Report to Congress on Options for Enhancing the Social Security Card



Despite its narrowly drawn purpose, use of the SSN as a general identifier in records systems eventually grew. In 1943, Executive Order (EO) 9397 required Federal agencies to use the SSN in any new system of records to identify persons. In practice, however, during the 1940's and 1950's there was little use of SSNs within the Federal Government because other agencies had no real incentive to change their record-keeping systems. Therefore, the EO had little significant effect on use of the SSN. In 1961, the Civil Service Commission adopted the SSN as the identifier for Federal employees. In 1962, IRS began using the SSN as its official taxpayer identification number.

The real explosion in SSN usage came about during the computer revolution of the 1960's. The simplicity of using a unique number that most people already possessed encouraged widespread use of the SSN by Government agencies and private organizations as they adapted their record-keeping and business applications to automated data processing. Use of the SSN for computer and other record-keeping systems spread throughout State and local governments, and to banks, credit bureaus, hospitals, educational institutions and other areas of the private sector. There were no legislative authorizations for, or prohibitions against, such uses.

In the early 1970's, Congress was concerned about welfare fraud and illegal work by those not authorized to work. To deal with these concerns, they amended the Social Security Act to authorize SSA to assign SSNs to all legally admitted noncitizens at entry and to anyone receiving or applying for a Federal benefit. Subsequent legislation, enacted in the mid-1970's, required an SSN as a condition of eligibility for Federal programs, such as Aid to Families With Dependent Children (now Temporary Assistance for Needy Families) benefits, Medicaid, food stamps, school lunch programs, and any Federal loan program. Additional legislation authorized States to use the SSN in the administration of "any tax, general public assistance, drivers license, or motor vehicle registration law within its jurisdiction." The legislation allowed the States to require people affected by such laws to furnish their SSNs to the States.

At the same time legislation was being enacted to expand the use of the SSN, Congress became concerned about the widespread use of the SSN as an identifier--particularly where the number was required for such purposes as motor vehicle registration. As a result, the Privacy Act, enacted in 1974, provided that, after a grandfathering period, no State or local government agency could withhold benefits from a person simply because the person refused to furnish his/her SSN. This provision appeared to suggest that a person had the right to withhold the SSN when requesting services, at least in dealings with State and local governments. Nevertheless, Congress continued to enact legislation that authorized some public uses of SSNs as a way to control its use in the public sector, which tended to limit the effect of the Privacy Act.

A focus in the 1980's was on preventing illegal work and implementing the employer sanctions provisions of the Immigration Reform and Control Act of 1986 (IRCA). While the Reagan Administration stated its opposition to a national identity card, it recognized the need for a means of helping employers comply with IRCA. Currently, under the 1996 immigration reform legislation, SSA is working with the Immigration and Naturalization Service (INS) on several pilot employment eligibility verification projects to allow employers to verify the name, SSN, and work authorization status of newly hired employees. A small test of a prototype system is already underway, with deployment on a larger scale to occur later this year. The projects are slated to run for up to 4 years, with reports to Congress in 2000 and 2001.

In the 1980's, separate legislation provided for additional uses of the SSN including military draft registration, commercial motor vehicle operators licenses, and for operators of stores that redeem food stamps. Legislation was also enacted that first required taxpayers to provide a taxpayer identification number for each dependent age 5 or older. The age requirement has been gradually lowered in subsequent provisions such that an SSN is required for dependents, regardless of age. Each dependent, however, must meet citizenship or resident noncitizen status requirements for receiving an SSN. The expansion of use of the SSN continued through the late 1980's with the requirement for an SSN for eligibility for Housing and Urban Development programs and authorizing blood donation facilities to use the SSN to identify blood donors.

In the 1990's, SSN use continued to expand with legislation that authorized its use for jury selection and for administration of Federal workers' compensation laws. A major expansion of SSN use was provided in 1996 under welfare reform. In an attempt to enhance child support enforcement, the SSN is to be recorded on almost every official document an individual may obtain; e.g., professional licenses, drivers licenses, death certificates, birth records, divorce decrees, marriage licenses, support orders, or paternity determinations. When an individual is hired, an employer is required to send the individual's SSN and identifying information to the State which will verify the information with SSA. This "New Hire Registry" is part of the expanded Federal Parent Locator which enables States to find non-custodial parents by using the SSN. Today there are 27 authorized uses of the SSN as the identifier for record-keeping or matching criteria.

Private sector use of the SSN is neither specifically authorized nor restricted. People are asked for an SSN at banks, video rental outlets, hospitals, etc., and may refuse to give it. However, the provider may, in turn, decline to furnish the product or service, leaving some to conclude they have no real choice.

Throughout the history of the Social Security program, the SSN, originally intended to be used only to record Social Security earnings, has been adopted for other purposes, both governmental and private. The broad-based coverage of the Social Security program makes the SSN widely available and a convenient common data element for all record-keeping systems and data exchanges.


The SSN is the single most widely used record identifier for both government and the private sector, exerting a broad influence on the lives of most Americans. However, by itself, it is not a personal identifier because it lacks systematic assignment to every person and the means to authenticate a person's identity.

An overwhelming majority of public and private sector organizations in the U.S. use SSNs as a normal part of their operations. Of the organizations responding in a 1988 Office of the Inspector General (OIG), Department of Health and Human Services (HHS) study of the extent incorrect SSNs are used, 81% reported using SSNs routinely.

There are two basic ways SSNs are used. Within an organization, the SSN is typically used to identify specific persons and to maintain or retrieve data files. The OIG, HHS study showed that 89% of organizations using SSNs use them for this purpose. The second use of SSNs is for external exchanges of information with one or more outside entities--typically to transfer or match data. There is practically no limit to the innovative ways to exchange data, and 68% of organizations using SSNs reported they exchange data externally using SSNs.

A 1990 OIG, HHS study indicated that 45% of organizations, both public and private, using SSNs make no effort to verify SSN accuracy. This leads to the real possibility that transfers of data from one organization to another could be inaccurate; computer matching of data between different organizations could be invalid; and innocent persons could be subjected to unwarranted intrusions into their privacy or improper changes in their benefits or services or even misidentified with serious results.

The SSN has become a critical element of personal identification in a vast and ever increasing array of public and private record-keeping and record matching processes. The result is that SSA, IRS, the Congress, and other public and private sector entities all have a strong interest in ensuring the accuracy of SSNs.


The current use of the SSN as a personal identifier in both the public and private sectors is not the result of any single step; but rather, from the gradual accretion over time of extending the SSN to a variety of purposes. This has led many to conclude that the SSN is already, in effect, a national identifier, a term generally viewed negatively in the U.S. The implications of the widespread use of a single identifier on personal privacy have generated much concern both within the government and in society in general. Opposition to the use of such an identifier appears to stem from the fear that it will be used improperly to exchange information among organizations or could possibly lead to dossiers about people which would follow them throughout life. The potential to profile people raises questions about limits to freedom of choice and access to society's services and benefits.

On the other hand, there are some who believe that the public would be well-served by use of a national identifier and a national identity document. They argue that it would enhance the ability to more easily recognize, control and protect against fraud and abuses in both public and private activities.

The issue of the SSN as a national identifier recently resurfaced when the SSN was proposed as the universal patient identifier in the Health Insurance Portability and Accountability Act of 1996. Many have questioned the wisdom of expanding the SSN to this purpose because it may enhance an additional linkage to very sensitive personal information. Potential access to these data can have implications for education, employment, credit, insurance and legal aspects of life.

The advent of broader access to electronic data through the Internet and the World Wide Web has generated a growing concern about increased opportunities for access to personal information by almost anyone. Some people fear that the competition among information service providers for customers will result in broader data linkages with questionable integrity and potential for harm. Expanding uses of the SSN and further technological enhancements will extend the debate about the SSN as the national identifier.


Many Americans, concerned about privacy, fear that it is vulnerable to political, business and other socio-cultural factors. Protecting individual privacy is a highly complex situation because it must be balanced by what are seen as societal benefits, for example, in public safety, law enforcement, research and public health. For every example of public concern over privacy protection, there is a contrasting position where the public wants protection from criminal elements, inappropriate and poor health care, banking errors, etc. Societal forces will guide the evaluation and balancing of privacy policies and information uses.

There is heightened concern about how the SSN/card may be used in the future, however, the development of relational data bases will make it possible for people to be identified without the use of the SSN. Such data bases make use of other personal data elements (such as addresses, phone numbers, birth date, parents' names, etc.).

The important issue for the future will be how the managers of personal information systems maintain a reputation for integrity. This is believed to be a significant determinant of public confidence. A Census Bureau study found that the public's belief in the integrity of a government agency is more important than the way the agency guarantees confidentiality.


The potential for misuse of the SSN has grown dramatically as the use of the SSN has expanded. SSA has been under increasing pressure to take steps to: (1) ensure the accuracy of the SSN (regardless of the user); (2) provide verification services to organizations that use the SSN as an identifier to protect their programs from errors, fraud, and abuse; and (3) protect the public from and provide remedy to invasions of privacy or abuses of data which are stored in public or private sector data bases and use the SSN as an identifier.

SSA verification workloads related both to use and misuse of the number have increased as the number's use has expanded. Such verifications are done primarily through regular automated exchanges. We verify SSNs for employers to ensure the correct posting of wages and for other government agencies to ensure accurate benefit payments. Where required by law and, in certain circumstances where permitted by law, we verify that the name and SSN in the files of third parties are the same as those on our SSN records. However, we do not uniformly verify the SSNs used by the private sector. Our disclosure policy protects the privacy rights of SSN holders and limits use of our resources to the business of Social Security. It is important to note that none of these verification operations ensure that the person giving a number, even when presenting the corresponding Social Security card, is the person to whom the SSN was assigned.


As individuals have been adversely affected by enhancements in record-keeping and data exchange that rely on the SSN, legislation has been proposed to resolve specific problems. Currently, for the first time, Congress is looking at private sector use of the SSN and offering legislation to address violations of individual privacy by the private sector involving the SSN. At the same time, other legislative proposals have been introduced to expand the use of the SSN and/or card for specific purposes to enhance government efficiency or curb fraud and abuse.

See Appendix C for some recent examples of legislative proposals to limit and to expand the use of the SSN and/or card.