[House Hearing, 115 Congress]
[From the U.S. Government Publishing Office]
PROTECTING AMERICANS' IDENTITIES:
EXAMINING EFFORTS TO LIMIT THE
USE OF SOCIAL SECURITY NUMBERS
=======================================================================
JOINT HEARING
BEFORE THE
SUBCOMMITTEE ON INFORMATION TECHNOLOGY
OF THE
COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM
AND THE
SUBCOMMITTEE ON SOCIAL SECURITY
OF THE
COMMITTEE ON WAYS AND MEANS
U.S. HOUSE OF REPRESENTATIVES
ONE HUNDRED FIFTEENTH CONGRESS
FIRST SESSION
__________
MAY 23, 2017
__________
Serial No. 115-SS02
__________
Printed for the use of the Committee on Ways and Means
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]
__________
U.S. GOVERNMENT PUBLISHING OFFICE
33-427 WASHINGTON : 2019
-----------------------------------------------------------------------------------
COMMITTEE ON WAYS AND MEANS
KEVIN BRADY, Texas, Chairman
SAM JOHNSON, Texas RICHARD E. NEAL, Massachusetts
DEVIN NUNES, California SANDER M. LEVIN, Michigan
PATRICK J. TIBERI, Ohio JOHN LEWIS, Georgia
DAVID G. REICHERT, Washington LLOYD DOGGETT, Texas
PETER J. ROSKAM, Illinois MIKE THOMPSON, California
VERN BUCHANAN, Florida JOHN B. LARSON, Connecticut
ADRIAN SMITH, Nebraska EARL BLUMENAUER, Oregon
LYNN JENKINS, Kansas RON KIND, Wisconsin
ERIK PAULSEN, Minnesota BILL PASCRELL, JR. New Jersey
KENNY MARCHANT, Texas JOSEPH CROWLEY, New York
DIANE BLACK, Tennessee DANNY DAVIS, Illinois
TOM REED, New York LINDA SANCHEZ, California
MIKE KELLY, Pennsylvania BRIAN HIGGINS, New York
JIM RENACCI, Ohio TERRI SEWELL, Alabama
PAT MEEHAN, Pennsylvania SUZAN DELBENE, Washington
KRISTI NOEM, South Dakota JUDY CHU, California
GEORGE HOLDING, North Carolina
JASON SMITH, Missouri
TOM RICE, South Carolina
DAVID SCHWEIKERT, Arizona
JACKIE WALORSKI, Indiana
CARLOS CURBELO, Florida
MIKE BISHOP, Michigan
David Stewart, Staff Director
Brandon Casey, Minority Chief Counsel
______
SUBCOMMITTEE ON SOCIAL SECURITY
SAM JOHNSON, Texas, Chairman
TOM RICE, South Carolina JOHN B. LARSON, Connecticut
DAVID SCHWEIKERT, Arizona BILL PASCRELL, JR., New Jersey
VERN BUCHANAN, Florida JOSEPH CROWLEY, New York
MIKE KELLY, Pennsylvania LINDA SANCHEZ, California
JIM RENACCI, Ohio
JASON SMITH, Missouri
COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM
JASON CHAFFETZ, Utah, Chairman
JOHN DUNCAN, Tennessee ELIJAH CUMMINGS, Maryland
DARRELL ISSA, California CAROLYN MALONEY, New York
JIM JORDAN, Ohio ELEANOR HOLMES NORTON, District of
MARK SANFORD, South Carolina Columbia
JUSTIN AMASH, Michigan WM. LACY CLAY, Missouri
PAUL GOSAR, Arizona STEPHEN LYNCH, Massachusetts
SCOTT DESJARLAIS, Tennessee JIM COOPER, Tennessee
TREY GOWDY, South Carolina GERALD E. CONNOLLY, Virginia
BLAKE FARENTHOLD, Texas ROBIN KELLY, Illinois
VIRGINIA FOXX, North Carolina BRENDA LAWRENCE, Michigan
THOMAS MASSIE, Kentucky BONNIE WATSON COLEMAN, New Jersey
MARK MEADOWS, North Carolina STACEY E. PLASKETT, Virgin Islands
RON DESANTIS, Florida VAL BUTLER DEMINGS, Florida
DENNIS ROSS, Florida RAJA KRISHNAMOORTHI, Illinois
B. MARK WALKER, North Carolina JAMIE RASKIN, Maryland
ROD BLUM, Iowa PETER WELCH, Vermont
JODY HICE, Georgia MATT CARTWRIGHT, Pennsylvania
STEVE RUSSELL, Oklahoma MARK DESAULNIER, California
GLENN GROTHMAN, Wisconsin JOHN SARBANES, Maryland
WILL HURD, Texas
GARY PALMER, Alabama
JAMES COMER, Kentucky
PAUL MITCHELL, Michigan
David Stewart, Staff Director
Brandon Casey, Minority Chief Counsel
______
SUBCOMMITTEE ON INFORMATION TECHNOLOGY
WILL HURD, Texas, Chairman
PAUL MITCHELL, Michigan ROBIN KELLY, Illinois
DARRELL ISSA, California JAMIE RASKIN, Maryland
JUSTIN AMASH, Michigan STEPHEN LYNCH, Massachusetts
BLAKE FARENTHOLD, Texas GERALD E. CONNOLLY, Virginia
STEVE RUSSELL, Oklahoma RAJA KRISHNAMOORTHI, Illinois
C O N T E N T S
__________
Page
Advisory of May 23, 2017 announcing the hearing.................. 2
WITNESSES
Gregory C. Wilshusen, Director, Information Security Issues,
Government Accountability Office............................... 13
Marianna LaCanfora, Acting Deputy Commissioner, Office of
Retirement and Disability Policy, Social Security
Administration................................................. 29
David DeVries, Chief Information Officer, Office of Personnel
Management..................................................... 38
Karen Jackson, Deputy Chief Operating Officer, Centers for
Medicare and Medicaid Services................................. 43
John Oswalt, Executive Director for Privacy, Office of
Information and Technology, Department of Veterans Affairs..... 55
SUBMISSIONS FOR THE RECORD
American Joint Replacement Registry, letter...................... 105
Electronic Privacy Information Center, statement................. 107
National Council of Nonprofits, statement........................ 110
QUESTIONS FOR THE RECORD
Hearing Deliverables............................................. 80
The Honorable Sam Johnson:
United States Office of Personnel Management................... 82
Centers for Medicare and Medicaid Services..................... 86
Office of Retirement and Disability Policy..................... 90
Office of Information and Technology........................... 95
United States Government Accountability Office................. 100
PROTECTING AMERICANS' IDENTITIES:
EXAMINING EFFORTS TO LIMIT THE
USE OF SOCIAL SECURITY NUMBERS
----------
TUESDAY, MAY 23, 2017
U.S. House of Representatives,
Committee on Ways and Means,
Subcommittee on Social Security,
joint with the
Committee on Oversight and Government Reform,
Subcommittee on Information Technology,
Washington, DC.
The subcommittees met, pursuant to call, at 2:00 p.m., in
Room 1100, Longworth House Office Building, the Honorable Tom
Rice presiding.
[The advisory announcing the hearing follows:]
ADVISORY FROM THE COMMITTEE ON WAYS AND MEANS
SUBCOMMITTEE ON SOCIAL SECURITY
FROM THE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM
SUBCOMMITTEE ON INFORMATION TECHNOLOGY
CONTACT: (202) 225-1721
FOR IMMEDIATE RELEASE
Wednesday, May 23, 2017
SS-02
Chairman Johnson and Chairman Hurd Announce
Joint Oversight Hearing on Protecting
Americans' Identities: Examining Efforts to
Limit the Use of Social Security Numbers
House Ways and Means Social Security Subcommittee Chairman Sam
Johnson (R-TX) and House Oversight and Government Reform Information
Technology Subcommittee Chairman Will Hurd (R-TX) announced today that
the Subcommittees will hold a joint hearing entitled ``Protecting
Americans' Identities: Examining Efforts to Limit the Use of Social
Security Numbers.'' The hearing will focus on efforts by federal
agencies to reduce the use of Social Security numbers, and the
challenges these agencies face in doing so. The hearing will take place
on Tuesday, May 23, 2017 in 1100 Longworth House Office Building,
beginning at 2:00 PM.
In view of the limited time to hear witnesses, oral testimony at
this hearing will be from invited witnesses only. However, any
individual or organization may submit a written statement for
consideration by the Committee and for inclusion in the printed record
of the hearing.
DETAILS FOR SUBMISSION OF WRITTEN COMMENTS:
Please Note: Any person(s) and/or organization(s) wishing to submit
written comments for the hearing record must follow the appropriate
link on the hearing page of the Committee website and complete the
informational forms. From the Committee homepage, http://
waysandmeans.house.gov, select ``Hearings.'' Select the hearing for
which you would like to make a submission, and click on the link
entitled, ``Click here to provide a submission for the record.'' Once
you have followed the online instructions, submit all requested
information. ATTACH your submission as a Word document, in compliance
with the formatting requirements listed below, by the close of business
on June 6, 2017. For questions, or if you encounter technical problems,
please call (202) 225-3625.
FORMATTING REQUIREMENTS:
The Committee relies on electronic submissions for printing the
official hearing record. As always, submissions will be included in the
record according to the discretion of the Committee. The Committee will
not alter the content of your submission, but we reserve the right to
format it according to our guidelines. Any submission provided to the
Committee by a witness, any materials submitted for the printed record,
and any written comments in response to a request for written comments
must conform to the guidelines listed below. Any submission not in
compliance with these guidelines will not be printed, but will be
maintained in the Committee files for review and use by the Committee.
All submissions and supplementary materials must be submitted in a
single document via email, provided in Word format and must not exceed
a total of 10 pages. Witnesses and submitters are advised that the
Committee relies on electronic submissions for printing the official
hearing record.
All submissions must include a list of all clients, persons and/or
organizations on whose behalf the witness appears. The name, company,
address, telephone, and fax numbers of each witness must be included in
the body of the email. Please exclude any personal identifiable
information in the attached submission.
Failure to follow the formatting requirements may result in the
exclusion of a submission. All submissions for the record are final.
The Committee seeks to make its facilities accessible to persons
with disabilities. If you are in need of special accommodations, please
call 202-225-1721 or 202-226-3411 TTD/TTY in advance of the event (four
business days' notice is requested). Questions with regard to special
accommodation needs in general (including availability of Committee
materials in alternative formats) may be directed to the Committee as
noted above.
Note: All Committee advisories and news releases are available at
http://www.waysandmeans.house.gov/
OPENING STATEMENT OF ACTING CHAIRMAN RICE
Mr. RICE. Good afternoon and welcome to today's hearing on
the Federal Government's use of Social Security numbers.
Unfortunately, Chairman Sam Johnson was unable to be here
with us today to discuss one of his favorite topics: ending the
unnecessary use of Social Security numbers. I know everyone
here joins me in wishing Chairman Johnson a speedy recovery.
I would like to welcome Chairman Hurd of the Oversight and
Government Reform Committee's IT Subcommittee and all of the IT
Subcommittee members for joining us in the Ways and Means
Committee hearing room today.
Back in 1936, when Social Security began issuing Social
Security numbers, they were only used to track earnings and
administer the Social Security Program. Back then, it wasn't
much thought about keeping your number a secret, but today,
Social Security numbers are the keys to the kingdom for
identity thieves. Social Security and identity security experts
make a point of telling Americans how important it is to
protect their numbers. Social Security numbers are valuable
targets for identity theft because of their regular use by both
Federal Government and private sector as a unique identifier,
especially by the financial industry.
Time and again, we are reminded to protect our Social
Security cards in order to avoid identity theft and to be
careful with what documents we throw away in the trash. Our
Social Security numbers are connected to so many personal
aspects of our lives, from our Social Security benefits and
finances to our medical histories and our education. But in
recent years, privacy concerns have become more and more
critical.
When I was in law school back in the dark ages, our grades
used to be posted on the wall to keep secret whose grades they
were by Social Security number. Of course, they were posted
alphabetically. So it wasn't that hard to figure out whose was
whose. In fact, one of my very good friends in law school's
last name was Ziegler, and he was the smartest guy in the
class, and he always made an A and blew the curve. So everybody
just gave him a hard time. But his Social Security number was
always the one at the bottom of the list. And until not long
ago, I probably could recite to you Mr. Ziegler's Social
Security number.
While colleges and universities have since changed their
ways, the Federal Government has yet to fully catch up. Just
over 10 years ago, under President Bush's leadership, the
Office of Management and Budget issued a memorandum for the
safeguarding of personally identifiable information, including
the Social Security number. The memo called for Federal
departments and agencies to reduce or replace the use of Social
Security numbers across the Federal Government.
Unfortunately, while some progress has been made in
reducing the use of Social Security numbers, 10 years later,
there is still much work to be done. This hearing is about
making sure that Social Security numbers are only used when
necessary and that the Federal Government is doing what it can
and what it should to make sure that, when Social Security
numbers are used and collected, they are kept safe.
The Office of Personnel Management hack in 2015 is an
example of what happens when the Federal Government collects
Social Security numbers but does not keep them safe. And that
negligence comes with a cost to both the affected individuals
and to the taxpayers. The American people rightly deserve and
expect that the Federal Government protect their Social
Security numbers and only use them when necessary.
I thank all of our witnesses for being here. I look forward
to hearing from you about how your agencies are working to
tackle this challenge and what more needs to be done.
I now recognize Mr. Larson for his opening statement.
OPENING STATEMENT OF HON. JOHN B. LARSON
Mr. LARSON. Thank you, Mr. Chairman.
We join with you in certainly wishing our dear friend and
colleague Sam Johnson a speedy recovery and would like to add
how fortunate we are on the Ways and Means Committee to have
two iconic American heroes serving on the same committee. When
you think about Sam Johnson and his service to this country and
all that he endured on behalf of this Nation, nearly beaten to
death by the Viet Cong and then you think about John Lewis and
all he endured in this country and nearly beaten to death in
his own country, so we have these two iconic legends. And I am
so proud to serve with Sam and was happy that he asked me to
introduce with him the Social Security Must Avert Identity
Loss, or H.R. 1513, that required the Social Security
Administration to remove Social Security numbers from mailed
notices. And Mr. Johnson, as I think everybody on the committee
knows, is such an incredible gentleman. We also have taken
every opportunity in the subcommittee to renew a request, A,
that I hope the committee will travel to Plano, Texas, and that
we have an opportunity to, in as much as Mr. Johnson has
indicated this is his last term, to have a meeting there in
Plano, Texas, that would honor Mr. Johnson and the committee in
this particular topic area that he is so vitally concerned
about.
I also want to recognize Chairman Hurd, who is with us, and
the lead Democrat, Robin Kelly, for being here in our meeting
room as well.
Since 2014, hundreds of millions of Americans have lost
their personally identified information, including their Social
Security numbers, to large-scale cyber attacks. The number was
originally created in 1936 for the purpose of running the
Nation's new Social Security system. However, its usefulness as
a unique governmental identifier has made it near ubiquitous
across government and the private sector. To date, the Social
Security Administration has not suffered any large-scale data
breach, but ongoing vigilance is needed, including adequate
support for updating and modernizing the Social Security
Administration's IT structure.
All together, the Social Security Administration has been
able it to remove the 9-digit SSN from about one-third of the
mailings it sends out. Moving forward, they have committed to
removing them from the remaining notices wherever they revise a
notice, which requires computer upgrades. The severe
constraints on Social Security Administration's budget,
however, are preventing the agency from removing numbers from
all the notices right away. As they estimated, it would cost
$14 million to do so immediately rather than piecemeal.
More alarmingly, since 2010, the number of beneficiaries
has grown by 13 percent as the baby boomers enter retirement,
but Social Security's operating budget has fallen by more than
10 percent in that same period. The Social Security
Administration simply cannot serve more and more people with
less and less money each year. Social Security Administration
is already struggling to serve its beneficiaries at the level
they deserve. My constituents are experiencing multiyear wait
times on disability appeals and hearings. Their phone calls are
going unanswered. They face delays in correcting errors in
their benefits and payments.
To make matters worse, the President's fiscal year 2018
budget released today also attacks Social Security benefits for
those with disabilities as much as $70 billion over 10 years.
Mr. Chairman, I would like to submit for the record the 13
times that Donald Trump promised not to cut Social Security,
Medicare, and Medicaid.
[The following was received from Mr. Larson:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
Mr. LARSON. President Trump has promised repeatedly and
explicitly throughout the campaign not to cut Social Security
or Medicare. This broken promise should be especially alarming
to millions of people who voted for the President, who spent
their working lives paying premiums into the system, believing
those benefits would be there for them in retirement or should
they become disabled.
The bottom line is this: Social Security is the Nation's
insurance program. It is not an entitlement. It is the
insurance that individuals have paid for throughout a lifetime.
The problems with Social Security at its core--this issue that
we're taking up today, especially as it relates to theft is
vitally important to protect people's identity. But equally
important and the responsibility of this committee is actuarial
soundness.
This is the most efficient government-operated program in
the history of the Nation. Ask any private sector insurance
company if they could have a 99-percent loss ratio. They would
die for that. And there's no product on the open market where
you could produce old age and survivors benefits, disability,
and a pension plan, and survivors benefits. That is the
uniqueness of Social Security. That is why it is America's
insurance plan that our citizens have paid for. This is not an
entitlement, and we'll continue to make that point. I hope
later this year, Mr. Chairman--and Mr. Johnson has been very
gracious about saying that we'll get an opportunity to have
hearings on our bills that will look at expanding and making
solvent, well into the next century Social Security for all of
its American citizens. It's the Nation's insurance program.
Mr. RICE. Thank you.
I now recognize Mr. Hurd for his opening statement.
OPENING STATEMENT OF CHAIRMAN HURD
Mr. HURD. Thank you, Mr. Chairman.
In the 2 years plus that I've been in Congress, I've
learned one thing, and that is that Americans expect the
Federal Government to protect their personal information.
Sadly, as evidenced by the devastating data breach at OPM,
which affected more than 20 million people, this is simply not
the case.
American people deserve better from their government. If
stolen, we all know that Social Security numbers can be used to
perpetuate identity theft or worse. You never know what a piece
of personal information the bad actors need to achieve their
goals, whether they are looking to steal money or threaten the
national security of our Nation. The Oversight Committee
recently held a hearing on the IRS data breach where bad actors
hacked in the Department of Education and stole income
information from financial aid applications and then used that
information to file fraudulent tax returns with the IRS.
All of the agencies appearing before us today collect and
retain a wealth of information on individual Americans,
particularly Social Security numbers. It is essential that we
reduce the unnecessary use of Social Security numbers, both on
printed forms and electronically, in transition and at rest. In
fact, tomorrow, the House is scheduled to consider
Representative Valadao's Social Security Number Fraud
Prevention Act of 2017, which was passed out of committee on a
voice vote and prohibits agencies from sending Social Security
numbers by mail, unless the head of the agency deems it
absolutely necessary.
The Social Security Administration has 174 million wage
earners and records on pretty much everybody living and dead.
It is a treasure trove of information that must be protected.
The Veterans Administration has health records on over 8
million veterans and their families. I can imagine a few other
records as intimate as an individual's health record. The VA
currently uses Social Security numbers as a patient identifier.
Protecting these numbers is critically important for all
Americans, but given that Social Security numbers are
frequently exchanged with our most at-risk members of society,
such as our seniors, disabled, and veterans, we must take
utmost precaution to prevent the unnecessary risk of exposure
for these populations.
One of recommendations that came out of the committee's
investigation of the OPM breach was that agencies reduced their
use of Social Security numbers in order to mitigate the risk of
identity theft. As agencies undertake this transition, it is
essential that they rethink how they use, collect, and store
Social Security numbers and indeed all pieces of personal
information they collect.
I am proud to be here today with my colleagues from the
Oversight Committee as well as my colleagues from the Ways and
Means Committee in this important joint hearing to examine
what's working and what we can do better. Today, I hope to
learn more about what efforts the Federal Government is taking
to reduce its collection, use, and storage of Social Security
numbers. And thank you for being here today, and I look forward
to hearing from all of our witnesses.
Mr. RICE. Thank you.
I now recognize Ms. Kelly for her opening statement.
OPENING STATEMENT OF HON. ROBIN KELLY
Ms. KELLY. Thank you, Chairmen Rice and Hurd and Ranking
Member Larson, for holding this important hearing.
Originally created to track the earnings of individuals and
determine eligibility for Social Security benefits, the Social
Security number has become the principal method used to verify
an individual's identity. But the proliferation of their use
poses serious challenges to data security and identity theft
protection.
In 2007, when the Office of Management and Budget
recognized that reducing the use of Social Security numbers at
agencies could reduce the risk of identity theft, 10 years ago
this week, OMB issued a memorandum directing agencies to reduce
their use of Social Security numbers by examining where their
collection was unnecessary and creating plans to end such
collection within 18 months. Now, on the 10-year anniversary of
the guidance, we have the opportunity to examine the challenges
that have stymied agencies' efforts while learning from those
agencies who have had success in their initiative.
The Social Security Administration no longer prints Social
Security numbers on statements, cost-of-living notices, or
benefits checks. The Centers for Medicare and Medicaid Services
is in the middle of efforts to remove the numbers from all
Medicare cards by April 2019. Likewise, the Department of
Veterans Affairs has ceased printing Social Security numbers on
prescription bottles, certain forms, and correspondence, and is
working to find an alternate means of identification that will
maintain patient safety while reducing the visibility of Social
Security numbers on patient wristbands.
These concrete steps represent real progress, and I commend
the agencies on their work so far. But barriers still exist to
full implementation of the OMB's guidance. One of those
barriers is the lack of a strong coordinative approach from OMB
itself. GAO found that the 2007 memorandum did not define
unnecessary use, nor did it outline requirements such as
timeline or performance goals. As a result, many agencies were
vague and subject to varied interpretation over the years.
Additionally, OMB did not require agencies to update their
inventories of Social Security number collection points, making
it difficult to determine whether agencies were actually
reducing collection and use. OMB must provide clear direction
to agencies and strengthen its monitoring of compliance.
In addition to poor coordination by OMB, Federal efforts to
reduce Social Security numbers used have faced other
challenges. Agencies are statutorily and legally required to
collect Social Security numbers for identity verification in a
number of programs. And Social Security numbers remain the
standard for identity verification across government programs.
OPM briefly took steps to address this issue by working to
create an alternate identifier in 2008 and again in 2015.
However, a lack of approved funding prevented these efforts
from going forward. Until Congress refines the requirements
mandating Social Security number collection and an alternate
governmentwide identifier is created, significant reductions in
Social Security numbers use seems unlikely.
Outdated legacy IT systems also cause agencies to struggle
to obtain their reduction goals. Agencies do not have the funds
to replace these systems and start anew. This subcommittee has
spoken at great length about the need to update the Federal
Government's IT infrastructure. And we must put our money where
our mouth is. I'm concerned that across-the-board budget and
personnel cuts proposed by the Trump administration will take
us in the opposite direction and make it harder to accomplish
our Social Security number reduction goals.
I hope my colleagues will keep this and the need to protect
Americans from identity theft in mind as we discuss fiscal year
2018 budget proposals. I look forward to hearing from our
witnesses today, and I yield back the balance of my time. Thank
you.
Mr. RICE. Thank you. As is customary, any member is welcome
to submit a statement for the hearing record. Before we move on
to our testimony today, I want to remind our witnesses to
please limit their oral statements to 5 minutes. However,
without objection, all of the written testimony will be made
part of the hearing record.
We have 5 witnesses today. Seated at the table are: Gregory
Wilshusen, Director of Information Security Issues, Government
Accountability Office; Marianna LaCanfora, Acting Deputy
Commissioner, Office of Retirement and Disability Policy,
Social Security Administration; David DeVries, Chief
Information Officer, Office of Personnel Management; and Karen
Jackson, Deputy Chief Operating Officer, Centers for Medicare
and Medicaid Services; and, finally, John Oswalt, Executive
Director for Privacy, Office of Information and Technology,
Department of Veterans Affairs. Welcome to you all and thank
you for being here.
Pursuant to the committee on Oversight and Government
Reform rules, all witnesses will be sworn in before they
testify. Please rise and raise your right hand.
[Witnesses sworn.]
Mr. RICE. Please be seated.
Mr. Wilshusen, welcome and thanks for being here. Please
proceed. If I butchered your name, I'm sorry.
STATEMENT OF GREGORY C. WILSHUSEN, DIRECTOR, INFORMATION
SECURITY ISSUES, GOVERNMENT ACCOUNTABILITY OFFICE
Mr. WILSHUSEN. No, you did perfect. Thank you, Chairmen
Rice and Hurd, Ranking Members Larson and Kelly, and Members of
the Subcommittee. Thank you for inviting me today to testify at
today's hearing on executive branch efforts to reduce the
unnecessary use of Social Security numbers.
My statement is based on our draft report on Federal
efforts to reduce the collection, use, and display of these
numbers. We have provided a draft report to 25 agencies for
comment. We anticipate issuing the final report to you later
this summer after we receive agency comments.
Before I begin, if I may, I'd like to recognize several
members of my team who were instrumental in developing my
statement or performing the work underpinning it. With me is
John de Farrari and Marisol Cruz, who led this work, and
Quintin Dorsey. In addition, Andrew Beggs, Shaunyce Wallace,
Dave Plocher, Priscilla Smith, and Scott Pettis made
significant contributions.
Beginning in 2007, OPM, OMB, and the Social Security
Administration undertook several actions aimed at reducing or
eliminating the unnecessary collection, use, and display of
Social Security numbers on a governmentwide basis. However,
these actions have had limited success. OPM issued guidance to
agencies and acted to eliminate or mask Social Security numbers
on personnel forms used throughout the Federal Government. It
also promulgated a draft regulation to limit Federal
collection, use, and display of Social Security numbers, but
withdrew the proposed rule because no alternate Federal
employee identifier was available that would provide the same
utility.
In 2007, OMB required agencies to establish plans for
eliminating the unnecessary collection and use of Social
Security numbers. OMB also began requiring agency reporting on
reduction efforts as part of its annual FISMA reporting
process. In 2007, the Social Security Administration developed
an online clearinghouse on agency's best practices for
minimizing the use and display of Social Security numbers.
However, this clearinghouse is no longer available.
At the individual agency level, each of the 24 CFO Act
agencies report taking a variety of steps to reduce the
collection, use, and display of Social Security numbers. These
steps included developing and using alternate identifiers;
masking, truncating, or blocking the display of these numbers
on printed forms, correspondence, and computer screens; and
filtering email to prevent transmittal of unencrypted numbers.
However, agency officials noted that Social Security
numbers cannot be completely eliminated from Federal IT systems
and records in part because no other identifier offers the same
degree of universal awareness and applicability. They
identified three other challenges. First, several statutes and
regulations require collection and use of Social Security
numbers. Second, interactions with other Federal agencies and
external entities require the use of the number. And a third
challenge pertained to technological hurdles that can slow
replacement of the numbers in information systems.
Reduction efforts in the executive branch have also been
limited by more readily addressable shortcomings. Lacking
direction from OMB, many agencies' reduction plans did not
include key elements, such as timeframes or performance
indicators, calling into question the plans' utility.
In addition, OMB has not required agencies to maintain up-
to-date inventories of Social Security number collections and
has not established criteria for determining when the number's
use or display is unnecessary, leading to inconsistent
determinations and definitions across the agencies.
OMB has also not ensured that all agencies have submitted
up-to-date progress reports and has not established performance
metrics to measure and monitor agencies' efforts.
Accordingly, in our draft report, we are making five
recommendations to OMB to address these shortcomings. Until OMB
and agencies adopt better and more consistent practices, their
reduction efforts will likely remain limited and difficult to
measure. Moreover, the risk of Social Security numbers being
exposed and used to commit identity theft will remain greater
than it need be.
Chairman Rice, Chairman Hurd, Ranking Members Larson and
Kelly, this concludes my statement. I'd be happy to answer your
questions.
[The prepared statement of Mr. Wilshusen follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
Mr. RICE. Thank you, sir.
Ms. LaCanfora, welcome and thanks for being here. Please
proceed.
STATEMENT OF MARIANNA LACANFORA, ACTING DEPUTY COMMISSIONER,
OFFICE OF RETIREMENT AND DISABILITY POLICY, SOCIAL SECURITY
ADMINISTRATION
Ms. LACANFORA. Acting Chairman Rice, Chairman Hurd, Ranking
Member Larson, Ranking Member Kelly, and Members of the
Subcommittees, thank you, for inviting me to discuss the
history of the Social Security number, how the Social Security
Administration uses it to administer its programs, and efforts
to reduce the number's use. I am Mariana LaCanfora, Acting
Deputy Commissioner for Retirement and Disability Policy.
There's a rich history surrounding the Social Security
number. Those responsible for implementing the new Social
Security Program understood that crediting earnings to the
correct individual would be critical to the program's success.
Names alone would not ensure accurate reporting. Accordingly,
in 1936, we designed the 9-digit SSN and SSN card to allow
employers to accurately report earnings.
Today, over 80 years since the program's inception, we have
issued around 500 million unique numbers to eligible
individuals. The SSN continues to be essential to how we
maintain records. Without it, we could not carry out our
mission. However, the SSN and SSN card were never intended, nor
do they serve, as identification. We strongly encourage other
agencies and the public to minimize their use.
We also provide electronic verifications of SSNs to our
Federal and State partners to prevent improper payments. In
2016, we performed over 2 billion automated SSN verifications.
Although we created the SSN, its use has increased
dramatically by other entities over time. A 1943 executive
order require Federal agencies to use the SSN. Advances in
computer technology and data processing in the 1960s further
increased the use of the number. Congress also enacted
legislation requiring the number for a variety of Federal
programs. Use of the SSN grew not just in the Federal
Government but throughout State and local governments to banks,
credit bureaus, hospitals, educational institutions, and other
parts of the private sector.
As use of the SSN has become more pervasive so has the
opportunity for misuse. We have taken numerous measures to help
protect the integrity of the SSN.
In 2001, we removed the full SSN from two of our largest
mailings: the Social Security statement and the Social Security
cost-of-living adjustment notice. These notices account for
about a third of the roughly 352 million notices that we send
out each year.
In 2007, OMB issued a memo requiring agencies to review
their use of the SSN and identify unnecessary use of the
number. We recognized that although we need the SSN to
administer our programs, we could and did refine all of our
personnel policies to reduce reliance on the number.
Still, we recognize that we need to do more. Two-thirds of
our notices have the Social Security number. Our notice
infrastructure is complex. About 60 different applications
generate notices and every notice is created to respond to an
individual's unique circumstances. Nevertheless, we are
committed to replacing the SSN with a beneficiary notice code,
or BNC, as we modify existing notices or create new ones. The
BNC is a secure, 13-character, alphanumeric code that helps our
employees identify the notice and the beneficiary and respond
to inquiries quickly. We initially developed the BNC for use in
the Social Security cost-of-living adjustment notice.
Additionally, next year, we will replace the SSN with the
BNC on benefit verification letters as well as appointed
representative and Social Security post-entitlement notices.
Together these mailings account for 42 million annual notices.
We take great care to protect the integrity of the SSN and
the personal information of the public we serve.
Thank you for the opportunity to describe our efforts. I'd
be happy to answer any questions.
[The prepared statement of Ms. LaCanfora follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
Mr. RICE. Thank you, Ms. LaCanfora.
Mr. DeVries, welcome and thanks for being here. Please
proceed.
STATEMENT OF DAVID DEVRIES, CHIEF INFORMATION OFFICER, OFFICE
OF PERSONNEL MANAGEMENT
Mr. DEVRIES. Thank you, Chairman Rice, Chairman Hurd,
Ranking Member Larson, Ranking Member Kelly, and Members of the
Subcommittees, thank you for the opportunity to appear before
you today to represent the Office of Personnel Management with
respect to reducing the use of Social Security numbers as a
personal identifier.
In 1962, the Civil Service Commission adopted the SSN to
identify Federal employees. Over time, the SSN became universal
to almost every piece of paper or its digital form in a Federal
employee's official personnel file. It became a de facto
personnel identifier. The SSN was used for routine personal
actions to record training, to request health benefits, and for
many other purposes.
In 2007, OPM issued guidance to Federal agencies to develop
consistent and effective measures for use in safeguarding of
Federal employees' SSNs. The intent of these measures was to
minimize the risk of identity theft and fraud in two ways, one
by eliminating the unnecessary use of SSN as an identifier and
by strengthening the protection of personal information,
including SSNs, from theft or loss. Examples of the measures
that we recommended were eliminating the unnecessary printing
display of the Social Security number on forms, reports, and
your computer displays, and restricting access to only those
individuals who had a need to know, and they were notified of
their additional responsibilities to safeguard that. We also
included privacy and confidentiality statements to go along
with the--and, finally, we came up with how do you mask it or
how do you take the Social Security numbers out of the forms
itself there.
Internal to the OPM, we examined our internal policies with
respect to the use of SSNs and, in 2012, issued an addendum to
our information security and privacy policy. The updated policy
identifies acceptable uses of the SSN, describes how the
authorized use will be documented, and presented alternatives
for SSN. This internal policy addendum notes that acceptable
use of the SSN are only those that are provided for by law,
executive order, require interoperability with organizations
outside the OPM, or are required by operational necessities to
achieve agency mission. For example, the SSN is a single
identifier that is consistent across the security investigation
process and may be necessary to complete an individual's
background investigation. But it is now protected in both
transit and in storage.
OPM has taken other efforts to reduce the use of SSNs since
issuing the 2012 policy. OPM modified the USAJOBS and the USA
Staffing Systems so that neither collect SSNs from applicants.
We also undertook an effort in 2016 to understand which IT
systems maintain SSNs and how they use those to communicate
with other programs. The initial inventory was completed in
September 2016, and we are now using it to validate the
progress made and identify other opportunities. In addition, we
are updating the internal 2012 policy this year.
It is difficult to completely eliminate the Federal use of
SSNs without a governmentwide coordinated effort and dedicated
funding. SSNs are generally the common element linking
information among agencies, OPM shared service providers, and
benefit providers. In the fall 2016, OMB and OPM proposed the
program unique identifier, or PUID, initiative to reduce the
use of SSNs in many government systems and programs. The PUID
initiative sought to facilitate the exchange of information
without SSNs. This would be accomplished by providing an
alternative numbering scheme to uniquely identify records
across various programs and agencies. An initial proof of
concept shows potential for continued study.
Members of the subcommittee, thank you for having me here
today to discuss OPM's rule in reducing the use of SSNs and for
your interest and support in this important issue here.
Safeguarding the PI of our Federal employees and others whose
information we hold is of paramount importance to OPM. I would
be happy to address any questions you may have. Thank you.
[The prepared statement of Mr. DeVries follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
Mr. RICE. Thank you, Mr. DeVries.
Ms. Jackson, thank you for being here. You can proceed.
STATEMENT OF KAREN JACKSON, DEPUTY CHIEF OPERATING OFFICER,
CENTERS FOR MEDICARE & MEDICAID SERVICES
Ms. JACKSON. Chairman Rice and Hurd, Ranking Members Larson
and Kelly, and Members of the Subcommittees, thank you for this
opportunity to discuss the Centers for Medicare and Medicaid
Services' work to safeguard the personally identifiable
information of the beneficiaries whom we serve, including our
ongoing work to eliminate use of the Social Security number on
Medicare cards.
This effort is an important step in protecting
beneficiaries from becoming victims of identity theft, one of
the fastest growing crimes in the country. As we all know,
identity theft can disrupt lives, damage credit ratings, and
result in inaccuracies in medical records. Thanks to
congressional leadership and, in particular, Chairman Johnson,
whom I am sorry is not here today, and members of the Ways and
Means Committee, and based on the recommendations of our
colleagues from the Government Accountability Office, CMS will
eliminate the Social Security number-based identifier on
Medicare cards by April 2019, as Congress directed us, as part
of the Medicare Access and CHIP Reauthorization Act of 2015,
known as MACRA. We very much appreciate Congress providing us
with the resources necessary to undertake this important
project.
Beginning in April 2018, all newly enrolled Medicare
beneficiaries will receive a Medicare card with a new Medicare
Beneficiary Identifier, known as the MBI. At the same time, CMS
will begin distributing the new Medicare cards to our current
beneficiaries. This new Medicare number will have the same
number of characters as the current 11-digit Social Security
number-based health insurance claim number, known as the HICN,
but will be visibly different and distinguishable from the
HICN. With the introduction of the MBI, for the first time, CMS
will have the ability to terminate the Medicare number and
issue a new number to a beneficiary in instances where they are
a victim of identity theft or their Medicare number has been
compromised in some way.
Transitioning to the MBI will help beneficiaries to better
safeguard their personal information by reducing the exposure
of their Social Security numbers. CMS has already removed the
Social Security number from many types of our communications,
including the Medicare summary notices that are mailed to
beneficiaries on a quarterly basis. We have prohibited private
Medicare Advantage Plans and Medicare Part D prescription drug
plans from using Social Security numbers on their enrollees'
insurance cards.
Many people wonder why CMS has used an identifier based on
the Social Security number in the first place. When the
Medicare program was established in 1965, it was actually the
Social Security Administration who administered the program.
While CMS is now responsible for management of Medicare, the
Social Security Administration still enrolls beneficiaries and
both CMS and the Social Security Administration rely on
interrelated systems to coordinate eligibility for Medicare
benefits and for Social Security benefits.
Currently, healthcare providers use the HICN when they
submit claims in order to receive payment for healthcare
services and also for supplies. And CMS and its contractors use
the HICN to process those claims, authorize payments, and to
issue some beneficiary communications.
We're in the process of making changes to over 75 of our
affected systems to replace those systems' indicators with the
MBI over the HICN, and we have developed the software that will
generate MBIs and assign them to beneficiaries. We are working
with our key partners, such as SSA, Railroad Retirement Board,
States and territories, the Indian Health Service, the
Department of Defense, Department of Veterans Affairs,
healthcare providers, and other key stakeholders--there are a
lot of them--to ensure that beneficiaries continue to receive
access to services and our partners will be able to process
using the new MBI.
We are implementing an extensive and phased outreach and
education program for the estimated 60 million beneficiaries
who will be receiving new cards, as well as to providers,
private health plans, other insurers, clearinghouses, and other
stakeholders. This fall, we will tell Medicare beneficiaries
they will be receiving a new card, instruct them on when they
will be receiving it, and what to do with their old cards.
We are also working to make sure that physicians and other
healthcare providers are prepared to serve patients throughout
the transition by creating information for providers both for
them to update their records with the new MBI and also for them
to help remind beneficiaries that they need to bring their new
cards with them when they see their doctors.
We know from other successful large-scale implementations
that it helps to allow time for all stakeholders to adjust to
the changes. And so, beginning in April of 2018, when we begin
to mail out the cards, CMS will have a 21-month long transition
period, during which our systems will accept transactions both
containing the MBI and also the HICN.
Throughout our programs, we are committed to safeguarding
personal information. Redesigning the Medicare card to remove
the Social Security number-based identifier is a very important
step for CMS in helping to combat identity theft and further
protect our beneficiaries.
Thank you very much for your interest in our progress
today, and I look forward to answering your questions.
[The prepared statement of Ms. Jackson follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
Mr. RICE. Thank you, Ms. Jackson.
Mr. Oswalt, thank you for being here. You can proceed.
STATEMENT OF JOHN OSWALT, EXECUTIVE DIRECTOR FOR PRIVACY,
OFFICE OF INFORMATION TECHNOLOGY, DEPARTMENT OF VETERANS
AFFAIRS
Mr. OSWALT. Good afternoon, Chairman Rice, Chairman Hurd,
Ranking Member Larson, Ranking Member Kelly, and distinguished
Members of the Subcommittees. Thank you for this opportunity to
participate in your joint hearing on government use of Social
Security numbers across the government and VA, and the steps
that VA has taken to find ways to reduce, eliminate Social
Security numbers from VA's systems.
VA's mission is to serve with dignity and compassion
America's veterans and their families. This mission is
contingent upon accurate and timely information being readily
available. If we are to advocate for veterans, ensure they
receive the medical care, benefits, social support, and lasting
memorials they have rightfully earned in service to our Nation,
VA most properly identify, verify, and coordinate this
protected information entrusted to us.
The Department interfaces with many other Federal agencies,
including but not limited to, the Department of Defense, the
Social Security Administration, the Internal Revenue Service,
and the Department of Education.
VA's primary uses of SSNs are threefold: One, locate
veterans and their dependents to ensure correct identification
associated with the delivery of healthcare and services; second
identify employees for employment related recordkeeping; and,
three, ensure 100 percent accuracy in patient identification.
Mistaken identity in the delivery of healthcare can result in
catastrophic and tragic outcomes. Until such time when the
comprehensive and equally accurate means to do so is
established and implemented, the use of SSNs remains the best
means of ensuring patient identification.
In addition, SSNs must be used if required by law or
regulation for purposes such as background investigations,
income verification, and the matching of computer records
between government agencies.
Elimination of the SSN use is not solely a function of
information technology, IT. The business processes used by the
Veterans Health Administration, VHA; the Veterans Benefit
Administration, VBA; and VA offices require a complete overhaul
in how they establish absolute identity verification inside VA
and, equally important, outside VA.
IT solutions to eliminate SSN use can only occur after our
integrated and comprehensive review of SSN's use and its
interconnectedness is complete. VA recognizes the growing
threat posed by identity theft and the impact on veterans,
dependents, and employees. In 2009, VA created and implemented
the enterprisewide Social Security reduction effort--Social
Security Number Reduction Effort. The goal of an SSNR is to
gather and catalog SSN use, leading to the reduction and/or
elimination of the SSN as the VA's primary identifier, all
while maintaining the 100 percent requirement for proper
veteran patient identification.
For example, VHA has eliminated the full SSN use on
appointment letters, routine correspondence, and the veteran's
health identification card. VA mailout pharmacy has eliminated
the SSN from prescription bottles and mailing labels. As a
whole, VA has removed SSNs from several forms where such use
was deemed not necessary. VBA is modifying an existing contract
to replace SSNs with barcode labels on all outgoing
correspondence. Completion of that effort is expected in
November of this year.
As VA migrates away from SSN use, the Office of Information
Technology is collaborating with stakeholders to continue
expanding the use of the Master Veteran Index, MVI, a registry
of veterans, their beneficiaries and other eligible persons.
MVI serves as the authoritative identity source within VA and
generates an assigned and integrated control number, or ICN,
for each veteran. The use of MVI as a unique identifier
continues to expand with the ultimate goal being replacement of
the SSN as a primary identifier.
There are many challenges facing VA regarding the
elimination of the unnecessary collection and use of the SSN.
This includes an enterprisewide system analysis that needs to
be conducted to find and identify the large volume of interface
systems that VA needs for clinical care and administrative
functions, undertaking a robust education and retraining
program for employees to implement any now unique identifier--
this has already begun, but it will take time to integrate
fully into our work processes--and acceptance by the veteran
committee community. A change of this magnitude across the
entire VA system will require substantial outreach and
education.
VA has made considerable progress toward eliminating
unnecessary use of SSNs and continues to reduce the use of SSNs
with the goal to replace it with an alternative primary
identifier. This concludes my testimony, and I'm prepared to
answer any questions you or other Members of the Subcommittee
may have. Thank you.
[The prepared statement of Mr. Oswalt follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
Mr. RICE. Thank you, Mr. Oswalt.
We now turn to questions. As is customary for each round of
questions, I will limit my time to 5 minutes, and I will ask my
colleagues to also limit their questioning time to 5 minutes as
well.
Mr. Oswalt, I want to start with you. You were just
speaking of the hurdles that the VA has to cross to eliminate
the Social Security number and, of course, how critical it is
that we make sure that we identify each patient, as their lives
are in the balance, right, and make sure they get the right
medication and so forth.
So you were saying that, as a replacement for the Social
Security number, you started implementing an ICN. What you
didn't tell us is how long it's going to take to get that done.
What would be your best estimate for when you can get that
done?
Mr. OSWALT. Well, the MVI, which is the registry of all
certain types of identifiers, has been in place in various
incarnations since 1999.
Mr. RICE. So you don't use Social Security numbers anymore?
Mr. OSWALT. We do use Social Security, but its use as a
primary identifier is still in the VA processes. The ICN is
generated by all the information that the MVI collects. So
using that ICN as a means to identify a veteran as their
information traverses the system or a machine talking to a
machine; that has happened to a large extent already. It's
primarily the SSN use is when there's a human-to-human
interface between the clinician and the patient.
Mr. RICE. Do you still have their Social Security numbers
on their little wristbands?
Mr. OSWALT. Yes, we do. There is an effort underway, I
believe, on a pilot level. Right now, we are seeking to
eliminate the full SSN with the goal of being a complete
elimination, and there's also a barcode----
Mr. RICE. Do you have any kind of timetable for that?
Mr. OSWALT. Sir, I would have to take that and provide that
for the record because I'm not aware of the project status.
Mr. RICE. Thank you, Mr. Oswalt.
Ms. Jackson, your testimony was very interesting and
exciting to me. You said, by 2018, you will eliminate Social
Security numbers from the Medicare cards. You are moving at
lightning speed for the Federal Government. Thank you for your
efforts.
Mr. DeVries, you said something that was very interesting
to me. You have stopped collecting Social Security numbers for
applicants for employment for the Federal Government?
Mr. DEVRIES. Correct, sir. When an applicant is going to
enter into or wants to come into the Federal Government and
they go to the USAJOB site, we no longer collect their Social
Security number from them at that time, correct.
Mr. RICE. When do you collect their Social Security
numbers?
Mr. DEVRIES. So we don't collect it. The agency--once we
match up the job applicants against the job posting, to what we
call U.S. Staffing, and the agency takes that referral list and
the list of applicants and they narrow it down and they make
the selection, when they bring that person on to make them
employment offer, that's when the agency that's hiring them
collects that from them then.
Mr. RICE. I know they would use their Social Security
number for tax withholdings and such. What else would they use
the Social Security number for when they were looking to hire
somebody?
Mr. DEVRIES. So it is mostly that. It is your status of
employment and then the benefits that come with it, whether it
be the pay and then reporting back to the IRS and the Social
Security side of the house.
Mr. RICE. Do you do criminal background checks in any
agency of the government?
Mr. DEVRIES. So, once you become an employee and if your
position requires that, then, when you submit for the
background investigation, that would also be the primary use.
And similar to what we do in the VA, though, once it gets into
the background investigation system, then it is a different
number that becomes the controlling number for it.
Mr. RICE. And since this massive hacking that occurred
several years ago, I assume you've implemented a lot more
protections to prevent that from happening again.
Mr. DEVRIES. Yes, sir.
Mr. RICE. Ms. LaCanfora, gosh, amazing statistics. Did I
hear you correctly that you respond, that you verify 2 billion
requests per year? Is that right?
Ms. LACANFORA. Two billion verifications, yes.
Mr. RICE. Wow. So that would be like six for every single
living person in the country.
Ms. LACANFORA. Yes. It is worth noting that more than half
of those are Federal and State agencies that are verifying
numbers with us, and that can happen multiple times throughout
a year if they are processing, for example, an application for
benefits.
Mr. RICE. All right.
OMB has required agencies to eliminate the unnecessary use
of Social Security numbers, but they never defined what
necessary use is. How does each of your agencies define
necessary use? I'll start with you, Mr. Wilshusen.
Mr. WILSHUSEN. Actually, I don't know how my agency has
defined unnecessary use. What we did in terms of our audit of
the other agencies is determine to what extent that they have
defined unnecessary use. We found that of the 24 CFO Act
agencies, a number of them, four I believe, did not define what
``unnecessary use'' is and another eight didn't have it
documented or did not have a formal definition. Rather the
agencies, based it on the judgment of the individuals who are
making the particular assessment on Social Security use.
Mr. RICE. Thank you, sir.
Mr. Larson.
Mr. LARSON. Thank you, Mr. Chairman.
And I want to thank the witnesses again.
What a credit to government service you are, and I thank
you for being here today.
Just a couple of questions. First, it has got to be
incredibly hard to operate an agency that is the largest
insurer in the Nation and to do so with a 99-percent loss
ratio, the envy of any private sector insurance company. Kudos
to you. Not without its problems and complexities, one of which
we are exploring here today in terms of making sure we get
after fraud and abuse. And as we said many times on the
committee, anyone who abuses this system, a sacred trust, ought
to get the ultimate penalty. And I'm all for strengthening
anything that we can do to further crack down on this.
What we've heard in your testimony today is a couple of
things that strike me. Number one, we have a 13-percent
increase overall with the baby boomers coming through the
system, and yet you have had a 10-percent overall cut in your
budget. One has to ask, how are you able to manage with these
increases and the complexity of the problems that you face,
including hacking?
Now, listen I am one of those people that would also concur
that, hey, listen, some--you don't always--you know, cuts in
service, if they are replaced by technology that is current,
can overcome those things. But it seems to me like you're also
saddled with legacy IT that needs to be updated and improved,
and yet there aren't the resources that we funneled you to do
that. Is that a fair assessment?
Ms. LACANFORA. You have cited some of our challenges, yes.
I think I will mention, though, that we are embarking on a very
ambitious IT modernization plan. We know that we cannot
continue to operate the way that we are operating.
Mr. LARSON. When you say you are embarking on it, do you
have the money for it? And where are we going? It seems like a
lot of the problems and concerns that we are confronted with,
especially in the area of veterans, et cetera--and I noticed
the wristband concerns that were brought up in terms of
identification--that if we have the resources, and certainly we
have the technological capability, why wouldn't we protect what
is the government's leading program to protect and assist its
citizens? Could you--do you need more money?
Ms. LACANFORA. I think our budget folks are coming up to
brief your staff on the 2018 budget, but I will say that the
2018 budget attempts to balance service and stewardship, as
well as improving the efficiency with which we operate--the IT
modernization plan that I mentioned is something that we are
looking forward to advancing, and we're considering that to be
an agency priority. So we are going to dedicate the funding to
support that. Part of that will help us to modernize our
communications infrastructure and remove the SSN from the
remaining notices.
Mr. LARSON. What it is very alarming to us--and I know that
my colleagues on the other side of the aisle share this as
well--is that we know how vital this program is to all of our
citizens. We know and everyone can attest to the long waits on
disability in terms of processing claims. It seems the country,
as gifted as we are with IT, this ought to be something that we
ought to be able to solve rather easily. So it is further
frustrating when we continue to see cuts in the budget and
quite alarming today when we have the President's budget is
revealed with about a $70 billion cut in Social Security,
which, to me, is unconscionable, especially given the
President's previous statements about preserving and saving, if
not expanding, these benefits to keep pace actuarially where
they should be from where we were in 1983, when we actually
last looked at this from in a business actuarially sound
position. I really believe that we can close a lot of these
gaps with appropriate technology and assistance from the rank
and file, who I would also note, according to testimony in
previous hearings, that frontline members in Social Security
offices are our best line of defense against fraud and abuse
and waste. And they don't get enough credit. And continuing to
cut the budget, instead of looking at investments in both IT
and where we can be more efficient and successful, I think is
where we need to go. Thank you.
Mr. RICE. Just to clarify, the President is not talking
about cutting benefits. He's talking about cutting
administrative costs.
Mr. Schweikert.
Mr. SCHWEIKERT. Thank you, Mr. Chairman.
Forgive me, who would be the most technical of all of you.
All right. I need you to work through something with me and
correct me if I'm not hearing something correctly. I have a
BNC. I have a PUID. I have an MBI. I have an ICN. Are these all
on a common registry that, a derivation table, that you tag in
technology and you pull back and tag?
Mr. DEVRIES. No, sir
Mr. SCHWEIKERT. In that case, forgive me, and look, I've
only been reading the testimony and the things here, but what I
see is absurd technologywise. Without a common central token
system--and forgive me, but if you use Apple Pay here, Apple
Pay does not hold your credit card number. What it does is it
creates a one-time-use token. The token hands off, matches, is
handed back a number, reflects back. You all have IT budgets.
You're trying to solve a problem, but in many ways--I need you
to walk me through--it's my fear that the problem may have just
gotten worse because I have the VA now with one set of numbers.
I have Medicare with a different set of numbers. I have OPM
with a different set. I'm now going to have Social Security
with another blind identifier. Have we just made the problems
much worse at least for the customer service aspect?
Mr. DEVRIES. Sir, if I could, let me address that to a
limited degree here. What you just heard here was exactly the
case. We took the one common field--it is called 9-digit Social
Security number--that grew up for decades. It became ubiquitous
in every form that we filled out. And then we said we can't
show that, we can't display it out, we have to cut the use of
that to where it is not publicly used----
Mr. SCHWEIKERT [continuing]. Blind it.
Mr. DEVRIES. We created a scheme for each of these things.
I came from several years inside DOD. And so when I become a
DOD member, I become a veteran at the end of that thing, yet I
get a different number. Now I am a civil servant; I get a
different number yet. How do we unite that thing? That's where
we need the unification at the top there to help drive the
standardization of these things and then how do you link them
back, because, at the end of day, I still need to tie the
different benefits that come at it from the various employment
opportunities and----
Mr. SCHWEIKERT. Does everyone see what I'm observing is we
may be actually, in our attempt to blind these numbers,
creating another cascade effect that's going to create a whole
new level of complication, and that is when my veteran happens
to also be working on his Medicare, who also is dealing with a
Social Security dispute, that may be wanting to go back to work
for the Federal Government at the Park Service, and now I have
a handful of different numbers.
Off just the top of my head--and I'm on the edge of my
technical expertise--I could come to you right now and, whether
it be in a distributed ledger model, but some sort of common
tokenization, where I hand this number, I get the hand off, and
I would get a constant match. It wouldn't stop you all from
doing what you're doing, but we would have to actually build a
common unified clearinghouse data system that would reflect all
the numbers and then hand back the one-time-use token. But that
may be a unifying solution to solve actually a number of our
problems, which is I can actually take you all the way to
Social Security earned income tax credit fraud and a whole
number of other things that could actually help on. Am I way
out of my league here from your area of expertise? Am I seeing
a unifying problem here?
Mr. DEVRIES. You are correct, sir. In my opening remarks, I
talked about the program unique identifier. The concept there
was to keep the Social Security number as the gold place. You
protect that. You surround it, but you don't bring it out. And
then you have programs, and so each of these could be a unique
program. And they would have structures to their numbering
schemes, and they own the numbering schemes, just like we
talked about today here, but then it gets associated back to
it, and that's what gets shared out. If his Medicare card gets
confiscated or lost, we cut him a new one; it does not start
the whole process.
Mr. SCHWEIKERT. Obviously, it would be easier if every time
someone used a Medicare benefit, they had a chip card that
handed off a new token, but the fact of the matter is you are
not going to design the same thing where I type in this time
the unique number; it hands off. It may be worth a conversation
for those who are interested in this type of technology. Maybe
as the committee here, we need to sort of--it is going to take
some resources, but there has to be a unified theory we could
get to make this simpler.
I yield back Mr. Chairman.
Mr. RICE. Thank you.
Ms. Kelly.
Ms. KELLY. Thank you, Mr. Chairman.
Social Security numbers have become used as a principal
method of identity verification in and across agencies.
However, that very fact makes them lucrative targets for
identity thieves.
Mr. Wilshusen----
Mr. WILSHUSEN. Wilshusen.
Ms. KELLY. You testified that SSNs are particularly risky
because they can, quote, ``connect an individual's PII across
many agencies' information systems and databases.'' Can you
explain how the widespread use of Social Security numbers
increases the risk of identity theft?
Mr. WILSHUSEN. Certainly. And thank you for the question.
One of the reasons is that they are available, and if the
numbers are not properly secured, they are vulnerable to theft.
In our work on information security at Federal agencies, we
looked at the examination of--or examined the security controls
over the agency's information. We have often found that the
security controls are not effective to the extent to where they
can adequately protect the confidentiality, integrity, and
availability of the information and systems at those agencies.
So, by having stores of Social Security numbers in a particular
agency and they are not adequately protected, then that
information can be stolen and used not only at that agency but
can be used as an identifier for that individual at other
agencies and indeed in the private sector as well.
Just last year, in fiscal year 2016, agencies reported
about 8,300 incidents involving PII to the US-CERT for fiscal
year 2016. So it's a present problem.
Ms. KELLY. How could the use of such an alternate
identifier reduce the risk of identity theft?
Mr. WILSHUSEN. Well, for one, it may limit the extent to
which an alternative ID may be used to identify that individual
with other databases at other entities. So it's an opportunity
to limit the extent that that identifier can be used across
various different organizations.
Ms. KELLY. And you talked about in your testimony no such
identifier was available. Can you expound on that?
Mr. WILSHUSEN. Well, there are other identifiers but none
that's universally as accepted and applicable as the Social
Security number. We did report that, in certain instances and
at certain organizations, including DOD and VA or VHA, they've
started to use an alternate identifier other than Social
Security numbers to provide their members and require one.
Ms. KELLY. Despite OPM's failure to implement an alternate
in 2008, the agency proposed a program unique identifier
initiative in 2015 to provide an alternative way for
identifying records in government systems.
Mr. DeVries, is that correct? And can you elaborate on
that?
Mr. DEVRIES. Ma'am, could I get the last part of your
question there?
Ms. KELLY. I asked about the proposed program unique
identifier initiative in 2015 to provide an alternate way for
identifying records in government systems. And can you
elaborate on that?
Mr. DEVRIES. Yes, ma'am.
So, again, going back to, from a program perspective, if
you define a program as being a functional area of interest, so
like say CMS, VA, DOD and some other ones, there are benefits
and other things that must get reported and attributed back to
the individual. When I was born, I got a Social Security
number. I went up and I worked as a teenager. I went to
college. I started in the work force. Along the way, I accrued
these different benefits. But each one gets recorded in their
own way. So, by uniting--and kind of going with what we talked
about before with a ledger that says here's the program owner
for this numbering scheme and we standardize the numbering,
then you can reuse those things. And, again, just as he pointed
out, we would not--if you lose your Medicare card, you lose the
connectivity of what that thing represented in the Medicare
business but not across the whole financial institutions and
all the other ones.
The challenge is, how do I work that thing not only at the
Federal level at the agencies here but then down to the
agencies that report into us and also to the State and local
government things. Because everything is coded into these
various programs, the Social Security Administration talked
about the number system she has. They keep on exploding when
you go down to the State and local government side of the house
too. And all those have to be linked together there at some
point in time. But I think we can take it one phase at a time.
Ms. KELLY. I worked for the State of Illinois, and it was
the same issue there. And I wonder, do States change it on
their own one by one or how does that--do they decide to make
changes? Because I think, before I left, they did can make some
changes because they had Social Security numbers on everything.
Mr. DEVRIES. I'll let my esteemed colleagues talk here, but
within the Department of Defense, where we have moved from
moving away from Social Security numbers on all of our ID cards
and so forth, that did not happen overnight. It came with
putting out a standard, coming up with a schema, as we talked
about, and then enforcing it.
Mr. RICE. Thank you Ms. Kelly.
Mr. Mitchell.
Mr. MITCHELL. Thank you, Mr. Chair.
Mr. Wilshusen, let me start with you. One of the things
that I haven't seen referenced here is the use of Social
Security numbers and the hacking that goes on with the IRS. It
probably won't surprise you to know that I--among how many
million others of Americans have had their Security number
hacked for IRS purposes.
The solution to that was we'll issue a PIN number. So you
get a PIN number mailed to you so you can file your taxes.
Do you know what happened this year on that?
Mr. WILSHUSEN. I understand that those PIN numbers were
also compromised to some extent.
Mr. MITCHELL. They were. So I didn't get a PIN number.
I can only begin to describe to you the entertainment of
trying to file my taxes, as well as I don't know how many other
million of Americans, when in fact they don't have PIN numbers
that will work either and they can't file electronically or any
other way with their Social Security number.
The reason I raise it is the point that Mr. Schweikert
raised, which is, if, in fact, rather than independent agencies
creating their own identifiers, a PIN number, all of the
acronyms--I don't know if anybody is watching this or will
watch this tape, but most Americans, their eyes will glaze over
with acronyms--the private sector has a variety of approaches
to creating an identifier, a token system. I'm shocked, at this
point, there hasn't been substantial conversations as to why we
don't set a centralized process so someone can trigger that and
create a token for not only benefits but when they pay their
taxes. Why is that not a more active effort at this point in
time rather than individual efforts?
Mr. WILSHUSEN. I think that's definitely a possibility. But
I think you also touch upon the fact that these numbers,
regardless of their provenance, if you will, need to be
adequately protected by agencies in their information systems.
And we have found traditionally that the security controls over
agency systems need to be improved.
Mr. MITCHELL. Oh, I wouldn't disagree with you one bit.
You've got two issues. One is the user using their number
and the agency securing it. And those are two separate dilemmas
in the problem. But we seem to be making one harder by issuing
all kinds of different identifiers, which in the case of the
IRS, that was compromised as well.
So what's to prevent being compromised, this additional
effort we've made and all the money we've put into it, rather
than have an encrypted token-based system that allows you to do
that? And that technology has existed in the private sector for
a fair amount of time. So I would encourage the agencies to
begin actively, and we should talk about it further, Mr. Chair,
about how it is we actually encourage doing something that is
integrated that secures it to a token system that's encrypted.
At least protects that end, the user end.
If I can real quick, Mr. Oswalt, before my time runs out, I
was looking through your testimony and listening to you--I
returned a little late from the floor to hear everyone, and I
apologize. There's some notations here that I guess troubled me
a bit. VA is currently evaluating the elimination of Social
Security numbers from correspondence.
I'm trying to find a polite way to word my response on
that. It's nice that they're evaluating that. How long does it
take VA to evaluate that?
Mr. OSWALT. Sir, since we began the SSN reduction effort, I
mean, a number of correspondence and forms generally have been
scrubbed. If there's a compelling business need for it, we
would--it would remain. We have an SSN number review board that
reviews things from a departmentwide standpoint. I can't attest
right now--I can submit it for the record--what forms and
letters, correspondence still has that. But as I said in my
oral testimony----
Mr. MITCHELL. I've only got a couple minutes. Let me ask
for the record that you do submit the number of forms,
correspondence, and what their purpose is and what their
justification is for the record.
Because I don't understand why it is on correspondence we
are sending out, that we still put the Social Security number
on there. And in fact, if we are putting the Social Security
number, are we putting the whole Social Security number? My
goodness gracious, guys.
Question number two for you, you made a comment about the
Social Security numbers still being on their wristbands. Now,
my guess is everybody in the room has been in the hospital for
one purpose or another or been to a lab, and you get a
wristband. I haven't seen a Social Security number on a
wristband in a medical institution in close to a decade, maybe
7 years. Why in the world would you still put it on when
they're hospitalized?
Mr. OSWALT. There is a barcoded SSN that allows the
clinician to talk to a machine to the barcode. So that's used
as a form of patient identification and verification. As I
think I mentioned in my oral testimony, there's a pilot at a
number of VA sites underway where we're using the last four.
Eventually, we'll move away from the full human-readable SSN,
and the integration control number, the ICN, will replace that.
Mr. MITCHELL. Thank you, Mr. Chair. I yield back.
Thank you, sir.
Mr. RICE. Thank you, Mr. Mitchell.
Mr. Pascrell.
Mr. PASCRELL. Thank you, Mr. Chairman. Thank you for having
this hearing.
Ms. Jackson, I sat on the Ways and Means Health
Subcommittee. We had extensive conversations with the Social
Security agency about the process for removing Social Security
numbers from Medicare cards. Hearing again about this process
is enough to make your head spin. At the time we had this
dialogue, it was quite clear that Social Security, quote-
unquote, ``did not have the funding to do this.'' That's what
you said to us.
Now, can you explain how what seems like a pretty simple
task of removing of Social Security numbers from Medicare cards
can be such a challenge that CMS'--to the system that you use
in terms of information technology? Tell me what's going on.
Ms. JACKSON. Thank you very much for the opportunity to
speak to that.
We have, at CMS, been looking into the removal of the
Social Security number from the Medicare card for a number of
years. But it was not until Congress gave us the resources to
be able to implement the system changes both in our internal
systems and also in the data exchanges and the updates that we
must do with the Social Security Administration, with the
Railroad Retirement Board, who also use a HICN-based
identification card, updating information in our internal
systems as well as informing providers, healthcare providers,
and Medicare beneficiaries about their need to use a new card
when they both provide care on the healthcare provider side and
for billing purposes and also when a beneficiary goes to
receive care from their doctor or from their hospital.
To move forward with implementation of the Medicare
beneficiary identifier, we have made system changes over the
past couple of years. We hit a major milestone this past
weekend in assigning new Medicare beneficiary identifiers to
all Medicare beneficiaries, which now will allow us to begin
the testing process with all of our systems and our data
exchange partners to then be able to mail the card and begin
the transition period.
We expect to have this completely implemented by April of
2019, with the beginning of mailing of cards in April of 2018.
The transition period for us is very important so that all
stakeholders are able to receive the new MBI, submit bills and
claims using the new MBI, and to assure that healthcare is
still available and provided to Medicare beneficiaries.
Mr. PASCRELL. The new identifiers will be the same number
as the past?
Ms. JACKSON. No. The new identifier, it's an 11-digit code.
But it is an alphanumeric code that is randomly assigned--was
randomly assigned when we did the enumeration over the weekend,
and does not look anything like the current health insurance
claim number.
Mr. PASCRELL. So we've done it with some resources, and you
proved it could be done, and the system will be complete in
2019?
Ms. JACKSON. That's correct.
Mr. PASCRELL. Am I correct in saying that?
Ms. JACKSON. Yes.
Mr. PASCRELL. That's pretty big. And you're standing by
that?
Ms. JACKSON. I am standing by that.
Mr. PASCRELL. Good.
Ms. JACKSON. We actually will be ready to receive the MBI
on claim submissions by April of 2018.
Mr. PASCRELL. Thank you.
Mr. DeVries, in your testimony--where are you? Oh, there
you are. Am I pronouncing that correctly, sir?
Mr. DEVRIES. Yes, sir.
Mr. PASCRELL. You stated that it was difficult to
completely eliminate the Federal use of Social Security numbers
without a governmentwide, coordinated effort and dedicated--you
said--dedicated funding. That's what you said, right?
Mr. DEVRIES. Yes, sir.
Mr. PASCRELL. Okay. Can you explain how OPM would use
additional funding to try to achieve the goal of limiting the
Federal Government's use of Social Security numbers?
Mr. DEVRIES. In the case of OPM, where we exchange the
important data between a Federal retiree with the Social
Security and the IRS for tax purposes there, that underlying
thing would still be coded and still be exchanging through the
Social Security number. But, again, the communication that goes
out to the Federal retiree benefit is a different number. We do
in fact do that today for the retirement services, where you
get a different control number when you become a Federal
retiree. And that's how all action is tracked back to you.
In terms of the money to change the systems, it is--we're
operating systems today, and, just as CMS probably experienced,
you need an infusion of money to do coding and other changes
and testing, as you prepare this parallel highway, if you will,
of how we're doing it there.
Mr. PASCRELL. Thank you.
Mr. Chairman, may I just add this into the record? I heard
from one of our members--and I need to correct the record--said
that the President's budget does not cut Social Security
benefits. But it does. In the budget, it cuts Social Security
disability by up to $64 billion. I think the record needs to be
corrected. And maybe the Congressman who said it needs to be
corrected.
Mr. RICE. Thank you, sir.
Mr. Hurd.
Mr. PASCRELL. You're welcome. Thank you.
Mr. HURD. Thank you, Chairman.
Mr. Oswalt, I was confused by an earlier exchange. Do we
know how many documents within the VA have the Social Security
number printed on it?
Mr. OSWALT. We know what we know right now. It's an
ongoing, expanding effort. There is a Social Security number
reduction tool.
Mr. HURD. I get that. So, correct me if I'm wrong, there's
a bunch of forms that the VA sends out. We should know how many
those are. One of the data elements on that form is Social
Security. Why does it take years to go through each form and
delete that data element or not show it on the underlying form?
Mr. OSWALT. Sir, I would have to submit for the record the
history of why it's taken so long. But there are a number of
instances where it's in the----
Mr. HURD. Ms. Jackson, how many forms does your
organization have that print the Social Security number on it?
Ms. JACKSON. With the implementation of the Medicare
Beneficiary Identifier, we won't have any forms that will issue
the Social Security number. Over the past couple of years, we--
--
Mr. HURD. So you're saying 2019 is when we're going to be
successful in achieving that. Again, we currently, right now,
there is X number of forms that produce, when they're printed
out, on that form, it includes the Social Security number,
correct?
Ms. JACKSON. No, sir. I'm sorry. I should have been
clearer. Our correspondence with Medicare beneficiaries, we
have truncated the Social Security number on all of that
correspondence, with the exception of one document, which is
our Medicare premium billing form. That still does include the
health insurance claim number. I'm sorry. I can't remember if
it is truncated. That will be the document that will be
replaced with the MBI when we implement.
Mr. HURD. Great.
Ms. LaCanfora, how many forms does your organization
produce that has the full Social Security number on it?
Ms. LACANFORA. Currently, we send out about 233 million
notices or forms of correspondence each year that still have
the Social Security number.
Mr. HURD. Is it that many unique, or is it five different
kinds of correspondence?
Ms. LACANFORA. There's over a thousand separate types of
notices.
Mr. HURD. So we have a thousand documents, and one of those
elements, when it gets printed out, is Social Security number.
Why can you not just delete that when you run a batch?
Ms. LACANFORA. So we have deleted the number or removed the
number and replaced it with a beneficiary notice code on over a
hundred million notices and we have another 42 million that
we're doing in fiscal year 2018. The challenge that we have is
twofold. One is that there are 60 separate disparate systems
that produce those 1,000-plus notices. So the resources needed
to make the changes are significant.
Beyond that, the other significant issue or challenge that
we have is that the Social Security number was created to do
business with our agency. And so, when we mail out a notice to
someone and they, for example, are being told that they have an
overpayment, they might pick up the phone and call us. And we
have got to be able to quickly identify who they are and what
their issues are.
Mr. HURD. Mr. DeVries, Estonia has done this. Estonia has
moved to a system where it is a tokenization. Now, they're 1.3
million people, so the size of my hometown of San Antonio. A
little bit different. But they've achieved the ability to have
this interoperable number across all of their government
agencies. We've talked about tokenization here. In your role
with OPM, what do you need--ultimately, it's a shared service.
And how do we implement a shared service at OPM when it comes
to an identifier across all the Federal Government?
Mr. DEVRIES. Chairman Hurd, that's a great question. I'm
not sure the exact answer, because what you're talking about is
through the token and the bitchain type technology and so
forth. That's the one I think that we need to work with
industry closer on and bring that to the Federal Government
side of the house, because it's not the same thing as it is on
the industry side of the house. I'm desperately trying to reach
out there for it. We're still stymied by how do you bring that
technology in and infuse it into--it's really our application
systems. It's not our hardware systems. It's the applications
that are writing it and changing that.
Mr. HURD. Mr. Wilshusen, in the last 30 minutes of my time,
you reference legacy IT being a barrier. What do we need to do
in order to prevent that from being a barrier?
Mr. WILSHUSEN. Well, that's one of the problems in terms of
with legacy systems. Often they may not be able to handle newer
numbers. And so, in order to be able to do that, it requires
significant system change or modification.
Mr. HURD. I yield back, Chairman.
Mr. RICE. Thank you, sir.
Mr. Lynch.
Mr. LYNCH. Thank you, Mr. Chairman.
I thank the witnesses for your help with the committee's
work.
Mr. DeVries, back in 2015, I think it was July, OPM
disclosed that its information technology systems had
experienced a massive data breach, compromising the Social
Security numbers, names, addresses, background information,
birth dates, and the background investigation records for about
22 million people who had applied for sensitive positions with
the FBI, CIA, NSA. And we had a hearing subsequent to that
breach. And I actually asked your predecessor, Ms. Archuleta, I
asked her if she was even taking the most rudimentary steps to
protect Social Security numbers; are we even encrypting them
within the system at OPM? And I was very sad to hear her
testify that, no, at that time, in 2015, we were not
encrypting. And I urged them to do that.
Then, a year later, we had a followup hearing with Ms.
Cobert. I think she had some operational responsibility there.
I asked her the same question a year later if that job was
complete. She testified that, no, it was not complete.
And so we come full cycle here, and you're here. And I got
to ask you: Now, Ms. Cobert said our system did not allow
encryption of Social Security numbers. And I just want you to
tell me something good. Tell me that we've encrypted these
Social Security numbers. You know, it would be laughable if it
wasn't so serious.
Mr. DEVRIES. It is serious.
Mr. LYNCH. I read an article last Sunday in The New York
Times where a bunch of our sources in China are being killed
off, either killed or imprisoned, U.S. sources, foreign
intelligence sources. And, you know, I gotta think that--well,
that hack was attributed to the Chinese Government. The hack
actually came after--at least we found out about it after many
of these people were executed in China for cooperating with the
United States Government. They were shot as spies or imprisoned
as spies. But you see, especially with sensitive information
like this for secure positions, we're really exposing our
personnel, our intelligence officers, and anyone who cooperates
with them to grave, mortal threat. And so we've really got to
step up our game here.
So let me go back to my question. Are we encrypting these
Social Security numbers?
Mr. DEVRIES. Representative Lynch, yes, we are. Regarding
the background investigations records incident, I have all the
databases that contained the Social Security numbers and other
PIs encrypted, with the exception of one database that resides
in the mainframe, which is now sitting behind other security
controls and detection systems. And that is scheduled for
completion, which is a little bit more of a challenge because
it's on the mainframe, to be completed this calendar year.
Mr. LYNCH. Okay. So we had this hack about 10 days ago,
this ransomware attack. It was basically not stealing our
information, but preventing people from utilizing that. Most of
the impact was overseas. They tell me that that was because
many of the--much of that software was bootlegged software,
that Microsoft Windows--well, they bought it bootleg so that
the fixes and all that were not available for those people. But
are we--do you feel that we have major vulnerability from that
type of hack as far as our user population goes?
Mr. DEVRIES. Sir, I would say yes. And I think that's the
lowest common denominator that we all got to take steps to keep
on educating, both the families at home as well as the
workforce itself. Within OPM, there was no choice. Their
systems are patched. That's a call that the Director supports,
and I make it as the CIO, and I think that is the right
approach to take, just as you would in any kind of corporation
there.
Mr. LYNCH. All right.
Mr. Chairman, thank you for your courtesy. I yield back the
balance of my time.
Mr. RICE. Thank you, sir.
Ms. Sanchez.
Ms. SANCHEZ. Thank you, Mr. Chairman.
And I want to thank the witnesses for being here with us
today to talk about this important issue.
Identity theft affects over 12 million Americans per year,
and it costs the victims just over $350 on average. That's on
average. You hear cases of it taking people years and a lot
more money to sort of get it straightened out. And I've been
one of those people that have, unfortunately, been a victim of
identity theft.
Social Security numbers and other personal information,
like dates of birth, are--that information is very coveted by
hackers who steal that personally identifiable information from
breaches of the Office of Personnel Management, from health
insurance companies, the United States Postal Service, and even
retailers like Target. And while I'm encouraged with the Office
of Management and Budget's initiative when they issued the 2007
memo calling for agencies to reduce collected and retained
information and to strengthen the security of sensitive
information, these recent hacks show that OPM and other
agencies are still fundamentally very ill-prepared, and many
Americans' sensitive information is still very vulnerable to
attack.
That's why, you know, reducing the superfluous collection
and retention of Social Security numbers is so important. It's
troubling to see that, after 10 years, Government
Accountability Office reports show that only 2 of 24 agencies
examined met the requirements for a complete plan to reduce
unnecessary usage of Social Security numbers. And it's even
more troubling that the Office of Management and Budget has
provided very little guidance to agencies to help with the
transition. In addition, to exacerbate matters, the President's
budget proposal guts agency personnel and operating budgets,
further limiting their capacity to protect information and to
improve their systems.
Whether it's a lack of funding or a lack of guidance, 10
years after the issuance of the memo, we should be in a better
position to safeguard Americans' personal information.
And I know--I recognize that there are clear barriers that
agencies face in reducing the collection of Social Security
numbers. For example, in many cases, States mandate the
collection of that information. I just wanted to note, before I
delve into questions, that I think it's interesting that today
we're discussing the progress of agencies to reduce the
collection of Social Security numbers when tomorrow this same
committee will be marking up a bill to add a new requirement on
an agency to collect and verify Social Security numbers. So, on
the one hand, we are saying, ``Don't collect them and don't
collect them superfluously,'' and then, on the other hand, we
are going to be mandating the collection of that information.
And I think it's both ironic and hypocritical of us on this
dais to be doing both things.
But aside from that comment, Mr. DeVries, in the GAO's
report, it mentions that OPM proposed using an alternate
Federal employee identifier but withdrew that regulation
because the identifier wasn't available. What are the barriers
to creating a new identifier for Federal employees or for
agencies to use in their administration of benefits?
Mr. DEVRIES. Representative Sanchez, thank you for that
question. Again, I think the complexity or the barriers to
overcome here is the size and complexity of the government.
Just as the witnesses here at the table represent a few of the
agencies, every agency really has a collection thing that kind
of ties back to an individual and the benefits that get tied to
it, whether it be their pay, their benefits, medical and so
forth. How do you then create that architecture--and again,
going back to what Chairman Hurd talked about, you would have
to have that architecture in hand as you begin to even talk
about the token to use or the other bitchain type stuff. How do
you then promulgate that down? My colleague to my left here
talked about how they rolled out the whole Medicare new number
there. It is not done overnight. It's a process. It's based
upon the architecture there.
Ms. SANCHEZ. And cuts in funding, how does that affect the
ability to protect sensitive information effectively?
Mr. DEVRIES. So, in every agency, there is probably just
enough dollars to make that go. When I am going to try and do
something else, I have got to have that infusion to create
something that goes alongside what I am currently operating and
bring in something new. And I must turn off what I just got rid
of.
Ms. SANCHEZ. Would you say that right now you are operating
with the very best equipment that money can buy?
Mr. DEVRIES. No, ma'am.
Ms. SANCHEZ. Would you say that the equipment that you have
to work with, on a scale of 1 to 10 in terms of modern and
efficient, where would it lie on that scale?
Mr. DEVRIES. Ma'am, I would say, from an overall
architecture and operating perspective, I would say it would be
about a 0.3 or a 0.4.
Ms. SANCHEZ. So further budget cuts not necessarily helpful
to rectifying that?
Mr. DEVRIES. No.
Ms. SANCHEZ. Thank you. No more questions.
Mr. RICE. Thank you, Ms. Sanchez.
The Federal Government needs to ensure it is doing all it
can to protect Americans' identities and that Social Security
numbers are not being used unnecessarily. While progress has
been made, based on what we have heard today, there is still a
long way to go.
Thank you to our witnesses for their testimony.
Thank you also to our members for being here.
With that, the subcommittee stands adjourned.
[Whereupon, at 3:35 p.m., the subcommittees were
adjourned.]
[Questions for the Record follow:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
[all]