After the Sept. 11 attacks, the Social Security Administration's New York and Philadelphia regional offices shifted into high gear. Employees opened special assistance centers in New York City, Arlington, Va., and Shanksville, Pa., to serve victims and their families.
"They pulled their people together to provide on-the-spot, in-person service," says Fritz Streckewald, Social Security's assistant deputy commissioner for program policy. "It was just an incredible effort." At headquarters in Baltimore, officials adapted policies to make it easier for people to get benefits. "We were saying, 'Just do it quickly. We can always go back and verify it later,' " Strecke-wald says. Social Security made the first payments to victims' families on Oct. 3, and distributed nearly $31 million to thousands of people within a year.
But as the agency gradually got a handle on distributing the benefits, it began to assess a different challenge-one less directly related to its mission.
Just over a month after the attacks, then-Social Security Inspector General James Huse Jr. sent a report to Sen. Charles Grassley, R-Iowa, on the terrorists' misuse of Social Security numbers. "It has been widely reported in the media that the hijackers and their suspected accomplices committed identity theft, including at least one documented case of using a false SSN, to infiltrate the United States while planning the attacks," Huse wrote.
Sept. 11 threw new light on the fact that the Social Security number had become the single key that opened too many locks. "The SSN's universality has become its own worst enemy," Huse wrote. "The power it wields-power to enable financial transactions, power to obtain personal information, power to create or commandeer identities-makes it a valuable asset and one that is subject to limitless abuse."
The SSN did not always wield such power. It was created in 1936 as an account number for the agency's programs. Social Security processed roughly 30 million applications for SSNs from November 1936 through June 1937. As a unique personal identifier-a name, by contrast, could be shared by hundreds of people-the Social Security number was irresistibly convenient for indexing, tracking and tabulating by government agencies.
Beginning in the 1960s, the Treasury and Defense departments, Internal Revenue Service and other agencies began to rely on the numbers. State and local governments started using them for taxes, criminal records, driver's licenses and other functions.
The private sector got on board, too. Banks, credit-rating agencies, health insurance companies, mortgage lenders and even gyms and video stores came to identify customers by their nine-digit numbers. "People just kind of grabbed onto it, and there were no rules against it," Streckewald says. Individuals, for the most part, found SSNs just as convenient as organizations did; a person needed to remember only one number for virtually all of his or her accounts. We became a nation of Social Security number memorizers.
But the number's convenience makes it dangerous. As more and more information is associated with it, the potential for harm grows. The numbers are not private, yet companies act as though they are secure. "The problem with the Social Security number is that it's used not only as a unique identifier, but also frequently as verification of identity," says Chris Hoofnagle, associate director of the Electronic Privacy Information Center, a public interest group in Washington. Using the numbers for both an identifier and a verifier-for example, when banks ask for SSNs before granting access to accounts-is like choosing the same word for a username and password on an e-mail account, or using a bank account number as a personal identification number for the same account.
The widespread availability of SSNs has helped make identity fraud the fastest-growing white-collar crime, according to the Federal Trade Commission. Employers must collect the numbers from workers. Information brokers sell them, along with other personal data. The numbers appear in the public record on deeds, bankruptcy and divorce proceedings, teacher's licenses and other places. People carry them in their wallets-if not on Social Security cards, then often on health insurance cards and driver's licenses-which can be lost or stolen. And they are stored in public and private computer systems vulnerable to hacking.
The General Accounting Office reported one case in which two people found on a public Web site the names and Social Security numbers of more than 300 high-ranking U.S. military officers, which they then used to obtain credit with a computer company. "It's like that old commercial: Do you know where your Social Security number is?" says Linda Foley, executive director of the Identity Theft Resource Center, a nonprofit group in San Diego.
Social Security EnlistsWithout intending to, Social Security had become the de facto national identifier, and therefore played an important role in national security. The agency began working closely with the new Homeland Security Department and organized a 25-member Emergency Response Team, which Streckewald was asked to lead. Safeguarding the SSN was seen to be as important and daunting a mission as tightening the nation's borders or protecting the food supply.
Terrorists, illegal aliens and criminals can obtain SSNs several ways-they can buy them on the black market, steal them (from the living or the dead), invent them, or use fake documents to obtain them directly from the Social Security Administration.
In his letter to Grassley, former IG Huse made a sweeping statement: "SSN misuse is an offense directly related to the Social Security Administration's mission; under the Social Security Act, it is a crime to misrepresent an SSN for any purpose with the intent to deceive."
But Streckewald knew that eliminating all forms of SSN fraud was far beyond his agency's reach. "It's bigger than Social Security, and it's bigger than Homeland Security," he says. The team had to pick its battles, and determined the best place to start was Social Security's rules and procedures for who could receive numbers, under what circumstances, and how the agency verified identities. "That is Social Security's main responsibility," Streckewald says. The team's work in this area was not entirely new. "We used to have very loose standards [for issuing SSNs] back when it didn't matter much-in the 1960s and 1970s," he says.
Then in 1978, Social Security required proof of age, citizenship and identity for SSN applicants, the first of several steps the agency took to prevent misuse of the numbers, particularly as it applied to its benefits programs. But while preventing benefits fraud was important, "9/11 gave us a greater sense of urgency," Streckewald says.
There is no evidence that Social Security officials issued SSNs to any of the Sept. 11 hijackers. But inspector general and GAO reviews of the enumeration process revealed a system so porous that terrorists could have obtained them with very little effort. "Motivated individuals can counterfeit official documents with surprising ease and accuracy," the October 2001 IG report stated. "For example, in one audit, we found that 999 of the 3,557 original SSN applications reviewed were approved based on improper evidentiary documentation."
Streckewald's Emergency Response Team (later renamed the Enumeration Task Force) began by looking for short-term fixes that did not require legislation or advanced technology. The agency first retrained its service representatives on how and when to issue numbers, especially to noncitizens. SSA also tightened some rules-eliminating driver's license requirements as a reason to issue numbers, lowering the age from 18 to 12 for mandatory interviews upon first application, and checking that foreign students who say they need a number to work on campuses actually are employed there. "We feel we have closed down certain vulnerabilities," says Streckewald, "but it's hard to prove a negative."
The most significant short-term change required employees to cross-check all documents used to prove identity. For applications from U.S. citizens, that typically entails checking birth certificates against state birth registration systems.
Tightening verification procedures for noncitizens was more complicated. In the past, Social Security would check information with the Immigration and Naturalization Service. But there was a lag-typically at least 10 days-between the time a person entered the country and when his or her information was entered into INS' system. Social Security customarily issued SSNs, without verifying information, to people who applied during that window. "After 9/11, we changed that," Streckewald says, adding that DHS updates immigration records much faster now.
Social Security also partnered with the State Department and DHS to administer a process called Enumeration at Entry, which allows noncitizens to apply for SSNs before they arrive in the country.
A pilot project in Brooklyn, N.Y., beginning in November 2002 brought together DHS document examiners and Social Security IG investigators-who are better trained to detect forgeries than Social Security employees-to evaluate applications for numbers at a special center. By February 2004, the office had seen more than 170,000 people, and Social Security plans to open another center this year.
Streckewald's team also is designing longer-term solutions, including technology enhancements such as built-in fraud detectors that could raise flags if too many requests for SSNs come from a single address. The detectors also could use familial relationships, which are reflected in the numbers, to detect fraud. "We're limited only by the amount of resources we have available," he says.
Security vs. Service"There's a weakness in the enumeration process," says Barbara Bovbjerg, director of education, workforce and income security issues at GAO. Most parents apply for Social Security numbers for their children as part of the birth registration process at the hospital, but they also can apply through a Social Security field office, where workers do not verify birth records for children under 1 year old. Parents don't even have to present their child at the office, and the documents they can use to prove the child's existence, including birth certificates, baptismal certificates and hospital records, are among the easiest to forge. In 2003, according to an October report, undercover GAO investigators were able to apply for and receive two numbers using fake birth and baptismal certificates-once in person and once by mail.
But as Social Security revamps its enumeration process and addresses identity fraud, it must balance the sometimes conflicting priorities of security and customer service. Parents often need numbers for their newborns very quickly in order to file taxes and apply for benefits, and Streckewald says state birth registration systems often aren't updated fast enough for Social Security to use them to verify parents' claims.
The October report pointed out another practice where this tension appears: the issuance of replacement cards. An individual can request replacement cards a maximum of 52 times per year, or once a week. U.S. citizens are not required to show a photo ID when requesting replacement cards-school report cards and life insurance policies are adequate. Replacement "cards can be sold to individuals seeking to hide or create a new identity, perhaps for some illicit purpose," GAO reported. SSA is considering a new limit on the number of replacement cards allowed, though in practice, says Streckewald, the agency would not issue numerous replacements because a high number of requests likely would trigger an investigation. Some advocacy groups that work with homeless people oppose stricter rules for replacement cards.
Social Security also must determine its role in SSN misuse that occurs after it issues a number. At a House Ways and Means Committee hearing in March, SSA Deputy Commissioner James Lockhart pledged to make combating identity theft a top priority. "We at the Social Security Administration want to do whatever we can to help prevent identity theft and assist in the apprehension and conviction of those who engage in crime," he testified.
But it's unclear how much Social Security can or should do to combat SSN misuse outside of its programs and the issuance of the numbers. Halting misuse of SSNs is more the province of other agencies working to combat identity theft, such as the Federal Trade Commission, the Justice Department, the FBI and the Secret Service.
This year, the Social Security IG assembled the SSN Integrity Protection Team-a group of auditors, attorneys, investigators and computer specialists-to identify patterns of fraud and system weaknesses. The IG has assisted Homeland Security in investigations, including Operation Swipe Out, which busted a 30-person ring for defrauding credit card companies of $5 million, some of which was deposited in banks in Pakistan.
Outside of the IG, Social Security has been slower to take an active role in broader identity theft issues. It stopped printing SSNs on the outside of envelopes, it discourages individuals from carrying Social Security cards in their wallets, and it promotes limiting the use of the SSN. The agency established an identity theft work group, but it is in the very early stages and its focus remains limited. "Right now," Streckewald says, "we're trying to make sure we're doing everything we can do to make sure our programs are in sync with trying to prevent identity theft."