It began, as many of our stories do, with a tip from a reader. Bruce Hogman, a resident of Broward County, Fla., with 30 years of IT experience, wanted us to be aware that the county's Web site is a treasure trove of personal information -- including Social Security, bank account and driver's license numbers -- contained in property records and other public documents. According to Hogman, Florida's two senators, various state legislators, the FBI and the Federal Trade Commission had all turned a deaf ear to his concerns about these online records being used to aid identity theft and other forms of fraud.
In all fairness, it's not surprising that these government officials might dismiss Hogman as a crackpot. If his concerns were legitimate, why hadn't they been raised sooner? Why hadn't there been a huge clamor about a practice that, if true, would be so blatantly ill-conceived and contrary to the public good?
Yet if the officials had bothered to investigate Hogman's claims, they would have found that everything he said is true. If any one of them had phoned Sue Baldwin, director of the Broward County Records Division, Baldwin could have confirmed it as casually and as matter-of-factly as she did with Vijayan.
"All this information has been out there and available since the beginning of time," she told Vijayan last week. "It was out there, and the people who were educated about it knew it was there. It's been online since 1999." Moreover, the same situation exists in "all the counties in Florida [and] lots of [other] states," Baldwin said.
Now that Vijayan's reporting, which substantiated those comments, has been picked up by several other national media outlets and we've been educated about what can only be characterized as an outrageous, far-reaching breach of personal privacy and security, it will be interesting to see what happens next.
State and county governments will likely downplay the issue, arguing that many documents by statute are available for public reference in county offices, and that going the online route saves time and resources. Clearly, making images of these documents available online was done with the best of intentions, but the practice was horribly shortsighted. Now we have millions of document images posted online, and the proc-ess of expunging (typically called "redacting" in document-imaging circles) sensitive information such as Social Security numbers is a time-consuming, expensive process.
It's difficult not to feel some compassion for cash-strapped state and county governments that face a problem that's so immediate and so overwhelming in its scope. But denying or downplaying the severity of the threat is unfair to the millions of people whose privacy and security are potentially at stake. And equating the availability of documents online with their availability in a locked county courthouse is irresponsible.
"Uh-oh" is right. This is bad. And nothing short of immediate, resolute action to make it better is acceptable.
Don Tennant is editor in chief of Computerworld. Contact him at don_tennant@computerworld.com.