Agency Use of SSNs Poses Security Risk
In April, Rep. Jason Chaffetz, Chairman of the House Oversight & Government Reform Committee (OGR) wrote to the Government Accountability Office (GAO) Comptroller to request an update on an agency-wide review of databases intended to reduce the number of cases where Social Security numbers (SSNs) are collected for citizen services.
Yet federal agencies still haven’t reviewed their data on SSNs for nearly a decade – the last recorded review from the Office of Management and Budget (OMB) dates back to May 2007.
While convenient for agencies to identify and track citizens’ records in databases, SSNs are common links to other personally identifiable information, and easy targets for would-be hackers. But a law signed by President Barack Obama in January 2015 has given the Centers for Medicare and Medicaid Services four years to move beneficiaries to a new Medicare card that does not have their SSN on it.
In an interview with Federal News Radio, Marc-Anthony Signorino, executive director at the Identity Ecosystem Steering Group, said the federal government has been slow to roll out chip cards in place of the old SSN model due to a rise in costs.
“There are a lot of other practices and procedures out there that can be examined, too, but I think the question is a cost-risk benefit,” Signorino said. “For some high-risk transactions — at IRS, you really want to protect someone’s identity, or at CMS you really want to protect somebody’s health information — that might be worth it.”
In the case of the Internal Revenue Service (IRS), they have utilized cheaper, but lower-tech verification methods such as security questions that relay on personal information when a user forgets their password.
“We have this citizen number, really it’s your Social Security number. But it was never intended to be used for anything other than receiving Social Security benefits, and it was legally barred for using it for anything other than Social Security benefits. But what happened is there have been so many exceptions to the rule that have been put on there … that exception swallows the rule,” Signorino said in the interview.
Posted in General News