Committee on Ways and Means, Social Security Subcommittee, 9-19-02, Statement for the Record

Statement of Witold Skwierczynski, National Council of SSA Field Operations Locals,
American Federation of Government Employees, AFL-CIO, Baltimore, Maryland

Chairman Shaw, Chairman George W. Gekas, Ranking Member Matsui, Ranking Member Jackson Lee and members of the Subcommittees, I thank you for the opportunity to present this statement regarding Social Security’s ability to preserve the integrity of Social Security numbers and preventing their misuse by terrorists and identity thieves.

As a representative of the AFGE Social Security General Committee and President of the National Council of SSA Field Operations Locals, I speak on behalf of approximately 50,000 Social Security Administration (SSA) employees in over 1400 facilities. These employees work in Field Offices, Offices of Hearings & Appeals, Program Service Centers, Teleservice Centers, Regional Offices of Quality Assurance, and other facilities throughout the country where retirement and disability benefit applications and appeal requests are received, processed, and reviewed.

AFGE is committed to serve, as we always have in the past, as not only the employees’ advocate, but also as a watchdog for clients, taxpayers, and their elected representatives.

Let me begin by stating we agree with Chairman Gekas' comments that the privacy of the Social Security numbers of every American is under attack and that the Social Security Administration can do more to tighten up its procedures for issuing Social Security Cards to prevent fraud.

Accuracy on the part of the SSA employees processing requests for Social Security numbers is greater than those of the agency charged with safeguarding immigration records. In SSA, we process 6 million Social Security Number requests annually. According to SSA's OIG, less than 1.6% of Social Security Number requests have been issued with false INS documents. That figure was based on FY2000 statistics. However, since FY2000, SSA has implemented new systems enhancements and policies that require all INS documents of foreign-born applicants to be verified by INS before the issuance of a Social Security number. The Union believes that these measures have further safeguarded the privacy and integrity of the SSN records.

Unfortunately, SSA has also implemented initiatives that we believe are harmful to the integrity of all SSA records leaving every American vulnerable to attack by terrorists, international criminals, and an increasing number of identity thieves.

Employer Access

In May 2002, the Union became aware that the Agency implemented a program that allowed employers to gain access to SSN records of their newly hired employees via the Internet. This program has been approved by OMB for 630 major employers and may be soon expanding. According to approved procedures, SSA business partners and companies are nominated by SSA's Senior Financial Executive under the Deputy Commissioner Finance Assessment and Management, then approved by SSA's Commissioner.

The Union believes that employer access to SSN records will result in misuse, fraud and abuse of individual privacy. On the issue of privacy, if the employer can obtain this information about an individual, anyone with an EIN may gain access to personal information. The gatekeeper of SSN records thus becomes the employer and its employees authorized access to "verify" Social Security records.

SSA has notified the Union that audits were not conducted by any private or governmental entity, i.e. SSA, OIG, or GAO, of the initial "Employer Access" pilot, prior to implementing expansion. SSA went forward with full implementation without assurances that:

Information sought on individuals were actual employees hired by their companies,
Employee verifications were conducted by approved employers only,
The public's privacy was not compromised, and to determine if the integrity of SSA programs had been compromised by inappropriate or unauthorized use of this program,
Employers accessed SSN records only for new hires rather than access to discriminate and/or violate individual privacy.
Information obtained through this program was not relied upon to justify adverse action against a worker, which would violate State or Federal law.
Signed statements were obtained, acknowledging there are criminal penalties for making a knowing and willful request for access to records concerning another individual under false pretences. Such abuses are considered criminal and punishable by law and carry penalties.

Additionally, the Union has learned that details needed to determine an individual’s identity are not being required by SSA for these employers to obtain information about SSN records. This would include the date of birth, place of birth, mother's maiden name. Therefore, SSN records of someone with a similar or same name may be provided to the employer, making it easier for someone to use another person's SSN. Therefore, the employer would further compromise the integrity of SSN records.

SSA has developed an alert system to determine if employers may be verifying an excess of SSN records. If an employer requests verification on more than 200 percent of the number of W-2s processed in the preceding tax year, an alert will be issued. The Union strongly believes that this "alert" system is a façade to provide concerned parties with a false sense of security of individual privacy. This "system" provides a means for employers to abuse their privilege and allow the abuse to go undetected and unexposed. For example, a corporation with 100,000 employees would be able to access 200,000 SSN records of individuals for family, friends and colleagues without detection. Although SSA's own reports indicate that one employer has already exceeded its number of employees by more than 500%, SSA has failed to conduct an audit.

Furthermore, SSA has not developed or communicated a written policy to hold companies legally liable for misuse of employer access of SSN records.

It is the Union’s understanding that SSA plans to expand other services and/or records to employers in the future. OMB must give approval to SSA to expand the number of employers who can gain access to SSN records. We strongly believe that Congress should urge the OMB to rescind this program to insure integrity of SSN records and individual privacy.

INS Involvement- Enumeration Centers and Enumeration at Entry

In January 2002, SSA signed an agreement with the Immigration and Naturalization Service (INS) to implement the Enumeration at Entry project. This allows INS, during the initial phase, to electronically forward to SSA enumeration data from certain aliens lawfully admitted for permanent residence. SSA will then electronically assign an SSN and issue a Social Security card to the alien.

As members of the Judiciary Committee are painfully aware, the INS has a lengthy history of being severely mismanaged. Its workers are faced with tremendous backlogs approaching 2 million applications. In January 2002, the GAO made Congress aware that immigration benefit fraud at the INS is a significant problem that threatens the integrity of the legal immigration system. INS officials believe that the problem is pervasive and serious and they also believe that some aliens are using the benefit application process to enable them to carry out illegal activities, such as crimes of violence, narcotics trafficking, and terrorism.

Until the INS and Congress can successfully address these problems, how can SSA consider allowing the INS to provide SSA with accurate, legal information to "electronically" assign a Social Security number when the integrity of INS records cannot be maintained?

SSA now intends to implement an Enumeration Center as a pilot in the Brooklyn, NY area. This Enumeration Center will be staffed by SSA field office employees, SSA's OIG and INS employees. SSA intends to rotate field office employees in/out of the Enumeration Center. All requests for Social Security cards will be handled at the Enumeration Center, rather than an SSA field office. This means that if someone walks into a SSA field office to apply for a SSN, the SSA employee who normally would help the applicant will have to refer him or her to the Enumeration Center for assistance. This would include referring clients who have other business at an SSA field office.

AFGE opposes Enumeration Centers. SSA's field offices have always been full-service facilities. The taxpayer deserves full-service and one stop shopping. To refer SSN applicants to an Enumeration Center that may be miles away, will create barriers and greatly inconvenience folks who rely on public transportation or have physical disabilities. Foreign-born applicants should not have to be subjected to the intimidation of SSA-OIG and INS workers when applying for a Social Security card.

The security issues raised by SSA are unfounded. SSA employees are highly trained. Systems enhancements and new policies have virtually eliminated the unknowing acceptance of fraudulent INS documents.

To prevent highly qualified SSA employees from providing the services they were trained to do, at the convenience of the public, is a disservice. This Congress is already aware of the human capital crisis at SSA, particularly in its field offices. Detailing employees to enumeration centers is needless and not a good use of our precious resources.

Integrity of SSA Internet Services

Two months after SSA gave employers access to SSA records via the “Employer Access” program, SSA discovered weaknesses in the Internet firewalls, which compromises SSN records to hackers.

Rather than inform the public or Congress of this possible breach of privacy and possibility of identity theft, SSA posted a message that misled the public to believe that routine maintenance was the cause for SSA Internet access to be down for 3 days.

This was not a surprise to AFGE. Computer specialists had previously advised SSA that its database would be difficult, if not impossible, to protect from hackers. In spite of warnings and protests, SSA decided to move forward with its "E-Gov" goals. AFGE informed Congress of its objections to SSA’s plans to expand online services. The American public trusts SSA to guard and protect the very source of their livelihood, their Social Security numbers. AFGE strongly believes that the protection all SSA records against identity theft, fraud and misuse should be guaranteed and never compromised. Now, when identity theft poses its greatest threat to our nation in the way of terrorism and ciminal acts, SSA's records need to be more secure than ever. Instead, SSA is taking actions that we strongly believe will ultimately be harmful to the integrity of all SSA records.

We urge your Committees to consider the following:

At a minimum, request GAO to audit SSA Employer Access initiative to insure the proper access of SSA records.
Urge SSA to cease and desist giving access of SSA records to third party entities (governmental and private).
Request GAO to assess and/or audit the SSA Internet firewall protections of all SSA records.
Urge SSA to rescind it plans to create SSA/INS Enumeration Centers and direct SSA to seek Congressional approval for the creation of such a flawed bureaucracy, which will only serve to undermine SSA's public service and the integrity of its records.

I thank you for your time and your consideration of our concerns.