AUBURN UNIVERSITY SENATE MEETING
Agenda for October 6, 1998
3:10 Broun Auditorium
Call to Order
Approval of Minutes (See Minutes on the Senate Home Page)
Announcements
a. President William Muse
b. Senate Chair and Commission Report: Dr. Glenn Howze
c. Task Force: Dr. Barry Burkhart
Committee Reports:
a. Priorities Committee Report /Dr. William Walker
b. Ad Hoc Committee on Social Security Numbers /Dr. James Hanson
c. Research Career Ladder Positions / Dr. Jo Heath
Other Items:
a. Presentation by School of Nursing/ Dr. Terri Brower
Adjournment
_____________________________________________________________________
UNIVERSITY SENATE ATTENDANCE FORM
________________________________representing __________________________
(Name) (Department or Unit)
(Check here if serving as a substitute for ____________________________________
(Name of Senator)
PLEASE PLACE THIS FORM IN THE ATTENDANCE BOX
Report to the University Senate by the Ad Hoc Committee on
Social Security Numbers
Approved by the Ad Hoc Committee on
24 September 1998.
To Be Presented to the University Senate
Committee Members:
James D. Hanson, Physics [Chair]
Marcia Boosinger, Library
Brad Buck, 01PM
John Fletcher, Registrar
Chris Newland, Psychology
Ad Hoc Committee on Social Security Numbers
At its 12 August 1997 meeting, the University Senate passed a resolution to form an
ad hoc committee to study and make recommendations regarding the use of Social Security
numbers ( SSN ) at Auburn University. At its meeting of 13 October 1997, the Student
Government Association passed a resolution that called for the university to discontinue its
use of SSN s as a means for identifying students. On 9 February 1998, then University
Senate Chair D. Gary Swanson appointed the Ad Hoc Committee on Social Security
Numbers. The committee first met on 9 April 1998, and subsequently met eight more times
in the spring, summer and fall quarters.
Identification and Verification
In thinking about the use of SSN s on campus, it is helpful to differentiate between two
classes of uses of the SSN ; identification and verification. The SSN is used as identification
when answering a question like "Which John Smith are you? (There are 14 of them on
campus)." or "Are you John Smith, or Ian Smythe? (Your handwriting is tough to read)".
Listing a student's SSN next to their name on class rolls is an identification usage of the
SSN . The use of the SSN as a unique identification in employee records is another example.
The SSN is used as verification when answering a question like "You say you are
Conrad Hipplewhite, but how can you convince me that you aren't an impostor? Do you
know Conrad Hipplewhite's SSN ?" The library's use of SSN on the Patron Information
form on the Web is partly for identification (which patron?) but is also used for
verification, since the charged items for a given patron are not publicly available, and no
additional verification, like a password, Personal Access Code ( PAC ), or Personal
Identification Number ( PIN ) is required.
SSN Usage at Auburn University
All current Auburn University students and employees have an identification ( ID ) card,
which contains a photograph and identifying information such as name, SSN , optical bar
code, and magnetic stripe. Some affiliated persons (such as faculty children who use the
swimming pool and local citizens who have requested library borrowing privileges) also
have identification cards with SSN s on them.
The optical bar code has 12 digits encoded: the first two are a library classification of
the patron type, the next nine are the SSN, and the last is an ID card issue code, which
tracks the replacement ID cards which have been issued. The magnetic stripe has 13 digits
encoded: the first nine are the SSN, the next is the ID card issued code, and the last three
digits are a facility code which identify the card as an Auburn University ID card.
The ID card is used many places on campus:
1) The optical bar code of the ID card is scanned when checking books from the
library.
2) The ID is retained by the lifeguard during open swim at the Aquatics Center.
3) In the Tiger Club Program, the ID is used as a charge card on campus and at
local merchants. Data entry terminals for the Tiger Club read the magnetic stripe
on the ID card.
4) The Athletic Department scans the magnetic stripe of student ID cards on entry
to home football games.
5) All male visitors to female dorms turn in ID s at the dormitory desk.
The SSN is also used many places on campus:
1) Recreational Services requires the use of the SSN for equipment usage.
2) The DUC Hotline asks for callers' SSN .
3) Class rolls distributed to faculty have the students' SSN numbers listed.
4) In some classes, students are asked to write their name and SSN on a sheet of
paper which is passed around.
5) Some professors post class grades, identified by the full or partial SSN of the
student.
6) The campus police ask for the SSN when one inquires about parking tickets.
7) Many administrative offices ask students for their SSN .
8) The admission application form asks for the prospective student's SSN .
9) The AIMS student information system, available to faculty and academic staff,
shows the student's SSN .
10) The library's Inter-Library Loan request form on the Web asks for the SSN .
11) The library's Patron Information form on the Web, which shows the items that
a patron has checked out from the library, requires the patron's SSN .
We draw two conclusions from the above lists of ID and SSN usages on campus. First,
it would be relatively easy for an unscrupulous person to obtain students' Social Security
numbers. Second, a student's SSN is a weak and insecure form of verification.
The two major databases on campus that use SSN s are the student records database,
and the employee records database, representing the primary sources of student and
employee information. Both databases are being upgraded. The student database ( OASIS ) is
to be operational in the fall of 1998, with the upgraded employee database to follow. The
upgraded databases will be supplied by the same vendor, so integrating the two databases
(to deal with student-employees) will be easier. Both databases use a nine-digit
identification field that is assumed to be the SSN . Other databases on campus generally
acquire identifying information from these two databases. For example, the library patron
database receives regular updates regarding new patrons from these two databases.
The use of the SSN is required by law for employees, for Internal Revenue Service
( IRS ) and Social Security reporting purposes. The SSN in the student database is used as a
key for the matching of ACT , SAT , and other test scores with applicants. Also, with the
start of the new federal HOPE scholarship program, the university will have to issue IRS
forms for each student, and these IRS forms will require the use of the student's SSN .
Thus, the SSN cannot be abandoned as an identifier in either the student or in the employee
database.
Problems with SSN Usage
There are two main problems associated with widespread use of SSN s on campus: 1)
the protection of the privacy of students and employees, and 2) compliance with the legal
requirements of two federal laws, the Family Educational Rights and Privacy Act, (often
referred to as FERPA ), and the Privacy Act of 1974.
Personal Privacy and Identity Theft
The knowledge of a person's SSN can provide access to private, financial or other
important information about that person, and many people feel very strongly that this
information should not be readily available to others. Therefore, they do what they can to
minimize knowledge by others of their SSN . For example, five to ten students each year
make a special request that their student ID number not be their SSN . This option is nowhere
advertised to students, and it takes quite a bit of resolve for a new student to follow through
to get this done. (Such requests are accommodated). Other examples include: a professor
who will not check books out of the library, because to do so, he must display his ID card,
with SSN printed on it, to the library worker; a professor who has generated fake SSN s for
his children's ID cards; and an administrator who, when calling the DUC hotline, merely
repeats his name when asked for his SSN . Many other students and faculty would avail
themselves of the opportunity to conceal their SSN s, if it were easy to do so.
Ready availability of one's SSN can lead to severe financial losses, through the crime
of identity theft - the act of stealing a person's good name to commit fraud. It is a
phenomenon that appears to be increasing in frequency. 1-3 The thief, using the victim's
name and SSN , applies for credit cards, loans, mortgages, cellular phone services, bank
accounts, etc., in the name of the victim. A change of billing address keeps the victim from
being aware of this activity. The thief doesn't make payments, and the victim is left to deal
with the debts and ruined credit rating.
One method to deter identity theft is to make it more difficult to acquire the potential
victim's SSN . Indeed, the Federal Trade Commission counsels those concerned about
identity theft: "Give your Social Security number only when absolutely necessary. Ask to
use other types of identifiers when possible." 4
Legal Issues
Two federal laws relate to the uses of SSN s at Auburn University. The first is the
Privacy Act of 1974, which provides (section 7):
(a)(1) It shall be unlawful for any Federal, State or local government agency to deny
any individual any right, benefit or privilege provided by law because of such
individual's refusal to disclose his social security number.
. . . . . .
(b) Any Federal, State or local government agency which requests an individual to
disclose his social security account number shall inform that individual whether that
disclosure is mandatory or voluntary, by what statutory or other authority such
number is solicited, and what uses will be made of it.
The second federal law which relates to the use of SSN s at Auburn is the Family
Educational Rights and Privacy Act, ( FERPA ), which provides:
No funds shall be made available under any applicable program to any educational
agency or institution which has a policy or practice of permitting the release of
education records (or personally identifiable information, as defined in paragraph (5)
of subsection (a) of this section) of students without the written consent of their
parents to any individual, agency, or organization, other than to the following - ....
20 U.S.C. § 1232g(b)(1).
The statute goes on to list nine categories of persons to whom education records and
personally identifiable information may be released. 5 Social Security numbers are
considered to be education records and personally identifiable information under FERPA .
In a 1992 court case, Krebs v. Rutgers, 5 a group of students sued Rutgers University
over its use of SSN s as student ID numbers. The practices of Rutgers with respect to SSN s
were remarkably similar to Auburn's current practices: SSN s were printed on ID cards and
on class rolls, used for a wide variety of everyday transactions, and sometimes used for
posting of grades.
The judge granted a preliminary injunction to the students, prohibiting Rutgers from
disseminating class rosters with student names and SSN s, using FERPA for justification.
Since the law suit, Rutgers University no longer puts SSN s on student identification cards 6 .
The judge also ruled that the Privacy Act did not apply to Rutgers, as Rutgers is not a
government agency, but some details of the judge's argument were specific to Rutgers'
status as a New Jersey state agency. The Privacy Act of 1974 could apply to Auburn,
however, since Auburn's status as a state agency is substantially different from Rutgers.
The matter is in dispute. If the Privacy Act does apply to Auburn, then Auburn's practices
with regard to SSN s are in violation of that law, because a Privacy Act notification is not
given when a request is made for the SSN .
Recommendations
The committee makes the following recommendations:
I.
The University Administration should educate faculty and staff about their
responsibilities under the Family Educational Rights and Privacy Act,
( FERPA ) to protect sensitive student information such as Social Security
numbers (SSN s).
Possible mechanisms include a short memo to all faculty and staff, and a
document on the Web with a substantial and detailed discussion of FERPA
responsibilities. We note that the section of the Auburn University Bulletin on
Student Records (pages 26-28) deals with FERPA requirements.
II.
The University should phase out all non-confidential uses of the Social
Security number (SSN ), and adopt one or more alternate identifiers.
a) The SSN should not be printed on, or included on the magnetic stripe or
optical barcode, of university identification (ID ) cards.
b) The SSN should not be listed on class rolls.
c) The SSN should be available on the student database, only to those very
few who need to know it. (Faculty do not need to know the SSN of a
student.)
d) The SSN of students and employees should not be distributed to on-campus
organizations unless there is a clear necessity for the use of the
SSN . All distributions of SSN s should be accompanied by a requirement
that the recipients of the SSN s treat them as confidential information and
not transmit them to third parties.
e) On-campus organizations should not ask students or employees for
SSN s, unless there is a clear necessity for the use of the SSN . On-campus
organizations that collect SSN s should treat them as confidential
Note that this recommendation is not meant to preclude necessary uses of the
SSN such as those internal to the student or employee databases, or required for
IRS, Social Security and Hope Scholarship purposes. Activities that make a
student's SSN known to only a very few clerical staff, such as matching admissions
test scores with applicants' files, would not be affected by this recommendation.
The new identifier or identifiers which will be adopted must be linked to
existing databases. We do not have the technical knowledge to make a
recommendation as to how this should be done. However, we do note items that
should be considered. First, to enable a smooth transition, it would be simple if the
replacement identifier on the ID card optical barcode and the magnetic stripe were a
9 digit number. To avoid the possibility of duplicating someone's SSN , 9 digit
numbers unused for SSN s should be used. Nine digit numbers with the first three
digits in the ranges 650 - 699 and 729 - 799 are "unassigned, reserved for future
use" by the Social Security Administration. Those in the range 800 - 999 are "not
valid SSNs. 7
Second, although a new nine digit number is fine as an identifier when
it is optically scanned or read magnetically, students may object to another 9 digit
number which needs to be memorized. A good identifier for less automated
purposes, like filling out administrative forms, might be the seven character global
identifier ( GID ), which is used as a logon name and e-mail address on many
computer systems on campus.
Replacement of the SSN on ID s will obviously have to be phased in. Use of the
SSN on new university ID s should cease by the Spring Quarter of 1999, a time
chosen so that the administration would have experience with the new OASIS
system before the transition to a new identifier, and so that the revised system
would be in place for the incoming students in fall 1999. Replacement ID cards with
the new identifier could be obtained at this time.
III.
On-campus organizations with verification needs should use knowledge of a
Personal Access Code (PAC ), Personal Identification Number (PIN ) or
password, or a check of the actual ID card. Mere knowledge of the SSN
should not be used for verification purposes.
For example, the Library should stop using the ID number as a verifier for Web
access to circulation records. Also, the Division of University Computing should
help make verification via PAC , PIN or password available to all on-campus
organizations, so that students and employees are not saddled with multiple PAC s
and passwords.
IV.
The University should take seriously the intent of the Privacy Act of 1974,
and provide a notification whenever the SSN is requested.
The Privacy Act of 1974, provides (section 7):
(b) Any Federal, State or local government agency which requests an
individual to disclose his social security account number shall inform that
individual whether that disclosure is mandatory or voluntary, by what
statutory or other authority such number is solicited, and what uses will be
made of it.
V.
The ad hoc Committee on Social Security Numbers should be charged with
evaluating the response to the above recommendations, and reporting back
to the University Senate within one year.