×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

California Court Posts SSNs, Medical Records

kdawson posted more than 5 years ago | from the just-following-the-rules dept.

Privacy 117

Lucas123 writes "California's Riverside County Superior Court's Web site is serving up document images containing SSNs and detailed medical records relating to civil cases, according to a couple of privacy advocates. All of the documents are free to anyone who knows where to look for them. 'Searches done on the court's Web site turned up various documents related to civil cases that contained sensitive information. Included were complete tax filings, medical reports pertaining to cases handled by the court, and images of checks complete with signatures as well as account and bank-routing numbers.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

117 comments

Use the source, Luke (1, Troll)

BadAnalogyGuy (945258) | more than 5 years ago | (#23276118)

Well, the layout and general ugliness of the site gives an indication as to what could possibly be driving the website.

<meta name="GENERATOR" content="Microsoft FrontPage 6.0">

Ah, a clue!

Re:Use the source, Luke (0)

Anonymous Coward | more than 5 years ago | (#23276168)

Keep in mind that an MS product is at fault here... or uh, silly users... either way, with relations to MS ... read this:
http://www.microsoft.com/industry/healthcare/providers/businessvalue/housecalls/clinicalworkflow.mspx [microsoft.com]

Microsoft has already created a number of software products that help make it possible to develop flexible, affordable, and more intuitive clinical records systems. Microsoft .NET Framework for connected healthcare Web services, for instance, enables a wide range of data-keeping systems to exchange information. Microsoft Pocket PC and Tablet PC technology help physicians take information with them and access it when and where they need it. And Microsoft Office products, such as Microsoft Office InfoPath--along with Microsoft SQL Server and other data management products--benefit from a consistent interface that makes them easily accessible to new users, reducing training and improving productivity.

Microsoft sees a future in which a physician in a hospital calls up a patient records and instantly sees a dashboard of relevant information drawn from all the patient records going back many years. It can require a lot of coordination to make this happen, but the tools are becoming available now. Meanwhile, Microsoft is working hard to help its partners improve the clinical systems being designed today, while building a road to a future where healthcare information is seamlessly connected across the entire healthcare ecosystem.

Re:Use the source, Luke (1)

Z34107 (925136) | more than 5 years ago | (#23276692)

Troll?

Either way, this is stuff that Epic Systems of Verona, WI has already done. Their software runs at a lot of hospitals, from the check-in desk to the little dumb terminal in the doctor's office that brings up your charts and records.

They also have a "dashboard" application where you can check your medical records and schedule appointments online. I don't know of any hospital near me that uses that app, but some hospitals advertised the online features they got from Epic on television.

Individuals are the only ones who care (3, Insightful)

rbanzai (596355) | more than 5 years ago | (#23276134)

Only YOU care if your information is made public. There is absolutely no reason for any public or private organization to give a shit, and they make that evident over and over. Until it is more cost effective for them to protect the info than to leak it they will continue to do so. And that's never going to happen.

Enter legislation (3, Insightful)

Nerdposeur (910128) | more than 5 years ago | (#23276204)

Until it is more cost effective for them to protect the info than to leak it they will continue to do so.

Which is why we need legislation that will fine them for releasing that information.

Another idea would be to demote the person who made the decision to post that stuff publicly to Official Identity Theft Aftermath Cleanup Technician.

Re:Enter legislation (1)

Firefalcon (7323) | more than 5 years ago | (#23276254)

Better would be a demotion to "Public Toilet Cleanup Technician"...

Re:Enter legislation (4, Funny)

frosty_tsm (933163) | more than 5 years ago | (#23276764)

Official Identity Theft Aftermath Cleanup Technician.

Better would be a demotion to "Public Toilet Cleanup Technician"...
"Official Public Toilet Aftermath Cleanup Technician"?

Re:Enter legislation (0)

Anonymous Coward | more than 5 years ago | (#23280278)

"Official Public Toilet Aftermath Cleanup Technician"?

Isn't that what most people already think of their IT Department?

Re:Enter legislation (2, Interesting)

Sparks23 (412116) | more than 5 years ago | (#23276558)

Why not just make a law that if someone has leaked your identifying financial information, if you become a victim of identity fraud they can be held responsible? I.e., have to fund the fixing-it-up?

Doesn't matter if you can't prove /their/ leak is where the information got out. If they leaked and your identity is stolen, they're liable. THAT would work as a deterrent, I think.

Re:Enter legislation (1)

maxume (22995) | more than 5 years ago | (#23276640)

No one would offer financial services anymore.

Much better to make the company who issues credit to an impersonator responsible for the credit they issue rather than the person who matches the mystical, enchanted number (I don't know what else could possibly make a number secure) that was used for identity.

Re:Enter legislation (4, Informative)

zymurgyboy (532799) | more than 5 years ago | (#23277686)

A leak would be one thing; these muppets INTENTIONALLY POSTED this stuff. From TFA:

But the court's IT director defended the practices, saying that documents are being posted on the Web site in accordance with California laws and that finding data such as Social Security numbers is akin to "finding a needle in a haystack."
Wow.

You know, just because something can be done, doesn't mean it is necessarily to be done. This guy may want to take a look at Maryland's case search engine [state.md.us] to see an example how someone with some sense would do it. Jeebus.

Re:Enter legislation (0)

Anonymous Coward | more than 5 years ago | (#23276598)

Fine a court? I wish you success.
"Your honor, my client thinks you should fine yourself for publishing his personal data."

And IANAL (in fact I know very little of it, this is an honest question rather than a remark), but isn't there a law that says that all evidence presented in a public case ss public information, or something to that extent?
Maybe, if that's the case, that needs to be changed first, before they can fine anyone for doing what the law tells him to do. Whether it's published on a website or has to be dug out on physical paper in a coutroom archive makes a practical difference only (assuming everyone can request information from those archives).

Re:Enter legislation (1)

Atlantis-Rising (857278) | more than 5 years ago | (#23276736)

Court documents are publically accessible, yes. There are a handful of exceptions (they can be sealed by judicial order, although it is rare) and accessing the dead-tree versions is simply more time-consuming than accessing the online documents, but they're still there.

In many cases, it's also possible to simply call or fax the court office and ask for the information to be sent to you, so you don't even need to poke through the information yourself.

That said, I don't think it's either possible or reasonable to change the fact that all court documents are publically accessible. They're that way for a reason- to ensure transparency in the judicial process and to ensure faith in that process. 'secret evidence' is very much not something the court system likes, although it is grudgingly accepted in national security matters (and even that, to some degree, might be changing with the new proposals to allow national security evidence to be visible to people with the proper level of security clearance).

Re:Enter legislation (1)

suitepotato (863945) | more than 5 years ago | (#23276706)

Which is why we need legislation that will fine them for releasing that information.

With a government which already holds itself at immune to its own courts and its own laws as inapplicable to itself, this would be useful exactly how?

The government is impotent and powerless. WalMart can get away with contempt of court as easy as you get away with jaywalking and everyone increasingly knows it.

Welcome to breaking point.

Re:Enter legislation (0)

Anonymous Coward | more than 5 years ago | (#23276798)

I would blame the lawyers for not redacting the appropriate parts of the documents.

It is not the courts fault that someone filed exhibits containing information that should be private. Whoever filed the exhibit is the one that made it public, not the court. It was already public at that time.

Re:Enter legislation (1)

zymurgyboy (532799) | more than 5 years ago | (#23277338)

Why stop there? French privacy laws provide for jail time under certain circumstances.

Identity theft is really pretty easy, in large part because everyone from the government to the local grocer can get away with playing fast and loose with whatever data of yours they have on hand. Fines won't stop that, especially if the payoff is larger than the fine anyway.

We'd be better off if we stopped locking up rinky-dink hop heads and replaced them with the aiders and abettors of identity thieves.

1 person's info released, releaser's info posted.. (0)

Anonymous Coward | more than 5 years ago | (#23277978)

1000 persons info released,
ALL management SSN/etc. info posted, person-by-person.

The mgt & the screwed-customers can TOGETHER set about re-constructing their lives.

Mgt won't do it *again*, see...

( experience is the only force that makes meaningful understanding )

Re:Enter legislation (2, Insightful)

jlarocco (851450) | more than 5 years ago | (#23278694)

Which is why we need legislation that will fine them for releasing that information.

WTF? We're in bad shape when a "There should be a law..." post gets rated Insightful

Making a new law isn't going to help anything. It's against the law to kill people and smoke pot, but it happens all the time. Sure, the companies will pay some tiny fine as punishment, but that doesn't really solve the problem of "Your private info was just given to scumbags".

The only way to make companies stop losing information is to boycott them on a gigantic scale when they do. When they "misplace" your info and their revenue drops 75%, they'll pay attention and make sure it doesn't happen again.

I realize getting enough people to boycot is 100x harder than passing a worthless law, but it's the only way that would work. At some point people have to take responsibility for themselves and say "I'm not doing business with a company that will lose my data." If people can't be bothered to avoid unsafe businesses, the businesses aren't going to bother being safe.

So good luck with your law, but my money is on it not making a difference.

Re:Enter legislation (0)

Anonymous Coward | more than 5 years ago | (#23279688)

Which is why we need legislation that will fine them for releasing that information.

Though this has potential in other cases, who pays the fine in this case? The Riverside County Superior Court is presumably funded by the taxpayers.

Re:Individuals are the only ones who care (2, Interesting)

NeutronCowboy (896098) | more than 5 years ago | (#23276240)

I think it goes beyond that. In the case of court filings, documents used in the case become public evidence, and as such, are required to be available publicly. At least, that's my understanding.... not sure how that applies to information that would normally be covered under HIPAA or similar privacy laws.

This is just the tip of the iceberg of the information flood. As much as people hate the idea here, I think that there is a need for a federal ID piece that can be used to positively identify someone, without exclusively relying on information that's publicly available. Yes, there will still be attack vectors available, but there'd be far less. Maybe everybody gets their own private PGP key at birth?

Re:Individuals are the only ones who care (2, Interesting)

nexuspal (720736) | more than 5 years ago | (#23276270)

Yeah lets tie it in with DNA so nobody can forge it! Hell, lets just implant a tiny RFID at birth while we're at it... It's already bad enough people need to fingerprint to use a vehicle, or if you are arrested for any reason, a DNA sample is taken. Lets just start it at birth!

Re:Individuals are the only ones who care (1)

NeutronCowboy (896098) | more than 5 years ago | (#23276316)

Those are bad ideas, because they can't be changed. That's why I didn't use them. Do you have an idea on how to solve the problem of positive ID? How to prove you are you, when lots of people are trying to impersonate you? Or do you just like to cling onto an outdated idea of privacy that didn't even work well in the Wild West?

Re:Individuals are the only ones who care (1)

nexuspal (720736) | more than 5 years ago | (#23276396)

I believe any positive ID will be used in the future to control the population. I don't like to be controlled, categorized, and treated as a number, or a marketing demographic/classification by a government that is armed to the teeth, and has shown time and time again that they believe they are above the law. Remember the term "Papers Please" shown in so many WWII movies... ah yes, papers to control people, imagine if they had DNA or what have you... Do you think a single Jew would have made it out? A part of me likes the "Wild West" system, as you put it. Seems to have worked great for.... well you get the point.

Re:Individuals are the only ones who care (1)

NeutronCowboy (896098) | more than 5 years ago | (#23276578)

Two things: positive ID is already required in a number of instances. The current system is just so wide open for abuse that it's unconscionable. Furthermore, the Wild West system was completely ripe for abuse - primarily because there was no real way of knowing whether what anyone said about themselves was true.

Lastly, I'd also challenge your belief that any positive ID will be used to control (in the Orwellian sense) the population. Jews snuck out because people didn't know their race when the presented false papers. This is easily remedied by not including race in the ID information.

You used to be able to get a passport without ID (1)

davidwr (791652) | more than 5 years ago | (#23276564)

I don't know how it is now but before 9/11 an adult could get a passport if they had two people testify that they knew the person well for 10 years.

The intent was so Ma The Farmer's Wife who never had a birth certificate or driver's license could get a passport even if she'd lost her family Bible and birth records in a fire and the doctor or midwife who birthed her was also dead. She could round up a few people who knew her for a long time and get a passport.

These days, with very few Americans under 50 lacking birth certificates and almost every adult and child with a Social Security card, the need for this "undocumented non-alien" provision is greatly reduced.

Re:Individuals are the only ones who care (1)

eln (21727) | more than 5 years ago | (#23276334)

Maybe everybody gets their own private PGP key at birth?
Sure, and then someone gets access to your private key and then you're boned for life.

Same problem with exclusive use of biometrics: If someone manages to forge your biometric signature, you're completely hosed because you can't change it.

Re:Individuals are the only ones who care (1)

NeutronCowboy (896098) | more than 5 years ago | (#23276638)

Just like changing your name, you can have a process that lets you update your PGP key. With biometric information, that's not controllable.

The point is that if someone gets a hold of your personally identifying information now, you're boned as well. Why not make the process by which that information is obtained as hard as possible?

There are plenty of services that don't need personally identifying information, but there are some that do. Encrypt information to be sent with your private PGP key, and the other entity looks up your public PGP key. If the information in clear text matches key items in the encrypted portion, you are who you say you are, and the rest of the encrypted message can be used as necessary.

I'm really curious about this fear of personal id - it already exists, except in a really bad implementation. Why not improve it?

Re:Individuals are the only ones who care (1)

imamac (1083405) | more than 5 years ago | (#23278310)

That's why you combine it with a unique PIN that only you know. Just like CAC ID cards in the military.

That's why some courts redact such information (2, Informative)

davidwr (791652) | more than 5 years ago | (#23276446)

In some courts, "public" information is routinely redacted. You have to get a court order or be someone special to see the originals.

This also applies to evidence in criminal cases too. If I defraud 10 people's bank accounts at ACME Bank, those account numbers may be redacted depending on the court and whether the accounts are still active. If I'm on trial for k1dd13 p0rn or stealing nuclear secrets you can bet the main evidence will be sealed from public view.

Re:Individuals are the only ones who care (1)

zymurgyboy (532799) | more than 5 years ago | (#23277506)

Just because something is public record doesn't mean it necessarily must written in block caps plastered on the nearest billboard. Some information -- even public information -- should have a gatekeeper. If it were my tax return, I think I'd want someone seeking it to have to ask the court clerk for it, and possibly, explain why.

Re:Individuals are the only ones who care (1)

SatanicPuppy (611928) | more than 5 years ago | (#23279206)

The real issue is, most public records that deal with the government are extremely difficult to obtain, requiring repeated FOIA requests, and occasional legal action. Try to get government salary figures (which are also public information) for the morons who are posting this information, and I bet you'll have to jump through hoop after hoop.

Yet when its just some private citizen's information plastered all over the place it is no big deal because it's "public information".

Re:Individuals are the only ones who care (2, Interesting)

TheHorse13 (908512) | more than 5 years ago | (#23277492)

A little regulation called HIPAA is supposed to handle this sort of issue. I wonder who will be doing the jail time if it's found that due diligence wasn't followed?

Pass new legislation! (0)

Anonymous Coward | more than 5 years ago | (#23277992)

Judges and court clerks should be required to take a privacy course and be responsible entering private information (such as SSNs, signature, bank routing numbers, etc...) into public record. I second that we need well defined legislation that covers public and private entities from this wrong doing. I agree that some information should be made public (only in court cases), but in many cases a judges judgement or order can describe that information in a more vague way. With the recent trend in identity theft and online court records this will be important. Also, for those who believe all court records should be made public, please consider if you were prosecuting someone for defamation or libel (your ex spouse blogged false and defamatory statement about you online). If you tried prosecuting something like that, you would draw publicity and open up the very private matter you were trying to fix.

Re:Individuals are the only ones who care (0)

Anonymous Coward | more than 5 years ago | (#23278512)

I just went to the website, logged in as Guest and searched for their IT director name, Gary Whitehead. I found one and it included a home address, bussiness address, ssn, age, copy of voided check, bank account number, bank routing number, etc. This took me less then 3 minutes to do.

Oops! Our bad! (1)

TheRedSeven (1234758) | more than 5 years ago | (#23276156)

Bravo to California, Bastion of Democracy... It does raise a question though: How do FOIA requests match up with HIPAA regulations? FOIA generally allows you information on government happenings; HIPAA gives strict guidelines about privacy of Personal Health Information. Which takes precedence?

Re:Oops! Our bad! (1)

eln (21727) | more than 5 years ago | (#23276248)

Don't FOIA regulations already allow for redacting of documents to eliminate classified information prior to release?

I haven't read FOIA in its entirety or anything, but it seems to me it would allow for redacting to comply with HIPAA as well.

Re:Oops! Our bad! (1)

countSudoku() (1047544) | more than 5 years ago | (#23276406)

I'll bet HIPAA. Of course, this leak is hardly surprising, given the probability that no one of right mind would want to work for their local government much less for the very low pay and crappy job atmosphere. Their ability to attract the best and brightest is overshadowed by the inability to pay anything close to market wages. If there's any good IT people working in local government then they're probably looking for a better job, or making real money contracting special services back to the gov. It's like trying to find someone knowledgeable at Worst Buy; the blueshirts with any skills are on their way to something less shitty, so all that's left are the bottom of the barrel. In this case, the worst that can happen is much more serious than a defective laptop. My apologies if I offended anyone in local gov who reads /., not so for blueshirts and geek squaters, you are teh suck. Happy Friday!

Re:Oops! Our bad! (0)

Anonymous Coward | more than 5 years ago | (#23276580)

How do FOIA requests match up with HIPAA regulations?

There's actually a case starting here, some guy was hogtied by the cops and died in jail, the newspaper wants his medical record to see what really killed him, claiming that HIPAA doesn't apply because dead people have no privacy rights.

Hospitals rushed to block it, turns out that they don't want to have to turn over dead people's medical records to each and every lawyer that thinks they can make millions suing the hospitals.

Re:Oops! Our bad! (1)

flink (18449) | more than 5 years ago | (#23277602)

Courts are not HIPAA covered entities. Only health care providers, health care clearinghouses, and health plans are covered. Before you ask, a court doesn't count as a clearinghouse. In over simplified terms, a clearinghouse is a covered entity that processes information on the behalf of another covered entity.

Re:Oops! Our bad! (1)

QuantumRiff (120817) | more than 5 years ago | (#23279194)

I'm not certain, but I do believe if you disclose your personal information to the courts because of the Americans with Disabilities Act; IE, you need to have recesses every 2 hours because of a medication you need for X, that becomes HIPAA covered, doesn't it?

Re:Oops... FOIA vs HIPAA (1)

Prisoner's Dilemma (1268306) | more than 5 years ago | (#23277784)

FOIA has some exclusions, but it doesn't matter because HIPAA is a joke.

For example:
I used to be a full time preventer of natural select (firefighter/paramedic) working for a city government. Under the FOIA they were supposed to release out information excluding a few tidbits like SSN, medical screening, etc. However, it was only applied when it benefited the city. If a reported wanted to inspect an employee's file, if the reporter was a city friendly one, they wouldn't remove or blank out any personal information. However, if the reporter was touching on a sensitive area or had a past of irritating the city, they would use the exclusions to delay and only release partial information. Whenever it served a purpose, HIPAA was used as a loophole around the FOIA

As for HIPAA, naturally, when someone would call for an ambulance, we would obtain personal medical information and their SSN (SSN was required to be collected by the state for statistics, whole different issue). This information was documented on a medical report which was stored, passed to the receiving hospital, and reported to the state. Name, address, age, medical issue, and what treatment you received was also documented in a journal.

Originally, when HIPAA went into effect, the attorneys determined that we didn't need to comply because according the the definitions in HIPAA, we were not health care workers. Later on they determined that even though we didn't NEED to comply, that they could cut down on requests for reports if we blocked out some of the more interesting section before releasing them. The legitimacy and ethicalness of releasing some of this info was brought up numerous times only to have FOIA used as the justification. Since HIPAA allows sensitive information to be released if it is needed to conduct your service, FOIA becomes a huge loophole.

So, when it's all said and done, if someone (maybe not even you) called an ambulance for you, it could then be public information if you had a drug problem, AIDS complications, attempted suicide, needed extricated from a goat, as well as your name, age, and address. This was documented in the journal which was public and never censored. BTW , If you weren't cooperative by answering everything we needed you HAD to go into the hospital (an additional issue).

On a separate note, the papers used to publish every call including the persons name, address, and problem.

DCMA take-down notice (0)

Anonymous Coward | more than 5 years ago | (#23276160)

So, who's going to be the first to file a DCMA take-down notice on the court?

Meanwhile.... (3, Interesting)

Otter (3800) | more than 5 years ago | (#23276210)

Meanwhile, in Italy, the outgoing government posts everyone's income and tax data [bbc.co.uk]. Deputy Economic Minister Vincenzo Visco bizarrely explains:

This already exists all around the world, you just have to watch any American soap to see that.

Re:Meanwhile.... (0)

Anonymous Coward | more than 5 years ago | (#23276698)

Dude, your government is not only modeling itself after American soap operas but even bragging about it... FSM help you, 'cause you're gonna need it.

Re:Meanwhile.... (0)

Anonymous Coward | more than 5 years ago | (#23277210)

Publishing income and tax data is common practice in most European countries. I lived in Finland for 2 years and all you needed to do find out what any one makes is hit the Internet. In Finland you can even track down the license plate of a car through SMS. I dont necessarily think this is bad, it gives an unprecedented amount of transparency to government for one. Also in Finland, when applying for a Credit Card, you must personally go to the issuing bank and pick it up after you can verify your identity.

SCrubing SSN's is not the answer (3, Insightful)

geekoid (135745) | more than 5 years ago | (#23276276)

the answer is to stop using them for credit scores and ID.

If you have nothing to hide.... (1)

Brain-Fu (1274756) | more than 5 years ago | (#23276868)

They say that if I am a good citizen who is following the rules, then I should have nothing to hide, and shouldn't mind a high level of governmental monitoring of my private life.

Well I DO have something to hide *from criminals.*

The data that the government monitors gets stored and handled by an incompetent IT staff overseen by decision-makers who are even less competent. The level of data tracking that the government insists it is justified in doing directly harms the people being tracked, not because of abuse from the government itself (though that is debatable, of course), but because of abuse from the criminals who manage to gain access to that data.

Re:SCrubing SSN's is not the answer (1)

Fozzyuw (950608) | more than 5 years ago | (#23276902)

the answer is to stop using them for credit scores and ID.

What would replace them?

Re:SCrubing SSN's is not the answer (0)

Anonymous Coward | more than 5 years ago | (#23277138)

a real id of course!

DNA (0)

Anonymous Coward | more than 5 years ago | (#23277200)

Seriously.

Perhaps if we placed MORE value on integrity - people would behave better.

Not likely but a Calvinist can hope!

Re:SCrubing SSN's is not the answer (1)

geekoid (135745) | more than 5 years ago | (#23279036)

Each credit company could issue their own numbers.
The removes them from the one place they are most abused.

Make it a problem for the corporations to deal with.
When one of the CSIDs(CreditScoringID) is stolen, it only causes issues with the Credit scoring. You don't need to worry about your whole life being tied to that one number.
Since you can't get a new SSN (usually) once someone has it and can tie it to you, your whole life is comprised.

You Drivers license should be your ID.

Re:SCrubing SSN's is not the answer (2, Insightful)

Bryansix (761547) | more than 5 years ago | (#23276964)

This is exactly the correct point. A SSN does tie to a single person but it shouldn't be used to authenticate that the person serving it up really is the person tied to the SSN. Real authentication needs to take place. Shoot, I'd rather have to give my fingerprint if it meant I wouldn't have my identity stolen.

Furthermore when an ID is stolen, the company that let the theif sign up for credit in someone elses name should be fined and scrutinized for further possible fraud. We need to make the companies who offer credit accountable that they are authenticating people correctly before adding crap onto their credit records.

Re:SCrubing SSN's is not the answer (1)

CowboyCapo (1127223) | more than 5 years ago | (#23278092)

As an aside, with gelatin, latex, and a few common household chemicals, it is possible to make a 'glove' that will at least simulate someone else's prints. Sorry, one more biometric to toss into the toilet of history.

Re:SCrubing SSN's is not the answer (1)

Bryansix (761547) | more than 5 years ago | (#23278166)

I'm sorry but when a 4 foot tall woman shows up to give my print I think they'll figure it out. I'm 6 feet tall and a guy. The point is to make it harder to be a criminal. Right now you don't even have to leave your house.

Re:SCrubing SSN's is not the answer (2, Interesting)

gd2shoe (747932) | more than 5 years ago | (#23279184)

A SSN does tie to a single person...

This is a common misconception. There are honest duplicates within the system. I'm not talking about the "undocumented worker" down the street. Duplicate SSN's are issued. You need some other information such as a name to make it a unique identifier.

There are almost 304,000,000 people in the US. If they were unique, that would mean that a third of the total possible SSNs must be used just for the current living population. Count everyone who has died since 1936 (with an SSN), and everyone to be born in the next hundred years, and almost all possible numbers will be taken. I don't think SSNs were designed to be absolutely unique. They claimed they would never be used as identifiers.

Cost/Benefit. They don't cost, and do benefit. (2, Insightful)

Behrooz (302401) | more than 5 years ago | (#23277072)

Unfortunately, all of the costs of identity fraud are borne by the consumer, while all of the benefits of quick/insecure identification are reaped by the lending industry.

Strong and secure methods of identification and verification need to make their way into the financial world, but changing the existing infrastructure is expensive, so it isn't going to happen. At least, not until some enterprising individual has their identity stolen and successfully manages to sue the lending industry for fraud...

For those of you who know of anyone who's a victim (1, Informative)

Anonymous Coward | more than 5 years ago | (#23276304)

1. Call each credit bureau and put a freeze on your credit. The credit bureaus will say they'll contact the others but they never do. You can do it anyway even if you're not a victim of identity theft but they'll charge anywhere from $10-$20 per credit bureau.

2. You are entitled to at least ONE free credit report per year and depending on your state maybe more. Federal trade Commision's site [ftc.gov] is the ONLY truly free credit report. Those other sites are trying to sell you other stuff and they're not on the up and up.

3. Check ALL of your bank and credit card statements every month.

4. Any fishyness, file a police report (they won't do anything about it because they have "more important things to do"). That way you'll have a legal document stating that this has happened.

5. Contact a lawyer to see what you can do to penalize such incompetence.

Re:For those of you who know of anyone who's a vic (1)

eln (21727) | more than 5 years ago | (#23276450)

If you're really paranoid about identity theft, then go for one of the credit monitoring services run by a credit bureau. The one I've found most useful is truecredit.com, which is run by TransUnion (which, by the way, is by far the easiest credit bureau to deal with in my opinion). It costs a little more than most others ($14.95 per month) but it allows you to update your credit report from all three bureaus as often as you want (daily if you really want to) and offers online dispute filing for all three as well. It works well too, I filed a dispute to Experian through my truecredit.com account and it was resolved within a week.

By the way, I don't work for them or have any connection with any of the credit bureaus other than having to depend on them if I want to get a loan for anything, but I've tried a few credit monitoring services, and that one is by far the best. The only drawback is they often (like every time you log in) try to give you an ad for some "affiliate service" but Adblock Plus has blocked every single one so far, so it just means an extra click on a "continue" button.

Re:For those of you who know of anyone who's a vic (0)

Anonymous Coward | more than 5 years ago | (#23276686)

Freezing your credit is better than a monitoring service because with freezing nobody, even you, can open a new line of credit (you have to "thaw it" for a fee of course, in order to open any new line of credit.) Monitoring services can still allow someone to open a line of credit - you just know about it before pulling your credit report.

Re:For those of you who know of anyone who's a vic (1)

Knowzy (950793) | more than 5 years ago | (#23279332)

Absolutely- if you're looking to prevent identity theft, rather than learn about it after the fact, a security freeze (sometimes called a credit freeze) is the way to go.

Credit monitoring is expensive and does nothing to stop ID theft. Sure, if somebody does use your identity fraudulently, you'll get an e-mail about it but the damage is already done.

You're paying $180/year just to learn you've been screwed sometime after it happens!

On the other hand, security freezes locks your credit reports with a PIN. No one can take out a line of credit without that PIN.

And it's only $30/year, plus $10 when you want to temporarily unfreeze it.

Unless you take out more than one loan a month, you're saving money over credit monitoring. Plus, you're getting ID theft security that is proactive, rather than reactive.

Credit monitoring is good if you want to buy your credit reports in bulk or if you want to check your credit score every day. But as an identity theft solution? Sorry, I'm not sold!

Easily predicted (2, Insightful)

NaCh0 (6124) | more than 5 years ago | (#23276310)

The more you tell your life to government (and anyone really), the more it will find it's way into general knowledge. This is one of the reasons I'm against any "universal" government program. Heck, it doesn't even have to be medical records. Think back to the recent passport flap with high profile politicians. The government is not looking out for you.

Hey public record (1)

DarkOx (621550) | more than 5 years ago | (#23276336)

Most court proceedings are a matter of public record unless a judge orders them sealed. I should be this way too because we have a legitimate interest in what is going on in our courts. That information is probably relevant to the decisions on the quality of the proceedings much of the time. Frankly as much as its unfortunate for the people and organizations that find themselves in the court rooms, its probably the right thing to do to publish those items.

Re:Hey public record (0)

Anonymous Coward | more than 5 years ago | (#23276628)

There is absolutely no reason that a court NEEDS to post SSN's and tax returns on it's web site. Although I agree whole-heartedly with making court records public there is an overriding reason not to post such sensitive information where it is accessible to the public - it abets criminal activty and does precious little to help in understanding any prescedent the case may have set. An earlier poster was correct in saying that the only way to make the government and corporate America pay attention (other than occasional lip service) is to make it more expensive to give up the information than it is to protect it. The worst offenders in this area are the credit card companies because they won't tell you from whom your information was stolen only that is was. This needs to change too.

Re:Hey public record (1)

whoever57 (658626) | more than 5 years ago | (#23277274)

Most court proceedings are a matter of public record unless a judge orders them sealed.
Or option 3: redacted versions of the documents can be published. The redacted versions will have private information removed.

Court documents are sealed all the time. There is no reason why medical information and SSNs should not be sealed or redacted.

the first thing some 'identity theives' do... (0)

Anonymous Coward | more than 5 years ago | (#23276402)

once they filch a #, is run it through credit check sites. that's how you know you've been filched, when you see the charges on your bill.

Government Logic - SB1386 (2, Interesting)

a-zarkon! (1030790) | more than 5 years ago | (#23276464)

I love the fact that this is a California court. California being the leader in privacy protection and breach notifications and everything with their landmark SB-1386 legislation.

HIPAA (1)

ohzero (525786) | more than 5 years ago | (#23276532)

This is another perfect example of the federal government not enforcing HIPAA whatsoever. Its a great standard. Like PCI, easy to read, very prescriptive, and leaves little room for interpretation. Unfortunately, because of the way it was put into effect, it will likely never be enforced.

The only fallback that people have legally is that California privacy bill that's mentioned in section 12 of PCI.

Court Information is public record (3, Informative)

PhreakOfTime (588141) | more than 5 years ago | (#23276538)

While it is unfortunate that such things as SSN's are being made public, the hard reality is that anything contained in a court record is public information.

Open access to government is a two way street, and is meant to prevent corruption and give the public a clear view what their government is doing.

On a side note, my county also publishes court records on the internet that are public information. However, it is limited to the court schedule, case#, charge, and attorney schedule.

The fact that this schedule is public information is still not a concept some people are aware of. Ive heard stories from court employees of upset people coming in and demanding that their DUI case be taken down from being publicly viewable. Unfortunately for these people, the law says otherwise.

I even have personal experience in some of the reactions people have to this publicly available information after I posted a link to the county courthouse on one of my websites. A Company called Caton Commercial [willcounty...tcourt.com] even went to far as to have their attorney draft a cease and desist letter threatening me with legal action, and demanding that I remove this linked information, and turn over my legal domains to them to stop this 'knowingly libelous' action. Although, Im not sure that they thought through how they were going to present to a judge their case that the courts own website schedule was the source of this so-called libelous information. Like every other company before that has failed to grasp the concept of the internet, all the attention this brought to the linked information was a lovely demonstration of the 'Streisand Effect'. Once again, adding more weight to the phrase 'more dollars than sense'.

Re:Court Information is public record (1)

SCHecklerX (229973) | more than 5 years ago | (#23277592)

The case itself is one thing. Private information about a person, that has nothing to do with the case itself, is quite another.

Re:Court Information is public record (1)

PhreakOfTime (588141) | more than 5 years ago | (#23277704)

I agree with you.

I also agree with the google filter that knows that its not 'google-bombing' when the hyperlinked word is actually contained in the website that is being linked to.

Re:Court Information is public record (1)

defaria (741527) | more than 5 years ago | (#23279434)

If you're in court then what is said there is a matter of public record - unless purposely suppressed.

Re:Court Information is public record (0)

Anonymous Coward | more than 5 years ago | (#23277808)

Very true indeed. I worked for a PI as a background investigator, mostly doing online database and phone based inquiries. Honestly, there are databases all over the place, including court records like these, with your very personal information in them. The fact that I can access it from my desk, instead of going to the courthouse or paying someone else to go to the courthouse and copy it, is merely a matter of convenience.

What's different about this is the fact that they're actually publishing the SSNs. Those have been generally well guarded, and rightly so. Even databases you have to pay for and provide documentation that you are a lisenced PI to gain access to, don't provide you with full SSNs anymore. Although, you can FOIA a person's records from just about any public agency, police, cities, counties, etc. and generally that includes SSN (among other things).

On the flip side, don't think because your information isn't published on the web that no one has access to it. Anyone who really wants your information and knows what they're doing will get it eventually. The weakest link in the chain is still the one answering the phone - a little social engineering and your social is public knowledge.

Violation of federal law: (4, Informative)

Rageon (522706) | more than 5 years ago | (#23276546)

I can't imagine this will last long, as it's a clear violation of federal law. I work for a court, and we ALWAYS need to redact SSN from every order (unless it's just being disclosed to that specific person). It's against state law here, but also federal. From 42 U.S.C. 405(c)(2)(C)(viii):


Social security account numbers and related records that are obtained or maintained by authorized persons pursuant to any provision of law enacted on or after October 1, 1990, shall be confidential, and no authorized person shall disclose any such social security account number or related record.

So I really can't imagine the court can defend this in any way at all.

Re:Violation of federal law: (1)

cprael (215426) | more than 5 years ago | (#23277438)

Right. Have you looked at federal lien filings? Tax and court both are _required_ to include the SSN/taxpayer ID # when filing this stuff. I can walk into any county records center and pull this stuff up. Since it's digitized, I can also usually search by type of filing.

And you'll note that "pursuant to any provision of law enacted on or after October 1, 1990" portion. Generally these filings are based on law going a lot further back than that.

Sorry to burst your bubble on this.

Amateurs ... (2, Funny)

golodh (893453) | more than 5 years ago | (#23276700)

I'm ashamed of California's state government ... this "disclosure", while well-intentioned, is second-rate and amateurish beyond belief.

Just to see how it's done, have a look at the way the Italian Government handled things (http://news.bbc.co.uk/1/hi/world/europe/7376608.stm).

See? Now *that's* what I call disclosure. Those piddly efforts in California don't even come close.

the system needs to change (1)

blhack (921171) | more than 5 years ago | (#23276776)

Lets face it, the concept of a SSN being a positive identification needs to just stop. Do I have a solution? No, but the fact that somebody can walk into a bank and open an account in my name simply by possessing My publicly available address, and a 9 digit number needs to be looked at as an absolute failure. The tin foil hat wearing crowd will object until the very end, but IMHO biometrics need to become the standard. A retina scan, is something that is not easily forged (i'm not saying its not possible, but i don't know of any existing tech. that does it). Smart card technology is only going to get better and, as encryption gets stronger, people need to start trusting it more. I would absolutely not be opposed to an ID with my photo, and a retina scan embedded onto a smart card as a form of positive id. Should I have to submit to a retina scan in order to buy a drink? Absolutely not, but the credit system is about to die. It simply isn't something that can be trusted anymore. It is far far far FAR too easy to snatch somebody's identity.

Re:the system needs to change (1)

hairyfeet (841228) | more than 5 years ago | (#23279178)

Actually I was thinking something along the lines of a chip embedded in my credit card that can only be read by inserting it in a reader, along with a cheap USB CC reader that will send the signal as a 256 bit AES encryption to any website I want to deal with. Seriously, we can build USB readers that can read 20+ card formats for a little of nothing,why not have an affordable USB card reader that lets me use a two factor authentication easily? That way unlike a tax those that don't want it or need it wouldn't have to buy it,and those of us that do would have an easy way to deal with companies.


Of course we'll have to have really stiff penalties for those asshat companies that put all your personal information on an unencrypted backup take that they then hand to Billy the intern who promptly loses it or gets it stolen out of his Honda,but we need that anyway. Of course there may be flaws that I haven't seen,but I always thought the ATM model worked a lot better than tying everything to a SSN.But that is my thoughts on the subject,YMMV. Oh,and since it involves security I would want it based on REAL standards that could easily be implemented in Apple,Linux,and Windows. I wouldn't trust some Windows only Diebold style proprietary voodoo.

One word - (1)

sm62704 (957197) | more than 5 years ago | (#23276834)

HIPPA [wikipedia.org]

Somebody's in some DEEP SHIT over that. Iinm a judge can't order that a federal law be broken unless that law has been deemed unconstitutional.

Nothing To Do With HIPAA (1)

Kozar_The_Malignant (738483) | more than 5 years ago | (#23276944)

HIPAA is the Health Insurance Portability and Accountability Act of 1996. It regulates Health Insurance. It contains a Privacy Standard that regulates how Protected Health Information (PHI) may be used. A little piece of it says that your SSI# can't be used as your ID number in health insurance. There are still lots of legitimate uses for that number both in and out of health insurance.

Nothing in HIPAA has anything to do with the court system. I want court records to be public documents. I want unredacted court records to be public documents. We don't need secret courts and we don't need secret police, whatever George Bush might think.

Re:Nothing To Do With HIPAA (0)

Anonymous Coward | more than 5 years ago | (#23277142)

and a social security number has what to to with the verdict? Those nine little numbers mean nothing to the case but everything to your finanical intergity. They should always be redacted.

Re:Nothing To Do With HIPAA (1)

deepunderground (752113) | more than 5 years ago | (#23277450)

IIRC, in the first few pages of HIPAA it explains that the law is all about and only about the transfer of medical information over computer networks. It's not just applicable to insurance, it also applies to information transfers between hospitals and *any* electronic transfer of patient records. I learned all this while working for a private ambulance company, where this is a big deal due to the complex billing associated with transports.

Now, if downloading patient records from a court website isn't electronic transfer of patient records, than nothing is. This is a textbook example of a HIPAA violation, and someone should file a federal lawsuit. It's up to the court to figure out how not to break the federal code.

Why do we tolerate the civil court system? (2, Insightful)

dloyer (547728) | more than 5 years ago | (#23277056)

It only exists to make money for lawyers.

If you have ever been unlucky enough to be involved with a lawsuit, you know how greedy and "entitled" these "officers of the court" are.

Re:Why do we tolerate the civil court system? (2, Insightful)

Vegeta99 (219501) | more than 5 years ago | (#23278324)

So what was I supposed to do about the bitch that hit my car last year, never told her insurance company, and the cops wouldn't do shit about it? Sit on my thumb and rotate? Go blow up her car?

Public Records (1)

sanjacguy (908392) | more than 5 years ago | (#23277410)

We operate with a model of a free public record for legal documents. In Texas, there was a brief move to scrub SSNs from legal documents prior to "publishing" them. Most law offices promptly informed the legislature that their law couldn't work, because you can change your name, you can pretty much change everything but your SSN.

Add to that the problem of Public Records - if you charge to access them (presumably to limit access), they're no longer public. Public Records also have all the other problems you find in "human based documents" - misspellings, typos, gramatical mistakes, etc. Public Records are one of those things that remind me of Winston Churchill's comment about Democracy - "Democracy is the worst form of government except for all those other forms that have been tried from time to time."

Needle in a haystack (1)

exp(pi*sqrt(163)) (613870) | more than 5 years ago | (#23277662)

> finding data such as Social Security numbers is akin to "finding a needle in a haystack."

Haven't these people heard of computers? You know, those things you use to rapidly search for digital needles in digital haystacks?

Re:Needle in a haystack (1)

geekoid (135745) | more than 5 years ago | (#23279060)

What I thought was:
Too bad these kind of hay stacks can be searched in seconds.

Remember kids, wikileaks=wrong, us courts = OK (3, Insightful)

plasmacutter (901737) | more than 5 years ago | (#23277744)

Remember kids, if you are a public interest blog, you are gagged for simply having the POTENTIAL to release this information.

It's perfectly ok though for the federal government to actually do it.

HIPPA laws (0)

Anonymous Coward | more than 5 years ago | (#23278080)

There are such things as HIPPA laws that are meant to protect medical information. I have dealt with this a bit in my last job writing code for insurance companies. There is a whole pile of regulations that need to be followed.

Overblown much? (1)

Kelz (611260) | more than 5 years ago | (#23278336)

The court put up their public files online. Some clerks forgot to blank out or scanned in the wrong papers just a few times out of the hundreds of thousands of records, and a few social security numbers got accidently released. Why isn't this expected just as a part of human error, when companies are leaking thousands at a time due to the acts of rogue database operators looking to make a buck?

I'll bet I can find more social security numbers and bank account numbers from my apartment dumpster than is on that website.

Re:Overblown much? (1)

josepha48 (13953) | more than 5 years ago | (#23278392)

In a day and age where we have so much identity theft, they basically gave the thieves the identities to steal. Then the government is going to say, hey it is your problem not ours and people will spend huge amounts of money to fix this.

It is not overblown, IMHO, and the responsible people should be canned! There should be laws against this also. This includes corporations that do this. Like maybe jail time for aiding a thief!

Re:Overblown much? (1)

Kelz (611260) | more than 5 years ago | (#23279156)

No, they said "Theres hundreds of thousands of records in there, its not easily searchable (I.E. you have to go through each and every case opening jpgs for the information) to find an a clerical error that may give you somebody's SSN (these are also public records that you can go down to a courthouse and look up as well). There are ways that are several orders of magnitude easier to get even more of the same information, including like my above post, a dumpster.

Maybe I still have more faith in humanity that most people, but I really don't see this as either a big deal or something anyone could have prevented given the time and effort involved to prevent it.

sh1t (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#23279982)

includes whereU you Escape them by you to join the effort to address

Sue them. (1)

v(*_*)vvvv (233078) | more than 5 years ago | (#23280230)

If they cause irreparable damages or harm, they can still be held liable.

There is no two way street here. There is no reason we can't have an open government without web cams in our toilet seats. Do not be rediculous.

It doesn't take a rocket scientist to know the risks. If it were anyone else they would surely accuse them of intentional endangerment.

Why not make everything public? (1)

Jack Conrad (898450) | more than 5 years ago | (#23280366)

Why do we just not make the jump and make everything public?

Our information is out there. It is getting leaked. It is being rampantly abused. Why not just make all of our information public?

Why note create nice, neat databases with comfortable user interfaces that can query all of your, currently, personal information? And apply this to *every* one and *every* organization. No clauses for 'national security'. Everyone gets to know everything about everyone whenever they want.

Works well with cameras everywhere and GPS. Should we issue $100,000 in credit in your name? Well... you passed the DNA, finger-print, and retina tests and had the appropriate federal ID and pin; but, lets check the camera closest to your location to make sure that it is you too...

And you could watch our president 24/7 (as well as any other government official you wanted). Rummage through all their financial information and determine where their special interests are.

Of course, server rooms and back-up/long-term storage would have to be monitored as well and the information kept for as long as the media would allow.

True, an oppressive regime *could* abuse this system by turning off the surveillance, however, if we had a well armed and educated populous, this would not be an issue. (Before someone asks, yes, I'm ok with civilians having anti-tank, and larger, weapons. I wish basic arms could be a *requirement*.)
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...