The massive data breach at the federal Office of Personnel Management has captured the public’s attention, because of both the sensitivity of the stolen data and the seeming vulnerability of what should be one of our nation’s most secure systems. But the OPM incident, with at least 24 million people affected, is just the latest in a series of alarming data breaches. In the last year or so, JP Morgan (83 million people), the Anthem health-insurance company (80 million people), and Target (70 million people) have also suffered significant breaches. The complete list of known, major data breaches in the past five years could fill this page. The same digital systems that put all of the world’s information at our fingertips can also put all of our private information at the fingertips of criminals.
These data breaches reveal the dark underbelly of the information revolution, especially with respect to government systems. While digitization makes it easier to access, deliver, and streamline government services, it also places vast amounts of personal information on thousands of different government systems of varying age and quality, thereby leaving this information vulnerable to exposure through malfeasance, technical error, or plain old human error. Worse still, because digitization allows for the elimination of in-person contact, it is far easier to fraudulently claim public benefits through the use of stolen identities.
Make no mistake about it: Data breaches and the resulting fraud have reached crisis levels. The negative effects of this crisis are stark: It harms those whose identities are stolen, it robs the social safety net of limited resources, it imposes unwarranted costs on taxpayers, and it undermines public confidence in government.
It is time for government agencies to openly and aggressively confront these issues. We need to enhance data security, but we must also recognize that because there is no such thing as a completely secure system, and because so much data has already been stolen, fraud attempts based on stolen IDs are here to stay. The critical need, then, is to get serious about fighting this fraud.
This is what we are trying to do in Florida, which has become a national hub for the criminals who commit identity theft and benefits fraud. At the Florida Department of Economic Opportunity — the state agency that administers unemployment insurance — we decided to make fighting fraud a top priority after we discovered that the same thieves who were using stolen identities to pilfer federal tax refunds were also defrauding the unemployment system.
The fraud we are seeing in Florida does not consist of the traditional, one-off case in which an ineligible individual knowingly misrepresents his eligibility for unemployment. Instead, fraudulent claims are skyrocketing because organized criminal enterprises have begun attacking public-benefit systems on a daily basis. The U.S. attorney in Miami has said that stolen IDs are the “new crack cocaine” of criminal street gangs. These criminals illicitly access online systems, take identifying information, and steal benefits — often stealing an identity from one system and then using that identity to claim benefits through another system. In most cases, unemployment fraud in Florida is committed by criminals who have stolen identities from sources outside the unemployment system. It can be a lucrative crime: One person successfully filing for unemployment benefits in all 50 states for just one month would steal more than $80,000.
While technology makes public-benefits fraud easier, the good news is that it also provides new tools for fighting such fraud. In early 2014, Florida developed and implemented a digital system that analyzes unemployment-claims data and detects patterns of fraud. The results are revealing. In just 18 months, we’ve identified more than 110,000 fraudulent claims, representing $470 million in potential benefits. (In 2014, Florida paid a total of $840 million in unemployment benefits.)
If robust data analysis were deployed nationally, the amount of unemployment fraud detected would be staggering.
Unfortunately, few government agencies have implemented robust data analysis to actively combat public-benefits fraud. Instead, most anti-fraud efforts rely on front-end electronic identity authentication. While this tool stops some fraud, in our experience criminals quickly learn to circumvent it — they can steal almost all the identifying information necessary to file claims. Indeed, most of the 100,000 fraudulent claims we identified in Florida were filed after implementation of an industry-standard identity-authentication product.
If robust data analysis were deployed nationally, the amount of unemployment fraud detected would be staggering. And unemployment is just the tip of the iceberg: While there are about 2 million active unemployment claims in the United States, there are currently about 46 million people receiving Supplemental Nutrition Assistance Program benefits (food stamps). The potential for fraud is endless, and its ever-increasing costs are borne by taxpayers.
All of this means that more attention, more resources, and new strategies must be deployed to combat this fraud. Experimentation and flexibility are needed because the criminals regularly change their tactics. This need for nimbleness is one of the many reasons that control of safety-net programs should be returned to states, which understand their unique problems and populations and can react more quickly. But so long as most public-benefit programs are federally mandated and controlled, the federal government must commit more attention and resources to fraud prevention. Take one example: Why, during months of relentless advocacy for the extension of Emergency Unemployment Compensation at the end of 2013, did neither the Labor Department nor the White House lend its bully pulpit to focus the public’s attention on fraud? The Obama administration cares more about spending from the public treasury than it does about ensuring that the lock on the safe is secure.
Taxpayers in Florida, and across the nation, need to know that only those who legitimately qualify for public benefits are receiving them. The social safety net cannot afford the cost of the fraud now occurring. If government cannot stop this fraud, the public trust upon which the social safety net rests will collapse.
— Jesse Panuccio, an attorney, was appointed by Florida governor Rick Scott in 2013 as the executive director of the Florida Department of Economic Opportunity.