on the farm bill. we will have that on c-span. on c-span2, house lawmakers will get an update on the 2020 federal census. coverage of the house oversight committee hearing begins at 9:00 a.m. eastern. on c-span3, academics and technology executives. about the potential of quantum toputing, which tries harness the potential of quantum mechanics to process information. house energy and commerce subcommittee hearing starting at 9:15 eastern time. next, the acting head of the social security administration and cyber security officials talking about the dangers of identity theft. witnesses gave recommendations regarding data privacy laws, identity authentication, and social security number modernization. the house ways and means subcommittee hearing on social security is about 1.5 hours.

security card and number were created in 1936 so we could correctly determine benefits. today's use of social security numbers for everything, you need one. benefitsso when you get a job, a house, or open a new credit card, given all the ways we use it, it's no wonder social are a valuables target for identity thieves. for years, i have been dedicated to doing all i can to protect from identity theft by

protecting the privacy of social security numbers. usedary ids no longer social security numbers. and medicare is now sending new cards without social security theers to seniors across country. last year, congress made all the federal agencies stop mailing documents that contain social security numbers unless it is absolutely necessary. for a long time, keeping social security numbers secret meant keeping them safe, but after so many high-profile data breaches wherequifax and anthem, hundreds of millions of social security numbers were stolen, it is clear they are not a secret anymore. and it is time we stopped pretending that they are. , it is stillke

important to limit the unnecessary use of social security numbers, but if we want to keep pace with identity thieves, we need to think beyond just keeping them. today, whatear makes these numbers so valuable to identity thieves is how we use them. using social security numbers both to identify someone and to prove their identity does not make sense. but we have been doing it forever. we need to break the link between identification and authentication. we will also hear from social security about what it takes to get a new social security number when it has been stolen and when it is often harder to do than it should be. i recently learned of the case of aizona where the mother

child whose social security number had been stolen was told she needed to change her name,er's name and last first, middle, and last name, before her daughter could get a new social security number. can you believe that? that is wrong. but what is worse is having to change your name isn't social security policy. hoop to jumpra through made up by a field office employee. little girlappy the eventually got a new number without having to change her name, getting a new number should not be so difficult. it should not take a local news story were call from a congressional office for social security to do right by those looking for help. ,dentity theft is on the rise

and we must take a hard look at the future of social security numbers, both how it is used and if social security needs to do things differently. we have a responsibility to do all we can to better protect americans from identity theft. i want to thank our witnesses for being here today, and i look forward to hearing your testimony, all of you. i will now recognize mr. larson for his opening statement. andhank you, mr. chairman, let me echo your sentiments and a knowledge that you have been a leader in the united states congress both in protecting the integrity of the social security program from fraud and abuse, and certainly, in this case, of identity theft, which threatens

the entire system. as you indicated, mr. chairman, the recent data breach at equifax has left more than 145 million people wondering whether they will have their identity credit damaged. their ability to get a mortgage, small business loan, or even a job is at the whim of criminals who have stolen information w to eck havoc on-- to wr their financial security. it does not matter where you are , whether you are six weeks old or 96 years old. cyber criminals do not care. their only interest is in profiting from your identity in a way that makes them as much money as possible. is justately, equifax one in a long list of data breaches where personal information about hard-working men and women has been compromised, including social

security numbers, which is the subject of today's hearing. problem of identity theft is well-known. it affects our entire economy. we need to come together in a bipartisan way to strengthen privacy protections and safeguard financial security. i thank you, mr. chairman, for your efforts in reaching out along those lines as well. , both government and business, need to change their ways. the widespread use of social security numbers as a way to both identify and authenticate individuals poses an ongoing risk of identity theft. that onlyice assumes i have access to my social given theumber, but extensive data breaches, this is no longer a safe assumption. as i believe our witnesses will all agree.

there is a role for both government and industry. unfortunately, there are steep headwinds in this flight -- plight. the pace of innovation by cyber criminals presents a very difficult and foreboding challenge. at the same time, we must be sure that the solutions to better protect information are accessible to all americans, even those of us who are less at depth the new technologies. finally, we must he put america privacy concerns in mind about how it is used, and who controls it. just as we must come together to protect americans personal identity information, we should also come together to protect the future of social security itself. i know that my dear friend and colleague shares my concern in this. we need to have a hearing on the

future of social security itself. we have proposed bills and legislation. it is time that we expand the most successful program in the nation's history, knowing that as we go forward, and it's important to protect it and very hard to secure it from fraud and also to understand that this is an insurance program that needs to be made actuarially sound. whens last touched in 1983 ronald reagan was president and o'neill was speaker of the house. it is an actuarial problem that can and should be addressed to not only protect the future of americans but also as disparity grows in this great country of ours, the one thing that every single person in this nation can count on is that social security has never made a payment. we have an obligation on this committee and as members of

congress to make sure that the integrity of the program and also its viability goes beyond the 75 year requirement that we are sworn to serve, and with that, mr. chairman, i yield back and look forward to the hearing from to our dispute was panel. comments.ou for your as is customary, any member is welcome to submit a statement for the record, and before we move on to testimony, i want to remind our witnesses to please limit your oral statements to five minutes. , all of thection rich in testimony will be made part of the hearing record. we have seven witnesses today seated at the table. , acting commissioner of the social

security administration, and incomedirector security for government accountability office, samuel lester, consumer privacy counsel , electronic privacy information pauer, toll roads and we -- l -- that's not right. rozenswie. >> steve groman, senior vice president and chief technology officer of mcafee. ,eremy grant, coordinator better identity coalition. james lewis, senior vice policynt, technology program center for strategic and international studies. acting commissioner, please begin your testimony.

>> the scope of our program is enormous. for supplemental income recipients. during fiscal year 2017, we paid $134 billion to social security ssificiaries and recipients. in addition, we posted earning items to workers record last year. this underpins the programs we administer. the nine digit number in 1936 to allow employers to accurately report earnings and determine eligibility for benefits. today, we have issued around 505 million unique numbers to eligible individuals.

the social created security number for our programs, it has become a personal identifier used broadly across government and the private sector. for example, in 1943, the executive order required federal agencies to use the ssm, advances in computer technology and data processing in the 1960's for the increased use of the number within federal agencies. for example, in 1961, the federal civil service commission began using it as an identification number for all employees. began usinghe irs it as a taxpayer identification number. the 19 70's, congress enacted legislation requiring the number for a variety of federal programs. over the decades, use of the ssn grew, not just in federal government, but throughout the states and local government banks, credit bureaus,

hospitals, and other parts of the private sector. increased the ssm has , and so have the opportunities for its misuse. we have made changes to try to protect the integrity of the number, including strengthening the security of the ssn card and requiring additional proof. establishing programs that ensure accurate and timely of the ssn such as enumeration at birth program that assigned ssn's to newborns and verifying employment eligibility and other programs. unfortunately, ssn misuse, identity theft, continues to increase. we understand the distress and economic hardship victims of identity theft have faced. we advised them on how to contact the federal trade commission and law enforcement, investigate.

in certain circumstances, we assign a new number to a victim misuse who has been this advantaged due to misuse of the number. it is important to know that assigning any number is often a last resort. because it can cause more its songs.an for example, the absence of a credit history makes it more difficult to obtain credit to buy a house or car. of thes a recognition affects identity theft can have it we refine our policies in this area. our goal is to serve the needs of the victims. the added flexibility to our policies where needed and encourage employees to coordinate with experts in our regional offices. we will continue to do what we can to mitigate the effects of ssn misuse. we cannot alone solve the problem of overreliance on the .sn as long as the ssn remains key ,o assessing things

particularly credit, the ssn itself will have commercial value and continue to be targeted by fraudsters for misuse. broad publict is a policy issue that must be addressed. andplaud the chairman subcommittee for their efforts to protect the ssn, including mandating the removal of the ssn from medicare cards and documents mailed by federal agencies. are an important step. however, addressing identity theft requires a unified effort that includes this subcommittee in congress, the administration, public and private experts throughout the country. our chief information officer is here with me today. he and i look forward to hearing the ideas during today's hearing. thank you. i will be happy to answer any questions you may have. thank you. i appreciate your testimony.

welcome again. please proceed. >> chairman johnson, ranking member larsen, and members of the subcommittee, thank you for inviting me here to discuss observations on the extent to which the paper social security card is used and what it cost to produce. million social security cards and numbers since the program began in 1935. originally, the ssn was not intended to serve as a personal identifier outside of us is a's program, but due to its uniqueness, government agencies and entities used the ssn as a convenient means of identifying people. however, as everyday transactions are increasingly conducted electronically, it raises questions about whether a paper card is still needed or desirable to verify a person's ssn. will first discuss

whether there are any federal requirements to present a social security card. second, i will discuss common situations in which other public or private sector stakeholders may ask to see the card to conduct business. finally, i will discuss stakeholder views about the potential implications of you many many guards, including -- eliminating the cards. there are requirements to provide an ssn. we found no statutory requirement and only two regulatory requirements to show a card. both were to verify an individual's ssn under certain narrow circumstances such as for uniformed service members seeking to change their ssn. customary uses of the cards outside of the federal government, we spoke to a variety of associations representing human resource managers, the finance sector, higher education institutions, and state agencies. the stakeholders we spoke with

describe a variety of instances in which individuals may present a card among other acceptable forms of documentation in order to verify their identity or their ssn. for employment, all u.s. employers must verify and document a newly hired employee wash employment eligibility -- employee's employment eligibility. although the card is most this,ly used document for it is just one of many to prove they are eligible to work in the united states. other examples of acceptable documents include a u.s. passport or permanent resident card among others. reason employers may ask to see a card is to verify the accuracy of the employee's ssn because employees can be submitting inaccurate wt forms. the card is commonly used to apply for a java's license under the real id act of 2005. -- drivers license under the real id act of 2005.

they must provided to verify their identity. the card may also be used as documentation when setting up financial accounts or to resolve s s andscrepancies -- discrepancies. providing the card is not required. they provided their perspective on the implications of eliminating the card. one advantage of showing the card is to ensure the accuracy of it instead of relying on someone's memory. the card alone is not sufficient to ensure the identity of the card holder. other forms of identification are usually needed. most of the stakeholders we interviewed indicated their processes would not change significantly if the card work eliminated. it would continue to collect ssn's as required but provide other documents for verification purposes or electronically verify the ssn with the ssa.

also provided their perspective that eliminating the card may result in limited cost savings, if any. in 2016, estimated -- ssa estimated the cost to produce a card ranged from six dollars for a replacement card requested online to $34 for a card requested in person at a field office. staffestimates include time, technology, paper, printing, postage, and overhead. if the card were you, only some of these costs would be saved -- eliminated, only some of these costs would be saved. estimate of the savings based on the printing, paper, and mailing cost accounts for only $.60 of the cost of the card. stated theicials agency spent about $8 million in fiscal year 2016 on paper, printing, and delivery of the card. implementing a new system to replace the card could offset these savings. other implications of a card

list electronic system included security and control over personal information and potential barriers for people with limited access to technology. this concludes my prepared statement, and i would be happy to answer the committee's questions. thank-- chair johnson: you. i appreciate your testimony. mr. lester, welcome. please go ahead. johnson,r: chairman ranking member larsen, members of the subcommittee, thank you for the opportunity to testify today. my name is sam lester. i am the council at the electronic privacy information system. it is a nonprofit research organization here in washington, d.c., established in 1994 to focus public attention on the privacy and civil liberties issues. i appreciate your interest in this critical topic. i cannot overstate the urgency

that we update our privacy laws. there is no other form of personal information that poses a greater threat to privacy than the social security number. the recent equifax breach exposed the social security numbers of over half of the u.s. adult population. an ssn was never meant to be all-purpose identifier in the private sector. inn it was first introduced 1936, it was to be used only for the administration of social security taxes. the fact is that it is now so pervasive is both -- as both an identifier and authenticator, username and password, has undoubtedly contributed to the alarming rise of data breaches, identity theft, and financial fraud. thes are the keys to kingdom for identity thieves. a criminal in possession of your ssn can file fraudulent tax is in your name, open new accounts in your name, take out lines of credit, and many other forms of fraud.

home, are about to buy a for instance, you could experience your worst nightmare when a lender pulls her credit and sees your fica score is too low to qualify for a loan to someone has fraudulently run up dead in your name. for someone who has experience to account fraud, it can take years to recover financially. in 2017, identity theft impacted almost 7 million consumers. -- 17 million consumers. they cannot protect themselves from the misuse of the ssn. the social security administration will only replace your ssn in the most extreme circumstance does. for -- circumstances. furthermore, the credit reporting agency makes it even more difficult for consumers. credit monitoring and fraud alert services do not adequately protect consumers. had hisof lifelock identity stolen 13 times after he displayed his real social security number in a commercial that was supposed to demonstrate

how effective his product was in preventing identity that. there have been recent efforts to limit the use of the ssn, but much more needs to be done. in 2017, medicare finally announced it would remove ssn's from cards, the result of an effort led by chairman johnson of this committee. a number of states have taken steps in the right direction. for instance, alaska prohibits both privaten's by companies and the government without explicitly all authorization. this would be a good model for federal legislation and also shows why federal law should not prevent states from enacting their own safeguards. to limit the devastating financial harm caused by the misuse of the ssn, congress should take the following measures. first, the ssn should be prohibited in the private sector without explicitly authorization. be prohibitedld

from compelling consumers to disclose their ssn as a condition of sale or service unless authorized by law. second, congress should promote specificopment of identifiers. if you are going to do banking, you have a bank account number. if you are obtaining a driver's license, you have a drivers license number. the advantage of these context specific identifiers is if finally, congress must not replace the ssn with a national biometric identifier. this would be a very bad idea. this would pose serious privacy and security risks. a breach in the office of personnel management in 2016, hackers targeted to decide -- targeted digitized fingerprints. opportunity tohe

testify today. i will be happy to answer your questions. >> thank you. i appreciate your testimony. mr. rosensweig. >> thank you very much. i, too, am pleased to be able to speak with you about the future of the social security number. it has a long history as an identifier. am pleased to be able to speakthe used as an identifier o different than the use of i phone number or my name. the problem is that the social security number has mutated in its use said it is now an authenticator of my identity. authenticators are only useful if they involve something that you know exclusively, something that you have for that you are

and they are kept confidential. social security numbers are so deeply optimized and so widely available in public, they can no longer be used as an authenticator. this is because recent incidents like the equifax reach have effectively disclosed the vast majority of previously confidential social security numbers. my own number to my knowledge has been breached at least three times in the last four years. i feel is quite personally. that view, any enterprise continues to use the social security number as an authenticator is engaging in borderline privacy and security malpractice. yet some do. i was shocked that a bar renewal membership used the last four numbers of my social security number to authenticate my identity. this was a governmental use. what should we do about that?

in my judgment, congress has three logical options. the first is to regulate or outlaw social security numbers. that is a plausible solution but one that i respectfully think is not appropriate. that comes with all of the usual disadvantages of government intervention. enforcement mechanisms are necessary along with procedural safeguards. i think a regulatory response will come with a great deal of expense and be a slow result. perhaps even know quicker than the next solution, which is to do nothing. in a lot of ways, the market is addressing this problem. the disutility of social security numbers is on the decline. the problem is that before of theforces take care

problem, a great number of americans will suffer from identity theft. opinion istion in my theliminate the utility of social security number as an authenticator. make it impossible in practice for anyone to continue to use it in this way. one simple solution that i offer both as a thought experiment and a possible practical solution is to simply publish a fun book of book citizens -- a phone of every citizen's social security number. that would make it impossible for any enterprise to legitimate use it as an authenticator. judgment, using it afterward would be per se negligence. congress needs to look to its

own house. law, we have mandated the collection of social security numbers as identifiers and continued to use them, as my colleague has already testified to. at a minimum, i think it is incumbent upon congress to review the government's use of the social security number and its processes. -- if only so by cleaning up our own house, we can speak with authority. i look forward to the chance to answer questions. >> thank you. i appreciate your testimony. good morning. it is a proud honor to testify johnson, wehairman have our largest u.s. location in plano, texas.

our strategy to protect connected computing worldwide for both consumers and business architectures. i have worked in the field of cybers ecurity for two decades and have put before u.s. and international patents in the field of security, and software architecture. mcafee is one of the world's leading security companies. the nine digit security number first appeared in 1936 but has since become the de facto national identifier and federal credential, uses for which it was never intended. simply knowing a social security number has been accepted as a mechanism to impersonate an individual and the social security number has become the premier target for cyber criminals. social security numbers are sold -- in bulk in the black market.

once stolen, the number cannot easily be replaced. last year, the equifax breach resulted in 144 million american users having their identification tom price. there is three elements -- identification compromised. there are three elements we need to address. model, social security numbers play a role in all three. identity can be public, it is like a twitter handle. simply knowing the handle does not enable someone to impersonate the account holder, whereas authentication is the process of proving that you are a specific identity and generally relies on one of three factors. either something you know, something you have, or something you are.

athorization is granting specific capability or benefit to a specific entity. to be in parts need scope for a next-generation system. we have all the technology to move toward a high quality, high security, well thought out next-generation identity management system based on strong authentication. what is more difficult is understanding the requirements that will be acceptable for both government and the citizens. we need to ask questions such as, is this a solution exclusively for governments related services? how can a system be inclusive to all citizens regardless of wealth for access? does a government biometric database create unacceptable privacy issues? how will recovery mechanisms work when technology assets are lost? what are the cost constraints

and timelines for implementing and maintaining a solution into the next generation and how long does the underlying cryptography need to last? this last question is interesting in that we are on the verge of quantum computing becoming a viable reality. quantum computing is well-suited to break the underlying cryptography that protects the world's data. thepublic key algorithm is heart of most protection and identity solutions. a next-generation architecture must comprehend the quantum computing world we will likely face. we need to look at what technology options are available and i have been asked whether things such as block chain could be useful. i do not recommend it. block chain brings scalability, complexity, and its own security challenges. in the case of our next generation system, we have a

trusted central authority, the u.s. government. we need to focus on the problem that we are trying to solve and the one thing we must do is not to use the current system that we have. quick recommendations, we need an identity management executive order that outlaws the use of social security numbers as authenticators. we need to push agencies to act as a validator's of identity and mandate all federal agencies to use strong identification. to let the private sector work on this and move faster on implanting quantum algorithms to protect data and identity solutions. it is an honor to testify to the subcommittee. i look forward to answering your questions. >> thank you for coming all the way from plano. >> you that. >> mr. grant, welcome. thank you for the opportunity

to discuss the future of the social security number today. i am here on behalf of the better identity coalition, launched earlier this year to bring together leading firms from different sectors to develop a sense of consensus to promote the adoption of better solutions for identification and authentication. founding members include leaders from diverse sectors of the economy including health care, fin tech and security. way we handle identity in the u.s. is broken. we desire to see the public and private sectors work together to find a solution. years worked more than 20 on this problem. i also let the identity team.

i left government three years and now work with a law firm in town, a leading cybers ecurity firm.ers the ssn is a key component of our identity infrastructure that impact every american. here areur challenges linked to more than 80 years of contradiction in policy over how this number should be used. the ssn is simultaneously presumed to be both secret and public. secret because we tell individuals to guard it closely, public because we have laws that require individuals to give it out. secret because we tell those entities to ensure that if they start, which the law requires them to do, to keep it private.

the majority of ssn's having compromised multiple years -- multiple times in the last few years. these contradictions are not the result of anything malicious. they come from trying to balance several important roles played by the ssn and the social security administration. it is important that the government recognizes these contradictions and puts policies in place that are more and enhances security and privacy. i believe there are five areas where change is needed. when talking about the future of is essential to understand the difference between the number's role as an identifier and an authenticator which can prove who i am. ssn should no longer be used as

authenticators, we stop pretending that this number is secret or that knowledge can be used to prove that someone is who they claim to be. just because as a sense should so longer be used -- ssn' should no longer be used as identifiers, does not mean we should replace them with a new identifier. rather than create a new identifier, our focus ought to be on crafting better authentication that is not isendent on the ssn and resilient against modern vectors of attack. on authentication, there has been news. the world wide web consortium has developed standards that are being embedded in most devices, operating systems and browsers to enhance security, privacy and user experience. the government can play a role accelerating -- in the pace of adoption.

the ssn does not need to be used everywhere. many members of the coalition would like to reduce the places it is used. are running up against laws and regulations that require them to collect and retain the ssn. we need to focus not just on the ssn but the future of the social security administration. this goes beyond the future use of a number to encompass a broader topic. what role should the government play in the identity ecosystem? there is no question that in 2018, the ssa is in the identity business. it is time to acknowledge that fact then contemplate what that means. having agencies like ssa accepted their role here maybe the most impactful thing the government can do to help solve our challenges. by allowing consumers to ask agencies that have their personal information to vouch for them. departmentsother

can offer a lot, this was embraced in the 2016 report from the bipartisan commission on enhancing cybersecurity, the federal government should work to develop a framework of standards and goals to make sure this is done in a secure way and fund work to get it started. i appreciate the opportunity to testify today and look forward to your questions. >> thank you. thank you mr. chairman and ranking members, i think the committee for the opportunity to testify. one of the leading scientists of the 20th century said that an expert is an individual who has made all possible errors in a particular field. i think that qualifies me as an expert since i've been involved in programs like this since 1992, none of which have worked. ssn is therd how the key identifier, it is unique to each individual.

sourcessued by a trusted and most importantly it links to different databases so you're ssn can link to your bank, your tax account, your drivers license, it is irreplaceable. it is invaluable for business but also for crime. one estimate is that summer between 60% and 80% of all social security numbers have been stolen. another puts the cost of stolen social security numbers at $16 billion annually. i think the committee is on the right track by looking at ways to modernize and strengthen the ssn. this will provide real benefits and reduce crime. our goal should be to provide the same level of service and security that citizens expect on the private sector for the citizens enjoy in other developed economies. there are several options for modernizing the ssn. these include federated

authentication of identity, public encryption, block chain in the smart cards. some of these have been tried in the past but have faced problems of complexity, cost, and raise privacy concerns. simply publishing the ssn as you heard is the least expensive option but it does not fix all the problems we face. the first step would be to replace the social security card with a smart card, a plastic card with an embedded chip, like the credit cards that most of us carry. millions of commercial transactions are carried out with these cards every day. most people are familiar with them which would ease the burden of acceptance and transition. a smart card provides a foundation for a secure social security number. when your credit card is stolen, your financial institution cancels the old one and issues you a new one. you're still linked to your

account and still responsible for legitimate charges but not linked to the old number and a similar approach might help us in thinking about how to streamline, modernize and make the social security number more secure. social security administration could use a similar approach, administer a smart card approach or contract it out to the private sector, a solution that other countries have used. further debate is required in a think we all recognize that to decide which modernization option is best and equally important, how we will pay for it. there is no free replacement for the ssn. chain technology may offer an option for a modernized ssn, but it is not ready. smartst argument for cards is that we already use them on a massive scale. implementation would be difficult.

any change for so venerable institution will be difficult but we have the advantage of knowing that the technology and processes work because of our experience with credit cards and banks. thank you for the opportunity to testify. i look forward to your questions. >> thank you. i appreciate that. now look to questions as is customary for each round of questions. i will limit my time to five questions and advise my colleagues to do the same. acting commissioner, the alarming story about the child in arizona raises many questions about how social security treats identity theft victims. are you taking a close look at how you handle requests for new social security numbers? i am aware of the case in arizona and thank you for bringing that to our attention. we have worked hard with our

staff to issue clarification policies to all of our front-line employees. we have also held national calls with all managers and directors and we have decided that we would have regional experts available to the front-line employees at the time where they have a complex case. we would consider this situation a complex case. having those regional health -- those regional well-trained experts, on issuing new ssn's would help. all these actions have been accomplished. fieldh more than 1200 offices, what are you doing to make sure your policies are being followed? >> that is where we held national calls with all of our managers in our directors to have oversight and we will continue to do checks and balances to make sure those policies are followed. i believe having a regional expert there so the front-line

employees can consult if they have questions is going to be a key change for us. i was shocked to learn that social security employees' voicemails tell callers to record their social security number with their name and phone number to get a return call. how is that a good practice given all the concerns with identity theft? >> i certainly understand and am aware of that situation. we use the social security number to look up our records. if an individual is not comfortable leaving their social security number, they should not do that. however, it does expedite the transaction when they call us back, we can pull up someone's soord and have it available we can quickly go through the process with them and answer any questions. if someone is uncomfortable, they should not leave their social security number.

>> maybe we ought to take another look at that. has takenn, this pill a look at some big ideas today. is now the time to take action? >> i think the one thing we heard universally across this panel is using social security numbers as authenticators is something that needs to be addressed as the most time critical element of the issue. there are clearly other issues on the fringe of social security number as an identifier but from a magnitude perspective, looking to remove social security authenticator is something that we must act on immediately and invest whatever it takes in order to make that a practical reality. >> we have in trying to do that for 20 years. mr. larson, you are recognized.

, we want to thank the panel have an awful lot of hearings but it is always refreshing when you have panelists who give you solutions as well. acting secretary, let me commend you for your service. let me acknowledge that there is no one who has been working harder to make sure that we have a permanent chair of the secretary of social security and the chairman himself. we support him in those efforts and hope that the administration will act soon, but want to thank you for your service. there is unanimity on the committee with respect to authentication. how would you implement that and what is the cost of it? ideas, we have heard great ideas from the panel members today, we will take all of them and review them and cost

them out. not something i could address today. lots of ideas are good but you have to look at the price tag attached. we will go back and take a look at any ideas that the committee would like us to look at. >> any idea on the price, mr. grobman? >> we need to recognize the price of not taking action. if you look at the cost related to fraud or misuse of social security numbers as authenticators, my opinion is that is a staggering figure that needs to be comprehended when looking at the cost of implementing a new plan. >> you have a number of solutions but one of the things that you emphasize is that we make sure we steer clear of any biometric solutions. could you explain why? >> when congress passed the privacy act in 1974, they were

explicitly responding to and rejecting calls for a national identification system. the national identification systems that rely on biometrics in other countries raise grave privacy concerns. in india, their new biometric was recently breached, compromising the biometric data on its 1.2 billion citizens. any problems with a biometric system are demonstrated by the recent breach. >> would all the panelists agreed that is a reasonable concern? >> it very much depends on the program -- problem you're trying to solve. in india, there was no starting point and they needed to ensure that an individual only registered a single time for benefits. by using biometrics, it prevented an individual from registering in one town then

walking down the road to another town and registering again. was at case, biometrics practical technology in order to solve that specific problem. i do not believe we have that ,roblem at scale in the u.s. therefore the points are well taken that we should look for other less privacy intrusive mechanisms as a first step. cards canh as smart be a much more rapid practical option that could be distributed without requiring every citizen to have biometrics recorded. >> is there consensus with respect to smart cards? >> i think it is a good interim solution. card honest, the smart security system is not itself

terribly robust. we have all experienced credit card fraud as well as a result of a lot of that. biometrics, it is the difference between a centralized database and a distributed database. biometrics as a localized identifier is something that president obama's white house supported as a substitute for passwords because they are more readily usable than passwords. you also -- >> you also objected to mr. lester's solution. can you life? -- can you explain why? is one of the normal tools in our toolkit here in washington alongside taxation. >> is it regulation or the efficiency of the ability to regulate? >> ini fan of our efficiency in the regulatory system.

to be brief, we have already acknowledged that it would -- >> northern charm and southern efficiency. no disrespect from anyone from the south. >> it would take us far too long and cost quite a bit. >> mr. kelly, you are recognized. >> thank you for being here today. i had a coach in high school with her last name, we just called him rosie. thank you for being here. when we look at the size and scope of a program and the number of beneficiaries, is there anybody in the private sector that comes close to facing these types of problems as far as making sure we are sending the right money to the right people, with so much fraud in the system, is there any approach that would make sense? first of all, we need to

protect our records and our focus on the social security number has been collecting wage information and paying benefits. anti-fraudobust process, we review claims at of times, we flag high risk claims. comparing them to the private sector, we have to make sure that our beneficiaries are protected and their data is protected. it seems to be the nature of the things -- the way we do things today. we have a safe that we cannot lock. someone is finding a way into this data and we keep thinking this is just the way we do things. we will just have to keep going down that path. anyfascinated -- is there information on the cost of not finding a remedy to this? those numbers would be so staggering that most of us would not want to discuss it.

what the costdea of not fixing this is doing? it seems you are doing the same thing over and over and expecting a different result. any ideas on the cost of not fixing it? >> i don't have a quantitative number. >> know he does. one estimate was $16 billion per year. billion with a b. >> 1-6 and with a b. >> some companies have recognized problems with it and have shifted their business models in response. can you share some examples in the private sector how people are addressing this. >> one of the founding members of our coalition is aetna.

their chief security officer and the team their lead -- led an effort that launched in 2014 focused on reducing the instances of social security number within their system. talking about cost, this is a six year roughly $60 million investment the company is voluntarily undertaking because they think they can reduce their risk profile by reducing the instances of the ssn across their enterprise, and i think today, they have reduced 10 billion instances. not that they have 10 billion beneficiaries, but that shows you if i am one of their customers, i probably had my ssn in about a dozen different locations. you are starting to see fortune 500 companies holding onto ssn or looking at it as a liability, but the cost is significant. it cannot happen overnight. they are also hindered in that as a health insurer, they are required by the government to muchage the ssn for pretty all of their government business as well as any beneficiary who they had to report to the

government had health insurance. i highlighted this a little in my opening testimony. a lot of government requirements are out there that state that private industry has to collect the ssn. as long as we have those out there, it will be quite hard to eliminate it entirely. >> some people refer to it as entitlement and some say it is a negative term, but that means you are entitled to this benefit because you paid into it your entire life. i think there is total agreement on this committee and throughout the whole congress that we have to protect this program that is so vital to our folks. i appreciate you being here today, but could you continue weighing in and give us other examples and other solutions to what it is we are trying to fix? this is so massive right now, i think it's one of those things you sit back and say it is too big to work with, but it is only going to get bigger and bigger and more expensive if we don't do it. >> absolutely. i think following up on that

comment, one of the things we need to look at is the opportunity cost of continuing to try to protect social becomingnumbers from public when we know they are already public in so many cases. although there are a number of put forwardefforts in the last few years to reduce the disclosure of social security numbers, what i would ask it what if we repurpose all of those efforts into building a soern authentication system that we simply use social security number as an identity, not an authenticator? >> very good. thank you. >> mr. lester, would you respond to mr. larson's question that you did not get a chance to respond to before? >> share. >> you have 30 seconds. >> i think you are talking about the cost of regulation.

i would just like to regulate this, which is $16.7 billion to be precise, the amount that was stolen as a result of identity theft in 2017. furthermore, what we are talking about is restoring the social security number to its original purpose, to be used only by the social security administration. that is what it was intended for. congress has many times look at this when they passed the privacy act of 1974 -- that is originally what it was intended to do. >> thank you. last month, mr. grant, the ways and means committee marked a bill to protect children and consumers from identity theft. hr 5192. by helping reduce the prevalence

of synthetic identity fraud. the bill would do this by facilitating the validation of identifying information provided consentrs and upon the of the customer -- consumer, rather, i'm sorry -- through a database maintained through the social security administration. the bill is considered an important step that congress took to help prevent identity theft, but i wanted to get your tow they were quickly about what extent this validation system will solve the problem or not. what's your thoughts? >> i talk about this in my written testimony between not get to it in my opening statement. i think it is a great first step. key issue is to a flag in my opening statement, which is can we shift the model a little bit so the government agencies like the ssa that are the authoritative roots of trust

when it comes to my data -- they got the truth in terms of what my name and my ssn are -- why can i not ask them when i'm opening an account to let my bank check to see if there really is a jeremy grant with my ssn and date of birth in their system? will be a good first step, but two things i would add to that -- it's only limited to account openings covered under the fair credit reporting act. i cannot imagine as a consumer why i would not want to ask ssa to validate that for everybody, and a think the other question that has come up is if we are worried about synthetic identity fraud, this will take care of new account openings going forward, but there's probably thousands if not millions of synthetic accounts that are out there today, so when question has been -- should financial institutions have an opportunity to -- they have a one-time window where they can retroactively put existing accounts out there to make sure

things match. >> thanks, christopher. thanks for that. these widespread data breaches at the office of personnel management, home depot, jpmorgan , target, u.s. postal service, and, of course, equifax. they highlight the need to focus our intention on how better to authenticate identities. from a consumer detection standpoint, this is outrageous. access -- access personally and definable on millions of customer accounts, and in the wrong hands, access to social security numbers, birth data, address, and drivers license number can turn someone's life upside down. we must do everything possible .o establish privacy safeguards

protecting the individual's personal information to ensure their identities are rejected must be one of our top priorities. should the burden be on the government to create a unique identifier to verify individuals, or should it eat on the private corporations who establish unique identifiers with their clients? anybody? >> i think that is where the -specifice of context identifiers comes into play. if you are transacting with the company you have a unique identifier for that company. that way, an identity thief steals that identifier. they do not have access to all your accounts and cannot open new accounts in your name and destroy your financial life. >> congressman, if i could just add in the many attempts we have had come up with the national

identifier, we have learned there's only one trusted source, and that is the government, and that is why ssn is the default identifier. people do not trust other sources. >> vista chairman, thank you, but i must add this point. are we really serious about doing this? are we really serious about changing the culture, which is a haven'tt thing, and why we done more? we need to ask ourselves that question. >> you are right. thank you for your questions. >> this is an incredibly complicated problem, but it's not new. this is not new. identity theft has existed since people had identities, right? i remember thinking back to law school and commercial paper and in order to allow for the free .low of commerce

we have laws to protect consumers with commercial paper, so a bank had a duty to know your signature, right? if somebody forged your check, it was not your problem. it was the banks problem. that kind of applies here, too, doesn't? negligently releases your personal information, don't they have liability for that, mr. lester? >> absolutely. the burden is on the companies that collect this information. it is important to stress that equifax chose to collect information on consumers. consumers did not provide that information to equifax. when equifax is breached, they are the ones that put the cost on the consumer by charging them for credit freezes and fraud monitoring, and i think it is also important to stress that there needs to be another point of action. >> does equifax have liability

for that? >> absolutely, which is that any distress there needs to be in any action law private right of action. >> you are advocating for specific identifiers for everything. mr. grant say he did not have a problem with social security as a national identifier. i think you said the same thing, and i kind of agree with you. everybody has got an identifier, right? their name a very least. the name is not unique. is --s a lot of tom rice tom rices out there, so you need some sort of national identifier i would think to make commerce work, and i don't know why social security could not be that, but it cannot be an authenticator because it's not private anymore, right? >> using my social security number as an authenticator is as

stupid as using the last four letters of my last name as my authenticator. mythe last four digits of phone number. thate phone numbers, now they are mobile, everybody has one and it's probably what you will keep for the rest of your life. personally,ink that as a matter of common sense, i think completely the idea that you would completely identified -- i mean, eliminate any sort of unique identifiers just not practical. we've got to have some kind of unique identifier, and i don't know why it could not be your social security number. i would think that the way to attack this problem -- i don't care what we do. i don't care if we come up with the most beautiful and complex system that would do away with any hacking today, tomorrow, the hacker is going to figure out something different. this is not new. it's been going on since the

beginning of time and it's going to keep going on. toould think that the way attack this is kind of like they did with commercial paper and that we should put liability on negligently release your information. >> there has been at least one proposal by a colleague of mine who was in the last administration to make people strictly liable for that. for myself, i would probably overr a negligent standard strict liability, but i do think that what you are onto is exactly the right economic answer, which is putting the obligations on the least cost avoided. like my fanciful proposal of allocation is that it makes it impossible for anyone to maintain the idea of security for the social security number as an authenticator. liability would be another opportunity. >> what do you think about that? market drivenis a enterprise. cyber criminals are looking to

steal things of value. the reason cyber criminals are looking to steal social security numbers is in today's world, they have value because they can be used as an authenticator. one of the most practical ways to stop the theft is to devalue what they are going after, and that is in general and much more practical mechanism at scale than trying to have the world -- >> have got to stop you because i only have 10 seconds. if you would respond to this by raising your hand. do any of you -- who of you have a problem with using social security numbers as an identifier but not an authenticator? one out of eight. thank you. >> and the sanchez, you are recognized. >> thank you, mr. chairman, and thank you to all of our witnesses. social security numbers were originally created as a way to track earnings and were never

meant to be used as an identifier in the private sector. security number has since morphed into a tool used to identify and authenticate individuals in a number of situations, greatly expanding the universe of people and companies who have access to this incredibly valuable information. the ubiquity and widespread use of social security numbers have let consumers vulnerable to identity theft helpless to stop it. they can be used to open new accounts and credit cards or even take out mortgages often leading to financial ruin for unsuspecting and innocent consumers. totechnology continues advance at alarming rates, unique social security numbers are increasingly vulnerable to cyber theft and rodger riney use. recent data breaches demonstrate the urgent need to secure this just howon and valuable social security numbers and other personal data are. the equifax hack alone comprised

over 145 million americans -- pardon me, compromise over 145 million americans' personal no e data including social security numbers. the sum of cap the population now at risk for identity theft or financial fraud. social security numbers have become the default identifier because they are truly unique, standardized, and can be verified, but as more of our personal information is available on the dark web for cheap, we need to start thinking about the best way to identify and verify individuals. i would like to begin by asking -- american consumers do not have a full picture of what information is being collected about them. what kind of data is being collected about americans, and our companies required to protect it? >> thank you. first, i would like to clarify raising my hand to the poll question because it was not a

yes or no answer. i do not have a problem with the social security number and used as an identifier for social security. to answer your question, companies are now collecting vast amounts of data on consumers, and the problem is that consumers to not have control over this data. fromequifax collects data consumers, it is getting it from other commercial sources. consumers are not providing it to equifax. in addition to limiting the use of the social security number in the private sector, consumers need to have control over their personal information. there needs to be a default that companieso like equifax can only disclose your information when consumers have affirmatively opted in. this would solve the problem of identity thieves opening new accounts in your name, if equifax could only pull your credit when you as the consumer have affirmatively given them --mission to do so pierce of permission to do so.

>> i want to get at a question -- are companies required to rotect that information? >> there is no federal standard right now for data security that the federal trade commission does enforce data security when companies -- you know, they have authority over unfair and deceptive practices, so if a company is represented they have good security, like the case representing over and over again their data security was great when in fact it was nonexistent, but, no, there needs to be national standards and set a baseline. states need to have the freedom to regulate upward in this area because it is a dynamic and evolving field. there needs to be a federal standard that sets a floor for data security. >> i would agree with that, and i would say i believe most consumers believe that companies are required to protect their

information. could you talk a little more about how context-specific identifiers work and the medical identification numbers that they use in canada? >> oh, yes. so the medical identification -- as in canada understand it, it is a unique context specific identifier. .'m not super familiar with it >> i would be interested in knowing how the specifically works because it would be instructive. >> there's many examples of context specific identifiers. in my statement, i mentioned the university identifier that is a recent innovation by universities like georgetown, my school, where they give you a nine-digit id number in lieu of using your social security number.

>> thank you, and i yield back. >> thank you. >> thank you. i don't have a question for you. i just wanted a shot at saying your name, and i hope i got it right. >> perfect. listening ton is mr. johnson's story earlier, i'm reminded of a song called secret agent man, so we are giving you a number and taking away your name. that is a concern, obviously, but i want to ask about getting a new social security number. when your car gets stolen, that bank wants to get you a new card right away. they want you to use it again and i want to make sure no money comes out of their account because it personally affects them as well. i do not see the same for the social security administration in that environment. if you think about it, when so meant -- when some buddies social security numbers taken,

the fraud is either at the bank, or through the irs, the ispayer, maybe somebody getting your social security check, but why do we make it so difficult to get a new number when that really is the problem? i don't know that there is the same amount of concern on the social security administration like there is on the bank when your credit card number gets taken. i know some and he mentioned it might be $34 to get a new card, and that may be a lot on your end, but it's pretty small on the other end where the fraud is taking place, so why is it so difficult to get a new number? usually, it is the last resort to issue a new card or new number because it does not always solve the problem. many times, banks, other companies will cross-reference the old number to the new number. you have not really solved the problem in many situations. we do look at its use. if people are disadvantaged, not

getting alone, tax returns and so forth, but again, i hope that our recent change in looking at our instructions to our frontline will help them. our number again is really wagened to collect information and pay benefits. as you can see, many examples are about credit card fraud, banking fraud, not about our program. >> let me get back to my ,uestion -- there is no harm monetarily or otherwise, to the social security administration's budget. it is usually affecting someone else, so you don't have a vested interest at the bank does in crossituation, and a referencing, that does not need to happen. they get rid of the old number. they don't give that data -- they don't need to keep that data. i don't find that as a very good answer. i really think you need to take a look at what can be done to get somebody a new number

because that is exactly what a business is going to do. if you're identifier is stolen, they have a motive to get you a ,ew one to protect themselves but i don't find that you are at risk when somebody's social security number is taken away in any way, so this not this desire to solve this problem, but $34, if that is what it actually costs to give somebody a new card, new number, whatever the case may be, that is a pittance to the hundreds or thousands of dollars going out on the other end. i want to clarify that because there's really no detriment to the social security administration. is that right? would agreenow if i with that. certainly if we open up the floodgates and set everyone that wants a new number, come on and get 1 -- like no, no, no, you have to have a reason, not just say i don't like the number because it ends in an odd number and i won an even number. let's be realistic. we are talking about people that have been victimized, not just anyone who wants a new number.

>> again, we believe we want to do due diligence. we want to know what has happened with that number. we want to make sure it is appropriate to assign them a new number. >> i get that. why is it so hard. why is someone told they have to change their name? >> that was not an appropriate answer. >> thank you. i think we need to look into that further. i yield back. thank you. >> thank you. >> [inaudible] running at the same time. i am a multiemployer, so we are running back and forth. >> i actually had a couple -- have you ever started to write down a couple of questions, and where some of us have little disagreements on the utilization but it's alsoks, a threat to certain companies.

i want to take one gigantic step backwards because i missed a number of the questions here. i came to all of you either as policy, technology experts, and said, how do we design almost a single porthole in our society, -- i a combination of multi- am a big fan of certain token trade-offs with a biometric and a password. so you can go on there and see the last 10 years of your irs tax returns or of your social security benefits. ,our veterans discharged, your you know, where all these things that all of us have government hold on you, and create a single porthole where you could see them, but a way that would be safe, robust, elegant, and we have actually been sketching out a concept of sort of a passcode biometric to a token.

if i were to run down the line, is that just techno-utopian, but would it actually not only solve our issue here on the misuse of social security numbers but also some of the other policy decisions we as congress and the bureaucracy have made of starting to blind documents for our medicare population and those kinds of things and now having to get unique identifiers and the reissuing of such things in the confusion and cascade of chaos i expect to come from that? said ime to you and don't want a simple incremental solution, i want a disruption of a unified portal, candid be done? >> my first concern was if that unified portal was breached, does that mean all my information is out there? >> it would not if we designed permissions. we will probably get to that, but there is a way.

let's right now theoretically say we were able to produce levels of security. >> we would certainly be willing to work with you on any ideas you have, but again, my concern that if one portal everything was breached, we would be in a worse situation than today. >> it sounds like a nice, aspirational idea. the federal government in terms of designing such complex systems does not have a great track record, and it is extremely costly. and it is very difficult to do. >> moving towards a centralized database is exactly the wrong approach. i would use the example of container ship. they are compartmentalized so there is a rocky wave, all the oil is not in one container to capsize the ship. it is the same with identity. >> why do countries like estonia and others have incredible success because you create levels of permission that require -- it is a unified

? rtal like different levels about the case of estonia. as i understand, it is a much smaller -- >> what is your coding background? >> my coding background? i don't have a coding background. >> i was trying to go more technical. i'm not being mean. i would say estonia is a good case study. my concerns would mostly be about scalability issues. i think that such a system is at least feasible within context of design. i do share some people's concerns that u.s. government large-scale procurement programs never seem to actually get there, so even if we could idealize it, the government sector might not quite get it. >> let's be brutally honest -- there will be a knife fight because you are interrupting a lot of bureaucracy layers

>> it can be done. when you look at the authentication done today, whether it is large-scale services -- there are numerous capabilities the private sector has built, a set of protocols that enable one entity to do authentication, and allow that authentication to the honored by others -- to be honored by others. the discussion used to be around getting the balance between privacy and security. >> you often have to have a token. i think algorithmic is under threat. >> one of the key points i made in my written testimony is even though we have not settled on what quantum save algorithms to system suchdesign a that we have the ability to swap algorithms out.

>> you don't think a token system would be more robust? >> i think it is part of the solution, but the underlying cryptography that needs to be used in the solution eventually -- >> i need to learn more. >> the gentleman's time has expired. >> i will talk after, but thank you for tolerating me. i need to disclose, i've had a lot of caffeine. >> thank you. to keep pace with identity thieves we have to start thinking beyond just protecting social security numbers and start thinking about how to make the numbers less valuable to criminals in the first place. it is time to take a hard look i think the future of social security numbers and decide what needs to be changed to better protect americans from identity theft. this hearing has given us a good starting point, and i look forward to working with my colleagues in the future to figure out the next steps

forward. americans are counting on us to get this right. and deservesed, nothing else. thank you to all of our witnesses for your testimony oury, and i thinank members for begin here. >> i want to thank the chairman. this is indeed one of the more interesting panels we have had. a number of our members still have a lot of questions. what we would like to ask of you is if you could submit to us in writing -- because it was valuable to get your input -- the chairman has orientated we as a committee will meet -- has indicated we as a committee will meet to discuss your solutions thethe urgency w hich chairman outlined under authentication and how we might proceed. this was a very fragile and -- w

as a very fertile and productive meeting. i thank the chairman and the opportunity to respond. >> with that, the subcommittee stands adjourned. >> that was good, boss. chatter] >> on friday, house lawmakers get an update on the 2020 federal census. live on c-spans two. on c-span3, economics and technology executives will talk about the potential of quantum computing, which attempts to harness the potential of quantum mechanics. potential us