Social Security Numbers Help Invade Privacy

The 1970s were characterized by great fears for privacy. What if files were being created by both government and private business under everyone’s Social Security number? Didn’t the use of such identifying numbers, plus the new computer technology, encourage public and private agencies to snoop into each other’s records?

The 1980s are cooler about such concerns. For one thing, it’s too late: The use and demand for the Social Security number by both government and business is so pervasive it can no longer be halted. For another, many people don’t know that federal, state and local government entities have access to each other’s records.

And maybe they don’t mind: What everyone feared may not seem as fearful as predicted. So while people still say they’re concerned about privacy, the concern, as they say in Washington, is a mile wide and an inch deep.

The Privacy Act of 1974 was supposed to control both indiscriminate use of the Social Security number and indiscriminate sharing of records among government agencies, but many think it did neither. All previous uses of the Social Security number were grandfathered in, and new ones were immediately authorized by other laws. Similarly, although each sharing of a record between agencies was supposed to be authorized, and disclosed to the person in question, the exceptions permitted almost void the rule.

Routine Disclosures

Experts think the law’s biggest loophole is the provision that agencies can use each other’s records without the consent of the subject if, says the law, it’s a “routine use . . . for a purpose which is compatible with the purpose for which (the information) was collected.”

Such routine uses must be reported in the Federal Register yearly, open to challenge from Congress, or the Office of Management and Budget, or for that matter any citizen who regularly reads the Register.

The result is no objection or challenge to many routine sharings of information. “Once an agency has met the requirements by placing a notice,” says Allan Adler, American Civil Liberties Union attorney in Washington, “that’s it.”

Take just one agency, the Social Security Administration, which always, in its own words, “stressed the confidentiality of our records.” Nevertheless, it makes “routine use disclosures” of identifying information--names and numbers--to dozens of other government agencies, information about Social Security benefits paid to some, and records of earnings to a few.

Most people are aware only of the link between the Internal Revenue Service and Social Security, which sends on wage statements it receives from employers. The IRS can then track down workers who didn’t file their own wage statements on that income.

Can Verify Benefits

Social Security also shares with the Selective Service its records of numbers issued to males between 18 and 26--the age for mandatory draft registration. Matching its own rolls of registrants against those records, Selective Service can identify anyone it’s missing.

Since 1983, when the Selective Service started matching its rolls against other government lists, it has gotten 2.2 million new registrations as a result of the program, 85% of them from state motor vehicle departments. These constitute more than a tenth of the 20 million men registered since draft registration was reinstated in 1980.

Other Social Security information goes to various health and income assistance programs, including Veterans Administration, welfare, Aid to Families With Dependent Children, food stamps--programs “compatible” with Social Security’s benefits. Thus they have verification of any benefits Social Security may also be paying, so they can determine eligibility.

The federal Office of Child Support Enforcement, on behalf of its state counterparts, can also draw on the records of Social Security, as well as the IRS, Defense Department, Selective Service and others to locate parents and perhaps prove that they have income. Social Security can also provide the office an employer’s name if wages have to be attached.

And the IRS can match its records of people due refunds with lists of parents owing support, and divert a refund check to the state, which keeps it if the family is receiving welfare, or sends it on to the parent who has the child.

Not ‘Cost-Effective’

The Immigration and Naturalization Service may ask Social Security for information on the identity and whereabouts of an alien, and Social Security routinely sends the INS notice if earnings are reported on those special Social Security numbers designated not-valid-for-employment. If the person’s status had not changed, the INS could then notify the given employer that the person wasn’t authorized to work.

The possible consequences of such reports reaching the INS are obvious, but the INS says it doesn’t chase down each individual reported: It’s not “cost-effective,” a spokesman says. Yet when families whose children were enrolled in subsidized lunch programs were ordered in 1981 to provide their Social Security numbers and income information, the subsequent decrease in participating children was blamed partly on widespread fears that illegal family members would be discovered and deported.

It’s unknown whether such fears are justified: if people have been caught by such record-sharing, and know it, they certainly haven’t challenged it. It’s clear, however, that “routine” uses of other records are often “aimed at people suspected of wrong-doing,” says a congressional staff attorney who asked not to be identified. Critics, he says, think such uses are “not compatible with the purpose for which the records were collected, but others say all records are to help the government enforce its regulations.”

If justified, there’s no reason they couldn’t be authorized, the critics say. The usual bureaucratic answer is that seeking authorization takes precious time and effort.

This argument, of course, could also justify a movement to save more time and have all government computers linked, perhaps to outside databases as well--hospital records, credit bureaus, etc. The result, says the committee staffer, could be “what is in effect an on-line surveillance system, monitoring everyone’s transactions.”

Maybe it doesn’t matter, or no one cares. There’s little public concern about how the Privacy Act is working, if indeed many know the act, or the effect of its loopholes. “Most people are just as happy not to know,” Adler says, “because of the overwhelming feeling of frustration: what are they going to do?”