Skip to main content

tv   [untitled]    June 1, 2017 6:16pm-8:01pm EDT

6:16 pm
things or is there added impetus to those kinds of thoughts as well. >> if i were comfortable i wouldn't be doing the reform that we have. i visited a number of smaller companies in robotics. and they described to me with how difficulty it is to try to do -- well, one of the executives for smo-- now there a couple of spin offs up in boston from people who were part of that company. but that is what worries me. there is tremendous innovation
6:17 pm
and tremendous capability. the challenge we face is brings it into the pentagon, into defense programs and so more stable budgets. a little more flexibility in funding because some of the rigidity of our funding category also makes it harder. but the difficulty in doing business with the federal government. trying to improve that. all of those are key to help feed those things in as well as i think the approach we have laid out on acquisition which is open architectures, modular systems so you can make improvements as time goes on. now there is also a significant part of the future that are policy decisions. cyber. what do we expect the military
6:18 pm
to do to defend the country in cyber space. how comfortable are we one manned systems. all sorts of issues that are out there that we do need to be talking about. but in order to even have those options, we are going to have to have an acquisition system that pushes innovation more. remember, one of the big restructuring we did last year was to break up atnl to have a new under secretary to just focus on on nov -- innovations. we have to bring the whole system up in order to accomplish what we need to for the company.
6:19 pm
great place to finish. please join me in thanking mr. thornberry. [ applause ] coming up tonight american history tv in prime time with the discussion of lesscy of woodrow wilson. the organization of american historians had a discussion at its annual meeting. you can see that tonight on c-span three beginning at eight eastern. this weekend, c-span city tour will explore the literary loif
6:20 pm
and history of eugene oregon. go inside the library archives collection. >> after the book was published, a psychiatrist read the book. and he sent a fan letter. and there ensued a fun correspondence between the two of them about mental institutions, psychiatry and those details and. >> author of the -- african americans during world war i. >> so there is a real year of conflict when they came home but welcome in their home communities. in terms of reforming how americans thought about race relations i don't think it did. it didn't have the impact that
6:21 pm
african americans had hoped it would. >> on sunday at 2:00 p.m. eastern the story of abigail scott dunaway. >> she is an example of one of the really great diaries. she describes what is happening between the people. she describes trouble that happen. she describes the landscape and the scenery. and it is clear, i mean you get a good inkling here that she is a really good writer and that skill served her later on in her career as a leader in the suffrage movement. >> he was a man of high principle and if you didn't have the same level of principles of he did, he would be vocal about that.
6:22 pm
he wouldn't compromise sometimes. so at times people were trying to move him along or became frustrated in dealing with him. but in the end, i think he is so well-known for his integrity. >> watch c-span city tour of eugene, oregon. >> sunday on q and a. >> there is a political structure that was crafted in the 1927 radio act. and those rules 90 years ago still govern the way we actually allow resources to be used in our economy today. >> clemson university professor and former chief economist thomas hazelet talks about his
6:23 pm
book. >> when we went to this political system for allocating spectrum rights, within a couple of years the regulators at the commission are renewing licenses but very carefully noting that propaganda stations will not be allowed. and in fact early on, 1929 in that period, you had left wing stations if i could use that political term owned by the wcfl in chicago, a labor union. and wevd socialist had bought a station near new york city. they wanted for political purposes free speech you might say, they wanted to espouse their opinion and these were immediately dubbed propaganda stations. >> sunday night at eight eastern
6:24 pm
on c-span's q and a. >> a sub committee of the house ways and means committee recently held a hearing on preventing identity theft. testifying at the hearing were officials with the social security administration, the office of personnel management, medicare and the veterans affairs department. >> good afternoon and welcome to today's hearing on the federal government use of social security numbers. unfortunately chairman johnson was unable to be with us here today to discuss one of his
6:25 pm
favorite topics ending the unnecessary need of social security numbers. and all of the it sub committee members for joining us in the ways and means committee hearing room today. back in 1936 when social security began issuing social security numbers they were only used to track earnings and administer the social security program. back then, it wasn't much thought about keeping your number a secret. but today social security numbers are the key to the kingdom for identity thieves. social security and identity security experts make a point of telling americans how important it is to protect their numbers. social security numbers are valuable targets for identity theft because of their regular
6:26 pm
use by both federal government and private sector as a unique identifier especially by the financial industry. time and again we are reminded to protect our social security cards in order to avoid identity theft and to be careful with what documents we throw away in the trash. our social security numbers are connected to so many personal aspects of our lives. from our social security benefits and finances to our medical histories and our education. but in recent years privacy concerns have become more and more critical. when i was in law school back in the dark ages, our grades used to be posted on the wall to keep secret by social security number. one of my very good friends in
6:27 pm
law school's name was ziegler. his social security number was always the bottom of the list and until not long ago, i probably could recite his social security number. while colleges and universities have since changed their ways, the federal government has yet to catch up. just under ten years ago under president bush's leadership, a memorandum was issued for the safe guarding of identifiable information. the memo called for federal department agencies to reduce or replace the use of social security numbers across the federal government. unfortunately while some progress has been made in reducing the use of social security numbers, ten years later, there still much work to be done.
6:28 pm
this hearing is about making sure that social security numbers are only used when necessary. and that the federal government is doing what it can and what it should to make sure that when social security numbers are used and collected they are kept safe. the office of personnel management hack in 2015 is an example of what happens when the federal government collects social security numbers but does not keep them safe and that neg ledges comings with a cost to both affected individuals and to the taxpayers. the american people rightly deserve and expect the federal government protects their social security numbers and only uses them as necessary. i thank all of our witnesses to being here. i look forward to hearing from you about how your agencies are working to tackle this challenge and what more needs to be done. i now recognize mr. larson for
6:29 pm
his opening statement. >> thank you mr. chairman and we join with you and certainly wishing our dear friend and colleague sam johnson a speedy recovery. and would like to add how fortunate we are on the ways and means committee to have two iconic american heroes serving on the same committee. when you think about sam johnson and his service to this country, and all that he endured on behalf of this nation, nearly beaten to death by the vie yet kong and then you think of john lewis and all he endured in this country and nearly beaten to death in his own country. so we have these two iconic legends and i am so proud to
6:30 pm
serve with sam and was happy that he introduce with him this social security identity loss. to remove beneficiary social security numbers from mailed notices. and mr. johnson is such an incredible gentleman, we also have taken every opportunity in the sub committee to renew a request, a, i hope the committee will travel to plano, texas. and that we have an opportunity in as much as mr. johnson has indicated this is his last term to have a meeting there in plano, texas that would honor mr. johnson and the committee and this particular topic area that he so vitally is concerned
6:31 pm
about. i want to recognize chairman hurd who is with us and the lead democrat robin kelly for being here in our meeting room as well. since 2014, hundreds of millions of americans have lost their personally identified information including their social security numbers to large scale cyber attacks. the number was originally created in 1936 for the purpose of running the nation's new social security system. however, its usefulness as a unique governmental identifier has made it near ubiquitous across government and the private sector. ongoing vigilance is needed including adequate support for updating and modernizing social security administration it structure. all together social security administration has been able to
6:32 pm
remove the nine digit ssn from about one third of the mailings it sends out. moving forward they have committed to removing them from the remaining notices which requires computer upgrades. the severe constraints on the budget are preventing the agency from removing numbers from all of the notices right away. as they estimated it would cost 14 million to do it immediately rather than piecemeal. since 2010 the number of beneficiaries has grown by 13% as the baby boomers enter retirement but social security operating budget has fallen by more than 10% in that same period. the social security administration cannot serve more and more people with less and less money each 82.
6:33 pm
social security administration is struggling to serve its beneficiary at the level they deserve. multiyear weight times. their phone calls are going unanswered. they face delays incorrecting errors in their benefit. budget released today also attacks social security benefits for those with disabilities as much as $70 billion over ten years and mr. chairman, i would like to submit for the record the 13 times that donald trump promised not to cut social security and medicare and medicaid. president trump has promised repeatedly not to cut social security or medicare. this broken promise should be
6:34 pm
especially alarming for millions of people who voted for the president who spent their working lives paying premiums into the system believing those benefits would be there for them in retirement or should they become disabled. bottom line is this. social security is the nation's insurance program. it is not an entitlement. it is the insurance that individuals have paid for throughout a lifetime. the problems with social security at its core this issue that we are taking up today especially as it relates to theft is vite tally important to protect people's identity. but equally important and the responsibility of the committee is its accuracy shoeiarial soundment. ask any private sector insurance company if they could have a 99% loss ratio.
6:35 pm
they would die for that. and there is no product on the open market where you could produce old age and survivor benefits, disability and a pension plan and survivor's benefits. that is the uniqueness of social security. that is why it is america's insurance plan that our citizen have paid for. this is not an entitlement. and we'll continue to make that point. and i hope later this year mr. chairman and mr. johnson has been very gracious saying we will have an opportunity to make sol gent social security for all of -- >> i now recognize mr. hurd for his opening statement. >> thank you. two years plus that i have been in congress i have learned one
6:36 pm
thing and that is that americans protect the federal government to protect their personal information. sadly as evidence by the devastati devastating data breach, this is not the case. social security numbers can be used to perpetuate identity theft or worse. you never know what a piece of information the bad actors need to achieve their goals. the oversight committee recently held a hearing on the irs data breach and used that information to file fraudulent forms with the irs.
6:37 pm
in fact, tomorrow the house is scheduled to consider a social security fraud act and prohibits folks by sending social security numbers by mail. the social security administration has over 175 mlg wage earners and records on everybody living and dead. veterans administration has held records on over 800 -- the va currently uses social security as a patient identifier. protecting these numbers is important for all americans. but given that social security numbers are frequently exchanged with at most residents of society we must take utmost precaution to prevent
6:38 pm
unnecessary risk of exposure. agencies reduce their use of social security in order to mitigate the risk of identify theft. it is essential how they use, collect and store social security number and indeed all pieces of personal information they collect. i am proud to be here today with my colleagues from the oversight committee and colleagues of the ways and means committee to examine what is working and what wi we can do better. and thank you for being here today and i look forward to hearing from all of our witnesses. >> i now recognize ms. kelly. >> thank you chairman rise and hurd and ranking member larson. originally created to track the earnings of individuals and
6:39 pm
determine eligibility for benefits the number has been a principal method for identifying -- challenges to data security and identity -- recognize a are you deucing could reduce the risk of identity. ten years ago this week omb issued a memorandum by examining where their collection was unnecessary and creating plans and such collection within 18 months. now on the ten-year anniversary of the guidance, we have the opportunity to examine the challenges that have stymied agency efforts while learning from those agency who had success in their initiative. the social security administration in longer prints social security numbers. the center for medicare and
6:40 pm
medicaid services is in the middle of efforts to remove the number of all medicare cards. like wiesz the department of veterans affairs have seized social security numbers on certain forms of correspond ens and is working to -- reducing the visibility of social security numbers. these steps represent real progress and i commend the agencies on their work so far. but barriers still exist of full implement of guidance. gao found that the 20007 memorandum did not define unnecessary use nor did it outline requirements of this time line or performance goals. as a result many agencies were vague and subject -- additionally omb did not require agencies to update their
6:41 pm
inventories of social security collection points making it difficult to determine whether agencies were actually reducing collection and use. omb must provide clear direction. in addition to poor coordination federal efforts to reduce social security numbers have faced other challenges. agencies are legally required to collect social security numbers for identity verification and a number of programs. and social security numbers remain the standard for identity verification across government programs. however, a lack of approved funding prevented these efforts from going forward. until congress -- is created significant reductions and social security numbers use seems unlikely.
6:42 pm
outdated legacy it systems also cause agencies to struggle. this sub committee has spoken as great length in the need to improve the infrastructure. personal cuts proposed by the trump administration will take us in the opposite direction. i hope my colleagues will keep this and the need to protect americans from identity theft in mind as we discuss fiscal year 2018 budget propose ales. i look forward to hearing from our witnesses today. >> thank you. as is customary any member is welcome to submit a statement for the hearing record. before we move on to our testimony today, i want to remind our witnesses to please limit their oral statements to
6:43 pm
five minutes. however, without objection, all of the written testimony will be made part of the hearing record. we have five witnesses today. seated at the table are gregory will hughesen. mariana. david devees chief information officer. and karen jackson deputy chief operating officer centers for medicare and medicaid services. and john oswalt. department of veterans affairs. welcome to you all and thank you for being here. pursuant to the committee on
6:44 pm
oversight and government reform rules all witnesses will be sworn in before they testify. please rise and raise your right hand. do you solemnly swear or affirm that the testimony you are about to give will be truth the whole truth and nothing but the truth so help you god? please be seated. mr. wilhusen. welcome. >> chairman rice and hurd and members of the sub committee. thank you for inviting me here today. my statement is based on our draft report on federal efforts to reduce the collection use and display of these numbers.
6:45 pm
we have provided a draft report to 25 agencies for comments. we anticipate issuing the final report to you later this summer after we receive agency comments. before i begin, if i may, i would to to recognize several members of my team. with me is john who led this work. in addition andrew begs, dave -- beginning in 2007, opm, omb and the social security administration under took several actions aimed in reducing or eliminating the unnecessary -- these actions have had limited success.
6:46 pm
opm issued guidance to agencies enacted to eliminate or mask social security -- it also promulgated a draft -- display of social security numbers but withdrew the proposed rules because no alternate federal employee identifier was available. in 2007, omb required agencies to establish plans for eliminating the unnecessary collection and using social security. in 2007 social security administration developed an online clearinghouse on agency best practices for minimizing the use and display of social security numbers. however this clearinghouse is no longer available.
6:47 pm
at the individual agency level each of the 24 cfo act agencies reported taking a variety of use to reduce the collections use and display of social security numbers. these steps including masking, trunkating or plblocking the numbers. filtering e-mail to prevent transmitting of unencrypted numbers. social securities cannot be completely eliminated from federal it systems and records in part. the identified three other challenges. first several statutes and regulations required collection and use of social security numbers. second, interactions with other federal agencies and external entities required the use of the
6:48 pm
number and a third challenge pertained to technological hurdles that can slow replacement numbers of information systems. reduction efforts in the executive branch have also been eliminated of stress comings. many agencies reduction plans did not include key elements such as time frame and performance indicators. and has not established criteria for determining when the number's use or display is unnecessary. leaning to inconsistent determinations and definitions across the agency. omb has not ensured that all agencies have submitted up to date progress reports and has not established performance metrics to measure and monitor
6:49 pm
agency efforts. accordingly in our draft report we are making five recommendations to address these shortcomings. until omb and agencies adopt better and more consistent practices the reduction measure will remain limited. will remain greater than it need be. chairman rice, chairman hurd, ranking members larson and kelly, this concludes my statement, i will be happy to answer your questions. >> thank you, sir. >> welcome and thanks for being here. please proceed. >> acting chairman rice, ranking member kelly and members of the sub committees. thank you for inviting me to discuss the history of the social security number, how the social security administration uses it to administer its
6:50 pm
programs and efforts to reduce the numbers use. i am -- there is a rich history surrounding the social security number. those responsible responsible f implementing the new social security program understood that crediting earnings to the correct individual would be critical to the program's success. names alone would not ensure accurate reporting. accordingly, in 1936, we designed the nine-digit ssn and ssn card to allow employers to accurately report earnings. today, over 80 years since the program's inception, we have issued around 500 million unique numbers to eligible individuals. the ssn continues to be essential to how we maintain records. without it, we could not carry out our mission. however, the ssn and ssn card were never intended nor do they serve as identification. woo strongly encourage other agencies and the public to minimize their use.
6:51 pm
we also provide electronicer have if i ka haveifications of ssns. in 2016 we performed over 2 billion automated ssn verifications. although we created the ssn, its use has increased dramatically by other entities over time. a 1943 executive order required federal agencies to use the ssn. advances in computer technology and data processing in the 1960s further increased the use of the number. congress also enacted legislation requiring the number for a variety of federal programs. use of the ssn grew not just in the federal government, but throughout state and local governments to banks, credit bureau, hospitals, educational institutions and other parts of the private sector. as use of the ssn has become more pervasive, so has the opportunity for misuse. we have taken numerous measures to help protect the integrity of
6:52 pm
the ssn. in 2001 we removed the full ssn from two of the largest mailings, the social security statement and the social security cost of living adjustment notice. these notices account for about a third of the roughly 350 million notices that we send out each year. in 2007, omb issued a memo requiring agencies to review their use of the ssn and identify unnecessary use of the number. we recognize, although we need the ssn to administer our programs we could and did refine all of our personnel processes to reduce reliance on the number. still, we recognize that we need to do more. two-thirds of our notices have the social security number. our notice infrastructure is complex. about 60 different applications generate notices and every notice is created to respond to an individual's unique circumstances. nevertheless, we are committed to replacing the ssn with a
6:53 pm
beneficiary notice code or bnc as we modify existing notices or create new ones. the bnc is a secure, 13-character alpha numeric code that helps our employees identify the notice and the beneficiary and respond to inquiries quickly. we initially developed the bnc for use in the social security cost of living adjustment notice. additionally, next year, we will replace the ssn with the bnc on benefit verification letters as well as appointed representative and social security post-entitlement notices. together, these mailings account for 42 million annual notices. we take great care to protect the integrity of the ssn and the personal information of the public we serve. thank you for the opportunity to describe our efforts. i'd be happy to answer any questions. >> thank you, mrs. lacanfora.
6:54 pm
mr. devries. >> thank you, members of the subcommittee. thank you for the opportunity to represent the office of knowledge inment as a personal identifier. in 1962, the civil service commission adopted the ssn to identify federal employees. over time the ssn became universal to every piece of paper in the federal employee's personnel file. the ssn was used for routine personal actions to request health benefits and for many other purposes. in 2007 opm issued guidance to develop consistent and effective measures for use in safeguarding federal employees ssn's. the intent of these measures was to minimized risk of identity
6:55 pm
theft and fraud in two ways and one by limiting the use of ssn as an identifier and by strengthening the protection of personal information including ssns from laws. examples of the measures that we recommended were eliminating it the unnecessary printing and display of the social security number and forms of your computer displays and restricting access to only those individuals who had a need to know and they were notified of their additional responsibilities to safeguard that. we also included privacy and confidentiality statements to go along and finally, we came up with how do you mask it and how do you take the social security numbers out of the forms there? internal to opm, we examined internal policies with respect to the use of ssns and in 2012 issued an addendum to the information security privacy policy. the updated policy identifies acceptable uses of the ssn and describers of the use will be documented and alternatives for ssn.
6:56 pm
this policy addendum notes that acceptable are only those provided for by law, executive order and interoperability outside of opm and are required by operational necessities to achieve the mission. for example, the ssn is the single identifier that is consistent across the security investigation process and may be necessary to compete an individual's background investigation, but it is not protected in both transit and in storage. opm has taken other efforts to reduce the use of ssn since issuing the 2012 policy. opm modified the usa jobs and staffing systems so neither collects ssns from applicants. we took efforts to understand which i.t. systems maintain ssns and how they use those to communicate with other programs. the initial inventory was completed in september 2016 and we are now using it to validate the progress made and identify other opportunities. in addition, we are updating the
6:57 pm
internal 2012 policy this year. it is ditch cult to completely eliminate the use of ssns without a government-wide coordinated effort and dedicated funding. opm, shared service providers and benefit providers. in the fall of 2016 omb and opm proposed the program unique identifier or puid initiative to reduce the use of ssns in many government systems and programs. it sought to facilitate the information without ssns. this would be accomplished by providing an alternative numbering scheme to identify record across various programs and agencies. an initial group of concept showed potential for study. members of the subcommittee thank you for having me here today to reduce the use of ssns and for your interest and support in this important issue here. safeguarding the pia and federal employees and others whose
6:58 pm
information we hold is of paramount importance of opm and i would be happy to address any questions that you have. >> thank you, mr. devries, you can proceed. >> chairman rice and heard, ranking members larson and kelly and members of the subcommittee, thank you for this opportunity to opportunity to discuss the medicare and medicare services work and to safeguard the personally identifiable information for the beneficiaries whom we serve to eliminate use of the social security number on medicare cards. >> this effort is an important step in protecting beneficiaries from becoming victims of identity theft and one of the fastest growing crimes in the country. as we know identity theft can disrupt lives, damage credit ratings and result in inaccuracies and medical recordses. >> thanks to congressional leadership and in particular chairman johnson who, i'm sorry, is not here today and members of the ways and means committee and
6:59 pm
based on the recommendations of our colleagues from our government accountability office. cms will eliminate the identifier on medicare cards by april 2019. as congress directed us, as part of the reauthorization act in 2014 known as macra, we undertake this important project. beginning in april 2018, all newly enrolled medicare beneficiaries will receive a medicare card with a new medicare beneficiary identifier known as the mbi. at the same time, cms will begin distributing the new medicare cards to the current beneficiaries. this new medicare number will have the new number as the 11-digit social security based health insurance claim number known as the hicen, but will be visibly different and distinguishable from the hiken.
7:00 pm
with the introduction from the mbi, for the first time, cms will have the ability to terminate a medicare number and issue a new number to a beneficiary in instances where they are a victim of identity theft or their medicare number has been compromised in some way. >> transitioning to the mbi will help beneficiaries to better safeguard by reducing the exposure of the social security numbers. cms has already removed the social security number from many types of our communications including medicare summary notices mailed to beneficiaries on a quarterly basis. we've prohibited private medicare advantage plans and medicare part d prescription plans from using social security numbers on their enrollees social security cards. many people wonder why cms has used an identifier in the first place, when the medicare program was established in 1965 it was actually the social security administration who administered the program. while cms is now responsible for
7:01 pm
management of medicare, the social security administration still enrolls beneficiaries and both cms and the social security administration rely on systems to coordinate eligibility for medicare benefits and for social security benefits. currently, health care providers use the hiken to receive claims for medicare services and supplies. cms and its contractors use the hiken to process claims, authorize payments and issue communications. we're in the process of making changes to over 75 of our affected systems to replace those system indicators with the mbi over the hiken and we have developed the software that will generate mbis and assign them to beneficiaries. we are working with key partners such as ssa, railroad retirement
7:02 pm
aids, and the department of defense, department of veterans affairs, health care providers and other key stakeholders, there are a lot of them to ensure that beneficiaries continue to receive access to services and our partners will be able to process using the new mbi. we're implementing an extensive and phased outreach education program for the estimated 60 million beneficiaries who will be receiving new cards as well as providers' private health cares and insurers and clearing houses and other stakeholders. this fall, we'll tell medicare beneficiaries they'll be receiving a new card and instruct them on when they'll be receiving it and what to do with their old cards. we are also working to make sure that other physicians and other healthcare providers are prepared to serve patients throughout the transition by creating information for providers both for them to update their records with the new mbi and also for them to help remind beneficiaries that they need to bring their new cards with them when they need
7:03 pm
to see their doctors. we know from other successful large-scale implementations that it allows time for stake holders to adjust to the changes and so beginning in april 2018 when we begin to mail out the cards, cms will have a 21-month long transition period during which our systems will accept transactions both containing the mbi and also the hiken. throughout our programs, we are committed to safeguarding personal information, redesigning the medicare card to remove the social security number-based identifier is a very important step for cms and helping to combat identity stheft and further protect our beneficiarieses. thank you very much for your interest in our progress today and i look forward to answering your questions. >> thank you, miss jackson. mr. oswalt, thank you for being here. you can proceed. >> good afternoon, chairman rice, chairman heard, ranking member larson, ranking member kelly and distinguished members of the subcommittee.
7:04 pm
thank you for this opportunity to participate in your joint hearing on government use of social security numbers across the government and va and the steps that va has taken to find ways to reduce, eliminate social security numbers from va systems. the va's mission is to serve with compassion americans' families and it is with timely information being readily, available. if we are to advocate for veterans and ensure they receive the medicare, social support and lasting memorials they have rightfully earned in service to our nation, the va must properly identify, verify and coordinate this protected information entrusted to us. the department interfaces with many other federal agencies including, but not limited to the department of defense, the social security administration and the internal revenue service and the department of education. the va's primary uses are three-fold. one, locate veterans to ensure
7:05 pm
correct identification associated with the delivery of health care and services. identify employees for employment, record keeping and three, ensure 100% ak ras ney patient identification. mistaken identity can result in catastrophic and tragic outcomes. until such time that the comprehensive and equally accurate means to do so is established and implemented, the use of ssns remains the best means of ensuring patient identification. in addition, ssns must be used if required by law and regulation for purposes such as background investigations and income verification and the matching of computer records between government agencies. elimination of the smu is not solely a function of information technology, and i.t. the business process is used by the veteran's health administration and the veterans administration and va offices require a complete overhaul in how they establish absolute
7:06 pm
identity verification and inside va and equally important outside va. ssn use can only occur after the comprehensive review of ssn's use and its interconnectedness is complete. va recognizes the growing threat posed by identity theft by dependence and employees. in 2009 they created the enterprise-ed by social security reduction effort. the goal of an ssnr is to catalog ssn use leading to the reduction as the va's primary identifier all while maintaining the 100% requirement for proper veteran patient identification. for example, vha has eliminated the full use on routine correspondence and the identification card. it has eliminated the ssn from prescription bottles and mailing
7:07 pm
labels. >> as a whole, va has removed ssns where such use was deemed not necessary. vba is modifying an existing contact to replace ssns with bar code labels on all outgoing correspondence. >> completion is expected in november of this year. >> as va migrates away from, ssn use, the office is collaborating with stake holders to continue expanding the use of the veteran index avi. the beneficiaries and other eligible persons and mvi serves as the authoritative identity source within va and generates and assigns an integrated control number or icn for each veteran. the use of vi as a unique identifier continues to expand with the ultimate goal being the replacement of the ssn as a primary identifier. there are many challenges facing va regarding the elimination of
7:08 pm
the unnecessary collection and use of the ssn and this includes a system analysis that needs to be conducted to identify the large volume of interface systems that va needs for clinical care and administrative functions. >> undertaking a robust education and retraining program for employees to identify a unique identifier. >> this has begun, but it will take time to integrate fully our processes and acceptance by the veteran community. a change of this magnitude across the entire va system will require substantial outreach in education. va has made considerable progress towards eliminating the use of ssns and continues to reduce the use of ssns with the goal to replace it with the alternative identifier. >> this concludes my testimony and i'm ready to answer what your or other members of the subcommittee have. >> thank you, mr. oswalt. we now turn to questions.
7:09 pm
as is customer for each round of question i will limit my time to five minutes and i would ask my colleagues to also limit their questioning time to five minutes, as well. mr. oswalt, i want to start with you. you were just speaking of the hurdles that the va has to cross to eliminate the social security number and how critical it is that we make sure that we identify each patient. their lives are in the balance, right? to make sure they get the right medication and so forth. >> you were saying that as a replacement for the social security number you'd started implementing an icn. what you didn't tell us is how long it will take to get that done? what would be your best estimate to when you can get that done? >> the mvi which is the registry, and all certain types of identifiers has been in place in various incarnations since 1999.
7:10 pm
>> so you don't use social security numbers anymore? >> excuse me? >> so you don't use social security numbers? >> it is still in the va processes. the icn is generated by all of the information that the mvi collects. so using that icn as a means to identify a veteran as their information traverses the system or, you know, a machine talking to a machine, that has happened to a large extent already and it's primarily the ssn use when there is a human to human interface between a clinician and a patient. >> do they still have the social security numbers around their wrist bands? >> yes, sir, we do. >> there is an effort on a pilot level, right now we are seeking to eliminate the full ssn with the goal of being a complete elimination and there is a bar code. >> do you have a timetable for that? >> sir, i would have to take that and provide that for the
7:11 pm
record because i am not aware of the project status. >> thank you, mr. oswalt. your testimony was very interesting and exciting, you said by 2018 you will eliminate the social security number from the card. you're moving at lightning speed for the government. thank you for your efforts. mr. devries, you have stopped collecting numbers for applicants for the employees of the federal government? >> correct, sir. when an applicant is going to enter into or wants to come into the federal government and then go to the usa job site, we no longer collect that social security number from that time. correct. >> when do you collect the social security? >> we don't collect it and the agency once we match up the job applicants against the job posting to what we call usa staffing and the agency takes that referral list, when they bring that person on to make an
7:12 pm
employee offer that's when the agency that's hiring them collects that from them then. >> i know they would use a social security number for tax withholdings and such. what else would they use the social security number when they're looking to hire somebody? >> it's mostly that. it's your status of employment and the benefits that come with it. whether it be the pay or reporting back to the irs or the social security side of the house. >> do you do criminal background checks in any agency of the government? >> once you become an employee and your position requires that then when you submit for the background investigation that would be the primary use and similar to what we do in the va, and once we get into the background investigation system then it's a different number that becomes the controlling number for it. >> and since this massive hacking that occurred several years ago, i see you implemented more protections to prevent that from happening again. >> yes, sir.
7:13 pm
>> this is lacanfora, gosh. amazing statistics. did i hear you correctly that you verify 2 billion requests per year, is that right? >> 2 billion verifications. yes. >> so that would be, like, six for every living person in the country? >> yes. it's worth noting that more than half of those are federal and state agencies that are verifying for us and that can happen multiple times throughout a year if they're processing an application for benefits. >> great. omb has required agencies to eliminate the use of social security numbers and they never defineded what necessary use is. how do each of your agencies define necessary use? i'll start with you. the microphone? >> actually, i don't know how my agency has defined social
7:14 pm
security -- or unnecessary use. what we did in terms of our audit of the other agencies is to determine to what extent that they have identified how they use it and what we found out that 24 cfo agencies is that a number of them, like four, i believe, has not -- did not even define what unnecessary use is and another eight didn't really have a documented or did not have a formal definition, but rather compared it to based on the judgment of the individuals who are making the particular assessments on social security use. thank you, sir. mr. larson? >> thank you, mr. chairman. i want to thank the witnesses again. what a credit to government service you are, and i thank you for being here today. just a couple of questions.
7:15 pm
first, it's got to be incredibly hard to operate an agency that is the largest insurer in the nation and to do so with the 33% loss ratio and the largest of any private sector insurance company. kudos to you. not without his problems and complexities and one of which we're exploring here today in term of making sure we get after fraud and abuse and as we've said many times on the committee, anyone who abuses this system, a sacred trust ought to get the ultimate penalty and i'm all for strengthening anything that we can do to further crack down on this. we've heard in your testimony today is a couple of things that strike me. number one, you're -- you know, we have a 13% increase overall with the baby boomers coming through this system and yet you've had a 10% overall cut in
7:16 pm
your budget. one has to ask, how are you able to manage with these increases and the complexity of the problems that you face including hacking? listen, i'm one of those people who would also concur, listen, you don't always -- cuts in service if they're replaced by technology that is current can overcome those things, but it seems to me like you're also saddled with legacy i.t. that needs to be updated and improved and yet there aren't the resources that we funnel you to do that. is that a fair assessment? >> you have said some of our challenges, yes. we are embarking on an ambitious i.t. plan. we know that we can't continue to operate the way we are
7:17 pm
continuing. >> you say you're embarking on it, it seems that the areas that we're confronted with and i notice the wrist band concerns that were brought up in terms of identification that if we have the resources and certainly we have the technological capability, why wouldn't we protect what is the government's leading program to protect and assist its citizens. could you -- do you need more money? >> i think our budget folks are coming up to brief your staff on the '18 budget, and i will say that the '18 budget attempt to balance stewardship as well as improving the efficiency with which we operate. the plan i mention side something that we're looking forward to advancing and we're considering that to be an agency priority so we are going to dedicate the funding to support that. part of that will help us to modernize our communications
7:18 pm
infrastructure and remove the ssn from the remaining notices. >> what's very alarming to us, and i know that my colleagues on the other side of the aisle share this, as well, is that we know how vital this program is to all of our citizens. we know and everyone can attest to the long waits on disability in terms of processing claims. it seems in a country as gifted as we are with i.t. this ought to be something that we ought to be able to solve rather easily. so it's further frustrating when we continue to see cuts in the budget and quite alarming today when we had the president's budget that's revealed with about a $70 billion cut in social security which, to me --
7:19 pm
is to keep pace actuarially where we were in 1983 when we actually last looked at this from a business actuarial sound position. i really believe that we can close a lot of these gaps with appropriate technology and assistance from the rank and file who i would also note according to testimony in previous hearings that front line members in social security offices are our best line of defense against fraud and abuse and waste and they don't get enough credit and continuing to cut the budget instead of looking at investments in both i.t. and where we can be more efficient and successful, i think, is where we need to go. thank you. >> just to clarify. the president is not thinking about cutting benefits and he's thinking of cutting administrative costs.
7:20 pm
mr. swieker. thank you, mr. chairman. >> forgive me. who would be the most technical of all of you? all right. i need you to work through something with me and correct me if i'm not hearing something correctly. i have a pnc, i have a puid, i have an mbi and i have an icn, are these all on a common registry that or derivation table that you tag in technology and you pull back and tag? >> no, sir. >> in that case, forgive me, and -- and, look, i've only been reading the testimony and the things here, but what i see is absurd technology wise. without a common central token system, and forgive me if you
7:21 pm
use apple pay, apple pay does not hold your credit card number and what it creates is a one-time use token. it hands off, matches and is handed back a number and reflects back. you all have i.t. budgets and you're trying to solve a problem, but in many ways, i need you to walk me through. it's my fear that the problem may have gotten worse because i have the va with one set of numbers, and i have medicare with a different set of numbers, and i have opm with a different set and i have social security with another blind identifiers. have we just made the problem much worse at least for the customer service aspect? >> if i could, let me address that to a limited degree. what you just heard here is exactly the case. we took one common field calleded a nine-digit social security number for decades and became ubiquitous in every form
7:22 pm
we fill out and we can't show that and we've got to cut the use of that where it is not publicly used. >> and we created a scheme with these things. when i became a dod member, i became a veteran at the end of that thing and i get a different number. and i am a civil servant, i get a different number yet. so how do we unite that thing? and that's how we need the unification at the top to help drive the standardization of these things because at the end of the day i still need to tie the different benefits that come at it from the various employment opportunities. >> does everyone see what i'm observing is we may be actually in our attempt to blind these numbers create another cascade effect that will create a new level of complication and that is when my veteran is working on is medicare who also is dealing with the social security dispute that may want to go back to work to the federal government at the
7:23 pm
park service, but now i have a handful of different numbers. just off the top of my head and i'm on the edge of my technical exp expertise, and some sort of common tokenization, and i hand this number and i would get a handoff and i would get a constant match. it would aren't stop you all from doing what you're doing, but we would have to actually build a common, unified clearing house data system that would reflect all of the numbers and hand back the one-time use token. but that may be a unifying solution to solve a number of our problems which i can take you all of the way to social securitier income tax credit fraud. am i way out of my league and am i seeing a unifying problem
7:24 pm
here. >> you are correct, sir. in my opening remarks i talked about the program unique identifier and the concept was to keep the social security number as the goal place. you protect that and surround it, but you don't bring it out and you have programs so each of these can be a unique program and they would have structures to their numbering schemes and they own the numbering schemes just like we talked about it here and it gets associated back to it. if his medicare card gets confiscated or lost we cut him a new one and it does not start the whole process. >> it would be easier if someone used a medicare benefit they had a chip card and handed off a new token and you can and i can design the same thing where i type in this time the unique number and hands off. it may be worth a conversation for those who are interested in this type of technology.
7:25 pm
maybe as the committee here and it will take resources, but there's got to be a unified theory to make this simpler. i yield back, mr. chairman. >> thank you, miss kelly. >> thank you, mr. chair. social security numbers have become used as the principal method of identity verification in and across agencies, however, the very fact makes them lucrative targets for identity thieves. mr. willhoosen. >> you testified that ssns are particularly risky because they can, quote, connect an individual's pii across information systems and databases. can you explain how the widespread use of social security numbers increases the risk of identity theft? >> certainly, and thank you for the question. one of the reasons is that it's available and if it's not properly secured and our work on
7:26 pm
information security at federal agencies when we looked at the examination or examined the security controls over the agency's information, we have often found that the security controls are not effective to the extent to where they can adequately protect the confidentiality and integrity of the systems at those agencies. so by having stores of social security number in a particular agency and if it's not adequately protected, then that information can be used not only for that agency, but can be used as an identifier for that individual and other agencies and indeed in the private sector, as well, and so just last year and fiscal year 2016 agencies reported about 8300 incidents involving pii to the u.s. cert for fiscal year 2016 so it's a present problem. >> how can the use of an
7:27 pm
alternate identifier reduce the risk of identity theft? >> for one, it may limit the extent to which an alternative i.d. may be used to identify the individual with other databases and other entities. it's an opportunity to limit the extent that that identifier can be used across various different organizations. >> and you talked about in your testimony no such identifier was available. can you expound on that? >> that's one that's not universally as accepteded and applicable as the social security number. we did report that in certain instances that in certain organizations including dod or va and vha where they've started to use an alternate identifier other than social security numbers to provide for their members and that require one. >> okay. and despite opm's failure to
7:28 pm
implement an alternate in 2008 the agency proposed a program unique identify initiative in 2015 to provide an alternative way for identifying records and govern chlt systems, mr. devries, is that correct? and can you elaborate on that? >> ma'am, can i get the last part of the question? >> i asked about the proposed identifier in 2015 to provide an alternative way for identifying records in government systems and can you elaborate on that? >> yes, ma'am. >> going back to a program perspective, if you provide a program as personal interest, cms, dod and some other ones that are ben theys that will be reported and benefitted from an individual and along the way i
7:29 pm
accrued their benefits and each one is recorded in their own way. by uniting biwa we talked about before with the lenler that says here's the program for this car and this number and scheme and we standardized the numbering and then you can reuse those things and again, just as he pointed out we would not, if you lose your medicare card you lose the connectivity of what that team represented in the medicare business, and not across the whole financial institutions and the other ones. the challenge is how do i work that thing not only at the federal level and the agencies here and then down to the agencies that report in to us and also to the state and local government, because everything is coded into these various programs and the social security administration talked about the number of systems she has and they keep on exploding when they go down to the state and local government side of the house and all of those need to be linked together at some point in time. >> i think we can take it one phrase at a time. i worked for the state of illinois and there was the same
7:30 pm
issue there, and i want to do states and change it on their own, one by one or how does that, do they decide to make changes because i think before i left they did make some changes because they have social security numbers on everything. >> i'll let my esteemed colleagues talk here, but within the department of defense when we moved from moving away from social security number, that did not happen overnight. it came with coming up with a standard and coming up with a scheme as we talked about and then enforcing it. >> thank you, miss kelly. mr. mitchell? thank you, mr. chair. >> let me start with you, one of the things i haven't seen referenced here is the use of social security numbers and the hacking that goes on with the irs. it probably won't surprise you to know that i am among other millions of americans that had their social security number hackeded for irs purposes.
7:31 pm
the issue is we'll issue a pin number. so you have a pin number mailed to you so you can file your taxes. do you know what happened this year on that? >> i understand that those pin numbers were also compromised in some extent. >> they were. so i didn't get a pin number. i can only begin to you the entertainment of trying to file my taxes as well as i don't know how many other million americans when, in fact, they don't have pin numbers that work either and they can't file electronic or any other way with their social security number. the reason i raise it is to point to mr. swieker's phase that rather than independent agencies creating their own identifiers, a pin number and all of the acronyms and i don't know if anybody is watching this or will watch this tape, if you, in fact, private sector have a variety of approaches with a token system and i'm shocked at this point that there haven't been substantial conversations
7:32 pm
as to why we don't have a centralized process and create a token for not only benefits and why is that not a more active effort at this point in time rather than individual efforts? >> i think that's definitely a possibility in everything, but i think you also touch upon the fact that these numbers, regardless of their prominence, if you will, need to be adequately protected by agencies and their information systems and we have found traditionally that the security controls over the agency systems needs to be improved. >> oh, i wouldn't disagree with you one bit. you have two issues and the user using their number and the agency securing it and those are two separate dilemmas and the problem, but we seem to be making one harder by issuing different identifiers which in the case of the irs that was compromised as well.
7:33 pm
so what's to prevent being compromised rather than have an encrypted, token-based system that allows them to do that and that has existed for a fair amount of time. so i would encourage the agencies to begin actively and we should talk about it further, mr. chair about how it is that we encourage something that's integrated and secures it to a token system that's encrypted and protects that and the user end. if i can, real quick, mr. oswald before my time runs outside. i was looking through your testimony in listening to you and we turn away from the floor to hear everyone. i apologize. there are notations here that troubled me a bit. va is currently evaluating the elimination of the social security numbers from correspondence. i'm trying to find a polite way to word my response for that, it's nice that they're evaluating that. how long does it take the va to evaluate that? >> since we began the ssn reduction effort, a number of
7:34 pm
correspondence and forms generally have been scrubbed. if there is a compelling business need for it, it will remain and we have an ssn number review board that we've used things from a department-wide standpoint. i can't attest rate now. i can submit it for the record and what forms and correspondence still, as i said in my oral testimony and let me ask for the record to submit the number of forms and the justifications for the record because i don't understand why the correspondence that's sending out that we don't put the social security number and put the whole social security number and my goodness gracious, guys. question for you, we made a comment about the social security number still being on their wristbands. my guess is everyone in the room has been in the hospital for one purpose or another and you get a wristband. i haven't seen a social security number on a wrist band in a
7:35 pm
medical institution in close to a decade. maybe seven years. why would you still put it on when they're hospitalized? >> well, there is a bar coded ssn that allows the clinician to talk to the machine through bar code. that's used as a patient identification and verification, as i mentioned in my oral testimony and there is a pilot where we're using the last four. eventually we'll move away from the full human readable ssn and the integration control number and the icn will replace that. >> thank you, mr. chair. >> thank you, mr. mitchell. mr. pascrell. >> thank you, mr. chairman. miss jackson, i sat on the ways and means subcommittee.
7:36 pm
we had extensive conversations with the social security agency about the process for removing social security numbers from medicare cards. hearing again about this process is enough to make your head spin. at the time we had this dialogue and it was quite clear that social security, quote, unquote, did not have the funding to do this. that's what you said to us. now can you explain what seemed like a pretty simple task of removing the social security numbers from medicare costs can be such a challenge that cmss to the system that you use in terms
7:37 pm
of information technology. tell me what's going on. >> thank you very much for the opportunity to speak to that. we have, at cms, been looking to the removal of the social security number from the medicare card for a number of years, but it was not until congress gave us the resources to be able to implement the changes both in our internal systems and also in the data exchanges and the updates that we have to do with the social security administration with the railroad retirement board which used a hicken-based identification card with updated information on internal systems as well as inremember toing providers or health care providers and medicare beneficiaries about their need to use a new card when they both provide carrot health care
7:38 pm
providers' side and for billing purposes and also when a beneficiary goes to receive care from their hospital. to move forward with implementation identifier, we have made system changes over the past couple of years and we hit a major milestone this past weekend in assigning new medicare beneficiary identifiers to all medicare beneficiaries which now will allow us to begin the testing process with all of our systems and our data exchange partners to then be able to mail the card and begin the transition period. we expect to have this completely implemented by april of 2019 with the beginning of mailing of cards in april of 2018. the transition period for us is very important so that all stakeholders are able to receive the new mbi, submit bills and claims using the new mbi and to
7:39 pm
assure that health care is still available and provided to the medicare. >> no, the new identifier is an 11-digit code, but it is an alpha numeric code that is randomly assigned, was randomly assigned when we did the enumeration. over the weekend, it doesn't look anything like the insurance claim number. >> so we've done it with some resources and you proved it could be done and the system will be complete in 19 -- in 2019. am i correct in saying that? >> yes. >> that's pretty big and you're standing by that. >> i am standing by that. we actually will be ready to receive the mbi on claimed submissions by april of 2018. >> thank you.
7:40 pm
>> mr. devries, in your testimony. where are you? am i pronouncing that correctly, sir? >> yes, sir. you stated that it's difficult to completely eliminate the federal use of social security numbers without a government-wide, coordinated effort and that it dedicated funding. that's what you said, right? >> yes, sir. >> can you explain how opm would use additional funding to try to achieve the goal of limiting the federal government's use of social security numbers? >> in the case of opm where we exchange the important data between a retiree, a federal retiree with the social security and with irs for the tax purposes there, that underlying thing would still be coded and still be exchanging through the
7:41 pm
social security number, but again, the communication that goes out to the federal retiree benefit is a different number there. we do, in fact, do that today for the retirement services where you get a different control number when you become a federal retiree and that's how the action is tracked back to you. >> mr. chairman -- >> i'm sorry. >> in terms of the money to change the systems, we're operating systems today and as cms experienced that you need the infusion of money to do coding and other changes and testing as you prepare this parallel highway, if you will, of how we're doing it there. >> thank you. >> mr. chairman, may i just add this into the record. i heard from one of our members and i need to correct the record, said that the president's budget does not cut social security benefits, but it does. in the budget it cuts social security disability by up to $64
7:42 pm
billion. i think the record needs to be corrected and maybe the congressman that said it needs to be corrected. >> thank you, sir. >> you're welcome. >> thank you. thank you, chairman. >> mr. oswald, i was confused by an earlier exchange. do we know how many document within the va have the social security number printed on it? >> we know what we know right now. it's an ongoing, expanding effort and there is a social security number reduction tool. so correct me if i'm wrong, there are a bunch of forms that the v ascends out and we should know how many of those are. one of the data elements on that form is social security. why does it take years to go through each form and delete the data element or not show it on the underlying form? >> sir, i have to submit for the
7:43 pm
record the history of why it's taken so long, but there are a number of instances -- >> miss jackson, how many forms does your organization have that print a social security number on it? >> with the implementation of the medicare beneficiary identifier, we won't have any forms that will issue the social security number. over the past couple of years. >> so you're saying 2019 is when we're going to be successful in achieving that. >> why, again, we currently, right now there is an x number of forms that produce when they're printed out on that form and include the social security number, correct? >> no, sir, i'm sorry. i should have been clearer. our correspondence with medicare ben fisheries have truncated the social security number on all of the correspondence with the exception of one document which
7:44 pm
is the medicare premium billing form that does include the health insurance claim number. i'm sorry, i can't remember that it is truncated and it will be replaced with the mbi when we implement it. >> miss lacanfora, how much does your organization produce that has the full social security number on it? >> we have 33 million correspondence that still have the social security number. >> and how many -- that many unique or is it five different kinds of correspondence? >> there's over 1,000 separate types of notices. so we have a thousand documents and one of those elements when it gets printed out is social security number, why can you not just delete that from when you run a batch. >> so we have cleated the number or removed the number and replaced it with the beneficiary notice code on notices.
7:45 pm
we have another 42 million that we're doing in fiscal '18. the challenge is twofold. one is there are 60 separate systems that produce notices. those 1,000-plus notices. so the resources needed to make the changes are significant. beyond, that the other significant issue or challenge that we have is the social security number was created to do business with our agency, and so when we mail out a notice to someone and they, for example are being told they have an overpayment they might pick up the phone and call us and we have to be able to quickly identify who they are and what their issues are. >> mr. devries, estonia has done this and they've moved to a system where it's a tokenization. >> and they're 1.3 million people and they've achieved the ability to have this interoperable number across all of their government agencies. we've talked about tokenization
7:46 pm
here in your role with opm when it comes to an identifier across all of the federal government? >> chairman heard, that's a great question. i'm not sure the exact answer because what you're talking about is through the token and the bit technology and so forth, that's one that we need to work with industry closer on and bring it to the federal government side of the house because it's not the same thing as it is on the industry side of the house. i'm desperately trying to reach out there for it. we're still stumped on how do you bring that technology in and it's our application system and it's not our hardware system and it's the applications that we're changing those. >> in the last 30 minutes of my time you referenced legacy and i.t. being a barrier. what do we need to do in order to prevent that from being a barrier? >> that's one of the problems in
7:47 pm
terms with legacy systems and often they may not be able to handle newer numbers and so in order to be able to do that, it requires significant system change or modification. >> i yield back, chairman. >> thank you, sir. >> mr. lynch? >> thank you, mr. chairman and thank the witnesses for your help with the committee's work. mr. devries, back in 2015, i think it was july opm disclosed that its information technology systems had experienced a massive data breach compromising the social security numbers, names, addresses, background information, birth dates and the background investigation records for 22 million people who had applied for sensitive positions with the fbi, cia, nsa and we
7:48 pm
had a hearing subsequent to that breach, and i actually asked your predecessor, i asked her if she was taking the most rudimentary steps to protect the social security numbers. are we even encrypting them within the system at opm, and i am very sad to hear her testify that, no, at that time in 2015 we were not encrypting, and i urged them to do that. then a year later we had a follow-up hearing with miss colbert and she had some operational responsibility there. i asked her the same question a year later if that job was complete. she testified that no, it was not complete, and so we come full cycle here and you're here
7:49 pm
and i have to ask you, miss colbert said our system did not allow encryption of social security numbers, and i just want you to tell me something good. tell me that you've encrypted the social security numbers and it would be laughable if it wasn't so serious and i read an article in "the new york times" where a bunch of our sources in china are killed off, either killed or imprisoned. u.s. sources and foreign intelligence sources and i have to think that that hack was attributed to the chinese government. >> i know that the hack actually came after at least you found out about it after many of these people were executed in china for cooperating with the united states government and they were shot as spies or imprisoned as spies, but you see especially
7:50 pm
with sensitive information like this for secure positions, we're really exposing our personnel, our
7:51 pm
7:52 pm
the director supports and i make it at the cio and that's the would in any other corporation there. >> okay. all right. mr. chairman, thank you for your courtesy, i yield back the balance >> it affects over 12 million americans per year and -- taking people years and a lot more money to sort of get it straightened out. and i've been one of those people that have unfortunately been the victim of identity theft.
7:53 pm
social security numbers and other personal information like dates of birth, that information is very coveted by hackers who steal that personally identifiable information from breaches of the office of personnel management, from health insurance companies, from the united states postal service and retailers like target. and while im'm encouraged when they issued the memo calling for agencies to reduce collection of information and to strengthen the security of information, these recent hacks show that opm and other agencies are still fundamentally ill prepared and many americans' sensitive information is still very vulnerable to attack. and that's why reducing the superfluous collection of social security numbers is so important. it's troubling to see that after ten years, government accountability office reports show that only two of 24
7:54 pm
agencies examined met the requirements for a complete plan to reduce unnecessary usage of social security numbers. it's even more troubling that the office of management budget has provided very little guidance to agencies to help with the transition. in addition to exacerbate matters, the president's budget proposal guts agency personnel and operating budget, further limiting their capacity to protect information and to improve their systems. so whether it's a lack of funding, or lack of guidance, ten years after the issuance of the memo, we should be in a birthday position to safeguard america's personal information. and i recognize that there are clear barriers that agencies face in reducing the collection of social security numbers, for example, in many cases, states mandate the collection of that information i wanted to note before i delve into questions, i think it's interesting that
7:55 pm
today we're discussing the progress of agencies to reduce the ecollection of social security numbers when tomorrow this committee will be adding a new requirement to collect social security numbers. so on one hand we're saying don't collect them, and orn the other hand, we're mandating the collection of that information. i think it's ironic and hypocrite cal of this on this day to be doing both things. but aside from that comment, mr. devries, in the report, it mentioned opm proposed using an alternate employee identifier, what are the barriers to creating a new identifier for federal employees or agencies to use in their administration of benefits? >> representative sanchez, thank you for that question. again, i think the complexity --
7:56 pm
or the barriers to overcome here is the size and complexity of the government, as the witnesses here at the table represent a few of the agencies. every agency really has a collection thing that kinda ties back to an individual and the benefits that get tied to it, whether it be their pay, medical and so forth. how do you then create that architecture and, again going back to what chairman hurd talked about, you have to have that architecture in hand as you begin to talk about the token use or other chain type stuff, how do you roll that out? my colleague talked about it, it's not overnight. it's based upon the architecture there. >> and cuts in funding, how does that affect the ability to protect sensitive information effectively? >> so it's -- in every agency, there's probably just enough dollars to make that go. what i'm going to try and do, something else, have that
7:57 pm
infusion to create something that goes alongside what i'm currently operating and bringing something new. and just turn off what i just got rid of. >> and whould you say that righ now, you're operating with the very best equipment that money can buy? >> no, ma'am. >> would you say that the equipment that you have to work with on a scale of 1 to 10, in terms of modern and efficient, where would it lie on that scale? >> ma'am, i'd say from overall architecture and operating perspective, about a .3 or .4. >> so further budget cuts not necessarily helpful to rectifying that? >> no. >> thank you. no more questions. >> thank you, miss sanchez. the federal government needs to ensure it's doing all it can to protect americans' identities and that social security numbers are not being used
7:58 pm
unnecessarily. while progress has been made, there's still a long way to go. thank you to our witnesses for their testimony, thank you all to our members for being here wp with that, the subcommittee stands adjourned. on sunday, matt taibbi will be our guest. >> if you grew up looking at thousands of faces until one day you see that one face that you feel was put on earth just for you, that's instantly that you fall in love in that moment, you know, for me trump was like that, except it was the opposite. when i first saw him on the campaign trail, i thought, this is a person whose unique, horrible, terrible and amazing characteristics was put on earth
7:59 pm
specifically for me to appreciate or unappreciate, or whatever the verb is, because i had really been spending a lot of the last 10 to 12 years without knowing it, preparing for donald trump to happen. >> mr. taibbi is a contributor to "rolling stone" magazine and is the author of several books, including "smells like dead elephants," "the great derangement," griftopia, and also "inskaane clown president." during our three-hour show, we'll take your calls and tweets on his career. watch in-depth with matt taibbi live from noon to 3:00 p.m. eastern sunday.
8:00 pm
coming up next on c-span3, highlights from this year's conference of the organization of american historians. first, a panel on the legacy of president woodrow wilson. then a panel of historians discusses their experiences testifying as expert witnesses in high profile court cases. you're watching a special weeknight edition of american history tv on c-span3. at this year's annual meeting of american historians, a panel discusses the legacy of woodrow wilson, including the decision to enter world war i, the post war restructuring of europe and his opposition to civil rights. this is an hour and a half. good morning, everybody. i'm going to go ahead and get started because we're at 9:00. but i'm going to do this. i'm going to read you a paragraph, just in case any of you wandered in without actually checking your program or the


info Stream Only

Uploaded by TV Archive on