How Social Security Administration Plans to Protect Your Identity

The Social Security Administration on Friday started looking for vendors to tokenize people’s Social Security numbers on official agency mail.

The tokenization system—which would convert the nine-digit number into a string of random characters that could be decoded by administration officials—would help protect Americans from identity theft and Social Security fraud.

Under a recent law, federal agencies will be largely banned from printing Social Security numbers on government mail after 2022. Using the proposed tool, the administration could tie people to government records without publicly revealing their nine-digit identifier.

According to the solicitation, the tool must generate a different token for every piece of mail the administration sends—even documents going to the same person must have their own unique value. Administration officials need to be able to control the length of the token, and the system must have a way to block certain people from accessing decryption keys.

And it needs to be fast too. On a typical night, officials wrote, the system would be expected to generate nearly 1,400 tokens per second.

In addition to building the system, the selected vendor would provide software patches and updates for a full year after the tool is launched. The administration must also have the ability to decode tokens even if it cuts ties with the vendor.

High-profile data breaches have dumped hundreds of millions of Social Security numbers into the online wilderness in recent years, and cybersecurity experts have long urged the government to explore new ways of verifying citizens’ identity.