SSA Reconsiders Web Site

reeder@erols.com

At a House hearing on Tuesday, witnesses and members of Congress disagreed on whether the Social Security Administration's system allowing Americans to access their earnings and benefits records on the World Wide Web should be reinstated as is, revised radically or permanently discontinued.

The hearing of the Social Security Subcommittee of the House Ways and Means Committee grew out of public concerns that allowing individuals to receive Social Security information via the Internet would expose that information to hackers.

On April 9, SSA suspended its interactive Personal Earnings and Benefits Estimating Statement (PEBES) system, which allowed an individual to obtain a complete history of her or his earnings, Social Security and Medicare payments and estimates of old age, disability and survivor pensions. To get the information, a user had to enter his or her name, Social Security number, date and state of birth and mother's maiden name.

Acting Social Security Commissioner John J. Callahan said at the hearing that there were no reported incidents of abuse of the system during the one month it was operational. But he noted that as many as 40 percent of the inquiries were invalid, suggesting either that individuals were mis-entering information or that unauthorized people were trying to break in.

A later witness, Evan Hendricks, editor and publisher of Privacy Times, testified that, as recently as last year, SSA employees had been prosecuted for selling earnings information to "information brokers."

SSA has provided earnings and benefits information by mail upon request since 1988 and is required by law to provide annual reports by mail to all Social Security contributors 25 years of age and older, beginning in the year 2000. Individuals can continue to request PEBES statements on the Social Security Web site, but for now the information will be mailed to the requester.

At Tuesday's hearing, witnesses including General Accounting Office staff, the SSA inspector general, and privacy and security experts agreed on three points:

  • SSA's objective of making information more accessible was laudatory.
  • SSA ought to have assessed to privacy implications more carefully before taking PEBES online.
  • Callahan acted wisely on April 9 when he discontinued the service temporarily after controversy erupted.
SSA inspector general David C. Williams noted that while the online PEBES system had handled 28,000 inquiries in its first month, more than 50,000 inquires were processed in the two days after a story appeared in USA Today suggesting the potential for misuse.

Witnesses and committee members offered a wide range of prescriptions for fixing the system, such as limiting the information provided online to pension estimates only, adding more security and authentication features, or setting up a process for individuals to be included in the online database only if they elected to be included.

A representative of the Junior Chamber of Commerce made a strong plea for turning PEBES back on as soon as possible, noting that younger Americans are already skeptical about the Social Security system and welcome online access to their information.

On May 5 in Hartford, Conn., SSA began a series of public forums on the issue to be held around the country. Callahan promised to report to the committee on the results of the forums and refused to speculate on what SSA would do with the interactive PEBES until after they are completed. Hearings are expected to be held over the next 60 days. The next is in Des Moines, Iowa, on May 16.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
FROM OUR SPONSORS
JOIN THE DISCUSSION
Close [ x ] More from GovExec
 
 

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.