Congress may slap restrictions on SSN use

WASHINGTON--Democratic and Republican politicians on Thursday both promised to enact new federal laws by the end of the year that would restrict some commercial uses of Social Security numbers, which are often implicated in identity fraud cases.

"Whether Social Security numbers should be sold by Internet data brokers to anyone willing to pay, indistinguishable from sports scores or stock quotes... to me, that's a no-brainer," Texas Republican Joe Barton, chairman of the U.S. House of Representatives Energy and Commerce Committee, said at a hearing. Such a practice should not be allowed, he said, "period, end of debate."

In both the House and the Senate, there are at least three pieces of pending legislation that propose different approaches to restricting the use and sale of SSNs. Politicians have expressed astonishment at what they see as a rising identity fraud problem, frequently pointing to a 2003 Federal Trade Commission survey that estimated nearly 10 million consumers are hit by such intrusions each year.

One bill, sponsored by Massachusetts Democrat Edward Markey, would require the FTC to make new rules limiting the sale and purchase of those identifiers, with exceptions for law enforcement, public health, certain emergency situations and selected research projects.

Another measure, sponsored by Florida Republican Clay Shaw, would restrict the display of SSNs on credit reports and on various government-issued documents and identification tags. It would also make it illegal in certain cases for anyone to refuse to do business with people who decline to supply their SSNs.

Testifying at Thursday's hearing, FTC Commissioner Jon Leibowitz stopped short of endorsing either bill, but he readily acknowledged that the identifiers "are overused, and they are underprotected."

"Users of Social Security numbers should migrate toward using less-sensitive identifiers whenever possible," he said, adding that companies also need to do more to protect the data they possess.

The SSN hasn't always had such broad applications. Back in 1935, Congress first directed the Social Security Administration to develop an accounting system to track payments to the fund. Out of that mandate came a unique identifier that has ultimately found applications in everything from issuing food stamps to tracking down money launderers.

One use of particular concern to the privacy community is the vast databases compiled by commercial "data brokers" about the American population that financial institutions can use to verify identities. One such company, ChoicePoint, grabbed headlines last year after a breach of its database came to light. That incident and other high-profile breaches unleashed a number of proposals in Congress, some of which target what some deem unregulated data brokers.

The controversy over the connection between SSNs and identity fraud is hardly new, and a number of states have already enacted restrictions in that area. Several federal laws, including the Fair Credit Reporting Act and the Health Insurance Portability and Accountability Act, better known as HIPAA, also include restrictions on use and disclosure of the identifiers.

As they pursue new laws, politicians said they're facing a difficult "balancing act" between rooting out abuses of Social Security numbers and protecting uses that tax collectors, the financial sector and law enforcement officials, among others, claim are invaluable.

Numerous industries have found a number of "beneficial uses" for SSNs, said Oliver Ireland, who testified on behalf of the Financial Services Coordinating Council. That group represents trade associations for the banking, securities, and insurance industries.

The numbers, for instance, "are critical for fraud detection," Ireland said in prepared testimony.

Also on Thursday, a California Senate committee approved an identity fraud bill that would improve state residents' ability to freeze their own credit reports when mischief is suspected.

CNET News.com's Declan McCullagh contributed to this report.

[retired_afmil]

Heavy fines for sellers

Really sock it to the ones who sell SSN's Then use the money to assist people to reclaim their IDs. Don't forget some businesses do not verify IDs the way they should, they are part of the problem

[Jackson Cracker]

Heavy jail time would be better

and a three strikes provision for repeat offenders

[chiefhopper]

Shutting the Bard Door After ...

This is much like shutting the barn door after the horses are long gone. Heck. Everything is long gone and the farm is deserted.

Good luck to our Fearless Leaders!!!

[webdev511]

Should have been in the Privacy Act of 72

This should have been part of the privacy act of 1972, but congress was a bunch of wimps and buckled under pressure of the private sector.

Ideally, you would own all of your information, but guess what? In reality, you don't own or control any of your information, ZERO, but if it's stolen or misused by someone else you're held responsible. So tell me what's wrong with that picture?

[paulej]

Government is the worst abuser

The US Government and State Governments are the worst abusers of the Social Security Numbers. While having one's SSN stolen causes some problems in the private sector, the mere threat of legal action will force private companies to address problems. However, when the government makes a mistake, it takes years to correct.

Joel Silverman (Commissioner) and the Indiana Bureau of Motor Vehicles is the epitome of just such in case. In 2001, my SSN was used by three (3!) different people in Indiana to get two ID cards and one driver's license. It is now 2006 and the bogus records are still on file.

The driver's license was suspended and Indiana continues to report to the National Driver Register that I have a suspended driver's license. What this means to me is that any day I am driving down the road, if I am stopped by a police officer he has every right to take me to jail for "driving on a suspended driver's license" that is not even mine. In trying to resolve the problem, Indiana simply made a threat to prosecute me!

I invite you to read all about it:
<a class="jive-link-external" href="http://www.arid.us/silverman/" target="_newWindow">http://www.arid.us/silverman/</a>

Just Another Band-Aid That Won't Work

Along with their inept legislation, this Congress is bound and determined to ignore the real problem with Social Security numbers, and the identity crisis in general.

With new breaches almost weekly--the most recent 26.5 veterans' records--you cannot depend on anyone but yourself to protect your name and private information. Look at the FTC: with 9.3 million ID fraud victims in 2005 suffering just under $6,000 each, they brought a paltry 13 cases against suspect businesses since 2001.

There is only one way to protect the use of consumers names and personal data. Pass federal legislation to give the individual control over their name and private information, and, while were at it, pay them when it is sold. You can read about it in my blog, The Dunning Letter at: <a class="jive-link-external" href="http://thedunningletter.blogspot.com/2005_06_26_thedunningletter_archive.html" target="_newWindow">http://thedunningletter.blogspot.com/2005_06_26_thedunningletter_archive.html</a>

Scroll down to second post.

Jack E. Dunning
Cave Creek, AZ