[House Hearing, 107 Congress] [From the U.S. Government Publishing Office] PRESERVING THE INTEGRITY OF SOCIAL SECURITY NUMBERS AND PREVENTING THEIR MISUSE BY TERRORISTS AND IDENTITY THIEVES ======================================================================= JOINT HEARING before the SUBCOMMITTEE ON SOCIAL SECURITY of the COMMITTEE ON WAYS AND MEANS and the SUBCOMMITTEE ON IMMIGRATION, BORDER SECURITY, AND CLAIMS of the COMMITTEE ON THE JUDICIARY of the HOUSE OF REPRESENTATIVES ONE HUNDRED SEVENTH CONGRESS SECOND SESSION __________ SEPTEMBER 19, 2002 __________ Serial No. 107-81 (Committee on Ways and Means) Serial No. 102 (Committee on the Judiciary) __________ Printed for the use of the Committee on Ways and Means and the Committee on the Judiciary U.S. GOVERNMENT PRINTING OFFICE 84-170 WASHINGTON : 2003 ___________________________________________________________________________ For Sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512-1800 Fax: (202) 512-2250 Mail: Stop SSOP, Washington, DC 20402-0001 COMMITTEE ON WAYS AND MEANS BILL THOMAS, California, Chairman PHILIP M. CRANE, Illinois CHARLES B. RANGEL, New York E. CLAY SHAW, Jr., Florida FORTNEY PETE STARK, California NANCY L. JOHNSON, Connecticut ROBERT T. MATSUI, California AMO HOUGHTON, New York WILLIAM J. COYNE, Pennsylvania WALLY HERGER, California SANDER M. LEVIN, Michigan JIM McCRERY, Louisiana BENJAMIN L. CARDIN, Maryland DAVE CAMP, Michigan JIM McDERMOTT, Washington JIM RAMSTAD, Minnesota GERALD D. KLECZKA, Wisconsin JIM NUSSLE, Iowa JOHN LEWIS, Georgia SAM JOHNSON, Texas RICHARD E. NEAL, Massachusetts JENNIFER DUNN, Washington MICHAEL R. McNULTY, New York MAC COLLINS, Georgia WILLIAM J. JEFFERSON, Louisiana ROB PORTMAN, Ohio JOHN S. TANNER, Tennessee PHIL ENGLISH, Pennsylvania XAVIER BECERRA, California WES WATKINS, Oklahoma KAREN L. THURMAN, Florida J.D. HAYWORTH, Arizona LLOYD DOGGETT, Texas JERRY WELLER, Illinois EARL POMEROY, North Dakota KENNY C. HULSHOF, Missouri SCOTT McINNIS, Colorado RON LEWIS, Kentucky MARK FOLEY, Florida KEVIN BRADY, Texas PAUL RYAN, Wisconsin Allison Giles, Chief of Staff Janice Mays, Minority Chief Counsel ______ Subcommittee on Social Security E. CLAY SHAW, Jr., Florida, Chairman SAM JOHNSON, Texas ROBERT T. MATSUI, California MAC COLLINS, Georgia LLOYD DOGGETT, Texas J.D. HAYWORTH, Arizona BENJAMIN L. CARDIN, Maryland KENNY C. HULSHOF, Missouri EARL POMEROY, North Dakota RON LEWIS, Kentucky XAVIER BECERRA, California KEVIN BRADY, Texas PAUL RYAN, Wisconsin COMMITTEE ON THE JUDICIARY F. JAMES SENSENBRENNER, Jr., Wisconsin, Chairman HENRY J. HYDE, Illinois JOHN CONYERS, Jr., Michigan GEORGE W. GEKAS, Pennsylvania BARNEY FRANK, Massachusetts HOWARD COBLE, North Carolina HOWARD L. BERMAN, California LAMAR SMITH, Texas RICK BOUCHER, Virginia ELTON GALLEGLY, California JERROLD NADLER, New York BOB GOODLATTE, Virginia ROBERT C. SCOTT, Virginia STEVE CHABOT, Ohio MELVIN L. WATT, North Carolina BOB BARR, Georgia ZOE LOFGREN, California WILLIAM L. JENKINS, Tennessee SHEILA JACKSON LEE, Texas CHRIS CANNON, Utah MAXINE WATERS, California LINDSEY O. GRAHAM, South Carolina MARTIN T. MEEHAN, Massachusetts SPENCER BACHUS, Alabama WILLIAM D. DELAHUNT, Massachusetts JOHN N. HOSTETTLER, Indiana ROBERT WEXLER, Florida MARK GREEN, Wisconsin TAMMY BALDWIN, Wisconsin RIC KELLER, Florida ANTHONY D. WEINER, New York DARRELL E. ISSA, California ADAM B. SCHIFF, California MELISSA A. HART, Pennsylvania JEFF FLAKE, Arizona MIKE PENCE, Indiana J. RANDY FORBES, Virginia Philip G. Kiko, Chief of Staff-General Counsel Perry H. Apelbaum, Minority Chief Counsel ______ Subcommittee on Immigration, Border Security, and Claims GEORGE W. GEKAS, Pennsylvania, Chairman DARRELL E. ISSA, California SHEILA JACKSON LEE, Texas MELISSA A. HART, Pennsylvania BARNEY FRANK, Massachusetts LAMAR SMITH, Texas HOWARD L. BERMAN, California ELTON GALLEGLY, California ZOE LOFGREN, California CHRIS CANNON, Utah, Vice Chair MARTIN T. MEEHAN, Massachusetts JEFF FLAKE, Arizona J. RANDY FORBES, Virginia George Fishman, Chief Counsel Lora Ries, Counsel Art Arthur, Full Committee Counsel Cindy Blackston, Professional Staff Leon Buck, Minority Counsel Pursuant to clause 2(e)(4) of Rule XI of the Rules of the House, public hearing records of the Committee on Ways and Means are also published in electronic form. The printed hearing record remains the official version. Because electronic submissions are used to prepare both printed and electronic versions of the hearing record, the process of converting between various electronic formats may introduce unintentional errors or omissions. Such occurrences are inherent in the current publication process and should diminish as the process is further refined. C O N T E N T S __________ Page Advisory of September 12, 2002, announcing the hearing........... 2 WITNESSES Social Security Administration, Hon. James B. Lockhart III, Deputy Commissioner............................................ 11 U.S. Department of State, Charisse M. Phillips, Director, Office of Fraud Prevention Programs, Bureau of Consular Affairs....... 48 U.S. Secret Service, Robert Bond, Deputy Special Agent in Charge, Financial Crimes Division...................................... 54 Federal Bureau of Investigation, Grant D. Ashley, Assistant Director, Criminal Investigative Division...................... 62 Social Security Administration, Hon. James G. Huse, Jr., Inspector General.............................................. 66 ______ Stylecraft Interiors Inc., Matthew James Reindl.................. 73 Electronic Privacy Information Center, Chris Jay Hoofnagle....... 78 SUBMISSIONS FOR THE RECORD Social Security Advisory Board, Hon. Hal Daub, statement......... 104 ______ American Federation of Government Employees, National Council of SSA Field Operations Locals, Baltimore, MD, Witold Skwierczynski, statement....................................... 108 American Immigration Lawyers Association, letter................. 111 ERISA Industry Committee, National Association of State Retirement Administrators, National Council on Teacher Retirement, National Rural Electric Cooperative Association, and Profit Sharing/401(k) Council of America, joint statement.. 112 Federation for American Immigration Reform, Dan Stein, letter.... 114 National Council of La Raza, and National Immigration Law Center, joint letter................................................... 115 PRESERVING THE INTEGRITY OF SOCIAL SECURITY NUMBERS AND PREVENTING THEIR MISUSE BY TERRORISTS AND IDENTITY THIEVES ---------- THURSDAY, SEPTEMBER 19, 2002 House of Representatives, Committee on Ways and Means, Subcommittee on Social Security, and Committee on the Judiciary, Subcommittee on Immigration, Border Security, and Claims, Washington, DC. The Subcommittees met, pursuant to notice, at 1:05 p.m., in room 1100 Longworth House Office Building, Hon. E. Clay Shaw, Jr., and Hon. George W. Gekas (Chairmen of the Subcommittees) presiding. [The advisory announcing the hearing follows:] ADVISORY FROM THE COMMITTEE ON WAYS AND MEANS SUBCOMMITTEE ON SOCIAL SECURITY CONTACT: (202) 225-9263 FOR IMMEDIATE RELEASE September 12, 2002 No. SS-16 Shaw Announces Joint Hearing on Preserving the Integrity of Social Security Numbers and Preventing Their Misuse by Terrorists and Identity Thieves Congressman E. Clay Shaw, Jr. (R-FL), Chairman, Subcommittee on Social Security of the Committee on Ways and Means, today announced that the Subcommittee will hold a joint hearing with the Subcommittee on Immigration, Border Security, and Claims of the Committee on Judiciary, chaired by Congressman George W. Gekas (R-PA), on preserving the integrity of Social Security numbers and preventing their misuse by terrorists and identity thieves. The hearing will take place on Thursday, September 19, 2002, in 1100 Longworth House Office Building, beginning at 1:00 p.m. In view of the limited time available to hear witnesses, oral testimony at this hearing will be from invited witnesses only. However, any individual or organization not scheduled for an oral appearance may submit a written statement for consideration by the Subcommittee and for inclusion in the printed record of the hearing. BACKGROUND: Although Social Security numbers (SSNs) are used for many legitimate purposes, wide availability, and easy access to this very personal information has greatly facilitated Social Security number- related crimes and fueled growing concern for safeguarding individuals' privacy. Identity theft is considered the fastest growing financial crime in the country, affecting an estimated 500,000 to 700,000 people annually, regardless of age, gender, or race. Older Americans will become an increasingly attractive target by criminal elements, since they hold substantial wealth and because seniors are often dependent on caregivers. In addition, the rising cost of this crime increases the cost of banking, insurance, and credit cards for all Americans. Worse yet, according to the Federal Bureau of Investigation, terrorists have utilized Social Security number fraud and identity theft to obtain employment, access secure locations, and finance their operations, thereby posing a significant threat to our national security. Forged documents, whether bogus birth certificates, fake SSN cards, or false immigration documents, are increasingly available from those who make their living selling false identities. There are now illegal markets throughout the cities of the United States where anyone can acquire a false or stolen identity. The Social Security Administration (SSA) serves as the front line of defense in ensuring SSN integrity, because it is responsible for accurately assigning SSNs and ensuring the wages earned and Social Security benefits claimed on that number are only those of the number holder. Last year, SSA issued 18.1 million SSN cards, of which 5.8 million were new and 12.3 million were replacement SSN cards. The SSA's Inspector General (IG) has long criticized the agency's failure to verify the authenticity of identification documents, and in a recent report estimated that of the 1.2 million SSNs issued to non-citizens in 2000, nearly 100,000 were based on invalid or inappropriate immigration documents. This year, the SSA began verifying supporting immigration records before issuing SSN cards. The agency is also working with the Immigration and Naturalization Service (INS) and the U.S. Department of State (DoS) to implement new data sharing initiatives and an Enumeration at Entry initiative. Each year the SSA receives about 250 million wage reports from employers covering approximately 150 million workers. For tax year 2000, employers reported almost 9.6 million wage items, equaling almost $50 billion in wages, that could not be credited to individuals due to lack of key information or submission of erroneous information, although further efforts to reduce these discrepancies is ongoing. According to the SSA, after all processing is complete, 2 to 3 percent of wage items will remain unmatched. Earnings that cannot be matched to a particular worker are recorded in separate file known as the Earnings Suspense File (ESF). According to the SSA IG, the ESF contains over 237 million wage items and $375 billion in wages accrued between tax years 1937 and 2000. However, approximately two-thirds of growth in the file occurred between 1990 and 2000. The IG has referred to the ESF as a ``major management challenge'' for the agency because of its potential impact on benefit amounts and administrative costs, and because it represents a significant portion of SSN misuse. This year, the SSA extended its outreach to employers by sending letters to all employers who submitted earnings records that did not match SSA's records and asking them to provide corrected information. In addition, the SSA began piloting an on-line system to supplement existing verification procedures and more quickly enable employers to verify the names and SSNs of newly hired employees. Although SSA issues SSNs in order to track individual's wages and right to Social Security benefits, the agency assigns SSNs for limited non-work purposes to certain individuals who are not U.S. citizens and are not authorized to work by the INS. Today, SSA only issues non-work SSNs to these individuals if Federal statute requires one to access a particular benefit or service, or State or local law requires one to get general assistance benefits. However, despite their ``non-work'' designation, in tax year 2000 approximately 600,000 individuals with non-work SSNs earned over $21 billion, though in some cases individuals may have become authorized to work without notifying the SSA. In announcing the hearing, Chairman Shaw stated: ``This Subcommittee has extensively examined identity theft by criminals and heard first-hand testimony of the personal devastation caused by this type of robbery. In the year since the September 11 attacks, we have also learned how SSN fraud can enable terrorism. That is why my legislation to improve the privacy of SSNs has generated bipartisan support. The SSN protection must be an integral part of a comprehensive effort to strengthen homeland security. It is one very tangible way we can help prevent the American public from being further victimized by terrorists.'' Chairman Gekas added: ``The privacy of the Social Security numbers of every American is under attack by terrorists, international criminals, and an increasing number of identity thieves. I believe the Social Security Administration can do more to tighten up its procedures for issuing Social Security Cards to prevent fraud.'' FOCUS OF THE HEARING: The Subcommittees will examine: the role SSN fraud plays in crime and terrorist activities and methods by which criminal fraud is accomplished utilizing stolen SSNs; the integrity of the SSA's enumeration and wage crediting process; Federal agency coordination and cooperation, including data sharing, to verify identification documents, and to detect and prevent fraud; and recommended legislative proposals aimed at combating SSN misuse and protecting privacy. DETAILS FOR SUBMISSION OF WRITTEN COMMENTS: Please Note: Due to the change in House mail policy, any person or organization wishing to submit a written statement for the printed record of the hearing should send it electronically to [email protected], along with a fax copy to (202) 225-2610, by the close of business, Thursday, October 3, 2002. Those filing written statements who wish to have their statements distributed to the press and interested public at the hearing should deliver their 200 copies to the Subcommittee on Social Security in room B-316 Rayburn House Office Building, in an open and searchable package 48 hours before the hearing. The U.S. Capitol Police will refuse sealed-packaged deliveries to all House Office Buildings. FORMATTING REQUIREMENTS: Each statement presented for printing to the Committee by a witness, any written statement or exhibit submitted for the printed record or any written comments in response to a request for written comments must conform to the guidelines listed below. Any statement or exhibit not in compliance with these guidelines will not be printed, but will be maintained in the Committee files for review and use by the Committee. 1. Due to the change in House mail policy, all statements and any accompanying exhibits for printing must be submitted electronically to [email protected], along with a fax copy to (202) 225-2610, in Word Perfect or MS Word format and MUST NOT exceed a total of 10 pages including attachments. Witnesses are advised that the Committee will rely on electronic submissions for printing the official hearing record. 2. Copies of whole documents submitted as exhibit material will not be accepted for printing. Instead, exhibit material should be referenced and quoted or paraphrased. All exhibit material not meeting these specifications will be maintained in the Committee files for review and use by the Committee. 3. Any statements must include a list of all clients, persons, or organizations on whose behalf the witness appears. A supplemental sheet must accompany each statement listing the name, company, address, telephone and fax numbers of each witness. Note: All Committee advisories and news releases are available on the World Wide Web at http://waysandmeans.house.gov. The Committee seeks to make its facilities accessible to persons with disabilities. If you are in need of special accommodations, please call (202) 225-1721 or (202) 226-3411 TTD/TTY in advance of the event (four business days notice is requested). Questions with regard to special accommodation needs in general (including availability of Committee materials in alternative formats) may be directed to the Committee as noted above.Chairman SHAW. Thank you for being here. Mr. Gekas and I have sat in these chairs before at a joint meeting, and he just reminded me how well he did the last time we were here in cross-examining a certain witness and sort of nailed his hide to the barn door. When the newspaper---- Chairman GEKAS. The New York Times. Chairman SHAW. When the New York Times wrote about it, they said how Clay Shaw tore this witness apart. [Laughter.] Chairman GEKAS. This time I sat in front of the right nameplate. Chairman SHAW. Okay, today our Subcommittees will join together to examine efforts to preserve the integrity of Social Security numbers and how we can better prevent terrorists and identity thieves from using these numbers to abet their heinous activities. I welcome my friend, Chairman Gekas. We were partners against crime on Judiciary a number of years ago, before I came to this Subcommittee. I welcome Ms. Jackson Lee and all of the Members of the Judiciary Committee on the Immigration, Border Security, and Claims Subcommittee to the Committee on Ways and Means. I appreciate the opportunity to work with you as we look for ways to ensure the security of individuals and the security of our Nation. Although created solely for the purpose of tracking workers' Social Security earnings, our culture is hooked on Social Security numbers. Business and governments use the numbers as primary identifiers of individuals. Even the most trivial transactions, such as renting a video, require us to hand over our nine-digit ID before services can be rendered. The Social Security number has become so woven into the fabric of American society that it has become the key that unlocks the door to an individual's identity for any unscrupulous individual who gains access to it. If someone such as a criminal or a terrorist unlocks the door, at their fingertips are all of the essential elements needed to carry out whatever dastardly act they can conceive. Worse, as each day passes, we learn more about the degree to which terrorists use stolen identities and false Social Security numbers to establish cover employment, drivers' licenses, and credit cards, all enabling them to live within our borders and plan their crime against Americans. No longer is Social Security number fraud simply a tool of common criminals. Sadly, it is now a tool of terrorists. As we will hear today from our witnesses from the U.S. Department of State, the Federal Bureau of Investigation (FBI), U.S. Secret Service, and the Social Security Administration's Inspector General (IG), there is no limit to the creativity of the reprehensible acts perpetrated by criminals and terrorists. Our Nation and this Congress has forced our attention on America's first line of defense since the attacks of September 11; the war on terrorism and protecting our borders. Next, we must enact increased privacy protections for Social Security numbers and more powerful tools for law enforcement. To that end, I along with several of my Committee on Ways and Means colleagues introduced H.R. 2036, the Social Security Number Privacy and Identity Theft Prevention Act of 2001. It is a vital component of our country's response to terrorism. The Social Security Administration serves as the frontline of defense in ensuring the integrity of Social Security numbers, a responsibility it takes very seriously. It is responsible for accurately assigning Social Security numbers as well as ensuring the wages earned and the Social Security benefits claimed on that number are only those of the holder. As we will soon hear, since September 11, the agency has implemented a number of initiatives to help prevent identity theft. Yet, we will also hear there is more to do, particularly with regard to interagency cooperation. A solo approach by Federal agencies is not acceptable, as President Bush recognizes through his proposal to create a U.S. Department of Homeland Security. Our Nation has been forever changed by the horrible attacks on our country. No longer can we sit idly by and not protect ourselves from domestic and foreign terrorists. Also, long before these attacks, individuals were fighting more personal battles with identity thefts. We must implement changes that will prevent and deter future attacks on our national security and our personal financial security. I look forward to hearing from each of our witnesses and thank them in advance for sharing with us their experience and their recommendation. I now yield to my Co-Chair at this hearing, Mr. Gekas of Pennsylvania. [The opening statement of Chairman Shaw follows:] Opening Statement of the Hon. E. Clay Shaw, Jr., a Representative in Congress from the State of Florida, and Chairman, Subcommittee on Social Security Today, our Subcommittees join together to examine efforts to preserve the integrity of Social Security numbers and how we can better prevent terrorists and identity thieves from using these numbers to abet their heinous activities. I welcome Chairman Gekas, Ms. Jackson- Lee, and all of the Members of the Judiciary Subcommittee on Immigration, Border Security, and Claims to the Committee on Ways and Means and appreciate the opportunity to work with you as we look for ways to ensure the security of individuals and our Nation. Although created solely for the purpose of tracking workers' Social Security earnings, our culture is hooked on Social Security numbers. Businesses and governments use the number as the primary identifier of individuals. Even the most trivial transactions, such as renting a video, require us to hand over our 9-digit ID before services can be rendered. The Social Security number has become so woven into the fabric of American society, it has become the key that unlocks the door to an individual's identity for any unscrupulous individual who gains access to it. If someone, such as a criminal or terrorist, unlocks the door, at their fingertips is all the essential elements needed to carry out whatever dastardly act they can conceive. Worse, as each day passes we learn more about the degree to which terrorists use stolen identities and false Social Security numbers to establish cover employment, drivers' licenses, and credit cards--all enabling them to live within our borders and plan their crimes against Americans. No longer is Social Security number fraud simply a tool of common criminals; sadly, it's now a tool of terrorists. As we will hear today from our witnesses from the Department of State, FBI, Secret Service, and the Social Security Administration's Inspector General, there is no limit to the creativity of the reprehensible acts perpetrated by criminals and terrorists. Our Nation, and this Congress, has focused our attention on America's first line of defense since the attacks of September 11th-- the war on terrorism and protecting our borders. Next, we must enact increased privacy protections for Social Security numbers and more powerful tools for law enforcement. To that end I, along with several of my Ways and Means colleagues, introduced H.R. 2036, the ``Social Security Number Privacy and Identity Theft Prevention Act of 2001.'' It is a vital component of our country's response to terrorism. The Social Security Administration serves as the front line of defense in ensuring the integrity of Social Security numbers--a responsibility it takes very seriously. It is responsible for accurately assigning Social Security numbers, as well as ensuring the wages earned and Social Security benefits claimed on that number are only those of the number holder. As we will soon hear, since 9/11 the agency has implemented a number of initiatives to help prevent identity theft. Yet we will also hear there is more to do, particularly with regard to inter-agency cooperation. A silo approach by Federal agencies is not acceptable, as President Bush recognized through his proposal to create a Department of Homeland Security. Our Nation has been forever changed by the horrible attacks on our country. No longer can we sit idlely by and not protect ourselves from domestic and foreign terrorists. Also, long before these attacks, individuals were fighting more personal battles with identity thieves. We must implement changes that will prevent and deter future attacks on our national security and our personal financial security. I look forward to hearing from each of our witnesses, and thank them in advance for sharing with us their experiences and their recommendations. Chairman GEKAS. I thank the Chairman. I begin by asking unanimous consent that the written statement that I have prepared to be my opening statement be received in the record. Chairman SHAW. Without objection. [The opening statement of Chairman Gekas follows:] Opening Statement of the Hon. George W. Gekas, a Representative in Congress from the State of Pennsylvania, and Chairman, Subcommittee on Immigration, Border Security, and Claims Chairman Shaw, it's a pleasure to join with you and your colleagues on the Committee on Ways and Means. Thanks for your kind words of welcome. I agree with your concerns about the overuse of the Social Security Number and its lack of privacy. Times have changed since the Social Security Administration began producing the little green cards in 1937. We in the Congress need to determine what remedies can be applied to the use of the card and to the practices of the Social Security Administration. I am very supportive of the efforts of Chairman Shaw to bolster protection of the Social Security Number. At the same time, we need to look at what else is needed to address the problem comprehensively. In some cases, old laws need to be updated. There's no question in my mind that the criminal penalties for identity theft and for Social Security Number fraud, in particular, need to be strengthened. We also need to look at whether tougher legal rules are needed so that the Social Security Administration will move faster to work with federal law enforcement agencies to stop the growth of identity fraud. All Americans, especially Seniors and those approaching retirement, need to hear that the Social Security Administration is aggressive in preventing ineligible people from obtaining Social Security Numbers. It is only a short step from fraudulently obtaining Social Security Numbers to fraudulently obtaining benefits. The structural problems of the Social Security program are well known and publicly debated. The problems with Social Security number fraud are much less well known, but equally important to protect benefits and the financial well being of the fund. I believe we can do much more to make it very difficult for terrorists, crooks and illegal workers to obtain Social Security Numbers. Terrorists and crooks and the purveyors of illegal documents are getting smarter and many are experts in use of the Internet. We have to compel our government agencies and especially the Social Security Administration to get smarter too. We have to look at changing the business practices of the Social Security Administration to raise the bar against fraudulent and counterfeit source documents. We have to make it much more difficult for people to obtain two and three valid Social Security Numbers from this government agency. The Social Security Number is the most common form of identification confirmation by Americans. It is absolutely vital that we make it extremely difficult for terrorists to abuse this fundamental key to the American identity. I look forward to the testimony from the Deputy Commissioner of the Social Security Administration, and from our other excellent witnesses. I want to particularly recognize Mr. Matthew Reindl. He has come here today from Great Neck, New York, to tell us about the difficulty of operating a small family business with strict adherence to federal laws, when his competition freely employs illegal workers because of the lack of enforcement by federal agencies, including especially, the INS. Chairman GEKAS. Hearing no objection from my colleagues, I will proceed to underline and endorse the concepts enunciated by the gentleman from Florida, Mr. Shaw, the Chairman, on the importance of the hearing and on the subject matter itself. Perhaps the most ironic outcome of Social Security fraud and identity theft is that this great social program, one of the greatest ever attempted by any society in the history of the world, is also a potential and actual vehicle for terrorists who threaten our Nation and actually attack our Nation. That is reason enough to convene such a meeting and to determine, once and for all, what we as legislators can do to prevent this kind of result that threatens the very lives of the people who are Social Security recipients and Social Security contributors across the land. If that weren't enough to put us on guard on what has been happening to our Social Security number system, then we have to consider as well the attack on the system that identity fraud perpetrates with respect to diminution of the funding and the assets of the Social Security program. For everyone who falsely secures a Social Security number and starts to receive benefits, the pot of available funding is diminished by that much, to the detriment of the current recipients and future recipients, not to mention the budgetary problems facing the Nation every single year, vis-a-vis the health of the Social Security fund and all that it touches in our society. So, when we begin to listen to the witnesses here, we will have an eye and ear pinned to what it means in the day of the terrorist and what it means in the day of watchfulness on the health of the Social Security fund, what it means to try to prevent identity fraud and Social Security fraud in all its aspects. I thank the Chair, and I yield back the balance of my time. Chairman SHAW. Mr. Becerra, do you have an opening statement? Mr. BECERRA. Thank you, Mr. Chairman. First, let me say to the Chairman of the Subcommittee on Social Security of the Committee on Ways and Means, thank you very much for the several hearings that you have held on this issue of the Social Security number identity fraud and the importance to not just the people who will be recipients of Social Security but to all Americans who depend on such an important program, and, of course, to our government, which must dispense and implement this valuable program that has existed for over 75 years. To our Co-Chair who is here today, Mr. Gekas, it is a pleasure to again have an opportunity to sit with him on a panel, as I did before when I served on the Committee on the Judiciary. I am pleased to join with my colleague, the Ranking Member of the Subcommittee on Immigration and Claims, Ms. Sheila Jackson Lee as well. With all our colleagues that are here, I am looking forward to a hearing that will help us gain better insight on how we protect not just the Social Security number but Americans from identity fraud, how we protect them against invasions of that security that they had grown accustomed to. Now that we have seen what happened after September 11 and the fact that the 19 terrorists used Social Security numbers to help them obtain that fraudulent identity, it is important for us to try to move forward to see how we can secure not just our freedom and our privacy, but also the security of this country. So, I am very much looking forward to the hearing, building upon what has been done through the Chairman's and the Members' good work on the Subcommittee on Social Security, and hoping that the testimony enlightens us on how to move forward and move forward quickly. So, I thank you, Mr. Chairman. I yield back the balance of my time. Chairman SHAW. Thank you, Mr. Becerra. Ms. Jackson Lee? Ms. JACKSON LEE. Thank you very much, Mr. Chairman, and might I add my appreciation to Chairman Shaw and as well Chairman Gekas for having a hearing that gives example to government working at its best, Committees with their respective jurisdictions coming together. I'm pleased, of course, to join with the fellow Ranking Member of the Committee on Ways and Means and a former colleague on the Committee on the Judiciary, Xavier Becerra, and I think this very important issue. It is good to see the Inspector General will be here. You testified earlier on some matters that we have before the Committee on the Judiciary, and I believe you gave great insight. It is, of course, natural and important that we take leadership on the issues of Social Security fraud, theft, and issues that would impact negatively on the identity and the security of this Nation. Serving on the Subcommittee on Immigration and Claims, of course, I have to add my additional concern in words that I reflect most often; as we look to secure the Nation, we must also realize that we are a nation of immigrants, a nation of laws, even after September 11 and the unfortunate and tragic and horrific event that occurred, where so many of the terrorists and the perpetrators came in on legal visas that we still do not equate terrorism to immigration. So I would hope, as look to this question, you will also have as a backdrop the fact that the recently passed immigration reform bill did not include a national identity card. We thought that that was not the direction to go, but it certainly is a direction to go with Mr. Shaw's concern about Social Security card fraud and identity fraud. I hope that we will be cognizant of the technology that may put together a national Social Security card and the abuses that could occur. I also hope that we will avoid steps in this hearing and any legislation that would increase rather than diminish immigration-related discrimination that has already become a problem with the use of Social Security numbers by some employers. So, we have our job cut out for us. I believe the American people will challenge us to do the right thing together, to provide enhanced security, but at the same time balance and respect the laws of this land, and certainly the civil rights and civil liberties of the people of this land. With that, Mr. Chairman, I would ask that my entire statement be put into the record. Chairman SHAW. Without objection, and without objection, any statement that any of the Members of this joint Committee hearing would like to put into the record will be made part of the record. [The opening statement of Ms. Jackson Lee follows:] Opening Statement of the Hon. Sheila Jackson Lee, a Representative in Congress from the State of Texas Good Afternoon Mr. Chairman. I would like to thank the Chairman and the Ranking Member of the Subcommittee on Social Security for inviting me and other member of the Subcommittee on Immigration, Border Security and Claims to participate in this important hearing on the importance of ensuring the integrity of Social Security Numbers (SSN) and preventing their misuse by terrorist and identity thieves. As many will note, the SSN is probably the most important number as it is the first step in access to so many things in our culture. If you need a drivers license you need a social security number. If you need credit you need a social security. It is central to American life. On September 11, the United States experienced the worst attack on its soil since World War II. In the weeks following the attack, the U.S. government initiated a nationwide investigation into the reasons behind the failure of U.S. police and intelligence agencies to uncover the plot to destroy the Trade Center. In Washington Post stories earlier this year it was revealed that some of the September 11, 2001, hijackers had used identity theft and fraud to obtain false SSNs and other identification documents to facilitate training and preparation for the September 11, attacks. First, let me emphasize that I, like you, condemn SSN fraud and its negative impact. None of us would approve of the fraudulent use of identification cards or any other documentation. People who fraudulently use SSNs can and should be punished. Our subcommittee held another Joint Hearing in Identity Theft and Fraud in June of this year with the Judiciary Subcommittee on Crime. Mr. Huse testified there, and I would like to let him know that it is good to hear from him again. I will say now as I said then, that efforts at stopping terrorism beg the question at which point is it best to stop the terrorist. Clearly, the best point to stop terrorists is prior to their entry into the country, before they have access to our social security administration, departments of motor vehicles and other infrastructure critical to secure identification documents. It should be pointed out that ``18 of the 19 hijackers entered the United States on visitors visas.'' They made ``concerted efforts to do so, so it is logical to assume that they believed that this type of entry, as visitors, made them less likely to come to the attention of federal authorities.'' This glaring fact underscores the difficulties faced by agencies in preventing terrorists from obtaining fraudulent SSNs and other identification. Again, it is better to get to terrorists prior to their entry into our country. Effective measures will be difficult to achieve. The integrity of any SSN verification system hinges on the security of the documents which underlie it, and such ``breeder'' documents must also be secure. The birth certificate is a ``breeder'' document in that it can be used to obtain an identity document such as a U.S. passport, driver's license, military I.D. and a SSN. However, if we are going to examine these issues, let us do so in in a balanced fashion. We need to decide just how far we are willing to go in dealing with this problem. For instance, birth and death records are certain to be used, and we need to examine just what resources we need to dedicated to revamping these record-keeping systems. We must deal with issues of efficiency and resources in a complimentary fashion as opposed to pitting these issues against one another. The same is true of revising SSA and INS databases. Are we willing to bear the costs of developing and maintaining such gigantic data bases? Again, examination of these issues must be done in a fair and equitable way. The fight against SSN fraud and counterfeit documents should not become a fight against personal privacy that leads to a national ID card. I do not want a national ID card to be demanded of Americans every time they engage in what should be routine activity that can be conducted anonymously and without government intervention. Technology has played a vital role in advancing freedom around the world, but it also has laid new temptations at the doorstep of business, government and criminals. Once the technology and a database are in place for a system such as a national ID, alternative uses for the system will arise. This potential abuse of such a system by unscrupulous businesses and governments and plain criminals could be devastating to our nation's average citizen. Congress must also take care to avoid steps that would increase rather than diminish immigration-related discrimination that has already become a problem with the use of SSNs by some employers. In response to employer sanctions, some--but not all employers have screened out all ``foreign-looking'' or ``accented'' job applicants; or conversely have adopted the practice of looking only for illegal immigrants to hire in order to hold their status over these employees heads. They have selectively applied verification procedures only to ``suspect'' employees and demanded documents when hiring foreign- sounding employees when compared to other employees. We also have to be mindful of states' rights. We should not become so aggressive in this area that states are turned into mere tools of the Federal Government in connection with the identity documents they issue. Finally, Mr. Chairman, I hope that we can work cooperatively, and in the true spirit of bipartisanship to eliminate SSN fraud and make the necessary changes in the law that must be made. However, I would like to say for the record that although there is ample and substantial SSN fraud and theft, this hearing should in no way be used as a vehicle to discourage talented men and women from different countries from coming to the United States to study, to exchange creative thought and ideas, or to discourage businesses from temporarily moving their employees to contribute to our economy and our way of life. We should discourage SSN fraud, but not discourage fair and equal opportunity. Thank-you Mr. Chairman. Chairman SHAW. Now it is my pleasure to recognize the Honorable James B. Lockhart III, who is the Deputy Commissioner of Social Security. I believe this may be the first time you have appeared before the Social Security Subcommittee. Mr. LOCKHART. Yes, Mr. Chairman. Chairman SHAW. It is my privilege to welcome you. Please proceed as you see fit. We have your full statement which, without objection, will be made a part of the record, as will the full statements of all the witnesses this afternoon. So, you may summarize or proceed as you see fit, Mr. Lockhart. STATEMENT OF THE HON. JAMES B. LOCKHART III, DEPUTY COMMISSIONER, SOCIAL SECURITY ADMINISTRATION Mr. LOCKHART. Chairman Shaw, Chairman Gekas, and Members of the Subcommittees, thank you for asking me here today to discuss our work to preserve the integrity of the Social Security number and to prevent its misuse. Commissioner Barnhart and I have made protecting the Social Security number a major stewardship priority. We have made many important enhancements and are reviewing other improvements. We all know that Social Security number misuse can lead directly to identity theft with serious personal and economic consequences. On September 11, we also learned that it can have more far-reaching consequences, as the terrorists used made-up Social Security numbers. As you know, the original purpose of the Social Security number was solely for tracking the earnings of people who worked in jobs covered by Social Security. Ever since, the use of the Social Security number has mushroomed as a way to identify people in records systems. It has become the identifying number for Federal and many other employee systems, taxpayers, noncitizens authorized to work in this country, beneficiaries of Federal- and State-funded programs, and some drivers' licenses. By 1974, Congress became concerned about the widespread use of the Social Security number and passed the Privacy Act. It provides that except when required by Federal law, no government agency could withhold benefits from a person simply because of a refusal to give his or her Social Security number. Federal law does not restrict Social Security number use by private businesses or organizations. As you can see, the Social Security number has become the personal identifier through a buildup over time. Unfortunately, it also has become the identifier of choice for criminals, including terrorists. After September 11, the Social Security Administration formed a high-level response team to better prevent those with criminal intent from using Social Security numbers. We have put a new training emphasis on what we call enumeration for the 1.5 million noncitizens that we give numbers to every year. On March 1, we stopped assigning Social Security numbers to noncitizens for the purpose of applying for a drivers' license. Noncitizens can now only get a Social Security number if they are authorized to work or if they need it for public assistance. On June 1, we began verifying birth records of U.S.-born citizens older than age 1 who apply for a Social Security number, and we are piloting an online system that lets employers verify the names and Social Security numbers of newly hired employees. That should help to strengthen our present verification systems. We are also leading the government-wide e-VITAL project to improve the death master file and electronic birth records verification systems. We are implementing a range of new initiatives with the Immigration and Naturalization Service (INS) and the State Department, which will be consistent with the requirements of the Privacy Act. We now verify all INS documents with that agency. By the end of the year, under the Enumeration at Entry Project, we will assign directly Social Security numbers to newly arrived immigrants based on the information the State Department and INS collect as they authorize noncitizen entry into the country. We are also taking major steps to improve the accuracy of the 250 million annual wage reports that we receive, as they are critical for correctly calculating benefits. Despite improving our matching routines, almost 10 million of those 250 million wage reports a year are placed in the suspense file because the name and the Social Security number do not match. We have been writing letters to employees, asking them to correct the information. Over the last several years, we have greatly increased the no-match letters to employers. Let me say that we appreciate the Subcommittee's effort to strengthen Social Security number privacy and prevent identity theft. The provisions in H.R. 2036 which strengthen the penalties and enforcement for Social Security number misuse would help in our efforts to locate and eliminate abuses. Adding civil monetary penalties as proposed to existing criminal penalties for Social Security number misuse would provide another level of deterrence. We believe it would strengthen our ability to deal with cases of misuse that are not criminally prosecuted by the U.S. Department of Justice. In closing, I would like to emphasize that the Social Security Administration is committed to doing all that it can to protect the integrity of the Social Security number by strengthening our enumeration and misuse detection capabilities. Commissioner Barnhart and I look forward to continuing to work with you on this vital national issue. I would be happy to answer any questions. [The prepared statement of Mr. Lockhart follows:] Statement of the Hon. James B. Lockhart III, Deputy Commissioner Social Security Administration Mr. Chairmen and Members of the Subcommittees: Thank you for asking me to be here today to discuss the process of assigning and issuing Social Security Numbers (SSN), and the role that the SSN has in our society today. As the number of legitimate uses for SSNs increases, especially in the private sector so does the potential for misuse--and the resulting consequences of misuse. Social Security Number misuse can lead directly to identity theft and the resulting personal and economic consequences to the individual whose identity is stolen. But SSN misuse also can create far-reaching consequences to our economy and our society as a whole. The tragic events of September 11, and reports that some of the terrorists fraudulently used SSNs, have brought home the need to strengthen the safeguards to protect against the misuse of the SSN. Since Commissioner Barnhart and I have been at Social Security we have made protecting the SSN a major stewardship priority. We have made many important enhancements this year and are reviewing other improvements. Original Purpose of the Social Security Number and Card To begin, I would like to discuss the original purpose of the SSN and the Social Security card. Following the passage of the Social Security Act in 1935, the SSN was devised administratively as a way to keep track of the earnings of people who worked in jobs covered under the new program. The requirement that workers covered by Social Security apply for an SSN was published in Treasury regulations in 1936. The SSN card is the document SSA provides to show what SSN is assigned to a particular individual. The SSN card, when shown to an employer, assists the employer in properly reporting earnings. Early public education materials counseled workers to share their SSNs only with their employers. Initially, the only purpose of the SSN was to keep an accurate record of earnings covered under Social Security so that we could pay benefits based on those earnings. Growth of SSN as an Identifier for Other Federal Purposes In spite of the narrowly drawn purpose of the SSN, use of the SSN as a convenient means of identifying people in records systems has grown over the years. In 1943, Executive Order 9397 required Federal agencies to use the SSN in any new system for identifying individuals. This use proved to be a precursor to a continuing explosion in SSN usage which came about during the computer revolution of the 1960's and 70's and which continues today. The simplicity of using a unique number that most people already possessed encouraged widespread use of the SSN by Government agencies and private organizations as they adapted their record-keeping and business applications to automated data processing. In 1961, the Federal Civil Service Commission established a numerical identification system for all Federal employees using the SSN as the identifying number. The next year, the Internal Revenue Service (IRS) decided to use the SSN as its taxpayer identification number (TIN) for individuals. And, in 1967, the Defense Department adopted the SSN as its identification number for military personnel. Use of the SSN for computer and other record-keeping systems spread throughout State and local governments, and to banks, credit bureaus, hospitals, educational institutions and other areas of the private sector. At the time, there were no legislative authorizations for, or prohibitions against, such uses. Statutory Expansion of SSN Use in the Public Sector The first explicit statutory authority to issue SSNs did not occur until 1972, when Congress required that SSA assign SSNs to all noncitizens authorized to work in this country and take affirmative steps to assign SSNs to children and anyone receiving or applying for a benefit paid for by Federal funds. This change was prompted by Congressional concerns about welfare fraud and about noncitizens working in the U.S. illegally. Subsequent Congresses have enacted legislation which requires an SSN as a condition of eligibility for applicants for SSI, Aid to Families with Dependent Children (now called Temporary Assistance to Needy Families), Medicaid, and food stamps. Additional legislation authorized States to use the SSN in the administration of any tax, general public assistance, drivers license, or motor vehicle registration law within its jurisdiction. The Privacy Act was enacted in 1974 when Congress became concerned about the widespread use of the SSN. It provides that, except when required by Federal statute or regulation adopted prior to January 1975, no Federal, State or local government agency could withhold benefits from a person simply because the person refused to furnish his or her SSN. In the 1980's, separate legislation provided for additional uses of the SSN including employment eligibility verification, military draft registration, driver's licenses, and for operators of stores that redeem food stamps. Legislation was also enacted that required taxpayers to provide a taxpayer identification number (SSN) for each dependent age 5 or older. The age requirement was lowered subsequently, and an SSN is now required for dependents, regardless of age. In the 1990's, SSN use continued to expand with legislation that authorized its use for jury selection and for administration of Federal workers' compensation laws. A major expansion of SSN use was provided in 1996 under welfare reform. Under welfare reform, to enhance child support enforcement, the SSN is to be recorded in the applications for professional licenses, driver's licenses, and marriage licenses; it must be placed in the records relating to a divorce decree, support order, or paternity determination or acknowledgment; and it must be recorded in the records relating to death and on the death certificate. When an individual is hired, an employer is required to report this event to the State's New Hire Registry. This ``New Hire Registry'' is part of the expanded Federal Parent Locator Service which enables States to find non-custodial parents by using the SSN. Private Sector Use of the SSN Currently, Federal law places no restrictions on the use of the SSN by the private sector. People may be asked for an SSN for such things as renting a video, getting medical services, and applying for public utilities. They may refuse to give it. However, the provider may, in turn, decline to furnish the product or service. There are two basic ways the providers use the SSN. Within an organization, the SSN is typically used to identify specific persons and to maintain or retrieve data files. The second use is for external exchange of information, typically to transfer or to match data. For example, individual companies can track buying habits and customer preferences through the use of such data. Continuing advances in computer technology and the ready availability of computerized data have spurred the growth of information brokers who amass and sell vast amount of personal information including SSNs. When possible, information brokers retrieve data by SSN because it is more likely than any other identifier to produce records for a specific individual. The SSN as an Identifier As you can see, Mr. Chairman, the current use of the SSN as a personal identifier in both the public and private sectors is not the result of any single step; but rather, from the gradual accretion over time of extending the SSN to a variety of purposes. The implications for personal privacy of the widespread use of a single identifier have generated concern both within the government and in society in general. The advent of broader access to electronic data through the Internet and the World Wide Web has generated a growing concern about increased opportunities for access to personal information. Some people fear that the competition among information service providers for customers will result in broader data linkages with questionable integrity and potential for harm, and make it easier for identity thieves to ply their trade. On the other hand, there are some who believe that the public interests and economic benefits are well served by these uses of the SSN. They argue that use of the SSN would enhance the ability to more easily recognize, control and protect against fraud and abuses in both public and private activities. All Federal benefit-paying agencies rely on data matches to verify not only that the applicant is eligible for benefits, but also to ensure that the benefit paid is correct. Other federal agencies may be able to provide information about other socially beneficial uses of the SSN, including its use in research and statistical activities. The SSN often is the key that facilitates the ability to perform the matches. e-VITAL I also want to mention that SSA is actively involved in an interagency initiative (e-VITAL) which is pursuing electronic data exchanges between other federal agencies and the States. This ``e- VITAL'' program consists of 2 projects that are being undertaken to maximize efficiency and improve customer service to citizens and businesses. One project is working with State agencies and funeral homes to expand and improve electronic notification of deaths. The second project is an electronic query system that allows State and Federal agencies to access birth and death information. This information would be used to improve the accuracy of our records and ensure that proper benefits are paid to individuals. Identity Theft When most people think of identity theft they are referring to the use of the personal identifying information of another person to ``become'' that person. Identity theft and fraud also include enumeration fraud, which uses fraudulent documents to obtain an original SSN for establishing identity. Finally, identity theft and fraud also includes identity creation, which uses false identity, false documents and a false SSN. Skilled identity thieves may use a variety of low and hi-tech methods to gain access to personal data. We at the Social Security Administration want to do what we can to help prevent identity theft, to assist those who become victims of identity theft, and to assist in the apprehension and conviction of those who perpetrate the crime. Preventing identity theft can play a role in the prevention of any future terrorism. Identification documents are critically important to terrorists, and a key to such documents is the SSN. The integrity of the SSN must be ensured to the maximum extent possible because of the fundamental role it can play in helping unscrupulous individuals steal identities and obtain false identification documents. Identity thieves may get personal information by stealing wallets and purses, mail, personal information on an unsecured Internet site, from business or personnel records at work, buying personal information from ``inside'' sources, or posing as someone who legitimately needs the information such as an employer or landlord. We ask that people be careful with their SSN and card to prevent identity theft. The card should be shown to an employer when an individual starts working, so that the employment records are correct and then it should be put in a safe place. SSA Response to SSN Misuse In response to the events of September 11, SSA formed a high-level response team which has met regularly ever since to recommend and track progress towards policy and procedural enhancements to help ensure that we are strengthening our capability to prevent those with criminal intent from using SSNs and cards to advance their operations. Just as there have been delays at airports as a result of heightened security, we recognize that some of these initiatives may result in a delay in the receipt of SSNs for some citizens and non-citizens. However, these measures are necessary to ensure the integrity of the SSN and to ensure that only those who should receive an SSN do so. Soon after September 11th, we began a new training emphasis on the rules for enumeration, and especially for enumerating non-citizens. We started with refresher training for all involved staff, but are following this up with periodic special training and additional management oversight. On March 1 we stopped assigning SSNs to non- citizens for the sole purpose of applying for a driver's license, so that non-citizens can now only get an SSN if they are authorized to work or where needed for a Federal funded or state public assistance benefit to which the person has established entitlement. On June 1, we began verifying with the custodians of the records, any birth records submitted by U.S. born citizens over the age of one applying for an SSN. Further, we are currently piloting an online system for employers to verify the names and SSNs of newly hired employees. I must note that SSA has had systems for employers to verify employees SSNs for wage reporting purposes for more than twenty years. Throughout this year we are also implementing a range of new initiatives with the Immigration and Naturalization Service (INS) and the Department of State (DoS) that will improve integrity goals with respect to enumeration of non-citizens. We expect to have in place by the end of the year the first phase of what we are calling Enumeration at Entry (EAE). EAE is an integrity measure we have been working on collaboratively with the INS and DoS for some time. EAE will work similarly to our highly successful Enumeration at Birth program under which most U.S.-born infants are assigned SSNs based on requests by their parents in the hospital right at birth, eliminating the potential for the use of fraudulent documents. EAE will also eliminate the use of fraudulent immigration documents from the process. Under EAE, SSA will assign SSNs to newly arrived immigrants based on data collected by the DoS, as it approves the immigrant visa in the foreign service post, and by the INS, as entry into the country is authorized. SSA would receive electronically the information needed to enumerate the individual from the INS with no need for further document review and verification. In July, we began verifying any documents issued by the INS with them before assigning an SSN. We are verifying many of these electronically. But if the immigration document is not recorded in the INS system within ten days, we request written confirmation from INS that the documents submitted are bona fide and that the individual is authorized to work. This new verification process was fully implemented earlier this month. We are also planning to pilot a Social Security Card Center that would be an interagency specialist group designed to provided quick and efficient service while ensuring the integrity of the enumeration process. We have developed this multi-pronged approach to make SSNs less accessible to those with criminal intent as well as prevent individuals from using false or stolen birth records or immigration documents to obtain an SSN. We also implemented changes to speed up the distribution of our Death Master File. SSA receives reports of deaths from a number of sources, and from computer matches with death data from Federal and State agencies. This information is critical to the administration of our program and is made available to facilitate the prevention of identify theft of the SSN's of deceased persons. Many of the private sector companies purchasing this information are credit card companies and financial institutions. Furthermore, we are also limiting the display of SSNs on our correspondence. As of October 1, 2001 we no longer include the first five digits of the SSN on Social Security Statements and as of December 2001 on Social Security Cost-of-Living Notices. We do use the full SSN on other correspondence because there may be legal requirements for display of the SSN on the notice especially on termination and award notices. However, to ensure the confidentiality of the SSN on mail we do not show the addressee's SSN on the envelope, if mailing an envelope to an individual. If requesting information from third parties, we do not show the SSN for the purpose of associating the reply with the file when it is returned. The good news is that over 80% of our beneficiaries receive their payments by direct deposit, which means for this large group there are no SSNs to be stolen or paper checks that can be lost or stolen. For those that do not use direct deposit, the Department of the Treasury prepares and mails all government checks including those for Social Security and Supplemental Security Income recipients. Effective with the September 1, 2000 benefit payments, the SSN printed on Social Security and Supplemental Security Income checks is no longer visible through the envelope window. Additionally, to protect the privacy of recipients who are paid by check and help prevent identity theft, Treasury is taking steps to remove all personal identification numbers, including the SSN, on all check payments. The goal for completing the project is early 2004. Detecting SSN Misuse One way that a person can find out whether someone is misusing their number to work is to check their earning records. About three months before their birthday, anyone 25 or older and not already receiving Social Security benefits, automatically receives a Social Security statement each year. The statement lists earnings posted, to their Social Security record as well as providing an estimate of benefits and other Social Security facts about the program. If there is a mistake in the earnings posted they are asked to contact us right away, so their record can be corrected. We investigate, correct the earnings record and if appropriate, we refer any suspected misuse of an SSN to the appropriate authorities. SSA may learn about misused SSNs in a variety of other ways including alerts from our computer systems while matching Federal and State data, processing wages, claims or post entitlement actions, reports from individuals contacting our field offices or teleservice centers and inquiries from the IRS concerning two or more individuals with the same SSN on their income tax returns. We have another tool that has been used successfully to detect instances of fraud and abuse. This tool, called the Comprehensive Integrity Review Process (CIRP), is a review and anomaly detection system. This system first identifies known fraudulent patterns and then transactions that fit these fraudulent patterns are provided to SSA managers for their review. If upon investigation, the SSA manager believes that fraud or misuse has occurred, they prepare a referral to the Office of the Inspector General (OIG). Of course SSA's OIG has played an ongoing role in the investigation of fraud and misuse of the SSN, as shown in the following examples. As you know, SSA OIG agents have participated along with the US Department of Justice in ``Operation Tarmac''. In this joint effort, individuals have been identified who misused SSN's to fraudulently obtain security badges, and to date, a significant number have been sentenced. Further, SSA's OIG, INS, and local law enforcement authorities investigated an organization in Utah that manufactured and sold counterfeit documents. To date, nine individuals have been sentenced to jail time and/or deportation, and the investigation continues. In another combined effort, OIG, Postal Service, Federal Bureau of Investigations and the Secret Service investigated and arrested individuals in Seattle who established more than 50 false identities to open bank accounts. Another important pillar in the effort to safeguard program integrity is the joint SSA-OIG General Cooperative Disability Investigations Program (CDI). Its mission is to detect fraud in the early stages-at the time of application for Social Security benefits or during the appeals process. The results of CDI investigations were used to support over 2,700 denials or terminations, allowing SSA to avoid improper payments to individuals. Assisting Victims To help victims, SSA provides hotline numbers to SSA's Fraud Hotline and the Federal Trade Commission ID Theft Hotline. We provide up-to-date information about steps that the person can take to work with credit bureaus and law enforcement agencies to reclaim their identity. We issue a replacement card if their Social Security Card is stolen. We help to correct their earnings record and issue a new SSN in certain circumstances. If the victim alleges that a specific individual is using the SSN, SSA develops the case as a possible fraud violation. If appropriate, we refer the case to the OIG for an investigation and work closely with the OIG to facilitate their investigation. Suspense File As I mentioned earlier, the primary purpose of the SSN has always been to allow us to accurately record and keep track of a worker's earnings. This is SSA's core business process, and it ensures that a worker and his family receive benefits that reflect his work history. The earnings suspense file is an electronic holding file for reported earnings items that cannot be recorded to the earnings records of individual workers because the name and SSN on the items do not match SSA's records. Currently, we receive and process about 250 million annual wage reports (Forms W-2) for employees from about 6.5 million employers. In recent years, after electronic and manual processing, about 97 percent of these items are ultimately posted to the Master Earnings File (MEF), which contains a record of the lifetime earnings of each individual worker. The remaining items, about 3 percent, are ultimately placed in the earnings suspense file. For 2000, after electronic processing, 10 million reports of wages were sent to the suspense file representing over $54 billion in wages. The suspense file contains all mismatches since 1937 about 237 million reports of wages representing $376 billion in earnings. So, why is this issue significant? As I stated earlier, the wages reported to SSA on the Forms W-2 are used to maintain a record of every working individual's earnings. This earnings record is the basis for computing retirement, survivors, and disability benefits. If a worker's earnings are not recorded, he or she may not qualify for benefits or the benefit amount may be lower. When a person files for benefits, the earnings record is reviewed and an effort is made to establish any earnings that are not shown. However, it may be difficult to accurately recall past earnings and to obtain evidence of them. Thus, it is better to establish and maintain accurate records at the time the wages are paid. We have a number of initiatives to assure that wage items are credited to the correct individual's earnings record and do not go into suspense. These include: LEncouraging the filing of wage reports electronically or on magnetic media which has increased to 78.0% percent in 2001. LUsing over 23 software routines to match names to SSNs which initially do not match SSA records--for TY1999, software matched 16 million (about 60 percent) of the initial mismatches. LNotifying employees of name/SSN errors and requesting corrections. In the last five years we have sent an average of 8 million letters a year to individuals or to their employers if we do not have a record of the employee's address. LNotifying employers of name/SSN errors. In 2002, we increased these ``no match'' letters from about 110,000 to 870,000. This is because we sent these letters to all employers who submitted W-2 forms with information that did not match our records instead of only to employers with relatively large number of mismatches. We will be reviewing the effectiveness of this change. LProviding outreach to the employer community to reinforce the need for accurate name/SSN reporting. We are building a new Earnings Suspense File process that looks promising. It would electronically find millions of additional matches and post them to the correct earnings record. Under this new process, we are estimating that at least 30 million items will be removed from the suspense file and credited to the records of individual workers. If so, benefits for several hundred thousand beneficiaries would be increased. If the test we have planned for the fall of this year is successful, we expect to begin the new process early in 2003 and have it completed by the end of 2004. Improving Enforcement Mr. Shaw's bill (H.R. 2036) is aimed at the need to limit private and public sector use, display and sale of the SSN and to increase penalties for misuse of the number. We appreciate Mr. Shaw's commitment to these objectives. We support efforts to strengthen the penalties and enforcement for SSN misuse, which would be of great help to the agency in our consistent efforts to locate and eliminate abuses to the program. While current law provides criminal penalties for SSN misuse, the addition of civil monetary penalties for SSN misuse would provide another level of deterrence for those who would misuse the SSN. Such measures would help to strengthen our ability to deal with instances of misuse that are not criminally prosecuted by the Department of Justice. Closing I would like to conclude by emphasizing that we at the Social Security Administration are committed to protecting the integrity of the SSN. We want to do what we can to help prevent identity theft, to assist those who become victims and to assist in the apprehension and conviction of those who perpetrate the crime. We are committed to improving the accuracy of the records of workers earnings and thereby helping to ensure accurate retiree, disability, survivors and SSI payments. In a larger view, the Social Security Administration is on guard for identity theft. This is a challenging task. In our experience, most instances of identity theft have resulted not from any action or failure to act by SSA, but from the proliferation of personal information in our society. The disclosure of SSNs by private citizens and organizations are prime among them. While SSA cannot control the disclosure of SSNs, we can and are doing a better job in areas that we can control, such as enumeration and misuse detection. Thank you for asking us to testify on this issue. Chairman SHAW. Mr. Lockhart, if someone comes into this country, perhaps on a student visa or whatever, opens a bank account, the bank will require that person to supply their Social Security number. This is needed for the reporting of interest and things of that nature that account might be subject to. Is there any indicator on the Social Security number as to the status of that particular person? Is there any indication on the Social Security card as to the status of that particular person? Now, this is not on a work visa. Mr. LOCKHART. Yes. First of all, if a student comes into the country with a J-1 or F-1 visa, and is not authorized to work, we will not give him a Social Security card. So, that's the first step. They have to be authorized to work to get a Social Security number. Let's assume that the university tells us that they are authorized to work, and we get a letter from the university to that effect, and we do the verification with the INS about the visa, we would then give them a Social Security number. The Social Security number itself has nothing special on it, but the card would say that the employer should check the INS documents in that case. Chairman SHAW. If the person who the card is issued to then decides to go to work and supplies that identification number to the employer without showing him that card, what happens at that particular time, assuming then that the person takes the job and the Federal Insurance Contributions Act (FICA) wages are paid into the Social Security Administration? Mr. LOCKHART. Again, assuming that he or she got the card legitimately, there is no problem. That is what is supposed to happen, that they will pay the FICA taxes in, and assuming we have verified the documents with the INS, the card was given legitimately. The employer still is supposed to look at the documents to make sure that they are legitimate. Chairman SHAW. I understand the employer would be liable for other penalties for not properly checking the resident status or exactly why that person happens to be in the country, whether they be a citizen or a noncitizen. Mr. LOCKHART. Now, in the circumstances that you posed at the beginning, if they were not authorized to work, if we did not give them a Social Security number, in theory, they can go to the U.S. Department of the Treasury and get a taxpayer number. That is a 900 series. It looks like a Social Security number, but that is a separate series and is not part of the Social Security system. Mr. JOHNSON. Would the gentleman yield? Chairman SHAW. I am a little confused here. I will be glad to yield in just a moment, but I am a little confused here because the person who you issued the Social Security number to may not be authorized to work or may not be here on an actual work visa. Is that not correct? Mr. LOCKHART. Under our new procedure, that should not happen. As of September 1, we are verifying all documents with the INS, and they are telling us that the document is good before we give the Social Security number out. Unfortunately, I think in the past, before the new procedure, there was a procedure at Social Security, where, if someone had been in the country only 30 days, our field office looked at the documents, put them under black lights and checked them to see if they were real. If they were a really good forgery, they might have been faked or something, and they could have possibly gotten a Social Security number on documents that were counterfeit. Chairman SHAW. The gentleman from Texas? Mr. JOHNSON. Thank you, Mr. Chairman. I would like to follow up on that because just in Dallas, Texas, this month, they caught a bunch of illegals in an 18- wheeler, some of which died. You are aware of that case, I am sure. My question is, there were 26 of them that were released on the spot in the United States and told they could get a Social Security number from you and go to work. Now, how do you account for that kind of thing? Mr. LOCKHART. I am not actually aware of who made that statement. Mr. JOHNSON. The lady who runs the district office for the Immigration and Naturalization Service there in Dallas. They let them go for 2 months, and she told me that they would get Social Security numbers and be given work permits. Three of them were allowed to go, one to Chicago and two to New York City, from Dallas. Mr. LOCKHART. Well, under our present procedures, they would have had to have a document from the INS saying that it was valid for them to work. If the INS had given that document to them, yes, if you bring in a valid document---- Mr. JOHNSON. You give them a Social Security number just on the basis of the Immigration and Naturalization Service letting an illegal have a work document temporarily? Do you put any time limit on the Social Security number? How do you know they are not all terrorists? Mr. LOCKHART. Again, our job is to give a Social Security number when we have valid documents from the Immigration and Naturalization Service. We get the documents, we look at them, we check them, we go into the INS system, we check it against the INS system. If it is not in the INS system, then we send a paper request to the INS to get them to verify that there is a real document that authorizes them to work. It is not the Social Security Administration's job to decide whether they are authorized to work. It is our job to give them a number once they are authorized to work, so that they will pay taxes into the Social Security fund and to the Internal Revenue Service (IRS). Chairman SHAW. Reclaiming my time, there are situations where someone can get a nonworking Social Security number. Now, that Social Security number, can an employer or anybody look at that number and say, ``Hey, that's a nonworking Social Security number''? That is my question. Mr. LOCKHART. Yes, there are circumstances. Historically, there were more circumstances. As of March this year, we are only giving them to people who are not working that are required by some benefit system--I think we will give about 20,000 or 30,000 out a year from now on. Previously, we did it for a driver's license, but those cards themselves say ``not eligible for work.'' There is no special number, and we are looking at a special number. It is one of the things we are looking at. Chairman SHAW. That is what I wanted to get at. I think that when we do issue a nonwork Social Security number, it ought to have something on it, a letter, a prefix, or something, that would identify it as ``this is not for purposes of work.'' Mr. LOCKHART. We are looking at a special series, just like, as I mentioned, the Treasury Department has the 900 series. We are looking, potentially, at a special series for anybody that doesn't have a permanent right to work in this country. Chairman SHAW. Do you know if you can do that without legislation from us? I believe you can. Mr. LOCKHART. I believe we can. Yes, sir. Chairman SHAW. If you need legislation, come back, and we will work on it. Mr. Gekas? Chairman GEKAS. Yes, I thank the Chair. Mr. Lockhart, pursuing some of the questions that emerged from the statements and questions that were posed by the gentleman from Texas, Mr. Johnson, you said that after September 11, you undertook several initiatives to pin down the ability to grant Social Security numbers to only those who deserved them. The questions posed by Mr. Johnson implicate the Immigration and Naturalization Service in the wholesale admission of people first into the country and then to allow them to seek and gain Social Security numbers. Were there any recommendations made by the Social Security Inspector General in his recent report with respect to this problem, the reliance of Social Security on INS in its processing of prospective new numbers? Mr. LOCKHART. Well, the Inspector General has recommended, I think for several years, to do what we just implemented. One of the points I would like to make is that both Commissioner Barnhart and I came in after September 11, and we looked at all these things, and we saw that there were holes in our system, and we want to correct them. We have corrected a lot, but we have more room to go. We are very concerned about this issue, and we will work on it. The key recommendation that the Inspector General had made is that we verify every document with the INS. Every document that authorizes someone to work, we first go into the computer system. If it is not in their computer system, then we actually send a copy of the document to the INS and ask them to verify it. So, that is our procedure, and we are following it now. It may, in some cases, slow up persons getting a Social Security number, but we think it is well worth it. Chairman GEKAS. Do you hold up issuance of the number until submissions are made to you by the INS so that you are perfectly---- Mr. LOCKHART. Under our new procedure that we began implementing about 3 months ago and finished September 1, that is correct. We do not issue a Social Security number if the documents have not been verified by the INS. Chairman GEKAS. Speaking of the recommendations of the Inspector General, were they before September 11 or after, or both? Mr. LOCKHART. As I remember, they were both. Chairman GEKAS. Do you have a scorecard on the recommendations made and where you are in implementing or attempting to implement those recommendations? Mr. LOCKHART. Yes, Mr. Chairman, we do have a scorecard. We have been working very diligently. This task force that I mentioned in my testimony has a whole series of initiatives. We have implemented a lot of the major ones, but we are looking at other ones. For instance, the one that Chairman Shaw mentioned about a special series of numbers for nonpermanent Social Security cards. So, we are working very diligently through this list. As I said, both Commissioner Barnhart and myself are really extremely serious about making sure that only people who are authorized to work, only people who should get Social Security numbers, are getting them in this country. Chairman GEKAS. I would like, personally, and perhaps the other Members would also benefit from it, if we could actually produce such a scorecard, that is, to list the recommendations on the left and then give us completed or implemented or about to be implemented or on the way, some kind of indication as to what the recommendations were and what progress has been made in implementing those recommendations. I would be interested in that kind of graph. Mr. LOCKHART. We certainly will be happy to provide that for the record, Mr. Chairman. I think as you talk to our Inspector General when he comes up in the next panel, I think he will tell you that we are making extremely good progress on this issue. Chairman GEKAS. Well, you will have time to do it right before he takes the stand. [Laughter.] Mr. LOCKHART. Well, I have some versions of it here, but-- -- Chairman GEKAS. You can start the conversation now. I yield back the balance of my time. Chairman SHAW. Thank you, Mr. Gekas. Mr. Becerra? Mr. BECERRA. Thank you, Mr. Chairman. Thank you for you testimony, Mr. Lockhart. I appreciate it. Let me make sure, before I ask the particular questions that I have, I want to make sure that I understand something correctly. There are some 600,000 Social Security numbers that come to your attention that are based on nonwork-authorization Social Security numbers, correct? Mr. LOCKHART. Yes, let me explain it. We have, really, three major categories of Social Security cards. One is, you are authorized to work. You are either a citizen and you got it at birth, you have been authorized to work, or you have been permanently allowed in the country. The second one is that you are authorized to work with INS documentation, and the third one is that you are not authorized to work. We used to give those out because many State driver's license departments required them, and we have given out, unfortunately, many millions of those. Every year, as we get the wage earnings reports in, those 250 million that I mentioned in my testimony, we get about half a million wages on nonwork Social Security numbers. Now, that doesn't mean that they are not authorized to work because they may not have come in to us again to get their Social Security card updated. Mr. BECERRA. That was going to be my point, because I am familiar, being from California, that there are a lot of folks who start with a nonwork Social Security number but then ultimately obtain the authorization to work. Then, for whatever reasons, either they or the employer, somehow the information doesn't get to the Social Security Administration immediately. So, until that information gets to you, they are categorized as nonwork-authorized Social Security numbers. Mr. LOCKHART. That is correct. Mr. BECERRA. Okay. Let me get back to the whole issue, because it is becoming clear, now that Social Security has been able to give us more and more information, that you are trying to clean up these files, which for years have been building up and up in terms of the number of cases where we haven't been able to identify all the pertinent information for an individual. My understanding is you obtain, on a yearly basis, claims or numbers or information on cases for about 250 million Social Security numbers. Mr. LOCKHART. What we receive are wage reports from employers. Oftentimes, people change jobs, so there are actually less people working than the number of wage reports. Mr. BECERRA. The information I have is that there are some 250 million wage reports on an annual basis, representing about 150 million workers. When you run those through your checks, at the onset, there is about a 1 in 10 nonmatch for those wage reports, incorrect name, some information doesn't correspond. It doesn't mean that it is not a valid Social Security number. It just means that, of those 250 million, 1 in every 10 or so came up with some red flag. Mr. LOCKHART. Right. It didn't match. Mr. BECERRA. It didn't match. You are then able to reduce that to about 2 or 3 percent, versus about 10 percent, correct? Mr. LOCKHART. Well, 3 percent yes. Mr. BECERRA. Three percent, and that is your suspense file? Mr. LOCKHART. Exactly. Mr. BECERRA. Within that suspense file, my understanding is that you have a caseload of about--is it 250 million of these? Mr. LOCKHART. Yes. We have, in the suspense file---- Mr. BECERRA. About 237 million. Mr. LOCKHART. Yes, 237 million. Exactly. Mr. BECERRA. So, 237 million. In tax year 2000, you received some 9.6 million more of these wage reports that went into the suspense file. Give me a sense of what it takes to close a case on one of these files. What does it take to do the final check, to determine if there was just an error or if we have to do some further checks? Mr. LOCKHART. We have computer teams that catch about two- thirds, as you mentioned, of the mistakes. It can be typos. Someone's maiden name hadn't been changed in our records. Some Hispanic names get transposed. They are having that problem right now at the California Department of Motor Vehicles. I was out there a week or so ago, and there is a lot of activity there. So, our routines catch some of that. So, as we have done for many years, we then send out to the employees whose wage report we are getting, a letter telling him we are having a problem with mismatching. We send close to 10 million of these letters out a year, and we have been doing it for years, and about 1 million-plus, we don't have a good address for the employee, so we actually send it just to the employer. We ask them to come to the Social Security office and straighten it out, submit a form called a W-2C for correction. Mr. BECERRA. What is the resource requirement for you to do that along with administering all the retirement benefits, dealing with survivors' benefits, disability claims? What is the separate resource requirement to deal with the suspense file? Mr. LOCKHART. I don't really know the number, to tell you the truth. The initial piece of it is pretty computerized, and so, the cost is reasonable, but when they start coming in with the information, then it takes up a lot of field office time. It is an important thing to do because what we are trying to do is correct the record so that when people are disabled, when people are retiring, that we have the right amount of money and we give them the proper benefits. We think it is an important function of the agency. Mr. BECERRA. My time has expired, so I will close and say that perhaps, Mr. Chairman, we can try to follow up and try to get a sense of what it takes for the Social Security Administration to really do the job of getting through that suspense file, because as Mr. Lockhart just mentioned, that is important work. Thank you, Mr. Lockhart. Thank you, Mr. Chairman. Chairman SHAW. Ms. Jackson Lee? Ms. JACKSON LEE. Thank you very much, Mr. Chairman. Mr. Lockhart, thank you again. Would you restate for me the categories of immigrants that you give a Social Security card to? Mr. LOCKHART. There are a whole series of different visas that are created by the INS, and I am not an expert on all this, but really, there are two main categories, if you look at it that way. One is that they are permanently authorized to work, and maybe about a half million of the cards we give each year are that group. The other million or so that we give are temporarily authorized to work under a whole series of things. A lot of them are student-related. Then there are the whole series of people coming in for software firms. The whole series that are given by the INS, but those are temporary. Ms. JACKSON LEE. Do you feel comfortable in the procedures at the Administration, that you are accurately providing those who have documentation to work, that you are fairly accurate, or do you need additional resources or additional assistance in making sure you are accurate on the issuance of those types of cards? Mr. LOCKHART. We feel, with the new procedures, we are doing a lot better job. Now what we are doing is verifying every document with the INS. Now, new and better systems are needed because it is still a pretty paper-intensive process. The INS is starting to get more and more of the documents quickly into the system called the Systematic Alien Verification for Entitlements (SAVE) program. They have a student system coming up next year, which will help a lot. We also have some other important procedures that I think will really help this and really put the workload where it should be. One of these that we are looking at is called Enumeration at Entry, which I mentioned, which would be that the State Department and the INS, when they are giving these work-authorizing documents, that they just send us an electronic message that this person is authorized, so we can issue them a Social Security number. Then we don't have to go through this roundabout procedure. So that is the long-term solution, I think, for a lot of this. Ms. JACKSON LEE. What kind of efforts are you making to get to that point? Certainly, it makes a lot of sense to me. You are talking about, by technology, send an e-mail, a note, a notice, if you will, to the Social Security Administration. Where are you on that? Mr. LOCKHART. We have been working on that for several years. Our systems are all ready for it, and it is supposed to start next month, actually, with the State Department. Then, we will roll it out over time throughout the State Department and the INS. Ms. JACKSON LEE. I think that is an important step to announce or to at least make known that you are moving toward that, because then that helps, if you will, keep the pathway of legality even more on track, because you are getting information as it comes. I think one of the difficulties is trying to go back and restructure documents and to look at what happened as opposed to getting that information as it is happening. Mr. LOCKHART. That is correct. I think that will be a very important step forward. We are going to put a lot of resources in it. As I said, our systems are already ready to do it, and we hope to have it as a very high priority over the next year or two. Ms. JACKSON LEE. To capture of the essence of the problem, you said millions of cards are issued for those with documents and allowed to work. Then there are about a million, if I understand, you left of an ``S.'' You said there are about a million that may come in that don't have documentation or don't have authorization to work but ultimately may secure that. What kind of monitoring do you have to know the ones that are securing it and ultimately may need the right kind of Social Security card? Mr. LOCKHART. Well, what I said, I think, is that there are about a half a million who have permanent authorization to work and about a million a year that we give cards have some sort of temporary work permit. Ms. JACKSON LEE. Then there is a group that---- Mr. LOCKHART. Then there is a whole group that is not authorized to work, and we do not give them Social Security cards. We do not give them Social Security numbers, except for a very, very small group, about now 20,000 to 30,000 a year, that get these nonwork cards because they are authorized for some benefit program, but generally, they would not be a major threat. Ms. JACKSON LEE. So you feel fairly confident that you are not giving now Social Security cards to those without the documentation to work? Do you feel fairly confident of that, in terms of immigrants? Mr. LOCKHART. I visited our field offices in California a couple of weeks ago and watched them work, and it seems to be working, the new procedure. Again, we rolled it out over the last 3 or 4 months. We have 1,300 field offices countrywide. The last one just implemented it September 1. We are very hopeful that this procedure will work and that people will follow it, and they seem to be following it very well. Ms. JACKSON LEE. I thank you. My time is out. I will just simply say the suggestion or maybe what we might have read or heard of millions of individuals who may be immigrants who don't have authorization to work, such as that figure you gave, 20,000 to 30,000, is not as accurate as we may have heard. The number of cards that you are dealing with that are unauthorized to work are about 20,000 to 30,000, and not millions. Mr. LOCKHART. Those that are nonwork cards. Now, there is obviously a whole series of people that are working in this country that do not have legitimate Social Security numbers. As we were talking earlier, some of those are showing up in our suspense file. A lot of our suspense file just may be typos and stuff like that, but there are people that are working, and it is probably in the millions, without proper Social Security cards and numbers in this country. Ms. JACKSON LEE. We will work through that. Thank you very much. Mr. JOHNSON. [Presiding.] Thank you, Ms. Jackson Lee. The Chair recognizes Mr. Hayworth. Mr. HAYWORTH. I thank you, Mr. Chairman. Mr. Lockhart, thank you for coming to testify today. I want to make sure that I understand exactly the status of foreign students who come to the United States to study at our colleges and universities, vis-a-vis Social Security cards. Now, you mentioned some distinctions here; those who come who are authorized to work, those who are on public assistance. Help me nail down the student status. Do we classify that as an authorization to work? Authorized to study? What classification are they given? Mr. LOCKHART. The general student status at, say, a university is, they are authorized to study. Then the INS, as I understand it, has authorized the universities to authorize them to work within the college, not somewhere else, just within the university. The way the statute works is, if they come in with a letter from an authorized person from that university to say this person is authorized to work at the university and is expected to work at the university, then we will give them a Social Security number. Now, what has happened, frankly, is some universities, because they may need Social Security numbers for these individuals for their records or something, are not actually putting these people to work, so that they are not actually working. And yet, we are getting a letter that says---- Mr. HAYWORTH. So, what you have are universities engaged in defrauding the Federal Government, saying they have people working who are not working, to get Social Security numbers? Mr. LOCKHART. We may have some universities sending letters, and they may be interpreting differently than we are. Mr. HAYWORTH. No, no. Let's get down to brass tacks here. If people are attempting to defraud and deceive the Federal Government in wartime for easy bucks, this is serious. Mr. LOCKHART. Yes sir, and I know our Inspector General has looked at some cases. I have heard of situations where a university has actually advertised in foreign newspapers that ``come to our school and we'll get you a Social Security number.'' You know, that is not right. Mr. HAYWORTH. What is the name of the university that has done that? Mr. LOCKHART. I am not sure. I heard about it in our Oklahoma City office, though. Mr. HAYWORTH. Let me ask you a further question. This is very disturbing, to say the least. Maybe this is a question better suited for INS, but do we keep track of the nationalities of those who come to study? Do we know, for example, the number of Iraqi students who are in the United States on study programs or work study programs? Do you have any estimate today how many Iraqi students are here in the United States on a work study program? Mr. LOCKHART. You are right, it is an INS question. We would not have that information in any of our databases. Mr. HAYWORTH. Is there any particular reason not to keep that information? Mr. LOCKHART. Again, what we are looking at is to make sure that people are paying their FICA taxes, and that is what the Social Security number has been created for. It is the INS's job to authorize people to work. That is what they are there for. That is their law. It is not our law. Mr. HAYWORTH. Let me ask you this question. You say things have changed under the new programs, the combination of pre- September 11 reforms and post-September 11 reforms, and we are about 4 months into the situation now. How would you evaluate the level of communication between Immigration and Naturalization Service and the Social Security Administration? Are your computers able to talk to each other? Mr. LOCKHART. Well, first of all, I think we are doing a lot better with communicating with the INS. In fact, I just talked to the Deputy Commissioner there this morning, and we are trying to work better than we have in the past. So, I think on the human level, it is working better. We are having many more meetings. I think they understand our issues now a lot better, and we are beginning to understand theirs. From the computer standpoint, they do have this SAVE program that does tell us when someone is authorized to work. We have access to it in our field office. A person right at the service window who is reviewing a document will have access to the system. I saw them bring one up when I was in California. Momentarily it comes up, and it says whether this person is authorized to work or not. The problem is not all of the data is in there. Mr. HAYWORTH. So, we have incomplete data. Again, as we opened this questioning period, I am very concerned about the status of some colleges and universities who seem to be playing fast and loose with work study. There is perhaps, Mr. Chairman, an appropriate role legislatively to crack down on those who would deceive the government for work study dollars. I see my time has expired. I thank you, and thank you, Mr. Chairman. Mr. JOHNSON. The time of the gentleman has expired. The Chair recognizes Mr. Collins. Mr. COLLINS. Thank you, Chairman Johnson. Mr. Lockhart, you know, we talk about these Social Security numbers, and it seems as though we kind of hand them out in a manner that has no system to it. Do we do benefits the same way? They get these Social Security numbers and they are here and they work temporarily---- Mr. LOCKHART. First of all, I would say that we do have a system for handing out Social Security numbers. We do handout approximately 18 million a year. A major portion of those are actually replacement cards, but we handout about 5 million new cards a year. We do have systems in place. We have significantly strengthened those systems, as I have already said, but there were systems in place before September 11 as well. There were procedures in place. On the benefits side, we have a whole series of systems. I think I can say, having come to Social Security only 7 or 8 months ago, that the systems at Social Security are some of the best in government, and we are always well-rated that way. For benefits, obviously we have some issues with the suspense file, which we already talked about, but I think we do a reasonable job of keeping track of people's benefits. We have maybe that 3-percent error rate, but we have a 97-percent match every year, which is significant. We are talking about $4 trillion in wages a year. So, our systems are doing what I consider a good job. We could do better, and I am not trying to say that we couldn't do better. We could do significantly better, and we are continuing to work on it. Commissioner Barnhart and I have made it very clear since we arrived here that we are not going to accept the status quo. We want to improve this agency dramatically. Mr. COLLINS. Well, that is encouraging, and truthfully, I think you have. I have talked with the Commissioner on several occasions, and you too, and I think you have made some good strides. I have a situation that has occurred in my district, which includes Fort Benning, Georgia. We have a local judge there who has called on a number of occasions, but his first call was in reference to several who had appeared in his court. They were here illegally, didn't have any kind of identification. This is really an INS problem, too, because when he called INS to report them and ask them to pick them up, and this was after September 11 of last year, they said they didn't have the time, didn't have the money, couldn't do it. It was very frustrating to this particular judge. He did call 1 day and said that they had incarcerated a person who was working at Fort Benning. He had a work pass, a work permit, and on that work permit was a Social Security number, and this person was here illegally also. So, he sent a copy of the work permit over the office, and we double-checked it with your office and found that the number had not been issued. How much of that exists? Do we have any idea? That is what this judge said, how much? Fort Benning, too, says, you know, this is not an isolated incident. Mr. LOCKHART. It is a big issue. People make up Social Security numbers. As far as we can tell, all 19 terrorists, or however many that did have a Social Security number, they were all made up, and that is a big, big issue. As I said earlier to a question, there are probably millions in this country with made up Social Security numbers. What we are trying to do is develop--and we do already have in place for employers, for State agencies, the ability to check those numbers with us, either in person or by computers. The idea is that, if they bring in a name, and they bring in a Social Security number, we can tell them if it is real or not. If there is a mismatch, then they should know that there is an issue with the individual. Mr. COLLINS. I am glad that you are communicating with the people over at INS, because it seemed like there was a lot of slack there. For an INS office to inform a judge we don't have the time to pick up people who are here illegally, already incarcerated, something is wrong with that type of system. I think it is a real threat and a danger to us to have people with work permits file Social Security numbers here illegally, working on a military installation. Mr. LOCKHART. Yes. As you may have read in the newspaper, many of the agencies represented on the next panel, including our Inspector General, have been very active at the airports in this area, in verifying Social Security numbers. We are very committed to helping out in those kinds of law enforcement activities because we do believe it is extremely important for this country. Mr. COLLINS. Well, in closing, the Office of the Inspector General for Social Security has been very helpful in this case, too. They are investigating this and investigating the employer. Thank you. Mr. LOCKHART. Thank you. Mr. JOHNSON. Some of my colleagues and myself would like to clarify the statement you made. Did you indicate that all the terrorists had illegal Social Security numbers? Mr. LOCKHART. Well, what I said is, I am not sure if all of them had Social Security numbers, but as far as we can tell-- and the Inspector General has talked to the FBI, and the FBI I guess will be up--as far as we know at this time, none of the terrorists received a Social Security number at one of our offices. That is why we need to use the kinds of systems that we are building. We have had in place systems for 20 years for employers and other people to verify Social Security numbers. They just have not been used. We now have a test, which, again, I mentioned in my testimony, with about eight major employers of an online system. I think over time, if we can do that, it will help protect the Social Security number from people that just make it up. Ms. JACKSON LEE. Mr. Chairman, if you would just yield for just a brief moment? Mr. JOHNSON. I yield to the gentlelady. Ms. JACKSON LEE. There is a question that I left on the table, when you said millions of made-up numbers, you are not saying that there are millions of immigrants with made-up numbers? There are people all over the United States with made- up numbers. Is that what you are saying? Mr. LOCKHART. You have to go back to that suspense file we were talking about. There are 10 million that we can't match every year. A lot of it is typos, wrong names, but there are certainly people in there that are working, whether they are immigrants, illegal or not, I don't know. There are certainly-- I think most people would say many millions that are working without a proper Social Security number. Ms. JACKSON LEE. Not all of one label? Mr. LOCKHART. What? Ms. JACKSON LEE. Not all of one label, one type of people, there are many---- Mr. LOCKHART. We just don't have the data. I mean, if we could find them, we could match them. Ms. JACKSON LEE. We would find out. Mr. Chairman, thank you. I do want to say that the INS is really trying to work on this issue, to the extent that I have visited sites, airports around the country I spent my time visiting. I will tell the Committee, if they have interest, that I literally saw the INS recognize undocumented individuals coming in from a country overseas, and was able to match the fact that their documents were fraudulent and was there to greet them. I saw the action when I was there. They were able to greet them immediately as they deplaned. This is happening across the Nation. I think that we can be assured that they listen to Congress on the responsibilities that they have. I thank the Chairman for yielding. Mr. JOHNSON. I thank the lady for her comments. The Chair recognizes Mr. Hulshof. Mr. HULSHOF. Thank you, Mr. Chairman. Welcome, Mr. Lockhart. We certainly welcome our colleagues from the Subcommittee on Immigration, Border Security, and Claims. A lot of the questions to you, Mr. Lockhart, have been referenced around the issue of illegal immigrants that are here. What I would like to do is focus, as is also the subject of our hearing, on identity theft. Our Subcommittee, the Social Security Subcommittee, has heard some heart-wrenching stories from citizens, sometimes elderly citizens, who have been bilked of thousands of dollars in personal savings, with credit histories being just turned upside down because of identity theft. So, I would like to ask a couple of questions along that line. You mentioned about 18 million cards a year, some of those are replacement cards. What percentage per year are replacement cards? Mr. LOCKHART. About 12.5 million of those, so two-thirds. Mr. HULSHOF. A couple of hypotheticals. If I come in to get a replacement card, I presume I could get one. What if I had just been given a replacement card the week before? Mr. LOCKHART. You can get one with the proper documentation. You just can't ask for it. Yes, assuming you had the proper documentation, you can come in. At the moment, we don't have a limit. It is one of the areas we are really looking at, because not only is there an integrity issue here, there is also a tremendous workload issue. Some of our offices are spending a third of their time issuing replacement cards. So, we are looking at it to see if we should limit the number, to see if we should charge, to see if they even need a replacement card. I mean, what is happening in many of these offices is we have the Supplemental Security Income, SSI, population that we serve, and many of them have mental impairments, are homeless, and they are always losing the cards. We have people that have had 30 or 40 cards, and they are being required by some State agency to produce it. Now, if we can go to more of a verification electronically, that might relieve some of that workload as well. Mr. HULSHOF. So, the Inspector General's recommendation to put perhaps some limit on the number of replacement cards, with some exception for extraordinary circumstances, that would be something that you would support? Mr. LOCKHART. I am about ready to get a white paper on the topic. There is a series of issues. Some of the people I have talked to in the field office say why not charge them something for it. Maybe that will discourage them. A limit would be another way. There is a whole series of ways. I mean, what is important is actually the number, not the card, when you really think about it. Mr. HULSHOF. A couple of other quick areas, as my time is dwindling. If the Social Security Administration receives a report from an employer that indicates that somebody is working in America, say in Phoenix, Arizona, using my Social Security number, do you let me know that? Mr. LOCKHART. What we do, if there is more than one wage report on a Social Security number, we try to unscramble it, and that unscrambling may mean that we call someone. By the time we receive the information, we are receiving information well over a year old on wage reports by the time it is entered in the system. It is probably not very helpful, if your identity has been stolen. You would probably know by then anyway. The other thing we do, though, is we also put out annually the Social Security statement, as you know. In that, when you see it, if there is an incorrect wage, you could call us, and we would unscramble it that way. Mr. HULSHOF. Okay, the final area of questioning regards data sharing with law enforcement agencies. Of course, the Privacy Act does say that agencies can share information with another information for the purpose of civil or criminal law enforcement purposes, if the head of that agency makes a written request. Yet, it is my understanding that regulations within your agency limit disclosure to law enforcement activities relating to serious crimes like murder and crimes of violence. What about identity theft itself? I mean, for instance, if law enforcement were to contact the Social Security Administration and say, ``We are working on an identity theft case. We need some data from your agency to be shared with us,'' would you provide it to them? Mr. LOCKHART. It is not only serious crimes but it also is fraud against a Social Security number, and it is also if our IG opens a case. So, if the law enforcement person comes to the IG, which is where they would come, and the IG opens a case, we would certainly provide the information. We are not protecting identity thieves, in any sense of the word. Mr. HULSHOF. Local law enforcement would then have to go the Inspector General. Mr. LOCKHART. Which is part of Social Security, yes. Mr. HULSHOF. Okay. Thank you, Mr. Chairman. I yield back. Mr. JOHNSON. Thank you. Mr. Brady, do you care to question? The gentleman is recognized for 5 minutes. Mr. BRADY. Thank you, Mr. Chairman. I want to follow up on Congressman Hulshof's questions on collaboration. First, I want to thank the Social Security Administration for your collaboration with law enforcement on Operation Tarmac, which was launched after September 11. It has uncovered a large number of individuals with security clearances working at our Nation's airports under false pretenses, obviously a practice that cannot be allowed to continue. On the 9th of this month, in my community, just 2 days before September 11's anniversary, Operation Tarmac indicted 143 individuals working at Houston's Bush International Airport, the airport that I and many of my neighbors fly in and out of on a weekly basis. These people acquired airport security badges by using a nonexistent Social Security number of someone else's Social Security number. From my viewpoint, the operation was a very solid preventative measure because these individuals each had access to airplanes, ramps, and tarmacs, regardless of their security clearance. You have really addressed the question of what we can do to prevent this type of fraud in the future, but following on to Congressman Hulshof's question, is there not a way to increase cooperation with law enforcement, short of the IG opening up a case? Obviously, what we are tying to do here, the 143 who were indicted, perhaps and most likely there isn't a terrorist among them. Just as you arrest speeders before they cause an accident, someone who tries to buy a gun illegally, in hopes to prevent harm from happening later, it is important that we have these measures in place, even though they may seem to be small, preventative measures. What can we do to increase, short of having to open up a case, to increase this type of cooperation with law enforcement? Mr. LOCKHART. Really, the best way is for the security companies, everybody that is hiring at the airports or anywhere else, to use our systems. We have the systems, and any employer can come in and verify Social Security numbers when a hiring decision is made. That is the best prevention by far, just not to employ them to start with. It is not being used as well as it should, and we are trying to get the word out that we have those systems in place, and they should be using them. So, that is the first thing that should be done. The second thing is, we are continuing to work with our IG and our IG is continuing to work with all law enforcement to see how we can better fit our constraints. Our constraint really is that this is taxpayer information. It is protected by the Internal Revenue Code, and it is a very important issue with them, that taxpayer information is secure. So, we are working with the IRS, and we are working through our IG with the various law enforcement officials. Mr. BRADY. That is a very good answer. My thought was, in the case with Houston's airport, Federal agents went through, under the leadership of our U.S. attorney, Mike Shelby, went through some more than 21,000 individual files to make those match. The good news is, there are only 143 who didn't, which tells you there is a level of security there. My thought was, can we not make it, with certain restrictions, as easy for law enforcement, again, under certain restrictions, to match those numbers as it would be for employers to go online to do it? Mr. LOCKHART. It is an issue we talked about in the agency, and certainly we talked it over with the Inspector General, and he is certainly recommending it. Again, it is an issue that is partially out of our hands, from the standpoint that the taxpayer information belongs to the IRS. So, it is one of the issues that we have to continue to work with them on, as to what are the procedures. We have certainly, as you said, been able to do it for Operation Tarmac, and we hope that we can do it whenever necessary. Mr. BRADY. I was just thinking, if there was some law enforcement clearinghouse at some level that works directly with the Social Security Administration and the appropriate authorities to be able to access, so that you don't have 10,000 going on from different jurisdictions, but actually a good, cooperative, laid-out, disciplined process that speeds up having to run through 21,000 files, where we can do more security because we save time. Mr. LOCKHART. It is certainly something we should consider, yes. Mr. BRADY. Thank you, sir. Thank you, Mr. Chairman. Mr. JOHNSON. Thank you. Let me follow up on that for just a second. I am told, and I would like for you to verify it, that if an employer called you with a number for you to check, you say it is okay or not, but you don't tell them whether the guy is dead or if he is on a nonwork Social Security number. Is that true? Mr. LOCKHART. Yes, sir. That is true. That is a flaw in our system that we are in the process of correcting. I was not aware of that until very recently myself, and I had the same concern that you do, that it doesn't make any sense to verify in that circumstance, if someone is dead or they have a nonwork number. We are making the system changes so that our verification systems will tell that. Mr. JOHNSON. You will be in the near future, then? Mr. LOCKHART. We are implementing those changes. Yes, sir. Mr. JOHNSON. Okay. Let me ask you one other thing. I believe the Social Security Administration Inspector General is on record as supporting Social Security privacy legislation. This bill would prevent numbers from being used as ID numbers for many purposes, including military ID. At a time when military personnel are deployed worldwide, and terrorists are trying to exploit our weaknesses in everything from the Internet to our own financial systems, I don't know if it is wise for the military to be using their Social Security number for everything from checking out equipment to cashing a check. I would like to hear your comments on that. Mr. LOCKHART. There is certainly an overuse of the Social Security number in our society. It has become a de facto identifier one way or another. The problem is that, in many ways, something else will have to be substituted for it. In some cases, it is useful for prevention of fraud and prevention of terrorists. So, there are pluses and minuses to all this. Certainly, in your legislation, there are a lot of reasonable things that we can think about on how to limit the use of the Social Security number, because it has really grown dramatically more than it was ever supposed to do in this country. Mr. JOHNSON. You agree with the original concept, as far as Social Security and tax purposes, period? Mr. LOCKHART. That is the original concept. Unfortunately, I think the cat's out of the bag. [Laughter.] Mr. JOHNSON. Okay. Let me ask you one other quick question. In reference to the illegals that I spoke of earlier, I recognize it is mostly an Immigration and Naturalization Service problem, but if you issue a temporary work permit and the Immigration and Naturalization Service then follows up 2 months later with a letter to these guys, saying, ``You are going to be deported. Come on back home,'' maybe some of them will, how do you get termination on that Social Security number? Mr. LOCKHART. The procedures of the agency have been that, once a Social Security number is issued, it is issued. If we think there has been some fraud, we do put in the record that there has been some fraud, and we won't issue a replacement card, but the numbers are not canceled. Mr. JOHNSON. So, they are out there indefinitely? So, if the guy is deported back to Mexico, let's say, and then comes back across the border, he still has a good Social Security number? Mr. LOCKHART. He still has a Social Security number. If we have entered into our records that we think fraud has been involved, if they came into our office, we could find that out, but it is something that we need to look at. It is an issue that I think we need to look at, as to whether we should do anything to cancel a number. Historically, we never have. We have issued 415 million numbers. Mr. JOHNSON. Thank you. I appreciate your honest testimony and openness with us. We thank you for the job you all are doing over there. Keep up the good work. With that, we will close your testimony and ask the second panel to step up. I am going to turn the meeting over the Chairman Gekas. Mr. LOCKHART. Thank you, Mr. Chairman. [Questions submitted by Chairman Shaw to Mr. Lockhart, and his responses follow:] Social Security Administration Baltimore, Maryland 21235 1. During the hearing, Mr. Lockhart stated that SSA has a scorecard on the recommendations the Inspector General had made to tighten controls related to issuing Social Security numbers (SSNs). As requested by Chairman Gekas, we would appreciate your providing a copy of that scorecard to both of our Subcommittees. ------------------------------------------------------------------------ Scorecard on Inspector General Recommendations to Tighten Controls on Issuing Social Security Numbers ------------------------------------------------------------------------- RECOMMENDATION STATUS ------------------------------------------------------------------------ Congressional Response Report--Terrorist Misuse of Social Security Numbers A-08-02-32041 October 3, 2001 ------------------------------------------------------------------------ Expand the Agency's data matching activities with other Federal, State and local Government entities. --------------------------------------------Ongoing. The Enumeration---- Response Team (ERT) is considering this as part of its long-term efforts. ------------------------------------------------------------------------ Explore the use of other innovative Ongoing. The ERT is technologies, such as Biometrics, in the exploring the use of enumeration process. biometrics in the enumeration process. ------------------------------------------------------------------------ Increase the number of investigative and Ongoing. The FY 2003 IG enforcement resources provided for SSN budget request includes an misuse cases additional 29 FTEs, which will be used for investigative and audit and the OIG technology plan. ------------------------------------------------------------------------ Authorize SSA and SSA's OIG to disclose Partially Completed. OIG information from SSA files as requested will take the lead for by the DoJ and FBI in times of national completing this initiative. emergency and in connection with terrorist investigations. ------------------------------------------------------------------------ Audit of enumeration at Birth Program A-08-00-10047 September 27, 2001 ------------------------------------------------------------------------ Reinvest some of the savings realized by Ongoing. The current EAB the Enumeration at Birth (EAB) program contracts expire on and provide necessary funding, during December 31, 2002. future contract modifications, for the Negotiations for the new Bureaus of Vital Statistics (BVS) to contracts with the States perform periodic independent began in March 2002. We reconciliations of registered births with have proposed the statistics obtained from hospital's labor recommended review to the and delivery units and to periodically states in negotiations for verify the legitimacy of sample birth the new contracts. We records obtained from the hospitals. expect the negotiations to be completed by December 2002, with the new contracts effective from January 1, 2003 through December 31, 2007. ------------------------------------------------------------------------ Enhance its duplicate record detection and Ongoing. SSA plans to prior Social Security number (SSN) enhance its system to detection routines to provide greater prevent the assignment of protection against the assignment of multiple SSNs for identical multiple SSNs. cases with different birth certificate numbers, but an implementation date for this enhancement has not been determined. ------------------------------------------------------------------------ Instruct FO personnel to exercise greater Completed. Instruction care when resolving enumeration feedback issued via Emergency messages generated by the system. Message on December 27, 2001. ------------------------------------------------------------------------ Cross-reference multiple SSNs assigned to Completed. SSA has completed the 178 children within the sample. the cross-referencing of these SSNs. ------------------------------------------------------------------------ Continue to monitor the timeliness of BVS Completed. SSA has taken a submissions and work with those BVSs that number of actions with the are having difficulty complying with the States to assist them in timeframes specified in the contracts. complying with current contract timeframes. These include attending a yearly conference of all State registrars, presenting EAB findings to the participants, and establishing a ``Frequently Asked Question'' or FAQ, on SSA's Internet site. ------------------------------------------------------------------------ Obstacles to Reducing Social Security Number Misuse in the Agriculture Industry. A-08-09-41004 January 22, 2001 ------------------------------------------------------------------------ Expedite implementation of the initiative Partially Completed. SSA to improve communication of name/SSN began a pilot of its online errors to employers and employees. Social Security Number Verification System (SSNVS) in April 2002, and expects to expand the pilot in early 2003. ------------------------------------------------------------------------ Introduce legislation that would provide Ongoing. Currently IRS has SSA the authority to require chronic the authority to penalize problem employers to use Enumeration employers who do not comply Verification System (EVS). with wage reporting requirements. IRS has recently announced that they will impose penalties. SSA is working with IRS to support them in this effort. ------------------------------------------------------------------------ Collaborate with the INS to develop a Ongoing. IRS has implemented better understanding of the extent that a task force to review immigration issues contribute to SSN their policies and misuse and growth of the Earnings procedures regarding Suspense File (ESF). Additionally, penalizing employers who reevaluate its application to existing send SSA bad names and disclosure laws or seek legislative SSNs. We are reviewing our authority to remove barriers that would regulations to determine if allow the Agency to share information current SSA regulations regarding chronic problem employers with provide sufficient the INS. authority to share information with other agencies, including INS, in situations that are consistent with the purpose of Social Security programs and SSA's disclosure policy. ------------------------------------------------------------------------ Procedures for Verifying Evidentiary Documents Submitted with Original Social Security Number Applications A-08-98-41009 September 19, 2000 ------------------------------------------------------------------------ Accelerate negotiations with United States Partially Completed. SSA Immigration and Naturalization Service implemented the first phase (INS) and Department of State (DOS) to of EaE in October 2002, and implement the Enumeration at Entry (EaE) is working with INS on program. Once implemented, all non- identification of the next citizens should be required to obtain phases. their SSNs applying at one of these Agencies. ------------------------------------------------------------------------ Continue efforts and establish an Partially Completed. The implementation date for planned systems Comprehensive Integrity controls that will interrupt SSN Review Process (CIRP) was assignment when multiple cards are mailed implemented in 1999. Based to common addresses not previously on certain characteristics determined to be legitimate recipients of the information input (for example, charitable organizations) into Modernized Enumeration and/or when parents claim to have had an System (MES), CIRP improbably large number of children. identifies high-risk transactions that are subject to a monthly management review (such as too many cards being sent to one address). SSA continues its efforts to implement enhancements to the MES, however, the timeline for these enhancements has been impacted by the implementation of the near- term changes recommended by the Enumeration Response Team. ------------------------------------------------------------------------ Obtain independent verification from the Completed. SSA now obtains issuing agency for all alien evidentiary independent verification documents before approving the respective for all alien evidentiary Social Security number applications until documents. the Enumeration at Entry program is implemented. ------------------------------------------------------------------------ Propose legislation that disqualifies Unable to implement. We are individuals who improperly obtain SSNs unable to implement this from receiving work credits for periods recommendation because INS that that they were not authorized to does not have historical work or reside in the U.S. information on when an individual was or was not authorized to work. ------------------------------------------------------------------------ Effectiveness of Internal Controls in the Modernized Enumeration System. A-08-97-41003 September 14, 2000 ------------------------------------------------------------------------ Require field office (FO) management to Ongoing. Management is perform periodic quality reviews of required to perform quality processed exception messages (EMs) and reviews and as additional provide appropriate feedback and related enumeration training needs training to FO personnel. are identified refresher training is provided to FO personnel. ------------------------------------------------------------------------ Require FO personnel to document the basis Ongoing. Most EMs require of all resolution actions taken on EMs only routine review and for an appropriate period of time to decision; FO managers facilitate management review. receive and review listing of pending EMs that are coded as suspect or fraudulent. ------------------------------------------------------------------------ The Social Security Administration is Pursuing Matching Agreements with New York and other States using Biometric Technologies A-08-98-41007 January 19, 2000 ------------------------------------------------------------------------ Pursue a matching agreement with New York Ongoing. SSA will begin a so that the Agency can use the results of pilot for verifying the State's biometric technologies to claimant identity by reduce and/or recover any improper picture ID in early 2003, benefit payments. and is exploring the possibility of using matching agreements. ------------------------------------------------------------------------ Initiate pilot reviews to assess the cost- Ongoing. SSA continues to efficiency of matching data with other discuss its privacy States that have employed biometrics in concerns with such matches their social service programs. with the OIG. ------------------------------------------------------------------------ Review of Controls over Nonwork SSNs A-08-97-41003 September, 1999 ------------------------------------------------------------------------ Conduct periodic quality reviews of Completed. SSA's Office of processed SSN applications and provide Quality Assurance (OQA) timely feedback to field office (FO) conducts periodic reviews personnel. of processed SSN applications and timely feedback is provided based on their findings. SSA has expanded our performance indicators for enumeration for Fiscal Year (FY) 2003 and beyond. ------------------------------------------------------------------------ Propose legislation to prohibit the Unable to implement. We are crediting of nonwork earnings and related unable to implement this quarters of coverage for purposes of recommendation because INS benefit entitlement. does not have historical information on when an individual was or was not authorized to work. ------------------------------------------------------------------------ SSA should perform its own actuarial Unable to implement. Because calculations of the effects of nonwork it is not feasible to quarters of coverage on benefit payments, accomplish this if deemed necessary to support changes in recommendation, SSA has not legislation. pursued this analysis. ------------------------------------------------------------------------ Review the 452 unrestricted SSN's Completed. It was processed by the California FO's established that the temporary SR to identify other coding employee misunderstood errors that resulted in the incorrect operating instructions, issuance of SSN cards containing work resulting in the employee authorization. making the same error on all of the incorrectly processed applications. The situation has been corrected. ------------------------------------------------------------------------ Using Social Security Numbers to Commit Fraud A-08-99-42002 May 28, 1999 ------------------------------------------------------------------------ Incorporate preventive controls in Ongoing. SSA continues its Modernized Enumeration System (MES) that efforts to implement address 1) multiple SSNs to a common enhancements to the address, 2) parents claiming an Modernized Enumeration improbably large number of children, 3) System (MES). 1) There is known fraudulent documentation used as an end-of-line integrity evidence in support of SSN applications. review for too many cards to the same address, 2) software changes in 2003 will interrupt the assignment of the SSN to parents claiming an improbably large numbers of children, and 3) currently in place is software which interrupts the issuance of a card where there is a fraud indicator on a prior application. ------------------------------------------------------------------------ Continue efforts to have INS and the State Partially Completed. SSA Department collect and certify implemented the first phase enumeration information for aliens. of its Enumeration at Entry (EaE) program with the State Department in October 2002, and is working with INS on identification of the next phases. ------------------------------------------------------------------------ SSA should require verification from the Completed. Effective June issuing state when an out-of-state birth 2002, we started collateral certificate is presented as evidence for verification of birth an SSN application. records for all U.S. born SSN applicants age one and older. ------------------------------------------------------------------------ SSA should require that the field offices Completed. SSA now obtains obtain independent verification of the independent verification alien's evidentiary documentation from for all alien evidentiary the issuing agency (e.g., State documents. Department, INS) before approving the SSN application, if an alien chooses to visit a SSA office to apply for his or her SSN. ------------------------------------------------------------------------ 2. During the hearing, Mr. Johnson, who represents the Dallas area in Texas, mentioned that illegal aliens in an 18-wheeler had been apprehended. Approximately 26 of the individuals were released and told by the local Immigration and Naturalization Service (INS) office that they could get a Social Security number from SSA and go to work. Can you provide more details on this situation? Our understanding is that approximately two dozen Mexican immigrants survived a harrowing journey that began in El Paso and ended in North Texas aboard an unventilated tractor trailer rig. Two men died of heat exhaustion and nearly a dozen others were hospitalized briefly for heat stress. Because of the need for witnesses against the smugglers when the cases come to trial, the INS granted the immigrants permission to work. The Attorney General pursuant to Sec. 212(d) [8 U.S.C. Sec. 1182(d)] of the Immigration and Nationality Act has the authority to parole individuals into the United States for reasons specified in the Act and provide them with work authorization. Inquiries should be directed to the Department of Justice because once the Attorney General exercises his discretion and issues work authorization, SSA has no discretion. Section 205 (c)(2)(B)(i) of the Social Security Act requires that the Commissioner of Social Security issue a work Social Security Number if an individual has a valid INS work authorization. 3. The Earnings Suspense File (ESF) has increased more than fourfold in the last 10 years. The SSA's Office of Inspector General (OIG) found there are patterns of reporting errors among certain employers, including identical Social Security numbers (SSNs) used for more than one employee, non-issued SSNs, and consecutively numbered SSNs--all of which end up in the Earnings Suspense File. There are also many instances of employers and industries that continually submit erroneous wage reports--one study of 20 agriculture employers in which 60% of their wage reports had inaccurate names or SSNs and who submitted almost $250 million in mismatched wages between 1996 and 1998--and that three industries (agriculture, food and beverage and services) account for almost half of wage items in the suspense file. What is the agency doing to address this growing file? Is SSA making any special endeavor to refer these employers to the Immigration and Naturalization Service (INS) or the Internal Revenue Service (IRS) or to otherwise target them for corrective action in submitting erroneous wage reports? What else can be done? Please also provide information requested by Mr. Becerra regarding the administrative costs associated with the ESF (sending out letters responding to workers/employers' questions, and so forth). The ESF contains approximately 238.2 million items (name/SSN mismatches). This covers items submitted for tax years (TY) 1937 through 2000. Approximately 25 percent or 61.6 million items were added to the ESF for TYs 1991-2000, which is an increase of about one-third. SSA developed a tactical plan to address the growth and management of the ESF. As a result SSA: LHas instituted multiple computer-matching routines to increase SSA's ability to match a reported name/SSN that does not match SSA's record with the correct record. LIs building a new process that would electronically find millions of additional matches and post them to the correct earnings record. The new process would compare earnings items to the Master Earnings File (which includes the Employer Identification Number), the benefit record, and the Numident (the record of SSNs assigned to individual names). (The current matching process compares earnings items only to the Numident.) The new process would also employ new techniques with earnings record patterns to match the earnings to the correct individual. It is estimated that at least 30 million items would be removed from the suspense file and credited to the records of individual workers. If so, benefits for several hundred thousand beneficiaries would be increased. LProvides regional office assistance to employers with a high volume of mismatches to assist them in improving the accuracy of their records. LIs discussing with IRS its existing authorities to penalize employers who contribute a large number of or a high percentage of name/SSN mismatches to the ESF. (The penalties for submitting erroneous records are in the Internal Revenue Code.) We understand that the IRS has begun to pilot a process to penalize these employers. LCurrently piloting with a small group of employers the Social Security Number Verification Service (SSNVS), an Internet option to verify the accuracy of employees' names and Social Security Numbers (SSN) by matching the employee-provided information to SSA's records. SSA's current system provided to the employer community through SSA's 800 number and through electronic (magnetic tape, diskettes) and paper processing is time consuming for employers. An Internet option will be more efficient and encourage more employers to use SSA's name/SSN verification program for new employees, thereby reducing items posted to the suspense file. LDeveloped and conducted outreach programs to the employer and payroll communities to address the issue of correctly matching names and SSNs. SSA staff have spoken to numerous employers and payroll groups on this and related issues. SSA has made changes to our publications to help employers better understand the issues. In our quarterly publication, the ``SSA/IRS Reporter,'' which is sent to over 6.5 million businesses, we have had numerous articles on the importance of providing correct name/SSN information on the Form W-2. SSA has built a website that is designed specifically for employers to address their payroll reporting issues and provide guidance. LHas worked with both the INS and IRS on the mismatch issue. Both agencies have incorporated training on the importance of name/SSN information into their training programs for businesses. LHas revised the letters sent to the employer to provide more detailed information about name/SSN mismatches. SSA also provides detailed step-by-step instructions of what the employer should do to resolve the discrepancy. The letters highlight the responsibilities of employers and the rights of employees when there are name/SSN mismatches. LWorked with the IRS to revise the Form W-2 and its magnetic and electronic formats to provide separate first and last name fields to facilitate capturing the proper last name. This separation of the last name better assures that the information reported can be properly matched to SSA's records, especially in cases where a person has a multiple or hyphenated last name. Similar name presentation changes have also been made to the Form W-4. LModified the Spanish version of the Form SS-5 (Application for a Social Security Card) to separate the first name from the last name. There are plans to make similar changes to the English version of the Form SS-5. LImproved the timeliness of the notices sent to every employee whose name and SSN do not match requesting correction information. LHas engaged Price Waterhouse Coopers to review the Agency's management practices of the ESF and make recommendations as appropriate for improvement. You asked if SSA is making any special endeavor to refer these employers to the INS or the IRS or to otherwise target them for corrective action in submitting erroneous wage reports. SSA shares name and SSN mismatch data reported on the Form W-2 with the IRS since SSA processes these forms on behalf of the IRS. SSA is working with IRS cooperatively in the development of its penalty program. SSA is precluded from making referrals of name/SSN mismatch information to the INS due to section 6103 of the Internal Revenue Code, which prevents SSA from sharing tax information with other agencies. In response to your question concerning what else can be done, SSA is now piloting an Internet based SSNVS. This is a free service where employers can verify that the name and SSN on their payroll records matches SSA's records. Expanding this limited pilot to the entire employer community will offer an inexpensive and easy way for all employers to verify their employee's names and SSNs. As far as the administrative costs associated with the earnings suspense file, SSA sends a notice to every individual whose name and SSN does not match SSA's records. For TY 2001 (calendar year 2002), it costs SSA approximately $5.4 million to send these notices. SSA also sends notices to employers. For TY 2001, SSA sent notices to all employers that had an item go into the ESF at a cost of $600,000 for the 944,000 notices sent. There are additional costs associated with both types of notices: LOver $200,000 for system maintenance and cyclical changes; and LAn average of $9.00 for each call to our National 800 number generated by the notices. We estimate that we received about 100,000 inquiries about the TY 2001 letters. 4. SSA shares information on work credited to non-work SSNs with INS annually (worker name, address, employer, wages). What does INS tell you they do with the information? In 2000, about 9.6 million wage items representing $49 billion in wages did not match SSA's records. The SSA IG recommended that SSA share information on wage records that do not match SSA files. The IG also recommended that SSA match Office of Child Support Enforcement files with non-work SSNs and share that data with INS. What are your views and do you plan to take action on these recommendations? With regard to the INS' use of information on work credited to non- work SSNs, we defer to the INS for an explanation of what they do with the information and its usefulness. Concerning IG's recommendation that SSA share information with INS on wage records that do not match SSA files, SSA does not have the legal authority to share such records with INS. Whether or not the wage records submitted to SSA match SSA records, they constitute tax return information subject to the disclosure restrictions in the Internal Revenue Code (IRC) (26 U.S.C. 6103). section 6103 of the IRC prohibits sharing of wage records when SSNs on those records do not match information in SSA records. With respect to the IG recommendation that SSA match Office of Child Support Enforcement files with non-work SSNs and share that data with INS, SSA cannot act on this recommendation for reasons similar to those cited above regarding sharing wage data with INS. SSA's access to and use of OCSE data is subject to limitations specified in section 453 of the Social Security Act (the Act) (42 U.S.C. 653). Section 453(l)(1) of the Act prohibits SSA from sharing this information with INS. 5. Do you believe it would make it easier for employers to identify illegal workers if the SSN number itself was changed to indicate whether the person is not authorized to work? If so, are you planning to implement this change and if yes, when? It is not clear if the SSN itself were changed to indicate whether the person is not authorized to work whether it would significantly help employers identify ``illegal'' workers. Most illegal workers use made up numbers. The best way for employers to identify them is to use one of SSA's matching systems. 6. An article published by The Deseret News, of Phoenix, Arizona, on Tuesday, October 01, 2002 entitled ``Thefts of Social Security ID rising fast,'' by Pat Reavy, Deseret News staff writer, described the substantial problems of a retired woman named Frances Stone, aged 70. According to the article: L``. . . in 1992, Stone noticed her Social Security checks were getting smaller. After some investigating, Stone discovered that the woman who allegedly took her wallet, an illegal immigrant, had gotten a job and was earning wages using her Social Security number. The government thought Stone was earning more money than she really was. Now, 10 years later, the problem still hasn't been settled. Each year Stone's Social Security checks are cut, and each year she has to go through a lot of red tape to prove somebody else is using her Social Security number. And each year it takes three to four months' worth of phone calls and letter writing to get the matter cleared up.'' The SSA sent some eight million letters to people identified with ``mismatched SSNs.'' How many of these were to people who are using someone else's SSN? Has the SSA compiled any reports as to how many people receiving SSA benefits are experiencing the same kind of fraud experienced by Frances Stone? How many citizens and lawful residents are now subject to erroneous records of SSA benefits and don't recognize the problem? If SSA receives a report from an employer that indicates someone else is working using another's SSN, would SSA contact the true owner to let him or her know? Doesn't the SSA have a responsibility to the person to whom the SSN was lawfully issued? Why not? SSA is committed to achieving the results our citizens expect. We regret the difficulties that Frances Stone experienced resulting from the theft of her wallet. Her earnings record is now correct. SSA/OIG does not have enough information to determine how many no- match letters went to people who are using someone else's SSN. For Tax Year 1999, SSA has over 8.3 million wage items in suspense because the name/SSN on the employer wage reports failed to match SSA's records. SSA produced no-match letters in an attempt to resolve these suspended items. About 2.6 million wage reports could not be matched due to zero SSNs, invalid SSNs, no names, and so forth. About 5.7 million wage reports contained SSNs that matched SSA's records; however, the names did not match. SSA/OIG does not know how many of the 5.7 million letters were mailed to individuals who used someone else's valid SSN. Without a valid name/SSN match, these earnings could not be posted to an individual's master earnings record. Although 5.7 million of the wage items could have led to letters going to people who are using someone else's SSN, they could have also gone to the owner of the SSN who used an incorrect name (i.e. married name, improperly hyphenated name, and so forth.) Since these items are still in need of resolution, SSA/OIG cannot determine the actual number of people who are using someone else's SSN. You asked, if SSA receives a report from an employer that indicates someone is working using another's SSN, would SSA contact the true owner to let him or her know? SSA does not notify the actual SSN holder if someone is using his or her SSN. SSA has a number of ongoing processes to obtain the correct name and SSN associated with the wages, including manual and automated edits. Due to these internal efforts, notifying the actual number holder of this situation may be premature and create unnecessary alarm. In addition, the earnings history of the SSN owner, as well as their status with SSA's programs, has not been impacted since the wages earned by the other user (who may or may not have fraudulently used the number) remain in suspense. SSA does not have reports as to how many people receiving SS benefits are experiencing the same kind of fraud experienced by Frances Stone. SSA's IG is currently completing an audit of Internal Revenue Service referrals to SSA where a taxpayer has claimed that someone else is working under their name and SSN. IRS refers such cases to SSA so that their earnings history within SSA's records can also be corrected. SSA/OIG's audit work has found numerous instances of potential and actual identity theft. While SSA/OIG does not know how many other citizens and lawful residents do not recognize this problem, SSA does send annual Social Security statements to the public which allow the individuals to identify anomalies in their earnings records. SSA has a responsibility to ensure that the earnings recorded on all wage reports with names/SSNs that match SSA's records are properly posted to employees' earnings records. In addition, should the SSN owner request a correction to their earnings history, SSA has the ability to do so. SSA also has the ability to assign a new SSN if this is the only means of resolving an identity theft situation. SSA allows a second SSN to be issued when: (1) attempts to locate the individual using the number holder's SSN have been unsuccessful; (2) the number holder has earnings posted to his/her account in the last 2 years which belong to someone else; (3) the number holder requests or agrees to accept a new SSN; and (4) the number holder has cooperated with SSA. 7. What is the timeframe for merging your data systems so that employers who verify SSNs will be notified that an SSN is a non-work SSN or that the individual assigned the SSN is deceased? Modifications to include additional verification information are planned for the Internet based SSNVS (Social Security Number Verification Service) now in an initial pilot phase. The next step in that process is to expand the pilot to include additional employers. 8. The Privacy Act says an agency can share information with another agency for purposes of civil or criminal law enforcement activity if the head of that agency makes a written request. However, your regulations limit disclosure to law enforcement activities related to serious crimes (e.g., murder, kidnapping) where the person has been indicted or convicted and to criminal activity involving the Social Security program or similar programs, correct? Does this mean that employers can request verification of basic information, but law enforcement agencies cannot? SSA's authority for verifying SSNs for employers and law enforcement entities is separate and distinct. SSA verifies SSNs for employers under the Privacy Act's routine use provision (5 U.S.C. 552a(b)(3)). For law enforcement, the disclosure authority is 5 U.S.C. 552a(b)(7). SSA's verification of SSNs for employers is for a compatible purpose, i.e., routine use, because employers' submittal of wage reports to SSA is a part of SSA's business process. It is in SSA's interest that employers submit wage reports with correct SSNs so that the Agency can post wages to the correct individual's record. These verifications enable the Agency to maintain correct wage records on which to base individuals' future retirement, survivors or disability benefits. Unlike verifying SSNs for employers, the disclosures SSA makes for law enforcement purposes generally are for non-program related purposes; thus are more limited. These disclosures are based on a balanced policy that provides service to the law enforcement community while maintaining the confidentiality and integrity of personal information in SSA's records. We provide information to law enforcement organizations in connection with an individual who has been indicted or convicted of a violent crime. We also provide information if an individual is suspected of committing fraud against the Social Security program or any other government health or income program. SSA has ad hoc authority (under the ad hoc provision in Regulation 20 CFR 401.195) allowing the Commissioner to make one-time disclosures to law enforcement authorities upon written requests from law enforcement agencies in special situations of national emergency or security. On September 13, 2001 the Commissioner exercised this ad hoc authority to law enforcement requests concerning the events of September 11. SSA's Inspector General and our then Office of Disclosure Policy established a streamlined process to handle law enforcement requests pertaining to these tragic events. 9. The SSA Inspector General mentioned in his testimony that a person is able to receive credit toward Social Security benefits based on illegal work. Does current statute explicitly say SSA may credit work toward Social Security eligibility and benefits, regardless of whether the person is a citizen or authorized to work in the U.S.? Would you describe how SSA would process this application for benefits? What proof would SSA request, and would SSA use the illegal work to determine his eligibility and benefit amount? Would SSA refer him INS for the illegal work? Section 210 of the Social Security Act states that all work performed in the United States is considered employment under the Social Security program with specific, but limited, exceptions. The Act does not specifically address ``employment'' of persons who lack INS authorization to work and, therefore, these aliens working without authorization are not specifically ``excepted'' from engaging in covered employment. The Act concerns itself with the kind of work done, rather than who is performing the work. As long as the individual has worked in employment covered by the Act, and once they meet all the other factors of entitlement including lawful presence in this country, and submit the required proofs, they can receive benefits. If the individual had worked under an assumed or invalid SSN, we would request evidence of this and develop to determine which earnings belong to him/her. Thus, the receipt of benefits hinges on work in covered employment rather than immigration status at the point of employment. However, lawful presence in this country at the point of entitlement is required. 10. Under current law, a non-citizen applying for benefits today cannot collect Social Security benefits if he is not legally residing in the United States, but he can get credit toward Social Security for illegal work. Also, a person can earn credit toward Social Security while breaking immigration law. Should these inconsistencies be rectified in your view? Under present law, a non-citizen living in the United States will only receive benefits if he is legally residing in this country. If Congress wished to reconsider the issue, a key concern would be whether a change would drive more employees into the non-tax-paying underground. 11. The Inspector General has recommended that legislation be enacted preventing Social Security from using wages from unauthorized work to determine eligibility and benefit amounts. A previous administration did not agree with the recommendation--where does the current Administration stand? What would be the policy arguments for and against the SSA OIG's proposal to prohibit crediting wages earned from illegal work toward Social Security benefits and eligibility? Could you also elaborate on whether INS has sufficiently complete data on immigrants' work authorization status over time to enable SSA to pursue this recommendation? A proposal to deny credit for covered earnings on which the employee and employer paid the required Social Security taxes would be a major shift in public policy. The Administration has not reviewed this proposal. Current law already provides that individuals can be paid benefits within the United States only if they are lawfully present. Thus, this proposal would reduce benefits primarily for individuals who are, at the time they apply for benefits, either U.S. citizens or otherwise legally within the country. To administer such a change, it would be necessary to know exactly which periods in the past that a person was authorized to work and not authorized to work. However, it is our understanding that INS does not maintain an electronic historical record of the alien status of each noncitizen in this country. Without this information it would be impossible to implement this change. We defer to INS for a more thorough explanation of their databases. 12. This year, SSA began mailing letters to all employers who submit information in which the name or SSN of the employee does not match SSA's records. Could you explain what the purpose of this letter is, since some employers may mistakenly believe they should no longer employ a worker because of the letter? The Internal Revenue Code provides that employers are responsible for providing correct name/SSN information on the Form W-2. When an employee's reported name and SSN do not match SSA's records, SSA may send a ``no match'' letter informing the employer of the discrepancy and requesting the employer's assistance in resolving the error. Our purpose in sending these letters is to obtain the necessary information to clean up our suspense file and ensure that number holders receive proper credit for their earnings. These letters are intended to remind employers about the importance of providing SSA with correct names and SSNs of employees. They also encourage employers to correct their records and to use SSA's Employee Verification Service. We are concerned that some employers may use SSA's letters to take inappropriate adverse action against affected employees. We therefore specifically advise employers not to take adverse action against an employee because of the ``no-match'' letter, as indicated in the following paragraph from the letter used for tax year 2001: L``This letter does not imply that you or your employee intentionally provided incorrect information about the employee's name or SSN. It is not a basis, in and of itself, for you to take any adverse action against the employee, such as laying off, suspending, firing, or discriminating against an individual who appears on the list. Any employer that uses the information in this letter to justify taking adverse action against an employee may violate state or Federal law and be subject to legal consequences. Moreover, this letter makes no statement about your employee's immigration status.'' 13. It appears that many employers do not understand what they need to do to fix the record mismatch, and may inadvertently violate other laws. What guidance does SSA give to employers to help them fix the problems identified? SSA provides detailed, step-by-step guidance with every ``no- match'' letter in order to help employers resolve the reported records discrepancy. Instructions are provided for correcting SSNs and Filing Tips for accurate annual wage reporting are automatically included when ``no-match'' letters are mailed. Is this guidance consistent with that provided by INS, IRS, and the Department of Justice (DOJ) regarding hiring practices and documentation of an individual's work authorization status? Yes. Have you had discussions with these agencies to develop clear, consistent guidelines for employers so that they do not violate other laws in their efforts to comply with SSA's letters or out of fear of IRS penalties associated with non-matching wage reports? INS, IRS, and DOJ have been consistently involved in the development of the no-match policy guidelines. SSA has met with various agencies to discuss the Earnings Suspense File, ``no-match'' letters and related policies to assure that the guidance SSA provides to employers is consistent with INS, IRS and the DOJ policies. 14. Did SSA consult with business groups and others before implementing the new policy of sending out no-match letters to all employers with mismatched information? If not, why? SSA discussed changes to the ``no-match'' letter process with both the employer and payroll communities. We meet with groups such as American Payroll Association, the American Society of Payroll Management and the Payroll Service Bureau Consortium at our annual National Payroll Reporting Conference. ``No Match'' was a major topic at the Payroll Conference held in August, 2002. At this as well as other meetings, employers consistently indicate willingness to actively cooperate with SSA in order to resolve wage reporting discrepancies. 15. What has SSA heard back from employers and others since the mass mailing of no-match letters began? There has been an increased interest by employers in verifying SSN's for their employees. Representatives of labor unions, immigrant advocacy groups, and employer associations have expressed concerns about possible misinterpretation and misuse of the mismatch information. SSA has worked to address the issues identified by these groups to try to alleviate their concerns. 16. How many employers have contacted SSA attempting to verify their employee's SSNs? Employers can verify their employees' SSNs in a variety of ways: LApproximately 7,400 employers are registered to use the batch verification system. In calendar year 2001, there were 218 employers who used the batch verification system. LEmployers can visit a local SSA field office or call a teleservice center. We have no data on the verification requests to SSA field offices and teleservice centers, but we believe they probably receive thousands of SSN verification requests from employers. LThey can use the Employer Reporting Services Center (an 800 number). SSA has very recently begun tracking the numbers of SSN verification requests received here. For September, October and November 2002 the average monthly volume of verification requests received though the 800 number at the Employer Reporting Service Center is about 60,000. No breakout on the numbers of employers involved is available. LIn addition, there are a select number of participants using the pilot Social Security Number Verification (online) Service (SSNVS). There are six companies participating in the SSNVS pilot. 17. The INS is responsible for assisting State and Federal agencies to train employees of those agencies in examining immigration documents such as visas. Isn't it true that the SSA only reversed its policy on checking INS records before issuing Social Security cards to aliens after September 11, 2001? SSA has had longstanding policies to verify documents with INS. However, until recently we could not electronically confirm the legitimacy of documents with the INS until the person had been in this country for at least 30 days. Therefore we relied on visual inspection, pursuant to security guidelines provided by INS, to verify documents. In every case in which our own scrutiny led to any doubts about the authenticity of the documents, we held up assignment of the SSN until INS verified the documents, no matter how recent the entry. The events of September 11, 2001, caused SSA's new management to reexamine many of our internal processes and our interactions with other agencies, including INS. INS has made improvements in the timeliness of their data entry, and earlier this year gave SSA expanded access to non-immigrant data. Based on a decision by Commissioner Barnhart, no alien's SSN application is processed until SSA receives verification of the alien's INS documents from INS. Full implementation of this procedure was rolled out from July 15, 2002 through September 2002. Where the verification still cannot be done electronically, we will request verification from INS, which could be for as many as a half million of the 1.5 million non-citizens we enumerate each year. 18. More than 6 months after the initial request by the SSA, the INS still has not completed any arrangements to provide automated record checking against INS records, despite public statements that this was a ``top priority.'' Is the problem with INS or is the SSA request more complicated than the press releases suggest? SSA is now able to verify most INS documents online, using INS' Systematic Alien Verification for Entitlements (SAVE) system. Online access was provided by INS on May 25, 2002. The system was piloted in SSA field offices in June 2002, and implemented in all SSA field offices on September 1, 2002. For documents that cannot be verified online, SSA sends a manual request to INS for verification. 19. Beginning in June 2002, SSA started contacting the State bureau of vital statistics to verify a birth certificate presented for a SSN application. Starting in July 2002 and nationwide by September 2002, SSA started verifying immigration documents with INS. Before these changes, SSA generally examined the documents and accepted them if they appeared genuine. Did SSA consult with employers before changing its verification procedures? As indicated above, SSA's general policy prior to September 11 was to verify documents with INS, except for certain new arrivals whose records were scrutinized by our employees. The events of September 11 made it necessary for SSA to aggressively move forward in instituting additional verification measures to further ensure the integrity and security of the enumeration process. While we are working with the employer community and others to make them aware of the additional verification, we did not consult with them before changing our procedures. 20. What feedback has SSA heard from employers, particularly those employing seasonal workers, about the new verification procedures? Does SSA plan to make any exceptions or accommodations for temporary/ seasonal workers? Under the new verification procedures, how long does it take a non-citizen to obtain an original SSN? We recognize that our efforts to enhance the integrity of the enumeration process may result in a delay in receipt of an SSN or replacement card and therefore could hamper employment of temporary or seasonal workers. However, our procedural changes are designed to assure that only those who meet the enumeration requirements receive an SSN or replacement card. SSA is making no exceptions to its rules for any applicant. Some employers have contacted SSA expressing their concern about the length of time it may take for us to verify records manually with INS if the documents cannot be verified electronically. Any delays affect how quickly their newly hired employees obtain SSN cards. SSA's commitment is to assign an SSN within no more than a few days after receiving verification from the INS. Paper verification from INS may require as little as about a week or some number of weeks. SSA is working with INS to minimize these delays. Generally, employers are attempting to adjust their operations accordingly. Under IRS regulations 26 CFR Ch.1 Sec. 31.6011(b)-2 employers may hire an individual before he or she receives his/her SSN card. SSA is committed to doing all we can to protect the SSN while striking a balance among the needs of individuals, employers and SSN integrity. We believe that this new process should provide adequate safeguards for the integrity of the SSN while permitting individuals and their employers to move forward with hiring decisions. 21. Is it true that State benefit agencies, via your data matches with them, receive confirmation of their data or correct information from SSA's databases if their data is incorrect, for purposes of preventing fraud? State Departments of Motor Vehicles (DMVs) and employers only receive information on whether their data matches SSA's data or a note saying which piece of information did not match (without the correct information from SSA), even though they are also trying to prevent fraud, correct? In addition, is it also correct that the match with State DMVs may not provide information on whether the person on whom information was submitted shows up as deceased in SSA's records, depending on the system the State is using (online vs. batch file)? Why does SSA provide different levels of information to State DMVs than to State benefit agencies when they request matches with SSA data? Why don't the matches with Departments of Motor Vehicles or employers consistently include notification that a SSN belongs to a deceased individual? When do you expect SSA will provide information to employers and DMVs on whether a SSN is for a deceased person in these data matches? It is true that SSA provides different levels of information to State benefit paying agencies, DMVs and employers. We are working to enhance our verification systems as part of SSNVS. The next step in that process is to expand the pilot to additional employers. 22. Why doesn't SSA require a photo ID with SSN and benefit applications? Do you plan to change your procedures to require a picture ID when anyone does business with you? If not, why? If so, what is your time frame? SSA requires convincing evidence of identity (evaluated on a case- by-case basis) from all applicants for original or replacement SSN cards. Most people can provide some reliable evidence of identity, such as a drivers license, passport, or school ID, that is acceptable for SSA purposes. In determining what identity documents to accept, SSA is mindful of the public burden, considering: LNot all SSN card applicants are adults; LNot every applicant, even if age 16 and older, has a picture identity document; and LNot every applicant has more than one identity document that meets SSA's criteria. It must be noted that there are many commercial organizations that sell identity cards with photographs. Anyone can easily purchase a photo ID card on the Internet. SSA does not accept these because they are generally issued based solely upon the person's allegations and the issuing agents cannot verify them. A photo ID is only as good as the documentation used to obtain it. However, SSA has a pilot in certain SSA offices that will test and gather photographic identification to address the issue of complicit impersonation in the disability claims process. The pilot is expected to start in mid 2003, once necessary actions resulting from the publication of the Federal Register notice on November 15, 2002 are completed. 23. The SSA IG suggested in a September 2001 report that SSA limit the number of replacement cards to 3 in a year and 10 over a lifetime, except in extraordinary circumstances. Does SSA agree with the recommendation? If so, when will SSA implement it? If not, what other actions will SSA undertake to prevent misuse of replacement SSN cards? Also is SSA planning to take any action to restrict replacement cards issued to persons with non-work SSNs who report earnings? We are currently considering various options for limiting the number of replacement cards an individual can receive. 24. I understand that the Federal statute does not specifically prohibit somebody from selling his or her own validly issued SSN with intent to deceive. Is this correct? If so, do you think Congress should consider changing the law to make this illegal? Section 208 of the Social Security Act (42 U.S.C. 408) does prohibit a person from selling a Social Security card that is, or purports to be, a card issued by SSA. This provision also prohibits a person from possessing a Social Security card with the intent to sell it, for the purpose of obtaining anything of value ``or for any other purpose.'' See 42 U.S.C. 408(a)(7). However, the section does not prohibit selling an SSN. Nonetheless, that section does prohibit unlawful use of another person's SSN. If the number holder (NH) conspired with another person to unlawfully use the SSN, including selling it, knowing that it would be used unlawfully, then the NH could be charged with conspiracy and, perhaps other offenses (e.g., aiding and abetting). Moreover, selling the SSN might violate State laws concerning fraud, consumer protection, and so forth., depending on how the SSN is used. We note that the Subcommittees' bill, H. R. 2036, would remedy this. SSA would be glad to continue to work with you on such legislation. 25. When do you expect to have the first Enumeration at Entry Center running? What has been the reason for delay? Will only persons admitted for lawful permanent residence be processed through these centers? Does SSA have any near-term plans to expand these centers to persons temporarily admitted to the Untied States who are authorized to work? Enumeration at Entry (EAE) is a process that enables aliens applying for immigrant visas at DoS's Foreign Service posts to apply for SSNs at the same time. The process started in October 2002. DoS passes the SSN application data to INS along with the visa application data. INS, in turn, passes the SSN application data on to SSA for issuance of the SSN. Significant programming and systems modifications on the part of all three agencies were necessary to make EAE a reality. Furthermore, EAE implementation requires that DoS staff physically install software containing the EAE changes at each post. EAE is already operational in the posts in Manila, Philippines; London, England; and Cuidad Juarez, Mexico. As of December 18, 2002, we have issued 1,943 SSNs using this process. Beginning January 2003, DoS will begin to install EAE software at other Foreign Service posts around the world. When this phase is fully implemented, more than 90 per cent of the people applying for immigrant visas at DoS posts will be able to apply for SSNs at the same time. SSA, INS and DoS will soon begin discussions on expanding the process to other groups of aliens. 26. The IG has urged SSA to implement additional protections against issuance of multiple SSNs to children and to help State bureau of vital statistics to ensure records of hospital birth units and registered births match. For example, it can take a couple of months to get a SSN through enumeration at birth, and parents may come into the Social Security office to request a SSN at the same time it is processing the information from the State BVS, sometimes causing infants to be issued multiple SSNs. Also, some hospitals do not separate the duties of clerks gathering birth information from parents and clerks entering information into the hospital database, making it easier for someone to enter births for children who do not exist. Is SSA implementing any of the SSA IG's suggestions? The current Enumeration at Birth (EAB) contract expires on December 31, 2002. SSA is pursuing OIG's recommendation for the Bureaus of Vital Statistics to perform periodic independent reconciliation of registered births with statistics obtained from the hospitals to verify the legitimacy of sample birth records by building it into its negotiations for the new EAB contracts, which will be effective January 1, 2003. 27. Fingerprints and photos have been accepted biometric identification for government documents for more than fifty years. Why does the Social Security Administration not employ any sort of biometric identification to confirm identity? Doesn't the absence of biometric identity confirmation put at risk innocent citizens with regard to their bank accounts, their credit, sometimes even their mortgage loans? From the inception of the program, the Social Security number (SSN) card was never intended for use as an identity document. If the Social Security Administration were to use biometrics to link the SSN card to the bearer to allow identity confirmation, the agency would become the trusted authority and authenticator of individual identity in the U.S. We believe this task would have an adverse impact on our ability to fulfill our mission. In addition, the use of biometrics would require the re-enumeration of every Social Security number holder at considerable cost. We provided a report to Congress in 1997 on replacing the Social Security card with a plastic card that could include identifying information, such as a picture or biometric identifiers. Several of the prototypes developed in this study are still valid examples of the kind of identity document in question. The report found that issuing new Social Security cards with biometric information would cost from about $4 billion to $9 billion (in 1996 dollars), depending on the form of the card, and would require about 70,000 work years. SSA's Office of Inspector General and other SSA components continue to actively pursue information about potential technologies that we could use to support more accurate earnings reporting and to reduce benefit and SSN fraud. 28. The Social Security card is generally accepted to be very easily counterfeited. Has the SSA looked into the processes used by the State Department for passports or visas or by the INS for the ``Permanent Resident Card (green card)'' or the Border Crossing Card? We do not agree that the SSN card is ``very easily'' counterfeited. It has numerous sophisticated security features that help to prevent counterfeiting. These include: LThe front contains a marbleized light blue security tint, with the words ``Social Security'' in white. LIntaglio printing is used in some areas on the front of the card. (Intaglio printing can be done only by certain security printing companies, on registered machinery.) LThe front and back contain yellow, pink, and blue planchettes (small discs). These can appear anywhere on the card, including the area on the card that contains the Department of Health and Human Services or Social Security Administration seal and the number holder's name and SSN. Further, there are additional security features that we do not make a matter of public record. While we have confidence in the current security features of the card, we are open to considering options that would make it even less subject to counterfeiting and use by identity thieves. 29. Should the Social Security Administration, or another federal agency such as the INS start issuing a number that can be used for identification, so that the SSN can be reserved only for payroll tax withholding and benefit awards? SSA does not have a position on whether it or another Federal agency should issue numbers that could be used for identification. We believe that this is an issue for the new Department of Homeland Security, and we will be happy to work with them and provide any support needed. 30. How many individuals have been issued more than one SSN? How does this happen? What measures exist to prevent this from happening? Before SSA implemented the Systems controls explained below, there were occasional rare instances where more than one SSN was erroneously assigned to a single individual. We also know that there are limited cases where SSA has purposefully assigned a new SSN for domestic violence victims, those suffering continued harm due to identity theft, and so forth. In July 1990, SSA implemented the Modernized Enumeration System (MES), which gave FO personnel the capability to take an SSN application using online screens rather than on a paper application form. As part of the application process, MES searches the SSN database and returns possible matches when an application for a new SSN is entered. This helps the field office identify a previously assigned SSN, and prevents assignment of a new one. 31. We know that non-citizens who are authorized to work are able to legitimately obtain SSNs for work purposes. However, if they no longer are working in this country or have left the country, the SSN issued to them remains on record as being assigned to them. Should some notation on SSA's record be placed to indicate that the individual is no longer working and/or residing in this country? Should that number be valid for all times? It should remain an INS responsibility to determine who is authorized to work, and to keep track of entry/exit from the U.S. Employers, as part of the hiring process, can determine current status and work authorization by following INS' I-9 rules. We do not think SSA should duplicate this function. Regarding the validity of the SSN for all times, the SSN needs to remain valid in case the number holder returns to the United States and is once again authorized to work. The number is used to keep an accurate record of each individual's earnings and to pay and monitor benefits, including those paid under a Totalization agreement. Chairman GEKAS. Thank you, Sam. Yes, we invite the second panel to begin to take their places at the witness table. We call upon Charisse Phillips, Director of Fraud Prevention Programs, Bureau of Consular Affairs, U.S. Department of State; Robert Bond, Deputy Special Agent in Charge, Financial Crimes Division, U.S. Secret Service; Grant D. Ashley, Assistant Director, Criminal Investigative Division, Federal Bureau of Investigation; Hon. James G. Huse Jr., Inspector General, Social Security Administration in Baltimore; Matthew Reindl, Operator of Stylecraft Interiors Inc. of Great Neck, New York; and, Chris Hoofnagle, Legislative Counsel, Electronic Privacy Information Center. We state to the witnesses that their written statements will be accorded a place in the record, without objection. We will ask them each to try to limit their remarks, their reviews of their written testimony, to about 5 minutes. We will begin in the manner in which we introduced the panel, starting with Charisse Phillips. You may proceed. STATEMENT OF CHARISSE M. PHILLIPS, DIRECTOR, OFFICE OF FRAUD PREVENTION PROGRAMS, BUREAU OF CONSULAR AFFAIRS, U.S. DEPARTMENT OF STATE Ms. PHILLIPS. Mr. Chairman, thank you very much. I am very pleased to be here to testify before the Subcommittee this afternoon. I have had the privilege of serving as the Director of Fraud Prevention Programs in the Bureau of Consular Affairs for 2 years now. Previously, I served in a number of consular sections abroad, where I had frontline experience with document fraud, and with attempts by criminals, terrorists, and hostile governments to obtain U.S. travel documents. I have been a consular officer for almost 17 years now. The State Department has an integral interest in the quality of identity documents and vital records produced in the United States because those documents form the basis of U.S. passport issuance. The U.S. passport is perhaps the most highly valued document in the world, because of the many benefits and privileges it confers. It is not ``just a document,'' it is the passkey into our country. Let me tell you about the methadone moms. As these low- income women leave their drug-rehab clinics, they are targeted by alien smugglers. They are offered money, maybe a couple hundred dollars, to apply for passports for their own kids, but here's the catch. They will substitute photos of different kids, photos supplied by the alien smugglers. Who are these substitute kids? In the majority of cases, they are the children of people who cannot bring those kids to the United States legally immediately. Those parents pay thousands of dollars for these fraudulent passports. How do we know about this? Well, the proverbial alert passport employee. We are fortunate to have a cadre of trained, experienced, and loyal personnel who detect these attempts to obtain our passports through fraud. The Bureau of Consular Affairs is in the business of preventing this kind of abuse of children and of travel documents. We have developed an extremely tamper-resistant passport. In fact, just last week, Members of the Five Nations Conference told me what we have noticed ourselves, that our passports are now so good that alien smugglers have stopped trying to alter them. Instead, now they are trying to get hold of them by other means. They are using look-alike travelers to match passports stolen from American tourists overseas. They are helping imposters apply for U.S. passports, using identities stolen from U.S. citizens in the United States. They are selling counterfeit documents--birth certificates, drivers' licenses, Social Security cards--to aliens for use in applying for passports. All these documents are available cheap on the Internet. We are pretty good at detecting these false documents. We have done studies of our passport issuances, and we provide training and information to our passport staff to keep them alert. As home computers, the Web, and high-tech scanners, and photocopiers become more accessible, we need more and better tools for our people. We need to be able to confirm Social Security numbers easily and routinely. Right now, our people put a lot of energy into developing informal contacts to help them confirm Social Security numbers and work histories. They rely on this information in suspect cases to help them quickly identify Americans who are just taking an innocent trip from the aliens, sometimes criminal aliens, who are seeking U.S. passports to evade the scrutiny of immigration officials around the world. Our people also need help in confirming the bone fides of U.S. birth certificates. This country has more than 8,000 authorities issuing birth certificates and more than 50,000 different versions issued by States, counties, and municipalities. We also need an easy way to verify drivers' licenses, the usual proof of ID submitted with passport applications. High- quality duplicates of State drivers' licenses are available on the Internet with only a removable sticker warning ``novelty item'' to deter criminals. Our passport workers have no way of verifying drivers' licenses either online or through routine access. We call these kinds of documents ``breeder documents'' because they can all be used to obtain more identity documents. My office has, therefore, purchased the Social Security CD-ROM with death records of Social Security recipients going back to 1936. We have made this available to our passport and our visa personnel online. We have begun to brief Social Security fraud investigators. We are trying to work with Social Security on a way to identify Social Security numbers online. [The prepared statement of Ms. Phillips follows:] Statement of Charisse M. Phillips, Director, Office of Fraud Prevention Programs, Bureau of Consular Affairs, U.S. Department of State Mr. Chairman and Members of the Committees: Thank you for the opportunity to appear at this hearing on Preserving the Integrity of Social Security Numbers and Preventing Their Misuse by Terrorists. I have had the privilege of serving as the Director of Fraud Prevention Programs, in the Bureau of Consular Affairs, for two years now. Previously I served in a number of consular sections abroad where I had front-line experience with document fraud, and with attempts by criminals, terrorists, and hostile governments to gain U.S. travel documents. I have been a consular officer for almost 17 years. The Bureau of Consular Affairs is in the business of preventing travel document fraud. We have an integral interest in the quality of identity documents and vital records produced in the United States, because those documents form the basis of U.S. passport issuance. The U.S. passport is perhaps the most highly valued document in the world, because of the many benefits and privileges it confers. It is not ``just a document''--it is the pass-key into our country. We have developed an extremely tamper-resistant passport. In fact, passport and immigration authorities in other countries have told us what we have found ourselves--the U.S. passports now being issued are now so difficult to alter or counterfeit that alien smugglers have stopped trying to alter them. Instead they are acquiring authentic passports that have been lost or stolen and then using ``look-alike'' travelers to match passports stolen from American tourists overseas. They are helping impostors apply for U.S. passports using identities stolen from U.S. citizens in the USA. They are also producing and selling counterfeit documents-- birth certificates, driver's licenses, Social Security cards--to aliens to use in applying for passports. All these documents are available-- cheap--on the Internet. Personnel of the Bureau of Consular Affairs are experienced at detecting these false documents. We have done studies of our passport issuances, and we provide training and information to our passport staff to kept them alert. But as home computers, the Web, and high tech scanners and copiers become more accessible, we need more and better tools for our people. One tool that will help our officers is on-line access to Social Security Administration records. Comparing the documents submitted in support of passport and visa applications against the official databases of the issuing authorities will greatly improve the accuracy and integrity of the citizenship and identity confirmation process. We are currently working closely with the Social Security Administration and state vital records offices toward this goal. I will begin by giving some examples of document fraud cases. Alien Smuggling Ring Exposed Let me tell you about the methadone moms. As these low-income women leave their drug-rehab clinics, they are targeted by alien smugglers. They are offered money--several hundred dollars, maybe--to apply for passports for their own kids. But, here's the catch. They will submit photos of different kids, supplied by the alien smugglers. Who are these substitute kids? In the majority of cases, they are the children of people in the U.S. either illegally, or as permanent residents, but who cannot bring their kids to the U.S. immediately through any legal means. Their parents pay thousands of dollars for those fraudulent passports. How do we know about this? An alert passport employee. We are fortunate to have a cadre of trained, experienced and loyal personnel who detect these attempts to obtain our passports through fraud. Operation Oak Park: Passport Agency Uncovers Criminal Document Ring Late in 2000, the Chicago Passport Agency's Fraud Program Manager (FPM) linked 25 passport applications to a document fraud ring involving Nigerian nationals. A subsequent investigation conducted by the State Department's Diplomatic Security Field Office in Chicago revealed the fraud ring involved one document broker, who was already under investigation by the U.S. Postal Inspector's Office, the Social Security Administration's Inspector General's Office, the Immigration and Naturalization Service (INS), and the Drug Enforcement Agency. With Diplomatic Security as the catalyst, the agencies and others formed a task force, ``Operation Oak Park,'' under the direction of the U.S. Attorney. The ringleader and his associates provided young women with computer-generated counterfeit birth certificates and immunization records that named the women as the mothers of non-existent newborn babies. They used those documents to apply for Social Security cards, which they passed on to the ringleader. He then created other counterfeit birth certificates, using the name on the Social Security card but with the date of birth of the ultimate recipient or purchaser of the documents. The recipients could then use the birth certificates and Social Security cards to obtain driver's licenses and apply for passports. The ringleader charged about $5,000 for each fraudulent identity. The investigation developed leads into Jamaican and Nigerian community-based criminal activities and implicated two Illinois State Bureau of Vital Statistics employees and one Federal employee, who actively participated in the broader fraudulent documents scheme. Operation Blind Date When Federal investigators arrested the ringleader, he agreed to cooperate, spawning a subsidiary investigation, Operation Blind Date. Under guidance from the task force he arranged for his network of brokers to fly to Chicago to pick up their documents and meet a supposedly corrupt Social Security supervisor, who was in reality an undercover Secret Service agent. The Chicago Police Department was included in the operation and arrested eight of the ringleader's associates ostensibly in routine traffic stops as they left his office so they wouldn't suspect him of turning them in. Those arrested included six Nigerian nationals, a Kenyan and a Jamaican posse street gang leader who was sought at the time by U.S. Customs and the DEA for narcotics trafficking. As part of a plea agreement, the ringleader took responsibility for preparing more than 100 sets of false documents. He was charged with fraudulently obtaining and selling passports and Social Security cards and counterfeiting birth certificates. He faced a possible sentence of 10 years imprisonment and a $250,000 fine. However, he did not give up as easily as it appeared at the time. In December 2001, his family informed Federal agents that the individual, who was at home on electronic detention while awaiting sentencing, had passed away. However, when a Secret Service agent went to the morgue to identify the body he discovered that the corpse was not the ringleader's. The family and their doctor allegedly conspired to kidnap and murder a homeless man, pass him off as the convicted individual and planned to have the body cremated as soon as the morgue released it. A manhunt for the ringleader ensued, and Federal agents were able to track him to Massachusetts. He was apparently planning to flee the country to Poland where he had ties. He is still awaiting sentencing. The U.S. Attorney in Chicago has added capital murder charges to the document fraud charges. West African Fraud in Texas Interagency cooperation is also active in other parts of the country to combat document fraud. The Houston Passport Agency's region has two of the country's largest enclaves of West African nationals in the U.S. The majority resides in Dallas and Houston, which has over 50,000 Nigerian residents. The number of scams involving West African nationals in this region grew so great that a Federal task force comprised of various Federal and local law enforcement agencies convened several years ago in an effort to share case information and develop joint strategies. The majority of passport fraud cases by West Africans detected involved additional crimes, such as marriage fraud, narcotics trafficking, credit card fraud, insurance fraud and Social Security fraud. Falsified Visas Also Used for Social Security Fraud Another type of fraud we have seen involves altered visas used by people who are already in the U.S. to obtain a benefit. Copies of fraudulent visas have been submitted to the Social Security Administration and the INS. The SSA applications are most commonly submitted by citizens of the Former Soviet Union who have legitimately issued visitor visas. The visas are altered, however, to show work classification so that the person will appear eligible for a Social Security number. Why Social Security Number Checking is Critical to Passport and Visa Processing Passport Applications As state and local vital statistics offices improve the security features of their birth certificates to deter counterfeiters, deceased identity fraud will become an increasingly popular mode of fraud. Confirming a deceased identity is often difficult for Passport Agency Fraud Program Managers (FPMs) since many states have not cross-matched out-of-state birth and death records. Social Security data can be very useful in exposing attempts at passport fraud. FPMs have learned to recognize potential fraud cases by spotting anomalies in passport applications. Among the most frequent indicators of passport fraud are: LThe breeder document phenomenon In this scenario, a birth certificate is used to generate a series of new documents, culminating in an application for a passport. One hallmark of such activity is a readily identifiable timeline sequence of the respective transactions. First, a birth certificate appears, then a Social Security card or a document such as a state ID or driver's license, and finally, the passport application is executed. LLittle evidence to support the deposed facts Often, a passport application shows omissions and references to third parties (e.g., a friend as the person-to-be-notified in the event of an emergency). In person, the applicant is generally unfamiliar with the assumed identity, thus tending to respond evasively and making claims that are generally inconsistent with his appearance. LUnusual signatures Signatures on the applications may appear labored or obviously forged. FPMs are trained to detect handwriting that is not American in style. Passport agency personnel frequently check whether a previously issued passport was issued in error. The most useful method to do so is to obtain a copy of the previous application and verify the subject's Social Security number and check birth/death records and the FBI's National Crime Information Center files. If the passport was issued in a deceased identity a possible indicator would be a recently issued SSN or a record of two SSN's issued in that identity. There will also be minimal personal data on the original application. If the passport was obtained based on a counterfeit or falsely filed delayed birth certificate, a new SSN in the applicant's identity may have been issued weeks after the first passport was issued. The previous application may show a different SSN. Immigrant Visa Utility Consular sections at U.S. Embassies and Consulates also rely on Social Security records when handling immigrant visa cases. Consular Sections overseas are sometimes hard pressed to determine whether an elderly petitioner in an immigrant visa case is still alive, particularly in cases where the petition was filed many years before. In other cases, the follow-to-join beneficiaries may claim the original petitioner is deceased in order to avoid a likely visa refusal resulting from ineligibility under the public charge section of the Immigration and Nationality Act. Sometimes there are also fraud problems when employment-based immigrant visa cases filed many years before for beneficiaries to care for elderly or seriously ill individuals raise questions whether the individuals still need such assistance. A check of the SSA database will in some cases provide definitive evidence of misrepresentation. How the Department of State Combats the Fraud Purchasing SSA Database My office has purchased from Social Security a CD ROM with death records of Social Security recipients dating back to 1936. We have made this available to our passport and visa personnel on-line. Fraud Prevention Managers in consular sections and passport agencies now have access to over 77 million U.S. death records via the Office of Fraud Prevention Programs' Intranet Web page. Over 98% of the death records in the database are for individuals who died after 1962. However, the database only includes death records of individuals for whom a death benefit claim was made to SSA. It may therefore not provide a positive response if the decedent never worked or never had a Social Security number, even if that person is indeed deceased. LMultiple Passport Issuance Verification Helps Detect Fraudulent Passport Applications Passport Services' Multiple Passport Issuance Verification (MIV) feature of the new Photodigitized Passport Issuance System is a quantum leap forward in fraud prevention technology that is already paying handsome dividends. Acting much like a name-check system, MIV automatically searches the passport files database for records of passport issuance during the past ten years and notifies the adjudicating officer if an applicant was issued a previous passport. It tells the officer how many passports were issued and for each issuance provides the name, date and place of birth, passport number, issuance and expiration dates. Some records also provide the Social Security number. This is proving to be a powerful tool for passport agency FPMs. A recent survey of ten passport agencies revealed that the MIV system detected an average of 25 additional fraud cases per month. Liaison with Vital Records Offices When questions arise concerning the authenticity of a U.S. birth certificate submitted with a passport application, FPMs often seek to verify the questioned document with appropriate local authorities. Over the years, FPMs have established informal working relationships with most of the state registrars in their regions. Consular personnel also work with the National Association for Public Health Statistics and Information Systems (NAPHSIS). At their annual conference in 2001 NAPHSIS members approved a Consular Affairs- drafted resolution recommending cooperation with the Department of State's anti-fraud program. In the resolution, NAPHSIS recognized that cooperation with the State Department is essential to the integrity of the passport issuance process and the states' vital records operations. The resolution encouraged all vital statistics offices to establish and maintain liaison with the FPM whose passport agency is responsible for their state. What the Problem Needs Now We need to be able to confirm Social Security numbers easily and routinely. Right now our people put a lot of energy into developing informal contacts to help them confirm Social Security numbers and work histories. They rely on this information in suspect cases to help them quickly identify the bona fide Americans taking an innocent trip from the aliens, sometimes criminal aliens, who are seeking U.S. passports to evade the scrutiny of immigration officials around the world. Our people also need help with confirming the bona fides of U.S. birth certificates and driver's licenses. This country has more than 8,000 authorities issuing birth certificates, and more than 50,000 different versions issued by states, counties and municipalities. One commonly accepted proof of identity is the driver's license. It is not commonly known, however, that high-quality duplicates of state licenses are available on the Internet, with only a removable sticker warning ``novelty item'' to deter criminals. Our passport workers have no way of verifying driver's licenses, either on-line or through routine access. We call these documents ``breeder documents'' because they can all be used to obtain more identity documents. Over the past several years we have been working with other agencies to combat fraudulent use of these documents and detect counterfeits and other fraud. We have begun to brief Social Security fraud investigators in identifying foreign passports presented with Social Security number applications. We are also working closely with the Social Security Administration to identify a way for us to routinely verify Social Security numbers on-line. We are working with the National Association of Public Health Statistics and Information Systems and the Social Security Administration to encourage states to automate their birth and death records. My office is also building a database of lost-or-stolen blank documents, such as birth certificates. We are also part of an interagency working group, headed by INS, on developing standards for U.S. birth certificates, to make it easier to identity counterfeits. In addition, we are talking to the American Association of Motor Vehicle Administrators on standardizing driver's license features. My office recently sponsored a pilot program at one passport agency to purchase readers to verify that the information on the front of driver's licenses at least matches that on the barcodes or magnetic strips on the back--police departments use these same devices to detect underage drinkers. We are also developing a pilot program with one state Department of Motor Vehicles to construct a train-the-trainers program on foreign passports, and share information on trends in document fraud. If we have this much difficulty with fraudulent documents in the United States, it is easy to imagine the problem encountered in our consular sections overseas. Some countries have automated, centralized records that are verified before passports are issued, and their documents are therefore easy to accept. In others, wars and natural disasters have destroyed vital local records, where they even existed. Poorly paid civil registry workers are also subject to pressure to fraudulently issue legitimate documents. To counter this problem, my office maintains information on lost- or-stolen blank foreign travel documents. Every consular section has a designated Fraud Prevention Manager who is responsible for helping new officers learn the local documents, and for maintaining exemplars for reference. We have on-line country fraud summaries available for visa adjudicators to refer to. We train consular officers to detect altered or counterfeit documents, even when they have never seen such documents before. In addition, the U.S. Government has several programs to encourage countries to centralize and automate their vital records. As much progress as we believe we have made, we continue to explore possibilities for improving our fraud detection. For instance, we would like to explore the use of commercial databases to help identify fraudulent applications. We will work with INS to obtain additional information from its records that would be helpful. We in the State Department are proud of our fraud prevention programs and the technological improvements we are making. We will continue to work with the Social Security Administration, other Federal agencies, and the states to aggressively combat document fraud. Chairman GEKAS. We thank the lady for the testimony. I take it she is not completed with all that she wants to render, but perhaps during the question and answer period, some commentary will be forthcoming. We will go to the second witness. You may proceed. STATEMENT OF ROBERT BOND, DEPUTY SPECIAL AGENT IN CHARGE, FINANCIAL CRIMES DIVISION, U.S. SECRET SERVICE Mr. BOND. Mr. Chairman, thank you. Members of both Subcommittees, thank you for the opportunity to address the subject of identity theft and the Secret Service's efforts to combat this problem. I am particularly pleased to be here with my colleagues and partners in fighting identity theft from the Federal Bureau of Investigation, the State Department, and the Social Security Administration. With the passage of new Federal laws in 1982 and 1984, the Secret Service was given primary jurisdiction for the investigation of access device fraud and parallel authority with other law enforcement agencies in identification fraud cases. The explosive growth of these crimes has resulted in the evolution of the Secret Service into an agency that is recognized worldwide for its expertise in the investigation of all types of financial crimes. While advances in technology and the burgeoning use of the Internet has provided numerous benefits to the consumer through readily available credit and consumer-oriented financial services, it has also created a target-rich environment for today's sophisticated criminals, many of whom are organized and operate across international borders. Identity theft is almost always a component of one or more crimes, such as financial crimes, violent crimes, or, possibly, the facilitation of terrorist activities. Identity theft can affect all Americans, regardless of age, gender, nationality, or race. The events of September 11 have focused the priorities and actions of law enforcement throughout the world, including the Secret Service. Immediately following the attacks, the Secret Service assisted the FBI and the joint terrorism task forces with their investigations through the leveraging of our established relationships, especially within the financial sector, in an attempt to gather information as expeditiously as possible. The Secret Service is also involved in a collaborative effort to analyze the potential for identity theft to be used in conjunction with terrorist activities through our liaison efforts with Operation Green Quest, Operation Direct Action, FinCEN, and the Terrorist Financing Operations section of the FBI. Since our inception in 1865, the twin pillars of the Secret Service have been prevention and partnership building. We simply could not fulfill our dual missions of protecting our Nation's elected leaders and safeguarding our financial infrastructure without two essential elements, incorporating preventative strategies and training, and building cooperative, trusted relationships with our local and Federal law enforcement partners. A central component of the Secret Service's preventive and investigative efforts with regard to identity theft has been educate consumers and provide training to law enforcement personnel through a variety of partnerships and initiatives, including our 37 financial and cybercrime task forces the Secret Service has developed throughout the country. The Secret Service has already undertaken a number of unique initiatives aimed at increasing awareness and providing the training necessary to combat identity theft and assist victims in rectifying damage done to their credit. This includes the development of a number of training tools designed to assist local law enforcement partners. Ultimately, most identity theft cases are reported to and investigated at the local level, but too often, local law enforcement agencies lack the expertise, experience, and resources to sufficiently investigate electronic-based crimes such as identity theft. In partnership with the International Association of Chiefs of Police, the Secret Service produced the ``Best Practices for Seizing Electronic Evidence Manual.'' This pocketsize guide instructs law enforcement officers in seizure of evidence from personal computers to wireless telephones to digital cameras. To date, the Secret Service has distributed over 315,000 copies of this guide free of charge to local law enforcement officials. We have also worked with this group and our private sector partners to produce the interactive and computer-based training program known as ``Forward Edge,'' and this is ``Forward Edge.'' It is a computer-based training program that takes the next step in training officers to conduct electronic crimes investigations. ``Forward Edge'' incorporates virtual reality features as it presents different investigative scenarios to the trainee. Copies of State computer crime laws for each of the 50 States, as well as corresponding sample affidavits, are also part of the training program and are immediate accessible for instant implementation. In short, any police department in the country, regardless of the size and the resources that they may have, now has access to state-of-the-art training on the seizure and preservation of electronic forensics evidence, which can be central to an identity theft investigation. To date, we have distributed over 35,000 of these training CDs, again, free of charge, to our local law enforcement partners. Finally, the Secret Service and the International Association of Chiefs of Police are developing an ``Identity Theft Roll-Call Video'' geared toward local police officers throughout the Nation. This video will emphasize the need for police to document a citizen's complaint of identity theft, regardless of the location of the suspects. The video will also provide officers with instructions to assist victims who are seeking their reputations and credit worthiness. In addition to preventive measures, legislation currently pending in Congress can further enhance law enforcement efforts to combat identity theft. Stronger penalties, increased enforcement, and continued focus on prevention and training are the ingredients to successfully combating identity theft in the future. Mr. Chairman, that concludes my prepared statement. I will be happy to answer any questions that you or the other Members of the Subcommittee may have. Thank you, sir. [The prepared statement of Mr. Bond follows:] Statement of Robert Bond, Deputy Special Agent in Charge, Financial Crimes Division, U.S. Secret Service Mr. Chairman, I would like to thank you for the opportunity to address both Subcommittees on the issue of identity theft and the Secret Service's efforts to combat this problem. I am particularly pleased to be here with my colleagues and partners in fighting identity theft from the Federal Bureau of Investigation, the Department of State, and the Social Security Administration. The Secret Service was originally established within the Department of the Treasury in 1865 to combat the counterfeiting of U.S. currency. Since that time, this agency has been tasked with the investigation of other Treasury related crimes, as well as the protection of our Nation's leaders, visiting foreign dignitaries and events of national significance. With the passage of new Federal laws in 1982 and 1984, the Secret Service was given primary authority for the investigation of access device fraud and parallel authority with other law enforcement agencies in identification fraud cases. The explosive growth of these crimes has resulted in the evolution of the Secret Service into an agency that is recognized worldwide for its expertise in the investigation of all types of financial crimes. The burgeoning use of the Internet and advanced technology coupled with increased investment and expansion has led to fierce competition within the financial sector. Although this provides benefits to the consumer through readily available credit and consumer oriented financial services, it also creates a target rich environment for today's sophisticated criminals, many of whom are organized and operate across international borders. Information collection has become a common byproduct of the newly emerging e-commerce. Internet purchases, credit card sales, and other forms of electronic transactions are being captured, stored, and analyzed by entrepreneurs intent on increasing their market share. This has led to an entirely new business sector being created which promotes the buying and selling of personal information. Consumers routinely provide personal, financial and health information to companies engaged in business on the Internet. They may not realize that the information they provide in credit card applications, loan applications, or with merchants they patronize are valuable commodities in this new age of information trading. With the advent of the Internet, companies have been created for the sole purpose of data mining, data warehousing, and brokering of this information. These companies collect a wealth of information about consumers, including information as confidential as their medical histories. Like all businesses, data collection companies are profit motivated, and as such, may be more concerned with generating potential customers rather than safeguarding their information to prevent its misuse by unscrupulous individuals. The private sector represents the first line of defense in identity theft and has a responsibility to safeguard the data that it has collected. The greater the protections that industry provides to the public, the fewer the opportunities for identity theft. Based upon this wealth of available personal information, the crime of identity theft can be perpetrated with minimal effort on the part of even relatively unsophisticated criminals. There is no area today that is more relevant or topical than that of identity theft. Simply stated, identity theft is the use of another person's identity to commit fraudulent activity. Identity theft is not typically a ``stand alone'' crime. It is almost always a component of one or more crimes, such as financial crimes, violent crimes, or possibly, the facilitation of terrorist activities. In many instances, an identity theft case encompasses multiple types of fraud. According to statistics compiled by the FTC for the year 2001, 20% of the 86,168 victim complaints reported involved more than one type of fraud. The major complaints compiled by the FTC, which include multiple types of fraud reported in multiple categories, were: L42% of complaints involved credit card fraud--i.e. someone either opened up a credit card account in the victim's name or ``took over'' their existing credit card account; L20% of complaints involved the activation of telephone, cellular, or other utility service in the victim's name; L13% of complaints involved bank accounts that had been opened in the victim's name, and/or fraudulent checks had been negotiated in the victim's name; L7% of complaints involved consumer loans or mortgages that were obtained in the victim's name; L9% of complaints involved employment-related fraud; L6% of complaints involved government documents/ benefits fraud; and L17% of miscellaneous fraud, such as medical, bankruptcy and securities fraud. IMPACT Identity theft, unlike many types of crime, affects all types of Americans, regardless of age, gender, nationality, or race. Victims include everyone from restaurant workers, telephone repair technicians, and police officers, to corporate and government executives, celebrities and high-ranking military officers. What victims do have in common is the difficult, time consuming, and potentially expensive task of repairing the damage that has been done to their credit, their savings, and their reputation. Obviously, the impact is magnified when it affects one of America's most valued assets, our senior citizens, as they represent a generation with a trusting nature that is easy to exploit. This group is particularly dependent on other caregivers for assistance, such as relatives, medical staff, service personnel, and oftentimes, complete strangers. This dependency increases their vulnerability to certain schemes involving identity theft. LEGISLATION In past years, victims of financial crimes such as bank fraud or credit card fraud were identified by statute as the person, business, or financial institution that incurred a financial loss. All too often the individuals whose credit was ruined through identity theft were not even recognized as victims. This is no longer the case. The Identity Theft and Assumption Deterrence Act was passed by Congress in 1998. This represented the first comprehensive effort to re-write the Federal criminal code to address the insidious effects of identity theft on private citizens. This new law amended Section 1028 of title 18 of the United States Code to provide enhanced investigative authority to battle the growing problem of identity theft. These protections included: LExpanding the scope of the statute to include as victims those individuals whose identity information was stolen and whose primary loss is creditworthiness and reputation rather than financial loss; LThe establishment of the Federal Trade Commission (FTC) as the central clearinghouse for victims to report incidents of identity theft. This centralization of all identity theft cases allows for the identification of systemic weaknesses and provides law enforcement with the ability to retrieve investigative data at one central location. It further allows the FTC to provide victims with the information and assistance they need in order to take the steps necessary to correct their credit records; LAsset forfeiture provisions were enhanced to allow for the repatriation of funds to victims; and LThe closing of a significant gap in existing statutes. Previously, only the production or possession of false identity documents was unlawful. With advances in technology such as e-commerce and the Internet, criminals did not need actual, physical identity documents to assume an identity. This legislative change made it illegal to steal another person's personal identification information with the intent to commit a violation, regardless of actual possession of identity documents. We believe that the passage of this legislation was the catalyst needed to bring together both Federal and state government resources in a focused and unified response to the identity theft problem. Today, law enforcement, regulatory and community assistance organizations have joined forces through a variety of working groups, task forces, and information sharing initiatives to assist victims of identity theft. The United States Sentencing Guidelines have also been amended since the passage of the 1998 Act to better address identity theft. Section 2B1.1 now provides an offense level of 12 in cases involving the possession of device-making equipment, the production of or trafficking in an unauthorized or counterfeit access device, the unauthorized transfer or use of any means of identification to unlawfully produce or obtain any other means of identification, or the possession of five or more means of identification that were lawfully produced from, or obtained by the use of, another means of identification. The guidelines amendments also provide a revised minimum loss rule for offenses involving counterfeit or unauthorized access devices. Specifically, a minimum loss amount of $500 per access device is to be used when calculating the loss involved in the offense, with the exception of the possession, not the use of, telecommunications access devices, in which case the minimum loss per unused device is $100. Finally, the guidelines now include grounds for an upward departure in identity theft cases in which the penalty range, which is largely based on financial loss, does not adequately reflect the seriousness of the offense. Specifically, courts may now consider whether the offense conduct harmed the victim's reputation or credit record, whether the victim suffered substantial inconvenience related to repairing that reputation or credit record, whether the victim was erroneously arrested or denied a job due to the theft, and whether the defendant produced or obtained numerous means of identification such that he or she essentially assumed the victim's identity. Violations of the Act are investigated by Federal law enforcement agencies, including the Secret Service, the U.S. Postal Inspection Service, the Social Security Administration (Office of the Inspector General), and the Federal Bureau of Investigation. Schemes to commit identity theft or fraud may also involve violations of other statutes, such as credit card fraud, computer fraud, mail fraud, wire fraud, financial institution fraud, or Social Security fraud, as well as violations of state law. Because identity theft is often connected to criminal activity that falls under the jurisdiction of the Secret Service, we have taken an aggressive stance and continue to be a leading agency for the investigation and prosecution of such criminal activity. Given the relative ease with which criminals can steal the identities of others and the allure of enormous profits with few, if any, repercussions, relying on the current sentencing structure to deter the victimization of our citizens, is shortsighted. Recently, S. 2541, the Identity Theft Penalty Enhancement Act of 2002 was introduced in the Senate with the intent to establish increased penalties for aggravated identity theft, that is, identity theft committed during and in relation to certain specified felonies. This Act, in part, would provide for two (2) years imprisonment for aggravated offenses, in addition to the punishment associated with the related felony; committing the crime of identity theft in relation to specified felony violations, in addition to the punishment provided for such felony; and five (5) years imprisonment for the same related felonies associated with terrorism. Additionally, the Act prohibits the imposition of probation for those convicted of such violations and allows for consecutive sentences. While this particular legislation cannot be expected to completely suppress identity theft, it does recognize the impact identity theft has on society and the need to punish those engaging in criminal activity for personal or financial gain. The Administration strongly supports this bill. SECRET SERVICE INVESTIGATIONS Although financial crimes are often referred to as ``white collar'' by some, this characterization can be misleading. The perpetrators of such crimes are increasingly diverse and today include organized criminal groups, street gangs and convicted felons. This can be attributed to many factors including: LThe probability of high financial gain versus low sentencing exposure; LThe increased availability of goods or services which can be obtained on credit; and LThe proliferation of computer technology in our society that provides easy access to the information needed to commit many financial crimes, as well as a means for committing them remotely. The personal identifiers most often sought by criminals are those generally required to obtain goods and services on credit. These are primarily Social Security numbers, names, and dates of birth. The methods of identity theft vary. It has been determined that many ``low tech'' identity thieves obtain personal identifiers by going through commercial and residential trash, a practice known as ``dumpster diving.'' The theft of both incoming and outgoing mail from mailboxes is a practice used equally as often by individuals and organized groups, along with thefts of wallets and purses. With the proliferation of computers and increased use of the Internet, many identity thieves have used information obtained from company databases and web sites. A case investigated by the Secret Services that illustrates this method involved an identity thief accessing public documents to obtain the Social Security numbers of military officers. In some cases, the information obtained is in the public domain, and in others, it is proprietary, and is obtained by means of a computer intrusion. The method that may be most difficult to prevent is theft by a collusive employee. The Secret Service has discovered that individuals or groups who wish to obtain personal identifiers or account information for a large-scale fraud ring will often pay or extort an employee who has access to this information through their employment at workplaces such as a financial institution, medical office, or government agency. In most of the cases our agency has investigated involving identity theft, criminals have used another individual's personal identifiers to apply for credit cards or consumer loans. Less commonly, they are used to establish bank accounts, leading to the laundering of stolen or counterfeit checks, or are used in a check-kiting scheme. The majority of identity theft cases investigated by the Secret Service are initiated on the local law enforcement level. In most cases, the local police department is the first responder to the victims once they become aware that their personal information is being used unlawfully. Credit card issuers as well as financial institutions will also contact a local Secret Service field office to report possible criminal activity. It is quite probable that older Americans will become an increasingly attractive target by criminal elements given the fact that 70% of our Nation's wealth is controlled by those 50 years of age and older. Additionally, the common perception is that it is difficult for elderly victims to repair the effects of identity theft due to a lack of technical knowledge and uncertainty on how to protect themselves. Often, the level of diligence in monitoring personal finances decreases among the elderly or, after discovering the fraudulent activity, some are embarrassed and unsure of the steps necessary to report the compromise. TERRORISM The events of September 11, 2001 have altered the priorities and actions of law enforcement throughout the world, including the Secret Service. Immediately following the attacks, Secret Service assisted the FBI with their terrorism investigation through the leveraging of our established relationships, especially within the financial sector, in an attempt to gather information as expeditiously as possible. The Secret Service has become involved in several collaborative efforts with respect to the investigation of terrorist activities through our liaison efforts with Operation Green Quest, Operation Direct Action, FinCEN, and the Terrorist Financing Operations Section of the FBI. As part of these collaborative efforts, the Federal law enforcement community is analyzing the potential for identity theft to be used in conjunction with terrorist activities. COORDINATION The Secret Service continues to attack identity theft by aggressively pursuing our core Title 18 investigative violations, including access and telecommunications device fraud, financial institution fraud, computer fraud and counterfeiting. Many of these schemes would not be possible without compromising the personal financial information of an innocent victim. Our own investigations have frequently involved the targeting of organized criminal groups that are engaged in financial crimes on both a national and international scale. Many of these groups are prolific in their use of stolen financial and personal information to further their financial crime activity. It has been our experience that the criminal groups involved in these types of crimes routinely operate in a multi-jurisdictional environment. This has created problems for local law enforcement agencies that generally act as the first responders to their criminal activities. By working closely with other Federal, state, and local law enforcement, as well as international police agencies, we are able to provide a comprehensive network of intelligence sharing, resource sharing, and technical expertise that bridges jurisdictional boundaries. This partnership approach to law enforcement is exemplified by our financial and electronic crime task forces located throughout the country, pursuant to our section 1030 computer crime authority. These task forces primarily target suspects and organized criminal enterprises engaged in financial and electronic criminal activity that falls within the investigative jurisdiction of the Secret Service. Members of these task forces, who include representatives from local and state law enforcement, private industry and academia, pool their resources and expertise in a collaborative effort to detect and prevent electronic crimes. While our task forces do not focus exclusively on identity theft, we recognize that a stolen identity is often a central component of other electronic or financial crimes. Consequently, our task forces devote considerable time and resources to the issue of identity theft. OUTREACH EFFORTS Another important component of the Secret Service's preventative and investigative efforts has been to increase awareness of issues related to financial crime investigations in general, and of identity theft specifically, both in the law enforcement community and the general public. The Secret Service has tried to educate consumers and provide training to law enforcement personnel through a variety of partnerships and initiatives. For example, criminals increasingly employ technology as a means of communication, a tool for theft and extortion, and a repository for incriminating information. As a result, the investigation of all types of criminal activity, including identity theft, now routinely involves the seizure and analysis of electronic evidence. In response to this trend, the Secret Service developed, in conjunction with the International Association of Chiefs of Police (IACP), the ``Best Practices for Seizing Electronic Evidence Manual,'' to assist law enforcement officers in recognizing, protecting, seizing and searching electronic devices in accordance with applicable statutes and policies. As a follow-up to this guide, the Secret Service and the IACP developed ``Forward Edge,'' a computer-based training application designed to allow officers to ``virtually'' seize different types of evidence, including electronic evidence, at various crime scenes. Further, the Secret Service, in conjunction with the U.S. Postal Inspection Service and the Federal Reserve Bank System, produced an identity theft awareness video. The video, which explains how easily one can become a victim and what steps should be taken to minimize damage, has been made available to Secret Service offices for use in public education efforts. In April of 2001, the Secret Service assisted the FTC in the design of an identity theft brochure, containing information to assist victims on how to restore their ``good name,'' as well as how to prevent their information and identities from becoming compromised. Finally, the IACP and the Secret Service have partnered to produce an ``Identity Theft Roll-Call Video'' geared toward local police officers throughout the Nation. The purpose of this video is to emphasize the need for police to document a citizen's complaint of identity theft, regardless of the location of the suspects. In addition, the video and its companion reference card will provide officers with information that can assist victims desperate to restore their reputations and creditworthiness. The Secret Service is also actively involved with a number of government-sponsored initiatives. At the request of the Attorney General, the Secret Service joined an interagency identity theft subcommittee that was established by the Department of Justice. This group, which is comprised of Federal, state, and local law enforcement agencies, regulatory agencies, and professional agencies, meets regularly to discuss and coordinate investigative and prosecutive strategies as well as consumer education programs. Last spring, the Secret Service's Financial Crimes Division assigned a full-time special agent to the Federal Trade Commission (FTC) to support all aspects of their program to encourage the use of the Identity Theft Data Clearinghouse as a law enforcement tool. The Identity Theft and Assumption Deterrence Act established the FTC as the central point of contact for identity theft victims to report all instances of identity theft. The FTC has done an excellent job of providing people with the information and assistance they need in order to take the steps necessary to correct their credit records, as well as undertaking a variety of ``consumer awareness'' initiatives regarding identity theft. To date, the Secret Service representative at the FTC has: LMet with and made presentations to Federal, state and local law enforcement about the FTC's Identity Theft Data Clearinghouse and it's victim assistance program; LWorked closely with agents in the field to ensure that they have access to the Consumer Sentinel system and are comfortable using the Identity Theft Data Clearinghouse database; LUsed the Identity Theft Data Clearinghouse to identify possible case leads, and developed a protocol for selecting which victim complaints are most likely to be successful case leads for criminal law enforcement agencies; LDeveloped points of contact at the local, state and Federal levels of government to receive case lead referrals from the Identity Theft Data Clearinghouse database, and also identified routines and procedures to be followed when referring such cases; and LServed as both a presenter and an instructor at 11 law enforcement training conferences hosted by various law enforcement agencies or organizations, such as the International Association of Financial Crimes Investigators (IAFCI) and the U.S. Marshal's Investigators Conference. It is important to recognize that public education efforts can only go so far in combating the growth of identity theft. Because Social Security numbers, in conjunction with other personal identifiers, are used for such a wide variety of record keeping and credit related applications, even a consumer who takes appropriate precautions to safeguard such information is not immune from becoming a victim. PRECAUTIONS AND REMEDIES The Secret Service recommends that consumers take the following steps to protect themselves from credit card fraud and identity theft: LMaintain a list of all credit card accounts that is not carried in a wallet or purse so that immediate notification can occur if any cards are lost or stolen; LAvoid carrying any more credit cards in a wallet or purse than is actually needed; LCancel any accounts that are not in use; LBe conscious of when billing statements should be received, and if they are not received during that window, contact the sender; LCheck credit card bills against receipts before paying them; LAvoid using a date of birth, Social Security number, name or similar information as a password or PIN code, and change passwords at least once a year; LShred or burn pre-approved credit card applications, credit card receipts, bills and other financial information that you do not want to save; LOrder a credit report once a year from each of the three major credit bureaus to check for inaccuracies and fraudulent use of accounts; and LAvoid providing any personal information over the telephone unless you initiated the call, and be aware that individuals and business contacted via the Internet may misrepresent themselves. Should an individual become the victim of identity theft, the Secret Service recommends the following steps: LReport the crime to the police immediately and get a copy of the police report; LImmediately notify your credit card issuers and request replacement cards with new account numbers. Also request that the old account be processed as ``account closed at consumers' request'' for credit record purposes. Ask that a password be used before any inquiries or changes can be made on the new account. Follow up the telephone conversation with a letter summarizing your requests; LCall the fraud units of the three credit reporting bureaus, and report the theft of your credit cards and/or numbers. Ask that your accounts be flagged, and add a victim's statement to your report that requests that they contact you to verify future credit applications. Order copies of your credit reports so you can review them to make sure no additional fraudulent accounts have been opened in your name; LNotify the Social Security Administration's Office of Inspector General if your Social Security number has been used fraudulently; LFile a complaint with the Federal Trade Commission (FTC) by calling 1-877-ID-THEFT or writing to them at Consumer Response Center, Federal Trade Commission, 600 Pennsylvania Ave. NW, Washington, DC 20580. Their web site can also be accessed at www.ftc.gov/ftc/complaint.htm; and LFollow up with the credit bureaus every three months for at least a year and order new copies of your reports so that you can verify that corrections have been made, and to make sure that no new fraudulent accounts have been established. CONCLUSION For law enforcement to properly prevent and combat identity theft, steps must be taken to ensure that local, state and Federal agencies are addressing victim concerns in a consistent manner. All levels of law enforcement should be familiar with the resources available to combat identity theft and to assist victims in rectifying damage done to their credit. It is essential that law enforcement recognize that identity theft must be combated on all fronts, from the officer who receives a victim's complaint, to the detective or Special Agent investigating an organized identity theft ring. The Secret Service has already undertaken a number of initiatives aimed at increasing awareness and providing the training necessary to address these issues, but those of us in the law enforcement and consumer protection communities need to continue to reach out to an even larger audience. We need to continue to approach these investigations with a coordinated effort--this is central to providing a consistent level of vigilance and addressing investigations that are multi-jurisdictional while avoiding duplication of effort. The Secret Service is prepared to assist this committee in protecting and assisting the Nation's largest growing population segment, with respect to the prevention, identification and prosecution of identity theft criminals. Mr. Chairman, that concludes my prepared remarks and I would be happy to answer any questions that you or other Members of the Committee may have. Chairman GEKAS. We thank the gentleman, we turn to the next witness, Mr. Ashley. STATEMENT OF GRANT D. ASHLEY, ASSISTANT DIRECTOR, CRIMINAL INVESTIGATIVE DIVISION, FEDERAL BUREAU OF INVESTIGATION Mr. ASHLEY. Thank you, Mr. Chairman and Members of the Subcommittee. The FBI, along with Federal, State, and other agencies investigates persons who assume the identities of others to carry out violations of Federal law. These crimes include bank fraud, credit card fraud, violent crimes, mail fraud, money laundering, drug trafficking, bankruptcy fraud, computer crimes, terrorism, organized crime, and fugitive cases. These crimes, as has been previously mentioned, include the use of false identity, both at the planning of as well as carrying out and continuation of the crime. The false identity is providing a cloak of anonymity for the offender to prepare their crime, obtaining things such as covert mail drops, residence, office space, vehicles, and such, and then, finally, to carry on with the deception. This theft of identity or assumption of identity is not new to law enforcement. What is new is the pervasiveness through all the crimes. We are seeing it throughout most of our investigative programs in the FBI. We do not see it as a separate and distinct crime in the FBI, but it is a component of the various investigative programs. As has been previously mentioned, possession of a Social Security number is key to laying the groundwork for the process of taking over someone's identification and then obtaining other false documents, which can lead to drivers' licenses, loans, credit cards, and so on. It is also a crucial step in actually taking over a person's existing identity and then possibly, as has been mentioned before, depleting people's financial accounts, destroying their credit, and so on. The FBI works very closely with other law enforcement agencies at the Federal, State, and local level to address crimes which are carried out through the use of stolen identities, as well as with the Inspector General of the Social Security Administration. The FBI has participated in a recent identity theft sweep, which the Attorney General discussed earlier in May, as well as efforts to strengthen existing Federal laws and penalties with respect to identity theft. I believe that is in Senate bill 2541. I was asked to provide an example of a case. Our New York division investigated the identity theft of six corporate executives, whose names were drawn from ``Who's Who in America.'' Three of them were deceased. This case has been adjudicated. The victims were executives from Hilton, Coca- Cola, other major corporations. Essentially through an online information-broker, the offender obtained Social Security numbers and then other identification, and then made online purchases and others, using these persons' names. The total attempted amount was almost $1 million, and I think about $340,000 was obtained before this was shut down. We are also seeing where people in positions of trust, both inside government and outside, are abusing their positions to access information about people that they can subsequently use for obtaining false identification. Our cyberdivision, which was recently created in our reorganization, will have a component of it that will address online identity theft issues, which will support our other investigative programs. That concludes my remarks. [The prepared statement of Mr. Ashley follows:] Statement of Grant D. Ashley, Assistant Director, Criminal Investigative Division, Federal Bureau of Investigation Good afternoon Chairmen and Members of the Subcommittees. On behalf of the Federal Bureau of Investigation (FBI), I would like to express my gratitude to the Subcommittees for affording us the opportunity to participate in this forum and to provide comment regarding preserving the integrity of Social Security numbers and preventing their misuse by terrorists and identity thieves. As the Subcommittees are well aware, the FBI, along with other Federal law enforcement agencies, investigates individuals who use the identities of others to carry out violations of Federal criminal law. These crimes include bank fraud, credit card fraud, wire fraud, mail fraud, money laundering, bankruptcy fraud, computer crimes, terrorism, organized crime, and fugitive cases. These crimes, carried out using a stolen identity, make the investigation of the offenses much more complicated. The use of a stolen identity enhances the chances of success in the commission of almost all financial crimes. The stolen identity provides a cloak of anonymity for the subject while the groundwork is laid to carry out the crime. This includes the rental of mail drops, post office boxes, apartments, office space, vehicles, and storage lockers as well as the activation of pagers, cellular telephones, and various utility services. Identity theft is not new to law enforcement. For decades fugitives have changed identities to avoid capture, and check forgers have assumed the identity of others to negotiate stolen or counterfeit checks. What is new today is the pervasiveness of the problem. The FBI does not view identity theft as a separate and distinct crime problem. Rather, it sees identity theft as a component of many types of crimes which we investigate. The recent ``sweep'' of identity theft prosecutions that the Attorney General announced on May 2, 2002, reflects how widespread identity theft has become and how it is associated with a wide range of criminal activities. The sweep involved 73 criminal prosecutions against 135 individuals in 24 districts. The crimes charged in these cases involving identity theft ranged from traditional fraud to murder. In one indictment in the Northern District of Illinois, for example, the defendant, who was facing Federal counterfeiting charges, allegedly murdered a homeless man and tried to fake his own death by making it look as though the deceased victim was the defendant. Other cases involved defendants who allegedly located houses owned by elderly citizens and assumed their identities in order to fraudulently sell or refinance the properties; a defendant charged with selling Social Security numbers on eBay; and a hospital employee allegedly stole the identities of 393 hospital patients to obtain credit cards using the false identities. This sweep, it should be noted, was the first part of a two-pronged strategy by Federal law enforcement to combat identity theft. The second prong involves efforts to strengthen existing Federal identity theft criminal statutes. Under S. 2541, which the Administration strongly supports, sentencing in a wide range of cases involving identification document fraud would be subject to a mandatory two-year enhanced penalty (over and above the sentence that would otherwise apply in a particular case). S. 2541 also would amend 18 U.S.C. 1028(b)(2) to increase the maximum imprisonment for a section 1028(a)(3) offense from three to five years, and would otherwise broaden the reach of the identity theft offense. In addition, S. 2541 specifically would allow judges the discretion to impose consecutive sentences in cases involving multiple counts of aggravated identity theft, and it authorizes the Sentencing Commission to issue guidelines and policy statements governing the exercise of such discretion. We believe that these changes, if enacted, would go a long way to strengthening the penalties that could apply when defendants are dealing in multiple identification documents. Possession of someone else's Social Security number is key to laying the groundwork to take over someone's identity and obtain a driver's license, loans, credit cards, cars, and merchandise. It is also key to taking over an individual's existing account and wiring money from the account, charging expenses to an existing credit line, writing checks on the account or simply withdrawing money. The FBI works closely with other law enforcement agencies at the Federal, state and local level to address crimes which are carried out through the use of stolen identities. This includes working closely with the Social Security Administration's (SSA) Office of Inspector General to confirm the authenticity (i.e., the existence or non existence, of Social Security numbers being utilized by criminals).\1\ Our Detroit and St. Louis offices participate in official task forces established specifically to investigate crimes involving identity theft. In Memphis and Mobile, official task forces are being created and our offices will be participating in these task forces which will specifically investigate crimes involving identity theft. Numerous field offices have task forces that investigate various financial crimes which include an element of identity theft. Other offices simply address the crimes the FBI has always investigated, but now include an element of identity theft. --------------------------------------------------------------------------- \1\ In addition to the SSA's Office of Inspector General, the Federal Trade Commission and the United States Secret Service, among others, do important work in combatting identity fraud at the Federal level. --------------------------------------------------------------------------- A number of identity theft related problems are being seen by law enforcement that are caused by people in trusted positions within a business or government office that misuse the personal identifying information to which they have access. Additionally, people are improperly obtaining Social Security numbers without any legitimate access. Increases in security features on Social Security cards, alone, would not solve this problem as an actual card is seldom required for verifying someone's Social Security number. However, additional security and safeguards of the actual Social Security numbers could have a substantial impact. One case under investigation by one of our offices in conjunction with the U.S. Postal Inspection Service involves an individual who obtained personal identifying information such as the names, and dates of birth of attorneys in the Boston area from the Martindale-Hubbell directory of attorneys. Using this information, his co-conspirator visited the Massachusetts Bureau of Vital Records which has an open records policy and was able to obtain copies of birth certificates of his victims. According to interviews with the defendants, using the combined information, they were able to contact the Social Security Administration and obtain the victims' Social Security numbers. Once they obtained the Social Security numbers, they were able to order credit reports and look at the credit scores for these victims to determine their creditworthiness and where accounts already existed. Using this information they were able to make pretext calls to at least one bank and obtain the account number. This enabled them to wire transfer $96,000 from one of the victim's bank accounts, half of which went to a casino and the remainder went to one of the subject's personal accounts. One of these suspects also added authorized users to the victims' credit card accounts and ordered emergency replacement cards which were sent to them by overnight delivery. At the time of arrest, this individual was found to be in possession of at least 12 different license or identification cards from three states and at least four or five credit cards, all in the names of the victims whose identity he had stolen. Although there are a number of enabling flaws in the system, including open records policies in some states, there was also an apparent lack of verification by the Social Security Administration as to whether or not the person armed with the information and requesting the Social Security number was truly the person to whom the Social Security number belonged. One of our field offices is currently investigating a case whereby Social Security numbers for children of various ages have been sold to individuals with bad credit for future use in obtaining credit. It is unknown at this time as to how these numbers were obtained. However, individuals who obtained these numbers acted as middlemen. As part of the sale of the Social Security numbers to the actual users, they formed companies which they used to falsely report positive credit information on these Social Security numbers to the credit reporting agencies. Such information included loan payoffs and information on other fictitious credit accounts which were paid off. This information boosted the user of the number's credit history and thereby the user's credit score. Next the users applied to legitimate credit issuers, including mortgage companies and were able to obtain credit. The users were instructed they could use their true names with these Social Security numbers, but not to use any previous addresses or other information similar to their previous credit record that could cause the credit reporting agencies to possibly merge their old and new credit files. Since the victims are children and are not applying for any credit, they are not aware their Social Security numbers were used in this way. As a result, these victims are not filing any complaints with law enforcement, the credit reporting agencies or any of the defrauded creditors. When these victims later become old enough to attempt to establish credit, they will learn about this activity. A case our New York office investigated included the use of the personal identifying information of six prominent executives, three of whom were deceased. Although this information was not received directly from the Social Security Administration, using the names of these deceased executives, this individual, who was later convicted, paid Internet information brokers to obtain these executives' Social Security numbers. After obtaining their Social Security numbers, he fraudulently obtained bank account and credit card numbers as well as other personal identifying information for these executives. He then impersonated these executives and purchased diamonds and Rolex watches over the Internet, and either wire transferred money from one of his victim's bank accounts or used one of his victim's credit card numbers. This individual had ordered approximately $730,000 in diamonds and Rolex watches but was only able to take delivery on just over half of this merchandise. There needs to be some serious review of the availability of personal identifying information, including the Social Security number, over the Internet, especially through these types of information brokers who can provide this information for a fee. Like some other States, Hawaii utilizes the drivers' Social Security number as its drivers license number. One significant case in our Honolulu field office, operation CARD SHARKS, was a financial institution fraud investigation that also targeted businesses dealing in the production of false identifications. Several of the subjects identified during the investigation utilized stolen Hawaii driver's licenses, including real identities and Social Security numbers to make their false identifications. These individuals then opened bank accounts under their assumed names to commit financial institution fraud. Other aspects of this investigation included subjects who utilized real names and addresses, but would make up Social Security numbers to commit their crimes. This was a joint investigation with Federal and local law enforcement that resulted in seventeen indictments. Search warrants were executed on six different locations and all six sites had evidence of violations of Title 18, United States Code, Section 1028. As far as terrorism matters are concerned, since December 2001, the Social Security Administration has provided prompt support to the FBI's Terrorist Financing Operations Section's initiative of identifying misuse of Social Security numbers. The FBI has been taking Social Security numbers identified through past or ongoing terrorist investigations and providing them to the Social Security Administration for verification. This multi-phase project seeks to identify potential terrorist related individuals through Social Security number misusage analysis. Once the validity or non-validity of a Social Security number has been established, investigators look for misuse of Social Security numbers by checking immigration records, Department of Motor Vehicle records, and other military, government, and fee-based data sources. Incidents of Social Security number misusage are separated according to type and forwarded to the appropriate investigative and prospective entity for follow-up. With assistance from the Social Security Administration, approximately 150 instances of potential Social Security number misusage have been identified. Each identified instance of potential Social Security number misuse must be resolved through field investigation. This process is continuing with ongoing investigations. The Social Security Administration's information should have very stringent limitations placed on its access and availability to the general public. However, we must be careful not to make it more difficult for law enforcement to conduct their investigations and access this information. There appears to be a need for various businesses, including the banking community, as well as government agencies to run verifications of the legitimacy of Social Security numbers used by individuals when conducting business. However, this could be accomplished without providing broad access to the universe of Social Security numbers. In addition to these general concerns, there are some other, more specific potential issues involving access to Social Security Administration information that I would prefer not to discuss in open session so as not inadvertently to aid potential criminals. Mr. Chairmen and Members of the Subcommittees, that concludes my prepared remarks. I would be happy to attempt to answer your questions at this time. Chairman GEKAS. Thank you, Mr. Ashley. We now turn to Mr. Huse, the Inspector General of Social Security. STATEMENT OF THE HON. JAMES G. HUSE, JR., INSPECTOR GENERAL, SOCIAL SECURITY ADMINISTRATION Mr. HUSE. Good afternoon, Mr. Chairman, Mr. Johnson, and Members of both Subcommittees. I am pleased to be back here for the seventh time to talk about Social Security number integrity issues this year. So, I guess this is a pretty important topic. Chairman GEKAS. You have to get it right this time. [Laughter.] Mr. HUSE. I will get it right this time. [Laughter.] Mr. HUSE. I am going to dispense with most of these oral comments because I think they've been made by others and just try to sum my testimony up into some key points. One, I think as you heard from our Deputy Commissioner, the Social Security Administration has made an awful lot of progress since September 11 in dealing with the enumeration business process and trying to strengthen it. I have to acknowledge that. However, there are still some things that have to be done. One of the most critical areas is the need for some legislation, and I know Chairman Shaw has his bill introduced, and that would be a big help. The legislation we need would limit the use and display of the Social Security number already in circulation in the public and private sectors; enhance the present arsenal of criminal, civil, and administrative penalties to deter and/or punish identity thieves; and require cross-verification of Social Security numbers through both governmental and private sector systems of records to identify and address those anomalies that will come out of that process. This is the most common-sense way and readily available way to bring back some integrity into the Social Security number without a lot of new bureaucracy. I can't urge anything more. That is what I really came to say this afternoon. I think that there has been a significant amount of focus on these issues, but we come to a point where there is a natural dilemma that is present between the legitimate interests of law enforcement and the legitimate interests of social insurance and privacy. These all collide, and we need the Congress's help in determining how we go forward from here, while we preserve the best intentions of each of those pieces of legislative action in the past. There is a tension there, and it can't be ignored. Some of the problems that we speak to here today come from those issues that need to be addressed. That is the substance of why I came here this afternoon, and I would be glad to answer any questions during the question period. [The prepared statement of Mr. Huse follows:] Statement of the Hon. James G. Huse, Jr., Inspector General, Social Security Administration Introduction Good afternoon, Chairman Shaw, Chairman Gekas, Ranking Member Matsui, Ranking Member Jackson Lee, and Members of the Subcommittees on Social Security and Immigration, Border Security, and Claims. I welcome the opportunity to be here today to discuss homeland security as it relates to the integrity of the Social Security number (SSN). This is my seventh appearance before a congressional hearing this year to discuss the importance of extending protections for SSN integrity, and I cannot bring this message to Congress too often. My testimony today follows up my June 25th testimony before Chairman Gekas, Ranking Member Jackson Lee, and Members of the Subcommittee on Immigration, Border Security, and Claims. Today I would like to examine further the role SSN fraud plays in crime and terrorist activity, and some methods by which criminal fraud is executed utilizing stolen or fraudently-obtained SSNs. The problem of SSN fraud as it applies to terrorist activities can be very different from using the SSN for illicit gain. Let me focus on the challenge of homeland security, because while the financial crimes involving SSN misuse are also serious, they are perhaps less deadly and yet better known to Congress. Both aspects are part of the growing phenomenon of false identity, and both call for protecting the integrity of the SSN. Let me say at the outset that the Social Security Administration (SSA) has worked very hard in recent years and made significant progress in strengthening the defenses of the SSN, implementing important suggestions our office has made and working with us to find solutions. There is more to be done, and it includes legislative action. Our audit and investigative work identifies three distinct approaches to SSN integrity for which legislation is critically needed. The first area is limiting the use and display of the SSN already in circulation in the public and private sectors. Second, the present arsenal of criminal, civil, and administrative penalties is clearly insufficient to deter and/or punish identity thieves. The third approach is requiring the cross-verification of SSNs through both governmental and private sector systems of records to identify and address anomalies in SSA's files, and in data bases at various levels of government and the financial sector. I will discuss these further below. The Risk to Homeland Security In calendar year 2000 alone, SSA issued approximately 1.2 million SSNs to non-citizens, out of some 5.5 million SSNs issued in all. A recently conducted Office of Inspector General (OIG) study indicates that 8 percent (about 96,000) of those 1.2 million SSNs were based on invalid immigration documents, which SSA processes did not detect. We have no way of determining how many SSNs have been improperly assigned to non-citizens. The issuance of SSNs based on invalid documentation creates a homeland security risk. My office has participated in 24 airport security operations across the country with the Department of Justice (DOJ) and its Joint Terrorism Task Forces and other Federal agencies since the 9/11 terrorist attacks a year ago. The aim is to ensure that no airport employee who has misrepresented his or her SSN and identity has access to secure areas of the Nation's airports. OIG's focus in airport security operations has been SSN misuse and false statements. Hundreds of people have been arrested to date, and more importantly, have been denied access to the secure areas that represent a significant vulnerability to terrorism. Immediately after the terrorist attack of September 11, 2001, we sought to determine if and how the hijackers might have obtained SSN's. We may never know with absolute certainty how many of the 19 hijackers of September 11th used improperly obtained SSNs, or how they obtained them. The investigation into the events of that day, and related work, revealed the importance of the SSN in any attempt at assimilation into American society. Today, it is unrealistic to believe that the SSN is simply a number for tracking workers' earnings and the payment of social insurance benefits. The SSN has become the de facto national identifier. Protecting the integrity of that identifier is as important to our homeland security as any border patrol or airport screening. Let me give you an example of this threat from a case that is just completing the sentencing phase. The Anti-Terrorist Task Force arrested a naturalized American citizen who had trained with Palestinian guerrilla groups in Lebanon since he was 12 years old. He was carrying a loaded semi-automatic pistol and an assault rifle in the back seat of his car, along with four loaded 30-round magazines for the rifle and hundreds of rounds of additional ammunition. In his home were a calendar with September 11th circled in red, three different Social Security cards in his name, a false Alien Registration Card, evidence of credit card fraud and $20,000 in cash, as well as a wood carved plaque with the name of the terrorist group ``Hamas'' on it. We determined he had obtained the three different SSNs from SSA by falsifying two of his three SSN applications. He had used them to get jobs as a security guard and as an employee with the multi-billion- dollar Intel Corporation, when a criminal history check would have kept him from getting either job under his true identity. Failure to protect the integrity of the SSN has enormous financial consequences for the Government, the people, and the business community. We must protect the number that has become our national identifier and the key to social, legal, and financial assimilation in our country. It is becoming more and more apparent that those connected with terrorism will at some point obtain SSNs. They may buy them, they may create them, or they may obtain them from SSA directly through the use of falsified immigration records. But to operate in the United States, they need those numbers, and we must take those steps necessary to ensure that those numbers do not come from SSA. While SSA alone cannot solve the complicated problem of homeland security, no government agency, system or policy should be ignored. Congress and SSA, as public stewards, must continue their efforts to strengthen the systems and processes that minimize the use of SSNs for illegal purposes. SSN integrity is a link in our homeland security that must be strengthened and sustained. Federal Interagency Coordination and Cooperation You have asked that I comment on Federal interagency coordination and cooperation to verify identification documents and to detect and prevent fraud. We recently issued a Management Advisory Report entitled Social Security Number Integrity: An Important Link in Homeland Security. This report said it is critical that SSA independently verify the authenticity of the birth records with States, immigration records with Immigration and Naturalization Service (INS), as well as other identification documents presented by an applicant for an SSN. Additionally, in other reports, we have urged full and expedited implementation of a joint Enumeration at Entry program in which the Agency would issue SSNs to non-citizens upon their entry into the United States, based on information obtained from INS and the Department of State. Until September 11th, SSA had limited success encouraging INS to move quickly on these planned initiatives. We continue to work with other Federal officials to ensure that we are doing all that we can to assist the DOJ and others to use SSN information in the homeland security context. We are in constant contact with these Federal officials and agencies and with other committees of both houses of Congress to provide expertise and assistance in the analysis of data and the creation of legislation aimed at protecting the SSN and preventing it from being used improperly. We appreciate your interest in these issues, and your support of increasing cooperation, coordination, and information sharing between SSA and the Departments of Justice, State, and Treasury. Legislative Proposals to Combat SSN Misuse and Protect Privacy Let me take this opportunity to recommend some legislative proposals aimed at combating SSN misuse and protecting privacy. While no legislation can eradicate SSN misuse and identity theft altogether, the criminal penalties that exist today are clearly insufficient to either deter or punish identity thieves. Members of both houses of Congress have introduced legislation over the past several years to deal with the national dilemma presented by SSN misuse and identity theft. The felony provisions of the Social Security Act have no civil or administrative counterparts. Federal prosecutors cannot pursue every SSN violation criminally, or even civilly. We have found the Civil Monetary Penalty program to be an effective tool in the similar area of program fraud, and could have a useful impact in the area of SSN misuse if Congress would grant us such authority. We have asked before, and I ask again--vest in us the authority to impose penalties against those who misuse SSNs. We also believe it is time to consider enhancing the penalties for identity theft violations. Congress should also move beyond the penalties for the improper use of another person's identity to address the problem of selling SSNs and other Social Security information. We should strengthen the laws on sales and enhance the sentencing guidelines to allow us to better address this aspect of identity theft today. Congress might consider something on the order of escalating penalties, perhaps parallel to the treatment of drug cases. Controlling SSNs in Circulation Another area in which legislation is sorely needed is in limiting the use and display of the SSN in the public and private sectors. Although we cannot return the SSN to its simple status of a half- century ago, we must take steps to limit its use and to limit the expansion of its use. First and foremost, it is time to make the difficult determinations as to those uses that are appropriate and necessary, and those that are merely convenient. One easy decision can be made now. The public display of SSNs--on identification cards, motor vehicle records, court documents, and the like--must be curtailed immediately. Those who use the SSN must share the responsibility for ensuring its integrity. We can prevent identity thieves and other criminals from walking out of a municipal courthouse with the means of committing state-facilitated identity theft. The cost to the victims of identity theft, and to all of us, is too great. And the potential for using SSNs to support acts of violence and terrorism is unthinkable. Congress should consider requiring the cross-verification of SSNs through both governmental and private sector systems of records to identify and address anomalies in SSA's files, and in data bases at various levels of government and the financial sector. Only in such a way can we combat and limit the spread of false of identification and SSN misuse. In this way can we correct errors on a timely basis that might otherwise keep workers from receiving full credit for years of labor, credit that can be nullified by simple typographical errors in submitting their data. Similarly, all law enforcement agencies should be provided the same SSN cross-verification capabilities currently granted to employers. The rewards of cross-verification can be great, and it does not require major expenditures of money or the creation of new offices or agencies. It would use data the Federal, State and local governments and the financial sector already have. I have come before you today not only to report on what has been done so far, but also to ask that Congress instruct us on the path to follow in resolving conflicts of law and policy. We face contradictions among serious and legitimate interests regarding the sharing of information between agencies--and, indeed, often within a single agency--and privacy, and between Federal laws pertaining to immigration and our Nation's economic interests. In this vein, I would urge Congress to examine whether sufficient authority--and, indeed, requirement--for data-sharing exists in current law. In recent months, SSA has sent about 800,000 letters to employers and some 7 million letters to workers in an attempt to clean up discrepancies created when employers submit employee names and SSNs which do not match information in SSA files. SSA provides the Internal Revenue Service (IRS) with information on the employers with the highest volume of discrepancies, because only the IRS can levy penalties. SSA has no authority to levy penalties when employers submit invalid name and SSN combinations. SSA does not have a similar process in place to share this mismatched data with the INS. As we have learned since September 11 of last year, agencies must be able to share information that can make linkages that will help head off threats and enforce our laws. That authority must be made clear in statute. We still need legislation that regulates the use of the SSN and provides enforcement tools to punish its misuse. If we are to head off the many crimes identity theft breeds--the fraud against public and private institutions, the ruin of people's security, possibly even the disguising of terrorists as ordinary people--we need legislation with provisions such as: LRestrictions on the private and governmental use of SSNs. This should include restrictions on the sale of SSNs by governmental agencies, prohibition of the display of SSNs on government checks and driver's licenses or motor vehicle registrations, and some prohibitions of the sale, purchase, or display of the SSN in the private sector. LProhibitions of prison inmate access to SSNs. LRestrictions on unfair or deceptive acts or practices, such as refusals to do business without receipt of an SSN. LConfidential treatment of credit header information. Two Small Changes in Existing Law Would Strengthen SSN Integrity We have recently had several cases in which an individual with a legitimate SSN sells that SSN to a third person. The seller may or may not then go to SSA and request a replacement Social Security card. This furthers the phenomenon of false identity. The issue is this: how can we charge the individual who sells his SSN? The identity theft statute forbids the use of another person's means of identification without lawful authority. Likewise, the Social Security Act prohibits a person from presenting another person's SSN as his or her own. It does not appear to address the situation of a person selling his or her own SSN to a third person. We are currently researching whether there is a criminal statute such as conspiracy or aiding and abetting that may be applicable. We are also looking at whether such people may be prosecuted for making false statements if they return to SSA and request a replacement card. Legislative action should resolve this problem. A suggested solution may be to amend section 208 of the Social Security Act, 42 U.S.C. 408, to add a subsection prohibiting the sale of an individual's SSN by that individual. SSA assigns an individual a unique SSN to accurately track the wages and earnings of the individual. SSA regulations state that ``Social Security number cards are the property of SSA and must be returned upon request.'' Such language should also apply to the number itself. The SSN was not meant to be the property of the individual it identifies, and its sale by any person, including the persons identified by the number, should be made illegal. I would mention one other problem that could be easily remedied with minor changes in the law. Current language in 18 U.S.C. Sec. 1028 primarily addresses fraud in connection with identification documents. It has been a problem to proceed under the statute when we arrest someone with a sheet or printout of, say, 50 to 100 SSNs as these SSNs are not technically on a Social Security card. Therefore, in any amendment or new legislation put forth, I would urge you to address both the Social Security card and SSN. SSNs, Immigrants, and the Earnings Suspense File SSA's Earnings Suspense File (ESF) is an indicator of the problem. The ESF is the Agency's record of annual wage reports submitted by employers for which employee names and SSNs fail to match SSA's records. Most immigrants--about 75 percent--come to the United States legally, many to join close family members. However, INS estimated the illegal immigrant population reached about 5 million in 1996, not including the 3 million who were given amnesty under the Immigration Reform and Control Act of 1986. INS estimates the number of undocumented (i.e., illegal) immigrants continues to grow by about 275,000 each year. To acquire an SSN improperly, undocumented immigrants either apply for a ``legitimate'' SSN using false documents, or they create or purchase a counterfeit Social Security card. Since an undocumented immigrant is not required to show a Social Security card prior to hiring, he or she may simply invent a nine-digit number. These are all criminal acts. This SSN may be one the Agency has already assigned to another individual (stolen SSN) or one never assigned (fake SSN). SSA acknowledges that illegal immigrants account for a significant portion of items in the ESF. Three industries--agriculture, food and beverage, and services--account for almost half the wage items in the ESF. Agriculture is the largest contributor, representing about 17 percent of all ESF items. In one study of 20 agriculture employers, we determined that 6 of every 10 wage reports submitted by these employers had incorrect names or SSNs. From 1996 through 1998, these 20 employers submitted over 150,000 wage items for which the employee's name and/or SSN did not match SSA records, representing almost $250 million in suspended wages over the 3-year period. A moment ago, I discussed SSA's letters to employers and workers aimed at clearing up discrepancies in the ESF. As I noted, SSA has no legal authority to levy fines and penalties against employers or employees who submit incorrect SSN information on wage reports. As provided by law, SSA must rely on the IRS to enforce penalties for inaccurate wage reporting and upon the INS to enforce immigration laws. IRS has been reluctant to apply penalties, and SSA and the INS have had limited collaboration on the issue. Applying penalties would have a ripple effect on employers who consistently submit wage reports for employees whose names and SSNs do not match SSA's records. Although SSA is primarily interested in penalizing the most egregious employers, IRS staff expressed concern with the application of even these penalties. IRS senior staff members believe they and SSA would have a difficult time determining whether an employer exercised appropriate diligence in obtaining the necessary information from employees. We believe SSA could provide the IRS with sufficient evidence to show an employer knew or should have known its employees' SSNs were incorrect. Despite the concerns of IRS, the two agencies held discussions to explore the enforcement of an existing penalty provision ($50 per incorrect wage report) for employers who repeatedly submit erroneous name and/or SSN information. In calendar year 2000, based on this agreement, SSA provided a list of 100 of the most egregious employers to the IRS. These employers submitted the largest number of name/SSN match failures in consecutive years. The IRS expressed interest in the listing but, to date, has not assessed penalties. SSA's coordination with the INS has been minimal. For example, SSA does not provide the INS a list of employers who repeatedly submit erroneous name and/or SSN information. In a previous audit report, we recommended that SSA: (1) Lcollaborate with INS to develop a better understanding of the extent that immigration issues contribute to SSN misuse and growth of the ESF, and (2) Lre-evaluate its application of existing disclosure laws or seek legislative authority to remove barriers and allow SSA to share with the INS information regarding employers who chronically submitted incorrect wage reports. SSA disagreed with our recommendations and stated that its interpretation of the privacy and disclosure issues is accurately applied and continues to provide appropriate disclosure guidance within existing authority. The intent of our recommendations was to suggest that the Agency look for avenues under current law and regulations first before seeking legislative authority. We acknowledge SSA's efforts to combat SSN misuse and reduce the ESF's growth. However, given the magnitude of SSN misuse by unauthorized non-citizens, we continue to believe SSA should take preemptive and preventive measures to ensure the SSN's integrity. We continue to believe that the sharing of such information in certain situations would stem the growth of SSN misuse for employment purposes. The Fruits of Illegal Labors SSA allows an individual to present evidence of a work history on a non-work SSN or as an illegal alien, and to receive credit for the work towards Old-Age, Survivors and Disability Insurance (OASDI) benefits. SSA provides these benefits to people based upon their lifetime earnings reported under a valid SSN. The number of quarters of earnings maintained on the ESF determines whether an individual has enough credits for insured status. SSA creates a work history for all individuals with a valid SSN, even when: Lthose earnings are based on a non-work SSN, or Lthose earnings are added later for an individual who was in the country illegally at the time of earnings but who subsequently becomes eligible for a valid SSN. As long as an individual can prove that earnings belong to him or her, SSA will provide earnings credits to that individual. Once these earnings are recorded, these individuals are essentially treated as any other individual applying for OASDI benefits. One problem is the widespread use of non-work SSNs by people who work in the economy illegally. The earnings from illegal work from these people is recorded directly in the SSA claims systems for their future credit. In our September 1999 report, Review of Controls Over Non-work Social Security Numbers (A-08-97-1002), we estimated that unauthorized earnings associated with non-work SSNs may have already cost SSA's trust funds $287 million, and could cost the trust funds as much as $63 million annually. In our report, we recommended that SSA propose legislation to prohibit the crediting of non-work earnings and related quarters of coverage for purposes of benefit entitlement. In addition, people who are in the country illegally and working under a created SSN, or misusing someone else's SSN, can later rebuild their earnings record from wage items posted to the ESF. In such a case, an individual could work illegally in the United States for 25 years, later request and receive a valid SSN, and then ask SSA to locate those suspended earnings that SSA could not post due to an invalid name/SSN combination. Once found, SSA can reinstate these earnings to this individual's earnings record. The individual claiming the wages would only need to provide corroborating documents, such as relevant wage reports, for the period of claimed earnings. These newly posted earnings can then be used to make the individual eligible for OASDI benefits. Our reviews of the suspended wages in the ESF suggest that illegal work is the primary cause of suspended wages. These claims represent a future obligation to the SSA that is growing at a rapid rate. Under current SSA procedures, workers who are subsequently issued a legal residency card under an amnesty or other INS procedures can subsequently recover most of these wage claims. In addition, we do not have a good number for illegal aliens receiving work credits. We routinely identify some of them through our audits and investigations, but these are not all-encompassing. For example, in a recent report, we projected that almost 100,000 non- citizens obtained SSNs in calendar year 2000 with false documents. Approximately 42 percent of those had earnings posted to their accounts, thereby receiving work credits. Nonetheless, this figure does not take into account any future wages these 100,000 may earn. Furthermore, the 100,000 figure does not include illegal aliens using other people's SSNs for work purposes and whose earnings either end up in the ESF or incorrectly posted to the legitimate number-holders' accounts. SSA has recently changed its policies governing the issuance of non-work SSNs so that it is likely that fewer than 30,000 non-work SSNs will be issued in 2002. However, many non-work SSNs remain in circulation. Prior to the recent curtailment, SSA had issued roughly 7.3 million non-work SSNs since 1974. Viewed another way, although such aliens may be residing and working illegally in our country, they are doing work for pay, they are paying taxes, and they are accumulating earnings records with SSA in the same manner as legal workers. SSA's policy of allowing such workers who subsequently obtain bona fide SSNs to recreate their files so as to capture the fruits of their labors are drawn from the agency's mission, history, and understanding of the Social Security Act, rather than from a lack of concern for immigration law. Here, once again, I submit that we are in need of this body's guidance to resolve a dilemma of legitimate interests. We find ourselves stuck in a quagmire of contradictory interests that has resulted in the absense of clear, controlling laws and regulations, or in the ignoring of those laws and regulations that do exist. Conclusion We believe SSA has a clear and important role in homeland security. We appreciate your interest in these issues, and your support of increasing cooperation, coordination, and information sharing between SSA and the Departments of Justice, State, and Treasury. We believe our earlier recommendations and legislative proposals should be considered in any future discussion on homeland security. It is also important that we be able to reduce the growth of the ESF, and I commend SSA for the efforts it has made. More needs to be done, even though the ESF problem is more a symptom of the undermining of SSN integrity rather than a cause of it. Finally, we need to change the current laws which allow illegal work to be used in obtaining Federal benefits. Ours is a Nation of laws, and those laws originate here. I ask for your help in clarifying and strengthening the laws, and toughening the penalties that are designed to improve the integrity of the SSN, which is a key component of homeland security. Thank you. Chairman GEKAS. We thank you, and now we turn to Mr. Reindl from New York. STATEMENT OF MATTHEW JAMES REINDL, OPERATOR, STYLECRAFT INTERIORS INC., GREAT NECK, NEW YORK Mr. REINDL. Chairman Gekas and Members, thank you for the privilege to testify today. My name is Matthew Reindl. I operate of a small family owned woodworking factory. I am here to speak for the tens of thousands of law-abiding small- businessowners who are being adversely affected, many forced to close, because of the illegal hiring practices of some of our competitors. These unlawful employers are able to operate because of the lack of enforcement by some Federal agencies, such as INS and IRS. On behalf of the majority of businesses who carefully comply with Federal tax and wage reporting requirements, I want applaud Commissioner Barnhart for directing the Social Security Administration to send out the much-publicized letters to employers and employees with mismatched W-2 wage items. If a mismatch of Social Security numbers is not a typo, it means that the person has false identification. The government has no idea who this person is, where this person came from, or what the person is doing in the country. We have no way of knowing if this undocumented person is a terrorist here with the intent to harm our Nation. In the wake of the September 11 murders, no American can oppose the Social Security Administration's need to share information with the INS. The INS needs to investigate those companies which knowingly employ illegal workers and penalize them. I hope that President Bush will require the other Federal agencies to enforce wage and labor laws so that my company will no longer have to compete from a disadvantage. Our company is a family business formed by my grandfather in 1951. It took him 20 years from when he entered the country legally to open a woodworking factory with the money he saved. With other legal immigrants at his side, he made the American dream happen. The factory was passed on to my father and now on to me, the third generation. Our company has employed Turks, Armenians, Haitians, Italians, Yugoslavians, and also a Jewish Holocaust survivor from Holland. The diversity of our shop makes our conversations lively. Many of my employees waited 5 to 7 years to enter our country legally. They did the right thing. They obeyed our laws. Now people who broke the law are keeping down their wages. They wonder why both the Federal and State governments refuse to enforce any laws when it comes to illegal immigrants. Our company pays withholding taxes and fair wages to our workers. We pay the entire cost of health insurance. However, with increasing competition from employers using illegal aliens, I fear we will not be able to provide health insurance to our employees. In fact, I may even be forced out of business. Unfortunately, my company has to compete with employers who are paying off the books and committing workers' compensation fraud, unemployment fraud, Federal and State tax fraud, and Social Security fraud. In my written testimony, I have created a simple illustration that compares the cost of a legitimate employer to that of a lawbreaking employer who pays $500 per week off the books. My example shows that the labor costs for the honest, law-abiding employer are roughly 80 percent higher than for the employers hiring illegal workers. Chairman and Members of the Subcommittee, Federal law prohibits anyone from hiring illegal aliens. Local governments, private and church organizations, are setting up so-called hiring sites so that legal and illegal immigrants can work off the books and disregard Federal and State laws. Long Island towns, such as Farmingville, Glen Cove, Freeport, Huntington, and Farmingdale, have these unorganized and organized hiring sites and many more are emerging. Without employment or the hope of employment, illegal aliens would not be tempted to enter our country in violation of our laws. Employers need to be prosecuted for hiring illegal workers, and legal immigrant workers need to believe that all employers respect our laws. I honestly believe that there are a growing number of businesses that hire illegal aliens. If there is no enforcement, that number will grow and grow and grow. The Federal Government cannot allow a criminal minority of employers to profit from illegal labor practices. It undermines the founding principles of our Nation. When employers ignore immigration law, it tends to lead to other laws being broken, such as Social Security fraud, workers' compensation fraud, and income tax fraud. Because of the lax enforcement from other agencies of government, honest, law-abiding employers are being punished. That concludes my testimony, and I look forward to your questions. Thank you. [The prepared statement of Mr. Reindl follows:] Statement of Matthew James Reindl, Operator, Stylecraft Interiors Inc., Great Neck, New York Mr. Chairman and Members of the Subcommittee: I am extremely honored, and I thank you for the privilege to testify at today's hearing. My name is Matthew Reindl and I am an operator of a small family owned woodworking factory. I am not a paid lobbyist, and I do not draw a salary from any political or social advocacy group. I believe I am speaking for the tens of thousands of law abiding small business owners, who are being adversely affected, many forced to close, because of illegal hiring practices of employers. I am thankful that President Bush has appointed someone to the Social Security Administration who has taken steps to have businesses comply with the law. On behalf of those tens of thousands of small businesses who carefully comply with Federal tax and wage reporting requirements, I want to applaud Commissioner Barnhart for directing the agency to send out the much publicized letters to employers and employees with mismatched W-2 wage items. A mismatch of Social Security numbers could mean two things. In many cases it could be a simple typographical error. Our company is familiar with this type of error. The correct number can be resubmitted to the Social Security Administration, and the problem will be solved. However, if it is not the case of a simple mix-up, it means that the person supplying the documents has falsified his or her identification, and neither the employer nor the government has any idea who this person is, or where this person came from or what this person is doing here in this country. We have no way of knowing if this unknown undocumented person is a terrorist here with the intent to destroy this Nation. If verifying Social Security numbers can prevent terrorism it is a necessity. In the wake of the 9/11 murders, no American can be opposed to the Social Security Administrations need to share this information with INS. INS needs to investigate those companies which knowingly employ illegal workers and penalize them. Our country has maintained rational laws for legal immigrants. Our immigration laws provide an organized procedure for people to enter our country legally and obtain legal employment. Our company has been employing legal immigrants with for more than fifty years. Seven of our ten current employees were legal immigrants when they joined us. In fact, our company's skilled workforce has been built by the positive effects of our immigration laws. The Reindl Family Business Many Americans emigrated from another country. Parents, grandparents, great grandparents made a journey for America and came for the opportunities America had to offer. My grandfather, who was a trained cabinetmaker, made that journey from Europe in 1930. Back in those days an immigrant had to be sponsored in order to enter our Nation legally, and thus he did so. He was a man that always obeyed the law and taught his family to respect the rules and laws of the country. In 1951, 20 years after he entered this country, he was bold enough to open a woodworking factory with the money he saved through the years. With other legal immigrants at his side he made the American dream happen. Hand in hand different cultures working together to fulfill many dreams. The factory was passed onto my father and now onto me, the 3rd generation. Today as it was 50 years ago I work with American citizens and legal immigrants. Our company has employed Turks and Armenians, Jamaicans and Haitians, Italians and French, Polish and Germans, Yugoslavians and Dutch, El Salvadorians and also a Jewish holocaust survivor from Holland. The diversity of our shop makes our conversations lively. It seems like a UN assembly meeting. Our employee with the longest longevity (25 years) is a Muslim immigrant from Turkey. The company went through all the legal channels to sponsor him. In addition to him, our company has sponsored other employees throughout the years. We work hard. And no job is too demeaning for anyone, including myself. I normally work at least 60 hours a week. This is what is required to run a small business. This is the strength of America. One thing I am grateful for is the fact that my grandfather instilled in my father excellent morals and taught him to always abide by the law. This philosophy too, was passed on to me. Our company has always paid its fare share of taxes and its fair share of salary. We do everything ethically and by the book. We also have always paid the entire cost for the employee's health benefits, years before others in our industry did. However, if illegal immigration continues to drive our selling price down, I fear we will not be able to provide health insurance to our employees in the future. In fact, I may even be forced out of business. The following is the diversified representation of the current employees in my shop. Ahmet LLegal immigrant now American citizen born in Turkey Luis LLegal immigrant from Colombia Alrick LLegal immigrant from Jamaica Chaplin LLegal immigrant from Jamaica John LAmerican born citizen Roberto LAmerican born citizen from Puerto Rico Borgdan LLegal immigrant from Croatia Krzystof LPolish legal alien under 1986 amnesty Mark Reindl LAmerican born family member Fred Reindl LAmerican born father of family Employer's Responsibility The INS has placed the responsibility of immigration enforcement on American employers. Every employer receives a handbook for completing form I-9, and in this handbook it states: L``Employment is often the magnet that attracts persons to come to or stay in the United States illegally. The purpose of the law is to remove the magnet by requiring employers to hire only citizens and aliens who are authorized to work here.'' This law requires that every newly hired employee and employer to fill out an I-9 and proper documentation must be verified by the employer. As a small business, we certainly know the requirements of the law and how to pick one from column A--OR--one from column B and one from column C. It is hard to believe that a big corporation with a professional staff cannot figure out how to fill this I-9 out. Stylecraft Interiors Inc. complies with these Federal laws: LVerify immigration status and complete Federal form I-9. LDeduct Federal income tax and process W-4 forms. LDeduct Social Security and Medicare contributions. LMatch Social Security and Medicare contributions. LPay Federal Unemployment Tax. Stylecraft Interiors Inc. also complies with these New York State Laws: LDeduct state income tax. LDeduct Disability Insurance. LPay New York State Workers Compensation Insurance. LPay New York State Unemployment insurance tax. LPay New York State disability insurance. LFill out State form N-96-2. And send that and a copy of W-4 or equivalent to the State. These are the labor laws that every New York State employer is required to obey. However, from the newspapers articles it is clear that a growing percentage of businesses are not complying. If laws are not enforced, even a greater number of businesses will not comply with these labor laws thus driving wages down. If the laws, which I just mentioned, were enforced and obeyed, I believe that there WOULD BE MUCH LESS ILLEGAL IMMIGRATION. I know people in my community are well aware that many day workers who are illegal aliens work for employers who are paying off the books and committing workers compensation fraud, unemployment fraud, Federal and State tax fraud, and Social Security fraud. Several years ago a hiring site emerged in Glen Cove, NY. In 1995 we lost two legal immigrant employees to this Glen Cove site. They both left our company because they made more money standing at the Glen Cove site, or street corner working off the books and not paying taxes. They told me they were clearing between $75 to $100 a day off the books, much more than what I could pay them after taxes. They where very happy that the local government set up a site where they would be hired illegally, and not pay into the tax system. When I asked about health insurance for their family they replied if I get sick, I go to the hospital and it is free. Organized and unorganized hiring sites are popping up on Long Island. Towns such as Farmingville, Farmingdale, Freeport and Huntington have these sites and many more are emerging. Bishop Murphy of the Roman Catholic Church has gone on record saying the Catholic Church will do everything it can to help establish day laborer sites. Local governments and Catholic Charity organizations seem eager to build them. Illegitimate contractors are not getting audited at these sites. Business owners and we the taxpayers foot the bill for our ex-employees health care. Also, the employers who hire illegal aliens are not paying into workers compensation insurance. When they get hurt, guess who pays the bill?--The law abiding business owner and taxpayer. I believe that the sole purpose of hiring sites is to try to indoctrinate the American people into believing that it is somehow legal for illegal aliens to be here and to be hired at these sites. I believe that the endorsement of any hiring of illegal aliens is an attack on our laws and on every single law abiding employer. All it is doing is undermining the labor laws of this great country. Economics of Illegal Labor Practices The contractors and factory owners that disregard immigration laws and disregard labor and insurance laws result in a profitable but illegal advantage over legitimate business owners who play by the rules. I am not an accountant but I do pay bills, and our company has prepared the following breakdown for a single person with himself as a dependent. It compares the cost of a legitimate employer to that of a lawbreaking employer who pays $500 per week off the books. Gross pay on the books would have to be $670 to net $500 because: Social Security & Medicare L$51.26 Federal withholding L$83.63 N.Y. State withholding L$35.62 N.Y. State disability L$00.60 This equals $499 net pay. Now the legitimate employer also has additional costs. He has to match Social Security, Medicare and pay New York State workers compensation and New York State unemployment insurance. Social Security & Medicare L$51.26 Workers Comp (+/-) L$50.25 N.Y. State unemployment (+/-) L $5.06 The legitimate employer is now paying $776.57 a week compared to $500 net pay ``off the books.'' This represents a 55% higher cost to the honest law-abiding employer. Add health insurance, which is $77.86 a week. And 1 week vacation and 5 holidays averages out to $35.00 a week. The total cost a legitimate employer would be paying to equal that $500 net pay a week now adds up to $889.43. This represents a 78% higher cost to the honest law-abiding employer. The Federal Government loses $83.63 in Federal withholding when employers pay ``off the books.'' However, in view of the fact that current Federal accounting standards comingle Social Security & Medicare contributions into the Federal budget (not into a separate trust fund) we must add the $51.26 employee contribution plus the $51.26 employer contribution, totaling $102.52 for the total Social Security & Medicare contribution. Add $83.63 plus $102.52 and the total cost to the Federal Government becomes $186.15--37% of the $500 net pay a law-abiding worker would receive. Please note unemployment and workers compensation rates are variable. Low rates were used, and Federal unemployment contributions were not included. Also note that only 1 week vacation and 5 holidays create a very low comparison. The actual cost to a legitimate employer would probably be higher. Due to the unscrupulous employers that hire illegal aliens I do not know if Stylecraft Interiors can continue to survive. Illegal immigration lowers my wage and that of my employees too. The legal immigrants in my shop are very aware of this. Many of my employees waited 5 to 7 years to enter our country legally. They did the right thing. They obeyed our laws, and now people who broke the law are keeping down their wages. They wonder why both our Federal and State governments refuse to enforce any laws when it comes to illegal immigrants. They ask me why people who did not wait their turn are being rewarded. Conclusion Without employment or the hope of employment, illegal aliens would not be tempted to enter our country in violation of our immigration laws. Employers need to be actively penalized for hiring illegal workers, and legal immigrant workers need to believe that all employers respect our laws. I honestly believe that there are a growing number of businesses that hire illegal aliens. If there is no enforcement, that number will grow and grow and grow. The Federal Government can't allow a criminal minority of employers to profit from illegal labor practices, because it undermines the founding principles of this country. As an employer, I am pleased to know that the Social Security Administration is finally cracking down on workplace fraud. When employers ignore immigration laws it tends to lead to other laws being broken, such as Social Security fraud, workers compensation fraud, and income tax fraud. Because of the lax enforcement from all other agencies of the government, honest employers are being punished. Lax enforcement of immigration and labor laws penalizes all those employers that comply with Federal and State laws. Our company obeys the law and we refuse to hire illegal aliens. If my competitors are allowed to break the law, and hire low-wage illegal immigrant workers, they gain an unfair and illegal advantage over my company. My competitors will undercut my prices, and take away my business and could possibly cause me to be put out of business. Chairman GEKAS. Thank you. We turn to the final witness, Mr. Hoofnagle. STATEMENT OF CHRIS JAY HOOFNAGLE, LEGISLATIVE COUNSEL, ELECTRONIC PRIVACY INFORMATION CENTER Mr. HOOFNAGLE. Good afternoon. Mr. Chairman and Members of the Subcommittee, my name is Chris Hoofnagle, and I am Legislative Counsel with the Electronic Privacy Information Center (EPIC). The EPIC is a not-for-profit research center that focuses on privacy and civil liberties. Since our founding in 1994, we have been extensively involved in the privacy of the Social Security number. Most recently, we submitted an amicus brief in Remsburg v. Docusearch, the Amy Boyer case. As many of you probably remember, in that case, a young woman was stalked and killed based on information provided by a commercial Social Security number lookup company. We believe that good privacy can make good security, and that in this area, we need to protect the Social Security number so that criminals and terrorists do not use it to attack us and our country. The Social Security number plays an unparalleled role in the identification, authentication, and tracking of all Americans. Identity thieves know the value of a Social Security number, and that is why we believe that limiting the collection and the use of the Social Security number is critical to stemming the growing tide of identity theft. My colleagues on this panel have outlined the extreme harm that identity theft causes. According the Privacy Rights Clearinghouse, somewhere between 500,000 and 700,000 Americans are victimized by this crime every year. Victims often do not discover the crime has occurred until many months after their identity has been stolen. They spend many hours of their time and substantial sums of their money to fix their credit report and to expunge criminal records that might have been created in their name. Since September 11, 2001, there has been a renewed focus on this crime, as identity theft could be used both to raise funds for and to actually commit acts of incredible destruction. The majority of identity thieves still use low-tech methods to acquire our personal data. While there are general fears of transmitting credit card numbers and other personal information over the Internet, the biggest risk from identity theft still comes from criminals who steals our mail or sorts through our trash in order to get our personal identifiers. Other low-tech methods to steal identifiers are also common. Employees of businesses that collect the Social Security numbers are in a unique position to obtain many personal identifiers. In my written testimony, I cite to a recent case involving a branch of Bally's Health Spa in Cambridge, Massachusetts. There an employee was caught stealing Social Security numbers to open bank accounts, possibly for the commission of terrorism. The Bally's case raises an important point about private sector use of the Social Security number. In most cases, it is wholly unnecessary for a business to even collect the Social Security number. Collecting the Social Security number creates risk for the individual. Businesses should be encouraged to use alternative identifiers. Discouraging the use of the Social Security number should be a primary concern of Congress, especially when one considers how the business community uses the identifier. Some businesses use the Social Security number to identify individuals while other businesses use it as a password. This means that the Social Security number is used widely as both an identifier and as an authenticator. From a security perspective, this doesn't make sense. It is the equivalent of using the same user name and password to access your e-mail, for instance, but identity theft risks are not only created by bad business practices. Public records are increasingly playing an increasing role identity theft. As Americans have more interaction with our growing government, we leave trails of our activities in the form of public records. Court case files, marriage license, and other public records are creating a trail of our personal identifiers from cradle to grave. It is important that Congress act now to remove the Social Security number from public records. Two States, California and Georgia, have both recently enacted common-sense Social Security number legislation that will likely stem the tide of some identity theft. In California, Senate bill 168 was signed into law last year. The bill prohibits public posting of the Social Security number. It also prohibits the printing of the Social Security number on an identity card. Most importantly, it prevents the mailing of an invoice or a bill to a consumer with an Social Security number on it. In Georgia, Senate bill 475 now requires businesses to safely dispose of documents that might contain personal identifiers on it. They have to shred records, or they have to actually erase computer hard drives. Despite these significant steps forward, we still lack comprehensive protections. We believe that H.R. 2036, the Social Security Number Privacy and Identity Theft Protection Act of 2001, which enjoys strong bipartisan support, would create a framework of protection to reduce identity theft and to protect privacy. With that, let me conclude my remarks, as I have run out of time. Thank you. [The prepared statement of Mr. Hoofnagle follows:] Statement of Chris Jay Hoofnagle, Legislative Counsel, Electronic Privacy Information Center My name is Chris Hoofnagle and I am legislative counsel with the Electronic Privacy Information Center (EPIC), a not-for-profit research organization based in Washington, D.C. Founded in 1994, EPIC has participated in cases involving the privacy of the Social Security number (SSN) before Federal courts and, most recently, before the Supreme Court of New Hampshire.\1\ EPIC has also taken a leading role in campaigns against the use of globally unique identifiers (GUIDs) involving the Intel Processor Serial Number and the Microsoft Corporation's Passport identification and authentication system. --------------------------------------------------------------------------- \1\ Estate of Helen Remsburg v. Docusearch, Inc., et al, C-00-211-B (N.H. 2002). In Remsburg, the ``Amy Boyer'' case, Liam Youens was able to locate and eventually murder Amy Boyer through hiring private investigators who tracked her by her date of birth, Social Security number, and by pretexting. EPIC maintains information about the Amy Boyer case online at http://www.epic.org/privacy/boyer/. --------------------------------------------------------------------------- I appreciate the opportunity to testify this afternoon. I will briefly summarize identity theft developments, review historical and recent attempts to regulate the use of the SSN, and make recommendations.\2\ --------------------------------------------------------------------------- \2\ EPIC maintains an archive of information about the SSN online at http://www.epic.org/ privacy/ssn/. --------------------------------------------------------------------------- The states have taken effective, common sense steps to reduce private and public-sector reliance on use of the SSN. Congress should take action now to implement these protections on a national level. Long-term approaches to the problem of privacy and identity theft need a comprehensive legislative framework of protections for individuals. Accordingly, it will be necessary for Congress to pass legislation limiting the collection and use of the SSN to mitigate risks of identity theft and the risk that terrorists will use credit or identity fraud to harm the Nation. H.R. 2036, the Social Security Number Privacy and Identity Theft Protection Act of 2001, which enjoys bipartisan support, would establish much of the framework needed to address these risks. I. The Problem of Identity Theft is Far Reaching Identity theft accounts for over 80 percent of Social Security number misuses reported to the Social Security Administration.\3\ The cost of identity theft is expected to reach eight billion dollars by the year 2005.\4\ However, this represents one tenth of a percent of the credit industry's income and only a small fraction of the amount of loss due to fraud and stolen credit cards. The average loss to the financial industry is $17,000 per identity loss, but the loss to the victim is potentially much greater, especially because most victims do not discover the crime until many months after its occurrence.\5\ --------------------------------------------------------------------------- \3\ Analysis of Social Security Number Misuse Allegations Made to the Social Security Administration's Fraud Hotline, Management Advisory Report, SSA (Aug. 1999). \4\ Identity Theft Complaint Data, Identity Theft Data Clearinghouse, Federal Trade Commission (2001). \5\ Statewide Grand Jury Report: Identity Theft in Florida, Case No. SC 01-1095 (Jan. 10, 2002). --------------------------------------------------------------------------- Most victims of identity theft face significant credit bills and the destruction of their credit history. The immediate consequence could be the loss of securing a job or purchasing a home, or worse.\6\ Other victims face arrest for crimes that an impersonator has committed in their name. If the arrest occurs, it may be impossible to expunge the criminal record. Identity theft has been used to obtain employment, drivers' licenses, receive government benefits, and evade criminal prosecution. Identity theft indirectly affects everyone because it causes interest rates to increase to cover the industry's losses. --------------------------------------------------------------------------- \6\ Id. --------------------------------------------------------------------------- Identity thieves have proven themselves to be crafty criminals. Earlier this year, Experian, one of the principal credit reporting agencies, experienced an unprecedented breach of security involving individuals' personal information. In that case, identity thieves posed as Ford Motor Credit employees to gain access to almost 13,000 credit files of wealthy individuals.\7\ In another case this year, identity thieves used stolen SSNs to engage in a series of fraudulent sales designed to strip equity from elderly homeowners in the Detroit area.\8\ --------------------------------------------------------------------------- \7\ Security: Hackers pose as Ford Motor Credit workers to take confidential data about wealthy individuals, Los Angeles Times, May 17, 2002. \8\ Thieves Steal Homeowners' Identities and Their Equity, New York Times, May 28, 2002. --------------------------------------------------------------------------- But criminals do not necessarily have to be resourceful to obtain credit or identification in another person's name. The problem of identity theft has been exacerbated by the financial service industry's hunger to issue credit. Aggressive marketing of credit, including unsolicited direct mail credit advertising, gives ``dumpster divers'' and people with access to mailboxes opportunity to obtain credit in another's name. Since September 11, 2001, public attention has also focused on how identity theft can facilitate terrorism or raise funds for terrorist activities. For instance, a terrorist suspect reportedly connected to the Al Qaeda network was recently charged with selling the SSNs of twenty-one people who were members of the Bally's Health Club in Cambridge, Massachusetts. The SSNs were sold in order to create false passports and credit lines for bank accounts.\9\ The situation could be avoided by not collecting the SSN and by issuing health club members alternative identifiers. If the SSN was collected in order to run a credit check, the health club could have purged the SSN after the check was complete. --------------------------------------------------------------------------- \9\ Robert Ellis Smith, Privacy Protects Against Terror, Privacy Journal, Mar. 2002. --------------------------------------------------------------------------- Several times this year, news reports have been published outlining theft of blank identity cards, equipment, and personal information.\10\ Most recently, burglars entered a Colorado DMV office, and stole all the equipment and information necessary to manufacture identity cards that include a biometric identifier.\11\ It is clear that the burglars involved are sophisticated criminals who disabled alarms and performed two different break-ins in one week. It is unclear how the criminals will use the identification cards and equipment. --------------------------------------------------------------------------- \10\ A series of these reports are online at http://www.aamva.org/ weekinreview/branchtheftnotices.asp. \11\ A major identity crisis: Info stolen from motor vehicles offices has residents worried, Rocky Mountain News, August 20, 2002, at http://www.rockymountainnews.com/drmn/state/article/ 0,1299,DRMN__21__1336085,00.html. --------------------------------------------------------------------------- II. LCongress and the Courts Have Regulated the Collection and Use of the SSN The Social Security number (SSN) was created in 1936 as a nine- digit account number assigned by the Secretary of Health and Human Services for the purpose of administering the Social Security laws. SSNs were first intended for use exclusively by the Federal Government as a means of tracking earnings to determine the amount of Social Security taxes to credit to each worker's account. Over time, however, SSNs were permitted to be used for purposes unrelated to the administration of the Social Security system. For example, in 1961 Congress authorized the Internal Revenue Service to use SSNs as taxpayer identification numbers. A major government report on privacy in 1973 outlined many of the risks with the use and misuse of the Social Security number. Although the term ``identify theft'' was not yet in use, Records Computers and the Rights of Citizens described the risks of a ``Standard Universal Identifier,'' how the number was promoting invasive profiling, and that many of the uses were clearly inconsistent with the original purpose of the 1936 Act. The report recommended several limitations on the use of the SSN and specifically said that legislation should be adopted ``prohibiting use of an SSN, or any number represented as an SSN, for promotional or commercial purposes.'' \12\ --------------------------------------------------------------------------- \12\ Department of Health, Education, and Welfare, Records, Computers, and the Rights of Citizens 108-35 (MIT 1973) (Social Security Number as a Standard Universal Identifier and Recommendations Regarding Use of Social Security Number). --------------------------------------------------------------------------- In response to growing risks over the accumulation of massive amounts of personal information and the recommendations contained in the 1973 report, Congress passed the Privacy Act of 1974.\13\ Among other things, this Act makes it unlawful for a governmental agency to deny a right, benefit, or privilege merely because the individual refuses to disclose his SSN. This is a critical principle to keep in mind today because consumers in the commercial sphere often face the choice of giving up their privacy, their SSN, to obtain a service or product. The drafters of the 1974 law tried to prevent citizens from facing such unfair choices, particularly in the context of government services. But there is no reason that this principle could not apply equally to the private sector, and that was clearly the intent of the authors of the 1973 report. --------------------------------------------------------------------------- \13\ 5 U.S.C. 552a. Marc Rotenberg, Privacy Law Sourcebook: United States Law, International Law, and Recent Developments (EPIC 2001). --------------------------------------------------------------------------- Section 7 of the Privacy Act further provides that any agency requesting an individual to disclose his SSN must ``inform that individual whether that disclosure is mandatory or voluntary, by what statutory authority such number is solicited, and what uses will be made of it.'' At the time of its enactment, Congress recognized the dangers of widespread use of SSNs as universal identifiers. In its report supporting the adoption of this provision, the Senate Committee stated that the widespread use of SSNs as universal identifiers in the public and private sectors is ``one of the most serious manifestations of privacy concerns in the Nation.'' Short of prohibiting the use of the SSN outright, the provision in the Privacy Act attempts to limit the use of the number to only those purposes where there is clear legal authority to collect the SSN. It was hoped that citizens, fully informed where the disclosure was not required by law and facing no loss of opportunity in failing to provide the SSN, would be unlikely to provide an SSN and institutions would not pursue the SSN as a form of identification. It is certainly true that the use of the SSN has expanded significantly since the provision was adopted in 1974. This is particularly clear in the financial services sector. In an effort to learn and share financial information about Americans, companies trading in financial information are the largest private-sector users of SSNs, and it is these companies that are among the strongest opponents of SSN restrictions. For example, credit bureaus maintain over 400 million files, with information on almost ninety percent of the American adult population. These credit bureau records are keyed to the individual SSN. Such information is freely sold and traded, virtually without legal limitations. Outside the financial services sector, many companies require the SSN instead of assigning an alternative identifier. These requirements appear in a myriad of commercial interchanges, many of which absolutely do not require the SSN. For instance, Golden Tee, a popular golf video game, requires players to enter their SSN in order to engage in ``tournament play.'' \14\ The company could assign its own identifier for players, but instead relies upon the SSN, which puts players at risk by requiring them to further circulate personal information. --------------------------------------------------------------------------- \14\ Official ITS Rules, at http://www.itsgames.com/ITS/ its__rules.htm. --------------------------------------------------------------------------- It is critical to understand that the legal protection to limit the collection and use of the SSN is still present in the Privacy Act and can be found also in recent court decisions that recognize that there is a constitutional basis to limit the collection and use of the SSN. When a Federal Appeals court was asked to consider whether the State of Virginia could compel a voter to disclose an SSN that would subsequently be published in the public voting rolls, the Court noted the growing concern about the use and misuse of the SSN, particularly with regard to financial services.\15\ The Fourth Circuit said: --------------------------------------------------------------------------- \15\ Greidinger v. Davis, 988 F.2d 1344 (4th Cir. 1993) and brief amicus curiae for CPSR (Marc Rotenberg and David Sobel) (SSN requirement for voter registration) (lead case on privacy of Social Security number). LSince the passage of the Privacy Act, an individual's concern over his SSN's confidentiality and misuse has become significantly more compelling. For example, armed with one's SSN, an unscrupulous individual could obtain a person's welfare benefits or Social Security benefits, order new checks at a new address on that person's checking account, obtain credit cards, or even obtain the person's paycheck. . . . Succinctly stated, the harm that can be inflicted from the disclosure of a SSN to an unscrupulous individual is alarming and potentially financially ruinous.\16\ --------------------------------------------------------------------------- \16\ Id. --------------------------------------------------------------------------- The Court said that: LThe statutes at issue compel a would-be voter in Virginia to consent to the possibility of a profound invasion of privacy when exercising the fundamental right to vote. As illustrated by the examples of the potential harm that the dissemination of an individual's SSN can inflict, Greidinger's decision not to provide his SSN is eminently reasonable. In other words, Greidinger's fundamental right to vote is substantially burdened to the extent the statutes at issue permit the public disclosure of his SSN.\17\ --------------------------------------------------------------------------- \17\ Id. The Court concluded that to the extent the Virginia voting laws, ``permit the public disclosure of Greidinger's SSN as a condition of his right to vote, it creates an intolerable burden on that right as protected by the First and Fourteenth Amendments.'' \18\ --------------------------------------------------------------------------- \18\ Id. --------------------------------------------------------------------------- In a second case, testing whether a state could be required to disclose the SSNs of state employees under a state open record law where there was a strong presumption in favor of disclosure, the Ohio Supreme Court held that there were privacy limitations in the Federal Constitution that weighed against disclosure of the SSN.\19\ The court concluded that: --------------------------------------------------------------------------- \19\ Beacon Journal v. City of Akron, 70 Ohio St. 3d 605 (Ohio 1994) and brief amicus curiae for CPSR (Marc Rotenberg and David Sobel) (SSN disclosure of city employees). LWe find today that the high potential for fraud and victimization caused by the unchecked release of city employee SSNs outweighs the minimal information about governmental processes gained through the release of the SSNs. Our holding is not intended to interfere with meritorious investigations conducted by the press, but instead is intended to preserve one of the fundamental principles of American constitutional law-- ours is a government of limited power. We conclude that the United States Constitution forbids disclosure under the circumstances of this case. Therefore, reconciling Federal constitutional law with Ohio's Public Records Act, we conclude that [the provision] does not mandate that the city of Akron discloses the SSNs of all of its employees upon demand.\20\ --------------------------------------------------------------------------- \20\ Id. In an important recent case from the U.S. Court of Appeals for the D.C. Circuit, a Court upheld the Federal Trade Commission's determination that SSNs are nonpublic personal information under the Gramm-Leach-Bliley Act.\21\ The Court rejected First and Fifth Amendment challenges to regulations that restricted the use of the SSN without giving the individual notice and opportunity to opt-out. Additionally, the Court upheld regulations that prohibited the reuse of SSNs that are furnished to credit reporting agencies.\22\ --------------------------------------------------------------------------- \21\ Trans Union L.L.C. v. Fed. Trade Comm'n, No. 01-5202, 2002 U.S. App. LEXIS 14321 (D.C. Cir. July 16, 2002), at http:// pacer.cadc.uscourts.gov/common/opinions/200207/01-5202a.txt. \22\ Id. In another recent case, the D.C. Circuit rejected a First Amendment challenge to the use of credit reports for marketing purposes. Trans Union v. FTC, No. 00-1141 (D.C. Cir. 2001), cert. denied, 536 U.S. ________ (2002). --------------------------------------------------------------------------- While it is true that many companies and government agencies today use the Social Security number indiscriminately as a form of identification and authentication, it is also clear from the 1936 Act, the 1974 Privacy Act, and these three cases--Greidinger v. Davis, Beacon Journal v. City of Akron, and Trans Union v. FTC--that there is plenty of legislative and judicial support for limitations on the collection and use of the SSN. The question is therefore squarely presented whether the Congress will at this point in time follow in this tradition, respond to growing public concern, and establish the safeguards that are necessary to ensure that the problems associated with the use of the SSN do not increase. III. States Have Acted to Address Privacy and Identity Theft California and Georgia have both recently enacted legislation that will increase protections against identity theft. Recognizing that most identity theft occurs when malicious actors steal personal identifiers from invoices and solicitations from mail or waste bins, California and Georgia have enacted legislation to limit the reproduction of the SSN in the private sector. Both states have incorporated common sense protections that could be adopted at the Federal level to reduce identity theft. In California, Senate Bill 168 was signed into law in October 2001.\23\ The bill gives individuals the ability to request that a ``security alert'' be placed on their credit record via a toll-free phone number. The bill also enables Californians to request a ``security freeze'' that prevents credit agencies from releasing personal information from an individual's credit report. The bill places important restrictions on use of the SSN--public posting of a SSN and printing the SSN on an identity card or document used to obtain a product or service is prohibited. Businesses that use the SSN to identify customers, such as utility companies, will no longer be permitted to print the SSN on invoices or bills sent through the mail. --------------------------------------------------------------------------- \23\ California Senate Bill 168, at http://info.sen.ca.gov/pub/ bill/sen/sb__0151-0200/sb__168__bill__20010914__enrolled.html. --------------------------------------------------------------------------- In Georgia, businesses are now required to safely dispose of records that contain personal identifiers.\24\ Business records-- including data stored on computer hard drives--must be shredded or in the case of electronic records, completely wiped clean where they contain SSNs, driver's license numbers, dates of birth, medical information, account balances, or credit limit information. The Georgia law carries penalties up to $10,000. --------------------------------------------------------------------------- \24\ Georgia Senate Bill 475, at http://www.legis.state.ga.us/ Legis/2001__02/fulltext/sb475.htm; New law takes effect to fight identity theft; Businesses face fines of up to $10,000 for not protecting data, Atlanta Journal-Constitution, July 4, 2002. --------------------------------------------------------------------------- IV. LH.R. 2036, The Social Security Number Privacy and Identity Theft Protection Act of 2001, Is a Good Proposal The Social Security Number Privacy and Identity Theft Protection Act of 2001, sponsored by Chairman Shaw, contains a comprehensive set of rights to protect individuals from identity theft. As of this writing, the bill enjoys the bipartisan support of 77 Representatives. Title I establishes important protections against public-sector sale or display of SSNs. We commend the Chairman for including language in the Act that would stem the unnecessary publication of the SSN. These provisions will prohibit the display of the SSN on checks and government-issued employment cards. We also commend the Chairman for including a prohibition on disclosure of the SSN to inmates. Perhaps most importantly, the language sweeps broadly enough to prohibit the display of SSNs in public records. Increasingly, public records are a source for the collection of personal identifiers that then can be reused for any purpose. It is important now more than ever to limit the appearance of SSNs in publicly-available case files and other public records, such as marriage licenses. Title II places needed restrictions on private sector sale of the SSN. I believe it especially important that Section 202 of the bill prohibits ``coercive disclosure''--the practice of denying a product or service when an individual refuses to give a SSN. Additionally, Section 203 would place the SSN ``below the line'' on credit reports. This is an important and much needed protection that would stem unregulated trafficking in SSNs. Title II, however, suffers a weakness that needs attention: the rulemaking authority of the Department of Justice must be guided by the principle that the private sector should minimize the use of SSNs. This could be accomplished by adding another factor to the balancing test in Section 201(c) that requires the Department of Justice to consider whether an alternate identifier could be used in place of the SSN. In many circumstances, private entities could use an alternate identifier, and reduce privacy risk to individuals by stemming the circulation of the SSN. Title III creates a framework of accountability of civil and criminal penalties for misuse of the SSN. We recommend that this provision be expanded to include a private right of action for the misuse of SSNs that provides for actual, liquidated, and punitive damages and that provides for the awarding of attorneys fees and costs to a plaintiff who has substantially prevailed in litigation. Additionally, provisions allowing attorneys general to enforce these protections should also be included. In recent years, state attorneys general have zealously pursued privacy violators; the application of their resources to identity theft prevention and privacy protection should be expressly encouraged. I believe it is important that individuals do not assume civil or criminal liability for inadvertent disclosure of a false SSN, or for intentional disclosure of a false SSN when the individual is attempting to protect her privacy. Individuals often provide false information to businesses when attempting to protect their privacy. Section 302 would prohibit this form of ``privacy self-defense.'' That section prohibits the false representation of one's Social Security number to any individual. We recommend that this section be amended to only prohibit individuals from falsifying a SSN when there is intent to commit fraud or a crime. V. Conclusion Without a framework of restrictions on the collection and use of the SSN and other personal identifiers, identity theft will continue to increase, endangering individuals' privacy and perhaps the security of the Nation. The best legislative strategy is one that discourages the collection and dissemination of the SSN and that encourages organizations to develop alternative systems of record identification and verification. It is particularly important that such legislation not force consumers to make unfair or unreasonable choices that essentially require trading the privacy interest in the SSN for some benefit or opportunity. It is important to emphasize the unique status of the SSN in the world of privacy. There is no other form of individual identification that plays a more significant role in record-linkage and no other form of personal identification that poses a greater risk to personal privacy. Given the unique status of the SSN, its entirely inappropriate use as a national identifier for which it is also inherently unsuitable, and the clear history in Federal statute and case law supporting restrictions, it is fully appropriate for Congress to pass legislation. I am grateful for the opportunity to testify this afternoon and would be pleased to answer your questions. Chairman GEKAS. I think we all have. [Laughter.] Chairman GEKAS. The Chair, in consultation with the Co- Chair here, we have decided that we will pose whatever questions we can with the remaining Members, and then ask the panel to acquiesce to written interrogatories that we my submit to them pertinent to their testimony. Very quickly, I would like to ask Mr. Reindl if he believes that there is more to this than the failure of the INS to crack down on illegal aliens. Is the Social Security Administration also at fault, in your view? Mr. REINDL. I think it is good that they are putting out those letters and putting people on notice if there is a mismatch. So, in a way, it is kind of helping the illegal immigration situation. So it is beneficial. Chairman GEKAS. It is beneficial that the Social Security Administration is using that procedure. Mr. REINDL. Right, with the INS. I think so. Chairman GEKAS. The sharing the information. Mr. REINDL. The sharing information is good, yes. Chairman GEKAS. The first three witnesses, I would like to ask this question, having to do with the tamper-resistant passport, which was mentioned, and also the fact that the passport is the universal key to entry into the United States. I remember an incident--in fact, we were briefed on it-- where, in Afghanistan, our personnel found in a cave many, many different passports fraudulently produced that could have ostensibly been used for the passkey to the United States. How would we have stopped the use of such a passport, if it were expertly, fraudulently produced? Would that have allowed a terrorist to come in and do his worst? Ms. PHILLIPS. Well, I can say that, for instance, my office has created a database of blank foreign travel documents that are reported missing, so that they cannot be used. We share this information with INS. In fact, we put them out in the form of intelligence alerts that goes to a number of Federal agencies and State law enforcement offices, even to the military. We also train our personnel to detect counterfeit or altered passports that people are presenting in the course of a visa application. Chairman GEKAS. So, you are saying that the routine conduct of checking the passport would probably yield the fact that this was fraudulently produced? Ms. PHILLIPS. Most of the foreign passports that are altered are something that we can train people to detect. Chairman GEKAS. Do you have any comment on that? Mr. BOND. From the Secret Service's perspective, we have noticed in the cases where we are working identity theft, where we seize an electronic piece of equipment--be it a computer, Palm Pilot, whatever; in most cases, computers--that they will have all different kinds of identities on those computers that are being counterfeited. Some of the identity is changed or altered off of originals that are stolen, and then they use those base plates, I guess, for a passport or a driver's license or a Social Security number, to then change different numbers and identification pieces of information on that document to make it look like an original document. So, we are training our investigators in the field to take a close look at computers when they are seized. It is a partnership with law enforcement, be it at the State level, the local level, or the Federal level, to ensure that we are getting those guys that are in the process of making identification out there. Chairman GEKAS. From the FBI, how would you assess this batch of passports found in a cave? Mr. ASHLEY. Well, they do present a risk, obviously. It is another means for somebody to try and get into our country. We are fortunate with our joint task forces that there is presence of INS and State Department on many of them. In my previous experience, before I reported earlier this year, I was assigned to Las Vegas as the agent in charge. We had some issues, and the State Department personnel were very helpful in resolving those on the scene. So, I think that while it is a problem, the agencies are working well together. Chairman GEKAS. I begin to get the theme of what we are all hoping will be the case, a complete sharing of information, and helping one another find the culprit and produce investigations and convictions and expulsions, and so forth. I yield back the balance of my time. Chairman SHAW. [Presiding.] Mr. Chairman, I would yield, since we have only about 2 minutes before we are going to have to go over the Capitol in order to cast our votes. Are there any Members who wish for me to yield to them? Mr. Hayworth? Mr. HAYWORTH. Thank you, Mr. Chairman. Ms. Phillips, hearing the testimony of the Deputy Commissioner who proceeded you on panel one, I have real questions about student visas and the issuance of same. Do you have any documentation on the numbers of Iraqi students who have come into this country to study? Ms. PHILLIPS. We can tell how many visas we have issued to people who are Iraqi citizens, but we are unable to say if they have actually entered the United States or if they have entered the United States in some other manner and then gained permission from INS for student status. We could say how many people of Iraqi heritage have gotten student visas. Mr. HAYWORTH. So, again, for the student status, we would look to the Immigration and Naturalization Service? Ms. PHILLIPS. Right. Mr. HAYWORTH. Okay, I thank you. Chairman SHAW. I yield to anyone on the minority side. Mr. Becerra? Mr. BECERRA. Quick question. Thank you, Mr. Chairman. To Mr. Hoofnagle, the laws that you mentioned, the State laws in Georgia and California, since they have been implemented, can you tell us how they have worked? Any results yet? Have they worked well? Mr. HOOFNAGLE. It is still too early to tell. The California law takes effect partially in 2003, and then it will take full effect in 2005. The Georgia law took effect in July of this year, and many businesses are now coming into compliance with it. If I could use this opportunity to address Social Security number use, Representative Hayworth earlier mentioned during the previous panel that there is a problem with universities requesting Social Security numbers perhaps fraudulently. That practice could be limited. The problem we have is that many universities and other places are requiring the Social Security number as an identifier. If we can cut down on that practice, we can cut down on circulation of Social Security numbers, just how Georgia and California have. Mr. BECERRA. Good point. Thank you very much, all of you, for your testimony. Chairman SHAW. Ms. Jackson Lee? Ms. JACKSON LEE. Let me thank both Chairmen for this very important hearing, and I just want to restate something-- Chairman Shaw, I don't think you were in the room. It is that the task force is working, the combination of the State Department and I believe the FBI and others along with the INS. I want to state for the record that false passports are still being made, but the technology and the expertise is more enhanced, Mr. Chairman, inasmuch as I viewed firsthand the connection between the State Department and the INS by Chinese smugglers smuggling people into an international airport. Because of a list that was given, the passports were checked and scanned, determined to be false, and the individuals were immediately intercepted as they got off the plane. Systems are working. We just need to improve them and, as well, to be able to provide the resources necessary. Thank you, Mr. Chairman. Chairman SHAW. I want to thank this very distinguished panel. I have particularly a very long question, which I will submit in writing, regarding seaport security, which is something I am very concerned about, representing two very active deepwater ports, Port of Everglades and the Port of Palm Beach, which I will submit, together with some other questions. I want to thank you all for being here. You have added tremendously to our knowledge in trying to work through this whole situation of the fraudulent use of Social Security numbers. Both in the area of crime as well as we are finding in the area of terrorism. It is becoming a big, big problem, and it is something the Congress needs to address, and it something the administration needs to address. We will be very busy doing so for the balance of this Congress and well into next year. Thank you all very much for being here, and we are now adjourned. [Whereupon, at 2:57 p.m., the hearing was adjourned.] [Questions submitted from Chairman Shaw to the panel, and their responses follow:] U.S. Department of State Washington, DC 20502 1. Mrs. Phillips' testimony stated, ``One tool that will help our officers is online access to Social Security Administration records.'' To what degree does the Department of State's Bureau of Consular Affairs require information or other assistance from the Social Security Administration (SSA)? For example, does the Bureau of Consular Affairs currently have any automated data exchange with the SSA to facilitate confirmation of valid Social Security numbers (SSNs) and the associated identity of the person to whom the SSN was originally issued included in U.S. Passport applications? Is there information you currently need that you are not receiving or are not receiving timely from the Social Security Administration? If so, what information, and do you know the reasons for the non-receipt or the delay in receipt? What results would receiving such information or receiving such information more timely produce? The Department needs access to the Social Security Administration's (SSA) compilation of Social Security Numbers (SSNs), including year and state of issuance, and death records. The death records consist of 70 million names of individuals whose estates have filed for death benefits under their social security numbers. We could use these databases to verify that SSNs provided by passport applicants are valid and refer to the respective applicant, and were not issued to an individual who is deceased. Passport Services currently has very limited electronic verification of SSNs. Our Passport Specialists use a static table populated with SSN data, including the year and State of issuance, covering the period 1951 through 1999. The Department is working with the SSA to establish an electronic link that will give us more complete access to current SSN data and to death records. 2. Operation Tarmac has just scratched the surface of the potentially tens of thousands of illegal aliens and smaller number of U.S. citizens using false identities who hold security clearances issued by private companies under contract to municipal and government agencies. If such people represent an unacceptable risk at airports, aren't they also a risk for buildings and facilities operated by the U.S. Department of State within the United States and worldwide? What is the Department of State doing, going forward, to ``clear out'' these high-risk workers?'' Perhaps the term ``security clearances'' used in this context, is a misnomer. ``Access authorization'' may be a more fitting term. It should be noted that private companies do not issue security clearances. It is standard procedure to require all contract employees be put through a vetting process, prior to granting access to the Department's facilities. This is designed to mitigate the threat of ``high-risk'' employees in the workplace. The vetting process is similar to the one used for determining eligibility for a secret level clearance. This includes a national Agency Name Check to verify identity, conduct criminal records inquiries, and determine hiring eligibility. Upon successful completion of the vetting process, the contract employee is granted authorization to access the Department's facilities under escort by a direct-hire employee with Top Secret clearance. We note that contract employees are not permitted to escort others. Access to national security information carries further restrictions, limited on a case-by-case basis; granted only to those having a ``need to know.'' Authorization is rescinded when the employee's duties no longer require such access. Looking to the future, the Department is proceeding with a revitalized security updating program for all employees, and recently implemented a ``smart card'' identification card system to provide tighter access controls. 3. We know that identity theft is pervasive and is increasing at an exponential rate. The U.S. Passport is the only equivalent to a national identity document issued by an agency of the Federal Government. Has the State Department any initiatives under consideration to provide a ``wallet sized, tamper proof'' U.S. Passport equivalent to U.S. Passport holders who would be willing to pay for such an identity card? The Department is researching the possibility of issuing an advanced memory card to be used as a travel document that attests to U.S. citizenship and identity. Eventual implementation requires bilateral agreements with other governments willing to accept such documents. An important first step has been taken by the international community (through the International Civil Aviation Organization (ICAO)) by defining a basic ``passport card'' standard. However, we in the United States are focusing on technical capacity to produce such a document. We are not yet ready to engage in formal discussions with other governments as to acceptability. The concept of a passport card has been discussed for at least 10 years, and early models of passport cards date back to the 1960's. With recent technological advances, and advances in specifications that enable the technology to be standardized, the concept of an interoperable passport card is now closer to reality. 4. A March 2002 GAO study described a 40% increase in identity thefts reported to the Social Security hotline during a 7-month period in 2001, over the same period in 2000. Mrs. Phillips' testimony described the assistance provided by the Consular Affairs' Office of Fraud Prevention Programs to the SSA's fraud investigators. She also described assistance to the National Association of Public Health Statistics and Information Systems and Social Security Administration to automate their birth and death records. What additional resources are required from Federal Government agencies to stop the increasing levels of identity theft? First: Standardization of birth records and electronic access to state birth and death records. These are most important--the birth certificate is the primary document used to establish entitlement to U.S. citizenship and is easy to obtain. Also, access to the INS' naturalization database is a resource that would benefit us immensely. Access to this database would help our passport adjudication and identity confirmation process, prevent citizenship fraud and avoid duplication of data entry and adjudicative effort by both agencies. The Bureau of Consular Affairs has opened discussions with INS on this. Recently introduced bills in the Congress would mandate a common national format and security features for driver's licenses. The Department supports enactment of legislation to standardize U.S. driver's licenses. The driver's license is a principal form of identification that passport applicants present and is critical to our adjudication process. 5. What should Congress consider to stop the wholesale document fraud that has made it very difficult to distinguish illegal aliens from U.S. citizens and made it easy for terrorists to obtain counterfeit documents? Determining an individual's identity and citizenship, whether in the context of an application for a U.S. passport or otherwise, is certainly complicated by the lack of uniformity between local governments in the creation and maintenance of vital records, and in the issuance of drivers licenses or state ID's. Nevertheless, the Department of State believes that our passport process is quite secure and that our process serves to both deter and to detect attempts to commit citizenship fraud. Local governments should not be in the position of adjudicating an individual's citizenship. Nationality law cases can be both legally and factually complex. In a small minority of cases, even individuals born in the US may not have acquired US citizenship, or may have lost citizenship at some point in time. At present, a US passport, a Certificate of Naturalization, or a Consular report of Birth Abroad are the principal documents establishing an individual's citizenship. Because only twenty percent of US citizens have a passport, the majority of citizens never apply for any official document attesting to their citizenship. 6. It sounds like the INS has been the only agency that has actively pursued organized criminals who manufacture counterfeit Social Security cards for ``wholesale distribution.'' What programs has your agency initiated to combat the widespread use of counterfeit Social Security cards and false or stolen SSNs?'' Statutory authority limits the Department's involvement, through the Bureau of Diplomatic Security (DSS), to violations pertaining to passports and visas. Fraudulent social security cards, however, can and indeed frequently do provide a nexus. Accordingly, DSS has conducted, and continues to conduct undercover operations with a view toward dismantling organizations, and apprehending individuals engaged in the production or procurement of fraudulent documentation. Indeed, the bulk of recently implemented DSS undercover operations are being conducted with the active participation of INS, USCS, DEA, state and local law enforcement entities. Recent DSS undercover operations have been successful in closing down organizations engaged in the full-scale production of fraudulent identity packages, which included birth certificates, driver's licenses, and Social Security cards, used in application for U.S. passports. Additionally, our undercover operations successfully targeted organizations that had obtained genuine U.S. passports, which were later altered for use by individuals who were not entitled to them. Further, standard procedure calls for referring developed case information to the appropriate authority whenever DSS investigations uncover criminal activity outside of its core statutes. It should be noted that fraudulently obtained Social Security cards are often used as a means of identification, along with driver's licenses, when submitting bogus passport applications (DSP-11). In block 6 of the DSP-11, the applicant is requested to write or type his/her Social Security number. Use of a fraudulent Social Security card for identification purposes or providing a false Social Security number on the DSP-11 constitutes a violation of 42 USC 408, a 5-year felony. For this reason, DS agents in the field often conduct joint investigations with Special Agents assigned to the Social Security Administration OIG. 7. The SSA IG has emphasized the need to quickly implement the Enumeration at Entry (EAE) initiative, which will assign SSNs to certain immigrants who need one at the point they are legally admitted to the United States. Could you explain the Department of State's role in EAE? Do you think it will help prevent fraud in assigning SSNs to non-citizens? What other benefits do you think will result from EAE? SSA has been working on this initiative since 1999; what has caused the delay in implementation? What has the State Department been doing to help get this initiative under way? The Bureau of Consular Affairs welcomes the Social Security Administration's efforts to obtain immigrant visa records electronically to support its enumeration of newly arrived immigrants admitted for permanent residence. We have updated the software in our modernized immigrant visa system to accommodate Social Security's data needs. We just deployed a beta test of this system to Manila. After Manila, several other posts will also test it. This datasharing has three partners, the Bureau of Consular Affairs at State, the Immigration and Naturalization Service and Social Security. All parties are working together very closely. The initiative will reduce fraud in enumeration and encourage interagency cooperation in providing benefits to immigrants. 8. We understand that the EAE initiative will assign numbers to persons legally admitted for permanent residence. Will this initiative be expanded to persons temporarily admitted to the U.S. for work purposes (e.g. seasonal workers, au pairs, and so forth)? If not, what would you suggest to help ensure SSNs are properly assigned to these individuals in a timely manner? The Social Security Administration has contacted the Bureau of Consular Affairs about extending this initiative beyond immigrants to nonimmigrants, such as temporary workers or exchange visitors, who need Social Security numbers. The Bureau of Consular Affairs welcomes the idea and our Bureau and Social Security are planning to hold an interagency meeting, hosted by Social Security, on this topic before the end of October. 9. In light of troubling reports from law enforcement at both the Federal and State level that counterfeit birth certificates and loose local control of birth and death certificates exist, what can Congress do legislatively to tighten up such lax controls and make it more difficult to counterfeit a birth certificate? What revisions and/or new laws would provide law enforcement the necessary tools needed to stop these types of crimes? What further recommendations can you provide to Congress in this area? The Department supports implementation of the provisions of IRAIRA '96 which established the interagency Task Force, chaired by INS, to define and publish as regulations security standards for State birth certificates. The Task Force has been slow to act. The Department also supports the enactment of legislation that would mandate that only birth certificates issued by State authorities (as opposed to local authorities) are valid for Federal uses. We also believe that unrestricted public access to birth records via the Internet should be prohibited. More and more local governments across the nation are establishing websites on the Internet that permit direct, unrestricted, on-line access to actual birth records. Since the Department generally accepts certified copies of state and local U.S. birth records as primary evidence of U.S. citizenship for passport application purposes, we are very concerned about the vulnerability of vital records accessible over the Internet. Records posted to the Internet can be accessed, downloaded, altered and/or printed out by anyone with a home computer. Individuals can match their age, gender or other facts of birth and request certified copies of genuine records from the county or state. The National Association of Public Health Statistics and Information Systems (NAPHSIS), a locally based national association of State vital records and public health offices, has contracted with the Social Security Administration (SSA) to design the Electronic Verification of Vital Events system (EVVE), an online verification process. Short-term pilots began in August 2002. While we are enthusiastic about the EVVE process, we recognize that this is a long- term project involving non-government organizations and the fifty states, each of which has different rules as to document availability, systems development and funding. We anticipate that the project could take 10 or more years to complete, but we believe that the project could be expedited through increased Federal Government emphasis on the initiative. 10. Terrorists exploited the weak procedures for document issuance of several States to obtain valid, but improperly issued, identity cards, which allowed them to engage in their terrorist activities on September 11, 2001. Virginia has made reforms to drivers' license procedures since then. Mrs. Phillips' testimony suggests it is still a problem in many States. How do we get other States to reform their practices to make it more difficult for terrorists to get State issued identification? Recent bills introduced in the Congress would mandate a common national format and security features for driver's licenses. The Department supports enactment of legislation to standardize U.S. driver's licenses. The driver's license is a principal form of identification that passport applicants present and is critical to our adjudication process. The American Association of Motor Vehicle Administrators (AAMVA) is a voluntary, non-profit, tax exempt, educational organization. AAMVA represents the state and provincial driver license and law enforcement officials in the United States and Canada, who are responsible for administration and enforcement of laws pertaining to the motor vehicle and its use, including licensing. AAMVA encourages uniformity and reciprocity among the States and provinces, and liaison with other levels of government and the private sector. The States are generally willing to accept standardization and AAMVA is developing uniform standards, but we believe that implementation of a common national format for U.S. driver's licenses could be expedited through a Federal mandate. 11. Federal law enforcement has informed the Congress and the public of a continuing threat from terrorists using false identities. The practices of some Federal agencies and many State agencies have made it relatively easy to obtain valid identity documents using counterfeit source documents. Should there be Federal laws setting minimum standards for confirming identity before issuing identity documents to reduce this vulnerability? The Federal law defining a passport states that it is a document showing the bearer's origin, identity and nationality. The Department may not issue a passport until it is satisfied with an applicant's identity. See 8 USC 1101 (a) (30) and the supporting passport regulations, 22 CFR, Part 51. We believe at this point that the present broad cooperation among the states and Federal agencies creates the right environment for achieving the national goal of secure basic identity documents. 12. Mrs. Phillip's testimony indicated that on-line access to Social Security records will enable your agency to compare documents submitted against official data bases, and will improve the accuracy and integrity of the citizenship and identity confirmation processes. She also said that your Agency has done preliminary work with SSA and State Vital Statistics Offices toward this goal. Can you describe specifically what work has been done? Will this goal be achieved? What is your timeframe? The Department has discussed with the Social Security Administration (SSA), the feasibility of establishing a data link that would provide the Department with access to current SSN data and death records. Both agencies have identified the fields that are available that might be used in the data exchange process to confirm identities. The next step will be to determine the feasibility of establishing a communications network between the two organizations. Systems groups from both organizations would need to be heavily involved in the development process to ensure that the final goal is achieved. Until the data link can be established, passport specialists continue to have access to static SSN reference tables that assist in determining that SSN data provided by passport applicants is accurate. In addition, the Department recently upgraded its Photodig Travel Document Issuance System to include a new Social Security matrix that provides information that can be used to validate a Social Security number and the state and date of birth provided by the applicant. The Department has held discussions with SSA and NAPHSIS regarding getting access to EVVE database that is currently being designed and tested to bring all State-level records of births and deaths together. Access to this database will enhance the integrity of the passport issuance process by significantly inhibiting the use of false or misappropriated supporting documents. This is a long-term project that could take 10 or more years to complete, but we believe that the project could be expedited through increased Federal Government emphasis on the initiative. U.S. Secret Service Washington, DC 20223 October 31, 2002 The Honorable Clay Shaw Chairman Subcommittee on Social Security House Committee on Ways and Means U.S. House of Representatives Washington, D.C. 20515 Dear Mr. Chairman: I am writing to respond to a series of questions the Subcommittee has submitted for the record, pursuant to my testimony before the House Ways and Means Subcommittee on Social Security and the House Judiciary Subcommittee on Immigration on September 19, 2002. The subject of the hearing was ``Preserving the Integrity of Social Security Numbers and Preventing Their Misuse by Terrorists and Identity Thieves''. I hope the information below is useful to the Subcommittee as it further examines this important issue. 1. Sheik Mohamed Abdirahman Kariye is currently being held without bail in Portland, Oregon under charges that include false information while applying for and receiving three different Social Security cards between 1983 and 1995. Does the Secret Service request information from the Social Security Administration that would identify people who have received multiple Social Security numbers and/or who have requested/ received multiple Social Security cards? Answer: The Secret Service requests information from the Social Security Administration when there is a specific investigative need in a case involving a Secret Service core violation. Does the Secret Service utilize ``data mining'' techniques to identify investigative leads for professional identity thieves and terrorists? Answer: As part of our efforts to investigate identity theft and other financial crimes, the Secret Service does apply such techniques to data our agency receives from other sources. Is there information you currently need that you are not receiving or are not receiving in a timely manner from the Social Security Administration? Answer: No. The Secret Service consistently receives sufficient information in a timely manner from the Social Security Administration. 2. Operation Tarmac has just scratched the surface of the potentially tens of thousands of illegal aliens and smaller numbers of U.S. citizens using false identities who hold security clearances issued by private companies under contract to municipal and government agencies. The Secret Service is an important security element for Federal Government buildings and for key government officials. Has the Secret Service sought the assistance from Immigration and Naturalization Service (INS) and/or the Social Security Office of the Inspector General to initiate similar reviews of security clearance documents for contract employees with access to Federal buildings? If not, why? Answer: The Secret Service is responsible for the security of the White House Complex--which includes the White House itself, the Eisenhower Executive Office Building and the Department of the Treasury--and the Naval Observatory, which serves as the residence of the Vice President. The Secret Service follows a number of well- established procedures to ensure that only appropriate individuals have access to those buildings and sites under our control. If people who have obtained security clearances using false identity documents represent an unacceptable risk at airports, aren't they also a risk for subway systems, railroads, Federal Government offices, hazardous material sites, and government weapons laboratories and nuclear power plants? Answer: Individuals who obtain security clearances by any type of deception are always of concern, especially when such individuals access sensitive venues. However, security clearances are typically provided by the government agency with oversight authority for a specific location. The Secret Service has no jurisdiction to implement security programs at subway systems, railroads, most Federal Government offices, hazardous material sites, weapons laboratories and nuclear plants. Doesn't the Secret Service have a responsibility to initiate actions to ``clear out'' these high risk workers? Answer: The Secret Service does not have statutory authority to initiate investigations of ``high risk'' workers other than those employees or contractors who may be working at Federal buildings secured by the Secret Service. 3. We know that identity theft is pervasive and is increasing at an exponential rate. In your testimony, you noted that the Administration strongly supports the provisions of S. 2541, the ``Identity Theft Enhancement Act of 2002'' introduced in the Senate. Will the increased penalties for identity thieves proposed in the bill be sufficient to curb this kind of crime? Answer: The Secret Service strongly supports the enhanced penalties set forth in S. 2541. These increased penalties will not only provide the appropriate level of punishment, but also serve as an effective deterrent for those considering engaging in this form of fraud. Are there other changes in law you would recommend? Answer: The Secret Service supports any initiatives that will make identity theft more difficult and our personal information more secure. Specifically, we note that while section 1028 of Title 18 criminalizes the use of another individual's information to commit a crime, it does not address the sale of personal data. Currently, there are no Federal criminal statutes to address such sales by brokers who are often found in computer ``chat rooms'' and other similar forums. 4. What do you see as the next frontier for identity thieves, as far as emerging sources of personal information? What changes in current law could be made to cut off new avenues of information that identity thieves would use? Answer: The continued growth of the Internet, e-commerce, and the increased connectivity between individuals, businesses, and government will only increase the availability of personal information. We should expect that as technology continues to evolve, so will its criminal abuses. In order to preserve the security of confidential personal information, there must be incentives for private industry to take steps necessary to safeguard it. 5. A March, 2002 GAO study described a 40% increase in identity thefts reported to the Social Security hotline during a 7-month period in 2001, over the same period in 2000. Should we expect a continuation of this rate increase? Answer: The number of cases reported is likely to continue to increase as the public becomes better educated about identity theft, and greater efforts are made to statistically document the various forms of identity theft. 6. What should Congress consider to stop wholesale document fraud that has made it very difficult to distinguish illegal aliens from U.S. citizens and made it easy for terrorists to obtain counterfeit documents? Answer: The issue of counterfeit documents, particularly ``breeder'' documents such as drivers' licenses and birth certificates, has been a growing problem within the United States. Of particular concern is the dependency of terrorist organizations on counterfeit documents, particularly travel-related documents, which are used to facilitate unimpeded travel between countries. Congress may wish to further examine potential remedies to this problem, and include in that discussion any interested law enforcement and government agencies, as well as private sector representatives, who could provide valuable insight and expertise with respect to this issue. 7. It sounds like the INS has been the only agency that has actively pursued organized criminals who manufacture counterfeit Social Security cards ``wholesale.'' What programs has the Secret Service initiated to combat widespread use of counterfeit Social Security cards and false or stolen SSNs? Answer: As part of our investigative mission, the Secret Service actively investigates the manufacturing of counterfeit Social Security cards, birth certificates, driver's licenses, employment identification cards and other counterfeit government documents. The Secret Service, both individually and with task forces throughout the country, is focused on the suppression of counterfeit identification plants. 8. Are operations similar to ``Operation Tarmac: (i.e., ID checks conducted at airports) being considered at other entry points, such as seaports? To what degree are full background checks being conducted? Can you provide any particular details regarding recent arrests or investigations relative to entry points into our country? What suggestions do you have relative to the issues we are discussing today, particularly preventing SSN fraud, to help secure our seaports? Answer: The Secret Service does not have jurisdictional authority over security at entry points and does not conduct background checks for entry points. I hope this information is helpful to the Subcommittees. If I can answer any additional questions, or provide any further information, please do not hesitate to contact me. Sincerely, Robert Bond Deputy Special Agent in Charge Federal Bureau of Investigation Washington, DC 20535 Question #1: Is there information you currently need that you are not receiving or are not receiving timely from the Social Security Administration? If so, what information, and do you know the reasons for the non-receipt or the delay in receipt? What results would receiving such information or receiving such information more timely produce? Response #1 As a whole, there does not appear to be a problem for the FBI in receiving necessary information from the Social Security Administration (SSA). However, there is no way to identify whether or not on a case- by-case basis there is an existing problem. The FBI does not routinely receive fraud referrals from the SSA. Question #2: Operation Tarmac has just scratched the surface of the potentially tens of thousands of illegal aliens and smaller numbers of U.S. citizens using false identities who hold security clearances issued by private companies under contract to municipal and government agencies. If such people represent an unacceptable risk at airports, aren't they also a risk for subway systems, railroads, Federal Government offices, hazardous materials sites, and so on? Is the Federal Government going to take further initiatives beyond the airport investigations? Shouldn't such agencies ``clear out'' these high-risk workers? Response #2 A number of FBI field offices participated in Operation Tarmac, which was an Immigration and Naturalization Service (INS) initiative mainly through government fraud task forces. Some offices have also been active in similar type operations, with the Department of Transportation and the U.S. Customs Service targeting individuals employed in the same type of capacity. In cities such as Miami, Dallas, Houston, Salt Lake City, and New York there have in the past few months been hundreds of arrests in such sweeps. History has shown the vulnerability of our airports. These sweeps were priorities due to the vast number of workers and the fact that they were either in, had unfettered access to, or controlled secured areas of the airport. Any other immigration initiatives of this type would typically be initiated by the INS, since these matters are primarily under their jurisdiction. Such people targeted in Operation Tarmac would also be a risk if employed in subway systems, railroads, Federal Government offices, hazardous materials sites, and other such locations. Question #3: We know that identity theft is pervasive and is increasing at an exponential rate. The Attorney General has endorsed S. 2541, introduced in the Senate. Will the increased penalties in that bill be sufficient to curb this kind of crime? Response #3 S. 2541 would substantially increase the criminal penalties applicable to the most serious forms of identity theft, and would streamline the requirements for prosecuting Federal identity theft offenses. The actual deterrent effect of such measures can only be determined over time, but we believe that these important reforms, together with other measures designed to combat identity theft, will strengthen the ability of federal law enforcement to address this growing and serious problem. Question #4: A March 2002 GAO study described a 40% increase in identity thefts reported to the Social Security hotline during a 7- month period in 2001, over the same period in 2000. Should we expect a continuation of this rate of increase? Response #4 It is difficult for the FBI to predict future increases in identity theft reported to the SSA Hotline. However, without changes being made to the availability of personal identifying information and without any standardization of documents used to take over someone's identity such as birth certificates, state issued identification cards, and state issued driver's licenses, further identity theft increases are probable. Question #5: What should the Congress consider to stop the wholesale document fraud that has made it very difficult to distinguish illegal aliens from U.S. citizens and made it easy for terrorists to obtain counterfeit documents? Response #5 The safeguarding of personal identifying information, including Social Security Numbers, appears to be a key component in protecting one's identity from fraud. Safeguarding includes security features on actual documents as well as limitations on the sale and distribution of personal account information. Question #6: It sounds like the INS has been the only agency that has actively pursued organized criminals who manufacture counterfeit Social Security cards for ``wholesale''. What programs has the FBI initiated to combat the widespread use of counterfeit Social Security cards and false or stolen SSNs? Response #6 The FBI typically investigates fraudulent Social Security cards and the use of false or stolen Social Security Numbers in conjunction with other criminal matters, such as check fraud, credit card fraud, loan fraud, mail fraud, wire fraud, computer crimes, and terrorism matters. The FBI typically investigates organized groups involved in identity theft activities including the misuse of someone's Social Security Number. An example of one of these cases investigated by the Detroit Division relates to five subjects who used the identity of their victims to obtain mortgages on the victims' homes, which had no liens. Over $1.2 million was obtained by the subjects through this scheme. They used the victims' identities, including their Social Security Numbers, to complete documentation to receive these loans. At the closings, they presented counterfeit Social Security cards and fake driver's licenses to the title company representatives as identification. Another example of an FBI investigation involved 15 subjects and over one half million dollars in fraud. These subjects used sources inside businesses, such as car rental companies and hospitals, to provide forms that had personal identifying information regarding their customers. These forms were used to extract such information, as well as to obtain the credit card number used as payment. The subjects then contacted the credit card issuer purporting to be this person. They used the information from the form to provide the Social Security Number, date of birth, and home address of their victims to confirm they were the accountholders. Then they requested to add authorized users to the accounts and get additional cards issued. The subjects then intercepted these cards, which were going to be delivered to the various victims' homes, and used them to obtain merchandise as well as cash advances. Question #7: Are operations similar to ``Operation Tarmac'' (i.e., ID checks conducted at airports) being conducted at airports being considered at other entry points such as our seaports? To what degree are full background checks being conducted? Can you provide any particular details regarding recent arrests or investigations relative to entry points into our country, particularly our seaports? What suggestions do you have relative to the issues we are discussing today, particularly preventing SSN fraud, to help secure our seaports? Response #7 As stated in question number 2, the FBI participated in Operation Tarmac, which was an INS operation as well as being actively involved in other operations regarding airport workers. However, this question would be better directed to the INS, the U.S. Customs Service, and any other agency that has jurisdiction regarding matters occurring at entry points into the United States. The FBI does not typically investigate point of entry matters but may get involved in such matters where the criminal violation is also under the FBI's jurisdiction. The U.S. Coast Guard has also played a traditional role inside the international waters contiguous to the United States. Full background checks at the airports are conducted by the employing companies, and spot checks of these background checks have been made by FAA in past years. With the entrance of Homeland Security, and through the Transportation Security Administration, oversight of these background checks may indeed intensify. Such an intensification would appear to be in line with their regulatory oversight of transportation and transportation facilities. Social Security Administration Baltimore, Maryland 21235-0001 November 8, 2002 The Honorable E. Clay Shaw, Jr. Chairman, Subcommittee on Social Security Committee on Ways and Means House of Representatives Washington, D.C. 20515-0922 Dear Mr. Shaw: In response to your letter of October 10, 2002, we submit the following answers to your questions for the record to supplement my testimony at your Subcommittees' joint hearing on Preserving the Integrity of Social Security Numbers (SSN) and Preventing Their Misuse by Terrorists and Identity Thieves held on September 19, 2002. 1. Expanding from the Operation Tarmac investigations by the Immigration and Naturalization Service (INS) with the support of other Federal agencies, there are potentially tens of thousands of illegal aliens and smaller numbers of U.S. citizens using false identities who hold security clearances issued by private companies under contract to municipal and government agencies. a. If such people represent an unacceptable risk at airports, aren't they also a risk for subway systems, railroads, Federal Government offices, hazardous materials sites, and so on? Yes. Such people could present risks to facilities deemed part of our nation's critical infrastructure. We recommend that the workload required to address these vulnerabilities be prioritized in accordance with the harm potential of each individual site. It is important to stratify our priorities in order to meet these challenges in a cogent manner. b. Is the Federal Government going to take further initiatives beyond the airport investigations? Yes. Under the auspices of many United States Attorney's Offices across the nation, we are reviewing nuclear plants, and informal discussions are underway to expand our efforts to include sites such as dams, bridges and seaports. Additionally, SSA/OIG has begun to review Federal sites which employ contract guards under the purview of the Federal Protective Service (FPS) and GSA. c. Shouldn't it be made incumbent on such agencies to ``clear out'' such high-risk workers? SSA/OIG believes that agencies should periodically review their work force to identify high-risk workers. It is the responsibility of each individual agency that employs high-risk workers at such sites to review their own personnel files and take such steps as necessary to properly screen their work force. SSA/OIG stands ready to assist these agencies in matching files and records as allowed by law. 2. We know that identity theft is pervasive and is increasing at an exponential rate. The Attorney General has endorsed legislation introduced in the Senate to increase the penalties for identity theft. Will that bill be sufficient to curb this kind of crime? While SSA/OIG cannot state that S. 2541, the ``Identity Theft Penalty Enhancement Act of 2002'' will, in and of itself, be sufficient to curb identity theft, we are supportive of the legislation. In our view it builds upon and strengthens the identity theft legislation enacted in 1998 and codified at 18 U.S.C. Sec. 1028(a)(7). We have reviewed and compared the felonies listed in the legislation with felonies which Special Agents from our Office of Investigations have used, or could use, in SSN misuse cases. Based on this review, we suggest the addition of the following four felony violations to section 1028A(c), created by S. 2541. The four sections are: (1) 18 U.S.C. Sec. 371 (Conspiracy to commit offense or to defraud the United States); (2) 18 U.S.C. Sec. 641 (Public money, property or records); (3) section 811 of the Social Security Act (42 U.S.C. Sec. 1011); and, (4) section 1632 of the Social Security Act (42 U.S.C. Sec. 1683a). We believe the addition of these four felony violations will strengthen S. 2541. As discussed in more detail in response to the last part of question 7 and to question 9, we also recommend additional legislative initiatives we believe will help address SSN misuse and identity theft. 3. A March 2002 GAO study described a 40% increase in identity thefts reported to the Social Security hotline during a seven-month period in 2001, over the same period in 2000. Should we expect a continuation of this rate of increase? While SSA/OIG expects the calls reporting identity theft to increase, SSA/OIG is currently taking steps to forward a significant portion of these reports directly to the Federal Trade Commission (FTC), which has been designated the national clearinghouse, in accordance with Congress' wishes. Many of these are allegations involving issues such as credit card misuse or obtaining loans, goods, and/or services not directly related to SSA's programs and operations. In this way, the callers information will be immediately available to Federal, State and local law enforcement who have access to FTC's Identity Theft database. SSA/OIG is also updating its brochure and website information to direct victims of SSN misuse to the FTC. Consequently, SSA/OIG will focus its resources on SSN misuse allegations related to SSA programs and operations. 4. What should Congress consider to stop the wholesale document fraud that has made it very difficult to distinguish illegal aliens from U.S. citizens, and made it easy for terrorists to obtain counterfeit documents? SSA/OIG audit and investigative work has identified three distinct approaches to SSN integrity for which legislation is critically needed. The first area is limiting the use and display of the SSN already in circulation in the public and private sectors. Second, the present arsenal of criminal, civil, and administrative penalties is clearly insufficient to deter and/or punish identity thieves. The third approach is requiring the cross-verification of SSNs through both governmental and private sector systems of records to identify and address anomalies in SSA's files, and in data bases at various levels of government and the financial sector (we discuss SSN verification later in this document). Specific needs for legislation to curtail the use of counterfeit documents include: LApplying the Civil Money Penalty to the felony provisions of the Social Security Act in the area of SSN misuse; LEnhancing the penalties for identity theft violations, to include selling SSNs and other Social Security information; LImmediately curtailing the public display of SSNs on identification cards, motor vehicle records, court documents, and the like; LRestricting private and governmental use of SSNs, including the display of SSNs on government checks and driver's licenses or motor vehicle registrations, and some prohibitions of the sale, purchase, or display of the SSN in the private sector; LProhibiting prison inmate access to SSNs; LRestricting unfair or deceptive acts or practices, such as refusals to do business without receipt of an SSN; and LTreating credit header information as confidential. 5. What programs has your office initiated to combat the widespread use of counterfeit Social Security cards and false or stolen SSNs? SSA/OIG actively pursues cases involving the trafficking of SSNs. SSA/OIG's Office of Investigations (OI) Field Divisions regularly investigate allegations of SSN misuse related to program fraud. Furthermore, five OI Field Divisions are active Members of identity theft task forces, focusing on counterfeit documents and the trafficking of documents. Immediately after the tragic events of September 11, 2001, we intensified our efforts to combat the enumeration of individuals who use false evidentiary documents to suborn the enumeration process. As part of these efforts, we continue our close liaison with Anti- Terrorism Task Forces around the nation. With other Federal, State and local law enforcement agencies, we continue to investigate allegations of SSN misuse that affect the Nation's critical infrastructure, such as airports. SSA/OIG/OI personnel have been trained in the identification of fraudulent documents. We are in the process of expanding and upgrading our training efforts in the detection and identification of fraudulent documents during the enumeration process. In conjunction with regional antifraud initiatives, SSA/OIG/OI Field Divisions conduct training in an effort to assist SSA Field Office personnel in detecting false documentation. Additionally, SSA/OIG, in partnership with SSA, has been heavily involved in several pilot projects designed to detect fraudulent documents. SSA/OIG continues to meet with SSA to enhance the Modernized Enumeration System and subsequently reduce the enumeration of individuals presenting false documents. SSA/OIG has also been instrumental in effecting a policy change mandating that all INS evidentiary documents be verified by INS, as discussed below. Recognizing the SSN's importance in non-citizens' assimilation in U.S. society, SSA established an Enumeration Task Force in November 2001 to examine and establish policy that would strengthen SSA's procedures. As a Member of this Task Force, SSA/OIG has shared many insights and ideas with SSA, which we believe will help increase integrity of the enumeration process. SSA/OIG's Office of Audit (OA) has issued numerous reports addressing SSN integrity. These reports included recommendations that addressed vulnerabilities in several SSA processes including assignment and issuance, employer wage reporting, and death master file reporting and issuance. SSA elected to implement many of these recommendations. Additionally, after the events of September 11, 2001, SSA revisited its position on many of our prior recommendations that it had either not yet disagreed with or implemented. In several cases, SSA decided to escalate the implementation of some recommendations, and reversed its position on others. In our May 2002 Management Advisory Report, Social Security Number Integrity: An Important Link in Homeland Security, we provided insight into what more needs to be done to ensure SSN integrity in a post- September 11th environment. Our audit and investigative work has shown that there are three stages at which protections for the SSN must be put in place: upon issuance, during the life of the number holder, and upon that individual's death. To address vulnerabilities at each of these three stages, we suggested that SSA and Congress pursue the following actions: (1) independently verify birth and immigration records; (2) limit the SSN's public availability; (3) prohibit the sale and limit the display of SSNs; (4) enact strong enforcement mechanisms and stiff penalties; and (5) do more to protect the SSN after the number holder's death. We have also reviewed SSA programs that assist employers in recognizing incorrect name and SSN combinations on their wage reports, which could include false or stolen SSNs. Our September 2002 audit The Social Security Administration's Employee Verification Service for Registered Employers (A-03-02-22008) evaluated the policies and procedures SSA had in place to provide information to registered users of the Employee Verification Service (EVS). The purpose of the EVS program is to ensure that employees' names and SSNs are valid before employers' wage reports are submitted to SSA. The use of EVS is voluntary, and can assist employers in eliminating common SSN reporting errors. Employers who wish to verify 51 or more SSNs at one time are encouraged to register for the EVS program. There are approximately 7,400 registered employers in the EVS program--including about 260 third-party users who submit requests on behalf of their clients. However, while the number of employers registering with EVS has increased since 1997, less than 1 percent of all U.S. employers are registered to use the service. Furthermore, only 392 employers (5 percent of those registered) submitted data to SSA since 1999. Finally, EVS did not disclose pertinent information that could have assisted registered employers to detect potential SSN problems. Specifically, SSA did not inform employers when a submitted SSN belonged to a deceased individual. In response to our report, SSA states it planned to review the information shared with employers. In addition, SSA is piloting an online version of EVS, the Social Security Number Verification Service, which SSA hopes will increase employer usage of the SSA verification program. 6. Your office has issued several reports related to the Earnings Suspense File and cited many instances of employers and industries that continually submit erroneous wage reports. a. Has your office initiated any investigations based on these findings? SSA/OIG's Offices of Investigation and Audit reviewed the instances of employers and industries that submit erroneous wage reports. It is our view that under the current statutory scheme, the IRS was best equipped to address this situation and issue penalties. Therefore, we have met with IRS auditors and shared this information, while encouraging them to review IRS enforcement actions related to erroneous wage reports. In addition, it is our understanding that SSA has also shared specific problem employer information with the IRS. b. Will your office utilize ``data mining'' techniques to identity employers that consistently make questionable mistakes in large numbers of wage reports? Yes. SSA/OIG's September 1999 audit report, Patterns of Reporting Errors and Irregularities by 100 Employers with the Most Suspended Wage Items (A-03-98-31009), identified those employers with the most suspended wage items from Tax Years (TY) 1993-1996. In the report, we concluded that a relatively small number of employers account for a disproportionate share of the suspended items and dollars in the ESF, which is the repository for wage items that fail to match name and SSN to SSA records. The types of reporting errors and irregularities by the Top 100 employers for the 4-year period included large numbers of: unassigned SSNs, e.g., one employer had over 6,500 unassigned SSNs; zero SSNs, e.g., one employer had 663 SSNs in which all 9 digits were `0'; consecutively numbered SSNs in which the first 6 digits were identical; and duplicate mailing addresses for 3 or more employees. In this report, we stated that many of the wage reporting problems warranted follow-up action by SSA. Therefore, we recommended that SSA: Ldevelop and implement a corrective action plan for the 100 employers and continue its efforts to contact those employers responsible for large numbers of suspended wage items; Lestablish preventive controls to detect wage reporting errors and irregularities; Lidentify those employers who continually submit annual wage reports with large numbers and/or percentages of unassigned, identical, and/or consecutively numbered SSNs; and Lrun address standardization software as soon as practical after employers submit their annual wage reports to identify employers who report the same address for many employees. In addition, OA has recently started an audit to revisit the issues highlighted in the 1999 report. Our review will assess SSA's implementation of the recommendations made in the top 100 employers' report as well as other actions or initiatives related to employers with large numbers of suspended earnings. In addition, later this fiscal year we plan to initiate another ``data mining'' audit to identify the top 100 employers with reporting irregularities during Tax Years 1997 through 2000. We also understand that the Internal Revenue Service will be reviewing employer reporting for this same 4-year period to identify non-compliant employers and determine what corrective actions are necessary--to include penalties. c. Are there legal or policy barriers to making the names of such ``scoff law'' employers public? Wage and earnings information provided by employers that is placed in SSA's Earnings Suspense File is taxpayer return information and its disclosure is subject to 26 U.S.C. Sec. 6103, which controls the disclosure of Internal Revenue Service data. 7. In your testimony, you ask for civil monetary penalty authority to impose penalties against those who misuse SSNs. Can you provide more details as to what authorities you are specifically looking for? SSA/OIG is seeking authority to impose civil monetary penalties for those criminal provisions of section 208 of the Social Security Act (42 U.S.C. 408). This would include those who: LUse a SSN obtained by false information; LFalsely represent a SSN to be theirs; LKnowingly alter a SSN, or intend to alter it; LKnowingly buy or sell a card that is or purports to be a card issued by the Commissioner of Social Security; LCounterfeit a Social Security card, or possess a counterfeit Social Security card with intent to buy or sell it; LDisclose, use or compel the disclosure of, or knowingly purchase the SSN of any person in violation of any law of the United States; and LFurnishes false information to the Commissioner in connection with the establishment and maintenance of the records provided for in section 205(c)(2) of the Social Security Act. In addition, SSA/OIG is requesting civil monetary penalty authority for (1) the circumstance of an individual offering, for a fee, to assist in acquiring for another individual, an additional SSN or a number that purports to be a SSN; and, (2) violations of certain provisions of H.R. 2036. These proposals are designed to supplement the current criminal penalties in section 208 of the Social Security Act as well as the criminal provisions in H.R. 2036. Based on our OA audit reports regarding SSA's Earnings Suspense File, we would also request authority to impose civil monetary penalties on employers who knowingly submit incorrect SSNs. Since the submission of these proposals, another circumstance has arisen that we feel merits inclusion for both criminal and civil penalties. SSA/OIG Special Agents have encountered instances of individuals selling or otherwise allowing another person to use their identity for fraudulent purposes. As discussed in more detail in the last part to this question, we believe this should be prohibited. Do such authorities lie with other agencies now? The SSN is required by Federal law for the administration of several Federal programs, including Medicaid, Temporary Assistance for Needy Families and food stamps. It is our understanding that each of these programs provides for criminal and civil penalties for improperly receiving benefits. We would defer to the appropriate oversight agency for a complete list of applicable statutes. In addition, from our reading of the Internal Revenue Code, it appears the IRS may impose a civil monetary penalty against an employer that files an incorrect W-2. How would you coordinate? In those instances where the SSN misuse occurred in the program or operation of another agency, we anticipate that we would defer to that agency. We would conduct a joint investigation with that agency should we be requested or if the circumstances warranted. This would also apply to the imposition of civil monetary penalties. SSN misuse that ends up in SSA's Earnings Suspense File has a direct impact on the programs and operations of SSA. We believe that we should be able to impose civil monetary penalties in these cases. We recognize the IRS has a civil penalty for employers providing incorrect information. We believe that coordination, through a Memorandum of Understanding as to who would initially proceed in these types of cases, could be entered into. However, we would defer to the direction of Congress as to which agency should have the lead. Don't available resources limit your ability to pursue SSN misuse today? Available resources do limit the number of SSN misuse cases SSA/OIG Special Agents can investigate and the number of audits that can be performed on SSN misuse. However, from a civil monetary penalty standpoint, currently, the biggest limitation to pursuing SSN misuse is the lack of statutory ability to impose a civil monetary penalty, not necessarily resources. Imposition of a civil monetary penalty under section 1129 of the Social Security Act is by the Office of the Chief Counsel to the Inspector General. What additional resources would you need? SSA/OIG is acutely aware of the problem of SSN misuse and related crimes, such as identity theft, where the SSN is a key component. We believe we have a duty to the American public to safeguard the integrity of SSN. Additionally, we, as SSA's investigative arm, have a duty to detect, investigate, and seek prosecution of crimes involving SSN misuse. Equally important is the responsibility for finding methods of preventing these crimes from occurring, through process and systems enhancements. To address this issue, we propose establishing a core SSN Misuse Response Team. This integrated model combines the talents of our auditors, investigators, and attorneys. This team will focus its efforts on identifying patterns and trends to better target our audit work, refer cases for investigation, and liaison with other relevant public and private sector entities. Using the combined skills of its Members, the team will manage incoming allegations, and using established protocols, evaluate the investigative merit of each allegation and determine whether it should be referred to an SSA/OIG Field Division. This team will also work with the SSA/OIG Office of Audit to conduct official audits based on leads developed as a result of the team's analysis and investigations. Additional audit resources would enable SSA/OIG to target more reviews at determining how SSA might prevent SSN misuse fraud. Reducing crimes involving SSN misuse would help SSA meet the expectations of the American public and improve the public's confidence in SSA's ability to ensure the privacy of sensitive and personal information. The team would also act as liaison on projects and initiatives with task forces involving SSN misuse, credit bureaus, motor vehicle administrations, the Federal Trade Commission, credit card companies, and other entities. This is a comprehensive approach, yet focused enough to allow us to more effectively address this issue and provide assistance to SSA, Congress, the public, and other law enforcement. To staff this initiative we would request the following personnel over the next 5 years. Twenty-two staff for Fiscal Years (FY) 2004, 2205 and 2006. Twenty-four staff for FYs 2007 and 2008. This would be utilized by the hiring of 88 investigative staff, 14 forensic auditors, 10 attorneys, and 2 computer specialists. From a civil monetary penalty standpoint, we anticipate that the recommended legislation would, if enacted, generate a substantial new civil monetary penalty workload. Significant attorney resources will be required to process and evaluate such cases. Are there provisions you would change or add in H.R. 2036? SSA/OIG would recommend the following additions to H.R. 2036 that we believe will enhance our ability to combat SSN misuse. LCurrent legislation requires that an individual needs to be in possession of five or more false identification documents before being subject to prosecution. We recommend that legislation be amended to eliminate the specific number of documents an individual needs to have in his possession before being charged. LCurrent legislation does not prohibit an individual from selling his/her own identity documents. We recommend that a legislative enhancement be introduced to prohibit the sale of one's own identifiers or identification documents to another. In addition to a criminal penalty, there should also be a corresponding civil monetary penalty. LThe ability of SSA or the OIG to verify the SSN of a felony subject for Federal, State and local law enforcement officials, similar to the current process whereby SSA verifies the SSN of individuals for employers. LEnhance penalties for violations of section 208 of the Social Security Act, 42 U.S.C. Sec. 408. Potential structured enhancement of the punishment could be: LIf the SSN is used to facilitate an act of terrorism--up to 25 years. LIf the SSN is used to facilitate drug trafficking or in connection with a crime of violence-- up to 20 years. LAfter a prior offense under section 208, a conviction could result in up to 10 years in prison, double the current sentence. LLeave the rest of the violations at the current punishment--up to 5 years. This would apply to those individuals who improperly receive benefits from SSA using a false SSN. LAmend 18 U.S.C. Sec. 641 to provide for the aggregation of individual Social Security payments improperly made to individuals. LLaw Enforcement Authority for SSA/OIG Special Agents, codifying the current Memorandum of Understanding between the Department of Justice and the SSA/OIG, with the additional ability for the Inspector General to cross-designate State and local law enforcement officials on a case by case basis. LAuthority to impose civil monetary penalties on employers who knowingly submit false SSN information on the submitted wage and earnings statements. LEnhanced sentencing guidelines for SSA employees convicted of improperly providing SSA information or SSNs. LAuthority to disclose SSA information to law enforcement to assist in an investigation involving a serious crime. 8. In light of the widespread use of fraudulent Social Security documents, the fact they assisted the 9/11 terrorists in committing the attacks, and the exponential increase of 40% in identity theft reported to the SSA, should Congress consider giving the SSA/OIG statutory law enforcement authority? Yes, Congress should consider giving SSA/OIG statutory law enforcement. Due to its uniqueness and prevalence in society, the SSN has become our de facto national identifier, used as a key means of identification in both the public and private sectors. Today approximately 300 million people have SSNs. Since the program began in 1936, SSA has issued approximately 390 million SSNs. Since it is so heavily relied upon as an identifier, it is a valuable commodity for criminals. It can be obtained in many ways: presenting false documentation to SSA; stealing another person's SSN; purchasing an SSN on the black market; and, simply making one up. Congress recognized the importance of the SSN in enacting the Identity Theft and Assumption Deterrence Act 1998, P.L. 105-318, by specifically listing the SSN as a ``means of identification.'' From organized crime to illegal aliens, there is an ever-increasing market for SSNs. More and more, the SSN is being used for identification purposes. Based on our experience, the SSN is a prime ``breeder document,'' used to obtain other documents including credit cards, driver's licenses, and so forth. This can be the first step to committing crimes involving financial transactions, banking, false identities, and benefit programs. This could also allow the individual to improperly obtain benefits, items of value, conceal bad debt, avoid arrest, and if the individual is an alien, to work. Private businesses, including credit-reporting agencies, cite the value of the SSN in tracking individuals. Because of its use as a breeder document, ensuring the integrity of the SSN has taken on added significance since September 11, 2001. SSA/ OIG Special Agents have been active participants in the Department of Justice's Anti-Terrorism Task Forces throughout the country, providing valuable investigative assistance. We have played a key role in 37 airport operations around the country, targeting airport employees who misrepresent their SSN's to gain access to secure areas. To date, these operations have resulted in 741 arrests and numerous deportations. A number of other Homeland Security operations are pending. With the importance of the SSN in identifying and eliminating potential threats to our Nation's airports, nuclear power plants and other critical sites, SSA/OIG has become a vital participant in our Nation's Homeland Security efforts. With SSA/OIG's role in identity theft and SSN misuse, as well as its interrelationship to Homeland Security efforts, it is imperative that SSA/OIG be afforded full statutory law enforcement authority. How would your office use these new powers to combat the widespread use of counterfeit Social Security cards and false or stolen SS numbers? Statutory law enforcement authority would reduce SSA/OIG's administrative burden and provide the most effective use of our resources. This authority would allow the Inspector General to cross- designate State and local law enforcement agents to assist OIG Special Agents in the investigation of Social Security cases, including SSN misuse. This would provide greater opportunity for additional undercover operations, identity theft task force involvement and expanded Homeland Security operations. 9. Are there additional law enforcement tools that you need in order to address document trafficking, such as increased penalties or increased information sharing? We would recommend the enactment of the legislation listed in the last part of question 7, where we responded as to what additions we would make to H.R. 2036. 10a. Are operations similar to ``Operation Tarmac'' (i.e., conducting ID checks at airports) being considered at other entry points such as our seaports? Please refer to our answers to question 1. b. What degree is a full background check being conducted? Since each agency conducts security background checks to the level they deem appropriate, this office does not know whether a full background check is being utilized. However, we are available to assist each agency in matching SSA records under the auspices of the DOJ or otherwise as allowed by law. c. Can you provide any particular details regarding recent arrests or investigations relative to entry points into our country, particularly our seaports? There have been no arrests at seaports. However, to date there have been 741 criminal arrests by SSA/OIG personnel at 37 airports. Other Federal, State and local law enforcement agencies participating in airport operations effected many more arrests, as well as INS administrative detentions. What suggestions do you have relative to the issues we are discussing today, particularly preventing SSN fraud, to help secure our seaports? It is our belief that the same focus and methodology used in airport operations throughout the country can also be employed at other points of entry, including seaports. 11. What are your views regarding SSA ``deactivating'' SSNs of certain individuals? a. Is it possible? b. Would it work? Although ``deactivating'' SSNs is possible, it may be difficult to share this information with those who encounter these SSNs throughout the economy. SSA could place an indicator on the record of an individual with a deactivated record. For example, SSA already places indicators on an individual's records when they have died or were issued an SSN for nonwork purposes. In addition, SSA has already established a special indicator when the Agency believes an SSN was issued based on fraudulent documents. Nonetheless, we have seen instances where this information is not being shared with the users of this information. As discussed above, EVS allows employers to verifyemployees' names and SSNs before they submit wage reports to SSA. However, very few employers actually utilize this service. For this reason, we have recommended that certain employers be mandated to use this service. In addition, EVS does not disclose pertinent information that could assist employers in detecting potential SSN problems. For example, although SSA knows an SSN belongs to a deceased individual or knows the Agency issued the number based on fraudulent documents, EVS does not provide such information to employers. As a result, employers have no way of knowing that an employee is not entitled to use the SSN. SSA also shares the SSNs of deceased individuals in a publicly available Death Master File. Other indicators, such as deactivated SSNs, could also be shared with the public in a similar way. However, this information is sold for a fee, which could limit the number of interested users, and we do not know the full extent of its usage throughout the economy. We have also found that the Death Master File has disclosed SSN information when the SSN owner was improperly listed as deceased. As a result, SSA would need to ensure the integrity of any data shared in any similar file. To ensure SSN integrity, we believe SSA has the responsibility to be the sole source for verifying SSN information and alerting external entities when they have information that indicates an individual may be improperly using an SSN. This responsibility supports the need for SSA to cross verify its data with other Federal, State and local authorities. However, SSA is not appropriately sharing current indicators with the public, so a new special indicator to deactivate an SSN would have to overcome these existing shortcomings. We believe SSA could improve public notification by modifying and expanding EVS and its other SSN verification services, including the online SSN Verification System pilot, the Employer 800-Number, and local field offices. 12. As discussed in the hearing, have you confirmed whether there are universities promoting the fact that they will help foreign students obtain SSNs? No. Although we have not conducted an audit for the sole purpose of verifying this situation, previous audit work has identified situations where SSN applicants have claimed to be students authorized to work, but INS later confirmed that these individuals were not students and not authorized to work. In addition, we received an inquiry regarding a Web site instructing foreign students to go to a certain SSA field office in New York in order to be enumerated. We advised the SSA Regional Commissioner of this inquiry. In general, the schemes alluded to on the subject Web site were known to SSA. In addition, in OA's 2000 audit report on the The Social Security Administration's Procedures for Verifying Evidentiary Documents Submitted with Original Social Security Number Applications, we described a large case in California in which several students of one University used false documents to obtain SSNs. The case was investigated by our Office of Investigations and it was determined that store-front ethnic language schools were involved, not legitimate universities. It was further determined that an SSA employee was involved in the improper issuance of SSNs in this case, which were then sold by a middleman. The employee in this case resigned during the investigation and the middleman has been indicted. Further judicial action is still pending in this case. Currently, we have no ongoing audit work in this area. However, we are willing to work with DOJ OIG as well as SSA and INS to determine if there is sufficient information available to conduct additional audit work in this area. An identical letter has also been sent to George W. Gekas, Chairman, Subcommittee on Immigration, Border Security and Claims. We are also including a copy of this response on an IBM compatible 3.5- inch diskette in Microsoft Word format per your directions. If you have any questions regarding these answers, or need additional information, please contact H. Douglass Cunningham of my staff at 202-358-6319. Sincerely, James G. Huse, Jr. Inspector General Electronic Privacy Information Center Washington, DC 20009 October 25, 2002 The Honorable E. Clay Shaw Chairman Subcommittee on Social Security U.S. House of Representatives B-316 Rayburn House Office Building Washington, DC 20515 The Honorable George W. Gekas Chairman Subcommittee on Immigration, Border Security, and Claims U.S. House of Representatives Dear Chairmen Shaw and Gekas: Thank you for soliciting additional information from the Electronic Privacy Information Center (EPIC) following the September 19, 2002 Joint Hearing on Preserving the Integrity of Social Security Numbers and Preventing Their Misuse by Terrorists. I am honored to have been called upon to assist the Committee on these issues. In order the complete the hearing record, I have reprinted the questions posed below along with answers. L1. What limitations on sale, purchase, and display of SSNs do you think Congress should consider? What exceptions, if any, do you think are necessary to ensure the public can still conduct business in a reasonably efficient way, but without sacrificing their privacy and protecting their identity? Individuals would be best protected from identity theft if serious limitations were placed on both governmental and commercial use of the SSN. It is critical that we craft legislation that encourages these entities to use alternative identifiers. Some entities already have created alternative identifiers that are not based on the SSN for customer identification.\1\ --------------------------------------------------------------------------- \1\ Robert Ellis Smith, Alternatives to Using Social Security Numbers in Large Organizations, Privacy Journal, at http:// www.epic.org/privacy/ssn/alternatives__ssn.html. --------------------------------------------------------------------------- Exceptions may be made for situations where other Federal laws require the disclosure of the SSN, for instance, for the reporting of taxable income. However, there should not be blanket exemptions to protections for personal information. If a substantial interest exists in creating an exemption for a particular use of the SSN, statutory protections for the collection and use of the SSN should be established. Under section 7 of the Privacy Act, entities that collect the SSN must give notice to the individual stating whether collection of the information is mandatory or voluntary, the statutory authority for the collection of the SSN, and the uses for which it will be employed.\2\ A similar set of protections should be created for entities that are allowed to collect and use SSNs. This set of protections should include the ability of individuals to gain access to all records keyed by the SSN, an obligation on the data collector to securely store the SSN, limits on the use and disclosure of the SSN, and a cause of action for the individual if any of these provisions are violated. --------------------------------------------------------------------------- \2\ 5 U.S.C. Sec. 552a(7)(b). --------------------------------------------------------------------------- Additionally, we recommend that where possible, exemptions for continued sale, purchase, or display of the SSN should sunset. We believe that the guiding principle of SSN protection should be one that encourages use of alternative identifiers. Sunset provisions will allow business to be conducted in a reasonably efficient way, and motivate data holders to migrate to more privacy-friendly practices. Congress should also explore technical measures to ensure secure storage and transmission of the SSN. When the SSN must be collected and used, it should be stored in an encrypted format. In doing so, the data collector can still use the encrypted result for matching without exposing the full SSN to employees or others. L2. You mentioned the pervasiveness of use of SSNs in conducting business and the need to curb use of the SSNs. To what extent would you carryover the same concerns to use of derivatives of SSNs? The problem with the use of ``derivative'' or partial SSNs is that the individual pieces may be obtained and the complete SSN then reconstructed. Derivative use of the SSN, when done properly, presents less risk than using the entire identifier. It is important that derivative users only employ the last four digits of the SSN. Proper derivative use will reduce risk of identity theft. I hope these answers adequately address your concerns. If I can be of further help, please do not hesitate to contact me. Sincerely, Chris Hoofnagle Legislative Counsel [Submissions for the record follow:] Statement of the Hon. Hal Daub, Chairman, Social Security Advisory Board, and Former Member of Congress Chairman Shaw, Chairman Gekas, Ranking Member Matsui, Ranking Member Jackson Lee, and Members of the Subcommittees. I welcome the opportunity today to share with you, for the record, the views of the Social Security Advisory Board on the importance of protecting the integrity of Social Security numbers. Since its inception, the Advisory Board has actively examined both the authorized and unauthorized uses of Social Security numbers, weaknesses in SSA's enumeration processes and systems, and SSA's role in deterring identity-related crimes, illegal immigration and other security issues related to Social Security numbers. In addition, we have been keeping abreast of developments in the Congress, public sentiments, and SSA's progress in responding to the ever-changing needs of the system. The Board has grown increasingly concerned about rapidly growing incidences of Social Security number misuse, other identity-related crimes, fraud, and acts of terrorism that are often facilitated by the misappropriation or misuse of Social Security numbers. According to SSA's Inspector General, the vast majority of identity crimes--most of which are financial in nature--involve the misuse of an individual's Social Security number. But despite the seriousness with which these concerns were being debated both inside and outside of government circles before September 11th, 2001, it was not until the recent terrorist attacks against the United States that we have seen such widespread awareness of the vulnerabilities and the weaknesses inherent in the current systems. This awareness is accompanied by an equally strong commitment to resolve unanswered questions about the appropriate roles each agency must fill in protecting the integrity of individual identity systems and safeguarding our citizens and our nation against crime and acts of terrorism. As I indicated earlier, these debates are not new. But in light of the new urgency they have taken on since September 11th, 2001, we find ourselves at a pivotal time in our nation's history. Our civic leaders, our business leaders, our social and religious organizations, and our citizens need to join forces, share information, and come to agreement on three very important questions regarding the use of Social Security numbers as a key to validating identity. What role, if any, should the Social Security number play in terms of identity validation for purposes both inside and outside the scope of Social Security programs? What procedures and systems are needed at all levels of our society to prevent the continued misuse of identity information to facilitate acts of terror, violence, mayhem, and abuse? And what safeguards are needed to achieve our security and integrity goals, without unduly compromising individual privacy and freedom? On many occasions over recent years, the Board has heard SSA Inspector General Jim Huse urge the agency, the Congress, the business community, and the public to come to grips with the reality that the Social Security number has become a de facto national identifier. Many times, we have heard Inspector General Huse say that it is too late to ``put this runaway horse back in the barn''. But perhaps we should not be looking to put the horse back in the barn. Perhaps, instead, we should be thinking about building a stronger fence to keep the horse from escaping the farm as well. Slowing the Runaway Horse The Federal Bureau of Investigation (FBI) recently recognized identity fraud as the fastest growing white-collar crime in America, making it a significant public policy issue. And, according to other recent reports from SSA's Inspector General and the FBI, improperly obtained Social Security numbers present a significant vehicle for would-be terrorists to infiltrate themselves into our society--making Social Security number abuse a national security concern as well. Likewise, the Board has heard from SSA officials and the agency's Inspector General that improper attainment or theft of Social Security numbers, including counterfeit Social Security cards, plays a major role in unauthorized work and the growing inaccuracies in wage reporting that have resulted in huge increases in SSA's earnings suspense file. In preparation for its reports on improving service to the public and on SSA's responsibilities to safeguard the responsible collection and expenditure of the public's funds, the Board has met with SSA executives, managers and staff all over the nation. We have met with managers and staff in both headquarters and in the agency's field structure, including more than a thousand SSA field office employees who work on the front lines each day, delivering important services to the American people. We have met with representatives and staff from SSA's Office of Inspector General, the agency's Enumeration Task Force, Regional Security and Integrity Centers in both New York City and Denver, and with the new Enumeration Center established in Denver to begin developing specialized expertise on these issues within the service delivery structure. We have held public hearings all over the nation and have spoken to victims of identity theft, migrant worker groups, employers, and even the Consul General of Mexico, in our attempt to grasp the vast dimensions of these problems. Throughout our work, we have heard one message overwhelmingly--SSA, alone, cannot do all that is necessary to protect our society from identity-related crimes and the other crimes that they enable. SSA must also rely on the expertise, efficiency and effectiveness of the Immigration and Naturalization Service (INS), the Department of State, the Internal Revenue Service (IRS), and law enforcement, as they carry out their own important responsibilities. We have heard, loud and clear, that it is imperative for these other agencies to do their part by delivering prompt and effective identity validation and effective enforcement of statutory work requirements--including the use of appropriate penalties and prosecution in cases where individuals, groups or employers are found to be abusing the system or perpetrating criminal acts. Building Stronger Fences The importance of the Social Security number and the Social Security card to the government and to any individual who wants to work or transact some other kind of business in the United States cannot be overstated. Employers are required to ask for an individual's Social Security number before hiring, and the number is the identifier used in all claims for Social Security or SSI benefits, as well as for many other Federal and State programs, such as Medicare, Medicaid, and public assistance benefits. The IRS uses the SSN as an identifier for individual taxpayers, for identifying taxpayer dependents, and for tracking income and payroll tax contributions. Many States use it in their individual driver's license systems. Many businesses and organizations in the private sector, including banks and credit card companies, also depend on the Social Security number as an identifier for maintaining their records. The law specifically authorizes many of these uses. Additional uses have developed over time. While these additional uses may not be specifically authorized by statute, the law does not prohibit them either. In recent testimony before the House Committee on Ways and Means, officials from the General Accounting Office (GAO) reported that many federal agencies are not taking the necessary precautions to safeguard personal information, including the Social Security number, from improper display and disclosure. GAO officials have also urged agencies to look at alternatives to using Social Security numbers as identifiers wherever this is a possibility. It is imperative that government agencies, at all levels of government--federal, state, and local--take the necessary steps to protect the privacy and integrity of individual identifying information. What is lacking here--according to GAO and other observers--is a uniform system of safeguards and policies about how an individual's personal information can be used, displayed or disclosed. Some agencies, businesses, organizations and even State governments have responded to these concerns responsibly--but far too many have failed to understand the importance of keeping identity information safe and ensuring the integrity of the data they maintain and disclose. To illustrate this point, I would like to tell you about a recent interaction that the Board had with the Selective Service System. As Chairman of the Advisory Board, I contacted the Director of Selective Service to voice my concerns about the manner in which his agency captures personal information from the young men who are required by law to register. Registration forms are distributed in U.S. Postal Service offices throughout the nation. They are double-sided, tear-away ``postcards'' that registrants must fill out and mail back to an agency processing center. The form collects such personal identifiers as the young man's name, address, date-of-birth, Social Security number and signature. While I fully understand the need for the system to collect and maintain personal identifying information on the young men who register, the open format for supplying this information does not adequately protect its privacy. The sum total of personal data elements that are reported on this form, if misappropriated, could easily be used by unscrupulous individuals to facilitate crime, immigration fraud, and terrorism. The Office of Management and Budget approved this form for use in September 2001. In response to the issues that I raised, the Board was told that, while the Selective Service System prefers to have men register using electronic methods, they are also given the option to register by mail. Mail-back postcards are used instead of a more secure option because it minimizes postage costs. For those young men who are concerned about the privacy of their information, the throw-away part of the form contains a suggestion that they place the registration card in an envelope before they mail it back. To me, this approach seems pennywise and pound foolish--to save a few cents on postage, are we truly willing to expect and trust that the average eighteen-year-old will recognize the importance of keeping his data secure? While the Selective Service System has agreed to move their ``privacy concern'' instruction to a more prominent location on the registration card itself, the Board believes that this remains an insufficient effort to protect the privacy, integrity and security of the vital information contained on this document. We believe that more responsible measures are needed to address this situation, and countless similar situations in other agencies and organizations. For many years, Committees and Members of Congress have emphasized the importance of maintaining the integrity of the Social Security number and the Social Security card. Hearings have been held and bills have been introduced. In 1996, the Congress passed legislation requiring SSA to study the feasibility of issuing a secure Social Security card. The agency issued a report in 1997, but no action was taken. During the last session of Congress, the Chairman and Ranking Minority Member of the House Social Security Subcommittee, along with other members of Congress, introduced a bill to limit the display of the Social Security number by public and private entities, including on motor vehicle licenses and registration. It provided for making refusal to do business without receipt of an SSN an unfair or deceptive act or practice, and provided new criminal penalties for misuse of SSNs. A similar bill was reintroduced during the current session of Congress to even wider support. This bill establishes important parameters and safeguards that apply to both government agencies and the private sector. We believe that it is a step in the right direction. Strengthening SSA to Meet the Challenge While SSA cannot do the job alone, and while we applaud the progress made by the agency since September 11th, 2001, further improvements in SSA's enumeration processes and systems are needed. As the Board has documented elsewhere, many of those individuals who present themselves daily at one of SSA's over-crowded field office waiting rooms around the country have come to apply for a new or--more often--a replacement Social Security card. In fact, handling applications for new and replacement cards is the largest category of work that field offices perform. In fiscal year 2001, the agency issued 18.1 million cards, a 16 percent increase since 1997. Currently, about 32 percent of all Social Security number-related requests are for new numbers and about 68 percent are for replacement cards for people with existing numbers. SSA's performance standards for issuing cards reflect a concern for both speed of issuance and quality. With regard to speed, the agency's statistics show that in fiscal year 2001, 96.8 percent of Social Security number applicants were advised of their assigned number within 24 hours of initial processing. Agency statistics for 2000 show that 99.8 percent of numbers were issued accurately. Nonetheless, SSA's Office of the Inspector General has expressed a high level of concern about the integrity of the agency's enumeration process and the validity of the agency's performance measurement system. It points out that given the importance of the Social Security number, many unscrupulous individuals have a strong motive for fraudulently acquiring a number and using it for illegal purposes. Problems that the OIG has identified include using an illegally obtained number to receive government services or benefits, obtain employment, or enter the country, and using another individual's number to steal their identity and commit crimes, usually financial crimes, in that person's name. Among other concerns, the OIG has criticized the agency's procedures for validating identity documents that are used by individuals to illegally obtain cards. In 1999, PriceWaterhouseCoopers conducted an independent study that also found that SSA's front-end controls for enumeration were deficient. In one recent review the OIG conducted, it found that significant numbers of cards had been issued based on invalid or inappropriate evidentiary documents presented as evidence of age, identity, citizenship, or legal alien status. These included INS forms that were never issued, and forms that INS had issued to individuals other than the Social Security number applicants, or had issued with a different alien classification. SSA had also assigned many numbers to applicants whose U.S. birth certificates were counterfeit. The OIG has also concluded that SSA employees in the field do not have adequate training or the tools they need to determine the validity of evidentiary documents. Some within SSA have observed, however, that SSA employees are not and should not be expected to become expects on the latest counterfeiting technologies, capable of identifying the highly sophisticated false documents that are now commonly available. The Board also has heard repeated complaints about the integrity of the enumeration process from SSA managers and employees. They believe that many of the documents they are seeing are not valid, but as one field office employee noted, the policy is that ``Unless you have a specific reason to suspect the validity of a document, you should go ahead and process.'' A field office manager told the Board that false identity documents are easily gotten. For example, a false driver's license ``can be bought down the street,'' and there is no cross check with the Department of Motor Vehicles. Employees in one office the Board visited observed that every office follows its own processing procedures. Some are stricter than others, and the result is that people shop around for the office that is most likely to issue a card. One SSA executive told the Board that in his area the selling of Social Security numbers is one of the agency's biggest stewardship problems. There are gangs who routinely approach SSA employees who might be vulnerable. These gangs are sophisticated in finding out about employees' personal situations and they use this information as leverage to coerce or entice employees to steal numbers or provide them with sufficient personal information from SSA's databases, information that can then be used to establish fraudulent identities. Another problem that concerns many employees is that, without a photo ID or some form of biometric identification, neither of which is required, there is no way they can be sure that individuals who come into the office are who they say they are. This is an issue that goes beyond the issuance of a number and includes individuals who claim benefits as well. Employees in field offices have told the Board that interviews with individuals who are applying for Social Security numbers--and who want them right away--are the most contentious that they must face. There is also a concern within the agency that more careful checking of documentation or developing a more secure card would require additional resources, which the agency does not currently have. In March of 2002, the Board issued its report on the agency's responsibility to ensure program integrity, outlining many of the same issues addressed here today. In that report, we recommended that SSA work more aggressively with the INS and with the Department of State to resolve any outstanding loopholes or gaps in data sharing and in the identity verification process. In addition, we have recommended that SSA work more aggressively to encourage the IRS to exercise its statutory authority and begin sanctioning chronic abusers of work authorization requirements. We applaud the progress that has been made by SSA since that time. The agency has taken giant steps forward in closing many of the loopholes that we have discussed in our stewardship report and elsewhere. But, as outlined above, and as is apparent from the testimony of others here today, further efforts are needed. SSA does not and should not work in a vacuum. The agency depends upon the support of the Administration and the Congress to provide the resources necessary for the agency to do its job and uphold its responsibilities. As we have learned from recent events in our country, it is imperative that those critical functions of the agency--including the protection of the Social Security number from misuse and abuse--be fully staffed, fully funded and provided the same level of serious consideration as other agencies that have a responsibility for protecting our security and national well-being. The Board intends to continue monitoring these critical stewardship and security issues. We look forward to working with the Congress and the Administration on these very important matters. Statement of Witold Skwierczynski, National Council of SSA Field Operations Locals, American Federation of Government Employees, AFL- CIO, Baltimore, Maryland Chairman Shaw, Chairman George W. Gekas, Ranking Member Matsui, Ranking Member Jackson Lee and members of the Subcommittees, I thank you for the opportunity to present this statement regarding Social Security's ability to preserve the integrity of Social Security numbers and preventing their misuse by terrorists and identity thieves. As a representative of the AFGE Social Security General Committee and President of the National Council of SSA Field Operations Locals, I speak on behalf of approximately 50,000 Social Security Administration (SSA) employees in over 1400 facilities. These employees work in Field Offices, Offices of Hearings & Appeals, Program Service Centers, Teleservice Centers, Regional Offices of Quality Assurance, and other facilities throughout the country where retirement and disability benefit applications and appeal requests are received, processed, and reviewed. AFGE is committed to serve, as we always have in the past, as not only the employees' advocate, but also as a watchdog for clients, taxpayers, and their elected representatives. Let me begin by stating we agree with Chairman Gekas' comments that the privacy of the Social Security numbers of every American is under attack and that the Social Security Administration can do more to tighten up its procedures for issuing Social Security Cards to prevent fraud. Accuracy on the part of the SSA employees processing requests for Social Security numbers is greater than those of the agency charged with safeguarding immigration records. In SSA, we process 6 million Social Security Number requests annually. According to SSA's OIG, less than 1.6% of Social Security Number requests have been issued with false INS documents. That figure was based on FY2000 statistics. However, since FY2000, SSA has implemented new systems enhancements and policies that require all INS documents of foreign-born applicants to be verified by INS before the issuance of a Social Security number. The Union believes that these measures have further safeguarded the privacy and integrity of the SSN records. Unfortunately, SSA has also implemented initiatives that we believe are harmful to the integrity of all SSA records leaving every American vulnerable to attack by terrorists, international criminals, and an increasing number of identity thieves. Employer Access In May 2002, the Union became aware that the Agency implemented a program that allowed employers to gain access to SSN records of their newly hired employees via the Internet. This program has been approved by OMB for 630 major employers and may be soon expanding. According to approved procedures, SSA business partners and companies are nominated by SSA's Senior Financial Executive under the Deputy Commissioner Finance Assessment and Management, then approved by SSA's Commissioner. The Union believes that employer access to SSN records will result in misuse, fraud and abuse of individual privacy. On the issue of privacy, if the employer can obtain this information about an individual, anyone with an EIN may gain access to personal information. The gatekeeper of SSN records thus becomes the employer and its employees authorized access to ``verify'' Social Security records. SSA has notified the Union that audits were not conducted by any private or governmental entity, i.e. SSA, OIG, or GAO, of the initial ``Employer Access'' pilot, prior to implementing expansion. SSA went forward with full implementation without assurances that: LInformation sought on individuals were actual employees hired by their companies, LEmployee verifications were conducted by approved employers only, LThe public's privacy was not compromised, and to determine if the integrity of SSA programs had been compromised by inappropriate or unauthorized use of this program, LEmployers accessed SSN records only for new hires rather than access to discriminate and/or violate individual privacy. LInformation obtained through this program was not relied upon to justify adverse action against a worker, which would violate State or Federal law. LSigned statements were obtained, acknowledging there are criminal penalties for making a knowing and willful request for access to records concerning another individual under false pretences. Such abuses are considered criminal and punishable by law and carry penalties. Additionally, the Union has learned that details needed to determine an individual's identity are not being required by SSA for these employers to obtain information about SSN records. This would include the date of birth, place of birth, mother's maiden name. Therefore, SSN records of someone with a similar or same name may be provided to the employer, making it easier for someone to use another person's SSN. Therefore, the employer would further compromise the integrity of SSN records. SSA has developed an alert system to determine if employers may be verifying an excess of SSN records. If an employer requests verification on more than 200 percent of the number of W-2s processed in the preceding tax year, an alert will be issued. The Union strongly believes that this ``alert'' system is a facade to provide concerned parties with a false sense of security of individual privacy. This ``system'' provides a means for employers to abuse their privilege and allow the abuse to go undetected and unexposed. For example, a corporation with 100,000 employees would be able to access 200,000 SSN records of individuals for family, friends and colleagues without detection. Although SSA's own reports indicate that one employer has already exceeded its number of employees by more than 500%, SSA has failed to conduct an audit. Furthermore, SSA has not developed or communicated a written policy to hold companies legally liable for misuse of employer access of SSN records. It is the Union's understanding that SSA plans to expand other services and/or records to employers in the future. OMB must give approval to SSA to expand the number of employers who can gain access to SSN records. We strongly believe that Congress should urge the OMB to rescind this program to insure integrity of SSN records and individual privacy. INS Involvement--Enumeration Centers and Enumeration at Entry In January 2002, SSA signed an agreement with the Immigration and Naturalization Service (INS) to implement the Enumeration at Entry project. This allows INS, during the initial phase, to electronically forward to SSA enumeration data from certain aliens lawfully admitted for permanent residence. SSA will then electronically assign an SSN and issue a Social Security card to the alien. As members of the Judiciary Committee are painfully aware, the INS has a lengthy history of being severely mismanaged. Its workers are faced with tremendous backlogs approaching 2 million applications. In January 2002, the GAO made Congress aware that immigration benefit fraud at the INS is a significant problem that threatens the integrity of the legal immigration system. INS officials believe that the problem is pervasive and serious and they also believe that some aliens are using the benefit application process to enable them to carry out illegal activities, such as crimes of violence, narcotics trafficking, and terrorism. Until the INS and Congress can successfully address these problems, how can SSA consider allowing the INS to provide SSA with accurate, legal information to ``electronically'' assign a Social Security number when the integrity of INS records cannot be maintained? SSA now intends to implement an Enumeration Center as a pilot in the Brooklyn, NY area. This Enumeration Center will be staffed by SSA field office employees, SSA's OIG and INS employees. SSA intends to rotate field office employees in/out of the Enumeration Center. All requests for Social Security cards will be handled at the Enumeration Center, rather than an SSA field office. This means that if someone walks into a SSA field office to apply for a SSN, the SSA employee who normally would help the applicant will have to refer him or her to the Enumeration Center for assistance. This would include referring clients who have other business at an SSA field office. AFGE opposes Enumeration Centers. SSA's field offices have always been full-service facilities. The taxpayer deserves full-service and one stop shopping. To refer SSN applicants to an Enumeration Center that may be miles away, will create barriers and greatly inconvenience folks who rely on public transportation or have physical disabilities. Foreign-born applicants should not have to be subjected to the intimidation of SSA-OIG and INS workers when applying for a Social Security card. The security issues raised by SSA are unfounded. SSA employees are highly trained. Systems enhancements and new policies have virtually eliminated the unknowing acceptance of fraudulent INS documents. To prevent highly qualified SSA employees from providing the services they were trained to do, at the convenience of the public, is a disservice. This Congress is already aware of the human capital crisis at SSA, particularly in its field offices. Detailing employees to enumeration centers is needless and not a good use of our precious resources. Integrity of SSA Internet Services Two months after SSA gave employers access to SSA records via the ``Employer Access'' program, SSA discovered weaknesses in the Internet firewalls, which compromises SSN records to hackers. Rather than inform the public or Congress of this possible breach of privacy and possibility of identity theft, SSA posted a message that misled the public to believe that routine maintenance was the cause for SSA Internet access to be down for 3 days. This was not a surprise to AFGE. Computer specialists had previously advised SSA that its database would be difficult, if not impossible, to protect from hackers. In spite of warnings and protests, SSA decided to move forward with its ``E-Gov'' goals. AFGE informed Congress of its objections to SSA's plans to expand online services. The American public trusts SSA to guard and protect the very source of their livelihood, their Social Security numbers. AFGE strongly believes that the protection all SSA records against identity theft, fraud and misuse should be guaranteed and never compromised. Now, when identity theft poses its greatest threat to our nation in the way of terrorism and ciminal acts, SSA's records need to be more secure than ever. Instead, SSA is taking actions that we strongly believe will ultimately be harmful to the integrity of all SSA records. We urge your Committees to consider the following: LAt a minimum, request GAO to audit SSA Employer Access initiative to insure the proper access of SSA records. LUrge SSA to cease and desist giving access of SSA records to third party entities (governmental and private). LRequest GAO to assess and/or audit the SSA Internet firewall protections of all SSA records. LUrge SSA to rescind it plans to create SSA/INS Enumeration Centers and direct SSA to seek Congressional approval for the creation of such a flawed bureaucracy, which will only serve to undermine SSA's public service and the integrity of its records. I thank you for your time and your consideration of our concerns. American Immigration Lawyers Association Washington, DC 20004 The Honorable E. Clay Shaw, Jr. Chairman, House Social Security Subcommittee B-316 Rayburn House Office Building Washington, DC 20515-6353 The Honorable George Gekas Chairman, House Immigration, Border Control and Claims Subcommittee B-370B Rayburn House Office Building Washington, DC 20515-6353 The American Immigration Lawyers Association (AILA) thanks the committees for the opportunity to submit our comments on the September 19, 2002 joint hearing on Preserving the Integrity of the Social Security Number and Preventing Misuse by Terrorists and Identity Thieves. AILA supports taking constructive steps to ensure that identifying documents, such as the social security card, are not subject to fraud and misuse. AILA urges the committees to consider how positive reforms to our immigration laws can help achieve this goal. The testimony seemed to indicate that a large number of the employees who were the subject of the 800,000 no-match letters the Social Security Administration (SSA) sent to employers this year are undocumented workers. This, if true, underscores that there are millions of undocumented workers in the United States who are here to fill ``essential worker'' positions, those unskilled and semi-skilled jobs vital to all sectors of our economy. These essential workers fill jobs that U.S. workers are unwilling to take, despite the general downturn in the economy. Reports from the Bureau of Labor Statistics reinforce the need for essential workers and the fact that this need is rising. During the labor force expansion that took place from 1996-2000, foreign labor filled the lesser skilled positions native-born workers left. As a result, over 55% of the foreign-born work force is concentrated in service and labor occupations. Projections for the next ten years indicate that the need for workers in these occupations will continue to rise as new jobs are created: the service-producing sector alone is expected to create over 12 million new positions. 57 percent of all job openings will be for essential worker positions and will only require modest or on the job training. In order to keep our economy strong, the U.S. needs these essential workers to fill these positions. This nation has long benefited from the large number of undocumented worker who fill unskilled and semi skilled positions essential to our economy. It is long past due that we change our immigration laws to provide legalization for the hard-working, taxpaying workers in this country and create a legal means for workers we will need in the future. That these workers are here illegally is a symptom of an immigration system that is out of touch with the needs of our economy. Simply put, there is no way for workers currently here to legalize their status and there is no visa category through which semi-skilled and unskilled workers can legally enter the United States in order to perform full-time, year-round work. These workers do not want to be undocumented. Many are paying taxes and social security, the same as legal workers. However, the lack of any legal means to regularize the status of those who are here and the absence of any temporary immigration program through which people can legally enter and leave the country is not good for our communities, our economy, or our security. In fact, both a legalization program and an essential worker temporary visa program will help us to enhance our security. A legalization program that rewards work would bring hardworking, well meaning individuals out of the shadows and would allow us to properly identify and document them. We would know who they are and why they are here. A temporary program that designates legal channels for entry would allow us to focus our resources at the border on those who mean to do us harm, not those who fill our labor needs, and reduce the number of tragic deaths associated with border crossings. Both these initiatives would further enhance our security by permanently reducing the demand for counterfeit documents and other related acts associated with unauthorized work. These positive changes would allow free up our agencies' time and resources and allow them to concentrate their efforts on achieving security goals that actually enhance our security. The legalization of these workers also would provide a second benefit to the SSA through the reduction of the Earnings Suspense Fund (ESF). When the SSA announced its no-match letter program for this year, reduction of this file was touted as one of the goals. A legalization program will help reduce the ESF, and the agency will be able to reduce administrative costs associated with maintaining such a large fund. AILA strongly opposes initiatives that would prohibit foreign nationals who legalize their status from receiving credit for the social security contributions they made while they were in an undocumented status. America needed the contributions these workers made in the labor force when they were undocumented. We should recognize their contribution by allowing them to access their social security benefits once they are legalized. In this time of heightened security, we must foster an environment that that will encourage individuals to emerge from the shadows and participate as productive members of our society in order to separate them from those that are here to do us harm. Positive immigration reform in conjunction with constructive reforms to protect the integrity of the social security numbers and prevent identity theft will greatly improve our nation's efforts to provide effective security. Sincerely, Statement of ERISA Industry Committee (ERIC), National Association of State Retirement Administrators (NASRA), National Council on Teacher Retirement (NCTR), National Rural Electric Cooperative Association (NRECA), Profit Sharing/401(k) Council of America (PSCA) The undersigned organizations urge you to carefully consider the unintended consequences of legislation being currently pending before the House Ways and Means, Energy and Commerce, and Financial Services committees. Without amendment, the Social Security Number Privacy and Identity Theft Prevention Act of 2001 (H.R.2036) could unintentionally hinder the delivery of benefits from, and the efficient administration of, public and private employee benefit plans. We strongly support the bill's purpose of ensuring the integrity of the social security number (SSN). We are extremely concerned about the proliferation of identity theft and other financial crimes that exploit individual SSNs, and believe strong legislation should be enacted to combat such nefarious acts. As currently drafted, however, H.R.2036 could make it more difficult to deliver comprehensive health and retirement benefits to public and private employees alike. In general, public and private employee benefit plans use SSNs in plan administration because of the SSNs utility as a common identifier for a highly mobile workforce, and because of tax reporting requirements. Plan administrators take seriously the responsibility that the use of SSNs requires, and they use the utmost caution and security when SSNs are used in plan administration and communications. Public and private sector defined benefit and defined contribution pension and savings plans, like 401(k), 403(b), and 457 plans, use SSNs to identify plan participants, account for employee contributions, implement the employee's investment directions, track ``rollovers'' from other plans, and allow employees to view their account activity or benefit accrual online (typically in conjunction with a secure ``PIN''). H.R.2036's broad prohibitions could impede, for example, an individual's ability to stay current on the accumulation of benefits for his or her retirement. SSNs are also used as the primary identifier in many medical and health benefit and prescription drug plans to coordinate communications between the doctor, the medical service provider, and the plan. H.R.2036's broad prohibitions could, for example, put at risk the delivery of appropriate medications to the individual. The application of H.R.2036's broad prohibitions could: LUnintentionally restrict access to employee benefit plans. Section 202 of H.R.2036 makes it a violation of the Federal Trade Commission Act for ``any person'' to refuse to ``do business'' with an individual because the individual refuses to give his or her social security number to the person. While the commonly understood definition of ``business'' would not include employee benefit plan administration, we are concerned the broad prohibition unintentionally would restrict plan operation. We recommend making it clear that section 202 applies only to commercial transactions, and not in the context of employment of an individual, including the provision of compensation or benefits. LUnnecessarily limit the legitimate and beneficial use of SSNs. Section 201 prohibits the ``sale,'' ``purchase,'' or ``display to the general public'' of an individual's social security number. While the intention of that prohibition is clear, the definitions of ``sale,'' purchase,'' and ``display to the general public'' are not. Those ambiguous definitions risk making legitimate and beneficial uses of social security numbers a violation of Federal criminal law. L For example, many benefit plan sponsors require participants to submit their social security number to the plan in order to be enrolled in and receive benefits from the plan. While such a transaction would not meet the commonly understood definition of ``sale,'' the definition of ``sale'' in section 201 encompasses an exchange of ``anything of value'' for a social security number. L Expressly excluded from the definition is the application of ``any type of Government benefits or program'' (which would cover government assistance programs, not necessarily the employment benefits governments offer their employees). The limited exclusion from the definition of ``sale'' for the application of social security benefits creates a risk that a court will read the exchange-for-value formulation to encompass everything not expressly excluded, including employee benefits. We recommend that the bill's exclusions be modified to encompass the administration and provision of employee benefit plans. L Section 201 also prohibits the intentional placing of a social security number, or derivative thereof, ``in a viewable manner on an Internet site that is available to the general public or in any other manner intended to provide access to such number or derivative to the general public.'' This definition, too, may sweep in routine benefit plan administration. For example, individual social security numbers may appear on correspondence between the plan, the plan administrator, the individual, and an outside third party, like a medical care provider. We are unclear if such ``displays'' are to the ``general public.'' We recommend the bill be amended to include a more precise definition of ``general public'' to ensure that secured and private displays of social security numbers typical in benefit plan administration are not construed to be to the ``general public.'' L Section 201 provides an exception to the prohibition if ``voluntary and affirmative written consent'' of each affected individual is obtained. Our plans may cover tens of thousands of individuals. Thus, obtaining affirmative written consent would be wholly impracticable and extremely costly. Moreover, if an individual not consenting to the use of his or her social security number is dropped from the benefit plan, the plan sponsor would be exposed to a significant risk of litigation, enforcement actions, civil penalties, excise tax penalties, and plan disqualification for violation of the federal laws that govern pension and other benefit plans. Thus, we recommend that relief for employee benefit plans be provided by narrowing the bill's definition of ``sale'' and ``general public'' as discussed above. LUnwisely subject public and private employee benefit plans to regulations promulgated by a federal agency with no expertise in employee benefit plans. Section 201 also gives authority to the U.S. Attorney General to promulgate regulations to ensure, among other things, that the prohibitions contained in section 201 are ``no broader than necessary'' to accomplish its purpose. If the bill is not amended, as we have recommended, to exclude routine benefit plan administration from the definitions of ``sale'' and ``purchase,'' we strongly recommend that the rulemaking authority granted to the Attorney General be done in consultation with a federal agency familiar with the workings of employer-sponsored benefit plans with the clear direction that regulations accommodate legitimate uses of social security numbers in employee benefit plans. Please do not hesitate to contact Janice Gregory (202-789-1400) at ERIC, Jeannine Markoe Raymond (202-624-1417) at the NASRA, Cynthia Moore (703-243-1667) at the NCTR, Chris Stephen at the NRECA (703-907- 6026) or Edward Ferrigno at PSCA (202-626-3634) to discuss this matter in more detail. Federation for American Immigration Reform Washington, DC 20011 September 18, 2002 The Honorable E. Clay Shaw, Jr. Chairman, House Social Security Subcommittee B-316 Rayburn House Office Building Washington, DC 20515-6353 The Honorable George Gekas Chairman, House Immigration, Border Control and Claims Subcommittee B-370B Rayburn House Office Building Washington, DC 20515-6217 In connection with the hearing that you jointly are holding on September 19, 2002 on Protecting Integrity of Social Security Numbers, I would appreciate your consideration of the views of the Federation for American Immigration Reform (FAIR). Shortly after the tragic terrorist attacks last year FAIR issued a blueprint outlining several urgently needed measures to protect homeland security. Recently, on the anniversary of the attacks, we issued a report card on the progress towards adopting these earlier recommended measures. In that report card, we singled out the significance of the actions taken by the Social Security Administration (SSA) toward improving our national security. In particular, two actions merit the recognition and strong support of Congress and the American public. First, the decision by SSA to stop issuing social security cards to aliens in order to satisfy the requirements of some state departments of motor vehicles for Social Security Numbers (SSNs). The prior practice meant that the SSA was issuing SSNs to aliens who were illegally in the country to facilitate their applications for state-issued driver's licenses. The tragic effects of that policy were revealed when it became clear that all 19 of the 9/11 terrorists had state-issued driver's licenses, some of them from multiple states. Under the circumstances, we strongly urge each of the subcommittees to underscore your support for sustaining the current practice of SSA in this regard. Second, the SSA has finally begun to insist on the need to reestablish the integrity of the SSN as an identifier for payroll purposes. It is a well-documented fact that counterfeit document operations have proliferated in the period since adoption in 1986 of the Immigration Reform and Control Act (IRCA) prohibition against hiring illegal aliens. One of the most frequently counterfeited documents has been the Social Security card. This abundance of fraudulent documentation has made it difficult for employers--even the vast majority who have no intention of hiring illegal aliens--to discern the authenticity of the work eligibility documents presented by prospective employees. The SSA's failure in the past to compare the SSNs on payroll documents with the SSNs they have issued has actually encouraged growth in the numbers of employers willing to hire illegal aliens. Beginning with agriculture and meatpacking industries and spreading throughout the hospitality industry, employers have been so motivated by the spread of illegal alien hiring by their competitors and the by the lack of enforcement against illegal employment that many have looked the other way and become fully dependent on cheap illegal employees. As a consequence, illegal immigration has been further encouraged, and qualified American and legal resident workers have been displaced as once prevailing wages have been dramatically depressed. While the SSA has offered a free online service to employers to verify the work eligibility of potential employees, there has been no real incentive to use the service. That may change now as a result of the SSA's recent actions systematically to notify employers of mismatches between SSNs listed on payroll documents and the SSNs issued. Complaints that this program of advising employers of no-matches may cost legal workers their jobs in unfounded, because the notification process specifically advises employers that they should allow the employee to reconcile with the SSA any possible data error that has led to a false no-match notification before a no-match notification leads to the termination of employment. Once again, we applaud the Administration and the SSA for taking these steps. Our concern, however, is that if they could be accomplished as policy changes, they similarly could be discontinued by a new policy decision. We urge you to assure that this program of issuing no-match letters to employers becomes a permanent requirement. There remain, however, two outstanding actions that would help to buttress the new SSA program. The first of these would apply the law sanctioning employers who continue to ignore the SSA alerts that employees do not have valid SSNs. The Internal Revenue Service (IRS) should be required to begin immediately fining businesses that flagrantly continue to ignore the SSA notifications. Secondly, the SSA has long maintained a policy of non-cooperation with the INS in identifying workplaces with potential illegal alien employees. This has changed somewhat in the Basic Pilot employment verification system mandated by the Illegal Immigrant Reform and Immigrant Responsibility Act of 1996. In that program, the SSA was required to verify SSN data and forward employment data on foreign-born workers to the INS for verification of work eligibility status. Although that program is still ongoing, its trial period has been completed and successfully evaluated by an outside contractor. Until such time as Congress enacts the Basic Pilot program as a permanent fixture in the nation's efforts to regain control over its borders, the SSA should require that no-match notifications to employers be retained by the employer for potential audit by the INS at the time that it may investigate whether employers are in compliance with the requirements of the IRCA prohibition against hiring illegal alien workers. The nation must never again return to the luxury of ignorance about the threat of international terrorism, and it can never relax in a hope that all foreigners will respect our sovereign right to have our nation's immigration policy respected. Instead, we must take the necessary steps to deter both threatening terrorists and illegal immigration by gaining control over our borders and denying safe haven to those who enter or stay in the United States illegally. Assuring the integrity of the SSN system, because it is the universal identifier for may purposes in our society, is critical to achievement of this objective. We trust the members of the House Social Security Subcommittee and the House Immigration, Border Control and Claims Subcommittee will agree that the recent advances in restoring integrity to the SSN system must be locked in place so that they are not subject to erosion as a result of pressures from whoever has the attention of any given Administration at the moment. Sincerely, Dan Stein Executive Director National Council of La Raza, and National Immigration Law Center Washington, DC 20036 October 3, 2002 The Honorable E. Clay Shaw, Jr. Chairman, House Social Security Subcommittee B-316 Rayburn House Office Building Washington, DC 20515-6353 The Honorable George Gekas Chairman, House Immigration, Border Security and Claims Subcommittee B-370B Rayburn House Office Building Washington, DC 20515-6353 RE: LPreserving the Integrity of Social Security Numbers and Preventing Their Misuse by Terrorists, Hearing held before the U.S. House of Representatives Subcommittee on Social Security and Subcommittee on Immigration, Border Security, and Claims, September 19, 2002 Dear Chairmen and Members of the U.S. House of Representatives Subcommittee on Social Security and Subcommittee on Immigration, Border Security, and Claims: The National Council of La Raza and the National Immigration Law Center appreciate the opportunity to submit comments on the issue of the Social Security Administration's no-match letters. Sent by the Social Security Administration (SSA) to certain employers, no-match letters have had a devastating impact on immigrant worker communities throughout the country. For the last several years, advocates have been expressing deep concern about the continued use of these no-match letters by employers to discourage immigrant workers from asserting their workplace rights. Advocates have also been working hard to educate employers who, due to the confusion caused by these letters, feel pressured to take some action against employees listed in the no-match letters. The recent hearing before the Subcommittee on Social Security and the Subcommittee on Immigration, Border Security, and Claims of the U.S. House of Representatives highlighted many of our concerns regarding the no-match letters. The hearing also clearly demonstrated the need for a balanced and thoughtful approach to immigration policy that recognizes the contributions that immigrant workers make to the U.S. economy as well as our nation's economic and security needs. In an effort to update its database, the SSA sends no-match letters to employers when the names or Social Security Numbers listed on an employer's W-2 forms do not agree with SSA records. Attached to each no-match letter is a list of employees for whom the SSA database could not find a match. The no-match letter is intended to be an educational correspondence that informs companies that their employees' wages are not being properly credited to their Social Security accounts. The SSA aims to correct its records so that employees' earnings are accurately tracked and can be used to calculate benefit levels when applications for retirement or disability benefits are made with SSA. Correcting the SSA database is certainly a commendable goal. However, the effectiveness of these no-match letters is unproven, and the resulting consequences on immigrant worker communities have been devastating. The SSA's use of the no-match letters has increased dramatically over the past year. While fewer than 100,000 letters were sent in 2000, 110,00 were issued in 2001 and 870,000 were reportedly sent to employers in 2002. However, despite this increase in letters, the Earnings Suspense Fund (ESF) has not decreased. Rather than identify a more effective means to decrease the suspense file, the SSA has increased substantially the use of the ineffective no-match letters. During Mr. Lockhart's testimony, the Social Security Administration itself admitted that it must review the effectiveness of this policy. However, the system's ineffectiveness is not its gravest consequence. The impact of the no-match letters on the immigrant community has been profound and widespread. The failure of the no-match letters to safeguard workers effectively against unfair and illegal practices on the part of employers has had devastating effects on the workers and their families. As the SSA admits, there are many reasons for computer no-matches, and the no-match letters themselves do not prove any wrongdoing by either employer or employee. For example, a large proportion of the names on the no-match letters are Latino, Asian, or other names frequently misspelled by employers resulting in computer no-matches. These honest data-entry mistakes disproportionately affect immigrant workers. However, employer misuse of the no-match letters has caused great harm to workers nationwide. While the letter explicitly warns employers not to take adverse action against workers listed on the letter, layoffs, suspensions, firings, retaliations, and discrimination against these workers are widespread and well-documented. Some employers have simply fired all workers on the list; others have incorrectly reverified the work authorization of workers on the list. In many cases, only Latino or other ``immigrant'' workers, or workers involved in union organizing campaigns, have been fired or harassed (See Aaron Nathans, UW and Janitors Settle; Tentative Deal: $24,000 for Latinos, Capital Times, Dec. 8, 2001 at A1). And since a disproportionate number of names on the no-match lists are ``foreign- sounding'' names, many employers fear that they will face sanctions if they hire additional workers who look or sound ``foreign'' resulting in increased citizenship or national origin discrimination in the hiring process. Low-wage immigrant workers are the most likely to be affected by all of these illegal practices. In fact, our communities have reported widespread abuse of the SSA no-match letters resulting in greatly increased anxiety within the immigrant community. Many legal permanent residents and even U.S. citizens have been affected, and the undocumented worker community has been pushed even further underground. Because many immigrants live in mixed-status families and close-knit communities, when one worker is fired entire families including U.S. citizen children suffer. Thus the SSA's no-match letter policy has not resulted in reducing the suspense file, has not eliminated computer no-matches, and has not diminished unfair hiring practices. In fact, the consequences have been quite the contrary. Particularly in this time of heightened security, we must foster an environment that that will encourage individuals to emerge from the shadows and participate as productive members of our society in order to separate them from those who are here to do us harm. Rather than pour the SSA's resources and energies into an ineffective and harmful policy, we must be prepared to step back and look at the larger picture. The testimony of Mr. Matthew James Reindl highlighted the advantage that unscrupulous employers who hire undocumented workers have over law-abiding employers. For years, immigrant advocates have argued that unlawful hiring practices harm both immigrant workers and U.S. workers. The recent Supreme Court decision in the Hoffman Plastic Compounds Inc. vs. NLRB, ____ U.S. __, 122 S. Ct. 1275 (2002),--further exacerbates that advantage and gives added incentive to employers to hire unauthorized workers. In that decision the Court found that undocumented workers who are illegally fired are not eligible for certain backpay remedies under the NLRA. This decision means that employers can continue to hire unauthorized workers and subject them to exploitative conditions and even fire them for union organizing activities--all of which are illegal regardless of a worker's immigration status--with no out-of-pocket costs. The Social Security Administration's no-match policy will not punish these employers nor resolve the underlying problems associated with the hiring of undocumented labor. Instead, it provides added incentives for employers to take unlawful action against the workers whom they have knowingly hired with no legal ramifications. The answer to the problem raised by Mr. Reindl is to enact legislation reversing Hoffman, thus leveling the playing field by removing the incentive to hire undocumented workers to whom they will never owe backpay. The problems highlighted during the hearing clearly demonstrate the need for comprehensive immigration reform. The existence of the SSA suspense file shows that immigrant workers, regardless of their immigration status, are paying Social Security taxes and are not receiving the benefits of those taxes. The evidence presented also demonstrates that immigrant workers are essential to the U.S. economy and that U.S. employers have knowingly and unknowingly hired many undocumented workers needed to fill jobs in key sectors of the economy. These hardworking, taxpaying immigrants should be rewarded for their contributions by getting the opportunity to legalize their immigration status and obtain permanent residence in the U.S. Only in this way can these workers come out from the shadows, be known to U.S. authorities, properly pay all of their taxes, and be compensated appropriately. Such a legalization program would also greatly reduce document fraud by virtually eliminating the market for falsified Social Security Numbers and other identifying documents, and the Social Security Administration could continue its primary mission of administering the Social Security program. We urge you to reflect upon the ineffectiveness of the no-match letter policy and work towards effective and comprehensive solutions to the problems associated with unauthorized labor in the U.S. We look forward to working with you in the future. Sincerely, -