Social Security Administration:
Internet Access to Personal Earnings and Benefits Information
T-AIMD/HEHS-97-123: Published: May 6, 1997. Publicly Released: May 6, 1997.
Additional Materials:
- Full Report:
Contact:
(202) 512-6253
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
GAO discussed the Social Security Administration's (SSA) recent experiences in providing personal benefits estimates to individuals via the Internet, focusing on general privacy and security considerations that federal agencies should address to safeguard any sensitive information made available as a public service via the Internet.
GAO noted that: (1) SSA has recently tried to educate the public about the importance of its programs and availability of information, such as the Personal Earnings and Benefit Estimate Statement (PEBES); (2) as part of this initiative, SSA last year began permitting individuals to request PEBES through the Internet, with the document being sent by mail; (3) according to SSA officials, before taking the step of transmitting PEBES data over the Internet, they spent a year testing and consulting with outside experts, including those in the areas of privacy and computer security; (4) among the security features intended to preserve individual privacy was the requirement for an individual to enter five authenticating elements into the system in order to access the data; (5) on April 9, after public outcry and concerns about the privacy of sensitive information, the Acting Commissioner of Social Security suspended on-line receipt of PEBES data; (6) despite the growth and leap in ease of use, the Internet has inherent security risks because of the way it was designed; (7) computer hackers have for years exploited the security weaknesses of systems connected to the Internet; (8) as a result, the need for secure information systems and networks has never been greater; (9) for most organizations, a prudent approach involves determining an appropriate level of protection, then ensuring that any security breaches that do occur can be effectively detected and countered; (10) this generally means establishing: (a) a comprehensive program with top management commitment, sufficient resources, and clearly defined roles and responsibilities; (b) clear, consistent, and up-to-date security policies and procedures; (c) periodic vulnerability assessments to identify security weaknesses; (d) security awareness training; (e) sufficient time and training for systems administrators and information security personnel; (f) efficient use of automated security tools; and (g) a robust incident-response capability, so that attacks can be detected and a response initiated quickly in order to aggressively track and prosecute the offenders; (11) along with phased testing of "PEBES-By-Mail" and interactive PEBES, SSA took a number of measures that officials believed would adequately safeguard requesters' privacy, the system itself, and the data it contains; and (12) GAO has just initiated its work and therefore cannot yet conclude whether SSA implemented a prudent approach to address the security risks in providing Internet PEBES Service.
Dec 12, 2018
Emergency Communications:
Office of Emergency Communications Should Take Steps to Help Improve External CommunicationsGAO-19-171: Published: Dec 12, 2018. Publicly Released: Dec 12, 2018.
Nov 14, 2018
-
Tribal Broadband:
FCC Should Undertake Efforts to Better Promote Tribal Access to SpectrumGAO-19-75: Published: Nov 14, 2018. Publicly Released: Nov 14, 2018.
Oct 3, 2018
-
Tribal Broadband:
FCC's Data Overstate Access, and Tribes Face Barriers Accessing FundingGAO-19-134T: Published: Oct 3, 2018. Publicly Released: Oct 3, 2018.
Sep 28, 2018
-
Tribal Broadband:
Few Partnerships Exist and the Rural Utilities Service Needs to Identify and Address Any Funding Barriers Tribes FaceGAO-18-682: Published: Sep 28, 2018. Publicly Released: Sep 28, 2018.
Sep 7, 2018
-
Broadband Internet:
FCC's Data Overstate Access on Tribal LandsGAO-18-630: Published: Sep 7, 2018. Publicly Released: Sep 7, 2018.
Jan 9, 2018
-
Telecommunications:
FCC Should Improve Monitoring of Industry Efforts to Strengthen Wireless Network ResiliencyGAO-18-198: Published: Dec 12, 2017. Publicly Released: Jan 9, 2018.
Nov 27, 2017
-
Internet of Things:
FCC Should Track Growth to Ensure Sufficient Spectrum Remains AvailableGAO-18-71: Published: Nov 16, 2017. Publicly Released: Nov 27, 2017.
Oct 30, 2017
-
Emergency Communications:
Overlap and Views on the Effectiveness of Organizations Promoting the Interoperability of EquipmentGAO-18-173R: Published: Oct 30, 2017. Publicly Released: Oct 30, 2017.
Oct 12, 2017
-
Firstnet:
Efforts to Establish the Public-Safety Broadband NetworkGAO-18-187T: Published: Oct 12, 2017. Publicly Released: Oct 12, 2017.
Sep 29, 2017
-
Video Programming:
FCC Should Conduct Additional Analysis to Evaluate Need for Set-Top Box RegulationGAO-17-785: Published: Sep 29, 2017. Publicly Released: Sep 29, 2017.
Looking for more? Browse all our products here
Explore our Key Issues on TelecommunicationsExplore our other Key Issues here
