A bunch of (mostly state and local) governments have put lots and lots of records online. Mostly this is A Good Thing. It becomes A Bad Thing when those records contain personal data like names, addresses, and Social Security Numbers.
Imagine if the IRS posted your tax return.
Seems that Betty Ostergren thought that they shouldn't do this. She would contact the offending government agency and ask them to pretty please take the data down. Sometimes they would. Sometimes they wouldn't. When they wouldn't, she would "name and shame" them to the press.
Amazingly, some of the agencies didn't like this. They got laws passed to keep Betty from getting them embarrassed. Betty took them to court, and won:
In a memorandum issued last Friday (download PDF), Judge Robert Payne of the U.S. District Court for the Eastern District of Virginia ruled that it would be unconstitutional for the state of Virginia to force Ostergren to remove from her site Social Security numbers that she legally obtained from public records.Let's run the checklist, shall we?
Government recklessly posts your private information to Al Gore's Intarwebz, info that would let anyone who browses the site to steal your identity? Check.
Government ignores someone who tells them that this is, well, bad, mkay? Check.
Government tries to make it illegal for someone to post that same data? Check.
Boy, I can't wait for socialized medicine.
Oh, and FYI, some of us at the security division of Big Tech Company followed her links (yes, it's actually job related). It's simply astonishing what some of these governments have posted. I suspect that if a company did this, someone might go to jail. And no, I'm not giving any links here, but thanks for asking.
No comments:
Post a Comment