Social Security Numbers
Federal Actions Could Further Decrease Availability in Public Records, though Other Vulnerabilities Remain Gao ID: GAO-07-752 June 15, 2007Various public records in the United States, including some generated by the federal government, contain Social Security numbers (SSN) and other personal identifying information that could be used to commit fraud and identity theft. Public records are generally defined as government agency-held records made available to the public in their entirety for inspection, such as property records and court records. Although public records were traditionally accessed locally in county courthouses and government record centers, in recent years, some state and local public record keepers have begun to make these records available to the public through the Internet. While it is important for the public to have access to these records, concerns about the use of information in these records for criminal purposes have been raised. In 2006, these concerns were heightened when an Ohio woman pled guilty to conspiracy, bank fraud, and aggravated identity theft as the leader of a group that stole citizens' personal identifying information from a local public record keeper's Web site and other sources, resulting in over $450,000 in losses to individuals, financial institutions, and other businesses. Although we previously reported on the types of public records that contain SSNs and access to those records, less is known about the federal government's direct provision of records with SSNs to state and local public record keepers. Because of Congress's interest in information on these issues, we agreed to answer the following questions: (1) Which federal agencies commonly provide records containing SSNs to state and local public record keepers, and what actions have been taken to protect SSNs in these records? (2) What significant vulnerabilities, if any, remain to protecting SSNs in public records?
IRS and DOJ are the only federal agencies that commonly provide records containing SSNs to state and local public record keepers, and in recent years, both have taken steps to truncate or remove SSNs in those records. These agencies provide property lien records to public record keepers, on which they traditionally included full SSNs for identity verification purposes. However, both agencies have recently taken steps to better protect SSNs in these records. Currently, IRS mandates the use of a truncated version of SSNs on tax lien notices, which displays only the last four digits of the SSN. However, the agency does not mandate SSN truncation on all lien releases it issues. In addition, many of DOJ's districts have begun to truncate or fully remove SSNs on the lien records they provide to public record keepers. However, because DOJ's districts act independently to issue lien notices, some continue to display full SSNs in these records. Independent of IRS and DOJ efforts in this area, some states have begun to remove SSNs in all public records they maintain, though this approach can be costly and may not be fully effective at protecting SSNs. Both full and truncated SSNs in federally generated public records remain vulnerable to potential misuse, in part because different truncation methods used by the public and private sectors may enable the reconstruction of full SSNs. While the display of truncated SSNs in federally generated public records is a step toward improved SSN protection, we previously reported that information resellers--companies that specialize in amassing personal information--sometimes provide truncated SSNs to customers that show the first five digits. Consequently, it is possible to reconstruct an individual's full nine-digit SSN by combining a truncated SSN from a federally generated lien record with a truncated SSN from an information reseller. In addition, while IRS and DOJ have recently taken actions to limit disclosure of full SSNs in records they generate going forward, full SSNs remain in the millions of lien records provided to public record keepers before the agencies implemented these changes. Increased access to these records through bulk sales to private companies and Internet access also creates the potential for identity theft. For example, public record keepers in some states have been selling complete copies of their records to private companies, such as title companies and information resellers, for many years. Because of this practice, current efforts to remove SSNs in records maintained by public record keepers do not apply to all copies of the record already made available. In addition, some public record keepers now provide potentially unlimited Web site access to personal identifying information in the records they maintain.
RecommendationsOur recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director: Team: Phone:GAO-07-752, Social Security Numbers: Federal Actions Could Further Decrease Availability in Public Records, though Other Vulnerabilities Remain
This is the accessible text file for GAO report number GAO-07-752
entitled 'Social Security Numbers: Federal Actions Could Further
Decrease Availability in Public Records, though Other Vulnerabilities
Remain' which was released on June 21, 2007.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Report to the Chairman, Subcommittee on Administrative Oversight and
the Courts, Committee on the Judiciary, U.S. Senate:
United States Government Accountability Office:
GAO:
June 2007:
Social Security Numbers:
Federal Actions Could Further Decrease Availability in Public Records,
though Other Vulnerabilities Remain:
GAO-07-752:
Contents:
Letter:
Conclusions:
Recommendations for Executive Action:
Agency Comments:
Appendix I: Briefing Slides:
Appendix II: Comments from the Office of Management and Budget:
Appendix III: Comments from the Internal Revenue Service:
Related GAO Products:
Abbreviations:
DOJ: Department of Justice:
IRS: Internal Revenue Service:
OMB: Office of Management and Budget:
SSA: Social Security Administration:
SSN: Social Security number:
United States Government Accountability Office:
Washington, DC 20548:
June 15, 2007:
The Honorable Charles Schumer:
Chairman:
Subcommittee on Administrative Oversight and the Courts:
Committee on the Judiciary:
United States Senate:
Various public records in the United States, including some generated
by the federal government, contain Social Security numbers (SSN) and
other personal identifying information that could be used to commit
fraud and identity theft. Public records are generally defined as
government agency-held records made available to the public in their
entirety for inspection, such as property records and court records.
Although public records were traditionally accessed locally in county
courthouses and government record centers, in recent years, some state
and local public record keepers have begun to make these records
available to the public through the Internet. While it is important for
the public to have access to these records, concerns about the use of
information in these records for criminal purposes have been raised. In
2006, these concerns were heightened when an Ohio woman pled guilty to
conspiracy, bank fraud, and aggravated identity theft as the leader of
a group that stole citizens' personal identifying information from a
local public record keeper's Web site and other sources, resulting in
over $450,000 in losses to individuals, financial institutions, and
other businesses.
Although we previously reported on the types of public records that
contain SSNs and access to those records, less is known about the
federal government's direct provision of records with SSNs to state and
local public record keepers. Because of your interest in information on
these issues, we agreed to answer the following questions: (1) Which
federal agencies commonly provide records containing SSNs to state and
local public record keepers, and what actions have been taken to
protect SSNs in these records? (2) What significant vulnerabilities, if
any, remain to protecting SSNs in public records?
To answer these questions, we gathered information from a variety of
sources. Specifically, we interviewed cognizant officials from the
Social Security Administration (SSA), Office of Management and Budget
(OMB), Internal Revenue Service (IRS), and Department of Justice (DOJ).
We interviewed these agencies because they are responsible for
overseeing federal use of the SSN or they were identified through our
research as commonly providing records containing SSNs to state and
local public record keepers. We also conducted interviews with public
record keepers, their national associations, and stakeholder groups
focused on privacy rights, open government, and the title insurance
industry. To gather information on records access, we visited local
public record keepers' offices in the District of Columbia, Maryland,
and Virginia; reviewed several Web sites that provide information on
state and local public records access; and used this work to guide our
selection of state and local public record keepers' Web sites
nationwide for additional review. In total, we reviewed at least one
public record keeper's Web site per state. We also interviewed public
record keepers in five Florida counties to examine implementation of
recently enacted Florida statutes requiring Internet access to public
records and the removal of SSNs and other information in those records.
We conducted our work from November 2006 through May 2007 in accordance
with generally accepted government auditing standards.
On May 10, 2007, we briefed your staff on the results of our analysis.
This report formally conveys the information provided during that
briefing (see app. I). In summary, we found:
* IRS and DOJ are the only federal agencies that commonly provide
records containing SSNs to state and local public record keepers, and
in recent years, both have taken steps to truncate or remove SSNs in
those records. These agencies provide property lien records to public
record keepers, on which they traditionally included full SSNs for
identity verification purposes. However, both agencies have recently
taken steps to better protect SSNs in these records. Currently, IRS
mandates the use of a truncated version of SSNs on tax lien notices,
which displays only the last four digits of the SSN. However, the
agency does not mandate SSN truncation on all lien releases it issues.
In addition, many of DOJ's districts have begun to truncate or fully
remove SSNs on the lien records they provide to public record keepers.
However, because DOJ's districts act independently to issue lien
notices, some continue to display full SSNs in these records.
Independent of IRS and DOJ efforts in this area, some states have begun
to remove SSNs in all public records they maintain, though this
approach can be costly and may not be fully effective at protecting
SSNs.
* Both full and truncated SSNs in federally generated public records
remain vulnerable to potential misuse, in part because different
truncation methods used by the public and private sectors may enable
the reconstruction of full SSNs. While the display of truncated SSNs in
federally generated public records is a step toward improved SSN
protection, we previously reported that information resellers--
companies that specialize in amassing personal information--sometimes
provide truncated SSNs to customers that show the first five digits.
Consequently, it is possible to reconstruct an individual's full nine-
digit SSN by combining a truncated SSN from a federally generated lien
record with a truncated SSN from an information reseller. In addition,
while IRS and DOJ have recently taken actions to limit disclosure of
full SSNs in records they generate going forward, full SSNs remain in
the millions of lien records provided to public record keepers before
the agencies implemented these changes. Increased access to these
records through bulk sales to private companies and Internet access
also creates the potential for identity theft. For example, public
record keepers in some states have been selling complete copies of
their records to private companies, such as title companies and
information resellers, for many years. Because of this practice,
current efforts to remove SSNs in records maintained by public record
keepers do not apply to all copies of the record already made
available. In addition, some public record keepers now provide
potentially unlimited Web site access to personal identifying
information in the records they maintain.
Conclusions:
Federal agencies have taken actions to mitigate the availability of
SSNs in public records by implementing the use of truncation for
documents provided to state and local record keepers. While these
actions provide some additional protection against using these records
to perpetrate identity theft, our review demonstrates that identity
thieves may still be able to reconstruct full SSNs by combining
different truncated versions of the SSN available from public and
private sources. Thus, truncation does not provide complete protection
against identity theft. Yet despite this limitation, our analysis
suggests that truncation provides better protection compared with
records that display full SSNs. In this regard, as we noted in our May
2006 report, Congress may wish to further improve SSN protection by
enacting truncation standards or assigning an agency to do so. In
addition, Congress may wish to solicit input on promising truncation
practices from the Commissioner of Social Security as part of this
process. However, in the absence of such standards, federal agencies
can still take steps to protect SSNs by further reducing their exposure
in records they generate and provide to record keepers.
Recommendations for Executive Action:
To the extent that truncation provides an added level of protection
from identity theft, we are recommending that:
* The Commissioner of IRS should implement a policy requiring the
truncation of all SSNs in lien releases the agency generates.
* The Attorney General should implement a policy requiring, at a
minimum, SSN truncation in all lien records generated by its judicial
districts. Truncation should be in the same format as is currently used
by IRS on lien notices.
Agency Comments:
We provided a draft of this report to SSA, OMB, IRS, and DOJ for review
and comment. SSA, IRS, and DOJ provided technical comments, which we
incorporated as appropriate. We received written comments from OMB and
IRS, which are reproduced in appendixes II and III. In its comments,
OMB indicated its appreciation for the report's analysis of SSN use and
vulnerability, in both full and truncated forms, and provided
information on OMB's recent actions that require federal agencies to
reduce the volume of sensitive information, including SSNs, they
maintain.
Concerning our recommendations, SSA indicated that the agency fully
supports our recommendations to IRS and DOJ because it believes that
SSN truncation will greatly improve protection of the SSN. DOJ also
agreed with our recommendation and subsequently issued a policy
guidance memo that restricts all U.S. Attorneys' Offices from using
full SSNs in any record submitted to state or local public record
keepers. The memo requires offices to either remove the SSN entirely
from these records or use a truncated version of the SSN, showing only
the last four digits. While IRS generally agreed that the use of
truncated SSNs on records submitted to state and local public record
keepers provides an added level of protection against identity theft,
the agency does not currently plan to implement our recommendation to
truncate SSNs in all lien releases it generates, specifically those
relating to pre-2006 lien notices. IRS indicated that truncating SSNs
on lien releases for which the original lien notices show full SSNs may
place a hardship on IRS's lien processing capabilities because it
requires a change in how the agency's centralized Lien Processing Unit
formats those lien releases. While we recognize that this change could
potentially cause an administrative burden for IRS, we believe that the
added level of protection against identity theft accomplished by
truncating SSNs on lien releases outweighs these costs. IRS also
indicated that truncating SSNs on lien releases for which the original
lien notices show full SSNs may prove problematic for record keepers.
However, we do not believe that truncating SSNs on lien releases would
prove problematic for most record keepers. Specifically, IRS includes
key identifying information that corresponds to the original lien
notice on most of the lien releases they submit to record keepers.
Therefore, this identifying information can be used by record keepers
to determine which lien notice corresponds to the newly submitted
release, and IRS should not need to include a person's full SSN on the
lien release for this purpose.
As we agreed with your office, unless you publicly announce its
contents earlier, we plan no further distribution of this report until
30 days after its issue date. At that time, we will send copies of this
report to relevant congressional committees, the Commissioner of SSA,
the Director of OMB, the Commissioner of IRS, the Attorney General, and
other interested parties and will make copies available to others upon
request. In addition, this report will be available on GAO's Web site
at http://www.gao.gov. If you or your staff have any questions about
this report, please contact me at 202-512-7215 or bertonid@gao.gov.
Contact points for our Offices of Congressional Relations and Public
Affairs may be found on the last page of this report. Key contributors
to this report include Jeremy Cox (Assistant Director), Rachel Frisk
(Analyst-in-Charge), and Ayeke Messam. In addition, Dan Schwimer
provided legal assistance.
Signed by:
Daniel Bertoni:
Director, Education, Workforce, and Income Security Issues:
[End of section]
Appendix I: Briefing Slides:
Social Security Numbers:
Federal Actions Could Further Decrease Availability in Public Records,
though Other Vulnerabilities Remain:
Briefing for Senator Charles Schumer:
Chairman of the Subcommittee on Administrative Oversight and the
Courts:
Committee on the Judiciary:
May 10, 2007:
Overview:
Key Objectives:
Scope and Methodology:
Summary of Results Background:
Findings:
Conclusions:
Recommendations for Executive Action:
Key Objectives:
We agreed to determine:
1. Which federal agencies commonly provide records containing Social
Security numbers (SSN) to state and local public record keepers, and
what actions have been taken to protect SSNs in these records?
2. What significant vulnerabilities, if any, remain to protecting SSNs
in public records?
Scope and Methodology:
To answer these questions, we:
Gathered information from the Social Security Administration (SSA),
Office of Management and Budget (OMB), Internal Revenue Service (IRS),
and Department of Justice (DOJ);
Interviewed public record keepers, their national associations, and
stakeholder groups focused on privacy rights, open government, and the
title insurance industry;
Visited local record keepers' offices in the District of Columbia
(D.C.), Maryland, and Virginia, reviewed several Web sites that provide
information on public records access, and examined selected record
keepers' Web sites nationwide; and,
Interviewed record keepers in five Florida counties to discuss recently
enacted state statutes related to public records access and the removal
of certain personal-identifying information in those records.
Summary of Results:
IRS and DOJ commonly provide lien records containing SSNs to state and
local public record keepers, and they have recently begun to truncate
or remove SSNs in those records. While IRS mandates SSN truncation in
all lien notices, it does not mandate truncation in lien
releases.[Footnote 1] Because DOJ's districts act independently to
issue lien notices, some truncate or remove SSNs in these records,
while others continue to display full SSNs. Independent of these
efforts, some states have begun to remove SSNs in all public records.
However, this approach is costly and may not fully protect SSNs.
Both full and truncated SSNs in federally generated public records
remain vulnerable to potential misuse, in part because different
truncation methods used by the public and private sectors enable the
reconstruction of full SSNs. In addition, the continued availability of
SSNs in public records, as well as increased access to these records
through bulk sales and Internet access, create the potential for
identity theft.
Background:
SSNs: Use and Federal Regulation:
Although originally created to track workers' earnings and Social
Security benefits, SSNs have become the identifier of choice for
government agencies and private businesses and are currently used for
myriad non-Social Security purposes.
No single federal law regulates the overall use or restricts the
disclosure of SSNs by governments. However, certain laws limit SSN use
in specific circumstances.
* For example, the Privacy Act of 1974 generally prohibits federal
agencies from disclosing records containing SSNs without the consent of
the individual whose records are being sought.
- Exceptions authorized under the act include routine uses that are
compatible with the purpose for which the SSN was collected, such as
activities related to tax and debt collection.
SSNs: Use in n Identity Theft:
While the use of SSNs can be beneficial for identity verification and
other purposes, SSNs are also a key piece of information used to create
false identities for financial misuse or assume another individual's
identity.
Most often, identity thieves use SSNs belonging to real people;
however, only 30 percent of identity theft victims know how thieves
obtained their personal information.[Footnote 2]
The Federal Trade Commission (FTC) estimated that over a 1-year period,
nearly 10 million people discovered they were victims of identity
theft, translating into estimated losses of billions of dollars.
In response to this issue, the federal government and several state
governments have passed identity theft legislation in recent years.
Public Records: Definition and Types:
Public records can generally be defined as records or documents that
are routinely made available to the public by a government agency or
the courts.
* For example, local record keepers maintain public records that assist
in the conduct of business, legal, or personal affairs.
There are many types of public records, including birth, death, and
marriage records; criminal and civil court case files; and records that
concern property ownership, such as property liens.
* Some documents in these records are created by government agencies,
while others are submitted by private entities.
* Some records contain personal identifying information, such as SSNs,
dates of birth, credit card or bank account numbers, and children's
names or mothers' maiden names.
Public Records: Storage and Access:
Record keepers store records in several formats, including paper copy,
microfiche or microfilm, and electronic image.
Traditionally, individuals accessed public records by visiting the
government offices that maintained them, which provided practical
limits on the volume of personal identifying information that could be
disclosed.
Figure:
[See PDF for image]
Source: GAO analysis and Art Explosion.
[End of figure]
Objective 1: Federal Provision of Records with SSNs:
IRS and DOJ Commonly Provide Records Containing SSNs to Record Keepers,
and They Have Recently Begun to Truncate or Remove SSNs in Those
Records:
IRS and DOJ commonly provide lien notices and releases containing SSNs
to state and local public record keepers.
IRS mandates SSN truncation in all lien notices but not all releases.
DOJ's judicial districts act independently to truncate, remove, or
include SSNs in lien notices.
Some states are independently taking actions to remove SSNs from public
records, but these approaches can be costly and may have a limited
effect on protecting SSNs.
IRS and DOJ Commonly Provide Lien Notices and Releases Containing SSNs
to State and Local Public Record Keepers:
We found that IRS and DOJ are the only federal agencies that commonly
provide records containing SSNs to state and local public record
keepers.
Annually, IRS generates approximately 900,000 lien notices and
releases, for tax-related debts owed to the federal government.
* IRS files lien notices and releases with state and local public
record keepers through its centralized Lien Processing Unit.
Annually, DOJ issues approximately 11,000 lien notices for criminal or
civil court-related debts owed to the federal government.
* DOJ lien notices are not generated through a centralized processing
system. Instead, debt collection units for each judicial district file
liens individually with the relevant public record keeper.[Footnote 3]
IRS-and DOJ-issued liens serve as federal government liens against
property and are generally filed in the same manner.
Neither federal statute nor regulations require that the SSN be
included on notices or releases of liens; however, current federal law
also does not prohibit SSNs from being included on these records. A
lien record typically contains an SSN, name, address, and amount owed.
* IRS and DOJ officials reported that SSNs traditionally have been
included on lien records for identity verification purposes.
While a significant number of federal lien records are generated
annually, because they are distributed throughout the country, they do
not always make up a significant portion of local record keepers'
official records.[Footnote 4]
* For example, the Palm Beach County, Florida, Clerk and Comptroller's
Office reported that federally generated records account for only 3
percent of the county's official records.
IRS Partially Mandates SSN Truncation, while DOD's Districts Act
Independently to Truncate or Remove SSNs in Lien Records:
In recent years, IRS and DOJ have taken steps to better protect SSNs in
lien records they file with state and local public record keepers.
* As of January 1, 2006, IRS mandates the use of a truncated version of
the SSN on all tax lien notices. This truncated SSN displays only the
last four digits of the nine-digit number.
- Before implementing this change in policy, IRS conducted a survey of
recording officials in 12 states who agreed that SSN truncation would
be helpful in addressing privacy and identity theft concerns.
- IRS stated that its SSN truncation policy still ensures identity
verification with a high degree of certainty.
IRS's change in its SSN policy for lien notices does not apply to lien
releases.
Because the release is generated to match the original lien notice,
lien releases sometimes still contain full SSNs.
* For example, a lien release recorded in 2007 will show a full SSN if
the corresponding lien notice was recorded before January 1, 2006.
* However, lien releases recorded for notices generated after January
1, 2006, will contain truncated SSNs, like the corresponding notices.
Unlike IRS, DOJ has not issued a central policy regarding disclosure of
SSNs in lien notices.
Consequently, the 93 debt collection units for DOJ districts
individually decide how to display SSNs in the lien notices they record
with record keepers.
* DOJ officials reported that 80 debt collection units currently
include either a truncated SSN or no SSN in lien notices. Most include
a truncated SSN showing the last four digits.[Footnote 5]
* According to DOJ, the remaining 13 debt collection units currently
include a full SSN on liens. However, several of these units told DOJ
officials that they are considering removing SSNs on future liens.
Some States Are Taking Actions to Remove SSNs from Public Records, but
These Approaches Are Costly and May Have Limited Effect:
Independent of IRS and DOJ actions, some states have recently
considered removing SSNs in public records in order to better protect
this information.
* Florida and Nevada both passed legislation in 2005 requiring the
removal of SSNs in public records. Record keepers have until January 1,
2008, to comply with the Florida law and January 1, 2017, to comply
with the Nevada law.
* Texas also passed legislation in 2005 that was interpreted by the
Attorney General as prohibiting the disclosure of SSNs in public
records. However, in response to that ruling, the Texas legislature
enacted legislation that permits the disclosure of SSNs in public
records and states that the SSN of a living person in Texas is not
considered confidential in these records.
Due to the 2008 deadline, public record keepers in Florida are
currently taking actions to remove SSNs and several other personal
identifiers from records. Officials in the five counties we spoke with
are using a two-step process utilizing software that searches for and
removes SSNs and a manual review of records by county or contractor
staff.
Florida record keepers reported that this approach is costly, with some
funding provided by each county's trust fund for public records
modernization.[Footnote 6]
* For example, Palm Beach County, Florida's third largest county, paid
over $2 million to complete software and manual review and removal of
SSNs and other personal identifiers in approximately 40 million pages
of records.
Due to software limitations and the potential for human error, this
process may still not remove 100 percent of SSNs in these records.
Objective 2: Remaining Vulnerabilities:
The Continued Availability of SSNs in Public Records, as well as
Increased Access to These Records, Create the Potential for Identity
Theft:
Both full and truncated SSNs can potentially be used to commit identity
theft.
Although IRS and DOJ have taken actions to better protect SSNs in the
public records they commonly generate going forward, records they
generated prior to these actions still contain SSNs.
Some public record keepers provide potentially unlimited access to
records and their content through bulk sales to private companies and
online access.
Both Full SSNs and Truncated SSNs Can Potentially Be Used to Commit
Identity Theft:
Full nine-digit SSNs are key to the commission of identity theft.
* For example, SSNs can be used as breeder information to create false
identification documents, such as drivers licenses.
* In addition, SSNs and other personal identifying information are used
to fraudulently obtain credit cards, open utility accounts, commit bank
fraud, file false tax returns' and falsely obtain employment and
government benefits.
Identity theft has been traced to personal identifying information
accessed in public records.
* For example, in recent years, criminals used personal identifying
information contained in public records found on record Keepers' Web
sites in Hamilton County, Ohio, and Maricopa County, Arizona to commit
identity eft.
However, the extent to which SSNs in public records have been used for
this purpose is largely unknown.
While the display of truncated SSNs showing only the last four digits
in federally generated public records is a step toward improved SSN
protection, this method of truncation does not fully protect SSNs
because other sources may provide the first five digits of a person's
SSN.
In our prior work, we found that information resellers private
companies that specialize in amassing personal information sometimes
provide truncated SSNs showing the first five digits to customers with
which they have accounts or to the public over the Internet.[Footnote
7]
* For example, most customers of a prominent information reseller are
able to access information containing truncated SSNs that show the
first five digits.
* Similarly, in our prior work on Internet-based information resellers,
four resellers that gave our investigators truncated SSNs provided them
in a form that showed the first five digits.
The general public can purchase personal information, which may include
truncated SSNs, from information resellers that provide services
through the Internet.
[See PDF for image]
Source: GAO analysis.
[End of figure]
Consequently, by combining a person's truncated SSN on an IRS-or DOJ-
generated notice of lien with that same person's truncated SSN obtained
from an information reseller, it may be possible to determine an
individual's full nine-digit SSN.
* We tested this method and found that it can potentially be used by
identity thieves to reconstruct full SSNs.
Although Federal Agencies Have Taken Actions to Better Protect SSNs in
n Records, Some Still Contain SSNs:
IRS and DOJ actions will generally limit disclosure of full nine-digit
SSNs in records they generate going forward, but full SSNs remain in
the millions of records these agencies provided to public record
keepers before they began truncating and removing SSNs.
* For example, in the 10 years prior to IRS enacting its policy
requiring truncated SSNs on lien notices, IRS generated almost 9
million lien records containing full SSNs[Footnote 8] all of which
currently remain in the public record.
Once a record is officially recorded, the public record keeper is
responsible for maintaining it in perpetuity. Therefore, although an
IRS tax lien expires after 10 years, the lien notice remains in the
public record even after expiration.
Some Record Keepers Provide Potentially Unlimited Access to Records and
Their Content through Sales to Private Companies and Online Access:
Public records were traditionally accessed by visiting government
record centers. However, some record keepers currently sell records in
bulk to private companies, and some provide access o records on their
own government Web sites.
Figure:
[See PDF for image]
Source: GAO analysis and Art Explosion (images).
[End of figure]
When records are sold in bulk or made available on the Internet, it is
unknown how and by whom the records, and the personal identifying
information contained in them, are used.
Figure:
[See PDF for image]
Source: GAO analysis and Art Explosion (images).
[End of figure]
The Extent of Bulk Record Sales to Private Companies, as well as How
Companies Use and Provide Access to Records, Are Unknown:
Record keepers and others report that private businesses have been
purchasing public records in bulk for years.[Footnote 9] However, the
extent of this practice and the ways in which private businesses use
and provide access to these records are largely unknown.
* For example, while title insurance companies may primarily use copies
of property records to conduct related business, information resellers
may use records for a variety of purposes. These purposes may include
the provision of records that contain SSNs to customers and the general
public.
* In addition, the extent to which businesses provide access to these
records, and their content, is unknown. Because some businesses use
companies located outside of the United States for data entry and other
purposes, records and the personal identifying information they contain
may be accessible overseas. In these instances it is unclear whether
U.S. law would protect SSNs from potential misuse.
Online Access to Records Is Increasing, and May Result in Potentially
Unlimited Access to Records and Their Content:
Many record keepers and representatives of stakeholder groups we
interviewed indicated that public records have become more available on
the Internet in recent years.
Across the country, record keepers provide different types of access to
public records on their Web sites.
* Some provide free access to a records index that includes information
such as record type, person associated with the record, and recording
date.
* Others provide either free or paid access to both a records index and
electronic record images. An electronic record image is typically a
complete copy of the record and its contents.
One organization that publishes public records information estimated
that from 2004 to 2006, the proportion of all record keepers providing
Internet access to a records index or electronic record images
increased from 40 to 57 percent.[Footnote 10]
Online access to electronic record images provides potentially
unlimited access to the content of records, including SSNs and other
personal identifying information, unless this information has been
removed by the record keeper.
* In our own review of record keepers' Web sites across the country, we
found that at least 1 record keeper in 40 of the 50 states and D.C. (78
percent) provided free or paid online access to electronic record
images.[Footnote 11]
Conclusions:
Federal agencies have taken actions to mitigate the availability of
SSNs in public records by implementing the use of truncation for
documents provided to state and local record keepers.
While these actions provide some additional protection against using
these records to perpetrate identity theft, our review demonstrates
that identity thieves may still be able to reconstruct full SSNs by
combining different truncated versions of the SSN available from public
and private sources.
Thus, truncation does not provide complete protection against identity
theft.
Yet despite this limitation, our analysis suggests that truncation
provides better protection compared with records that display full
SSNs.
In this regard, as we noted in our May 2006 report, Congress may wish
to further improve SSN protection by enacting truncation standards or
assigning an agency to do so.[Footnote 12] In addition, Congress may
wish to solicit input on promising truncation practices from the
Commissioner of Social Security as part of this process.
However, in the absence of such standards, federal agencies can still
take steps to protect SSNs by further reducing their exposure in
records they generate and provide to record keepers.
Recommendations for Executive Action:
To the extent that truncation provides an added level of protection
from identity theft, we are recommending that:
* The Commissioner of IRS should implement a policy requiring the
truncation of all SSNs in lien releases the agency generates.
* The Attorney General should implement a policy requiring, at a
minimum, SSN truncation in all lien records generated by its judicial
districts. Truncation should be in the same format as is currently used
by IRS on lien notices.
[End of section]
Appendix II: Comments from the Office of Management and Budget:
Executive Office Of The President:
Office Of Management And Budget:
Washington, D.C. 20503:
June 8, 2007:
Mr. Daniel Bertoni:
Director, Education, Workforce, and Income Security Issues:
Government Accountability Office:
441 G Street, SW:
Washington, DC 20548:
Dear Mr. Bertoni:
Thank you for the opportunity to comment on the draft Government
Accountability Office (GAO) report, "Social Security Numbers: Federal
Actions Could Further Decrease Availability in Public Records, Though
Other Vulnerabilities Remain," (GAO-07-752), which addresses the
federal government's role in providing records with Social Security
numbers (SSNs) and other personal identifying information to state and
local public recordkeepers.
While this report does not provide recommendations for the Office of
Management and Budget (OMB), we would like to comment on the issue of
truncated (partial) SSNs which was discussed in the report. OMB
appreciates the careful analysis that GAO provides in its report. In
its report, GAO notes SSN, in both full and truncated form, remain
vulnerable to misuse by identity thieves. Your report states that this
is attributed in part due to external factors such as differing methods
of truncation used by the public and private sectors, the availability
of the SSN in public records and through the Internet, and the relative
ease with which a partial SSN can be used to reconstruct a full SSN.
The report further notes that, although an improvement over full SSN,
truncation does not provide complete protection against identity theft
and advises agencies the best protection is to reduce exposure.
On May 23, 2007, our Deputy Director for Management issued Memorandum M-
07-16 to Federal agencies titled, "Safeguarding Against and Responding
to the Breach of Personally Identifiable Information." (Hyperlink,
http://www.whitehouse.gov/omb/memoranda/fy2007/m07-16.pdf) The
Memorandum and its attachments require agencies to take actions which
address the issue of data breaches including, among other things:
* develop and implement a risk based breach notification policy within
the required framework presented through the attachments;
* protect Federal information accessed remotely; and:
* develop and implement a policy outlining the rules of behavior and
identifying consequences and potential corrective actions for failure
to follow these rules.
Additionally, this Memorandum requires agencies to reduce the volume of
sensitive information maintained by agencies, including SSNs, to the
minimum necessary. OMB further recognizes the path forward is for the
Federal government to reduce its reliance on use of SSN. In this light,
the Memorandum requires agencies to participate in government-wide
efforts to explore alternatives to the use of SSNs as a personal
identifier for both Federal employees and in Federal programs (e.g.,
surveys, data calls, etc.) The Memorandum goes a step further to
require agencies to establish a plan within 120 days to eliminate
unnecessary use of SSNs and implement the plan within 18 months.
The Memorandum does not distinguish between full and truncated SSNs.
OMB has been providing informal advice to the agencies that the policy
applies to both the full and truncated SSN. Specifically, agencies are
required to safeguard SSN in any form with equal diligence. We will be
providing more formal guidance to the agencies on this issue.
Thank you for the opportunity to review and comment on the draft_
report on this important issue.
Sincerely,
Signed by:
Karen Evans:
Administrator:
Office of E-Government and Information Technology:
Office of Management and Budget:
[End of section]
Appendix III: Comments from the Internal Revenue Service:
Department Of The Treasury:
Internal Revenue Service:
Washington, D.C. 20224:
Commissioner:
May 24, 2007:
Mr. Daniel Bertoni:
Director, Education, Workforce, and Income Security Issues:
U.S. Government Accountability Office:
441 G Street, N.W.
Washington, D.C. 20548:
Dear Mr. Bertoni:
I have reviewed the draft Government Accountability Office (GAO)
briefing document Titled: Social Security ' s: Numbers: Federal Actions
Could Further Decrease Availability in Public Records though Other
Vulnerabilities Remain" (GAO 07-752).
The Internal Revenue Service (IRS) recognizes the importance of
preventing identity theft and agrees that truncation of Social Security
Numbers (SSNs) on documents provided to public record keepers provides
an added level of protection against identity theft. In January 2006,
the Service implemented truncation of SSNs on Notices of Federal Tax
Liens (NFTLs) issued after that date. IRS will also truncate SSNs on
certificates of release related to those filings. During fiscal year
2006, SSNs were truncated on over 600,000 NFTLs.
If you have any questions, or if you would like to discuss this
response in more detail, please contact Fredrick W. Schindler,
Director, Collection Policy at (202) 283-7650.
Sincerely,
Signed by:
Kevin Brown:
Acting Commissioner:
Enclosure:
Recommendation:
To the extent that truncation provides an added level of protection
from identity theft, we are recommending that the Commissioner of IRS
should implement a policy requiring the truncation of all SSNs in lien
releases the agency generates.
Response:
The IRS agrees that truncating SSNs on documents filed with public
record keepers adds a level of protection against identity theft. A
multi-functional IRS task group contacted state and local recording
officials, financial institutions, title and mortgage companies and
credit reporting agencies, as well as attorneys and practitioners, and
gathered data regarding truncation of SSNs. The group identified the
most used truncation method as redaction of the first 5 digits of the
SSN (i.e. xxx-xx-1234), the same method used by most recording
officials and financial institutions. However, the data shows that
truncating SSNs on lien releases, when original liens show full SSNs,
may prove problematic for recording offices and may place an extreme
hardship on lien processing capabilities. Based on the assembled data,
IRS implemented changes to its automated lien system and provided
guidance for manually prepared lien documents.
Effective January 1, 2006, in an effort to prevent identity theft and
in recognition of the growing number of states requiring truncation, we
began truncating SSNs on NFTLs. We will also truncate SSNs on lien
documents that impact these filings (generated after 111 /2006), such
as certificates of release, withdrawal, and revocation.
[End of section]
Related GAO Products:
Social Security Numbers: Internet Resellers Provide Few Full SSNs, but
Congress Should Consider Enacting Standards for Truncating SSNs. GAO-
06-495. Washington, D.C.: May 17, 2006.
Social Security Numbers: More Could be Done to Protect SSNs. GAO-06-
586T. Washington, D.C.: March 30, 2006.
Social Security Numbers: Federal and State Laws Restrict Use of SSNs,
yet Gaps Remain. GAO-05-1016T. Washington, D.C.: September 15, 2005.
Social Security Numbers: Governments Could Do More to Reduce Display in
Public Records and on Identity Cards. GAO-05-59. Washington, D.C.:
November 9, 2004.
Social Security Numbers: Use Is Widespread and Protections Vary in
Private and Public Sectors. GAO-04-1099T. Washington, D.C.: September
28, 2004.
Social Security Numbers: Use Is Widespread and Protections Vary. GAO-
04-768T. Washington, D.C.: June 15, 2004.
Social Security Numbers: Private Sector Entities Routinely Obtain and
Use SSNs, and Laws Limit the Disclosure of This Information. GAO-04-11.
Washington, D.C.: January 22, 2004.
Social Security Numbers: Ensuring the Integrity of the SSN. GAO-03-
941T. Washington, D.C.: July 10, 2003.
Social Security Numbers: Government Benefits from SSN Use but Could
Provide Better Safeguards. GAO-02-352. Washington, D.C.: May 31, 2002.
Social Security Numbers: SSNs Are Widely Used by Government and Could
Be Better Protected. GAO-02-691T. Washington, D.C.: April 29, 2002.
FOOTNOTES
[1] Lien notices are issued by government agencies to inform the public
and creditors of a lien against a debtor's property. Lien releases are
issued by agencies when a debt has been paid.
[2] This estimate is based on the FTC's identity theft victim complaint
data. These data are self-reported and only represent crimes reported
to FTC.
[3] While there are 94 districts, there are 93 debt collection units.
These units also generate lien 13 releases, but releases are typically
provided directly to debtors rather than public record keepers.
[4] Official public records, or property records, generally include
records related to property sale, ownership, or encumbrance, rather
than vital records or court records unrelated to property.
[5] While DOJ could not confirm that all districts displaying truncated
SSNs on lien notices show the 18 last four digits, this is likely, due
to similar changes in SSNs displayed in federal court records.
[6] Recording fees have been accruing in county trust funds since
Florida statute created these 20 funds in 1987.
[7] See GAO-04-11 and GAO-06-495.
[8] The 9 million lien records include lien notices and releases.
[9] This practice varies by state and locality. For example, some
states require record keepers to sell records in bulk and only charge
to recover the costs associated with record reproduction.
[10] This organization conducts research nationwide on entities that
maintain public records and access to records. This estimate does not
include public record keepers that maintain court records.
[11] We reviewed the Web sites of state and local record keepers that
maintain property records. 31 Therefore, this figure does not include
record keepers that maintain court or other public records.
[12] See GAO-06-495.
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts
newly released reports, testimony, and correspondence on its Web site.
To have GAO e-mail you a list of newly posted products every afternoon,
go to www.gao.gov and select "Subscribe to Updates."
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. Government Accountability Office 441 G Street NW, Room LM
Washington, D.C. 20548:
To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400 U.S.
Government Accountability Office, 441 G Street NW, Room 7125
Washington, D.C. 20548:
Public Affairs:
Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800
U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, D.C. 20548:
