The secret list of ID theft victims

Mismatches go unchecked
Since the Immigration Reform and Control Act of 1986, workers must produce a Social Security card or similar identity verification when obtaining employment.  Employers are supposed to verify that the card is legitimate, but many don't. 

By creating a black market for counterfeit Social Security cards, the law may have inadvertently kicked off the identity theft crisis, experts say.

"It's truly an unintended consequences of the 1986 immigration law," said Marilanne Hincapie of the National Immigration Law Center. "That’s why there is this need for comprehensive immigration reform."

For now, with the tacit approval from all involved, undocumented workers buy counterfeit cards from suppliers who steal or simply manufacture Social Security numbers.

‘You could end up at birth with a bad credit history and a work record.’ — Richard Hamp assistant attorney general for state of Utah

About 90 percent of the time in cases he's investigated, Utah's Hamp said, the numbers used belong to a real person. But even in the other cases, there's still harm done: the number may be issued in the future, meaning a baby may be born with a surprising financial past.

"You could end up at birth with a bad credit history and a work record," Hamp said.

The Social Security Administration has made some efforts to straighten out its records, sending letters to hundreds of thousands of businesses, asking that they follow-up on name/number mismatches.

In 2002, the agency sent 900,000 letters to companies that had workers using erroneous names or numbers. The letters confused employers and employees alike: some workers fled immediately, other employers fired workers on the spot.

Immigration rights groups objected, pointing out that inclusion in a no-match list was not an automatic indicator of illegal status. The effort did little to reduce the Earnings Suspense File or fix Social Security accounting, so the agency backed off.

Meanwhile, the IRS, which is charged with enforcing the requirement that employers collect accurate Social Security number data, has never once levied a fine against a corporation for failing to do so.

Change tied up with key policy shifts
The issue of Social Security number abuse is getting some attention as the Bush administration presses ahead on two related issues: Social Security reform and undocumented worker legalization.

The single best way to reduce the amount of entries into the Earnings Suspense File -- and remove the need for immigrant identity theft -- would be to provide a path to legal status for undocumented workers.

On the other hand, removing items from that file would actually increase future liabilities for Social Security, since more wage earners would have a claim on future Social Security payments, adding a bit of fuel for those who warn about Social Security deficits looming in the future.

More stories by Bob Sullivan Online background checks can mislead Who's buying cell records online? Cops Few takers for free credit monitoring Are people warming to outsourced privacy? Military thumb drives expose larger problem Hidden cost of illegal immigration: ID theft How private are your tax records? Surprise! The real threat to the Internet How can someone in Moscow take your money? ATM theft investigators eye software flaw Even torn-up credit card applications aren't safe PINs no obstacle for debit card thieves

As things stand, payments made by workers that land in the Earnings Suspense File -- for 2002, Social Security taxes paid on wages of $56 billion -- represent essentially free money to the system, since they come with no future payout liabilities.

In the meantime, neither the Social Security Administration nor the IRS has any public plans to attempt to notify consumers who might be sharing their identity with an undocumented worker -- or 30. 

Telling the number's rightful holder that someone else is using it might create more panic then necessary, some Social Security investigators said -- and there's not a lot of good advice the agency could offer, anyway. There's little a victim could do at that point. Uncovering just who is the rightful owner of the Social Security number -- and who is the imposter -- could also pose a challenge. So would finding correct contact information for victims.

Betsy Broder, the attorney in charge of the Federal Trade Commission's efforts to combat identity theft, said more government coordination is surely needed, but she sympathized with the challenge facing the IRS and SSA.

"Of course consumers are always better off if they know how their information is being misused. But having said that, it's really complex with federal agencies," she said. "There are restrictions under the Privacy Act. You can't release to one person another person's information. And the agencies are often not in a position to know with any certainty who was the right person and who was the imposter, leading to possible problems with unauthorized disclosure of information."

The credit bureaus cite much the same concerns, indicating they simply couldn't sell Social Security number-search tools to any consumer who wants them. Even data aggregators like ChoicePoint don't sell such a product to consumers.

Millet thinks there's another motivation for agencies to not deal with the problem. Everyone except the consumer is profiting from the situation, she said. Notifying every consumer whose number is being misused by someone else would be disruptive to the American workforce, and would force government agencies to face the sticky undocumented worker problem.

"If there was no issue, the government would issue work visas to all of them," she said. "But if we gave them all their own Social Security numbers, they'd be able to compete for real wages. That's why no one is dealing with this."

Bob Sullivan is author of Your Evil Twin: Behind the Identity Theft Epidemic.

MORE FROM SECURITY

Security Section Front

Facebook hit by ‘Control Your Info’ intruder Twitter phishing ploy goes for ‘Direct Messages’ Red Tape: Your chance to spy on Google Hacking ring caught in $9 million fraud Tagged.com settles with states in invite fight Framed for child porn — by a PC virus In China, battles over a new wall Spain: Internet-related child porn on the rise Google providing better view of personal data EU agrees on new Internet user rights Security Section Front   Add Security headlines to your news reader: