Your Social Security Number Is a Matter of National Security

Your Social Security number is the key to a great deal of personal information. It makes sense to protect how and when and by whom your Social Security number (SSN) is used.

Unfortunately, the federal government has enabled the widespread use of Social Security Numbers by promoting their use by agencies other than the Social Security Administration — the one agency that has truly legitimate uses for the number — and by failing to effectively regulate how the private sector uses the number.

The result is that the SSN has morphed into an all-purpose national identifier that is prized not only by all kinds of government agencies, data marketing firms, not to mention identity thieves.

Rep. E. Clay Shaw, Jr. (R.-Fla.) made this clear at a joint hearing held on March 10, 2004, that was sponsored by two subcommittees of Ways and Means, the Subcommittee on Social Security, which he chaired then, and the Oversight Committee. Shaw said in his opening statement that the SSN has become "the key that unlocks the door to our personal and financial information. Criminals who get hold of this key can take advantage of weaknesses in our laws and procedures to carry out whatever bad acts their unscrupulous minds can conceive."

James B. Lockhart III, deputy commissioner of the Social Security Administration, in his prepared statement, wrote to the two subcommittees, "Initially, the only purpose of the SSN was to assure that [the Social Security Administration] kept accurate records of earnings under Social Security so that we could pay benefits based on those earnings."

Starting in the mid-1940s, the use of the SSN expanded. The mid-1970s saw concern about the increasing use of the SSN expressed in the Privacy Act which stipulated that Federal benefits could not be withheld because a person refused to produce their SSN unless a Federal requirement had been adopted before January 1975. The 1980s and 1990s, however, continued to see expanded use of the SSN as it became used for verifying eligibility for employment and for store operators participating in the Food Stamp program. The 1996 Welfare Reform Act required its use in all kinds of documents, including marriage licenses and divorce decrees, to improve the enforcement of child support.

Lockhart noted that businesses are not expressly prohibited by the federal government in their use of the SSN and it has become a ubiquitous identifier as data marketing houses have been able to obtain SSNs so easily. Lockhart said SSNs are indeed valued by many data marketing houses as a unique identifier because they are "more likely than any other identifier to maintain unique records for each specific individual."

Lockhart continued, "The cumulative effect [of decisions to have the Federal Government broaden the use of SSNs as an identifier] is to make the SSN an important element in establishing and maintaining an individual’s identity in various record systems, and the ability of individuals to function in our society."

It’s time to slam the brakes on the runaway use of SSNs and fortunately there is momentum building in Congress to do just that.

Action almost happened in the 108th Congress when the Ways and Means Committee "favorably reported" by a unanimous vote that session’s version of the Social Security Number Privacy and Identity Theft Prevention Act of 2004. The bill failed to be considered by other committees of jurisdiction; however, the Shaw bill is back.

Shaw’s Social Security Number Privacy and Identity Theft Prevention Act (H.R. 1745) would clamp down on the use by government at all levels in suing SSNs by prohibiting them from selling the numbers (other than to assist law enforcement, ensure the accuracy of credit, and for tax purposes). SSNs could not be sold to most private entities and businesses could even face legal penalties for failing to provide services to individuals who fail to offer their SSNs when asked.

Shaw’s bill currently has 44 co-sponsors in the House and its support crosses both sides of the aisle. Rep. John Lewis (D.-Ga) is a supporter as is Rep. Maurice Hinchey (D.-N.Y.) and Rep. Sander Levin (D.-Miss.). So are Representatives Sam Johnson (R.-Texas), Phil English (R.-Penn.) and Ileana Ros-Lehtinen (R-Fla.).

Shaw still serves on the Ways and Means Committee. He is second in seniority in the majority party and he now chairs its Subcommittee on Trade. The Social Security Subcommittee is now chaired by Rep. Jim McCrery (R.-La.).

The primary committee that is charged with considering the bill is the House Ways & Means Committee but H.R. 1745 has also been referred to the Subcommittee on Financial Institutions and Consumer Credit (Financial Services Committee) and the Subcommittee on Commerce, Trade and Consumer Protection (Committee on Energy and Commerce).

Introducing the Social Security Number Privacy and Identity Theft Prevention Act, Shaw made clear that limiting access to SSNs is a matter of true concern. He said:

Barely a day goes by without hearing more examples of the truly devastating effects of identity theft. During a hearing of the Ways and Means Subcommittee on Social Security […], we learned about a widow whose husband died in the September 11th attacks on the World Trade Center — an illegal immigrant used her deceased husband’s Social Security number to get a driver’s license and to work. We also heard about individuals whose credit was ruined, who were arrested for crimes they did not commit, and who spent years and hundreds or even thousands of dollars out of their own pockets trying to clear their names because of identity theft often facilitated by obtaining the individual’s Social Security number.

Shaw insists that he is trying to strike a reasonable balance between how the SSN can be used with claming down on overuse. It would still be able to be used to obtain credit and therefore it would be available to credit firms and also health care providers. His rationale is expressed in a fact sheet issued by his office, "Our nation’s credit system relies on the SSN as a common identifier to compile disparate information from many sources into one credit report. The necessary uses of SSNs must be and are preserved in this bill."

However, private investigators would not be able to access the SSNs in credit reports of individuals they are seeking information unless they have a "permissible" purpose which would include a court order, employment purposes, or collection of an account. It should be noted that the states and local courts would not be required to change older documents to obscure the SSN. Only new documents would be forced to obscure the SSN. The Attorney General will be authorized to decide when and where and how other displays of SSNs will be permitted.

The ID numbers would not be allowed to be displayed publicly on health cards and Shaw’s staff notes that even using bar codes or magnetic strips to display the SSNs is an inadequate guarantee of protection given the availability of devices that can read the information. Transmission of SSNs by the private sector via the Internet would require encryption measures to be taken.

Once his bill becomes law, there would be a period of five years in which it would be permissible to sell the last four digits of the SSNs. Then, the Congress would have the option to reauthorize the use of the truncated SSNs or to clamp down or do away with their use. [This is a point worth that privacy advocates might seriously consider amending because it could unintentionally set up a whole new national identifier. Another might be the curbing of the ability of the states to use the SSN as an identifier in their own records. Why it should be the attorney general, not the Commissioner of the Social Security Administration, who decides on displays and exchanges of the SSN is also worth examining.]

Shaw’s bill would stick it to those businesses and criminals who misuse the SSN. Misuse could lead to criminal penalties of 5 years imprisonment and fines of $250,000. Repeat offenders of SSN misuse would find themselves staring at the possibility of up to ten years imprisonment. Even longer imprisonment would be facing those SSN repeat misusers who have been involved in drug trafficking or violent crimes (up to 20 years) or terrorism (25 years). Employees of the Social Security Administration caught in wrongdoing with SSNs would also suffer severe consequences.

Shaw’s bill is not the only option available to privacy advocates.

Rep. Ron Paul (R.-Tex.) has introduced H.R. 220 — the Identity Theft Prevention Act of 2005 — which would require the issuance of new Social Security Numbers within five years of having been passed and signed into law. The new SSNs would be restricted solely to the purposes of obtaining Social Security and it would be difficult to have the federal government establish a widespread identification number in the manner that the current SSN has become.

H.R. 220 holds that "any two agencies or instrumentalities of the federal government may not implement the same identifying number with respect to any individual." In fact, there could be no mandate or establishment "of a uniform standard for identification of an individual that is required to be used by any other federal agency, a State agency, or a private person for any purpose other than the purpose of conducting the authorized activities of the Federal agency."

The bill has been referred to Ways and Means and the Committee on Government Reform. It has six co-sponsors including the respected constitutionalist conservative Rep. Roscoe Bartlett (R.-Md.) and Rep. Maurice Hinchey (D.-N.Y.).

Paul has spoken out consistently and clearly on the need to curb the widespread use of SSNs. He said in 1998:

When the Social Security System, and the SSN were introduced […], it was for use only in administering the system. Today, there are almost 40 congressionally-authorized uses of the SSN, and many states require that the SSN be used for a range of activities, including obtaining drivers’ licenses and voter registration. Many private organizations have been using the SSN, as well, further opening the door to abuse as the ID drifts further and further from its original purpose.

Paul does not serve on the Ways and Means Committee but is a member of the Committee on International Relations, Committee on Financial Services and the Joint Economic Committee.

Neither the Shaw bill nor the Paul bill has a Senate sponsor. It is worth asking why in this age of terrorism has the response of the Congress been so slow to take essential action on what is as much a matter of national security as it is privacy.

Chris Hoofnagle of the Electronic Privacy Information Center made this clear on September 19, 2002 when he testified before a joint hearing of the Ways and Means Subcommittee on Social Security and the Judiciary Committee’s Subcommittee on Immigration, Border Security, and Claims.

Hoofnagle said:

We believe that good privacy can make good security, and that in this area, we need to protect the Social Security number so that criminals and terrorists do not use it to attack us and our country. The Social Security number plays an unparalleled role in the identification, authentication, and tracking of all Americans.

Identity thieves know the value of a Social Security number, and that is why we believe that limiting the collection and the use of the Social Security number is critical to stemming the growing tide of identity theft.

Limiting the availability and use of SSNs is an issue that should concern all Americans. Anyone can be a victim of identity theft. It’s time Americans demand reform. The widespread use of SSNs far exceeds the limited, original intent regarding use of the number when the Social Security program itself was established in the mid-1930s. This is not just a matter of protecting privacy, it is one of national security. Since 9/11 the Congress rushed to implement all kinds of programs and laws that have limited privacy and that have the potential of intruding on constitutional liberties yet it has consistently neglected the very simple, practical and important step that can protect privacy and, as important, protect against identity theft by criminals and terrorists. The effect has been to leave unclosed what amounts to a gaping hole in our security.

What should have been accomplished years ago can still be done now. The more Congress delays taking this essential action the more time identity thieves, perhaps even terrorists, have to continue wreaking havoc on innocent people. The Shaw and Paul bills are good starting points to start resolving this problem. Failure for the Congress and the administration to take decisive action in limiting the widespread use of SSNs is failing to protect Americans.


View All