House Committee on Government Reform, Subcommittee on Government Management, Information and Technology (Horn)
On Legislation That Would Prevent The Federal Government From Establishing National Identification Cards (H.R. 220, Paul, R-TX)
Frederick G. Streckewald, Associate Commissioner for Program Benefits Testified
May 18, 2000
Mr. Chairman and Members of the Subcommittee:
Thank you for inviting the Social Security Administration (SSA) to testify on H.R. 220, the Freedom and Privacy Restoration Act of 1999, a bill designed to limit the use of the Social Security number, or SSN. Today, I will discuss the original purpose of the SSN, and how its use has expanded over the years. I will also talk about what effect this expansion has had on SSA and the conditions under which we disclose or verify an SSN for third parties. In addition, I will discuss how the number facilitates the data matches used in program integrity to verify eligibility for and benefit amounts of Social Security, Supplemental Security Income (SSI), and other Federal and State benefits.
At the outset, let me emphasize that SSA has always taken its responsibility to protect the privacy of personal information in Agency files very seriously. When the Social Security program began, people were concerned that information they provided to Social Security could be misused. The Social Security Board, charged with implementation of the Social Security Act, issued press releases and public statements to provide reassurance that information provided by individuals and employers would be regarded as confidential and would be available only to the individuals to whom it pertains and to Government personnel who need access to carry out their official responsibilities.
Almost immediately, these broad pledges of confidentiality were translated into official binding policy when the Board published its first regulation in 1937. This pledge of confidentiality has been an important factor in the cooperation which employers and employees have shown over the years in providing required information.
For almost 65 years, SSA has honored its commitment to the American people to maintain the confidentiality of the records in our possession. We have longstanding and effective practices and procedures to maintain individuals' privacy.
Original Purpose of the Social Security Number and Card
To begin, I'd like to talk about the original purpose of the SSN and the Social Security card. Following the passage of the Social Security Act in 1935, the SSN was devised administratively as a way to keep track of the earnings of people who worked in jobs covered under the new program. The requirement that workers covered by Social Security apply for an SSN was published in Treasury regulations in 1936.
Initially, the only purpose of the SSN was to keep an accurate record of earnings covered under Social Security and to pay benefits based on those earnings. The SSN card is the document SSA provides to show what SSN is assigned to a particular individual. The SSN card, when shown to an employer, assists the employer in properly reporting earnings.
Growth of SSN as an Identifier for Other Federal Purposes
In spite of the narrowly drawn purpose of the SSN, use of the SSN as a convenient means of identifying people in records systems has grown over the years in steps often taken for good reasons such as, in the public sector to help enforce laws, protect the public treasury, and collect funds from delinquent non-custodial parents.
In 1943, Executive Order 9397 required Federal agencies to use the SSN in any new system for identifying individuals. This use proved to be a precursor to an explosion in SSN usage which came about during the computer revolution of the 1960's. The simplicity of using a unique number that most people already possessed encouraged widespread use of the SSN by Government agencies and private organizations as they adapted their record-keeping and business applications to automated data processing.
In 1961, the Federal Civil Service Commission established a numerical identification system for all Federal employees using the SSN as the identifying number. The next year, the Internal Revenue Service (IRS) decided to use the SSN as its taxpayer identification number (TIN) for individuals. And, in 1967, the Defense Department adopted the SSN as its identification number for military personnel. Use of the SSN for computer and other record-keeping systems spread throughout State and local governments, and to banks, credit bureaus, hospitals, educational institutions and other areas of the private sector. At the time, there were no legislative authorizations for, or prohibitions against, such uses.
Statutory Expansion of SSN Use in the Public Sector
The first explicit statutory authority to issue SSNs did not occur until 1972, when Congress required that SSA assign SSNs to all aliens authorized to work in this country and take affirmative steps to assign SSNs to children and anyone receiving or applying for a benefit paid for by Federal funds. This change was prompted by Congressional concerns about welfare fraud and about noncitizens working in the U.S. illegally. Subsequent Congresses have enacted legislation which requires an SSN as a condition of eligibility for applicants for SSI, Aid to Families with Dependent Children (now called Temporary Assistance to Needy Families), Medicaid, and food stamps. Additional legislation authorized States to use the SSN in the administration of any tax, general public assistance, drivers license, or motor vehicle registration law within its jurisdiction.
At the same time legislation was being enacted to expand the use of the SSN, Congress became concerned about the widespread use of the SSN as an identifier. As a result, the Privacy Act was enacted in 1974. It provides that, except when required by Federal statute or regulation adopted prior to January 1975, no Federal, State or local government agency could withhold benefits from a person simply because the person refused to furnish his or her SSN.
However, Congress continued to enact legislation that authorizes certain uses of SSNs in the public sector or required governmental agencies to collect the SSN, limiting the effect of the Privacy Act.
In the 1980's, separate legislation provided for additional uses of the SSN including employment eligibility verification, military draft registration, commercial motor vehicle operators licenses, and for operators of stores that redeem food stamps. Legislation was also enacted that required taxpayers to provide a taxpayer identification number (SSN) for each dependent age 5 or older. The age requirement was lowered subsequently, and an SSN is now required for dependents, regardless of age. The expansion of use of the SSN continued through the late 1980's with the requirement that an SSN be provided by applicants for Housing and Urban Development programs and authorizing blood donation facilities to use the SSN to identify blood donors.
In the 1990's, SSN use continued to expand with legislation that authorized its use for jury selection and for administration of Federal workers' compensation laws. A major expansion of SSN use was provided in 1996 under welfare reform. Under welfare reform, to enhance child support enforcement, the SSN is to be recorded on almost every official document an individual may obtain; e.g., professional licenses, drivers licenses, death certificates, birth records, divorce decrees, marriage licenses, support orders, or paternity determinations. When an individual is hired, an employer is required to send the individual's SSN and identifying information to the State which will verify the information with SSA. This "New Hire Registry" is part of the expanded Federal Parent Locator which enables States to find non-custodial parents by using the SSN.
Private Sector Use of the SSN
Unlike public sector use of the SSN, private sector use of the SSN is not specifically authorized but neither are there any restrictions. People may be asked for an SSN for such things as renting a video, getting medical services, and applying for public utilities. They may refuse to give it. However, the provider may, in turn, decline to furnish the product or service.
Officials from financial services companies advised the General Accounting Office (GAO) for their February 1999 report, "Use of the Social Security Number is Widespread," that, although they ask for an SSN, they generally do not use SSNs as internal identifiers but instead assign an account number as a customer's primary identifier. They expressed concern, however, that if prohibited from using an SSN, their ability to conduct routine internal activities and correctly match a specific individual to a corresponding record of information would be severely hampered.
The SSN as an Identifier
As you can see, Mr. Chairman, the current use of the SSN as a personal identifier in both the public and private sectors is not the result of any single step; but rather, from the gradual accretion over time of extending the SSN to a variety of purposes. The implications for personal privacy of the widespread use of a single identifier have generated concern both within the government and in society in general. Opposition to the use of such an identifier stems from the fear that it will be used improperly to exchange information among organizations or could possibly lead to dossiers about people which would follow them throughout life, make identity theft easier, or compromise a person's privacy.
The advent of broader access to electronic data through the Internet and the World Wide Web has generated a growing concern about increased opportunities for access to personal information. Some people fear that the competition among information service providers for customers will result in broader data linkages with questionable integrity and potential for harm.
On the other hand, there are some who believe that the public interests and economic benefits are well-served by these uses of the SSN. They argue that it would enhance the ability to more easily recognize, control and protect against fraud and abuses in both public and private activities. All Federal benefit-paying agencies rely on data matches to verify, not only that the applicant is eligible for benefits, but also to ensure that the benefit paid is correct. The SSN is the key that facilitates the ability to perform the matches.
SSA Verification Workload
SSA verification workloads relating both to use and misuse of the number have increased as the number's use has expanded. Such verifications are done primarily through regular automated data exchanges. We actively participate in data matches to ensure the accuracy of Federal and State benefit payments, to verify whether applicants are eligible for benefits, to undertake debt collection activities, and to safeguard program integrity. The SSN, as the common identifier, is the key to these matches. In addition, we verify SSNs for employers to ensure the correct posting of wages and for other Federal benefit-paying programs to help reduce their program costs. Where required by law and, in certain circumstances where permitted by law, we verify that the name and SSN in the files of third parties are the same as those on our SSN records.
Examples of disclosures or verifications we perform required by statute include:
- to the Office of Personnel Management for the purpose of administering its pension program for retired Federal Civil Service employees;
- to the Immigration and Naturalization Service to identify and locate aliens in the United States;
- to the Department of Education for verifying the SSNs of student loan applicants;
- to the Department of Veterans Affairs to determine eligibility for, or amount of, veterans benefits; and
- to State agencies and courts to locate absent parents owing child support.
Disclosures we make that are permitted by the Privacy Act include:
- to the Department of Justice for investigating and prosecuting violations of the Social Security Act or for litigation involving SSA components or employees;
- to the Department of Treasury for tax administration and for investigating the alleged forgery or unlawful negotiation of Social Security checks; and
- to Federal, State and local entities for the purpose of administering income maintenance and health maintenance programs, where use of the SSN is authorized by Federal statute.
Matches for Program Integrity Purposes
We rely on data matches to verify eligibility factors, that is, that the applicant is eligible for the benefit, to protect the integrity of our programs, and for debt collection activities. Use of the SSN facilitates our ability and that of other agencies to perform the matches. Many of the data matches are mandated by statute, such as the State death data match which provides State death certificate information to SSA, as well as providing death data to other benefit-paying Federal agencies for them to determine if recipients are fraudulently claiming benefits. We also do matches for prisoner reporting which provides information on incarceration so that SSA can suspend benefits.
While these data matches are invaluable to us, nothing is more important in the operation of our programs than ensuring that the public has confidence that the information placed in our trust is secure. This is a cornerstone of our philosophy. SSA uses state-of-the art encryption software that protects data sent to us and systems firewalls that protect access to our databases. We are constantly reevaluating the security features necessary to protect the information we receive and maintain.
How Does Matching Work?
SSA computer matching, as is true for matching by other Federal and State agencies, is regulated by the Computer Matching and Privacy Protection Act of 1988, which amended the Privacy Act. The Act prescribes a procedural framework for matching activities, to include mandatory provisions that an individual be provided due process before a benefit is denied or terminated, that appropriate safeguards are adopted to preserve the confidentiality of the data being exchanged, and prohibitions on duplication and redisclosure of the data other than for purposes covered by the match.
Because of our overriding concern for the confidentiality of the personal information in our records, and as required by the Computer Matching and Privacy Protection Act of 1988, SSA establishes an agreement with another agency to conduct computer matches for a specified purpose. This agreement is specific as to what the receiving agency can do with the information it receives from SSA.
A computer comparison of an entire non-SSA database of information is matched against an entire SSA database (e.g., all Federal Workers Compensation cases compared to all disability beneficiaries). The computer compares the records for discrepant information, and may also identify characteristics of highly suspicious cases. After the computer comparison discovers discrepancies, an alert is sent to an SSA employee to investigate. The employee notifies the beneficiary, advising him or her that information produced by matching may disqualify the individual from receiving benefits or result in a reduction of benefits, but no adverse action will be taken until he or she has had an opportunity to contest the information. Only after due process has been satisfied will SSA take action, if warranted, to change the benefits.
This process is highly efficient for programmatic benefits and allows SSA to quickly determine eligibility and ensure correct payment amount. Our computer matches comply with the due process, notice and individual privacy safeguards required by the Computer Matching and Privacy Act of 1988. SSA estimates savings to the trust funds of $332 million annually from computer matches for title II benefit purposes.
In order to improve the payment accuracy rate in the SSI program, designated by the General Accounting Office (GAO) as a "high risk" program, we are pursuing improved matching of our data with available records on wages, nursing home admissions, and financial accounts. GAO recommended that data matches were an effective means of reducing overpayments in the SSI program. In response to the recommendations, Congress included in the Foster Care Independence Act of 1999 (enacted on December 14, 1999) authority for SSA to conduct certain matches to capture information that directly affect eligibility and payment amount. The SSN is the key to those data matches. Matching information with various databases holds great promise in preventing SSI overpayments in these areas. Access to such data is vitally important in our efforts to strengthen the management of the SSI program.
Our actions are already showing results. For example, the data matches performed in FY 1999, along with other improvements, are projected to result in substantial savings in overpayment collection and prevention for the SSI program at a comparatively low administrative cost. In FY 1999, SSA saved almost $700 million in both title II and title XVI by sharing data with other Federal and State agencies. Similarly, according to agency estimates, other Federal, State and local agencies also saved about $1.5 billion. SSA and many other Federal agencies use data sharing for three of the most important debt collection tools. The debt collection tools provided for under the Debt Collection Improvement Act of 1996 that rely on data sharing are: Tax Refund Offset where SSA refers delinquent debts to Treasury; Treasury Offset Program which expands offset to government payments other than tax refunds; and Credit Bureau Reporting where delinquent debtors are reported to Equifax and Trans Union.
Public concern over the availability of personal information has encouraged some to consider ways to limit using SSNs to disclose such information. However, GAO's February 1999 report on the widespread use of the SSN indicates that officials from both private businesses and State governments have stated that if the Federal government passed laws that limited their use of SSNs, their ability to reliably identify individuals' records would be limited as would their subsequent ability to administer programs and conduct data exchanges with others.
Which leads to my discussion of H.R. 220. Let me begin by briefly summarizing the provisions that affect SSA. The stated purpose of H.R. 220 is to prohibit the use of the Social Security number as an identifier.
Specifically, the bill would:
- amend title II (Old Age, Survivors and Disability Insurance) of the Social Security Act and the Internal Revenue Code to prohibit any Federal, State, or local government agency or instrumentality from using a Social Security number or any derivative as the means of identifying any individual, except for Social Security and certain tax purposes.
- pamend the Privacy Act of 1974 to prohibit any Federal, State, or local government agency or instrumentality from requesting an individual to disclose their Social Security account number on either a mandatory or a voluntary basis except for Social Security and tax purposes.p
- p>prohibit any two Federal agencies or instrumentalities from implementing the same identifying number with respect to any individual, except for Social Security and tax purposes. p
- pprohibit a Federal agency from establishing a uniform standard for identification of an individual that is required to be used by any other Federal agency, State agency, or a private person for any purpose other than the purpose of conducting the authorized activities of the Federal agency. p
- pprohibit a Federal agency from establishing a uniform standard for identification of an individual that is required to be used for a purpose to which the Federal Government is not a party; or for administrative simplification. p
Mr. Chairman, H.R. 220 would severely limit SSA's ability to perform data matches. The bill would restrict data exchanges which benefit the public. SSA and other Federal, State and local governments use these data exchanges to ensure accurate payment of benefits and to verify eligibility. Limitations or foreclosure of such data exchanges would undermine SSA program integrity initiatives, cost about $1 billion in lost savings, and erode public confidence in SSA's stewardship of Social Security programs. Even though there are attempts to provide an exception for Social Security use of the SSN, the language is not clear as to whether the SSN could be used as a Social Security claim number for benefits. It is also not clear as to whether the exception would apply to use of the SSN for SSI purposes.
In conclusion, I want to reiterate SSA's longstanding and ardent protection of the confidentiality of the personal information in our records. We share Representative Paul's concern about the expanded use of the SSN in every phase of society. However, at the same time, we have an obligation to ensure that benefits are paid only to eligible individuals and that the correct benefit is paid.
The way for SSA and other benefit paying agencies to validate that a benefit in the correct amount is paid only to an eligible beneficiary is to verify the information he or she provided. Without a unique identifier, trying to obtain information from other agencies would be cost-prohibitive, as well as, labor intensive.
In the use of SSNs, we must carefully weigh the balance between protection of individual privacy rights and the integrity of the Social Security programs and other benefit paying programs. We look forward to working with you to find the right balance.
I will be glad to answer any questions you may have.