- Grant D. Ashley
- Assistant Director, Criminal Investigative Division, FBI
- Federal Bureau of Investigation
- Before the House Ways and Means Committee, Subcommittee on Social Security
- Washington, DC
- September 19, 2002
Good afternoon Chairmen and Members of the Subcommittees. On behalf of the Federal Bureau of Investigation (FBI), I would like to express my gratitude to the Subcommittees for affording us the opportunity to participate in this forum and to provide comment regarding Preserving the integrity of Social Security Numbers and Preventing their misuse by terrorists and identity thieves.
As the Subcommittees are well aware, the FBI, along with other federal law enforcement agencies, investigates individuals who use the identities of others to carry out violations of federal criminal law. These crimes include bank fraud, credit card fraud, wire fraud, mail fraud, money laundering, bankruptcy fraud, computer crimes, terrorism, organized crime, and fugitive cases. These crimes, carried out using a stolen identity, make the investigation of the offenses much more complicated. The use of a stolen identity enhances the chances of success in the commission of almost all financial crimes. The stolen identity provides a cloak of anonymity for the subject while the groundwork is laid to carry out the crime. This includes the rental of mail drops, post office boxes, apartments, office space, vehicles, and storage lockers as well as the activation of pagers, cellular telephones, and various utility services.
Identity theft is not new to law enforcement. For decades fugitives have changed identities to avoid capture, and check forgers have assumed the identity of others to negotiate stolen or counterfeit checks. What is new today is the pervasiveness of the problem. The FBI does not view identity theft as a separate and distinct crime problem. Rather, it sees identity theft as a component of many types of crimes which we investigate.
The recent "sweep" of identity theft prosecutions that the Attorney General announced on May 2, 2002, reflects how widespread identity theft has become and how it is associated with a wide range of criminal activities. The sweep involved 73 criminal prosecutions against 135 individuals in 24 districts. The crimes charged in these cases involving identity theft ranged from traditional fraud to murder. In one indictment in the Northern District of Illinois, for example, the defendant, who was facing federal counterfeiting charges, allegedly murdered a homeless man and tried to fake his own death by making it look as though the deceased victim was the defendant. Other cases involved defendants who allegedly located houses owned by elderly citizens and assumed their identities in order to fraudulently sell or refinance the properties; a defendant charged with selling Social Security numbers on eBay; and a hospital employee allegedly stole the identities of 393 hospital patients to obtain credit cards using the false identities.
This sweep, it should be noted, was the first part of a two-pronged strategy by federal law enforcement to combat identity theft. The second prong involves efforts to strengthen existing federal identity theft criminal statutes. Under S. 2541, which the Administration strongly supports, sentencing in a wide range of cases involving identification document fraud would be subject to a mandatory two-year enhanced penalty (over and above the sentence that would otherwise apply in a particular case). S. 2541 also would amend 18 U.S.C. 1028(b)(2) to increase the maximum imprisonment for a section 1028(a)(3) offense from three to five years, and would otherwise broaden the reach of the identity theft offense. In addition, S. 2541 specifically would allow judges the discretion to impose consecutive sentences in cases involving multiple counts of aggravated identity theft, and it authorizes the Sentencing Commission to issue guidelines and policy statements governing the exercise of such discretion. We believe that these changes, if enacted, would go a long way to strengthening the penalties that could apply when defendants are dealing in multiple identification documents.
Possession of someone else's Social Security Number is key to laying the groundwork to take over someone's identity and obtain a driver's license, loans, credit cards, cars, and merchandise. It is also key to taking over an individual's existing account and wiring money from the account, charging expenses to an existing credit line, writing checks on the account or simply withdrawing money.
The FBI works closely with other law enforcement agencies at the federal, state and local level to address crimes which are carried out through the use of stolen identities. This includes working closely with the Social Security Administration's (SSA) Office of Inspector General to confirm the authenticity (i.e., the existence or non existence, of Social Security Numbers being utilized by criminals). Our Detroit and St. Louis offices participate in official task forces established specifically to investigate crimes involving identity theft. In Memphis and Mobile, official task forces are being created and our offices will be participating in these task forces which will specifically investigate crimes involving identity theft. Numerous field offices have task forces that investigate various financial crimes which include an element of identity theft. Other offices simply address the crimes the FBI has always investigated, but now include an element of identity theft.
A number of identity theft related problems are being seen by law enforcement that are caused by people in trusted positions within a business or government office that misuse the personal identifying information to which they have access. Additionally, people are improperly obtaining Social Security Numbers without any legitimate access. Increases in security features on Social Security cards, alone, would not solve this problem as an actual card is seldom required for verifying someone's Social Security Number. However, additional security and safeguards of the actual Social Security Numbers could have a substantial impact.
One case under investigation by one of our offices in conjunction with the U.S. Postal Inspection Service involves an individual who obtained personal identifying information such as the names, and dates of birth of attorneys in the Boston area from the Martindale-Hubbell directory of attorneys. Using this information, his co-conspirator visited the Massachusetts Bureau of Vital Records which has an open records policy and was able to obtain copies of birth certificates of his victims. According to interviews with the defendants, using the combined information, they were able to contact the Social Security Administration and obtain the victims' Social Security Numbers. Once they obtained the Social Security Numbers, they were able to order credit reports and look at the credit scores for these victims to determine their creditworthiness and where accounts already existed. Using this information they were able to make pretext calls to at least one bank and obtain the account number. This enabled them to wire transfer $96,000 from one of the victim's bank accounts, half of which went to a casino and the remainder went to one of the subject's personal accounts. One of these suspects also added authorized users to the victims' credit card accounts and ordered emergency replacement cards which were sent to them by overnight delivery. At the time of arrest, this individual was found to be in possession of at least 12 different license or identification cards from three states and at least four or five credit cards, all in the names of the victims whose identity he had stolen. Although there are a number of enabling flaws in the system including open records policies in some states, there was also an apparent lack of verification by the Social Security Administration as to whether or not the person armed with the information and requesting the Social Security Number was truly the person to whom the Social Security Number belonged.
One of our field offices is currently investigating a case whereby Social Security Numbers for children of various ages have been sold to individuals with bad credit for future use in obtaining credit. It is unknown at this time as to how these numbers were obtained. However, individuals who obtained these numbers acted as middlemen. As part of the sale of the Social Security Numbers to the actual users, they formed companies which they used to falsely report positive credit information on these Social Security Numbers to the credit reporting agencies. Such information included loan payoffs and information on other fictitious credit accounts which were paid off. This information boosted the user of the number's credit history and thereby the user's credit score. Next the users applied to legitimate credit issuers, including mortgage companies and were able to obtain credit. The users were instructed they could use their true names with these Social Security Numbers, but not to use any previous addresses or other information similar to their previous credit record that could cause the credit reporting agencies to possibly merge their old and new credit files. Since the victims are children and are not applying for any credit, they are not aware their Social Security Numbers were used in this way. As a result, these victims are not filing any complaints with law enforcement, the credit reporting agencies or any of the defrauded creditors. When these victims later become old enough to attempt to establish credit, they will learn about this activity.
A case our New York office investigated included the use of the personal identifying information of six prominent executives, three of whom were deceased. Although this information was not received directly from the Social Security Administration, using the names of these deceased executives, this individual, who was later convicted, paid Internet information brokers to obtain these executives' Social Security Numbers. After obtaining their Social Security Numbers, he fraudulently obtained bank account and credit card numbers as well as other personal identifying information for these executives. He then impersonated these executives and purchased diamonds and Rolex watches over the Internet, and either wire transferred money from one of his victim's bank accounts or used one of his victim's credit card numbers. This individual had ordered approximately $730,000 in diamonds and Rolex watches but was only able to take delivery on just over half of this merchandise. There needs to be some serious review of the availability of personal identifying information, including the Social Security Number, over the internet, especially through these types of information brokers who can provide this information for a fee.
Like some other States, Hawaii utilizes the drivers' Social Security Number as its drivers license number. One significant case in our Honolulu field office, operation CARD SHARKS, was a financial institution fraud investigation that also targeted businesses dealing in the production of false identifications. Several of the subjects identified during the investigation utilized stolen Hawaii driver's licenses, including real identities and Social Security Numbers to make their false identifications. These individuals then opened bank accounts under their assumed names to commit financial institution fraud. Other aspects of this investigation included subjects who utilized real names and addresses, but would make up Social Security Numbers to commit their crimes. This was a joint investigation with federal and local law enforcement that resulted in seventeen indictments. Search warrants were executed on six different locations and all six sites had evidence of violations of Title 18, United States Code, Section 1028.
As far as Terrorism matters are concerned, since December 2001, The Social Security Administration has provided prompt support to the FBI's Terrorist Financing Operations Section's initiative of identifying misuse of Social Security Numbers. The FBI has been taking Social Security Numbers identified through past or ongoing terrorist investigations and providing them to the Social Security Administration for verification. This multi-phase project seeks to identify potential terrorist related individuals through Social Security Number misusage analysis.
Once the validity or non-validity of a Social Security Number has been established, investigators look for misuse of Social Security Numbers by checking immigration records, Department of Motor Vehicle records, and other military, government, and fee-based data sources. Incidents of Social Security Number misusage are separated according to type and forwarded to the appropriate investigative and prospective entity for follow-up.
With assistance from the Social Security Administration, approximately 150 instances of potential Social Security Number misusage have been identified. Each identified instance of potential Social Security Number misuse must be resolved through field investigation. This process is continuing with ongoing investigations.
The Social Security Administration's information should have very stringent limitations placed on its access and availability to the general public. However, we must be careful not to make it more difficult for law enforcement to conduct their investigations and access this information. There appears to be a need for various businesses, including the banking community, as well as government agencies to run verifications of the legitimacy of Social Security Numbers used by individuals when conducting business. However, this could be accomplished without providing broad access to the universe of Social Security Numbers.
In addition to these general concerns, there are some other, more specific potential issues involving access to Social Security Administration information that I would prefer not to discuss in open session so as not inadvertently to aid potential criminals.
Mr. Chairmen and Members of the Subcommittees, that concludes my prepared remarks. I would be happy to attempt to answer your questions at this time.