Slashdot Mirror

← Back to Stories (view on slashdot.org)

NHTSA Complaint Database Oozes Personal Data

Posted by timothy on from the now-that-sounds-jes-disgustin' dept.

EWNiedermeyer writes "Are your name, address, date of birth, driver's license number and Social Security number publicly available online? If you've been involved in an accident, they might be and you would never know. The Department of Transportation's National Highway Traffic Safety Administration solicits defect complaints from the public, which are hosted on NHTSA's public database. There are about 792,000 of these complaints currently online, and as the video at the link proves, many of them are improperly redacted. As a result, the most personal information imaginable is available to anyone who takes the time to troll the database. This is a clear violation of the Privacy Act of 1974, and NHTSA needs to shut down the database until it can control the personal data stored there."

20 of 62 comments (clear)

  1. Er, no.... by brunes69 · · Score: 5, Informative

    The guy who discovered and reported the leak is a Canadian. The NHSTA is a US Government agency, it is not a Canadian agency. So not only is the government leaking sensitive information, it took a foreigner to discover and disclose it. Embarrassment all around today.

  2. Re:Typical by Adambomb · · Score: 2, Funny

    http://www.dot.gov/pia/nhtsa_artemis.htm

    what?

    --
    Ice Cream has no bones.
  3. Yes, it's bad. by gillbates · · Score: 5, Informative

    But a large part of the problem is that too many institutions consider the combination of a name and a number to be proof of identity. Take away this, and it's not nearly as problematic.

    Yes, it's bad. But anyone willing to pay a hundred bucks to register a corporation in Illinois can buy practically the same information from the DMV.

    --
    The society for a thought-free internet welcomes you.
  4. No more access by clang_jangle · · Score: 5, Informative

    Seems NHTSA has stopped access to it now, according to Edward Niedermeyer's latest at TTAC.

    --
    Caveat Utilitor
  5. Including your SSN? by brunes69 · · Score: 2, Insightful

    Why would the DMV even have your SSN?

    1. Re:Including your SSN? by skids · · Score: 4, Informative

      To verify your citizenship status. It's required on the license application/renewal form in my state. They were actually using the SSN as the drivers license number a couple decades ago.

      Any vehicle-related bureaucracy seems to get the lowest level of IT/administrative talent. Salaries must really suck or something.

      Though I do have to say despite continuing to lag behind the curve, they are definitely improving over time on some levels.

      --
      Someone had to do it.
    2. Re:Including your SSN? by cosm · · Score: 3, Informative

      I work as a software developer in public safety, and SSN's are an integral part our some of our NCIC queries. Your a body with a number.

      --
      'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
    3. Re:Including your SSN? by drsmithy · · Score: 2, Informative

      Why would the DMV even have your SSN?

      AZ, at least, requires it (or a damn good reason why you don't have one - eg: immigrant w/o a work permit) to get a license.

    4. Re:Including your SSN? by Anonymous Coward · · Score: 3, Insightful

      Our governments are so caught up in power grabbing that it's ridiculous at this point. Citizenship doesn't have anything to do with one's ability to drive safely. Driver's licenses should be about the latter. By turning the DMV into a checkpoint for citizenship you ensure, not that the DMV is going to catch all the aliens, but that all the aliens are going to avoid the DMV. This guarantees a significant level of unlicensed, uninsured drivers on the streets. Talk about a self-fulfilling prophecy: Oh nos, all these illegal aliens are driving around crazy and uninsured! We have to catch them any way we can and get rid of them!

    5. Re:Including your SSN? by AHuxley · · Score: 2, Interesting

      They might be wanting to slowly build up to the idea of a
      http://en.wikipedia.org/wiki/100_point_check with local characteristics.
      Layers of interconnected databases, public and private that light up as you interact with or buy into something eg a mobile phone.
      It started with banking in Australia. In the US it might be the DMV?

      --
      Domestic spying is now "Benign Information Gathering"
    6. Re:Including your SSN? by Michael+Kristopeit · · Score: 2, Insightful

      a couple decades ago they also printed on the stub of the social security card that you should always keep the card with you... then the text changed to you should never keep the card with you. stupid government.

    7. Re:Including your SSN? by azrider · · Score: 3, Informative

      To verify your citizenship status.

      Wrong. The reason for your SSN being collected is Child Support Enforcement.

      --
      And ye shall know the truth, and the truth shall make you free.
      John 8:32(King James Version)
  6. Re:Typical by Ethanol-fueled · · Score: 5, Informative

    They've been aware of the problem for 12 years, but the fixes are still working their way through the bureaucracy. Only 34 more reviews and rubber-stamps to go.

  7. OK, OT, but government is alway inefficient... by NotQuiteReal · · Score: 4, Funny

    Look, even the State of NY couldn't simply take a cut of horse racing bets without losing money.

    --
    This issue is a bit more complicated than you think.
  8. Re:Well, just make sure by cosm · · Score: 2, Funny

    That you never get into an accident. If you do, then you must accept that it's just god punishing you for being evil

    If thats the case for an errant mistake of judgment, what is are the biblical ramifications of immoral activities? By your standards all politicians and murderers should have already spontaneously combusted and turned into piles of dog turds that are succinctly eaten by a pack of rabid grues. If only...

    --
    'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
  9. Re:Why is redaction so hard? by AHuxley · · Score: 3, Funny

    excuse for failing to protect data:
    The backend computer system is dumb, slow, old and badly coded, but connects flawlessly with other backend computer systems state wide and federally.
    All the staff understand the gui.
    It was built and contracted to a faith based firm that gives to both parties and has deep roots in the local community.
    Many public, private and dark databases like the current system and lax data protection laws.
    You entered the data freely, now it belongs to anyone with a database, no questions asked.

    --
    Domestic spying is now "Benign Information Gathering"
  10. Trolling the database? by YourExperiment · · Score: 4, Funny

    As a result, the most personal information imaginable is available to anyone who takes the time to troll the database

    Hey, database! You know what I SELECTed * FROM last night? Yo momma!

  11. According to the usual logic in these cases... by OpenSourced · · Score: 2, Interesting

    Slashdot is the culprit now, for pointing out where the data was to be found.

    --
    Rome taught me patience and assiduous application to detail. Virtues which temper the boldness of great, general views.
  12. Security through obscurity by Oxford_Comma_Lover · · Score: 2, Insightful

    > Slashdot is the culprit now, for pointing out where the data was to be found.

    Philosophically, most of slashdot is against security through obscurity, so occasionally an article will pop up saying to everyone in the neighborhood "Hey, look everyone! These fifty thousand front doors are open, even though you might not have noticed driving by!"

    I'm not sure whether it's because slashdotters want to incentivize fixing the system or whether they just want to point out how badly it's designed and implemented. (The latter is pointing to an absurdity, the former is sometimes a consequence of the latter, but the latter would also meet other instrumental objectives, such as mockery or intellectual interest.) Probably a combination.

    --
    -- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
  13. Some States issue Licenses by Zancarius · · Score: 2, Insightful

    This guarantees a significant level of unlicensed, uninsured drivers on the streets. Talk about a self-fulfilling prophecy: Oh nos, all these illegal aliens are driving around crazy and uninsured! We have to catch them any way we can and get rid of them!

    I live in a state (New Mexico) that issues drivers licenses to illegal immigrants. It has no effect on the number of uninsured drivers; in fact, our premiums are generally much higher here than anywhere else precisely because you're more likely to get into an accident with an uninsured driver. We're also a border state.

    I think the rate of uninsured drivers has far more to do with the fact that we're one of the poorest states in the union than it does with whether we issue driver licenses to immigrants or not. That we're a border state means we're more likely to have uninsured immigrants (hint: not surprising). It doesn't mean there's a correlation, so I think your point is moot. Issuing driver licenses to illegals has absolutely no net change on the number of insured drivers. It only guarantees that they're more likely to be licensed (which doesn't really matter if they rear-end you and they're uninsured, because your insurance has to foot the bill anyway, and as a result everyone's premiums keep going up).

    --
    He who has no .plan has small finger. ~ Confucius on UNIX