X

Congress may slap restrictions on SSN use

Identity fraud concerns spur promises of new laws restricting some commercial uses of Social Security numbers.

Anne Broache Staff Writer, CNET News.com
Anne Broache
covers Capitol Hill goings-on and technology policy from Washington, D.C.
Anne Broache
3 min read
WASHINGTON--Democratic and Republican politicians on Thursday both promised to enact new federal laws by the end of the year that would restrict some commercial uses of Social Security numbers, which are often implicated in identity fraud cases.

"Whether Social Security numbers should be sold by Internet data brokers to anyone willing to pay, indistinguishable from sports scores or stock quotes... to me, that's a no-brainer," Texas Republican Joe Barton, chairman of the U.S. House of Representatives Energy and Commerce Committee, said at a hearing. Such a practice should not be allowed, he said, "period, end of debate."

In both the House and the Senate, there are at least three pieces of pending legislation that propose different approaches to restricting the use and sale of SSNs. Politicians have expressed astonishment at what they see as a rising identity fraud problem, frequently pointing to a 2003 Federal Trade Commission survey that estimated nearly 10 million consumers are hit by such intrusions each year.

One bill, sponsored by Massachusetts Democrat Edward Markey, would require the FTC to make new rules limiting the sale and purchase of those identifiers, with exceptions for law enforcement, public health, certain emergency situations and selected research projects.

Another measure, sponsored by Florida Republican Clay Shaw, would restrict the display of SSNs on credit reports and on various government-issued documents and identification tags. It would also make it illegal in certain cases for anyone to refuse to do business with people who decline to supply their SSNs.

Testifying at Thursday's hearing, FTC Commissioner Jon Leibowitz stopped short of endorsing either bill, but he readily acknowledged that the identifiers "are overused, and they are underprotected."

"Users of Social Security numbers should migrate toward using less-sensitive identifiers whenever possible," he said, adding that companies also need to do more to protect the data they possess.

The SSN hasn't always had such broad applications. Back in 1935, Congress first directed the Social Security Administration to develop an accounting system to track payments to the fund. Out of that mandate came a unique identifier that has ultimately found applications in everything from issuing food stamps to tracking down money launderers.

One use of particular concern to the privacy community is the vast databases compiled by commercial "data brokers" about the American population that financial institutions can use to verify identities. One such company, ChoicePoint, grabbed headlines last year after a breach of its database came to light. That incident and other high-profile breaches unleashed a number of proposals in Congress, some of which target what some deem unregulated data brokers.

The controversy over the connection between SSNs and identity fraud is hardly new, and a number of states have already enacted restrictions in that area. Several federal laws, including the Fair Credit Reporting Act and the Health Insurance Portability and Accountability Act, better known as HIPAA, also include restrictions on use and disclosure of the identifiers.

As they pursue new laws, politicians said they're facing a difficult "balancing act" between rooting out abuses of Social Security numbers and protecting uses that tax collectors, the financial sector and law enforcement officials, among others, claim are invaluable.

Numerous industries have found a number of "beneficial uses" for SSNs, said Oliver Ireland, who testified on behalf of the Financial Services Coordinating Council. That group represents trade associations for the banking, securities, and insurance industries.

The numbers, for instance, "are critical for fraud detection," Ireland said in prepared testimony.

Also on Thursday, a California Senate committee approved an identity fraud bill that would improve state residents' ability to freeze their own credit reports when mischief is suspected.

CNET News.com's Declan McCullagh contributed to this report.