NHTSA Complaint Database Oozes Personal Data

← Back to Stories (view on slashdot.org)

NHTSA Complaint Database Oozes Personal Data

Posted by timothy on Friday June 4, 2010 @02:55PM from the now-that-sounds-jes-disgustin' dept.

EWNiedermeyer writes "Are your name, address, date of birth, driver's license number and Social Security number publicly available online? If you've been involved in an accident, they might be and you would never know. The Department of Transportation's National Highway Traffic Safety Administration solicits defect complaints from the public, which are hosted on NHTSA's public database. There are about 792,000 of these complaints currently online, and as the video at the link proves, many of them are improperly redacted. As a result, the most personal information imaginable is available to anyone who takes the time to troll the database. This is a clear violation of the Privacy Act of 1974, and NHTSA needs to shut down the database until it can control the personal data stored there."

37 of 62 comments (clear)

Min score:

Reason:

Sort:

Er, no.... by brunes69 · 2010-06-04 15:01 · Score: 5, Informative

The guy who discovered and reported the leak is a Canadian. The NHSTA is a US Government agency, it is not a Canadian agency. So not only is the government leaking sensitive information, it took a foreigner to discover and disclose it. Embarrassment all around today.
1. Re:Er, no.... by PRMan · 2010-06-05 02:28 · Score: 1
  
  All of us in this country knew about it already, but we don't want to get in trouble for harassing a government employee through e-mail. You can get arrested for that, you know.
  And to make a video of a public official screwing up? That really takes guts...
  
  --
  Peter predicted that you would "deliberately forget" creation 2000 years ago...
2. Re:Er, no.... by cawpin · 2010-06-05 02:40 · Score: 1
  
  I'm not really sure what his point is with the first example, a search warrant. A search warrant is a police record and is public information. Anyone can go to the police department and look at them. Granted, being on the internet makes it easier and I'm not sure why NHTSA has it in THEIR database but that isn't the issue he's talking about. Another example, the coroner's report, is also public record after it is filed I believe. A person's name, who is already dead, is not a protected item with regard to privacy.
3. Re:Er, no.... by quanticle · 2010-06-05 03:27 · Score: 1
  
  His complaint wasn't that the search warrant was posted online. I think you and I can both agree that greater transparency in government documents is a good thing. The complaint is that information that has no relevance to the matter at hand and which could be used to harm the person in question was posted. I mean, sure, its in the public interest to know that a search warrant was executed. Its not in the public interest to know the date of birth and social security number of the person it was posted against.
  
  --
  We all know what to do, but we don't know how to get re-elected once we have done it
4. Re:Er, no.... by cawpin · 2010-06-05 03:37 · Score: 1
  
  I understand what his complaint was. My point is, anyone can go to the PD where it is recorded and look at it, un-redacted.
Re:Typical by Adambomb · 2010-06-04 15:03 · Score: 2, Funny

http://www.dot.gov/pia/nhtsa_artemis.htm
what?

--
Ice Cream has no bones.
Yes, it's bad. by gillbates · 2010-06-04 15:04 · Score: 5, Informative

But a large part of the problem is that too many institutions consider the combination of a name and a number to be proof of identity. Take away this, and it's not nearly as problematic.
Yes, it's bad. But anyone willing to pay a hundred bucks to register a corporation in Illinois can buy practically the same information from the DMV.

--
The society for a thought-free internet welcomes you.
No more access by clang_jangle · 2010-06-04 15:05 · Score: 5, Informative

Seems NHTSA has stopped access to it now, according to Edward Niedermeyer's latest at TTAC.

--
Caveat Utilitor
Including your SSN? by brunes69 · 2010-06-04 15:06 · Score: 2, Insightful

Why would the DMV even have your SSN?
1. Re:Including your SSN? by skids · 2010-06-04 15:16 · Score: 4, Informative
  
  To verify your citizenship status. It's required on the license application/renewal form in my state. They were actually using the SSN as the drivers license number a couple decades ago.
  Any vehicle-related bureaucracy seems to get the lowest level of IT/administrative talent. Salaries must really suck or something.
  Though I do have to say despite continuing to lag behind the curve, they are definitely improving over time on some levels.
  
  --
  Someone had to do it.
2. Re:Including your SSN? by cosm · 2010-06-04 16:32 · Score: 3, Informative
  
  I work as a software developer in public safety, and SSN's are an integral part our some of our NCIC queries. Your a body with a number.
  
  --
  'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
3. Re:Including your SSN? by drsmithy · 2010-06-04 16:40 · Score: 2, Informative
  
  Why would the DMV even have your SSN?
  AZ, at least, requires it (or a damn good reason why you don't have one - eg: immigrant w/o a work permit) to get a license.
4. Re:Including your SSN? by Anonymous Coward · 2010-06-04 16:42 · Score: 3, Insightful
  
  Our governments are so caught up in power grabbing that it's ridiculous at this point. Citizenship doesn't have anything to do with one's ability to drive safely. Driver's licenses should be about the latter. By turning the DMV into a checkpoint for citizenship you ensure, not that the DMV is going to catch all the aliens, but that all the aliens are going to avoid the DMV. This guarantees a significant level of unlicensed, uninsured drivers on the streets. Talk about a self-fulfilling prophecy: Oh nos, all these illegal aliens are driving around crazy and uninsured! We have to catch them any way we can and get rid of them!
5. Re:Including your SSN? by AHuxley · 2010-06-04 17:05 · Score: 2, Interesting
  
  They might be wanting to slowly build up to the idea of a
  http://en.wikipedia.org/wiki/100_point_check with local characteristics.
  Layers of interconnected databases, public and private that light up as you interact with or buy into something eg a mobile phone.
  It started with banking in Australia. In the US it might be the DMV?
  
  --
  Domestic spying is now "Benign Information Gathering"
6. Re:Including your SSN? by Michael+Kristopeit · 2010-06-04 17:49 · Score: 2, Insightful
  
  a couple decades ago they also printed on the stub of the social security card that you should always keep the card with you... then the text changed to you should never keep the card with you. stupid government.
7. Re:Including your SSN? by hymie! · 2010-06-05 01:27 · Score: 1
  
  Back when I lived in New York, I had a Taxi Driver's license. They required SSN for this. That was, oh, 1990-ish?
8. Re:Including your SSN? by cawpin · 2010-06-05 02:41 · Score: 1
  
  No they don't.
9. Re:Including your SSN? by azrider · 2010-06-05 02:59 · Score: 3, Informative
  
  To verify your citizenship status.
  
  Wrong. The reason for your SSN being collected is Child Support Enforcement.
  
  --
  And ye shall know the truth, and the truth shall make you free.
  John 8:32(King James Version)
10. Re:Including your SSN? by quanticle · 2010-06-05 03:35 · Score: 1
  
  Yes, but unfortunately, the drivers license has evolved from a simple "I'm licensed to operate a motor vehicle" document to a generalized proof of identity. The national ID card act proposed by the previous administration would have gone even farther in this direction.
  In fact, the elderly, who often give up their driver's license, can have trouble proving their identity, because they no longer have access to the most readily accepted identity document in the US: a state drivers' license.
  
  --
  We all know what to do, but we don't know how to get re-elected once we have done it
11. Re:Including your SSN? by Kevin+Burtch · 2010-06-06 05:54 · Score: 1
  
  You've just described South Florida, and the reason why our car insurance is among the most costly in the nation (we're back and forth at the top over the years with New York and California).
  Remember the "don't go to work" protest against the politicians who wanted to round up and deport all illegal aliens back in 2006? (if not, google "Un Dia Sin Inmigrantes") The day collectively called in sick? The freeways during rush hour down here were as empty as 4am on a Sunday!
  If it's not obvious, I agree with the person to which I'm replying - Drivers Licenses should be just that, but are instead being used in ways that are detrimental to the original purpose.
  Florida has increased the difficulty in getting a driver's license, but not in a way that matters to its purpose. Check out the blue box at the bottom of this page: http://www.flhsmv.gov/html/dlnew.html
  Why do I say that it's not a change that matters to its purpose? Because the "driving test" they only put those under 18 though consists of driving through a parking lot! Seriously! (if you're over 18, you don't get tested)
  For an eye-opener, google "rudest drivers in America".
  I took the test in FL during a summer vacation before I had my MI driver's license... in Michigan, I had to drive though some very confusing and highly congested rush-hour traffic in the middle of Pontiac for my driver's test. Quite a contrast.
  A (poorly) trained monkey could get a driver's license in FL, but only if he had enough proof of identity!
  
  --
  - Preferences: Solaris 10 (servers), Ubuntu (desktops), Solaris 11 (personal servers) -
12. Re:Including your SSN? by Kevin+Burtch · 2010-06-06 06:11 · Score: 1
  
  Not sure if your state lacks them, but Florida has State ID cards for those who can't get or don't want a driver's license. This is primarily used by those who've lost their licences to excessive DUI/DWI convictions (common here in a state with drive-through beer & liquor stores).
  
  --
  - Preferences: Solaris 10 (servers), Ubuntu (desktops), Solaris 11 (personal servers) -
Re:Typical by Ethanol-fueled · 2010-06-04 15:06 · Score: 5, Informative

They've been aware of the problem for 12 years, but the fixes are still working their way through the bureaucracy. Only 34 more reviews and rubber-stamps to go.
OK, OT, but government is alway inefficient... by NotQuiteReal · 2010-06-04 15:28 · Score: 4, Funny

Look, even the State of NY couldn't simply take a cut of horse racing bets without losing money.

--
This issue is a bit more complicated than you think.
Re:Well, just make sure by cosm · 2010-06-04 16:29 · Score: 2, Funny

That you never get into an accident. If you do, then you must accept that it's just god punishing you for being evil
If thats the case for an errant mistake of judgment, what is are the biblical ramifications of immoral activities? By your standards all politicians and murderers should have already spontaneously combusted and turned into piles of dog turds that are succinctly eaten by a pack of rabid grues. If only...

--
'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
Re:Well, just make sure by DarwinSurvivor · 2010-06-04 17:05 · Score: 1

I think you need to get your sarcasm detector checked out...
Re:Why is redaction so hard? by AHuxley · 2010-06-04 17:15 · Score: 3, Funny

excuse for failing to protect data:
The backend computer system is dumb, slow, old and badly coded, but connects flawlessly with other backend computer systems state wide and federally.
All the staff understand the gui.
It was built and contracted to a faith based firm that gives to both parties and has deep roots in the local community.
Many public, private and dark databases like the current system and lax data protection laws.
You entered the data freely, now it belongs to anyone with a database, no questions asked.

--
Domestic spying is now "Benign Information Gathering"
Trolling the database? by YourExperiment · 2010-06-04 19:39 · Score: 4, Funny

As a result, the most personal information imaginable is available to anyone who takes the time to troll the database
Hey, database! You know what I SELECTed * FROM last night? Yo momma!
According to the usual logic in these cases... by OpenSourced · 2010-06-04 20:20 · Score: 2, Interesting

Slashdot is the culprit now, for pointing out where the data was to be found.

--
Rome taught me patience and assiduous application to detail. Virtues which temper the boldness of great, general views.
Re:So.... by MichaelSmith · 2010-06-04 20:20 · Score: 1

Things should be blackened oot, eh?
Yes, just set the foreground and background to the same colour. These guys are amateurs.

--
http://michaelsmith.id.au
Proof of identity by dingram17 · 2010-06-05 00:32 · Score: 1

I've never been to the US, but something confuses me about the SSN.
How can a number that you are required to give to every man and their dog (driver licence, student enrolment etc.) even be considered secret enough that it proves ID?
Perhaps the (ab)use of the SSN is why the Australian Government specifically prohibit the use of a tax file number as an identifier by anyone other than the Tax Office and only financial organisation have the right to ask for it (and none can compel, but they have to tax high if you don't give the number over). The driver licence number has become a default ID number here, and although most credit application forms ask for it I've still got new credit without including my licence number.
Security through obscurity by Oxford_Comma_Lover · 2010-06-05 03:07 · Score: 2, Insightful

> Slashdot is the culprit now, for pointing out where the data was to be found.
Philosophically, most of slashdot is against security through obscurity, so occasionally an article will pop up saying to everyone in the neighborhood "Hey, look everyone! These fifty thousand front doors are open, even though you might not have noticed driving by!"
I'm not sure whether it's because slashdotters want to incentivize fixing the system or whether they just want to point out how badly it's designed and implemented. (The latter is pointing to an absurdity, the former is sometimes a consequence of the latter, but the latter would also meet other instrumental objectives, such as mockery or intellectual interest.) Probably a combination.

--
-- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
Re:Why is redaction so hard? by quanticle · 2010-06-05 03:45 · Score: 1

The problem isn't so much lack of redaction tools as it is the volume and quality of data coming in. NHTSA probably gets thousands of documents a month, and, if the cited documents are any example, they're usually poorly scanned PDFs or JPEGs. To go through manually and redact all personal data from all those documents would be very expensive and time consuming. So, of course, no sensible manager is going to allocate personnel to the task until it becomes an actual problem. This isn't a government problem, nor is it a private industry problem. Its a problem with management in general.

--
We all know what to do, but we don't know how to get re-elected once we have done it
Some States issue Licenses by Zancarius · 2010-06-05 04:24 · Score: 2, Insightful

This guarantees a significant level of unlicensed, uninsured drivers on the streets. Talk about a self-fulfilling prophecy: Oh nos, all these illegal aliens are driving around crazy and uninsured! We have to catch them any way we can and get rid of them!
I live in a state (New Mexico) that issues drivers licenses to illegal immigrants. It has no effect on the number of uninsured drivers; in fact, our premiums are generally much higher here than anywhere else precisely because you're more likely to get into an accident with an uninsured driver. We're also a border state.
I think the rate of uninsured drivers has far more to do with the fact that we're one of the poorest states in the union than it does with whether we issue driver licenses to immigrants or not. That we're a border state means we're more likely to have uninsured immigrants (hint: not surprising). It doesn't mean there's a correlation, so I think your point is moot. Issuing driver licenses to illegals has absolutely no net change on the number of insured drivers. It only guarantees that they're more likely to be licensed (which doesn't really matter if they rear-end you and they're uninsured, because your insurance has to foot the bill anyway, and as a result everyone's premiums keep going up).

--
He who has no .plan has small finger. ~ Confucius on UNIX
Re:Well, just make sure by Zancarius · 2010-06-05 04:27 · Score: 1

If thats the case for an errant mistake of judgment, what is are the biblical ramifications of immoral activities? By your standards all politicians and murderers should have already spontaneously combusted and turned into piles of dog turds that are succinctly eaten by a pack of rabid grues. If only...
Perhaps the politicians are our punishment for voting for them.

--
He who has no .plan has small finger. ~ Confucius on UNIX
HAH! I'll do you one better by way2trivial · 2010-06-05 13:18 · Score: 1

I employ others.
one 'gentrified' employee had a decades old card that said
"for social security purposes not for identification"
my how times have changed....

--
every day http://en.wikipedia.org/wiki/Special:Random
Why the hell does NHTSA have SSNs at all? by John+Hasler · 2010-06-05 15:22 · Score: 1

n/t

--
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Stupid journalistic hyperbole. by RockDoctor · 2010-06-06 05:33 · Score: 1

As a result, the most personal information imaginable is available to anyone who takes the time to troll the database.
So, this complaint database contains the photographs of my genital warts, and the way I had them camouflaged by being tattooed in contrasting stripes of telephone-black and white-white. That's the most personal information that I can imagine.
Maybe the submitter, summary writer, or original author has a particularly small and limited imagination based on a small and limited range of personal experiences. Or maybe they are desperate for hits.

--
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"