[House Hearing, 112 Congress]
[From the U.S. Government Publishing Office]





                  THE ROLE OF SOCIAL SECURITY NUMBERS
                     IN IDENTITY THEFT AND OPTIONS
                         TO GUARD THEIR PRIVACY

=======================================================================

                                HEARING

                               before the

                    SUBCOMMITTEE ON SOCIAL SECURITY

                                 of the

                      COMMITTEE ON WAYS AND MEANS
                     U.S. HOUSE OF REPRESENTATIVES

                      ONE HUNDRED TWELFTH CONGRESS

                             FIRST SESSION

                               __________

                             APRIL 13, 2011

                               __________

                           Serial No. 112-SS2

                               __________

         Printed for the use of the Committee on Ways and Means











                                _____

                  U.S. GOVERNMENT PRINTING OFFICE
70-880                    WASHINGTON : 2011
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC 
area (202) 512-1800 Fax: (202) 512-2104  Mail: Stop IDCC, Washington, DC 
20402-0001










                      COMMITTEE ON WAYS AND MEANS

                    SUBCOMMITTEE ON SOCIAL SECURITY

                      SAM JOHNSON, Texas, Chairman

KEVIN BRADY, Texas                   XAVIER BECERRA, California
PAT TIBERI, Ohio                     LLOYD DOGGETT, Texas
AARON SCHOCK, Illinois               SHELLEY BERKLEY, Nevada
ERIK PAULSEN, Minnesota              FORTNEY PETE STARK, California
RICK BERG, North Dakota
ADRIAN SMITH, Nebraska











                            C O N T E N T S

                               __________
                                                                   Page

Advisory of April 13, 2011, announcing the hearing...............     2

                               WITNESSES

The Honorable Patrick P. O'Carroll Jr., Inspector General, Social 
  Security Administration........................................     7
Maneesha Mithal, Associate Director of the Division of Privacy 
  and Identity Protection, Federal Trade Commission..............    17
Theresa L. Gruber, Assistant Deputy Commissioner, Office of 
  Operations, Social Security Administration.....................    34

                       SUBMISSIONS FOR THE RECORD

Juan J. Martinez, Ph.D...........................................    54
Helene Perry.....................................................    56
LifeLock.........................................................    57
Patrick P. O'Carroll Jr..........................................    62
Maneesha Mithal..................................................    72
Theresa L. Gruber................................................    78

 
                  THE ROLE OF SOCIAL SECURITY NUMBERS
                     IN IDENTITY THEFT AND OPTIONS
                         TO GUARD THEIR PRIVACY

                              ----------                              


                       WEDNESDAY, APRIL 13, 2011

             U.S. House of Representatives,
                       Committee on Ways and Means,
                           Subcommittee on Social Security,
                                                    Washington, DC.
    The subcommittee met, pursuant to notice, at 2:02 p.m., in 
Room B-318, Rayburn House Office Building, the Honorable Sam 
Johnson [chairman of the subcommittee] presiding.
    [The advisory of the hearing follows:]

HEARING ADVISORY

FROM THE 
COMMITTEE
 ON WAYS 
AND 
MEANS

                   Chairman Johnson Announces Hearing

                 on the Role of Social Security Numbers

                    in Identity Theft and Options to

                          Guard Their Privacy

April 06, 2011

    Congressman Sam Johnson (R-TX), Chairman, Subcommittee on Social 
Security of the Committee on Ways and Means, today announced that the 
Subcommittee will hold a hearing to examine the role of Social Security 
numbers in identity theft and options to guard their privacy. The 
hearing will take place on Wednesday, April 13, 2011, in room B-318 
Rayburn House Office Building, beginning at 2:00 p.m.
      
    In view of the limited time available to hear witnesses, oral 
testimony at this hearing will be from invited witnesses only. However, 
any individual or organization not scheduled for an oral appearance may 
submit a written statement for consideration by the Subcommittee and 
for inclusion in the printed record of the hearing.
      

BACKGROUND:

      
    Identity theft is the fastest growing type of fraud in the United 
States, affecting 11.1 million victims in 2009, up 12 percent since 
2008. The Federal Trade Commission (FTC) estimates that identity theft 
costs consumers about $50 billion annually. Further, identity theft is 
often used to facilitate other crimes, including credit card, document, 
or employment fraud. The Social Security number (SSN) is especially 
valuable to identity thieves as it serves as the key to authenticating 
an individual's identity in order to open accounts or obtain other 
benefits in the victim's name.
      
    Although created in 1936 solely to track workers' earnings for 
Social Security benefit purposes, use of the SSN has become widespread. 
Largely because the SSN is permanent and unique to an individual, SSNs 
are used by many industries, including financial institutions, 
insurers, universities, health care providers, and government agencies. 
While many SSN uses are beneficial and required by law, such as for 
purposes of employment and taxation, other uses may not be necessary, 
such as displaying it on an identification card.
      
    Despite its important role, there is no Federal law that requires 
comprehensive confidentiality protection for the SSN. However, there 
are laws that provide limited SSN confidentiality. For example, the 
Gramm-Leach-Bliley Act (P.L. 106-102) restricts the reuse and 
redisclosure of certain personal information, including SSNs, by 
financial institutions. Also, many States have enacted legislation to 
restrict the use, disclosure, or display of SSNs.
      
    In 2006, the President established an Identity Theft Task Force to 
coordinate Federal agencies' efforts against identity theft. One of 
many recommendations in its 2007 report was to decrease the unnecessary 
use of SSNs in the public sector. In response to the Task Force's 
mandate for the study of private sector uses of SSNs, the FTC developed 
recommendations to reduce the availability of SSNs to identity thieves 
while preserving legitimate uses.
      
    In announcing the hearing, Chairman Sam Johnson (R-TX) stated, 
``Americans are rightly worried about the security of their personal 
information, including their Social Security number. We must stop 
overuse and abuse of Social Security numbers in order to help prevent 
ID theft and further protect Americans' privacy.''
      

FOCUS OF THE HEARING:

      
    The Subcommittee will examine the impacts of identity theft, the 
role of SSNs in abetting identity theft, and options to restrict its 
use. In addition, the role of the SSN in administering Social Security 
programs and how the Social Security Administration protects SSNs will 
be considered, along with legislative proposals to limit the use of 
SSNs.
      

DETAILS FOR SUBMISSION OF WRITTEN COMMENTS:

      
    Please Note: Any person(s) and/or organization(s) wishing to submit 
for the hearing record must follow the appropriate link on the hearing 
page of the Committee website and complete the informational forms. 
From the Committee homepage, http://waysandmeans.house.gov, select 
``Hearings.'' Select the hearing for which you would like to submit, 
and click on the link entitled, ``Click here to provide a submission 
for the record.'' Once you have followed the online instructions, 
submit all requested information. ATTACH your submission as a Word or 
WordPerfect document, in compliance with the formatting requirements 
listed below, by the close of business on Wednesday, May 4, 2011. 
Finally, please note that due to the change in House mail policy, the 
U.S. Capitol Police will refuse sealed-package deliveries to all House 
Office Buildings. For questions, or if you encounter technical 
problems, please call (202) 225-1721 or (202) 225-3625.
      

FORMATTING REQUIREMENTS:

      
    The Committee relies on electronic submissions for printing the 
official hearing record. As always, submissions will be included in the 
record according to the discretion of the Committee. The Committee will 
not alter the content of your submission, but we reserve the right to 
format it according to our guidelines. Any submission provided to the 
Committee by a witness, any supplementary materials submitted for the 
printed record, and any written comments in response to a request for 
written comments must conform to the guidelines listed below. Any 
submission or supplementary item not in compliance with these 
guidelines will not be printed, but will be maintained in the Committee 
files for review and use by the Committee.
      
    1. All submissions and supplementary materials must be provided in 
Word or WordPerfect format and MUST NOT exceed a total of 10 pages, 
including attachments. Witnesses and submitters are advised that the 
Committee relies on electronic submissions for printing the official 
hearing record.
      
    2. Copies of whole documents submitted as exhibit material will not 
be accepted for printing. Instead, exhibit material should be 
referenced and quoted or paraphrased. All exhibit material not meeting 
these specifications will be maintained in the Committee files for 
review and use by the Committee.
      
    3. All submissions must include a list of all clients, persons and/
or organizations on whose behalf the witness appears. A supplemental 
sheet must accompany each submission listing the name, company, 
address, telephone, and fax numbers of each witness.
      
    The Committee seeks to make its facilities accessible to persons 
with disabilities. If you are in need of special accommodations, please 
call 202-225-1721 or 202-226-3411 TTD/TTY in advance of the event (four 
business days notice is requested). Questions with regard to special 
accommodation needs in general (including availability of Committee 
materials in alternative formats) may be directed to the Committee as 
noted above.
      
    Note: All Committee advisories and news releases are available on 
the World Wide Web at http://www.waysandmeans.house.gov/.

                                 

    Chairman JOHNSON. The subcommittee will come to order. 
Welcome, everyone.
    Identity theft is a lasting and devastating crime. Victims 
spend years having to prove who they are, while monitoring 
credit reports, fending off collection agencies or the IRS for 
charges they never made or wages they never earned. Some are 
picked up by law enforcement by crimes committed by the ID 
theft using their name. Americans have every reason to be 
concerned.
    According to the Congressional Research Service, in 2009 ID 
theft claimed over 11 million victims and cost consumers about 
$50 billion annually. The Privacy Rights Clearinghouse reports 
the total number of known records that have been compromised 
due to security breaches beginning in January 2005 through last 
week topped 500 million. Just yesterday, in my own state of 
Texas, the comptroller's office announced the largest security 
breach in state history: some 3.5 million personal files were 
mistakenly left on a computer file available to the public, 
putting current and retired state employees at risk.
    Even though Social Security numbers were created to track 
earnings for determining eligibility and benefit amounts under 
Social Security, the numbers are widely used as personal 
identifiers. Some of the uses of these numbers in preventing 
fraud are vital to many commercial and government operations. 
Examples include enforcing child support, aiding law 
enforcement, and compiling information from many sources to 
help ensure the accuracy of credit reports.
    Unfortunately, as pointed out by GAO in testimony before 
this subcommittee, Social Security numbers have become the 
identifier of choice, and are used for everyday business 
transactions. In fact, in their April 2007 report, the 
President's Identity Theft Task Force identified the Social 
Security number as the most valuable commodity for an identity 
thief.
    Even worse, identity theft continues to threaten our 
national security. As said in the 9/11 Commission report, fraud 
and identification documents is no longer just a problem of 
theft. At many entry points to vulnerable facilities, including 
gates for boarding airplanes, sources of identification are the 
last opportunity to ensure that people are who they say they 
are, and to check whether or not they are terrorists.
    Congress needs to get to work on identity theft and 
limiting access to Social Security numbers is an excellent 
place to start. For years, Ways and Means Subcommittee on 
Social Security has been working on this problem in a 
bipartisan way. In fact, Mr. Doggett and I have been on a bill 
year after year to try to do this. We have approved bills to 
protect the privacy of Social Security numbers and prevent 
identity theft since the 106th Congress, when it first approved 
the Social Security Number, Privacy, and Identity Theft 
Prevention Act.
    The legislation was first introduced on a bipartisan basis 
by then-subcommittee chairman Clay Shaw, and then-ranking 
member, the late Bob Matsui. Despite numerous attempts, 
Congress has not been able to close the deal. Sadly, Social 
Security number use is so widespread across so many industries 
that the committees of jurisdiction have yet to reach agreement 
on the right approach to limiting their use.
    Still, I believe this committee can make progress. To that 
end, today I am reintroducing, with Mr. Doggett, the Medicare 
Identity Theft Prevention Act, a bill to remove the Social 
Security number from the Medicare card. It makes no sense that 
people are told, ``Don't carry your Social Security card in 
order to protect your identity,'' but then every senior citizen 
is told, ``Carry your Medicare card,'' which displays 
prominently the Social Security number.
    The risk of ID theft goes far beyond the card being stolen. 
Every medical record at nursing homes, hospitals, and doctor 
offices has a Social Security number written on it. The 
wholesale amount of Social Security numbers that are available 
to identity thieves is staggering and completely unnecessary.
    You know, just last night I was dealing with the TV guys on 
cable. Guess what they asked for?--my Social Security number to 
prove it was me. Can you believe that? Well, I didn't know what 
to say.
    The Centers for Medicare and Medicaid Services have refused 
to act. If they won't do what is right for America's seniors, 
we will. I thank my colleague from Texas for his work on this 
issue, and I urge my other colleagues to support this issue, as 
well.
    The problem of identity theft is not going to be addressed 
with one single piece of legislation. But protecting Medicare 
cards carried by 47 million Americans is a good place to start. 
I will say that if the military can remove Social Security 
numbers, CMS ought to be able to do the same.
    I look forward to hearing from each of our witnesses, and 
thank them in advance for sharing with us their experiences and 
their recommendations. And thank you all for being present 
today.
    And I now yield to my friend, Xavier Becerra, our ranking 
member.
    Mr. BECERRA. Mr. Chairman, thank you very much for calling 
this hearing. As you just said, millions of Americans are 
harmed each year, due to the misappropriation of their 
identities. This subcommittee is deeply concerned about this 
particular problem. In fact, we have held 17 previous hearings 
on this subject since 2000, the year 2000.
    Let me urge this subcommittee to show the same diligence 
and thoroughness in examining some other critical issues that 
we will be confronting soon surrounding Social Security, such 
as the impact of cuts to the Social Security Administration's 
(SSA) operating budget proposed for this year, and the 
consequences for people, for example, who are waiting for their 
disability benefits. Also, the impact of cuts to the Social 
Security Administration's operating budget on the ability of 
the SSA to prevent waste, fraud, and abuse, and certainly in 
regards to the impact on senior's retirement security from the 
kinds of Social Security benefit cuts that budget Chairman Paul 
Ryan has proposed and praised.
    While we may have different views on the importance of 
Social Security benefits for today's seniors and future 
retirees, we are united in our concern about identity theft. 
Identity theft ruins individuals' good names, and destroys 
their credit ratings. It has even ruined the future credit 
ratings of young children. This subcommittee has heard from 
many victims of identity theft, and have described the 
extensive harm that they have suffered, as a result of identity 
fraud, harm which continues long after the fraud is discovered. 
Identity theft crimes carry a total cost to Americans of over 
$17 billion.
    I welcome the testimony of the Social Security 
Administration and its inspector general. I also welcome the 
testimony of the Federal Trade Commission, which plays a 
critical role in protecting consumers from identify theft.
    Chairman Johnson, I look forward to joining you and others 
in reintroducing identity theft legislation for this new 
Congress, and I am hoping that we can make significant progress 
as we work together in that regard.
    Before I yield back my time, Mr. Chairman, if I could yield 
one minute to the gentleman from Texas, Mr. Doggett.
    Mr. DOGGETT. Thank you. While I shared the broader concerns 
that Mr. Becerra has just outlined, I just want to applaud your 
leadership on this, Mr. Chairman. I agree with every word you 
said about the subject that is up today, identity theft.
    This is at least the third Congress in which you and I have 
been in partnership, trying to solve this problem. We actually 
passed it through the House in 2008, despite a lot of 
bureaucratic obstacles that were thrown up, and then the 
bureaucracy managed to kill it over in the Senate Finance 
Committee, or it would already be law.
    I think one of the most effective ways for the bureaucracy 
to stand in the way of something that they don't want to move 
quickly on is to throw up a big cost estimate. And that is what 
has happened here. And we have been trying to get the specifics 
for months, if not years, from CMS about their claim that it 
will be too costly for them to protect the Identity of our 
seniors. They need to come forward with their study, and it 
needs to be well-founded. And we should not let their 
objections stand in the way, again, of doing what is right by 
our seniors and, as you said, at least doing for folks who rely 
on Medicare what the military has already been able to do for 
our military men and women and for our veterans. I thank you, 
Mr. Chairman. Thank you, Mr. Becerra.
    Chairman JOHNSON. The gentleman from California, you are 
recognized.
    Mr. STARK. Mr. Chairman, I am pleased that you called this 
markup, and proud to be a cosponsor of your bill, and I would 
ask you if you would consider, and if the committee would not 
object, we introduced legislation that would address the 
problem of identity theft for foster children. The foster 
children's Social Security numbers often pass through many 
hands, and we have encountered problems when the children age 
out of foster care, they have found that their identity has 
already been stolen, and people have opened credit cards, and 
so forth. And we have some language that I hope you would 
consider adding to your legislation that would protect these 
very vulnerable children.
    I know that Mr. Delay worked with us years ago on doing 
this, and I look forward to seeing if we can include this in 
your----
    Chairman JOHNSON. Yes, I am sure Mr. Doggett would agree.
    Mr. DOGGETT. Absolutely.
    Chairman JOHNSON. We will certainly look at it.
    Mr. STARK. Thank you, Mr. Chairman.
    Mr. BECERRA. Chairman, we are pleased that you have called 
this hearing, and I would yield back the balance of my time.
    Chairman JOHNSON. Thank you, Mr. Becerra. Let me tell you 
we are getting a vote in about 10 or 15 minutes, maybe 20. 
There will be four votes and three of them are five minutes. So 
we will break when that occurs and come back after the votes, 
which will be about a half-hour.
    Today we are joined by three witnesses. Our first witness 
is the honorable Patrick O'Carroll, Jr. He is the Social 
Security Administration Inspector General. Next is Maneesha 
Mithal, who is the Associate Director of the Division of 
Privacy and Identity Protection at the Federal Trade 
Commission. And lastly we will hear from Theresa Gruber, who is 
the Assistant Deputy Commissioner, Office of Operations at the 
Social Security Administration.
    So, all I would ask you is stop dragging your feet and let 
us get these things done.
    [Laughter.]
    Chairman JOHNSON. Mr. O'Carroll, you are recognized. I 
welcome all of you, and thank you for being here.

            STATEMENT OF PATRICK P. O'CARROLL, JR.,
       INSPECTOR GENERAL, SOCIAL SECURITY ADMINISTRATION

    Mr. O'CARROLL. Good afternoon, Chairman Johnson, 
Congressman Becerra, and Members of the Subcommittee. Thank you 
for the invitation to testify today.
    We all understand the serious threat and damaging effects 
of identity theft. But to better illustrate the issue, I would 
like to present one victim's story. Dr. Juan Martinez, born and 
raised in Chicago, was thrilled to accept a teaching position 
at the University of Chicago in 2005. Soon after he began 
working in his hometown, however, Dr. Martinez received a 
letter from the IRS that stated he failed to pay his taxes on 
wages earned the previous year in Colorado. The letter arrived 
with a substantial bill.
    Someone had stolen his identity, and Dr. Martinez was left 
to prove his case to the IRS. Dr. Martinez and his wife 
struggled for several years, as they disputed charges with the 
IRS, and attempted to track down the person who was 
fraudulently using Dr. Martinez's name, Social Security number, 
and birth date.
    In 2010, Dr. Martinez learned that a bank account was 
opened in his name in Missouri. Authorities in Chicago referred 
the case to one of our special agents in St. Louis. Working 
with the bank where the account was opened, our agent quickly 
identified and located the man who illegally used Dr. 
Martinez's information for five years. The man admitted to 
purchasing false identity documents, and using Dr. Martinez's 
name to get a job, rent an apartment, and open a bank account. 
Last month he was sentenced to seven months in prison and 
ordered to pay restitution of more than $5,000 to Dr. Martinez.
    Now, Dr. Martinez and his family may finally breath a sigh 
of relief. We in OIG are very pleased to have helped Dr. 
Martinez. And while he could not be here today, he has prepared 
a written statement about his ordeal, and we would like to 
enter that into the record.
    [Dr. Martinez statement for the record follows:]



    

    As the case illustrates, identity theft places a huge 
burden on the victims. Use of the SSN is still widespread 
throughout government programs and financial transactions. And 
with technology constantly evolving, stealing SSNs and entire 
identities has become even easier. As we pursue investigations 
similar to the case of Dr. Martinez, our agents participate in 
SSN misuse task forces across the country, investigating 
identity theft, as well as mortgage, bankruptcy, and benefit 
fraud.
    My office has done work that led to the removal of the SSN 
from the selective service mailings. We have also recommended 
its removal from other government documents and IDs, such as 
the Medicare card. The Department of Defense recently announced 
it will remove the SSN from military IDs, and we agree that 
this is a step in the right direction to protect valuable 
personal information.
    SSA, though, still cannot prohibit the collection and use 
of SSNs. Our investigative and audit work has taught us that 
the more SSNs are used, the higher the probability that these 
numbers can be used to commit crimes. Our recent 
recommendations to SSA include: supporting legislation to limit 
public and private entities' use of the SSN; continuing efforts 
to safeguard and protect personal information; and ensuring the 
highest level of online security before offering replacement 
Social Security cards over the internet.
    We have recently completed audits that question the 
collection of students' SSNs in kindergarten through 12th 
grade, as well as state and local governments' collection and 
use of SSNs. We have also completed reviews on assigning SSNs 
to non-citizens with fiancee visas and exchange visitor visas. 
Although temporary residents may be authorized to work in the 
United States, we question whether they should receive SSNs 
which will remain valid for life.
    We are currently reviewing SSA's controls over how the 
Agency issues SSN print-outs, which are often used as a 
substitute for replacement Social Security cards. We plan to 
issue that report this summer.
    In conclusion, we must continue to ensure the integrity of 
the enumeration process, limit the use and public display of 
the SSN, encourage SSN protection, and provide meaningful 
penalties for those who misuse the SSN or fail to protect it. 
My office will continue to work with you and SSA to maintain 
and improve the integrity of the Social Security number.
    Thank you again for this invitation to testify today, and I 
will be happy to answer any questions.
    [The prepared statement of Mr. O'Carroll follows:]




    Chairman JOHNSON. Thank you. I am told that most of the 
stolen numbers are from young people who have not yet begun to 
work. Is that your information?
    Mr. O'CARROLL. I would qualify that by saying that a lot of 
them belong to children that haven't begun to work. And when 
people are vacuuming up numbers that are out there, often times 
they are targeting children's numbers. But I cannot say it is 
exclusive.
    Chairman JOHNSON. That is because they have not ever 
recorded them anywhere.
    Mr. O'CARROLL. Agreed.
    Chairman JOHNSON. Yes. Thank you.
    Ms. Mithal, you are recognized for five minutes.

    STATEMENT OF MANEESHA MITHAL, ASSOCIATE DIRECTOR OF THE 
  DIVISION OF PRIVACY AND IDENTITY PROTECTION, FEDERAL TRADE 
                           COMMISSION

    Ms. MITHAL. Chairman Johnson, Ranking Member Becerra, and 
Members of the Subcommittee, I am Maneesha Mithal from the 
Federal Trade Commission. I appreciate the opportunity to 
present the FTC's views on the role of Social Security numbers 
and identity theft.
    Protecting consumers against identity theft is a critical 
component of our consumer protection mission. The Commission's 
written testimony describes the widespread use of SSNs in our 
economy, as well as its role in facilitating identity theft. In 
my oral statement I would like to focus on the FTC's activities 
to implement the recommendations of the President's 2007 
identity theft task force, which the FTC's chairman co-chaired, 
along with the attorney general. I would like to highlight our 
implementation of four recommendations, in particular.
    First, we have tried to find ways to reduce the use of SSNs 
in the public and private sectors. As to the public sector, 
federal agencies have taken a lot of steps to eliminate or 
restrict the use of SSNs. Most recently, as we have heard, the 
Department of Defense announced that it would stop using SSNs 
on military ID cards as of June 2011.
    As to the private sector use of SSNs, we hosted a workshop 
and issued a report recommending federal legislation in a 
variety of areas. Among other things, we recommended 
legislation to reduce the public display of SSNs, and to 
improve consumer authentication.
    Second, a key component of our efforts to combat identity 
theft is to make sure that consumers' sensitive data, including 
SSNs, don't fall into the hands of identity thieves. To that 
end, we enforce laws requiring companies to maintain reasonable 
security of consumers' information. Since 2001, the Commission 
has brought over 30 law enforcement actions challenging 
businesses that failed to reasonably protect sensitive consumer 
information.
    Several of these cases have involved breaches of SSNs. One 
example is Choice Point. We sued Choice Point and alleged that 
it sold sensitive information about more than 160,000 consumers 
to identity thieves. We obtained $15 million in monetary relief 
against the company.
    More recently, we settled actions against three sellers of 
credit reports. These sellers allowed hackers to access 
sensitive credit report information, including SSNs. The 
settlements require each company to have comprehensive 
information security programs in place.
    We also brought a case against a company called LifeLock, 
which deceptively advertised its identity theft protection 
services. Now, you may recall LifeLock's ads, in which the CEO 
displayed his own real Social Security number, stating that he 
guaranteed protection against identity theft. Of course, he 
later became a victim of identity theft. We worked with 36 
state attorneys general to bring a case against the company for 
deceptive practices, and we obtained $12 million in monetary 
relief.
    Third, in addition to bringing cases, we provide consumer 
assistance and education. We manage a toll-free Identity theft 
hotline, along with a dedicated website through which we 
receive 15,000 to 20,000 contacts each week. Callers to the 
hotline receive counseling from trained personnel on steps they 
can take to prevent or recover from identity theft.
    We also make available a wide variety of consumer education 
materials, including many in Spanish, to help consumers deter, 
detect, and defend against identity theft. I am now holding 
some examples of our consumer education materials, and I would 
be happy to provide additional copies to your staff after the 
hearing.
    One successful strategy in disseminating our materials has 
been to provide them to first responders. For example, because 
victims often report identity theft to local law enforcement 
agencies, we inform these agencies on how to talk to victims. 
The FTC and its partners have provided identity theft training 
to over 5,400 law enforcement officers from over 1,700 
agencies. Similarly, we have created a comprehensive guide to 
pro bono attorneys and legal services clinics who assist low-
income identity theft victims.
    Finally, we serve as a clearinghouse for information about 
identity theft. We make information in our complaint database 
available to over 2,000 law enforcement partners. To assist law 
enforcement and policy makers, we also routinely issue reports 
on the number and nature of identity theft complaints we 
receive. Most recently we announced that in 2010 we received 
250,000 identity theft complaints, which represents 19 percent 
of the total number of complaints we received. Identity theft 
has remained a top complaint category for more than a decade.
    Fighting identity theft continues to be a top priority for 
the FTC, and we look forward to working with the subcommittee 
on this important issue.
    [The prepared statement of Ms. Mithal follows:]




    Chairman JOHNSON. Ms. Gruber, you are recognized for five 
minutes.

STATEMENT OF THERESA L. GRUBER, ASSISTANT DEPUTY COMMISSIONER, 
      OFFICE OF OPERATIONS, SOCIAL SECURITY ADMINISTRATION

    Ms. GRUBER. Thank you. Chairman Johnson, Ranking Member 
Becerra, and Members of the Subcommittee, my name is Theresa 
Gruber, and I am the Assistant Deputy Commissioner for 
Operations at the Social Security Administration. I have worked 
for the Agency for nearly 20 years, starting in one of our 
field offices in Minnesota. In my current role I oversee the 
operation of more than 1,200 Social Security offices, 8 card 
centers, 33 1-800-number teleservice centers, and 8 processing 
centers.
    Thank you for the opportunity to discuss how we assign 
Social Security numbers, and the role that the Social Security 
number, or SSN, can play in identity theft. My written 
statement provides details on the history of the SSN, and I 
will focus today on what we have done to improve and strengthen 
our enumeration and card issuance processes.
    Originally, the only purpose of the Social Security number 
was to keep an accurate record of earnings under Social 
Security, and to pay benefits based on those earnings. We 
provided the SSN card to show what SSN we assigned to a 
particular individual, with the idea that, when shown to an 
employer, that employer would be able to properly report that 
individual's earnings. The card was never intended, and does 
not serve, as a personal identification document.
    Assigning SSNs has been one of our most important and 
significant workloads. Since the inception of the program, we 
have assigned about 465 million Social Security numbers. Last 
fiscal year we assigned 5.5 million original Social Security 
numbers, completed 11.5 million requests for replacement cards, 
and processed over 1 billion verifications of SSNs.
    Although the card is not an identification document, 
unscrupulous individuals use the SSN to steal identities and 
obtain false identification documents.
    I would like to thank you for helping us to strengthen our 
SSN assignment process, for example, through the enactment of 
the Intelligence Reform and Terrorism Prevention Act of 2004. 
As a result of this legislation, we have implemented numerous 
changes to our assignment process. We added new security 
features to the card to help prevent counterfeiting. We also 
limited the number of replacement cards we issue to any one 
individual, and established new, rigorous standards for 
evidence.
    As an agency, we are always looking for ways to improve the 
security and efficiency of our records. For example, we know 
that we have to expand the pool of nine-digit numbers available 
for assignment. To that end, we plan to implement this summer a 
new assignment methodology called ``SSN randomization.'' 
Randomization will help protect the Social Security number by 
eliminating any geographic significance in the number, and 
making it more difficult to reconstruct an SSN using public 
information. As a result, the new process will also extend the 
pool of SSNs available for assignment nationwide.
    We have also taken a number of steps to improve the way we 
assign Social Security numbers. First, we opened two new Social 
Security card centers, bringing our total now to eight. These 
specialized centers process all applications for original SSNs 
and replacement cards in specific metropolitan areas.
    In coordination with the Department of State and the 
Department of Homeland Security, we expanded the Enumeration at 
Entry program, permitting all individuals applying for an 
immigrant visa to elect to receive an SSN at the time of 
initial admission. This program allows us to use information 
collected and verified by both agencies to assign an SSN 
automatically.
    We have implemented and are continuing to enhance our new 
Social Security Number Application Process, which our field 
offices use to process SSN applications. This automated system 
ensures uniform compliance with our enumeration policies and 
evidence requirements.
    In conclusion, we must remember that with all the 
improvements in the way we assign SSNs, the Social Security 
card is still just a record of an SSN assigned to an 
individual, and not an identity document. We understand the use 
of the SSN for other purposes has grown exponentially over the 
years. The challenge we face is to balance our commitment to 
assigning SSN numbers quickly and accurately, with the equally 
important need to maintain the integrity of the enumeration 
system, and to prevent SSN fraud.
    I want to thank the Chairman and the Members of the 
Subcommittee for inviting me here today, and look forward to 
your continued support for our Agency and our mission. I will 
be happy to answer any questions.
    [The prepared statement of Ms. Gruber follows:]




    Chairman JOHNSON. Thank you for your testimony. And we will 
proceed to questions.
    Let me ask you a question, first. How much does it cost to 
issue a Social Security card?
    Ms. GRUBER. It depends on the manner in which you get the 
card. If you come into one of our----
    Chairman JOHNSON. You mean all the offices aren't the same?
    Ms. GRUBER. Well, actually, if you come into our field 
office, it costs about $32. If you go through one of our 
automated processes, a process called ``Enumeration at Birth,'' 
where we assign a Social Security number for a child who is 
born, that is about $8. And----
    Chairman JOHNSON. Eighty?
    Ms. GRUBER. Eight dollars.
    Chairman JOHNSON. Oh.
    Ms. GRUBER. And if you do it through the Enumeration at 
Entry program that I talked about, it is about $5.
    Chairman JOHNSON. How about if we charged for that?
    Ms. GRUBER. We would be happy to work with the subcommittee 
on exploring that option.
    Chairman JOHNSON. You all think about that. Let me ask you 
a couple of questions.
    Mr. O'Carroll, do you have all the tools you need to 
protect the Social Security number?
    Mr. O'CARROLL. Chairman Johnson, as we have heard during 
the testimony here, the number is out of the box, and it is 
pretty widely displayed, and it is out there. So it is pretty 
hard to keep the SSN as private and secure as we would have 
preferred and liked.
    But, with that, I think the tools that we could use are any 
ways to limit the collection of Social Security numbers, much 
like you were saying, when a vendor is asking for it but 
doesn't need it. The display of Social Security numbers is a 
problem. We have been trying to get SSNs off of government 
checks. It is being removed from some government IDs--as you 
are proposing now, off of the Medicare card--and that is 
another good tool. And the last one is just the collection of 
SSNs, in terms of limiting financial institutions' collection 
of Social Security numbers, which can end up in a PII breach, 
as you discussed in Texas. That is another concern of ours.
    So, what we are looking for is more of any tool that will 
at least prevent it being displayed more than it is now, and 
being compromised.
    Chairman JOHNSON. I understand that while we have 
restricted the number of Social Security number replacement 
cards, people can visit a local office and get a print-out with 
their number on it. And that they can easily be used by ID 
thieves. Why is it we are doing that? I mean isn't it just as 
easy to print them a new card?
    Mr. O'CARROLL. Well, we are almost a victim of a success on 
that one. And under the Identity Theft Act that was passed by 
Congress we have limited the number of cards that are being 
issued. So, remember, in the past it was unlimited numbers of 
cards going to people. That has been restricted now, and so----
    Chairman JOHNSON. Well, it is still free, isn't it?
    Mr. O'CARROLL. It is still free, but we are limiting the 
number that can be received each year, and the number in a 
lifetime. And what that caused is anybody who needs a Social 
Security number, hasn't been safeguarding it, doesn't keep it 
carefully, is coming into the offices now, asking for the 
print-outs instead of a replacement card.
    And I think a secondary problem that has come with the 
print-out is a lot of employers, rather than get a Xerox copy 
of a Social Security card, are asking for what they think is 
more recently updated information, and asking for the print-
outs, which is causing another group of people to come in 
requesting the print-outs.
    And that leads to two of our concerns. One is the 
identification requirements for an original card are much more 
strict than it is to get a print-out. So what is happening now 
is there is this secondary market for the print-outs, and often 
times they are not as good a means of identification as Social 
Security cards.
    Chairman JOHNSON. Well, why do we have to do print-outs at 
all? Why can't they get a replacement card, if they can?
    Mr. O'CARROLL. Well, they can, but only a limited number of 
times. And there is also a concern due to the Freedom of 
Information Act----
    Chairman JOHNSON. Three times ought to be enough. I mean 
how many times have you lost your card?
    Mr. O'CARROLL. I haven't. I still have the one that my 
parents got when I was a little child.
    Chairman JOHNSON. Okay.
    Mr. O'CARROLL. It was with my father's stuff that I 
inherited from him.
    But I agree with you. I think that is why there is a limit 
to the number of times an individual can get a replacement 
card. But a lot of people believe that under Freedom of 
Information Act they are entitled to this print-out.
    So, I am more concerned with just making sure that the 
proper identification is used when they get the print-out so 
that we know it is the right person, that they are not using 
secondary, less reliable types of identification to get that 
print-out, that it has the same level of integrity as the card.
    And then, as you had brought up earlier, maybe if there was 
a charge for getting the print-outs, it would diminish the 
number of times that it was asked for. As it stands now, 
employers are charged if they purchase a print-out from SSA; 
individuals are not.
    Chairman JOHNSON. Okay. Well, I am not hot about that idea. 
Mr. Becerra, you are recognized for five minutes.
    Mr. BECERRA. Thank you, Mr. Chairman. Ms. Mithal, let me 
ask you a question. In the private sector right now we have a 
patchwork of regulations to deal with the use of the Social 
Security number. Can you give us some examples of industries 
that are doing a good job of trying to protect the number, and 
perhaps an industry that is not doing such a good job of 
protecting the privacy of an individual's Social Security 
number?
    Ms. MITHAL. I think it would be difficult to provide an 
industry example. We can provide examples of best practices. 
So, for example, if you do not need the Social Security number, 
do not ask for it. It is something that we have implemented as 
an agency, at the FTC. I remember when I started over 10 years 
ago, I used to have to put my Social Security number on a leave 
slip. And we do not have to do that any more. And I think that 
is a practice that we would encourage the private sector--if 
you do not need the Social Security number, do not collect it.
    Mr. BECERRA. Okay. And I have heard that some of these 
information resellers have some of the worst practices around, 
that some of these Internet information resellers actually 
advertise that with little more than your name, your city, and 
state, they can sell you a Social Security number for a few 
dollars. Is that still the case? Is there any regulation of 
those resellers?
    Ms. MITHAL. There is. In fact, a couple of years ago we 
brought a number of cases against those who were posing as 
consumers, and getting information about them. And so we have a 
law that prohibits unfair or deceptive practices. And we 
alleged that that was an unfair practice. And so there are laws 
covering that practice.
    Mr. BECERRA. And finally, give us a sense. If you were 
addressing people who are concerned about their identity and it 
being stolen, as each and every one of us here is, what would 
be the best advice you give to any American to try to safeguard 
his or her Social Security number?
    Ms. MITHAL. There are several things I would say. I would 
say treat it like you would cash. Secure it. Do not carry it 
around. Any documents that you dispose of, get a shredder. Make 
sure that if you are providing your number online, that you 
practice safe computing, that you update your anti-spyware and 
anti-malware software, that you check your accounts frequently, 
and that you order your free credit report, which you are 
entitled to once a year, from the three major credit reporting 
agencies.
    Mr. BECERRA. Good advice. Ms. Gruber, a quick question. 
What does SSA say to individuals as they come in contact with 
your offices about the integrity of their number and protecting 
it?
    What--is there anything you tell them, other than respond 
to the questions they may have about the reason they are there?
    They may be coming for benefits, or to apply for something. 
But does anyone take the time to say, ``By the way, you know, 
you should be securing your Social Security number,'' et 
cetera, et cetera?
    Ms. GRUBER. Thank you, Ranking Member Becerra, that is a 
very good question. We do. Our efforts are multi-faceted. When 
folks come in to apply for a replacement card, we do absolutely 
remind them, as both my colleagues have mentioned, to not carry 
it with them. In fact, it says that on the card.
    On our website, we have a number of publications, and 
frequently asked questions--in fact, I think we have 11 of 
them--that deal with identity theft, that deal with how to 
safeguard the card. And we know that they are very widely used. 
We get thousands of hits every month on those types of things.
    And when a person does suspect that their SSN has been 
misused or stolen, we do talk to them about--and encourage them 
to take a number of steps, including working with the FTC, 
including working with IRS, and frequently monitoring their 
financial accounts, their credit reports. Even if they are not 
a victim of identity theft, we encourage folks to do that, 
which is what all of our literature, that is pretty widely 
available, says.
    Mr. BECERRA. Well, I hope, with your good assistance, the 
three of you, that this perhaps will be the last time we have 
to hold a hearing on identity theft, because perhaps this time 
Congress could get together, working with our chairman, to 
finally pass a bill out of the House and hopefully out of the 
Senate, so we can deal with this, Mr. Chairman, as I think most 
of us believe we should have done a long time ago, and get this 
taken care of. Because it is a shame that tens of billions of 
dollars are lost by Americans and, as well, much of their 
sanity in life because somebody stole their identity.
    So, I thank you for your testimony, again. And, Mr. 
Chairman, I am pleased that you were able to bring them 
together to have this hearing.
    Chairman JOHNSON. Thank you. We have a good panel. We are 
having a vote right now. I am going to recess the committee, 
and it will be about 30, 45 minutes before we get back. Thank 
you.
    Mr. BRADY. Hey, Mr. Chairman?
    Chairman JOHNSON. Yes?
    Mr. BRADY. Can I go on the record saying I really 
appreciate Ms. Mithal's recommendation that we carry cash? If 
you could talk to my wife about giving me some, I would be very 
appreciative.
    [Laughter.]
    Mr. BRADY. I am with you on that.
    [Recess.]
    Chairman JOHNSON. The meeting will come back to order. Mr. 
Paulsen is recognized for questions.
    Mr. PAULSEN. Thank you very much, Mr. Chairman. And thank 
you. This has been an interesting hearing. Maybe I can start 
with Mr. O'Carroll.
    You know, in your testimony you mentioned, or you 
highlighted at least, the fact that temporary residents may 
have authorization to work in the United States for a limited 
time, and you questioned sort of the propriety of assigning an 
SSN to those folks, which is valid for life. Since an SSN 
number may be a key to their ability to overstay his or her 
visa, would you briefly overview for us your work in this area, 
how you reached this conclusion, and how Social Security has 
responded to some of those concerns you raised?
    Mr. O'CARROLL. Yes, Mr. Paulsen. We have done a number of 
reports on this issue. We looked at both the fiancee visas, 
where you come into the country, you say that you are going to 
be here to get married, and in that time period you are allowed 
months in the United States prior to your marriage. At that 
point, the fiancee will come in, get a Social Security number, 
and let us say, for example, the marriage does not happen, that 
person leaves the country. That SSN that the person was given 
is now out there forever.
    And then, we also looked at the visas that are issued to 
foreign students that come to the United States to work for 
summer----
    Chairman JOHNSON. Wait a minute. Can I stop you----
    Mr. O'CARROLL. Yes, sir.
    Chairman JOHNSON. If they are going out of the country, why 
can't we stop them at immigration on the way out?
    Mr. O'CARROLL. No, meaning what happens with the SSN, then, 
is that that number for that individual now exists for 
perpetuity.
    Chairman JOHNSON. But you don't make them give the card up?
    Mr. O'CARROLL. No.
    Chairman JOHNSON. Can we?
    Mr. O'CARROLL. That is something we will have to look at. 
Let me look into that and see if that is a possible solution.
    Mr. PAULSEN. If you could give a follow-up to it, Ms. 
Gruber, just to kind of get some feedback, too. But please 
continue on.
    Mr. O'CARROLL. And then, the other one that we were finding 
is with the students that are coming in for summer work. That 
is a very similar one to what Chairman Johnson was saying. At 
the end of their work, at which point they have been issued an 
SSN, they work for a summer, they go back to their country of 
residence, in many cases never to come back into the United 
States again, we have a concern. Why issue a Social Security 
number for that?
    One of the solutions would be to instruct the IRS to give 
them a tax identification number, as opposed to having to give 
them an SSN would be a possible solution.
    Mr. PAULSEN. Ms. Gruber, maybe you can follow up regarding 
the Agency's view on this, and how you and Mr. O'Carroll work 
together, perhaps, on some of these issues?
    Ms. GRUBER. Sure. Thank you, Mr. Paulsen. A couple of 
things. You know, one of the reasons we actually assign an SSN 
to someone who might be here temporarily is that we, under law, 
are required to do so--if they have DHS or Department of 
Homeland Security authorization to work, under the law we have 
to assign them an SSN.
    There are valid reasons why somebody who has a temporary 
status here--as long as they have work authorization--might 
actually want to work. And eventually, if they gain permanent 
status, they could use those credited earnings while they were 
here lawfully, but temporarily for their benefits in the 
future. In order to make a change, it would require a change to 
the Social Security Act, actually, to not issue an SSN to folks 
who are here lawfully, who do have authorization to work.
    And one other final thing, Mr. Paulsen. The Social Security 
card itself does not really give them the ticket to work. They 
have to have the card plus the DHS documentation.
    Mr. PAULSEN. Okay. Mr. O'Carroll, any other follow-up on 
that, or----
    Mr. O'CARROLL. I think that pretty well covers it.
    Mr. PAULSEN. Okay. Ms. Mithal, maybe I can ask you. The 
President's task force, you know, a few years back did a lot of 
work on public display of SSNs, and all the problems 
surrounding identity theft that I think were a part of that 
effort. The 2007 strategic plan referred to identity theft as a 
problem with no single cause and no single solution.
    However, they did develop a whole list of recommendations, 
like 30, 31. You know, the very first recommendation was 
decreasing the unnecessary use of SSNs in the public sector. 
Why was that the number one recommendation?
    Ms. MITHAL. Well, I think it is fairly obviously that one 
of the sources of identity theft is the ubiquity of Social 
Security numbers that are out there. And one of the things that 
we need to do to address the practice is to make sure they 
don't get into the hands of identity thieves in the first 
place. And it seems that reducing the public display of Social 
Security numbers, reducing the use of them, would be a natural 
first step. And we decided, well, let us clean our own house, 
start with the public sector, before we get to the private 
sector.
    Mr. PAULSEN. Well, Mr. Chairman, I think that makes sense, 
in terms of a number one recommendation. So, thank you, I yield 
back.
    Chairman JOHNSON. Mr. Becerra, do you have another question 
you would like to ask?
    Mr. BECERRA. Mr. Chairman, I think we probably asked and 
had them answer these questions 17 different times. So I think 
we know what we have to do, and we just hope that they can 
continue to offer us some good advice as we try to move 
forward.
    Chairman JOHNSON. Yes. Well, let me ask one, then. You know 
there is close to 50 million Medicare cards floating around 
with Social Security numbers on them. How can people protect 
themselves from medical ID theft?
    Mr. O'CARROLL. Well, that was one of our recommendations 
from one of our audits, was the susceptibility of the public to 
having their number compromised, because it is on the Medicare 
card. And at the time, we recommended to SSA to explore ways of 
working with HHS, which has jurisdiction over the Medicare 
card, to look into having the number taken off.
    And what we found at the time was a couple of things. And I 
will ask Terry to elaborate, but about $30 million would be the 
cost to SSA of just retooling to take the number off of the 
card. And HHS said it would cost about $300 million take and 8 
to 12 years to do it. So with that, I will yield to SSA.
    Chairman JOHNSON. Okay. Mr. Brady, do you care to question?
    Mr. BRADY. Yes, sir. One, I appreciate, Chairman, you 
holding this hearing today in the bipartisan nature. Two, I 
think the bill that has been or being introduced puts a heavy 
emphasis on prevention of the theft in the first place. And I 
want to drive the point or the need for that because on the 
back end, my understanding is that it is rare that we catch and 
prosecute those who are good at identity theft.
    And my question is, out of the 11 million victims in 2009, 
not all of them were directly victims of the theft created 
through the Social Security number. But the average person, 
senior, anyone, who is an identity theft victim through Social 
Security number, what are the chances that the criminal who 
does that gets caught and prosecuted? Any idea?
    Mr. O'CARROLL. In the inspector general's office at SSA, we 
get about a half-a-million public contacts a year, most related 
to allegations of waste, fraud, and abuse at SSA. And we figure 
about half of those allegations relate to misuse of the Social 
Security number. A large portion of them are either referred to 
SSA, HHS, or the FTC. From that group, we generally look into 
anything related to misuse of Social Security benefits or 
related to Social Security in some other way.
    So we investigate about 500 SSN misuse cases a year. That 
is about five percent of our investigations. Almost every one 
of them will end up with a conviction because by the time we 
open a case, we know that it is sufficient enough of a 
violation that we will have a positive result.
    But again, that is a very small percentage, as you are 
seeing. From 500,000 contacts down to about 500 investigations 
is what we are looking at from our agency. And I will yield to 
the FTC on the more global----
    Ms. MITHAL. Yes, but we are not a criminal enforcement 
agency, so I would have to defer to DoJ on that. But I can say 
that the crime really ranges from a pick-pocket, taking your 
credit card for a joy ride, to a terrorist that is stealing 
people's identity to commit bad acts against the country.
    And so, I think the--there is really no hope of catching 
all the identity thieves. And I think you are absolutely right, 
that we need to focus on prevention, victim assistance, and 
making sure that Social Security numbers do not fall into the 
wrong hands.
    Mr. BRADY. And actually, just to clarify, I am frustrated 
by the lack of prosecution. I am not looking to your agencies, 
but overall, I think it is just very rare. My pet peeve is I 
see a lot of resources being used, when I turn on the TV and 
see time and money being used to pursue Marion Jones or Bobby 
[sic] Bonds or Roger Clemens, or issues like that. I look at 
those teams and think, ``How many victims of Social Security 
identity theft could be helped, you know, if we applied the 
same type of rigor and ambition toward catching those?'' One, 
we should be preventing in the first place, and two, really 
prosecuting them harshly if they are caught. I think it is 
right to put an emphasis on prevention. I do think we need to 
have a much higher prosecution rate on the back end, as well.
    So, Chairman, thank you very much. And, Ms. Gruber, I did 
not mean to ignore you. Any comments?
    Ms. GRUBER. I think that both of my colleagues summed it up 
pretty well, and we certainly know how tough it is when we have 
an interview with somebody who is a victim of identity theft. 
Their life is turned upside down. And so we understand.
    Mr. BRADY. Thank you, Chairman.
    Chairman JOHNSON. Thank you. Mr. O'Carroll, you got any 
ideas how we can, you know, stem the tide of identity theft or 
stolen cards or something like happened in Texas, for instance? 
Can you talk to that issue? And how can we fix it?
    Mr. O'CARROLL. We have several concerns. One, of course, is 
identity theft for financial purposes. The other one that we 
are running into is identity theft where people are illegally 
using other people's numbers to live and work in the United 
States. And we all know the problems that follow. Either you 
are going to be much like the doctor I talked about, where you 
are going to have someone else's wages posted against your 
record that the IRS is expecting to pay taxes on, and it takes 
years to get that straightened out.
    So as we said before, any way that we can prevent the use 
of the Social Security number out there is going to shrink the 
problem down in size from where it is right now, where 
everybody has that concern of losing your identity.
    If we are not getting very good results from the 
prosecution side, let us focus on the prevention side. And 
prevention is a lot of the different tools that we have talked 
about. And everybody has got to be very careful with their 
information. For instance, sometimes phone calls are made, 
where there is the phishing scam to get your information out 
there, so don't volunteer it yourself.
    Also, I think we are all concerned that the material that 
is in your mailbox can be stolen that has all of your personal 
information. Often times there is an application for a credit 
card in the same stack of mail with your personal information 
on it.
    So, I think if this committee could consider ways of 
preventing the publication of Social Security numbers, it would 
be a step in the right direction.
    Chairman JOHNSON. Well, we can look at that. You know, I do 
not know exactly how we would do that, though. You know, you 
can make laws until you are blue in the face, and people do not 
follow them.
    Mr. O'CARROLL. I encourage the enforcement side, too, as a 
deterrent, I must say.
    Chairman JOHNSON. Yes. Well, thank you all. I appreciate 
you waiting for us.
    Do you have any further questions, Mr. Becerra?
    I appreciate you all being here today. I look forward to 
working with all of you to stem the tide of theft by better 
protecting our Social Security numbers. And I thank you for 
being here. The hearing is adjourned.
    [Whereupon, at 3:34 p.m., the subcommittee was adjourned]
    [Submissions for the Record follow:]



    [Questions for the Record follow:]