AUBURN UNIVERSITY SENATE MEETING

Agenda for October 6, 1998

3:10 Broun Auditorium

Call to Order

Approval of Minutes (See Minutes on the Senate Home Page)

Announcements

a. President William Muse

b. Senate Chair and Commission Report: Dr. Glenn Howze

c. Task Force: Dr. Barry Burkhart

Committee Reports:

a. Priorities Committee Report /Dr. William Walker

b. Ad Hoc Committee on Social Security Numbers /Dr. James Hanson

c. Research Career Ladder Positions / Dr. Jo Heath

Other Items:

a. Presentation by School of Nursing/ Dr. Terri Brower

Adjournment

_____________________________________________________________________

UNIVERSITY SENATE ATTENDANCE FORM

________________________________representing __________________________

(Name) (Department or Unit)

(Check here if serving as a substitute for ____________________________________

(Name of Senator)

PLEASE PLACE THIS FORM IN THE ATTENDANCE BOX

Report to the University Senate by the Ad Hoc Committee on

Social Security Numbers

Approved by the Ad Hoc Committee on

24 September 1998.

To Be Presented to the University Senate

Committee Members:

James D. Hanson, Physics [Chair]

Marcia Boosinger, Library

Brad Buck, 01PM

John Fletcher, Registrar

Chris Newland, Psychology

Ad Hoc Committee on Social Security Numbers

At its 12 August 1997 meeting, the University Senate passed a resolution to form an

ad hoc committee to study and make recommendations regarding the use of Social Security

numbers ( SSN ) at Auburn University. At its meeting of 13 October 1997, the Student

Government Association passed a resolution that called for the university to discontinue its

use of SSN s as a means for identifying students. On 9 February 1998, then University

Senate Chair D. Gary Swanson appointed the Ad Hoc Committee on Social Security

Numbers. The committee first met on 9 April 1998, and subsequently met eight more times

in the spring, summer and fall quarters.

Identification and Verification

In thinking about the use of SSN s on campus, it is helpful to differentiate between two

classes of uses of the SSN ; identification and verification. The SSN is used as identification

when answering a question like "Which John Smith are you? (There are 14 of them on

campus)." or "Are you John Smith, or Ian Smythe? (Your handwriting is tough to read)".

Listing a student's SSN next to their name on class rolls is an identification usage of the

SSN . The use of the SSN as a unique identification in employee records is another example.

The SSN is used as verification when answering a question like "You say you are

Conrad Hipplewhite, but how can you convince me that you aren't an impostor? Do you

know Conrad Hipplewhite's SSN ?" The library's use of SSN on the Patron Information

form on the Web is partly for identification (which patron?) but is also used for

verification, since the charged items for a given patron are not publicly available, and no

additional verification, like a password, Personal Access Code ( PAC ), or Personal

Identification Number ( PIN ) is required.

SSN Usage at Auburn University

All current Auburn University students and employees have an identification ( ID ) card,

which contains a photograph and identifying information such as name, SSN , optical bar

code, and magnetic stripe. Some affiliated persons (such as faculty children who use the

swimming pool and local citizens who have requested library borrowing privileges) also

have identification cards with SSN s on them.

The optical bar code has 12 digits encoded: the first two are a library classification of

the patron type, the next nine are the SSN, and the last is an ID card issue code, which

tracks the replacement ID cards which have been issued. The magnetic stripe has 13 digits

encoded: the first nine are the SSN, the next is the ID card issued code, and the last three

digits are a facility code which identify the card as an Auburn University ID card.

The ID card is used many places on campus:

1) The optical bar code of the ID card is scanned when checking books from the

library.

2) The ID is retained by the lifeguard during open swim at the Aquatics Center.

3) In the Tiger Club Program, the ID is used as a charge card on campus and at

local merchants. Data entry terminals for the Tiger Club read the magnetic stripe

on the ID card.

4) The Athletic Department scans the magnetic stripe of student ID cards on entry

to home football games.

5) All male visitors to female dorms turn in ID s at the dormitory desk.

The SSN is also used many places on campus:

1) Recreational Services requires the use of the SSN for equipment usage.

2) The DUC Hotline asks for callers' SSN .

3) Class rolls distributed to faculty have the students' SSN numbers listed.

4) In some classes, students are asked to write their name and SSN on a sheet of

paper which is passed around.

5) Some professors post class grades, identified by the full or partial SSN of the

student.

6) The campus police ask for the SSN when one inquires about parking tickets.

7) Many administrative offices ask students for their SSN .

8) The admission application form asks for the prospective student's SSN .

9) The AIMS student information system, available to faculty and academic staff,

shows the student's SSN .

10) The library's Inter-Library Loan request form on the Web asks for the SSN .

11) The library's Patron Information form on the Web, which shows the items that

a patron has checked out from the library, requires the patron's SSN .

We draw two conclusions from the above lists of ID and SSN usages on campus. First,

it would be relatively easy for an unscrupulous person to obtain students' Social Security

numbers. Second, a student's SSN is a weak and insecure form of verification.

The two major databases on campus that use SSN s are the student records database,

and the employee records database, representing the primary sources of student and

employee information. Both databases are being upgraded. The student database ( OASIS ) is

to be operational in the fall of 1998, with the upgraded employee database to follow. The

upgraded databases will be supplied by the same vendor, so integrating the two databases

(to deal with student-employees) will be easier. Both databases use a nine-digit

identification field that is assumed to be the SSN . Other databases on campus generally

acquire identifying information from these two databases. For example, the library patron

database receives regular updates regarding new patrons from these two databases.

The use of the SSN is required by law for employees, for Internal Revenue Service

( IRS ) and Social Security reporting purposes. The SSN in the student database is used as a

key for the matching of ACT , SAT , and other test scores with applicants. Also, with the

start of the new federal HOPE scholarship program, the university will have to issue IRS

forms for each student, and these IRS forms will require the use of the student's SSN .

Thus, the SSN cannot be abandoned as an identifier in either the student or in the employee

database.

Problems with SSN Usage

There are two main problems associated with widespread use of SSN s on campus: 1)

the protection of the privacy of students and employees, and 2) compliance with the legal

requirements of two federal laws, the Family Educational Rights and Privacy Act, (often

referred to as FERPA ), and the Privacy Act of 1974.

Personal Privacy and Identity Theft

The knowledge of a person's SSN can provide access to private, financial or other

important information about that person, and many people feel very strongly that this

information should not be readily available to others. Therefore, they do what they can to

minimize knowledge by others of their SSN . For example, five to ten students each year

make a special request that their student ID number not be their SSN . This option is nowhere

advertised to students, and it takes quite a bit of resolve for a new student to follow through

to get this done. (Such requests are accommodated). Other examples include: a professor

who will not check books out of the library, because to do so, he must display his ID card,

with SSN printed on it, to the library worker; a professor who has generated fake SSN s for

his children's ID cards; and an administrator who, when calling the DUC hotline, merely

repeats his name when asked for his SSN . Many other students and faculty would avail

themselves of the opportunity to conceal their SSN s, if it were easy to do so.

Ready availability of one's SSN can lead to severe financial losses, through the crime

of identity theft - the act of stealing a person's good name to commit fraud. It is a

phenomenon that appears to be increasing in frequency. 1-3 The thief, using the victim's

name and SSN , applies for credit cards, loans, mortgages, cellular phone services, bank

accounts, etc., in the name of the victim. A change of billing address keeps the victim from

being aware of this activity. The thief doesn't make payments, and the victim is left to deal

with the debts and ruined credit rating.

One method to deter identity theft is to make it more difficult to acquire the potential

victim's SSN . Indeed, the Federal Trade Commission counsels those concerned about

identity theft: "Give your Social Security number only when absolutely necessary. Ask to

use other types of identifiers when possible." 4

Legal Issues

Two federal laws relate to the uses of SSN s at Auburn University. The first is the

Privacy Act of 1974, which provides (section 7):

(a)(1) It shall be unlawful for any Federal, State or local government agency to deny

any individual any right, benefit or privilege provided by law because of such

individual's refusal to disclose his social security number.

. . . . . .

(b) Any Federal, State or local government agency which requests an individual to

disclose his social security account number shall inform that individual whether that

disclosure is mandatory or voluntary, by what statutory or other authority such

number is solicited, and what uses will be made of it.

The second federal law which relates to the use of SSN s at Auburn is the Family

Educational Rights and Privacy Act, ( FERPA ), which provides:

No funds shall be made available under any applicable program to any educational

agency or institution which has a policy or practice of permitting the release of

education records (or personally identifiable information, as defined in paragraph (5)

of subsection (a) of this section) of students without the written consent of their

parents to any individual, agency, or organization, other than to the following - ....

20 U.S.C. § 1232g(b)(1).

The statute goes on to list nine categories of persons to whom education records and

personally identifiable information may be released. 5 Social Security numbers are

considered to be education records and personally identifiable information under FERPA .

In a 1992 court case, Krebs v. Rutgers, 5 a group of students sued Rutgers University

over its use of SSN s as student ID numbers. The practices of Rutgers with respect to SSN s

were remarkably similar to Auburn's current practices: SSN s were printed on ID cards and

on class rolls, used for a wide variety of everyday transactions, and sometimes used for

posting of grades.

The judge granted a preliminary injunction to the students, prohibiting Rutgers from

disseminating class rosters with student names and SSN s, using FERPA for justification.

Since the law suit, Rutgers University no longer puts SSN s on student identification cards 6 .

The judge also ruled that the Privacy Act did not apply to Rutgers, as Rutgers is not a

government agency, but some details of the judge's argument were specific to Rutgers'

status as a New Jersey state agency. The Privacy Act of 1974 could apply to Auburn,

however, since Auburn's status as a state agency is substantially different from Rutgers.

The matter is in dispute. If the Privacy Act does apply to Auburn, then Auburn's practices

with regard to SSN s are in violation of that law, because a Privacy Act notification is not

given when a request is made for the SSN .

Recommendations

The committee makes the following recommendations:

I.    The University Administration should educate faculty and staff about their

responsibilities under the Family Educational Rights and Privacy Act,

( FERPA ) to protect sensitive student information such as Social Security

numbers (SSN s).

Possible mechanisms include a short memo to all faculty and staff, and a

document on the Web with a substantial and detailed discussion of FERPA

responsibilities. We note that the section of the Auburn University Bulletin on

Student Records (pages 26-28) deals with FERPA requirements.

II. The University should phase out all non-confidential uses of the Social

Security number (SSN ), and adopt one or more alternate identifiers.

a) The SSN should not be printed on, or included on the magnetic stripe or

optical barcode, of university identification (ID ) cards.

b) The SSN should not be listed on class rolls.

c) The SSN should be available on the student database, only to those very

few who need to know it. (Faculty do not need to know the SSN of a

student.)

d) The SSN of students and employees should not be distributed to on-campus

organizations unless there is a clear necessity for the use of the

SSN . All distributions of SSN s should be accompanied by a requirement

that the recipients of the SSN s treat them as confidential information and

not transmit them to third parties.

e) On-campus organizations should not ask students or employees for

SSN s, unless there is a clear necessity for the use of the SSN . On-campus

organizations that collect SSN s should treat them as confidential




Note that this recommendation is not meant to preclude necessary uses of the

SSN such as those internal to the student or employee databases, or required for

IRS, Social Security and Hope Scholarship purposes. Activities that make a

student's SSN known to only a very few clerical staff, such as matching admissions

test scores with applicants' files, would not be affected by this recommendation.

The new identifier or identifiers which will be adopted must be linked to

existing databases. We do not have the technical knowledge to make a

recommendation as to how this should be done. However, we do note items that

should be considered. First, to enable a smooth transition, it would be simple if the

replacement identifier on the ID card optical barcode and the magnetic stripe were a

9 digit number. To avoid the possibility of duplicating someone's SSN , 9 digit

numbers unused for SSN s should be used. Nine digit numbers with the first three

digits in the ranges 650 - 699 and 729 - 799 are "unassigned, reserved for future

use" by the Social Security Administration. Those in the range 800 - 999 are "not

valid SSNs. 7

Second, although a new nine digit number is fine as an identifier when

it is optically scanned or read magnetically, students may object to another 9 digit

number which needs to be memorized. A good identifier for less automated

purposes, like filling out administrative forms, might be the seven character global

identifier ( GID ), which is used as a logon name and e-mail address on many

computer systems on campus.

Replacement of the SSN on ID s will obviously have to be phased in. Use of the

SSN on new university ID s should cease by the Spring Quarter of 1999, a time

chosen so that the administration would have experience with the new OASIS

system before the transition to a new identifier, and so that the revised system

would be in place for the incoming students in fall 1999. Replacement ID cards with

the new identifier could be obtained at this time.

III. On-campus organizations with verification needs should use knowledge of a

Personal Access Code (PAC ), Personal Identification Number (PIN ) or

password, or a check of the actual ID card. Mere knowledge of the SSN

should not be used for verification purposes.

For example, the Library should stop using the ID number as a verifier for Web

access to circulation records. Also, the Division of University Computing should

help make verification via PAC , PIN or password available to all on-campus

organizations, so that students and employees are not saddled with multiple PAC s

and passwords.

IV. The University should take seriously the intent of the Privacy Act of 1974,

and provide a notification whenever the SSN is requested.

The Privacy Act of 1974, provides (section 7):

(b) Any Federal, State or local government agency which requests an

individual to disclose his social security account number shall inform that

individual whether that disclosure is mandatory or voluntary, by what

statutory or other authority such number is solicited, and what uses will be

made of it.

V. The ad hoc Committee on Social Security Numbers should be charged with

evaluating the response to the above recommendations, and reporting back

to the University Senate within one year.