NHTSA Complaint Database Oozes Personal Data

← Back to Stories (view on slashdot.org)

NHTSA Complaint Database Oozes Personal Data

Posted by timothy on Friday June 4, 2010 @02:55PM from the now-that-sounds-jes-disgustin' dept.

EWNiedermeyer writes "Are your name, address, date of birth, driver's license number and Social Security number publicly available online? If you've been involved in an accident, they might be and you would never know. The Department of Transportation's National Highway Traffic Safety Administration solicits defect complaints from the public, which are hosted on NHTSA's public database. There are about 792,000 of these complaints currently online, and as the video at the link proves, many of them are improperly redacted. As a result, the most personal information imaginable is available to anyone who takes the time to troll the database. This is a clear violation of the Privacy Act of 1974, and NHTSA needs to shut down the database until it can control the personal data stored there."

62 comments

Min score:

Reason:

Sort:

Typical by OrwellianLurker · 2010-06-04 14:57 · Score: 0, Flamebait

The US government can't get anything right! Oh, what's that? This is an article about the Canadians? Well, we shouldn't let the facts get in the way of an opening to deride the US government.

--
'Political power grows out of the barrel of a gun.' - Mao Tse-tung
1. Re:Typical by Anonymous Coward · 2010-06-04 15:01 · Score: 0
  
  Government can't get anything right. There, happy?
2. Re:Typical by Adambomb · 2010-06-04 15:03 · Score: 2, Funny
  
  http://www.dot.gov/pia/nhtsa_artemis.htm
  what?
  
  --
  Ice Cream has no bones.
3. Re:Typical by Ethanol-fueled · 2010-06-04 15:06 · Score: 5, Informative
  
  They've been aware of the problem for 12 years, but the fixes are still working their way through the bureaucracy. Only 34 more reviews and rubber-stamps to go.
Er, no.... by brunes69 · 2010-06-04 15:01 · Score: 5, Informative

The guy who discovered and reported the leak is a Canadian. The NHSTA is a US Government agency, it is not a Canadian agency. So not only is the government leaking sensitive information, it took a foreigner to discover and disclose it. Embarrassment all around today.
1. Re:Er, no.... by PRMan · 2010-06-05 02:28 · Score: 1
  
  All of us in this country knew about it already, but we don't want to get in trouble for harassing a government employee through e-mail. You can get arrested for that, you know.
  And to make a video of a public official screwing up? That really takes guts...
  
  --
  Peter predicted that you would "deliberately forget" creation 2000 years ago...
2. Re:Er, no.... by cawpin · 2010-06-05 02:40 · Score: 1
  
  I'm not really sure what his point is with the first example, a search warrant. A search warrant is a police record and is public information. Anyone can go to the police department and look at them. Granted, being on the internet makes it easier and I'm not sure why NHTSA has it in THEIR database but that isn't the issue he's talking about. Another example, the coroner's report, is also public record after it is filed I believe. A person's name, who is already dead, is not a protected item with regard to privacy.
3. Re:Er, no.... by quanticle · 2010-06-05 03:27 · Score: 1
  
  His complaint wasn't that the search warrant was posted online. I think you and I can both agree that greater transparency in government documents is a good thing. The complaint is that information that has no relevance to the matter at hand and which could be used to harm the person in question was posted. I mean, sure, its in the public interest to know that a search warrant was executed. Its not in the public interest to know the date of birth and social security number of the person it was posted against.
  
  --
  We all know what to do, but we don't know how to get re-elected once we have done it
4. Re:Er, no.... by cawpin · 2010-06-05 03:37 · Score: 1
  
  I understand what his complaint was. My point is, anyone can go to the PD where it is recorded and look at it, un-redacted.
Yes, it's bad. by gillbates · 2010-06-04 15:04 · Score: 5, Informative

But a large part of the problem is that too many institutions consider the combination of a name and a number to be proof of identity. Take away this, and it's not nearly as problematic.
Yes, it's bad. But anyone willing to pay a hundred bucks to register a corporation in Illinois can buy practically the same information from the DMV.

--
The society for a thought-free internet welcomes you.
No more access by clang_jangle · 2010-06-04 15:05 · Score: 5, Informative

Seems NHTSA has stopped access to it now, according to Edward Niedermeyer's latest at TTAC.

--
Caveat Utilitor
Including your SSN? by brunes69 · 2010-06-04 15:06 · Score: 2, Insightful

Why would the DMV even have your SSN?
1. Re:Including your SSN? by skids · 2010-06-04 15:16 · Score: 4, Informative
  
  To verify your citizenship status. It's required on the license application/renewal form in my state. They were actually using the SSN as the drivers license number a couple decades ago.
  Any vehicle-related bureaucracy seems to get the lowest level of IT/administrative talent. Salaries must really suck or something.
  Though I do have to say despite continuing to lag behind the curve, they are definitely improving over time on some levels.
  
  --
  Someone had to do it.
2. Re:Including your SSN? by blackraven14250 · 2010-06-04 16:09 · Score: 0
  
  Any vehicle-related bureaucracy seems to get the lowest level of talent. Salaries must really suck or something.
  FTFY.
3. Re:Including your SSN? by cosm · 2010-06-04 16:32 · Score: 3, Informative
  
  I work as a software developer in public safety, and SSN's are an integral part our some of our NCIC queries. Your a body with a number.
  
  --
  'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
4. Re:Including your SSN? by drsmithy · 2010-06-04 16:40 · Score: 2, Informative
  
  Why would the DMV even have your SSN?
  AZ, at least, requires it (or a damn good reason why you don't have one - eg: immigrant w/o a work permit) to get a license.
5. Re:Including your SSN? by Anonymous Coward · 2010-06-04 16:42 · Score: 3, Insightful
  
  Our governments are so caught up in power grabbing that it's ridiculous at this point. Citizenship doesn't have anything to do with one's ability to drive safely. Driver's licenses should be about the latter. By turning the DMV into a checkpoint for citizenship you ensure, not that the DMV is going to catch all the aliens, but that all the aliens are going to avoid the DMV. This guarantees a significant level of unlicensed, uninsured drivers on the streets. Talk about a self-fulfilling prophecy: Oh nos, all these illegal aliens are driving around crazy and uninsured! We have to catch them any way we can and get rid of them!
6. Re:Including your SSN? by AHuxley · 2010-06-04 17:05 · Score: 2, Interesting
  
  They might be wanting to slowly build up to the idea of a
  http://en.wikipedia.org/wiki/100_point_check with local characteristics.
  Layers of interconnected databases, public and private that light up as you interact with or buy into something eg a mobile phone.
  It started with banking in Australia. In the US it might be the DMV?
  
  --
  Domestic spying is now "Benign Information Gathering"
7. Re:Including your SSN? by Michael+Kristopeit · 2010-06-04 17:49 · Score: 2, Insightful
  
  a couple decades ago they also printed on the stub of the social security card that you should always keep the card with you... then the text changed to you should never keep the card with you. stupid government.
8. Re:Including your SSN? by Anonymous Coward · 2010-06-04 17:50 · Score: 0
  
  I'm far more confused by this statement in the summary
  
  As a result, the most personal information imaginable is available to anyone who takes the time to troll the database.
  
  the most personal information imaginable
  Oh, really? Can I find someone's porn files, passwords to internet sites, the number of times/ages when they've wet the bed, exactly how many times they've vomited on a close friend, how many times they committed...embarrassing sexual dalliances, or other such information?
  No means this is slightly fear mongering. The fear should be there, but do we need the mongering?
9. Re:Including your SSN? by Anonymous Coward · 2010-06-04 18:01 · Score: 0
  
  The IT folks are probably getting over-ridden by their manager/supervisor... who hasn't bothered to think through the ramifications of what they're having their employee's do...
10. Re:Including your SSN? by hymie! · 2010-06-05 01:27 · Score: 1
  
  Back when I lived in New York, I had a Taxi Driver's license. They required SSN for this. That was, oh, 1990-ish?
11. Re:Including your SSN? by cawpin · 2010-06-05 02:41 · Score: 1
  
  No they don't.
12. Re:Including your SSN? by azrider · 2010-06-05 02:59 · Score: 3, Informative
  
  To verify your citizenship status.
  
  Wrong. The reason for your SSN being collected is Child Support Enforcement.
  
  --
  And ye shall know the truth, and the truth shall make you free.
  John 8:32(King James Version)
13. Re:Including your SSN? by quanticle · 2010-06-05 03:35 · Score: 1
  
  Yes, but unfortunately, the drivers license has evolved from a simple "I'm licensed to operate a motor vehicle" document to a generalized proof of identity. The national ID card act proposed by the previous administration would have gone even farther in this direction.
  In fact, the elderly, who often give up their driver's license, can have trouble proving their identity, because they no longer have access to the most readily accepted identity document in the US: a state drivers' license.
  
  --
  We all know what to do, but we don't know how to get re-elected once we have done it
14. Re:Including your SSN? by Kevin+Burtch · 2010-06-06 05:54 · Score: 1
  
  You've just described South Florida, and the reason why our car insurance is among the most costly in the nation (we're back and forth at the top over the years with New York and California).
  Remember the "don't go to work" protest against the politicians who wanted to round up and deport all illegal aliens back in 2006? (if not, google "Un Dia Sin Inmigrantes") The day collectively called in sick? The freeways during rush hour down here were as empty as 4am on a Sunday!
  If it's not obvious, I agree with the person to which I'm replying - Drivers Licenses should be just that, but are instead being used in ways that are detrimental to the original purpose.
  Florida has increased the difficulty in getting a driver's license, but not in a way that matters to its purpose. Check out the blue box at the bottom of this page: http://www.flhsmv.gov/html/dlnew.html
  Why do I say that it's not a change that matters to its purpose? Because the "driving test" they only put those under 18 though consists of driving through a parking lot! Seriously! (if you're over 18, you don't get tested)
  For an eye-opener, google "rudest drivers in America".
  I took the test in FL during a summer vacation before I had my MI driver's license... in Michigan, I had to drive though some very confusing and highly congested rush-hour traffic in the middle of Pontiac for my driver's test. Quite a contrast.
  A (poorly) trained monkey could get a driver's license in FL, but only if he had enough proof of identity!
  
  --
  - Preferences: Solaris 10 (servers), Ubuntu (desktops), Solaris 11 (personal servers) -
15. Re:Including your SSN? by Kevin+Burtch · 2010-06-06 06:11 · Score: 1
  
  Not sure if your state lacks them, but Florida has State ID cards for those who can't get or don't want a driver's license. This is primarily used by those who've lost their licences to excessive DUI/DWI convictions (common here in a state with drive-through beer & liquor stores).
  
  --
  - Preferences: Solaris 10 (servers), Ubuntu (desktops), Solaris 11 (personal servers) -
16. Re:Including your SSN? by Anonymous Coward · 2010-06-07 04:57 · Score: 0
  
  no, that's just the only reason that currently gets SSN collection past the voters.
OK, OT, but government is alway inefficient... by NotQuiteReal · 2010-06-04 15:28 · Score: 4, Funny

Look, even the State of NY couldn't simply take a cut of horse racing bets without losing money.

--
This issue is a bit more complicated than you think.
1. Re:OK, OT, but government is alway inefficient... by Anonymous Coward · 2010-06-04 17:47 · Score: 0
  
  seriously - if YOU had a government license to be a legal bookie, how could you lose money?
2. Re:OK, OT, but government is alway inefficient... by Anonymous Coward · 2010-06-07 04:04 · Score: 0
  
  seriously - if YOU had a government license to be a legal bookie, how could you lose money?
  Let the government run it.
Well, just make sure by Anonymous Coward · 2010-06-04 15:52 · Score: 0, Funny

That you never get into an accident. If you do, then you must accept that it's just god punishing you for being evil
1. Re:Well, just make sure by cosm · 2010-06-04 16:29 · Score: 2, Funny
  
  That you never get into an accident. If you do, then you must accept that it's just god punishing you for being evil
  If thats the case for an errant mistake of judgment, what is are the biblical ramifications of immoral activities? By your standards all politicians and murderers should have already spontaneously combusted and turned into piles of dog turds that are succinctly eaten by a pack of rabid grues. If only...
  
  --
  'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
2. Re:Well, just make sure by DarwinSurvivor · 2010-06-04 17:05 · Score: 1
  
  I think you need to get your sarcasm detector checked out...
3. Re:Well, just make sure by Zancarius · 2010-06-05 04:27 · Score: 1
  
  If thats the case for an errant mistake of judgment, what is are the biblical ramifications of immoral activities? By your standards all politicians and murderers should have already spontaneously combusted and turned into piles of dog turds that are succinctly eaten by a pack of rabid grues. If only...
  Perhaps the politicians are our punishment for voting for them.
  
  --
  He who has no .plan has small finger. ~ Confucius on UNIX
4. Re:Well, just make sure by Anonymous Coward · 2010-06-05 10:32 · Score: 0
  
  Perhaps the politicians are our punishment for voting for them.
  No, they are your punishment for not voting. You are registered right?
not only SSN, fingerprints also by Anonymous Coward · 2010-06-04 15:54 · Score: 0

this in california
So.... by Anonymous Coward · 2010-06-04 15:55 · Score: 0

Things should be blackened oot, eh?
1. Re:So.... by MichaelSmith · 2010-06-04 20:20 · Score: 1
  
  Things should be blackened oot, eh?
  Yes, just set the foreground and background to the same colour. These guys are amateurs.
  
  --
  http://michaelsmith.id.au
Why is redaction so hard? by Anonymous Coward · 2010-06-04 16:36 · Score: 0

There are SO many tools to offer idiot-resistant redaction that it almost amazes me how stuff can still get out:
1: Most databases offer views, that can easily block out sensitive tables.
2: Office 2003 and 2007 have redaction tools available.
3: Adobe Acrobat has redaction under the Advanced menu.
4: Everyone knows the trick of printing out stuff, covering it with black permanent marker or opaque papers, then photocopying it to make sure the data is obfuscated.
And these are just off the top of my head. There is no excuse for failing to protect data.
1. Re:Why is redaction so hard? by AHuxley · 2010-06-04 17:15 · Score: 3, Funny
  
  excuse for failing to protect data:
  The backend computer system is dumb, slow, old and badly coded, but connects flawlessly with other backend computer systems state wide and federally.
  All the staff understand the gui.
  It was built and contracted to a faith based firm that gives to both parties and has deep roots in the local community.
  Many public, private and dark databases like the current system and lax data protection laws.
  You entered the data freely, now it belongs to anyone with a database, no questions asked.
  
  --
  Domestic spying is now "Benign Information Gathering"
2. Re:Why is redaction so hard? by quanticle · 2010-06-05 03:45 · Score: 1
  
  The problem isn't so much lack of redaction tools as it is the volume and quality of data coming in. NHTSA probably gets thousands of documents a month, and, if the cited documents are any example, they're usually poorly scanned PDFs or JPEGs. To go through manually and redact all personal data from all those documents would be very expensive and time consuming. So, of course, no sensible manager is going to allocate personnel to the task until it becomes an actual problem. This isn't a government problem, nor is it a private industry problem. Its a problem with management in general.
  
  --
  We all know what to do, but we don't know how to get re-elected once we have done it
Are people with EZ-pass / I-pass on that list as w by Joe+The+Dragon · 2010-06-04 17:36 · Score: 0, Offtopic

Are people with EZ-pass / I-pass on that list as well?
Trolling the database? by YourExperiment · 2010-06-04 19:39 · Score: 4, Funny

As a result, the most personal information imaginable is available to anyone who takes the time to troll the database
Hey, database! You know what I SELECTed * FROM last night? Yo momma!
According to the usual logic in these cases... by OpenSourced · 2010-06-04 20:20 · Score: 2, Interesting

Slashdot is the culprit now, for pointing out where the data was to be found.

--
Rome taught me patience and assiduous application to detail. Virtues which temper the boldness of great, general views.
No, it's propaganda by Anonymous Coward · 2010-06-04 21:12 · Score: 0

Insightful comment on that website
Telegraph Road
June 3rd, 2010 at 8:59 pm
I find it hard to believe NHTSA's database contains names, VINs, and other confidential information from real folks. I thought it only contained made-up information from UAW allies trying to make Toyota or NHTSA look bad. Maybe I need to get my information elsewhere.
Proof of identity by dingram17 · 2010-06-05 00:32 · Score: 1

I've never been to the US, but something confuses me about the SSN.
How can a number that you are required to give to every man and their dog (driver licence, student enrolment etc.) even be considered secret enough that it proves ID?
Perhaps the (ab)use of the SSN is why the Australian Government specifically prohibit the use of a tax file number as an identifier by anyone other than the Tax Office and only financial organisation have the right to ask for it (and none can compel, but they have to tax high if you don't give the number over). The driver licence number has become a default ID number here, and although most credit application forms ask for it I've still got new credit without including my licence number.
Security through obscurity by Oxford_Comma_Lover · 2010-06-05 03:07 · Score: 2, Insightful

> Slashdot is the culprit now, for pointing out where the data was to be found.
Philosophically, most of slashdot is against security through obscurity, so occasionally an article will pop up saying to everyone in the neighborhood "Hey, look everyone! These fifty thousand front doors are open, even though you might not have noticed driving by!"
I'm not sure whether it's because slashdotters want to incentivize fixing the system or whether they just want to point out how badly it's designed and implemented. (The latter is pointing to an absurdity, the former is sometimes a consequence of the latter, but the latter would also meet other instrumental objectives, such as mockery or intellectual interest.) Probably a combination.

--
-- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
1. Re:Security through obscurity by Anonymous Coward · 2010-06-05 05:36 · Score: 0
  
  Or maybe simply a desire to be secure because they are probably affected by the problem pointed out? Don't look so deeep when the subject matter is rather shallow, like a government agency breaking their own laws.
Some States issue Licenses by Zancarius · 2010-06-05 04:24 · Score: 2, Insightful

This guarantees a significant level of unlicensed, uninsured drivers on the streets. Talk about a self-fulfilling prophecy: Oh nos, all these illegal aliens are driving around crazy and uninsured! We have to catch them any way we can and get rid of them!
I live in a state (New Mexico) that issues drivers licenses to illegal immigrants. It has no effect on the number of uninsured drivers; in fact, our premiums are generally much higher here than anywhere else precisely because you're more likely to get into an accident with an uninsured driver. We're also a border state.
I think the rate of uninsured drivers has far more to do with the fact that we're one of the poorest states in the union than it does with whether we issue driver licenses to immigrants or not. That we're a border state means we're more likely to have uninsured immigrants (hint: not surprising). It doesn't mean there's a correlation, so I think your point is moot. Issuing driver licenses to illegals has absolutely no net change on the number of insured drivers. It only guarantees that they're more likely to be licensed (which doesn't really matter if they rear-end you and they're uninsured, because your insurance has to foot the bill anyway, and as a result everyone's premiums keep going up).

--
He who has no .plan has small finger. ~ Confucius on UNIX
HAH! I'll do you one better by way2trivial · 2010-06-05 13:18 · Score: 1

I employ others.
one 'gentrified' employee had a decades old card that said
"for social security purposes not for identification"
my how times have changed....

--
every day http://en.wikipedia.org/wiki/Special:Random
Why the hell does NHTSA have SSNs at all? by John+Hasler · 2010-06-05 15:22 · Score: 1

n/t

--
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Stupid journalistic hyperbole. by RockDoctor · 2010-06-06 05:33 · Score: 1

As a result, the most personal information imaginable is available to anyone who takes the time to troll the database.
So, this complaint database contains the photographs of my genital warts, and the way I had them camouflaged by being tattooed in contrasting stripes of telephone-black and white-white. That's the most personal information that I can imagine.
Maybe the submitter, summary writer, or original author has a particularly small and limited imagination based on a small and limited range of personal experiences. Or maybe they are desperate for hits.

--
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"