Much brouhaha has been generated recently about the Oklahoma Supreme Court’s decision to restrict Internet access to personal and private information, such as Social Security numbers, that can be found in many court documents. Great cries of indignation have been heard from FOI Oklahoma and the Oklahoma Press Association, who seem to think that it’s OK for identity thieves in Nigeria to view your Social Security and bank account numbers over the Internet, simply because they may be part of “public” court documents.
Truly good ideas often lie in between two extremes, and that may be the case with the new court rules. I couldn’t find a single online news account from any newspaper in the state that clearly listed and described what the new privacy rules actually were, so I went to the Oklahoma State Courts Network website (www.oscn.net, search for “2008 OK 23”) and read them for myself. Rather than taking my word for anything, I suggest that you do the same.
The new rules restrict access to information that can be exploited by identity thieves and other Internet crooks, referring to this information as “Personal Data Identifiers.” If they must be included in a pleading or other court document, only the last four digits of Social Security, Tax Identification and financial account numbers may be used. Only the initials of minor children may be used, or they can be referred to as “Child A,” “Doe 1,” etc. Only the year of a person’s date of birth is allowed, and home addresses can only refer to a city and state. I think that these are good rules. If employers and human resources departments need more information about potential employees, the Oklahoma State Bureau of Investigation will be happy to oblige.
Filers of court documents are also encouraged, but not required, to omit or partially redact “other sensitive information,” such as driver’s license numbers, medical records, treatment and diagnosis records, employment history, individual financial information, proprietary or trade secret information, information regarding an individual’s cooperation with the government, information regarding the victim of criminal activity, and national security information.
The last item in the list of new rules is the real kicker, as it restricts Internet access to court records. While complete court records and documents may still be viewed at the courthouse, the new rules state that court officials “are directed to immediately limit Internet public access to court dockets only. The individual pleadings and other recorded documents filed of record in state court actions shall not be publicly displayed on the Internet.” This rule has many journalists and open-government advocates (of which, I am one) hoppin’ mad, even though the “immediate” impact of the rule won’t occur until the new rules actually go into effect, which is not until June 10. What this means is a lot more legwork by journalists and other investigators, as they will actually have to visit the courthouse in person in order to obtain certain documents. This also means that identity thieves will no longer be able to leisurely mouse-click their way into your personal life.
Joey Senat, past president of FOI Oklahoma, has been widely quoted as saying, “I think the court has mistaken personal for private, and those two aren’t necessarily the same thing.” Actually, I think that it’s Mr. Senat that has it backwards. Granted, the court rules may need some tweaking and fine-tuning to achieve the best results for all concerned. However, as someone who studies Internet and computer security for a living, I believe that the attitude displayed by the court is prudent and correct. I also think that 8.4 million U.S. adult identity fraud victims and $49.3 billion lost to identity thieves in 1997 alone makes it imperative that all government agencies, including court systems, do all that they can to protect the private information and personal lives of U.S. citizens.