Governor Compromises the Privacy of Thousands of Maryland Gun Owners

[magnetic1]

I dont think the news outlets even got word about the "same login" thing (yet)....

 

[Mr H]

Do we know if the scanned 77R forms are only for backlogged forms, or can they search forms going back 2, 3 or more years?

This is getting more ridiculous each day.

There are confirmed records going back at least a year, but the source on that was checking their own information. We don't know haw far back it goes.

In any case, it's probably an exposure of tens of thousands of gun purchasers

 

[Shamr0ck]

Do we know if the scanned 77R forms are only for backlogged forms, or can they search forms going back 2, 3 or more years?

This is getting more ridiculous each day.

From the MSI presser last night, it says the database is searchable - what is unclear is the the date of the oldest record. I saw somewhere and can't locate it presently a comment/sentence that a record from 2012 was reportedly available to the folks performing data entry.

If this wasn't so serious, the ineptitude would almost be laughable....

I have still had NO LUCK getting responses to any email sent to the

senate.state.md.us

or

house.state.md.us

email servers, nor to messages left on the delegations Annapolis phones.

I have been tracking down local district contact information <-- I share this as the AGC tool sends to the official email address so if you are using that tool, the emails may not be seen.

Delegate Hough admitted that he gets so much email to his official address that it is very hard to separate the wheat from the chaff.

 

[Mr H]

I have emails in to some Delegates I know are regularly checking (one to their personal email), and am waiting for some additional information.

 

[Brooksy]

Has anyone made any PIA requests to the other agencies involved? Not sure if it would be duplicative of the ones sent to MSP, but it might be worth it to determine the number of personnel from each agency involved, how they were chosen to work on this data entry project, etc.

 

[CrazySanMan]

I just received this email from Delegate John Cluster, R-8

Dear Mr. CrazySanMan,

Thank you for contacting me about your concerns over the Maryland State Police enlisting outside assistance from other state agencies to enter data from the 77R forms slowing those outside agencies access to very personal information.

I with many of my colleagues have sent a letter to Colonel Marcus L. Brown, Superintendent of the Maryland State Police asking for an explanation of this action, if the personnel have undergone the appropriate security clearance to be handling sensitive personal information, if this information is being stored on any system other than the Maryland State Police systems, who will have future access to the information once it is entered, and who is responsible for destroying the information discs once the task is complete.

I understand that additional help is needed to clear the backlog of applications however, I strongly believe there is a correct way and a wrong way to accomplish the task of cleaning up the mess that was created when the new gun laws were passed during the 2013 legislative session. It appears the current administration has no regard for our constitutional rights or our right to keeping our personal information private if they did not follow the same precautions that are followed when an officer or staff member of the Maryland State Police are tasked to process the applications.

I have attached a copy of the letter that was sent for your review. I will also keep you updated when we receive a response to the questions that was asked in this letter.

Please do not hesitate contacting me again if you have any additional questions about this or any other issue.

Sincerely,
Delegate John Cluster, Jr.
410-841-3526
john.cluster@house.state.md.us

 

[Benanov]

I dont think the news outlets even got word about the "same login" thing (yet)....

Most lay folk don't understand why that's bad. News outlets would have to explain that.

My wife is both a programmer and a former journo. I think she could do a good job.

If a delegate has the link...man I'd love to kick the tires on that page - see if they didn't do something amazingly bone-headed like put the authentication in javascript client-side. Also would love to see if it's SQL injectable.

However I'll settle for letting a court-appointed expert do it, if you know what I mean.

 

[ironpony]

Nancy asks a good question, "who's going to investigate this?".
Probably a democrat? Balances and checks within the system seem to be gone.
We'll wait for more info.

 

[swinokur]

Who's gonna investigate?

Easy. MSP and MOM are gonna do it.

You know, like the State Dept investigated Benghazi.

 

[Mr H]

Who's gonna investigate?

Easy. MSP and MOM are gonna do it.

You know, like the State Dept investigated Benghazi.

or DOJ investigating F&F

IRS looking into tax-exempt org abuses

etc.......

 

[vector03]

...see if they didn't do something amazingly bone-headed like put the authentication in javascript client-side. Also would love to see if it's SQL injectable.

If they couldn't be bothered to apply a SSL cert, I'm SURE SQL injections would work. Hell, they probably don't have any idea what that is.

We're so screwed.

 

[Benanov]

If they couldn't be bothered to apply a SSL cert, I'm SURE SQL injections would work. Hell, they probably don't have any idea what that is.

We're so screwed.

I'm legally changing my name to Benjamin';drop table users;shutdown with nowait;--' Antonov.

 

[Patrick]

I'm legally changing my name to Benjamin';drop table users;shutdown with nowait;--' Antonov.

Not a problem. I got a backup when I changed my name to:

Patrick';select name, address, ssn from gun_owners ORDER BY biggest_collection;--'
​

I'll be seeing some of you soon...

 

[Boom Boom]

Who's gonna investigate?

Easy. MSP and MOM are gonna do it.

You know, like the State Dept investigated Benghazi.

Has to be FBI and ATF. DOJ is proven corrupt and worthless.

 

[Gambler]

Not a problem. I got a backup when I changed my name to:

Patrick';select name, address, ssn from gun_owners ORDER BY biggest_collection;--'
​

I'll be seeing some of you soon...

LOL, thanks for the laugh in the midst of this horror.

 

[buzzsaw]

Signed up for ID insurance.

 

[Miss Lead]

Martin Owe'Malley will be named Lifelock's Salesman of the Month.

He probably bought stock in it last Thursday.

 

[CuppyCakes]

If you have Facebook and want to screw with a libtard or two go here and hit the comments. https://www.facebook.com/wjlatv/posts/10151862545888734?comment_id=28939098&notif_t=like

Shirley Ann Adams could use some good comment beating.

As per usual, lol. You'll always be my cynical touchstone.

 

[Mr H]

Just blasted....

I see where the MSP site that was so exposed for the past 5-plus days has now had some token security added. I will assume this is due to the pressure being put on by members of the firearms community, assisted by some very diligent and hard-working members of the General Assembly, who actually believe in the Constitution, security, privacy, and the rule of Law.

I thank everyone fighting to end this debacle, but it is far from over. There are still many unanswered questions in this matter, and the severity of these breaches requires action.

- Who initiated this decision to enlist 200+ non-sworn employees to handle what, by law, is a MSP responsibility?

- Are these employees working within the state networks, or across the internet? And if across the internet, is it even a secure VPN?

- Whose decision was it to perform these functions in a completely UNSECURED manner?

- Why was the Security Certificate applied this morning, but had been valid since Oct. 2011?

- Why did it take over 5 days for the state to follow it's own IT regulations and standards, in violation of the State of Maryland's Information Security Policy (specifically Section 7)?

- How can the state give the impression that Social Security numbers on the 77R is mandatory, in violation of Federal Law (specifically, the Privacy Act of 1974)?

- Who is going to reimburse the potentially thousands of individuals who will now feel compelled to obtain identity and credit monitoring protection and insurance?

If this level of ineptitude is indicative of the rest of state government, then this state is in worse shape than we ever imagined.

But, I think that's not the case, and that we are dealing with a massive case of wanton disregard for the rights and privacy of Marylanders, as this relates to firearms ownership. A right that is a known target of the Governor, the Atty. General, and several key members of the Assembly. A target that, by all indications, they are willing to break laws and violate the Constitutions of both Maryland and the United States to achieve.

These violations must end, and hearings must be conducted to get to the bottom of this. Actions, up to and including the removal and prosecution of those involved, as high up as necessary, must be undertaken. When those hearings occur, be prepared for the public to be present, an whatever numbers we can arrange, as a show of unity.

I thank our friends in the Assembly with heartfelt gratitude, and encourage the rest to act to preserve the integrity of the state.

I will be forwarding this letter to the media.

 

[Gambler]

VERY well said!!!