the and it ripped my tool in the back and cuts th cut the handleh about and a piece of shrapnel hit my leg. watch the series with the veterans starting sunday at 7 p.m. eastern on american history tv on c-span. at a house hearing on identity theft, federal officials discuss the security vulnerabilities of the social security numbers and how to protect american's privacy. this hous house ways and means subcommittee hearing begins with committee chair sam johnson. this is an hour and a half. >> good morning and welcome to

today's hearing on the future of social security. the social security card and the social security number were created in 1936, believe it or not. so the social security administration could track earnings and correctly determine benefits. today's use of social security numbers for everything. so when you get a job, buy a house or open a new credit card, given all the ways that we use it is no wonder the social securitthat socialsecurity numbe target for identity thieves. forrg years i've been dedicatedo giving all i can to protect america, americans from identity theft by protecting the privacy of social security numbers. military id i ids no longer use social security numbers. and medicare is now sending new

cards without numbers, social security numbers to seniors across the country. and last year, congress made all the federal agencies stop mailing documents that contain social security numbers unless it is absolutely necessary. for a long time, keeping social security numbers secret and keeping them safe. but after so many high-profile data breaches like equifax and in anthem they were stolen, it is clear that it isn't a secret anymore. and it's time that w we stop they are. that make no mistake it is still important to limit under the necessary use of social security numbers but if we want to keep pace with identity thieves, we

need to think beyond just keeping them. as we will here today, what makes these numbers so valuable to the identity thieves is how we use them. using social security numbers both to identify someone and to prove their identity doesn't make sense, that we have been doing it forever. we need to break the link between identification and authentication. i recently learned of a case in arizona where the mother of a child whose social security number had been stolen was told she neededle to change her

daughter's name and last name, first, middle and last name before they get a new social security number but it isn't the social security policy. ex- drug hoops to jump through made up by a field office employee. while i'm happy the little girl eventually got a new number without having to change her name, getting a new number shouldn't be so difficult. it shouldn't take a local news story or a call from a congressional office for social security to do right by those looking for help. identity theft is on the rise, and we must take a hard look at the future of social security numbers, both how it is used and

if social security needs to do things differently. we have the responsibility to do all we can to better protect p americans from identity theft. i want to thank the witnesses for being here today, and i look forward to hearing your testimony. and i will now recognize mr. larson for his opening statement. >> thank you, mr. chairman. let me echo your sentiments and also acknowledge that you have been a leader in the united states congress, both in protecting the integrity of the social security program from fraud and abuse, and certainly in this case, identity theft, which threatens the entire system. as you indicated, mr. chairman, the recent data breach atrm the

equifax left people wondering if they would have their identity stolen or credit damaged. their ability to get a mortgage, small business loans or even a job is at the whim of criminals. stolen information can direct traffic on their financial security. it doesn't matter if you are in planoo texas or east hartford connecticut or whether you are six weeks old or 96-years-old, cyber criminals don't care. their onlthey're only interesten profiting from your identity as much as possible. equifax is one of the long list of l data breaches where personl information about hard-working men and women has been compromised, including social security numbers, which is the subject of today's hearing. the problem of identity theft is

well known and it affects the entire economy. we need to come together in a bipartisan way to strengthen the privacy protections and safeguards the financial security. and i thank you mr. chairman for your continued efforts in reaching out along those lines as well. what is clear is that all use of social security numbers, both government and business, need to change their ways. the widespread use of social security numbers is a way to both identify and authenticate individuals, posing an ongoing risk of identity theft. this practice assumes that only ie has accesi have access to myl security number. but given the extent of the data breaches, this is no longer a safeiv assumption, as i believe the witnesses will all agree. there is a role here both for the government and industry. there are steep headwinds in

this fight. the pace of innovation and the technologies used by cyber criminals present a very difficult and foreboding challenge. at the same time he must be sure the solutions to protect personal information are accessible to all americans even those of us who are less at the new technologies. finally we must keep american privacy concerns that bind about how the data collected and about individuals, how it is used and who controls it. just as we must come together to protect americans personal identity information, we should also come together to protect the future of social security itself. my dear friend and colleague shares my concern in this, and i think we need to have a hearing on the future of social security itself. we have proposed bills in the legislation.

it's time that we expanded the most successful program in the nation'sry history knowing thats we go forward, it's important to protect and hard to secure from fraud and abuse. but also, to understand that this is an insurance program that needs to be made actuarially sound. it was last touched in 1983 when ronald reagan was president and a tip o'neill was the speaker of theea house. it's an actuarial problem that can and should be addressed for americans but also as disparity grows in this great country of ours, but on the one thing evere person in this nation can count on is social security has never made a payment. we have an o obligation on the committee and as members of congress to make sure that the integrity ofe the program and also its viability goes beyond

the 75 year requirement that we are sworn to serve. with that, i yield back and look forward to the questions and look forward to asking questions and hearing from our distinguished panel. >> thank you for your comments. as it was discussed, any members are welcome to submit a statement for the record. before we move on to the testimony, i want to remind our witnesses to please limit your oral statements to five minutes. however, without objection all of the written testimony will be made a part of the hearing record. we have seven witnesses today. seated at the table or nancy berryhill for acting commissioner of the social security administration, elizabeth curda, director of education workforce and income security for government accountability office, samuel

lester can privacy counsel electronic privacy information center, paul rosenzweig -- >> it's rosenzweig. >> thank you. senior fellow at the art history institute, the senior vice president and chief technology officer mcafee, jeremy grant, coordinator, james louis senior vice president technology policy program center for strategic and international studies. acting commissioner berryhill, please begin your testimony. >> chairman johnson, ranking member larson and members of the subcommittee, thank you for inviting me to identify identity theft and the future of the

social security number. i'm the social security acting commissioner. the scope of our program is enormous. we pay monthly benefits to over 62 million social security beneficiaries and 8 million supplemental security recipien recipients. during 2017 repeat of 934 billion social security beneficiaries and 55 billion to the ssi recipients. in addition, the earnings items to the workers records last year. this underpins the programs we administered a. we designated this nine digit number in 1936 to allow employers to report earnings and to determine eligibility for benefits. today, we've issued around 505 million unique members to eligible individuals. we created a number for the program that has become a personal identifier used broadly across government and the

private g sector. for example, in 1943 the executive order requires federal agencies to use the ssn for computer technology andut data processing and in the 60s that further increased the use of the number and federal agencies. ..

>> he made changes to protect the integrity of the number including strengthening security on the card to require additional proof. to establish programs to ensure aan timely ssn such as enumeration of birth deciding to a newborn thereby for federally funded programs for eligibility and others. as it continues to increase and through the ftc and law enforcement for those investigations to assign a new number with that misuse of the number it is important to know assigning a new number can

cause more problems for example the absence of a credit history that makes it more difficult but nevertheless the recognition of those effects we will refine those policies to serve the needs of the victims we have added flexibility to policies and we encourage front-line employees to know with experts and we will continue to do what we can to mitigate the effects of misuse but we alone cannot solve the problem of the overreliance of the ssn. as long as it remains key to those of value like credit it will have commercial value it will continue to be targeted for misuse. identity theft is a broad

public policy issue for the chairman and the subcommittee thank you for your efforts to protect the internet -- ssn including removing from the medicare m card cards. this is an important step howeverr, with public and private experts and the chief information officer is here with me today i am happy to answer the questions you may have. >> i appreciate your testimony please proceed director curda.

>> thank you for inviting me here to discuss the gao observations on the extent to which the paper social security card is used and what it cost to produce.s issuing 500 million social security numbers and cards and not intended to serve as a personal identifier outside of the program due to the universality and uniqueness and private sector entities those that use it as a convenientnv means however as everyday transactions are electronically whether a paper card is still needed or desirable to communicate or verify. today i will first discuss it there any federal requirements for a social security card and sense to discuss common solutions that the

stakeholders may ask to see to conduct business and t finally discuss those views in although there are many federalar requirements we found that no statutory requirements identify requirements with human resource managers and finance sector in the state agencies and those that we spoke with have a variety of instances with other acceptable forms of documentation to identify their identity or as a said.

clement to document that eligibility the social security card is the most commonly used document one of several acceptable documents making eligible to work in the united states other examples include u.s. passport or permanent residence card. a common reason employers may ask to verify the accuracy because employers can be find for submitting inaccurate w-2 forms. it is commonly used to apply for a driver's license under the real id act of 2005 it five it is one of several options for documents that an applicant must provide for their identity can also be used as documentation when setting up financial accounts or to resolve discrepancies

however providing the card is not required. ssa and the stakeholders provided their perspective on the implication to elevate the card. one advantage is to ensure the accuracy with that of relying on someone memory but this advantage -- disadvantage is that to ensure the identity of the cardholder so other forms are usually needed. however most of the stakeholders indicated the process would not change significantly if the card was illuminated to use other documents for verification or electronically verify with ssa. officials provided their perspective that illuminating theof card could result in a limited cost savings if any in 2016 estimate the cost to

produce the card range between six dollars for a replacement card online or $34 requested in person at a field office. these estimates include technology paper printing postage and overhead if the card were illuminated only some of these cost would be saved because of the labor and other costal needed to generate new t ssn. a conservative estimate based on the printing and paper mailing costd account for only 60 cents of the cost of the card ssa officials said the agency spent $8 million fiscal year 2016 on delivery and paper and printing but implementing a new system to replace the card could offset the savings. other implications of a cordless electronicc system included security and control of personall information and potential barriers for people

with limited access to technology. this concludes my prepared statement i'm happy to answer questions. >> thank you. i appreciate your testimony. mr. lester, please go ahead. >> chairman johnson ranking member and members of the subcommittee thank you for the opportunity to testify today. i am the consumer privacy counsel an independent nonprofit research organization here in washington d.c. established 1994 emerging privacy and civil liberties issues. i appreciate your interest in this critical topic i cannot overstate the urgency that we update our privacy laws. there is no other form of personal information that

poses a greater threat to privacy than a social security number. the recent equifax breach exposed social security numbers of over half of the u.s. adult population. it was never meant to be the all-purpose identifier in the private sector when first introduced in 1936 to be used only for the administration of social security taxes. the fact that it is now so pervasive as the identifier and authenticator username and password undoubtedly contributed to the alarming rise of data breach and identity theft and financial fraud. the keys to the kingdom of identity thieves a criminal possession of your ssn can file fraudulent taxes, open new accounts and take out lines of credit and many other forms of fraud. you're about to buy a home you can experience your worst nightmare window lender pleasure credit to see your score is too low to qualify

because somebody fraudulently run up to in your name. for someone who has experienced new account fraud it could take years to recover financially. in 2017 identity identity theft impacted almost 17 million consumers. more importantly consumers cannot protect themselves from the misuse of the ssn as others have stressed the social security administration will only be placed in the most extreme circumstancesth and furthermore the credit reporting industry makes it even more difficult the credit freeze is costly and fraud alert services do not adequately protect consumers. the ceo of lifelock had his identity stolen 13 times after he displayed his real socialse security number in a commercial to demonstrate how effective the product was at preventing identity theft. recent efforts to limit the use that much more needs to be

done for example in 2017 medicare finally announced it would remove ssn from the card with the result led by the effort of chairman johnson on this committee. also a number of states have takenn steps in the right direction like alaska now prohibits the use of ssn by private companies without explicit legal authorization this is a good model for federal legislation and also shows why federal law should not prevent states from enacting their own laws. the cause of the use of the ssn congress should take the following measures. the ssn should be prohibited in the private sector without explicit legal authorization and company should be prohibited from compelling consumers to disclose that as a condition of sale or service unless authorized by law. to promote the development of

context specific identifiers for example if you are doing thinking you have a bank account number with the drivers license have a drivers license number the advantage of those specific identifiers if one number is compromised thieves do not have access to all accounts. finally congress must not replace the ssn with a national biometric identifier. this would be a very bad idea. this approach would pose serious privacy and security risks with a breach of personnel office management had getters had digitized fingerprints stored in the federal database these would only be compounded if u.s. were to move to a national biometric thank you for the opportunity to testify i am happy to answer your questions. >> think user i appreciate your testimony aste well.

mr. rosenzweig. >> thank you very much thank you and i am also pleased to speak with you today about the future of the social security number. it has a long history of utility as it identifier i don't think that's the problem. the use is no different than the use of mysp phone number or the use of my name but the problem is that the social security number has mutated now and is also the authenticator of my identity. those are only useful if it has something that you know exclusively that you have for that you are and kept confidential. today social security numbers are so deeply compromised and widely available in public

even through criminal means they can no longer be used as the authenticator. this is because recent like the equifax breach we have already spoken of any anniversary this week has disclosed the vast majority of previously confidential social security numbers mine has been breached three times in the last four years so i feel this quite personal and as a result in my view any enterprise that uses a social security number as an authenticator is engaging in borderline privacy and security malpractice. but some do just the other day i was shocked a renewal membership use the last four of my social security as a way to authenticate my identity this was a governmental use so what should we do about that and my judgment congress has three logical options. first to regulate or outlaw

social security numbers that is a possible solution and one that i respectfully think is not appropriate that comes with all the usual disadvantages of government intervention regulatory gridlock cost enforcement mechanisms necessary along with procedural safeguards in short i think the regulatory response was at the great deal of expense and to be a lot relatively low result or are no bigger than the next solution which is to do nothing in a lot of ways the market is addressing this problem and as the authenticator it has become widely known and is increasingly on the decline eventually the market will take care of the problem but that is before it does a great number of americans will suffer from breach and identityre theft that is the second-best solution the best in my judgment and one of the joys of a think tank is to think m creatively and to think

outside the box is to eliminate the utility of the social security number as the authenticator make it impossible in practice for anyone to use it in this way. one simple and quite elegant solution i offer as a thought experiment and a possiblepo practical solution is to put a phonebook with every person number to make it impossible for any enterprise to legitimately use that as an authenticator of identity to continue to do so after that in my judgment is negligence that are to involve liability for the enterprise. one final point congress needs to look to its own house repeatedly we have mandated the collection of social security numbers as and sometimes continue to use them as my

colleague has already testified to at a minimum it is incumbent upon congress review use of the socia' security number and the process if only to clean up our own house we can speak to the private sector with authority. i thank you for the opportunity to testify before you i look forward to the opportunity to answerha questions. >> you are recognize. >> in morning chairman johnson into members of the subcommittee a proud owner to testify today and chairman johnson it is an honor to work in her district having the largest u.s. location in play -- in plano texas it is an honor to testify today as technical strategy to protect connected computing worldwide for consumers and business architecture.re

i have worked in the field of cybersecurity for two decades with 24 u.s. and international patent in security architecture and patents it is one of the world leading cybersecurity companies providing solutions for both business and consumers. the nine digit social security number first appears as an identifier in 1936 but since has become the de facto national identifier and federal use of which it was never intended. the plane knowing a social security number is accepted as a mechanism to impersonate an individual and it has become the premier target for cybercriminals. ssn are sold in bulk on the black market for as little as one dollar each and one stolen it cannot easily be reissued or replaced. last year's equifax breach resulting in 145 million

us-based users having personal information compromised reminds us that they need to modernize the national identification standards. there three elements that need to be discussed when we transition to a personal identifier identity and authorization and in the current model social security numbers play ae role in all three and identity is not an identifier that can be public like an individual twitter handle to identify the individual was simply knowing the handle does not enable them to impersonate the account holder whereas authentication is the process of proving that you are a specific identity and generally relies on one of whetherpes of factorsrs something you know like a password or a smartcard or a biometric the authorization is granting a specific capability or benefit to a specific entity and all three parts

need to be in scope for the next-generation system we have all the technology pieces to live toward a high-quality, high security well thought out next-generation identity management system based on authentication but what's more difficult is understanding the requirements that are acceptable for both government and asking questions is this solution exclusively for government related services? how can the system be inclusive to all systems for access to advanced technology? does the biometric database have database issues how will recovery mechanisms work with technology assets? what are the cost constraints or timelines for implementing andst maintaining a solution into the next generation and how long does the underlying cartography need to last?

the last question is interesting we are on the verge of quantum computing becoming a viable reality that is well-suited to break the underlying cartography to protect the world's data that the public key algorithm is part of most protection and identity solutions the next-generation architecture must comprehend the quantum computing world we will face over the next few decades we need to look at what technology options are available to ask if it could be useful or do not recommended while a powerful technology providing property also brings scalability and complexity with its own security challenges in the case of the next-generation system, we do have a trusted central authority, the u.s. u.s. government to focus on the problem that we are trying to solve and the one thing we must do is not use the current

system that we have. a few quick recommendations to use the identity management executive order that outlaws the use of social security numbers as authenticator servers to push agencies to act as aci validator and mandate alll services required the use of strong authentication to let innovation flourish work together with the private sector to move faster to implement quantum save algorithms to protect those data protections and identity solutions it is an honor to testify to the subcommittee i appreciate your interesting considering my recommendations of the forward to answering your condition on that question to my thinking from coming all the way from plano texas. >> please go ahead. >> good morning chairman johnson ranking member and members of the committee thank you for the opportunity to discuss the social security number with you today. on behalf of the better

identity coalition or organizationf launched to bring together leading firms from different sectors to develop a consensus cross sector policy recommendations that promote the adoption of better authentication. the founding members including recognize leaders from the economy financial services healthcare technology telecommunications and members are united by common recognition the way we handle identity theft in the u.s. and a common desire to see public and private sector to each take a step two of identity work better with more than 20 years in the intersection of cybersecurity 2011 i was selected to lead the national strategy in cyberspace which was a white house initiative focused on improving security privacy and choice in innovation and also led the identity team leaving government three years ago with the technology business strategy practice with a law

firm here in town with the leading practice and in that role i serve as a coordinatorerr of the better identity coalition. i am grateful to the committee to call this hearing the ssn is a key component of our infrastructure in the future impacts every american. up front i would submit many challenges lead to more than 80 years of contradiction of policy how the number should bedi managed and use the biggest is the ssn simultaneously presumed to both the secret and public because we tell them to guarded closely public because of multiple laws that require individuals to give it out for interactions with governments secret because we tell those entities to ensure that if they storeti it with they require them to do that it is protected in public because to the point that the majority of americans have been compromised multiple times over the last several years through the data breach.

these contradictions are not theip results of anything malicious but reflect years of trying to balance several fortune trolls through the ssn and ssa which the government recognizes the contradictions and take steps to put policies in place that are morenie consistent putting us on a pathns with privacy and convenience for americans. those five areas for changess needed first when talking about the future of the ssn it is essential as noted to understand the difference between the numbers as the identifier to sort out which jeremy grant im and as the authenticator to prove i am actually this jeremy grant. it should no longer be used as the authenticator stop pretending it is a secret or knowledge can be used to prove that someone is who they claim to be.ov

second just because it is not used as the authenticator does not mean me to replace them with new issue identifier i don't see any proposal that does not involve spending billions of dollars in confusing hundreds of millions of americans at very little security rather than create a new identifier we should craft better authentication not depend on the social security number and resilient against modern attacks. there is good news multi- stakeholder efforts to develop standards for next-generation now to be embedded in those devices t operating systems to enhance security privacy and user experience the government can play a role in adoption and forth it does not mean it needs to be used everywhere many members would love to reduce where they use the ssn due to the risk it presents to the identifier coming up

against laws and regulations and finally to focus not just on the ssn but the social security administration the issue goes beyond the future use of the nine digit number and what role should the government play in the ecosystem? while identity may not be a part of the statement there is no question in 2018 it is in the identity business. time to acknowledge that fact and take a step back to contemplate what that means having agencies accept their role may be the most impactful thing the government can do specifically like allowing consumers to start asking agencies that help personal information to vouch and the department of motor vehicles of the most to offer from the bipartisan commission's federal government should work

for them standards and rules to ensure that privacy protection and also to get it started i appreciate the opportunity to testify i look forward to answering your .uestions >> mr. lewis welcome and please proceed. >> thank you mr. chairman and ranking member i think the committee for the opportunity to testify. one of the leading scientists of the 20th century said an expert is an individual who makes all possible errors in a particular field and i think that qualifies me as an expert in this issue. [laughter] i have been involved in programs like this since 1982 and none of which have worked. but let's give it a try. [laughter] is the key identifier unique to each individual issued by a trusted source and most importantt feelings to different databases which attack the cow and drivers

license it is invaluable but as we have heard but also invaluable for crime and one estimate between 60 and 80% of all social security numbers have been stolen including $16 billion annually i think the committee is on the right track looking at ways to modernize and strengthen the ssn and social security number to provide members to reduce crime our goal should be to provide the same level of secure that citizens expect from the private sector or the citizens enjoy f in other developed economies. several options for modernizing the ssn include federated authentication public encryptio encryption, and smartcards some of these have been tried in the past

that they face problems with complexity and cost and raise privacy concerns. simply publishing the ssn is the least expensive option but it doesn't fix all the problems that we face the first step would be to replace card with security a smart card with the embedded chip like the credit cards that most of us carry millions of commercial transactions are carried out with these cards every day most people are familiar with them which would ar burden of acceptance and transition the smartcard provides the foundation for a secure social security number when the credit card to stolen your financial institution cancels the old one to issue a newsu one you are still linked to your account and responsible for charges but not linked to the old number and a similar approach might help us to think about how to

streamline and modernize the number more secure. . . . . because there is no fre replacement. block chain technology may offer in option but it's not ready as you've heard it's not yet mature. the best argument for smart cards as we already used them on massive scale. companies and citizens are familiar, implementation of course would be difficult in any change in an institution is going to be difficult that we have the advantage of knowing the technology processes over theor word because of our experience with credit cards and

bank's. thank you for the opportunity to testify and i look forward to your question. >> we will now look at the questions which is customary for each round of questions i will limit my time to five minutes and ask my colleagues to also limit their questioning time to five minutes as well. acting commissioner berryhill, the alarming story about a child in episode raises man the episoy questions about how social security treats identity theft victims. are you taking a close look at how you handle requests for new social security numbers? >> i'm very aware of the case you are referencing and thank you for bringing this to our attention. we've worked very hard to issue verification policies to all of our front-line employees and also helped national calls the poll managers and directors and

we also decided we would have regional experts available to the front-line employees at the time when the time comes when they have a complex case and the situation we would consider that a complex case. having the regional experts that are well trained on an enumeration and replacement and new ssn will help so we took immediate action and all of those have been accomplished. >> more than 1200 field offices but are you doing to make sure your policies are being followed? >> that's why the hell's national calls with all of our managersl and oversight to the managers we will continue to do checks and balances to make sure the policies are followed. i believe having a regional experts at the employees can consult if they have questions is going to be a change in. >> i was shocked to learn

employees voice mails tell callers to record their social security number with their name and phone number to get a return call. how is that ais good practice given all of the concerns of identity theft and phone scams? >> i understand and am aware of the situation so we do use the social security number to book our records and if an individual is not comfortable leaving their social security number, they should not do that. however, it does expedite the transaction when they call us back we can pull u if we can pus record can have that available so we can quickly go through the process with them to answer any questions but again if someone is uncomfortable, they should not leave their social security number. >> okay w well, maybe we ought o take another look at that. this panel has talked about some big ideas today.

what do you think? is now the time to take action? >> i think the one thing we hurt universally across the panel is using social security numbers as authenticators is something that needs to be addressed as the most time critical element of the issue. there are clearly other issues on the friend should social security numbers from an identifier but looking to remove social r security knowledge as n authenticator is something we must act on immediately and invest in whatever it takes to make that a practical reality. >> we've bee >> we've been trying to do that for 20 years. >> thank you mr. chairman. i want to thank the panel. we have an awful lot of hearings

but it's refreshing when you have pinellas to give you some solutionse as well. acting secretary berryhill, first let me commend you for your service and also acknowledge that there's no one who's been working harder to make sure that we have a permanent secretary of social security than the chairmanf himself and we support him in those efforts and hope the administration will act soon but we want to thank you for your service. there is unanimity on the kennedy with respect to authentication. how would you go about implementing that and what is the cost of this? >> certainly any ideas by the panel members today we take all of them and review them and cost them out. it's certainly not something i address today. lots of ideas are good the but n you have to look at the price

tag attached to them so we will go back and look at any ideas the committee would like us to look at. >> any idea on that price? >> one thing we need to look at the price is the price of not taking action. if you look at the cost related to fraud or misuse of social security numbers as authenticators, my opinion is that it's a staggering figure that needs to be comprehended when looking at the cost of implementing a new plan. >> you had a number of solutions but one of the things you emphasized is that we steer clear of any biometric solutions.ul can you explain why? >> when congress passed the privacy act and 74, they were explicitly responding to and rejecting calls for a national identification system. the national identification

systems that rely on biometrics and other countries that raised grave civil liberties and privacy concerns for example in india the biometric system was recently preached compromising the biometric data on the 1.2 billion citizens. i think any problems are demonstrated by the recent breach. >> with all the panelists agree with that is a reasonable concern? >> it dependss on the problem u are trying to solve. they were trying to solve there was no starting point and they needed to ensure an individual only registered a single time for benefitsts and so by using e biometrics are present in individual from registering in one town and then walking the road again.

to look for other less intrusive mechanisms of the first step and as mr. lewis mentioned, things such as smart cards can be a more practical option that could be distributed without requiring every citizen to have biometrics biometrics. [inaudible] >> i think it is a good interim solution, but to be honest, the smart card security system is not in itself terribly robust. we've all experienced credit card fraud as well. on the issue of biometrics i

think it is a difference between the centralized database. biometrics as an identifier is something that president obama's white house supported as a substitute for passports because they are more readily available for use byad most citizens so i wouldn't write with such a -- >> you've also objected to one of the solutions. can you explain why and then hopefully he will get a chance to reply. >> i don't so much object. regulation is clearly one of the normal tools in our toolkit here in washington alongside taxation. >> regulation or the efficiency of the ability to regulate. >> i'm not a fan of the regulatory system just to be brief about it we've already acknowledged [inaudible]

>> i think it would cost quite a bit and take far too long. >> thank you all for being here today. i had a coach in high school for the same name and w did we go id rosie. ms. berryhill, when we look at the size and scope of the program and a number of beneficiaries, is there anybody in the private sector that even comes close to chasing these typees of problems as far as making sure they are sending their money to the right people with so much fraud in the system already is there an approach people are looking at that would makeen sense? >> we need to protect our records. we've been collecting wage information and benefits.

we have a robust anti-fraud system we put in place and review the claims ahead of time and flag the high-risk claims but as far as the private sector, we have to make sure our beneficiaries and recipients are protected and that their data is protected. >> the very nature of the way we do things today we have a safely put things into that we cannot walk. somebody is finding a way to get into the data over time and if we keep thinking this is just the way we do things today we will just have to keep going down the path. i'm just really fascinated. you said something i have written down is there any information as a cost of not tht finding a remedy to this and i think those numbers would be so staggering most of us wouldn't even want to discuss it. is thereny any idea what the cot of this is because you keep doing the same thing over and over again expecting a different

result i don't see how we fix this the way we are going rightt now so the cost of not fixing f, any ideas? >> i don't have a quantitative number. >> one estimate was from the economist an angeles $16 billioa year. >> 16 billion. okay. some companies have recognized problems with the business models in response. can you share some examples in the private sector how people are addressing this? >> one of the founding members of the coalition is aetna who led an effort launched in 2014 pakistan reducing the instances of the member withing their

systems. talking about cost, this is a six-year roughly $60 million investment company is undertaking because they think they can reduce the risk profile by reducing the instances across their enterprise and i think today they've eliminated about 10 billion instant is ambitious you i probably have my ssn ended up in this debate could different systems. to do thisre willing and particularly fortune 500 companies are looking at it as a liability but the cost significance it cannot happen overnight. they are also hindered as a co- venture they are required to leverage almost all the government business also was any beneficiary they have to report to the government for health insurance, so i highlighted this in my opening testimony there's a lot of government requirements out there that state the private industry has to aetna and it

will be hard to eliminate it entirely. >> as we keep going forward we look at this program and refer tbook and refer toit as an entis just that you are entitled to the benefit because you have paid into it your whole life. the agreement on this committee and congress i as we have to protect this program because it is so vital. i appreciate you being here today but can you please continue to weigh in and give us other examples and solutions to thiwhat it is we are trying to ? it's so massive right now it's one of those things you sit back and say it's too big to work on but it's going to get bigger and bigger more expensiv and more ee don't do it.en >> falling on the comments one of the things we need to look at is the opportunity cost of continuing to try to protect social security numbers from

becoming public when we know they are already public and so manin somany cases, so althoughe are a number of interesting efforts put forth in the last few years to reduce the disclosure i would ask what if we repurpose those into building a modern authentication system so that we simply use the social security number as an identity and not s in a authenticator. >> thank you mr. chairman. a great panel. would you respond to the question that you didn't get a chance to respond to before? >> sure. in 30 seconds. you are talking about the cost of regulation. we talked but the cost of regulating this and i would like to mention the cost that is 16.7 billion to be precise as

the amount stolen as a result of identity theftll in 2017. the cost of notof regulating isn the billions and furthermore, what we are talking about is restoring the social security numberng to its original purpose to be used only by the social security administration that is what it was intended for an congress many times looked at this when they passed the privacy act that is originally what it was intended to do. >> last month the ways and means committee marks up a bill to protect children and consumers fromom identity theft. he was 5192. by helping reduce the prevalence of synthetic identity fraud the bill would do this by facilitating the validation of

identifying information provided by records and upon the consent of the customer some of the consumer, i'm sorry, through a maintained by the social security administration it was considered an important step that congress tookth to hep prevent identity theft but i want to get your view very quickly about the extent of this system and whether it would solve the problem or not. i talked about this a bit in my written testimony. the first idea goes to a key point that i listed in my opening statement can we shift the model a little bit when it comes to identity verification services so government agencies that are these authoritative groups of trust when it comes to my day that they've got the truth of what my name and aetn n are. why can't i ask them to open an

account to what my bank check their systems with this new bill if it passes, and i think itst s also in the senate reform package for banking will be a good first step. it's only limited to openings under the fair credit reporting act. i can't imagine as a consumer why i wouldn't want to validate that for everybody and the other question if we are worried about synthetic identity fraud is to take care of accounts going forward but there is probably in the thousands of millions of accounts outut there today so oe question has been should financial institutions have an opportunity to have a one-time window to put existing accounts out there to make sure things match. >> these widespread data

breaches, home depot, j.p. morgan, target, u.s. postal service and of course a equifax, highlight our attention. from the consumer protection standpoint, this is outrageous. hackers assess access to personally identifiable information from millions of customer accounts. in the wrong hands can access to social security numbers, birthday, address and license numbers can turn someone's life upsidee' down. we must do everything possible to establish privacy code safeguards and social security. protecting the individual's personal information to ensure their identities are protected

must be one of our top priorities. should the burden be on the government to create a unique identifier to verify individuals or should it be on the private corporations to establish a unique identifier with their client? >> i think that's where the importance>> of context to the specific identifier comes into play so if you are transacting the company you have a unique identifier for the companyan tht way if an identity thief steals the identifier they do not have access to all of your account and cannot destroy your financial life. >> if i could add in the many attempts we've learned there's s only one trusted source and that's the government and the that's why it is the default identifier. people don't trust other sources.

>> i want to add this point are we serious about doing this? are we serious about changing the culture and why haven't we done more. we need to ask ourselvesre that question. >> this is an incredibly complicated problem, but it's not new. it's existed thinking back to law school, commercial paper in order to allow for the free flow of commerce we had walls to protect people so the bank had a duty to know your signature so

if anybody forged or check it wasn't your problem it was the bank's problem. that kind of applies here doesn't. it? if somebody negligently ... your personal information don't they have liability for that? >> absolutely the burden is on the company thaten collected the information and it's important to stress that equifax collected the information and consumers did not provide that information. in fact when theyrs were breachd they are the ones that put the cost on the consumer by charging them for credit freezes and fraud on a touring, and i think it's also important to stress there needs to be more action. >> are they at a liability for that? >> absolutely which is why there needs to be a private right of action for consumers. >> say you were advocating for

specific identifier is for everything and i think i heard mr. grant say he didn't have a problem with national security as an identifier and you said the same thing and i kind of agree everybody's got an identifier, it's their name at the very least, but a name is not unique. there is a lot of tom prices out there, so you need some type of a national identifier i would think and i don't know why social security couldn't be that, but it can't be an authenticator because it isn't private any more. >> using my social security number as an authenticator is as stupid as using the last four letters of my last name as my authenticator or the last four digits of my phone number,

mobile phone numbers everybody has one and it's probably one you will have the rest ofw your .ife >> as a matter of common sense got the idea that you would eliminate any sort of unique identifier is just not practical. we've got to have some kind g of bait unique identifier and i don't know why it can't be your social security. i would think the way to attack this problem, i don't care what we do if we come up with the most beautiful and complex system that would do away with any hacking today, tomorrow, they will figure out something different. it's been going on since the beginning of time and will keep going. so, i would think the way to attack this is kind of like they did with commercial paper in that we should put liability on

people who negligently released your information. mr. rosenzweig. >> to make people strictly liable for that, for myself i would probably prefer a negligence standard over strict liability, but i do think what you are on to is the right economic answer which is putting the applications on the least cost of later. one of the reasons is that it makes it impossible for anybody to maintain the idea of security for the social security number as an authenticator. liability would be another opportunity. >> what do you think about that, mr. grobman? >> it is a market-driven enterprise looking to steal things about you, and the reason that sites are criminals are looking to steal social security numbers is in today's world, they have value because they can

be used as an authenticator. one of the most practical ways to stop the theft is to devalue what they are going after command that is in general a much more practical mechanism at the scale then trying to -- >> i have to stop you because i only have ten seconds. if you could respond to this by raising your hand. do you have a problem with using social security numbers as an identifier but not an authenticator? one out of eight. >> time is expired. ms. sanchez, you are recognized. >> social security numbers were originally created as a way to track earnings and they were meant to be used as an identifier in the private sector. the social security number has morphed into a tool used to identify and authenticate individuals in a number of

different situations by greatly expanding the universe of people and companies that have access to this incredibly valuable information. the widespread use of social security numbers have left them vulnerable to identity theft. as we all know, social security numbers are valuable to identity thieves and can be opened to use new credit cards or even take out mortgages often leading to financial ruin to unsuspecting and innocent consumers. as technology continues to advance at an alarming rate, the unique social security numbers are increasingly vulnerableiq to cyber theft and fraudulent use. recent data breaches demonstrate the need to secure this information and just how valuable social security numbers and also other personal data are. theer equifax attack of uncompressed 145 million americans, compromise over 145 million americans personal

data including their social security numbers, that almost half of the u.s. population who are now at risk for identity theft or financial fraud. social security numbers have become the default identifier because they are truly unique, standardized and can be verified, but as more and more personal information is available for cheap, we need to start thinking about the best way to identify and verify individuals. i would like to start by asking, american consumers don't have a full picture of what information is being collected about them. what kind of data is being collected about americans and areng required companies its?cting >> first i would like to clarify, raising t my hand becae it wasn't a yes or no answer, i a problem with the social security number being used as an identifier.

.. >> are companies required to protect that information?

there is no federal standard right now for dataa security that the ftc does in forest data security when companies have authority under unfair and deceptive practices like in the case of uber when in fact it is nonexistent but there needs to be national standards because the states have the freedoms with that dynamics so there needs to be federal standard for data securityty. >> so most believe they are required but how contact pacific identifiers work and that they use in canada?

>> yes so that number in canada as i understand it is a unique concept as an identifier i am not super familiar but i can certainly get back to us more information. >> i would appreciate that i would like to know how that works because that could be instructive for setting policy with the ubiquitous use of the social security numbers. there are other examples in my statement like university identifier may resent and if university like georgetown gives you a nine digit id number instead of your social security number. >> i yield back. >> i appreciate you all for being here i just want to say

a shot at saying your name. [laughter] my question is while listening to the story earlier we give you my number and take away your name and that is a aboutn but to ask getting a new social security number when you lose your credit card that bank wants to get you a new one right away because they want you to use it again and make sure no more money comes outo of their account because that affects them as well and i don't see the same for the social security administration in that environment. if you think about it when somebody's number is take in the fraud is deeper than the bank or the irs on the taxpayer maybe somebody gets your social security check

that could affect you but why do we make that so difficult to get a new number when that is theul problem? i don't know that there is the same amount of concern like at the bank when your credit card is taken may be money to get a new card but it is small and the other end where the fraud takesat place. >> normally to get a new card and number because it doesn't always stop the problem many times other companies will cross reference the old number to the new number although we do look so the irs tax returns but again looking at this

frontline will help them but really designed for the benefit it is really about credit card fraud and baking fraud. >> but let me get back to my question there is no harm on a charity to the social security administrationon budget it affects someone else you don't have that vested interest in your situation and cross reference doesn't need to happen to get rid of the old number they don't need to keep that data i don't find that is a very good answer so you need to take a look at what can be done to get somebody in number because that is exactly what the business will do if you're identifier is stolen then they have motive to get you a new one.

to protect themselves but i don't find you are at risk if the social security numbers taken awayy because there is not a desire to solve the problem but $34 of that is what it cost to get a new card or number that is compared to the hundreds or thousands of dollars that are going out on the other end. i want to clarify that o because that is a detriment to the social security administration. >> i don't know if i agree with that. if we said everybody that wants a number. >> now. you have to have a reason not just that i don't like that number. bedo realistic. we're talking about those who have been victimized. >> we want to do due diligence and make sure it is appropriate.

>> iak get that but why is somebody told that they have to change their name? do you like that was not appropriate. >> we need to look into it further i yield back. >> have you started to write down a couple of questions and then you have disagreements and networks but then i want to take one gigantic step backwards. i came to all of you either a policy or technology experts

tote say how do we design a singular stone -- a single porthole as circuit -- certain token trade-offs to see the last ten years of your irs tax returns or social o security benefits or veterans discharge all of this is government. to create a single porthole in the way that is safe and robust and elegant and to sketch out a concept of the diametric if i was to run down the line would it not only

solve our issue from social security number but the policy from the bureaucracy to blind documents for character and having to get unique identifiers so the incremental solution cannot be done? >> so my first concern is the breach that means all the information is out there. >> we will get to that that there is a way so right now. theoretically let's say we could reduce those levels of security.

>> we will work with you and any ideas that you have but our concern o is we would be in the worst situation today and that sounds like a nice aspirational idea if the federal government could come up with those systems it would be very difficult to d do. >> looking at the centralized database is the wrong approach i use the example of container ships to compartmentalize so there all the oil is not one container to capsize the ship. >> so why do countries like estonia have incredible success because there are levels of information? is different levels of security?

>> i don't know about the case estonia but it is much smaller. >> what is your secret? >> i don't have a coding background. >> i'm sorry i was trying to more technical. >> i would say that is a good case study it is about scalability issues. i think it is least feasible but i do share some people's concerns u.s. government large-scale approach never get there so the government sector may not quitee get it. >> and you are interrupting a lot ofof bureaucracy players do not absolutely it can be done i think if you look at the large-scale systems that exist today for authentication whether financial services, or

those numerous capabilities the private sector hasie built with a set of protocols allow that authentication but the discussion needs to be the right balance betweend privacy and security when i fixate on is when you hit quantum you needed token as the algorithm is under threat. >> one of the key points in my written testimony is although we have not settled on which algorithms to use the design of a newe, system we can design it such that we have the ability to swap out the algorithms. >> you don't think it token system is more robust? >> it is part of the solution

but the underlying cartography that needs to be used does need to be used. >> this is something i need to learn more. >> your time has expired. >> we willil talk after but i need to disclose. [laughter] >> so with those identity thieves we need to think about less protecting social security numbers make them less valuable in the first place it is time to take a hardme look at the hr social security numbers and establish what needs to change to better protect americans from identityro theft. this hearing has given us a good starting point i look forward to discussing with my colleagues in the future to figurees out the steps forward. americans are counting on us to get this right when they deserve nothing else. thank you to all witnesses for

your testimony today and thank you to the members for being here and with that. >> i want to make a comment and thanks to the chairman for these panels and we still have a lot of questions please submit to us in writing because it is very valuable with your input as the chairman has indicated that we as a committee will meet to digest what you send us in writing in terms of your solution and also the urgency that you attach with this especially as the chairman has outlined how we might proceed because this was a very productive meeting and i think the chairman and i appreciate the opportunity to respond.

>> thank you for being here we appreciate your presence and with that we are adjourned. >> thank you for being here we appreciate your presence and with that we are adjourned. [inaudible conversations]

speemac there was a cartographer here who was embedded in the house and wanted to capture doctor king's emotions that he watched on television is president johnson committed to signing the voting rights act as if he was watching the television that night president johnson addressed

the nation as if he was watching the television that night president johnson addressed the nation. >> and then the sense of the past and the present come together for here in the south.

>> mr. president i am here today with the nomination of ms. haspel of the cia and there are two reasons i oppose this nomination with her support for torture to destroyce evidence and for years to try to re- describe this inhumane practice to make it seem less