Testimony and Statement for the Record of
Executive Director, Electronic Privacy Information Center
Adjunct Professor, Georgetown University Law Center
Hearing on the
Use and Misuse of the Social Security Number
Subcommittee on Social Security
Committee on Ways and Means
U.S. House of Representatives
May 11, 2000
1100 Longworth House Office Building
My name is Marc Rotenberg and I am the executive director of the Electronic Privacy Information Center, a public interest research organization based here in Washington. I am also on the faculty of the Georgetown University Law Center where I have taught the Law of Information Privacy for ten years. I wrote briefs in two of the leading cases involving the privacy of the Social Security Number, I helped organize the campaign against the Intel unique Processor Serial Number, and I have worked with many technical experts to encourage the development of identification systems that avoid the flaws of the Social Security Numbers and other types of Universal Identifiers.
I appreciate the opportunity to testify this morning. I will briefly review the legal status of efforts to regulate the use of the SSN, discuss some of the recent problems with universal unique identifiers, such as the SSN, and make a few brief recommendations. I believe that legislation to limit the collection and use of the SSN is appropriate, necessary, and fully consistent with US law. I also believe that if Congress fails to act, the problems that consumers will face in the next few years are likely to increase significantly.
History of the SSN and the Efforts to Regulate
The Social Security Number (SSN) was created in 1936 as a nine-digit account number assigned by the Secretary of Health and Human Services for the purpose of administering the Social Security laws. SSNs were first intended for use exclusively by the federal government as a means of tracking earnings to determine the amount of Social Security taxes to credit to each worker's account. Over time, however, SSNs were permitted to be used for purposes unrelated to the administration of the Social Security system. For example, in 1961 Congress authorized the Internal Revenue Service to use SSNs as taxpayer identification numbers.
A major government report on privacy in 1973 outlined many of the concerns with the use and misuse of the Social Security Number that show a striking resemblance to the problems that witnesses have outlined this week. Although the term "identify theft" was not yet in use, Records Computers and the Rights of Citizens described the risks of a "Standard Universal Identifier," how the number was promoting invasive profiling, and that many of the uses were clearly inconsistent with the original purpose of the 1936 Act. The report recommended several limitations on the use of the SSN and specifically said that legislation should be adopted "prohibiting use of an SSN, or any number represented as an SSN for promotional or commercial purposes."
In response to growing concerns over the accumulation of massive amounts of personal information and the recommendations contained in the 1973 report, Congress passed the Privacy Act of 1974. Among other things, this Act makes it unlawful for a governmental agency to deny a right, benefit, or privilege merely because the individual refuses to disclose his SSN. This is a critical principle to keep in mind today because consumers in the commercial sphere often face the choice of giving up their privacy, their SSN, to obtain a service or product. The drafters of the 1974 law tried to prevent citizens from facing such unfair choices, particularly in the context of government services. But there is no reason that this principle could not apply equally to the private sector, and that was clearly the intent of the authors of the 1973 report.
Section 7 of the Privacy Act further provides that any agency requesting an individual to disclose his SSN must "inform that individual whether that disclosure is mandatory or voluntary, by what statutory authority such number is solicited, and what uses will be made of it." At the time of its enactment, Congress recognized the dangers of widespread use of SSNs as universal identifiers. In its report supporting the adoption of this provision, the Senate Committee stated that the widespread use of SSNs as universal identifiers in the public and private sectors is "one of the most serious manifestations of privacy concerns in the Nation." Short of prohibiting the use of the SSN outright, the provision in the Privacy Act attempts to limit the use of the number to only those purposes where there is clear legal authority to collect the SSN. It was hoped that citizens, fully informed where the disclosure was not required by law and facing no loss of opportunity in failing to provide the SSN, would be unlikely to provide an SSN and institutions would not pursue the SSN as a form of identification.
It is certainly true that the use of the SSN has expanded significantly since the provision was adopted in 1974. This is particularly clear in the financial services sector. In an effort to learn and share financial information about Americans, companies trading in financial information are the largest private-sector users of SSNs, and it is these companies that are among the strongest opponents of SSN restrictions. For example, credit bureaus maintain over 400 million files, with information on almost ninety percent of the American adult population. These credit bureau records are keyed to the individual SSN. Such information is freely sold and traded, virtually without legal limitations.
But it is also critical to understand that the legal protection to limit the collection and use of the SSN is still present in the Privacy Act and can be found also in recent court decisions which recognize that there is a constitutional basis to limit the collection and use of the Social Security Number. When a Federal Appeals court was asked to consider whether the state of Virginia could compel a voter to disclose an SSN that would subsequently be published in the public voting rolls, the Court noted the growing concern about the use and misuse of the SSN, particularly with regard to financial services. The Fourth Circuit said:Since the passage of the Privacy Act, an individual's concern over his SSN's confidentiality and misuse has become significantly more compelling. For example, armed with one's SSN, an unscrupulous individual could obtain a person's welfare benefits or Social Security benefits, order new checks at a new address on that person's checking account, obtain credit cards, or even obtain the person's paycheck. . . . . Succinctly stated, the harm that can be inflicted from the disclosure of a SSN to an unscrupulous individual is alarming and potentially financially ruinous.
The Court said that:The statutes at issue compel a would-be voter in Virginia to consent to the possibility of a profound invasion of privacy when exercising the fundamental right to vote. As illustrated by the examples of the potential harm that the dissemination of an individual's SSN can inflict, Greidinger's decision not to provide his SSN is eminently reasonable. In other words, Greidinger's fundamental right to vote is substantially burdened to the extent the statutes at issue permit the public disclosure of his SSN.
The Court concluded that to the extent the Virginia voting laws, "permit the public disclosure of Greidinger's SSN as a condition of his right to vote, it creates an intolerable burden on that right as protected by the First and Fourteenth Amendments."
In a second case, testing whether a state could be required to disclose the SSNs of state employees under a state open record law where there was a strong presumption in favor of disclosure, the Ohio Supreme Court held that there were privacy limitations in the federal Constitution that weighed against disclosure of the SSN. The court concluded that:We find today that the high potential for fraud and victimization caused by the unchecked release of city employee SSNs outweighs the minimal information about governmental processes gained through the release of the SSNs. Our holding is not intended to interfere with meritorious investigations conducted by the press, but instead is intended to preserve one of the fundamental principles of American constitutional law -- ours is a government of limited power. We conclude that the United States Constitution forbids disclosure under the circumstances of this case. Therefore, reconciling federal constitutional law with Ohio's Public Records Act, we conclude that [the provision] does not mandate that the city of Akron discloses the SSNs of all of its employees upon demand.
While it is true that many companies and government agencies today use the Social Security Number indiscriminately as a form of identification, it is also clear from the 1936 Act, the 1974 provision, and these two cases &emdash; Greidinger v. Davis and Beacon Journal v. City of Akron &emdash; that there is plenty of legislative and judicial support for limitations on the collection and use of the SSN. The question is therefore squarely presented whether the Congress will at this point in time follow in this tradition, respond to growing public concern, and establish the safeguards that are necessary to ensure that the problems associated with the use of the SSN do not increase.
Problems Beyond the SSN
Efforts to regulate the collection and use of the SSN will not stop all the problems associated with the use of identifiers but they will address the most pressing current problem and could contribute also to future schemes that are less privacy intrusive.
Internet users are particularly concerned about the development of "GUIDs" or Global Universal Identifiers. Last year Internet users launched a campaign against Intel, the largest maker of computer chips in the world, when it proposed to create a Processor Serial Number, unique for each machine, that would make it easier to track and monitor the activities of Internet users. Eventually, under heavy pressure, Intel agreed to withdraw its plan, and more recently Intel announced that it would not include the unique identifier in its next generation of computer chips. This is clearly good news.
But there are also indications that in the absence of strong privacy laws and strong limitations on the use of new ID systems, new problems will arise. Experian, the large credit reporting agency, announced recently a new identification scheme that will enable tracking on a global scale. According to Helen McMillan, vice president of technology for Experian, "Names and addresses are very poor data elements for building search and match algorithms or for maintaining data integrity and hygiene on customer databases. Our industry leading PIN technology delivers the most reliable and accurate consumer identifier on the market." This may be welcome news for marketers who are trying to uniquely track customers and potential customers, but I suspect most consumers and users of the Internet would object strongly to the assignment of such permanent identification numbers.
Microsoft has raised concerns with the recent news that it plans to integrate a biometric identification scheme in the next version of the Windows operating system. A biometric identifier, such as a fingerprint, can be an effective and highly accurate way to establish the identity of an individual, but it can also facilitate a much higher degree of tracking and profiling than would be appropriate for many transactions. Should people who enter federal office buildings, for example, be required to provide biometric identifier, such as a fingerprint scan? It is not hard to imagine that such a practice could develop in the next three to five years. Of course, the problems that will arise when biometric identifiers are compromised are severe. What will happen at the point that your biometric identifiers no longer identify you?
These are issues that the Congress might also consider as it goes forward with legislation to limit the use of the Social Security Number. Perhaps the National Research Council or a fully formed privacy agency could be asked to look in more detail at how best to develop identification schemes that enable online commerce and promote security, while at the same time reducing threats to privacy and the loss of control over identity.
In conclusion, there is clear authority in both legislation and judicial opinion that supports the enactment of further laws to limit the collection and use of the Social Security Number. It is particularly important that such legislation not force consumers to make unfair or unreasonable "choices" that essentially require trading the privacy interest in the SSN for some benefit or opportunity.
Legislation in this area will not solve all of the problems with identity theft or invasive profiling but it will address the most pressing problem and it could encourage the development of better techniques in the future.
I am grateful for the opportunity to testify this afternoon and would be pleased to answer your questions.
Electronic Privacy Information Center, "Social Security Numbers" [http://www.epic.org/privacy/ssn/]
Flavio L. Komuves, "A Perspective on Privacy, Information Technology an the Internet: Weve Got Your Number: An Overview of Legislation and Decisions to Control the Use of Social Security Numbers as Personal Identifiers," 16 J. Marshall J. Computer & Info. L. 529 (1998)
Testimony of Marc Rotenberg, Computer Professionals for Social Responsibility, "Use of Social Security Number as a National Identifier," Before the Subcomm. on Social Security of the House Comm. on Ways and Means, 102d Cong., 1st Sess. 71 (February 27, 1991)
Greidinger v. Davis, 988 F.2d 1344 (4th Cir. 1993) and brief amicus curiae for CPSR (Marc Rotenberg and David Sobel) (SSN requirement for voter registration) (lead case on privacy of Social Security number)
Beacon Journal v. City of Akron, 70 Ohio St. 3d 605 (Ohio 1994) and brief amicus curiae for CPSR (Marc Rotenberg and David Sobel) (SSN disclosure of city employees)
Marc Rotenberg, Privacy Law Sourcebook: United States Law, International Law, and Recent Developments (EPIC 1999)
Department of Health, Education, and Welfare, Records, Computers, and the Rights of Citizens 108-35 (MIT 1973) (Social Security Number as a Standard Universal Identifier and Recommendations Regarding Use of Social Security Number)