Editorial: Keep SSNs secure

[CommunityEditor]

The Defense Department is in the midst of a multiyear effort to eliminate full Social Security numbers from ID cards.

The new Common Access Card issued to service members does not include SSNs. ID cards for family members and retirees will also drop SSNs, or at least all but the last four digits, within a few years.

Many states no longer use SSNs for driver’s license numbers.

The reason is simple: In the digital age, a Social Security number is all a savvy thief needs to steal someone’s identity and ruin his credit rating.

“Today, all of our [computer] systems can ‘talk’ to each other, so we don’t necessarily need to know all of that information printed on your card,” Mary Dixon, the Defense Department’s Common Access Card program manager, said in April.

Not quite all systems. The Army and Air Force Exchange Service and Navy Exchange Service Command still require patrons paying by check to produce a document showing their SSN. AAFES even requires an SSN to process a refund on a returned item.

That means that even as SSNs vanish from ID cards, the exchanges are forcing patrons to physically possess some other crucial document, such as a Social Security card or a passport, in order to write a check or get a refund at the stores.

The AAFES and NEXCOM policies are defeating the Defense Department’s efforts to get Social Security numbers out of public view.

No commercial retailer would require customers to verify Social Security numbers. No military exchange should, either.


Article: http://www.armytimes.com/community/o...l_ssns_082508/

[WIRETIRE]

The military ID Card sould be sufficient with the option of a high priced sale (item) being verified with use of SSN as back up. Any retailer, military or civilian , has the right to insure that the person purchasing the item is the authorized indvi.

[CommunityEditor]

Promotion selection lists containing the names and Social Security numbers of more than 50,000 active-component noncommissioned officers were compromised earlier this year and in 2005, according to officials familiar with an ongoing Army investigation.

The 2008 sergeant first class list that was compiled by a board that met in February initially was the subject of the probe. The public version of that 8,620-name list was released by Human Resources Command March 20.

Eight days later, Army officials at Criminal Investigation Command, commonly know as CID, notified Human Resources Command that the “close hold” version of the list made available to commanders and their designated representatives in mid-March had been improperly released over the Internet, according to Brig. Gen. Reuben Jones, adjutant general of the Army.

Just days after opening an investigation into the matter, CID officials determined that the prepositioned 2005 master sergeant list also had been compromised.

Human Resources Command was notified of that finding March 31.

Jones, whose directorate oversees the management and distribution of officer and enlisted promotion materials, said the CID notifications were particularly troubling because at that time, prepositioned lists contained the names and Social Security numbers of all soldiers — non-selectees as well as selectees — considered by a board.

Jones said that within 48 hours after being notified, the promotions division of Human Resources Command sent e-mail notices via Army Knowledge Online to all soldiers whose names were on the prepositioned lists.

That was a major undertaking, as the prepositioned sergeant first class list contained 30,812 names, and the master sergeant list 20,048.

The command letters alerted soldiers to the unauthorized disclosure of their Social Security numbers, apologized for the compromise of that information and provided information about measures they can take to help protect against possible identity theft.

“We deeply regret putting soldiers and families at risk through the unauthorized disclosure of personal identity information, such as happened here,” Jones said.

“So far we do not know of any cases of identity theft associated with these lists,” he said.

Both CID and Human Resources Command declined to identify the field commands involved in the unauthorized disclosures. However, Jones and Chris Grey, a CID spokesman, said it would be up to the commanders concerned to pursue military legal proceedings if people responsible for the disclosures are identified.

The Army will continue to allow designated commanders access to prepositioned lists, but in a major change from past practice, “prepositioned lists of any type or component will not contain any part of a soldier’s Social Security number,” according to a notice recently sent to all field commands.

The same directive also noted that access to prepositioned list information “is a privilege and it requires a general officer or senior executive service official to request access for primary and alternate designees.”

These designees, who Jones calls “trusted agents,” will lose preposition access for their command if they violate the close-hold restrictions imposed on such rosters by the Army.

“What’s so very disturbing about the lists in these two cases is that it appears from the investigation that the trusted agents are the ones who violated their commanders’ trust.”

Jones said the Army had been putting Social Security numbers on prepositioned lists to help commanders identify soldiers considered by a board, both selectees and non-selectees.

He noted that many commanders want to prepare congratulatory notes to soldiers who are selected for promotion, and to prepare themselves to talk to soldiers who are not selected for advancement.

“Social Security numbers can be very helpful in this process, especially if you have several people in the command with the same name,” Jones said.

The decision to stop using Social Security numbers on the prepositioned lists “was a difficult one for us,” Jones said, “and this means commanders and trusted agents must use other data items (specialty codes, unit codes, rank, etc.) to identify soldiers.

“We have established some procedures to help them do that, but of course the long-term solution is DIMHRS (Defense Integrated Military Human Resources Management System), which will use an employee number rather than Social Security number,” Jones said.

Grey said CID is assisting commanders in their probe of the compromised lists.

Because the cases do not involve the type of criminal activity normally in the purview of the investigative agency, CID officials do not control the investigation; field commanders do.

Sources noted that investigators are looking at other lists to determine if they were compromised.

The prepositioning system is used for brigade and battalion command selections, senior service college lists and promotion lists for the ranks of captain through colonel, the chief warrant ranks of CW3 through CW5, and NCO lists in the ranks of sergeant first class through command sergeant major.

CID initially was alerted to the list problem by Army Knowledge Online, which detected an unusual amount of e-mail traffic with the prepositioned lists and Social Security numbers attached.

E-mails for the sergeant first class lists numbered more than 500, and were sent to military and civilian addresses.

While investigating the E-7 list problem, CID agents found the 2005 prepositioned master sergeant list in a folder on a peer-to-peer, or shared, Web site.


Article: http://www.armytimes.com/news/2008/0...reach_082408w/

[Proud Mom]

The military ID card shouldn't have to have a SSN. At WalMart or Target you can return or purchase anything with a credit card and drivers license as a picture ID. Or a check and ID.
And military are always the target of scams, computer theft etc...protecting their privacy and identity is important.

[CommunityEditor]

The 30,812 candidates for sergeant first class got a dose of bad news earlier this year, whether or not they made the cut for promotion: Their names and Social Security numbers were compromised when the list was inadvertently posted on the Internet following a February selection board.

The source of the breach is still undetermined, but Criminal Investigation Command agents have since discovered that a 2005 list of 20,000 master sergeant candidates also was compromised.

Fortunately, there are no known incidents of identity theft tied to this breach. But it is nevertheless dumbfounding that the Army continues to use SSNs so widely.

Local, state and federal agencies, as well as commercial businesses, have been scrambling to scrub SSNs from personal information exactly because it can serve as a digital key that can ransack bank accounts and trash credit ratings. The Defense Department’s new Common Access Card does not use SSNs, for example.

So it is good to see that the Army says it has learned a lesson and has removed SSNs from future promotion lists.

Now top commanders should do two more things:

First, they should ensure soldiers whose identities were compromised have access to free credit reports for at least a year so they can monitor and flag any suspicious activity.

Second, they should seek out and fix other potential points of failure. They can start at Army and Air Force Exchange Service stores, where customers are required to show an ID with an SSN when paying by check or seeking refunds. Because the new official military ID no longer includes the number, AAFES is demanding a second form of ID, such as a Social Security card.

That’s ridiculous. In this day and age, there are too many other ways to ensure a soldier’s identity.


Article: http://www.armytimes.com/community/o...al_ssn_090108/

[WILEYCB]

Most members of the military are fed up with the crap we have to deal with at most AAFES stores. The last time I checked the military ran the show in there community. If AAFES continues to refuse to change there policy on SSNs then I recommend they pack there crap and the contract goes to another company. It would be a hassle but I bet Wal-Mart/Target would do what ever needed to be done to help make the transition easier for us if they got the contract.

[mfjdspence]

AAFES needs to stop sending its proffits to services organizations and send it back to the "stock holders" who are also known as us. With the money coming back directly vs. indirectly, we can better control programs that deserve to survive and decide vs. being told that our dividend helped reduce meal costs by 2 bucks at a place I eat at only 6 times a year. At our installation, we got back about $1.5M last year sent directly to our Services organization who spent the money on their proffit generating facilities. If they gave that money back to the members stationed at the base, we would have got back about $400 a piece. That sounds like a better deal to me and would maybe make me feel better paying higher costs knowing that the money will come back to me anyways.

[Okie]

This is WAY overdue. At least I have an option to not shop at AAFES.

My SSN has been compromised by the Air Force or the GTC people (under contract to the government) no less than 4 times. My interaction with all of these entities is manadory if I want to keep my job. Right on the SSN card, it says it's not to be used for identification purposes. I can understand Finance needing it for tax purposes, but that's about it.

[nathan_usmc]

I understand that it would take a little effort from several different organizations, but wouldn't most of the problems with PII be solved if servicemembers were given a service number other than their SSN. If we could use another nine digit number to identify ourselves there would be no risk of identity theft. Commands could post that number on promotion lists, the exchange could ask for that number, etc. Of course we would still give our social to Admin to be used on security clearances and W-2's, but in every other way we could use our "service number." That number would still be protected as dliigently as our social becuase it would be as unique and powerful as far as the military is concerned, but if a momentary lapse in judgement were to result in its public release, the results wouldn't be as tragic.

I admit I may be naive, but is there any reason why this wouldn't work?

[nicwks]

Quote:

Originally Posted by mfjdspence

AAFES needs to stop sending its proffits to services organizations and send it back to the "stock holders" who are also known as us. With the money coming back directly vs. indirectly, we can better control programs that deserve to survive and decide vs. being told that our dividend helped reduce meal costs by 2 bucks at a place I eat at only 6 times a year. At our installation, we got back about $1.5M last year sent directly to our Services organization who spent the money on their proffit generating facilities. If they gave that money back to the members stationed at the base, we would have got back about $400 a piece. That sounds like a better deal to me and would maybe make me feel better paying higher costs knowing that the money will come back to me anyways.

The only service organization that aafes sends any profits too is MWR. So unless you would want to spend more for a lot of programs on post instead of them being readily accessible and affordable to all ID card holders ,no matter what the rank, then you shouldn't have a problem with the profits being returned and staying on the post you happen to be at. Perhaps you should do a little research there and get all your facts before you gripe.
as a former aafes manager I don't think anyone agrees with the use of the ssn's, but having worked for them I can also say I saw plenty of abuse of patron priveleges and people abusing return polices, yes even stolen goods once. The system just needs to be modernized. AAFES has accomdated service members for years. Perhaps we need to go back to when it was only ID card holders period who could use the px . When they started getting lax with this privelege is when the savings that you use to have went out the door. And you don't pay taxes on purchases so we are griping about what?