CSC News

June 22, 2007

Antón Testifies at Congressional Hearing on SSN Privacy

Serves as Expert Witness at Hearing on Protecting the Privacy of Social Security Numbers from Identity Theft

 Dr. Annie Antón, associate professor of computer science at NC State University, testified at a Congressional Hearing on Social Security Number (SSN), privacy, held by the House Committee on Ways and Means Subcommittee on Social Security on Thursday, June 21st, 2007.

The Subcommittee is examining what role that SSNs play in identity theft, and the steps that can be taken to increase SSN privacy and thereby limit its availability to identity thieves and other criminals.  The hearing will examine how SSNs are currently used, what risks to individuals and businesses arise from its widespread use and options to restrict its use in the public and private sectors.

Called as an expert witness, Antón testified on behalf of the U.S. Public Policy Committee of the Association for Computing Machinery (USACM) that the theft of social security numbers has become the primary tool for stealing an individual's identity, enabling criminals to unlock access to credit, banking accounts, and other services.  Antón, an advisor to the Department of Homeland Security's Data Privacy and Integrity Advisory Committee and a member of USACM, proposed policies that combine business procedures and information technology to help protect SSNs and reduce the nation's reliance on them for personal identification. She urged Congress to strengthen the privacy of SSNs to prevent the resulting fraud that has become increasingly commonplace.

"Two key factors have enabled the explosion of identity theft in today's environment. One is the common use of SSNs as a de facto national identification number; the other is current computing technology that enables the collection, exchange, analysis, and use of personal information on a scale unprecedented in the history of civilization," said Antón.

Speaking before the Subcommittee, Antón urged banks, credit agencies and government agencies to require strong proof of identity, such as passports, military IDs, or licenses with a photograph to verify personal identity. "Once that is established, a secondary authenticator, such as a secret shared password or PIN can be used for subsequent transactions. This approach provides extra layers of security, and should help assure the public that the security and privacy of their information is being taken seriously," she said.
 
To provide an incentive to move away from the SSN as an identifier, Antón added that there should be no penalty or discrimination for someone who will not provide this information when conducting business, unless required by law to disclose it. She said this approach is consistent with advice from the U.S. Federal Trade Commission on protecting against identity theft.

She said that when paper records were used for personal information that included SSNs, they required some effort to find, copy, and disseminate, but the spread of inexpensive computing technology has made it much easier to find, use, and exploit such information for fraudulent purposes.

Antón also proposed prohibiting the display of SSNs in public records, and redacting them from these records. She offered several additional actions to reduce the use and exposure of SSNs including:

•    Requiring transmission of records or documents containing SSNs and other personally identifiable information to be secure or encrypted
•    Requiring electronic security for files and devices containing SSNs
•    Eliminating SSNs as the primary key in databases, and substituting a unique number generated by the database management system.

Dr. Antón has achieved national recognition for her work on privacy and legal compliance in software-based information systems, homeland security, and her analyses of recent publicized security breaches.  She serves on the US Department of Homeland Security Data Privacy and Integrity Advisory Committee, the US Association of Computing Machinery (USACM) Public Policy Executive Committee, and co-authored the USACM Privacy Principles.

Antón is also the founder and director of ThePrivacyPlace.org, a research group of students and faculty at NC State, Purdue University and the Georgia Institute of Technology. She is co-founder of the Biannual Symposium on Requirements Engineering for Information Security (SREIS) and coordinated NC State’s successful application for a National Security Agency Center of Academic Excellence in Information Assurance Education in 2002. She was named a National Science Foundation (NSF) Career Award winner in 2000 and a Computing Research Association Digital Government Fellow in 2002. She is a Senior Research Ethics Fellow for 2006-08 and a member of the NC State University Cyber Defense Lab.

More information about the hearing, including a full transcript, is available at the Committee on Ways and Means Committee site.

The press release issued by ACM, with more information about Dr. Antón’s testimony is available here.

~jeffers~

Return To News Homepage