
This story...
... needs a Playmobil reconstruction!
A judge has chastised a lawyer for including the social security numbers and birthdays of 179 individuals in an electronic court brief, ordering him to pay a $5,000 sanction and provide credit monitoring. US District Judge Michael J. Davis said he was meting out the penalty under his "inherent power," meaning no one in the …
the "harm" in this is that in federal jurisdiction, most documents filed in litigation are uploaded to a publicly-accessible server i.e. PACER. I certainly remember coming across plenty of sensitive personal information back when I used to use PACER a lot.
Also, fans of PACER should look into RECAP, a plug in that takes all the documents you download from PACER (for which you pay a small fee) and uploads them to a free resource.
"What an idiot! Should be $10K per SS # / name, credit monitoring and 180 days in the slammer."
Er, for revealing SSNs and birthdays? I think you need to sit down for a moment. The latter are a matter of public record and the former are readily obtainable in certain circles, such as the government departments that issue and use them, and partly guessable if you know where it was issued. It's about as secret as an ex-directory telephone number. You can be sure that the organised crime fraternity maintain a large database of every leak there has ever been and this latest leak is a tiddly update to that.
They are in fact, quite notoriously unsuitable for use as a "personal secret" and sane people have argued that liability for fraud in such cases should lie with the idiots who use the SSN as an authenticator, rather than the poor sucker whose number got leaked, if only because nothing that you are legally obliged to disclose in dealings with public authorities can be taken seriously as a secret. Were that principle adopted, (and it requires no new law, merely the recognition by courts that the use of SSNs for security is "negligence") there would be no harm in this case to redress.
I wonder if this judge has ever sat in a fraud case where SSNs were used for authentication and proved to be the weakness that allowed the fraud.
"Can you change a social security number?"
Yes, but it's very difficult, and they don't like to do it just for fraud: http://crime.about.com/od/v_domviolence/qt/ssnchange.htm
The other problem is that if you walk away from your old SSN, it's a bugger to get your "proper" credit rating recognised, which means it's hard to get e.g. phone contracts, your car/home insurance might go up, your mortgage rate would be higher etc.
Also - frothing about how insecure and stupid using SSNs as authentication or identification numbers isn't much bloody help when all the banks etc do and you're trying to clean up after identity theft fraud. *I* know that but there's no need to throw more morsels to the thieves.
Also also - I don't know about civil procedure rules in federal jurisdiction (again) but iirc in Florida there is a state law requiring redaction and non-submission of SSNs on documents that will be publicly accessible.
@ AC 06:03 05/11/09
"What an idiot! Should be $10K per SS # / name, credit monitoring and 180 days in the slammer."
Everyone's a better judge than the ones in the courts, aren't they?
And if it HAD been 10k per number, guaranteed someone'd be squawking about how it should've been 20k. It didn't *have* to be *anything*, remember. No-one filed a motion, after all. The judge did more than he strictly had to as it is. Besides, as was already pointed out, what this lawyer did was make publicly available information and bit more easy to obtain. He didn't compromise anything top secret. The penalty seems quite proportional to me.
Incidentally, I think I read too much Tom Clancy when younger. Every time someone says 'SSN' I read 'nuclear attack submarine'. Try it: the comments take on a whole new spin. (Mind you, what I read when someone says 'SS #' is an entirely different sack of armadillos.)