A recent bipartisan bill, known as the Social Security Number Privacy and Identity Theft Protection Act of 2009 (H.R. 3306), is the latest Government attempt to curtail identity theft. The bill would prohibit Federal, State and local governments from selling Social Security numbers (SSNs), displaying SSNs to the general public, displaying SSNs on checks issued for payment or on identification cards issued to employees, employing prisoners in jobs that provide them with access to SSNs, and transmitting the SSNs over the internet without encryption. The bill would also forbid the private sector from doing all the same things, and limit truncated SSNs to the last four digits.
The punishments for violating this potential law would be quite harsh. Repeat offenders who try to sell, purchase or misuse the SSN could face up to ten years in prison, and Social Security Administration employees who sell or transfer SSNs potentially face prison sentences of twenty years. But why all this fuss about social security numbers?
Well, although originally a humble group of nine digits designed to track individuals for retirement benefits, the social security number has now become a de facto national identification number, required to obtain a driver’s license, submit a loan application, apply for a job, donate blood, and a host of other things. Because SSNs are so frequently used by businesses to authenticate identity, a thief that manages to get his hands on an individual’s SSN may be able to wreak havoc. The stories of identity theft victims tell of mysterious credit card bills, loans taken out in their name, difficulties repairing credit, and substantial, continuing anguish. To make things worse, in many cases, the Government might have been an unintentional accomplice.
Despite the SSN being a portal into identity theft, Federal, state and local governments have been often making SSNs easier to steal. Until recently, the Social Security Administration displayed the recipient’s full SSN on the millions of benefit statements mailed each year. Tens of millions of ID cards for Medicare, the Department of Defense and Veterans Affairs display the social security numbers of the card holders. State and local governments are even worse. The GAO estimates that 85% of the largest counties in the US either display records that may contain SSNs online, or offer them in bulk sales. These records include divorce settlements, property liens, and mortgage documents, all with the consumer’s SSN potentially in full display. Why bother trolling through someone’s dumpster to steal an identity when the government has so graciously provided all the tools you need online?
Every year, up to 10 million Americans are victims of identity theft, costing consumers $50 billion dollars annually. Identity thieves employ a variety of methods to steal identities, from simply swiping mail or dumpster diving to “phishing,” where thieves solicit personal information through emails disguised as coming from the consumer’s financial institution. But no matter the method, identity thieves everywhere benefit from the ubiquity of the social security number. Whether or not this bill will change that remains to be seen.