A documented 'uh-oh'

When Computerworld's Jaikumar Vijayan broke the story last week about a Florida county that posts on its Web site documents with residents' personal information, we knew we'd snagged a big one. But it wasn't until Vijayan's pursuit of the story uncovered the extent to which the practice is carried out all over the country that we understood what we were on to . It was then that an expletive or two echoed through the newsroom. Rough translation: "Uh-oh."

It began, as many of our stories do, with a tip from a reader. Bruce Hogman, a resident of Broward County, Fla., with 30 years of IT experience, wanted us to be aware that the county's Web site is a treasure trove of personal information -- including Social Security, bank account and driver's license numbers -- contained in property records and other public documents. According to Hogman, Florida's two senators, various state legislators, the FBI and the Federal Trade Commission had all turned a deaf ear to his concerns about these online records being used to aid identity theft and other forms of fraud.

In all fairness, it's not surprising that these government officials might dismiss Hogman as a crackpot. If his concerns were legitimate, why hadn't they been raised sooner? Why hadn't there been a huge clamor about a practice that, if true, would be so blatantly ill-conceived and contrary to the public good?

Yet if the officials had bothered to investigate Hogman's claims, they would have found that everything he said is true. If any one of them had phoned Sue Baldwin, director of the Broward County Records Division, Baldwin could have confirmed it as casually and as matter-of-factly as she did with Vijayan.

"All this information has been out there and available since the beginning of time," she told Vijayan last week. "It was out there, and the people who were educated about it knew it was there. It's been online since 1999." Moreover, the same situation exists in "all the counties in Florida [and] lots of [other] states," Baldwin said.

Now that Vijayan's reporting, which substantiated those comments, has been picked up by several other national media outlets and we've been educated about what can only be characterized as an outrageous, far-reaching breach of personal privacy and security, it will be interesting to see what happens next.