New plans are in store for an old number
Once they kept track only of who was eligible for old-age pensions. Today they're used to validate personal information for a multitude of transactions - from renting a video to opening a credit account to receiving medical care.
Seventy years old this month, Social Security cards, each with its unique identifying digits, have become an integral, nearly indispensible, part of American life and commerce.
But their increased use has also made the numbers valuable for identity thieves, who can use the information to empty someone's bank accounts or run up credit-card charges. As awareness of the problem has grown, Social Security numbers have begun to disappear from driver's licenses and other highly visible documents, and businesses are guarding them more carefully. Many people no longer carry their Social Security card in their wallet or purse.
While these efforts are laudable, privacy experts say, they're too little, too late. "Reducing the collection and display of Social Security numbers is a small help," says Robert Gellman, a privacy and information policy consultant in Washington, D.C.
"The vast majority of the American populace [already] has their Social Security number out where any identity thief can obtain it with remarkable ease," adds Timothy Sparapani, who tracks privacy rights issues for the American Civil Liberties Union (ACLU).
Unlike a computer password, a Social Security number is difficult to change. The process usually involves persuading the Social Security Administration that you have been a victim of identity theft - and that you're not trying to hide from creditors or a criminal record.
There's much talk of legislation to limit the use of Social Security numbers by private industry, Mr. Gellman says, but inevitably various groups will ask for exceptions, and any new law is likely to be watered down. What legislation might profitably do, he says, is try to protect future Social Security numbers from being compromised. For numbers that already have been issued, it's "largely a lost cause," he says.
Scandals involving financial and other data lost by companies such as ChoicePoint, LexisNexus, and Bank of America have energized Washington to seek to help protect the privacy of Americans. But at the same time, a security measure born of the war on terrorism has yielded a new law that could become a "honeypot" for identity thieves, Mr. Sparapani says.
The Real ID Act, passed in May as part of a larger bill to fund US troops in Iraq and tsunami relief in Asia, will turn state driver's licenses into what amounts to national identity cards by mid-2008.
But that's not its purpose, says the bill's author, House Judiciary Committee Chairman James Sensenbrenner Jr. (R) of Wisconsin. He sees the act, which tightens the requirements to obtain driver's licenses, as aiding in the fight against terrorism. "The Real ID is vital to preventing foreign terrorists from hiding in plain sight while conducting their operations and planning attacks," said Mr. Sensenbrenner after the bill passed.
National standards for licenses, to be set by the federal Department of Homeland Security, are expected to be dramatically strengthened. Applications are likely to require several forms of identification, and information on the cards will be linked between states and the federal government. Life without one of these beefed-up licenses could be difficult: They'll be needed to board an airplane, visit any federal facility, or, in all likelihood, receive any federal services.
The act will "help to ensure that every driver is who they say they are," says Jason King, a spokesman for the American Association of Motor Vehicle Administrators. The measure also makes traffic in fraudulent ID credentials a federal crime.
Privacy experts, however, are concerned that the act requires that the cards contain a "common machine-readable technology" - and that's where privacy and data theft issues may arise, they say. This technology could be a simple magnetic strip, bar code, or computer chip, which would allow information to be collected from the card at a distance of several feet.
Merchants, for example, might ask for the cards as a form of identification and then electronically collect the data off of them - name, birth date, ID number, photo, and perhaps more. Once a business has the data, it's "totally unrestricted what they can do with it," Gellman says.
The ACLU is urging Homeland Security to make privacy a high priority as it works out the specifics for the new driver's licenses, Sparapani says.
While state licenses are quietly on their way to becoming a de facto national ID card in the United States, both Britain and Australia are engaging in lively public debates on whether to introduce national identity cards. No Western democracy has instituted such cards for many decades, says Simon Davies, the director of Privacy International in London. The idea of national ID cards has "started to see a public backlash" in Britain as people learn more about it, he says.
"The institution of a national ID card raises fundamental questions about the relationship of power between the citizen and the government," he says.
In order to prevent identity theft and other misuse, such cards would need to have strong security controls, perhaps requiring a scan of a person's fingerprints or irises. "I can't see taxpaying Americans allowing themselves to be iris-scanned for an identity card," Mr. Davies says.
In a report to the British government in June, researchers at the prestigious London School of Economics and Political Science said that both identity theft and national security might be better addressed by other means than through national identity cards, such as by giving individuals more control over who sees their personal information or by strengthening border patrols and supplying more funds for police investigations.
Current ID technologies are "untested and unreliable," the report said. An ID card, it concluded, "should be regarded as a potential danger to the public interest and to the legal rights of individuals."