Preventing Identity Theft by Terrorists and Criminals

Date: 
Thursday, November 8, 2001

Good morning, and thank you for the opportunity to appear today to discuss the prevention of identity theft by terrorists and criminals. While I have testified on the issue of identity theft before various Committees in both the House and Senate, the events of September 11th lend a renewed urgency to this issue.

Identity theft was already a significant problem facing law enforcement, the financial industry, and the American public before September 11th. In the weeks since that terrible day, it has become increasingly apparent that improperly obtained Social Security numbers were a factor in the terrorists’ ability to assimilate themselves into our society while they planned their attacks. While this has heightened the urgency of the need for Congress, the Social Security Administration, and my office to take additional steps to protect the integrity of the Social Security number, it has not altered the nature of the steps that must be taken.

The Social Security number, no matter how much we avoid labeling it as such, is our national identifier. As such, it is incumbent upon those of us gathered here to do all in our power to protect it and the people to whom it is issued. There are three stages at which protections must be in place: upon issuance, during the life of the number holder, and upon that individual’s death.

With respect to the issuance of SSN’s, or what the Social Security Administration refers to as the enumeration process, our audit and investigative work has revealed a number of vulnerabilities and resulted in a number of recommendations. The most critical of these recommendations centers around the authentication of documents presented by the individual applying for an SSN or a replacement Social Security card. If we are to preserve the integrity of the SSN, birth records, immigration records, and other identification documents presented to SSA must be independently verified as authentic before an SSN is issued. Further, if immigration records are to be relied upon, the Immigration and Naturalization Service must be required to authenticate those records. Regrettably, this will subject the enumeration process to delays, but just as we must endure lengthy waits at airports in the name of tighter security, so must we now sacrifice a degree of customer service in the name of SSN integrity. H.R. 2036, introduced by the Social Security Subcommittee, moves us closer to these protections, the importance of which cannot be overstated. If we cannot stop the improper issuance of SSNs by the Federal government, then no degree of protection after the fact will have any significant effect—it would merely be closing the barn door after the horse has gone.

The second, and most difficult, stage of protecting the SSN comes during the life of the number holder. Because the SSN has become so integral a part of our lives, particularly with respect to financial transactions, it is difficult to give the number the degree of privacy it requires, but there are important steps we can take. We can limit the SSN’s public availability to the greatest extent practicable, without unduly limiting commerce. We can prohibit the sale of SSNs, prohibit their display on public records, and limit their use to valid transactions. And we can put in place strong enforcement mechanisms and stiff penalties to further discourage identity theft. These measures can be accomplished only in cooperation with the financial services industry, and only in a spirit of compromise and mutual accommodation. Again, H.R. 2036 takes important steps in this direction.

Finally, we must do more to protect the SSN after the number holder’s death. The Social Security Administration receives death information from a wide variety of sources and compiles a Death Master File, which is updated monthly and transmitted to various Federal agencies. It is also required to be offered for sale to the public, and can be accessed over the Internet through a number of sources. Whether making this information publicly available is wise, is a policy issue that Congress may wish to consider in light of recent events; certainly it exposes a large number of issued SSNs to the public. My concern under the current system is with the accuracy of death information. Accuracy in this area is critical to SSA in the administration of its programs, to the financial services industry, and to the American people. Our audit work has revealed systemic errors in the Death Master File, and we have recommended steps that SSA can take to improve the reliability of this critical data. Among these recommendations were matching the Death Master File against auxiliary benefit records to ensure that individuals receiving benefits in one system are not listed as deceased in another, and reconciling 1.3 million deaths recorded in SSA’s benefit payment files that do not appear in the Death Master File.

We are faced with striking a balance between speed and convenience on the one hand and accuracy and security on the other—this is true in the case of the Death Master File, just as it is true in the enumeration process and in the protection of SSNs during the life of the number-holder. In the post-September 11th environment, we must be particularly cautious in striking that balance, and any attempt to accelerate the death reporting process must be undertaken in full awareness of the importance of accuracy.

At all three of these stages of an SSN’s existence, improvement is needed. H.R. 2036 addresses many of these concerns. But legislation, and more importantly, cooperation, is critical. The Social Security Administration, my office, the Congress, and the American people must act together to accord the SSN the protections appropriate to the power it wields.

Thank you, and I’d be happy to answer any questions.