Re: Fringe: legality of posting PII data in VA

[George Toft <george () georgetoft com>]

This article appeared in the this week's SANS newsletter:
 --Judge Says Law Barring Woman from Posting SSNs on Internet is
Unconstitutional
(August 22, 2008)
A US District judge has ruled that a law barring BJ Ostergren from
publishing Social Security numbers (SSNs) on the Internet is, in this
specific case, unconstitutional.  Ostergren's website contains public
documents that include SSNs of prominent people.   Ostergren's point is
to show how the government has failed to protect people's privacy.
http://ap.google.com/article/ALeqM5jiGOcctpSb22Nw59ozzMFCW2hv7gD92NM65G0
[Editor's Note (Northcutt): Virginia is going to have to choose between
two paths: continue to publish social security numbers and other PII on
their state web sites putting their citizens at risk of identity theft,
or start sanitizing the information. The latter is a huge task that
would involve modifying public records.  This is a fairly big problem
that Ostergren has brought to light. Here is the suit, even a quick read
and you realize it is slam dunk:
http://www.acluva.org/docket/pleadings/ostergren_complaint.pdf ]]


I checked out her web site, http://www.opcva.com/watchdog/, and
following her links, discovered the Maryland gov't web site publishes a
person's physical characteristics - information you would normally find
on a driver's license - height, weight, age, address, etc.

Scary stuff.

George


On Wed, 2008-08-27 at 14:59 -0500, Henry Brown wrote:
> Judge lets privacy advocate keep Social Security numbers on Web site
>
> http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9113642
>
> Can a state government prohibit an individual from posting Social 
> Security numbers online that were easily and legally obtained from 
> government Web sites?
>
> The answer, a federal judge in Virginia ruled last week, is a definite 
> 'No,' at least for Betty "BJ" Ostergren, a privacy advocate who operates 
> a Web site that posts Social Security numbers obtained from public 
> records. Ostergren's postings are part of a campaign to show how easy it 
> is to access very personal information on the Web.
>
> In a memorandum issued last Friday 
> http://www.acluva.org/docket/pleadings/ostergren_opinion.pdf  , Judge 
> Robert Payne of the U.S. District Court for the Eastern District of 
> Virginia ruled that it would be unconstitutional for the state of 
> Virginia to force Ostergren to remove from her site Social Security 
> numbers that she legally obtained from public records. A memorandum 
> opinion does not create a legal precedent.
>
> [...]
>
>
> _______________________________________________
> Dataloss Mailing List (dataloss () attrition org)
> http://attrition.org/dataloss
>
> Tenable Network Security offers data leakage and compliance monitoring
> solutions for large and small networks. Scan your network and monitor your
> traffic to find the data needing protection before it leaks out!
> http://www.tenablesecurity.com/products/compliance.shtml

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml