Testimony and Statement for the Record of
Chris Jay Hoofnagle
Associate Director, Electronic Privacy Information Center
Hearing on Enhancing Social Security Number Privacy
Before the House Ways and Means Subcommittee on Social Security
10 AM
Tuesday, June 15, 2004
B-318 Rayburn House Office BuildingIntroduction
Chairman Shaw, Ranking Member Matsui, and Members of the Subcommittee, thank you for extending the opportunity to testify enhancing the privacy and integrity of Social Security Numbers.
My name is Chris Hoofnagle and I am associate director with the Electronic Privacy Information Center (EPIC), a not-for-profit research organization based in Washington, D.C. Founded in 1994, EPIC has participated in cases involving the privacy of the Social Security Number (SSN) before federal courts and, most recently, before the Supreme Court of New Hampshire.[1] EPIC has also taken a leading role in campaigns against the use of globally unique identifiers (GUIDs) involving the Intel Processor Serial Number and the Microsoft Corporation's Passport identification and authentication system. EPIC maintains an archive of information about the SSN online at http://www.epic.org/privacy/ssn/.
In previous testimony to this Subcommittee, EPIC has recommended a strong framework of Fair Information Practices to create rights and responsibilities for individuals and collectors of the SSN. In 2001, EPIC Executive Director Marc Rotenberg traced the history of the SSN as an identifier, highlighted the use of the SSN in the financial services sector, and raised privacy issues associated with the Social Security Administration's Death Master File.[2] In 2002, EPIC testified that the problem of identity theft had grown worse, that the states were acting to limit collection and disclosure of the SSN, and that 107 H.R. 2036, the Social Security Number Privacy and Identity Theft Protection Act of 2001 could limit misuse of the SSN.[3] In 2003, EPIC appeared again to testify in favor of privacy protections, highlighting recent abuses, the continuing unnecessary use of the SSN as an identifier by both private and public sector entities, and the developing trends of state legislation crafted to limit collection and use of the identifier.[4]
Chairman Shaw, we commend you for developing a rich legislative record on the need to protect the SSN and to combat identity theft. In today's testimony, we wish to continue to contribute to the record and make a recommendation that you advance legislation to secure the SSN and protect Americans from identity theft. First, we provide an overview and recommendations for 108 H.R. 2971, the Social Security Number Privacy and Identity Theft Prevention Act of 2003. Second, we highlight examples of state SSN regulation that could be adopted at the federal level to provide an umbrella of protections for the SSN. In the third section, we argue that identity theft is caused by excessive reliance on the SSN and by lax credit granting practices.
I. Recommendations for 108 H.R. 2971, the Social Security Number Privacy and Identity Theft Prevention Act of 2003
Introduced in July 2003, H.R. 2971 is the latest of a series of bills designed to enhance protections for the SSN and to promote the integrity of the identifier. It enjoys bipartisan support in the House of Representatives.
Title I of the bill sets forth limitations on government disclosure of SSNs. Broadly put, this title would prohibit executive, legislative, or judicial entities from disclosing the SSN, subject to certain exceptions.
We think it important to limit the exceptions for governmental sale of the SSN. Specifically, we recommend that subsection (V), which allows unlimited sale of SSNs to thousands of credit reporting agencies (CRAs), be removed from the bill. This exception is too broad and allows unrestricted transfers of government records containing social security numbers to CRAs, possibly for purposes unrelated to credit reporting, including direct marketing.
It is not the role of government to collect SSNs from citizens, who are often under legal compulsion to provide the identifier, and then release the SSNs to the private sector for the purpose of compiling dossiers. Professor Daniel Solove has fully articulated how this model of information flow is unfair to individuals and privacy invasive:
Imagine that the government had the power to compel individuals to reveal a vast amount of personal information about themselves - where they live, their phone numbers, their physical description, their photograph, their age, their medical problems, all of their legal transgressions throughout their lifetimes whether serious crimes or minor infractions, the names of their parents, children, and spouses, their political party affiliations, where they work and what they do, the property that they own and its value, and sometimes even their psychotherapists' notes, doctors' records, and financial information.
Then imagine that the government routinely poured this information into the public domain - by posting it on the Internet where it could be accessed from all over the world, by giving it away to any individual or company that asked for it, or even by providing entire databases of personal information upon request. In an increasingly "wired" society, with technology such as sophisticated computers to store, transfer, search, and sort through all this information, imagine the way that the information could be combined or used to obtain even more personal information.[5]
If this exception remains in the legislation, we recommend that it be narrowed. Currently, the exception allows disclosure of the SSN to CRAs without any limitation on use of the identifier. A narrower exception would allow disclosure but limit use of the identifier for "credit reporting practices consistent with the Fair Credit Reporting Act, 15 U.S.C. 1681."
In section 101, we recommend harmonizing the definition of "sale" with other references to the term that appear in the legislation. The definition appearing in section 107, which defines sell as "to obtain, directly or indirectly, anything of value in exchange for such number," is more appropriate.
Section 102 specifies the authority of the Attorney General to create exemptions to the general prohibition on government disclosure of the SSN. We agree with the standard set forth by the legislationthat SSNs should not be disclosed absent a compelling interest that cannot be served through the employment of alternative measures. We are concerned, however, that the Attorney General will still approve of privacy-invasive transfers of the SSN despite this high standard. In documents obtained under the Freedom of Information Act, EPIC has shown that private-sector commercial data brokers (CDBs) play a large role in collecting SSNs and other information for sale to law enforcement.[6] Simply put, there is a risk that the Attorney General will act in self-interest, and approve broad disclosures of SSNs to CDBs that then resell the identifier back to law enforcement or other entities.
We recommend several substantive safeguards against permissive regulations that would allow broad disclosure of the SSN. First, the rulemaking should be open to public comment. Public polling shows that individuals are concerned about increasing use of the SSN; allowing public comment will effectively express popular opposition to expanding use of the identifier.
Second, we think that the qualifier "undue" should be removed from the standard articulated in Section 101 (a)(I)(ii)(II), and that identity theft be added as one of the risks to be considered by the rulemakers. As currently drafted with "undue" as a qualifier and without the special recognition of identity theft as a risk of SSN disclosure, the language will tilt the balance in favor of expanding disclosure of the SSN. A more appropriate balance would be struck with language specifying, "it is reasonably certain that the social security numbers will not be used to commit or facilitate fraud, identity theft, or bodily, emotional, or financial harm."
Third, we think that exceptions to the general prohibition should be limited in duration. A time limit will encourage users of the SSN to transition to alternative identifiers. Exceptions that are not time limited will ensure that SSN users never transition to alternative measures.
Last, entities receiving SSNs should be held to technical safeguards to shield the identifier from employee misuse or theft. We recommend that the following factor be added to the rulemaking: "(III) the social security numbers sold, purchased or displayed will be protected by adequate safeguards, including but not limited to encryption measures and regular auditing of SSN access and disclosure."
Section 103 would codify an important safeguarda prohibition of printing SSNs on checks issued by governments. This is a common sense protection against identity theft. It is necessary because a standard check with a SSN contains all the personal information necessary for commission of identity theft.
Section 104 would prohibit states from displaying the SSN on driver's licenses. Again, this is a common sense approach to preventing identity theft. Indeed, many states already incorporate a ban on printing the SSN on driver's licenses.[7] Such a prohibition makes it more likely that the SSN will not appear in the wallet of individuals, thus reducing the risk that a lost or stolen wallet will provide the personal information necessary to commit identity theft.
We recommend that section 104 also prohibit states from encoding the SSN on magnetic strips, barcodes, or smartcards on the driver's license, as we are aware that while some states do not print the SSN on the card, they may embed the identifier digitally on the card.[8] Anyone with a card reader can swipe the card and capture the identifier. Increasingly, businesses are capturing patrons' personal data from driver's licenses.[9] Removing the SSN from encoded portions of driver's licenses will cut down on unnecessary collection of the identifier.[10]
Section 106 would prohibit government entities from allowing prisoners to have access to the SSN. We think that this too is a common sense protection, in light of the Metromail case, where a company employed prisoners to enter personal information from surveys into computers. This resulted in a stalking case where a prisoner harassed a woman based on information she submitted on a survey. The woman received mail from a convicted rapist and burglar who knew everything about herincluding her preferences for bath soap and magazines. The woman sued and as a result of a class-action suit, Metromail may no longer use prisoners to process personal information.[11] Nevertheless, a general prohibition on inmate access to SSNs is appropriate, and California and Kentucky already have passed legislation to keep SSNs out of the hands of prisoners.[12]
Section 107 generally prohibits disclosure of the SSN in the private sector, subject to exceptions. We think it important to limit exceptions to the general prohibition in order to curb private sector use of the SSN. First, the exception for public health purposes should be limited to "emergency public health purposes." In its current articulation, this exception could allow medical providers and insurance companies to continue to rely upon the SSN in normal operations. Limiting the exception will encourage the industry to shift away from the identifier. We note that Empire Blue Cross is transitioning its 4.8 million customers away from the SSN as an identifier, demonstrating that it is possible for large health care operations to use an alternative identifier.[13]
Section 107 contains an exception for SSNs of the deceased, meaning that they could be freely traded on the market. We think there are important public policy reasons to place some protections on SSNs of the deceased. SSNs of deceased individuals should receive protection for the same reasons that justify protections for living individuals; those reasons include preventing fraud and identity theft. Additionally, criminals are known to assume the identities of deceased individuals in order to engage in criminal acts and to avoid law enforcement. Some protection for these identifiers is justified.
Section 108 codifies a much-needed protection for the SSN. Prior to the implementation of the Gramm-Leach-Bliley Act, CRAs and other entities sold SSNs in credit headers to individuals outside Fair Credit Reporting Act regulation. We understand that some businesses are still selling SSNs from credit headers that were collected before implementation of Gramm-Leach-Bliley. Section 108 would eliminate this unregulated sale of SSNs by tying the identifier to the credit report, and thus to protections in the Fair Credit Reporting Act.
Section 109 contains important protections against the practice of "coercive disclosure," a practice where an entity conditions provision of a product or service based on disclosure of the SSN. Maine, New Mexico, and Rhode Island have established protections against coercive disclosure, and we think it a good idea to federalize this important right to enhance privacy of the SSN.[14]
Title II contains measures to help protect the integrity of the SSN. Section 202, which addresses enumeration at birth, provides an excellent opportunity to address objections to SSN issuance to children that many Americans posses based on political or religious beliefs. In Bowen v. Roy, 476 U.S. 693 (1986), better known as the "Little Bird of the Snow" case, a family that applied for child welfare benefits sued the Department of Health and Human Services for requiring that a SSN be issued to their indigent child. The family alleged that enumeration violated their religious beliefs and that the conditioning of benefits on issuance of the SSN violated the Free Exercise Clause. The Supreme Court disagreed, holding that the government could require the child to obtain a SSN in order to receive benefits.
In that case, the trial court found that the government could, in fact, administer child welfare programs without enumeration. This bill allows Congress to revisit the issue and provide an alternative for those having a religious or ethical objection to permanent enumeration. Alternatives could include a tax-identification number that expires at the age of eighteen, when the child can more fully consider whether to obtain a SSN. Another could specify heightened security requirements or anti-fraud measures to administer benefits to those objecting to enumeration. The study to be performed by the Commissioner of Social Security should require consideration of these issues.
Title III of the legislation creates new criminal penalties for misuse of the SSN. Section 302 prohibits individuals from knowingly providing a false SSN to another person. We think that there should be an exception to this rule for cases where an individual provides a false SSN without any intent to commit fraud. For instance, in situations where an entity demands a SSN without justification, individuals should be able to fabricate one if they are not engaged in fraud and are simply attempting to protect their privacy. We think the following language should be added to Section 302 (in the provision amending Section 1129(a) of the Social Security Act to create a new provision at 1129(a)(3)(B)): "Notwithstanding the previous sentence, an individual is permitted to represent a number to be the social security number assigned by the Commissioner of Social Security to another so long as the individual does not do so with the intent to engage in fraud or other criminal activity."
II. States Have Innovated Clever Protections for the SSN; Congress Should Consider Incorporating Them in 108 H.R. 2971
In recent years, state legislatures have functioned in their traditional roles as "laboratories of democracy," creating new approaches to enhancing the privacy of SSNs. These privacy protections demonstrate that major government and private-sector entities can still operate in environments where disclosure and use of the SSN is limited. They also provide examples of protections that should be considered at the federal level.
Some States Have Placed Broad Prohibitions on Disclosure and Use by Government and Private Entities
Two weeks ago, Colorado Governor Bill Owens signed H.B. 1311, legislation that creates important new protections for the SSN that will take effect later this summer. The new law will limit the collection of the SSN and its incorporation in licenses, permits, passes, or certificates issued by the state. The law requires the establishment of policies for safe destruction of documents containing the SSN. Insurance companies operating in the state must remove the SSN from consumers' identification cards. Finally, the legislation creates new penalties for individuals who use others' personal information to injure or defraud another person.
A law taking effect in January 2005 in Arizona prohibits the disclosure of the SSN to the general public, the printing of the identifier on government and private-sector identification cards, and establishes technical protection requirements for online transmission of SSNs.[15] The new law also prohibits printing the SSN on materials mailed to residents of Arizona. Exceptions to the new protections are limitedcompanies that wish to continue to use the SSN must do so continuously, must disclose the use of the SSN annually to consumers, and must afford consumers a right to opt-out of continued employment of the SSN. Arizona's new law is based on California Civil Code § 1798.85.
Special Protections Have Been Crafted for Students
A number of states have passed legislation limiting colleges and universities from employing the SSN as a student identifier. Limiting use of the SSN in this context reduces the risk of identity theft, as databases of student information, student identity cards, and even posting of grades sometimes contain SSNs.
In Arizona, major universities can no longer use the SSN as the student identifier.[16] In Colorado, as of July 2003, public and private postsecondary institutions were required to establish protections for the SSN and discontinue its use as the primary student identifier.[17] New York and West Virginia prohibit all public and private schools from using the SSN as a primary identifier.[18] Kentucky law allows students to opt-out of use of the SSN as student identifier.[19]
Protections Crafted for Public, Vital, and Death Records
Commercial data brokers obtain SSNs from a number of sources, including public records that individuals are required to file in order to enjoy important rights and privileges offered by society. For instance, marriage licenses have been a source for SSNs and a number of states, including Arizona, California, Indiana, Iowa, Kentucky, Louisiana, Maine, Montana, Ohio, and Michigan, have enacted legislative protections to prevent their disclosure.[20]
Birth and death records are rich in personal information, and states have acted to shield SSNs collected in these life events against disclosures. Arizona, California, Illinois, Kansas, Maine, Maryland, Massachusetts, Minnesota, Mississippi, Missouri, New Hampshire, and other states limit the appearance of the parents' SSN on birth records.[21] Similarly, several states restrict disclosure of the SSN in records associated with death.[22]
Protections Against Pretexting Should Be Considered
We wish to raise one additional concern hereeven legitimate collection of the SSN contributes to unauthorized access to the identifier. That is, we are increasingly aware of manuals for private investigators and other materials suggesting that SSNs can be obtained from motor vehicle departments, applications for professional licenses, and even tax returns.[23] In these cases, the investigator probably obtains the identifier through a friend or contact working at the institution with a SSN. Alternatively, the manuals suggest the use of "pretexting," a practice where an investigator requests personal information from an entity while pretending to be another person or while pretending to have a legitimate reason for access to the information. The Gramm-Leach-Bliley Act prohibits pretexting with respect to financial, securities, and insurance companies, but the law doesn't apply to pretexting targeted at employers, utility companies, or other entities that have SSNs. The Subcommittee should consider whether expanding protections against pretexting would enhance the privacy of the SSN.
III. Excessive Reliance on the Social Security Number and Lax Credit Granting Practices Are Exacerbating the Identity Theft Problem
News media stories abound on the plight of the victim of identity theft. No one is safe from the crimeimpostors have been able to obtain credit in the names of young children and even babies.[24] While Congress has heightened penalties for identity theft, we recommend that further attempts to fight the crime be centered on the credit granting process, and in particular, the practice of granting credit only on a SSN match.
Identity thieves can rely on aspects of the instant credit granting system to commit fraud. The first weakness in the system flows from extreme competition to acquire new customers. This has resulted in grantors flooding the market with "pre-screened" credit offers, pre-approved solicitations of credit made to individuals who meet certain criteria. These offers are sent in the mail, giving thieves the opportunity to intercept them and accept credit in the victim's name.[25] Once credit is granted, the thief changes the address on the account in order to obtain the physical card and to prevent the victim from learning of the fraud.[26] The industry sends out billions of these pre-screened offers a year. It 1998, it was reported that 3.4 billion were sent.[27] In 2003, the estimate increased to 5 billion sent.[28]
Competition also drives grantors to quickly extend credit. Once a consumer (or impostor) expresses acceptance of a credit offer, issuers approve the transaction with great speed. Experian, one of the "big three" credit reporting agencies, performs in this task in a "magic two seconds."[29] In a scenario published in an Experian white paper on "Customer Data Integration," an individual receives a line of credit in two seconds after only supplying his name and address.[30] Such a quick response heightens the damage to business and victims alike, because thieves will generally make many applications for new credit in hopes that a fraction of them will be granted.
The second factor that makes identity theft easy to commit is that credit grantors do not have adequate standards for verifying the true identity of credit applicants. Credit issuers sometimes open tradelines to individuals who leave obvious errors on the application, such as incorrect dates of birth or even the incorrect name. Identity theft expert Beth Givens has argued that many incidences of identity theft could be prevented by simply requiring grantors to more carefully review credit applications for obviously incorrect personal information.[31]
TRW Inc. v. Andrews illustrates the problems with poor standards for customer identification.[32] In that case, Adelaide Andrews visited a doctor's office in Santa Monica, California, and completed a new patient's information form that requested her name, birth date, and SSN.[33] The doctor's receptionist, an unrelated woman named Andrea Andrews, copied the information and used Adelaide's Social Security Number and her own name to apply for credit in Las Vegas, Nevada. On four occasions, Trans Union released Adelaide's credit report because the SSN, last name, and first initial matched. Once Trans Union released the credit reports, it made it possible for creditors to issue new tradelines. Three of the four creditors that obtained a credit report issued tradelines to the impostor based on Adelaide's file, despite the fact that the first name, birth date, and address did not match.[34]
A survey of other prominent identity theft litigation shows numerous cases where credit was granted as a result of a SSN match despite other obvious inaccuracies. For instance, in Aylward v. Fleet Bank, 122 F.3d 616 (8th Cir. 1997), Fleet Bank of Albany, New York, issued two credit cards to "Ronald Aylward," allegedly of East Moriches, New York, who used both the victim's name and SSN in applying for the cards. The victim, however, lived in Missouri all of his life.
In United States v. Peyton, 353 F.3d 1080 (9th Cir. 2003), impostors obtained American Express cards using the victims' correct names and SSNs but directed all the cards to be sent to the impostors' home. In Vazquez-Garcia v. Trans Union De P.R., Inc., 222 F. Supp. 2d 150 (D. P.R. 2002), a resident of Puerto Rico who was born in 1962 learned that Sears had issued a credit card to a resident of Nevada who was born in 1960. The impostor had falsely used the victim's SSN to apply for credit cards in his own name and succeeded in getting credit despite the mismatch on age and location. In Dimezza v. First USA Bank, Inc., 103 F. Supp. 2d 1296 (D. N.M. 2000), an impostor obtained credit using the victim's SSN but a different name and address.
And finally, those who attempt to assign liability for negligent credit granting have not been successful in the courts. In Huggins v. Citibank, 355 S.C. 329 (S.C. 2003), a plaintiff-victim alleged that banks should be liable when they negligently extend credit in a victim's name to an impostor.[35] The defendants argued that no duty existed because the victim was not actually a customer of the bank. In August 2003, the South Carolina Supreme Court rejected the proposed cause of action. Although it expressed concern about the rampant growth of identity theft, the court found that the relationship between credit card issuers and potential victims of identity theft was "far too attenuated to rise to the level of a duty between them."
These cases show that excessive reliance on the SSN can contribute to identity theft. California has attempted to address this problem by requiring certain credit grantors to comply with heightened authentication procedures. California Civil Code § 1785.14 requires credit grantors to actually match identifying information on the credit application to the report held at the credit reporting agency. Credit cannot be granted unless three identifiers from the application match those on file at the credit bureau. The categories to be matched include "first and last name, month and date of birth, driver's license number, place of employment, current residence address, previous residence address, or social security number."[36] Simply requiring credit grantors to look beyond the SSN as a customer identifier and authenticator will begin to address a wide range of identity theft.
Conclusion
Thank you, Chairman Shaw, for continuing to develop a rich legislative record supporting greater privacy for the SSN. We think that the privacy and integrity of SSNs could be enhanced through the passage of federal legislation that limits the collection and approved uses of the identifier. We urge the Subcommittee to examine state laws that have created new, clever protections for the SSN. We also urge the Subcommittee to consider that excessive reliance on the SSN contributes to identity theft. We look forward to continuing to work with the Subcommittee on this and other privacy matters.
[1] Estate of Helen Remsburg v. Docusearch, Inc., et al, C-00-211-B (N.H. 2002). In Remsburg, the "Amy Boyer" case, Liam Youens was able to locate and eventually murder Amy Boyer through hiring private investigators who tracked her by her date of birth, Social Security Number, and by pretexting. EPIC maintains information about the Amy Boyer case online at http://www.epic.org/privacy/boyer/.
[2] Social Security Numbers and Identity Theft, Joint Hearing Before the House Financial Services Subcommittee on Oversight and Investigations and the House Ways and Means Subcommittee on Social Security, Nov. 8, 2001 (testimony of Marc Rotenberg, Executive Director, EPIC), available at http://www.epic.org/privacy/ssn/testimony_11_08_2001.html.
[3] Hearing on Preserving the Integrity of Social Security Numbers and Preventing Their Misuse by Terrorists and Identity Thieves, Joint Hearing Before the House Ways and Means Subcommittee on Social Security and the House Judiciary Subcommittee on Immigration, Border Security, and Claims, Sept. 19, 2002 (testimony of Chris Jay Hoofnagle, Legislative Counsel, EPIC), available at http://www.epic.org/privacy/ssn/ssntestimony9.19.02.html.
[4] Hearing on Use and Misuse of the Social Security Number, Hearing Before the House Ways and Means Subcommittee on Social Security, July 10, 2003 (testimony of Chris Jay Hoofnagle, Deputy Counsel, EPIC), available at http://www.epic.org/privacy/ssn/testimony7.10.03.html.
[5] Professor Daniel Solove describes this problem in Access and Aggregation: Public Records, Privacy, and the Constitution, 86 Minnesota Law Review 1137 (2002), available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=283924.
[6] See e.g. Electronic Privacy Information Center, ChoicePoint, available at http://epic.org/privacy/choicepoint/; Chris Jay Hoofnagle, Big Brother's Little Helpers: How ChoicePoint and Other Commercial Data Brokers Collect, Process, and Package Your Data for Law Enforcement, University of North Carolina Journal of International Law & Commercial Regulation (Spring 2004).
[7] See Ariz. Rev. Stat. § 28-3158; C.R.S. § 42-2-107; C.R.S. § 42-3-302; D.C. Code Ann. § 50-402; O.C.G.A. § 40-3-23; HRS § 286-109; HRS § 286-239; Idaho Code § 49-306; Idaho Code § 49-2444; Ky. Rev. Stat. Ann. § 186.412; Mont. Code Ann. §61-5-111(2)(b); Nev. Rev. Stat. Ann. § 483.345; .N.H. Rev. Stat. Ann. §263:40-a; N.D. Cent. Code 39-06-14; Ohio Rev. Code Ann. §4501.31; Okla. Stat. Ann. tit. 47, § 6-106 (2002); Pa. Cons. Stat. Ann. § 1510; Tenn Code Ann. § 55-50-331; Tex. Trans. § 521.044; Va. Code Ann. § 46.2-342; Wash. Rev. Code Ann. § 26.23.150.
[8] Beatriz da Costa, Jamie Schulte and Brooke Singer, Who is Swiping?, n.d., available at http://www.we-swipe.us/research.html.
[9] See e.g. Jennifer 8. Lee, Finding Pay Dirt in Scannable Driver's Licenses, New York Times, March 21, 2002.
[10] Louisiana has already prohibited embedding the SSN into a driver's license. La. R.S. § 32:410. West Virginia has attempted to address this problem of license swiping by allowing the use of license scanners for age verification purposes but prohibiting the recording of SSNs in the process. W. Va. Code Ann. § 60-2-22.
[11] During litigation, Metromail claimed that they had not violated the woman's privacy, that they had no duty to inform individuals that prisoners were processing their personal data, and that the data processed was not highly intimate or embarrassing. Beverly Dennis, et al. v. Metromail, et al., No. 96-04451, Travis County, Texas.
[12] Cal Pen Code § 4017.1, § 5071; Cal Wel & Inst Code § 219.5; Ky. Rev. Stat. Ann. § 131.191.
[13] Empire Blue Cross Will End Use Of SSNs, Use Alternate Number System, Privacy and Security Law Report (Jun. 7, 2004) at 666.
[14] 2003 Me. ALS 512; N.M. Stat. Ann. §57-12B-3; R.I. Gen Laws §6-13-17.
[15] Ariz. Rev. Stat. § 44-1373.
[16] Ariz. Rev. Stat. §15-1823. Rhode Island and Wisconsin have similar protections. R.I. Gen. Laws § 16-38-5.1; Wis. Stat. Ann. § 36.11(35).
[17] C.R.S. § 23-5-127.
[18] N.Y. Educ. Law § 2-b; W. Va. Code Ann. §18-2-5f.
[19] Ky. Rev. Stat. Ann. 156.160. See also Ky. Rev. Stat. Ann. 197.120.
[20] Ariz. Rev. Stat. § 25-121; Cal Fam Code § 2024.5; Burns Ind. Code Ann. § 31-11-4-4; Iowa Code § 595.4; Ky. Rev. Stat. Ann. 402.100; La. R.S. 9:224; 19-A M.R.S. § 651; MCL § 333.2813; Mont. Code Ann. § 40-1-107; Ohio Rev. Code Ann. § 3101.05.
[21] See Ariz. Rev. Stat. § 36-322; Cal Health & Saf Code § 102425; 410 ILCS 535/11; K.S.A. § 65-2409a; 22 M.R.S. § 2761; Md. Ann. Code § 4-208; ALM GL ch. 111, § 24B; Minn. Stat. § 144.215; Miss. Code Ann. § 41-57-14; Mo. Rev. Stat. § 193.075; Mo. Rev. Stat. § 454.440; N.H. Rev. Stat. Ann. § 5-C:10.
[22] See Ariz. Rev. Stat. §16-165; Cal Health & Saf Code § 102231; Idaho Code § 67-3007; Burns Ind. Code Ann. § 16-37-3-9; La R.S. § 23:1671; N.D. Cent. Code § 23-02.1-28.
[23] See e.g. Lee Lapin, How to Get Anything on Anybody 533-543 (Intelligence Here, 3d ed. 2003) (section titled "How to Find Anyone's Social Security Number" suggests thirty sources for the SSN, including driver's license applications, bankruptcy filings, court records, bank files, utility records, professional and recreational licenses, and employment files).
[24] Identity Theft Resource Center, Fact Sheet 120: Identity Theft and Children, available at http://www.idtheftcenter.org/vg120.shtml.
[25] Identity crises -- millions of Americans paying price, Chi. Tribune, Sept. 11, 2003, p2.
[26] Id.
[27] Identity Theft: How It Happens, Its Impact on Victims, and Legislative Solutions, Hearing Before the Senate Judiciary Subcommittee on Technology, Terrorism, and Government Information, Jul. 12, 2000 (testimony of Beth Givens, Director, Privacy Rights Clearinghouse) (citing Edmund Sanders, Charges are flying over credit card pitches, L.A. Times, Jun. 15, 1999, p. D-1), available at http://www.privacyrights.org/ar/id_theft.htm.
[28] Rob Reuteman, Statistics Sum Up Our Past, Augur Our Future, Rocky Mountain News, Sept. 27, 2003, p 2C; Robert O'Harrow, Identity Crisis; Meet Michael Berry: political activist, cancer survivor, creditor's dream. Meet Michael Berry: scam artist, killer, the real Michael Berry's worst nightmare, Wash. Post Mag., Aug. 10, 2003, p W14.
[29] Experian, Inc., Customer Data Integration: The essential link for Customer Relationship Management White paper 15, 2000, available at http://www.experian.com/whitepapers/cdi_white_paper.pdf.
[30] Id.
[31] Legislative Hearing on H.R. 2622, The Fair and Accurate Credit Transactions Act of 2003, Before the Committee on Financial Services, Jul. 9, 2003 (testimony of Chris Jay Hoofnagle, Deputy Counsel, Electronic Privacy Information Center).
[32] 534 U.S. 19 (2001); Erin Shoudt, Comment. Identity theft: victims "cry out" for reform, 52 Am. U. L. Rev. 339, 346-7 (2002).
[33] Id. at 23-25.
[34] Id.
[35] See also Garay v. U.S. Bancorp, 2004 U.S. Dist. LEXIS 1331 (E.D.N.Y. 2004); Smith v. Citibank, 2001 U.S. Dist. LEXIS 25047, (W.D. Mo. 2001); Polzer v. TRW, Inc., 256 A.D.2d 248 (N.Y. App. Div. 1998).
[36] Id.
EPIC Privacy Page | EPIC Home Page Last Updated: July 2, 2004
Page URL: http://www.epic.org/privacy/ssn/ssntestimony6.15.04.html