June 26, 2006
King County Records and Elections puts thousands at risk for identity theft

King County Councilmember Reagan Dunn held a press conference today to discuss this recent discovery:

King County's Records, Elections, and Licensing Services (REALS) Division has posted the social security numbers for potentially thousands of current and former King County residents ... The problem was revealed when a constituent of District Nine contacted Dunn's office [last week] to inform them that by performing a records search on herself, she had found her social security number on the REALS website.
Ouch. The problem isn't with Elections records, but with certain property records which are also administered by the REALS division, headed by the outgoing Dean Logan.

More information and correspondence between Dunn and Logan are posted at Dunn's website. REALS has apparently known about this issue for a while. Property ownership records are legitimately public information. But there's no good reason to publish social security numbers and the potential for identity theft is horrific. The state legislature should explicitly require that social security numbers be redacted from any public records prior to disclosure. But Dean Logan, his predecessors who initiated this program and their boss, Ron Sims, should also have been more proactive on this issue to protect the public.

Dunn also links to this form which enables individuals to ask the county to remove from its website documents that contain social security numbers and certain other personal information.

Posted by Stefan Sharkansky at June 26, 2006 03:26 PM | Email This
Comments
1. REALS has apparently known about this issue for a while.

perhaps this is so undocumented aliens could find a ssn to thier liking so they could have an easier time finding work and registering to vote.

Posted by: TrueSoldier on June 26, 2006 03:37 PM
2. Dunn also links to this form which enables individuals to ask the county to remove from its website documents that contain social security numbers and certain other personal information.

Are you kidding me? I have to fill out a form to keep my Social Security number and other personal info off the web? Talk about doing things bass ackwards... they had no business putting it up there in the first place. What a load of Barbara Streisand.

Kudos to Dunn for raising a stink about this.

Posted by: Mike H on June 26, 2006 03:42 PM
3. Logan couldn't find his way out of a paper bag if his life depended on it. LA's loss is our gain.

Posted by: Jeff B. on June 26, 2006 03:45 PM
4. Unfortunately, truesoldier might be more right than we'd like to think! Goodness!

Posted by: Michele on June 26, 2006 04:15 PM
5. Uhhhh, OK... so let me get this straight: I have to proactively fill out a bunch of forms to get this stuff REMOVED from public display?

Yet another example of Government Working For You(TM).... not.

Posted by: Erik on June 26, 2006 04:31 PM
6. It's even worse than having to proactively fill out a bunch of forms. You have to find the document online and reference it on the form. If your search skills aren't as good as some potential identity thief you are S.O.L.

Posted by: Perri Nelson on June 26, 2006 04:59 PM
7. wow; found mine in first hit; on a house i bought, had nice ss # very easy to find

Posted by: righton on June 26, 2006 05:06 PM
8. Big PS; (or bs)..

You have to fill out 1 form per offending document; good luck boys if you have any trail of property or re-financings :)

Posted by: righton on June 26, 2006 05:07 PM
9. local news had clips of Reagan Dunn pointing out how risky and foolish this is, and deanron lisping "oh it is not either!"

Posted by: alphabet soup on June 26, 2006 05:44 PM
10. Anyone who's ever worked with any customer data (obviously not Dean Logan) knows that privacy concerns are important and that the number one thing you do not publish is the SS#.

Logan doesn't think it's very risky because he's safe. No one would ever want to steal his identity and become known as Dean Logan, Elections Bafoon. Even ID theft criminals have higher standards than to tarnish their reputations with that of Dean Logan's.

Posted by: Jeff B. on June 26, 2006 05:56 PM
11. I'm not filling out eleven forms, but I will fill out one to King County to complain about it. They need to remove that info immediately.

Posted by: Janet S on June 26, 2006 06:53 PM
12. there's your Sims accuracy only a bank would love; can't believe this shyt; over and over they screw the voters and nothing is done, no heads roll, no jail; what a liberal farce of a city! what next? i hate to imagine! and these clowns are to guide us during a terrorist attack or natural disaster?! sorry--snapped and lost my Home Training;

Posted by: Jimmie-howya-doin on June 26, 2006 07:12 PM
13. What's the big deal?! Stefan and the Secretary of State are advancing the crime of identity theft with the Voter's Database! It's great that Reagan Dunn is taking this to task, but the real problem is the voter database, which I've asked Stefan to block birthdates in the past with an email but, have received no response. Eventually, some victim will sue, whether it be Soundpolitics, King County or the Secretary of State. In this day and age, with ALL THE INFORMATION OUT THERE ABOUT METH MAGGOTS AND THEIR PURSUIT OF THAT DRUG, one would think (kind of like the NY Times) that they'd protect the average American citizen!

Posted by: Peaches Marie on June 26, 2006 07:49 PM
14. Names and dates of birth are a big identity theft item aside from social security numbers, folks.

Posted by: Peaches Marie on June 26, 2006 07:53 PM
15. There's a difference, "Peaches". Voter names, birthdates and addresses are explicitly public information by state law and for good reason. There is no public purpose for releasing Social Security numbers.

Posted by: Stefan Sharkansky on June 26, 2006 07:56 PM
16. Stefan, I love ya! BUT, all any dirtbag meth maggot needs is a name and date of birth to wreak havoc on anyones identity. I've arrested meth maggot's in motels, sitting there on there computers and opening accounts. Like I said, I love ya but there is a big problem with the database being out there.

Posted by: Peaches Marie on June 26, 2006 08:07 PM
17. Oh and "there" should have been spelled as "their.

Posted by: Peaches Marie on June 26, 2006 08:08 PM
18. Stefan, I invite you to ride along with me one day! But I can't predict if we will come upon the very labor intensive investigation of identity theft that I may or may not delve into regarding identity thefts. It's a very easy crime. A date of birth and name is about all that is needed. I'm happy that you've finally acknowledged this BUT, I'm more worried about the information out there on the database. I have a number you can call me at or I can set you up with our identity theft detectives.

Posted by: Peaches Marie on June 26, 2006 08:16 PM
19. RICHARD POPE!!!

Where are you.....The citizens of King County need one of your "18 hour Class Action Lawsuits"...

Seriously, I do hours of research, and I have known about the SS#'s, and always wondered why they didn't blank em out. But I think Dunn is right, this is a REAL problem (no pun intended)

Jeff B, your so funny, I thought the same thing about Logan, nobody would steal his identity....

Posted by: Chris on June 26, 2006 08:16 PM
20. Stefan, do you want to ride-along with me next Friday?

Posted by: Peaches Marie on June 26, 2006 08:31 PM
21. Sorry folks, the problem's not particularly with the King County Recorder's Office.

I was going to join in stomping them, but bethought me to look at some of those records. I called up (on the Recorder's website) the approx 1-square-mile section I live in, and asked for all the Deeds of Trust. More than 100 appeared, the earliest dated 1999. Sure enough, the very first one had a signature block for the grantors (the folks who used their property as security for a honkin' big loan) which included lines for Social Security Numbers - and those ninnies (not KCRE) had filled them in.

Is this a general practice? No. Out of the first 30 Deeds of Trust, I only found two with those pre-printed lines for SSNs, and only one of the two actually included the numbers.

Those two Deeds of Trust were both on forms generated by Washington Credit Union, of Mountlake Terrace. If that company feels that exposing the SSNs of their debtors by recording them as public records is necessary to their business, then said company may need to prepare a defense in case those SSNs are abused by malicious third parties.

In any case, it's the business of KCRE to record those documents exactly as they are executed. In my humble opinion, anyone who applies their SSN voluntarily to a publicly recorded document is begging for ID thieves to make free with the information. However, if the lender who prepares those Deed of Trust forms insists on the application of SSNs as well as notarized signatures, said lender must bear some responsibility for any future abuse.

Posted by: Hank Bradley on June 26, 2006 09:13 PM
22. Hank - a little late for the warning. My King County records go back over 17 years, long before SSN's were used for identity theft. Too bad I didn't anticipate the internet way back then, and refuse to supply my SSN.

Posted by: Janet S on June 26, 2006 10:20 PM
23. It appears King County residence/voters have to start getting REAL serious about straitening the thinking of their public servants. There appears to be absolutely no regard for personal security. As far as the public officials/office which deals with this information is concerned they are not responsible. Then WHO is?? Beat on office doors until you get results OR VOTE out who is elected. And if the replacements don’t do their job, fire them too. This might sound like elementary action to a complex problem but getting back to basics seems to be something of an ‘in the right direction’ remedy for what ails King County government.

Posted by: Olympia Blizzard on June 27, 2006 06:40 AM
24. Janet S-

It's never too late, and the Internet shouldn't be blamed. Public records being public, anyone since SSNs were created in the 1930s, who discloses their SSN on a recorded document, has thereby made their SSN a public record. Anyone may walk into the King County Administration Building, cozy up to the microfilm readers, and extract as many SSNs as they can find. The Internet only saves the researchers a trip to 5th Avenue - it doesn't disclose any more than the original document, or its microfilm copy.

In the Congressional debates over issuing numbers to citizens (anti-collectivists fiercely opposed such a thing), it was promised that 'Social Security numbers will never be used as ID numbers'. But in the enormous expansion of the governmental/bureaucratic morass since the 1930s, an avalanche of agencies from the IRS on down chose to violate that promise.

Now we see certain lenders, such as Washington Credit Union, mindlessly creating spaces on their documents for SSNs, and others (who apparently don't understand that by the Statute of Frauds, legal documents pertaining to real estate must be made public by recording) failing to refuse to furnish them.

The whole point of notarized signatures is that they clearly establish the IDs of the signatories. SSNs on such documents are redundant.

Posted by: Hank Bradley on June 27, 2006 07:21 AM
25. IMO, this is not about the incompetent and lame duck Deano Logan. It is about Ron Sims who has the responsibility and duty to fix this problem. This is a matter of public safety in protecting citizens and once again we witness the corruption in Sims' Records and Elections office. He could even declare an emergency, but instead we are subject to Logan's intransience and Sims' arrogance.

Posted by: Banshee on June 27, 2006 08:00 AM
26. http://seattlepi.nwsource.com/local/275452_idtheft27.html

Attn. ID thieves: Look here
Councilman publicly points out exploitable weakness in Web site

By NEIL MODIE
P-I REPORTER

If identity thieves needed assistance plundering King County's records for sensitive personal data about its citizens, County Councilman Reagan Dunn may have unwittingly helped them out Monday.

P-I reporter Neil Modie can be reached at 206-448-8321 or neilmodie@seattlepi.com.

The Seattle Post Intelligencer (206) 448-4000 has chosen to present this as being all King County Councilman Reagan Dunn's fault because he did not
work with Dean Logan

The problem is that Dean Logan has short timers and nothing of significance is going to get fixed in the next month before he moves to Los Angeles

Having to fill out a form to have personal identifiers removed is absurd

A normal elections department would remove all personal identifiers before posting the data as public records on the web and on microfiche

I'll let Hank Bradley, Richard Pope, and Steve Berman argue with Washington Credit Union as to whether SSNs should be listed as public information

Another part of the Seattle Silliness is that KCRE expects the executor or an estate to notify the county when the person dies. Banks have individuals who read the obits, the legal notices, and also obtain a listing from the Social Security administration of decedents. The banks know that stuff falls through the cracks when someone dies and they act to help the former customer

KCRE needs to be proactive not reactive and this major error is another example that Dean Logan (no matter how nice a guy he is) was the wrong choice for the job

Posted by: Green Lake Mark on June 27, 2006 08:51 AM
27. Whee is the ACLU suing the queen. Talk about the right to privacy being stomped upon!

Maybe we need to wait until there is an R gov before it is an issue big enough for the ACLU to confront.

Posted by: Fred on June 27, 2006 09:37 AM
28. First word on my last post was meant to be where...

Also, now that our signatures are easily available for all to see and print, it make VBM even more secure!

They take pride that the security is based on signature, which anyone can access and copy. Do they have a combined IQ of over 100?

Posted by: Fred on June 27, 2006 09:48 AM
29. "A normal elections department would remove all personal identifiers before posting the data as public records on the web and on microfiche".

Balderdash. A normal elections department doesn't file public records, it administers elections and counts votes. King County's version 'counts' votes.

Read the laws which set up the requirements for the Recorders Office. They protect the public by ensuring that the entire document being recorded is plain for all to see, permanently. If any part is 'redacted', that could lead to endless special pleas to treat other parts the same way. Then what's the point of public records at all?

The Recorders Office has done exactly what it should have. The parties who should bear the blame for any hijacking of SSNs are those that require them to be placed on any document which will be publicly recorded. And a certain amount of that blame goes to anyone so naive or uninformed or stupid as to furnish their own SSN for such a document.

It would be in the public interest for King County to enact legislation which at least requires those whose SSNs are on such documents sign a waiver stating that they understand the consequences of making them a public record.

Posted by: Hank Bradley on June 27, 2006 10:12 AM
30. So Hank, let me understand. You want to get a mortgage. The bank requires your SSN to make a credit check to find if you are creditworthy. The County records the transaction, and you are required to have your info public IF you want a mortgage.

Do you really find this practical?

It amazes me how government making personnal information readily available for all to see is not an invasion of privacy, but seeing what phone number calls what phone number is 'beyond comprehension' for liberals. Again, the complaint seems to be partisan.

Posted by: Fred on June 27, 2006 10:24 AM
31. Luckily I live in Thurston County (recorders office is run by a Republican) and the way they have it listed on line is smart. You cant even print any of the documents off from the internet. You actually have to submit a request for the document and the actual document is not even shown online, just basic info about what the document is and the names of all partys involved.

Posted by: TrueSoldier on June 27, 2006 10:57 AM
32. Well Fred, see if you can understand this: the information required by the Bank may include your SSN for the Bank to grant you credit. Once it has done so, there's absolutely no reason for that number to appear on a Deed of Trust - that number is between you and the bank, in confidence, period. Leave the public out of it - your notarized signature is sufficient evidence to the public of who you are.

Posted by: Hank Bradley on June 27, 2006 12:37 PM
33. Update:

I submitted the form Wednesday night, via email, to have 4 public documents removed from the county's REALS website. One had my wife's and my Social Security number. All 4 had information of both of us I wanted off-line. Today the county apparently removed only the one with the Social Security numbers. They also did it without any acknowledgement or notification. And I might add, with no information on the form except my name, address and records numbers. Looks to me like another half-ass county process that has opened another door for anyone to get into the Records Department and get, then remove documents so the record owners never know that they had their information exposed and stolen.

Question...

While I can understand the legal requirement to make public records available, is there a law that requires them to be made available on-line?

If not, I find it infuriating that a citizen cannot demand that his records be kept off-line. If they must be made available, then make anyone who needs them go to the county and look them up. But to make it so easy to obtain information like signatures, addresses, and anything else on these forms in a matter of minutes is absurd.

...unless of course the system has been designed to assist identity theft and voter fraud.

Posted by: MJC on June 29, 2006 11:22 PM
Post a comment
Name:


Email Address:


URL:


Comments:


Remember info?