Is the Federal Government Losing Your Personal Information? Reps Say To Keep It To Yourself

Se­cur­ity ex­perts say most Amer­ic­ans are likely to have their sens­it­ive per­son­al in­form­a­tion stolen at some point in their lives. Some­times, it hap­pens when an in­di­vidu­al un­wit­tingly clicks on a ma­li­cious link in an email; oth­er times, it’s a trus­ted re­tail­er or health in­sur­ance pro­vider that fails to main­tain con­trol of their cus­tom­ers’ data. And, in­creas­ingly, gov­ern­ment data breaches have led to massive amounts of com­prom­ised per­son­al in­form­a­tion.

As it be­comes clear that even the gov­ern­ment has trouble keep­ing data safe, a pair of House mem­bers from op­pos­ite corners of the coun­try are team­ing up to try and keep some sens­it­ive in­form­a­tion out of the gov­ern­ment’s hands en­tirely.

Reps. Vern Buchanan, a Re­pub­lic­an from Flor­ida, and Jim Mc­Der­mott, a Demo­crat from Wash­ing­ton, in­tro­duced a bill this month that would re­quire the most com­monly used tax forms to in­clude a trun­cated So­cial Se­cur­ity num­ber. The bill would af­fect W–2 tax and wage forms, which are dis­trib­uted to every wage earner in the U.S. that makes at least $600 a year.

When Mc­Der­mott put for­ward the same bill last year, it nev­er got off the ground. But since then, a pair of data breaches at the Of­fice of Per­son­nel Man­age­ment com­prom­ised the per­son­al in­form­a­tion of more than 22 mil­lion people. The stolen data in­cluded So­cial Se­cur­ity num­bers, sens­it­ive health and fin­an­cial in­form­a­tion, and more than 5 mil­lion fin­ger­prints.

Al­though the bill from Buchanan and Mc­Der­mott would have done noth­ing to pre­vent the scale or harm of the OPM breaches, the events brought in­to pub­lic light the ever-present danger of iden­tity theft.

The fed­er­al gov­ern­ment has budgeted $500 mil­lion for post-breach iden­tity theft pro­tec­tion over the next five years, an ad­mis­sion that more events like the OPM breaches are on the ho­ri­zon.

Buchanan hopes that his stand­ing as a seni­or mem­ber of the House Ways and Means Com­mit­tee will give the bill a bet­ter chance this year, his press sec­ret­ary, Joe San­gior­gio, said. And if the bill does not suc­ceed as stan­dalone le­gis­la­tion, Buchanan ex­pects the bill “will be rolled in­to a lar­ger tax pri­vacy meas­ure already draf­ted in the Sen­ate,” San­gior­gio said, re­fer­ring to a bill un­der con­sid­er­a­tion in the Sen­ate Fin­ance Com­mit­tee.

The In­tern­al Rev­en­ue Ser­vice, which dis­trib­utes the tax forms that would be af­fected by the House bill, has had its own share of data woes. The agency an­nounced this sum­mer that about 330,000 tax­pay­ers’ ac­counts were af­fected by a data breach that oc­curred when at­tack­ers got around an iden­tity-veri­fic­a­tion sys­tem and ac­cessed users’ tax his­tor­ies.

In that cy­ber­at­tack, however, hack­ers were able to de­feat the iden­tity-veri­fic­a­tion sys­tem be­cause they already had ac­cess to tax­pay­ers’ per­son­al in­form­a­tion, in­clud­ing So­cial Se­cur­ity num­bers. That in­form­a­tion came from oth­er sources—likely oth­er data breaches—and was enough to trick the sys­tem in­to let­ting the at­tack­ers in.

The at­tempt to lim­it the use of So­cial Se­cur­ity num­bers on fed­er­al forms is a step to­ward com­part­ment­al­iz­ing sens­it­ive in­form­a­tion from leaks. But be­cause So­cial Se­cur­ity num­bers are very dif­fi­cult to change but are fairly ubi­quit­ous, the bill is an at­tempt to plug just one of count­less holes through which the num­ber can leak to an iden­tity thief.