[House Hearing, 107 Congress]
[From the U.S. Government Publishing Office]
PROTECTING THE PRIVACY OF SOCIAL SECURITY NUMBERS AND PREVENTING
IDENTITY THEFT
=======================================================================
HEARING
before the
SUBCOMMITTEE ON SOCIAL SECURITY
of the
COMMITTEE ON WAYS AND MEANS
HOUSE OF REPRESENTATIVES
ONE HUNDRED SEVENTH CONGRESS
SECOND SESSION
__________
APRIL 29, 2002
Lake Worth, Florida
__________
Serial No. 107-71
__________
Printed for the use of the Committee on Ways and Means
U.S. GOVERNMENT PRINTING OFFICE
80-224 WASHINGTON : 2002
________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512-1800
Fax: (202) 512-2250 Mail: Stop SSOP, Washington, DC 20402-0001
COMMITTEE ON WAYS AND MEANS
BILL THOMAS, California, Chairman
PHILIP M. CRANE, Illinois CHARLES B. RANGEL, New York
E. CLAY SHAW, Jr., Florida FORTNEY PETE STARK, California
NANCY L. JOHNSON, Connecticut ROBERT T. MATSUI, California
AMO HOUGHTON, New York WILLIAM J. COYNE, Pennsylvania
WALLY HERGER, California SANDER M. LEVIN, Michigan
JIM McCRERY, Louisiana BENJAMIN L. CARDIN, Maryland
DAVE CAMP, Michigan JIM McDERMOTT, Washington
JIM RAMSTAD, Minnesota GERALD D. KLECZKA, Wisconsin
JIM NUSSLE, Iowa JOHN LEWIS, Georgia
SAM JOHNSON, Texas RICHARD E. NEAL, Massachusetts
JENNIFER DUNN, Washington MICHAEL R. McNULTY, New York
MAC COLLINS, Georgia WILLIAM J. JEFFERSON, Louisiana
ROB PORTMAN, Ohio JOHN S. TANNER, Tennessee
PHIL ENGLISH, Pennsylvania XAVIER BECERRA, California
WES WATKINS, Oklahoma KAREN L. THURMAN, Florida
J.D. HAYWORTH, Arizona LLOYD DOGGETT, Texas
JERRY WELLER, Illinois EARL POMEROY, North Dakota
KENNY C. HULSHOF, Missouri
SCOTT McINNIS, Colorado
RON LEWIS, Kentucky
MARK FOLEY, Florida
KEVIN BRADY, Texas
PAUL RYAN, Wisconsin
Allison Giles, Chief of Staff
Janice Mays, Minority Chief Counsel
______
Subcommittee on Social Security
E. CLAY SHAW, Florida, Chairman
SAM JOHNSON, Texas ROBERT T. MATSUI, California
MAC COLLINS, Georgia LLOYD DOGGETT, Texas
J.D. HAYWORTH, Arizona BENJAMIN L. CARDIN, Maryland
KENNY C. HULSHOF, Missouri EARL POMEROY, North Dakota
RON LEWIS, Kentucky XAVIER BECERRA, California
KEVIN BRADY, Texas
PAUL RYAN, Wisconsin
Pursuant to clause 2(e)(4) of Rule XI of the Rules of the House, public
hearing records of the Committee on Ways and Means are also published
in electronic form. The printed hearing record remains the official
version. Because electronic submissions are used to prepare both
printed and electronic versions of the hearing record, the process of
converting between various electronic formats may introduce
unintentional errors or omissions. Such occurrences are inherent in the
current publication process and should diminish as the process is
further refined.
C O N T E N T S
__________
Page
Advisories announcing the hearing................................ 2, 4
WITNESSES
U.S. General Accounting Office, Barbara D. Bovbjerg, Director,
Education, Workforce, and Income Security Issues, accompanied
by Kay Brown, Assistant Director............................... 29
Social Security Administration, Atlanta, Georgia, Roland Maye,
Special Agent-in-Charge, Atlanta Field Division, Office of
Inspector General.............................................. 60
______
Florida Office of the Attorney General, Cece Dykas............... 14
Florida Office of the Attorney General, 17th Judicial Circuit:
Lee Cohen.................................................... 50
Anthangtha Guialdo........................................... 51
Palm Beach County, Florida, Sheriff's Office:
Hon. Ed Bieluch.............................................. 55
Paul Rispoli................................................. 56
Tropepe, Lisa, Shalloway, Foy, Rayman & Newell Inc., accompanied
by Tim Morell.................................................. 7
United States Marshals Service, Anthony K. Ross.................. 11
SUBMISSIONS FOR THE RECORD
Alpert, Maisy, Plantation, FL, letter............................ 66
Palay, David, Las Vegas, NV, statement........................... 66
PROTECTING THE PRIVACY OF SOCIAL
SECURITY NUMBERS AND PREVENTING
IDENTITY THEFT
----------
MONDAY, APRIL 29, 2002
House of Representatives,
Committee on Ways and Means,
Subcommittee on Social Security,
Lake Worth, Florida.
The Subcommittee met, pursuant to notice, at 2:15 p.m., in
Commission Chambers, Lake Worth City Hall, Lake Worth, Florida,
Hon. E. Clay Shaw, Jr., (Chairman of the Subcommittee)
presiding.
[The advisory and revised advisory follow:]
ADVISORY
COMMITTEE
ON WAYS
AND
MEANS
SUBCOMMITTEE ON SOCIAL SECURITY
Contact: (202) 225-9263
FOR IMMEDIATE RELEASE
April 22, 2002
No. SS-13
Shaw Announces Hearing on Social Security
Protecting the Privacy of Social Security
Numbers and Preventing Identity Theft
Congressman E. Clay Shaw, Jr. (R-FL), Chairman, Subcommittee on
Social Security of the Committee on Ways and Means, today announced
that the Subcommittee will hold a field hearing on protecting the
privacy of Social Security numbers (SSNs) and preventing identity
theft. The hearing will take place on Monday, April 29, 2002, in the
Commission Chambers, Lake Worth City Hall, 7 North Dixie Highway, Lake
Worth, Florida, beginning at 1:00 p.m.
In view of the limited time available to hear witnesses, oral
testimony at this hearing will be from invited witnesses only. However,
any individual or organization not scheduled for an oral appearance may
submit a written statement for consideration by the Subcommittee and
for inclusion in the printed record of the hearing.
BACKGROUND:
The SSN was created in 1936 for the sole purpose of tracking
workers' Social Security earnings records. Today, SSN use has expanded
well beyond its original purpose. According to the Social Security
Administration (SSA), the SSN is the single-most widely used record
identifier in the public and private sectors. Federal law requires the
use of SSNs for administration of income taxes, the Food Stamp,
Medicaid, and other Federal programs. In the private sector, SSNs are
commonly used for record-keeping and data exchange systems, and often
businesses require individuals to disclose their SSN as a condition for
doing business.
Many believe widespread use of the SSN benefits the public by
improving access to financial and credit services in a timely manner,
reducing administrative costs, and improving record keeping so
consumers can be contacted and identified accurately. Others argue the
pervasive use of SSNs makes them a primary target for fraud and misuse.
Most recently, the events of September 11 have shed new light on the
severe consequences of failure to protect the integrity of SSNs, as the
ensuing investigations have exposed the methods used by the terrorists
who assumed false identities to carry out their activities.
In addition to being a gateway to terrorist acts, identity theft
causes misery and frustration in the daily lives of tens of thousands
of Americans. Identity theft is the number one consumer complaint
received by the Federal Trade Commission, amounting to 42 percent of
complaints received in 2001. In a recent report, the U. S. General
Accounting Office found that identity theft appears to be growing
(Identity Theft--Prevalence and Cost Appear to Be Growing: GAO-02-363).
Report findings include: (1) the SSA Office of Inspector General has
reported a substantial increase in call-ins of identity theft-related
allegations to its Fraud Hotline, where allegations involving SSN
misuse (81 percent of which relate directly to identity theft) have
increased more than fivefold (11,000 to 65,000) in the 4 years ending
September 2001; (2) seven-year fraud alerts (warnings to credit
grantors to conduct additional identity verification before granting
credit) have increased substantially (36 percent and 53 percent
respectively) in the last 3 years, according to two consumer reporting
agencies; and, (3) in its 2000 annual report, the Postal Service
indicated that investigations of identity theft crime increased by 67
percent since the previous year.
To increase the privacy of SSNs and better protect the American
public from being victimized, Chairman Shaw, along with several Members
of the Committee on Ways and Means, introduced bipartisan legislation,
H.R. 2036, the ``Social Security Number Privacy and Identity Theft
Prevention Act of 2001.'' This legislation prohibits the sale and
display of SSNs by Federal, State, and local governments, prohibits the
sale of SSNs by the private sector, deters businesses from denying
services when someone refuses to provide the SSN, and increases fines
and penalties for SSN misuse.
In announcing the hearing, Chairman Shaw stated: ``Although never
created to be a personal identifier, the use of SSNs is now pervasive
throughout our automated society. As highlighted by the September 11
attacks, these numbers are far too easily used by criminals or
terrorists to steal identities and obtain false documents. The ravages
of SSN misuse are experienced by each and every victim of identity
theft and now by our Nation through their role in facilitating terror.
We must act to take whatever steps we can to protect the privacy of
each and every Americans' SSNs. It's the right thing to do and a
necessary step in our Nation's response to terrorism.''
FOCUS OF THE HEARING:
The hearing will focus on what victims experience when their
identities are stolen, the challenges law enforcement faces as they
pursue identity thieves, the use of SSNs by government agencies at the
Federal, State, and local levels, practices used to safeguard privacy,
and the impact of legislative proposals aimed at combating SSN misuse
and protecting privacy.
DETAILS FOR SUBMISSIONS OF WRITTEN COMMENTS:
Please Note: Due to the change in House mail policy, any person or
organization wishing to submit a written statement for the printed
record of the hearing should send it electronically to
[email protected], along with a fax copy to
(202) 225-2610, by the close of business, Monday, May 13, 2002. Those
filing written statements who wish to have their statements distributed
to the press and interested public at the hearing should deliver 200
copies to the West Palm Beach District Office of Congressman E. Clay
Shaw, Jr., 222 Lakeview Avenue, Suite 162, West Palm Beach, Florida
33401, by the close of business, Friday, April 26, 2002.
FORMATTING REQUIREMENTS:
Each statement presented for printing to the Committee by a
witness, any written statement or exhibit submitted for the printed
record or any written comments in response to a request for written
comments must conform to the guidelines listed below. Any statement or
exhibit not in compliance with these guidelines will not be printed,
but will be maintained in the Committee files for review and use by the
Committee.
1. Due to the change in House mail policy, all statements and any
accompanying exhibits for printing must be submitted electronically to
[email protected], along with a fax copy to
(202) 225-2610, in Word Perfect or MS Word format and MUST NOT exceed a
total of 10 pages including attachments. Witnesses are advised that the
Committee will rely on electronic submissions for printing the official
hearing record.
2. Copies of whole documents submitted as exhibit material will not
be accepted for printing. Instead, exhibit material should be
referenced and quoted or paraphrased. All exhibit material not meeting
these specifications will be maintained in the Committee files for
review and use by the Committee.
3. Any statements must include a list of all clients, persons, or
organizations on whose behalf the witness appears. A supplemental sheet
must accompany each statement listing the name, company, address,
telephone and fax numbers of each witness.
Note: All Committee advisories and news releases are available on
the World Wide Web at http://waysandmeans.house.gov/.
The Committee seeks to make its facilities accessible to persons
with disabilities. If you are in need of special accommodations, please
call (202) 225-1721 or (202) 226-3411 TTD/TTY in advance of the event
(four business days notice is requested). Questions with regard to
special accommodation needs in general (including availability of
Committee materials in alternative formats) may be directed to the
Committee as noted above.
***NOTICE--CHANGE IN TIME***
ADVISORY
FROM THE
COMMITTEE
ON WAYS
AND
MEANS
SUBCOMMITTEE ON SOCIAL SECURITY
Contact: (202) 225-9263
FOR IMMEDIATE RELEASE
April 25, 2002
No. SS-13-Revised
Change in Time for Subcommittee Field
Hearing on Protecting the Privacy of
Social Security Numbers and
Preventing Identity Theft
Congressman E. Clay Shaw, Jr. (R-FL), Chairman, Subcommittee on
Social Security of the Committee on Ways and Means, today announced
that the Subcommittee field hearing on Protecting the Privacy of Social
Security Numbers and Preventing Identity Theft, scheduled for Monday,
April 29, 2002, at 1:00 p.m., in the Commission Chambers, Lake Worth
City Hall, 7 North Dixie Highway, Lake Worth, Florida, will now be held
at 2:00 p.m.
All other details for the hearing remain the same. (See
Subcommittee Advisory No. SS-13, dated April 22, 2002.)
Chairman SHAW. We will call the hearing to order. This is
about Social Security Numbers (SSNs), and although they were
created solely for the purpose of tracking workers' Social
Security earnings, our culture is hooked on Social Security
Numbers. Even the most trivial transactions require us to hand
over our nine-digit ID before services can be rendered.
I phoned in just this weekend to renew my fishing license,
and they wanted my Social Security Number, the State of
Florida. I said, ``Is it required?'' They said, ``No, but it
would be nice if you give it.'' And I said, ``I don't believe I
will.'' So they took my driver's license number instead.
Our Social Security Number's the key that unlocks the door
to your identity for any unscrupulous individual who gains
access to it. Once the door is unlocked, the criminal or
terrorist has at his fingertips all essential elements needed
to carry out whatever dastardly act they can conceive of.
Worse, we know that some terrorists involved on the September
11 attack illegally obtained Social Security Numbers and used
them to steal identities and obtain false documents, thus
enabling them to live within our borders and plan their heinous
acts. government and private industry must be vigilant to
protect our identities. Safeguards to protect Social Security
Numbers and prevent identity theft must be put in place now.
As a first step, I, along with several of my Committee on
Ways and Means colleagues, including Mark Foley, introduced
bipartisan legislation entitled, the Social Security Number
Privacy and Identity Theft Prevention Act. The bill prohibits
the sale and display of Social Security Numbers by Federal,
State and local governments and restricts the sale and display
of Social Security Numbers by the private sector and deters
business from denying services when someone refuses to provide
their number and increase fines and penalties for Social
Security Number misuse.
Today, we will shine a bright light on the need to quickly
bring comprehensive legislation to the House floor to keep
Social Security Numbers private and protect citizens from
identity theft. The time for action is long overdue.
Field hearings allow us the unique opportunity to get out
of Washington and hear the real-life experience of our
neighbors on the frontlines of these important issues. I
sincerely want to thank the City of Lake Worth for allowing us
to hold this hearing in the Commission Chambers.
[The opening statement of Chairman Shaw follows:]
Opening Statement of the Hon. E. Clay Shaw, Jr., a Representative in
Congress from the State of Florida, and Chairman, Subcommittee on
Social Security
Although created solely for the purpose of tracking workers' Social
Security earnings, our culture is hooked on Social Security numbers.
Even the most trivial transactions require us to hand over our 9-digit
ID before services can be rendered.
Your Social Security number is the key that unlocks the door to
your identity for any unscrupulous individual who gains access to it.
Once the door is unlocked, the criminal or terrorist has at their
fingertips all the essential elements needed to carry out whatever
dastardly act they can conceive.
Worse, we know that some terrorists involved in the September
11th attacks illegally obtained Social Security numbers and
used them to steal identities and obtain false documents, thus enabling
them to live within our borders and plan their heinous crimes.
Government and private industry must be vigilant in protecting
identities. Safeguards to protect Social Security numbers and prevent
identity theft must be put in place now.
As a first step, I, along with several of my Ways and Means
colleagues introduced bipartisan legislation, the Social Security
Number Privacy and Identity Theft Prevention Act. This bill prohibits
the sale and display of Social Security numbers by Federal, State and
local governments, restricts the sale and display of Social Security
numbers by the private sector, deters businesses from denying services
when someone refuses to provide their number, and increases fines and
penalties for Social Security number misuse.
Today we will shine a bright light on the need to quickly bring
comprehensive legislation to the House floor to keep Social Security
numbers private and protect citizens from identity theft. The time for
action is long overdue.
Field hearings allow us the unique opportunity to get out of
Washington and hear the real life experiences of our neighbors on the
front lines of this important issue. I sincerely thank the City of Lake
Forth for allowing us to hold this hearing in the Commission Chambers.
Today, we welcome a neighbor and a former neighbor, Ms. Tropepe and
Mr. Ross, who will share their personal stories about the theft of
their identities. In addition, Barbara Bovberg of the General
Accounting office will discuss government use of Social Security
numbers.
We will also hear about the many challenges faced by the law
enforcement community as they hunt down identity thieves. We welcome
Cece Dykas of the Office of the Attorney General; Lee Cohen of the
State Attorney's Office, the Sheriff of Palm Beach County, Sheriff Ed
Bieluch; and Roland Maye of the Social Security Administration's Office
of Inspector General.
Welcome to all.
Chairman SHAW. Mark, I believe your political life started
right here in this building.
Mr. FOLEY. In this very seat.
Chairman SHAW. Oh. Today we welcome a neighbor and former
neighbor, Mrs. Tropepe and Mr. Ross, who will share their
personal stories about the theft of their identities. In
addition, Barbara Bovbjerg of the U.S. General Accounting
Office will discuss government use of Social Security Numbers.
We will also hear about the many challenges faced by law
enforcement as they hunt down identity theft. We want to
welcome representatives from the Office of the Attorney
General, the State's Attorney's Office, we have the Sheriff of
Palm Beach County, and we have also Mr. Maye of the Social
Security Administration (SSA), Office of the Inspector General
(OIG). I want to welcome all of you, and I will, at this time,
yield to Mr. Foley for any comments that he might have.
Mr. FOLEY. Thank you very much, Clay. And, first, let me
thank everybody. It is a delight and honor to be back in this
seat, in this city, in the first political office I ever held,
and I think longingly of those days when life was easy and we
didn't have the problems we have today.
I am particularly pleased to see the number of panelists
here. And, Lisa, specifically, thank you for joining us. You
mentioned to me a few weeks ago the problems you had, and it
was interesting because I had relayed a similar problem that I
had where somebody took my Social Security Number and applied
for credit. I got the first notice from Target Collection
Agency that I had somehow charged $780 worth of goods and
services. We got a copy of the application for credit. It
showed my Social Security Number, said the person worked for
the government. The only thing different was they used an
address, Powerline Boulevard in Pompano Beach, Florida. So
everything else they had on me. Target extended credit. That
person walked away with $700-plus merchandise. I spent
countless hours trying to reconcile this issue. It was
horrific, and I felt if I had to go through so much trouble,
imagine someone who may not have a phone that is able to reach
during the day, who may not have the tenacity, who may be a
single mother having to deal with kids and family all day long
and then hustle up to try and see if they can get these
collection agencies off their phones and off their backs. I
felt violated. I couldn't believe it could occur, but as
Congressman Shaw suggested, it is happening far too frequently.
I want to thank my colleague, because he had the bill long
before I came involved with this, but when I heard the subject
matter of the bill, I told him of my own experience and
enthusiastically wanted to jump on board to see whatever we
could do to eliminate this kind of problem, because it is, it
is a sad commentary, it is a tragedy when you have to go
through it, and so I joined together with my colleague
hopefully getting something done on this issue. And thank you,
Clay, for coming to Lake Worth--your district, my old hometown.
Chairman SHAW. Thank you, Mark. Our first panel--we will
have two panels today. The first panel, Lisa Tropepe, who is
the Partner at Shalloway, Foy, Rayman & Newell, Incorporated,
West Palm Beach, Florida; accompanied by Tim Morell, attorney,
West Palm Beach, Florida; Anthony Ross, who is a Federal Law
Enforcement Officer, United States Marshals Service in
Brunswick, Georgia; Cece Dykas, who is the Assistant Deputy
Attorney General, Florida Office of the Attorney General, Palm
Beach County; and Barbara Bovbjerg who is the Director of
Education, Work force and Income Security Issues, the U.S.
General Accounting Office from Washington. She often appears
before us in Washington. And Kay Brown, Assistant Director of
Education, Work force and Income Security Issues, the U.S.
General Accounting Office, also in Washington.
From each one of you we have, I believe for all, if not
most of you, your written statements which will be made a part
of the record. You may proceed as you see fit.
Lisa?
STATEMENT OF LISA A. TROPEPE, PARTNER, SHALLOWAY, FOY, RAYMAN &
NEWELL, INC., WEST PALM BEACH, FLORIDA, ACCOMPANIED BY TIM
MORELL, ATTORNEY
Ms. TROPEPE. Thank you. For the record, I just wanted to
let you know that Tim Morell is my attorney. My firm and I had
to hire him when this was happening to me, and he is here on my
behalf.
Dear Committee Members, good afternoon. My name is Lisa A.
Tropepe, and I have been a victim of identity theft. I am
beginning my testimony with a copy of a May 7, 1999, letter to
Judge Oftedahl articulating the seriousness of the crimes
against me and the importance of penalizing the imposter for
all the crimes committed. The letter is dated May 7, 1999. It
is in reference to the State of Florida v. Terkesha L. Lane.
``Dear Judge Oftedahl, Assistant State Attorney Chris Jette
called to let me know that Terkesha L. Lane is scheduled for
arraignment today. The crime against me was that the defendant,
while working as a temporary receptionist at my office stole
personal information about me and assumed my identity. She
cleaned out my personal bank account and opened several credit
card accounts where she charged up to thousands of dollars of
merchandise.
Although I was initially advised by intake officer Brian
Brennan, Esq., that the defendant would be charged with
multiple counts of grand theft and counts relating to the
fraudulent assumption of my identity, I am now advised that
only one charge of theft has been made. My employers and I are
concerned that the courts may not be well advised as to the
personal seriousness and public danger this crime represents.
With those thoughts in mind, I feel compelled to write this
letter in the hope of informing you of the impact of the crime
of identity theft that was perpetrated upon me and, indirectly
upon my firm by Ms. Lane.
This person stole approximately $20,000 from credit
grantors and my personal bank account using my name. She
applied and received a valid driver's license with her picture
and my name, address, and so forth., on the license. She
subsequently applied for credit cards, received temporary
credit limits, and spent accordingly. She also entered my bank
several times and withdrew $13,900 from my personal bank
account. Now I am spending hundreds of frustrating hours
dealing by phone and letters with collection companies, banks,
credit reporting agencies, governmental agencies, (Division of
Highway Safety and Motor Vehicles, Postal authorities, Social
Security, etc.) and various other companies to convince them of
the fraud, and to clean up the disaster affecting my credit and
other aspects of my finances.
The out-of-pocket costs are substantial. However, far more
devastating is learning that someone has invaded every aspect
of my life and taken my identity. My credit is ruined, my good
reputation is stolen and tarnished, my career and livelihood
has been impaired, and I am subjected to possible further
invasion in the future.
I will briefly outline several aspects of this nightmare.
My office and I have spent over 100 hours calling, filling
out documentation, writing letters return receipt requested to
banks, credit reporting agencies, governmental agencies,
companies, utilities, credit grantors, etc., to inform them of
the fraud in an attempt to prove my own innocence. The burden
is on the victim to prove fraud since there is great suspicion
by the credit grantors. In fact, since I put fraud alerts and
new passwords on all my accounts, I have experienced extensive
questioning and delays in dealing with the various banks and
agencies. I am told by the Privacy Rights Clearinghouse and the
Federal Trade Commission that my problems may go on for several
years.
This has been a very frightening and invasive nightmare. I
have had great difficulty sleeping and have woken in cold
sweats worrying about what else I will find out. The
impersonator was a temporary employee at my office. She was our
temporary receptionist in charge of outgoing mail and phone
messages. When I realized someone had taken my identity and was
applying for credit cards in my name, I shared my problem with
her. She subsequently hugged me and said everything will be
okay. She never wavered in her demeanor. I truly believed that
she was concerned. I was shocked to see her caught on tape
withdrawing money from my bank account.
I have had nightmares seeing the defendant invading my home
and hurting me physically. She lives in Riviera Beach, and I
live in Palm Beach Shores (Singer Island), which is only 5
minutes away. She knows where I live.
Stealing my identity has made me feel very vulnerable and
violated. It has been stressful and literally made me ill. I do
not like to think of myself as a victim. I am a professional
engineer and am responsible for multi-million dollar projects,
handling many complex problems related to the health, safety
and welfare of the public. Because of this, I thought at first
that I could handle this stress without any help. However, I
found it so overwhelming that I had to hire an attorney and am
in the process of scheduling a meeting with a therapist.
I respectfully request that Your Honor consider the serious
nature of these crimes.
I believe this defendant and other wrongdoers who might see
this as an easy crime to commit with potentially big money to
steal and no real punishment to face, learn that society will
not tolerate this type of insidious crime. For that reason, I
strongly urge that she experience jail time, not just a couple
of months on probation.
I am concerned about of what she will do to me in the
future. I trust you take this crime seriously. In that
connection, I am also concerned that the charges being brought
against this wrongdoer don't include charges for credit card
theft and fraud under Florida Statute 817.
Thank you for your consideration. Sincerely, Lisa A.
Tropepe.''
It has been almost exactly 3 years since I sent the above
May 7, 1999, letter to Judge Oftedahl. In 3 years, the
following has occurred. One, Turkesha L. Lane never served a
day in prison. Turkesha L. Lane still has my Social Security
Number, my home address and workplace. If she has not moved,
Turkesha L. Lane still lives 5 minutes away from my home. Two,
my credit record will never be the same. Perpetual fraud alerts
and annual credit bureau inquiries have been, and will be, a
part of my life for the rest of my life. Three, a reoccurrence
is always in the back of my mind. After 3 years, I still
shutter at the thought of someone impersonating me. My
summation of this incident can only be described in two words:
electronic rape.
A part of me wants to thank you for giving me this
opportunity to share my experience with all of you. However, a
part of me is fearful that my testimony may call attention to
other criminals regarding my vulnerability to be impersonated
again. As lawmakers, I trust that you will provide the
necessary laws needed to stop this awful crime.
[The prepared statement of Ms. Tropepe follows:]
Statement of Lisa A. Tropepe, Partner, Shalloway, Foy, Rayman & Newell
Inc., West Palm Beach, Florida
Dear Committee Members:
Good Afternoon, my name is Lisa A. Tropepe and I have been a victim
of identity theft. I am beginning my testimony with a copy of a May 7,
1999 letter to Judge Oftedahl articulating the seriousness of the
crimes against me and the importance of penalizing the imposter for all
the crimes committed.
______
May 7, 1999
The Honorable Richard L. Oftedahl,
Room 11.2213, Division X
Palm Beach County Courthouse,
205 N. Dixie Highway,
West Palm Beach, FL 33401
IN RE: State of Florida v. Terkesha L. Lane; PBSO #99-053521; Assigned
to Assistant State Attorney Chris Jette, Division X; Arrainment
date 5/7/99
Hand Delivered
Dear Judge Oftedahl:
Assistant State Attorney Chris Jette called to let me know that
Terkesha L. Lane is scheduled for arraignment today. The crime against
me was that the defendant while working as a temporary receptionist at
my office stole personal information about me and assumed my identity.
She cleaned out my personal bank account and opened several credit card
accounts where she charged up thousands of dollars of merchandise.
Although I was initially advised by intake officer Brian Brennan,
Esq., that the defendant would be charged with multiple counts of grand
theft and counts relating to the fraudulent assumption of my identity,
I am now advised that only one charge of theft has been made. My
employers and I are concerned that the courts may not be well advised
as to the personal seriousness and public danger this crime represents.
With those thoughts in mind, I feel compelled to write this letter
in the hope of informing you of the impact of the crime of identity
theft that was perpetrated upon me and, indirectly upon my firm, by Ms.
Lane.
This person stole approximately $20,000.00 from credit grantors and
my personal bank account using my name. She applied and received a
valid driver's license with her picture and my name, address, etc., on
the license. She subsequently applied for credit cards, received
temporary credit limits, and spent accordingly. She also entered my
bank several times and withdrew $13,900.00 from my personal bank
account. Now I am spending hundreds of frustrating hours dealing by
phone and letters with collection companies, banks, credit reporting
agencies, governmental agencies, (Division of Highway Safety and Motor
Vehicles, Postal authorities, Social Security, etc.) and various other
companies to convince them of the fraud, and to clean up the disaster
affecting my credit and other aspects of my finances.
The out-of-pocket costs are substantial. However, far more
devastating is learning that someone has invaded every aspect of my
life and taken my identity. My credit is ruined, my good reputation is
stolen and tarnished, my career and livelihood has been impaired, and I
am subjected to possible further invasion in the future.
I will briefly outline several aspects of this nightmare:
My office and I have spent over 100 hours calling, filling out
documentation, writing letters return receipt requested to banks,
credit reporting agencies, governmental agencies, companies, utilities,
credit grantors, etc. to inform them of the fraud in an attempt to
prove my own innocence. The burden is on the victim to prove fraud
since there is great suspicion by the credit grantors. In fact, since I
put fraud alerts and new passwords on all my accounts, I have
experienced extensive questioning and delays in dealing with the
various banks and agencies. I am told by the Privacy Rights
Clearinghouse and the Federal Trade Commission that my problems may go
on for several years. See articles attached--including an article from
Wednesday's Sun Sentinel which reports a nearly identical case.
This has been a very frightening and invasive nightmare. I have had
great difficulty sleeping and have awoken in cold sweats worrying about
what else I will find out. The impersonator was a temporary employee at
my office. She was our temporary receptionist in charge of outgoing
mail and phone messages. When I realized someone had taken my identity
and was applying for credit cards in my name, I shared my problem with
her. She subsequently hugged me and said everything will be okay. She
never waivered in her demeanor. I truly believed that she was
concerned. I was shocked to see her caught on tape withdrawing money
from my account.
I have had nightmares seeing the defendant invading my home and
hurting me physically. She lives in Riviera Beach and I live in Palm
Beach Shores (Singer Island), which is only five minutes away. She
knows where I live.
Stealing my identity has made me feel very vulnerable and violated.
It has been stressful and literally made me ill. I do not like to think
of myself as a victim. I am a professional engineer and am responsible
for multi-million dollar projects, handling many complex problems
related to the health, safety and welfare of the public. Because of
this, I thought at first that I could handle this stress without any
help. However, I found it so overwhelming that I had to hire an
attorney and am in the process of scheduling a meeting with a
therapist.
I respectfully request that Your Honor consider the serious nature
of these crimes.
I believe this defendant and other wrongdoers who might see this as
an easy crime to commit with potentially big money to steal and no real
punishment to face, learn that society will not tolerate this type of
insidious crime. For that reason, I strongly urge that she experience
jail time, not just a couple months on probation.
I am concerned about of what she will do to me in the future. I
trust you take this crime seriously. In that connection, I am also
concerned that the charges being brought against this wrongdoer don't
include charges for credit card theft and fraud under Florida Statute
817.
Thank you for your consideration.
Sincerely,
Lisa A. Tropepe
______
It has been almost exactly three years since I sent the above May
7, 1999 letter to Judge Oftedahl. In the three years the following has
occurred:
1. Terkesha L. Lane never served a day in prison. Terkesha L. Lane
still has my social security number, my home address and workplace. If
she has not moved, Terkesha L. Lane still lives five minutes away from
my home.
2. My credit record will never be the same. Perpetual fraud alerts
and annual Credit Bureau inquiries have been and will be a part of my
life for the rest of my life.
3. A reoccurrence is always in the back of my mind. After 3 years I
still shutter at the thought of someone impersonating me. My summation
of this incident can only be described in two words--``Electronic
Rape''.
A part of me wants to thank you for giving me this opportunity to
share my experience with all of you. However, a part of me is fearful
that my testimonial may call attention to other criminals regarding my
vulnerability to be impersonated again. As lawmakers, I trust that you
will provide the necessary laws needed to stop this awful crime.
Chairman SHAW. Thank you for that testimony. I think we are
all vulnerable. Mr. Ross?
STATEMENT OF ANTHONY K. ROSS, FEDERAL LAW ENFORCEMENT OFFICER,
UNITED STATES MARSHALS SERVICE, BRUNSWICK, GEORGIA
Mr. ROSS. Thank you. Good afternoon. My name is Anthony
Ross, and I would like to thank the Honorable Clay Shaw, Social
Security Subcommittee and the Social Security Administration
Office of Inspector General for inviting me to testify to you
today.
The illegal use of another's identity is a serious problem
costing the American taxpayers and businesses billions of
dollars. Additionally, it destroys the credit of a very large
number of citizens daily. I am one of those citizens and also a
Federal Law Enforcement Officer, the United States Marshals
Service.
In April 2000, I became aware that I was a victim of
identity theft when contacted by my banking institution. In a
few days time, a person had assumed a false Florida driver's
license with my name and information, cashed five checks for
$995 each. I went through a few weeks of closing accounts and
then finding that my accounts were now frozen and the moneys
transferred back to the original accounts. This occurred
several times during approximately a 2-week period. Eventually,
it was resolved when out of frustration I closed all the
accounts and began banking with another institution.
Shortly thereafter, I was going to purchase a home
subsequent to relocating from Florida to Georgia. The mortgage
institution ran a credit check and inquired I had opened more
than 25 revolving credit accounts in approximately a month's
time. SunTrust was very professional, and they were quick in
determining that I was not the cause of these accounts, and the
purchase of my home went through without difficulty.
However, from that point on it has been a nightmare and
that is because my identity was illegally used to obtain in
excess of $50,000 worth of credit charges. I have contacted
credit bureaus and established flags for being a victim of
identity theft. I have contacted numerous credit card
companies, spending extended lengths of time just trying to get
through the computerized phone systems, and then to a living
person and then transferred again to reach a person in the
Fraud Investigations Department. I have struggled with trying
to read or more likely decipher credit reports; they are not
user-friendly.
I have contacted numerous creditors and filled out endless
forms, filed affidavits, provided copies of driver's license,
Social Security card to try to prove my innocence. That is
right, the victim has to prove he is innocent. In many cases, I
have received letters indicating that I have been cleared and
credit bureaus that have been notified. However, and this is
after looking up my most recent credit reports, the credit
bureaus have not properly disclosed that information on my
credit report.
In June 2000, I received a Notice of Court appearance to
answer for charges regarding failure to redeliver a hired
vehicle. Again, my identity information was misused, and now I
face the possibility of being arrested. At the least, I was
now, as a Law Enforcement Officer, on the wrong end of the
judicial system. Again, I had to prove my innocence by
providing photographs and fingerprint cards. Metro-Dade Police
Identity Unit was very professional and prompt in assisting me
with clearing up this situation, as well as the State
Attorney's Office.
During this ordeal, I attempted to get assistance through
several law enforcement agencies. I would call and get
transferred, received voice mail, and then when I did speak to
a detective I was generally given very little positive
indication that anything would be done other than establish a
crime report. Some law enforcement indicated they were very
overwhelmed with identity theft activity, and I was part of a
long list.
Due to the abundance of identity theft and limited law
enforcement resources, proper attention to my case was
initially very poor. And that was until I contacted Special
Agent Ray Llorca of the Social Security Administration. Special
Agent Llorca promptly scheduled a meeting with me and obtained
information and statements from me, and he was permitted to
open an investigation. As a result, I testified in a State
grand jury in July 2001. I was informed that six people were
indicted in this scheme regarding identity theft and credit
card/banking fraud.
As recently as March 2002, a collection agency provided me
an offer to settle an account with a balance of over $4,000,
and this was for a substantially reduced amount. They were
actually going to let me make two payments for about, oh,
$1,200 and change each. What a deal, okay? This was in regards
to an account that was illegally opened using my identity. A
recent credit report indicates that I have 38 serious
delinquency in public record or collections filed, none of
which are truly my responsibility, but I must deal with them
until they are cleared.
The point I am trying to make is that even after crime, the
investigation and to some extent the judicial proceedings, we,
as victims of identity theft, are still trying to clear our
names and restore our credit. Thank you.
[The prepared statement of Mr. Ross follows:]
Statement of Anthony Ross, Federal Law Enforcement Officer, United
States Marshals Service, Brunswick, Georgia
Good Afternoon, my name is Anthony Ross.
I would like to thank the Honorable Clay Shaw, Social Security
Subcommittee and the Social Security Administration Office of Inspector
General for inviting me to testify to you today.
The illegal use of another's identity is a serious problem costing
American taxpayers and businesses billions of dollars. Additionally, it
destroys the credit of very large number of citizens daily. I am one of
those citizens and also a Federal Law Enforcement Officer with the
United States Marshals Service.
In April of 2000 I became aware that I was a victim of identity
theft when contacted by my banking institution. In a few days time a
person assumed a false Florida Drivers License and cashed five checks
for $995.00 each. I went through a few weeks of closing accounts and
then finding that my accounts were frozen and monies transferred back
to the original accounts. This occurred several times in that time
period. Eventually it was resolved when out of frustration, I closed
all accounts and began business with another banking institution.
Shortly thereafter, I was going to purchase a home subsequent to
relocating from Florida to Georgia. The mortgage institution ran a
credit check and inquired if I had opened more than 25 revolving credit
accounts in approximately a month's time. Sun Trust was very
professional and quick in determining that I was not the cause of these
credit problems. The purchase of the home went through without
difficulty.
However, from that point on it has been a nightmare. That's because
my identity was illegally used to obtain in excess of $50,000.00 worth
of credit charges. I have contacted credit bureaus and established
flags for being a victim of identity theft. I have contacted numerous
credit card companies spending extended lengths of time just trying to
get through the computerized phone systems and then to a living person
and then transferred again to reach a person in a fraud investigations
department. I have struggled with trying to read or more likely
decipher credit reports. They are not consumer friendly. I have
contacted numerous creditors and have filled out endless forms, filed
affidavits, provided copies of Drivers License and Social Security card
to try to prove my innocence. That's right, the victim has to prove he
is innocent. In many cases, I received letters indicating that I have
been cleared and credit bureaus notified. However, In some cases that
has not been properly disclosed on my credit report.
In June of 2000 I received a Notice of Court appearance to answer
for charges regarding Failure to Redeliver a Hired Vehicle. Again, my
identity information was misused and now I faced the possibility of
being arrested. At the least, I was now seen as a law enforcement
officer on the wrong end of the judicial system. Again, I had to prove
my innocence by providing photos and fingerprint cards. Metro-Dade
Police Identity Unit was very professional and prompt in assisting with
clearing up this situation as well as the State Attorney's Office.
During this ordeal, I attempted to get assistance through several
law enforcement agencies. I would call and get transferred and receive
voice mail. When I did speak to a Detective, I was given very little
positive indication that anything would be done other than establishing
a crime report. Some law enforcement indicated they were overwhelmed
with identity theft activity and I was part of a long list. Due to the
abundance of identity theft, and limited law enforcement resources,
proper attention to my case was initially very poor. That was until I
contacted Special Agent Ray Llorca of the Social Security
Administration, Office of Inspector General. S/A Llorca promptly
scheduled a meeting with me and obtained information and statements and
was permitted to open an investigation. As a result, I testified in a
State Grand Jury in July 2001 and I was informed that six people were
indicted in this scheme regarding identity theft and credit card/
banking fraud.
As recently as March 2002, a collection agency provided me an offer
to settle an account with a balance of over $4000.00 for a
substantially reduced amount. What a deal! This was in regards to an
account that was illegally opened using my identity. A recent credit
report indicates that I have 38 serious delinquency and public record
or collections filed. None of which are truly my responsibilities, but
I must deal with them until they are cleared.
The point I am trying to make is that even after crime, the
investigation, and to some extent, the judicial proceedings, we as
victims of identity theft are still trying to clear our names and
restore our credit.
Thank you.
Chairman SHAW. Mr. Dykas?
STATEMENT OF CECE DYKAS, ASSISTANT DEPUTY ATTORNEY GENERAL,
FLORIDA OFFICE OF THE ATTORNEY GENERAL, PALM BEACH COUNTY
OFFICE, FT. LAUDERDALE, FLORIDA
Mr. DYKAS. Good afternoon, Chairman, Congressman Foley. My
name is Cece Dykas. I am the Assistant Deputy Attorney General
for south Florida. Unfortunately, Florida finds itself on the
forefront of identity theft issues, but hopefully we will also
be on the forefront, along with the Federal Government, in
trying to help stop these. In 1999, the Governor requested a
Privacy and Technology Task Force. As a result of that task
force and the testimony that was generated from that, a State
grand jury was empanelled to deal with the variety of issues,
including identity theft, along with the theft of driver's
licenses.
The grand jury that was empanelled recently released their
report in January 10, 2002. To date, there have been at least
56 defendants who have been charged with over 470 counts. There
is a projected loss for the year 2005 that there will be a
theft of $8 billion. They estimate that the average loss per
person in an identity theft scheme is $17,000, as the other
panelists, just through their own experience, have indicated.
The average length of time between a theft occurring and a
victim finding out that their identity has been stolen is
generally 12.7 months. The average victim spends up to at least
3 months and over $800 of their money to try and clear their
name.
Your Social Security, as the Chairman indicated when he was
getting his fishing license, is on virtually everything. It is
doctors' offices, video rentals, school applications. As a
result of that, the Florida legislature, in the past several
years, have passed Statutory section 817.568, Subsection 8. It
allows for the prosecution of identity theft based on the
residency of the victim. In many ways, part of the problem in
prosecuting identity theft was to be able to determine where
the crime had occurred. That statute now allows for the place
of resident of the victim to determine jurisdiction.
One of the recommendations or several of the
recommendations of the task force were that they be established
a nationally recognized identity theft prosecution unit within
the Office of statewide Prosecution, that there be a devotion
of resources for the training of Florida prosecutors and law
enforcement officers on issues related to the investigation and
prosecution of identity theft, that the legislation
appropriation of funds to study and report on design methods
and procedures to make the Florida drivers' licenses and
identification card more resistant to tampering and
counterfeiting. There is also a request for a formation for a
multi-disciplined focus group to study security features of the
Florida driver's license and identification card to make it one
of the most secure driver's licenses and ID cards in the
country.
This past session, or should I say current session, that is
going on in Tallahassee, has several bills before it dealing
specifically with the issue of identity theft. Senate bill 140
criminalizes the use of any public record to commit a further
crime. House bill 1673 makes Social Security Numbers in the
hands of State agencies exempt from disclosure under chapter
119. House bill 1675 exempts bank account numbers or credit
card charge or debit account numbers in the hands of State
agencies from disclosure under chapter 119.
House bill 1679 sets up a study commission on how the State
treats personal ID information in public hands, whether
excessive or unnecessary information is collected. The impact
of advanced technologies on full access to public records,
whether to treat the public access to physical documents
differently than public access to electronic documents and
other issues that underline the balance between the two. Senate
bill 1020, and the bill makes a non-criminal violation for
merchants who accept payment by electronic payment cards to
leave more than the last five digits of the customer's account
number showing on any receipt.
And, finally, Senate bill 520, which provides an
infrastructure and raises the standards for issuance of
driver's license. It provides that a breeder document, those
used to prove the identify of the applicant, be preserved by
the Department, makes reciprocity and accepting out-of-State
driver's licenses contingent on the other State having adopted
standards as stringent as Florida's and provides that any
driver's licenses used to a foreign national will not be valid
for longer than a 2-year period of time.
Presently, those bills are before the legislature and have
bipartisan support, so hopefully those will be passed this
session. Thank you very much.
[The prepared statement of Mr. Dykas follows:]
Statement of Cece Dykas, Assistant Deputy Attorney General, Florida
Office of the Attorney General, Palm Beach County Office, Ft.
Lauderdale, Florida
[GRAPHIC] [TIFF OMITTED] T0224A.001
------
[GRAPHIC] [TIFF OMITTED] T0224B.002
------
[GRAPHIC] [TIFF OMITTED] T0224C.003
------
[GRAPHIC] [TIFF OMITTED] T0224D.004
------
[GRAPHIC] [TIFF OMITTED] T0224E.005
------
[GRAPHIC] [TIFF OMITTED] T0224F.006
------
[GRAPHIC] [TIFF OMITTED] T0224G.007
------
[GRAPHIC] [TIFF OMITTED] T0224H.008
------
[GRAPHIC] [TIFF OMITTED] T0224I.009
------
[GRAPHIC] [TIFF OMITTED] T0224J.010
------
[GRAPHIC] [TIFF OMITTED] T0224K.011
------
[GRAPHIC] [TIFF OMITTED] T0224L.012
------
[GRAPHIC] [TIFF OMITTED] T0224M.013
------
[GRAPHIC] [TIFF OMITTED] T0224N.014
------
[GRAPHIC] [TIFF OMITTED] T0224O.015
------
[GRAPHIC] [TIFF OMITTED] T0224P.016
------
[GRAPHIC] [TIFF OMITTED] T0224Q.017
------
[GRAPHIC] [TIFF OMITTED] T0224R.018
------
[GRAPHIC] [TIFF OMITTED] T0224S.019
------
[GRAPHIC] [TIFF OMITTED] T0224T.020
------
[GRAPHIC] [TIFF OMITTED] T0224U.021
------
[GRAPHIC] [TIFF OMITTED] T0224V.022
------
[GRAPHIC] [TIFF OMITTED] T0224W.023
------
[GRAPHIC] [TIFF OMITTED] T0224X.024
------
[GRAPHIC] [TIFF OMITTED] T0224Y.025
------
[GRAPHIC] [TIFF OMITTED] T0224Z.026
Chairman SHAW. Thank you. Ms. Bovbjerg?
STATEMENT OF BARBARA D. BOVBJERG, DIRECTOR, EDUCATION,
WORKFORCE, AND INCOME SECURITY ISSUES, U.S. GENERAL ACCOUNTING
OFFICE, ACCOMPANIED BY KAY BROWN, ASSISTANT DIRECTOR
Ms. BOVBJERG. Thank you. Mr. Chairman, Mr. Foley, thank you
very much for inviting me once again before the Subcommittee,
and I am especially appreciative that you have chosen to meet
in the beautiful Sunshine State. It is very nice to get away
from Washington.
You have heard people talking about identity theft and the
role of the Social Security Number in particular. And you have
invited me today to discuss specifically government uses and
protections of Social Security Numbers and the results of our
ongoing work. I would like to focus first on uses and
protections in the course of providing government benefits and
services and then, second, on uses and protections in public
records.
My testimony is based on surveys and site visits we
conducted at Federal, State, and county government agencies in
the past year. We are conducting this work at your request, Mr.
Chairman, and we plan to issue our report next month.
Let me speak first about government uses in benefit and
service provision. Federal, State and county agencies rely
extensively on the Social Security Number, because SSNs provide
a quick and efficient means of managing records and maintaining
program integrity. The numbers are particularly useful when
agencies share information with others to verify benefit
eligibility or to collect outstanding debt. Most of this data
sharing occurs between government agencies, but a significant
percentage of agencies we surveyed told us they also share with
other entities, such as contractors, credit bureaus, and
insurance companies. governments also use SSNs in their role as
employers for wage reporting and benefit administration.
Although government agencies told us of various steps they
take to safeguard the SSNs they use for these purposes, we
found that certain key protections are not uniformly in place
at any level of government. For example, when requesting SSNs,
government agencies told us that they are not consistently
providing individuals with key information mandated by Federal
law. The Privacy Act requires that any Federal, State or local
government agencies tell individuals who are asked to provide
their SSNs whether the compliance is voluntary or mandatory and
how the SSN will be used. This notification helps an individual
make an informed decision and represents the first line of
defense against improper use.
We also found that many government agencies occasionally
display SSNs on documents that may be viewed by others who
don't need this information. These documents include things
like payroll and benefit checks, child care vouchers and
official letters to program participants. In addition, some
governments display employees' SSNs on employee badges and
identification cards.
Responses to our surveys also showed potential weaknesses
in information security. We asked agencies about eight
practices commonly used in information security programs.
Although many government agencies reported adopting some of the
practices, none of the eight practices were uniformly adopted
at any level of government.
Let me turn now to the topic of SSNs in public records.
When I say public records, I mean records or documents
routinely made available to the public for inspection, such as
marriage licenses or property transactions. Some Federal
agencies and many of the State and county agencies we surveyed,
including courts at all three levels of government, told us
they maintain public records that contain SSNs. Officials who
maintain these records told us it is their responsibility to
preserve the integrity of the record and to make it publicly
available rather than to protect the privacy of the individual
SSN holder. Nonetheless, we found examples of government
entities trying innovative approaches to protect the SSNs in
such records, including developing new forms that shield SSNs
from public view by maintaining them separately or on the back
of the rest of the record. These changes are most effective
when the government agency prepares the documents itself, but
they don't protect information on documents prepared and
submitted by someone else nor do they limit the availability of
SSNs on records filed prior to the change in form.
As a practical matter, as long as access to public records
remains an in-person process, access will be somewhat limited.
Where those wishing to view public records must visit a
physical location and request information on a case-by-case
basis, there is a measure of protection against widespread
collection of personal information, like the SSN. However,
several officials told us that thanks to the growth of
electronic recordkeeping, they were considering making such
records available on their Web sites. Such actions would create
new opportunities for gathering SSNs from public records on a
broad scale.
In conclusion, governments use SSNs for many beneficial
purposes but they do not always ensure that this personal
information is protected. Although it is unclear whether these
gaps in protection lead directly to identity theft, they
represent a potential for SSN misuse. It will be important for
governments at all levels to consider how best to protect SSNs
and to take appropriate actions to improve the security of this
information. Thank you, Mr. Chairman.
[The prepared statement of Ms. Bovbjerg follows:]
Statement of Barara D. Bovbjerg, Director, Education, Workforce, and
Income Security Issues, U.S. General Accounting Office
Chairman Shaw and members of the Subcommittee:
Thank you for inviting me here today to discuss government use of
Social Security Numbers (SSNs). Although the SSN was originally created
in 1936 as a means to track workers' earnings and eligibility for
Social Security benefits, today the number is used for myriad non-
Social Security purposes in both the private and public sectors.
Consequently, the public is concerned with how their personal SSNs are
being used and protected. Further, the growth in electronic record
keeping and the explosion of the availability of information over the
Internet, combined with the rise in reports of identity theft, have
heightened this concern.
We have previously reported that SSNs play an important role in
public and private sectors' ability to deliver services or conduct
business.1 Today, I will focus on how federal, state, and
local governments use SSNs. Specifically, I will discuss (1) the extent
and nature of government agencies' use of SSNs as they administer
programs to provide benefits and services and the actions government
agencies take to safeguard these SSNs from improper disclosure and (2)
the extent and nature of governments' use of SSNs when they are
contained in public records and the options available to better
safeguard SSNs that are traditionally found in these public
records.2 My testimony is based on our ongoing work
conducted at your request and that of the Subcommittee on Technology,
Terrorism and Government Information, Senate Committee on the
Judiciary. To address these issues, we mailed surveys to programs in 18
federal agencies and those departments that typically use SSNs in all
50 states, the District of Columbia, and the 90 most populous
counties.3 We also conducted site visits and in-depth
interviews at six selected federal programs, three states, and three
counties. We met with officials responsible for programs, agencies, or
departments (hereinafter referred to generically as agencies) and
courts that make frequent use of SSNs. We conducted our work between
February 2001 and March 2002 in accordance with generally accepted
government auditing standards.
---------------------------------------------------------------------------
\1\ U.S. General Accounting Office, Social Security: Government and
Commercial Use of the Social Security Number is Widespread, GAO/HEHS-
99-28 (Washington, D.C.: Feb. 16, 1999).
\2\ We found no commonly accepted definition of public records. For
the purposes of this statement, when we use the term public record, we
are referring to a record or document that is routinely made available
to the public for inspection either by a federal, state, or local
government agency or a court, such as those readily available at a
public reading room, clerk's office, or on the Internet.
\3\ We did not survey state Departments of Motor Vehicles or state
agencies that administer state tax programs, because we have reported
on these activities separately. See U.S. General Accounting Office,
Child Support Enforcement: Most States Collect Drivers' SSNs and Use
Them to Enforce Child Support, GAO-02-239 (Washington, D.C.: Feb. 15,
2002) and Taxpayer Confidentiality: Federal, State, and Local Agencies
Receiving Taxpayer Information, GAO-GGD-99-164 (Washington, D.C.: Aug.
30, 1999).
---------------------------------------------------------------------------
In summary, in delivering services and benefits to the public,
federal, state, and county government agencies use SSNs to manage
records, verify the eligibility of benefit applicants, collect
outstanding debts and conduct research and program evaluation. Using
SSNs for these purposes can save the government and taxpayers hundreds
of millions of dollars each year. As they make use of SSNs for these
purposes, government agencies are taking some steps to safeguard the
numbers. However, agencies are not consistently following federal laws
regarding the collection of personal information, implementing
safeguards to protect SSNs from improper disclosure, or limiting the
display of SSN on documents not intended for the public. Moreover,
courts at all three levels of government and certain offices at the
state and county level maintain records that contain SSNs for the
purpose of making them available to the public. Recognizing that these
SSNs may be misused by others, some government entities have taken
steps to protect the SSNs from public display. For example, some have
modified forms so that they can collect SSNs but keep them in a file
separate from the public portion of the record. Nonetheless, although
public records have traditionally been housed in government offices and
court buildings, to improve customer service some government entities
are considering placing more public records on the Internet. The ease
of access the Internet affords could encourage individuals to engage in
information gathering from public records on a broader scale than
possible previously. In conclusion, we will be reporting in more detail
on these issues at the end of this month and look forward to exploring
additional options to better protect SSNs with you as we complete our
work.
Background
The use of SSNs by government and the private sector has grown over
time, in part because of federal requirements. In addition, the growth
in computerized records has further increased reliance on SSNs. This
growth in use and availability of the SSN is important because SSNs are
often one of the ``identifiers'' of choice among identity thieves.
Although no single federal law regulates the use and disclosure of SSNs
by governments, when federal government agencies use them, several
federal laws limit the use and disclosure of the number.4
Also, state laws may impose restrictions on SSN use and disclosure, and
they vary from state to state. Moreover, some records that contain SSNs
are considered part of the public record and, as such, are routinely
made available to the public for review.
---------------------------------------------------------------------------
\4\ In this review, we do not include criminal provisions that
might apply to the improper use of SSNs.
---------------------------------------------------------------------------
SSN Use Has Grown, in Part Because of Federal Requirements
Since the creation of the SSN, the number of federal agencies and
others that rely on it has grown beyond the original intended purpose.
In 1936, the Social Security Administration (SSA) created a numbering
system designed to provide a unique identifier, the SSN, to each
individual. The agency uses SSNs to track workers' earnings and
eligibility for Social Security benefits, and as of December 1998, SSA
had issued 391 million SSNs. Since the creation of the SSN, other
entities in both the public and private sectors have begun using SSNs,
in part because of federal requirements. The number of federal agencies
and others relying on the SSN as a primary identifier escalated
dramatically, in part, because a number of federal laws were passed
that authorized or required its use for specific activities. (See
appendix I for examples of federal laws that authorize or mandate the
collection and use of SSNs.) In addition, private businesses, such as
financial institutions and health care service providers, also rely on
individuals SSNs. In some cases, they require the SSN to comply with
federal laws but, at other times, they routinely choose to use the SSNs
to conduct business.
In addition, the advent of computerized records further increased
reliance on SSNs. Government entities are beginning to make their
records electronically available over the Internet. Moreover, the
Government Paperwork Elimination Act of 1998 requires that, where
practicable, federal agencies provide by 2003 for the option of the
electronic maintenance, submission, or disclosure of information. State
government agencies have also initiated Web sites to address electronic
government initiatives. Moreover, continuing advances in computer
technology and the ready availability of computerized data have spurred
the growth of new business activities that involve the compilation of
vast amounts of personal information about members of the public,
including SSNs, that businesses sell.
Identity Thieves Often Use SSNs
The overall growth in the use of SSNs is important to individual
SSN holders because these numbers, along with names and birth
certificates, are among the three personal identifiers most often
sought by identity thieves.5 Identity theft is a crime that
can affect all Americans. It occurs when an individual steals another
individual's personal identifying information and uses it fraudulently.
For example, SSNs and other personal information are used to
fraudulently obtain credit cards, open utility accounts, access
existing financial accounts, commit bank fraud, file false tax returns,
and falsely obtain employment and government benefits. SSNs play an
important role in identity theft because they are used as breeder
information to create additional false identification documents, such
as drivers licenses.
---------------------------------------------------------------------------
\5\ United States Sentencing Commission, Identity Theft Final Alert
(Washington, D.C.: Dec. 15, 1999).
---------------------------------------------------------------------------
Recent statistics collected by federal and consumer reporting
agencies indicate that the incidence of identity theft appears to be
growing.6 The Federal Trade Commission (FTC), the agency
responsible for tracking identity theft, reports that complaint calls
from possible victims of identity theft grew from about 445 calls per
week in November 1999, when it began collecting this information, to
about 3,000 calls per week by December 2001. However, FTC noted that
this increase in calls might also, in part, reflect enhanced consumer
awareness. In addition, SSA's Office of the Inspector General, which
operates a fraud hotline, reports that allegations of SSN misuse
increased from about 11,000 in fiscal year 1998 to more than 65,200 in
fiscal year 2001. However, some of the reported increase may be a
result of a growth in the number of staff SSA assigned to field calls
to the Fraud Hotline during this period. SSA staff increased from 11 to
over 50 during this period, which allowed personnel to answer more
calls. Also, officials from two of the three national consumer
reporting agencies report an increase in the number of 7 year fraud
alerts placed on consumer credit files, which they consider to be
reliable indicators of the incidence of identity theft.7
Finally, it is difficult to determine how many individuals are
prosecuted for identity theft because law enforcement entities report
that identity theft is almost always a component of other crimes, such
as bank fraud or credit card fraud, and may be prosecuted under the
statutes covering those crimes.
---------------------------------------------------------------------------
\6\ U.S. General Accounting Office, Identity Theft: Prevalence and
Cost Appear to be Growing, GAO-02-363 (Washington, D.C.: Mar. 1, 2002).
\7\ A fraud alert is a warning that someone may be using the
consumer's personal information to fraudulently obtain credit. When a
fraud alert is placed on a consumer's credit card file, it advises
credit grantors to conduct additional identity verification before
granting credit. The third consumer reporting office offers fraud
alerts that can vary from 2 to 7 years at the discretion of the
individual.
---------------------------------------------------------------------------
Most often, identity thieves use SSNs belonging to real people
rather than making one up; however, on the basis of a review of
identify theft reports, victims usually (75 percent of the time) did
not know where or how the thieves got their personal
information.8 In the 25 percent of the time when the source
was known, the personal information, including SSNs, usually was
obtained illegally. In these cases, identity thieves most often gained
access to this personal information by taking advantage of an existing
relationship with the victim. The next most common means of gaining
access were by stealing information from purses, wallets, or the mail.
In addition, individuals can also obtain SSNs from their workplace and
use them themselves or sell them to others. Finally, SSNs and other
identifying information can be obtained legally through Internet sites
maintained by both the public and private sectors and from records
routinely made available to the public by government entities and
courts. Because the sources of identity theft cannot be more accurately
pinpointed, it is not possible at this time to determine the extent to
which the government's use of SSNs contributes to this problem as
compared to use of SSNs by the private sector.
---------------------------------------------------------------------------
\8\ This information is based on a review of 39 cases involving SSN
theft drawn from the Federal Trade Commission's fiscal year 1998
datafiles.
---------------------------------------------------------------------------
In Some Instances, SSNs Are to Be Protected from Public Disclosure
No single federal law regulates the overall use or restricts the
disclosure of SSNs by governments; however, a number of laws limit SSN
use in specific circumstances. Generally, the federal government's
overall use and disclosure of SSNs are restricted under the Freedom of
Information Act and the Privacy Act. The Freedom of Information Act
presumes federal government records are available upon formal request,
but exempts certain personal information, such as SSNs. The purpose of
the Privacy Act, broadly speaking, is to balance the government's need
to maintain information about individuals with the rights of
individuals to be protected against unwarranted invasions of their
privacy by federal agencies. Also, the Social Security Act Amendments
of 1990 provide some limits on disclosure, and these limits apply to
state and local governments as well. In addition, a number of federal
statutes impose certain restrictions on SSN use and disclosure for
specific programs or activities.9 At the state and county
level, each state may have its own statutes addressing the public's
access to government records and privacy matters; therefore, states may
vary in terms of the restrictions they impose on SSN use and
disclosure.
---------------------------------------------------------------------------
\9\ For example, the Internal Revenue Code, which requires the use
of SSNs for certain purposes, declares tax return information,
including SSNs, to be confidential, limits access to specific
organizations, and prescribes both civil and criminal penalties for
unauthorized disclosure. For more information, see GAO-GGD-99-164.
Also, the Personal Responsibility and Work Opportunity Act of 1996
explicitly restricts the use of SSNs to purposes set out in the Act,
such as locating absentee parents to collect child support payments.
---------------------------------------------------------------------------
In addition, a number of laws provide protection for sensitive
information, such as SSNs, when maintained in computer systems and
other government records. Most recently, the Government Information
Security Reform provisions of the Fiscal Year 2001 Defense
Authorization Act require that federal agencies take specific measures
to safeguard computer systems that may contain SSNs.10 For
example, federal agencies must develop an agency-wide information
security management program. These laws do not apply to state and local
governments; however, in some cases state and local governments have
developed their own statutes or put requirements in place to similarly
safeguard sensitive information, including SSNs, kept in their computer
systems.
---------------------------------------------------------------------------
\10\ These provisions supplement information security requirements
established in the federal Computer Security Act of 1987, the Paperwork
Reduction Act of 1995, the Clinger-Cohen Act of 1996, and Office of
Management and Budget guidance.
---------------------------------------------------------------------------
SSNs Are Found in Some Public Records
In addition to the SSNs used by program agencies to provide
benefits or services, some records that contain SSNs are considered
part of the public record and, as such, are routinely made available to
the public for review. This is particularly true at the state and
county level. Generally, state law governs whether and under what
circumstances these records are made available to the public, and they
vary from state to state. They may be made available for a number of
reasons. These include the presumption that citizens need government
information to assist in oversight and ensure that government is
accountable to the people. Certain records maintained by federal,
state, and county courts are also routinely made available to the
public. In principle, these records are open to aid in preserving the
integrity of the judicial process and to enhance the public trust and
confidence in the judicial process. At the federal level, access to
court documents generally has its grounding in common law and
constitutional principles. In some cases, public access is also
required by statute, as is the case for papers filed in a bankruptcy
proceeding. As with federal courts, requirements regarding access to
state and local court records may have a state common law or
constitutional basis or may be based on state laws.
LSSNs Are Widely Used by Program Agencies at All Levels of Government,
but Could Be Better Protected by Them
When federal, state, and county government agencies administer
programs that deliver services and benefits to the public, they rely
extensively on the SSNs of those receiving the benefits and services.
SSNs provide a quick and efficient means of managing records and are
used to conduct research and program evaluation. In addition, they are
particularly useful when agencies share information with others to
verify the eligibility of benefit applicants or to collect outstanding
debts. Using SSNs for these purposes can save the government and
taxpayers hundreds of millions of dollars each year. As they make this
wide use of SSNs, government agencies are taking some steps to
safeguard the numbers; however, certain key measures that could help
protect SSNs are not uniformly in place at any level of government.
First, when requesting SSNs, government agencies are not consistently
providing individuals with key information mandated by federal law,
such as whether individuals are required to provide their SSNs. Second,
although agencies that use SSNs to provide benefits and services are
taking steps to safeguard them from improper disclosure, our survey
identified potential weaknesses in the security of information systems
at all levels of government. Similarly, sometimes government agencies
display SSNs on documents not intended for the public, and we found
numerous examples of actions taken to limit the presence of SSNs on
documents. However, these changes are not systematic and many
government agencies continue to display SSNs on a variety of documents.
All Levels of Government Use SSNs Extensively for a Wide Range of
Purposes
Most of the agencies we surveyed at all levels of government
reported using SSNs extensively to administer their
programs.11 As shown in table 1, more agencies reported
using SSNs for internal administrative purposes, such as using SSNs to
identify, retrieve, and update their records, than for any other
purpose. SSNs are so widely used for this purpose, in part, because
each number is unique to an individual and does not change, unlike some
other personal identifying information, such as names and addresses.
---------------------------------------------------------------------------
\11\ Of the respondents to our survey, 14 state program departments
and 13 county program departments reported that they do not obtain,
receive, or use the SSN of program participants, service recipients, or
individual members of the public. We did not verify this information.
Table 1: Percentage of Program Agencies Using SSNs for Each Reason
Listed
------------------------------------------------------------------------
Federal State County
Purpose of SSN Use (N=55) a (N=244) (N=197)
Percent Percent Percent
------------------------------------------------------------------------
Internal administrative purposes 82 90 89
------------------------------------------------------------------------
Sharing
------------------------------------------------------------------------
Verify applicants' eligibility; monitor 73 83 82
accuracy of information individuals
provide
------------------------------------------------------------------------
Collect debts individuals owe agency/ 40 34 25
government
------------------------------------------------------------------------
Research and Evaluation
------------------------------------------------------------------------
Conduct internal research or program 53 44 26
evaluation
------------------------------------------------------------------------
Provide data to outside researchers 4 18 7
------------------------------------------------------------------------
a Total number of possible respondents
Source: GAO surveys of federal, state, and county departments and
agencies. Table includes departments and agencies that administer
programs and excludes courts, county clerks and recorders, and state
licensing agencies. It excludes state departments of motor vehicles
and tax administration.
Many agencies also use SSNs to share information with other
entities to bolster the integrity of the programs they administer. For
example, the majority of agencies at all three levels of government
reported sharing information containing SSNs for the purpose of
verifying an applicant's eligibility for services or benefits. Agencies
use applicants' SSNs to match the information they provide with
information in other data bases, such as other federal benefit paying
agencies, state unemployment agencies, the Internal Revenue Service, or
employers. As unique identifiers, SSNs help ensure that the agency is
matching information on the correct person. Also, some agencies at each
level of government reported sharing data containing SSNs to collect
debts owed them. Using SSNs for these purposes can save the government
and taxpayers hundreds of millions of dollars, such as when SSA matched
its data on Supplemental Security Income recipients with state and
local correctional facilities to identify prisoners who were no longer
eligible for benefits.12 Doing so helped identify more than
$150 million in Supplemental Security Income overpayments and prevented
improper payments of more than $170 million over an 8-month period.
Finally, SSNs along with other program data, are sometimes used for
statistical programs, research, and evaluation, in part because they
provide government agencies and others with an effective mechanism for
linking data on program participation with data from other
sources.13
---------------------------------------------------------------------------
\12\ SSI provides cash assistance to needy individuals who are
aged, blind, or disabled.
\13\ In some cases, records containing SSNs are sometimes matched
across multiple agency or program databases. The statistical and
research communities refer to the process of matching records
containing SSNs for statistical or research purposes as ``record
linkage.'' See U.S. General Accounting Office, Record Linkage and
Privacy: Issues in Creating New Federal Research and Statistical
Information, GAO-01-126SP (Washington, D.C.: Apr. 2001).
---------------------------------------------------------------------------
When government agencies that administer programs share records
containing individuals' SSNs with other entities, they are most likely
to share them with other government agencies.14 After that,
the largest percentage of federal and state program agencies report
sharing SSNs with contractors (54 and 39 percent respectively), and a
relatively large percentage of county program agencies report sharing
with contractors as well (28 percent). Agencies across all levels of
government use contractors to help them fulfill their program
responsibilities, such as determining eligibility for services and
conducting data processing activities. In addition to sharing SSNs with
contractors, government agencies also share SSNs with private
businesses, such as credit bureaus and insurance companies, as well as
debt collection agencies, researchers, and, to a lesser extent, with
private investigators.
---------------------------------------------------------------------------
\14\ On the federal level, data sharing often involves computerized
record matching. The Computer Matching and Privacy Protection Act of
1988, which amended the Privacy Act, specifies procedural safeguards
affecting agencies' use of Privacy Act records in performing certain
types of computerized matching programs, including due process rights
for individuals whose records are being matched. These due process
rights were further clarified in the Computer Matching and Privacy
Protection Amendments of 1990.
---------------------------------------------------------------------------
In addition, all government personnel departments we surveyed
reported using their employees' SSNs to fulfill at least some of their
responsibilities as employers. Aside from requiring that employers
report on their employees' wages to SSA, federal law also requires that
states maintain employers' reports of newly hired employees identified
by SSN. The national database is used by state child support agencies
to locate parents who are delinquent in child support payments. In
addition, employers responding to our survey said they use SSNs to help
them maintain internal records and provide employee benefits. To
provide these benefits, employers often share data on employees with
other entities, such as health care providers or pension plan
administrators.
Many Government Entities Collect SSNs without Providing Required
Information
When a government agency requests an individual's SSN, the
individual needs certain information to make an informed decision about
whether to provide their SSN to the government agency or not.
Accordingly, section 7 of the Privacy Act requires that any federal,
state, or local government agency, when requesting an SSN from an
individual, provide that individual with three key pieces of
information.15 Government entities must
---------------------------------------------------------------------------
\15\ Section 7 of the Privacy Act is not codified with the rest of
the act, but rather is found in the note section to 5 U.S.C. 552a.
0 Ltell individuals whether disclosing their SSNs is
mandatory or voluntary;
Lcite the statutory or other authority under which the
request is being made; and
Lstate what uses government will make of the
individual's SSN.
This information, which helps the individual make an informed decision,
is the first line of defense against improper use.
Although nearly all government entities we surveyed collect and use
SSNs for a variety of reasons, many of these entities reported they do
not provide individuals the information required under section 7 of the
Privacy Act when requesting their SSNs. Federal agencies were more
likely to report that they provided the required information to
individuals when requesting their SSNs than were states or local
government agencies. Even so, federal agencies did not consistently
provide this required information; 32 percent did not inform
individuals of the statutory authority for requesting the SSN and 21
percent of federal agencies reported that they did not inform
individuals of how their SSNs would be used. At the state level, about
half of the respondents reported providing individuals with the
required information, and at the county level, about 40 percent of the
respondents reported doing so.
LMany Agencies Using SSNs to Administer Programs Do Not Have Uniform
Information Security Controls in Place
When government agencies collect and use SSNs as an essential
component of their operations, they need to take steps to mitigate the
risk of individuals gaining unauthorized access to SSNs or making
improper disclosure or use of SSNs. Over 90 percent of our survey
respondents reported using both hard copy and electronic records
containing SSNs when conducting their program activities. When using
electronic media, many employ personal computers linked to computer
networks to store and process the information they collect. This
extensive use of SSNs, as well as the various ways in which SSNs are
stored and accessed or shared, increase the risks to individuals'
privacy and make it both important and challenging for agencies to take
steps to safeguard these SSNs.
No uniform guidelines specify what actions governments should take
to safeguard personal information that includes SSNs. However, to gain
a better understanding of whether agencies had measures in place to
safeguard SSNs, we selected eight commonly used practices found in
information security programs, and we surveyed the federal, state, and
county programs and agencies on their use of these eight practices.
Responses to our survey indicate that agencies that administer programs
at all levels of government are taking some steps to safeguard SSNs;
however, potential weaknesses exist at all levels. Many survey
respondents reported adopting some of the practices; however, none of
the eight practices were uniformly adopted at any level of government.
In general, when compared to state and county government agencies, a
higher percentage of federal agencies reported using most of the eight
practices. However, despite the federal government's self-reported more
frequent use of these practices relative to the state and counties, it
is important to note that since 1996 we have consistently identified
significant information security weaknesses across the federal
government. We are not aware of a comparable comprehensive assessments
of information security for either state or county government. (For
additional information on the eight practices we selected and how they
fit into the federal framework for an information security program, see
appendix II.)
Further, when SSNs are passed from a government agency to another
entity, agencies need to take additional steps to continue protections
for sensitive personal information that includes SSNs, such as imposing
restrictions on the entities to help ensure that the SSNs are
safeguarded.16 Responses to our survey indicate that, when
sharing such sensitive information, most agencies reported requiring
those receiving personal data to restrict access to and disclosure of
records containing SSNs to authorized persons and to keep records in
secured locations. However, fewer agencies reported having provisions
in place to oversee or enforce compliance with these requirements.
---------------------------------------------------------------------------
\16\ In some cases, where federal agencies administer programs that
provide federal funds to states and counties, the federal agency has
spelled out program-specific requirements for information security that
state and county government agencies are expected to follow when they
use federal funds to operate these programs.
---------------------------------------------------------------------------
Government Agencies Display SSNs on Documents Not Intended for the
Public
In the course of delivering their services or benefits, many
government agencies occasionally display SSNs on documents that may be
viewed by others, some of whom may not have a need for this personal
information. These documents include payroll checks, vouchers for tax
credits for childcare, travel orders, and authorization for training
outside of the agency. Also, some personnel departments reported
displaying employees' SSNs on their employee badges (27 percent of
federal respondents, 5 percent of state, and 9 percent of county).
Notably, the Department of Defense (DOD), which has over 2.9 million
military and civilian personnel, displays SSNs on its military and
civilian identification cards. On the state level, the Department of
Criminal Justice in one state, which has about 40,000 employees,
displays SSNs on all employee identification cards. According to
department officials, some of their employees have taken actions such
as taping over their SSNs so that prison inmates and others cannot view
this personal information.
SSNs are also displayed on documents that are not employee-related.
For example, some benefit programs display the SSN on the benefit
checks and eligibility cards, and over one-third of federal respondents
reported including the SSN on official letters mailed to participants.
Further, some state institutions of higher education display students'
SSNs on identification cards. Finally, SSNs are sometimes displayed on
business permits that must be posted in public view at an individual's
place of business.
In addition to these examples of SSN display, we also identified a
number of instances where the Congress or governmental entities have
taken or are considering action to reduce the presence of SSNs on
documents that may be viewed by others. For example, the DOD commissary
stopped requiring SSNs on checks written by members because of concerns
about improper use of the SSNs and identity theft.17 Also, a
state comptroller's office changed its procedures so that it now offers
vendors the option of not displaying SSNs on their business permits.
Finally, some states have passed laws prohibiting the use of SSNs as a
student identification number.
---------------------------------------------------------------------------
\17\ As of March 2002, the Navy Commissary still requires SSNs on
checks. Officials told us they hope to implement a system similar to
the DOD Commissary by the end of 2002.
---------------------------------------------------------------------------
These efforts to reduce display suggest a growing awareness that
SSNs are private information, and the risk to the individual of placing
an SSN on a document that others can see may be greater than the
benefit to the agency of using the SSN in this manner. However, despite
this growing awareness and the actions cited above, many government
agencies continue to display SSNs on a variety of documents that can be
seen by others.
LOpen Nature of Certain Government Records Results in Wide Access to
SSNs but Alternatives Exist
Regarding public records, many of the state and county agencies
responding to our survey reported maintaining records that contain
SSNs; however federal program agencies maintain public records less
frequently. At the state and county levels, certain offices, such as
state licensing agencies and county recorders' offices, have
traditionally been repositories for public records that may contain
SSNs. In addition, courts at all three levels of government maintain
public records that may contain SSNs. Officials who maintain these
records told us their responsibility is to preserve the integrity of
the record rather than protect the privacy of the individual SSN
holder. However, we found examples of some government entities that are
trying innovative approaches to protect the SSNs in such records from
public display. Moreover, the general public has traditionally gained
access to public records by visiting the office that maintains the
records, an inconvenience that represents a practical limitation on the
volume of SSNs any one person can collect. However, the growth of
electronic record-keeping places new pressures on agencies to provide
their data to the pubic on the Internet. Although few entities report
currently making public records containing SSNs available on the
Internet, several officials told us they are considering expanding the
volume and type of such records available on their Web site. This would
create new opportunities for gathering SSNs on a broader scale. Again,
some entities are considering alternatives to making SSNs available on
such a wide scale, while others are not.
Many State and County Public Records Contain SSNs
As shown in table 2, more than two-thirds of the courts, county
recorders, and state licensing agencies that reported maintaining
public records reported that these records contained SSNs.18
In addition, some program agencies also reported maintaining public
records that contain SSNs.
---------------------------------------------------------------------------
\18\ Of the respondents to our survey, 20 county recorders and
courts and 5 state courts reported that they do not obtain, receive, or
use the SSN of program participants, service recipients, or individual
members of the public. We did not verify this information.
Table 2: Of Courts, County Recorders, and State Licensing Agencies, and of Program Agencies That Maintain Public
Records, Percentage That Maintain Public Records That Contain SSNs
----------------------------------------------------------------------------------------------------------------
Federal State County
-----------------------------------------------------------
Frequency Percent Frequency Percent Frequency Percent
----------------------------------------------------------------------------------------------------------------
Courts, recorders, and licensing agencies that 3/3 100 21/31 68 73/95 77
maintain public records with SSNs
----------------------------------------------------------------------------------------------------------------
Program agencies that maintain public records with 4/22 23 54/189 29 46/140 33
SSNs
----------------------------------------------------------------------------------------------------------------
Source: Data from GAO survey of federal, state, and county departments and agencies. It excludes state
departments of motor vehicles and tax administration.
County clerks or recorders (hereinafter referred to as recorders)
and certain state agencies often maintain records that contain SSNs
because these offices have traditionally been the repository for key
information that, among other things, chronicles various life events
and other activities of individuals as they interact with
government.19 SSNs appear in these public records for a
number of reasons. They may already be a part of a document that is
submitted to a recorder for official preservation. For example,
military veterans are encouraged to file their discharge papers, which
contain SSNs, with their local recorder's office to establish a readily
available record of their military service.20 Also,
documents that record financial transactions, such as tax liens and
property settlements, contain SSNs to help identify the correct
individual. In other cases, government officials are required by law to
collect SSNs. For example, to aid in locating non-custodial parents who
are delinquent in their child support payments, the federal Personal
Responsibility and Work Opportunity Reconciliation Act of 1996 requires
that states have laws in effect to collect SSNs on applications for
marriage, professional, and occupational licenses. Moreover, some state
laws allow government entities to collect SSNs on voter registries to
help avoid duplicate registrations. Although the law requires public
entities to collect the SSN as part of these activities, this does not
necessarily mean that the SSNs always must be placed on the document
that becomes part of the public record.
---------------------------------------------------------------------------
\19\ It differs from state-to-state as to whether certain records,
such as marriage licenses and birth certificates, are maintained in
county or state offices. Certain documents, however, such as land and
title transfers, are almost always maintained at the local, or county,
level.
\20\ Veterans are advised that these are important documents which
can be registered/recorded in most states or localities for a nominal
fee making retrieval easy. In October 2001, DOD added a cautionary
statement that recording these documents could subject them to public
access in some states or localities.
---------------------------------------------------------------------------
Courts at all three levels of government also collect and maintain
records that are routinely made available to the public. Court records
overall are presumed to be public; however, each court may have its own
rules or practices governing the release of information.21
As with recorders, SSNs appear in court documents for a variety of
reasons. In many cases, SSNs are already a part of documents that are
submitted by attorneys or individuals. These documents could be
submitted as part of the evidence for a proceeding or could be included
in documents, such as a petition for an action, a judgment or a divorce
decree. In other cases, courts include SSNs on documents they and other
government officials create, such as criminal summonses, arrest
warrants, and judgments, to increase the likelihood that the correct
individual is affected (i.e. to avoid arresting the wrong John Smith).
In some cases federal law requires that SSNs be placed in certain
records that courts maintain, such as records pertaining to child
support orders, divorce decrees, and paternity determinations. Again,
this assists child support enforcement agencies in efforts to help
parents collect money that is owed to them. These documents may also be
maintained at county clerk or recorders' offices.
---------------------------------------------------------------------------
\21\ In some states, for example, adoption records, grand jury
records, and juvenile court records are not part of the public record.
In addition, some court documents pertinent to the cases may or may not
be in the public record, depending on local court practice. Finally,
the judge can choose to explicitly seal a record to protect the
information it contains from public review.
---------------------------------------------------------------------------
When federal, state, or county entities, including courts, maintain
public records, they are generally prohibited from altering the formal
documents. Officials told us that their primary and mandated interest
is in preserving the integrity of the record rather than protecting the
privacy of the individual named in the record. Officials told us they
believe they have no choice but to accept the documents with the SSNs
and fulfill the responsibility of their office by making them available
to the general public.
Alternatives to Displaying SSNs in Public Records Exist
When creating public documents or records, such as marriage
licenses, some government agencies are trying new innovative approaches
that protect SSNs from public display. For example, some have developed
alternative types of forms to keep SSNs and other personal information
separate from the portion of a document that is accessible to the
general public.22 Changing how the information is captured
on the form itself can help solve the dilemma of many county recorders
who, because they are the official record keepers of the county, are
usually not allowed to alter an original document after it is
officially filed in their office. For example, a county recorder told
us that Virginia recently changed its marriage license application so
that the form is now in triplicate, and the copy that is available to
the general public does not contain the SSN. However, an official told
us even this seemingly simple change in the format of a document can be
challenging because, in some cases, the forms used for certain
transactions are prescribed by the state. In addition to these efforts
at recorders offices, some courts have made efforts to protect SSNs in
documents that the general public can access through court clerk
offices. For example, one state court offers the option of filing a
separate form containing the SSN that is kept separate from the part of
the record that is available for public inspection.
---------------------------------------------------------------------------
\22\ In some cases, however, the law requires that the SSN appear
on the document itself, as on death certificates.
---------------------------------------------------------------------------
These solutions, however, are most effective when the recorder's
office, state agencies, and courts prepare the documents themselves. In
those many instances where others file the documents, such as
individuals, attorneys, or financial institutions, the receiving agency
has less control over what is contained in the document and, in many
cases, must accept it as submitted. Officials told us that, in these
cases, educating the individuals who submit the documents for the
record may help to reduce the appearance of SSNs. This would include
individuals, financial institutions, title companies, and attorneys,
who could begin by considering whether SSNs are required on the
documents they submit. It may be possible to limit the display of SSNs
on some of these documents or, where SSNs are deemed necessary to help
identify the subject of the documents, it may be possible to truncate
the SSN to the last four digits.
While the above options are available for public records created
after an office institutes changes, fewer options exist to limit the
availability of SSNs in records that have already been officially filed
or created. One option is redacting or removing SSNs from documents
before they are made available to the general public. In our fieldwork,
we found instances where departments redact SSNs from copies of
documents that are made available to the general public, but these
tended to be situations where the volume of records and number of
requests were minimal, such as in a small county. Most other officials
told us redaction was not a practical alternative for public records
their offices maintain. Although redaction would reduce the likelihood
of SSNs being released to the general public, we were told it is time-
consuming, labor intensive, difficult, and in some cases would require
change in law. In documents filed by others outside of the office, SSNs
do not appear in a uniform place and could appear many times throughout
a document. In these cases, it is a particularly lengthy and labor-
intensive process to find and redact SSNs. Moreover, redaction would be
less effective in those offices where members of the general public can
inspect and copy large numbers of documents without supervision from
office staff. In these situations, officials told us that they could
change their procedures for documents that they collect in the future,
but it would be extremely difficult and expensive to redact SSNs on
documents that have already been collected and filed.
LTraditional Access to Public Records Has Practical Limitations That
Would Not Exist if the Records Were Placed on the Internet
Traditionally, the public has been able to gain access to SSNs
contained in public records by visiting the recorder's office, state
office, or court house; however, the requirement to visit a physical
location and request or search for information on a case-by-case basis
offers some measure of protection against the widespread collection and
use of others' SSNs from public records.23 Yet, this limited
access to information in public records is not always the case. We
found examples where members of the public can obtain easy access to
larger volumes of documents containing SSNs. Some offices that maintain
public records offer computer terminals on site where individuals can
look up electronic files from a site-specific database. In one of the
offices we visited, documents containing SSNs that were otherwise
accessible to the public were also made available in bulk to certain
groups. When asked about sharing information containing SSNs with other
entities, a higher percentage of county recorders reported sharing
information containing SSNs with marketing companies, collection
agencies, credit bureaus, private investigators, and outside
researchers.
---------------------------------------------------------------------------
\23\ Some jurisdictions also permit citizens to request public
records through the mail.
---------------------------------------------------------------------------
Finally, few agencies reported that they place records containing
SSNs on their Internet sites; however, this practice may be growing. Of
those agencies that reported having public records containing SSNs,
only 3 percent of the state respondents and 9 percent of the county
respondents reported that the public can access these documents on
their Web site. In some cases, such as the federal courts, documents
containing SSNs are available on the Internet only to paid subscribers.
However, increasing numbers of departments are moving toward placing
more information on the Internet. We spoke with several officials that
described their goals for having records available electronically
within the next few years. Providing this easy access of records
potentially could increase the opportunity to obtain records that
contain SSNs that otherwise would not have been obtained by visiting
the government agency.
While planning to place more information on the Internet, some
courts and government agencies are examining their policies to decide
whether SSNs should be made available on documents on their Web sites.
In our fieldwork, we heard many discussions of this issue, which is
particularly problematic for courts and recorders, who have a
responsibility to make large volumes of documents accessible to the
general public. On the one hand, officials told us placing their
records on the Internet would simply facilitate the general public's
ability to access the information. On the other hand, officials
expressed concern that placing documents on the Internet would remove
the natural deterrent of having to travel to the courthouse or
recorder's office to obtain personal information on individuals.
Again, we found examples where government entities are searching
for ways to strike a balance. For example, the Judicial Conference of
the United States recently released a statement on electronic case file
availability and Internet use in federal courts. They recommended that
documents in civil cases and bankruptcy cases should be made available
electronically, but SSNs contained in the documents should be truncated
to the last four digits. Also, we spoke to one county recorder's office
that had recently put many of its documents on their Web site, but had
decided not to include categories of documents that were known to
contain SSNs. In addition, some states are taking action to limit the
display of SSNs on the Internet. Given the likely growth of public
information on the Internet, the time is right for some kind of
forethought about the inherent risk posed by making SSNs and other
personal information available through this venue.
Concluding Observations
SSNs are widely used in all levels of government and play a central
role in how government entities conduct their business. As unique
identifiers, SSNs are used to help make record-keeping more efficient
and are most useful when government entities share information about
individuals with others outside their organization. The various
benefits from sharing data help ensure that government agencies fulfill
their mission and meet their obligation to the taxpayer by, for
example, making sure that the programs serve only those eligible for
services. However, the gaps in safeguarding SSNs that we have
identified create the potential for SSN misuse. Although the extent to
which the government's broad use of SSNs contributes to identity theft
is not clear, measures to encourage governments to better secure and
reduce the display of SSNs could at least help minimize the risk of SSN
misuse. It is important to focus on ways to accomplish this. We will be
reporting in more detail on these issues at the end of this month and
look forward to exploring additional options to better protect SSNs
with you as we complete our work.
Contacts and Acknowledgments
For further information regarding this testimony, please contact
Barbara D. Bovbjerg, Director, or Kay E. Brown, Assistant Director,
Education, Workforce, and Income Security at (202) 512-7215.
Individuals making key contributions to this testimony include Lindsay
Bach, Jeff Bernstein, Richard Burkard, Jacqueline Harpp, Daniel Hoy,
Raun Lazier, Vernette Shaw, Jacquelyn Stewart, and Anne Welch.
------
Appendix I: Examples of Federal Statutes That Authorize or Mandate the
Collection and Use of Social Security Numbers
------------------------------------------------------------------------
Government
General purpose entity and
Federal statute for collecting or authorized or
using SSN required use
------------------------------------------------------------------------
Tax Reform Act of 1976 General public Authorizes
assistance states to
42 U.S.C. 405(c)(2)(c)(i) programs, tax collect and use
administration, SSNs in
driver's administering
license, motor any tax,
vehicle general public
registration assistance,
driver's
license, or
motor vehicle
registration
law
------------------------------------------------------------------------
Food Stamp Act of 1977 Food Stamp Mandates the
Program secretary of
7 U.S.C. 2025(e)(1) agriculture and
state agencies
to require SSNs
for program
participation
------------------------------------------------------------------------
Deficit Reduction Act of 1984 Eligibility Requires that,
benefits under as a condition
42 U.S.C. 1320b-7(1) the Medicaid of eligibility
program for Medicaid
benefits,
applicants for
and recipients
of these
benefits
furnish their
SSNs to the
state
administering
program
------------------------------------------------------------------------
Housing and Community Eligibility for Authorizes the
Development Act of 1987 HUD programs secretary of
the Department
42 U.S.C. 3543(a) of Housing and
Urban
Development to
require
applicants and
participants in
HUD programs to
submit their
SSNs as a
condition of
eligibility
------------------------------------------------------------------------
Family Support Act of 1988 Issuance of birth Requires states
certificates to obtain
42 U.S.C. 405(c)(2)(C)(ii) parents' SSNs
before issuing
a birth
certificate
unless there is
good cause for
not requiring
the number
------------------------------------------------------------------------
Technical and Miscellaneous Revenue Blood donation Authorizes
Act of 1988 states and
political
42 U.S.C. 405(c)(2)(D)(i) subdivisions to
require that
blood donors
provide their
SSNs
------------------------------------------------------------------------
Food, Agriculture, Conservation, Retail and Authorizes the
and Trade Act of 1990 wholesale secretary of
businesses agriculture to
42 U.S.C. 405(c)(2)(C) participation in require the
food stamp SSNs of
program officers or
owners of
retail and
wholesale food
concerns that
accept and
redeem food
stamps
------------------------------------------------------------------------
Omnibus Budget Reconciliation Act Eligibility for Requires
of 1990 Veterans Affairs individuals to
compensation or provide their
38 U.S.C. 510(c) pension benefits SSNs to be
programs eligible for
Department of
Veterans
Affairs'
compensation or
pension
benefits
programs
------------------------------------------------------------------------
Social Security Independence and Eligibility of Authorizes
Program Improvements Act of 1994 potential jurors states and
political
42 U.S.C. 405(c)(2)(E) subdivisions of
states to use
SSNs to
determine
eligibility of
potential
jurors
------------------------------------------------------------------------
Personal Responsibility and Work Various license Mandates that
Opportunity Reconciliation Act of applications; states have
1996 divorce and laws in effect
child support that require
42 U.S.C. 666(a)(13) documents; death collection of
certificates SSNs on
applications
for driver's
licenses and
other licenses;
requires
placement in
the pertinent
records of the
SSN of the
person subject
to a divorce
decree, child
support order,
paternity
determination;
requires SSNs
on death
certificates;
creates
national
database for
child support
enforcement
purposes
------------------------------------------------------------------------
Debt Collection Improvement Act of Persons doing Requires those
1996 business with a doing business
federal agency with a federal
31 U.S.C. 7701(c) agency, i.e.,
lenders in a
federal
guaranteed loan
program;
applicants for
federal
licenses,
permits, right-
of-ways,
grants, or
benefit
payments;
contractors of
an agency and
others to
furnish SSNs to
the agency
------------------------------------------------------------------------
Higher Education Act Amendments of Financial Authorizes the
1998 assistance secretary of
education to
20 U.S.C. 1090(a)(7) include the
SSNs of parents
of dependent
students on
certain
financial
assistance
forms
------------------------------------------------------------------------
Internal Revenue Code Tax returns Authorizes the
commissioner of
(various amendments) the Internal
26 U.S.C. 6109 Revenue Service
to require that
taxpayers
include their
SSNs on tax
returns
------------------------------------------------------------------------
Source: GAO review of applicable federal laws
______
Appendix II: Our Eight Practices and How They Fit Into the Federal
Framework for an Information Security Program
Certain federal laws lay out a framework for federal agencies to
follow when establishing information security programs to protect
sensitive personal information, such as SSNs.24 The federal
framework is consistent with strategies used by private and public
organizations that we previously reported have strong information
security programs.25 This framework includes four principles
that are important to an overall information security program. These
are to periodically assess risk, implement policies and controls to
mitigate risks, promote awareness of risks for information security,
and to continually monitor and evaluate information security practices.
To gain a better understanding of whether agencies had in place
measures to safeguard SSNs that are consistent with the federal
framework, we selected eight commonly used practices found in
information security programs--two for each principle. Use of these
eight practices could give an indication that an agency has an
information security program that follows the federal
framework.26 We surveyed the federal, state, and county
programs and agencies on their use of these eight practices:
---------------------------------------------------------------------------
\24\ See federal Government Information Security Reform provisions
of the fiscal year 2001 Defense Authorization Act, the federal Computer
Security Act of 1987, the Paperwork Reduction Act of 1995, the Clinger-
Cohen Act of 1996, and Office of Management and Budget guidance.
\25\ U.S. General Accounting Office, Executive Guide: Information
Security Management, Learning From Leading Organizations, GAO/AIMD-98-8
(Washington, D.C.: May 1998) reported on strategies used by private and
public organizations--a financial services corporation, a regional
utility, a state university, a retailer, a state agency, a nonbank
financial institution, a computer vendor, and an equipment
manufacturer--that were recognized as having strong information
security programs. The information security strategies discussed in the
report were only a part of the organizations' broader information
management strategies.
\26\ States may also require any number of the eight practices, but
the requirements would vary from state to state.
---------------------------------------------------------------------------
Periodically assess risk
LConduct risk assessments for computer systems that
contain SSNs
LDevelop written security plan for computer systems
that contain SSNs
Implement policies and controls to mitigate risks
LDevelop written policies for handling records with
SSNs
LControl access to computerized records that contain
SSNs, such as assigning different levels of access and using
methods to identify employees (e.g., use ID cards, PINS, or
passwords)
Promote awareness of risks for information security
LProvide employees training or written materials on
responsibilities for safeguarding records
LTake disciplinary actions against employees for
noncompliance with policies, such as placing employees on
probation, terminating employment, or referring to law
enforcement
Continually monitor and evaluate information security practices
LMonitor employees' access to computerized records with
SSNs, such as tracking browsing and unusual transactions
LHave computer systems independently audited
Chairman SHAW. Thank you. Ms. Brown?
Ms. BROWN. I am here to answer----
Chairman SHAW. You are with Barbara Bovbjerg.
Ms. BROWN. Yes.
Ms. BOVBJERG. I brought reinforcements today.
Chairman SHAW. Good for you. We are delighted to have in
you in Florida.
Ms. BOVBJERG. Thank you for inviting me.
Chairman SHAW. Lisa, you told a very compelling story with
regard to your 3-year struggle. Has the defendant been
adjudicated guilty or what has happened to the case?
Ms. TROPEPE. She received 4 months of in-house arrest,
probation time, and community service.
Chairman SHAW. How about restitution?
Ms. TROPEPE. She surrendered the $10,000 cashier's checks
that she got from my bank account, and the balance of the
moneys were never--there was no restitution, none that I am
aware of.
Mr. MORELL. I can give you a little bit of a backup on
this, and we can--
Chairman SHAW. Excuse me, for the record, this is Mr. Tim
Morell.
Mr. MORELL. Tim Morell, right. I am also the current co-
Vice Chairman of the Computer Law Committee of the Florida bar,
and we have been actively supporting and helping to get
publicity for your bill, as you know from a year or two ago
when I was in Del Ray helping out and trying to find out some
information on this.
We were unable to get much of the prosecution at the State
court level. It turned out that the only thing we could do was
go to U.S. Attorney's Office. We were told that the amount of
money involved, unless it was more than $100,000, wasn't going
to get anybody's interest, so we ended up going to the media.
We went to Channel 12, and we went to the Palm Beach Post. Once
that was exposed, then the U.S. Attorney's Office took the
case, and I have a copy of a Palm Beach Post summary that we
can put into the record of what actually ended up happening.
And I will read it if you would like to have that into the
record.
Chairman SHAW. Without objection, I will place the entire
Palm Beach Post article that you are holding into the record.
[The article follows:]
Palm Beach Post
West Palm Beach, Florida
WEST PALM BEACH--A temporary worker who stole the identity of a woman
in her office, took $13,000 from her bank account and ran up $5,000 in
credit card charges in her name was sentenced Friday to 4 years'
probation and 150 hours of community service. Terkesha Lane 21, of
Riviera Beach, faced up to 3 years in prison, a $25,000 fine and
restitution. U.S. District Court Judge Daniel T.K. Hurley took note of
Lane's age, her clean record and that she has a 2-year-old child. She
also helped authorities track down a $10,000 cashier's check. ``I think
you earned this by everything else you have done in your life,'' the
judge said. Lane who will be on home detention for the first 4 months
of the probation and pay $100, apologized for the elaborate scheme in
which she managed to obtain a driver's license in the name of Lisa
Tropepe, withdrew money from Tropepe's bank account and ran up credit
card charges in Tropepe's name. The bank reimbursed Tropepe and she
restored her credit after hiring a lawyer.
Mr. MORELL. She was given, in summary, just 4 years
probation and 150 hours of community service. There were some
other monetary amounts here that we don't think will ever be
collectable, but we will put this into evidence.
Chairman SHAW. Thank you. Mr. Ross, we will make available
to you and Ms. Tropepe a transcript of this particular hearing
that you can go in and show your creditors.
Mr. ROSS. Thank you.
Chairman SHAW. That you have appeared before a
congressional Committee who is studying the tragedy of identity
theft. Mark?
Mr. FOLEY. Well, I think this illuminates the problem. In
addition to having to go through hours, now we have got a
lawyer and an engineer, both professionals who have both
competence and ability to probably pursue this. Think about a
poor person who is just struggling?
Ms. TROPEPE. That is right.
Mr. FOLEY. And this is outrageous. And 4 years probation to
steal how much, $40,000?
Ms. TROPEPE. Over $20,000.
Mr. FOLEY. Plus, plus.
Ms. TROPEPE. Plus, plus.
Mr. FOLEY. I mean with credit damage and all.
Ms. TROPEPE. That is not including the cost to the firm,
myself, the cost to hire Tim Morell to clear my name. It is not
including all that.
Chairman SHAW. But the bank they made good on your account,
didn't they?
Ms. TROPEPE. The bank made good on the account, and the
credit cards that she received or the instant credit that she
received, the credit companies, they paid for that as well. So
there was no out-of-pocket money, but all the other--the
attorney and the time and the grief that it has caused my
office. I was in the process of becoming a partner, and
checking my billable time was slowly declining every day, and I
just wasn't functioning right. And then we finally hired an
attorney that helped alleviate that, but I can tell you that
there isn't a day that doesn't go by that I don't think about
the fact that there is somebody around that is right up the
street from me that can do it again. And if she doesn't do it,
she has the information still to this day to give it to
somebody else. It just doesn't seem to me--the punishment,
without a doubt, does not fit the crime.
Mr. FOLEY. That is where I see we have two problems. We
have, one, punishment, because if you can get away with the
kind of larceny that has occurred with that minimal sentence,
it encourages people to go ahead and try. Secondly, if you
can't protect the Social Security Numbers, it is a catch-22.
Ms. TROPEPE. Right.
Mr. FOLEY. So you are around and around in circles on this
issue.
Mr. MORELL. This file represents a lot of effort here to
try to keep Lisa's credit in decent shape. She continues to
have--a lot of the times we try to keep this so that it doesn't
bother her, but as recently as 6 months ago her identity was
compromised in, what was it, Ireland or somewhere in the
British Isles. Somebody had compromised her identity mostly
because once it happens once and you are out there, then there
is almost like the reasonable doubt, it would be hard to prove
who the criminal was after that. And so they go for you. And
that was one of the reasons why we were very nervous about even
coming here today. The thing keeps coming back, and the nature
of computers is such that once the record is out there somebody
inadvertently enters it again or it comes back up in 6 months,
and it is all right back like it never left. And it has been a
constant struggle to try to keep after those credit bureaus, to
keep telling them Lisa is not the perpetrator.
Mr. FOLEY. The other problem is the credit reporting. When
you go now to a store you--and I probably can't take advantage
of these instant credit opportunities----
Ms. TROPEPE. Never again.
Mr. FOLEY. Because we will always be----
Ms. TROPEPE. Right.
Mr. FOLEY. On somebody's list that they have to flag, that
they have to check, that they have to make sure you are who you
are for our safeguard, but nonetheless it inconveniences us.
Ms. TROPEPE. Right. Well, there is a fraud alert on my
name, so I will never be able to get instant credit again. I
will have to go through the longer process in order to obtain a
credit card for the rest of my life. And this all started with
her getting my Social Security Number on the Internet.
Chairman SHAW. Did she get it out of the payroll records of
the company or----
Ms. TROPEPE. No. She told me that her cousin in Miami
helped her get it off the computer.
Chairman SHAW. Oh, you talked to her about it since she was
charged.
Ms. TROPEPE. Well, I am the one who solved the crime. I
went to my ATM machine and sometimes you can't tell when a
couple dollars are missing, okay? But it was $13,000 subtracted
out of my account, which alerted me that night. So the very
next day I called up First Union and said, ``What is happening
to my account?'' Meanwhile, I am getting every day credit card
bills in the mail on a daily basis that I knew nothing about.
They told me that I withdrew a $10,000 cashier's check 2 days
prior at the Okeechobee Boulevard branch in West Palm Beach,
and I said I have never been to the Okeechobee Boulevard branch
in West Palm Beach. I drove over there and they replayed the
tapes from the bank, and I identified her on those bank tapes.
If she had not gone to the bank and started withdrawing cash
from my account, I would have never found out who the
perpetrator was.
And then after that she said to me that she also did--you
know, you kind of figure that, okay, since she has taken money
out of my account she is probably doing the credit cards too.
And I asked her and she said, ``Yes, I did that too.'' ``And
how did you do it?'' ``I got your Social Security Number from
my cousin in Miami who looked it up on the Internet.''
Chairman SHAW. What site?
Ms. TROPEPE. So that is how it started. And then once she
had that, she had my home address because she was our
receptionist. She took those two pieces of information to DMV,
the Division of Motor Vehicles, received a driver's license
with my name, address, and information and her picture.
Mr. MORELL. That is what I wanted to follow up with. By
having the Social Security Number, she was able to get a
duplicate driver's license, although our system in Florida has
a picture ID. They could have clearly seen the woman who
impersonated her looks nothing like Lisa, nothing at all
physically. But they had her picture there, but it didn't
matter what the picture was. Because the woman had Lisa's
Social Security, they gave this woman a driver's license and
that became the key to everything.
Ms. TROPEPE. And the Division of Motor Vehicles did have my
picture on file because, as you both probably know, I was a
Broward County resident until about 4 years ago. I went to the
Division of Motor Vehicles, got a new driver's license, so my
picture was on file in Palm Beach County. They just never
bothered to look at my picture when they gave her the duplicate
driver's license.
Mr. FOLEY. Anthony, why don't you tell us about some of the
late night calls during these periods after your credit has
been run up.
Mr. ROSS. Late night calls?
Mr. FOLEY. Collection agencies, people. I mean this is the
other side of it you don't realize.
Mr. ROSS. Well, as a Federal Law Enforcement Officer and I
teach at the Federal Law Enforcement Training Center in
Brunswick, Georgia, and we are on a 6-day work week right now.
And that and family obligations and just trying to live on that
extra day I get off and deal with these has just been a
nightmare. And what happens is you receive--if you send in the
proper paperwork to try to get this cleared with a creditor,
they have a certain number of days that they are looking to
have you respond in. And that is not always necessarily
possible, especially traveling and other things that do occur
within the job. So then you get another letter saying, ``Well,
it appears since you have not sent the paperwork in that you no
longer want to pursue this and that you are the person that has
made these charges, and now this bill is yours, basically.''
Now you have to go back and call, ``I do want to pursue
this. I am just not able to do it in your time requirements,
and now we are starting all over again.'' Or I have had
instances where they have closed it out and I will say, ``I
haven't received anything more on this.'' ``Well, we didn't get
that back in time.'' Or I have had situations where you may
have certain stores that use one banking institution or credit
company that supplies credit for all of them. Now you have
three different--in this case, I have three different
fraudulent accounts, but it was backed by one creditor. Rather
than them combining that as one fraudulent account, I had to
submit documents individually for each one, and then they
assigned them to three different fraud investigators within
this one company. So instead of dealing with it one time, I had
to deal with it multiple times.
One of the other problems that I came into, and this is a
situation within the prison system is that the actual main
person involved in this case that was orchestrating the fraud
was already in custody, and he was using other family members
and giving them the information on how to proceed along the
fraud.
Mr. FOLEY. So he is inside working outside.
Mr. ROSS. Right.
Chairman SHAW. Absolutely amazing. I will share with you a
story that we had in Washington. One of the Members of the
Committee on Way and Means, Sam Johnson, who was a prisoner of
war for, I think, 7 or 8 years at the Hanoi Hilton in Vietnam,
and I had to tell him that--I said, ``Your serial number and
rank and those things that you give as a prisoner of war, your
serial number is your Social Security Number, and we are trying
to get away from that.'' I said, ``All those people that were
looking over you in prison have your Social Security Number.''
But I think our military is backing away from that too, and we
have got to be terribly careful.
And then we had a colonel who testified before us, and he
was cashing a check at the PX, and he had to put his ID number
on it and that was his Social Security Number, and that is
where they picked his up. But you, you were quite correct to
say that if you know how to find it, you can find it on a
computer and people are--there is trafficking in these numbers.
And that is what we have got to--that is what we have really
got to stop.
It is not all together when you think that the logic of
this thing is to get rid of it, but there is a number of
organizations that are not in favor of this type of
legislation, who deal in identities, whether they be private
detectives or whatever, but the type of legislation that we are
trying to develop is one that preserves the legitimate
government use of the Social Security Number. It was never
meant to be a national ID number, but it has sort of risen to
that, and it is done without adequate protection. And this is
what you people have run into.
And I am quite impressed with what the State of Florida has
done in this regard. We are trying to move this legislation
through several Committees. We moved it through the Committee
on Ways and Means in the last Congress but it got stuck in a
couple of other Committees with jurisdiction. We are trying to
go back and maybe just work the bill so it is the jurisdiction
of the Committee on Ways and Means so we can go ahead and pass
it and then if they want to go forward with another bill, that
they can do that or they can get moving and get the thing done
on--get it done on their own Committee because this is terribly
important that people like you go through this just because we,
the people who issue the numbers, haven't put the proper
safeguards in place in order to protect you from identity
theft, when you have no choice but to go with a Social Security
Number.
Also, as you did with the driver's license, we need to also
put some type of a code as to someone's nationality. You come
here as a citizen of another country, even if you don't have a
work permit, if you have a bank account or if you are a student
here on a student visa, you have to have a Social Security
Number before you even open a bank account. Well, we need to
put some identifier on that so that the Social Security Number
that is given out will indicate that this person is not a
citizen and this person is here on a certain kind of visa. And
you can do it simply by just adding a letter from the alphabet
on that, and that is another matter that we are looking into.
Anything further, Mark?
Mr. FOLEY. I just wanted to thank Ms. Dykas for many
things, obviously being here today and for your help on Good
Sams St. Mary's for leading that effort and as well as Manora
Gardens.
What is the State doing that you find successful as a mode
for other States, and what do you think the Federal government
should do to help with this effort of identity theft?
Mr. DYKAS. I think that the State being on the forefront,
unfortunately, of having probably one of the highest rates of
identity theft and certainly post-September 11 issues
empanelled a grand jury, as I indicated, that that grand jury
was in place for well over 6 months and was able to take
testimony similar to the panel today and get very real life
experiences as well as talk with experts in terms of crafting
some type of resolution. And the grand jury report that came
out on January 10, if you split it in two categories, dealt
largely with recommendations to Florida Department of Highway
Safety and Motor Vehicle in terms of the driver's licenses,
certainly being a port State that we have a large influx of
people from other countries, and dealing with those issues that
may be more unique to a Florida, California, Texas.
It is an issue that I think everybody recognizes is a
problem. But if you identify what issues you can deal with,
those issues that how do we help the victims after it has
occurred, and I think the focus now with regard to the
legislation is how do we prevent it from happening? And I think
it is particularly tricky with all of the clerk's offices, for
instance. Many of the lawyers that deal with them are all going
to electronic filing, electronic posting, me being a State of
Florida employee, all of my information is public record,
including my Social Security Number. So they are working on
getting those issues exempted out as well.
Mr. FOLEY. Thank you.
Chairman SHAW. You just said something that rings an alarm
in my head that what can we do, the Federal government, after
you have been victimized to see that you don't go through this.
The issuing new Social Security Numbers really isn't the
answer, because that goes back and then some will have trouble
with all the earnings that they have had. But that is something
that we need to take up with the Social Security
Administration--what do you do once someone has been
victimized? Because, Lisa, you are quite right, you are more
vulnerable because you have been already violated, and it is
important, I think, that we look into this and see what can be
done. Ms. Bovbjerg just made a note, so that must mean I said
something that she is going to look into, I hope.
Mr. DYKAS. Well, I will give you one. Having been in the
Economic Crime Section here, it is very tough sometimes to get
a second Social Security Number, because frequently that is
what credit repair scams do. They suggest that you get a new
Social Security Number if you were actually the one who truly
did have a bad credit as a way to avoid any type of proper
credit reporting. So you bump up against issues all along the
way.
And one last comment I would suggest to this panel as well
is we have heard individual stories but part of what was
submitted from our office was also the cost to businesses,
banking entities as well. Two items briefly: Visa, in 1997, had
a total of $490 million in losses; Master Card, in 1997, had
$407 million in losses. So it affects everyone.
Chairman SHAW. That was from identity theft?
Mr. DYKAS. Yes.
Chairman SHAW. Wow.
Mr. DYKAS. Yes.
Chairman SHAW. They are getting half a billion dollars.
Thank you all. Thank this panel very much, and we very much
appreciate you taking the time to come down here and share your
experience with us.
Lee Cohen, the Assistant State Attorney in Charge,
Misdemeanor Trial Unit, State Attorney's Office, 17th Judicial
Circuit of Florida, Broward County, Florida. We have----
Ms. GUIALDO. Anthanagtha Guialdo.
Chairman SHAW. Thank you. Say it again for me, please.
Ms. GUIALDO. Anthanagtha Guialdo.
Chairman SHAW. Anthanagtha.
Ms. GUIALDO. Guialdo.
Chairman SHAW. Guialdo. Legal Assistant in Charge of
Identity Theft Unit, the State Attorney's Office, also with the
17th Judicial District of Florida from Broward County; the
Honorable Ed Bieluch, who is Sheriff with Palm Beach County,
West Palm Beach, Florida; and Paul Rispoli, who is the Sergeant
of Palm Beach County Sheriff's Office in West Palm Beach; and
Roland Maye, Special Agent-in-Charge, Atlanta Field Division,
the Office of Inspector General, the Social Security
Administration in Atlanta, Georgia.
I want to thank all of you for being here. We have your
written testimony. It has been submitted, it will be made a
part of the record, and you may proceed as you see fit.
Mr. Cohen.
STATEMENT OF LEE COHEN, ASSISTANT STATE ATTORNEY IN CHARGE,
MISDEMEANOR DIVISION, STATE ATTORNEY'S OFFICE, 17TH JUDICIAL
CIRCUIT OF FLORIDA, BROWARD COUNTY, FLORIDA
Mr. Cohen. Good afternoon, Mr. Chairman, Congressman Foley.
On behalf of Michael J. Satz, State Attorney, Broward County, I
would like to thank you for inviting us to be here. I am the
Assistant State Attorney in Charge of the Misdemeanor Division,
and I have the pleasure of also supervising Ms. Guialdo, who is
our Identity Theft Unit Legal Aide there in that unit. I would
like to bring a little bit different perspective to your
proceedings, because I am sure you have been inundated with
stories, as we have heard today, about financial losses,
economic fraud, identity theft, credit card scams and the like.
In our unit, we handle things--we have a little bit different
twist on what happens with identity theft involving Social
Security Numbers.
Just a little background. Before I came to my current
position, which I have had for about 5 years, I was a
Prosecutor in our Elder Abuse and Exploitation Unit. And there
I was charged with dealing with crimes against the elderly and
the senior citizens of Broward County involving fraud and
exploitation. Most of the cases I dealt with were care giver
type of relationships, between care givers and the seniors they
were supposed to be caring for. It was very common at that time
for me to have cases where credit card applications were
redirected or intercepted by the care givers. And I think that
puts them in a key position for this type of identity theft
above and beyond your normal relationship or normal mail
situation.
Most people do get their mail. The seniors that are being
cared for by the care givers are having their mail intercepted.
So I was having cases where the care giver would get the
application, fill out the application, get the credit cards or
add their names to other people's credit cards, and continue on
this type of fraud on and on for a very long period of time
without detection because the senior citizen was not getting
their mail. It wasn't until years later sometimes where family
Members got involved where this was detected. So I would like
you to consider in your deliberations the effect that the
elderly have because of their having to rely on others for
their mail which is their main line of communication.
One of the recommendations I had at various hearings and
meetings with different participants from the security agencies
of the financial institutions was to advocate and strengthen
the fraud alerts on the accounts as well as putting certain
restrictions on the accounts where you can call the bank and
say, ``I do not want anybody adding their name to my account. I
do not want any changes to the account without a personal
contact to me over the telephone with certain information
provided.'' I think that would be helpful, and I always
advocate that the victims I dealt with were citizens that I
spoke to to do such a thing. And I think also any--obviously, I
know that restricting the mailing out of applications and
offers is a controversial issue, but I think that whatever can
be done I that would be helpful.
The Identity Theft Unit that we have in the County Court
Division is a very unique but, believe it or not, longstanding
division that Mr. Satz has had since approximately 1978. There
we have a unit that is devoted to what we used to call, or
still called by many, the ``not me'' cases, where somebody is
charged with a crime or a person is charged with a crime, a
name is charged with a crime. The person comes to court and
they say to the judge or they say to their attorney or they say
to the prosecutor, ``That wasn't me.'' And of course the
response is, ``Yes, sure. Tell it to the judge or tell it to
the lawyer.''
But these are not cases of mistaken identity like, ``I was
at home eating mashed potatoes with my wife.'' These are cases
where this is not the person that the police intended to arrest
or intended to bring into the system. Somebody else has used
their name during an encounter with law enforcement which has
caused the innocent person to now be charged with a crime or
dealing with the criminal justice system.
And Ms. Guialdo is here to tell you a little bit about how
she deals with those cases. She deals with a large number of
those cases per year, most of the time dealing with driver's
license and driving offenses. Thank you.
STATEMENT OF ANTHANAGTHA GUIALDO, LEGAL ASSISTANT, IDENTITY
THEFT UNIT, COUNTY COURT DIVISION, STATE ATTORNEY'S OFFICE,
17TH JUDICIAL CIRCUIT OF FLORIDA, BROWARD COUNTY, FLORIDA
Ms. GUIALDO. Hello, Mr. Chairman, Mr. Foley, nice to meet
you. My name is Ann Guialdo. I am a Legal Assistant with the
17th Judicial Circuit, the Identity Theft Unit. As Mr. Cohen
stated again, our unit deals basically with an accused victim
who may or may not have been arrested but an original arrest
was made by somebody using their names or they were booked
using that person's name but the accused was arrested.
So my job is to go back within the file and check the
original arrest, fingerprints if there are any, booking photos
if there are any, and clear up the accused's name. Most of the
time it is a notice to appear where John Brown gives Tom
Brown's name and says Tom Brown's Social Security. He might
know it from speaking with Tom Brown is related to Tom Brown.
So there that Social Security problem comes in where we have to
go in and clean up Tom Brown's Social Security and personal
information from John Brown's name. So it becomes a big issue
all the time, because when someone is arrested their Social
Security automatically is put on the probably cause affidavit.
So we always come into that Social Security problem used as an
identifier.
My duties include determining whether this office charges
the right person by initiating an investigation into
prosecuting those who unlawfully use the identities of others.
The most prevalent cases I deal with are driving offenses
wherein a suspect comes to the unit claiming that they hadn't
received a citation but that somebody else did. It is our job
to look into it, be it by signatures or identifiers from a
driver's license that doesn't match that of the accused and
find out really who did it.
We also have felony cases where somebody is incarcerated
under my name. It is my job now, because this person is already
in the prison systems, to correct that information so by the
time this person gets paroled that he will come out in his own
name and not that of the accused. So we have a big process in
investigating that with fingerprints, Florida Department of Law
Enforcement (FDLE), the Federal Bureau of Investigation, and
the prison system in just trying to correct identifiers.
A lot of times we have cases where I go in for a background
check and because somebody used my name or somehow the Social
Security Number the imposter gave was wrong, it becomes my
problem because it was my Social Security Number. And my name
is now on their criminal history. So it becomes a problem
trying to clear all of that off and putting it on the right
person. I had placed into evidence exhibits, so those are
basically the things--it is a process. We have walk-in
complaints, phone calls and mail from all over the country.
My, not really recommendation, but fingerprints and Social
Security should kind of go hand in hand as identifiers. There
should be a way where a fingerprint could match a Social
Security Number or something, because, you know, criminals are
out there, and they do it every day. I had a lady call in, I
was trying to help her. She came in, filled out her paperwork
and everything, and she called the imposter's job, said she was
me, and the only way to distinguish that it wasn't me is you
can notice my name, and she couldn't spell it.
Chairman SHAW. I couldn't pronounce it.
[Laughter.]
Ms. GUIALDO. It is hard. So, you know, it becomes a problem
for everybody. Lately, I have been having a lot of Social
Security calls. Mothers call up and say, ``My son is going to
go to school in September. I need to get a Social Security
Number. Well, I went to the Social Security Administration,
they told me he already has a Social Security Number.'' And
they do a printout and here it is. Well, the father is using
the Social Security--received a Social Security Number in the
child's name. So now she has to do whatever to try to
straighten that out.
Chairman SHAW. Yes, but I think you have to do it in the
hospitals now.
Ms. GUIALDO. Right. So the father is using it, so it
becomes a whole problem for this child. It is very difficult. I
have had--my brother's name is similar to mine, we are a number
off, so that becomes a problem also, because when law
enforcement is putting it in their system, somebody is manually
putting them in. A number is off. It automatically becomes my
problem. So it a catch-22 issue. Thank you.
[The prepared statement of Ms. Guialdo follows:]
Statement of Anthangtha Guialdo, Legal Assistant, Identity Theft Unit,
County Court Division, State Attorney's Office, 17th Judicial Circuit
of Florida, Broward County, Florida
My name is Anthangtha Guialdo and I am a Legal Assistant assigned
to the Identity Theft Unit within the County Court Division of the
Office of the State Attorney, 17th Judicial Circuit in
Broward County. Assistant State Attorney In Charge Lee G. Cohen and I
have been asked by State Attorney Michael J. Satz to represent this
office at this hearing. The Identity Theft Unit, originally referred to
as the ``Not Me'' Unit, was created by Mr. Satz in 1978 to assist those
whose identities have been misused in criminal cases. I have been
working in this unit for 5 years. This unit processes approximately
2400 cases each year.
A majority of the cases presented to me are done so by the accused
(currently named defendant) wherein they are claiming that they have
been mistakenly accused of a crime when in fact law enforcement or the
Office of the State Attorney intended to charge someone else (often
referred to as a ``Not Me'' case). This is due to the true perpetrator
using the name or otherwise identifying him or herself as the accused.
The perpetrators are usually family members or acquaintances of the
accused or strangers who have gained access to personal information of
the accused. I have even had my identity stolen by one of the accused
that I was trying to help but as you can imagine, she had difficulty in
determining the correct spelling of my name.
My duties include determining whether this office charges the right
person as well as initiating investigations into prosecuting those who
have unlawfully used the identities of others. The most prevalent type
of cases I deal with are driving offenses wherein a suspect comes to
this unit claiming that they received a citation for a criminal or
civil traffic offense in their name and that in fact, they were never
stopped for such offense. Other misdemeanor and felony cases are also
presented where the currently charged defendant claims ``Not Me.'' When
a defendant begins to claim that there has been a mistaken identity as
to who committed the crime or poses an alibi (i.e. ``It was me who they
arrested but I didn't do it''), that defendant is immediately referred
to his or her lawyer for further legal advice.
When processing a case in this unit, I will interview the suspect
and obtain as much personal documentary information I can including
fingerprints, signatures, and copies of driver's license. I will then
obtain records and photographs from several agencies including the
Department of Highway Safety and Motor Vehicles and the local police
agencies as well as have fingerprint comparisons made. Occasionally
officers or witnesses will be asked to come to the office to see if
identifications can be made in order to determine true identities. If I
determine that the wrong person is accused then recommendations are
made to the Assistant State Attorneys for the charges to be dismissed.
If the identity of the true perpetrator is determined, orders and
corrected charging documents will be drafted reflecting the correct
person's identity as well as the charging of additional criminal
charges pursuant to F.S.S. 817.568 for Criminal Use of Personal
Identification Information, F.S.S. 843.02 Resisting/Obstructing Officer
without Violence and F.S.S. 831.01/831.02 Forgery. (See ``Exhibit A'')
In processing my cases, I rely heavily on the validity of Social
Security numbers. For example, when checks are made through the
National Criminal Information Services and the Florida Criminal
Information Services the Social Security number is linked to the master
(true) name as an identifier, as well as listing all alias names, dates
of birth and Social Security numbers. (See ``Exhibit B'') Additionally,
during the booking process, and more importantly for me (due to no
fingerprinting of photographing of the suspect), during the issuing of
a Notice to Appear/Citation in place of booking, the suspect is often
inquired as to his or her Social Security number, which can later be
used to verify or distinguish identity. (See ``Exhibit C'') The Social
Security number is also used to verify the accuracy of the
transposition of names from person to document and document to
document, as well as being used to distinguish between persons with
common names. (See ``Exhibit D'') Our Information (charging documents)
even lists the Social Security number on the top for identification
purposes. (See ``Exhibit E'')
State Attorney Michael J. Satz conveys his appreciation for
requesting input from this office in this matter. Anything that can be
done to insure the validity of Social Security numbers will assist in
this unit's goal to ensure that only the correct de-
fendants are charged with crimes and to assist those victims of the
system who are mistakenly charged due to the criminal acts of others.
Chairman SHAW. Thank you. Sheriff?
STATEMENT OF HON. ED BIELUCH, SHERIFF, PALM BEACH COUNTY, WEST
PALM BEACH, FLORIDA
Mr. BIELUCH. Good afternoon. Let me preface this by saying
that I am not an expert in identity theft; however, it has been
around longer than I have been in law enforcement, as Ms.
Guialdo stated, particularly with drivers' licenses, and we
have had to deal with that over the years many, many, many
times, and what we do is if we have someone that is driving
with no identification, then we take a thumbprint on a special
piece of paper and attach it to the citation so that they can
be identified later in court should somebody show up and say,
``It wasn't me.''
It seems like that would be impractical in dealing with a
Social Security card unless there was some type of electronic
reader that could do the reading and compare them, which I
suppose there is. I mean there is all kinds of identifiers out
there--iris identifiers and that type of thing--which will
probably help at some point when we get to that technology. I
mean technology is kind of the catalyst here. Technology has
allowed identity theft to really, really grow, and it is
probably going to be the way that we have to solve it.
Couple points I will make on what Mr. Morell said earlier,
that the amount of money seeming to stymie the investigation,
and I think that is very true, that $20,000 in the overall
scheme of things isn't a lot of money but really it is. And,
you know, we look at these at property crimes as opposed to
person crimes where somebody is injured, but in many cases I
believe that these are almost life threatening because some
people just can't afford to lose $20,000. I mean to some people
it is a drop in the bucket, but others that is their life, and
that is their college money, that is their retirement money, it
is whatever they have been saving up for for dozens and dozens
of years. And it is almost a life threatening crime to them,
and I think we need to approach it on a more serious level
regardless of the amount.
And one of the other problems is when we talk about trying
to get people back on track and get back in the system, and it
seems like a lot of red tape, and I am sure it is, but there
are thousands, millions of people out there who are genuine bad
guys. They are ripping off stores with credit cards and that
type of thing, so I mean the other side of the coin is that
that is what they are up against when they go to have their
credit restored is the fact that there are lots of bad people
out there and they just don't believe their story. But I am
going to let Sergeant Rispoli talk because he is our expert on
identity theft.
STATEMENT OF PAUL RISPOLI, SERGEANT, PALM BEACH COUNTY
SHERIFF'S OFFICE, FINANCIAL CRIMES UNIT, WEST PALM BEACH,
FLORIDA
Mr. RISPOLI. Good afternoon, Mr. Chairman, Mr. Foley. On
behalf of Sheriff Bieluch and the entire Palm Beach County
Sheriff's Office Financial Crime Unit, I want to thank you for
inviting us today. My name is Sergeant Paul Rispoli. I am
currently in charge of the Palm Beach County Sheriff's Office
Financial Crime Unit. Also here with me today is my Captain,
Captain Simon Barnes from the Detective Bureau, along with two
detectives from the unit: Detective Alice Gold and Pete
Palenzuela. Any questions I can't answer they will be able to
answer.
Detectives in the Financial Crime----
Chairman SHAW. But they are sitting in the back and said
you are on your own.
[Laughter.]
Mr. RISPOLI. I didn't see the door shut, so I know they are
still here. Detectives in the unit are responsible for the
investigation of white collar crimes, specifically responsible
for investigating exploitation of the elderly, corporate
embezzlement, identity theft, credit card fraud, counterfeiting
and computer Internet fraud. This six-person unit shares a
combined 100 years experience in law enforcement. During this
time, we have been assigned to road patrol, different units
within the Detective Bureau, along with money laundering.
Of all the crimes I have investigated personally, identity
theft cases are one of the most difficult. They are difficult
in identifying the suspects, difficult to get financial
institutions to cooperate, difficult to prosecute and difficult
to have the guilty parties receive sentences that would deter
committing identity theft again. Over the past 5 years, there
has been a significant increase in crimes where criminals
compromise personal identification data of victims in order to
commit identity theft. The information falling into criminal
hands includes name, date of birth, Social Security Number,
banking account numbers, and other financial information.
The victims of identity theft, like other crimes, are made
to feel personally responsible. This is especially true in
light of the vicious cycle of events following the
circumstances of the crime. Imagine for a moment, which Mr.
Foley has already run into, you go to a car dealer to buy a new
car only to be denied because of a negative payment on your
credit report--information that you had no knowledge of. The
trauma this type of fraud causes its innocent victims is
inconceivable, as victims are usually left to fix the problem.
I will explain some of the difficult areas involved with
investigating identity theft. Identifying the suspect.
Technology, as the Sheriff has said, has improved a thief's
chances of getting away with crime. A thief doesn't need a gun
or a mask to commit a crime. Today's gun is a keyboard and the
mask is a computer with Internet access. You can apply for
loans, credit cards, bank accounts online. You can purchase
items with a click of a button and have them shipped all over
the world. The thief is never seen. The credit cards and the
merchandise is delivered to an empty apartment in the thief's
building or neighborhood or a post office box under the
victim's name. Most financial institutions and credit card
companies fail to check or question why the applicant's address
is different than the address listed in the credit report.
Most of our complaints come from victims who are local and
the thief is in another country, State, or county. Florida has
a statute dealing with this crime. The statute allows for a
venue for the prosecution and trial of violations to be
commenced and maintained in any county in which an element of
the offense occurred, including the county where the victim
generally resides. The local law enforcement agency where the
victim resides does not normally have the ability and resources
to investigate the offense when it occurs in another county or
State.
Financial institutions' and credit card companies'
cooperation--most financial institutions and credit card
companies are reluctant to cooperate during an investigation,
because it generate negative publicity, and the loss amount on
one case is usually not enough to begin an investigation. It
costs more to investigate the case than write off the loss.
That is what I have been told.
Prosecution and sentencing. Even when a thief is identified
and there is probable cause for arrest, some prosecutors tend
to plead a case out prior to trial. This plea agreement is
usually probation and restitution. When criminals have been
found guilty in court, they rarely see any jail time. Most are
sentenced to probation and restitution anyway, so there is no
deterrence to committing this crime.
Financial and white collar crime has always been viewed as
a lesser threat than a burglary or a robbery. Common consensus
is no one is hurt. Ask a victim of identity theft is they feel
any less violated than a robbery victim or a burglary victim.
Victims have been refused employment, loans, some victims have
actually been arrested for crimes that the identity thief has
committed. Victim lives have been destroyed in this crime. In
light of the events of September 11, 2001, one should be aware
that identity theft in Florida played an important role in a
terrorist being able to carry out their objectives. Identity
theft does hurt people.
Some recommendations suggested by the Palm Beach County
Sheriff's Office Financial Crime Unit: An increase in public
education about identity theft, which this is part of, the
media is all gone now but at least they were here; increased
law enforcement education and interagency cooperation. Victims
should not be turned away; a report must be taken. The current
identity theft statute needs to be updated with enhanced
penalties for this crime. This will make the crime less
attractive for a thief.
Credit cards and financial institutions should be held
responsible for indiscriminate issuing of credit to
unauthorized persons, i.e, mass mailing pre-approved credit
applications. Credit bureaus must take a more active role in
ensuring security of one's credit. This may involve notifying a
person that their credit has been checked. Also, I heard, I am
not sure which panelist it was, said about the fraud alert.
That doesn't live with you the rest of your life unless you
keep on calling. After a certain amount of time, each credit
bureau can shut that off.
Require any web-based company or company taking credit
applications over the Internet to maintain detailed records of
their transactions. Posting of Social Security Numbers on the
Internet should be prohibited. Entities having access to a
consumer's personal identifying information should be strictly
accountable as to whom they provide such information to and the
purpose the information is being provided for.
We believe if there were an enhancement to the penalties
for identity theft, the criminal element would less likely
attempt to commit this crime.
In closing, we would like to thank you, Congressman Shaw
and Mr. Foley, for giving law enforcement an opportunity to
offer input into this matter. Additionally, we would ask that
this Committee consider the massive impact identity theft has
had on our society. Thank you.
[The prepared statement of Mr. Rispoli follows:]
Statement of Paul Rispoli, Sergeant, Palm Beach County Sheriff's
Office, Financial Crimes Unit, West Palm Beach, Florida
Good Afternoon, Mr. Chairman and members of the Subcommittee. On
behalf of Sheriff Ed Bieluch, we would like to thank you for the
opportunity to appear before you today to discuss this very important
subject.
My name is Sgt Paul Rispoli. I am currently in charge of the Palm
Beach County Sheriff's Office Financial Crimes Unit Seated next to me
is the Sheriff of Palm Beach County Ed Bieluch, Captain Simon Barnes
and Detectives Pete Palenzuela and Alice Gold.
We are currently assigned to the Financial Crimes Unit. Detectives
in the Financial Crimes Unit are responsible for the investigation of
white-collar crimes, specifically responsible for investigating
exploitation of the elderly, corporate embezzlement, identity theft,
credit card fraud, counterfeiting and computer Internet fraud.
This six-person unit shares a combined 100 years experience in law
enforcement. During this time, we have been assigned to road patrol,
different units within the detective bureau itself and money
laundering.
Of all the crimes I have investigated, identity theft cases are the
most difficult.
LDifficult in identifying the suspect(s),
LDifficult to get financial institutions to
cooperate,
LDifficult to prosecute, and
LDifficult to have the guilty parties receive
sentences that would deter committing identity theft.
Over the past five years, there has been a significant increase in
crimes where criminals compromise personal identification data of
victims, in order to commit identity theft. The information falling
into criminal hands includes:
LName,
LDate of birth,
LSocial Security Number,
LBanking account number, and other personal and
financial information.
Victims of identity theft, like other crimes, are made to feel
personally responsible. This is especially true in light of the vicious
cycle of events following the circumstances of this crime. Imagine for
a moment, you go to a car dealer to buy a new car, only to be denied
because of a negative payment history reflected in a credit report--
information that you knew nothing about. The trauma this type of fraud
causes its innocent victims is inconceivable, as victims are usually
left to fix the problem.
I will explain some of the difficult areas involved with
investigating Identity Theft----
Identifying the syspect:
Technology has improved a thief's chances of getting away with
crime. A thief doesn't need a gun or a mask to commit crimes. Today's
gun is a keyboard and the mask is a computer with Internet access. You
can apply for loans, credit cards, and bank accounts online. You can
purchase items with the click of a button and have them shipped all
over the world. The thief is never seen. The credit cards and
merchandise is delivered to an empty apartment in the thief's building
or neighborhood or a post office box under the victim's name.
Most Financial institutions/Credit Card companies fail to check or
question why the applicant's address is different than the address
listed in the credit report.
Most of our complaints come from victims, who are local and the
thief is in another county, state, or country.
Florida has a statute dealing with this crime. The statute allows
venue for the prosecution and trial of violations to be commenced and
maintained in any county in which an element of the offense occurred,
including the county where the victim generally resides.
The local law enforcement agency where the victim resides does not
normally have the ability and resources to investigate the offense when
it occurs in another county or state.
Financial institutions and Credit Card Companies cooperation:
Most financial institutions/credit card companies are reluctant to
cooperate during an investigation because it can generate negative
publicity. The loss amount on one case is usually not enough to begin
an investigation.
It costs more to investigate the case than to write off the loss.
Prosecution and Sentencing:
Even when a thief is identified and there is probable cause for an
arrest some prosecutors tend to plea a case out prior to trial. This
plea agreement is usually probation and restitution. When criminals
have been found guilty in court they rarely see any real jail time.
Most are sentenced to probation and restitution anyway, so there is no
deterrence to committing this crime.
LFinancial (white collar) Crime has always been viewed as a lesser
threat than a burglary or a robbery.
Common consensus is ``No one is hurt''.
Ask a victim of identity theft if they feel any less violated.
LVictims have refused employment, loans, and some victims have actually
been arrested for crimies the identity thief has committed.
Victim's lives have been destroyed by this crime.
In light of the events of September 11, 2001, one should be aware
that identity theft in Florida played an important role in the
terrorist being able to carry out their objectives.
LIdentity Theft does hurt people in many ways.
Some Recommendations suggested by the Palm Beach County Sheriff's
Office Financial Crimes Unit:
LIncrease Public education about Identity Theft.
LIncrease Law Enforcement education and interagency
cooperation. Victims should not be turned away--a report must
be taken.
LThe current Identity Theft statute needs to be
updated with enhanced penalties for this crime. This will make
the crime less attractive for a thief.
LCredit card companies and Financial Institutions
should be held responsible for indiscriminate issuing of credit
to unauthorized persons. (Mass mailing pre-approved credit
cards to the public)
LCredit Bureaus must take a more active role in
ensuring security of ones credit. This may include notifying a
person that their credit has been checked.
LRequire any web-based company or company taking
credit applications over the Internet to maintain detailed
records of their transactions.
LPosting of Social Security Numbers on the Internet
should be prohibited.
LEntities having access to a consumer's personal
identifying information should be strictly accountable as to
whom they provide such information to and the purpose the
information is being provided for.
LWe believe if there were an enhancement in the
penalties for identity theft, the criminal element would less
likely attempt to commit this crime.
In closing, we would like to thank Congressman Shaw for giving Law
Enforcement an opportunity to offer input in this matter. Additionally
we would ask this committee to consider the massive impact identity
theft has had on our society.
Chairman SHAW. Thank you. Mr. Maye?
STATEMENT OF ROLAND MAYE, SPECIAL AGENT-IN-CHARGE, ATLANTA
FIELD DIVISION, OFFICE OF THE INSPECTOR GENERAL, SOCIAL
SECURITY ADMINISTRATION, ATLANTA, GEORGIA
Mr. MAYE. Good afternoon, Congressman Shaw and Congressman
Foley, and thank you for inviting the Office of the Inspector
General, the Social Security Administration to testify today.
My name is Roland Maye, and I am the Special Agent-in-Charge of
the Criminal Investigative Activities for this region.
As you noted in your opening remarks, the misuse of Social
Security Numbers plays an increasingly large role in two issues
currently plaguing American society. Identity theft victimizes
thousands of Americans every year, and the number of identity
theft crimes continues to grow. This crime begins, in many
cases, with the misuse of a Social Security Number. And
Homeland Security has become an even greater focus for all
Americans. We have learned over the past 7 months that
protecting a Social Security Number and preventing identity
fraud is not only a criminal justice issue, but a Homeland
Security challenge.
On behalf of the Inspector General, who could not be here
today, I would like to touch briefly on each of these issues,
starting with identity theft.
As you know, the Social Security Number was never intended
to be a national identification number, but we can longer
pretend otherwise. A vital part of commercial transactions of
every kind, the SSN is as much a part of our identity as our
own name. Indeed, the SSN is a more unique identifier--many
people share common names, but an SSN is issued only once. For
this reason, a valid SSN is an almost priceless tool for
identity thieves. With an SSN in hand, unscrupulous individuals
can apply for credit cards, open bank accounts, take out loans,
apply for government benefits, obtain jobs, and do the many
things all of us do every day, but these unscrupulous
individuals do so fraudulently under an assumed identity.
In fiscal year 2000, more than half of the 92,000
allegations received by our fraud hotline were allegations of
SSN misuse. The victims of identity crimes face situations
similar to those described by the witnesses here today--
feelings of violation and helplessness, and a long, difficult
road to financial recovery. We have made some progress.
Certainly the public is more aware of identity theft, and of
the importance of protecting their SSN and other personal
information than, they have ever been. And the Social Security
Administration, which has adopted some of the recommendations
made in our audit report, has taken important steps in
tightening the process by which Social Security Numbers are
issued and used.
On the investigative side, we see more and more indictments
and convictions for identity theft crimes around the country.
Right here in Florida, agents from my office, working with the
Florida Department of Law Enforcement, brought the very first
case indicted by Governor Bush's 16th statewide Grand Jury for
the Purpose of Investigating Identity Theft, resulting in the
indictment of six individuals with multiple counts of identity
theft. Around the country, similar efforts have ensured that
while identity theft may not be a difficult crime to commit,
the prosecution of those who commit identity theft is now more
of a priority for law enforcement agencies.
As great a challenge as identity theft has become, the true
severity of the larger SSN misuse problem became horribly
apparent after the attack of September 11. We have come to
learn in the 7= months since that day just how critical it is
that we protect the integrity of the Social Security Number. We
knew that our credit rating depended on it; we know now that
our lives may depend on it.
There is no greater issue in the Homeland Security arena
than protecting the integrity of the Social Security Number. It
is virtually impossible to operate in the United States without
a Social Security Number. It stands to reason, then, that any
enemy of the United States that wants to infiltrate our borders
and live among us would need a Social Security Number in order
to do so. The challenge before us is to find a way to allow
legitimate commerce to continue using the SSN for legitimate
purposes while making it less simple for both identity thieves
and even more dangerous individuals to misuse SSNs.
Part of that solution lies with SSA and its OIG. Many of
the recommendations we have made to improve the enumeration
process are already in place or in the process of being
implemented. For example, SSA's practice of issuing ``non-
work'' SSNs to visitors to our country so that they may obtain
drivers licenses has been discontinued. Development of a
meaningful process for SSA to verify immigration documents with
the Immigration and Naturalization before issuing an SSN has
been expedited. And SSA appreciates the need to do all it can
under current law and within the position of budgetary
constraints to protect the SSN upon its issuance during the
life of the number-holder, and upon the number-holder's death.
In OIG, we have worked around the clock since September 11,
both in support of the investigation into the events of that
day, and in furtherance of Federal efforts to prevent future
acts. An example is our participation in Operation Tarmac in 12
major airports around the country. The most recent of these was
in the Washington, DC, area, where last week, together with
other Federal authorities, we arrested some 105 individuals
suspected of providing false information--including SSNs--to
obtain work in secure areas of Reagan National Airport, Dulles
International Airport, and Baltimore-Washington International
Airport. Again, working within the limitation of existing
laws--laws which were written for a time before identity theft
and Homeland Security became the overarching issues they are
today--we have taken significant steps.
But we need the help of this Subcommittee and the Congress
as a whole. Legislations must be enacted to close the gaps in
the laws that govern the use of SSNs. Legislation like H.R.
2036, the Social Security Number Privacy and Identity Theft
Protection Act of 2001, introduced by this Subcommittee, places
meaningful restrictions on the use, display and sale of SSNs
and provides new and important enforcement mechanisms for
offenders. Such legislation represents an important step to
reducing identity theft and making the SSN unavailable as a
tool to those who commit or support acts of terror against the
United States.
The Inspector General looks forward to working with this
Subcommittee to ensure that we are doing all we can to stem the
tide of SSN misuse. Thank you.
[The prepared statement of Ms. Maye follows:]
Statement of Roland Maye, Special Agent-in-Charge, Atlanta Field
Division, Office of the Inspector General, Social Security
Administration, Atlanta, Georgia
Good morning, Chairman Shaw, and thank you for inviting the Office
of the Inspector General (OIG), Social Security Administration (SSA),
to testify today. My name is Roland Maye and I am the Special Agent-in-
Charge of the criminal investigative activities in this region.
As you noted in your opening remarks, the misuse of Social Security
numbers (SSNs) plays an increasingly large role in two issues currently
plaguing American society. Identity theft victimizes thousands of
Americans every year, and the number of Identity Theft crimes continues
to grow. This crime begins, in many cases, with the misuse of an SSN.
And Homeland Security has become an even greater focus for all
Americans. We have learned over the past 7 months that protecting the
SSN and preventing Identity fraud is not only a criminal justice issue,
but a Homeland Security challenge. On behalf of the Inspector General,
who could not be here today, I would like to touch briefly on each of
these issues, starting with Identity Theft.
As you know, the SSN was never intended to be a national
identification number, but we can no longer pretend otherwise. A vital
part of commercial transactions of every kind, the SSN is as much a
part of our identity as our own name. Indeed, the SSN is a more unique
identifier--many people share common names, but an SSN is issued only
once. For this reason, a valid SSN is an almost priceless tool for
identity thieves. With an SSN in hand, unscrupulous individuals can
apply for credit cards, open bank accounts, take out loans, apply for
government benefits, obtain jobs, and do the many things all of us do
every day.
In Fiscal Year 2000, more than half of the 92,000 allegations
received by our fraud hotline were allegations of SSN misuse. The
victims of Identity crimes face situations similar to those described
by the witnesses here today--feelings of violation and helplessness,
and a long, difficult road to financial recovery. We have made some
progress. Certainly the public is more aware of Identity Theft, and of
the importance of protecting their SSN and other personal information,
than they have ever been. And SSA, which has adopted some of the
recommendations made in our audit reports, has taken important steps in
tightening the process by which SSNs are issued and used.
On the investigative side, we see more and more indictments and
convictions for Identity Theft crimes around the country. Right here in
Florida, agents from my office, working with the Florida Department of
Law Enforcement, brought the very first case indicted by Governor
Bush's 16th Statewide Grand Jury for the Purpose of Investigating
Identity Theft, resulting in the indictment of six individuals with
multiple counts of Identity Theft. Around the country, similar efforts
have ensured that while Identity Theft may not be a difficult crime to
commit, the prosecution of those who commit Identity Theft is now more
of a priority for law enforcement agencies.
As great a challenge as Identity Theft has become, the true
severity of the larger SSN misuse problem became horribly apparent
after the attacks of September 11th. We have come to learn in the 7
months since that day just how critical it is that we protect the
integrity of the SSN. We knew that our credit ratings depended on it;
we know now that our lives may depend on it.
There is no greater issue in the Homeland Security arena than
protecting the integrity of the SSN. It is virtually impossible to
operate in the United States without an SSN. It stands to reason, then,
that any enemy of the United States that wants to infiltrate our
borders and live among us would need an SSN in order to do so. The
challenge before us is to find a way to allow legitimate commerce to
continue using the SSN for legitimate purposes, while making it less
simple for both Identity Thieves and even more dangerous individuals to
misuse SSNs.
Part of that solution lies with SSA and its OIG. Many of the
recommendations we have made to improve the enumeration process are
already in place or in the process of being implemented. For example,
SSA's practice of issuing ``non-work'' SSNs to visitors to our country
so that they can obtain drivers licenses has been discontinued.
Development of a meaningful process for SSA to verify immigration
documents with the Immigration and Naturalization Service before
issuing an SSN has been expedited. And SSA appreciates the need to do
all it can under current law and within existing budgetary constraints
to protect the SSN upon its issuance, during the life of the number-
holder, and upon the number-holder's death.
In OIG, we have worked around the clock since September 11th, both
in support of the investigation into the events of that day, and in
furtherance of Federal efforts to prevent future acts. An example is
our participation in Operation Tarmac in 12 major airports around the
country. The most recent of these was in the Washington, DC area, where
last week, together with other Federal authorities, we arrested some
105 individuals suspected of providing false information--including
SSNs--to obtain work in secure areas of Reagan National Airport, Dulles
International Airport, and Baltimore-Washington International Airport.
Again, working within the limitations of existing laws--laws which were
written for a time before Identity Theft and Homeland Security became
the overarching issues they are today--we have taken significant steps.
But we need the help of this Subcommittee and the Congress as a
whole. Legislation must be enacted to close the gaps in the laws that
govern the use of SSNs. Legislation like H.R. 2036, The Social Security
Number Privacy and Identity Theft Protection Act of 2001, introduced by
this Subcommittee, places meaningful restrictions on the use, display,
and sale of SSNs and provides new and important enforcement mechanisms
for offenders. Such legislation represents an important step toward
reducing Identity Theft and making the SSN unavailable as a tool to
those who commit or support acts of terror against the United States.
The Inspector General looks forward to working with this
Subcommittee to ensure that we are doing all we can to stem the tide of
SSN misuse.
Thank you and I'd be happy to answer any questions.
Chairman SHAW. Thank you. I would like to address this to
anyone on the panel who has information, the question of repeat
offenders.
Ms. GUIALDO. They are very common. It is every week the
same person. It is a constant issue. Right now I have cases
where a perpetrator used one person's name. We cleared that
person's name. Well, he is also on two other person's cases.
Chairman SHAW. Has he been apprehended?
Ms. GUIALDO. We refiled charges against him, but the police
department does not actively go out and pick you up. If he gets
stopped using his own name, he will be apprehended for the new
crimes. But if he is not, it doesn't happen.
Chairman SHAW. Is that the case up here, Sheriff? Are you
talking about misdemeanors?
Ms. GUIALDO. Yes.
Mr. Cohen. Usually, they are misdemeanors. Usually just the
plain using somebody else's name, unless it results in
specified harm, it is a misdemeanor. If there is a certain
harm----
Chairman SHAW. Well, if it is grand theft to--identity
theft, yes, the felony, I mean the felony they will go get
them, won't they?
Mr. Cohen. That is probably a statewide problem is
basically the arrest on these warrants. I mean the police
departments prioritize, you know, different degrees. They put
different efforts into the fugitive squads of the different
police departments. That is a constant resource issue, the
apprehension of outstanding felons or outstanding fugitives.
Chairman SHAW. Sheriff?
Mr. BIELUCH. We probably have right now some 50 to 60,000
warrants just in our Palm Beach County database, and we don't
actively go out after misdemeanants; however, perhaps we should
in this case. I have made a note of it, and this obviously has
the potential to become a serious felony. As we said, stated
over and over again, because nobody gets hurt, because it is
not a crime against person, these things tend not to be
investigated as thoroughly. And when the warrants come out,
sometimes they probably don't go pick them up as quickly as
they could. But I am going to take note of that, and we
definitely will be going after the misdemeanor identity theft
cases.
Chairman SHAW. We heard two felony cases today----
Mr. BIELUCH. Right.
Chairman SHAW. From our witnesses. Also, you are quite
right as to what a growing problem it is. This is the fastest
growing crime in the United States today. Still what we are
looking at today is probably a drop in the bucket compared to
what it is going to be, and unless we start getting some
vigorous law enforcement and some arrest, it will go even
faster.
Mr. BIELUCH. Yes, I agree. But, you know, all criminals
have MOs, and this is just the MO of the people that do
identity theft. And burglars get out of jail, and they don't
suddenly become car thieves. They go back to being burglars
because that is kind of their trade, and the punishment is nil.
Mr. Cohen. But it is not just a crime. It really--it is not
just the crime, it is the means to a crime. It really is. And a
lot of people say identity theft is a crime. I think that it
really is--it is just part of your grand theft, it is part of
your credit card fraud, it is part of your forgeries. And that
is all it is, is a tool. Instead of pushing them down and
grabbing their purse and then using their credit card, they are
just applying in the mail for one.
Mr. FOLEY. Identity theft is the getaway car, just one
issue. Sergeant Rispoli, I appreciate, and all of your
testimony I appreciate specifically, but you did a nice job of
outlining what are good areas for us to look into: education,
enhanced penalty, the companies themselves--not a day goes by
that I don't end up with something in my mailbox for a free
teaser ad, get 1.5-percent interest rate for the next 30 hours,
and then it goes to 19 percent.
Mr. RISPOLI. If you get to the mailbox first.
Mr. FOLEY. Right, exactly. And that is the problem. People
are going into your mailbox and gaining some of this
information. The web postings, these are all interesting
suggestions.
Mr. Maye, as well, with the Social Security Administration,
thank you for illuminating some of the problems we are facing
relative to immigration. It is a whole other--I talked to a
person the other day, because I asked--I know their status is
illegal, I asked, ``How you are able to work here?'' They said,
``Oh, five or six of us use the same person's Social Security
Number.'' I said, ``Five or six? Doesn't Social Security ever
check how he has five or six jobs?'' He said, ``Oh, no. It has
never happened to him yet.'' But I mean these things are going
on, and so people are either using numbers collectively or
gaining them illegally, and so it is a frightening aspect,
because we all, again, feel very, very vulnerable.
Mr. MAYE. In some cases this is true, especially in the
agricultural areas, the person employing the workers are the
ones who don't do the necessary checks to ensure that each
worker has a valid number. They are more concerned with
gathering their crops, so they might look the other way. We
have had several cases on some major producers that hired
individuals without valid SSNs because they didn't do the
proper checks to ensure that each individual they hired had a
valid SSN.
Mr. FOLEY. No, but it is interesting, and I fault
government a lot, and whether we fail to live up to technology
we have to look at the problem. I mean I can use an ATM card in
Europe. I can put it in a machine, it reads my bank account in
the United States, determines if I have a balance and in about
15 seconds it sends me back cash in the denomination of the
country I am in. Now Social Security, you would think, if
somebody was an employer, they could call up and verify within
15 seconds whether the person presenting themselves had a valid
Social Security Number and maybe some outliers, like they ask
my grandmother's maiden name. If there was an ability to do
that, then I would shoulder the responsibility mostly on the
employer community. But I don't know who they call today, and I
don't know how long it would take.
Mr. MAYE. Social Security has such a system in place.
Mr. FOLEY. Is it?
Mr. MAYE. An employer can call and verify an SSN with SSA.
Mr. FOLEY. Quickly?
Mr. MAYE. Yes, expeditiously.
Mr. FOLEY. Well, then, God bless, we have gotten something
going on, because that is a big concern.
Mr. MAYE. It is just a matter of getting employees oriented
to contacting Social Security and verifying the employee's SSN.
Mr. FOLEY. Well, then we will work on that aspect of it.
Because it was one of the concerns that I had that we didn't
have enough means in which to determine. And then fraudulent
documents are a problem as well for employers. There is a lot
of things that go on. Thank you.
Chairman SHAW. I would like to thank you all. I think we
always learn something from a field hearing, and this has been
very helpful to us to see the frustrations of prosecution and
law enforcement and trying to get these things done.
The bill that we have filed that we are working on would
have penalties up to 5 years in jail for people that were
trapped in these numbers. So the identity theft would become--
would also become a felony, not just a misdemeanor under what
we are proposing. So we still have some work to do, but we will
look into it, and I think we will be able to use your
experience in developing this legislation as we see it through.
I am hopeful that we can get the bill passed in short order to
get this thing moving. What happens over in the Senate, which
is the graveyard of legislation, I have no idea, but we will do
our part.
Thank you all for being here. Say hello to Mike for me. We
go back 30-some years. Thank you.
[Whereupon, at 3:45 p.m., the hearing was adjourned.]
[Submissions for the record follow:]
Plantation, Florida 33322
May 10, 2002
The Honorable E. Clay Shaw, Jr.
Chair, Subcommittee on Social Security
Committee on Ways and Means
U.S. House of Representatives
Dear Representative Shaw, Chair, and Committee Members:
This letter is in reference to protecting the privacy of social
security numbers and preventing identity theft. In coming across
information regarding the already held Subcommittee Hearing in Lake
Worth through the Congressional website, there was also details for
submission of written comments by May 13, 2002. I am a concerned
private citizen wishing to submit comments on this subject.
Increasingly, more articles are released by the media highlighting
the pervasive misuse of social security numbers (SSNs) by criminals and
terrorists. It is now known that a majority of the September
11th terrorists fraudulently obtained false SSNs to carry
out their activities and this has exemplified the severe consequences
of the failure to protect the integrity of SSNs. I commend Congress for
taking steps to protect the privacy of every Americans' SSN and, as you
have indicated, it is an appropriate action in the Nation's response to
terrorism.
There appear to be many issues related to the fraudulent use of
SSNs, ranging from law enforcement issues to the ease of accessibility
to target victims with identity theft, on account of the widespread use
of SSNs as an identification method by businesses, government, medical,
and educational institutions. There is a strong need for preventative
measures and legal protections to be put in place for U.S. citizens.
Public and private entities routinely request the surrender of an
individual's SSN as a course of business. As a result, it gets harder
for an individual to control access to their own SSN leaving them
exposed as victims to potential criminal activity. A serious concern of
mine relates to the routine request for SSN by medical practices and
health insurances. Not only do many health insurances have practices
such as issuing cards announcing an individual's SSN to all parties but
also many hospitals, doctors, and others in the medical industry make
releasing a SSN a condition to receiving medical attention. Denial of
business services due to refusing to submit SSN may currently be an
option for those providing consumer goods and services but should not
be permitted for medical and insurance providers for its potential
serious repercussions and unfair access to medical care. All these
industries may have a legitimate need for individual identifiers,
including obtaining payment for services, products and insurance, but
not by contributing to the exposure of SSNs to potential fraud and the
peril of its customers. It is my hope that such concerns be addressed
to reduce the common use of SSNs.
I would like to be kept informed on the progress of the legislation
being considered. Thank you for your attention to the matter.
Sincerely,
Maisy Alpert
Statement of David Palay, Las Vegas, Nevada
I urge all members of the Committee to DISREGARD the complaints of
industry about limitations on the use of Social Security Numbers and
take steps to prohibit all use except for income tax purposes as
originally intended and as promised by former President Roosevelt
originally. Consider an unseen computer, selling personal information
to anyone with the price of access. That is what the system has become.
Is not one's name and identification personal property? Please make it
so.
(Don't worry about placing the nuke repository at Yucca Mountain.
Its the right place for these materials)
-
�