Reports: Social Security numbers still vulnerable

The government is taking steps to protect consumers by reducing its use of Social Security numbers, yet with identity theft complaints numbering in the millions, counties across the country are still making the numbers available in bulk or online to businesses and the public.

The President's Identity Theft Task Force released a report (PDF) Tuesday marking the progress of federal agencies in combating identity theft. Steps taken include better assisting identity theft victims and increasing prosecutions and other deterrent measures--federal identity theft convictions increased 26 percent from 2006 to 2007, according to the report.

Many steps have also been taken to simply limit the federal government's use of personal data such as Social Security numbers. The report called Social Security numbers "one of the most valuable commodities for identity thieves."

The task force, which was established by President Bush in 2006, is comprised of representatives from 15 federal agencies. Tuesday's report follows up on the federal government's progress in implementing the 31 steps recommended to combat identity theft in the task force's 2007 strategic plan (PDF).

The Federal Trade Commission's Identity Theft Data Clearinghouse contains over 1.6 million consumer complaints, the report points out.

While the federal government works to improve its use of consumer data, local governments continue to make Social Security numbers widely available, according to a separate survey (PDF) by the Government Accountability Office.

In response to an inquiry from Senator Chuck Schumer (D-N.Y.) about the bulk sales of public records online, the GAO surveyed a sample of 247 counties, including the 97 largest counties by population, about the reasons they make records available in bulk or online, what types of records are available, and who is interested in the records.

Many counties make public records available in bulk because of state open records laws, the GAO said. Actions by state and local governments taken to protect Social Security numbers are a "recent phenomenon," the GAO said. It was estimated that about 12 percent of counties have completed redacting or truncating of Social Security numbers and another 26 percent are in the process.

State, local, and federal actions taken to limit the distribution of Social Security numbers "may strike an appropriate balance between protecting SSNs from misuse and making a portion available for appropriate parties to firmly establish the identity of specific individuals," the GAO said.

The President's Identity Theft Task Force noted that in January 2008, the IRS began redacting all but the last four digits of taxpayers' social security numbers on all federal tax lien documents filed in public records and issued to taxpayers and their representatives, and the agency is considering redacting the numbers on other documents as well. Also, the Office of Personnel Management led an interagency initiative to eliminate the unnecessary use of Social Security numbers in federal government human resource functions.

The GAO said that while recent actions to protect Social Security numbers represents a positive step, "these actions will only protect SSNs in future transactions, as millions of records with SSNs have already been obtained in bulk or online."

[paulej]

The problem is that government and private companies use the SSN in the first place for purposes that the SSN was not intended. For thousands of years, the world got by without an identifying number per person. Why is it suddenly now necessary? Why doesn't every agency and company associate customers with its own identifiers? OK, sure, the SSN helps to associate the same person across a number of systems, which has benefits. But, the benefits do not outweigh the problems.

Years ago, somebody went to the Indiana BMV and made a claim that they were me. I live in North Carolina. Without any substantial proof -- not even a social security card in hand -- the BMV accepted the claimed number and issued a driver's license. That license later got revoked and who suffered? Me! (Actually, the state of Indiana arrested the guy and put him in jail, but did not clean up the bogus BMV records.) So, for years, I was arguing with the BMV. And, they absolutely did not care. I could not renew my license in North Carolina due to federal laws!

In every instance, there is a way to address these problems. In my case, Indiana should have cleaned up their mistake. But, they would not. Perhaps they could have avoided the issue in the first place by at least requiring the SSN card in the person's hand. Is it too much to require the criminal to show the card and get one if he does not have one?

He not only got a driver's license, but then got a number of credit cards or credit lines. Every since creditor took him at his word -- no questions and no proof of identity beyond the driver's license. This is somewhat understandable -- again, the Indiana BMV's stupidity made this possible.

And, just to make the point clearer about how stupid those people are -- including Joel Silverman, who was the Chief who once said this problem was all my fault -- the BMV actually issued 3 different cards to 3 different people with the same SSN! Just how much more proof done one need than that?

[inachu]

If we would just use them for what they were originally were meant to be used then perhaps there would be less problems.
Who ever thought it was a good idea to use SSN as a means of identification for everything had no clue how to do their job all those years ago.