HarCo2ANewb
Subibro
+100
To whomever it was who blew this whistle, I thank you deeply and pray we never find out who you are.
MSI UPDATE
- Thread starter occbrian
- Start date
The #1 community for Gun Owners of the Northeast
Member Benefits:
No ad networks! Discuss all aspects of firearm ownership Discuss anti-gun legislation Buy, sell, and trade in the classified section Chat with Local gun shops, ranges, trainers & other businesses Discover free outdoor shooting areas View up to date on firearm-related events Share photos & video with other members ...and so much more!
Member Benefits:
+100
To whomever it was who blew this whistle, I thank you deeply and pray we never find out who you are.
- Oct 25, 2012
- 3,364
Miss Lead
Member
I know there are several attorneys here so please correct me if I'm mistaken, but anyone recall years ago when you could get into MD Judiciary Case Search and if someone from the District of Columbia had the unfortunate circumstance to get a traffic ticket here in MD, their driver's license number was displayed. DC at the time used an individual's SSN as their driver's license number.
When I worked for attorneys we would routinely include SSNs on wage garnishments and bank levies because the employer or the bank required it in order to identify the individual.
The Maryland Courts changed all that and we were no longer allowed to file ANY document that had a SSN included because those documents were public record, available to anyone. I believe there was also a software change so that the SSNs were redacted on the MJCS system.
It's been awhile since I've viewed a criminal intake sheet, but as I recall, even THAT doesn't include a SSN.
Given that the MD Court system has such stringent restrictions on the use and/or submission of an individual's SSN, my hope is that they will take a dim view of this administration's shenanigans.
When I worked for attorneys we would routinely include SSNs on wage garnishments and bank levies because the employer or the bank required it in order to identify the individual.
The Maryland Courts changed all that and we were no longer allowed to file ANY document that had a SSN included because those documents were public record, available to anyone. I believe there was also a software change so that the SSNs were redacted on the MJCS system.
It's been awhile since I've viewed a criminal intake sheet, but as I recall, even THAT doesn't include a SSN.
Given that the MD Court system has such stringent restrictions on the use and/or submission of an individual's SSN, my hope is that they will take a dim view of this administration's shenanigans.
pilotguy299
Ultimate Member
From the limited information available, it appears that this is a violation of the State of Maryland's Information Security Policy:
http://doit.maryland.gov/Publications/DoITSecurityPolicy.pdf
Specifically:
SECTION 7
Technical Level Controls 7.0 Access Control Requirements
...
All remote access connections that utilize a shared infrastructure, such as the Internet, must utilize some form of encryption for transmission of data and authentication information.
...
7.1 Audit & Accountability Control Requirement
...
Audit logs must be enabled for tracking activities taking place on the system. Application and system auditing must be enabled to the extent necessary to capture access, modification, deletion and movement of critical/confidential information by each unique user.
...
7.2 Identification & Authorization Control Requirements
...
Information systems must be configured to uniquely identify users, devices, and processes via the assignment of unique user accounts and validate users (or processes acting on behalf of users) using standard authentication methods such as passwords, tokens, smart cards, or biometrics.
....
And other requirements of the State of Maryland's Official IT policy.
This is a serious breech of any reasonable protocol for handling personally identifiable information, especially in lieu of the fact that it includes information the maryland state police is not legally able to require (social security numbers).
I am outraged that the State of Maryland appears to have failed to adhere by their own standards for handling personally identifiable information, and that the action of the State may contribute to the identity theft of several hundred thousand current and former residents of Maryland. The willful disregard for the established IT policy, and for privacy of applicants, borders on committing misconduct in office, by the officials sworn to protect the residents of the state.
http://doit.maryland.gov/Publications/DoITSecurityPolicy.pdf
Specifically:
SECTION 7
Technical Level Controls 7.0 Access Control Requirements
...
All remote access connections that utilize a shared infrastructure, such as the Internet, must utilize some form of encryption for transmission of data and authentication information.
...
7.1 Audit & Accountability Control Requirement
...
Audit logs must be enabled for tracking activities taking place on the system. Application and system auditing must be enabled to the extent necessary to capture access, modification, deletion and movement of critical/confidential information by each unique user.
...
7.2 Identification & Authorization Control Requirements
...
Information systems must be configured to uniquely identify users, devices, and processes via the assignment of unique user accounts and validate users (or processes acting on behalf of users) using standard authentication methods such as passwords, tokens, smart cards, or biometrics.
....
And other requirements of the State of Maryland's Official IT policy.
This is a serious breech of any reasonable protocol for handling personally identifiable information, especially in lieu of the fact that it includes information the maryland state police is not legally able to require (social security numbers).
I am outraged that the State of Maryland appears to have failed to adhere by their own standards for handling personally identifiable information, and that the action of the State may contribute to the identity theft of several hundred thousand current and former residents of Maryland. The willful disregard for the established IT policy, and for privacy of applicants, borders on committing misconduct in office, by the officials sworn to protect the residents of the state.
HoCoShooter
Ultimate Member
Mr H
Banana'd
good find, pilotguy
thanks
thanks
Does not apply to state agencies.
csanc123
Ultimate Member
Ughh..was hoping that wasn't the case (although there are other issues that can be highlighted)
Ya... me too. If you follow the link and go 1 step back and click on "definitions" it clearly states that it doesn't apply to state agencies.
ugh.
It's simple, someone has to PAY for the incompetence. O'Malley ordered it, and Gansler didn't stop it.
This is clearly illegal and an abuse of authority.
Sign me up as a party to any legal action - I'm game.
browning guy
SCRUFFY NERF HERDER
Mr H
Banana'd
Benanov
PM Bomber
As I said there: Horse. Barn Door. Shut.
And it still doesn't help with the fact that there's no audit trail because of shared logins. All this does is keep the public away from this particular URL. This is one of many defenses they needed to enact beforehand, but they HAD TO GO LIVE ON A FRIDAY...
Idiots. Sue them all.
I am waiting on 2 ND's. Fortunately I got on time release. I guess I qualify for any legal antics.
buzzsaw
Ultimate Member
I have four in the pipes. I'm game on a lawsuit, although it will only be a few bucks for the next month while my wife gets back into the workforce.
It's very real. Lifelock is pointless. It only monitors for fraud and does nothing to correct any damage done unless you prove to them, most likely in court on your dime, that the damage was due to a "defect in their service". It is spelled out in their terms of service. You should contact Experian, Equifax, and Transunion immediately to put a credit freeze on your credit reports. Beware of the fraud alert option because it expires every 90 days and technically is only valid if you demonstrate fraud with documentation (i.e. police report). You should also buy identity theft insurance, not to be confused with credit monitoring services, so that somebody else takes care of and pays for repairing your identity records and credit reports if your identity is stolen.
Mr H
Banana'd
If anything hits Lifelock, it's potential evidence in a lawsuit.
In my case, I've never had any issues, but for one CC problem almost 10 years ago. We are very careful.
So, if I get a hit, I can be assured with HIGH confidence it'd be because of this.
In my case, I've never had any issues, but for one CC problem almost 10 years ago. We are very careful.
So, if I get a hit, I can be assured with HIGH confidence it'd be because of this.
Users who are viewing this thread
Latest posts
Forum statistics
Latest threads
-
Timonium Gun Show April 27-28 (Timonium Fairgrounds Exhibition Hall) (1 Viewer)
- Started by joro55
- Replies: 0
-
-
-
-
-
Convicted For Building Guns; Judge says, “Do not bring the Second Amendment into this courtroom” (1 Viewer)- Started by Harrys
- Replies: 1
-
