House proposal would imprison SSN fraudsters

A sweeping attempt at curbing use of Social Security numbers by the government and the private sector has just emerged in the U.S. Congress.

Reversing a frequent trend of new bills sitting around for a while, this one is already scheduled to go up for a preliminary vote in the House of Representatives Ways and Means Committee on Wednesday. The idea, framed as necessary to reduce instances of identity theft, is nothing new.

In May, the House of Representatives Energy and Commerce Committee speedily endorsed a similar bill chiefly sponsored by Rep. Edward Markey (D-Mass.) that would instruct federal regulators to issue rules barring the sale or purchase of Social Security numbers--with a number of exceptions that drew reservations from some privacy hawks. A Markey aide said her boss was still reviewing the new bill and hadn't taken a position on it.

At 56 pages (PDF), the latest effort is far lengthier and more prescriptive but includes many of the same provisions. It was introduced Monday by Reps. Michael McNulty (D-N.Y.) and Sam Johnson (R-Texas), who lead a House subcommittee on Social Security that claims to have held 16 hearings on the subject.

"It is time to place some common-sense limits on the use of Social Security numbers by government and businesses in order to reduce their easy availability and ensure the privacy of this sensitive information," McNulty said in a statement.

The new bill, called the Social Security Number Privacy and Identity Theft Prevention Act, appears likely to prompt the same concerns from privacy advocates about the number of carveouts on SSN sales it proposes. It would permit the sale and use of the identifiers "to the extent necessary" for law enforcement, national security, public health, emergency situations, enforcement of tax laws, credit reporting, research "for the purpose of advancing the public good," or, of course, with the SSN holder's consent.

In addition to limits on sales of SSNs and authority for state attorneys general to sue alleged violators, the bill includes a number of other proposals that the Markey bill does not:

• It would prohibit the display of SSNs on Web sites available to the "general public" and require their transmission via the Internet to be encrypted or "otherwise appropriately secured from disclosure."
• Both the public and private sector would be barred from displaying SSNs on government- or corporate-issued checks, identification cards or tags (including on barcodes or magnetic strips associated with them).
• Existing prisoners would be shut out of employment in any capacity that would allow them access to SSNs.
• A slew of new criminal penalties would accompany misuse of SSNs, ranging from a year behind bars in less serious cases to up to 25 years in prison for cases in which the SSN misuse was associated with terrorist acts.
• Civil violations, including assisting others in acquiring SSNs or selling one's own SSN with the "intent to deceive," would carry fines of up to $5,000.
• Social Security Administration employees would be subject to a tougher crackdown--a sliding scale climbing to as much as 20 years in prison for fraudulently selling or transferring more than 100 SSNs or cards.

Three related bills are also pending in the Senate during this session, but their timetables for consideration are unclear.

Update at 2:55 p.m. PST: The latest House bill's approach is garnering mixed reviews in the lead-up to Wednesday's vote. Jennifer Barrett, chief privacy officer for the data broker Acxiom, said it offers important consumer protections but would benefit from additional exceptions for other "legitimate" SSN uses, such as employee background checks (a service that her company provides).

Electronic Privacy Information Center director Marc Rotenberg deemed the measure a "very important bill." In a statement e-mailed to CNET News.com, he said granting additional exceptions requested by data brokers "would increase the risk of identity theft as well as the abuse of the SSN."