On July 9, 2018, the portal that holds Freedom of Information Act request information was updated to a newer version which contained a glitch, exposing at least 80 full or partial social security numbers and other personal information, according to Tal Kopan for KIFI News. “It’s unknown how many individuals may have had information exposed in the glitch, and for how long. The transition to the new site occurred in mid-July, but older FOIA requests continue to be migrated to the new site,” KIFI reporter Tal Kopan said. CNN alerted the government to the glitch after discovering that the information of the searcher was exposed, including social security numbers and in some cases, birth dates and addresses.
Foaionline.gov is intended to house FOIA requests to government agencies through unambiguous access for the public. A bug in the new design revealed information about the requester of information, which is typically meant to be protected. Under the FOIA, one must submit a request for access to their own information. For one unfortunate victim of a violent crime, looking into their own case resulted in their personal information being exposed. Victims of identity fraud, ironically, revealed their social security numbers through this glitch, according to Kopan. “These sorts of data points allow people to engage in identity theft or some kind of harassment, or other malicious behavior,” O’Connor, president and CEO of the Center for Democracy and Technology, a tech-focused privacy and civil liberties advocacy group said. “It puts potentially already vulnerable people at greater risk.”
The government reassured the public that the glitch has been fixed and privacy through the FOIA portal has been restored. The Environmental Protection Agency provides the IT resources to upkeep the FOIA website. They have notified government agencies associated with the FOIA that private information may have been leaked, but each agency must handle the situation on a case-by-case basis. This means that any leaked information is regarded by the agency to be determined if the information shall remain public or not. The program fixes to the new version of the FOIA website are not a blanket fix-all for already exposed information and cannot properly mask any previously displayed information. This is an unsettling turn of events because the FOIA is intended to foster transparency in government, not to put the privacy of the public at risk.
“EPA will follow the Agency’s Breach procedures to evaluate the situation further and take the appropriate mitigation measures,” EPA spokesman John Konkus told CNN. Some FOIA requests encourage searchers to include as much private information as possible when searching for their own records. There is no disclaimer in FOIA request forms about the sensitivity of information, although a privacy notice linked to at the very bottom of the website does warn that “any personal information included in the comment form will be submitted to the Department or Agency to which your request is directed and may be publicly disclosed on FOIAonline or on third-party Web sites on the Internet.” Social security numbers are not typically exposed through any portal. How can finding information in turn expose the most private information about oneself? The internet has never been revered as a safe and benevolent resource of information. This unsetting glitch serves as a painful reminder of the old adage, “One can never be too careful.”