Focusing public attention on emerging privacy and civil liberties issues

Social Security Numbers

Top News

  • Social Security Administration Considers Stronger Privacy Safeguards for SSNs of Children: The Social Security Administration seeks public comment on a proposal to assign new Social Security numbers to children age 13 and under. Currently, the agency may assign new SSNs only if it has evidence that "a third party has improperly used an adult's or child's SSN, the number holder was not at fault, and the number holders was recently disadvantaged by the misuse." Under the proposed policy, the agency would issue a new SSN to a child if: (1) the child's Social Security card is stolen in transit from the agency to the child's address; (2) the SSA erroneously discloses a child's SSN through the SSA's Death Master File; or (3) a third party misuses the child's SSN. The agency would no longer require evidence that the child was disadvantaged due to misuse in any of these situations. EPIC favors the proposed rule change. Public comments on the proposal are due April 12, 2013. EPIC has previously warned Congress about SSN fraud and the growing problem of identity theft. For more information, see EPIC: Social Security Numbers. (Mar. 18, 2013)
  • Privacy Watchdog Receives Broad Protection for Publishing Public Records: A federal judge has issued a final order in favor of privacy advocate Betty Ostergren, who challenged a state law designed to prosecute her for drawing attention to the state's poor security practices. Ostegren had posted public records on her website that included Social Security Numbers made available by the state of Virginia. A district court held that Virginia may not prosecute her for re-publishing the Social Security Numbers of state officials. On appeal, a federal appeals court ruled that the court’s holding was too limited, and on remand the court said that Ostergren can re-publish any publicly available documents. EPIC filed a "friend of the court" brief in support of Ostergen, urging the court to hold that the First Amendment protects Ostergren's speech. For more information, see EPIC: Ostergren v. McDonnell, EPIC: Social Security Numbers, and EPIC: Identity Theft. (Apr. 15, 2011)
  • California Supreme Court Rules Zip Code is Personal Information: In Pineda v. William Sonoma, the California Supreme Court has determined that merchants may not require credit card customers to provide ZIP codes. In a unanimous decision, the Court found that ZIP codes are "personal identification information" under the state Credit Card Act of 1971. In the Pineda case, the customer believed that providing an SSN was necessary to complete a credit card transaction. The merchant subsequently used the SSN to determine the customer's home address. The California court said that the Credit Card Act "intended to provide robust consumer protections by prohibiting retailers from soliciting and recording information about the cardholder that is unnecessary to the credit card transaction." For more information, see EPIC - Social Security Numbers and EPIC - Reidentification. (Feb. 11, 2011)
  • Social Security Protection Act of 2010 Becomes Law: President Obama signed a bill aimed at reducing identity theft by limiting the Government's use of and access to social security numbers. The bill, which passed the House and Senate, prohibits government agencies from printing social security numbers on checks and from allowing prison inmates access to social security numbers. "Social Security numbers are among Americans' most valuable but vulnerable assets," said Sen. Feinstein, a sponsor of the bill. "Identity theft is a serious concern for all consumers, and we should make every effort to protect personal information." EPIC has testified many times before Congress on the need to safeguard the SSN, including House hearings in 2000, 2001, 2006, 2007 and EPIC has also litigated important cases on SSN privacy.  For more information, see EPIC: Social Security Numbers, EPIC: Identity Theft, and EPIC: Doe v. Chao. (Dec. 23, 2010)
  • Appeals Court Protects Free Speech for Privacy Advocate: Privacy Advocate Betty Ostergren has won in federal appeals court in her challenge to a state law designed to prosecute her for drawing attention to the state's online publication of SSNs. In Ostergren v. Cuccinelli, the court ruled that the Commonwealth of Virginia may not prosecute Ostergren for publishing the SSNs of state officials available in public land records until the Commonwealth itself stops making these unredacted documents available. EPIC filed a "friend of the court" brief in support of Ostergen, urging the court to hold that the First Amendment protects Ostergren's speech. For more information, see EPIC Ostergren v. McDonnell, EPIC Social Security Numbers, and EPIC Identity Theft. (Jul. 26, 2010)
  • Federal Appeals Court to Hear Arguments in SSN Free Speech Case: The Fourth Circuit Court of Appeals will hold oral arguments on Tuesday, March 23 in the case of Ostergren v. McConnell. Betty Ostergren runs a website that republishes Social Security Numbers, collected from public records, to persuade Virginia lawmakers to stop releasing documents that reveal Social Security Numbers. EPIC filed a "friend of the court" brief in October, urging the court to hold that the First Amendment protects Ostergren's speech. For more information, see EPIC Social Security Numbers. (Mar. 22, 2010)
  • EPIC Urges Court to Protect Speech of Privacy Advocate: Today, EPIC filed a "friend of the court" brief with the Fourth Circuit Court of Appeals, urging the court to hold that the First Amendment protects the speech of Betty Ostergren, a privacy advocate. Ostergren runs a Website that republishes Social Security Numbers, collected from public records, to persuade Virginia lawmakers to stop releasing documents that reveal Social Security Numbers. Under Virginia law, Ostergren could be prosecuted for publishing SSNs, even though Virginia makes the numbers widely available. A lower court held that the law violated Ostergren's First Amendment rights. Virginia appealed. EPIC's brief urges the appeals court to uphold the lower court's ruling. For more information, see EPIC Ostergren v. McDonnell, EPIC Social Security Numbers, and EPIC Identity Theft. (Oct. 19, 2009)
  • EPIC Protects Worker Privacy. In comments to the General Services Administration (GSA), EPIC argued for privacy protections for federal contractor employees. The GSA sought comments on implementing an executive order mandating that federal contractors use the E-Verify system. The GSA proposed rule would require that new hires and current employees be verified against databases known to contain millions of errors, with failures to verify leading to eventual termination. EPIC recommended fixing database errors, applying Privacy Act protections, and exempting current employees before implementing the rule. (Aug 11, 2008)
  • Court Allows Privacy Act Lawsuit by TSA Employees Against Agency to Continue. A federal district court judge has ruled (pdf) that Transportation Security Administration employees whose personal data was compromised in an agency security breach can continue their suit for damages under the Privacy Act of 1974. In May, TSA lost a hard drive containing biographic and financial data on 100,000 employees. The hard drive, which contains payroll data from January 2002 to August 2005, holds employee names, Social Security numbers, birth dates, and bank account and routing information. The employees claim that the breach constitutes a violation of the Privacy Act, which provides remedies for certain disclosures of personal information held by the government, including the creation of new security measures, and damages. In 2003, EPIC filed an amicus brief in Doe v. Chao, a Supreme Court case interpreting the Privacy Act's minimum damages provision. (Apr. 2, 2008)
  • EPIC Urges Strong Accuracy Requirements for Federal System Affecting Americans' Jobs. In comments (pdf) to the Department of Homeland Security, EPIC urged the agency to fully apply all Privacy Act of 1974 obligations, including those of access, correction and data accuracy, to the Verification Information System. This system underpins the federal government's Employment Eligibility Verification System ("EEVS"). With this system, DHS is attempting to gain the authority to determine employment eligibility for virtually all Americans in the workforce. EPIC said. "Consistent and broad application of the Privacy Act obligations are the best means of ensuring accuracy and reliability of the data used in a system that profoundly affects Americans' employment." (Mar. 31, 2008)
  • Federal Court Temporarily Blocks New Government Rule on Employment Eligibility Verification. A federal judge today issued a temporary restraining order (pdf) to stop the Homeland Security agency from enforcing a new rule for its employment eligibility verification system (now called "E-Verify") requiring employers to fire employees if they are unable to resolve "no match" discrepancies within 90 days. The federal government is restricted from issuing 140,000 "no match" letters to employers, which would affect about 8 million workers nationwide. The federal government also is battling Illinois over E-Verify, filing suit (pdf) in a federal court seeking to block a new Illinois law that prohibits employers from using the system until the federal databases it uses can be certified as 99 percent accurate. EPIC has testified (pdf) about the myriad security and privacy problems inherent in the E-Verify system. See EPIC's Spotlight on Surveillance on E-Verify. (October 10, 2007)

Introduction

The Social Security Number (SSN) was created in 1936 as a nine-digit account number assigned by the Secretary of Health and Human Services for the purpose of administering the Social Security laws. SSNs were first intended for use exclusively by the federal government as a means of tracking earnings to determine the amount of Social Security taxes to credit to each worker's account. Over time, however, SSNs were permitted to be used for purposes unrelated to the administration of the Social Security system. For example, in 1961 Congress authorized the Internal Revenue Service to use SSNs as taxpayer identification numbers.

In response to growing concerns over the accumulation of massive amounts of personal information, Congress passed the Privacy Act of 1974. Among other things, this Act makes it unlawful for a governmental agency to deny a right, benefit, or privilege merely because the individual refuses to disclose his SSN.

Section 7 of the Privacy Act further provides that any agency requesting an individual to disclose his SSN must "inform that individual whether that disclosure is mandatory or voluntary, by what statutory authority such number is solicited, and what uses will be made of it." At the time of its enactment, Congress recognized the dangers of widespread use of SSNs as universal identifiers. In its report supporting the adoption of this provision, the Senate Committee stated that the widespread use of SSNs as universal identifiers in the public and private sectors is "one of the most serious manifestations of privacy concerns in the Nation." Short of prohibiting the use of the SSN outright, the provision in the Privacy Act attempts to limit the use of the number to only those purposes where there is clear legal authority to collect the SSN. It was hoped that citizens, fully informed where the disclosure was not required by law and facing no loss of opportunity in failing to provide the SSN, would be unlikely to provide an SSN and institutions would not pursue the SSN as a form of identification.

Large amounts of personal information, including tax information, credit information, school records, and medical records, is keyed to your Social Security Number. Because this data is often sensitive, you should keep it private.

The Structure of the SSN

The SSN is not entirely randomly-generated. Although the procedures for issuing SSNs have changed over the years, a SSN can reveal an individual's relative age and place of origin. The first three numbers (area number) are keyed to the state in which the number was issued. The next two (group numbers) indicate the order in which the SSN was issued in each area. The last four (serial numbers) are randomly generated.

The SSN and Privacy

Today, the Social Security Number plays an unparalleled role in identification, authentication, and tracking of Americans. Because the identifier is used for many purposes, it is valuable to those who wish to acquire credit, commit crimes, or masquerade as another person.

The SSN has been increasingly used in the private sector. The SSN is the record locator for many private-sector profilers, credit bureaus, and credit card companies. It is also used extensively outside the financial services sector. And, while some businesses use the SSN to identify individuals, others use the SSN as a password. This means that the SSN is widely used both as an identifier and as an authenticator. Serious security problems are raised in any system where a single number is used both as identifier and authenticator. It is not unlike using a password identical to a user name for signing into e-mail. Or like using the SSN as a bank account number and the last four of the SSN as a PIN for automated teller machines.

The SSN as National Identifier

The issuance of a single, unique number to Americans raises the risk that the SSN will become a de jure or de facto national identifier. This risk is not new; it was voiced at the creation of the SSN and has since been raised repeatedly. The SSN was created in 1936 for the sole purpose of accurately recording individual worker's contributions to the social security fund. The public and legislators were immediately suspicious and distrustful of this tracking system fearing that the SSN would quickly become a system containing vast amounts of personal information, such as race, religion and family history, that could be used by the government to track down and control the action of citizens. Public concern over the potential for abuse inherent in the SSN tracking system was so high, that in an effort to dispel public concern the first regulation issued by the Social Security Board declared that the SSN was for the exclusive use of the Social Security system.

In passing the Privacy Act of 1974, Congress was specifically reacting to and rejecting calls for the creation of a single entity for the reference and storage of personal information. A 1977 report issued as a result of the Privacy Act highlighted the dangers and transfer of powers from individuals to the government that occur with centralization of personal information:

In a larger context, Americans must also be concerned about the long-term effect record-keeping practices can have not only on relationships between individuals and organizations, but also on the balance of power between government and the rest of society. Accumulations of information about individuals tend to enhance authority by making it easier for authority to reach individuals directly. Thus, growth in society's record-keeping capability poses the risk that existing power balances will be upset.

Many medical providers are using the SSN as a patient identifier, thus hardening the number as a de facto national identifier. As David Miller noted in testimony before the National Committee on Vital Health Statistics:

"It should be noted that the 1993 WEDI [Workgroup for Electronic Data Interchange] Report, Appendix 4, Unique Identifiers for the Health Care Industry, Addendum 4 indicated 71% of the payers responding to the survey based the individual identifier on the Member's Social Security Number. However 89% requested the insured's Social Security Number for application of insurance. Clearly the Social Security Number is the current de facto identifier..."

But individuals and companies are resisting such use of the SSN. Acting on employees' suggestions, I.B.M. has requested that health companies stop using the SSN on insurance cards. According to IBM, fifteen insurers, which cover about 30,000 of the company's 500,000 employees worldwide have either not responded or indicated that they will not comply with the request.

  • Testimony of David S. Miller, Director, Health System Services, UHC, on the Unique Patient Identification Number at the National Committee on Vital Health Statistics hearing in Chicago, Jul. 21, 1998.
  • Marc Ferris, IBM asks providers to drop SSNs, New York Times, Feb. 23, 2003, p. 3.

The SSN and Identity Theft

The widespread use of the SSN as an identifier and authenticator has lead to an increase in identity theft. According to the Privacy Rights Clearinghouse, identity theft now affects between 500,000 and 700,000 people annually. Victims often do not discover the crime until many months after its occurrence. Victims spend hundreds of hours and substantial amounts of money attempting to fix ruined credit or expunge a criminal record that another committed in their name.

Identity theft litigation also shows that the SSN is central to committing fraud. In fact, the SSN plays such a central role in identification that there are numerous cases where impostors were able to obtain credit with their own name but a victim's SSN, and as a result, only the victim's credit was affected. In June 2004, the Salt Lake Tribune reported: "Making purchases on credit using your own name and someone else's Social Security number may sound difficult -- even impossible -- given the level of sophistication of the nation's financial services industry…But investigators say it is happening with alarming frequency because businesses granting credit do little to ensure names and Social Security numbers match and credit bureaus allow perpetrators to establish credit files using other people's Social Security numbers." The same article reports that Ron Ingleby, resident agent in charge of Utah, Montana and Wyoming for the Social Security Administration's Office of Inspector General, as stating that SSN-only fraud makes up the majority of cases of identity theft.

Because creditors will open new accounts based only on a SSN match, California has passed legislation requiring certain credit grantors to comply with heightened authentication procedures. California Civil Code § 1785.14 requires credit grantors to actually match identifying information on the credit application to the report held at the credit reporting agency. Credit cannot be granted unless three identifiers from the application match those on file at the credit bureau.

  • Lesley Mitchell, New wrinkle in ID theft; Thieves pair your SS number with their name, buy with credit, never get caught; Social Security numbers a new tool for thieves, The Salt Lake Tribune, June 6, 2004, at E1.

The Social Security Administration SSN Death Master File

The Death Master File is publicly available from the Social Security Administration (SSA) for a little under $1,800 for a single issue ($6,900 for a quarterly subscription with monthly updates). Anyone can buy 60 million electronic records from the SSA on all Americans (and others with SSNs) that have died. These records contain important personal identifiable information, including the name, social security number, date of birth, date of death, state or country of residence, ZIP code of last residence, and ZIP code of lump sum payment to the decedent's beneficiary. These records are also accessible for free on the web at places like Ancestry.com. The records have over a 3% error rate, and provide information chiefly on those who died after 1960.

Unscrupulous users of this database for instance might be able to exploit the recently bereaved or take advantage of their changed financial circumstances. Separate from what residual privacy concerns might be there for the recently departed, it is important to appreciate the effect such disclosure has on the survivor's privacy where their spouse's or parent's name, SSN and location is made freely available. The database might arguably be of some help for those engaged in historical research, but the terms and conditions of such use can be regulated to protect the privacy of survivors.

The Individual References Service Group Privacy Principles

In the 1990s, significant public concern was raised about information brokers that routinely buy and sell detailed personal information, including Social Security Numbers. The Individual Reference Services Group (IRSG) was established to manage calls for SSN and privacy legislation.

IRSG companies gather and sell Social Security numbers. Social Security numbers are collected from a variety of public and non-public sources. Public documents such as bankruptcy filings and other types of court records often contain Social Security numbers of the parties to a proceeding. In response to this, a number of states shield SSNs from disclosure in public records. For instance, marriage licenses have been a source for SSNs and a number of states, including Arizona, California, Indiana, Iowa, Kentucky, Louisiana, Maine, Montana, Ohio, and Michigan, have enacted legislative protections to prevent their disclosure. Birth and death records are rich in personal information, and states have acted to shield SSNs collected in these life events against disclosures. Arizona, California, Illinois, Kansas, Maine, Maryland, Massachusetts, Minnesota, Mississippi, Missouri, New Hampshire, and other states limit the appearance of the parents' SSN on birth records. Similarly, several states restrict disclosure of the SSN in records associated with death.

Non-public documents such as credit headers, the identifying information at the top of credit reports (including names, addresses, ages and SSNs), are also culled for information. IRSG companies use both public and non-public sources of personal information to compile data on individuals.

During 1997, the IRSG worked with the Federal Trade Commission, absent public input, to develop a set of self-regulatory principles. These self-regulatory principles allow the sale of Social Security numbers without the knowledge and permission of the data subject.

Under the IRSG Principles, companies can freely sell and distribute SSNs gathered from public records. The IRSG Principles treat the same data, Social Security numbers, differently if it comes from a non-public source such as credit headers. However, the guidelines for the sale of Social Security numbers from non-public sources are completely subjective and largely ignore the privacy interests of the data subject.

The IRSG Principles create a three-tier system for the sale of information gathered from non-public sources. The first tier for the sale of Social Security numbers applies to "qualified subscribers." Complete Social Security numbers can be sold to those deemed to fall into this category. There is no definition of what makes someone whom wishes to purchase a social security number a "qualified subscriber." Moreover, the conditions that qualified subscribers must meet under the IRSG Principles rely entirely on the determination of the data seller and the data purchaser on what is an "appropriate" use of such information. The data subject, the person whose Social Security number is being collected and sold, has no input into whether such use is in fact "appropriate." The balancing process for deciding whether such uses are appropriate is carried out by the parties selling and purchasing the data; that is, the ones that have a strong interest in letting a transaction proceed. In addition, IRSG companies do not have a strong incentive to establish whether information being sold to a responsible entity that will use data in a strictly appropriate manner.

The IRSG dissolved shortly after the passage of the Gramm-Leach-Bliley Act, but some data brokers still conform to the group's principles.

The SSN and Student Privacy

Students are especially vulnerable to identity theft for many reasons. Some of these reasons pertain to the type of lifestyle that many students maintain-they are, in effect, transients for four years. Students may not actually receive their mail regularly. Often, parents are the ones who maintain their permanent mailboxes, and in many cases, parents actually receive the credit bills. Students are not likely to request their credit reports, or even know that checking their credit records is a good idea. Also, credit card companies target students heavily for new lines of credit, and in some cases, issue credit without the consent of the student.

Students are at particular risk because use of the SSN is rampant at some institutions. In some cases, the SSN is used as a student identifier, and is actually printed on the face of the student identity card. Many schools use the SSN as the login for computer systems. The Chronicle of Higher Education reported in August 2002 that: "Nearly half of colleges nationwide still use Social Security numbers as the primary means to track students in academic databases, according to a March survey by the American Association of Collegiate Registrars and Admissions Officers. The survey also shows that 79 percent of colleges display students' Social Security number on official transcripts."

Some professors continue to post grades with the SSN as an identifier. Aside from the identity theft risk of this practice, posting grades with the SSN endangers confidentiality. Because the SSN is not randomly generated, it is easy to identify certain students based on their SSN. For instance, at a state school, one only need to look for SSNs with a different "area numbers" (first three digits) to identify possible out-of-state students. Additionally, group numbers (middle two digits) may indicate age, so even within a state, it may be possible to separate older students from younger ones.

In Arizona, major universities can no longer use the SSN as the student identifier. In Colorado, as of July 2003, public and private post secondary institutions were required to establish protections for the SSN and discontinue its use as the primary student identifier. New York and West Virginia prohibit all public and private schools from using the SSN as a primary identifier. Kentucky law allows students to opt-out of use of the SSN as student identifier.

Effective SSN Legislation

Effective SSN Legislation would:

  • Limit the use of the SSN to those circumstances where use is explicitly authorized by law. For example, an employer should be permitted to ask an employee for an SSN for tax-reporting purposes (as long as the SSN remains the Taxpayer Identification Number), but a health club should not be permitted to ask a customer for an SSN as a condition of membership.
  • Prohibit the sale and limit the display of the SSN by government agencies. It is simply inconsistent with Section 7 of the Privacy Act to allow the federal government to disseminate the SSN.
  • Prevent companies from compelling consumers to disclose their SSN as a condition of service or sale unless there is a statutory basis for the request
  • Penalize the fraudulent use of another person's SSN but not the use of an SSN that is not associated with an actual individual. This would permit, for example, a person to provide a number such as "123-00-6789" where there is no intent to commit fraud.
  • Encourage the development of alternative, less intrusive means of identification. We believe that the National Research Council should be funded to undertake research on new techniques that enable records management while minimizing privacy risks.

How to Protect Your SSN

  • Don't give out your SSN. Try to bargain with businesses that request it by giving an alternative identifier, such as a driver's license number.
  • Robert Ellis Smith, editor of the Privacy Journal, has written an article on SSN alternatives that large organizations can use.
  • The Social Security Administration recommends that you should ask the following questions before releasing the SSN:
    • Why your number is needed;
    • How your number will be used;
    • What happens if you refuse; and
    • What law requires you to give your number.

State SSN Protections

Many states have enacted legislative protections for the Social Security Number. They vary from comprehensive frameworks of protection for the SSN to highly-specific laws that shield the SSN from disclosure in specific contexts.

For a comprehensive listing of state SSN laws, see Robert Ellis Smith, Compilation of State and Federal Privacy Laws, Privacy Journal.

A law taking effect in January 2005 in Arizona prohibits the disclosure of the SSN to the general public, the printing of the identifier on government and private-sector identification cards, and establishes technical protection requirements for online transmission of SSNs. The new law also prohibits printing the SSN on materials mailed to residents of Arizona. Exceptions to the new protections are limited­companies that wish to continue to use the SSN must do so continuously, must disclose the use of the SSN annually to consumers, and must afford consumers a right to opt-out of continued employment of the SSN.

In California, Senate Bill 168 was signed into law in October 2001. The bill gives individuals the ability to request that a "security alert" be placed on their credit record via a toll-free phone number.?The bill also enables Californians to request a "security freeze" that prevents credit agencies from releasing personal information from an individual's credit report.?The bill places important restrictions on use of the SSN-public posting of a SSN and printing the SSN on an identity card or document used to obtain a product or service is prohibited.?Businesses that use the SSN to identify customers, such as utility companies, will no longer be permitted to print the SSN on invoices or bills sent through the mail.

California's Senate Bill 1386 went into effect on July 1, 2003. That legislation requires companies that maintain SSNs and other personal information to notify individuals when they experience a security breach. The bill came in response to an April 2002 incident in which the records of over 200,000 state employees were accessed by a computer cracker. The California legislation exceeds federal protections, as there is no national requirement for notice to individuals when personal information is accessed without authorization.

In June 2004, Colorado Governor Bill Owens signed H.B. 1311, legislation that creates important new protections for the SSN that will take effect later this summer. The new law will limit the collection of the SSN and its incorporation in licenses, permits, passes, or certificates issued by the state. The law requires the establishment of policies for safe destruction of documents containing the SSN. Insurance companies operating in the state must remove the SSN from consumers' identification cards. Finally, the legislation creates new penalties for individuals who use others' personal information to injure or defraud another person.

In Georgia, businesses are now required to safely dispose of records that contain personal identifiers. Georgia Senate Bill 475 requires that business records-including data stored on computer hard drives-must be shredded or in the case of electronic records, completely wiped clean where they contain SSNs, driver's license numbers, dates of birth, medical information, account balances, or credit limit information.?The Georgia law carries penalties up to $10,000.

Resources

Cases

In Ostergren v. Cuccinelli, No. 09-723 (4th. Cir. July 26, 2010), the Fourth Circuit Court of Appeals decided in favor of privacy advocate Betty Ostergren’s challenge to a Virginia state law designed to prosecute her for drawing attention to the state’s online publication of Social Security Numbers (SSNs). Virginia provides “secure remote access” to certain public records, including court records with millions of SSNs. Even though, by statute, clerks are required to redact SSNs, this provision did not go into effect due to lack of funding.

The plaintiff in this case, Betty Ostergren, is a privacy advocate who maintains a website calling for improved privacy rights and the removal of private information from public records. Ostergren obtained unredacted public documents through Virginia's secure remote access system and posted the documents on her website. Ostergren argued that posting the records informs the public about the online availability of personal information, and increases transparency and oversight.

The publication of the SSNs exposed Ostergren to liability under a revised provision of Virginia’s Personal Information Privacy Act (PIPA) that states that “a person shall not . . . [i]ntentionally communicate another individual’s social security number to the general public.” The previous version of the statute provided an exception for "records required by law to be open to the public." Before the revised provision went into effect, Ostergren filed a complaint in the United States District Court for the Eastern District of Virginia, alleging that the revised provision was unconstitutional under the First Amendment and applicable Supreme Court precedent.

The court agreed that the provision was unconstitutional as applied to her website. The court found that Ostergren's website addressed a matter of public concern, and that Virginia did not appear to regard the protection of SSNs as an "interest of the highest order" because it made some records available online and did not fund the redaction of the records. The court found that it was not an interest of the highest order even though the SSNs on Ostergren's website have been used at least twice for criminal activity. One individual has admitted to using the SSNs to fraudulently obtain credit cards, and another confessed to using the SSNs to attempt to blackmail people.

The court entered a permanent injunction against enforcement of the provision against “any iteration of [plaintiff]’s website … that simply republished publicly obtainable documents containing unredacted SSNs of Virginia [state officials].” The Virginia Attorney General filed a notice of appeal on June 30, 2008, and filed its Opening Brief before the Fourth Circuit on September 8, 2009.

In Greidinger v. Davis, a Federal Appeals court was asked to consider whether the state of Virginia could compel a voter to disclose an SSN that would subsequently be published in the public voting rolls, the Court noted the growing concern about the use and misuse of the SSN, particularly with regard to financial services. The Fourth Circuit said:

Since the passage of the Privacy Act, an individual's concern over his SSN's confidentiality and misuse has become significantly more compelling. For example, armed with one's SSN, an unscrupulous individual could obtain a person's welfare benefits or Social Security benefits, order new checks at a new address on that person's checking account, obtain credit cards, or even obtain the person's paycheck. . . . . Succinctly stated, the harm that can be inflicted from the disclosure of a SSN to an unscrupulous individual is alarming and potentially financially ruinous.

The Court said that:

The statutes at issue compel a would-be voter in Virginia to consent to the possibility of a profound invasion of privacy when exercising the fundamental right to vote. As illustrated by the examples of the potential harm that the dissemination of an individual's SSN can inflict, Greidinger's decision not to provide his SSN is eminently reasonable. In other words, Greidinger's fundamental right to vote is substantially burdened to the extent the statutes at issue permit the public disclosure of his SSN.

The Court concluded that to the extent the Virginia voting laws, "permit the public disclosure of Greidinger's SSN as a condition of his right to vote, it creates an intolerable burden on that right as protected by the First and Fourteenth Amendments."

In a second case, Beacon Journal v. City of Akron, testing whether a state could be required to disclose the SSNs of state employees under a state open record law where there was a strong presumption in favor of disclosure, the Ohio Supreme Court held that there were privacy limitations in the federal Constitution that weighed against disclosure of the SSN. The court concluded that:

We find today that the high potential for fraud and victimization caused by the unchecked release of city employee SSNs outweighs the minimal information about governmental processes gained through the release of the SSNs. Our holding is not intended to interfere with meritorious investigations conducted by the press, but instead is intended to preserve one of the fundamental principles of American constitutional law -- ours is a government of limited power. We conclude that the United States Constitution forbids disclosure under the circumstances of this case. Therefore, reconciling federal constitutional law with Ohio's Public Records Act, we conclude that [the provision] does not mandate that the city of Akron discloses the SSNs of all of its employees upon demand.

While it is true that many companies and government agencies today use the Social Security Number indiscriminately as a form of identification, it is also clear from the 1936 Act, the 1974 provision, and these cases that there is plenty of legislative and judicial support for limitations on the collection and use of the SSN. The question is therefore squarely presented whether the Congress will at this point in time follow in this tradition, respond to growing public concern, and establish the safeguards that are necessary to ensure that the problems associated with the use of the SSN do not increase.

Previous Top News

  • U.S. Sues Illinois for Passing Law Demanding Accuracy in Employment Eligibility System. The federal government has filed suit (pdf) in a federal district court seeking to block a new Illinois law, claiming it preempts federal law. However, the state law does not ban outright employer use of the voluntary employment eligibility verification system called E-Verify. Instead the Illinois law prohibits employers from using the system until the federal databases it uses can be certified as 99 percent accurate. Federal reviews have deemed (pdf) the system "seriously flawed in content and accuracy"; for example, the Social Security Administration database is estimated (pdf) to include 18 million incorrect records. See EPIC's Spotlight on Surveillance on E-Verify. (September 25, 2007)
  • EPIC Urges Federal Trade Commission to Restrict Use of SSN. In comments (pdf) to the Federal Trade Commission, EPIC urged the Commission to create regulations to limit the use of the Social Security number, but those restrictions should "not limit the ability of the states to develop better safeguards." In Congressional testimony (pdf) and previous comments (pdf), EPIC has consistently called for more restrictions on SSN use and recommended the creation of context-dependent identifiers "that will encourage the development of more robust systems for identification that safeguard privacy and security." (Sept. 5, 2007)
  • EPIC Urges Limitations on SSN Use. In testimony (pdf) before the House Ways and Means Committee, EPIC Executive Director Marc Rotenberg urged Congress to adopt legislation to address the misuse of the SSN and the growing problem of identity theft. Citing a recent report (pdf) from the Federal Trade Commission that finds that identity is the number one concern of American consumers, EPIC called for "strong and effective legislation that will limit the use of the SNN" and context-dependent identifiers "that will encourage the development of more robust systems for identification that safeguard privacy and security." EPIC also criticized the President's Identity Theft Task Force for failing to make more aggressive recommendations regarding the SSN theft. (June 21, 2007)
  • Personal Data of 64,000 Ohio State Employees Stolen. The names and Social Security numbers of all 64,000 Ohio state employees are on a backup data storage device that was stolen last weekend from a state agency intern's car. Also included on the device are data on 53,797 participants enrolled in the state's pharmacy benefits management program and about 75,532 dependents of those participants. More and more security breaches happen every day, placing millions of people at risk for identity theft. Privacy Rights Clearinghouse and other organizations keep a record of such breaches, and it says the number of records containing sensitive personal information involved in security breaches since January 2005 has risen to 155,160,842. (June 18, 2007)
  • EPIC Testifies on Worker ID System. In testimony (pdf) to the House Subcommittee on Social Security, EPIC Executive Director Marc Rotenberg urged that the Subcommittee to strengthen privacy safeguards associated with national employment eligibility verification systems proposed in House and Senate bills. He said the systems "contain significant weaknesses that should be remedied prior to" imposing the verification systems on the 143.6 million authorized workers nationwide. "As currently planned, these systems greatly diminish employee privacy and make personal information vulnerable to theft and misuse. The proposed verification systems would also grant to the federal government unprecedented control over the livelihoods of American citizens." For more information, see EPIC's Spotlight on Surveillance for May 2007 concerning employment eligibility verification systems. (June 7, 2007)
  • Congress to Hold Hearing on Employment Verification System. On June 7, the Subcommittee on Social Security of the Committee on Ways and Means willhold a hearing on current and proposed employment eligibility verification systems and the role of the Social Security Administration in authenticating employment eligibility. Subcommittee Chairman Michael R. McNulty (D-NY) said, "if employment eligibility verification is to be a key enforcement tool for immigration policy, we must ensure the system is effective, efficient and feasible. We need a better understanding of the possible consequences and impact on the Social Security Administration if they are to undertake this expanded responsibility without compromising their core mission of administering Social Security." EPIC's current "Spotlight on Surveillance" scrutinizes the national employment verification system now under consideration in Congress. The national database is proposed to prevent undocumented immigrants from obtaining employment in the United States, but it could instead prevent millions of Americans from obtaining lawful employment. (May 31, 2007)
  • House Passes Two Bills to Protect SSN Privacy. The House Commerce Committee passed both the Social Security Protection Act of 2007, H.R. 948, and the Securely Protect Yourself From Cyber-Trespass, or Spy Act H.R. 964. H.R. 948 makes it illegal to purchase or sell Social Security Numbers in a manner that violates Federal Trade Commission (FTC) anti-fraud regulations. EPIC testified (pdf) last year before the House Subcommittee on Social Security on the risks associated with expanded use of Social Security numbers, such as identity theft. H.R. 964 bans malware or spyware tracking techniques such as the use of keystroke-logging programs or the installation of software without gaining approval via a clearly stated end user licensing agreement. (May 18, 2007)
  • EPIC Recommends Against Use of Universal Identifiers. In comments (pdf) to the Federal Trade Commission, EPIC warned against using universal identifiers, such as biometrics or the Social Security Number, in authentication systems. EPIC explained that a biometric identifier cannot be changed by a victim once his or her identity has been breached -- a fingerprint is unalterable. "Any move toward universal identifiers, while potentially deterring amateur thieves, increases the potential for misuse once determined criminals steal that data," EPIC said. For more information, see EPIC's Biometrics page and National ID Cards and REAL ID Act page. (March 23, 2007)
  • FTC Reports that Identity Theft Again Tops List of Consumer Complaints. The annual report (pdf) by the Federal Trade Commission finds identity theft complaints, for the seventh year in a row, the number one concern of US consumers, accounting for 36 percent of the 674,354 complaints received. According to the FTC, Credit card fraud (25 percent) was the most common form of reported identity theft, followed by phone or utilities fraud (16 percent), bank fraud (16 percent), and employment fraud (14 percent). In Spanish. The FTC report appears to repudiate an industry-funded study that suggested a decline in identity theft. EPIC has repeatedly explained (pdf) that Social Security Numbers are the "keys to the kingdom" for identity thieves. (Feb. 8, 2007)
  • EPIC Urges Accountability and Privacy Remedies for Identity Theft Prevention. In comments (pdf) to the Federal Identity Theft Task Force, EPIC said that addressing the problem of identity theft requires strong preventative measures and meaningful privacy rights for individuals. Identity theft is a major threat to consumers, costing the economy $50B per year.The Task Force requested comments prior to its concluding report. EPIC urged that the task force promote responsible data collection practices, minimize the amount of data collected, require security for personal data warehouses and give consumers rights in personal data that others hold. More on the EPIC Identity Theft Page. (Jan. 19, 2007)
  • EPIC Testifies Against SSN Expansion. In testimony (pdf) today before the House Subcommittee on Social Security, Executive Director Marc Rotenberg urged Congress not to expand the uses of the Social Security number and the Social Security card. "Every system of identification is subject to error, misuse, and exploitation," Rotenberg said. Some members of Congress have proposed that the card contain digital photos, machine-readable identifiers, and biometric identifiers that could turn the Social Security card into a national ID card. (Mar. 16, 2006)
  • Illinois Outlaws Pretexting, Adopts New Privacy Safeguards. Illinois Governor Rod R. Blagojevich signed legislation last week outlawing the practice of "pretexting," pretending to be an account holder so as to obtain access to someone else's personal information. In the past year, Illinois has passed several laws to protect consumer privacy, including measures that address identity theft, limit the use of the Social Security Number, require notification of security breeches, and allow state residents to put a security freeze on their credit report if they believe their personal information has been compromised. For more information, see EPIC's page on Illegal Sale of Phone Records and the Privacy Page of the National Conference of State Legislatures. (July 10, 2006)
  • Veterans Affairs Data Theft Widens. The personal information of about 1.1 million active-duty military personnel, 430,000 members of the National Guard and 645,000 members of the Reserves, was stolen in the recent theft of computer data from the Department of Veterans Affairs, the agency announced Tuesday. The agency previously said (pdf) that all 26.5 million people affected by the data theft were veterans and their spouses. The data include Social Security numbers and disability ratings. Privacy Rights Clearinghouse offers ID theft prevention tips. For more information, see EPIC's Veterans Affairs Data Theft page. (June 7, 2006)
  • Spotlight: Employment Verification Database Expansion Threatens Security. This month, Spotlight surveys the Basic Pilot employment eligibility verification system conducted jointly by the Social Security Administration and the Department of Homeland Security. Lawmakers are debating legislation that would greatly expand the Basic Pilot system, making its use mandatory for all employers nationwide. This would cost $405 million from 2006-2010, according to the Congressional Budget Office (pdf). However, a recent Government Accountability Office review (pdf) of the program shows that the system is riddled with security and accuracy problems that would be exacerbated by nationwide expansion. EPIC's Spotlight on Surveillance archive. (May 9, 2006)
  • EPIC Comments on Privacy of PA Court Records. In comments (also available in pdf) to the Pennsylvania court system, EPIC urged records custodians to protect personal information contained within court records. Court records contain sensitive personal information, including Social Security numbers, and these records increasingly are being used to build dossiers on individuals. Any person may comment on the proposed public access policy until November 17, 2005. For more information, see EPIC's Public Records and Privacy Page (Nov. 9, 2005)
  • Senators Specter and Leahy Introduce Comprehensive Privacy Legislation. The leading Republican and Democrat on the Senate Judiciary Committee have introduced the Personal Data and Security Act of 2005. The bill would strengthen penalties for identity theft, create new rights of data access, establish security standards, limit the sale and display of the social security number, and require the government to establish safeguards for personal information held by data brokers. See EPIC's Choicepoint page and Model Privacy Regime for more information. (June 10, 2005)
  • Congresswoman Calls for Hearings on Social Security Disclosure Policy. Congresswoman Carolyn Maloney has recommended (pdf) congressional hearings on the Social Security Administration's "ad hoc" decision to share personal information with law enforcement immediately after 9/11. "I am concerned that the SSA apparently gave no notification to Congress when it decided to change its rules and that there has been no real oversight of the SSA's actions," said Rep. Maloney. Documents (pdf) obtained by EPIC under the Freedom of Information Act show that the agency changed its stringent policy to allow for liberal disclosure of personal information "in connection" with 9/11-related investigations. A subsequent front-page New York Times article reveals that the agency provided personal information about thousands of people to the FBI in terrorism investigations since 9/11. For more information, see EPIC FOIA Note #4. (June 22, 2005)
  • EPIC Testifies in House on SSN and Employment Verification. EPIC Executive Director Marc Rotenberg testified (pdf) before the House Judiciary Committee on the "Illegal Immigration Enforcement and Social Security Protection Act of 2005." The bill would require all workers to obtain an SSN card that is machine readable and gives the Department of Homeland Security broad authority to determine employment eligibility. EPIC warned that "new systems of identification will create new risks." The hearing was Webcast. (May 12, 2005)
  • LexisNexis Breach Compromises Data on 310,000 Americans. Data broker LexisNexis said today that personal information on 310,000 U.S. citizens may have been stolen in a security breach announced last month. At the time, LexisNexis said the breach only affected 32,000 people. LexisNexis said its databases had been fraudulently breached 59 times using stolen passwords, allowing access to addresses, Social Security numbers, and other sensitive information. This is the latest in a recent string of data breach scandals (pdf) that have affected hundreds of thousands in the U.S. In testimony before Congress (pdf) and the California Senate, EPIC has called for the regulation of data brokers because there is too much secrecy and too little accountability in their business practices. For more information, see EPIC's Choicepoint page. (Apr. 12, 2005)
  • EPIC Urges Congress to Protect SSNs. In testimony to the House Energy and Commerce Subcommittee on Consumer Protection, EPIC advocated strong protections for Social Security Numbers. EPIC urged Congress to pass legislation that limits use and dissemination of the SSN in both the public and private sector. (Sept. 28, 2004)
  • EPIC Files Comments on Use of Voter SSNs. In comments to the Social Security Administration, EPIC has urged the agency not to create a new routine use of the Social Security Number for state voter registration purposes. EPIC asked the agency not to implement this routine use until state election administrations agree not to require voters to present their Social Security cards in order to vote in federal elections. For more information, see the EPIC Voting page. (Sept. 3, 2004)
  • EPIC Highlights Role of SSN in Identity Theft. In a follow up letter to previous testimony on enhancing SSN privacy, EPIC and U.S. PIRG detailed the role that the SSN plays in identity theft. (July 2004)
  • EPIC Recommends Protections for the SSN. In testimony to the House Ways and Means Subcommittee on Social Security, EPIC argued that Congress should create legislative protections for the Social Security Number (SSN). EPIC praised Subcommittee Chairman Shaw for introducing legislation that limited SSN use in the public and private sector, and made recommendations to strengthen protections. (June 15, 2004)
  • EPIC, Organizations, Scholars, and Experts File Brief in Supreme Court Privacy Case. EPIC, 12 privacy organizations, and 16 legal scholars and technical experts have filed an amicus brief in Doe v. Chao, a case concerning the wrongful disclosure of the Social Security Number. The friend of the court brief argues that the Privacy Act provides damages for those who suffer "adverse effects." The brief points to the dangers of SSN disclosure, the tradition of providing similar awards in other privacy laws, and the history of the Privacy Act. More information is available at EPIC's Doe v. Chao Page. (Aug 27, 2003)
  • EPIC Urges Protections for the SSN. In testimony before the House Ways and Means Subcommittee on Social Security, EPIC urged Congress to pass comprehensive legislation to protect the privacy of the Social Security Number. (Jul 10, 2003)
  • NH Supreme Court: Information Sellers May Be Liable for Amy Boyer's Death. The New Hampshire Supreme Court has held that information brokers and private investigators can be liable for the harms caused by selling personal information. In the case, a young woman was murdered by a stalker who obtained her personal information from information brokers and private investigators. EPIC submitted an amicus brief in the case supporting greater privacy protections against pretextual calling and the sale of Social Security Numbers. For more information, see the EPIC Amy Boyer Page. (Feb. 18, 2003)
  • EPIC Testifies on Need to Limit SSN Use. In testimony before a joint hearing of the House Ways and Means Subcommittee on Social Security and the House Judiciary Subcommittee on Immigration, Border Security, and Claims, EPIC Legislative Counsel Chris Hoofnagle advocated the adoption of comprehensive privacy protections for Social Security Numbers (SSNs). EPIC urged Congress to adopt a legislative strategy that discourages the collection and dissemination of the SSN and encourages organizations to develop alternative systems of record identification and verification. (Sept. 19, 2002)
  • EPIC Testifies at House Hearing on Identity Theft. EPIC Executive Director Marc Rotenberg testified at a joint hearing of the Subcommittee on Social Security and the Subcommittee on Oversight and Investigations on identity theft, particularly post September 11. EPIC's testimony focused on the urgent need to limit the collection and use of social security numbers (SSN) and to establish regulatory and oversight mechanisms to protect consumer's sensitive private information. (Nov. 8, 2001)
  • President Threatens to Veto Social Security Number Anti-Privacy Bill. On October 26, President Clinton indicated he would veto a federal appropriations bill that incorporated Social Security number provisions opposed by consumer and privacy advocates. The White House press release cites the omission of "needed protections against the inappropriate sale and display of individual citizens' Social Security numbers" as one reason for the impending veto. For more information on the bill's language, read the fact sheet (PDF) produced by US PIRG. (Oct. 2000)
  • EPIC Testifies on Use of Social Security Numbers. On May 11, the House Subcommittee on Social Security held hearings on the "Use and Misuse of Social Security Numbers". EPIC's testimony argues that there is clear judicial and legislative support for further legal restrictions on the collection and use of social security numbers. (May 2000)
  • Bill Protecting Driver's License Information Sent to White House. The Department of Transportation and Related Agencies Appropriations Act 2000, in an amendment offered by Sen. Richard Shelby (R-AL), provides two new protections for driver's license information. The first repeals an earlier law requiring Social Security numbers to be displayed on all driver's licenses. The second provision in the amendment takes away federal funding in this bill for states that do not obtain a driver's permission before selling their information to third parties. More information about the privacy risks associated with Social Security numbers and their inclusion on driver's licenses is available from EPIC. The bill has passed Congress and is currently waiting the President's approval. (Oct. 1999)
  • GAO Report Finds Opposition to SSN Reform. A new study by the General Accounting Office finds that businesses and government organizations believe that federal laws restricting use of Social Security numbers as a personal identifier would have a negative impact on their ability to conduct routine activities. (Feb. 1999)
  • Federal Reserve Issues Report. The Federal Reserve has issued a report "Consumer Identifying Information and Financial Fraud" on consumer privacy and whether the availability of personal information on the net contributes to bank fraud. PDF version of the report. The Notice on the report. (Dec. 1996)
  • Airlines to Collect SSNs. Proposed FAA rule for collecting personal information including name, address, Social Security Number, Date of birth and next of kin for every domestic passenger. (March 1997)
  • Welfare Reform Legislation Expands Use of SSNs. The House and the Senate passed welfare legislation in 1996. The bills expand the collection and use of Social Security Numbers, develop new "tamperproof" Social Security cards and establish state databases of "new hires." See the letter from ACLU, EPIC and U.S. PIRG opposing the provisions. (Nov. 15, 1995)
  • Court Protects Privacy of SSNs. The U.S. Court of Appeals for the Fourth Circuit held that Virginia's collection and public disclosure of the SSN as a condition to vote is unconstitutional. The Court concluded that to the extent the Virginia voting laws, "permit the public disclosure of Greidinger's SSN as a condition of his right to vote, it creates an intolerable burden on that right as protected by the First and Fourteenth Amendments." For more information, see the amicus brief prepared by EPIC staff. (Mar. 22, 1993)
  • Court Allows IRS to Print SSNs on Envelopes. In Ingerman v. United States EPIC drafted an amicus brief arguing that the Internal Revenue Service's practice of openly displaying Social Security Numbers on mailings sent to taxpayers violated the Privacy Act of 1974. The Third Circuit affirmed a lower court decision that held that the Privacy Act had not been violated. However, the IRS has discontinued the practice of placing the number on the outside of the envelope. (1992)