Planned Food Stamp Recipients Database Sparks Hacking Fears

A proposed database that would collect information about people who receive federal food assistance is coming under fire from advocates for the program who say it would unduly violate recipients’ privacy.

The nationwide database, which would include recipients’ Social Security numbers and income information, would also be a prime target for hackers, critics say.

The database, which is included in House Republicans’ version of this year’s annual farm bill, is one of several measures aimed at raising work requirements and combating fraud among recipients of the Supplemental Nutrition Assistance Program, or SNAP, commonly known as food stamps.

Those provisions contributed to a party-line vote when the bill passed out of the House Agriculture Committee April 18.

The committee’s ranking member, Rep. Collin Peterson, D-Minn., criticized the database in an email to Nextgov, saying Democrats weren’t consulted in drafting the provision and that he’s concerned the recipient data will be stored insecurely.

“I support efforts to further strengthen the integrity of the program, but I have a number of unanswered questions,” Peterson said.

The primary purpose of the SNAP database would be to help states spot people who are receiving benefits in more than one state simultaneously, according to the draft bill. However, states would also be required to submit recipients’ income and employment information, which would be included in annual departmental reports about SNAP participation.

The bill requires the department to “protect the privacy” of SNAP participants, but the agency overseeing SNAP has no experience protecting information as sensitive as Social Security numbers, Peterson noted.

Department reports should also be “made available to the public in a manner that prevents identification of participants that receive [SNAP] benefits,” the bill states.

Collecting that information infringes on recipients’ privacy and leaves them unnecessarily vulnerable if the database is breached, according to some SNAP watchers.

“The goal to avoid duplicate participation in SNAP is a worthy one, but this would go well beyond what is needed for that purpose and would put sensitive information for some 40 million SNAP recipients at risk,” said Dottie Rosenbaum, a senior fellow at the nonpartisan Center on Budget and Policy Priorities.

Critics also argue the database is unnecessary because SNAP dual participation is very low.

A 2015 report funded by the Agriculture Department found dual SNAP participation rates in five southern states hovered between one-tenth of 1 percent and two-tenths of 1 percent. That study, which was conducted by the management consultant Public Consulting Group, only included dual participants within those five states, however. It did not include data from the other 45 states and Washington, D.C.

Those figures preceded an information-sharing pilot program those five states launched to identify dual SNAP participants.  

The states’ success at reducing dual participation varied, the report found. Alabama and Mississippi reduced their dual participation rates by 81 percent, while Florida and Georgia only reduced dual participation by 27 percent.

Agriculture Committee Chairman Mike Conaway, R-Texas, who sponsored the farm bill, declined a Nextgov interview request because of a busy schedule. A spokeswoman for Conaway noted that the Agriculture Department collects and protects extensive data from farmers and that the department consulted with the committee on technical issues.

David Super, a Georgetown law professor who’s studied the database, called that an apples-to-oranges comparison because the SNAP data collection would be much larger than any farmer data set.

About 42 million people received SNAP benefits in 2017, according to Agriculture Department data, while there were 3.2 million U.S. farmers in 2012, the most recent year with data available.

Because SNAP money is supplied by the federal government but distributed by states, the database would also have to be accessed by far more people, each of whom represents a point of vulnerability that could be exploited by hackers, Super said.

“This will be a large database with extremely sensitive personally identifiable information on tens of millions of people,” he said. “It will be widely accessible, which means it’s vulnerable to abuse.”