What private data?
8 comments- TAGS:Barack Obama, data breach, Hillary Clinton, John McCain, passport, privacy
- IT TOPICS:Government & Regulation, Security
It's not clear what information exactly was illegally accessed from the passport records of Senators Barack Obama, Hillary Clinton and John McCain by the three contractors working for the U.S. Department of State. From an official description of what constitutes a passport record, the contractors could have seen anything, including the presidential candidates' Social Security numbers; copies of their birth and baptismal certificates; medical records, personal data and financial reports; and other information. The contractors likely were caught only because they snooped on the wrong records. If it had been a Joe-nobody's record they were looking at, chances are they'd have gotten away with it according to analysts.
Scary as that is, what's scarier, according to privacy advocates, is that a lot of information that most people would consider pretty private is available out there in abundance and legitimately to anyone who wants it. Sometimes for a fee, sometimes for free if you know where to look for it.
Consider this: Yesterday, I read the death certificate of a man who died in April 1994 in Maricopa County, Arizona. He was 43 at the time of his death and had lived in Arizona for 13 years after moving there from Nebraska. He died of cancer of the bowel approximately three years and five months after the initial onset of the disease. An attached copy of a joint tenancy deed informed me that his wife got ownership of their property after his death.
I also read about a former executive of a utility company who died at the age of 85 from a combination of Alzheimer's disease and a "failure to thrive," and about a 75-year-old former engineer from Mesa whose wife got their $96,000 property after he died of cardiac problems in 1998.
I read other stuff as well. Like the final divorce decree document of a couple from Chandler, Ariz., where the wife got to keep custody of the children, as well as the house, the Nissan Armada, the Nissan Sentra and all associated debts. The husband got about $103,000, which was his share of the equity in their home, as well as parenting time with the kids every other weekend starting after school on Friday through Sunday at 3:00 p.m. He also got to spend Christmas and New Year's with the kids on all even-numbered years, while his wife got them on the odd-numbered ones.
I didn't know any of these individuals, but I didn't need to break into any systems to get this information on them, either. All of these details were contained in images of public records that the Maricopa County clerk decided to make available for online access to anybody anywhere in the world who wants to view or purchase them.
Maricopa is just one of numerous county governments in multiple states around the country that are posting copies of public records on their Web sites. The list of document images posted as part of the public record can include copies of property and tax records, motor vehicle information and court files. In some cases, documents relating to military discharges, family court records, juvenile court records and probate law are posted online for all to see. Among the pieces of personally identifiable information that such documents can contain are Social Security numbers, dates of birth, addresses, driver's license numbers, vehicle registration information, height and race of individuals and names and birth dates of minors.
These are all records that by law and by definition are required to be made available to anyone who asks for them. Putting them on the Web has made access easier for businesses that might legitimately need the information, such as title companies. But it has also put the documents within the reach of just about everyone else with Internet access
In Maricopa's case, the county recorder's office had redacted out the Social Security numbers before posting documents online, at least with the ones I saw. Not all county governments do that. In Virginia, 84 of the state's 121 counties post unredacted public documents on their Web sites, according to Betty "BJ" Ostergren, a privacy advocate based in Virginia's Hanover County. Fairfax County alone has more than 30 million online records, about 6 million of them containing Social Security numbers, that can be accessed and downloaded by anyone with an Internet connection by paying a $25 per month subscription fee, Ostergren says. A couple of years ago, Fort Bend County in Texas sold a database containing about 20 million unredacted public records to a Florida company for $2,500. It would have cost that company $1 per record in the county clerk's office.
Ostergren runs a Web site called The Virginia Watchdog, which she has been using for the past few years to highlight the privacy problems that she claims can result from the posting of unredacted public records on county and state government Web sites. She has chronicled dozens of cases in which local governments have inadvertently exposed Social Security numbers and other personal data through their Web sites. She says the practice has made these sites a gold mine for identity thieves.
In addition, it has opened up avenues for all sorts of people-finder and background checking services that for under $50 promise to dig up information ranging from phone numbers and addresses to birth dates, names of household members, home values, incomes, criminal histories and other data. A lot of this is from public records. There are companies in countries like India and the Philippines that have downloaded pretty much all of the public records that are available out there and are now selling that information back to whoever wants it.
Just maybe if the State Department contractors had simply signed up for a service like that, they'd have gotten all of the information they were looking for, and still have their jobs. Who knows?
Print
Email this
Digg this
Slashdot this
