BreachExchange mailing list archives
Re: Fringe: legality of posting PII data in VA
From: George Toft <george () georgetoft com>
Date: Thu, 28 Aug 2008 01:43:09 -0700
This article appeared in the this week's SANS newsletter: --Judge Says Law Barring Woman from Posting SSNs on Internet is Unconstitutional (August 22, 2008) A US District judge has ruled that a law barring BJ Ostergren from publishing Social Security numbers (SSNs) on the Internet is, in this specific case, unconstitutional. Ostergren's website contains public documents that include SSNs of prominent people. Ostergren's point is to show how the government has failed to protect people's privacy. http://ap.google.com/article/ALeqM5jiGOcctpSb22Nw59ozzMFCW2hv7gD92NM65G0 [Editor's Note (Northcutt): Virginia is going to have to choose between two paths: continue to publish social security numbers and other PII on their state web sites putting their citizens at risk of identity theft, or start sanitizing the information. The latter is a huge task that would involve modifying public records. This is a fairly big problem that Ostergren has brought to light. Here is the suit, even a quick read and you realize it is slam dunk: http://www.acluva.org/docket/pleadings/ostergren_complaint.pdf ]] I checked out her web site, http://www.opcva.com/watchdog/, and following her links, discovered the Maryland gov't web site publishes a person's physical characteristics - information you would normally find on a driver's license - height, weight, age, address, etc. Scary stuff. George On Wed, 2008-08-27 at 14:59 -0500, Henry Brown wrote:
Judge lets privacy advocate keep Social Security numbers on Web site http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9113642 Can a state government prohibit an individual from posting Social Security numbers online that were easily and legally obtained from government Web sites? The answer, a federal judge in Virginia ruled last week, is a definite 'No,' at least for Betty "BJ" Ostergren, a privacy advocate who operates a Web site that posts Social Security numbers obtained from public records. Ostergren's postings are part of a campaign to show how easy it is to access very personal information on the Web. In a memorandum issued last Friday http://www.acluva.org/docket/pleadings/ostergren_opinion.pdf , Judge Robert Payne of the U.S. District Court for the Eastern District of Virginia ruled that it would be unconstitutional for the state of Virginia to force Ostergren to remove from her site Social Security numbers that she legally obtained from public records. A memorandum opinion does not create a legal precedent. [...] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Fringe: legality of posting PII data in VA Henry Brown (Aug 27)
- Re: Fringe: legality of posting PII data in VA George Toft (Aug 28)