“We are talking about one of the largest-growing crimes in America, with literally hundreds of thousands of victims a year. It is called identity theft … The average identity theft costs $17,000. The average length of time it takes an individual to recover their identity … is a year and a half. It is a substantial and serious crime.

Now, what is the most common personal identifier that is stolen? It is the Social Security number. Because with that and a driver’s license, … you can go out and assume another’s identity and proceed to commit a felony crime.”

U.S. Senator Dianne Feinstein, California,
Senate Committee on Finance, July 11, 2002

As senator Dianne Feinstein suggests in the preceding quote, the misuse of social security numbers (SSN) as a precursor to identity theft is a significant problem. She calls it, “one of the largest-growing crimes in America with literally hundreds of thousands of victims a year.” The Federal Trade Commission’s Identity Theft Data Clearinghouse reported that the cost of identity theft is expected to reach $8 billion by 2005.

In an effort to combat the problem, Sen. Feinstein has sponsored federal legislation aimed at making it harder for thieves to access other’s SSNs. At the state level as well, many laws have been enacted or being considered to control the uses of the SSN in an attempt to make it harder to access illegally.

What is legal?

When the social security number was first enacted in 1936, it had one solitary purpose: it was an identifier to enable the Social Security Administration to track an individual’s social security earnings. Since then, however, its use has been systematically expanded until it now serves as the personal identifier for nearly every government, financial, and educational service—not to mention even more circuitous use as video rental account numbers and grocery store loyalty program IDs.

Federal law states that, “it shall be unlawful for any Federal, State, or local government agency to deny any individual any right, benefit, or privilege provided by law because of such individual’s refusal to disclose his social security account number.” However, it adds that any such entity that, “requests an individual to disclose his social security account number shall inform that individual whether that disclosure is mandatory or voluntary…and what uses will be made of it.” The SSN can be used for purposes other than those involving the Social Security Administration, however an individual would seem to have the right to refuse.

According to federal law as set forth in the Privacy Act of 1974,

(a)(1) It shall be unlawful for any Federal, State or local government agency to deny to any individual any right, benefit, or privilege provided by law because of such individual’s refusal to disclose his social security account number.

(b) Any Federal, State, or local government agency which requests an individual to disclose his social security account number shall inform that individual whether that disclosure is mandatory or voluntary, by what statutory or other authority such number is solicited, and what uses will be made of it.’

Federal law has traditionally left the door open for any organization–private or public–to use request the SSN and use it as an identifier. This is changing. At the federal level bills such as Sen. Feinstein’s Social Security Misuse Prevention Act aims to curtail the unbridled use of the number. This bill proposes basic limitations such as a ban on the printing of the SSN on drivers licenses and government checks, and public records.

But this is seen only as first-step legislation. A number of states have already progressed well beyond this level of control. In 2000, New York mandated that colleges end the practice of using the SSN as the student identifier on posted lists and ID cards — and California and others are following their lead. The California proposal would, among other things, “prohibit public and private colleges and universities from using a student’s SSN for identification in a manner that is available to the public or to an unauthorized 3rd party.”

Campuses being proactive

To see just how prevalent the move to excorcise the SSN from college IDs is becoming, simple enter the following search terms at Google or Yahoo!: “social security number,” “eliminate,” “ID card,” and “campus.” Pages of links to campuses that have acted to replace the SSN with a unique random number will result. In the February 2003 issue of CR80News, we profiled several campuses making the switch. Still others have announced this move in recent months.

It is definitely time to open discussion on your campus about the future of the SSN as identifier. It impacts many areas, not just the card program. As mentioned in the article on FERPA in this month’s issue, public display of an SSN in whole or in part such as for the purpose of grade posting is strictly prohibited. The printing of the number on ID cards has already been outlawed in certain states and others are coming soon. It is only a matter of time before federal legislation considers more hard lined restrictions.

Be proactive. Begin developing a plan for how you will migrate if, or more likely when, the time arises. Talk to your card system and other impacted vendors and ask them for their experience in migration from SSN to another unique ID. It is not an easy process but it will not take care of itself. And if legislators at both the state and federal levels continue to see the rising problem of identity theft, every campus will be forced to act whether they have planned for it or are blindsided.