district courts in kentucky, texas, and alabama. and the house of representatives is back on tuesday to work on federal spending legislation for 2019, funding the energy department, and the veteran's affairs department as well as legislative operations. the house ways and means subcommittee on social security recently had a hearing on identity theft using social security numbers. the acting head of the social security administration had witnesses from an anti-virus software company and a privacy group testified at the hearing. good morning. and welcome to today's hearing on the future of social security. the social security card and social security number were

created in 1936, believe it or not. so the social security administration can track earnings and correctly determine benefits. today's use of social security numbers for everything. you need one. so when you gate job, buy a house, or open a new credit card. given all the ways we use it, it's no wonder social security numbers are a valuable target for identity thieves. for years, i've been dedicated to doing all i can to protect americans from identity theft by protecting the privacy of social security numbers. military ids no longer use social security and medicare is sending new cards without numbers -- social security numbers to seniors across the

country. for a long tim keeping social security numbers secret meant keg them safe. after data breaches like anthem where hundreds of millions of social security numbers were stolen. it's clear they aren't a secret anymore. and it's time we stop pretending that they are. make no mistake, it's still important to limit the unnecessary use of social security numbers, but if we want to keep pace with identity thieves, we need to think beyond just keeping them. as we will hear today what makes these numbers so valuable to

identity thieves is how we use them. using social security numbers. we will hear from social security about what it takes to get a new social security number when it's been stolen and why it's often harder to do than it should be. i recently learned of a case in arizona where the mother of a child's social security number had been stolen was told she needed to change her daughter's name. first, middle, and last name before her daughter could get a

new social security number. can you believe that? that's wrong. what's worst is that having to change your name isn't social security's policy. it was an extra hoop to jump through made up by a field office employee. i'm happy the little girl eventually got a new number without having to change her name, getting a new number shouldn't be so difficult. it shouldn't take a local news story or a call from a congressional office for social security to do right by those looking for help. identity theft is on the rise and we must take a hard look at the future of social security numbers both how its used and if social security needs to do things differently we have a responsibility to do all we can

to better protect americans from identity theft. i want to thank our witnesses for being here today. i look forward to hearing your testimony. all of you. i'll now recognize mr. larson for his opening statements. >> thank you, mr. chairman. let me echo your sentiments and, also, acknowledge that you have been a leader in the united states congress both in protecting the integrity of the social security program from fraud and abuse, and certainly in this case of identity theft. which threatens the entire system. as you indicated, mr. chairman, the recent data breach at equifax left more than 145 million people wondering whether they'll have their identity stolen or credit damaged. their ability to get a mortgage,

small business loan, or even a job is at the whim of criminals who have stolen information to wreak havoc on their financial security. it doesn't matter if you're in plano, texas or whether you're six weeks old or 96 years old. cyber criminals don't care. their only interest is in profiting from your identity in a way that makes them as much money as possible. unfortunately, equifax is one of the many where information has been surprised including social security numbers, which is the s subject of today's hearing. the problem with identity theft is well known and it affects our entire economy. we need to come together in a bipartisan way to strengthen privacy protections and safe

guard financial security. i thank you, mr. chairman, for your continued efforts of reaching out along those lines, as well. it's clear that all use of social security numbers, government and business, need to change their ways. the wide spread use of social security numbers as a way to identify and authenticate individuals poses an ongoing risk of identity theft. this practice assumes that only i have access to my social security number. but given the extensive data breaches, this is no longer a safe assumption. i believe our witnesses will all agree. there's a role he for both government and for industry. fortunely, there are steep head winds in this fight. the pace of innovation in the technologies used by cyber criminals present a very

difficult and foreboding challenge. at the same time, we must be sure that the solutions to better protect personal information are assessable to all americans, even those of us who are less adept at the new technologies. finally, we must keep america privacy concerns in mind about how they collected about individuals, how it's used, and who controls it. just as we must come together and protect americans' personal identity information, we should also come together to protect the future of social security itself. i know my dear friend and colleague shares my concern in this. i think we need to have a hearing on the future of social security itself. we have proposed bills and legislation. it is time that we expand the most successful program in the nation's history knowing that as we go forward, it's important to protect and it's very hard to

secure it from fraud and abuse. but, also, to understand that this is an insurance program that needs to be made actuarially sound. it was last touched in 1983. when ronald reagan was president and tip o'neill was speaker of the house. it's an actuarial problem that can and should be addressed to protect the future of americans but also as disparity grows in this great country of ours, one thing that every single person in this nation can count on is that social security has never made a payment. we have an obligation on this committee and as members of congress to make sure that the integrity of the program and, also, the viability goes beyond the 75 year requirement that we are sworn to serve. with that, mr. chairman, i yield back and look forward to the questions and to what we're

going to look forward to asking questions and hearing from our distinguished panel. >> thank you for your comments. as custom mare, any member is welcome to submit a statement for the record. before we move on to testimony, i want to remind our witnesses to please limit your oral statements to five minutes. however, without objection, all of the written testimony will be made a part of the hearing record. we have seven witnesses today. seated at the table are nancy berryhill. elizabeth curda, paul

rosenzweig. senior fellow institute. steve grobman senior vice president and chief technology officer at mcafee. james lewis senior vice president and director center for strategic and international studies. acting commissioner berryhill, please begin your testimony. >> chairman johnson, ranking member larson, and members of the subcommittee. thank you for inviting to discuss identity theft and the future of the social security number. i'm nancy berryhill social security's acting commissioner. the scope of our programs is enormous. we pay monthly benefits to over 62 million social security

beneficiaries and 8 million supplemental security recipients. during 2017, we paid about $934 billion in addition, we posted $249 million earning items to workers records last year. the ssn underpins the programs we administer. we designated this nine-digit number in 1936 to allow employers to employers employers to accurately report earnings. today we issue around 505 million unique numbers to individuals. we recreated the social security number for our programs has become a personal identifier used across government and the private sector. for example, in 1943, the executive order required federal agencies to use the ssn.

advances in computer technology and data processing in 1960 further increased the use of the number within federal agencies. for example, in 1961, the federal civil service commission began using the ssn as an identification number for the federal employees. and next year, the irs began using the number as a taxpayer identification number. beginning in the '70s congress enacted legislation requiring the number for a variety of federal programs. over the decades, use of the ssn grew not just in federal government but throughout the state and local government, banks, credit bureaux, hospitals, and other parts of the private sector. as use of the ssn increased, so have the opportunities for misuse. we and congress have made changes to try to protect the integrity of the number. including strengthening the security of the ssn card and

requiring additional proofs to issue it. establishing programs that ensure accurate and timely of the ssn such as enumeration at birth assigning ssn to newborns and verifying social security numbers for employment eligibility and other programs. unfortunately, social security number misuse identity theft continues to increase. we understand that the distress of economic hardship victims face. in certain circumstances, we assign a new number to the victim of social security number misuse disadvantaged due to misuse of the number. it's important to know that assigning a new number is often a last resort because it can cause more problems than it solves. for example, the absence of a credit history under a new

number makes it more difficult to obtain credit to buy a house or car. nevertheless, recognition of devastating affects identity theft can have we continue to refine our policies in this area. our goal is to serve the needs of the victims. over the years, we've added flexibilities to our policies where needed and we encourage front line employees to coordinate with experts at our regional offices. we will continue to do what we can to mitigate the effects of ssn misuse. but we cannot alone solve the problem of over reliance of the ssn. as long as the ssn remains key to assessing things of value, particularly credit, the ssn itself will have commercial value and will continue to be targeted by fraudsters for misuse. identity theft is a rode public policy issue that must be addressed. i applaud the chairman and the subcommittee for their efforts to protect the ssn, including

mandating the removal of the ssn from the medicare cards and documents mailed by federal agencies. these bills are an important step. however, addressing identity theft requires a unified effort that includes this subcommittee in congress, the administration, public, and private experts throughout the country. our chief information officer is here with me today. he and i look forward to hearing the ideas raised during today's hearing. thank you. i'll be happy to answer any questions you may have. thank you. >> i appreciate your testimony. >> chairman johnson, ranking member larson, and members of the subcommittee. thank you for inviting me here to discuss observations on extent to which the paper social security card is currently used and what it costs to produce.

ssi is issued about 500 million social security numbers and cards since the social security program began in 1935. originally, the ssn was not intended to serve as a personal identifier outside of ssa's programs. but due to its uniqueness, government agencies and private sector entities increasingly used the ssn as a convenient means of identifying people. however, as every day transactions are increasingly conducted electronically, it races questions whether a paper card is still needed or desirable to communicate or verify a person's ssn. today i'll discuss whether there any federal requirements to present a social security card. second,l'l discuss common situation which other public or private sector stakeholders may ask to see the card to conduct business. finally discuss stakeholder views about the potential implications of eliminating the

cards including potential cost savings. there are many federal requirements to provide an ssn, we found no statutory requirements in only two regulatory requirements to show a card. both requirements were to verify an individual's ssn under certain narrow circumstances such as uniformed service-members seeking to change their ssn. to identify requirements or customary uses, we spoke to a variety of sources representing the human resource managers, finance sectors, state agencies. the stakeholders we spoke with described a variety of instances in which individuals may present a card among other acceptable forms of documentation in order to verify their identity or their ssn. for employment, all u.s. employers must verify a document newly hired employee's employment eligibility. all though this social security card is the most commonly used

document, the card is one of several documents employees may use to prove they're eligible to work in the united states. other acceptable items are a u.s. passport or permanent residence card. a common reason employers may ask to see a card is to verify the accuracy of the employee's ssn because employers can be fined for submitting inaccurate w-2 forms, for example. the card is also commonly used to apply for a driver's license under the real id act of 2005. the card is one of several options for documents that an applicant must provide to verify their identity. the card may also be used as documentation when setting up financial accounts or to resolve ssn discrepancies when processing educational loans. however, providing the card is not required. ssa and the stakeholders we interviewed also provided their

perspectives on the implications of eliminating the card. one advantage of showing the card is to ensure the accuracy of the ssn instead of relying on someone's memory. a disadvantage stakeholder cite included that the card alone is not sufficient to ensure the identity of the card holder. so other forms of identification are usually needed. however, most of the stakeholders we interviewed capabilitied that their processes would not change significantly if the card were eliminated. they would continue to collect ssn as required but would use other documents for identification or verification purposes or electronically verify the ssn with ssa. ssa officials also provided their perspective that i eliminating the card may result in limited cost savings, if any. in 2016, ssa estimated that the cost to produce the card ranged from $6 for a replacement card requested online to $34 for a

card requested in person at a field office. these estimates include staff time, technology, paper, printing, postage, and overhead. if the card were eliminated, only some of these costs would be saved because of the labor and other costs still need to generate new ssns. a conservative estimate of the savings based on the printing, paper, and mailing costs accounts for only 60 cents of the cost of the card. ssa officials stated that the agency spent about $8 million in fiscal year 2016 on paper, printi printing, and delivery of the cards. implementing a new system to replace the card could offset the savings. other implications of a cardless electronic system stakeholder cited including security and control over personal information, and potential barriers for people with limited access to technology. i would be happy to answer the committee's questions.

>> thank you. i appreciate your testimony. mr. lester, welcome. please go ahead. >> chairman johnson, rank member larson. thank you for the opportunity to testify today. my name is sam lester. i'm the consumer privacy counsel of the electronic privacy information center. independent nonprofit research organization here in washington, d.c., established in 1994 to focus public attention on emerging privacy and civil liberties issues. i appreciate yr interest in this critical topic. i cannot overstate the urgency that we update our privacy laws. there is no other form of personal information that poses a greater threat to privacy than the social security number. the recent breach exposed the social security numbers of over half of the u.s. adult

population. the ssn was never meant to be an all purpose identifier in the private sector. when it was first introduced in 1936, it was to be used only for the administration of social security taxes. the fact that it is now so pervasive is both an identifier and authenticator, a user name, and a password is undoubtedly contributed to the alarming rise in data breaches, identity theft, and financial fraud. ssns are the keys to the kingdom for identity thieves. a criminal in possession of your ssn can file fraudulent taxes in your name, open new accounts in your name, take out lines of credit, and many other forms of fraud. if you're about to buy a home, for instance, you could experience your worse nightmare when a lender pulls your credit and sees that your fico score is too low to qualify for a loan because someone fraudulently run up debt in your name. for someone who is experienced new account fraud, it can take years to recover financially.

2017 identity theft impacted almost 17 million consumers. more importantly, consumers cannot protect themselves from the misuse of the ssn. as others have stressed, social security administration will only replace your ssn in the most extreme circumstances, and further more, the credit reporting industry makes it even more difficult for consumers. credit freeze is burdensome and costly and credit monitoring and fraud alert services do not adequately protect consumers. the ceo of life lock had his identify stolen 13 times after he displayed his real social security number in a commercial that was supposed to demonstrate how effective his product was at preventing identity theft. there have been recent efforts to limb -- limit the use of the ssn but more needs to be done. in 2017 medicare announced it will remove ssns from cards as a result of an effort lead by

chairman johnson of this committee. also, a number of states have taken steps in the right direction. alaska prohibits the use of ssns when private companies and the government without explicit legal authorization. this would be a good model for federal legislation and, also, shows why federal laws should not prevent states from inacting their own safe guards. to limit the devastating financial harm caused by the misuse of the ssn, congress should take the following measures. first the ssn should be prohibited in the private sector without explicit legal authorization and companies should be prohibited from compelling consumers to disclose their ssn as a condition of sale or service unless authorized by law. second, congress should promote the development of context as specific identifiers. for example, if you're going to do banking, you have a bank account number. if you're obtaining a driver's license, you have a driver's

license number. the advantage of these identifiers is that if number one gets comprised, an identity thief doesn't have access to all your accounts. congress must not replace the ssn with a national identifier. this would be a bad idea. the approach poses serious privacy and security risks. and the massive breach of the office of personnel management in 2015 hackers targeted digitized fingerprints stored in federal data bases. these risks would be compounded if the u.s. were to move toward a national bio metric identifier. thank you for the opportunity to testify today. i'll be happy to answer your questions. >> thank you, sir. >> thank you very much.

thank you. i, too, am pleased to be able to speak with you today about the future of the social security number. the social security number has a long history o utility as a identifier. i don't think that's the problem. united stat the use of it is as an identifier is no different than a phone or my name. the problem that the social security number has new dated so it's an authenticator of my identify. authenticators are only classifily useful if they involve something that you know exclusively, something you have, or something you are and they are kept confident issue. today social security numbers are so deeply comprised and so widely available in the public, albeit, often through criminal means, they can no longer be used as an authenticator. recent incidents like the breach that we've spoken of and

anniversary occurs this week have effectively disclosed the vast majority of previously confidential social security numbers. my own social security number, to my knowledge, has been breached at least three times in the past four years. so i feel this quite personally. as a result, in my view, any enterprise that continues to use a social security number as an authenticator is engaging in borderline privacy and security malpractice. some do. just the other day i was shopping at a bar renewal membership used the last four of my social security as a way to authenticating my identity. this was a governmental use. what should we do about it? what should we do in response to the problem? my judgment congress has three logical options. first, regulate or outlaw social security numbers. that's a plausible solution. one i respectfully think is not appropriate. that comes with all the usual

disadvantages of government intervention. regulatory gridlock, administrative -- as long as procedural shaf guards. i think a regulatory response will come with a great deal of expense and be a relatively slow result. perhaps even no quicker than the next solution which is do nothing. in a lot of ways, the market is addressing the problem. eventually the market will take care of the problem. the problem with that answer, of course, before it does, a great number of americans will suffer from data breach and identify theft. i think that's a second best solution. the best solution, in my judgment, and one of the joys of being in a think tank is your ability to think creatively. is to eliminate the utility of the social security number as an authenticator. make it impossible in practice

for anyone to continue to use it in this way. one simple and quite elegant solution that i offer both as a experiment and also as a possible practical solution is to simply publish a phone book with every citizens's social security number in it. in other words, by publishing it publicly, we would make it impossible for any enterprise to continue to legitimately use it as an authenticator of identity. to continue to do so after that and after a suitable transition time, within my judgment, would be negligenceble. one final point i would make is congress needs to look to its own house. repeatedly in law. we have mandated the collection of social security numbers as identifiers and sometimes continue to use them as authenticators. as my colleague has already testified to. at a minimum, i think it's incumbent upon congress to

review government's use of social security number and its processes. if only so by cleaning up our own house we can speak to the private sector with authority. i thank you for the opportunity to testify before you, and i look forward to the chance to answer any questions. >> thank you, sir. i appreciate your testimony. >> good morning. it's a proud honor to testify today and chairman johnson, it's an honor to work in your district. we have the largest u.s. location in plato, texas. as the senior vice president and cto, i sent our technical strategy to protect connected computing worldwide for consumers and business architectures. i worked in the field of cybersecurity for two decades, and have 24 u.s. and international patents in the fields of security, software,

and computer architecture. mcafee is one of the leading independent security companies providing solutions for business and consumers. the nine-digit social security number first appeared as an identifier in 1936, but has since become the de facto national identifier and federal credential. uses for which it was never intended. simply knowing a social security number has become accepted as a mechanism to impersonate an individual and the social security number has become the premier target for cyber criminals. social security numbers are sold in bulk in the black market for as little as $1 each and once stolen, a social security number c cannot easily be reissued or replaced. last year's breach resulted in 45 million users have their information comprised reminds us that the u.s. needs to modernize

the national identification standard. there are three elements that need to be discussed when we transition to a next identifier. in our current model, social security numbers play a role in all three. identify is an identifier that can be public. it's like an individual's twitter handle. it identifies an individual but simply knowing the handle doesn't enable someone to impersonate the account holder. whereas authentication is the process of proving that you are a specific identity and generally relies on one of three types of factors. either something you know, like a password, something you have like a smart card, or something you are. all three parts needs to be in scope for a next generation system. we have all the technology pieces to move toward a high

quality, high security, well thought out next generation identity management system based on strong authentication. what is more difficult is understanding the requirements that will be acceptable for both government and the citizens. we need to ask questions such as is this a solution exclusively for government-related services? how can a system be inclusive to all citizens regardless of wealth or access to advanced technologies? does the government bio metrics data base create privacy issues. how will recovery mechanisms work? what are the cost constraints funding options and timelines for implementing and maintaining the solution into the next generation and how long does the underlying photography need to last? this last question is interesting in that we're on the verge of quantum computing becoming a viable reality. quantum computing is well suited to break the underlying

photography that protects the world's data. specifically rsa, the public committee algorithm which is the heart of most protection and identity solutions. the next generation architecture must comprehend the quantum computing world we'll likely face in the next few decades. we need to look at what technology options are available and i have been asked whether things such as block change could be useful. i don't recommend it. the powerful technology providing property such as decentralized trust block chain brings scapability, complexity, and its own security challenges. in the case of the next generation system, we have a trusted central authority. the u.s. government. we need to focus on the problem that we're trying to solve and the one thing we must do is not use the current system that we have. a few quick recommendations, we need an identity management executive order that outlaws the use of social security numbers as authenticators.

we need to push federal agencies to act as value didaters of idey and mandate all service requiring the use of strong authentication. we need to let innovation flo flourish. it is an honor to testify to the subcommittee. i appreciate your interest in considering my recommendations. look forward to answering your questions. >> thank you for coming all the way from plano. >> you bet. >> mr. grant? >> good morning. thank you for the opportunity discuss the future of the social security number with you today. i'm here on behalf of the better identity coalition, an organization launched earlier this year focussed on bringing together leading berms from different sectors to develop a set of consensus, cross sector

policy that promote the adoption for better solutions for authentication. the coalition's founding members include recognized leaders from diverse sectors of the economy, financial services, health care, technology, telecommunications, and security. for members are united bay common recognition of the way we handle identity today in the u.s. is broken. that role i lead the identity team. i left government three years ago and i'm with a law firm in town now. i'm grateful to the committee

for calling the hearing today. the ssn is sake component of our identity infrastructure and the future of this number impacts every american. up front, i would submit that many of our challenges here are linked to more than 80 years of contradictions and policy around how the number should be managed and used. among the biggest contra additions? the ssn is presumed to be both secret and public. secret because we tell villages to guard their ssn closely. public because we have multiple laws that require individuals to give it out to facilitate all sorts of interactions with industry and government. secret because we then tell the entities to ensure if they store it, the law requires them to do, protect it. it's proven hard to do to the point where majority of american's ssns have been comprised multiple times over the last several years. these contreflect years of tryio balance several important roles

played by the ssn and social security administration. what is most important now is the government, one, recognizes these contradictions and put polici in place. tlibl are five areas where change is needed. first, when talking about the future of the ssn and whether it needs to be replaced. it's essential as was noted to understand the difference between the numbers' role as an identifier. and the use as an authenticator. ssn should no longer be used as authenticators. si it does not mean we need to replace them with some sort of new ssa issued identifier. i have yet to see a proposal not

involving spending billions of dollars and confusing americans with very little security benefit. third on the authentication topic there's good news. multistake efforts have 0 developed standards for next generation authentication that are being embedded in most devices. the government can play a role in accelerating the pace of adoption. even if we assume the ssn publicly known, it doesn't mean it needs to be used everywhere. many members would like to reduce where they use the ssn due to the risks it presents to them. they're running up against laws and regulations that require them to collect and retain the

ssn. the issue goes beyond the future use of the nine-digit number. what role should the government play in the future of the identity ecosystem. having agencies like ssa accept their role may be the most impactive thing the government can do. specifically like allowing consumers to start asking agencies that have their personal information to vouch for them for party in this case seek to do business with. the federal government should work to develop a framework of standards and rules to make sure it's done in a privacy protecting way and second get it started. i appreciate the opportunity to

testify today and look forward to answering your questions. >> thank you, sir. mr. lewis, welcome. thank you for being here. please proceed. >> thank you, mr. chairman. i thank the committee for the opportunity testify. one of the leading scientists of the 20th century said that an expert is an individual whose made all possible errors in a particular field. and i think that qualifies me as an expert in this issue, since i've been involved in programs like since 1992. none of which have worked. let's give it a try. we've heard that the ssn is a key identifier. it's unique to each individual. it's issued by a trusted source. and most importantly, it links to different data bases. so your ssn can link to your bank, your tax account, your driver's license. it's irreplaceable. it's invaluable for business. as we've heard, it's invaluable for crime. one estimate is that somewhere

between 60 and 80% of all social security numbers have been stolen. another estimate puts the cost of stolen social security numbers at $16 billion annually. i think the committee is on the right track by looking at ways to modern ice and strengthen the ssn. because this will provide real benefits and reduce crime. our goal should be to provide the same level of service and security that citizens expect from the private sector. or that citizens enjoy in other developed economies. there are several options for modernizing the ssn. these include fed rated a authentication of identity, public encryption, block chain, and smart cards. some of these have been tried in the past, but they face problems of complexity, cost, and they raise privacy concerns. simply publishing the ssn, as

you heard, is the least expensive option, butt doesn fix a the problems we face. an easy first step would be to replace the social security card with a smart card. a plastic card with an embedded chip. like the credit cards most of us carry. millions of commercial transactions are carried with the cards every day. most people are familiar with them, which would use the burden of acceptance and transition. the smart card provides a foundation for a secure social security number. when your credit card is stolen, your financial institution cancels the old one and issues you a new one. issues you a new number. you're linked to your account. your responsible for any legitimate charges, but you're not linked to the old number. and a similar approach might help us in thinking about how to streamline, modernize, and make the social security number more secure. social security administration could use a similar approach.

it could more a smart cart approach or contract it out to the private sector, a solution that other countries have used. further debate is required. i think we recognize that. there's no free replacement for the ssn. block chain technology may offer an option for modernized ssn but it's not ready, as you've heard. it's not yet mature. the best argument for smart cards is we already use them on a massive scale. companies and citizens are familiar with them, implementation, of course, could be difficult. we have the advantage of knowing that the technology and processes already work. because of our experience with credit cards and banks. thank you for the opportunity to testify. i look forward to your questions. >> thank you, sir. i appreciate that.

>> i'll live my time to five minutes. i'll ask my colleagues to limit their questions to five minutes, as well. acting commissioner berryhill, the alarming story about the child in arizona raises many questions about how social security treats identity theft victims. are you taking a close look at how you handle request or new social security numbers? >>r. chairman, i'm aware of the case you're referencing in arizona. thank you for bringing it to our attention. we have worked very hard with our staff to issue clarification policies to all of our front line employees. also held national calls with all managers, area directors, and we also decided that we would have regional experts available to the front line employees at the time when the time comes.

where they have a complex case. we took that immediate action and all those actions have been accomplished. >> with more than 1200 field offices, what are you doing to make sure that your policies are being followed? >> that's why we held national calls with our managers and area directors and oversight to our managers we will continue to do checks and balances to make sure that those policies are followed. i really believe having a regional expert there so the frontline employees can consult if they have questions will be a key change for ssa. >> you know i was shocked to learn that social security employees' voice mails tell callers to report their social security number with their name and phone number to get a return

call. how is that a good practice given all the concerns with the identity theft and phone scams? >> certainly understand that. i'm aware of that have. we do use the social security number to look up our records. certainly if an individual is not comfortable leaving their social security number, they should not do that. however, it does expedite the transaction when they call us back, we can certainly in the frontline pull up someone's record, have that available, so when we return that call we can quickly go through the process with them and answer any questions. but, again, if someone is uncomfortable, they should not leave their social security number. >> okay. well, maybe we ought to take another look at that. mr. grobman, this panel has talked about some big ideas today. what do you think? is now the time to take action? >> absolutely. i think the one thing that we

heard universally across this panel is using social security numbers as authenticate ors is something that needs to it be addressed as the most time critical element of the issue. there are clearly other issues on the fringe of social security number as an identifier. but from a magnitude perspective, looking to remove social security knowledge as an authenticateor is something we must act on immediately and in stress whatever it takes in order to make that a practical reality. >> we've been trying to do that for 20 years. mr. larsen, you are recognized. >> thank you, mr. chairman. i want to thank the panelists. we have an awful lot of hearings, but it's always refreshing when you actually have panelists who give you some solutions as well. ablgting secretary berryhill,

first of all let me commend you for your service. let me also knowledge that there is no one that's been working harder to make sure that we have a permanent charity secretary of social security than the chairman himself. and we support him in those efforts and hope the administration will act soon. but want to thank you for your service. i think there is unanimity on the committee with respect to authentication. how would you go about implementing that? and what is the cost of that? >> well, certainly some ideas, there are great ideas listed by the panel members. we'll take all of them and review them and cost them out. certainly not something i could address today. lots of ideas are good but then you have to look at the price tag that's tasattached to them. so again we'll go back and take a look at any ideas that the committee would like us to look

at. >> any ideas ton that, mr. grobman? >> i think one thing we need to recognize when we look at the price is the price of not taking action. so if you look at the cost related to fraud or misuse of social security numbers as authenticateors, my opinion is that is a staggering figure that needs to be comprehended when looked at the cost of impla e implementing a new plan. >> you have a number of solutions but one of the things that you emphasize is that we make sure that we steer clear of any bio metric solution. could you explain why? >> so when congress passed the privacy act in 1974, they were explicitly responding to and rejecting calls for a national identification system. their national identification systems that rely on bio metrics in other countries that raise really grave civil liberties and privacy concerns. for example, in india, their new

bio metric system add har, i think, was recently breached compromising the bio metric data on it's 1.2 billion citizens. i think that any problems with bio metric system are demonstrated by the recent breach of the opm. >> would all the panelists agree that's a reasonable concern? >> i think it very much depends on the problem that you are trying to solve. in india, part much what they were trying to solve was there was no starting point, and they needed to ensure that an individual only registered a single time for benefits. so by using bio metrics it prevented an individual from registering in one town and then walking down the road to another town and registering again. so in that case bio metrics was a practical technology in order to solve that specific problem. i don't believe we have that problem at the scale in the u.s. and, therefore, i think the points are well taken that we

should look for other less privacy intrusive mechanisms as a first step. and as mr. lewis mentioned, things such as smart cards can be a much more rapid practical option that could be distributed without requiring every citizen to have bio metrics record zb. >> is there a consensus amongst the panel with respect to smart cards? >> mr. rosen? >> i think it's a good interim solution. but to be honest the smart card security system is not itself terribly robust. we have all experienced credit card fraud as well as a result of a lot of that. on the issue of bio metrics, i think it really is a difference between a centralized database and distributed database. bio metrics as a localized

identifier is actually something that praum white houesident oba house supported because they are readily usable by most citizens than password. >> so you also objected to one of mr. lester's solutions. could you explain why and hopefully mr. lester will get a chance to reply? >> well, i don't so much object. regulation is clearly one of the normal tools in our toolkit here in washington along taxation. >> is it regulation or the efficiency of the ability to regulate? >> well, we all live in washington. i'm not a fan of our efficiency in the regulatory system. to take just to be brief about it, we have already acknowledged it would have to -- >> southern efficiency. no disrespect to anyone from the south. >> i think it would cost us quite a bit and take far too

long. >> gentlemen's tian's time is e >> thanks for being here. we had a coach in high school same name, called rosy, maybe the rest of the panel can do that. first of all, when wie think of the size and scope and the beneficiaries, anyone in the private sector comes close to facing these type of problems as far as making sure we are sending the right money to the right people and to the fact there is so much fraud in this system already. is there any approach out there that people are looking at that would make sense? >> so, you know, first of all, we need to protect our records, and our focus for the social security number has been collecting wage information and paying benefits. we have a robust anti-fraud process that we put in place. we review claims ahead of time. we'll flag certain high risk

claim. but as far as comparing that to the private sector, we have to make sure in government that our beneficiaries, our recipients are protected aen their data is protected. >> seemts to me the very nature of the way we do things today, we have a safe we put into that we cannot lock. there is somebody finding a way to get into this data all the time and yet we keep thinking well you know what, this is just the way we do things today. we are going to just have to keep going down that path. i just i'm really fascinated, mr. grobman, you said something i written down here, any indication of the cost to not find ago remedy do this. i this i knows thumbs would -- are so staggering. is there any idea? you keep doing the same thing over and over again and expect a different result. i don't see how we fix this the way we are going right now. so that cost of not fixing it, any ideas?

>> i don't have a quantitative number. >> yeah. nobody does. tas definition of insanity. >> it was one estimate from the economist and it was $16 billion a year. >> 16? >> billion, with a b. >> 1-6 and with a b, billion. okay. mr. grant. >> some companies have recognized problems with the social security number hand shifted their business models in response. can you share some examples in the private sector how people are addressing this? >> sure. so one of the founding members of our coalition is aetna, who their chief security officer jim roth and the team there led an effort i think launched in 2014, focused on reducing instances of the social security number within their systems. talking about costs, this is a six year, roughly $60 million investment that the company is voluntary undertaking because they think they can reduce the

risk profile by reducing instances of the ssn across their enterprise. and i think to date they eliminated about 10 billion instances not that they have 10 billion beneficiaries, but if i was one of them i probably had ssn in the system. companies are starting to do this today, and particularly fortune 500 companies holding onto ssn as a liability. but the cost is significant. can't happen overnight. they are also hindered as health insurancer required by the government to leverage ssn for all of the government business as well as any beneficiary they have to report to the government who has health insurance. so i highlighted this a little in my hoping testimony. a lot of government requirements out there that state that private industry has to collect the ss nas long as we have those out there, quite hard to eliminate it entirely. >> thank you. as we keep going forward then, we all look at this program, and we refer to it as entitlement

and some people say it's negative. no, it means you are entitled to this benefit because you paid into your whole life. i think there is total agreement on this committee and throughout the whole congress that we have to protect this program because it's so vital to our folks. i appreciate you all being here today. but could you please continue weighing in and give us other examples and other solutions to what it is we are trying to fix? this is so massive right now, i think it's one of those things sit back and say it's too big for us to work with. but i think mr. grobman it's going to get bigger and bigger and more expensive if we don't deal with it. >> absolutely. following up on the comment one of the things we need to look at is opportunity cost of continuing to try to protect social security numbers from becoming public when we know they are already public in so many cases. so although there are a number of interesting efforts put

forward in the last few years to reduce the disclosure of social security numbers, what i would ask is what if we repurchase posed all of those efforts into building a modern system so we simply use social security as a identity not authenticateor. >> very good. >> thank you, mr. chairman. great panel. i want to start by mr. lester, would you respond to mr. larson question that you didn't get a chance to respond to before. >> sure. so i think you are talking about the cost -- >> 30 seconds. >> i think you are talking about the costs of regulation, right. so mr. rosen talked about the cost of regulating this. and i'd just like to mention a cost which is $16.7 billion to be precise, that's the amount that was stolen as a result of identity theft in 2017. the cost of not regulating is in

the billions. and furthermore, what we are talking about is restoring the social security number to its original purpose, to it be used only by the social security administration, that's what it was intended for. congress has many times looked at this when they passed the privacy act in 1974, that's originally what it was intended to do. >> thank you. >> last month, mr. grant, the ways and means committee marked up a bill to protect children and consumers from identity theft. it was hr 5192. by helping reduce the prevalence of synthetic identity fraud, the bill would do this by facilitating the validation of identifying information provided by lenders. and upon the concesent of the

consumer through a database maintained by the social security administration. the bill is considered an important step that congress took to help prevent identity theft. but i wanted to get your view, very quickly, about what the extent this validation system will solve the problem or not? what's your thoughts? >> so i actually talked about this a bit in my written testimony but don't get into opening statement. it's a good first step. the idea goes to key point that i flagged, can we shift the model when it comes to identify services so government agencies like the ssa that are the authoritative roots of trust when it comes to my data, they have the truth in terms of what my name and ssn are, why can't i ask them when i'm opening an account to let my bank check to see if there is a jeremy grant with my ssn and date of birth in their system. so this new bill if it passes, and i think it's also in the

senate reform package for banking that's current wily in front of the house will be a good first step. but two things i'll add to that, fair credit reporting act. i wouldn't see why i wouldn't access that. and the other question that's come up if we are worried about synthetic identical fraud, this will take care of new accounts going forward. so one question has been should financial institutions have an opportunity to save one time window where they could retroactively put existing accounts out there to make sure they match. >> thanks. i appreciate that. look, there is widespread data breaches at the office of the personal management, home depo, j.p. morgan, target, u.s. postal

service. and of course equifax. and they highlight the need to focus our attention how better to authenticate identities. from a consumer protection standpoint, this is outrageous. hackers assessed personally identifiable information from millions of customer accounts. and the wrong hands access to social security security, address, birthday, could turn someone's life upside down. we must do everything possible to establish privacy safe guards of social security, protecting the individual's personal information to ensure their identities are protected, must be one of our top priorities. should the burden be on the government to create a unique

identifier to verify individuals? or should it be on the private corporations to establish unique identifiers with their clients? anybody? mr. lester. >> so i think that's where the importance of context specific identifiers comes into play. so if you are transacting with a company, you have a unique identity for that company. that way if an identity thief steals that identifier they don't have access to all your accounts and enter new accounts in your name and destroy your financial life. >> congressman, if i could just add in the many attempts we've had to come up with national identifier we have learned there is only one trusted source and that's the government. that's why ssa is the default identifier. people don't trust other sources. >> thank you. but i must add this point to you. are we really serious about doing this? are we really serious about

changing the culture? which is a different thing. and why haven't we done more? we need to ask ourselves that question. >> you are right. thank you for your questions. >> thank you. >> mr. ice, you are recognized. >> you know, this is incredibly complicated problem. but it's not new. this is not new. identify theft has existed since people had identities, right. i'm thinking about in law school and commercial paper, in order to allow for the free flow of commerce, we had laws to protect c consumers. so a bank had a duty to have your signature. that applies here too, doesn't it? i mean, if somebody negligently

releases your personal information, don't they have liability for that? mr. lester? >> absolutely. the burden is on the companies that collect this information. it's important to stress that equifax chose to collect them on consumers. consumers did not provide that to equifax. and when they were breached they put the costs on consumers by charging them for credit freezes and fraud monitoring. and i think it's also important to stress that there needs to be -- >> did ex-wa fax have liability for that? >> absolutely. which is why i need to stress there needs to it be in any privacy law private right of action for consumers to get redress. >> so you are advocating for a specific identifiers for everything? and i think i heard mr. grant say he didn't have a problem

with social security as national identifier. i think you said the same thing, mr. grobman, and you did too, mr. rosen. and i kind of agree with you. everybody has an identifier, right, it's their name at the very least. but the name is not unique. i mean there is a lot of tom rice out there. so you would need some identifier to make commerce work. and i don't know why social security can't do that but it can't be authenticateor because it's not private anymore. right? mr. rosen? >> using my social security number as authenticateor is as stupid as using last four letters of my last name as my authentiteor or the last four digits of my phe number, which is another mobile phone numbers now that they are mobile, everybody has one, and it's probably one you'll keep for the rest of your life even if you move to

washington. >> and i just think, personally, just as a matter of common sense, i think completely the idea that you would completely eliminate any sort of unique identifier is just not practical. i mean, we have to have some kind of unique identifier, and i don't know why it count be your social security number. so i would think that the way to attack this problem, because i don't care what we do, i don't care if we come up with the most, you know, beautiful and comment pl complex system that would do away with any hacking today, tomorrow the hacker will figure out something different. this is in the new. it's been going on since the beginning of time ap it's going to keep on going on. so i would think that the way to attack this is kind of like they did with commercial paper, in that we should put liability on people who negligently release your information. mr. rosen?

>> there has been at least one proposal by a colleague of mine to make people strictly liable for that. for myself i would probably prefer negligence over strict liability. but i do think what you are onto is exactly the right economic answer which is putting the obligations on the least cost avoider. one of the reasons that i kind of like my fans full proposal of plub cages, is it makes it impossible for any one to maintain the idea of security for the social security numbers and authenticateor. liability would be not opportunity. >> what do you think about that, mr. grobman. >> cyber crime is a market driven enterprise. cyber criminals are looking to steal things of value. and the reason that cyber criminals are looking to steal social security numbers is in today's world they have value because they can be used as an authenticateor. one of the most practical ways to stop the theft is to devalue what they are going after.

and that is in general a much more practical mechanism at scale than trying to have the world -- >> i have to stop you because i only have ten seconds. if you all would respond to this by raising your hand, do any of you -- who of you have a problem with using social security numbers as an identifier but not authenticateor? one. one out of eight. thank you. >> time is expired. miss sanchez, you are recognized. >>hank you, mr. chairman, and thank you to all of our witnesses. social security numbers were originally created as a way to track earnings and never meant to be used as identifier in the private sector. the social security number has since morphed into a tool used to authenticate individuals in a number of different situations. greatly expanding the universe of people and companies who have access to this incredibly valuable information.

the ubiquity and widespread use of social security numbers has led consumers vulnerable to identify theft helpless to stop it. as we all know social security numbers are incredibly valuable for identity thefs and can be used to open new accounts or even take out mortgages leading to ruin for innocent consumers. and as technology continues to advance at alarming rates, they are increasingly vulnerable to cyber use. recent data breaches secure this information and just how valuable social security numbers in other personal data are. the equifax alone comprised over 145 million american -- compromised over 145 million americans personal data including their social security numbers. that's almost half of the u.s. population who are now at risk for identity theft or financial

fraud. social security have become the default identifier because they are truly unique. standardized and can be verified. but as more and more of our personal information is available on the dark web for cheap, we need to start thinking about the best ways to identify and verify individuals. mr. lester, i'd like to begin by asking you, american consumers don't have a full picture of what information is being collected about them. what kind of data is being collected about americans and are companies required to protect it? >> thank you. so first i'd just like to clarify raising my hand to represent tive rice poll question because it wasn't a yes-or-no answer. i don't have a problem with the social security number being used as an identifier for social security. to answer your question, companies are now collecting vast amounts of data on consumers and the problem is consumers do not have control over this data. when equifax collects data from

consumers, it's getting it from other commercial sources and consumers are not providing it to equifax. so in addition to limiting the use of the social security number in the private sector, consumers need to have control over their personal information. there needs to be a default credit freeze so that companies like equifax can only disclose your information when consumers have opted in. this would solve the problem of identity thieves opening new accounts in your name if equifax could only pull your credit when you as the consumer have affirmatively given them permission to do so. >> great. but i want to get at sort of a larger question that folks wonder from time to time. are companies required to protect that information? >> there is no federal standard right now for data security. the federal trade commission does enforce data security when

companies -- you know, they have authority over unfair and deceptive practices. so if a company is it representing, they have good data security, like uber they represented over and again our data security is great when in twakt it was nonexistent. but no there needs to be national standards that set a baseline. because states need to have the freedom to regulate upward in this area because it's a dynamic and evolving field. so there needs to be a federal standard ta sets a floor for data security. >> i would agree with that. and i would just say that i believe most consumers believe that companies are required to protect their information. mr. lester, could you talk a little more about how context specific identifiers work and the medical identification number that they use inc canada? >> oh, yes. so the medical identification

number in canada, as i understand it, it's a unique context specific identifier. i'm not super familiar with it. so i can certainly get back to you with more information on that. >> i would appreciate it. because i would be interested in knowing how that specifically works because it might be instructive in terms of setting policy for how we begin to rein in the ubiquitous use of the social security number. >> and there are many other examples of context identifiers. in my statement i mentioned it the university identifier that's recent innovation like universities, georgetown, my school where they give you a nine digit id number in lieu of using your social security number. >> thank you. and i yield back. >> thank you. dr. wynne strop. you are recognized. >> thank you, mr. chairman. i appreciate it. thank you for all for being here. mr. rosen, i don't have a question for you, i just wanted to say a shot at saying your name and i hope i got it right. >> perfect. >> thank you. my question is for miss

berryhill but listening to mr. johnson's story earlier i'm reminded of a song called secret agent man, giving you a number and taking away your name. that's a concern obviously. but i want to ask you about getting a new social security. when you lose your credit card or it gets stolen, i'll tell you what, that bank wants to get you a new one right away. one because they want you to use it again. and two they want to make sure that no more money comes out of their account. because it personayffts them as well. and i don't see the same for the social security administration in that environment. because if you think about it, when someone's social security is taken the fraud is either at the bank or through the irs, taxpayer, maybe if someone is getting your social security check, it may affect you, i don't know. i'm kind of asking about that. but why do we make it so difficult to get a new number when that really is the problem? because i don't know that there is the same amount of concern on

the social security administration like there is at the bank when your credit card gets taken. and i know it might be mentioned like $34 to get a new card. that might be a lot on your end but it's pretty small on the other end where the fraud is taking place. so why is it so difficult to get a new number? >> so usually it's a last resort to issue a social security a new card, new number, because it doesn't always solve the problem. many times banks, other companies will cross reference the old number to the new number. so you haven't really solved the problem in many situations. we do look at misuse. are people disadvantaged. not get can a loan or irsz tax returns. but again i hope recent change in looking the at our instructions to our frontline will help that. but our number again is really designed to collect wage information and to pay benefits. as you can see, many of the

examples are really about credit card fraud, banking fraud, not about our programs. >> let me get back to my question. there is no harm, monetarily or otherwise to the seshl security administration's budget. it's usually affecting someone else. so you don't have the invested interest that the bank does in this situation. and the cross referencing, that doesn't need to happen. get rid of the old number. they don't need to keep that data. so i don't find that as a very good answer as to that being a problem. so i really think you into he had to take a look at what can be done to get somebody a new number. because that's exactly what a business is going to do. if your identifier is stolen, they have a motive to get you a new one to protect themselves. but i don't think you are at risk sw someone's social

security number is taken away. so there is not this desire to solve this problem. but $34 if that's what it cost, that's a pittance to the hundreds or thousands of dollars that are going out on the other end. i just want to clarify that. because there is really no detriment to the social security administration. is that right? >> well, i don't know if i would agree with that. certainly if we opened up the flood gates and said everyone that wants a number come and get one. >> no, no, you have to have a reason. not just say i don't like the number it ends in an odd number and i want an even number. let's be realistic here. we are talking about people that have been victimized not just anyone who wants a new number. >> and, again, we believe that we want to do due diligence, we want to know what happened to that number. >> i get that. why is it so hard? why is someone told they have to change their name? >> that was a prop nate answer

to say to change your name. >> thank you. i think we need to look into that 23ur9. i yield back. thank you. >> thank you. is mr. swie gear here? >> i apologize. we have another meeting running at the same time so running back and forth. >> if you care to make some questions. >> and i actually had a couple. have you ever actually start today write down a couple questions and where some of us have brutal disagreements on the utilization of node networks, wenstrup, but it's also a threat to certain companies, so i want to take one gigantic step backwards because i missed a number of the questions here. if i came to all of you either as policy, technology experts and said, how do we design almost a single port hole in our society that whether have a

combination of multi, i'm a big fan of certain token trade office with bio metric and password. so you can go on there and see your last ten years of irs tax returns, of your social security benefits, of your veterans discharge, your, you know, where all these things that we as government, all of us as government hold on you, and create a single port hole so you can see them, sweek ert, but in a way that would be safe, robust, elegant, sch. and we've actually been sketching out a concert of sort of a pass cord bio metric to a token back. if i was to run down the line, a, is that just tech owe utopian? but, b, would it actually not only solve our issue here on the misuse of social security numbers but also some of the other policy decisions we as congress and ts bureaucracy have

made starting documents for medicaid population and now having to get unique identifiers, and chaos i expect to come from that. rundown, let's start, if i came to you and said i don't want a simple incremental solution, i want a disruption of a more unified portal, can it be done? >> so my first concern was if that unified portal was breached, does that mean all of my information is then out there? >> it wouldn't if we designed permissions. so we'll probably get to that. but there is a way. so let's right now for theoretical say we were able to produce levels of security. >> i would certainly be willing to work with you on any ideas that you have. but again my concern that if one portal, everything was breached, we would be in a worse situation

today. >> okay. it sounds like a nice aspirational idea. federal government in terms of designing such a comment plex systems does not have a great track record and extremely costly. >> we were thinking we would go to mcafee. >> so very difficult to do. >> so moving towards centralized databases is exactly the wrong approach. i would use the example of container ships. they are compartmentalized so if there is a rocky wave, all the oil is not in one container to cap size ts ship. it's the same with identity. >> so why do countries like estonia and others have incredible success that create levels of permission, unified portal but different levels permission and pass and security? >> is that for me? >> yeah. >> i don't know about the case of estonia. as i understand it's a much smaller country. >> what's your coding background? >> i'm sorry? >> what's your coding background. >> my coding background chblt i

don't have a coding background. >> i'm sorry, i was trying to go more technical. i'm not being mean. >> i would say estonia is it a good case study. my concerns would mostly be about scale ability issue. it is much smaller. i think such a system is at least feasible within context of design. i do share some people's concerns that u.s. government large scale procurement programs like this never seem to actually get there. so even if we could idealize it, the government sector might not quite get it. >> and let's be brutally honest they'll be a knife fight because you are interrupting a lot of bureaucracy power and authority. >> it can be absolutely be done. >> if you look at large scale whether it's financial services, whether it's some of the models, there is numerous capabilities. the private sector has built a set of protocols that enable one

entity to do authentication, and then alou that authentication to be honored like others, things like am you'll. really the discussion needs to be about getting the right balance between privacy and security. >> you hit one thing i fix yat on, and that is hit quantum, you have to have a token. because i think anal ga rhythm is under threat. >> so, one of the key points i made in my written testimony is although we haven't settled on which to use, we can design it inability swap algorithms out. >> you don't think a token system would be more robust? >> i think that it is part of the solution, but i think the underlying crip to go free that needs to be used does need to

eventually -- >> i need to learn more. >> gentleman's time has expired. >> thank you for that. i have to disclose i've had a lot of caffeine. >> to keep pace of the identity thieves we need to start thinking beyond just protecting social security numbers and start thinking about how to make the numbers less valuable to criminals in the first place. you know, it's time to take a hard look, i think, at the future of social security numbers and to decide what needs to change to better protect americans from identity theft. this hearing has given us a good starting point and i look forward to working with my colleagues in the future to figure out the next steps forward. americans are counting on us to get this right. they want, need, and deserve nothing else. thank you to all our witnesses for our testimony today. and i thank you to our members for being here.

with that. >> -- >> i recognize. >> i want to thank the chairman. this is indeed one of the more interesting panels that we have. and as you can tell a number of our panels still have a lot of questions. what we'd like to ask to you if you could smith to us in writing, because it was very valuable to get urine put. and the chairman has already indicated we as a committee will meet internally to digest what you send us in writing in terms of our solution, and also the urgency that you all attach with this, especially as the chairman has already outlined under authentication, and how we might proceed. because this was a very fertile and productive meeting. i thank the chairman. >> thank you. >> and i appreciate the opportunity to respond. >> thank you. and thank you all for being here. we appreciate your preference. with that, the subcommittee stands adjourned.