By NICHOLAS BEADLE
Scripps Howard Foundation Wire
July 23, 2006
For the past four years, the 57-year-old former insurance adjuster has lost sleep to gain boxes crammed with public records, many plucked from county clerks and recorders' Web sites. They have one golden kernel: Social Security numbers, usually partnered with enough information to open a fraudulent line of credit - or worse.
From her home in Hanover County, Va., she writes and calls the holders of the numbers she turns up, many of whom did not know their records were online. Her Web site, the Virginia Watchdog, has a page devoted to political leaders whose Social Security numbers she has found with ease.
Some of her best finds: former CIA chief Porter Goss, former Secretary of State Colin Powell and the president's brother, Florida Gov. Jeb Bush - and their wives.
"We're just spoon-feeding criminals," Ostergren said.
Over the past seven decades, the Social Security number has evolved into the primary identifier in nearly every facet of American life. Because of that, many believe it is time to add a few more keys to the chain - or completely change the lock.
"The Social Security number was never intended to be a universal identifier," said Marc Rotenberg, executive director of the Electronic Privacy Information Center. "Everything sticks to it. It's like flypaper."
After the first number was assigned in 1936, the Social Security Administration struggled to persuade the public to protect the cards. More than 40,000 Americans, for example, used a number from a faux Social Security card inserted into wallets made by the E.H. Ferree Co. in the late 1930s. Worse, the number was the real tracker of the company vice president's secretary.
The Social Security number's spread as an identifier began in earnest with a 1943 executive order that it be used "exclusively" when federal agencies started new recordkeeping systems. Despite that, for several years Social Security cards were marked with pleas that neither they nor the number be used as identification.
When the federal government expanded in the 1960s, so did the number's applications. The Internal Revenue Service made it the heart of its taxpayer identification system in 1962. Medicare and Medicaid lobbed more responsibility onto the number in 1965 by forcing most Americans older than 65 to have one.
The next five years saw the Social Security number become the default ID for U.S. soldiers and Veterans Administration hospital patients and become an integral authenticator in banking and securities.
And as the number accrued more responsibility, it also gained more gratuitous display - on service tags, Medicare cards, driver's licenses and college ID cards.
The most dangerous confluence of use and exposure, however, came in the early 1990s, said Robert Ellis Smith, author of "Ben Franklin's Web Site: Privacy and Curiosity from Plymouth Rock to the Internet." Credit agencies began using the number as their chief means of verifying applications, and the Federal Trade Commission started allowing the trade of the number and other personal information.
"Without that, you wouldn't have much identity theft," said Smith, publisher of the Privacy Journal newsletter.
That opened the door for Social Security numbers to be dealt on black-market sites that can appear and evaporate within a day, said Beth Givens, executive director of the Privacy Rights Clearinghouse, a California-based consumer-rights group. And with close to 90 million records breaches at government agencies, universities and corporations in the past year and a half, she said there is no telling how many Social Security numbers have fallen into the wrong hands - and how many times.
Identity theft has dipped from about 10.1 million victims in 2003 to roughly 8.9 million in 2005, according to a survey performed by Javelin Strategy and Research, a business consulting firm. But because identity thieves are using information to open more new credit lines and accounts rather than pilfering from existing ones, the average cost per case has risen from $5,249 to $6,383, said Rubina Johannes, a Javelin research analyst.
State, federal and business leaders need to develop a uniform policy on when and how the number should be used and collected, said Barbara Bovbjerg, Government Accountability Office director of education, work force and income security. Most of the impetus to protect the number remains on the consumer, she said, but there are many weak spots in the number's use.
Some Social Security numbers are easily accessible through public records placed on the Internet by a few county clerks and recorders, Bovbjerg said. But in those districts, she said, officials are torn between protecting their constituents' vital information and preserving thousands of accessible, often un-standardized records.
Consumers also find double standards in government and business. The Social Security Administration implores new cardholders to protect their numbers, but advises them to carry a Medicare card that clearly displays the tracker at all times, Bovbjerg said. Of the 23 credit-card-issuing banks and credit unions Javelin ranked as the best at fraud protection, Johannes said almost half still use full Social Security numbers in consumer communications.
Headway has been made in protecting the number. Recent antiterrorism legislation has made it illegal for states to put Social Security numbers on driver's licenses, Bovbjerg said. Most American colleges no longer use it as their standard identification number. A May GAO report found that online consumer-information brokers offered few full Social Security numbers.
In March, the GAO recommended to the House Ways and Means Committee that Congress pass legislation to limit the wide trade of Social Security numbers, if only because no alternatives are even near the horizon.
But fortifying information likely to have been exposed a dozen times only increases the incentive and effort to nab it, said Kerric Harvey, an associate professor of public affairs and media at George Washington University.
"The Social Security number has outlived its usefulness," she said. "We're using staple guns, we're using Silly Putty, we're using Scotch tape, we're using all kinds of things to build on.
"That's not smart management; it's bad citizenship and it's ineffective protection."
Harvey favors a system of three "consistent, replaceable" identifiers that would include a linguistic code and the use of biometrics - identification based on physical attributes such as fingerprints, eye structure and hand geometry.
Safer, less dramatic methods of authentication are already available to creditors and others in the private sector, Givens said. For example, she said they could install automated systems that match multiple types of information about a person - phone number, birth date, current address - to verify their identities instead of hedging everything on nine digits.
Or, Rotenberg said, new methods could simply be phased in to lessen the Social Security number's burden. "We need unique identifiers, not universal identifiers," he said. "Would you really want one key to unlock all the doors in your life?"
But wide use of the number will not be extinguished anytime soon, Bovbjerg said. The Social Security number is a key tracker of income for disability benefits and child support and America's chief social-welfare program.
And despite its overexposure, the Social Security number still has one draw that keeps government agencies and companies flocking to it.
"It's just not as convenient to use multiple variables," Bovbjerg said. "It's really an issue of balancing the risk of identity theft versus the convenience of getting credit at the Ford dealership.
"I don't think anybody knows if that threshold has been reached."
On the Web:
Scripps Howard News Service, http://www.shns.com
Publish A Letter on SitNews Read Letters/Opinions