Slashdot Mirror

← Back to Stories (view on slashdot.org)

California Court Posts SSNs, Medical Records

Posted by kdawson on from the just-following-the-rules dept.

Lucas123 writes "California's Riverside County Superior Court's Web site is serving up document images containing SSNs and detailed medical records relating to civil cases, according to a couple of privacy advocates. All of the documents are free to anyone who knows where to look for them. 'Searches done on the court's Web site turned up various documents related to civil cases that contained sensitive information. Included were complete tax filings, medical reports pertaining to cases handled by the court, and images of checks complete with signatures as well as account and bank-routing numbers.'"

24 of 117 comments (clear)

  1. Individuals are the only ones who care by rbanzai · · Score: 3, Insightful

    Only YOU care if your information is made public. There is absolutely no reason for any public or private organization to give a shit, and they make that evident over and over. Until it is more cost effective for them to protect the info than to leak it they will continue to do so. And that's never going to happen.

    1. Re:Individuals are the only ones who care by NeutronCowboy · · Score: 2, Interesting

      I think it goes beyond that. In the case of court filings, documents used in the case become public evidence, and as such, are required to be available publicly. At least, that's my understanding.... not sure how that applies to information that would normally be covered under HIPAA or similar privacy laws.

      This is just the tip of the iceberg of the information flood. As much as people hate the idea here, I think that there is a need for a federal ID piece that can be used to positively identify someone, without exclusively relying on information that's publicly available. Yes, there will still be attack vectors available, but there'd be far less. Maybe everybody gets their own private PGP key at birth?

      --
      Those who can, do. Those who can't, sue.
    2. Re:Individuals are the only ones who care by nexuspal · · Score: 2, Interesting

      Yeah lets tie it in with DNA so nobody can forge it! Hell, lets just implant a tiny RFID at birth while we're at it... It's already bad enough people need to fingerprint to use a vehicle, or if you are arrested for any reason, a DNA sample is taken. Lets just start it at birth!

      --
      I've read Slashdot for the last 5 years, and now I start posting... Go figure :-P
    3. Re:Individuals are the only ones who care by TheHorse13 · · Score: 2, Interesting

      A little regulation called HIPAA is supposed to handle this sort of issue. I wonder who will be doing the jail time if it's found that due diligence wasn't followed?

  2. Enter legislation by Nerdposeur · · Score: 3, Insightful

    Until it is more cost effective for them to protect the info than to leak it they will continue to do so.

    Which is why we need legislation that will fine them for releasing that information.

    Another idea would be to demote the person who made the decision to post that stuff publicly to Official Identity Theft Aftermath Cleanup Technician.

    1. Re:Enter legislation by Sparks23 · · Score: 2, Interesting

      Why not just make a law that if someone has leaked your identifying financial information, if you become a victim of identity fraud they can be held responsible? I.e., have to fund the fixing-it-up?

      Doesn't matter if you can't prove /their/ leak is where the information got out. If they leaked and your identity is stolen, they're liable. THAT would work as a deterrent, I think.

      --
      --Rachel
    2. Re:Enter legislation by frosty_tsm · · Score: 4, Funny

      Official Identity Theft Aftermath Cleanup Technician.

      Better would be a demotion to "Public Toilet Cleanup Technician"... "Official Public Toilet Aftermath Cleanup Technician"?
    3. Re:Enter legislation by zymurgyboy · · Score: 4, Informative
      A leak would be one thing; these muppets INTENTIONALLY POSTED this stuff. From TFA:

      But the court's IT director defended the practices, saying that documents are being posted on the Web site in accordance with California laws and that finding data such as Social Security numbers is akin to "finding a needle in a haystack."
      Wow.

      You know, just because something can be done, doesn't mean it is necessarily to be done. This guy may want to take a look at Maryland's case search engine to see an example how someone with some sense would do it. Jeebus.

      --
      If you never make mistakes, it's probably because you're not doing anything.
    4. Re:Enter legislation by jlarocco · · Score: 2, Insightful

      Which is why we need legislation that will fine them for releasing that information.

      WTF? We're in bad shape when a "There should be a law..." post gets rated Insightful

      Making a new law isn't going to help anything. It's against the law to kill people and smoke pot, but it happens all the time. Sure, the companies will pay some tiny fine as punishment, but that doesn't really solve the problem of "Your private info was just given to scumbags".

      The only way to make companies stop losing information is to boycott them on a gigantic scale when they do. When they "misplace" your info and their revenue drops 75%, they'll pay attention and make sure it doesn't happen again.

      I realize getting enough people to boycot is 100x harder than passing a worthless law, but it's the only way that would work. At some point people have to take responsibility for themselves and say "I'm not doing business with a company that will lose my data." If people can't be bothered to avoid unsafe businesses, the businesses aren't going to bother being safe.

      So good luck with your law, but my money is on it not making a difference.

      --
      Maybe not
    5. Re:Enter legislation by icepick72 · · Score: 2

      The problem is when the needles in the haystack are found they are immediately made available to everybody. There's a measure of Internet sensibility that isn't being adhered to. When the medium changes, often the rules need to change too.

  3. Meanwhile.... by Otter · · Score: 3, Interesting
    Meanwhile, in Italy, the outgoing government posts everyone's income and tax data. Deputy Economic Minister Vincenzo Visco bizarrely explains:

    This already exists all around the world, you just have to watch any American soap to see that.
    --
    What I'm listening to now on Pandora...
  4. SCrubing SSN's is not the answer by geekoid · · Score: 3, Insightful

    the answer is to stop using them for credit scores and ID.

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
    1. Re:SCrubing SSN's is not the answer by Bryansix · · Score: 2, Insightful

      This is exactly the correct point. A SSN does tie to a single person but it shouldn't be used to authenticate that the person serving it up really is the person tied to the SSN. Real authentication needs to take place. Shoot, I'd rather have to give my fingerprint if it meant I wouldn't have my identity stolen.

      Furthermore when an ID is stolen, the company that let the theif sign up for credit in someone elses name should be fined and scrutinized for further possible fraud. We need to make the companies who offer credit accountable that they are authenticating people correctly before adding crap onto their credit records.

    2. Re:SCrubing SSN's is not the answer by gd2shoe · · Score: 2, Interesting

      A SSN does tie to a single person...

      This is a common misconception. There are honest duplicates within the system. I'm not talking about the "undocumented worker" down the street. Duplicate SSN's are issued. You need some other information such as a name to make it a unique identifier.

      There are almost 304,000,000 people in the US. If they were unique, that would mean that a third of the total possible SSNs must be used just for the current living population. Count everyone who has died since 1936 (with an SSN), and everyone to be born in the next hundred years, and almost all possible numbers will be taken. I don't think SSNs were designed to be absolutely unique. They claimed they would never be used as identifiers.
      --
      I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.
  5. Easily predicted by NaCh0 · · Score: 2, Insightful

    The more you tell your life to government (and anyone really), the more it will find it's way into general knowledge. This is one of the reasons I'm against any "universal" government program. Heck, it doesn't even have to be medical records. Think back to the recent passport flap with high profile politicians. The government is not looking out for you.

  6. That's why some courts redact such information by davidwr · · Score: 2, Informative

    In some courts, "public" information is routinely redacted. You have to get a court order or be someone special to see the originals.

    This also applies to evidence in criminal cases too. If I defraud 10 people's bank accounts at ACME Bank, those account numbers may be redacted depending on the court and whether the accounts are still active. If I'm on trial for k1dd13 p0rn or stealing nuclear secrets you can bet the main evidence will be sealed from public view.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  7. Government Logic - SB1386 by a-zarkon! · · Score: 2, Interesting

    I love the fact that this is a California court. California being the leader in privacy protection and breach notifications and everything with their landmark SB-1386 legislation.

  8. Court Information is public record by PhreakOfTime · · Score: 3, Informative

    While it is unfortunate that such things as SSN's are being made public, the hard reality is that anything contained in a court record is public information.

    Open access to government is a two way street, and is meant to prevent corruption and give the public a clear view what their government is doing.

    On a side note, my county also publishes court records on the internet that are public information. However, it is limited to the court schedule, case#, charge, and attorney schedule.

    The fact that this schedule is public information is still not a concept some people are aware of. Ive heard stories from court employees of upset people coming in and demanding that their DUI case be taken down from being publicly viewable. Unfortunately for these people, the law says otherwise.

    I even have personal experience in some of the reactions people have to this publicly available information after I posted a link to the county courthouse on one of my websites. A Company called Caton Commercial even went to far as to have their attorney draft a cease and desist letter threatening me with legal action, and demanding that I remove this linked information, and turn over my legal domains to them to stop this 'knowingly libelous' action. Although, Im not sure that they thought through how they were going to present to a judge their case that the courts own website schedule was the source of this so-called libelous information. Like every other company before that has failed to grasp the concept of the internet, all the attention this brought to the linked information was a lovely demonstration of the 'Streisand Effect'. Once again, adding more weight to the phrase 'more dollars than sense'.

  9. Violation of federal law: by Rageon · · Score: 4, Informative
    I can't imagine this will last long, as it's a clear violation of federal law. I work for a court, and we ALWAYS need to redact SSN from every order (unless it's just being disclosed to that specific person). It's against state law here, but also federal. From 42 U.S.C. 405(c)(2)(C)(viii):


    Social security account numbers and related records that are obtained or maintained by authorized persons pursuant to any provision of law enacted on or after October 1, 1990, shall be confidential, and no authorized person shall disclose any such social security account number or related record.

    So I really can't imagine the court can defend this in any way at all.

  10. Amateurs ... by golodh · · Score: 2, Funny
    I'm ashamed of California's state government ... this "disclosure", while well-intentioned, is second-rate and amateurish beyond belief.

    Just to see how it's done, have a look at the way the Italian Government handled things (http://news.bbc.co.uk/1/hi/world/europe/7376608.stm).

    See? Now *that's* what I call disclosure. Those piddly efforts in California don't even come close.

  11. Why do we tolerate the civil court system? by dloyer · · Score: 2, Insightful

    It only exists to make money for lawyers.

    If you have ever been unlucky enough to be involved with a lawsuit, you know how greedy and "entitled" these "officers of the court" are.

    1. Re:Why do we tolerate the civil court system? by Vegeta99 · · Score: 2, Insightful

      So what was I supposed to do about the bitch that hit my car last year, never told her insurance company, and the cops wouldn't do shit about it? Sit on my thumb and rotate? Go blow up her car?

  12. Cost/Benefit. They don't cost, and do benefit. by Behrooz · · Score: 2, Insightful

    Unfortunately, all of the costs of identity fraud are borne by the consumer, while all of the benefits of quick/insecure identification are reaped by the lending industry.

    Strong and secure methods of identification and verification need to make their way into the financial world, but changing the existing infrastructure is expensive, so it isn't going to happen. At least, not until some enterprising individual has their identity stolen and successfully manages to sue the lending industry for fraud...

    --
    "We have to go forth and crush every world view that doesn't believe in tolerance and free speech." - David Brin
  13. Remember kids, wikileaks=wrong, us courts = OK by plasmacutter · · Score: 3, Insightful

    Remember kids, if you are a public interest blog, you are gagged for simply having the POTENTIAL to release this information.

    It's perfectly ok though for the federal government to actually do it.

    --
    VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!