Jeb Bush dumps emails, addresses and social security nums of FL residents online
theverge.comHow long is it going to be before a major player from the technology world gets serious about U.S. politics?
I'm serious about that. When can we be done with these buffoons who have no concept of what's going on in the world?
I'm not saying I want to see Larry or Sergei as president. Nor Zuckerberg for that matter. But I'd vote for Sheryl Sandberg any given Tuesday over any candidates I've seen from either of the two parties in the last 15 years.
Sheryl Sandberg/Paul Graham vs. Tim Cook/Jon Stuart.
That's a debate I'd care about. That's a debate where a "transparent campaign" would be more than marketing drivel/security breach.
Well, to be fair, the identity theft demographic can be productive in generating votes.
Wow. And you can find the actual RAR files here: http://jebbushemails.com/email/search
RAR files? Another strike against him.
I found one social security number in 30 seconds of looking. I have not attempted to look for more, yet.
This is DEPLORABLE.
If anyone cares about information security and is considering voting for this idiot, please reconsider.
I say "idiot" intentionally. Whatever else I may think of him, on any topic, this move alone is idiotic. The fact that his advisers didn't stop him from doing this speaks so poorly of them.
I'm not a fan of Jeb Bush either, but what do you think of their released statement?
> This is an exact replica of the public records on file with the Florida Department of State and are available at anyone’s request under Chapter 119 sunshine laws.
It sounds to me like this is an issue with Florida policy if this sensitive data could be accessed freely already, even if they hadn't released it in this public manner.
There are many places where the blame could be laid, including in the case of SSN leakage state employees that put these SSN's into emails instead of keeping them in a safe location in a secure HR system. At any rate I don't think that Jeb Bush is the only one at fault here.
I work for a company that deals with public records data in Florida. The "Government in the Sunshine" laws[1] that deal with access to public records are clear:
>"E-mail" messages made or received by agency employees in connection with official business are public records and subject to disclosure in the absence of an exemption.
and
>Section 668.6076, F.S., requires that any agency as defined in s. 119.011(1), F.S., or legislative entity that operates a website and uses electronic mail must post the following statement in a conspicuous location on its website:
>Under Florida law, e-mail addresses are public records.
>If you do not want your e-mail address released in response to a public records request, do not send electronic mail to this entity. Instead, contact this office by phone or in writing.
That said, there is an exemption for social security numbers, but just because something is exempt doesn't mean that it must be withheld. The body holding the requested data generally has discretion:
>Social security numbers included in an official record may be made available as part of the official records available for public inspection and copying unless redaction is requested by the holder of such number or the holder’s attorney or legal guardian; however, if such record is in electronic format, on or after January 1, 2011, the county recorder must use his or her best effort to keep the social security number confidential and exempt as provided for in s. 119.071(5)(a), F.S. Section 119.0714(3)(b), F.S.
[1] http://www.myflsunshine.com/sun.nsf/manual/5a60474cbfb8dbf48...
http://www.leg.state.fl.us/Statutes/index.cfm?App_mode=Displ...
> Social security numbers held by an agency are confidential and exempt from s. 119.07(1) and s. 24(a), Art. I of the State Constitution. This exemption applies to social security numbers held by an agency before, on, or after the effective date of this exemption. This exemption does not supersede any federal law prohibiting the release of social security numbers or any other applicable public records exemption for social security numbers existing prior to May 13, 2002, or created thereafter.
> Social security numbers held by an agency may be disclosed if any of the following apply:
None of those things apply.
My reading is that the Governor has illegally revealed confidential information.
Social security numbers shouldn’t be emailed in the first place. That data was insecure from the moment the send button was clicked.
Publishing it _again_ is only marginally stupider than sending it in the first place.
Many of the Social Security numbers in these emails were sent to Jeb Bush, not by him.
That’s kind of my point. The original sender compromised the info.
A) These emails go back to 1999. Many people had no idea email was not secure at that time.
B) If I send private information to you in an insecure manner, and then you BROADCAST IT, then I definitely have cause to be mad at you.