Social Security Administration:
Internet Access to Personal Earnings and Benefits Information
T-AIMD/HEHS-97-123: Published: May 6, 1997. Publicly Released: May 6, 1997.
Additional Materials:
- Full Report:
Contact:
(202) 512-6253
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
GAO discussed the Social Security Administration's (SSA) recent experiences in providing personal benefits estimates to individuals via the Internet, focusing on general privacy and security considerations that federal agencies should address to safeguard any sensitive information made available as a public service via the Internet.
GAO noted that: (1) SSA has recently tried to educate the public about the importance of its programs and availability of information, such as the Personal Earnings and Benefit Estimate Statement (PEBES); (2) as part of this initiative, SSA last year began permitting individuals to request PEBES through the Internet, with the document being sent by mail; (3) according to SSA officials, before taking the step of transmitting PEBES data over the Internet, they spent a year testing and consulting with outside experts, including those in the areas of privacy and computer security; (4) among the security features intended to preserve individual privacy was the requirement for an individual to enter five authenticating elements into the system in order to access the data; (5) on April 9, after public outcry and concerns about the privacy of sensitive information, the Acting Commissioner of Social Security suspended on-line receipt of PEBES data; (6) despite the growth and leap in ease of use, the Internet has inherent security risks because of the way it was designed; (7) computer hackers have for years exploited the security weaknesses of systems connected to the Internet; (8) as a result, the need for secure information systems and networks has never been greater; (9) for most organizations, a prudent approach involves determining an appropriate level of protection, then ensuring that any security breaches that do occur can be effectively detected and countered; (10) this generally means establishing: (a) a comprehensive program with top management commitment, sufficient resources, and clearly defined roles and responsibilities; (b) clear, consistent, and up-to-date security policies and procedures; (c) periodic vulnerability assessments to identify security weaknesses; (d) security awareness training; (e) sufficient time and training for systems administrators and information security personnel; (f) efficient use of automated security tools; and (g) a robust incident-response capability, so that attacks can be detected and a response initiated quickly in order to aggressively track and prosecute the offenders; (11) along with phased testing of "PEBES-By-Mail" and interactive PEBES, SSA took a number of measures that officials believed would adequately safeguard requesters' privacy, the system itself, and the data it contains; and (12) GAO has just initiated its work and therefore cannot yet conclude whether SSA implemented a prudent approach to address the security risks in providing Internet PEBES Service.
Nov 24, 2020
-
5G Wireless:
Capabilities and Challenges for an Evolving NetworkGAO-21-26SP: Published: Nov 24, 2020. Publicly Released: Nov 24, 2020.
Oct 30, 2020
-
Telecommunications:
FCC Should Enhance Performance Goals and Measures for Its Program to Support Broadband Service in High-Cost AreasGAO-21-24: Published: Oct 1, 2020. Publicly Released: Oct 30, 2020.
Sep 16, 2020
-
Telecommunications:
FCC Should Take Action to Better Manage Persistent Fraud Risks in the Schools and Libraries ProgramGAO-20-606: Published: Sep 16, 2020. Publicly Released: Sep 16, 2020.
Jun 29, 2020
-
5G Deployment:
FCC Needs Comprehensive Strategic Planning to Guide Its EffortsGAO-20-468: Published: Jun 12, 2020. Publicly Released: Jun 29, 2020.
Jun 25, 2020
-
Broadband:
Observations on Past and Ongoing Efforts to Expand Access and Improve Mapping DataGAO-20-535: Published: Jun 25, 2020. Publicly Released: Jun 25, 2020.
Jun 1, 2020
-
Internet Protocol Version 6:
DOD Needs to Improve Transition PlanningGAO-20-402: Published: Jun 1, 2020. Publicly Released: Jun 1, 2020.
Apr 7, 2020
-
Telecommunications:
Agencies Should Fully Implement Established Transition Planning Practices to Help Reduce Risk of Costly DelaysGAO-20-155: Published: Apr 7, 2020. Publicly Released: Apr 7, 2020.
Mar 4, 2020
-
Telecommunications:
Fully Implementing Established Transition Planning Practices Would Help Agencies Reduce Risk of Costly DelaysGAO-20-458T: Published: Mar 4, 2020. Publicly Released: Mar 4, 2020.
Feb 6, 2020
-
Emergency Alerting:
Agencies Need to Address Pending Applications and Monitor Industry Progress on System ImprovementsGAO-20-294: Published: Feb 6, 2020. Publicly Released: Feb 6, 2020.
Jan 27, 2020
-
Public-Safety Broadband Network:
Network Deployment Is Progressing, but FirstNet Could Strengthen Its OversightGAO-20-346: Published: Jan 27, 2020. Publicly Released: Jan 27, 2020.
Looking for more? Browse all our products here