SSA balances service, citizen privacy at PEBES site
Any citizen with World Wide Web access could request and receive from http://www.ssa.gov a Personal Earnings and Benefit Estimate
Statement. Until then, PEBES could be requested online, but the results were sent via
A PEBES is a year-by-year listing of a worker's earnings history and future Social
Security benefits. It is a valuable financial planning tool and essential for anyone who
is counting on Social Security benefits after they retire. During fiscal 1996, 3.4 million
workers requested a copy of their PEBES.
Despite the popularity and novelty of this innovative application, SSA closed down the
service in April in the face of criticism that the agency had not implemented sufficient
privacy and security safeguards for this application. All you needed to get a PEBES was
birth date, Social Security number and mother's maiden name--data that is not difficult to
They may not have realized it, but the critics were really railing against the sloppy
lack of protection for personal data in commercial files. Anyone with a little money or
skill could collect authentication information from commercial sources. If all holders of
personal data were as conscientious as SSA, this whole matter would have been a smaller
Panelists at SSA's public forum noted that SSA had a legal right to the data, so it is
not given voluntarily. Yet people who apply for a mortgage or business loan--or even a
garden-variety credit card--usually feel they have no alternative but to surrender their
entire life history. Moreover, commercial banks and businesses trade customer data the way
baseball teams trade players. My mortgage has been sold an average of twice a year; I have
no doubt that my entire personal database was sold with it. No telling how many potential
mortgage buyers had access to my personal data each time my lender auctioned off my loan.
During May and June, SSA conducted public forums in six cities at which specialists in
privacy, consumer advocacy and computer security gave their views. SSA also received 6,000
messages on PEBES via the Internet.
PEBES is back online with new, more stringent safeguards, but with less functionality.
Users won't get their earning history online. Instead, SSA provides an activation code and
reports via valid e-mail addresses to those who provide the five authentication matches.
More privacy, less customer service.
SSA demonstrated sensitivity to privacy issues and dedication to the use of technology
to better serve citizens. Many organizations would have thrown in the towel and shut down
the application. Instead, SSA diligently tried to resolve the two objectives.
The report, "Privacy and Customer Service in the Electronic Age," is
testimony to the care with which SSA sought to balance the objectives of privacy and
service. The result is a valuable example for other government and commercial
organizations considering similar online applications.
The report shows that SSA did not go blindly into this online Internet application. The
agency commissioned an extensive systems security study from Los Alamos National
Laboratory. SSA used a firewall to shield its mainframe computers, then hired consultants
to breach its defenses. The attacks were unsuccessful, but SSA used the consultants'
findings to identify and implement additional safeguards.
In the spring of 1996, SSA began a pilot program to provide hard-copy PEBES in response
to a request via a Web form. For about a year, 175,000 users took advantage of this
method. Many asked if SSA could make the report fully interactive.
In October 1996, SSA tested the interactive version with a limited number of testing
partners. The online PEBES required a match of name, Social Security number, date of
birth, state of birth and mother's maiden name. This was consistent with authentication
requirements for telephone and written requests. No privacy concerns or breaches surfaced
in these tests, so SSA began national testing in March 1997.
Meanwhile, I'm not holding my breath for my bank's version of "Privacy and
Customer Service in the Electronic Age," nor do I expect it to host public forums,
disclose its data usage or specify how it plans to protect my privacy. Armed with SSA's
example, perhaps Congress should turn its attention to the freewheeling ways of the
commercial data brokers.
SSA has my confidence.
Walter R. Houser, who has more than two decades of experience in federal information
management, is webmaster for a Cabinet agency. His own Web home page is at http://www.cpcug.org/user/houser/.