Social Security describes new online public credentialing and authentication process
In an announcement published in today’s Federal Register, the Social Security Administration requested comments and feedback on a proposed information collection method. Specifically, Social Security is exploring what the best way will be to identify citizens who who wish to access more electronic services benefit information online.
NextGov reported the driving need for this system yesterday: Social Security statements will go online …someday. According to Alan Lane, the agency’s associate chief information officer for open government, the agency has are no specific service plans at this time – nor is there a firm deadline for the statements going online. The Federal Register notice has much more detail and is quoted at length below.
Here’s some additional background, before you dive into the announcement below. For an agency like Social Security, taking careful steps into the Information Age isn’t just wise: it’s mandatory. The agency has enormous amounts of confidential data about American citizens. Rushing online holds considerable risks but carefully engaging there will be inevitable if Social Security is to embrace Gov 2.0.
In 2011, the Social Security Administration ranks as the largest government program by dollars paid in the United States federal government. It surpasses even discretionary defense and Medicare/Medicaid spending in the federal budget. As the 21st century dawns, new technology and a mandate for open government from the Obama administration provide an opportunity for the Social Security Administration to “reboot its relationship with the American people,” as its CIO, Frank Baitman, put it last last year.
Whether Social Security can better deliver on its mission through adopting social media, more data, better e-services and mobile technologies is an open question. Authentication and credentialing of citizens online is an important part of that progress. Online identity is a matter of plumbing, so to speak, but getting it right is no less important than real plumbing in a house.
Leaks are potentially catastrophic.
That’s why the United States national strategy for online identity is both complex and worth watching. Citizens and government alike need this to work if e-government services are to match their offline components. Getting this wrong would be disastrous, given the rise of identity theft across the nation.
Given how many more of those citizens will be retiring in the years ahead, providing e-services may not be a “nice-to-have” option. According to Social Security’s estimates, by 2036, there will be almost twice as many older Americans as today, from 41.9 million to 78.1 million. They’ll want to access their information online. Today, we learned a bit more about how the agency is thinking about getting there.
1. Social Security’s Public Credentialing and Authentication
Process–20 CFR 401.45–0960-NEW. Social Security is introducing a
stronger citizen authentication process that will enable a new user to
experience and access more electronic services.
Authentication is the foundation for secure, online transactions.
Identity authentication is the process of determining with confidence
that people are who they claim to be during a remote, automated
session. It comprises three distinct factors: something you know,
something you have, and something you are. Single-factor authentication uses one of
these factors, and multi-factor authentication uses two or more of
Social Security’s new process features credential issuance, account
management, and single- and multi-factor authentication. With this
process, we are working toward offering consistent authentication
across Social Security’s secured online services, and eventually to
Social Security’s automated telephone services. We will allow our users
to maintain one User ID, consisting of a self-selected Username and
Password, to access multiple Social Security electronic services. This
new process: 1) enables the authentication of users of Social
Security’s sensitive electronic services, and 2) streamlines access to
- Issue a single User Identification (ID) for personal,
business, and governmental transactions;
- Offer a variety of authentication options to meet the
changing needs of the public;
- Partner with an external data provider to help us verify
the identity of our online customers;
- Comply with relevant standards;
- Offer access to some of Social Security’s more sensitive
workloads online, while providing a high level of confidence in the
identity of the person requesting access to these services;
- Offer an in-person process for those who are uncomfortable
with or unable to use the Internet registration process; and
- Balance security with ease of use. New Authentication Process Features:
SSA’s new process will include the following key components: (1)
Registration and identity verification, (2) enhancement of the User ID,
and (3) authentication. The registration process is a one-time activity
for the respondents. The respondent provides some personal information,
and we use this to verify respondent identity. Respondents then select
their User ID (Username & Password). Respondents will log in with this
User ID each time they access SSA’s online services. SSA will also
allow respondents to increase the security of their credential by
adding a second authentication factor.
- Social Security Number (SSN)
- Date of Birth
- Address–mailing and residential
- Telephone number
- Email address
- Financial information
- Cell phone number
- Responses to an identity quiz (multiple choice format
questions keyed to specific data identity thieves will not be able to
- Password reset questions
This collection of information, or a subset of it, is required for
respondents who want to conduct business with Social Security via the
Internet or our automated 800 number. We will collect this information
via the Internet on SSA’s public-facing website. We also offer an in-
person identification verification process for individuals who cannot
or are not willing to register online. We do not ask for financial
information with the in-person process. In addition, if individuals opt
for the enhanced or upgraded account, they will also receive a text
message on their cell phones (this serves as the second factor for
authentication) each time they log into SSA’s online services.
This new authentication strategy will provide a user-friendly way
for the public to conduct extended business with Social Security online
instead of visiting the local servicing office or requesting
information over the phone. Individuals will have real-time access to
their sensitive Social Security information in a safe and secured web
Earlier today, however, a mechanical engineer named Claudio Ibarra commented on a Google+ thread that he thought that the animated GIF was a “waste.”
You could spend a long day listing all of the organizations or individuals who are putting government data online, from Carl Malamud to open government activists in Brazil, Africa or Canada.
Putting a dollar value on clean water, stable markets, the quality of schooling or access to the judiciary is no easy task. Each of these elements of society, however, are to some extent related to and enabled by open government. If we think about how the fundamental democratic principles established centuries ago extend today purely […]
In an age where setting up a livestream to the Web and the rest of the networked world is as easy as holding up a smartphone and making a few taps, the United States Supreme Court appears more uniformly opposed to adding cameras in the courtroom than ever.
On January 10th, 2013, the OpenGov Hub officially launched in Washington, DC. The OpenGov Hub has similarities to incubators and accelerators, in terms of physically housing different organizations in one location, but focuses on scaling open government and building community, as opposed to scaling a startup and building a business. Samantha Power, special assistant to […]
The 2012-2013 influenza season has been a bad one, with flu reaching epidemic levels in the United States.
The Open Government Partnership (OGP) has released statistics on its first 16 months since its historic launch in New York City, collected together in the infographic embedded below. This week, Open government leaders are meeting in Chile to discuss the formal addition of Argentina to the partnership and the national plans that Latin American countries […]
The post-industrial future of journalism is already here. It’s just not evenly distributed yet. The same trends changing journalism and society have the potential to create significant social change throughout the African continent, as states moves from conditions of information scarcity to abundance. That reality was clear on my recent trip to Africa, where I […]
Social media was a bigger part of the election season of 2012 than ever before, from the enormous volume of Facebook updates and tweets to memes during the Presidential debates to public awareness of what the campaigns were doing there in popular culture. Facebook may even have booted President Obama’s vote tally.
Pollwatch, a mobile application that enabled crowdsourced poll monitoring, has launched a final version at pollwatch.us, just in time for Election Day 2012. The initial iteration of the app was conceived, developed and demonstrated at the hackathon at the 2012 Personal Democracy Forum in New York City.