May 11, 2006 3:29 PM PDT

Congress may slap restrictions on SSN use

WASHINGTON--Democratic and Republican politicians on Thursday both promised to enact new federal laws by the end of the year that would restrict some commercial uses of Social Security numbers, which are often implicated in identity fraud cases.

"Whether Social Security numbers should be sold by Internet data brokers to anyone willing to pay, indistinguishable from sports scores or stock quotes... to me, that's a no-brainer," Texas Republican Joe Barton, chairman of the U.S. House of Representatives Energy and Commerce Committee, said at a hearing. Such a practice should not be allowed, he said, "period, end of debate."

In both the House and the Senate, there are at least three pieces of pending legislation that propose different approaches to restricting the use and sale of SSNs. Politicians have expressed astonishment at what they see as a rising identity fraud problem, frequently pointing to a 2003 Federal Trade Commission survey that estimated nearly 10 million consumers are hit by such intrusions each year.

One bill, sponsored by Massachusetts Democrat Edward Markey, would require the FTC to make new rules limiting the sale and purchase of those identifiers, with exceptions for law enforcement, public health, certain emergency situations and selected research projects.

Another measure, sponsored by Florida Republican Clay Shaw, would restrict the display of SSNs on credit reports and on various government-issued documents and identification tags. It would also make it illegal in certain cases for anyone to refuse to do business with people who decline to supply their SSNs.

Testifying at Thursday's hearing, FTC Commissioner Jon Leibowitz stopped short of endorsing either bill, but he readily acknowledged that the identifiers "are overused, and they are underprotected."

"Users of Social Security numbers should migrate toward using less-sensitive identifiers whenever possible," he said, adding that companies also need to do more to protect the data they possess.

The SSN hasn't always had such broad applications. Back in 1935, Congress first directed the Social Security Administration to develop an accounting system to track payments to the fund. Out of that mandate came a unique identifier that has ultimately found applications in everything from issuing food stamps to tracking down money launderers.

One use of particular concern to the privacy community is the vast databases compiled by commercial "data brokers" about the American population that financial institutions can use to verify identities. One such company, ChoicePoint, grabbed headlines last year after a breach of its database came to light. That incident and other high-profile breaches unleashed a number of proposals in Congress, some of which target what some deem unregulated data brokers.

The controversy over the connection between SSNs and identity fraud is hardly new, and a number of states have already enacted restrictions in that area. Several federal laws, including the Fair Credit Reporting Act and the Health Insurance Portability and Accountability Act, better known as HIPAA, also include restrictions on use and disclosure of the identifiers.

As they pursue new laws, politicians said they're facing a difficult "balancing act" between rooting out abuses of Social Security numbers and protecting uses that tax collectors, the financial sector and law enforcement officials, among others, claim are invaluable.

Numerous industries have found a number of "beneficial uses" for SSNs, said Oliver Ireland, who testified on behalf of the Financial Services Coordinating Council. That group represents trade associations for the banking, securities, and insurance industries.

The numbers, for instance, "are critical for fraud detection," Ireland said in prepared testimony.

Also on Thursday, a California Senate committee approved an identity fraud bill that would improve state residents' ability to freeze their own credit reports when mischief is suspected.

CNET's Declan McCullagh contributed to this report.

See more CNET content tagged:
identity fraud, social security number, Social Security, HIPAA, restriction


Join the conversation!
Add your comment
Heavy fines for sellers
Really sock it to the ones who sell SSN's Then use the money to assist people to reclaim their IDs. Don't forget some businesses do not verify IDs the way they should, they are part of the problem
Posted by retired_afmil (7 comments )
Reply Link Flag
Heavy jail time would be better
and a three strikes provision for repeat offenders
Posted by Jackson Cracker (272 comments )
Link Flag
Shutting the Bard Door After ...
This is much like shutting the barn door after the horses are long gone. Heck. Everything is long gone and the farm is deserted.

Good luck to our Fearless Leaders!!!
Posted by chiefhopper (4 comments )
Reply Link Flag
Should have been in the Privacy Act of 72
This should have been part of the privacy act of 1972, but congress was a bunch of wimps and buckled under pressure of the private sector.

Ideally, you would own all of your information, but guess what? In reality, you don't own or control any of your information, ZERO, but if it's stolen or misused by someone else you're held responsible. So tell me what's wrong with that picture?
Posted by webdev511 (254 comments )
Reply Link Flag
Government is the worst abuser
The US Government and State Governments are the worst abusers of the Social Security Numbers. While having one's SSN stolen causes some problems in the private sector, the mere threat of legal action will force private companies to address problems. However, when the government makes a mistake, it takes years to correct.

Joel Silverman (Commissioner) and the Indiana Bureau of Motor Vehicles is the epitome of just such in case. In 2001, my SSN was used by three (3!) different people in Indiana to get two ID cards and one driver's license. It is now 2006 and the bogus records are still on file.

The driver's license was suspended and Indiana continues to report to the National Driver Register that I have a suspended driver's license. What this means to me is that any day I am driving down the road, if I am stopped by a police officer he has every right to take me to jail for "driving on a suspended driver's license" that is not even mine. In trying to resolve the problem, Indiana simply made a threat to prosecute me!

I invite you to read all about it:
<a class="jive-link-external" href="" target="_newWindow"></a>
Posted by paulej (1261 comments )
Reply Link Flag
Just Another Band-Aid That Won't Work
Along with their inept legislation, this Congress is bound and determined to ignore the real problem with Social Security numbers, and the identity crisis in general.

With new breaches almost weekly--the most recent 26.5 veterans' records--you cannot depend on anyone but yourself to protect your name and private information. Look at the FTC: with 9.3 million ID fraud victims in 2005 suffering just under $6,000 each, they brought a paltry 13 cases against suspect businesses since 2001.

There is only one way to protect the use of consumers names and personal data. Pass federal legislation to give the individual control over their name and private information, and, while were at it, pay them when it is sold. You can read about it in my blog, The Dunning Letter at: <a class="jive-link-external" href="" target="_newWindow"></a>

Scroll down to second post.

Jack E. Dunning
Cave Creek, AZ
Posted by (6 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.