http://0225.0145.01.040/usao/eousa/foia ... ab5301.pdf

Social Security Fraud
Prosecuting Social Security Number Misuse: Attacking Identity Theft at its
Source
By John K. Webb

JANUARY 2005 UNITED STATES ATTORNEYS ' BULLETIN 1
Prosecuting Social Security Number
Misuse: Attacking Identity Theft at its
Source
John K. Webb
Special Assistant United States Attorney
Central District of California

I. Introduction
Protection of the Social Security Number
(SSN) is inherent to maintaining personal privacy
and in assuring that no one "filches" your good
name. In fact, failure to carefully guard the SSN
could make one "poor indeed." As any victim of
identity theft will tell you, not much has changed
since the days of Shakespeare when it comes to
"filching," and thieves continue to roam the streets
looking for victims to rob of their good name.
Indeed, today's robbers have incorporated the use
of cyberspace into their bag of dirty tricks, and the
theft and misuse of the SSN is the most common
tool that identity thieves employ. The misuse of
the SSN poses a risk to public safety and a threat
to the personal privacy and financial security of
every American.

The SSN has been with us since 1936 and was
first intended for use solely by the federal
government as a means of tracking earnings to
determine the amount of Social Security taxes to
credit to each worker's account. Use of the SSN
for purposes unrelated to the administration of the
Social Security system is a relatively recent
phenomenon. Over the years, the SSN has been
used by government agencies and the private
sector for other purposes, often over the objection
of independent experts and the general public.
See, e.g., ALAN WESTIN & MICHAEL BAKER,
DATABANKS IN A FREE SOCIETY , 39 9 (Times
Boo ks 197 2) ("adopting the Social Security
number officially as a national identifier or letting
its use spread unchecked cannot help but
contribute to public distrust of government").

A. SSN misuse, identity theft, and the risk
to personal and financial privacy
Today, the SSN is a fundamental element of
almost every identity theft case, and Congress has
long recognized that disclosure of the SSN is a
threat to individual privacy. See Privacy Act, Pub.
L. No. 93-579, 88 Stat. 1896 (1974). With the
enactment of the Privacy Act in 1974, Congress
explicitly recognized the particular risk to privacy
brought about by the threat of the misuse and
unnecessary disclosure of the SSN and enacted
express restrictions on the use of the SSN. Id. The
extent of the threat to individual privacy is readily
apparent when considering that the SSN is used as
an identification code that brings individuals into
contact for everyday communication with
databases containing a wide range of financial,
medical, educational, and credit information.
Once obtained by an identity thief, the SSN opens
practically every door related to a person's identity
and personal history and completely compromises
an individual's personal privacy. The development
and expansion of the Internet has contributed
significantly to the danger of identity theft that is
inherent to disclosure of the SSN. As the Supreme
Court noted, the Privacy Act "was passed in 1974
largely out of concern over 'the impact of
computer data banks on individual privacy.'" See
United States Department of Justice v. Reporters
Committee for Freedom of the Press, 489 U.S.
749, 765 (1989). Today, even with the explosion
of identity theft, the demand continues for
disclosure of an individual's SSN for purposes
unrelated to its intended use. The result is the
frequent and indiscriminate use and disclosure of
the SSN as part of identity theft crimes.
2 UNITED STATES ATTORNEYS' BULLETIN JANUARY 2005

B. History of the SSN and restrictions on
its use
On August 14, 1935, Congress enacted
legislation creating the Social Security
Administration (SSA). See Social Security Act
(the Social Security Act of 1935), Pub. L. No.
74-271, 49 Stat. 620 (1935). The purpose of the
Social Security Act (the Act) was the creation and
implementation of a social insurance program
designed to pay benefits to retired workers to
ensure a continuing portion of income after
retirement. Id. The amount of these social benefits
was based, in part, on the amount of the workers'
earnings, and SSA needed a system to keep track
of earnings by individual workers and for
employers to report these earnings. Included in the
Act was authorization for SSA to establish a
record-keeping system to help manage the Social
Security program. While it did not expressly
mention the use of the SSN, the Act authorized
the creation of some type of record keeping
scheme. Thus, on or about November 24, 1936,
the first applications for Social Security account
numbers (Form SS-5) were distributed by the Post
Office to persons who were working or expected
to work in jobs covered by Social Security old-age
insurance. See "Special C ollections-Chronology"
(Social Security Online), available at http://www.
ssa.gov/history/1930.html. Through a process
known as enumeration, unique numbers were
created by SSA for every person, and used by
SSA and the Internal Revenue Service (IRS) as a
work and retirement benefit record for the Social
Security program. Id. In accordance with the
establishment of the SSN as a record keeping tool,
the IRS issued a regulation in 1936 that required
the issuance of an account number to each
employee covered by the Social Security program.
See Treasury Decision 4704 (1936). Between
November 1936 and June 1937, SSA processed
approximately thirty million SS-5 Forms.
Available at http://www.ssa.gov/history/ssn/
firstcard.html.
The process of issuing Social Security
Numbers continues today, with SSA issuing them
to all U.S. citizens and most noncitizens who are
lawfully admitted to the United States and who
have permission to work. Available at http://www.
ssa.gov/ssnumber. Lawfully admitted noncitizens
may also qualify for an SSN for nonwork
purposes when a federal, state, or local law
requires that an SSN be obtained in order to
receive a particular welfare benefit or service.
SSA collects and verifies information from such
applicants regarding their age, identity,
citizenship, and immigration status. Most of SSA's
enumeration workload involves U.S. citizens who
generally receive an SSN via SSA's birth
registration process handled by hospitals.
However, individuals seeking SSN's can also
apply in person at any SSA field office location,
through the mail, or via the Internet. See
http://www.ssa.gov/ssnumber. Most U.S. born
individuals receive an SSN through a process SSA
refers to as Enumeration-at-Birth (EAB). Under
EAB parents can apply for an SSN for their
newborn child at the hospital as part of the birth
registration process. Under this process, hospitals
send birth registration information to a state or
local bureau of vital statistics where it is entered
into a database. The appropriate bureau of vital
statistics forwards SSA the required information,
usually by electronic means. SSA accepts the data
captured during the birth registration process as
evidence of age, identity, and citizenship, and
assigns the child an SSN without further parental
involvement. Once SSA receives the required
information, it performs edits, assigns the SSN,
and issues the card. See Social Security Numbers:
Insuring the Integrity of the SSN GAO REP.
03-941T (2003), available at http://www.gao.
gov/new.items/d03941t.pdf.
Widespread SSN use in government began
with a 1943 Executive Order issued by President
Franklin D. Roosevelt. See Exec. Order No.
9,397, 3 C.F.R. 283-284 (1943-194.
Specifically, the order required all federal
components to use the SSN exclusively whenever
the component needed to set up a new
identification system for individuals, and
instructed the Social Security Board to cooperate
with federal uses of the SSN by issuing and
verifying numbers for other federal agencies. Id.
Since 1943, the number of federal agencies and
others relying on the SSN as a primary identifier
has escalated dramatically, in part, because a
number of federal laws have been passed that
have authorized or required use of the SSN for
specific activities. See Social Security Numbers:
Government Benefits from SSN Use but Could
Provide Better Safeguards GAO REP. 02-352
(2002), available at http://www.gao.gov/new.
items/d02352.pdf. In many instances, use of an
SSN is required by law to determine the eligibility
of an individual for receipt of federally funded
program services or benefits, such as SSA Title II
benefits (Retirement, Disability, or Survivor's) or
JANUARY 2005 UNITED STATES ATTORNEYS ' BULLETIN 3
Supplemental Security Income (SSI) benefits
payments. Use of the SSN also serves as a unique
identifier for such government-related activities as
paying taxes or reporting wages and earnings. The
government was first permitted to use the SSN for
tax reporting purposes in 1961, when Congress
authorized the IRS to use the SSN as taxpayer
identification numbers. See Pub. L. No. 87-397,
75 Stat. 828 (1961).
Since issuance of the first SSN in 1936, the
private sector, for all practical purposes, has taken
control of the SSN. Individuals must now provide
it when applying for credit, when seeking medical
or other insurance coverage, for leasing an
apartment, seeking cell phone service, ordering
merchandise, or applying for a job. In addition,
many federal, state, and local government
agencies also use the SSN as a means of
identification when they administer their
programs to deliver services or benefits to the
public. In some instances, government agencies
serve as the repository for records or documents
that are routinely made available to the public for
inspection. These public records may include
SSNs. See Social Security: Government and
Commercial Use of the Social Security Number is
Widespread GAO REP. 99-28 (1999), available at
http://www.gao.gov/archive/1999/he99028.pdf.
This growth in use and availability of the SSN is
important because SSNs are often the identifier of
choice among identity thieves. No single federal
law regulates overall use and disclosure of SSNs
by federal agencies, but several federal laws limit
the use and disclosure of the SSN in certain
circumstances. See 42 U.S.C. § 408(a)(7)(B); see
also 18 U.S.C. § 1028(a)(7) and 18 U.S.C.
§ 1028A. State laws may also vary in terms of the
restrictions imposed on SSN use and disclosure.
Moreover, some records that contain SSNs are
considered part of the public record and, as such,
are routinely made available to the public for
review. See Social Security Numbers: Government
Benefits from SSN Use, but Could Provide Better
Safeguards GAO REP. 02-352 (2002), available at
http://www.gao.gov/new.items/d02352.pdf.
It goes without saying that the SSN is a key
piece of identification in building credit bureau
databases, extracting or retrieving data from
consumers' credit histories, and preventing fraud.
See Prepared statement of the FTC, Identity Theft:
the FTC's Response: Hearing Before the
Subcommittee on Technology, Terrorism and
Government Information, Senate Judiciary
Committee, 107th Cong. (M ar. 20, 2002),
available at http://www.consumer.gov/idtheft_
old/reports.htm. Businesses routinely report
consumers' financial transactions, such as charges,
loans, and credit repayments to credit bureaus.
Although credit bureaus use other identifiers, such
as names and addresses, to build and maintain
individuals' credit histories, the SSN is the most
important identifier for ensuring that correct
information is associated with the right individual,
because the SSN does not change as would a
name or address. The SSN, along with names and
birth certificates, are three personal identifiers
most often sought by identity thieves. See Identity
Theft: Prevalence and Cost Appear to be Growing
GAO REP. 02-363 (2002), available at http://
www.consumer.gov/idtheft/reports/gao-d02363.p
df.
Identity theft occurs when an individual steals
another individual's personal identifying
information and uses it fraudulently. It is a crime
that can affect all Americans. SSNs and other
personal information, for example, are used to
fraudulently obtain credit cards, open utility
accounts, access existing financial accounts,
commit bank fraud, file false tax returns, and
falsely obtain employment and government
benefits. The SSN plays an important role in
identity theft because it is used as breeder
information to create additional false
identification documents, such as drivers' licenses,
Social Security cards, I-9 and W-4 forms, and
green cards. Most often, identity thieves use SSNs
belonging to real people, rather than making one
up. However, identity thieves sometimes merely
make up a number that happens to correspond to
an SSN already assigned to an individual by the
Commissioner of Social Security. Most often,
identity thieves gain access to the personal
information of a victim by:
• taking advantage of an existing relationship
with the victim;
• stealing information from purses, wallets, or
the mail;
• purchasing personal information from a
coworker of the victim; and
• identifying personal information obtained
legally through Internet sites maintained by
both the public and private sectors (including
data from records routinely made available to
the public through the court system).