and then it went off. it peppered my jacket, it ripped, i had an entrenching tool in the back, a shovel. cut the handle off of that. it threw me to the ground. my leg, a piece of shrapnel hit my leg. >> went off i would series with vietnam war veterans darting sunday at 7 pm eastern on american history tv. on c-span3. now the house ways and means subcommittee on social security examines the dangers of identity theft for losing one's social security number. witnesses include social security administration acting commissioner, nancy berryhill, mcafee chief technology officer and the counsel for the electronic privacy information center. they talk about recommendations regarding data privacy laws, identity authentication, social security number modernization and identity theft protection for this is just under 90 minutes.

>> good morning and welcome to today's hearing on the future of social security and its number.the social security card and the social security number were created in 1936, believe it or not. the social security administration contractor earnings and correctly determine benefits today's use of social security numbers for everything -- [laughter] you need one. when you get a job, buy a house or open a new credit card, given all of the ways we use it, it is no wonder social security numbers are a valuable target for identity thieves. for years, i have been dedicated to doing all i can to

protect americans from identity theft by protecting the privacy of social security numbers. military ids no longer used social security numbers. and medicare is now sending new cards without numbers, social security numbers, to seniors across the country. last year, congress made all of the federal agencies stop mailing documents that contain social security numbers unless it is absolutely necessary. for a long time, keeping social security numbers secret meant keeping them safe. but after so many high profile data breaches, like equifax, opm and anthem, hundreds of millions of social security numbers were stolen. it is clear they are not a secret anymore. and it is time we stop pretending that they are. make no mistake, it is still

important to limit the unnecessary use of social security numbers. but if we want to keep pace with identity thieves, we need to think beyond just keeping them. as we will hear today, what makes these numbers so valuable to identity thieves is how we use them. using social security numbers both to identify someone and to prove their identity does not make sense. but we have been doing it forever. we need to break the link between identification and authentication. we also hear from social security about what it takes to get a new social security number when it has been stolen and why it is often harder to do than it should be. i recently learned of a case in

arizona. where the mother of a child whose social security number had been stolen, was told she needed to change her daughter's name and last name, first, middle and last name before her daughter could get a new social security number. can you believe that? that is wrong. what's worse, is having to change your name isn't social security policy. it was an extra hoop to jump through, made up by a field office employee. while i am happy the little girl eventually got a new number, without having to change her name, getting a new number should not be so difficult. it should not take a little news story or a call from a congressional office for social security to do right. by those looking for help. identity theft is on the rise.

we must take a hard look at the future of social security numbers.but how it is used and if social security needs to do things differently. we have a responsibility to do all we can to better protect americans from identity theft. i want to thank our witnesses for being here today and i look forward to hearing your testimony, all of you. i will now recognize mr. larson for his opening statement. >> thank you mr. chairman. and let me echo your sentiments and acknowledge that you have been a leader in the u.s. congress both and protecting the integrity of the social security program from fraud and abuse and certainly, in this case, identity theft. which threatens the entire system.

as indicated, mr. chairman, the recent data breach at equifax has left more than 145 million people wondering whether they will have their identity stolen were credit damaged. their ability to get a mortgage, small business loan or even a job, is at the whim of criminals. who have stolen information to wreak havoc on their financial security. it does not matter if you are in texas for connecticut. for whether your six weeks old or 96 years old. cyber criminals don't care. their only interest is in profiting from identity in a way that makes them as much money as possible. unfortunately, equifax is just one in the long list of data breaches where personal information about hard-working men and women has been compromised.

including social security numbers. which is the subject of today's hearing. the problem of identity theft is well known. and it affects our entire economy. we need to come together in a bipartisan way to strengthen protections and i think you for your continued efforts in reaching out along those lines as well. what is clear that government and business need to change their ways. the widespread use of social security numbers as a way to both identify and authenticate individuals poses an ongoing risk of identity theft. this practice assumes that only i have access to my social security number. but given the extensive data breaches, this is no longer a safe assumption. so i believe our witnesses will

all agree. there is a role here for both government and for industry. unfortunately, there are steep headwinds in this fight. the pace of innovation and the technologies used by cyber criminals present a very difficult and foreboding challenge. at the same time, we must be sure the protecting information is available to all americans. finally, we must give america piracy concerns about how data is protected, about individuals, how it is used and who controls it. just as we must come together to protect americans personal identity information. we should also together to protect the future of social security itself. my dear friend and colleague i know she is my concern in this. i think we need to have a

hearing on the future of social security itself. we have proposed bills and legislation. it is time that we expand the most successful program in the nations history. knowing that as you go forward it is important to protect it and it's very hard to secure it from fraud and abuse. but also, to understand that this is an insurance program. that needs to be made actuarially sound. it was last touched in 1983. when ronald reagan was president and tip o'neill was speaker of the house. it is an actuarial problem that can and should be addressed to not only protect the future of americans but also as disparity grows in this great country of ours, the one thing that every single person in this nation can count on is that social security has never made a payment. we have an obligation on this committee and as members of congress to make sure that the

integrity of the program and also the viability goes beyond the 75 year requirements that we are sworn to serve. with that, mr. chairman, i yelled back and lookforward -- back. >> thank you. as customary any member is welcome to submit a statement for the record. before we move on to testimony, i want to remind our witnesses that to please limit your statement to five minutes. all written testimony will be made part of the hearing record. several witnesses today. seated at the table, we have nancy berryhill, acting commissioner of social security administration.elizabeth

curda, director education workforce and income security for government accountability office. samuel lester, consumer privacy counsel, electronic privacy information center. paul -- that is not right. >> it is -- >> thank you for senior fellow. senior vice president, steve grobman and chief technology officer mcafee. jeremy grant, coordinator, or identity coalition. james lewis senior vice president, technology policy program center for strategic and international studies. acting commissioner, please begin your testimony. >> chairman, ranking member and

numbers of the subcommittee. thank you for inviting me to discuss identity theft and the future of the social security number. i am nancy berryhill, social security acting commissioner. the scope of our programs is enormous. we pay monthly benefits over 62 million social security beneficiaries and 89 supplemental security income recipients. given hundred and 34 beta social security beneficiaries and 55,000,000,002 ssi recipients. in addition requested 279 million to workers records last year. the ssn -- we have a nine digit number to allow employees accurately report earnings and determine eligibility for benefits. to date we have issued around 505 million unique numbers to eligible individuals.

although we traded social security number for our programs, for a personal identifier is across government and private sector. for example in 1943 the executive order required federal agencies to use the ssn. advances in computer technology and data processing in the 60s further used than other within federal agencies.for example, in 1961, the civil service commission began using the ssn as identification number for all federal employees. next year the irs began using the number as a taxpayer identification number. beginning in the 1970s, congress enacted legislation requiring the number for a variety of federal programs. over the decades, use of the ssn grid not just the federal government but throughout state and local government, banks, credit bureaus, hospitals and

other parts of the private sector. as use of the ssn has increased, so have opportunities for misuse. we and congress have made changes to try to protect the integrity of the number. including strengthening the security of the ssn card and requiring additional group to issue them. establishing programs and ensure accurate and timely that the ssn just enumeration at birth to assign a ssn senior was and verify the federally funded programs, employment eligibility and other programs. unfortunately, ssn misuse, identity theft continues to increase. we understand the stress and economic hardship victims of identity theft base. we advise victims how to contact the federal trade commission and law enforcement in cases of misuse for investigation. in certain circumstances we assign a new number to a victim

of ssn misuse that has been disadvantaged due to misuse of the number. it is important to know that assigning a new number is often a last resort. because it can cause more problems than it solves. for example, the absence of a credit history under a new number makes it more difficult to obtain credit to purchase a house or a car. nevertheless the recognition of devastating effects that it can have we continued to sign our policies in the area. our goal is to serve the needs of the victims. over the years we have added flexibilities to our policies when needed and recurred front-line employees to coordinate with our experts in our regional offices. will continue to do what we can to mitigate the effects of ssn misuse. but we cannot alone solve the problem of overreliance of the ssn has caused. as long as the ssn remains,

things of value, particularly credit, the ssn the self will have commercial value and will continue to be targeted by fraudsters for misuse. identity theft is a broad public policy issue that must be addressed. i applaud the chairman and the subcommittee for their efforts to protect the ssn. including the mandate of removing it for medicare cards and documents mailed in federal agencies. these bills are an important step. however, adjusting identity theft requires a unified effort that includes the subcommittee and congress, administration, public and private experts throughout the country. our chief information officer sitting behind me, is here with me today. he and i look forward to hearing the ideas raised during today's hearing. thank you and i will be happy to answer questions that you may have. thank you. >> i appreciate your testimony.

welcome elizabeth curda, please proceed. >> chairman johnson, ranking member and members of the subcommittee. thank you for inviting me here to discuss the observations on the extent to which the paper social security card is currently used and what it costs to produce. we have issued about 500 million social security numbers and cards since the social security program began in 1935. originally, the ssn is not intended to serve as a personal identifier outside of the ssa programs predict universality and uniqueness government agencies and private sector entities increasingly used the ssn as a convenient means of identifying people. however, as everyday transactions are increasingly conducted electronically, it raises questions about whether a paper card is still needed or desirable to communicate or verify a persons ssn. today i will first discuss with

their federal requirements to present the social security card, second i will discuss common situations in which other public or private sector stakeholders may ask to see the card to conduct business. finally, i will discuss stakeholder views about the potential implications of eliminating the cards. including potential cost savings. although there many federal requirements, to provide a ssn we found no statutory requirements and only two regulatory requirements to show a part. most requirements were to verify and individuals ssn under certain arm circumstances. such as for uniform service members seeking to change their ssn. to identify requirements of customer uses of the cards outside of the federal government, we spoke to a variety of associations representing human resource managers, finance sector, higher education institutions and state agencies. the fickle business booklet describes a variety of

instances in which individuals may resent a card among other acceptable forms of documentation in order to verify the identity or ssn. for employment, all us employers must identify and document a new hire employment eligibility. although the social security card is most commonly used document for this purpose it is one of several acceptable documents that employees may present to prove their eligible to work in the united states. other acceptable documents into a us passport or permanent residence card among others. a common reason employers may ask to see a card is to verify the accuracy of the employees ssn. because employers can be fined for example. they can also be commonly used to apply for a driver's license under the real id act of 2005. the card is one of several options for documents that an applicant must provide to verify their identity.

the card may also be used as documentation when setting up financial accounts or to resolve ssn discrepancies in processing educational loans. however, providing the card is not required. ssa and the stakeholders interviewed also provided perspectives on the implications of eliminating the card. one advantage of showing the card is to ensure the accuracy of the ssn instead of relying on someone's memory. a disadvantage they cited was concluding that the card alone is not sufficient to ensure the identity of the cardholder. other forms of identification are usually needed. however, most of the stakeholders interviewed indicated that their processes would not change the vacantly of the card were eliminated. they will continue to collect ssn as required but use other documents for verification purposes or electronically verify the ssn with ssa.

ssa officials also provide a perspective that limiting the card may result in limited cost savings, if any. in 2016, ssa said the cost for the corpus of stalls or replacement online would be $34. these estimates include staff time, technology, paper, printing, postage and overhead. if the card were eliminated, only some of the cost would be saved because of the labor and other costs still needed to generate a new ssn. a conservative estimate of the savings based on the printing, paper and mailing cost accounts only for $0.60 of the cost of the card. ssa officials stated that the agency spent about $8 million in fiscal year 2016 on paper, printing and delivery of the cards. however implementing a new system to replace the card could offset the savings.

>> -- potential barriers for people with limited access to technology. this concludes my prepared statement and i would be happy to answer the committees questions. >> thank you. i appreciate your testimony. mr. lester, welcome. please go ahead. >> chairman johnson, ranking member larsen, members of the subcommittee. thank you for the opportunity to testify to. my name is samuel lester, consumer privacy counsel at the -- this is a nonprofit research organization in washington d.c. established in 1994 to focus public attention on emerging privacy and civil liberties issues. i appreciate your interest in this critical topic. i cannot overstate the urgency

that we update our privacy laws. there is no other form of personal information that poses a greater threat to privacy than the social security number. recent equifax breach exposes the social security numbers of over half of the us adult population. the ssn was never meant to be an all-purpose identifier in the private sector. it was first introduced in 1936, it was be used only to the social security taxes. the fact that it is now so pervasive as an identifier and authenticator, a username and a password, it is undoubtedly contributed to the alarming rise in data breaches, identity theft and financial fraud. ssn is the key to the kingdom for identity thieves. a criminal in possession of your ssn can file fraudulent taxes in your name, open new accounts in your name, take out lines of credit and many other forms of fraud.

if you're about to buy a home for instance, you could experience your worst nightmare when a lender pulls your credit and sees that your freckles for is too low to qualify for a loan because has fraudulently run of debt in your name. for someone who has experienced new account fraud, it can take years to recover financially. in 2017, identity theft impacted almost 17 million consumers. more importantly, consumers cannot protect themselves from the misuse of the ssn. others have stressed this would only replace your ssn in the most extreme circumstances. furthermore, the credit reporting industry makes it more difficult for consumers. the credit freeze is burdensome and costly and credit monitoring and fraud alert services do not adequately protect consumers. the ceo of lifelock had his identity stolen 13 times after he displayed his real social security number and a commercial that was supposed to demonstrate how effective the

product was at preventing identity theft. there have been recent efforts to limit the use of the ssn but much more needs to be done. for example in 2017, medicare finally announced they would remove the ssn from card resulting in an effort led by chairman johnson and representative doggett of the committee. alaska now prohibits the use of a ssn by both private companies and the government without explicit legal authorization. this would be a good model for federal legislation and also shows by federal laws should not prevent states from enacting their own safeguards. to limit the devastating financial harm caused by the misuse of the ssn, congress should take the following measures. first, the ssn should be prohibited in the private sector without explicit legal authorization. companies should be prohibited and compelling consumers to disclose their ssn as a condition of sale or service

unless authorized by law. second, congress should promote the development of context specific identifiers for example, if you're going to do banking, you have a bank account number. garrett tenney a driver's license, you have a driver's license number. the advantage of these context specific identifiers is that if one number gets compromised, identity thief does not have access to all of your accounts. finally, congress must not replace the ssn with the national biometric identifier. this would be a very bad idea. this approach proposed theories privacy and security risks. the massive breach of the office of personnel management in 2015, foreign hackers targeted fingerprints for his rest would only be compounded if the us were to move toward a national biometric identifier. thank you for the opportunity to testify today and i would be

happy to answer your questions. >> thank you, sir. i appreciate your testimony as well. mr. -- >> thank you very much. is that the right pronunciation? >> it is --, thank you very much. >> thank you. i too am pleased to be able to speak with you today about the future of the social security number. the social security number has a long history of utility identifiers i do not think that is the problem. use of it as an identifier is no different than my phone number or the use of my name or the problem is that the social security number has mutated so now it is also an authenticator of my entity. authenticators are classically only use both if they involve something that you know exclusively. something that you have something that you are and they have kept confidential.

today, social security numbers are so deeply compromised and so widely available in public albeit often through criminal means, that they can no longer be used as an authenticator. this is because recent instances like the equifax breach that we have already spoken of and the anniversary occurs as we could have effectively exposed the vast majority of previously confidential social security numbers.my own social security number to my knowledge has been breached at least three times in the last four years. so i feel this personally. as a result, in my view, any enterprise that continues to use a social security number as an authenticator, is engaging in borderline pharmacy and security malpractice. yet some do. the other day i was shocked that a poor renewal of membership used the last four of my social security number.

so what do we do? in my judgment congress has three logical options. the first is to, as was suggested, regulator outlaw social security numbers. but that comes with the usual disadvantages of government intervention.unitary gridlock, administrative costs, enforcement mechanisms and safeguards. in short i think a regulatory response will come with a great deal of experience and be a relatively slow result. perhaps even know quicker than the next solution. which is to do nothing. in a lot of ways the market is addressing this problem. the disutility as an authenticity is eventually on the decline. the problem is that before this happens a great number of americans will suffer from data breach and identity theft.

i think the second solution for the best solution in my judgment and one of the joys of being in the think tank is your ability to think creatively about problems. is to eliminate the utility, of the social security as an authenticator be make it impossible for anyone to continue to use it in this way. one civil and quite elegant solution for both as an experiment and also as a possible practical solution is to simply publish a phone book. with every citizens social security number in it. in other words, by publishing a publicly we make it impossible for any enterprise to continue to legitimately use it as an authenticator of identity. to continue to do so after that and after a suitable transition time void in my judgment, be negligence of the sort that ought to involve liability for the enterprise. one final point that i would make. congress needs to look to its

own house. repeatedly in law, we have mandated the collection of social security numbers as identifiers and sometimes continue to use them as authenticators as natalia has already testified to. at a minimum i think it is incumbent upon congress to review government use of the social security number and processes. if only select by cleaning up our own house we can speak to the private sector with authority. i thank you for the opportunity to testify before you and i look forward to the chance to answer questions. thank you, sir. i appreciate your testimony. steve grobman, you are recognized. >> good morning. it is a proud honor to testify today in chairman johnson, is an honor to work in the district. it has the largest us location in plano, texas. it is an honor to testify today. as a senior vice president, i

haven't technical strategy to protect worldwide for both consumers and business architectures. i have worked in the field of cybersecurity for two decades. i'm 24 us and international patents in the fields of security software and computer architecture. this is one of the worlds leading independent security companies providing solutions for both business and consumers. the nine digit social security number first appeared as an identifier in 1936. what has since become the de facto national identifier and federal credential. uses for which it was never intended. simply knowing a social security number has become accepted as a mechanism to impersonate an individual. in the social security number has become the premier target for cyber criminals. social security numbers are sold involved in the black market for as little as one

dollar each. once stolen, social security number cannot easily be reissued or replaced. last year the equifax breach resulting in 145 million us-based usb compromise reminds us that the us has to modernize our national identification standards. there are three elements that need to be discussed when we transition to the next generation personal identifier. entity, authentication and authorization. in our current model, social security numbers play a role in all three. identity is an identifier that can be public. it is like an individual twitter handle. simply knowing the handle does not enable someone to impersonate the account holder. whereas authentication is the process of proving that you are a specific identity and generally relies on one of three types of factors. it is something that you know like a password, something you have like a smart card for something that you are such as

biometric. and authorization is granting a specific capability or benefit to a specific entity. all three parts need to be in scope for a next-generation system. we have all the technology pieces to move towards a high quality, high security system. what's more difficult is understanding the requirements that will be acceptable for both government and the citizens. we need to ask questions such as, is this a solution exclusively for government related services? how can the system be inclusive to all citizens regardless of wealth or access to advanced technologies? does the government biometric database create unacceptable privacy issues? how will we cover when assets

are lost or stolen? what are the cost constraints, funding options and timelines for incrementing and maintaining a solution on the next generation and how long does the underlying typography need to last? this last question is interesting in that we are on the verge of computing treasure of quantum computing. it -- the public algorithm which is the heart of most protection and identity solutions. in next-generation architecture must comprehend the quantum computing world we will likely face in the next few decades. we need to look at what technology options are available. i've been asked whether things such as -- can be useful. i do not recommend appear while a powerful technology friday decentralized trust, watching also brings scalability, complexity and its own security challenges. in the case of our next-generation system, we do have a trusted central authority.

the us government. we need to focus on the problem that we are trying to solve. and the one thing we must do is not used the current system that we have. a few quick recommendations you need and identity management executive order that outlaws the use of social security numbers as authenticators. we need to push federal agencies to act as validator is of identity and mandate all federal e government service require the use of -- we need to move faster in implementing quantum algorithms to protect. it is an honor to testify to the subcommittee. i appreciate your interest in considering my recommendation. i look forward to answering your questions. >> thank you for coming all the way from plano. >> you bet. >> mr. grant, will compare. >> thank you.

chairman, ranking member, members.thank you for the opportunity to discuss this with you today. i am here on behalf of the better identity coalition. focused on bringing together any friends from different sectors to develop a sense of consensus, cross sector policy recommendations that have better solutions for identification and authentication. the coalitions founding members include recognized leaders from diverse sectors of the economy and financial services, healthcare, technology, telecommunications, payments and security. members are united by common recognition in the way we handle identity today in us is broken. by common desire to see the public and private sectors each take steps to make identity work better. this background i work more than 20 years and in 2011 i was elected -- a white house initiative focused on improving security, privacy, choice and innovation. and that while they also let

the identity team. i left government three years ago and now am in the technology practice in town. in that role i serve as a coordinator of the better identity coalition. let me say i am grateful for the committee for calling the hearing today. the ssn is a key component of identity infrastructure and the future the number impacts every american. upfront i would submit that many of our challenges here relate to more than 80 years of contradictions and policy around how the number should be managed and used. among the biggest contradictions, the ssn is simultaneously present to be secret and public. secret because we tell people to go to closing. public because of multiple laws that require individuals to get out to facilitate orthotic interactions. secret because we then tell those entities to ensure if they store it which the law often requires them to do, that it be protected.

in public because it is proven quite hard to do to the point that the majority of americans ssn have been compromised multiple times over the last several years. amidst a wave of data breaches. these contradictions are not the result of anything malicious. on the contrary, they reflect years of trying to balance several important roles played by the ssn and the social security administration.which most important hours of the government recognize these contradictions. and take steps to put policies in place that are more consistent and then put us on a path towards a system that enhances security, privacy and convenience for americans. i believe there are five areas where change is needed. first, about the future of the ssn and whether needs to be replaced, it is essential as chairman johnson noticed and many members of the council noted. understand the difference between the role of an identifier and the number used to sort out which journey grants i am among hundreds in the us. and as an authenticator which is something i can prove i am this jeremy grant. ssn should no longer be used as

authenticators good as a country we stop pretending the number is a secret. or that knowledge of a ssn can be used to prove someone is who they claim to be.second, just because a ssn should no longer be used as authenticators does not mean need to replace them with some sort of new ssa issued identifier. i have yet to see a proposal here that does not involve spending billions of dollars and confusing hundreds of millions of americans with very little security benefit. rather than create a new identifier of focus ought to be on crafting better authentication solutions that are not dependent on the social security number and are resilient against modern attack. there, on the arts indication there is good news. multi-stakeholder efforts like the world wide web consortium had developed standards for next-generation authentication that are not being embedded in most devices get operating systems and browsers and in a way that enhances security privacy and the user experience. the government can play a role in accelerating the pace of this. fourth, even if we assume that the ssn is probably on it does not mean it needs to be used

everywhere. many of the members of the better identity coalition will look to reduce where they are using the ssn futuristic presents relative to other identifiers. however, they running up against laws and regulations that require them to protect and retain the ssn. finally we need to focus not just on the ssn but also the future of the social security administration.the issue here goes beyond the future use of a nine digit number to encompass a broader topic. what role should the government plan future of the identity ecosystem? identity may not be a part of the ssa mission statement, there is no question in 2018 the ssa is in the identity business. time to acknowledge the fact and then take a step back to contemplate what it means. having agencies like ssa accept their role may be the most impactful thing that the government can do to help solve the identity challenges. specifically like allowing consumers to start asking agencies that have the personal information -- the ssa and department of motor vehicles have the most to offer in this.

and this was in the report -- they should develop standards and rules to make sure this done in a secure privacy protected microsecond to get it started. i appreciate the opportunity to testify today. i look forward to answering your questions. >> "b", sir. thank you for being here. please proceed. >> thank you, mr. chairman and ranking member. i think the committee for the opportunity to testify. one of the leading scientists of the 20th century said that an expert is an individual who has made all possible errors in a particular field and i think that qualifies me as an expert in this issue. since i have been involved in programs like this since 1992. none of which have worked. let's give it a try. we have heard that ssn is a

unique individual identifier. it is a trusted source and links to different databases. so you're ssn coming to your bank, tax account, drivers license, it is irreplaceable. ... >> the social security number and this will provide a benefit . our goal should be to provide the same level of service at the security that citizens expect from the private sector, whether citizens enjoy and other developed economies. there are several options for modernizing the ss and. these include authentication

of identity, public encryption, bond chain, some of these have beentried in the past but they face problems of complexity , cost and they raise privacy concerns. simply publishing the ssn as you heard is the least expensive option, but it doesn't fix all theproblems we face . a first step would be to replace the social security card with a smart card, plastic card with an embedded chip like the credit card that most of us carry. millions of commercial transactions are carried out with these cards every day. most people are familiar with them which would ease the burden of both acceptance and transition the smartcard provides a foundation for a secure social security number. when your credit card is :, your financial institution cancels the old one and issues you a new number.

it's still linked to your account, you are still responsible for any legitimate charges but you are not linked to the old number and a similar approach might help us and thinking about how to streamline, modernize and make the social security number more secure. the administration could use a similar approach, it could administer a smartcard approach or contracted out to the private sector, a solution other countries have used. further debate is required and i think we all recognize that. to decide which modernization option is best and equally important, how we will pay for it because there is no free replacement for the ssn.

baud chain technology may offer a solution but it's not ready yet. the best argument for smartcards is we already use them on a massive scale. companies and the citizens are familiar with them. implementation would be difficult. any change for so venerable an institution is going to be difficult but we have the advantage of knowing the technology and processes already work because of our experiences with credit cards. thank you for the opportunity to testify and i look forward to your questions thank you sir, i appreciate that. we will now look to questions as is customary for each round of questions. i will limit my time to five minutes. acting commissioner berryhill, the alarming story about the child in arizona raises many questions about how social security treats identity theft victims. are you taking a close look at how you handle requests for new social security numbers? >> mister chairman, i'm very

aware of the case in arizona and thank you for bringing that to our attention. we have worked hard with our staff to issue verification policies to all of our front-line employees. we've also held national phones with all area directors and we also decided that we would have regional experts available to the front-line employees at the time when the time comes where they have a complex case. in this situation, we would consider that a complex case. having those regional experts and a well-trained enumeration on how to replace cards and issuing new ssn is issued help so all those actions have been accomplished. >> with more than 1200 field offices, what are you doing to make sure your policies are being followed? >> that's why we held national calls with all our managers and area directors and oversight to our managers and we will continue to do checks and balances to make sure those policies are followed. i believe having a regional expert there they can consult

if they have questions is going to be a key change for ssn. >> you know, i was shocked to learn that social security employees voicemails tell callers to record their social security number with their name and phone number to get a return call. how is that a good practice given all the concerns with identity theft and phone scams? >> i understand and am aware of that situation. we do use the social security number to look up our records. if an individual is not trustable, leaving their social security number, they should not do that. oliver, it does expedite the transaction when they call us back. we can certainly in the front line below someone's record and return the call. we can swiftly go through the process and answer any questions but again, it him one is uncomfortable, they should not leave theirsocial

security number . >> okay, well maybe we ought to take another look at that. mister grobman, this panel has talked about ideas today. what do you think? is now the time to take action? >> absolutely. the one thing that we heard universally across this panel is using social security numbers as authenticators is thing that needs to be addressed as the most time critical element of the issue. there are clearly other issues on the fringe of social security numbers as an identifier, but from an magnitude perspective, looking to remove social security knowledge as authenticator is something that we must act on it immediately and invest what ever it takes in order to make about a practical reality. >> we've been trying to do that for 20 years.

you are recognized. >> thank you mister chairman. i wantto thank the panelists . we have an awful lot of hearings, but it's always refreshing when you actually have panelists who give you some solutions as well. acting secretary ms. berryhill, let me commend you for your service. let me knowledge that there is no one who's been working harder to make sure that we have a permanent chair at the secretary of the social security then the chairman himself and we have supported him in those efforts and hope the administration will act soon but i want to thank you for your service. i think there's unanimity on the committee with respect to authentication . how would you go about implementing that and what is the cost of that? >> certainly any ideas, i think there's great ideas on this panel today. we will take all of them and review them and opt them out

so it's certainly not something i can address today. lots of ideas are good and you have to look at the price tag attached to them. we will circle back and take a look at the ideas that the committee will would like us to look at. >> any idea on that price, mr. grobman? >> one thing we need to realize when we look at the price is the price of not taking action. if you look at the cost related to fraud or misuse of social security numbers as authenticators, my opinion is that is a staggering figure that needs to be comprehended when looked at the cost of implementing a new plan. >> mister lester, you have a number of solutions but one of the things you emphasized is that we make sure we steer clear of any biometric solutions. could you explain why? >> when congress passed the

privacy act in 1974 they were explicitly responding to and rejecting calls for a national identification system. there national identification systems that rely on biometrics in other countries that raise really great civil liberties and privacy concerns. in india, the new biometric system was recently breached, compromising the biometric data on its 1.2 billion citizens. i think that any problems with a biometric system are demonstrated by the recent breach of the opm.>> when the panelists agree that a reasonable concern? >> i think it very much depends on the problem you are trying to solve. in india, part of what they were trying to solve was there was no starting point and they needed to ensure that an individual only registered a single time for benefits so by using biometrics, prevented an individual from registering

in one town and then walking down the road to another town and registering again in that case, biometrics was a practical technology in order to solve that specific problem. i don't believe we have that problem at scale in the us, and therefore i think the points are well taken that we should look for other, less private and intrusive mechanisms as the first and as mister lewis mentioned, things such as market cards can be a much more rapid practical option that could be distributed without requiring every citizen to have biometrics. >> is there a consensus among the panel with respect to smartcard? >> mister rosen? >> i think it's a good interim solution. but to be honest, the smartcard security system is not itself terribly robust.

we've all experienced credit card fraud as well as a result of a lot of that. on the issue of biometrics, i think it really is the difference between a centralized database and a distributed database. biometrics as a local identifier is actually something that the president obama's white house reported as a substitute for pathways because they are more readily usable by most citizens in the password system so i wouldn't. >> you also objected to one of mister lester's solutions. could you explain why? and hopefully mister lester will get a chance. >> i don't so much object. regulation is clearly one of the normal tools in our toolkit here in washington. alongside taxation. >> is it regulation or the efficiency of the ability to regulate? >> we all live in washington. i'm not a fan of our efficiency in the regulatory

system . to be brief about it, we've already acknowledged that it would have to -- >> indeed. >> no disrespect to anyone from the south. >> it would cost us quite a bit and take far too long. >> 's time has expired. mister kelly, you are recognized. >> back you for being here. mister rosensweig, i have a coach in high school that had the same name. maybe the rest of the panel can do that. first of all, thank you for being here but miss berryhill, when we look at the size of the scope of the program and the number of beneficiaries, is there anybody in the private sector that even comes close to facing these type of problems as far as making sure we are sendingthe right money for the right people and the fact that there's so much fraud in the system already. is there any approach people are looking at that would make sense ? >> first of all, i need to

protect our records and our focus for the social security number has been selecting wage information and paying benefits. we had a robust anti-fraud office that we put in place, we review claims and time. i was playing but as far as the private sector, we have to make sure that government our beneficiaries, our recipients are protected.>> seems to me the very nature of the way we do things, we have a safe that we put things into that we cannot lock. there's somebody find a way to get into the state all the time and yet we keep thinking this is just the way we do things today. we're going to have to going down that path. i'm really fascinated mister berlin, you said something i haven't been down there. is there any information at the cost of not finding a remedy to this?

i think those numbers would be so staggering that most of us would not even want to discuss it. is there any idea of what the cost of not fixing this is doing because it seems to me there's an old saying, you keep doing the same thing over and over again and expecting a different result, i don't see how we fix this way we are going right now so that cost of not fixing it, any ideas? >> i don't have any quantitative number. >> . >> nobody does. >>. >> there's one estimate from the economist and it was $16 billion a year. >> steam billion. >> billion with a b. 16 and with abe, billion. mister grant. >> some companies have recognized problems with the social security number and it's shifted their business models in response. can you share some examples in the private sector how people are addressing this? >> one of the founding members of our coalition who their chief security officer,

jim ross and the team they're letting effort and launched in 2014. focused on reducing the instances of the social security number within their system. talking about cost, this is a six-year, roughly $60 million investment the company is voluntarily undertaking because they think they can reduce the risk profile by reducing the instances of the ssn across their enterprise and today they do about 10 billion instances, not that they have 10 billion beneficiaries but it shows you that probablyhad my ssn and a dozen different systems . companies are willing to do this today and you're starting to see particularly urgent 500 companies were holding onto ssn are looking at it as a liability but the cost is significant. it can happen overnight. there also hindered in that as a health insurer they are required by the government to leverage the ssn for all of their government business as well as any beneficiary they have to report to for health insurance so highlighted this

a little in my opening testimony but a lot of government requirements out there that state that private industry has to collect the ssn as long as we have those out there, it's going to be hard to eliminate it entirely. >>. >> as we keep going forward, we all look at this program and we refer to it as an entitlement, some people say that a negative term. entitled means you are entitled to this benefit because you paid into it your whole life. i think there's a total agreement. on this committee and throughout the whole congress that we have to protect this programbecause it's so vital. i appreciate you all being here today . could you continue weighing in and give us other examples and other solutions to what it is weare trying to fix . the system is so massive right now it's one of those that it's too big for us to work with but it's going to get bigger and bigger, more expensive if we don't do it.

>> absolutely and i think following up on that comment, one of the things we need to look at is the opportunity cost of continuing to try to protect social security numbers from becoming public when we know they are already public in so many cases. so although there are a number of interesting efforts put forward in the past few years, to reduce the disclosure of social security numbers, what i would add is what the repurpose all of those efforts into building a modern authentication system so that we just simply use social security number as an identity, not an authenticator. >> gentlemen's time has expired.>> thank you mister chairman and a great battle. i want to start by mister lester, would you respond to persons question that you didn't get a chance to respond to before? >> sure, so i think you are

talking about -- >> 30 seconds. >> you are talking about the cost of regulation, mister rosensweig talk about the cost of regulating this and i should mention the cost that is .7 billion to be precise. that's the amount that was stolen. the result of identity theft in 2017. the cost of not regulating is in the billions. and furthermore, what we're talking about is restoring the social security number to its original purpose, to be used only by the social security administration. that's what it was intended for. congress has many times look at this when they passed the privacy in 1974. that's originally what it was intended to do. >> thank you. >> last month, mister grant, the ways and means committee markup bill to protect children and consumers from identity . hr 6192. by helping reduce the prevalence of identity fraud,

the bill would do this by facilitating the validation of identifying information provided by lenders and upon the consent of the customer, or consumer rather, i'm sorry, through a database maintained by the social security administration. the bill is considered an important step that congress took to help prevent identity . i wanted to get your view very quickly about what the extent this system will solve the problem or not. what's your thoughts? >> i talked about this a bit in my written testimony but didn't get to it in my statement. the idea goes to a key point that i flag in my opening statement which is when we shift the model a little bit when it comes to identity verification services so

government agencies like the ssa that are the authoritative thrust when it comes to my data. they got trueness in terms of what my data is. why can't access them when i'm opening an account to let my check and see if there really is a jeremy grant with my number in their system? this bill, it's also in the senate reform package for backing that's currently in front of the house will be a good first step. the two things i do that. it's only limited to account openings covered under the fair reporting act and as a consumer, i can't imagine why i wouldn't want to ask ssa to validate that for everybody and the other question is, is if we're worried about synthetic identity fraud, is looking care of new accounts going forward but there's probably thousands if not millions of synthetic accounts out there today so one question has been financial institutions have an opportunity to have a one time windowwhere they can retroactively existing accounts up there and sure things match ?

>> i appreciate that. there's widespread data breaches at the office of the personal management. home depot, j.p. morgan. target, u.s. postal service. and of course, equifax and they focus our attention on how we need to authenticate identity. from a consumer protection standpoint this is outrageous. hackers assess access personally identifiable information. for millions of customer accounts. and the wrong hands, access to social security numbers, birth data, drivers license numbers could turn someone's life upside down. we must do everything possible to establish privacy safeguards in social security.

protecting individuals personal information to ensure their identities are protected must be one of our top priorities. should the burden beyond the government to create a unique identifier to verify individuals or should it be on the private corporations to establish unique identifiers with their clients? >> so i think that's where the importance of context, specific identifiers comes into play. so if you are transacting with the company, you have a unique identifier for the company. that way the identity steeled identifier, he does not have access to all your accounts and they cannot open new accounts in your name and destroy your financial life. >> punishment, if i could add

in many times we had to come up with the national identifier we learned there's only one source. and that's the government. and that's why ssa is the default identifier. so we don't trust other sources. >> mister chairman, thank you but i must at this point to you. >> are we really serious about doing this? are we really serious about changing the culture? which is a different thing. and why haven't we done more? we need to ask ourselves that question . >> thank you for your questions. >> this is an incredibly complicated problem but it's not, this is not new. >> identity theft has existed since people had identities. >> i think back to law school and commercial paper. there was an order to allow the free flow of commerce, we had laws to protect consumers

with commercial papers so if i had a duty to enter signatures. somebody forced your check, that will your problem, that was the banks problem. that applies here too, doesn't it? money negligently releases your personal information, don't they have liability for that?mister lester? >>. >> absolutely. the burden is on the companies that collect the information. important distress that equifax chose to collect the information on consumers, consumers not provide that information and when it was breached, they're the ones that the cost to the consumer by charging them for credit freezes and fraud monitoring. and i think also it's important to stress that there needs to be. >> it with facts have liability for that? >> absolutely which is why i

need to stress their isn't any private right of action for consumers to get redress. >> so you are advocating for specific identifiers for everything. >> and i think i heard this mister grant say he didn't have a problem with social security as a national identifier. you said the same thing mister robin and you did to misterrosensweig and i agree with you. everybody's got an identifier. if their name at the very least . but thename is not unique . there's a lot of, i out there so we need some type of a national identifier. i would think to make commerce work and i don't know why social security could be that the and i find it here. because it's not prominent anymore. >> using my social security number as an authenticator is

as stupid as using the last four letters of my last name as my authenticator. it or the last four digits of my phone number which is another mobile phone numbers, now that they are mobile, everybody has one and it's probably the one you're going to be for the rest of your life, even if you the washington. >> personally, just as a matter of common sense, i think completely the idea that you would completely identify, eliminate any sort of unique identifier is just not practical. we got to have some type of unique identifier and i don't know why it could be your social security number. >> i would think that the way to attack this problem because i care what we do. i don't care if we come up with the most beautiful and complex system that would do

away with any packing today, tomorrow, the actors are going to figure out something different. this is not new, expendable been going on since the beginning of time it is going to keep going on. i would think the way to this is the way they did with commercial paper and we should put liability on people to negligently release your information. mister rosensweig? >> there's been one proposal by a colleague of mine to make people strictly liable for that. for myself, i would probably prefer a negligence standard over strict liability that i think what you are onto is the right economic answer which is putting the obligations on the least cost of later. one of the reasons i like my proposal of publication is it makes it impossible for anyone to maintain the idea of security for the social security number as an authenticator. probably would be another opportunity. >> what you think about that? >> cybercrime is a market-driven enterprise. cyber criminals are looking

to steal things of value and the reason that cyber criminals are looking to steal social security numbers is in today's world, they have value because they can be used as an authenticator. one of the most practical ways to stop but that is due to the value what they're going after. and that is in general a much more practical mechanism at scale than trying to have the world -- >> i've got to stop you because i only have 10 seconds. if you would respond to this by raising your hand. do any of you, who of you have a problem with using social security numbers as an identifier not an authenticator? >> 18. thank you. >> time has expired, ms. sanchez, you are recognized. >> thank you mister chairman and thank you to all our witnesses. social security numbers were originally created as a way to track earnings and were

never meant to be used as an identifier in the public after. the social security number has morphed into a tool used to authenticate individuals in a number of situations, expanding the universe of people and companies who have access to this incredibly valuable information. the ubiquity and widespread uses of the security numbers and let consumers vulnerable to identity theft hopeless to stop it. we all know social security numbers are incredibly valuable or identity to be used for open new accounts and credit cards, or even take out mortgages, often leading to financial ruin for unsuspecting and innocent consumers. and as technology continues to advance at alarming rates, are unique so security numbers are increasingly vulnerable to cyber theft and fraudulent use. recent data breaches demonstrate the urgent need to secure this information and just how valuable social security numbers and other personal data are. equifax comprise over 145

million americans being compromised, around 145 million americans personal data including their social security numbers, that's all at the us population are now risk for identity theft or financial fraud. these social security numbers have become the default identifier because they are truly unique, standardized and can be verified but as more andmore of our personal information is available on the dark when , we need to start thinking about the best way to identify and verify individuals. >> i like to begin by asking you, american consumers don't have a full picture of what information is being collected about them. >> ..

identifier. i constantly get back to you. >> i would appreciate that. it would be interested to know how that might be constructive. there are many other specific identifiers we might need like the university identifier like georgetown and school where they give you a nine digit identification number in lieu of using your social security

number. >> thank you. >> thank you, mr. chairman. i appreciate it. thank you all for being here. i do have a question for you, i just wanted a shot at saying your name. i hope i got it right. perfect. thank you. my question is, listening to mr. johnson's story earlier, we are giving you a number and taking away your name. that's a concern, obviously. i want to ask you about getting a new social security number. when you lose your credit card or it it gets stolen, that bank wants to get you a new one right away. one because they want to use it again, and two, they want to make sure that no more money comes out of their account. it personally affects them as well. i don't see the same for the social security administration and the environment. if you think about it, when somebody's social security

number is taken, the fraud is either at the bank or through the irs, the taxpayer, maybe of somebody's getting your social security check it may affect you, i don't know. i'm kind of asking about that. why do we make it so difficult to get a new number when that really is the problem. i don't know that there's a same amount of concern on the social security administration like there is at the bank when your credit card gets taken. i know someone mentioned might be $34 to get a new card, that maybe a lot on your end but it's pretty small on the other end where the fraud is taking place. why is it so difficult to get a new number. >> usually at the last resort to issue a social security new card, new number because it doesn't always solve the problem. many times banks and other companies will cross reference the old number to the new number. you haven't really solve the problem in many situations. we do look at misuse, our people disadvantage, are they

not getting a loan for the house or tax returns and so forth, but again, i hope our recent change in looking at our instructions to her frontline will help them. our number is really designed to collect wage information and pay benefits. as you can see, many of the examples are really about credit card fraud, banking fraud, not about our program. >> bulimic affect my question, there is no harm monetarily or otherwise to the social security ministration budget. it's usually affecting someone else. so you don't have the vested interest that the bank does in this situation and the cross-referencing, that doesn't need to happen. they get rid of the old number. you don't need to keep that data. so i don't find that as a very good answer as to that being a problem. i really think you need to take a look at what can be done to get somebody a new number because that's exactly what a business is going to

do. if if you're identifier is stolen, they have a motive to get you a new one, to protect themselves, but i don't find your risk when someone social security number is taken away in any way. there's not this desire to solve this problem, but $34, if that's what it actually takes to give somebody a new card and a new number that's minor compared to the hundreds of dollars that are going out on the other end. i just want to clarify that. there's really no detriment to the social security administration, is that right. >> i don't know if i would agree with that. certainly if we opened up the floodgates and said everybody who wants a new number come get one. >> no, you have to have reason come you can't just said only the number, let's be realistic. were talking about people who have been victimized, not just anyone who wants a new number. >> and again, we believe we

want to do due diligence. we want to know what's happened with the number and make sure it's appropriate to assign them in a number. >> i get that but why is it so hard? why is and what he told they have to change their name. >> that was not an appropriate answer. >> thank you print i think we need to look into that further. i yield back. >> thank you. >> chairman, i apologize. >> actually had a couple, have you ever started to write down a couple questions and where some of us have brutal disagreements on the utilization of known networks but it's also a threat to certain companies.

i want to take one gigantic step backwards. i've missed a number of questions. i came to all of you, either as policy, technology experts and said how do we design a single porthole in our society whether the combination a multi- biometric so you can go on there and find the last ten years of your irs returns or your social security dividends. where all these things that we as government, all of us as government hold on you. it creates a single porthole so you can see them but in a way that will be safe, robust, elegant, and we've actually been sketching out a concept of a diametric to a token

back. if i was to run down the line, what it actually not only solve our issue here on the misuse of social security numbers but also some of the other policy decisions we as congress and the bureaucracy have made starting to blinds documents for medicare population and those things, and now having to get unique identifiers and the reissuing of such things in the confusion and cascade of chaos i expect come from that, and run down, let's start, if i came to you and said i don't want a simple incremental solution, i want to disruption of a unified portal, can it be done? >> so my first concern was, if that unified portal was breached and does that mean all of my information is then out there. >> it wouldn't if we design permissions. will probably get to that but there is a way, let's right now theoretically say we were

able to produce levels of security. >> i would certainly be willing to work with you on any ideas you have but again my concern is that if one portal, everything was breached we would be in a worse situation today. >> it sounds like a nice aspirational idea, the federal government in terms of designing such complex system does not have a great track record and it's extremely difficult to do. >> we were thinking we would go to mcafee. >> moving toward centralized database is exactly the wrong approach. i would use the example of container ship rather compartmentalized so if there's a rocky wave all the oil is not a one container to capsize the ship. it's the same with identity. >> so why do countries like estonia and others have incredible success because you create levels of permission

that require that it's a unified portal but different levels of permission and security. >> is that for me? >> i don't know about the case of estonia. i understand it's a much smaller. >> what's your coding background? >> i'm sorry? >> your coding background, i don't have a coding background. >> okay great. i was trying to go more technical. and not being mean. i would say that estonia is a good case study. my concerns would mostly be about scalability issues. i think the system is at least feasible within the context of design. i do share some people's concerns that u.s. government, large scale procurement programs like this never seem to actually get there so even if we could idealize it, the government sector might not quite get it. >> and let's be brutally honest, there will be a nice fight because you're interrupting a lot of bureaucracy layers of power and authority.

>> it could absolutely be done. i think if you look at the large-scale systems that exist today for authentication, whether it's financial services, whether it's some of the models, there are numerous capabilities. the private sector has built a set of protocols that enable one entity to do authentication and allow that medication to be honored by others on things, really the discussion needs to be about getting the right balance between privacy and security. >> you hit one thing i fixate on and when you hit want him you have to have a token because i think, because an algorithmic is under threat. >> one of the key points i made in my written testimony is although we haven't settled on exactly what quantitative algorithms to use, in the design of a new system we can design is such that we have the ability to swap algorithms

out. >> you don't think a token would be more robust. >> i think that it is part of the solution, but i think that the underlying cryptography that needs to be used in the solution does need to eventually. >> i need to learn more. if you have something. >> the germans time has expired. >> i will talk after. thank you for tolerating me. i need to disclose that i've had a lot of caffeine. >> thank you, to keep pace with the identity thieves, we need to start thinking beyond just protecting social security numbers and start thinking about how to make the numbers less valuable. it's time to take a hard look at the future of social security numbers and decide what needs to change to better protect americans from identity theft. this hearing has given us a good starting point. i look forward to working with my colleagues to figure out

the next steps forward. americans are counting on us to get this right. they need and deserve nothing else. thank you to all our witnesses for your testimony today and i think you to our members for being here. with that i recognize -- >> i want to thank the chairman. this is indeed one of the more interesting panels we have, and as you can tell a number of our members still have a lot of questions. what we would like to ask of you is if you could submit to us, in writing, because it was very valuable to get your input. the chairman has already indicated we as a committee will meet internally to digest what you said the writer in terms of your solution and also the urgency that you all attach with this especially as the chairman has already outlined under identification

and how we might proceed because this was a very fertile and productive meeting. i think the chairman and i appreciate the opportunity to respond. >> thank you. thank you all for being here. we appreciate your presence. with that, the subcommittee stands up adjourned. >> that was good boss. [inaudible conversations] earlier today we brought you live coverage of the house oversight and government reform committee hearing on the 2020 census. members heard from the acting assistant attorney general for civil rights. if you missed any of this event we will have it for you in its entirety tonight starting at eastern here on c-span2. earlier this week, the center for american progress hosted their annual ideas conference in washington d.c. the event featured

presentations and discussions by progressive legislators, journalists and organizers. you can see it tonight at eastern on c-span three. also online at cspan.org or listen with the free c-span radio lab. this weekend c-span city tour takes you too selma alabama with the help of our spectrum cable partners who will cross the iconic bridge arriving in a town known for its role in the civil war and the civil rights movement. at 5:00 p.m. eastern on booktv, we will visit the home of doctor martin luther king jr. as he planned the selma to montgomery march. it's featured in the book the house by the side of the road. >> there is a photographer here who works for life magazine who was embedded in the house. he wanted to capture doctor king's emotion as he watched on television president johnson committing to signing the voting rights act.

this is the chair that doctor king was sitting in that night, watching the television. president johnson addressed the nation. >> we will meet the first african-american fire chief in the city, chief henry allen talking about his book marching through the flame. on sunday at 1:30 p.m. eastern on american history tv, we will look at the voting rights movement that started in the 1930s and visit several locations around the town that were integral to the movement. then a visit to the admin bridge looking at the role of the bridge played in selma before and after the battle for civil rights. >> for anyone who has tracked over this bridge they see this name and what is evil is a sense of the past and the present coming together to have a modern bridge with a key voice for white. [inaudible] >> saturday at 5:00 p.m. eastern on c-span2 book tv. sunday at 1:30 p.m. on aman