Statement of Hon. Hal Daub, Chairman, Social Security Advisory Board, and Former Member of Congress

Chairman Shaw, Chairman Gekas, Ranking Member Matsui, Ranking Member Jackson Lee, and Members of the Subcommittees.  I welcome the opportunity today to share with you, for the record, the views of the Social Security Advisory Board on the importance of protecting the integrity of Social Security numbers.

Since its inception, the Advisory Board has actively examined both the authorized and unauthorized uses of Social Security numbers, weaknesses in SSA’s enumeration processes and systems, and SSA’s role in deterring identity-related crimes, illegal immigration and other security issues related to Social Security numbers.  In addition, we have been keeping abreast of developments in the Congress, public sentiments, and SSA’s progress in responding to the ever-changing needs of the system.

 The Board has grown increasingly concerned about rapidly growing incidences of Social Security number misuse, other identity-related crimes, fraud, and acts of terrorism that are often facilitated by the misappropriation or misuse of Social Security numbers.  According to SSA’s Inspector General, the vast majority of identity crimes – most of which are financial in nature – involve the misuse of an individual’s Social Security number.  But despite the seriousness with which these concerns were being debated both inside and outside of government circles before September 11th, 2001, it was not until the recent terrorist attacks against the United States that we have seen such widespread awareness of the vulnerabilities and the weaknesses inherent in the current systems.  This awareness is accompanied by an equally strong commitment to resolve unanswered questions about the appropriate roles each agency must fill in protecting the integrity of individual identity systems and safeguarding our citizens and our nation against crime and acts of terrorism.

As I indicated earlier, these debates are not new.  But in light of the new urgency they have taken on since September 11^th, 2001, we find ourselves at a pivotal time in our nation’s history.  Our civic leaders, our business leaders, our social and religious organizations, and our citizens need to join forces, share information, and come to agreement on three very important questions regarding the use of Social Security numbers as a key to validating identity.  What role, if any, should the Social Security number play in terms of identity validation for purposes both inside and outside the scope of Social Security programs?  What procedures and systems are needed at all levels of our society to prevent the continued misuse of identity information to facilitate acts of terror, violence, mayhem, and abuse?  And what safeguards are needed to achieve our security and integrity goals, without unduly compromising individual privacy and freedom?

On many occasions over recent years, the Board has heard SSA Inspector General Jim Huse urge the agency, the Congress, the business community, and the public to come to grips with the reality that the Social Security number has become a de facto national identifier.  Many times, we have heard Inspector General Huse say that it is too late to “put this runaway horse back in the barn”.  But perhaps we should not be looking to put the horse back in the barn.  Perhaps, instead, we should be thinking about building a stronger fence to keep the horse from escaping the farm as well.

Slowing the Runaway Horse

The Federal Bureau of Investigation (FBI) recently recognized identity fraud as the fastest growing white-collar crime in America, making it a significant public policy issue.  And, according to other recent reports from SSA’s Inspector General and the FBI, improperly obtained Social Security numbers present a significant vehicle for would-be terrorists to infiltrate themselves into our society – making Social Security number abuse a national security concern as well.  Likewise, the Board has heard from SSA officials and the agency’s Inspector General that improper attainment or theft of Social Security numbers, including counterfeit Social Security cards, plays a major role in unauthorized work and the growing inaccuracies in wage reporting that have resulted in huge increases in SSA’s earnings suspense file.

 In preparation for its reports on improving service to the public and on SSA’s responsibilities to safeguard the responsible collection and expenditure of the public’s funds, the Board has met with SSA executives, managers and staff all over the nation.  We have met with managers and staff in both headquarters and in the agency’s field structure, including more than a thousand SSA field office employees who work on the front lines each day, delivering important services to the American people.  We have met with representatives and staff from SSA’s Office of Inspector General, the agency’s Enumeration Task Force, Regional Security and Integrity Centers in both New York City and Denver, and with the new Enumeration Center established in Denver to begin developing specialized expertise on these issues within the service delivery structure.  We have held public hearings all over the nation and have spoken to victims of identity theft, migrant worker groups, employers, and even the Consul General of Mexico, in our attempt to grasp the vast dimensions of these problems.

Throughout our work, we have heard one message overwhelmingly – SSA, alone, cannot do all that is necessary to protect our society from identity-related crimes and the other crimes that they enable.  SSA must also rely on the expertise, efficiency and effectiveness of the Immigration and Naturalization Service (INS), the Department of State, the Internal Revenue Service (IRS), and law enforcement, as they carry out their own important responsibilities.  We have heard, loud and clear, that it is imperative for these other agencies to do their part by delivering prompt and effective identity validation and effective enforcement of statutory work requirements – including the use of appropriate penalties and prosecution in cases where individuals, groups or employers are found to be abusing the system or perpetrating criminal acts.

Building Stronger Fences

The importance of the Social Security number and the Social Security card to the government and to any individual who wants to work or transact some other kind of business in the United States cannot be overstated.  Employers are required to ask for an individual’s Social Security number before hiring, and the number is the identifier used in all claims for Social Security or SSI benefits, as well as for many other Federal and State programs, such as Medicare, Medicaid, and public assistance benefits.  The IRS uses the SSN as an identifier for individual taxpayers, for identifying taxpayer dependents, and for tracking income and payroll tax contributions.  Many States use it in their individual driver’s license systems.  Many businesses and organizations in the private sector, including banks and credit card companies, also depend on the Social Security number as an identifier for maintaining their records. The law specifically authorizes many of these uses.  Additional uses have developed over time.  While these additional uses may not be specifically authorized by statute, the law does not prohibit them either.

 In recent testimony before the House Committee on Ways and Means, officials from the General Accounting Office (GAO) reported that many federal agencies are not taking the necessary precautions to safeguard personal information, including the Social Security number, from improper display and disclosure.  GAO officials have also urged agencies to look at alternatives to using Social Security numbers as identifiers wherever this is a possibility.  It is imperative that government agencies, at all levels of government – federal, state, and local – take the necessary steps to protect the privacy and integrity of individual identifying information.  What is lacking here – according to GAO and other observers – is a uniform system of safeguards and policies about how an individual’s personal information can be used, displayed or disclosed.  Some agencies, businesses, organizations and even State governments have responded to these concerns responsibly – but far too many have failed to understand the importance of keeping identity information safe and ensuring the integrity of the data they maintain and disclose.

To illustrate this point, I would like to tell you about a recent interaction that the Board had with the Selective Service System.  As Chairman of the Advisory Board, I contacted the Director of Selective Service to voice my concerns about the manner in which his agency captures personal information from the young men who are required by law to register.  Registration forms are distributed in U.S. Postal Service offices throughout the nation.  They are double-sided, tear-away “postcards” that registrants must fill out and mail back to an agency processing center.  The form collects such personal identifiers as the young man’s name, address, date-of-birth, Social Security number and signature.  While I fully understand the need for the system to collect and maintain personal identifying information on the young men who register, the open format for supplying this information does not adequately protect its privacy.  The sum total of personal data elements that are reported on this form, if misappropriated, could easily be used by unscrupulous individuals to facilitate crime, immigration fraud, and terrorism.  The Office of Management and Budget approved this form for use in September 2001.

In response to the issues that I raised, the Board was told that, while the Selective Service System prefers to have men register using electronic methods, they are also given the option to register by mail.  Mail-back postcards are used instead of a more secure option because it minimizes postage costs.  For those young men who are concerned about the privacy of their information, the throw-away part of the form contains a suggestion that they place the registration card in an envelope before they mail it back.  To me, this approach seems pennywise and pound foolish – to save a few cents on postage, are we truly willing to expect and trust that the average eighteen-year-old will recognize the importance of keeping his data secure?  While the Selective Service System has agreed to move their “privacy concern” instruction to a more prominent location on the registration card itself, the Board believes that this remains an insufficient effort to protect the privacy, integrity and security of the vital information contained on this document.  We believe that more responsible measures are needed to address this situation, and countless similar situations in other agencies and organizations.

 For many years, Committees and Members of Congress have emphasized the importance of maintaining the integrity of the Social Security number and the Social Security card.  Hearings have been held and bills have been introduced.  In 1996, the Congress passed legislation requiring SSA to study the feasibility of issuing a secure Social Security card.  The agency issued a report in 1997, but no action was taken.  During the last session of Congress, the Chairman and Ranking Minority Member of the House Social Security Subcommittee, along with other members of Congress, introduced a bill to limit the display of the Social Security number by public and private entities, including on motor vehicle licenses and registration.  It provided for making refusal to do business without receipt of an SSN an unfair or deceptive act or practice, and provided new criminal penalties for misuse of SSNs.  A similar bill was reintroduced during the current session of Congress to even wider support.  This bill establishes important parameters and safeguards that apply to both government agencies and the private sector.  We believe that it is a step in the right direction.

Strengthening SSA to Meet the Challenge

While SSA cannot do the job alone, and while we applaud the progress made by the agency since September 11^th, 2001, further improvements in SSA’s enumeration processes and systems are needed.

As the Board has documented elsewhere, many of those individuals who present themselves daily at one of SSA’s over-crowded field office waiting rooms around the country have come to apply for a new or – more often – a replacement Social Security card.  In fact, handling applications for new and replacement cards is the largest category of work that field offices perform.  In fiscal year 2001, the agency issued 18.1 million cards, a 16 percent increase since 1997.  Currently, about 32 percent of all Social Security number-related requests are for new numbers and about 68 percent are for replacement cards for people with existing numbers.

SSA’s performance standards for issuing cards reflect a concern for both speed of issuance and quality.  With regard to speed, the agency’s statistics show that in fiscal year 2001, 96.8 percent of Social Security number applicants were advised of their assigned number within 24 hours of initial processing.  Agency statistics for 2000 show that 99.8 percent of numbers were issued accurately.  Nonetheless, SSA’s Office of the Inspector General has expressed a high level of concern about the integrity of the agency’s enumeration process and the validity of the agency’s performance measurement system.  It points out that given the importance of the Social Security number, many unscrupulous individuals have a strong motive for fraudulently acquiring a number and using it for illegal purposes.  Problems that the OIG has identified include using an illegally obtained number to receive government services or benefits, obtain employment, or enter the country, and using another individual’s number to steal their identity and commit crimes, usually financial crimes, in that person’s name.

Among other concerns, the OIG has criticized the agency’s procedures for validating identity documents that are used by individuals to illegally obtain cards.  In 1999, PriceWaterhouseCoopers conducted an independent study that also found that SSA’s front-end controls for enumeration were deficient.  In one recent review the OIG conducted, it found that significant numbers of cards had been issued based on invalid or inappropriate evidentiary documents presented as evidence of age, identity, citizenship, or legal alien status.  These included INS forms that were never issued, and forms that INS had issued to individuals other than the Social Security number applicants, or had issued with a different alien classification.  SSA had also assigned many numbers to applicants whose U.S. birth certificates were counterfeit. 

The OIG has also concluded that SSA employees in the field do not have adequate training or the tools they need to determine the validity of evidentiary documents.  Some within SSA have observed, however, that SSA employees are not and should not be expected to become expects on the latest counterfeiting technologies, capable of identifying the highly sophisticated false documents that are now commonly available.  The Board also has heard repeated complaints about the integrity of the enumeration process from SSA managers and employees.  They believe that many of the documents they are seeing are not valid, but as one field office employee noted, the policy is that “Unless you have a specific reason to suspect the validity of a document, you should go ahead and process.”   A field office manager told the Board that false identity documents are easily gotten.  For example, a false driver’s license “can be bought down the street,” and there is no cross check with the Department of Motor Vehicles.  Employees in one office the Board visited observed that every office follows its own processing procedures.  Some are stricter than others, and the result is that people shop around for the office that is most likely to issue a card.  One SSA executive told the Board that in his area the selling of Social Security numbers is one of the agency’s biggest stewardship problems.  There are gangs who routinely approach SSA employees who might be vulnerable.  These gangs are sophisticated in finding out about employees’ personal situations and they use this information as leverage to coerce or entice employees to steal numbers or provide them with sufficient personal information from SSA’s databases, information that can then be used to establish fraudulent identities.  Another problem that concerns many employees is that, without a photo ID or some form of biometric identification, neither of which is required, there is no way they can be sure that individuals who come into the office are who they say they are.  This is an issue that goes beyond the issuance of a number and includes individuals who claim benefits as well.

Employees in field offices have told the Board that interviews with individuals who are applying for Social Security numbers – and who want them right away - are the most contentious that they must face.  There is also a concern within the agency that more careful checking of documentation or developing a more secure card would require additional resources, which the agency does not currently have.

In March of 2002, the Board issued its report on the agency’s responsibility to ensure program integrity, outlining many of the same issues addressed here today.  In that report, we recommended that SSA work more aggressively with the INS and with the Department of State to resolve any outstanding loopholes or gaps in data sharing and in the identity verification process.  In addition, we have recommended that SSA work more aggressively to encourage the IRS to exercise its statutory authority and begin sanctioning chronic abusers of work authorization requirements.  We applaud the progress that has been made by SSA since that time.  The agency has taken giant steps forward in closing many of the loopholes that we have discussed in our stewardship report and elsewhere.  But, as outlined above, and as is apparent from the testimony of others here today, further efforts are needed.

SSA does not and should not work in a vacuum.  The agency depends upon the support of the Administration and the Congress to provide the resources necessary for the agency to do its job and uphold its responsibilities.  As we have learned from recent events in our country, it is imperative that those critical functions of the agency – including the protection of the Social Security number from misuse and abuse – be fully staffed, fully funded and provided the same level of serious consideration as other agencies that have a responsibility for protecting our security and national well-being.  The Board intends to continue monitoring these critical stewardship and security issues.  We look forward to working with the Congress and the Administration on these very important matters.