From the WSJ Online Journal

REAL TIME
By JASON FRY

When Public Records Are Too Public
Open Records Are an Established Tradition,But Does Internet Access Call for a Change?
June 25, 2007

The Web wasn't created to appeal to our sense of voyeurism. It just feels that way sometimes.
I'm not talking about dirty pictures, but the ability the Web's given all of us to snoop on our friends, colleagues and neighbors, from Googling the new guy in the next cube to finding out what the people next door paid for their house to seeing which neighbors have given money to which candidates and parties.

Such behavior runs the gamut from generally acceptable nosiness (we're a nation of self-Googlers, after all) to mildly gauche (in New York City discussing what apartments cost is practically a sport) to creepy (keep your nose out of my politics). As with all questions about Internet privacy and personal information, there are generational differences at work -- if you came of age blogging and being Googled, someone seeing you gave $100 to MoveOn.org might not be the biggest deal. (I wrote about different generations' attitudes toward personal information online earlier this month.)

But then there's another set of personal details that have made their way online, and these documents are much more worrisome. Property deeds, marriage and divorce records, court files, motor-vehicle information and tax documents are increasingly being digitized, and contain a wealth of information that few of us would want online: Social Security numbers, birth dates, maiden names and images of our signatures. Local governments have rushed to put those documents online for a decade or so, often without scrubbing them of such information. And that's made them potentially fertile ground for busybodies, stalkers and identity thieves.

Betty "BJ" Ostergren, a 58-year-old from outside Richmond, Va., has made it her mission to alert people to the dangers of public records online. Ms. Ostergren is feisty bordering on ferocious: Her tactics include mailing letters to people alerting them that their personal information is online and posting copies of public documents (or links to them) displaying the personal information of circuit-court clerks and other politicians, including former House Majority Leader Tom DeLay and Florida Gov. Jeb Bush. (See her Web site, the Virginia Watchdog, here; this Washington Post profile of her is also a good read.)

Long a local activist, Ms. Ostergren began her crusade in the summer of 2002, when a title examiner called to tell her that public records from her home county of Hanover would be put online within a few weeks. Ms. Ostergren says she objected to the fact that her signature would be online -- not to mention other people's Social Security numbers. She confronted her county's circuit-court clerk and began a telephone campaign.

"People were livid," she says, adding with satisfaction: "Our records in this county did not go online." Since then, her campaign has grown to include the entire U.S. -- Ms. Ostergren moves easily from a discussion of Franklin County, Ohio's decision to remove images of mortgage records to what she sees as Florida's lack of progress and Maricopa County, Ariz.'s troubles.
An important note: The records being put online are public, and available – sensitive information and all -- to anyone who goes down to the courthouse or county seat. And many of them have already been compiled and digitized by data warehouses, who often make them available to marketers and real-estate professionals. Open records are a longstanding American tradition; so too is a hold-your-nose acceptance that commercial entities will try to make a profit by exploiting that openness.

But at the same time, it's too simplistic to say that just because records are available by going to a government building and talking to a clerk, we shouldn't worry that they're now available through some Web sleuthing. Sometimes a difference of degree is so significant that it may as well be a difference of kind: Foes of the recording industry rightly note that people have always stolen music by taping it for their friends, but it's risible to compare the potential effect of running off some cassette copies of an album to that of making a digital copy of that album available for the taking online.

Similarly, it takes a pretty determined busybody or thief to visit the courthouse, and the law has acknowledged this, noting the "practical obscurity" of such records. The Web may not change the status of public records, but it means the end of practical obscurity, enabling drive-by voyeurism for the bored or petty – or identity thieves in the cybercafes of, say, Nigeria or Romania.

How did Social Security numbers and other sensitive information wind up online? Blame a collision between our enthusiasm for technology and our failure to appreciate its consequences. In the last decade, states and local governments rushed to put documents online, eager to appear progressive and make government more efficient. But the momentum of that effort got ahead of our ability to sort out what might happen. In particular, we underestimated the borderline-spooky power of search to find needles in technological haystacks.

Now, the job is to clean up the mess. And there does seem to be progress: Counties are working to redact sensitive information from online records, and courts and government agencies are doing a better job keeping personal information off the Web in the first place.

Mark Monacelli is president of the Property Rights Industry Association, a trade group that's working toward developing national standards for accessing public property records, and the recorder for St. Louis County, Minn. Mr. Monacelli says PRIA has "worked very hard with lenders and [mortgage] settlement officers to not put Social Security numbers on mortgages." He adds that "we try, to the best of our ability, to create awareness of the issue and work with counties to be aware of who's looking at your information."

At the same time, Mr. Monacelli notes that there are reasons to put information about property records online. Quick access to such information offers a slew of economic benefits. Mr. Monacelli says that when he purchased his first home, the process from looking across the lender's desk to getting the title took about 90 days – an unacceptably glacial pace now. Technology has allowed us to obtain a new mortgage or refinance very quickly; without that speed, he argues, the recent real-estate boom wouldn't have existed. "Where would this economy be without it?" he asks.

There are other standards for handling personal information, of course. This Associated Press story documents Sweden's recent clampdown on ratsit.se, a site which offered financial details for free from the country's national tax authority. If you wanted to know how much your colleague made or if your neighbor was in debt, you could. That may seem amazing to Americans, but such openness is long-established in Swedish society. Discussing his site, Ratsit's CEO told the AP's Louise Nordstrom that "a lot of people use it to negotiate their pay."
As in the U.S., it wasn't that Sweden was suddenly making documents that had been private public. Rather, it's that Ratsit did away with practical obscurity. Now, information is still available via the site, but it's no longer free: Ten requests a week cost $21. And anyone whose finances are viewed will be notified by mail and told who asked. (That new standard seems to go further than Americans might like: Imagine the chilling effects of such notification on investigative journalism or community activism.)
So what should we do?

"To me, if people want to see the records, let them go down to the courthouse -- that way you have to put forth some effort," Ms. Ostergren says, adding "I think there are too many people we have a responsibility to protect."

Robert Gellman, a Washington, D.C.-based privacy and information-policy consultant, thinks the digital era calls for states to reassess what records should be public, and what level of access should be allowed. But he defends the U.S.'s tradition of openness as a way of keeping the system honest.

"Property-tax records are available to other people for a good reason," he says, noting that if you see your house is assessed for more than your neighbor's -- or a similar house across town -- you can appeal. On the other hand, access to driver-license information is now largely limited to law-enforcement agencies and insurance companies -- the legacy of the 1989 murder of actress Rebecca Schaeffer, whose killer obtained her personal information through the Department of Motor Vehicles.

"There should be discussions about these things, and there's no absolute right or wrong answer here," Mr. Gellman says.

Mark McCreary, a lawyer with Philadelphia's Fox Rothschild LLP who specializes in Internet law, expects a long, slow grind as sensitive information is redacted from old documents and standards emerge for keeping such information off new documents – and are adopted by local governments.

"The solution is for all the counties to do it, for all the states to do it," Mr. McCreary says, adding that "you can't take a system in place for more than 100 years and expect it to be fixed overnight."

The fix won't be simple -- it will require agreement about what personal information should and shouldn't be available, which may or may not be the same as what should and shouldn't be available online. Perhaps sensitive information will be redacted online but available in person, or perhaps sensitive information will be restricted in all forms. Those standards ought to emerge side by side with a hard look at what personal information credit-reporting agencies and marketers have access to, and what they're allowed to do with it, and efforts to make identity theft harder – and easier to recover from. And there is no technological fix for identity theft – while our fears center on distant hackers stealing our identities, those with access to our trash or our homes will always be a much bigger threat.

Popular conceptions of the Web have been shaped by science-fiction visions of the Net as a virtual-reality analogue of the world, with humanity's wealth of information organized into a gleaming cyber-city of data. But what those visions elided was all the hard work of bringing that into existence. Imagine, instead, virtual acres of rubble, with shining towers emerging from mounds of information scattered all over the place without regard to how it should be organized, labeled or kept secure. Order will emerge, but don't expect it any time soon – and don't expect the process to be painless.