  Doesn't the absence of biometric identity confirmation put at risk innocent citizens with regard to their bank accounts, their credit, sometimes even their mortgage loans?

From the inception of the program, the Social Security number (SSN) card was never intended for use as an identity document.  If the Social Security Administration were to use biometrics to link the SSN card to the bearer to allow identity confirmation, the agency would become the trusted authority and authenticator of individual identity in the U.S.  We believe this task would have an adverse impact on our ability to fulfill our mission.  In addition, the use of biometrics would require the re-enumeration of every Social Security number holder at considerable cost.

We provided a report to Congress in 1997 on replacing the Social Security card with a plastic card that could include identifying information, such as a picture or biometric identifiers.  Several of the prototypes developed in this study are still valid examples of the kind of identity document in question.  The report found that issuing new Social Security cards with biometric information would cost from about $4 billion to $9 billion (in 1996 dollars), depending on the form of the card, and would require about 70,000 work years.

SSA’s Office of Inspector General and other SSA components continue to actively pursue information about potential technologies that we could use to support more accurate earnings reporting and to reduce benefit and SSN fraud.

28. The Social Security card is generally accepted to be very easily counterfeited.  Has the SSA looked into the processes used by the State Department for passports or visas or by the INS for the "Permanent Resident Card (green card)" or the Border Crossing Card?

We do not agree that the SSN card is “very easily” counterfeited.  It has numerous sophisticated security features that help to prevent counterfeiting.  These include:

• The front contains a marbleized light blue security tint, with the words "Social Security" in white.
• Intaglio printing is used in some areas on the front of the card. (Intaglio printing can be done only by certain security printing companies, on registered machinery.)
• The front and back contain yellow, pink, and blue planchettes (small discs). These can appear anywhere on the card, including the area on the card that contains the Department of Health and Human Services or Social Security Administration seal and the number holder's name and SSN.

Further, there are additional security features that we do not make a matter of public record.

While we have confidence in the current security features of the card, we are open to considering options that would make it even less subject to counterfeiting and use by identity thieves.

29. Should the Social Security Administration, or another federal agency such as the INS start issuing a number that can be used for identification, so that the SSN can be reserved only for payroll tax withholding and benefit awards?

SSA does not have a position on whether it or another federal agency should issue numbers that could be used for identification.  We believe that this is an issue for the new Department of Homeland Security, and we will be happy to work with them and provide any support needed.

30. How many individuals have been issued more than one SSN?  How does this happen?  What measures exist to prevent this from happening?

Before SSA implemented the Systems controls explained below, there were occasional rare instances where more than one SSN was erroneously assigned to a single individual.   We also know that there are limited cases where SSA has purposefully assigned a new SSN for domestic violence victims, those suffering continued harm due to identity theft, etc.

In July 1990, SSA implemented the Modernized Enumeration System (MES), which gave FO personnel the capability to take an SSN application using online screens rather than on a paper application form.  As part of the application process, MES searches the SSN database and returns possible matches when an application for a new SSN is entered.  This helps the field office identify a previously assigned SSN, and prevents assignment of a new one.

31. We know that non-citizens who are authorized to work are able to legitimately obtain SSNs for work purposes.  However, if they no longer are working in this country or have left the country, the SSN issued to them remains on record as being assigned to them.  Should some notation on SSA's record be placed to indicate that the individual is no longer working and/or residing in this country?  Should that number be valid for all times?

It should remain an INS responsibility to determine who is authorized to work, and to keep track of entry/exit from the U.S.  Employers, as part of the hiring process, can determine current status and work authorization by following INS’ I-9 rules.  We do not think SSA should duplicate this function.

Regarding the validity of the SSN for all times, the SSN needs to remain valid in case the number holder returns to the United States and is once again authorized to work.  The number is used to keep an accurate record of each individual's earnings and to pay and monitor benefits, including those paid under a Totalization agreement.

Chairman GEKAS. Thank you, Sam.

Yes, we invite the second panel to begin to take their places at the witness table. We call upon Charisse Phillips, Director of Fraud Prevention Programs, Bureau of Consular Affairs, U.S. Department of State; Robert Bond, Deputy Special Agent in Charge, Financial Crimes Division, U.S. Secret Service; Grant D. Ashley, Assistant Director, Criminal Investigative Division, Federal Bureau of Investigation; The Honorable James G. Huse Jr., Inspector General, Social Security Administration in Baltimore; Matthew Reindl, Operator of Stylecraft Interiors Inc. of Great Neck, New York; and, Chris Hoofnagle, Legislative Counsel, Electronic Privacy Information Center.

We state to the witnesses that their written statements will be accorded a place in the record, without objection. We will ask them each to try to limit their remarks, their reviews of their written testimony, to about 5 minutes. We will begin in the manner in which we introduced the panel, starting with Charisse Phillips.

You may proceed.

Ms. PHILLIPS. Mr. Chairman, thank you very much. I am very pleased to be here to testify before the Subcommittee this afternoon.

I have had the privilege of serving as the Director of Fraud Prevention Programs in the Bureau of Consular Affairs for 2 years now. Previously, I served in a number of consular sections abroad, where I had front-line experience with document fraud, and with attempts by criminals, terrorists, and hostile governments to obtain U.S. travel documents. I have been a consular officer for almost 17 years now.

The State Department has an integral interest in the quality of identity documents and vital records produced in the United States because those documents form the basis of U.S. passport issuance. The U.S. passport is perhaps the most highly valued document in the world, because of the many benefits and privileges it confers. It is not "just a document," it is the passkey into our country.

Let me tell you about the methadone moms. As these low-income women leave their drug-rehab clinics, they are targeted by alien smugglers. They are offered money, maybe a couple hundred dollars, to apply for passports for their own kids, but here's the catch. They will substitute photos of different kids, photos supplied by the alien smugglers.

Who are these substitute kids? In the majority of cases, they are the children of people who cannot bring those kids to the United States legally immediately. Those parents pay thousands of dollars for these fraudulent passports.

How do we know about this? Well, the proverbial alert passport employee. We are fortunate to have a cadre of trained, experienced, and loyal personnel who detect these attempts to obtain our passports through fraud.

The Bureau of Consular Affairs is in the business of preventing this kind of abuse of children and of travel documents. We have developed an extremely tamper-resistant passport. In fact, just last week, members of the Five Nations Conference told me what we have noticed ourselves, that our passports are now so good that alien smugglers have stopped trying to alter them.

Instead, now they are trying to get hold of them by other means. They are using look-alike travelers to match passports stolen from American tourists overseas. They are helping imposters apply for U.S. passports, using identities stolen from U.S. citizens in the United States. They are selling counterfeit documents--birth certificates, drivers' licenses, Social Security cards--to aliens for use in applying for passports. All these documents are available cheap on the Internet.

We are pretty good at detecting these false documents. We have done studies of our passport issuances, and we provide training and information to our passport staff to keep them alert. As home computers, the Web, and high-tech scanners, and photocopiers become more accessible, we need more and better tools for our people.

We need to be able to confirm Social Security numbers easily and routinely. Right now, our people put a lot of energy into developing informal contacts to help them confirm Social Security numbers and work histories. They rely on this information in suspect cases to help them quickly identify Americans who are just taking an innocent trip from the aliens, sometimes criminal aliens, who are seeking U.S. passports to evade the scrutiny of immigration officials around the world.

Our people also need help in confirming the bone fides of U.S. birth certificates. This country has more than 8,000 authorities issuing birth certificates and more than 50,000 different versions issued by States, counties, and municipalities.

We also need an easy way to verify drivers' licenses, the usual proof of ID submitted with passport applications. High-quality duplicates of State drivers' licenses are available on the Internet with only a removable sticker warning "novelty item" to deter criminals. Our passport workers have no way of verifying drivers' licenses either online or through routine access.

We call these kinds of documents "breeder documents" because they can all be used to obtain more identity documents. My office has, therefore, purchased the Social Security CD-ROM with death records of Social Security recipients going back to 1936. We have made this available to our passport and our visa personnel online.

We have begun to brief Social Security fraud investigators. We are trying to work with Social Security on a way to identify Social Security numbers online.

[The prepared statement of Ms. Phillips follows:]

Chairman GEKAS. We thank the lady for the testimony. I take it she is not completed with all that she wants to render, but perhaps during the question and answer period, some commentary will be forthcoming.

We will go to the second witness. You may proceed.

Mr. BOND. Mr. Chairman, thank you. Members of both Subcommittees, thank you for the opportunity to address the subject of identity theft and the Secret Service's efforts to combat this problem. I am particularly pleased to be here with my colleagues and partners in fighting identity theft from the Federal Bureau of Investigation, the State Department, and the Social Security Administration.

With the passage of new Federal laws in 1982 and 1984, the Secret Service was given primary jurisdiction for the investigation of access device fraud and parallel authority with other law enforcement agencies in identification fraud cases. The explosive growth of these crimes has resulted in the evolution of the Secret Service into an agency that is recognized worldwide for its expertise in the investigation of all types of financial crimes.

While advances in technology and the burgeoning use of the Internet has provided numerous benefits to the consumer through readily available credit and consumer-oriented financial services, it has also created a target-rich environment for today's sophisticated criminals, many of whom are organized and operate across international borders.

Identity theft is almost always a component of one or more crimes, such as financial crimes, violent crimes, or, possibly, the facilitation of terrorist activities.

Identity theft can affect all Americans, regardless of age, gender, nationality, or race.

The events of September 11 have focused the priorities and actions of law enforcement throughout the world, including the Secret Service. Immediately following the attacks, the Secret Service assisted the FBI and the joint terrorism task forces with their investigations through the leveraging of our established relationships, especially within the financial sector, in an attempt to gather information as expeditiously as possible.

The Secret Service is also involved in a collaborative effort to analyze the potential for identity theft to be used in conjunction with terrorist activities through our liaison efforts with Operation Green Quest, Operation Direct Action, FinCEN, and the Terrorist Financing Operations Section of the FBI.

Since our inception in 1865, the twin pillars of the Secret Service have been prevention and partnership building.

We simply could not fulfill our dual missions of protecting our Nation's elected leaders and safeguarding our financial infrastructure without two essential elements, incorporating preventative strategies and training, and building cooperative, trusted relationships with our local and Federal law enforcement partners.

A central component of the Secret Service's preventive and investigative efforts with regard to identity theft has been educate consumers and provide training to law enforcement personnel through a variety of partnerships and initiatives, including our 37 financial and cybercrime task forces the Secret Service has developed throughout the country.

The Secret Service has already undertaken a number of unique initiatives aimed at increasing awareness and providing the training necessary to combat identity theft and assist victims in rectifying damage done to their credit. This includes the development of a number of training tools designed to assist local law enforcement partners.

Ultimately, most identity theft cases are reported to and investigated at the local level, but too often, local law enforcement agencies lack the expertise, experience, and resources to sufficiently investigate electronic-based crimes such as identity theft.

In partnership with the International Association of Chiefs of Police, the Secret Service produced the "Best Practices for Seizing Electronic Evidence Manual." This pocketsize guide instructs law enforcement officers in seizure of evidence from personal computers to wireless telephones to digital cameras. To date, the Secret Service has distributed over 315,000 copies of this guide free of charge to local law enforcement officials.

We have also worked with this group and our private sector partners to produce the interactive and computer-based training program known as "Forward Edge," and this is "Forward Edge." It is a computer-based training program that takes the next step in training officers to conduct electronic crimes investigations. "Forward Edge" incorporates virtual reality features as it presents different investigative scenarios to the trainee.

Copies of State computer crime laws for each of the 50 States, as well as corresponding sample affidavits, are also part of the training program and are immediate accessible for instant implementation.

In short, any police department in the country, regardless of the size and the resources that they may have, now has access to state-of-the-art training on the seizure and preservation of electronic forensics evidence, which can be central to an identity theft investigation. To date, we have distributed over 35,000 of these training CDs, again, free of charge, to our local law enforcement partners.

Finally, the Secret Service and the International Association of Chiefs of Police are developing an "Identity Theft Roll-Call Video" geared toward local police officers throughout the Nation. This video will emphasize the need for police to document a citizen's complaint of identity theft, regardless of the location of the suspects. The video will also provide officers with instructions to assist victims who are seeking their reputations and credit worthiness.

In addition to preventive measures, legislation currently pending in Congress can further enhance law enforcement efforts to combat identity theft. Stronger penalties, increased enforcement, and continued focus on prevention and training are the ingredients to successfully combating identity theft in the future.

Mr. Chairman, that concludes my prepared statement. I will be happy to answer any questions that you or the other Members of the Subcommittee may have. Thank you, sir.

[The prepared statement of Mr. Bond follows:]

Chairman GEKAS. We thank the gentleman, we turn to the next witness, Mr. Ashley.

Mr. ASHLEY. Thank you, Mr. Chairman and Members of the Subcommittee. The FBI, along with Federal, State, and other agencies investigates persons who assume the identities of others to carry out violations of Federal law. These crimes include bank fraud, credit card fraud, violent crimes, mail fraud, money laundering, drug trafficking, bankruptcy fraud, computer crimes, terrorism, organized crime, and fugitive cases.

These crimes, as has been previously mentioned, include the use of false identity, both at the planning of as well as carrying out and continuation of the crime.

The false identity is providing a cloak of anonymity for the offender to prepare their crime, obtaining things such as covert mail drops, residence, office space, vehicles, and such, and then, finally, to carry on with the deception. This theft of identity or assumption of identity is not new to law enforcement. What is new is the pervasiveness through all the crimes. We are seeing it throughout most of our investigative programs in the FBI.

We do not see it as a separate and distinct crime in the FBI, but it is a component of the various investigative programs.

As has been previously mentioned, possession of a Social Security number is key to laying the groundwork for the process of taking over someone's identification and then obtaining other false documents, which can lead to drivers' licenses, loans, credit cards, and so on. It is also a crucial step in actually taking over a person's existing identity and then possibly, as has been mentioned before, depleting people's financial accounts, destroying their credit, and so on.

The FBI works very closely with other law enforcement agencies at the Federal, State, and local level to address crimes which are carried out through the use of stolen identities, as well as with the Inspector General of the Social Security Administration.

The FBI has participated in a recent identity theft sweep, which the Attorney General discussed earlier in May, as well as efforts to strengthen existing Federal laws and penalties with respect to identity theft. I believe that is in Senate bill 2541.

I was asked to provide an example of a case. Our New York division investigated the identity theft of six corporate executives, whose names were drawn from "Who's Who in America." Three of them were deceased. This case has been adjudicated. The victims were executives from Hilton, Coca-Cola, other major corporations. Essentially through an online information-broker, the offender obtained Social Security numbers and then other identification, and then made online purchases and others, using these persons' names. The total attempted amount was almost $1 million, and I think about $340,000 was obtained before this was shut down.

We are also seeing where people in positions of trust, both inside government and outside, are abusing their positions to access information about people that they can subsequently use for obtaining false identification. Our cyberdivision, which was recently created in our reorganization, will have a component of it that will address online identity theft issues, which will support our other investigative programs.

That concludes my remarks.

[The prepared statement of Mr. Ashley follows:]

Chairman GEKAS. Thank you, Mr. Ashley. We now turn to Mr. Huse, the Inspector General of Social Security.

Mr. HUSE. Good afternoon, Mr. Chairman, Mr. Johnson, and Members of both Subcommittees. I am pleased to be back here for the seventh time to talk about Social Security number integrity issues this year. So, I guess this is a pretty important topic.

Chairman GEKAS. You have to get it right this time.

[Laughter.]

Mr. HUSE. I will get it right this time.

[Laughter.]

Mr. HUSE. I am going to dispense with most of these oral comments because I think they've been made by others and just try to sum my testimony up into some key points.

One, I think as you heard from our Deputy Commissioner, the Social Security Administration has made an awful lot of progress since September 11 in dealing with the enumeration business process and trying to strengthen it. I have to acknowledge that.

However, there are still some things that have to be done. One of the most critical areas is the need for some legislation, and I know Chairman Shaw has his bill introduced, and that would be a big help.

The legislation we need would limit the use and display of the Social Security number already in circulation in the public and private sectors; enhance the present arsenal of criminal, civil, and administrative penalties to deter and/or punish identity thieves; and require cross-verification of Social Security numbers through both governmental and private sector systems of records to identify and address those anomalies that will come out of that process.

This is the most common-sense way and readily available way to bring back some integrity into the Social Security number without a lot of new bureaucracy. I can't urge anything more. That is what I really came to say this afternoon.

I think that there has been a significant amount of focus on these issues, but we come to a point where there is a natural dilemma that is present between the legitimate interests of law enforcement and the legitimate interests of social insurance and privacy. These all collide, and we need the Congress's help in determining how we go forward from here, while we preserve the best intentions of each of those pieces of legislative action in the past.

There is a tension there, and it can't be ignored. Some of the problems that we speak to here today come from those issues that need to be addressed.

That is the substance of why I came here this afternoon, and I would be glad to answer any questions during the question period.

[The prepared statement of Mr. Huse follows:]

Chairman GEKAS. We thank you, and now we turn to Mr. Reindl from New York.

Mr. REINDL. Chairman Gekas and Members, thank you for the privilege to testify today. My name is Matthew Reindl. I operate of a small family-owned woodworking factory. I am here to speak for the tens of thousands of law-abiding small-business owners who are being adversely affected, many forced to close, because of the illegal hiring practices of some of our competitors. These unlawful employers are able to operate because of the lack of enforcement by some Federal agencies, such as INS and IRS.

On behalf of the majority of businesses who carefully comply with Federal tax and wage reporting requirements, I want applaud Commissioner Barnhart for directing the Social Security Administration to send out the much-publicized letters to employers and employees with mismatched W-2 wage items.

If a mismatch of Social Security numbers is not a typo, it means that the person has false identification. The government has no idea who this person is, where this person came from, or what the person is doing in the country. We have no way of knowing if this undocumented person is a terrorist here with the intent to harm our Nation.

In the wake of the September 11 murders, no American can oppose the Social Security Administration's need to share information with the INS. The INS needs to investigate those companies which knowingly employ illegal workers and penalize them.

I hope that President Bush will require the other Federal agencies to enforce wage and labor laws so that my company will no longer have to compete from a disadvantage. Our company is a family business formed by my grandfather in 1951. It took him 20 years from when he entered the country legally to open a woodworking factory with the money he saved.

With other legal immigrants at his side, he made the American dream happen. The factory was passed on to my father and now on to me, the third generation.

Our company has employed Turks, Armenians, Haitians, Italians, Yugoslavians, and also a Jewish Holocaust survivor from Holland. The diversity of our shop makes our conversations lively.

Many of my employees waited 5 to 7 years to enter our country legally. They did the right thing. They obeyed our laws. Now people who broke the law are keeping down their wages. They wonder why both the Federal and State governments refuse to enforce any laws when it comes to illegal immigrants.

Our company pays withholding taxes and fair wages to our workers. We pay the entire cost of health insurance. However, with increasing competition from employers using illegal aliens, I fear we will not be able to provide health insurance to our employees. In fact, I may even be forced out of business. Unfortunately, my company has to compete with employers who are paying off the books and committing workers' compensation fraud, unemployment fraud, Federal and State tax fraud, and Social Security fraud.

In my written testimony, I have created a simple illustration that compares the cost of a legitimate employer to that of a lawbreaking employer who pays $500 per week off the books. My example shows that the labor costs for the honest, law-abiding employer are roughly 80 percent higher than for the employers hiring illegal workers.

Chairman and Members of the Subcommittee, Federal law prohibits anyone from hiring illegal aliens. Local governments, private and church organizations, are setting up so-called hiring sites so that legal and illegal immigrants can work off the books and disregard Federal and State laws. Long Island towns, such as Farmingville, Glen Cove, Freeport, Huntington, and Farmingdale, have these unorganized and organized hiring sites and many more are emerging.

Without employment or the hope of employment, illegal aliens would not be tempted to enter our country in violation of our laws. Employers need to be prosecuted for hiring illegal workers, and legal immigrant workers need to believe that all employers respect our laws.

I honestly believe that there are a growing number of businesses that hire illegal aliens. If there is no enforcement, that number will grow and grow and grow.

The Federal Government cannot allow a criminal minority of employers to profit from illegal labor practices. It undermines the founding principles of our Nation. When employers ignore immigration law, it tends to lead to other laws being broken, such as Social Security fraud, workers' compensation fraud, and income tax fraud. Because of the lax enforcement from other agencies of government, honest, law-abiding employers are being punished.

That concludes my testimony, and I look forward to your questions. Thank you.

[The prepared statement of Mr. Reindl follows:]

Chairman GEKAS. Thank you. We turn to the final witness, Mr. Hoofnagle.

Mr. HOOFNAGLE. Good afternoon. Mr. Chairman and Members of the Subcommittee, my name is Chris Hoofnagle, and I am Legislative Counsel with the Electronic Privacy Information Center (EPIC). The EPIC is a not-for-profit research center that focuses on privacy and civil liberties.

Since our founding in 1994, we have been extensively involved in the privacy of the Social Security number. Most recently, we submitted an amicus brief in Remsburg v. Docusearch, the Amy Boyer case.

As many of you probably remember, in that case, a young woman was stalked and killed based on information provided by a commercial Social Security number lookup company.

We believe that good privacy can make good security, and that in this area, we need to protect the Social Security number so that criminals and terrorists do not use it to attack us and our country.

The Social Security number plays an unparalleled role in the identification, authentication, and tracking of all Americans. Identity thieves know the value of a Social Security number, and that is why we believe that limiting the collection and the use of the Social Security number is critical to stemming the growing tide of identity theft.

My colleagues on this panel have outlined the extreme harm that identity theft causes. According the Privacy Rights Clearinghouse, somewhere between 500,000 and 700,000 Americans are victimized by this crime every year. Victims often do not discover the crime has occurred until many months after their identity has been stolen. They spend many hours of their time and substantial sums of their money to fix their credit report and to expunge criminal records that might have been created in their name.

Since September 11, 2001, there has been a renewed focus on this crime, as identity theft could be used both to raise funds for and to actually commit acts of incredible destruction.

The majority of identity thieves still use low-tech methods to acquire our personal data. While there are general fears of transmitting credit card numbers and other personal information over the Internet, the biggest risk from identity theft still comes from criminals who steals our mail or sorts through our trash in order to get our personal identifiers.

Other low-tech methods to steal identifiers are also common. Employees of businesses that collect the Social Security numbers are in a unique position to obtain many personal identifiers. In my written testimony, I cite to a recent case involving a branch of Bally's Health Spa in Cambridge, Massachusetts. There an employee was caught stealing Social Security numbers to open bank accounts, possibly for the commission of terrorism.

The Bally's case raises an important point about private sector use of the Social Security number. In most cases, it is wholly unnecessary for a business to even collect the Social Security number. Collecting the Social Security number creates risk for the individual. Businesses should be encouraged to use alternative identifiers.

Discouraging the use of the Social Security number should be a primary concern of Congress, especially when one considers how the business community uses the identifier. Some businesses use the Social Security number to identify individuals while other businesses use it as a password. This means that the Social Security number is used widely as both an identifier and as an authenticator.

From a security perspective, this doesn't make sense. It is the equivalent of using the same user name and password to access your e-mail, for instance, but identity theft risks are not only created by bad business practices. Public records are increasingly playing an increasing role identity theft. As Americans have more interaction with our growing government, we leave trails of our activities in the form of public records. Court case files, marriage license, and other public records are creating a trail of our personal identifiers from cradle to grave.

It is important that Congress act now to remove the Social Security number from public records.

Two States, California and Georgia, have both recently enacted common-sense Social Security number legislation that will likely stem the tide of some identity theft.

In California, Senate bill 168 was signed into law last year. The bill prohibits public posting of the Social Security number. It also prohibits the printing of the Social Security number on an identity card. Most importantly, it prevents the mailing of an invoice or a bill to a consumer with an Social Security number on it.

In Georgia, Senate bill 475 now requires businesses to safely dispose of documents that might contain personal identifiers on it. They have to shred records, or they have to actually erase computer hard drives.

Despite these significant steps forward, we still lack comprehensive protections. We believe that H.R. 2036, the Social Security Number Privacy and Identity Theft Protection Act of 2001, which enjoys strong bipartisan support, would create a framework of protection to reduce identity theft and to protect privacy.

With that, let me conclude my remarks, as I have run out of time. Thank you.

[The prepared statement of Mr. Hoofnagle follows:]

Chairman GEKAS. I think we all have.

[Laughter.]

Chairman GEKAS. The Chair, in consultation with the Co-Chair here, we have decided that we will pose whatever questions we can with the remaining Members, and then ask the panel to acquiesce to written interrogatories that we my submit to them pertinent to their testimony.

Very quickly, I would like to ask Mr. Reindl if he believes that there is more to this than the failure of the INS to crack down on illegal aliens. Is the Social Security Administration also at fault, in your view?

Mr. REINDL. I think it is good that they are putting out those letters and putting people on notice if there is a mismatch. So, in a way, it is kind of helping the illegal immigration situation. So it is beneficial.

Chairman GEKAS. It is beneficial that the Social Security Administration is using that procedure.

Mr. REINDL. Right, with the INS. I think so.

Chairman GEKAS. The sharing the information.

Mr. REINDL. The sharing information is good, yes.

Chairman GEKAS. The first three witnesses, I would like to ask this question, having to do with the tamper-resistant passport, which was mentioned, and also the fact that the passport is the universal key to entry into the United States.

I remember an incident--in fact, we were briefed on it--where, in Afghanistan, our personnel found in a cave many, many different passports fraudulently produced that could have ostensibly been used for the passkey to the United States.

How would we have stopped the use of such a passport, if it were expertly, fraudulently produced? Would that have allowed a terrorist to come in and do his worst?

Ms. PHILLIPS. Well, I can say that, for instance, my office has created a database of blank foreign travel documents that are reported missing, so that they cannot be used. We share this information with INS. In fact, we put them out in the form of intelligence alerts that goes to a number of Federal agencies and State law enforcement offices, even to the military.

We also train our personnel to detect counterfeit or altered passports that people are presenting in the course of a visa application.

Chairman GEKAS. So, you are saying that the routine conduct of checking the passport would probably yield the fact that this was fraudulently produced?

Ms. PHILLIPS. Most of the foreign passports that are altered are something that we can train people to detect.

Chairman GEKAS. Do you have any comment on that?

Mr. BOND. From the Secret Service's perspective, we have noticed in the cases where we are working identity theft, where we seize an electronic piece of equipment--be it a computer, Palm Pilot, whatever; in most cases, computers--that they will have all different kinds of identities on those computers that are being counterfeited. Some of the identity is changed or altered off of originals that are stolen, and then they use those base plates, I guess, for a passport or a driver's license or a Social Security number, to then change different numbers and identification pieces of information on that document to make it look like an original document.

So, we are training our investigators in the field to take a close look at computers when they are seized. It is a partnership with law enforcement, be it at the State level, the local level, or the Federal level, to ensure that we are getting those guys that are in the process of making identification out there.

Chairman GEKAS. From the FBI, how would you assess this batch of passports found in a cave?

Mr. ASHLEY. Well, they do present a risk, obviously. It is another means for somebody to try and get into our country. We are fortunate with our joint task forces that there is presence of INS and State Department on many of them.

In my previous experience, before I reported earlier this year, I was assigned to Las Vegas as the agent in charge. We had some issues, and the State Department personnel were very helpful in resolving those on the scene.

So, I think that while it is a problem, the agencies are working well together.

Chairman GEKAS. I begin to get the theme of what we are all hoping will be the case, a complete sharing of information, and helping one another find the culprit and produce investigations and convictions and expulsions, et cetera.

I yield back the balance of my time.

Chairman SHAW. [Presiding.] Mr. Chairman, I would yield, since we have only about 2 minutes before we are going to have to go over the Capitol in order to cast our votes.

Are there any Members who wish for me to yield to them? Mr. Hayworth?

Mr. HAYWORTH. Thank you, Mr. Chairman.

Ms. Phillips, hearing the testimony of the Deputy Commissioner who proceeded you on panel one, I have real questions about student visas and the issuance of same. Do you have any documentation on the numbers of Iraqi students who have come into this country to study?

Ms. PHILLIPS. We can tell how many visas we have issued to people who are Iraqi citizens, but we are unable to say if they have actually entered the United States or if they have entered the United States in some other manner and then gained permission from INS for student status. We could say how many people of Iraqi heritage have gotten student visas.

Mr. HAYWORTH. So, again, for the student status, we would look to the Immigration and Naturalization Service?

Ms. PHILLIPS. Right.

Mr. HAYWORTH. Okay, I thank you.

Chairman SHAW. I yield to anyone on the minority side. Mr. Becerra?

Mr. BECERRA. Quick question. Thank you, Mr. Chairman.

To Mr. Hoofnagle, the laws that you mentioned, the State laws in Georgia and California, since they have been implemented, can you tell us how they have worked? Any results yet? Have they worked well?

Mr. HOOFNAGLE. It is still too early to tell. The California law takes effect partially in 2003, and then it will take full effect in 2005. The Georgia law took effect in July of this year, and many businesses are now coming into compliance with it.

If I could use this opportunity to address Social Security number use, Representative Hayworth earlier mentioned during the previous panel that there is a problem with universities requesting Social Security numbers perhaps fraudulently. That practice could be limited. The problem we have is that many universities and other places are requiring the Social Security number as an identifier. If we can cut down on that practice, we can cut down on circulation of Social Security numbers, just how Georgia and California have.

Mr. BECERRA. Good point. Thank you very much, all of you, for your testimony.

Chairman SHAW. Ms. Jackson Lee?

Ms. JACKSON LEE. Let me thank both Chairmen for this very important hearing, and I just want to restate something--Chairman Shaw, I don't think you were in the room. It is that the task force is working, the combination of the State Department and I believe the FBI and others along with the INS. I want to state for the record that false passports are still being made, but the technology and the expertise is more enhanced, Mr. Chairman, inasmuch as I viewed firsthand the connection between the State Department and the INS by Chinese smugglers smuggling people into an international airport. Because of a list that was given, the passports were checked and scanned, determined to be false, and the individuals were immediately intercepted as they got off the plane.

Systems are working. We just need to improve them and, as well, to be able to provide the resources necessary.

Thank you, Mr. Chairman.

Chairman SHAW. I want to thank this very distinguished panel. I have particularly a very long question, which I will submit in writing, regarding seaport security, which is something I am very concerned about, representing two very active deepwater ports, Port of Everglades and the Port of Palm Beach, which I will submit, together with some other questions.

I want to thank you all for being here. You have added tremendously to our knowledge in trying to work through this whole situation of the fraudulent use of Social Security numbers. Both in the area of crime as well as we are finding in the area of terrorism. It is becoming a big, big problem, and it is something the Congress needs to address, and it something the Administration needs to address.

We will be very busy doing so for the balance of this Congress and well into next year.

Thank you all very much for being here, and we are now adjourned.

[Whereupon, at 2:57 p.m., the hearing was adjourned.]
[Questions submitted from Chairman Shaw to the panel, and their responses follow:]

U.S. Department of State
Washington, DC 20502

1. Mrs. Phillips’ testimony stated, “One tool that will help our officers is on-line access to Social Security Administration records.”  To what degree does the Department of State’s Bureau of Consular Affairs require information or other assistance from the Social Security Administration (SSA)?  For example, does the Bureau of Consular Affairs currently have any automated data exchange with the SSA to facilitate confirmation of valid Social Security numbers (SSNs) and the associated identity of the person to whom the SSN was originally issued included in U.S. Passport applications?  Is there information you currently need that you are not receiving or are not receiving timely from the Social Security Administration?  If so, what information, and do you know the reasons for the non-receipt or the delay in receipt?    What results would receiving such information or receiving such information more timely produce?

The Department needs access to the Social Security Administration’s (SSA) compilation of Social Security Numbers (SSNs), including year and state of issuance, and death records.  The death records consist of 70 million names of individuals whose estates have filed for death benefits under their social security numbers.  We could use these databases to verify that SSNs provided by passport applicants are valid and refer to the respective applicant, and were not issued to an individual who is deceased.

Passport Services currently has very limited electronic verification of SSNs.  Our Passport Specialists use a static table populated with SSN data, including the year and State of issuance, covering the period 1951 through 1999.  The Department is working with the SSA to establish an electronic link that will give us more complete access to current SSN data and to death records.

2. Operation Tarmac has just scratched the surface of the potentially tens of thousands of illegal aliens and smaller number of U.S. citizens using false identities who hold security clearances issued by private companies under contract to municipal and government agencies.  If such people represent an unacceptable risk at airports, aren’t they also a risk for buildings and facilities operated by the U.S. Department of State within the United States and worldwide? What is the Department of State doing, going forward, to “clear out” these high-risk workers?”

Perhaps the term “security clearances” used in this context, is a misnomer.  “Access authorization” may be a more fitting term.  It should be noted that private companies do not issue security clearances.  It is standard procedure to require all contract employees be put through a vetting process, prior to granting access to the Department’s facilities.  This is designed to mitigate the threat of “high-risk” employees in the workplace.  The vetting process is similar to the one used for determining eligibility for a secret level clearance.  This includes a National Agency Name Check to verify identity, conduct criminal records inquiries, and determine hiring eligibility.  Upon successful completion of the vetting process, the contract employee is granted authorization to access the Department’s facilities under escort by a direct-hire employee with Top Secret clearance.  We note that contract employees are not permitted to escort others.

Access to national security information carries further restrictions, limited on a case-by-case basis; granted only to those having a “need to know.” Authorization is rescinded when the employee’s duties no longer require such access.  Looking to the future, the Department is proceeding with a revitalized security updating program for all employees, and recently implemented a “smart card” identification card system to provide tighter access controls.

3. We know that identity theft is pervasive and is increasing at an exponential rate.  The U.S. Passport is the only equivalent to a national identity document issued by an agency of the Federal government.  Has the State Department any initiatives under consideration to provide a “wallet sized, tamper proof” U.S. Passport equivalent to U.S. Passport holders who would be willing to pay for such an identity card?

The Department is researching the possibility of issuing an advanced memory card to be used as a travel document that attests to U.S. citizenship and identity.  Eventual implementation requires bilateral agreements with other governments willing to accept such documents.  An important first step has been taken by the international community (through the International Civil Aviation Organization (ICAO)) by defining a basic “passport card” standard.  However, we in the United States are focusing on technical capacity to produce such a document.  We are not yet ready to engage in formal discussions with other governments as to acceptability.

The concept of a passport card has been discussed for at least 10 years, and early models of passport cards date back to the 1960’s.  With recent technological advances, and advances in specifications that enable the technology to be standardized, the concept of an interoperable passport card is now closer to reality.

4. A March 2002 GAO study described a 40% increase in identity thefts reported to the Social Security hotline during a seven-month period in 2001, over the same period in 2000.  Mrs. Phillips’ testimony described the assistance provided by the Consular Affairs’ Office of Fraud Prevention Programs to the SSA’s fraud investigators.  She also described assistance to the National Association of Public Health Statistics and Information Systems and Social Security Administration to automate their birth and death records.  What additional resources are required from federal government agencies to stop the increasing levels of identity theft?

First:  Standardization of birth records and electronic access to state birth and death records.  These are most important – the birth certificate is the primary document used to establish entitlement to U.S. citizenship and is easy to obtain.

Also, access to the INS’ naturalization database is a resource that would benefit us immensely.  Access to this database would help our passport adjudication and identity confirmation process, prevent citizenship fraud and avoid duplication of data entry and adjudicative effort by both agencies.  The Bureau of Consular Affairs has opened discussions with INS on this.

Recently introduced bills in the Congress would mandate a common national format and security features for driver’s licenses.  The Department supports enactment of legislation to standardize U.S. driver’s licenses.  The driver’s license is a principal form of identification that passport applicants present and is critical to our adjudication process.

5. What should Congress consider to stop the wholesale document fraud that has made it very difficult to distinguish illegal aliens from U.S. citizens and made it easy for terrorists to obtain counterfeit documents?

Determining an individual’s identity and citizenship, whether in the context of an application for a U.S. passport or otherwise, is certainly complicated by the lack of uniformity between local governments in the creation and maintenance of vital records, and in the issuance of drivers licenses or state ID’s.  Nevertheless, the Department of State believes that our passport process is quite secure and that our process serves to both deter and to detect attempts to commit citizenship fraud.

Local governments should not be in the position of adjudicating an individual’s citizenship.  Nationality law cases can be both legally and factually complex.  In a small minority of cases, even individuals born in the US may not have acquired US citizenship, or may have lost citizenship at some point in time.  At present, a US passport, a Certificate of Naturalization, or a Consular report of Birth Abroad are the principal documents establishing an individual’s citizenship.  Because only twenty percent of US citizens have a passport, the majority of citizens never apply for any official document attesting to their citizenship.

6. It sounds like the INS has been the only agency that has actively pursued organized criminals who manufacture counterfeit Social Security cards for “wholesale distribution.”  What programs has your agency initiated to combat the widespread use of counterfeit Social Security cards and false or stolen SSNs.?”

Statutory authority limits the Department’s involvement, through the Bureau of Diplomatic Security (DSS), to violations pertaining to passports and visas.  Fraudulent social security cards, however, can and indeed frequently do provide a nexus.  Accordingly, DSS has conducted, and continues to conduct undercover operations with a view towards dismantling organizations, and apprehending individuals engaged in the production or procurement of fraudulent documentation.  Indeed, the bulk of recently implemented DSS undercover operations are being conducted with the active participation of INS, USCS, DEA, state and local law enforcement entities.  Recent DSS undercover operations have been successful in closing down organizations engaged in the full-scale production of fraudulent identity packages, which included birth certificates, driver’s licenses, and social security cards, used in application for U.S. passports.  Additionally, our undercover operations successfully targeted organizations that had obtained genuine U.S. passports, which were later altered for use by individuals who were not entitled to them.  Further, standard procedure calls for referring developed case information to the appropriate authority whenever DSS investigations uncover criminal activity outside of its core statutes.   It should be noted that fraudulently obtained social security cards are often used as a means of identification, along with driver’s licenses, when submitting bogus passport applications (DSP-11).  In block 6 of the DSP-11, the applicant is requested to write or type his/her social security number.   Use of a fraudulent social security card for identification purposes or providing a false social security number on the DSP-11 constitutes a violation of 42 USC 408, a five-year felony.  For this reason, DS agents in the field often conduct joint investigations with Special Agents assigned to the Social Security Administration OIG.

7. The SSA IG has emphasized the need to quickly implement the Enumeration at Entry (EAE) initiative, which will assign SSNs to certain immigrants who need one at the point they are legally admitted to the United States.  Could you explain the Department of State’s role in EAE?  Do you think it will help prevent fraud in assigning SSNs to non-citizens?  What other benefits do you think will result from EAE?  SSA has been working on this initiative since 1999; what has caused the delay in implementation?  What has the State Department been doing to help get this initiative under way?

The Bureau of Consular Affairs welcomes the Social Security Administration's efforts to obtain immigrant visa records electronically to support its enumeration of newly arrived immigrants admitted for permanent residence.  We have updated the software in our modernized immigrant visa system to accommodate Social Security's data needs.  We just deployed a beta test of this system to Manila.  After Manila, several other posts will also test it.  This datasharing has three partners, the Bureau of Consular Affairs at State, the Immigration and Naturalization Service and Social Security.  All parties are working together very closely.  The initiative will reduce fraud in enumeration and encourage interagency cooperation in providing benefits to immigrants.

8. We understand that the EAE initiative will assign numbers to persons legally admitted for permanent residence.  Will this initiative be expanded to persons temporarily admitted to the U.S. for work purposes (e.g. seasonal workers, au pairs, etc)?  If not, what would you suggest to help ensure SSNs are properly assigned to these individuals in a timely manner?

The Social Security Administration has contacted the Bureau of Consular Affairs about extending this initiative beyond immigrants to nonimmigrants, such as temporary workers or exchange visitors, who need social security numbers.  The Bureau of Consular Affairs welcomes the idea and our Bureau and Social Security are planning to hold an interagency meeting, hosted by Social Security, on this topic before the end of October.

9. In light of troubling reports from law enforcement at both the Federal and State level that counterfeit birth certificates and loose local control of birth and death certificates exist, what can Congress do legislatively to tighten up such lax controls and make it more difficult to counterfeit a birth certificate?  What revisions and/or new laws would provide law enforcement the necessary tools needed to stop these types of crimes?  What further recommendations can you provide to Congress in this area?

The Department supports implementation of the provisions of IRAIRA ’96 which established the interagency Task Force, chaired by INS, to define and publish as regulations security standards for State birth certificates.  The Task Force has been slow to act.

The Department also supports the enactment of legislation that would mandate that only birth certificates issued by State authorities (as opposed to local authorities) are valid for Federal uses.  We also believe that unrestricted public access to birth records via the Internet should be prohibited.

More and more local governments across the nation are establishing websites on the Internet that permit direct, unrestricted, on-line access to actual birth records.

Since the Department generally accepts certified copies of state and local U.S. birth records as primary evidence of U.S. citizenship for passport application purposes, we are very concerned about the vulnerability of vital records accessible over the Internet.

Records posted to the Internet can be accessed, downloaded, altered and/or printed out by anyone with a home computer.  Individuals can match their age, gender or other facts of birth and request certified copies of genuine records from the county or state.

The National Association of Public Health Statistics and Information Systems (NAPHSIS), a locally-based national association of State vital records and public health offices, has contracted with the Social Security Administration (SSA) to design the Electronic Verification of Vital Events system (EVVE), an on-line verification process.  Short-term pilots began in August 2002. While we are enthusiastic about the EVVE process, we recognize that this is a long-term project involving non-government organizations and the fifty states, each of which has different rules as to document availability, systems development and funding.  We anticipate that the project could take 10 or more years to complete, but we believe that the project could be expedited through increased Federal Government emphasis on the initiative.

10. Terrorists exploited the weak procedures for document issuance of several States to obtain valid, but improperly issued, identity cards, which allowed them to engage in their terrorist activities on September 11, 2001.  Virginia has made reforms to drivers’ license procedures since then.  Mrs. Phillips’ testimony suggests it is still a problem in many States.  How do we get other States to reform their practices to make it more difficult for terrorists to get State issued identification?

Recent bills introduced in the Congress would mandate a common national format and security features for driver’s licenses.  The Department supports enactment of legislation to standardize U.S. driver’s licenses.  The driver’s license is a principal form of identification that passport applicants present and is critical to our adjudication process.

The American Association of Motor Vehicle Administrators (AAMVA) is a voluntary, non-profit, tax exempt, educational organization.  AAMVA represents the state and provincial driver license and law enforcement officials in the United States and Canada, who are responsible for administration and enforcement of laws pertaining to the motor vehicle and its use, including licensing.  AAMVA encourages uniformity and reciprocity among the States and provinces, and liaison with other levels of government and the private sector.  The States are generally willing to accept standardization and AAMVA is developing uniform standards, but we believe that implementation of a common national format for U.S. driver’s licenses could be expedited through a Federal mandate.

11. Federal law enforcement has informed the Congress and the public of a continuing threat from terrorists using false identities.  The practices of some Federal agencies and many State agencies have made it relatively easy to obtain valid identity documents using counterfeit source documents.  Should there be Federal laws setting minimum standards for confirming identity before issuing identity documents to reduce this vulnerability?

The Federal law defining a passport states that it is a document showing the bearer’s origin, identity and nationality.  The Department may not issue a passport until it is satisfied with an applicant’s identity.  See 8 USC 1101 (a) (30) and the supporting passport regulations, 22 CFR, Part 51.  We believe at this point that the present broad cooperation among the states and federal agencies creates the right environment for achieving the national goal of secure basic identity documents.

12. Mrs. Phillip’s testimony indicated that on-line access to Social Security records will enable your agency to compare documents submitted against official data bases, and will improve the accuracy and integrity of the citizenship and identity confirmation processes.  She also said that your Agency has done preliminary work with SSA and State Vital Statistics Offices toward this goal.  Can you describe specifically what work has been done?  Will this goal be achieved?  What is your timeframe?

The Department has discussed with the Social Security Administration (SSA), the feasibility of establishing a data link that would provide the Department with access to current SSN data and death records.  Both agencies have identified the fields that are available that might be used in the data exchange process to confirm identities.  The next step will be to determine the feasibility of establishing a communications network between the two organizations.  Systems groups from both organizations would need to be heavily involved in the development process to ensure that the final goal is achieved.

Until the data link can be established, passport specialists continue to have access to static SSN reference tables that assist in determining that SSN data provided by passport applicants is accurate.  In addition, the Department recently upgraded its Photodig Travel Document Issuance System to include a new Social Security matrix that provides information that can be used to validate a social security number and the state and date of birth provided by the applicant.

The Department has held discussions with SSA and NAPHSIS regarding getting access to EVVE database that is currently being designed and tested to bring all State-level records of births and deaths together. Access to this database will enhance the integrity of the passport issuance process by significantly inhibiting the use of false or misappropriated supporting documents.

This is a long-term project that could take 10 or more years to complete, but we believe that the project could be expedited through increased Federal Government emphasis on the initiative.

U.S. Secret Service
Washington, DC 20223
October 31, 2002

The Honorable Clay Shaw
Chairman
Subcommittee on Social Security
House Committee on Ways and Means
U.S. House of Representatives
Washington, D.C.  20515

Dear Mr. Chairman:

I am writing to respond to a series of questions the Subcommittee has submitted for the record, pursuant to my testimony before the House Ways and Means Subcommittee on Social Security and the House Judiciary Subcommittee on Immigration on September 19, 2002.  The subject of the hearing was “Preserving the Integrity of Social Security Numbers and Preventing Their Misuse by Terrorists and Identity Thieves”.  I hope the information below is useful to the Subcommittee as it further examines this important issue.

1. Sheik Mohamed Abdirahman Kariye is currently being held without bail in Portland, Oregon under charges that include false information while applying for and receiving three different Social Security cards between 1983 and 1995.  Does the Secret Service request information from the Social Security Administration that would identify people who have received multiple Social Security numbers and/or who have requested/received multiple Social Security cards?

Answer: The Secret Service requests information from the Social Security Administration when there is a specific investigative need in a case involving a Secret Service core violation. 

Does the Secret Service utilize “data mining” techniques to identify investigative leads for professional identity thieves and terrorists?

Answer: As part of our efforts to investigate identity theft and other financial crimes, the Secret Service does apply such techniques to data our agency receives from other sources.

Is there information you currently need that you are not receiving or are not receiving in a timely manner from the Social Security Administration?

Answer: No.  The Secret Service consistently receives sufficient information in a timely manner from the Social Security Administration.

2. Operation Tarmac has just scratched the surface of the potentially tens of thousands of illegal aliens and smaller numbers of U.S. citizens using false identities who hold security clearances issued by private companies under contract to municipal and government agencies.  The Secret Service is an important security element for federal government buildings and for key government officials.  Has the Secret Service sought the assistance from Immigration and Naturalization Service (INS) and/or the Social Security Office of the Inspector General to initiate similar reviews of security clearance documents for contract employees with access to federal buildings? If not, why?

Answer: The Secret Service is responsible for the security of the White House Complex – which includes the White House itself, the Eisenhower Executive Office Building and the Department of the Treasury – and the Naval Observatory, which serves as the residence of the Vice President.  The Secret Service follows a number of well-established procedures to ensure that only appropriate individuals have access to those buildings and sites under our control.

If people who have obtained security clearances using false identity documents represent an unacceptable risk at airports, aren’t they also a risk for subway systems, railroads, federal government offices, hazardous material sites, and government weapons laboratories and nuclear power plants?

Answer: Individuals who obtain security clearances by any type of deception are always of concern, especially when such individuals access sensitive venues.  However, security clearances are typically provided by the government agency with oversight authority for a specific location. The Secret Service has no jurisdiction to implement security programs at subway systems, railroads, most federal government offices, hazardous material sites, weapons laboratories and nuclear plants.

Doesn’t the Secret Service have a responsibility to initiate actions to “clear out” these high risk workers?

Answer: The Secret Service does not have statutory authority to initiate investigations of “high risk” workers other than those employees or contractors who may be working at federal buildings secured by the Secret Service.

3. We know that identity theft is pervasive and is increasing at an exponential rate. In your testimony, you noted that the Administration strongly supports the provisions of S. 2541, the “Identity Theft Enhancement Act of 2002” introduced in the Senate.  Will the increased penalties for identity thieves proposed in the bill be sufficient to curb this kind of crime?

Answer: The Secret Service strongly supports the enhanced penalties set forth in S. 2541.  These increased penalties will not only provide the appropriate level of punishment, but also serve as an effective deterrent for those considering engaging in this form of fraud.

Are there other changes in law you would recommend?

Answer: The Secret Service supports any initiatives that will make identity theft more difficult and our personal information more secure.  Specifically, we note that while section 1028 of Title 18 criminalizes the use of another individual’s information to commit a crime, it does not address the sale of personal data.  Currently, there are no federal criminal statutes to address such sales by brokers who are often found in computer “chat rooms” and other similar forums.

4. What do you see as the next frontier for identity thieves, as far as emerging sources of personal information? What changes in current law could be made to cut off new avenues of information that identity thieves would use?

Answer: The continued growth of the Internet, e-commerce, and the increased connectivity between individuals, businesses, and government will only increase the availability of personal information.  We should expect that as technology continues to evolve, so will its criminal abuses.  In order to preserve the security of confidential personal information, there must be incentives for private industry to take steps necessary to safeguard it.

5. A March, 2002 GAO study described a 40% increase in identity thefts reported to the Social Security hotline during a seven-month period in 2001, over the same period in 2000.   Should we expect a continuation of this rate increase?

Answer: The number of cases reported is likely to continue to increase as the public becomes better educated about identity theft, and greater efforts are made to statistically document the various forms of identity theft.

6. What should Congress consider to stop wholesale document fraud that has made it very difficult to distinguish illegal aliens from U.S. citizens and made it easy for terrorists to obtain counterfeit documents?

Answer: The issue of counterfeit documents, particularly “breeder” documents such as drivers’ licenses and birth certificates, has been a growing problem within the United States.  Of particular concern is the dependency of terrorist organizations on counterfeit documents, particularly travel-related documents, which are used to facilitate unimpeded travel between countries.  Congress may wish to further examine potential remedies to this problem, and include in that discussion any interested law enforcement and government agencies, as well as private sector representatives, who could provide valuable insight and expertise with respect to this issue.       

7. It sounds like the INS has been the only agency that has actively pursued organized criminals who manufacture counterfeit Social Security cards “wholesale.” What programs has the Secret Service initiated to combat widespread use of counterfeit Social Security cards and false or stolen SSNs?

Answer: As part of our investigative mission, the Secret Service actively investigates the manufacturing of counterfeit Social Security cards, birth certificates, driver’s licenses, employment identification cards and other counterfeit government documents. The Secret Service, both individually and with task forces throughout the country, is focused on the suppression of counterfeit identification plants.

8. Are operations similar to “Operation Tarmac: (i.e., ID checks conducted at airports) being considered at other entry points, such as seaports? To what degree are full background checks being conducted? Can you provide any particular details regarding recent arrests or investigations relative to entry points into our country? What suggestions do you have relative to the issues we are discussing today, particularly preventing SSN fraud, to help secure our seaports?

Answer: The Secret Service does not have jurisdictional authority over security at entry points and does not conduct background checks for entry points. 

I hope this information is helpful to the Subcommittees.  If I can answer any additional questions, or provide any further information, please do not hesitate to contact me.

Sincerely,

Robert Bond
Deputy Special Agent in Charge

Federal Bureau of Investigation
Washington, DC 20535

Question #1: Is there information you currently need that you are not receiving or are not receiving timely from the Social Security Administration? If so, what information, and do you know the reasons for the non-receipt or the delay in receipt? What results would receiving such information or receiving such information more timely produce?

Response #1

As a whole, there does not appear to be a problem for the FBI in receiving necessary information from the Social Security Administration (SSA). However, there is no way to identify whether or not on a case-by-case basis there is an existing problem. The FBI does not routinely receive fraud referrals from the SSA.

Question #2: Operation Tarmac has just scratched the surface of the potentially tens of thousands of illegal aliens and smaller numbers of U.S. citizens using false identities who hold security clearances issued by private companies under contract to municipal and government agencies. If such people represent an unacceptable risk at airports, aren't they also a risk for subway systems, railroads, federal government offices, hazardous materials sites, and so on? Is the Federal Government going to take further initiatives beyond the airport investigations? Shouldn't such agencies "clear out" these high-risk workers?

Response #2

A number of FBI field offices participated in Operation Tarmac, which was an Immigration and Naturalization Service (INS) initiative mainly through government fraud task forces. Some offices have also been active in similar type operations, with the Department of Transportation and the U.S. Customs Service targeting individuals employed in the same type of capacity. In cities such as Miami, Dallas, Houston, Salt Lake City, and New York there have in the past few months been hundreds of arrests in such sweeps. History has shown the vulnerability of our airports. These sweeps were priorities due to the vast number of workers and the fact that they were either in, had unfettered access to, or controlled secured areas of the airport.

Any other immigration initiatives of this type would typically be initiated by the INS, since these matters are primarily under their jurisdiction. Such people targeted in Operation Tarmac would also be a risk if employed in subway systems, railroads, federal government offices, hazardous materials sites, and other such locations.

Question #3: We know that identity theft is pervasive and is increasing at an exponential rate. The Attorney General has endorsed S. 2541, introduced in the Senate. Will the increased penalties in that bill be sufficient to curb this kind of crime?

Response #3

S. 2541 would substantially increase the criminal penalties applicable to the most serious forms of identity theft, and would streamline the requirements for prosecuting federal identity theft offenses. The actual deterrent effect of such measures can only be determined over time, but we believe that these important reforms, together with other measures designed to combat identity theft, will strengthen the ability of federal law enforcement to address this growing and serious problem.

Question #4: A March 2002 GAO study described a 40% increase in identity thefts reported to the Social Security hotline during a seven-month period in 2001, over the same period in 2000. Should we expect a continuation of this rate of increase?

Response #4

It is difficult for the FBI to predict future increases in identity theft reported to the SSA Hotline. However, without changes being made to the availability of personal identifying information and without any standardization of documents used to take over someone's identity such as birth certificates, state issued identification cards, and state issued driver's licenses, further identity theft increases are probable.

Question #5: What should the Congress consider to stop the wholesale document fraud that has made it very difficult to distinguish illegal aliens from U.S. citizens and made it easy for terrorists to obtain counterfeit documents?

Response #5

The safeguarding of personal identifying information, including Social Security Numbers, appears to be a key component in protecting one's identity from fraud. Safeguarding includes security features on actual documents as well as limitations on the sale and distribution of personal account information.

Question #6: It sounds like the INS has been the only agency that has actively pursued organized criminals who manufacture counterfeit Social Security cards for "wholesale". What programs has the FBI initiated to combat the widespread use of counterfeit Social Security cards and false or stolen SSNs?

Response #6

The FBI typically investigates fraudulent Social Security cards and the use of false or stolen Social Security Numbers in conjunction with other criminal matters, such as check fraud, credit card fraud, loan fraud, mail fraud, wire fraud, computer crimes, and terrorism matters. The FBI typically investigates organized groups involved in identity theft activities including the misuse of someone's Social Security Number.

An example of one of these cases investigated by the Detroit Division relates to five subjects who used the identity of their victims to obtain mortgages on the victims' homes, which had no liens. Over $1.2 million was obtained by the subjects through this scheme. They used the victims' identities, including their Social Security Numbers, to complete documentation to receive these loans. At the closings, they presented counterfeit Social Security cards and fake driver's licenses to the title company representatives as identification.

Another example of an FBI investigation involved 15 subjects and over one half million dollars in fraud. These subjects used sources inside businesses, such as car rental companies and hospitals, to provide forms that had personal identifying information regarding their customers. These forms were used to extract such information, as well as to obtain the credit card number used as payment. The subjects then contacted the credit card issuer purporting to be this person. They used the information from the form to provide the Social Security Number, date of birth, and home address of their victims to confirm they were the account holders. Then they requested to add authorized users to the accounts and get additional cards issued. The subjects then intercepted these cards, which were going to be delivered to the various victims' homes, and used them to obtain merchandise as well as cash advances.

Question #7: Are operations similar to "Operation Tarmac" (i.e., ID checks conducted at airports) being conducted at airports being considered at other entry points such as our seaports? To what degree are full background checks being conducted? Can you provide any particular details regarding recent arrests or investigations relative to entry points into our country, particularly our seaports? What suggestions do you have relative to the issues we are discussing today, particularly preventing SSN fraud, to help secure our seaports?

Response #7

Social Security Administration
Baltimore, Maryland 21235-0001
November 8, 2002

The Honorable E. Clay Shaw, Jr.
Chairman, Subcommittee on Social Security
Committee on Ways and Means
House of Representatives
Washington, D.C.  20515-0922

Dear Mr. Shaw:

In response to your letter of October 10, 2002, we submit the following answers to your questions for the record to supplement my testimony at your Subcommittees' joint hearing on Preserving the Integrity of Social Security Numbers (SSN) and Preventing Their Misuse by Terrorists and Identity Thieves held on September 19, 2002.

1. Expanding from the Operation Tarmac investigations by the Immigration and Naturalization Service (INS) with the support of other Federal agencies, there are potentially tens of thousands of illegal aliens and smaller numbers of U .S. citizens using false identities who hold security clearances issued by private companies under contract to municipal and government agencies.

a. If such people represent an unacceptable risk at airports, aren't they also a risk for subway systems, railroads, federal government offices, hazardous materials sites, and so on?

Yes.  Such people could present risks to facilities deemed part of our nation’s critical infrastructure. We recommend that the workload required to address these vulnerabilities be prioritized in accordance with the harm potential of each individual site.  It is important to stratify our priorities in order to meet these challenges in a cogent manner.

b. Is the Federal Government going to take further initiatives beyond the airport investigations?

Yes.  Under the auspices of many United States Attorney's Offices across the nation, we are reviewing nuclear plants, and informal discussions are underway to expand our efforts to include sites such as dams, bridges and seaports.  Additionally, SSA/OIG has begun to review federal sites which employ contract guards under the purview of the Federal Protective Service (FPS) and GSA.

c. Shouldn't it be made incumbent on such agencies to "clear out" such high-risk workers?

SSA/OIG believes that agencies should periodically review their workforce to identify high-risk workers.  It is the responsibility of each individual agency that employs high-risk workers at such sites to review their own personnel files and take such steps as necessary to properly screen their workforce.  SSA/OIG stands ready to assist these agencies in matching files and records as allowed by law.

2. We know that identity theft is pervasive and is increasing at an exponential rate. The Attorney General has endorsed legislation introduced in the Senate to increase the penalties for identity theft. Will that bill be sufficient to curb this kind of crime?

While SSA/OIG cannot state that S. 2541, the "Identity Theft Penalty Enhancement Act of 2002" will, in and of itself, be sufficient to curb identity theft, we are supportive of the legislation.  In our view it builds upon and strengthens the identity theft legislation enacted in 1998 and codified at 18 U.S.C. § 1028(a)(7).  We have reviewed and compared the felonies listed in the legislation with felonies which Special Agents from our Office of Investigations have used, or could use, in SSN misuse cases.  Based on this review, we suggest the addition of the following four felony violations to section 1028A(c), created by S. 2541.  The four sections are: (1) 18 U.S.C. § 371 (Conspiracy to commit offense or to defraud the United States); (2) 18 U.S.C. § 641 (Public money, property or records); (3) Section 811 of the Social Security Act (42 U.S.C. § 1011); and, (4) section 1632 of the Social Security Act (42 U.S.C. § 1683a).  We believe the addition of these four felony violations will strengthen S. 2541.

As discussed in more detail in response to the last part of question 7 and to question 9, we also recommend additional legislative initiatives we believe will help address SSN misuse and identity theft.

3. A March 2002 GAO study described a 40% increase in identity thefts reported to the Social Security hotline during a seven-month period in 2001, over the same period in 2000. Should we expect a continuation of this rate of increase?

While SSA/OIG expects the calls reporting identity theft to increase, SSA/OIG is currently taking steps to forward a significant portion of these reports directly to the Federal Trade Commission (FTC), which has been designated the national clearinghouse, in accordance with Congress' wishes.  Many of these are allegations involving issues such as credit card misuse or obtaining loans, goods, and/or services not directly related to SSA's programs and operations.  In this way, the callers information will be immediately available to Federal, State and local law enforcement who have access to FTC's Identity Theft database.  SSA/OIG is also updating its brochure and website information to direct victims of SSN misuse to the FTC.  Consequently, SSA/OIG will focus its resources on SSN misuse allegations related to SSA programs and operations.

4. What should Congress consider to stop the wholesale document fraud that has made it very difficult to distinguish illegal aliens from U.S. citizens, and made it easy for terrorists to obtain counterfeit documents?

SSA/OIG audit and investigative work has identified three distinct approaches to SSN integrity for which legislation is critically needed.  The first area is limiting the use and display of the SSN already in circulation in the public and private sectors.  Second, the present arsenal of criminal, civil, and administrative penalties is clearly insufficient to deter and/or punish identity thieves.  The third approach is requiring the cross-verification of SSNs through both governmental and private sector systems of records to identify and address anomalies in SSA’s files, and in data bases at various levels of government and the financial sector (we discuss SSN verification later in this document).

Specific needs for legislation to curtail the use of counterfeit documents include:

• Applying the Civil Money Penalty to the felony provisions of the Social Security Act in the area of SSN misuse;
• Enhancing the penalties for identity theft violations, to include selling SSNs and other Social Security information;
• Immediately curtailing the public display of SSNs on identification cards, motor vehicle records, court documents, and the like;
• Restricting private and governmental use of SSNs, including the display of SSNs on government checks and driver’s licenses or motor vehicle registrations, and some prohibitions of the sale, purchase, or display of the SSN in the private sector;
• Prohibiting prison inmate access to SSNs;
• Restricting unfair or deceptive acts or practices, such as refusals to do business without receipt of an SSN; and
• Treating credit header information as confidential.

5.  What programs has your office initiated to combat the widespread use of counterfeit Social Security cards and false or stolen SSNs?

SSA/OIG actively pursues cases involving the trafficking of SSNs.  SSA/OIG's Office of Investigations (OI) Field Divisions regularly investigate allegations of SSN misuse related to program fraud.  Furthermore, five OI Field Divisions are active members of identity theft task forces, focusing on counterfeit documents and the trafficking of documents.

Immediately after the tragic events of September 11, 2001, we intensified our efforts to combat the enumeration of individuals who use false evidentiary documents to suborn the enumeration process.  As part of these efforts, we continue our close liaison with Anti-Terrorism Task Forces around the nation.  With other Federal, State and local law enforcement agencies, we continue to investigate allegations of SSN misuse that affect the Nation’s critical infrastructure, such as airports. 

SSA/OIG/OI personnel have been trained in the identification of fraudulent documents.  We are in the process of expanding and upgrading our training efforts in the detection and identification of fraudulent documents during the enumeration process.  In conjunction with regional anti-fraud initiatives, SSA/OIG/OI Field Divisions conduct training in an effort to assist SSA Field Office personnel in detecting false documentation.

Additionally, SSA/OIG, in partnership with SSA, has been heavily involved in several pilot projects designed to detect fraudulent documents.  SSA/OIG continues to meet with SSA to enhance the Modernized Enumeration System and subsequently reduce the enumeration of individuals presenting false documents.  SSA/OIG has also been instrumental in effecting a policy change mandating that all INS evidentiary documents be verified by INS, as discussed below.

Recognizing the SSN’s importance in non-citizens’ assimilation in U.S. society, SSA established an Enumeration Task Force in November 2001 to examine and establish policy that would strengthen SSA's procedures.  As a member of this Task Force, SSA/OIG has shared many insights and ideas with SSA, which we believe will help increase integrity of the enumeration process.

SSA/OIG's Office of Audit (OA) has issued numerous reports addressing SSN integrity.  These reports included recommendations that addressed vulnerabilities in several SSA processes including assignment and issuance, employer wage reporting, and death master file reporting and issuance.  SSA elected to implement many of these recommendations.  Additionally, after the events of September 11, 2001, SSA revisited its position on many of our prior recommendations that it had either not yet disagreed with or implemented.  In several cases, SSA decided to escalate the implementation of some recommendations, and reversed its position on others.

In our May 2002 Management Advisory Report, Social Security Number Integrity: An Important Link in Homeland Security, we provided insight into what more needs to be done to ensure SSN integrity in a post-September 11^th environment.  Our audit and investigative work has shown that there are three stages at which protections for the SSN must be put in place: upon issuance, during the life of the number holder, and upon that individual’s death.  To address vulnerabilities at each of these three stages, we suggested that SSA and Congress pursue the following actions: (1) independently verify birth and immigration records; (2) limit the SSN’s public availability; (3) prohibit the sale and limit the display of SSNs; (4) enact strong enforcement mechanisms and stiff penalties; and (5) do more to protect the SSN after the number holder’s death.

We have also reviewed SSA programs that assist employers in recognizing incorrect name and SSN combinations on their wage reports, which could include false or stolen SSNs.  Our September 2002 audit The Social Security Administration's Employee Verification Service for Registered Employers (A-03-02-22008) evaluated the policies and procedures SSA had in place to provide information to registered users of the Employee Verification Service (EVS).  The purpose of the EVS program is to ensure that employees' names and SSNs are valid before employers' wage reports are submitted to SSA.  The use of EVS is voluntary, and can assist employers in eliminating common SSN reporting errors.  Employers who wish to verify 51 or more SSNs at one time are encouraged to register for the EVS program.  There are approximately 7,400 registered employers in the EVS program—including about 260 third-party users who submit requests on behalf of their clients.

However, while the number of employers registering with EVS has increased since 1997, less than 1 percent of all U. S. employers are registered to use the service.  Furthermore, only 392 employers (5 percent of those registered) submitted data to SSA since 1999.  Finally, EVS did not disclose pertinent information that could have assisted registered employers to detect potential SSN problems.  Specifically, SSA did not inform employers when a submitted SSN belonged to a deceased individual.  In response to our report, SSA states it planned to review the information shared with employers.  In addition, SSA is piloting an on-line version of EVS, the Social Security Number Verification Service, which SSA hopes will increase employer usage of the SSA verification program.

6. Your office has issued several reports related to the Earnings Suspense File and cited many instances of employers and industries that continually submit erroneous wage reports.

a. Has your office initiated any investigations based on these findings?

SSA/OIG's Offices of Investigation and Audit reviewed the instances of employers and industries that submit erroneous wage reports.  It is our view that under the current statutory scheme, the IRS was best equipped to address this situation and issue penalties.  Therefore, we have met with IRS auditors and shared this information, while encouraging them to review IRS enforcement actions related to erroneous wage reports.  In addition, it is our understanding that SSA has also shared specific problem employer information with the IRS.

b. Will your office utilize "data mining" techniques to identity employers that consistently make questionable mistakes in large numbers of wage reports?

Yes.  SSA/OIG's September 1999 audit report, Patterns of Reporting Errors and Irregularities by 100 Employers with the Most Suspended Wage Items (A-03-98-31009), identified those employers with the most suspended wage items from Tax Years (TY) 1993-1996.  In the report, we concluded that a relatively small number of employers account for a disproportionate share of the suspended items and dollars in the ESF, which is the repository for wage items that fail to match name and SSN to SSA records.  The types of reporting errors and irregularities by the Top 100 employers for the 4-year period included large numbers of:  unassigned SSNs, e.g., one employer had over 6,500 unassigned SSNs; zero SSNs, e.g., one employer had 663 SSNs in which all 9 digits were '0'; consecutively numbered SSNs in which the first 6 digits were identical; and duplicate mailing addresses for 3 or more employees.

In this report, we stated that many of the wage reporting problems warranted follow-up action by SSA.  Therefore, we recommended that SSA:

• develop and implement a corrective action plan for the 100 employers and continue its efforts to contact those employers responsible for large numbers of suspended wage items;
• establish preventive controls to detect wage reporting errors and irregularities;
• identify those employers who continually submit annual wage reports with large numbers and/or percentages of unassigned, identical, and/or consecutively numbered SSNs; and
• run address standardization software as soon as practical after employers submit their annual wage reports to identify employers who report the same address for many employees.

In addition, OA has recently started an audit to revisit the issues highlighted in the 1999 report.   Our review will assess SSA's implementation of the recommendations made in the top 100 employers' report as well as other actions or initiatives related to employers with large numbers of suspended earnings.  In addition, later this fiscal year we plan to initiate another "data mining" audit to identify the top 100 employers with reporting irregularities during Tax Years 1997 through 2000.  We also understand that the Internal Revenue Service will be reviewing employer reporting for this same 4-year period to identify non-compliant employers and determine what corrective actions are necessary - to include penalties.

c. Are there legal or policy barriers to making the names of such "scoff law" employers public?

Wage and earnings information provided by employers that is placed in SSA's Earnings Suspense File is taxpayer return information and its disclosure is subject to 26 U.S.C. § 6103, which controls the disclosure of Internal Revenue Service data. 

7. In your testimony, you ask for civil monetary penalty authority to impose penalties against those who misuse SSNs.

Can you provide more details as to what authorities you are specifically looking for?

SSA/OIG is seeking authority to impose civil monetary penalties for those criminal provisions of section 208 of the Social Security Act (42 U.S.C. 408).  This would include those who:

• Use a SSN obtained by false information;
• Falsely represent a SSN to be theirs;
• Knowingly alter a SSN, or intend to alter it;
• Knowingly buy or sell a card that is or purports to be a card issued by the Commissioner of Social Security;
• Counterfeit a Social Security card , or possess a counterfeit Social Security card with intent to buy or sell it;
• Disclose, use or compel the disclosure of, or knowingly purchase the SSN of any person in violation of any law of the United States; and
• Furnishes false information to the Commissioner in connection with the establishment and maintenance of the records provided for in section 205(c)(2) of the Social Security Act.

In addition, SSA/OIG is requesting civil monetary penalty authority for (1) the circumstance of an individual offering, for a fee, to assist in acquiring for another individual, an additional SSN or a number that purports to be a SSN; and, (2) violations of certain provisions of H.R. 2036.

These proposals are designed to supplement the current criminal penalties in section 208 of the Social Security Act as well as the criminal provisions in H.R. 2036. 

Based on our OA audit reports regarding SSA's Earnings Suspense File, we would also request authority to impose civil monetary penalties on employers who knowingly submit incorrect SSNs.

Since the submission of these proposals, another circumstance has arisen that we feel merits inclusion for both criminal and civil penalties.  SSA/OIG Special Agents have encountered instances of individuals selling or otherwise allowing another person to use their identity for fraudulent purposes.  As discussed in more detail in the last part to this question, we believe this should be prohibited.

Do such authorities lie with other agencies now?

The SSN is required by Federal law for the administration of several Federal programs, including Medicaid, Temporary Assistance for Needy Families and Food Stamps.  It is our understanding that each of these programs provides for criminal and civil penalties for improperly receiving benefits.  We would defer to the appropriate oversight agency for a complete list of applicable statutes.

In addition, from our reading of the Internal Revenue Code, it appears the IRS may impose a civil monetary penalty against an employer that files an incorrect W-2.

How would you coordinate?

In those instances where the SSN misuse occurred in the program or operation of another agency, we anticipate that we would defer to that agency.  We would conduct a joint investigation with that agency should we be requested or if the circumstances warranted.  This would also apply to the imposition of civil monetary penalties.

SSN misuse that ends up in SSA's Earnings Suspense File has a direct impact on the programs and operations of SSA.  We believe that we should be able to impose civil monetary penalties in these cases.  We recognize the IRS has a civil penalty for employers providing incorrect information.  We believe that coordination, through a Memorandum of Understanding as to who would initially proceed in these types of cases, could be entered into.  However, we would defer to the direction of Congress as to which agency should have the lead.

Don't available resources limit your ability to pursue SSN misuse today?

Available resources do limit the number of SSN misuse cases SSA/OIG Special Agents can investigate and the number of audits that can be performed on SSN misuse.  However, from a civil monetary penalty standpoint, currently, the biggest limitation to pursuing SSN misuse is the lack of statutory ability to impose a civil monetary penalty, not necessarily resources.  Imposition of a civil monetary penalty under section 1129 of the Social Security Act is by the Office of the Chief Counsel to the Inspector General. 

What additional resources would you need?

SSA/OIG is acutely aware of the problem of SSN misuse and related crimes, such as identity theft, where the SSN is a key component.  We believe we have a duty to the American public to safeguard the integrity of SSN.  Additionally, we, as SSA's investigative arm, have a duty to detect, investigate, and seek prosecution of crimes involving SSN misuse.  Equally important is the responsibility for finding methods of preventing these crimes from occurring, through process and systems enhancements. 

To address this issue, we propose establishing a core SSN Misuse Response Team.  This integrated model combines the talents of our auditors, investigators, and attorneys.  This team will focus its efforts on identifying patterns and trends to better target our audit work, refer cases for investigation, and liaison with other relevant public and private sector entities.  Using the combined skills of its members, the team will manage incoming allegations, and using established protocols, evaluate the investigative merit of each allegation and determine whether it should be referred to an SSA/OIG Field Division.  This team will also work with the SSA/OIG Office of Audit to conduct official audits based on leads developed as a result of the team's analysis and investigations. 

Additional audit resources would enable SSA/OIG to target more reviews at determining how SSA might prevent SSN misuse fraud.  Reducing crimes involving SSN misuse would help SSA meet the expectations of the American public and improve the public's confidence in SSA's ability to ensure the privacy of sensitive and personal information.

The team would also act as liaison on projects and initiatives with task forces involving SSN misuse, credit bureaus, motor vehicle administrations, the Federal Trade Commission, credit card companies, and other entities.  This is a comprehensive approach, yet focused enough to allow us to more effectively address this issue and provide assistance to SSA, Congress, the public, and other law enforcement.

To staff this initiative we would request the following personnel over the next 5 years.  Twenty-two staff for Fiscal Years (FY) 2004, 2205 and 2006.  Twenty-four staff for FYs 2007 and 2008.  This would be utilized by the hiring of 88 investigative staff, 14 forensic auditors, 10 attorneys, and 2 computer specialists. 

From a civil monetary penalty standpoint, we anticipate that the recommended legislation would, if enacted, generate a substantial new civil monetary penalty workload.  Significant attorney resources will be required to process and evaluate such cases.

Are there provisions you would change or add in H.R. 2036?

SSA/OIG would recommend the following additions to H.R. 2036 that we believe will enhance our ability to combat SSN misuse.

• Current legislation requires that an individual needs to be in possession of five or more false identification documents before being subject to prosecution.  We recommend that legislation be amended to eliminate the specific number of documents an individual needs to have in his possession before being charged. 
• Current legislation does not prohibit an individual from selling his/her own identity documents.  We recommend that a legislative enhancement be introduced to prohibit the sale of one’s own identifiers or identification documents to another.  In addition to a criminal penalty, there should also be a corresponding civil monetary penalty.
• The ability of SSA or the OIG to verify the SSN of a felony subject for Federal, State and local law enforcement officials, similar to the current process whereby SSA verifies the SSN of individuals for employers.
• Enhance penalties for violations of section 208 of the Social Security Act, 42 U.S.C. § 408.  Potential structured enhancement of the punishment could be:
  • If the SSN is used to facilitate an act of terrorism - up to 25 years.
  • If the SSN is used to facilitate drug trafficking or in connection with a crime of violence - up to 20 years.
  • After a prior offense under section 208, a conviction could result in up to 10 years in prison, double the current sentence.
  • Leave the rest of the violations at the current punishment - up to 5 years.  This would apply to those individuals who improperly receive benefits from SSA using a false SSN.
• Amend 18 U.S.C. § 641 to provide for the aggregation of individual Social Security payments improperly made to individuals.
• Law Enforcement Authority for SSA/OIG Special Agents, codifying the current Memorandum of Understanding between the Department of Justice and the SSA/OIG, with the additional ability for the Inspector General to cross-designate State and local law enforcement officials on a case by case basis.
• Authority to impose civil monetary penalties on employers who knowingly submit false SSN information on the submitted wage and earnings statements.
• Enhanced sentencing guidelines for SSA employees convicted of improperly providing SSA information or SSNs.
• Authority to disclose SSA information to law enforcement to assist in an investigation involving a serious crime.

8. In light of the widespread use of fraudulent Social Security documents, the fact they assisted the 9/11 terrorists in committing the attacks, and the exponential increase of 40% in identity theft reported to the SSA, should Congress consider giving the SSA/OIG statutory law enforcement authority?

Yes, Congress should consider giving SSA/OIG statutory law enforcement.   Due to its uniqueness and prevalence in society, the SSN has become our de facto national identifier, used as a key means of identification in both the public and private sectors.  Today approximately 300 million people have SSNs.  Since the program began in 1936, SSA has issued approximately 390 million SSNs.  Since it is so heavily relied upon as an identifier, it is a valuable commodity for criminals.  It can be obtained in many ways:  presenting false documentation to SSA; stealing another person's SSN; purchasing an SSN on the black market; and, simply making one up.  Congress recognized the importance of the SSN in enacting the Identity Theft and Assumption Deterrence Act of 1998, P.L. 105-318, by specifically listing the SSN as a “means of identification.”

From organized crime to illegal aliens, there is an ever-increasing market for SSNs.  More and more, the SSN is being used for identification purposes.  Based on our experience, the SSN is a prime “breeder document,” used to obtain other documents including credit cards, driver’s licenses, etc.  This can be the first step to committing crimes involving financial transactions, banking, false identities, and benefit programs.  This could also allow the individual to improperly obtain benefits, items of value, conceal bad debt, avoid arrest, and if the individual is an alien, to work.  Private businesses, including credit-reporting agencies, cite the value of the SSN in tracking individuals.

Because of its use as a breeder document, ensuring the integrity of the SSN has taken on added significance since September 11, 2001.  SSA/OIG Special Agents have been active participants in the Department of Justice's Anti-Terrorism Task Forces throughout the country, providing valuable investigative assistance.  We have played a key role in 37 airport operations around the country, targeting airport employees who misrepresent their SSN’s to gain access to secure areas.  To date, these operations have resulted in 741 arrests and numerous deportations.  A number of other Homeland Security operations are pending. 

With the importance of the SSN in identifying and eliminating potential threats to our Nation's airports, nuclear power plants and other critical sites, SSA/OIG has become a vital participant in our Nation's Homeland Security efforts.  With SSA/OIG's role in identity theft and SSN misuse, as well as its interrelationship to Homeland Security efforts, it is imperative that SSA/OIG be afforded full statutory law enforcement authority. 

How would your office use these new powers to combat the widespread use of counterfeit Social Security cards and false or stolen SS numbers?

Statutory law enforcement authority would reduce SSA/OIG's administrative burden and provide the most effective use of our resources.  This authority would allow the Inspector General to cross-designate State and local law enforcement agents to assist OIG Special Agents in the investigation of Social Security cases, including SSN misuse.  This would provide greater opportunity for additional undercover operations, identity theft task force involvement and expanded Homeland Security operations.

9. Are there additional law enforcement tools that you need in order to address document trafficking, such as increased penalties or increased information sharing?

We would recommend the enactment of the legislation listed in the last part of question 7, where we responded as to what additions we would make to H.R. 2036.

10a. Are operations similar to "Operation Tarmac" (i.e., conducting ID checks at airports) being considered at other entry points such as our seaports?

Please refer to our answers to question 1.

b. What degree is a full background check being conducted?

Since each agency conducts security background checks to the level they deem appropriate, this office does not know whether a full background check is being utilized.  However, we are available to assist each agency in matching SSA records under the auspices of the DOJ or otherwise as allowed by law.

c. Can you provide any particular details regarding recent arrests or investigations relative to entry points into our country, particularly our seaports?

There have been no arrests at seaports.  However, to date there have been 741 criminal arrests by SSA/OIG personnel at 37 airports.  Other Federal, State and local law enforcement agencies participating in airport operations effected many more arrests, as well as INS administrative detentions.

What suggestions do you have relative to the issues we are discussing today, particularly preventing SSN fraud, to help secure our seaports?

It is our belief that the same focus and methodology used in airport operations throughout the country can also be employed at other points of entry, including seaports.

11. What are your views regarding SSA "deactivating" SSNs of certain individuals?

a. Is it possible?

b. Would it work?

Although “deactivating” SSNs is possible, it may be difficult to share this information with those who encounter these SSNs throughout the economy.  SSA could place an indicator on the record of an individual with a deactivated record.  For example, SSA already places indicators on an individual's records when they have died or were issued an SSN for nonwork purposes.  In addition, SSA has already established a special indicator when the Agency believes an SSN was issued based on fraudulent documents.  Nonetheless, we have seen instances where this information is not being shared with the users of this information.

As discussed above, EVS allows employers to verify employees’ names and SSNs before they submit wage reports to SSA.  However, very few employers actually utilize this service.  For this reason, we have recommended that certain employers be mandated to use this service.  In addition, EVS does not disclose pertinent information that could assist employers in detecting potential SSN problems.  For example, although SSA knows an SSN belongs to a deceased individual or knows the Agency issued the number based on fraudulent documents, EVS does not provide such information to employers.  As a result, employers have no way of knowing that an employee is not entitled to use the SSN. 

SSA also shares the SSNs of deceased individuals in a publicly available Death Master File.  Other indicators, such as deactivated SSNs, could also be shared with the public in a similar way.  However, this information is sold for a fee, which could limit the number of interested users, and we do not know the full extent of its usage throughout the economy.  We have also found that the Death Master File has disclosed SSN information when the SSN owner was improperly listed as deceased.  As a result, SSA would need to ensure the integrity of any data shared in any similar file.

To ensure SSN integrity, we believe SSA has the responsibility to be the sole source for verifying SSN information and alerting external entities when they have information that indicates an individual may be improperly using an SSN.  This responsibility supports the need for SSA to cross verify its data with other Federal, State and local authorities.  However, SSA is not appropriately sharing current indicators with the public, so a new special indicator to deactivate an SSN would have to overcome these existing shortcomings.  We believe SSA could improve public notification by modifying and expanding EVS and its other SSN verification services, including the on-line SSN Verification System pilot, the Employer 800-Number, and local field offices.

12. As discussed in the hearing, have you confirmed whether there are universities promoting the fact that they will help foreign students obtain SSNs?

No.  Although we have not conducted an audit for the sole purpose of verifying this situation, previous audit work has identified situations where SSN applicants have claimed to be students authorized to work, but INS later confirmed that these individuals were not students and not authorized to work.  In addition, we received an inquiry regarding a web site instructing foreign students to go to a certain SSA field office in New York in order to be enumerated.  We advised the SSA Regional Commissioner of this inquiry. In general, the schemes alluded to on the subject web site were known to SSA.  In addition, in OA’s 2000 audit report on the The Social Security Administration’s Procedures for Verifying Evidentiary Documents Submitted with Original Social Security Number Applications, we described a large case in California in which several students of one University used false documents to obtain SSNs.  The case was investigated by our Office of Investigations and it was determined that store-front ethnic language schools were involved, not legitimate universities.  It was further determined that an SSA employee was involved in the improper issuance of SSNs in this case, which were then sold by a middleman.  The employee in this case resigned during the investigation and the middleman has been indicted.  Further judicial action is still pending in this case.  Currently, we have no ongoing audit work in this area.  However, we are willing to work with DOJ OIG as well as SSA and INS to determine if there is sufficient information available to conduct additional audit work in this area.

An identical letter has also been sent to George W. Gekas, Chairman, Subcommittee on Immigration, Border Security and Claims.  We are also including a copy of this response on an IBM compatible 3.5-inch diskette in Microsoft Word format per your directions.  If you have any questions regarding these answers, or need additional information, please contact H. Douglass Cunningham of my staff at 202-358-6319.

Sincerely,

James G. Huse, Jr.
Inspector General

Electronic Privacy Information Center
Washington, DC 20009
October 25, 2002

The Honorable E. Clay Shaw
Chairman
Subcommittee on Social Security
U.S. House of Representatives
B-316 Rayburn House Office Building
Washington, DC 20515

The Honorable George W. Gekas
Chairman
Subcommittee on Immigration, Border Security, and Claims
U.S. House of Representatives

Dear Chairmen Shaw and Gekas:

Thank you for soliciting additional information from the Electronic Privacy Information Center (EPIC) following the September 19, 2002 Joint Hearing on Preserving the Integrity of Social Security Numbers and Preventing Their Misuse by Terrorists.  I am honored to have been called upon to assist the Committee on these issues.

In order the complete the hearing record, I have reprinted the questions posed below along with answers.

1.  What limitations on sale, purchase, and display of SSNs do you think Congress should consider?  What exceptions, if any, do you think are necessary to ensure the public can still conduct business in a reasonably efficient way, but without sacrificing their privacy and protecting their identity?

Individuals would be best protected from identity theft if serious limitations were placed on both governmental and commercial use of the SSN.  It is critical that we craft legislation that encourages these entities to use alternative identifiers.  Some entities already have created alternative identifiers that are not based on the SSN for customer identification.[1] 

Exceptions may be made for situations where other federal laws require the disclosure of the SSN, for instance, for the reporting of taxable income.  However, there should not be blanket exemptions to protections for personal information.

If a substantial interest exists in creating an exemption for a particular use of the SSN, statutory protections for the collection and use of the SSN should be established.  Under Section 7 of the Privacy Act, entities that collect the SSN must give notice to the individual stating whether collection of the information is mandatory or voluntary, the statutory authority for the collection of the SSN, and the uses for which it will be employed.[2]  A similar set of protections should be created for entities that are allowed to collect and use SSNs.  This set of protections should include the ability of individuals to gain access to all records keyed by the SSN, an obligation on the data collector to securely store the SSN, limits on the use and disclosure of the SSN, and a cause of action for the individual if any of these provisions are violated. 

Additionally, we recommend that where possible, exemptions for continued sale, purchase, or display of the SSN should sunset.  We believe that the guiding principle of SSN protection should be one that encourages use of alternative identifiers.  Sunset provisions will allow business to be conducted in a reasonably efficient way, and motivate data holders to migrate to more privacy-friendly practices.

Congress should also explore technical measures to ensure secure storage and transmission of the SSN.  When the SSN must be collected and used, it should be stored in an encrypted format.  In doing so, the data collector can still use the encrypted result for matching without exposing the full SSN to employees or others.

2.  You mentioned the pervasiveness of use of SSNs in conducting business and the need to curb use of the SSNs.  To what extent would you carry over the same concerns to use of derivatives of SSNs?

The problem with the use of "derivative" or partial SSNs is that the individual pieces may be obtained and the complete SSN then reconstructed.

Derivative use of the SSN, when done properly, presents less risk than using the entire identifier.  It is important that derivative users only employ the last four digits of the SSN.  Proper derivative use will reduce risk of identity theft.

I hope these answers adequately address your concerns.  If I can be of further help, please do not hesitate to contact me.

Sincerely,

Chris Hoofnagle
Legislative Counsel

[1] Robert Ellis Smith, Alternatives to Using Social Security Numbers in Large Organizations, Privacy Journal, at http://www.epic.org/privacy/ssn/alternatives_ssn.html.

[2] 5 U.S.C. § 552a(7)(b).

[Submissions for the record follow:]

Social Security Advisory Board, Hon. Hal Daub, statement