• United States



Court Leaks Info of Alleged Printer/ID Thief

Oct 24, 20073 mins
CSO and CISOData and Information Security

Things just aren’t going well for Timothy Scott Short.

Just days after a pair of tech support calls he made to printer manufacturer Digimarc Corp. resulted in his arrest, he now finds himself on the receiving end of a data breach with his Social Security number and birthdate accidentally made public via the federal court’s Electronic Case Files (ECF) system.

It’s an ironic development, because Short, 33, was arrested in connection with the Oct. 5 theft of a Missouri Department of Revenue printer and a PC containing data on as many as 500 state residents.

Short’s personal information was discovered by the IDG News Service, listed on a court document called a Criminal Case Cover Sheet, which was publicly available to users of the ECF system. Normally, this document should only be accessible to those involved in the case, but it appears to have been inadvertently made public, according to a clerk with the U.S. District Court for the Eastern District of Missouri, who asked not to be identified because she was not authorized to speak with the press. “It’s something on our side,” she said, adding that technical staff are now looking into the problem.

The U.S. Judicial Conference, which sets policy for U.S. courts, has said that this kind of information should be removed from publicly available electronic court records, but actually removing all the sensitive information has proved difficult.

“If you went online to various court systems, you could find social security numbers of many individuals,” said Paul Stephens, director of policy and advocacy with the Privacy Rights Clearinghouse. “It’s a really, really difficult question to answer, just because you’re dealing with so many jurisdictions.”

Social Security numbers are the building blocks of identity theft crime because they can be used to secure credit cards. “Any time you are placing Social Security numbers online, your are subjecting that person to identity theft,” Stephens said.

With the push to make public documents available online, other government databases have had similar problems. Earlier this year, the states of California and Colorado were forced to take their Uniform Commercial Code (UCC) databases offline after privacy advocates pointed out that the Social Security numbers and other data they contained could be misused by identity thieves.

Short, however, may have bigger problems to worry about. He’s facing US$250,000 in fines and 10 years in prison on charges of possession of “document-making implements” in connection with the theft. He was arrested after U.S. Secret Service Special Agent John Bush recognized his voice in calls placed to a tech support line of the company that makes the stolen printer.

By Robert McMillan, IDG News Service (San Francisco Bureau)