Senate Subcommittee Holds Hearing on Identity Theft

(July 13, 2000) The Senate Technology Subcommittee held another hearing on identity theft on July 12. Sen. Feinstein is sponsoring legislation to restrict the purchase of social security numbers over the Internet, one means by which criminals are able to assume another person's identity.

Related Pages
Prepared Statement of Sen. Kyl [PDF], 7/12/00.
March 7, 2000 hearing (web page in Senate Judiciary Committee web site with links to prepared statements).
S 2328 IS, Identity Theft Prevention Act of 2000.
S 2699 IS, Social Security Number Protection Act of 2000

The hearing, titled "Identity Theft: How to Protect and Restore Your Good Name," was conducted by Sen. Jon Kyl (R-AZ) and Sen. Dianne Feinstein (D-CA), the Chairman and Ranking Minority Member of the Senate Judiciary Committee's Subcommittee on Technology, Terrorism and Government Information, respectively.

The hearing addressed the many ways that criminals obtain information that enables them to assume the identities of others, the harmful consequences that it has for the victims, and legislation to remedy the problem.

Sen. Feinstein focused also on the role of the Internet in facilitating identity theft.

The Subcommittee conducted as similar hearing on March 7, 2000.

Sen. Kyl stated that "criminals often use the social security numbers and other personal information to assume the identity of law abiding citizens and take their money. It is high tech theft."

Congress passed the Identity Theft and Assumption Deterent Act in the last Congress, which criminalized identity theft. However, Sen. Kyl stated that "identity theft, unfortunately, continues to grow, particularly as the Internet grows in popularity."

"How does it happen?" Sen. Kyl asked rhetorically. "Technology enables new sophisticated means of identity theft. Using a variety of methods criminals steal social security numbers, credit card numbers, drivers license numbers, ATM cards, telephone calling cards, and other pieces of a citizens identity. Victims are often left with a bad credit report, and must often spend months, and even years, regaining their financial wholeness. In the mean time, they have difficulty writing checks, obtaining loans, renting apartments, getting their children financial aid for college, even getting hired."

"In Fiscal Year 1999, the Social Security Administration's Office of Inspector General Hotline for Fraud and Abuse reported more than 62,000 instances of misuse of Social Security Numbers," said Sen. Kyl. Social Security Inspector General Jim Huse was on hand to testify in further detail about the extent of the problem. (See, Huse testimony [PDF].)

The two Senators are trying to draw public and Senate attention and support for their proposals to alleviate the problem of identity theft.

"The key to prevention," said Sen. Kyl, "is businesses establishing responsible information handing practices, and for the credit industry to adopt stricter application verification procedures, and to put limits on data disclosure."

Sen. Kyl and Sen. Feinstein addressed two bills at the hearing:

S 2328 would require businesses to adopt certain practices designed to reduce the frequency of identity theft, such as:

Sen. Feinstein also indicated that she intends to introduce another bill, that would expand the principles of S 2699 to include drivers licenses, personal medical data, and personal financial data.

Sen. Dianne
Feinstein
(D-CA)

Sen. Feinstein elaborated on the role of the Internet in the sale of Social Security Numbers. "Identity theft victims have actually been calling on our office with story after story of these crimes. And let me give you a couple of examples. My constituent, Amy Bradbury, of Castral Valley, reported that an identity thief obtained a credit card in her name through the Internet in just ten seconds. The false application had her Social Security Number and birth date correct."

"As a matter of fact, my staff has compiled a list of about twelve different Internet web sites where personal information can be purchased for as little as $25. Let me read their comments on one web site called digdirt.com. Here is one that is not online access per se, but it will blow your mind as to what they offer. You hire them, they do the work, they get back to you -- medical records, phone numbers, assets, etc. I am not going to say the name of all of these web sites, but I would like to enter them into the record, if I might, Mr. Chairman." (Tech Law Journal has requested, but not received, a copy of this document from the Judiciary Committee, the Technology Subcommittee, and the office of Sen. Feinstein.)

Social Security Inspector General Jim Huse addressed the sale of Social Security Numbers over the Internet in his testimony. He stated:

"Because of the increasing role that the Internet is playing in SSN misuse and identity theft, we have expanded the scope of these pilots to include the sale of Social Security cards over the Internet. Using undercover purchases of Social Security cards, we can determine which vendors actually provide buyers with fraudulent documents and which merely take the money and run. We are very optimistic that we will be able to shut down several important Internet distributors of false identification documents with this initiative."

"On the other side of e-commerce, we started another operation targeted, not at those who sell false identification documents over the Internet, but at those who buy them. This effort has two goals. First, we can locate and stop those who purchase counterfeit Social Security cards that might be used in identity theft crimes. And second, it will enable us, for the first time, to determine both the scope of Internet trafficking in false identification documents and the many ways one can use a false SSN."

"Amy -- well, let me give you another example. Lynn Kleinenberg (spelling?) of Los Angeles, her husband was an executive at Cedar Sinai Medical Center. He died in December. The identity theft there used her husband's obituary to get the maiden names, then went to the Internet, purchased the various documents, and she had $200,000 in diamond purchases charged against her," said Sen. Feinstein.

"Another person, Amy Boyer, a twenty year old dental assistant from Maine, was killed last year by a stalker who bought her social security off the Internet for $45. Incidentally, some of these web sites provide, you can buy it for $25 now. And then they used the Social Security Number to locate her work address, and go out and stalk her and kill her."

"I have two proposals pending before the Congress today, and I hope we can discuss them. The first prohibits the sale of Social Security Numbers. This administration, the administration actually is supportive of this legislation. I am hopeful we can pass it. It, Senate Bill 2699, entitled the Social Security Number Protection Act, that would restrict the sale and purchase of Social Security Numbers. It has some exceptions."

Sen. Feinstein continued that "I am also right now writing legislation to amend that to provide for the same stipulations to a drivers license, to personal medical information, and personal financial data, and to provide an opt in. In other words, the Internet site would have to get the permission of the individual before using their Social Security Number, their drivers license, their personal medical information, or their personal financial information. Now, this is very controversial."

Both Jodie Bernstein of the FTC and Jim Huse of the Social Security Administration expressed support for S 2328; but, neither endorsed S 2699. However, Beth Givins of the Privacy Right Clearinghouse did testify that Social Security Numbers "certainly should not be for sale on the Net."

What They Said
(Links to Prepared Statements
of Witnesses in the Judiciary
Committee Web Site in PDF.)
Jodie Bernstein, FTC
Jim Huse, Social Security Admin.
Beth Givins, Privacy Rights Clearinghouse
Steve Emmert, Lexis/Nexus
Stuart Pratt, Associated Credit Bureaus
Michelle Brown, Identity Theft Victim
Steve Emmert, of Lexis/Nexus, and Stuart Pratt, of Associated Credit Bureaus, both testified regarding the legitimate market for personal data, including social security numbers. Emmert testified that "the availability of individual reference services helps to reduce identity theft."

He also argued that many types of sales of Social Security Numbers should remain legal. He covered several examples, including: locating criminals and witnesses by law enforcement authorities, locating heirs, locating pension fund beneficiaries, locating victims of fraud schemes and environmental hazards, and tracking down parents who are delinquent in child support payments. He also said that banking, insurance, and database companies, such as Lexis/Nexus, ought to be exempt.

Sen. Feinstein offered to work with Emmert in crafting a bill that would meet their concerns, but prevent individuals from buying Social Security Numbers over the Internet.

Sen. Feinstein also conceded that she was having difficulty moving her legislation. Regarding S 2328, she lamented, "I doubt very much the Banking Committee is going to move the bill."