back to article California state's gun control websites expose personal data

A California state website exposed the personal details of anyone who applied for concealed-carry weapons (CCW) permits between 2011 and 2021. According to the California Department of Justice, the blunder happened earlier this week when the US state's Firearms Dashboard Portal was overhauled. In addition to that portal, data …

  1. heyrick Silver badge

    "The California breach comes at a time when data privacy is at the forefront of the national debate"

    ...as is gun control, or the lack of it given the way the SCOTUS is behaving right now.

    1. jake Silver badge

      Something most people are missing is that SCotUS has, even at it's most "liberal", always ruled in favo(u)r of a literal reading of "the right of the people to keep and bear arms shall not be infringed".

      Now, after getting loaded by right-wing whack-jobs by the Trump regime, the anti-gun zealots might as well give up for a bit. It's a completely lost cause, as is the abortion debate. All that energy and angst would be far better spent trying to convince people to stop voting Republican. If the House and Senate manages to become overloaded with Democrats, some of this can be reversed ... and legally, without resorting to tricks, at that.

      But it won't happen, because nobody can see the long term. They want it their way, and they want it now. Nothing else is even to be considered. The myopic fools.

      1. Rameses Niblick the Third Kerplunk Kerplunk Whoops Where's My Thribble?

        Now, after getting loaded by right-wing whack-jobs by the Trump regime, the anti-gun zealots might as well give up for a bit. It's a completely lost cause, as is the abortion debate. All that energy and angst would be far better spent trying to convince people to stop voting Republican.

        In principle I agree with you. However, by drawing attention to these kinds of rulings, I do wonder if some of the thinking is that while accepting that it is a lost cause currently, it may change the minds of more moderate republican voters to see what is being done in their name and encourage them to reconsider?

        Maybe just wishful thinking.

      2. HammerOn1024

        Are You Daft?

        Because the job of the Supreme Court of the United States is to interpret, not re-interpret the U.S. Constitution. If one wants to change the interpretation, one needs to change the document.

        It is not a hard concept... well, for most anyway. There is a miserable, yet determined minority, that this concept seems to escape.

        There are two well defined, written in ink on nice parchment, methods for changing the Constitution: The U.S. Congress, with the backing of the states, can make amendments, or the states themselves can call a Constitutional Congress and avoid the Fed's all together.

        It's there for anyone to read... well, for most anyway. There is a miserable, yet determined minority, that this text seems to escape.

        1. Yet Another Anonymous coward Silver badge

          Re: Are You Daft?

          And yet those pink liberal judges still restrict the right to personal nuclear weapons.

          At least I'm legally allowed to distribute smallpox blankets to my neighbours

          1. jake Silver badge

            Re: Are You Daft?

            So-called "smallpox blankets" came about during the siege of Fort Pitt, during Pontiac's War in 1763. The United States didn't exist yet. It was Field Marshal Jeffery Amherst, 1st Baron Amherst, who was attempting germ warfare. As he wrote in a footnote of a letter to Colonel Henry Bouquet on July 16th, 1663 P.S. You will Do well to try to Innoculate the Indians by means of Blanketts, as well as to try Every other method that can serve to Extirpate this Execreble Race.

            In other words, he was knowingly attempting genocide under the authority of the Crown. Nice group of folks, you Brits. Have you hugged your Golly today?

        2. John Brown (no body) Silver badge

          Re: Are You Daft?

          "If one wants to change the interpretation, one needs to change the document."

          The fact that it needs a Supreme Court to do that job belies the fact that the interpretation of the same words can't be different. Clearly, Supreme Court decisions can be and have been reversed WITHOUT the wording of the Constitution being changed.

      3. Anonymous Coward
        Anonymous Coward

        "...convince people to stop voting Republican."

        Being told how to vote.... let's M.A.G.A.

        1. jake Silver badge

          "Being told how to vote"

          Nobody said anything about telling people how to vote. Political debate has been normal since politics began. People have been changing their minds as facts become clear(er) for the same time frame.

          MAGA ... Muppets Annoying Genuine Americans

    2. martinusher Silver badge

      As a California resident I think I should know if my neighbors have private arsenals.

      We've got a state website that lists everyone near me who's got a conviction for a sexual offense (regardless of how serious, how long ago and so on). I can look my neighbors up on it. I'd guess that the overwhelming majority of them are far less of a threat to my safety and well being than many gun owners.

      1. nintendoeats

        I am a firearm owner ( but not American). I have done the safety courses, follow the laws, get the piece of paper that allows me to take my firearms to the range. They are stored in a safe, with trigger locks. The ammunition is stored in a locked cabinet. I would only deliberately point one at a human being if lives were on the line, and even then I doubt I could pull the trigger. Everybody I know who owns firearms is similar (again, not American).

        Can you see why I do not think it is fair that I be compared unfavorably to a sex offender? No doubt there are many irresponsible people with guns (particularly in the US where many people buy them expressly for "self-defense"), but can you agree that it is inappropriate to refer to the "overwhelming majority" in this way without statistical backing?

        And to re-iterate for the final time, I do realize that the American gun culture is the one most likely to attract and permit people who really should not have firearms.

        1. Anonymous Coward
          Anonymous Coward

          and yet in the US the states with the most strict gun laws have the most violent crime rates, and those states that have supposedly looser laws (still have to get fed approval in any state to buy a new plinker) have the lowest violent crime - "very easy to look up". Crimes happen mostly when they feel safe to commit them is my only guess. US has no knife laws, low stab rate - check out the stab rate in any country that has banned guns - the problem is people, and the only solution ever presented was turned down at the end of WW2. Bad parenting and violent cultures are the problem around the world - but war makes the rulers money - so there is no motivation to change people, just profit from fining/fees and imprisoning.

          1. Yet Another Anonymous coward Silver badge

            >and yet in the US the states with the most strict gun laws have the most violent crime rates

            And hospitals with the most advanced cancer treatment units have the highest fatality rates.

            Jobs that require the most protective equipment have the highest injury rates.

            Plants with the strictest fire regulations have the highest fire risk

          2. This post has been deleted by its author

      2. Anonymous Coward
        Anonymous Coward

        And now every criminal in California who might need a new gun can check online if you have one in your house.

        This happened in New Zealand.

        1. Doctor Syntax Silver badge

          It also happened in the UK, reported here some time back.

          1. rg287 Silver badge

            It also happened in the UK, reported here some time back.

            Well, yes and no. That was a commercial sales platform which literally anyone could sign up to. Users might own firearms, have sold their firearms, or airguns, or never have owned firearms in the first place. It was bad, but by no means a complete list of firearm owners/users - compared with leaking a list of current permit holders.

            This is more comparable to a Police force leaking the National Firearms Licensing Management Database.

        2. jake Silver badge

          From what I've read the info doesn't actually include whether or not the listee actually owns a gun, just that they applied for a CCW ... It also doesn't mention how many dawgs, and of what breed, said home contains.

          1. Jellied Eel Silver badge

            From what I've read the info doesn't actually include whether or not the listee actually owns a gun

            It looks like it might-

            https://www.theguardian.com/us-news/2022/jun/30/california-gun-owners-data-breach?amp;amp;amp

            The data breach temporarily made public the names, birthdates, gender, race, driver’s license numbers, addresses and criminal histories of people who were granted or denied permits to carry concealed weapons between 2011 and 2021. The state’s Assault Weapon Registry, Handguns Certified for Sale, Dealer Record of Sale, Firearm Certificate Safety and Gun Violence Restraining Order dashboards were also affected, the department said.

            So a pretty comprehensive leak. Also would allow people to check if firearms are worth <$900, and thus become immune from prosecution in CA. But a lot of dangerous information that's conveniently 'leaked' shortly after the Supreme Court ruled against CA's firearms policy.

            It also doesn't mention how many dawgs, and of what breed, said home contains.

            That's what data aggregators are for. Which could also be interesting to researchers. Just how many firearms do the Pelosis own? Combine the firearms data with voter registration, and see how many Democrats hold CCWs, or firearms in general.

      3. Danny 2

        @MartinUsher

        "I think I should know if my neighbors have private arsenals"

        Careful what you wish for! Anyone will be able to look up homes like yours that are unarmed, except for that double-edged sword.

        A better way to find out which of your neighbours have arsenals is to talk to them for five minutes, or step on their lawn.

  2. Anonymous Coward
    Anonymous Coward

    Our privacy laws only punish data blunders

    They don't prevent them. At least in this case people may thinks twice before showing up in person to harass them, but people can still be targeted based on the leaked data. The fact they insisted on storing race data along with the rest of it is extra toxic. Some of the information listed probably didn't even need to be stored in an internet connected system.

    Don't store information you don't need. Don't store information you need for longer than you need it. Separate sensitive information from other information and from other sensitive information. Be clear about what data is in a given database, why, and for how long. Continuously audit and alert on database access. We know what we are supposed to be doing.

    Yet the state and federal gov can't seem to manage even on high profile and high impact data. Why? They refuse to hire people with sufficient know how to police and manage their own projects.

    1. Gene Cash Silver badge

      Re: Our privacy laws only punish data blunders

      You want scary? Check out this page:

      https://www.stateofflorida.com/public-records-check/

      1. Fogcat

        Re: Our privacy laws only punish data blunders

        That is scary!

    2. jake Silver badge

      Re: Our privacy laws only punish data blunders

      "None of the information listed needed to be stored in an internet connected system."

      FTFY.

    3. Doctor Syntax Silver badge

      Re: Our privacy laws only punish data blunders

      "They don't prevent them."

      This also applies to laws against theft, fraud, assault, murder...

      How exactly would a law prevent data blunders?

      At most they will say what should be done but they can't actually ensure that it will be done or that the people tasked with doing it will be sufficiently competent, even if they think they are (see Dunning-Kruger effect). Ultimately all they can do is punish failure; it's in the nature of laws.

      1. nintendoeats

        Re: Our privacy laws only punish data blunders

        Laws that centered around processes rather than just breeches would be good. Then organizations could be fined for non-compliance before any breech occurs.

        It's the same reason we have fire codes. If we didn't, organizations could take the risk of having lax safety standards and just gamble on not having a fire. Because we have regulations around fire safety measures, it is an offence to make that gamble at all.

        1. Doctor Syntax Silver badge

          Re: Our privacy laws only punish data blunders

          In practice you'll find that all the boxes were ticked to say they were compliant and only discover that they really weren't when the breach happens.

          1. An_Old_Dog Silver badge

            Re: Our privacy laws only punish data blunders

            Fix that problem with independent audits.

    4. An_Old_Dog Silver badge

      Re: Our privacy laws only punish data blunders

      Even government IT employees with sufficient know-how are subject to ignorant/wrong-headed-orders-from-above. Fixing the chain-of-PHBs-above is ... extremely-difficult, at best. And buying the required amounts of quicklime will show up on some government agency's alert system.

  3. Numen

    Accidental?

    I suspect this will turn out to be intentional by someone opposed to gun ownership.

    1. Anonymous Coward
      Anonymous Coward

      Re: Accidental?

      More likely a false-flag by Ammosexuals. Oh look how easy it is just to make things up on the internet!

      1. SundogUK Silver badge

        Re: Accidental?

        "Ammosexuals" - ooh! Aren't you clever.

        1. Anonymous Coward
          Anonymous Coward

          Re: Accidental?

          Do you prefer the term "Gun Nonces"?

    2. nintendoeats

      Re: Accidental?

      Surely this more favors groups opposed to firearms registration? One of the arguments some groups have against firearms licenses and requiring registration of individual firearms, is that it centralizes a great deal of personal information and increases the likelihood of theft (generally, one is best served not letting random people know both their address and that they have firearms).

      I don't agree with the position I just stated (I think some degree registration has to be part of a fair compromise between the two camps, and that it is therefore the government's job to mitigate the risk by taking all reasonable steps to protect the data), but if this event is evidence for any position I would say it was that one, rather than for increased regulation.

      1. ThatOne Silver badge

        Re: Accidental?

        > that it centralizes a great deal of personal information

        That might be true, but there is no reason I can think of to make that centralized database publicly available on internet. Some government bodies might need to access it but I'm pretty sure they have their own, somewhat better secured accesses.

        I don't think this was a conspiracy, it feels like a genuine garden variety IT blunder to me. Just incompetent people led by incompetent managers.

        1. nintendoeats

          Re: Accidental?

          Totally agree on all counts. I'd say that they need to treat this data as sensitive, but lets be honest...many organizations don't seem to be good at protecting any information that goes on a computer no matter how seriously they take it.

          1. ThatOne Silver badge

            Re: Accidental?

            They actually don't take it seriously at all. Convenience always trumps security, that's why we have people losing thumb drives with whole databases of very sensitive stuff in taxis, bars and trains, that's why we have the unsecured data freely accessible to anyone with an internet connection, and all that. "Don't worry, it's okay, what could happen..."

    3. Filippo Silver badge

      Re: Accidental?

      That seems very unlikely, given that this blunder strengthens the factions that's opposed to regulation.

      1. SundogUK Silver badge

        Re: Accidental?

        I think you are seriously over-estimating the intelligence of the gun-grabbers.

        1. nintendoeats

          Re: Accidental?

          In Canada, holders of a firearms license are more likely than average to have at least a high school education.

          1. Yet Another Anonymous coward Silver badge

            Re: Accidental?

            >In Canada, holders of a firearms license are more likely than average to have at least a high school education

            But what about those still in high school who, for some reason, need an assault rifle?

            1. nintendoeats

              Re: Accidental?

              A: you can't get an assault rifle in canada. Fully automatic is illegal. Anything that is not fully automatic is not an assault rifle. This is not an academic distnction.

              B: you can't get a firearms license in canada until you are 18.

              C: The statistic I'm quoting is specifically limited to the adult population.

        2. Anonymous Coward
          Anonymous Coward

          Re: Accidental?

          But is a 'gun grabber' as much-a 'weapon' as a gun obsessive?

    4. bombastic bob Silver badge
      Pirate

      Re: Accidental?

      If nothing else the criminals will know WHICH HOUSES TO AVOID BREAKING INTO.

      1. Pirate Dave Silver badge
        Pirate

        Re: Accidental?

        Yeah, but it also gives them a list of houses to case during July 4th week, since lots of folks go on vacation then. And depending on how the data gets mashed together, may even tell them which houses will be the most profitable to hit.

      2. Anonymous Coward
        Anonymous Coward

        Re: Accidental?

        Or which ones to target.

        Suppose you're a criminal looking for an easy score, and you know of two different houses.

        At house #1, we have Terry and his life partner, Frank. They are loading up luggage into their Subaru on their way out to take a road trip across the Southwestern US where they'll make several stops to volunteer at animal shelters dedicated to incontinent chihuahuas before marching to raise money for prosthetic noses for cancer stricken bottlenose dolphins.

        At house #2, Al and his family are loading up the F350 for a trip to Montana, where they'll spend two weeks campimg in the mountains and hunting elk.

        If I'm looking for easy money, I'm not bothering with stealing some fancy art from Terry and Frank. I'm busting in to Al's house. I'll scope it out for an alarm system first, but according to the "we don't dial 911" sticker on his truck, Al's security system is a double barrel shotgun behind the bedroom door, a .45 in his nightstand, and a .38 snubnose in his wife's nightstand. Add in assorted other guns and ammo from the gun case and you've got a pretty good haul for a few minutes of work.

        1. jake Silver badge

          Re: Accidental?

          So many "ifs" in there that I'll bet you a plugged nickle you can not now, and never will, be able to point to an actual RealWorld example of your little fantasy.

          Swatting at shadows is counter-productive, IMO.

          1. nintendoeats

            Re: Accidental?

            While it may be a fanciful and hyperbolic scenario, it is true that firearms are one of the most stolen category of items (IIRC they are third behind electronics and something else, but I might not have that exactly right).

            1. ThatOne Silver badge

              Re: Accidental?

              > it is true that firearms are one of the most stolen category of items

              Obviously, since they have value and are very easy to resell. In the OP's example, the "art" in that "gay hippies"' (what an original stereotype!...) house would be most likely be more ethnic craft than certified Rembrandt painting, and thus hard to sell and not very valuable, while the firearms will fetch a quick and easy buck sold to the local criminal underworld. It's a no-brainer.

              Having firearms in your house is like having gold coins: Valuable, easy to assess, easy to sell. You'd better not advertise it too much, unless there is always someone there to keep applicants at bay (in my experience watchdogs don't count: Dogslaughter not being a major crime, nobody hesitates to simply kill them...).

              1. nintendoeats

                Re: Accidental?

                Exactly, this is why the wiser firearms owners work hard to limit how many people know both where they live and that they have firearms.

                1. Pirate Dave Silver badge
                  Pirate

                  Re: Accidental?

                  Yep. And why the smart ones don't plaster the rear window of their pickup with stickers from Palmetto State Armory, Apex, AK-Builder, Ruger, etc. That's practically an invitation to smash the driver-side window out and take a look under the seat.

      3. Mike 16

        Which house not to break into

        IIRC, some (many?) criminals will knock a couple points off their

        "perceived value" assessment for a house displaying an American flag.

        Correllation is not causation, of course.

  4. Anonymous Coward
    Anonymous Coward

    The American religion of guns

    Where “holy” has a different meaning altogether.

    1. Jimmy2Cows Silver badge

      Re: The American religion of guns

      Wholly a holey matter for holy and holier individuals?

    2. bombastic bob Silver badge
      Devil

      Re: The American religion of guns

      Well, proper "gun control" is getting a NICE TIGHT PATTERN (on the correct target) whenever you shoot some[one,thing]. The 'police grip' is what they teach in the military (for pistols). It helps to mitigate kickback and keep your aim steady. For self-defense, of course.

      1. Anonymous Coward
        Anonymous Coward

        Re: The American religion of guns

        Careful, you almost creme'd your ke(c)ks there.

      2. Yet Another Anonymous coward Silver badge

        Re: The American religion of guns

        One would have thought that if you are in the military and reach the point where you need to use a pistol in self defence - then perhaps one's strategic plans are not progressing quite as you might have hoped?

  5. Potemkine! Silver badge

    the information exposed included names, dates of birth, gender, race, driver license numbers, addresses, and criminal histories

    Race? Does California record if the applicant is a human, a dog or something else?

    1. Yet Another Anonymous coward Silver badge

      >Race? Does California record if the applicant is a human, a dog or something else?

      No, they are just naturally cautious about NASCAR fans

  6. Marty McFly Silver badge
    Mushroom

    Who cares?

    Yes, there is extreme hypocrisy in the state's handling of citizen's private data, and the state should be held accountable for that.

    However, who cares? Gun owners who have filed the required government paperwork are, by definition, law abiding. These are not the people who cause gun crimes. Only some pansy Karen or Kyle will get their panties in a knot if they find out their neighbor legally owns guns. My rights don't end where their feelings begin.

    Does this information make gun owners a target for thieves? No more so than knowing what sort of expensive car someone owns via the DMV registration data. In fact, maybe a bit less. If a thief has to choose a house to rob, they are less likely to pick the house where they know the owner will probably shoot them.

    "Hey, let's go break in to this house with the 'Gun Free Zone' sign in the yard instead."

    1. Paul Hovnanian Silver badge

      Re: Who cares?

      Motivation.

      This happened in New York State some years ago. Turns out it was a leak aimed at embarrassing all the fringe lefties who were screaming for more gun regulations but were also packing heat. Stay tuned for some serious embarrassment at the next cocktail party.

      1. jake Silver badge

        Re: Who cares?

        Always amusing to listen to the back-peddling.

        The anti-gun poster child herself (Sen. Diane Feinstein) had a CCW for years ... AFTER she began running for office on an extremely vocal anti-gun platform.

        The word hypocrisy doesn't quite begin to cover it ...

    2. Anonymous Coward
      Anonymous Coward

      Re: Who cares?

      "These are not the people who cause gun crimes. "

      That dipwad that shot those kids in Uvalde bought his gun legally. The same is true for many mass shooters.

      1. jake Silver badge

        Re: Who cares?

        That dipwad in Uvalde had been pestering family members to illegally buy him a gun for months before his 18th birthday. The refused, because they knew he was a very disturbed individual. They could have flagged him, but choose not to.

        1. This post has been deleted by its author

        2. Paul Hovnanian Silver badge

          Re: Who cares?

          "They could have flagged him, but choose not to."

          No red flag laws in Texas. Even now (after the latest federal bill passage) there is nothing to mandate red flag laws. Only funds for states that choose to implement them.

          The next step would have to be some sort of civil commitment. That's a huge hurdle to clear as it involves checking someone into a facility for observation.

  7. Ghostman

    How can there be a database on something that doesn't exist?

    The term "assault weapons" was first used in a newspaper article of the Hutchinson News (Kansas) in 1978 to describe what the reporter thought of the AR-15, Valmets 7.62x39, and the Wilkinson-Terry Carbine. The phrase has been picked up by anti-gunners to confuse those with little knowledge of firearms to thinking of assault rifles like the German machine gun Hitler gave the description of an assault rifle.

    For years I've had to try and correct this confusion of calling the AR-15 "semi-auto machine gun", the AR means assault rifle, it sprays bullets as long as you hold down the trigger, and the worst one is "it's the weapon of choice for school shootings". It actually ranks behind handguns and is close to shotguns in it's usage.

    BUT, now you see why we are against these firearm data bases. IF you have to have one, keep it on paper, not on line.

  8. Anonymous Coward
    Anonymous Coward

    but nobody leaks

    but nobody leaks who keeps gold in their house, has insurance on jewelry.

    This is solely so the CA gangs know exactly where to get guns, to increase violent crimes.

    Disgusting use of data, people will die due to this leak.

    :(..

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like