February 2, 2012
Good morning Mr. Chairman, Ranking Member Becerra and members of the subcommittee. My name is John Breyault and I am the Vice President of Public Policy, Telecommunications and Fraud for the National Consumers League (NCL).
Founded in 1899, NCL is the nation’s oldest consumer organization. Our non-profit mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad. NCL’s connection to the Social Security Administration runs deep. Frances Perkins, who was elected Secretary of the League in 1910, was the nation’s first female Cabinet member and was one of the architects of the Social Security Act of 1935.
I greatly appreciate the opportunity to discuss the issue of Social Security’s death records and the impact the misuse of these records has on consumers. As the Director of NCL’s Fraud Center, I hear on a daily basis about the personal and financial toll that identity theft and other fraud takes on consumers and their families. In 2011, we received nearly 9,000 complaints from victims of a variety of fraud. Consumers reporting fraud to NCL lost, on average, $990. In many cases, these unscrupulous con artists financially ruined their victims. NCL’s statistics represent only a small fraction of the fraud problem. For example, in 2012, the Federal Trade Commission received over 1.3 million complaints, of which more than 250,000 involved identity theft. And that represents only those who knew enough to complain to the FTC. According to research firm Javelin Strategy, 8.1 million adults were victims of identity theft in 2010, with each incident costing $631 to resolve.
Despite these sobering statistics, it never ceases to amaze me the extent to which scam artists will go to defraud consumers. As a father of two young daughters, the reports I have seen of the misuse of dead children’s personal information to commit identity theft sickens me.
The vulnerability of children to identity theft is well established. According to recent estimates, 140,000 identity frauds are perpetrated on minors each year. According to researchers at Carnegie Mellon University, 10.2% of children have had their Social Security Number used by someone else – 51 times higher than the 0.2% rate for adults. While it is unknown how many deceased children’s identities scam artists have misappropriated, the volume of news articles about this scam and anecdotal evidence from parents of the deceased children suggest it is not limited to a few isolated cases.
The role that the public availability of the Social Security Administration’s Death Master File (DMF) plays in these scams requires additional study. However, it is clear that identity thieves can quickly and cheaply gain access online to the so-called “holy trinity” of identifying information of recently deceased children – full name, date of birth and full Social Security Number – using websites that access DMF data. On its face, the public availability of a remarkably complete set of personally identifiable information of 83 million deceased Americans for as little as $995 is extremely troubling.
Additional consumer harm arises when individuals are mistakenly listed as deceased on the DMF. Due to “inadvertent keying errors” by federal workers entering death information, the Social Security Administration has stated that approximately 14,000 living Americans are listed as deceased in the DMF annually. Such mistakes can lead to frozen bank accounts, cancelled cell phone service, loan denials and refused job interviews. Due to the DMF’s public availability, these individuals are also put at increased risk of identity theft. It may require months for the SSA to correct these errors and even then, living individuals’ personally identifiable information may still be exposed.
The public availability of the Social Security Administration’s DMF data is certainly not the sole driver of identity theft. Indeed, its wide availability has clearly benefitted security firms that use it to deter fraud. In addition, pension funds, insurance organizations, and medical researchers use DMF data for completely legitimate reasons. That said, it is clear that reform is needed to address the likelihood that identity thieves will continue to make use of the DMF to harm consumers. We also believe that more should also be done to alert consumers who are falsely listed as deceased on the DMF so that they can take action to protect their identities.
A number of commentators, including the SSA’s Office of Inspector General and the Internal Revenue Service’s National Taxpayer Advocate have recommended ways to better protect consumers from identity theft stemming from personally identifiable information made available via the DMF. Several reforms that the National Consumers League supports include:
- Limiting the personally identifiable information included in the public DMF to the absolute minimum required and exploring alternatives to the inclusion of the full Social Security Number;
- Notifying living consumers who have been mistakenly listed in the DMF that their personally identifiable information may have been compromised and recommending steps to safeguard their identities;
- Restricting access to certain personally identifiable information in the DMF to organizations that can certify that have a legitimate need for the information for fraud prevention or benefits administration purposes;
- Increasing penalties for failure of DMF recipients to keep DMF data up to date or the misuse or re-disclosure of DMF information; and
- Requiring the SSA to undertake a study, in conjunction with DMF data recipients, of the usefulness of DMF data in preventing identity theft.
While NCL generally supports transparency of government data, in this case, we believe that the risk that publicly available DMF data could be used for nefarious purposes outweighs the benefit. However, in the interest of the timely provision of survivor benefits and the use of this data for fraud protection efforts, we would not support a total ban on the sale of DMF data. Instead, we believe that SSA and the Department of Commerce should take steps to ensure that DMF data is made available only to organizations that can demonstrate a legitimate need. DMF data recipients should likewise be held to a higher standard of accountability for maintaining the integrity and security of this sensitive data.
In conclusion, I would like to take this opportunity to once again thank the members of the subcommittee for inviting me to testify today on behalf of the National Consumers League and consumers nationwide.
 Source: NCL fraud complaint statistics, 2011.
 Federal Trade Commission. Consumer Sentinel Network Data Book for January-December 2010. Pgs. 3, 5. March 2011. Available online: http://www.ftc.gov/sentinel/reports/sentinel-annual-reports/sentinel-cy2010.pdf
 Saranow Schultz, Jennifer. “The Rising Cost of Identity Theft for Consumers,” New York Times. February 9, 2011. Online: http://bucks.blogs.nytimes.com/2011/02/09/the-rising-cost-of-identity-theft-for-consumers/
 I.D. Analytics. “More Than 140,000 Children Could Be Victims of Identity Fraud Each Year,” Press release. July 12, 2011. Online: http://www.idanalytics.com/news-and-events/news-releases/2011/7-12-2011.php
 Power, Richard. “Child Identity Theft: New Evidence Indicates Identity Thieves are Targeting Children for Unused Social Security Numbers,” Carnegie Mellon Cylab at 4. April 1, 2011. Online: http://www.cylab.cmu.edu/files/pdfs/reports/2011/child-identity-theft.pdf
 See e.g. Goldberg, Eleanor. “Why Thieves Are Stealing Childhood Cancer Victims’ Identities,” Huffington Post. November 18, 2011. Online: http://www.huffingtonpost.com/2011/11/17/why-thieves-are-stealing-childhood-cancer-victims-identities_n_1093481.html
 Hargrove, Thomas. “Grave mistakes: SSA silent on private data breach,” Scripps Howard News Service. November 6, 2011. Online: http://www.courierpress.com/news/2011/nov/06/grave-mistakes-ssa-silent-on-private-data-breach/?print=1
 Social Security Administration. “Personally Identifiable Information Made Available to the General Public Via the Death Master File,” Office of the Inspector General Audit Report. Pgs. 4-5. June 2008. Online: http://oig.ssa.gov/sites/default/files/audit/full/pdf/A-06-08-18042.pdf
 See e.g. ID Analytics. “Keep the Death Master File alive,” Blog posting. December 21, 2011. Online: http://idanalytics.com/idalabs/2011/keep-the-death-master-file-alive/ (stating that “We use this SSA Death Master File as an upfront defense to weed out such applications, and our process successfully stops these attempts.”).
 See generally, Social Security Administration. “Personally Identifiable Information Made Available to the General Public Via the Death Master File,” Office of the Inspector General Audit Report. June 2008. Online: http://oig.ssa.gov/sites/default/files/audit/full/pdf/A-06-08-18042.pdf
 See Legislative Recommendation: Restrict Access to the Death Master File, infra. See also Identify Theft and Tax Fraud Prevention Act, S. 1534, 112th Cong. § 9 (1st Sess. 2011) Online: http://www.taxpayeradvocate.irs.gov/userfiles/file/2011_ARC_MSP%203.pdf