Search Terms: personal w/5 information w/5 privacy, House or Senate or Joint
Document 108 of 261.
Copyright 2000
Federal News Service,
Inc.
Federal News Service
View Related Topics
May
11, 2000, Thursday
SECTION:
CAPITOL HILL HEARING
LENGTH:
15956 words
HEADLINE:
HEARING OF THE SOCIAL SECURITY SUBCOMMITTEE OF THE
HOUSE
WAYS AND MEANS COMMITTEE
SUBJECT: SOCIAL SECURITY NUMBER THEFT
CHAIRED BY: REPRESENTATIVE CLAY SHAW (R-FL)
LOCATION: 1100 LONGWORTH
HOUSE
OFFICE BUILDING, WASHINGTON, D.C.
TIME: 2:00PM DATE: THURSDAY, MAY 11, 2000
WITNESSES:
REP. JIM MCDERMOTT (D-WA)
REP. GERALD D. KLECZKA (D-WI)
REP. EDWARD J. MARKEY (-MA)
REP. JOHN HOSTETTLER (R-IN)
REP. RON PAUL (R-TX)
MR. STUART K. PRATT, VICE PRESIDENT, GOVERNMENT RELATIONS, ASSOCIATED CREDIT BUREAUS, INC.;
EDMUND MIERZWINSKI, CONSUMER PROGRAM DIRECTOR, UNITED STATES PUBLIC INTEREST RESEARCH GROUP;
KATHERINE BURKE MOORE, CHAIR, INTERNATIONAL BOARD OF DIRECTORS, AMERICAN ASSOCIATION OF MOTOR VEHICLE ADMINISTRATORS;
MARC ROTENBERG, EXECUTIVE DIRECTOR, ELECTRONIC PRIVACY INFORMATION CENTER;
ROBERTA MEYER, SENIOR COUNSEL, AMERICAN COUNCIL OF LIFE INSURERS;
BODY:
REP. CLAY SHAW (R-FL): Good afternoon, and welcome to the second day of our two day of hearings about the use and the misuse of social security numbers. Just about everyone's privacy in financial security depend on seeing these numbers used as intended and not misused.
As we learned on Tuesday, the social security number misuse is rising fast with often devastating consequences for families like the Stevens who's testified before us on Tuesday. They have spent years trying to get their identities and good names back. Since Tuesday, people have been calling us from every corner of the country with similar stories about how their social security numbers were compromised.
Today we will learn more about the pluses and minuses of restricting the use of social security numbers. First, we will hear from several members who have proposals themselves that go to various lengths to restrict the use of social security numbers. After that, we will hear from groups interested in protecting personal privacy as well as representatives of industry and government agencies that regularly use social security numbers in conducting their business. As I mentioned on Tuesday at our hearing, with the support of the administration and our colleagues on this panel, we can approve legislation to better protect social security numbers from misuse. Social Security's inspector general has already made several recommendations. Today we will learn more about these ideas and several others. But we also need to carefully consider the consequences of any actions on this complicated issue. As we look for ways to better protect privacy and security, we must be on the look out for unintended consequences which abound in this complex field.
Given the passion on all sides of this issue and the excellent testimony we will hear today, I trust that we will have lots of good advice on how to proceed. We want to be extraordinarily careful that we don't overreact, but it seems to be very clear from our hearing on Tuesday that definitely something has got to be done. Mr. Kleczka's points that were in his bill were referred to by one of our witnesses on Tuesday. It was the inspector general who set out several points that I think are in Mr. Kleczka's bill.
So we'll be very interested in hearing what you gentlemen have to say today. Without objection, all members will have the privilege of putting opening statements into the record. And at this time we will proceed as they appear on the agenda with the member of this committee, Mr. McDermott of Washington.
REP. JIM MCDERMOTT (D-WA): Thank you, Mr. Chairman. I ask unanimous consent to have my statement put in the record.
REP. SHAW: Without objection.
REP. MCDERMOTT: My interest in this started in 1995 when I read an article in the New York Times about a man whose son had a medical genetic disease called Resheckle's (ph) disease. It's a weakness of the upper limbs. The youngster was examined, and the family was tested genetically.
Shortly thereafter, after all the medical things had been done, the father lost his auto insurance -- no moving violations, no accidents, no nothing. And when he asked, they said, well, you have this disease, Resheckle's disease. And he didn't have it, but it had been gotten through somehow the system.
I'd began working on that and dropped in a privacy bill in 1995. And I think that as we progress down the way toward the human genome being completed and access to everybody's genetic information will be on the record, you will have enormous potential for abuse in terms of insurance and employment and a whole variety of other things; and the whole issue of privacy is going to come to a head as the human genome project actually gets out into the medical field.
Now, there's a second strand to my concern. And that is, in 1996 I went to the Democratic Convention, and when it was over I came back, and my secretary said to me, "How are you going to pay for this limousine that you used in Chicago?" And I said, "I didn't rent any limousine." Somebody who was impersonating me had rented a limousine, had done all kinds of things all over the city using my name. And they had tried to get into my credit records; they had done all sorts of things. And the fact is, our information is very much open to the public if they want to look.
There was an article recently in the New York Times of a meeting that occurred in Seattle, and I'd like to report on that in my remaining minutes. It was a meeting of a group called the Egora (ph). It was convened by a man who is the security person for Regents Blue Shield, which is the insurance company, the Blue Shield plan in Seattle. It includes all the security officers from all the insurance companies, from the police department, from the sheriff's department, from the federal government; it was a room of probably 75 people. Two months before, he challenged them. He said, "Here's my name and my birthday. Do anything you can legally and find out everything you can between now and the next meeting."
Well, what happened was, they demonstrated everything from the fact that he was in second grade in a particular school, and they showed a picture. They showed the fact that he owned $
7.19 to the gas company. They showed his whole driving record. They showed his divorce decree. They showed some scrapes he had had as an adolescent with the law -- all of this simply by giving the name and the birthday.
Now how did they do that? Well, they sent somebody in to pick up a birth certificate. They sent somebody for a credit record. They sent something, and they gradually accumulated it all by using legal methods. And the common thread to most of it was getting a social security number. Once they had a social security number, they could tie into his bank account, they could tie into his automobile insurance, they could tie into everything.
The importance of this issue I think is not well understood by the average American. I think that the committee is right to be thinking about this issue. Mr. Kleczka has a bill specifically on that issue. My bill has more to do with medical privacy, which I think is an issue that needs to be dealt with. But I think that this whole question of the use of social security numbers is central to what we do.
My bill on medical privacy would have prevented the use by any medical establishment of your social security number as your identifier. So when you go into the hospital, you apply for your insurance coverage or whatever, if you give your social security number, you have opened up your whole life. Anybody who has that number can get into all the places--as the newspaper reported this morning, the voting card that we have from the House of Representatives has at the bottom of it our social security number. I mean, it never was intended to be an identification number, but there it is.
And I think that whole issue is something that this committee ought to take within its purview, and I commend you for having these hearings. I can hope that we can on a bipartisan basis because this is not a Republican issue or a Democratic issue; everybody has a social security number.
REP. SHAW: You're quite correct.
Mr. Kleczka.
REP. GERALD KLECZKA (D-WI): Thank you, Mr. Chairman. And let me thank you for your interest in this subject matter, for having the hearing and for permitting me to come before your subcommittee to share a few comments.
The committee in yesterday's testimony heard from the Stevens family and how their identification was stolen. Someone ran up a whole bunch of credit. And I had a similar situation with a woman in my district, and the problem that occurs after that fact is the person has to clear their name themselves. They have to, through whatever means, prove that the purchases on the card were not theirs; and this takes literally hours and years to clean up so finally their record is clear so they can, again, apply for credit.
What is the key to identity fraud? Well, as you've been told probably yesterday and by Mr. McDermott, the key to establishing fraud or identity in your name is, number one, your social security number. That brings open the door to do whatever the unsavory person wants to do. The second bit of information, if he or she has it, is your mother's maiden name. And at that point not only the door is thrown open, but the windows are thrown open.
Mr. Chairman, I think that part of the problem in our society today is that people ask for our social security number by habit. It's been pointed out that our voting card has a social security number on it; for what reason, we don't know. But I discovered, along with my friend, Ron Paul, this was on the card the first days of session. So I wrote a letter to the chief clerk and said, "Hey, wait a minute. Why are you putting our social security number our voting card? The voting machine's not going to read it." Well, his initial answer was, "You gave your okay when you signed up for the card." I said, well, I don't recall that. And so then he rechecked and there was no box to check. It was put on there just by habit.
Checking out some toys--not for myself but for my nieces and nephews--a Christmas or two ago, I was at the counter, and I was giving a check; and the clerk insisted I give my social security number. For what reason? It links with nothing that she has at hand to verify that I'm the person whose name is on the check; but, Mr. Chairman, this I think is being done by habit.
I went to a new dentist to have some dental work done. On the application, "Give us your social security number." Well, what I did at Toy R Us, I thought of the first 10 numbers that came to mind, put it on the check, she smiled, I walked out with the purchase, right? I didn't fill it in for the dentist. I still got the work done and a $
2,400 bill.
So something has to be done. People will say, "The horse is out of the barn, Jerry; what are you going to do about it?"
So, Mr. Chairman, walking over here, talking with you, I think we agree that it has to start somewhere. And maybe, yes, these lists are out there, but we have to stop the dissemination and abuse of these lists being sold, given away for whatever reason.
For the last couple of sessions, I've introduced the
Personal Privacy Information
Act, PPIA Act, H.R. 1450; and there's a few things that I'd ask the committee to look at when you draft your response to this problem.
Number one, credit bureaus sell header information in their files. Header information is the information that's most important to you and I. It's our name, our address, phone number, listed or otherwise, mother's maiden name, social security number. And so firms come to the credit union and say, okay, I need all the people in California who buy Nike's shoes or whoever--a very good credit rating and a zip code--and they'll sell that header information.
My bill prohibits selling that header information in its current form. Yes, if you want to sell the person's name, address and listed phone number only, but the rest of the things that you have in your file on this person cannot be sold without the authorized explicit consent of the person who is named.
The bill next goes to talk about the use of social security numbers for commercial purposes. It prohibits the sale of any list which contains your social security number, and the bill further goes on to talk specifically about motor vehicle departments, but they are the biggest abuser. The insurance firms, rating firms, all sorts of other commercial firms, can purchase the motor vehicle list from your state motor vehicle department; and on there will be your social security number. The bill I've introduced disallows that bit of information being on there. If you want to sell the name and address, fine, but not the social security number.
One of the other things the bill does, which I think is relatively important, if a person refuses to do business with an individual who refuses to give their social security number, that is against the law; that would be made a civil crime. Because I don't give Toys R Us my social security number or the dentist or whoever else, I should not be refused service.
Another good example of that is a constituent who called me, saying she's applying for cable services in the city of Milwaukee, and on there was a request for her social security number. She refused; they denied cable service. Why does a cable company need your social security number?
So, Mr. Chairman, the time has come where--especially with the Internet and disseminating information must quicker--that Congress I think has a duty and responsibility to look at that social security number, again, to restate what the purpose is and start some legislation to stop the willy-nilly dissemination of our social security numbers. And again, Mr. Chairman, thank you.
REP. SHAW: Yes, I look forward to working with you.
Mr. Markey.
REP. EDWARD MARKEY (D-MA): Thank you, Mr. Chairman, very much, and thank you for focusing upon this critically important issue. The points that Mr. McDermott and Mr. Kleczka have already made are going to obviously be further embellished upon by the other members of Congress who are going to testify before you today.
What I'd like to do though is just step back here for a second and look at why it's so important for us to have this conversation. We're at the dawn of a new era. It's the Internet era. And I think that's why so many people are so concerned.
But put it in context. In the last quarter of 1999, of the $
875 billion worth of retail sales in the United States, only $
5 billion of that was on line. So at this point it's only seven-tenths of 1 percent of all commerce in the United States, all retail commerce.
The concerns which ordinary Americans have are reflected by the fact that increasingly on line they're asked to put these identifying numbers into the computer but without any guarantees that that information--that social security number or any other information which they're providing--can't be reused for other purposes. That's why it becomes so much of a concern for people.
Now I happen to believe that one of the things which the online industry is going to have to do is recognize the fact that the reason that they're only $
5 billion out of $
875 billion in the last quarter of 1999 is that many Americans just don't want to give out all that information without some guarantee that it's not going to get compromised.
Yes, we want the new revolution; but we want the new economy with old values. We want the new technologies animated by the old values. It's a merger of the old with the new that ultimately is going to result in the production of this new economy. "Commerce with a conscience," that's what the American people want.
Now, if an ordinary American goes up to the ATM machine, and they punch in their little secret number, and then they push in the number for the $
50 they're trying to extract, when out comes their receipt, they don't throw it in the bucket that's right there because they don't want anyone to know what their social security number might be or what their PIN number might be or how much money they took out. But that very same person as a condition of banking with a large financial institution has to basically seethe the right to have that information used for purposes that they would never have wanted it to be used -- all the information that's on the check, about the illnesses of your children or your parents or your wife or yourself or any financial transactions that you might have engaged in. You might not have even told your spouse, much less everybody else in the neighborhood, about one of these transactions.
So most people are naturally quite protective of their privacy, and they want rules put in place that ensure that the social security number doesn't become a universal identifier that allows data miners to be able to--with access to your social security number and your mother's maiden name or all the other clues that you're forced to give up--be able to go and find everything that ever happened to you -- in fact, a more comprehensive compilation of your life than anyone else in your family might know about you, including a lot of stuff you might have forgotten, and for them to then use this as a product that they market to hundreds of companies across the globe in terms of their ability then to bring those products that are of interest to them into your home by using your personal, private family secrets.
So, Mr. Chairman, you can't have a more important hearing than this because there is a Dickensian quality to this new technology. It is the best of wires and the worst of wires simultaneously. It has the ability to enable and to ennoble, but it also has the power to degrade and to debase. And I think what is going to happen is that the American public is going to demand that their family's privacy be allowed to be protected, and that this is going to become the number one civil rights issue of the next 10 years in the United States. And the concern about the issue will rise concomitantly with the rise of retail commerce on line in our country.
And I think we have a chance to engage in a bit of participatory democracy, putting in place today the protections which the public is going to need in the years ahead to ensure that their family's most intimate secrets are not made of products that hundreds of marketers use regardless of the impact it might have upon that family's psychological, physical or financial or medical well-being.
And I can't compliment you enough because, ultimately, the key to all of this is a social security number because that has become the way in which the door is opened for all of the other clues to who we are able to be found.
And I just want to contrast it with the world in which we grew up in--very briefly--which is the world in which the nurse or the doctor that we went to when we were children had our medical record around their neck, and it was just between us, our mother and father and the doctor and the nurse, or when we went into the bank and all it was was that man behind the counter who showed us how the miracle of compound interest would help us if we kept putting money in each month from our paper route or the money that we earned doing chores at home for our moms and our dads.
Well, today, those doctors work for HMOs. Those bankers work for some large conglomerate. They don't protect your privacy any longer, in the absence of laws being put on the books, that ensure that the privacy keepers are not replaced by the privacy peepers -- the data- mining reapers who see us all as just sources of profit for them rather than individuals with families who need the protection of their privacy.
I thank you, Mr. Chairman, very much, for holding this critical important hearing.
REP. SHAW: Thank you for a very thoughtful presentation.
Mr. Hostettler.
REP. JOHN HOSTETTLER (R-IN): Mr. Chairman, thank you for this opportunity to share with you. Members of the committee.
I'm pleased to come before you today in support of my bill, H.R. 2494, the Children Tax I.D. Alternative Act. This bipartisan bill, which currently has 23 co-sponsors, would provide a religious exemption for those who do not wish to obtain a social security number for their children. It would remove the barriers that exist to those who choose to exercise their religious beliefs by not attaching social security numbers to their children. The Children Tax I.D. Alternative Act would simply provide an alternative way of claiming dependent tax credits and deductions for these families.
This subcommittee has been hearing testimony regarding the expanding use of social security numbers and the associated use and abuse that accompanies such an expansion. There are, however, a significant group of American citizens who are resisting this progression because it violates their religious beliefs. These are honest, law-abiding citizens who pay their taxes and promote the laws and principles of our civil order. They are the public school teacher in Oregon, the minister in Washington, the professor of a state university as well as state representatives. Yet, because they choose to follow the dictates of their religion, they pay substantially more income tax than do their neighbors.
The history of the use of social security numbers indicates this has not always been a problem and need not be a problem anymore. It was not until the Tax Reform Act of 1986 that taxpayers who wish to claim exemptions for dependents were required to provide social security numbers for all dependents age 5 and older. This age requirement was changed in 1995 to require that any claim dependent have a taxpayer identification number, which under Section 6109 of the IRS Code is an individual's social security number. Finally, in 1996, the IRS was authorized to reject the dependency exemption if no taxpayer identification number was supplied.
What are the implications of these laws? As a result of the changes made by the Tax Reform Act of 1986, the IRS reported that their were approximately 7.5 million fewer dependents claimed in 1987 than 1986. Instead of the estimated 77 million dependency exemptions, the IRS reported that only 69.7 million such exemptions were claimed. This translated into a revenue increase of $
2.8 billion for the federal government in tax year 1987 alone.
The IRS has indicated that the significant drop in claimed exemptions is, in fact, due to the required use of social security numbers; however, they believe that the exemptions dropped because the use of the numbers eliminated the potential for fraud and abuse. The IRS is unable to conclusively assert this finding because no study or report has been conducted to determine the actual reason for this significant drop. Rather, we have every indication that this drop was due, at least in some degree, to personal religious objections by parents who do not wish to attach social security numbers to their children.
While there may be disagreements and varying opinions about the levels of causation concerning these statistics, it cannot be denied that the drop is due at some level to the religious objections. Simply put, the families who hold such religious beliefs are being forced to pay for their right to exercise their religion.
I understand that these laws were implemented in order to curb the use of proper dependency exemptions; however, I would also like to point out, Mr. Chairman, that my bill does not add the potential for tax fraud and abuse. Under the provisions of this bill, parents seeking to receive a deduction or credit for children without social security numbers would be required to submit several forms of official documentation. Only by providing, one, an affidavit describing the religious believe; two, an affidavit from a knowledgeable third party; and three, documentation such as birth records, medical records, school records or insurance records to verify the relationship of the dependent to the taxpayer would these families be able to claim the exemptions.
Such an exemption is not without precedent. There are currently a number of U.S. citizens who are permitted to be exempt from participation in social security based on their religious belief. There is also an allowance for certain ministers and members of religious orders to be exempt from self-employment taxes on income for those who are opposed to these insurance programs. However, there are no exemptions for those who fail to provide a taxpayer I.D. number when it's required on a tax return. This is precisely what my bill seeks to address.
As our laws stand, many families have voluntarily forfeited thousands of dollars worth of legitimate dependent deductions rather than violate their religious belief. I find it unjustifiable that our government would force its citizens to make that choice, yet we persist in doing just that. My bill, H.R. 2494, would restore fairness to our tax code by doing away with this injustice and protecting the religious belief of all American taxpayers.
Thank you, Mr. Chairman, once again for this opportunity.
REP. SHAW: Thank you.
Mr. Paul.
REP. RON PAUL (R-TX): Thank you, Mr. Chairman. I would like permission to insert my printed statement.
REP. SHAW: Without objection, the full statement of all the witnesses will be entered in the record.
REP. PAUL: Along with a statement from the Liberty Study Committee, unanimous consent to put that in the record as well.
I too am grateful that you're holding these hearings because I think privacy is a very important issue and that we are going to hear more and more of it. I think it came to the attention of the public and to many in our regulatory bodies when "know-your-customer" regulations were proposed a year or so ago. And with a little bit of encouragement, there were over 500,000 comments sent to the Federal Reserve and the FDIC because these were regulations that were way over-stepping and ignoring the privacy of the individual.
I take a little different approach to the issue of privacy than others, but I think that there is a common thread among us that the solution is going to be found somewhere in dealing with the social security number, and for that reason, I am encouraged.
In 1974, the Privacy Act was written to combat some of the things the Bank Secrecy Act did in 1970. The Privacy Act was designed to say you cannot use the social security number as an identifier. But then, like so often in our legislation, later on in the bill it said that Congress can make use of the social security number any time they want; and we certainly have been doing that since then, and I think that is where the serious problem is.
But what I disagree with some of my friends who will write more legislation, I think there's a certain part of privacy that should be dealt with in the marketplace. For instance, I don't believe that Congress should write a law compelling the Sierra Club and the ACLU to deal with their memberships and have them fill out a form and get permission before they can rent lists or do anything because the more information they collect, the more likely it is that information will go to the government and then abused by possibly their political enemies. So I'm not in favor of more regulation. For instance, the bank bill that we passed last year said that the bank would have to ask questions about privacy -- again, accumulation of more material.
The real problem I see is the social security number -- the universal identifier. It is true. In the old days, medical privacy was taken care of much better, but now that we have government- mandated healthcare programs and health management, it's convenient for government to be more efficient. But the question is do we want to waive it. Can you always argue the case for efficient government and at the same time protect privacy? I think there's a conflict there, but our goal should be the privacy. The privacy should override the efficiency of government, and I think that sometimes is where we slip on this. And just providing new rules I think can be very damaging to us in that we shouldn't just ask these organizations to provide more forms to fill out because that invites abuse.
My bill, H.R. 220, addresses this, and this is where I'm hoping more of us can come together. And it does more or less state what the law in 1974 states, but it has the force of law that you cannot use the social security number as a universal identifier. It wasn't intended. We never even used social security numbers on our tax forms in the early 1960s, and there's no reason that we can't pass something like this.
If we're concerned about identity theft, the best thing we can do for those who steal identities is to have all our information brought together by a universal identifier. So the most important thing that we could do to stop identity theft is to make sure that there's a law on the books, that we live by it and that we do not have a universal identifier. It will be, and is, the social security number. It is universal.
I've delivered babies in my professional life; and it is true, in the last several years, we were required. Everybody was getting social security numbers before the baby left the hospital. Everybody wants to know everything about everything. And the most important way they accumulate this information and can find out information on us is the social security number.
So if it makes government a little less efficient, I think that might have to come about. I do not believe you can demand the efficiency that some people would like on government programs, at the same time say that we will protect our privacy. There will have to be a choice. Of course, my choice is for privacy, and my choice, of course, would be to pass H.R. 220, and there could be no universal identifier for any of our programs. And I thank the chairman.
REP. SHAW: Thank you, Mr. Paul.
I just have a couple questions that I'd like to direct, one to Mr. Kleczka and one to Mr. Paul.
Some of the witnesses on the next panel will testify that restricting the commercial use of social security numbers will seriously impeded their ability to do business. They will testify that such restrictions will harm consumers because the social security number is often used for law enforcement, fraud prevention and to provide services which consumers value.
How would you respond to these criticisms, and how does your bill ensure that consumers are not harmed by social security number restrictions?
REP. KLECZKA: Well, Mr. Chairman, first of all, I don't believe there's any basis for indicating that this will impede anyone's ability to do business.
We found in a GAO report that credit bureaus make tens of million dollars annually by selling credit and our information which contains a social security number.
What it's going to harm is their ability to increase the bottom line. And so my response to that argument would be, you can still check a consumer or a credit file for accuracy of name, address, phone number and past addresses. If that matches with the request that has just come in for a credit rating, you will still sell that information and send it on down.
By virtue of the fact that you're using it as a national I.D. number, which it was never intended to do--and no one in this room or no member of Congress will agree to that usage--I'm saying it's not something that we should try to maintain for their business purposes. In fact, the big harm to the consumers, Mr. Chairman, will be if Congress fails to do anything.
REP. SHAW: Okay. I thank you for that.
My next question is directed to Mr. Paul.
The American Association of Motor Vehicle Administrators will testify later that your bill, H.R. 220, will negatively impact on the ability of states to combat fraud and ensure public safety.
Would you like to respond to that criticism?
REP. PAUL: Well, I think the opposite would be true if you're interested in stopping the fraud of identity theft. Since the social security number being used as the universal identifier enhances the identity theft, I would say we would go a long way to stopping that.
I guess what they're referring to is the possibility of putting the social security number on our drivers licenses. That has been started, and that, of course, is what the individuals who like the national I.D. card would like. And even though I don't happen to believe it would impede the ability to combat fraud because it would stop the identity theft, I would be quite willing to say, even if there was the slightest benefit, it's still so dangerous to use a universal identifier, that our freedoms and our liberties and our privacies--I mean, if we had armed guards every place, of course, there may be less fraud and less theft, but we would be living in a police state; so there's an extreme there.
So this is just the introduction of the heavy hand of government monitoring us. Therefore, even if there can be a slight justification, I don't think it should be accepted. I don't believe that is the case because I think it would be a tremendous benefit to stop the identity theft.
REP. SHAW: Mr. Markey.
REP. MARKEY: Can I very briefly just say that I do agree with Representative Paul that we have to be very concerned about government misuse of private information within our society. But the big problem today is not Big Brother, it's "big browser." It's the ability, not only for the government, but for private sector companies to gather all this information, which would never have been able to be compiled before.
And while some industries say, "Well, you know, you're going to interfere with this revolution," and I think that's the greatest fear which we all have. But who would want to be somebody that's given responsibility for ending the Internet revolution? As though, by animating this revolution with all values, you are now going to ruin it.
My God, just think if Internet stuff had to be valued on the same basis as the old economy stuff? They might go down a couple thousands points. That would be terrible if they actually have profits, have a cash flow. You can't value stocks that way, they say. You're foolish. Are we going to prohibit fraud on line? Under their argument, no. That would actually interfere with their ability to get this thing going.
But right now we have rules that say that you can't transfer, as a tax preparer, somebody's private tax information without their permission; that you can't transfer drivers license information without their information. Because of Judge Bork, it's illegal to transfer any information about any videocassettes which you rent at a video store. It doesn't ruin their business, but it allows you to protect the information about the movies that you rented.
No cable company can sell the information about which channels you watch and for how long and what time in the middle of the night you might have flipped to that station and been watching that movie while everybody was upstairs asleep. They can't sell that information as to what you were watching to anybody.
People can't sell your telephone numbers at the phone company, even though it would make a lot of money for them. The cell phone industry can't use their cell phone as a tracker to sell to people as to where you go. That's illegal.
Now, again, it limits these industries, but it gives us some additional sense of privacy. And all we're saying about the social security number is that it falls into a category which deserves special protection not only from the government but also from any industry as well that sees us as nothing more than product.
REP. SHAW: If I am reading this panel right, I find Mr. Markey and Mr. Paul agree with each other.
REP. MARKEY: When the liberal left and the libertarian right join up, it doesn't leave a lot of room in the middle to find a compromise. (Laughter.) I think we're pretty much in agreement as to what has to happen in our country.
REP. SHAW: We'll have to put this down as a red letter day.
Mr. Tanner.
REP. JOHN TANNER (D-TN): Thank you, Mr. Chairman. I want to thank all of you for being here.
I really believe that this issue is a "sleeping John," that if people really stop to think about the potential ramifications of this problem, they'd be terrified. And it's our job--and I want to thank Chairman Shaw--to not only hold these hearings to educate but also to try to find the answers. And you all are here to help us do that, and we very, very much appreciate it.
I think that listening to you all the other day, that the appeal of the social security number is that it tends to give absolute assurance to whomever has asked for it that you're who you say you are. And it's ironic that this very attractive, appealing practice could be the very thing that gets us in trouble with that, and you're not who you say you are.
We heard a couple of days ago from Colonel Stevens. I don't know if you all who are not on the committee know Jerry and Jim were here. This is a heart-wrenching story.
This retired lieutenant colonel and his wife have had their identity stolen. They were looking forward to retirement in South Carolina or Florida with their grandchildren and so on; and now they can't leave this area because of recurrent credit problems and because, as far as they know, it may still be unfolding. Now, their lives, if not being ruined physically by ravaging illness, have been altered to the extent that their lifetime dreams of their golden years have become unreachable for them.
Not having heard them, but knowing of the circumstances that they and others find themselves in, I'd like to ask Mr. Kleczka and Dr. Paul, how does your bill help the situation that Colonel Stevens and his wife testified to?
REP. KLECZKA: Well, hopefully, Congressman Tanner, the bill would help the next Stevens case, where someone who is trying to steal someone's identity would not be permitted to do so because they won't have access to the social security number. So it would help for people in that similar situation by making it almost impossible to get one's social security number. And I think that's where we have to start with any bill that the Ways and Means Committee deals with.
Again, these numbers are disseminated not only through the websites on the Internet; our motor vehicle departments are selling them. The credit bureaus are selling them as part of the header information. And so a person who is out looking for John Tanner's social security number can probably with relative ease find it. And what we tried to do in my legislation is prohibit the sale, the commercial use of the social security number. And if, in fact, your bank has it, fine; but they can't sell the list nor do they. But we know the lists are being sold by such concerns like the Motor Vehicle Department.
Let me respond, at a point, to the response of Mr. Paul.
REP. TANNER: Does your legislation apply to Eddie Bauer and L.L. Bean and those people too?
REP. KLECZKA: Apply to who?
REP. TANNER: L.L. Bean and Eddie Bauer and people I do business with?
REP. KLECZKA: Right. But they're not the ones selling it. Usually, they might be buying information that could be contained on those lists.
But the state legislators are also getting the same pressures and hearing the same problems that we are; and as time goes by, less and less number of states are using the social security number as your drivers license number. In fact, if I am correct, I believe Virginia just passed legislation or stopped the use of that being on your drivers license. And so as time goes on, more and more states aren't going to be involved --
REP. TANNER: If you'll yield. Does your bill restrict the usage of the social security number by the states and local jurisdictions?
REP. KLECZKA: No, it doesn't. That's a state responsibility. My bill provides that they cannot sell that information. So if they sell a drivers license file, they cannot include on there, or leave on there, the social security number.
REP. PAUL: And, of course, I think that's very important that states not use these numbers for the sale of state information. But my bill I think would go a long way to stopping this kind of a problem because it says that you can't use the social security number for anything other than to identify your social security account. So it doesn't deal with the sale so much as it deals with trying to prevent the set-up.
So when we talk about commercial interest, it's the fact that we have, just like our voting card--I mean, we're lackadaisical about it, and we accept it. The same way with corporations. They use it as a convenience. It's convenience for corporations, it's convenience for everybody. And my bill says you can't use it in any other government agency. We can't universalize it and require it. Certainly, we would never be able to write the proposed law that says the states will use the social security number and have it universal as a universal I.D. card.
REP. TANNER: Am I correct then stating that your bill deals more with the gathering of the information, and Jerry's bill deals more with the dissemination?
REP. PAUL: I think so.
REP. TANNER: Is there a way to bring those two together? Because it seems to me both have appeal.
REP. PAUL: I think his problem would be lessened if my bill were passed, in that there would be no accumulation, and they would be less likely to have information to sell.
REP. TANNER: Not to disseminate, all right.
REP. KLECZKA: The problem is that those lists and those numbers are out there. So I think for today we need his bill; for yesterday we need mine to stop them.
REP. SHAW: Mr. Hayworth.
REP. J.D. HAYWORTH (R-AZ): Thank you, Mr. Chairman. And as the bells have rung with votes, I just have a couple of very quick questions, in addition to thanking our colleagues for coming down and offering their opinions on this.
I would concur with my colleagues here on the subcommittee. This is an issue of great concern, especially to the people of the Sixth District of Arizona.
First to our friend from Wisconsin, Mr. Kleczka.
Your bill as also been referred to the Committees on Banking and Financial Services and also the Committee on the Judiciary. What has been their reaction to your legislation?
REP. KLECZKA: I have not checked with the chairman. Naturally, they have not had a hearing up to date. Clearly, there is joint jurisdiction because for banking we deal with credit perils. We do have penalties in my bill. So whatever product this committee comes up with will have to be meshed with those other committees also.
REP. HAYWORTH: Have you heard anything from either committee about the plan of any action?
REP. KLECZKA: No, I've not. The last we heard was on our Financial Modernization Bill, that was the major, major issue this time around, where two years ago it wasn't even debated. That's how important this issue has become in a very short while.
REP. HAYWORTH: Yes, indeed. I concur. Thank you.
Now, I turn to my friend, Dr. Paul, from Texas.
Talking about the jurisdiction being shared, your bill has also been referred to the Committee on Government Reform. And I'd ask the same question. Have you got a reaction from the committee and has there been any action planned or taken by the Committee on Government Reform?
REP. PAUL: Well, I think Government Reform, if I'm not mistaken, has some hearings scheduled next week on it.
REP. HAYWORTH: Oh, good, okay. All right, very good.
I thank you, Mr. Chairman.
REP. SHAW: At this point, since Mr. Tanner brought up the name of Colonel Stevens, we did ask, and the representation had been made, that this was in some way some requirement in law for the social security number at the base commissaries. We made an inquiry to the Pentagon, and I'd like to read into the record the answer that we got.
The answer says that, "The Department of Defense directives governing commissaries and exchange do not require that the social security numbers be used for check-cashing purposes." So something has been misrepresented.
"The commissary and exchange services have adopted operating procedures that use the social security number for checking cashing verification since it identifies the authorized patron. The military I.D. uses a social security number as a service number."
And that we determined yesterday by just looking at Mr. Johnson's card. We may want to do some more inquiring into that particular area.
I have been advised that we have three votes on the floor. This panel would be dismissed, and I thank you. Each one of you gave some very fine testimony, and I find myself in agreement with just about everything that has been said. We will recess until the conclusion of that vote, and then we will return to hear our second panel. Thank you.
(Recess.)
REP. SHAW: The committee will come to order. The second panel, Mr. Stuart Pratt, vice president of Government Relations, Associated Credit Bureaus, Inc., Edmund Mierzwinski, Consumer Program Director, United States Public Interest Research Group; Katherine Burke Moore, chair, International Board of Directors, American Association of Motor Vehicle Administrators; Mare Rotenberg, executive director of Electronic Privacy Information Center; and Roberta Meyer, senior counsel, American Council of Life Insurers.
We welcome each of you. You will each have your full statement entered into the record, and you would proceed.
We start with you, Mr. Pratt.
MR. STUART PRATT: Thank you, Mr. Chairman and members of the subcommittee. My name is Stuart Pratt.
For the record, I'm vice president of the Government Relations for the Associated Credit Bureaus. An ACB, as we're commonly known, is an international trade association representing over 500 consumer information companies. And those companies provide fraud prevention and risk management products, credit and mortgage reports, tenant and employment screening services, check fraud and verification services as well as collection services.
And really, our members are an information infrastructure in our society here that contributes to the safety and soundness of our banking systems and does, in fact, escalate the efficiencies of our secondary mortgage securities marketplace which saves consumers as much as 200 basis points on the cost of mortgages, according to those agencies that administer those securities programs. We help e- commerce and bricks and mortars business to authenticate applicant data, reducing incidents of fraud; and we help state and federal agencies to reduce entitlement fraud of various types amongst other products that we offer.
We thank all of you on the committee for choosing to hold this hearing on such an important subject, the social security number, how it is used in our society, and, in fact, to expand our understanding and share our thoughts on the circumstances surrounding misuses of this number.
Before I specifically address how we in our industry do use the social security number, I've always found it helpful in this type of testimony to review a little bit about the industry we represent, the types of businesses we have, the laws that govern us, and this provides a bit of context I think for some of the testimony you've in fact heard up to this point.
Consumer reporting agencies do maintain information on individual consumer payment patterns associated with various types of credit obligations. Credit histories are derived from the voluntary provision of information about consumer payments on various types of credit accounts and other debts from thousands of data furnishers such as credit grantors, student loan guaranty and child support enforcement agencies. The consumer's file name also contain public record items such as bankruptcy filings, judgments or liens. For purposes of data accuracy, our members also maintain information on a consumer's full name, current and previous addresses, social security number and places of employment.
Perhaps as important as knowing what we have in our files, is also to often clarify what we don't have in a consumer's file. We don't know what consumers have purchased using credit. We don't know where they have shopped. We don't know which bank cards they have used. We don't have a record of when consumers have been approved or when consumers have been declined. We don't maintain medical treatment information and no bank account information of that sort, such as a balance on a checking account that's available in a traditional consumer report.
The law that governs this, the Fair Credit Reporting Act, was enacted in 1970 and was most recently amended in the 104th Congress with the passage of the Credit Reporting Reform Act. In fact, here at the table with us are some of the folks who lived through the years and years of debate on that, Ed in particular. We often spent a good amount of time talking about that law as we evolved it through the Congress, or I should say, several congresses at this point.
We believe the FCRA is an effective privacy statute that does protect consumers by narrowly limiting the appropriate uses of the consumer report. Beyond protecting privacy, the FCRA also accomplishes another very elemental goal of good privacy policy, and that is to ensure rights of consumers with regard to access, the right to dispute, the right to have information corrected in their file and the right to have a baseline expectation of accuracy. And, in fact, one of the advances under the FCRA is the fact that accuracy is now a responsibility and it is a shared liability for both the consumer reporting agency and also for the various data furnishers with whom we share information.
Let me turn to the question of how we use social security numbers which is more so the subject matter of our hearing today.
Under the FCRA, one our liabilities, as I've just said, is to employ reasonable procedures to ensure the maximum possible accuracy of the consumer report. We must design these systems based on exactly the data that has been requested on a specific individual; and we must accomplish this dual mission of accuracy and data extraction in the context of a highly mobile society.
There are some facts that I think are very important for this committee to consider. For example, about 16 percent of our nation's population moves each year, and that generally translates to about 42 million consumers a year moving from one location to another. Thus, addresses are changing for principal residences. About 2.4 million marriages and another 1.2 million divorces occur annually. This too result in not only addresses changing but also the last names of individuals changing in most cases. These data speak to the challenge our members face where identifying data often changes.
In light of the mobility of our society, the social security number does, in fact, play a very significant role in ensuring data quality. Where a consumer, for example, has changed the last name due to marriage or divorce, has moved to a new address, which is also very common in those cases, the SSN is the most stable identifying element we would have in the file. It helps us, first, to be able to identify the consumer's file with precision during this life transition where this consumer is very likely to be applying for new credit, perhaps for making new purchases for this new home that they're moving into, seeking approval for utilities, even, in fact, seeking approval for the loan that's going to allow them to purchase the residence itself.
The consumer expects to have that consumer report available even during this transitional period. Secondly, the consumer expects his or her file to be accurate. The SSN helps us to accomplish this goal of file accuracy in the midst of these cycles of change occurring with identifying information.
Beyond the FCRA, we produce a range of other products that I think it's important for this committee to consider. The social security number is a critical element in locator services. Our members do produce these types of services, and they are used by, for example, child support enforcement agencies to locate noncustodial parents; pension funds to locate beneficiaries; law enforcement for locating criminals and witnesses; and healthcare providers to locate individuals who have chosen not to pay their bills.
Most recently--and this is an advance in the area of privacy policy--our members have committed ourselves to another organization that they established voluntarily and negotiated with the Federal Trade Commission called the Individual Reference Services Group. And this has placed limitations on who should have access and in what context. And this, in fact, also applies to the social security number therein.
Yes, the social security number plays a role in fraud prevention for us as well. Where a consumer makes application for a product or service, it helps businesses to ensure they're doing business with the right consumer. These authentication or verification tools are other products that we do make available.
REP. SHAW: If you could, Mr. Pratt, kind of wind it down, so we can hear from the other panelists.
MR. PRATT: Absolutely.
REP. SHAW: Your full statement will be entered into the record.
MR. PRATT: Let me just suggest that in the area of fraud prevention, we've taken one additional step that I hope the committee will consider. And that is, in March 14th of this year we added new voluntary initiatives to our own practices to help the very situation of the victims you heard in the last round of testimony. Those are in the record for you to review. And, in fact, we've launched new software systems--and we'll bring those on line this year--to monitor consumers' files and make sure we stay in touch with consumers who have been victimized.
And in conclusion, let me urge a message which I've seen in the press releases associated with this committee, and that is, it's a question of balance. It's a question of maintaining viably the kinds of valued program that we have that are tied with information products and at the same time ensuring the appropriate protections for the very sensitive social security number. And I thank you for giving us this opportunity to testify.
REP. SHAW: Thank you, sir.
Mr. Mierzwinski.
MR. EDMUND MIERZWINSKI: Mr. Chairman, members of the committee, I'm Ed Mierzwinski. I'm consumer program director with the Public Interest Research Group. The state PIRGs are consumer and environmental and good government reform groups active around the country. U.S. PIRGs serves as their national lobbying office.
I'm pleased to be here today to talk about the critical issues of misuse of the social security number and how that contributes to identity theft.
Just last week, the California Public Interest Research Group and another organization, the Privacy Rights Clearinghouse--two of the leading organizations that work with identity theft victims, such as Colonel and Mary Elizabeth Stevens, the witnesses from Tuesday's hearing--released a new report based on a survey of identity theft victims and the problems that they go through.
We found that the average victim has a basic number of losses. I think the Stevens is over $
100,000, the average victim around $
18,000 or so, and spends 175 hours trying to solve their problem. So we think identity theft is a very serious problem that the committee and the Congress need to continue to work with, and the report, Nowhere To Turn, documents a strong platform for identity theft solutions.
One of the most important parts of that platform is to close something that we call the "credit header loophole," and both Congressman Kleczka's bill and a similar piece of legislation by Representative Hooley of Oregon would close that loophole.
Who wants access to your credit header? Which is a product sold by the credit bureaus outside of the protection of the Fair Credit Reporting Act. First, identity thieves want your credit header, and it's easy for them to get it.
Just this week, I appeared on a Fox TV news broadcast where I assisted the reporter--who actually found it was quite easy to do himself--in obtaining the social security number of his boss with his boss' permission. He was then able to apply for credit in his boss' name. And, by the way, he has received credit from at least one bank. One person spent about $
49 to use a locator service on the Internet. He obtained a social security number of someone that he knew, and he was then able to get credit in their name. That's how easy it is. That's how scary it is.
The other kind of person who wants to get access to you through these locator services--through these credit headers that include, by the way, your social security number and other sensitive information-- are stalkers. And it has been widely reported recently about the tragic death of Amy Boyer in New Hampshire. And her stalker, a jilted grammar school acquaintance, tracked her down through a locator service on the Internet.
We believe that in 1993, when the Federal Trade Commission said that credit headers which contain your name, address, social security number, telephone number and other pieces of information that are not actually associated with your credit lines are not part of the credit report, and therefore, exempt from the protection of the act, that the Federal Trade Commission made a serious mistake. And that is one of the easiest ways for identity thieves to obtain information on the Internet about your social security number -- to use a pretext to obtain your credit header.
So we would urge the committee to take a hard look at Mr. Kleczka's bill, which includes, by the way, several other important provisions to prevent the misuse of social security numbers. But I think the most important one is to clear up the problem caused when the Federal Trade Commission said that your social security number and your name and your address are not part of your credit report; therefore, the credit bureaus can sell them.
Now they sell them to these companies. Many of the companies are part of this industry self-regulatory association called the IRSG, as Mr. Pratt described. In our view, the IRSG principles do not meet what we call fair information practices designed to protect the uses of information. Even the Federal Trade Commission when it agreed to the IRSG experiment, said the IRSG needed to go further than it has. The IRSG has not made public its assessments or audits of its members uses of the information, and I believe that was one of the principles that they promised the Federal Trade Commission back when they were founded. So I would encourage the committee to look into the IRSG.
What other actions would protect social security numbers from misuse? I think there are a number, and I will associate myself with the remarks of Mr. Rotenberg, who will go into some other details on how to protect the social security number.
In conclusion, I would like to thank the committee for the opportunity to talk about this very important problem of the misuse of social security number and, again, urge you to take action to protect identity thieves. It's one of the fastest growing crimes out there, 500,000 to 700,000 complaints a year. Probably the most significant step we could take is to limit access to social security numbers indiscriminately. Thank you.
REP. SHAW: Thank you.
Ms. Moore.
MS. KATHERINE BURKE MOORE: Yes. Good afternoon, Mr. Chairman and members of the subcommittee. My name is Katherine Burke Moore. I serve as a chair of the American Association of Motor Vehicle Administrators, as the deputy director in the Department of Public Safety for the state of Minnesota.
AMVA is a voluntary association representing the motor vehicle administrators and chief law enforcement officials in North America. Our members administer the laws that govern motor vehicle operations, the driver credentialing process and highway safety enforcement. I appreciate the opportunity to brief the subcommittee on the use of the SSN by our members.
The use of the SSN for drivers license issuance and for motor vehicle registration was authorized in 1976 in Section 505 of Title 42 U.S. Code. This authorization was specifically for the purpose of establishing the identification of individuals. Congress has consistently used this authority to mandate that state DMVs carry out a whole host of federal objectives.
As you may know, H.R. 220, entered as early in the 106th Congress, seeks to repeal this authority. Passage of H.R. 220 as currently written will severely impact motor vehicle and law enforcement communities' ability to combat fraud and ensure public safety.
The other federal mandates that DMVs currently work under will be in direct conflict of H.R. 220. Some of those mandates include the Welfare Reform Act, the Illegal Immigration Reform Act and the Commercial Motor Vehicle Safety Act of 1986 or CMVSA. Details of these mandates are included in our written testimony.
When the SSN is obtained in conjunction with name, date of birth and gender, DMVs can positively identify a person on an agency's driving record. This helps to minimize the possibility that erroneous information such as accident or conviction will be placed on the wrong person's driving record or that a license will be issued to someone who is not qualified to obtain one.
Today, DMVs maintain the driver history of more than 200 million vehicle operators in the U.S. alone. AMVA believes that the use of the SSN as a unique identifier is necessary to maintain accurate record and to prevent harm to individuals and businesses as a result of misuse of official credentials. These credentials include not only documents such as drivers licenses that are widely used for everyone for personal identification but documents that evidence ownership and other property interest in motor vehicles such as registration and titles.
The SSN also is used as a common identifier to facilitate electronic data exchange among DMVs and other authorized users. Without an effective way to ensure data is correctly applied to the right driving record, useful data exchange will be compromised. The tendency today, particularly with driving record information, is to institute an even greater exchange of driver history to enhance public safety.
The recently passed Motor Carrier Safety Improvement Act of 199 mandates that the courts share commercial driver convictions with DMVs regardless of whether the violation occurred in a commercial vehicle of passenger vehicle. The CMVSA mandated the creation of the commercial drivers license information system, or CDLIS, to provide the electronic means to share commercial driver histories among states and other authorized users. The CMVSA also mandates that the SSN be used as a unique identifier for commercial driving record in CDLIS. All 51 U.S. jurisdictions operate CDLIS. All collect the SSN for commercial drivers as the federal law requires.
AMVA has long supported the "one driver-one license" concept to encourage Congress to support the establishment of the driver record information verification system. This system will enable DMVs to verify a driver does not have more than one license.
Until we are able to query such a system prior to initial issuance or renewal of a license, deceptive practice of obtaining multiple licenses who unlawfully distribute citations and violations will continue. Without a standardized unique identifier, the ability to electronically transfer driver record information will fail. To assist states in the I.D. verification process, AMVA's subsidiary, AMVA Net provides an electronic data exchange application through the social security online verification system. This online support allows the DMV to instantly verify an individual's SSN during the driver's license issuance or renewal process.
In recent years, the public's concern about
privacy of personal information
on their driving record has caused many jurisdictions to change their policies about displaying the SSN on the license. Today, 49 states either do not display the SSN or give the public the option of using a state-issued identifier. However, the SSN remains an important identifier for record-holder verification. The Driver Privacy Protection Act also forbids and prohibits the sale and disclosure of the SSN that is collected by the DMVs.
In closing, I want to reiterate the important for using the SSN for drivers licensing. The public safety benefits of SSN use are numerous and far outweigh any potential disadvantages. We urge the Congress to consider these public safety uses and not restrict the motor vehicle and law enforcement community from utilizing the SSN as a unique identifier for the millions of driver records we administer.
I appreciate the opportunity to testify and will answer questions at the appropriate time.
REP. SHAW: Thank you, Ms. Moore.
Mr. Rotenberg.
MR. MARC ROTENBERG: Mr. Chairman, Mr. Tanner, members of the committee, thank you very much for the opportunity to testify this afternoon. I am the director of the Electronic Privacy Information Center. I'm also an adjunct professor at Georgetown. I've taught privacy law for 10 years and was involved in two of the leading privacy cases involving the use of the social security number. I want to thank you for holding the hearing this week. I think this is an issue obviously of great concern to many Americans.
I'm here mostly to tell you that I think efforts to establish privacy safeguards for the collection and use of the social security number are completely consistent with the tradition of U.S. law both in Congress and also in the courts.
As you know, in 1936 when the nine digit number was created, it was solely for the purpose of administering social security benefits. Now that purpose was expanded in 1961 when the SSN became a taxpayer identification number. But when the government looked closely at the issue of social security number use in the early 1970s and issued this very important report called Records, Computers and the Rights of Citizens--this was from the Department of Health, Education and Welfare--many of the concerns that you're hearing today were described and addressed in that report more than 25 years ago -- the risk of profiling, of identity theft, the dangers of building these big computer databases tied to the social security number. And that report specifically recommended a prohibition on the use of the social security number for promotional or commercial purposes.
Now, Congress the following year didn't go quite so far as to prohibit the use of the SSN for these other purposes, but it did establish a very important privacy provision in the '74 Privacy Act. And it said that any federal or state agency that was collecting this number had to make clear whether that collection was mandatory or voluntary, how the SSN would be used and what the statutory authority was for the collection of the social security number.
Congress also said that no person should be denied a right or privilege for their decision not to provide a social security number. And I think it was clearly the intent to do everything short of prohibition to limit the use of the SSN as much as possible.
Now it's certainly the case that since 1974 there's been an expanded use of the social security number, both in the public sector and in the private sector, and some of those benefits have been described for you today. But I'd also like to describe for you the views of at least two of the courts that have looked recently at the social security number and concluded, as Congress did back in 1974, that this is a very important privacy matter.
For example, Mark Alan Gridinger (ph), who went to register to vote in the state of Virginia back in 1992, refused to provide his social security number when he learned that that number would be published in the state voting rolls. And even though the district court said that the state had the right to collect the SSN and use it in this fashion, the Federal Appeals Court eventually concluded that it was an unreasonable burden on the right to vote to collect a social security number for that purpose; and Mr. Gridinger was free to vote in the state of Virginia. The state was required to change its practices because of the important privacy issues associated with the SSN.
The Ohio Supreme Court even more recently said, even where you have an open record statute, "You cannot compel the disclosure of the SSNs of state employees. The benefit is too small and the risk to privacy would be too great."
So I believe there is plenty of support, both on the legislative side and the judicial side, to support the proposals that were put before the committee today. I'd also like to suggest to you, that while legislation limiting the use of the social security number won't solve all of the identification problems we face today, I think it would certainly put us on the right track going forward, particularly with this new technology and with the Internet. Because as you may be aware of, people using the Internet today, both the technical experts and the consumers, are very much concerned about the protection of their privacy.
And when Intel, the world's largest manufacturer of computer chips, proposed to put a unique processor serial number in their new chips--this number would be just like a social security number that literally burned into the micro ship--there was such a protest that Intel had to back off that plan, and announced just recently that their new chips would not contain these social security-like numbers for computers.
So this is a good development, but at the same time we're going to face new challenges, new forms of identification and new threats to privacy. And so, for that reason I think it's very important that Congress take this opportunity, when there is the public support in place, this clear legislative tradition and this clear judicial tradition, to support those important safeguards that protect the privacy interest of American citizens. And I thank you again for the chance to testify and would be pleased to answer your questions.
REP. SHAW: Thank you.
Ms. Meyer.
MS. ROBERTA MEYER: Thank you, Mr. Chairman. I am Robbie Meyer, and I am pleased to be here today on the behalf of the American Council of Life Insurers, the ACLI, to testify about the way in which life, disability income and long-term insurers use consumers' personal information, including their social security numbers. And to tell you about our position relative to the maintenance of the confidentiality of that information.
ACLI member companies are strongly committed to the principle that individuals have a legitimate interest in the proper collection and handling of their personal information, and that insurers have an obligation to ensure individuals of the confidentiality of that information.
However, our member companies recognize that consumers do have special concerns about the confidentiality of medical information. So the ACLI board of directors have developed two separate policies dealing with confidentiality -- one, in relation to the confidentiality of medical information and the other with respect to the confidentiality of nonpublic, personal information. Social security numbers would fall into the category of nonpublic, personal information.
In developing our policy principles in relation to nonpublic, personal information, which would include social security numbers, we sought to balance consumers' desire and legitimate privacy concerns with their concerns for efficient and prompt service and innovative products. Consequently, our principles reflect our support for requirements that financial institutions, including insurers, develop privacy policies and procedures designed to protect the confidentiality as well as the security of consumers' nonpublic, personal information. But at the same time, our principles reflect our fundamental need to use consumers' personal information, including their social security number, in order to, in fact, administer and carry out our obligations under our insurance contracts with our customers.
The ACLI strongly supports the privacy protections in Title V of the recently enacted Financial Services Modernization Bill, the Gramm- Leach-Bliley Act. Title V subjects financial institutions, again, including all insurers, to one of the most extensive laws relating to privacy regulation that has ever been enacted in the United States. As a result of this law, consumers doing business with financial institutions will now have clear, comprehensive and rigorous
privacy
protections with respect to nonpublic,
personal information,
again, including social security numbers. This new law also is carefully constructed again to balance consumers' needs to have their privacy protected with the benefits that they obtain from certain uses of that information by financial institutions.
Insurance companies must use and share customers' personal financial information, including, again, their social security numbers, in order to perform legitimate, essential insurance business functions. In other words, they have to use this information in order to underwrite applications for coverage, to administer and service our existing contracts and to perform related product and service functions.
I'd like to give you a few examples of how insurance companies actually use social security numbers now.
They're used by insurers to find missing or lost policyholders so that they can pay them death benefits that they are obligated to pay under existing contracts. Social security numbers are used to identify policies for policyholders who may have lost their account numbers. Insurers use social security numbers in their call centers in order to authenticate the individuals who call in for information. Social security numbers are used by insurers to help make it possible to transfer assets from one financial institution to another upon the request of our customers. We use social security numbers as PIN numbers so that our customers can do business on line. We use them in connection with our employee group insurance so that individuals can use payroll deduction plans to pay for their coverage. We are also required to make a number of disclosures to state insurance departments for their regulatory oversight of insurers and, as required by the federal government, such as to the Internal Revenue Service, in order to report certain payments to our customers.
Mr. Chairman, the ACLI would like to thank you for this opportunity to testify, and thank you for calling this hearing. Life, disability income and long-term care insurers have a long history of dealing with highly sensitive, very personal information. We are very proud of our history in dealing with this information. We, again, recognize, however, that consumers have a very legitimate interest in the way in which we handle this information, and that we have an obligation to them to assure them of the confidentiality of that information. Thank you.
REP. SHAW: Thank you. I have a couple questions that I'd like to ask the entire panel.
We just heard some legislative proposals--and I believe all of you were here--that would restrict the use of the social security numbers. Some proposals, such as Dr. Paul's bill, would restrict the use of social security numbers by government agencies. Others, like Mr. Kleczka's proposal, would restrict commercial use, sale and exchange of social security numbers unless the entity has the customer's written consent.
Do you support these proposals? And for those of you who oppose the proposals, can you tell us specifically provisions you oppose and what improvements can be made?
MR. PRATT: Our concern is a general concern. And let me respond in two ways.
With Congressman Paul's proposal, if it were to remove the use of the social security number from, say, public records, this means that we would have a more difficult time putting a tax lien into a consumer report that would be used by credit grantors for safety and soundness or noting a bankruptcy.
So I think part of the question is the devil of the details. Does this mean the social security number's completely removed from many different public domains or is it just more controlled or more limited? I haven't actually read the entirety of the congressman's proposal to respond more specifically than that.
But Congressman Kleczka's proposal in removing the social security number from the commercial domain--and he's mentioned this several times--one point I'd like to bring up that we've mentioned already is, outside of the Fair Credit Reporting Act, which certainly governs and limits, otherwise, our use of information, including the social security number, we have established ourselves through the Individual Reference Services Group to further limit the disclosure of that information called header information. It's identifying information. And that's the way that we have attempted to respond to the policy and to try and restrain and balance the benefits that we think are out there societally for this time of data and at the same to acknowledge I think what's been said by a number of my co- panelists. And that is, this is not a number that should be out there in the general marketplace for all purposes.
MR. MIERZWINSKI: Mr. Chairman, U.S. PIRG supports the Credit Header Loophole Bill, Mr. Kleczka's bill. We also have an official position on Mr. Markey's bill on financial privacy to close the loopholes in Title V of the Gramm-Leach-Bliley Act. The other three specific bills before the committee we support in principle, but our board has not yet taken a formal position on them.
REP. SHAW: Ms. Moore.
If any of you all want me to repeat the question, I'd be glad to do it.
MS. MOORE: I think I have it.
REP. SHAW: Okay, go ahead.
MS. MOORE: H.R. 1450, Congressman Kleczka's bill, doesn't really affect the DMVs because the Driver Privacy Protection Act forbids sale and distribution of the social security number by DMS. So that makes that issue moot for the DMVs.
H.R. 220 does impact the motor vehicle agencies, and we have our concerns as far as use of the SSN has become the unique identifier for exchanging information into the CDLIS system -- the 9 million commercial drivers that we track through there. The primary concerns would be the inability to electronically transfer driver history records between jurisdictions, the costs states would have to incur to modify the computer systems and, utmost, increase in fraud due to the inability to verify our drivers.
MR. ROTENBERG: Mr. Chairman, let me say just as a matter of U.S. privacy law, I think it is very consistent with the original purpose of the social security number, which is that it would be used solely to administer the benefits of the program, as well as the language in the '74 Privacy Act, to support the proposals that have been forward today.
I should also point out, in a very recent opinion from the U.S. Supreme Court, the opinion upholding the Drivers Privacy Protection Act, even after it had been challenged in several of the states, the court made quite clear that to the extent that personal information is being sold in interstate commerce, then it clearly could be regulated by the Congress. So I don't think there's any question, particularly where you have services that are literally selling a person's social security number and enabling identity theft and other problems, that that would be appropriate legislation and that it would be upheld by the courts.
REP. SHAW: I believe we had information last Tuesday about who owns those numbers. And I think that the testimony that we have says that the numbers are, indeed, the property of the federal government. We haven't researched that ourselves--at least I don't believe we have--but if those numbers are the property of the United States government, or the Social Security Administration, then we certainly would have the right to regulate how they are used or how they are distributed.
Ms. Meyer, you answered the question. You mentioned in your testimony that social security numbers are useful in the administration and service of the accounts. I have great doubt about that, except when you got to the point of reporting earnings to the Internal Revenue Service, then your point would be well taken in that area. But the other areas that you've mentioned, I doubt that that is actually needed. You can go through the policy number and everything else.
But I'm particularly curious in your situation, if I were to want to buy a life insurance policy, and I said, no, I don't want to give you my social security number, would it be then that the salesman would say, well, then you're not going to get this life insurance policy?
MS. MEYER: That's a --
REP. SHAW: Is that a truthful statement? Can you buy life insurance without divulging your social security number?
MS. MEYER: To my knowledge, social security numbers--and I would have to check this and see if that information is not required information, but I will confirm that.
I think the concern is that it's so integral to--because of the list of its services or different things that we use it for, it's so integral to our ability to provide products and services to our customers that it would be very difficult for us to do lots of things for that individual --
REP. SHAW: Why? Why?
MS. MEYER: -- that we couldn't do otherwise.
REP. SHAW: Why?
MS. MEYER: Well, for example, I am told by our member companies that in underwriting an application for a life insurance policy, for example, it is often very important that we obtain medical information in order to determine the rate at which we should insure the individual. Often, we have to get information from doctors and hospitals relative to the individual's medical condition. We're told that in some circumstances doctors and hospitals won't release that information to us unless we have the individual's social security number.
REP. SHAW: Well, you have to get a consent form signed by that individual anyway, don't you?
MS. MEYER: Absolutely. We do get a consent form to get that information for purposes of underwriting. However, as I said before, there are a number of other purposes that we use the social security number for in order to administer the contract.
One problem we've got is we've got literally millions of contracts out there with social security numbers that are part of the file. So if someone would then revoke our ability to use the social security numbers, then we would literally have to go through millions of files to delete the social security numbers out of the file.
So we have problems both from a practical standpoint of getting information. I understand that there are still some states that require use of social security numbers to get motor vehicle information that we would need to investigate applications for coverage as well. So we'd have problems getting information. Plus, I'm told that we use these social security numbers in our call service centers to make sure that we're giving out information to the correct individual to help them locate policies that they may have lost.
So we both need it to get information as well as to perform service functions. I'm told that state insurance departments use social security numbers to help people identify coverage also that they may not be aware of. So I think that the use of the numbers as identifiers to be sure that we're getting information to the correct individuals and also to help consumers is built into the system right now.
REP. SHAW: Is your industry in any way prohibited from selling that information or sharing it with under agencies?
MS. MEYER: Right now, our industry is now subject to the rules of Title V of the Gramm-Leach-Bliley Act. That would include, in our view, social security numbers within the definition of nonpublic, personal information, which would mean that we could not share, which would include selling, information with a nonaffiliated third party without giving the individual the opportunity--telling and giving them notice of what we are doing and also the opportunity to opt out, except, if the sharing fell within one of the stated exceptions of the Gramm-Leach-Bliley Act.
REP. SHAW: Speaking of that act, you have the ability to share, sell, transfer personal information to third parties who are not regulated by these laws. How is this information protected once it is sold or transferred to third parties?
MS. MEYER: Well, actually, Title V does place restrictions on third parties who receive information from us. So we would not be able to share--or those third parties would be subject to the provisions of Title V that say that, "a third party recipient of the information cannot use the information in any way in which the financial institution could not use it." So a third party recipient would be subject to the same constraints as the financial institution, as I understand the law.
REP. SHAW: Mr. Tanner.
REP. JOHN D. TANNER (D-TN): Thank you very much, Mr. Chairman. I wish we had more time. This is a fascinating discussion. And in the interest of time, I'm going to read all of your statements.
But I want to ask Mr. Pratt, a couple of days ago, Colonel Stevens testified that, notwithstanding his best efforts to notify various credit bureaus that this was fraudulent activity on his social security number, he testified that every four to six months, it was recycled and reappeared.
What, if anything, is your organization doing to stop that, and don't you feel that there is some obligation to verify the information, and this repeated publication, knowing it to be false--or someone knowing it to be false--is maybe legally actionable?
MR. PRATT: Congressman, I think part of the response is found in the--we agree with you that we need to be doing more in the area of helping victims of identity theft. And I think that's thematically something you'll hear across the board.
The initiatives that we announced in March were really also then announced at the Identity Theft Summit where we presented those, and that was the summit sponsored by the Treasury Department, along with other agencies, Secret Service and so on.
One of areas of response is to acknowledge that very problem of information showing back up in the file. Part of the answer's found in the Fair Credit Reporting Act. Under the '96 amendments, if data goes back into the file, we're obligated to send a letter to the consumer, asking them to confirm the information if it does go back in. And that's part of the accuracy standard that we have to live by.
Part of the step is a new software product that we're going to launch this year because it is true; that when you hear consumers who says I've been a victim of identity theft, it appears to go on and on and on. And the way the FCRA is structured, at a point in time we have to reinvestigate and take care of the problems on the file, and there's a limited time frame in which to do that. But the question is, what do you after that file's been brought whole? Is that it, is the crime over or does it go on?
In our estimation we have another responsibility, and that's responsibility we put into our voluntary initiatives. We're going to keep track of that file. We're going to look at file activity. We're going to notify consumers of unusual activity in that file to make sure that we stay in touch with that consumer to keep information from, if you will, polluting the consumer's credit history on a long- term basis.
So we think we're tracking in the right direction to try to build the right technologies in place and to create a better linkage between us and the consumer not just between us and the credit granter. So that's part of our response.
MR. MIERZWINSKI: Congressman, could I add briefly to that?
The U.S. PIRG believes that some of the steps that the credit bureaus are taking are good first steps. But I just want to point out that some of the problems are not the credit bureaus' fault, and I'm not totally agreeing that the credit bureaus shouldn't be blamed for part of this, of course.
MR. PRATT: But I am writing this down.
MR. MIERZWINSKI: But he is writing this down.
We feel, and other privacy groups feel, that part of the blame has to be laid at the feet of the banks, department stores and other creditors that, in fact, issue credit without adequately verifying that the consumer is the actual consumer. And they'll often, even though there is perhaps a fraud flag on a report, issue credit. And we think that that's part of the problem that Congress needs to look into in strengthening the Identity Theft Deterrence Act of 1998. So it's the credit bureaus and the creditors who we think are both part of the problem.
MR. PRATT: Part of our effort, Congressman, was to in fact launch a better program to make sure our customers in partnership with us understand the security alert--this alert that Mr. Mierzwinski is referencing--and to make sure they know where to look for it in the, if you will, the data transmission and how to then respond to it.
We also have products that have been brought on line which notify our customers where there's differences in incoming applicant data and the data we have on file. As I said in the testimony, there's 42 million consumers who move every year. Clearly, some of the address change activity on the file is legitimate. One of the products we have informs our customers though that, in fact, there's a difference between what you've sent us, to some extent, and what we have on file. And this is another way for us to partner with our customers and to cue them that something is different about the data, giving them that opportunity to investigate it further.
REP. TANNER: I have some more questions, but at this time, Mr. Chairman, I've got to go. Thank you. Thank all of you.
REP. SHAW: I'd like to just raise one more question with you, Mr. Pratt. And that is the question of, what good is it, or what usefulness is it, to have your social security number put on the back of a check when you're cashing the check? You heard Mr. Kleczka said that he gave one to Toys R Us, and he made up the social security number because he didn't want to put it on there.
What good is that?
MR. PRATT: Well, I can answer that in part because our trade association does represent some companies that produces a specific type of FCRA-governed database, generically called a check services database.
Check fraud is an enormous problem in this country. It always has been for many, many years, and it continues to be a problem. One way for us to cross-check and provide products for retailer to make sure that they've minimized, or a grocery store to minimize check fraud, to use that number, at least in this case, for a matching purpose to make sure that we're matching back into this check database to determine whether or not we've had fraudulent --
REP. SHAW: At what point is the match made?
MR. PRATT: Well, for us the match would be made between the point-of-sale terminal, which is the register as we used to call it, and the system that we have in place, which could be anywhere of the country in just a resident database. Why it's written on the check versus just simply entered in, if you will, to use as a match, I really can't deal with that element of it. I don't if that's more of a retail question that might have to be addressed. For us, it's a matching question.
REP. SHAW: Well, you mean this matching is done while the customer is still standing there at the register?
MR. PRATT: Yes, sir.
REP. SHAW: And they need their social security number in order to do that?
MR. PRATT: That would be one element of how we would be able to make sure that we're not, first of all, falsely registering and saying, this consumer's check shouldn't be processed, if you will. So it's a more precise way for us to achieve the match, make sure that we deliver accurately. And one of the standards under the Fair Credit Reporting Act is to make sure that we match the request for information with the correct record internally. In most cases, with a check database of this type, the record's going to come back "no record found," meaning the majority of citizens are not bouncing checks or having a problem with check fraud.
So that's one of the ways that we reduce the problem of consumers being inconvenienced--
REP. SHAW: Well, what does a cashier do? How do they transmit that number while they're in the check-out line?
MR. PRATT: That number's entered in at the register, I believe.
REP. SHAW: They enter the social security number instead of the name and bank?
MR. PRATT: Well, that might be one way for us to check, but there might be other fraudulent accounts that are not listed under that bank name. So these databases cross-check name and information against other accounts to make sure we're not opening up or processing an additional check against an account which has already been registered as opened fraudulently.
I don't think I've made sense. In other words, if I were a criminal, and I was perpetrating bank fraud, if you will, by opening up falsified checking accounts--there might be more than one checking account in play--and so as one checking account becomes designated as fraudulent and is registered, I might want to try to flip, if you will, to the next checking account I've opened up in order to perpetrate the crime all over again.
So in order to reduce the instance of that type of check fraud, these databases can cross-check and check --
REP. SHAW: But when I open a checking account, they'll get my social security number.
But they just ask me to give it to them; they don't ask to see a social security card or any type of investigation that has a social security number on it. So if I wanted to get involved in that, just borrow somebody else's social security number and put it in there.
MR. PRATT: In terms of what the security procedures are with the lending institution, it's harder for me to answer that part of the question.
REP. SHAW: Do they verify that they got the right social security number?
MR. PRATT: I believe they do, but again, I think there's others who might be better able to respond to that part.
REP. SHAW: How do they do that? Can I get in touch with the Social Security Administration and say, this is John Doe? Is his number is such and such?
MR. PRATT: I don't think the Social Security Administration allows private industry to do that.
REP. SHAW: I hope not. I hope not. So how do they verify that they have the right number?
MR. PRATT: One way is to access a consumer report to determine whether or not it matches against a consumer report.
REP. SHAW: So the consumer report has the social security number on it. Where did this consumer report get the number?
MR. PRATT: These numbers are added into the system based on applicant data coming in from--and the regular cycle of data reporting into the consumer reporting system. The social security number is often an element of the information we receive from our what are called data furnishers.
REP. SHAW: But if that name and social security number isn't in your database, then they put it in the database, and all of a sudden, they're in there with that number that's fraudulent.
MR. PRATT: Well, certainly one of the problems with identity theft is that it can result inaccurate, fraudulent information being loaded into the system. In this case, we don't keep checking account information, so that wouldn't be in the system. But it is true; one of our challenges is to keep the fraudulent data out and to keep the accurate, correct information in.
REP. SHAW: Okay. Well, thank you all for being here. We've got our work cut out for us, that's for sure.
I have two things, I'm told, for the record, two inserts -- the opening statement of Mr. Matsui--which I had already said that all the members would have an opening statement--and a letter from the Social Security administrator inspector general, supporting the Kleczka bill.
Thank you again, and we appreciate your attendance and your testimony. And this hearing is adjourned.
END
LOAD-DATE:
May 16, 2000
Document 108 of 261.
Search Terms: personal w/5 information w/5 privacy, House or Senate or Joint
To narrow your search, please enter a word or phrase:
Copyright © 2002, LEXIS-NEXIS®, a division of Reed Elsevier Inc. All Rights Reserved.
