Social Security 'Death Master File' May Thwart Terrorists

July 7, 2008 - 7:03 PM

( - To help prevent common crooks, organized crime gangs - and now terrorists - from stealing someone's identity, some lawmakers are urging the Social Security Administration to give financial institutions information from the program's "Death Master File," of deceased Social Security recipients and card holders.

But bureaucratic inertia, lack of funding and privacy concerns may hamper such an effort. Other experts doubt such information sharing will do any good.

Lawmakers like Rep. Ron Paul (R-Texas) have long sounded the alarm about the vulnerability of the Social Security number (SSN) as an easy target for criminals.

At least as far back as 1973, a government report on privacy described problems of the number's misuse. Identity thieves have used the numbers to get fraudulent credit lines that end up wreaking havoc on their victim's credit record.

Rep. Sue W. Kelly (R-N.Y.), chairwoman of the House Subcommittee on Oversight and Investigations, pointed to instances in which identity thieves James Jackson and Derek Cunningham stole hundreds of thousands of dollars in gems and watches from deceased executives of major corporations, including the late CEO of the Wendy's restaurant chain, before being caught by law enforcement.

The terrorist attacks of Sept. 11, however, have lent a new urgency to the matter.

"We know that Lofti Raissi, an Algerian held on suspicion that he trained four of the hijackers how to fly, used the Social Security number of a New Jersey woman who has been dead for 10 years," said Kelly, speaking to a packed committee hearing room on Thursday.

"We can prevent these crimes and spare the families further pain," said Kelly, if Death Master File information is given to the financial services industry as soon as possible once a Social Security card holder has died.

Every year, the SSA compiles information and maintains a database on people who were in the retirement system but have died, including their Social Security number, first and last name, dates of birth and death, state, county and zip code of the last residence, and last lump sum payment.

The information is a matter of public record, but there is a time lag in its availability.

Witnesses from the Social Security Administration and General Accounting Office said the agencies have good intentions about sharing information, and may set up an Internet web site or telephone hotline for banks and other financial institutions.

But even if such systems are put into place, Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC), doesn't think it will help.

"The problem of 'identity theft,' particularly of the deceased, cannot be solved by sharing SSN data more rapidly or other such stopgap measures," said Rotenberg. "The problem lies rather in the dramatic expansion of the use and collection of the SSN that Congress should try to limit."

Evan Hendricks, the editor and publisher of Privacy Times, agreed.

"The underlying mistake has been to expand the use of the SSN beyond that for which it was created: the numbering of personal accounts for the collection of taxes and benefits in the Social Security program," said Hendricks.

Now, he said, the number is more vulnerable to misuse and sale wherever it is stored, including personnel departments, government databases and web sites.

"This [identify theft] leaves the innocent consumer with the debris of a polluted credit history," said Hendricks.

What is needed, he said, is for Congress to authorize an automated, instant reporting system so that local governmental agencies in charge of issuing death certificates can quickly report the names and SSNs of the deceased. The SSA, in turn, would report the information to the three major credit-reporting agencies.

Rotenberg recommended that government ban the extraneous use of the SSN and give consumers themselves easier access to their own credit reports in order to "view and correct" their credit reports-ideas opposed by the credit reporting industry and others.

"If Congress chooses to make the Death Master File more readily available to the private sector," he concluded, "then I urge [Congress] to adopt corresponding privacy rules that will limit the opportunities for abuse."