New Bill Seeks to Eliminate Social Security Numbers as Uniform Identifiers

On January 7, 2011, Representative Ron Paul (R-TX) introduced a bill entitled the “Identity Theft Prevention Act of 2011” (H.R. 220). The Bill seeks to address the pervasive use of Social Security Numbers by various federal, state and local government agencies and to prevent identity theft by eliminating any use of those numbers in connection with government services. It prohibits governmental agencies from requiring mandatory or even voluntary disclosure of an individual’s Social Security Number in connection with documents filed by individuals.

The Bill includes amendments to the Social Security Act (42 U.S.C. 405(c)(2)), the Internal Revenue Code (26 U.S.C. §§ 6109(d)), and the Privacy Act of 1974 (5 U.S.C. 552a note, 88 Stat. 1909) in the following notable ways:

  • Social Security Act – H.R. 220 §§ 2(b) and (d)(2):
    • Requires that Social Security Account Numbers be randomly generated instead of confirming to a specific numbering system (the Social Security Numbering Scheme is described in detail on the Social Security Administration’s archive);
    • Provides that the Social Security Account Number be owned by the individual;
    • Prohibits the Social Security Administration from divulging that number to anyone (other than the account holder himself/herself); and
    • Requires that any pre-existing Social Security Numbers be declared null and void and reissued within 5 years of enactment of the Bill in accordance with the new “random generation” rules. Certain cross-references to the old numbers may be made, but these are limited.
  • Internal Revenue Code – § 2(c)(1):
  • Privacy Act – H.R. 220 § 3:
    • Section 7 of the Privacy Act (5 U.S.C. § 552a (note)) currently reads as follows:
      Sec. 7(a) (1) It shall be unlawful for any Federal, State or local government agency to deny to any individual any right, benefit, or privilege provided by law because of such individual’s refusal to disclose his social security account number.
      (2) the provisions of paragraph (1) of this subsection shall not apply with respect to—
      (A) any disclosure which is required by Federal statute, or
      (B) any disclosure of a social security number to any Federal, State, or local agency maintaining a system of records in existence and operating before January 1, 1975, if such disclosure was required under statute or regulation adopted prior to such date to verify the identity of an individual.
      (b) Any Federal, State or local government agency which requests an individual to disclose his social security account number shall inform that individual whether that disclosure is mandatory or voluntary, by what statutory or other authority such number is solicited, and what uses will be made of it.
    • Pursuant to H.R. 220, these provisions would be amended to read as follows:
      Sec. 7(a) (1) It shall be unlawful for any Federal, State or local government agency to deny to any individual any right, benefit, or privilege provided by law because of such individual’s refusal to disclose his social security account number.
      (2) The provisions of paragraph (1) of this subsection shall not apply with respect to any disclosure which is required under regulations of the Commissioner of Social Security pursuant to section 205(c)(2) of the Social Security Act or under regulations of the Secretary of the Treasury pursuant to section 6109(d) of the Internal Revenue Code of 1986.
      (b) Except with respect to disclosures described in subsection (a)(2), no agency or instrumentality of the Federal Government, a State, a political subdivision of a State, or any combination of the foregoing may request an individual to disclose his social security account number, on either a mandatory or voluntary basis.

The Bill also prohibits “Government Wide Uniform Identifying Numbers” (Section 4) and “Government Established Identifiers” (Section 5). These two prohibitions would go into effect on January 1, 2012.

Under Section 4, the Bill provides that “any two agencies or instrumentalities of the Federal Government may not implement the same identifying number with respect to any individual” except where authorized by 42 U.S.C. 405(c)(2) [the Social Security Act sections described above]. Id. § 4(a).

Under Section 5, the Bill prohibits any two federal agencies from implementing the same numbering system to assign individual identification numbers to any individual and from conditioning the receipt of any federal grant, contract, or funding on the adoption of a uniform numbering system by a state or local government entity or agency. The Bill makes it clear that “administrative simplification” cannot be the stated purpose in establishing or mandating a uniform standard for identification purposes. Id. § 5(b)(2).

Initial Purpose of Social Security Numbers

As initially implemented, the Social Security Numbering system was not intended as a universal numbering system, and indeed, was not adopted by other agencies as such until at least 1943, when an Executive Order mandated that if a numbering system was required to keep records on individuals, that the Social Security Numbering system be used. Executive Order 9397 (3 CFR (1943-1948 Comp.) 283-284). An interesting chronology of the history of policy changes to the Social Security Numbering System can be found at the Social Security Administration’s web site and the explanation of the meaning of each section of the Social Security Number can be found here.

Status of Legislation
Following its introduction on January 7, 2011, the Bill was referred to the House Ways and Means Committee and the House Oversight and Government Reform Committee.

Basic information about the Bill (except for the actual text) can be found through Thomas (Congress’s legislative portal) at this specific link. The actual text can be found here in a variety of formats, including text, XML and PDF.

Mandatory Restitution to Victims of Identity Theft in Pennsylvania Required

The Pennsylvania General Assembly recently amended its sentencing requirements to be imposed upon convicted identity thieves. On September 18, 2009, House Bill 222 was approved by Governor Rendell and became effective on November 17, 2009.

House Bill 222 amended the PA Crimes Code to mandate restitution by a convicted identity thief to “for all reasonable expenses incurred by the victim or on the victim’s behalf” to investigate the theft, bring civil and/or criminal actions in response, or to correct the victim’s credit record or negative credit reports. 18 Pa. Cons. Stat. Ann. § 1107.1(a). These expenses include: 1) attorneys’ and accountant’s fees for professional services; 2) fees or costs imposed by the credit bureaus to correct the credit reports, to undertake private investigations, or to contest “unwarranted debt collections;” and 3) court costs and filing fees. Id. § 1107.1(b).

This restitution sentence would be imposed in addition to any other restitution sentence or other order. See id. § 1107.1(a).

(Note that you can find the statutory sections cited above through West’s Unofficial Purdon’s Pennsylvania Statutes – I tried linking each separate section, but the individual links would not work. You will have to navigate through West’s table of contents and expand the listings under Title 18 to find the relevant sections discussed here.)

Prior Version of Restitution Requirement

The prior version of this restitution requirement had been codified in 42 Pa. Cons. Stat. Ann. § 9720.1 and took effect July 21, 2000. Section 9720.1 has been repealed, now that the provisions have been moved to the Crimes Code.

Amendments Recently Enacted

Section 1107.1 provides several important amendments beyond the provisions previously codified in 42 Pa. Cons. Stat. Ann. § 9720.1. Specifically, the current provision permits an identity theft victim to recover professional fees charged by an accountant as well as any costs that they incurred in connection with disputing debt collections that were undertaken without justification.

Identity Theft in PA (Generally)

Identity theft is considered an “offense against property” in Pennsylvania. A person commits identity theft if “he possesses or uses, through any means, identifying information of another person without the consent of that other person to further any unlawful purpose.” 18 Pa. Cons. Stat. Ann. § 4120(a).

Identifying information includes “documents [separately defined], photographic, pictorial or computer image of another person, or any fact used to establish identity, including, but not limited to, a name, birth date, Social Security number, driver’s license number, nondriver governmental identification number, telephone number, checking account number, savings account number, student identification number, employee or payroll number or electronic signature.” Id. § 4120(f).

The term “document” is defined to include broadly “any writing,” with certain non-exclusive examples provided: “birth certificate, Social Security card, driver’s license, nondriver government-issued identification card, baptismal certificate, access device card, employee identification card, school identification card or other identifying information recorded by any other method, including, but not limited to, information stored on any computer, computer disc, computer printout, computer system, or part thereof, or by any other mechanical or electronic means.” Id.

The determination of the severity of the offense will vary, depending on the total dollar value involved, the number of times the offender has committed this offense in the past and the age of the victim. Specifically, the offense is deemed to be a misdemeanor of the first degree if the total value involved is less than $2,000. Id. § 4120(c)(1)(i). The offense will be upgraded to a felony (of the third degree) when the amount exceeds $2,000 or when the offense is committed “in furtherance of a criminal conspiracy.” Id. § 4120(c)(1)(ii) and (iii). The degree is further upgraded for recidivists – for third or subsequent offenses, the offense is deemed to be a felony of the second degree. Id. § 4120(c)(1)(iv).

Finally, if the offense is committed against a person “60 years of age or older” or against a person who is “care-dependent” under 18 Pa. Cons. Stat. Ann. § 2713, the severity of the offense will be upgraded a degree. Id. § 4120(c)(2).

As a result, the severity of the offense can range from misdemeanor of the first degree through a felony in the first degree. 204 Pa. Code § 303.15. Under Pennsylvania law, the actual penalties imposed for these offenses will be established by reference to the Sentencing Code (42 Pa. Cons. Stat. Ann. § 9701 et seq.) and Sentencing Guidelines (204 Pa. Code §§ 303.1 – 303.18), but can include imprisonment of varying terms in addition to the restitution required by 18 Pa. Cons. Stat. Ann. § 1107.1 and 42 Pa. Cons. Stat. Ann. § 9721(c).

Resources to Combat Identity Theft

If you need further information about identity theft, there are numerous resources you can use. For instance:

Government & Consumer Advocate Links
* Better Business Bureau’s Information for Consumers about Identity Theft
* Credit Reporting Companies: Equifax, Experian, and Transunion.
* Federal Trade Commission’s Identity Theft Site
* Pennsylvania Attorney General Tom Corbett’s Identity Theft Toolkit
* Pennsylvania State Police – Identity Theft Prevention Guidelines (PDF document)
* US Postal Service – Report ID Theft by Mail

Commercial Providers or Evaluation Tools
* – has some information about police reports and dealing with governmental agencies to start correcting their records.
* Comparison of the “Top 5” Identity Theft Protection Companies on the market
* Identity Theft Labs – also provides a comparison of the most popular ID Theft Protection sites
* Identity Theft Protection and Survival – offers books and other educational materials for sale

This is a non-exhaustive list, but should get you started. In addition to these resources, you may also want to consider checking resources offered by your bank, credit union or credit card companies; many of them offer tools to assist you in avoiding or recovering from identity theft.

(Please note that I have not thoroughly researched companies providing ID theft protection services – so what appears above are suggestions only of some of the third-parties that provide these services. Their listing here should not be taken to be an endorsement or any other support for the products or services that they offer.)

Privacy Resources on the Internet

Welcome to the Privacy and IP Law blog. As an initial matter, below are several resources on the Internet where you can find detailed information about privacy law. It’s by no means exhaustive, but it should give you a start to understanding some of the recent debate on privacy issues in the U.S.:

Some of these links also appeared in the inaugural issue of “International Data Protection and Online Security,” a joint newsletter of the ABA’s Section on International Law and the Online Security and E-Privacy Committee of the ABA’s Intellectual Property Law Section, of which I am a member of the editorial board.