House panel eyes solutions to SSA on-line privacy problem

Social Security Administration officials under fire for a system that allowed easy access to personal earnings and benefits records over the World Wide Web were told at a House hearing last week that the agency's actions could serve as a blueprint for other federal agencies that use the Web to distribute sensitive information.

Media reports last month made millions of Americans aware that anyone could gain on-line access to an individual's earnings and benefits reports by using a few easily obtained keys such as a person's name Social Security number date and place of birth and mother's maiden name. The earnings information available on SSA's Web site (www.ssa.gov) as a Personal Earnings and Benefit Estimate Statement (PEBES) also includes information on taxes.

Within days of the reports SSA shut down the month-old on-line service and planned a series of public forums to collect public comment and search for possible remedies to the privacy problem.

The first of the forums was held on May 5 in Hartford Conn. and served to air many of the suggestions that have been discussed to bring greater privacy and security to PEBES on-line. The next day members of the House Ways and Means Committee's subcommittee on Social Security began winnowing through some of those suggestions.

Several Possible Solutions

One solution SSA may consider is requiring personal identification numbers passwords or digital signatures to access private information via the Internet but that solution presents its own logistical challenges and requires cost-benefit analyses panelists told subcommittee members.

Acting SSA commissioner John J. Callahan expressed optimism that future technologies could present an entree for greater security and privacy on SSA's Web site. "Technology changes incredibly rapidly " he said. "There may be a variety of changes in technology wherein we can enhance" the security of the information.

Another solution offered would require individuals to provide more information when trying to access their data. But Marc Rotenberg director of the Electronic Privacy Information Center told the subcommittee he believed that solution was "too costly and too inefficient."

Panelists and subcommittee members also considered allowing taxpayers to opt out of having their information made available. A box could be included in future federal income tax forms that Americans could choose to check if they did not want their information accessible over the Internet.

As the agency searches for a solution it is likely that what it decides to do will lay the groundwork for other agencies that collect sensitive data and are considering making that information available electronically.

"I hope you're working with the IRS on this since they're facing many of the same problems " Rep. Rob Portman (R-Ohio) told Callahan. The Internal Revenue Service one of the largest federal custodians of private information on computers has come under criticism for failing to prevent employees from browsing through taxpayers' records.

Others testifying Tuesday echoed Portman's call for cooperation across agencies.

"There may be some need to coordinate privacy standards within the federal government " Rotenberg said.