MINOT, N.D. — If North Dakota's Supreme Court Justices were presiding over a case in which the defendant offered up an excuse for exposing the private information of thousands and thousands of people as lame as what the court itself is offering for their data breach, I have a feeling they wouldn't be very forgiving.
“The assumption is that they would be compliant with the rule,” court administrator Salley Holewa told reporter Patrick Springer. She's talking about a court rule, in place since 2009, which requires the redaction of sensitive information in the court filings the North Dakota Supreme Court posted on the internet earlier this year.
But that redaction wasn't happening.
According to a statement posted on the Supreme Court's website, "the Court spent nearly three years studying the issues" before putting those records online.
If they spent years studying this issue, why in the world were they assuming the court records were properly redacted? Especially when even a casual level of perusal proved they most definitely were not?
Why didn't they check?
Here's just one example of how little effort the courts put into reviewing what they were putting online: One type of record in the database are municipal traffic infractions, including from the City of Fargo. In Fargo, law enforcement officers use a form which includes the Social Security numbers.
The courts, when they turned on this new database, put those forms online.
We can reasonably conclude that pretty much everyone who has received a traffic ticket from the City of Fargo since 2009 had their Social Security number exposed to the internet.
They spent three years studying this issue, and they didn't notice that?
“The court didn’t change what was public or what wasn’t public,” Holewa continued to Springer. “All they changed is how they get access to it."
That's not true.
Per state law, and the court's own rules, Social Security numbers are never, ever public record. Yet presumably thousands and thousands of Social Security numbers were posted online by the courts, and not because a few divorce lawyers were sloppy with their filings, but because those numbers were routinely part of filings made even by the government.
They have harmed people.
Arguably, when this records system was online, it represented the largest and most diverse (given the different types of information involved) data breach in state history.
At a minimum, it has left people frightened and confused. At worst, bad actors may have accessed this data with the intent to use it in nefarious ways.
The courts now want us to believe that the process behind this records system was a careful one, but it wasn't. It couldn't be. Any reasonable person, even one without the familiarity with court records that a lawyer or a judge has, could have seen these problems coming.
These judges didn't exercise much judgment.
It'd be nice, now, to see a bit more contrition and fewer word shrugs.
To comment on this article, visit www.sayanythingblog.com
Rob Port, founder of SayAnythingBlog.com, a North Dakota political blog, is a Forum Communications commentator. Listen to his Plain Talk Podcast and follow him on Twitter at @RobPort.