Last year I warned about the danger of lawyers allowing social security numbers to be filed in the courthouse (Client Privacy and the Courthouse File)…

One day the scandal will happen, and I want to make sure my clients don’t get caught up in it. The problem is simple: Our court files are open to the public and all manner of private information gets place into those files…

And yesterday, in the New York Law Journal, (no link) comes the story of Supreme Court Justice F. Dana Winslow of Nassau County refusing to sign subpoenas in a medical malpractice case because the social security numbers were on it.

In an interview with the NYLJ, the judge said that he gets papers with Social Security numbers on a weekly basis but this was “the first time I had a chance to do anything about it” because ordering the subpoena would have placed it in the public record.

The filing of Social Security numbers in federal court was banned locally many years ago and its been years since I changed this once-routine item in my own office. I’ve even made a habit of asking defense counsel, before the deposition starts, not to ask for the number on the record since the transcripts often get filed as part of motions. Most comply. Those that don’t are met with an objection, but they never fight it. Everyone understands that this works both ways. Defense counsel doesn’t want their own clients private information in the courthouse file either, and much can come out in deposition.

The state system, it appears, is finally getting around to dealing with the issue. The Office of Court Administration said they were “examining” the issue of social security numbers. How many years it will take to examine this oh-so-complex issue remains to be seen.

Updated: The decision is here: Ahamed v. CABS Nursing Home

Update: See below…this policy has now been reversed.

Federal courts around the country are now sending out notices to litigants about the dangers of a computer program called RECAP, which if downloaded will automatically take documents that you purchase from the court’s PACER system and place them into a free, publicly available database.

I wrote last week about the dangers of RECAP from a privacy perspective — with a vast, free, easily accessible data base of potentially private information. So if this is your first post on the subject you can get up to speed here: PACER Getting Easier for Thieves to Use via RECAP The Law.

Based on recent log posts from around the country, it now appears that at least three different federal courts have sent out alerts on the dangers of RECAP. The extent to which those dangers are legitimate, of course, has spurred discussion. Many think the courts simply want to preserve a revenue stream, as opposed to having bona fide security concerns. Some of those are linked below.

But before getting to those links, let me add a further explanation of my own concerns about privacy being violated by documents such as medical records being filed as part of routine motions. A medical record and a deposition transcript may be all a thief needs to steal an identity.

Federal rules prohibit filing personal information in FRCP 5.2. It’s main provision states that:

Unless the court orders otherwise, in an electronic or paper filing with the court that contains an individual’s social-security number, taxpayer-identification number, or birth date, the name of an individual known to be a minor, or a financial-account number, a party or nonparty making the filing may include only:

(1) the last four digits of the social-security number and taxpayer-identification number;

(2) the year of the individuals birth;

(3) the minors initials; and

(4) the last four digits of the financial-account number.

But how much attention is paid to the provision by practitioners? I know that when I take efforts to protect against this type of information being filed in state cases, I am often met with reactions of surprise. Most attorneys, it seems, aren’t even aware of the potential problems of filing so much private information, or are simply turning a blind eye to the potential problem. Social Security numbers and dates of birth, for example, are always demanded by defendants in Bills of Particulars (which expound upon the Complaint) that are always filed with the court.

While I stopped furnishing that type of information years ago in this format due to identity theft concerns, most have not. It’s critical, in my opinion, that the dangers of responding to such demands in publicly filed documents be broadcast loudly and often. Those who read blogs such as this and the ones listed below are light years ahead of most practicing attorneys.

The warnings from the courts take this format:

The court would like to make CM/ECF filers aware of certain security concerns relating to a software application or “plug-in” called RECAP, which was designed to enable the sharing of court documents on the Internet.

Once a user loads RECAP, documents that he or she subsequently accesses via PACER are automatically sent to a public Internet repository. Other RECAP/PACER users are then able to see whether documents are available from the Internet repository. At this time, RECAP does not appear to provide users with access to restricted or sealed documents.

Please be aware that RECAP is “open-source” software, which means it can be freely obtained by anyone with Internet access and could possibly be modified for benign or malicious purposes. This raises the possibility that the software could be used for facilitating unauthorized access to restricted or sealed documents. Accordingly, CM/ECF filers are reminded to be diligent about their computer security and document redaction practices to ensure that documents and sensitive information are not inadvertently shared or compromised.

The court and the Administrative Office of the U.S. Courts will continue to analyze the implications of RECAP or related-software and advise you of any ongoing or further concerns.

Paul Alan Levy (Public Citizen) discusses the above warning sent out to the Eastern District of Michigan:

In other words, the courts’ experts have not been able to find any present security concerns, but they want users to worry that “open source” software is more vulnerable to malign modifications. Be afraid. Be VERY afraid.

Beck/Herrmann (Drug and Device Law) indicate the notice went out to the District of Nebraska.

Patrick @ Popehat says the warning went out to the Eastern District of North Carolina.

Techdirt has a couple dozen comments on the open source software part of the warnings.

That’s three federal courts in very short order. Which is to say, expect an email from your own court very soon.
———————————————————————–
If anyone knows of more, send me the info in a comment or email me at: blog [at] TurkewitzLaw [dot] com and I’ll update this post.
———————————————————————–

On 8/25/09 Paul Alan Levy posted an update. He has received word that the federal courts “have no problem with counsel using RECAP.”

In comments, Beck/Herrmann reports the warning from the Western District of Pennsylvania.

Links to this post:

recap
if you spend any time on pacer, then you probably spend more money than you’d like while getting search results that you don’t need. enter recap. recap allows you to to get some of pacer for free. though it isn’t without its problems, …

posted by David M. Gottlieb @ August 30, 2009 2:56 PM

RECAP
If you spend any time on PACER, then you probably spend more money than you’d like while getting search results that you don’t need. Enter RECAP. RECAP allows you to to get some of PACER for free. Though it isn’t without its problems, …

posted by David M. Gottlieb, Esq. @ August 30, 2009 2:52 PM

privacy concerns raised about recap
okay, i am definitely late to the game on this one, but there has apparently been a lot of discussion and concern about the new recap system introduced by princeton university. because it costs 8 cents per page to download court …

posted by Dissent @ August 27, 2009 12:08 PM

recap redux
i wrote yesterday about recap, an exciting project to collect documents from pacer and serve them up for free to the public, through a firefox extension. at about that same time, a small controversy over recap began brewing. …

posted by The Complex Litigator @ August 26, 2009 2:52 AM

PACER is the federal court’s system for electronic filing (Public Access to Court Electronic Records). And it is now getting easier and cheaper to access tons of filed documents with a new tool from the do-gooders at Princeton University. And this will, in turn, open up new windows of opportunity for thieves to steal data and identities from court files.

Currently, one method of dissuading thieves is the 8 cents per page charge that PACER charges. While that is little more than chicken feed for most cases, the money would add up quickly for thieves trying to download court files in bulk and then go hunting for data and identities to swipe. When you think about it, most every deposition contains tons of background information on people, and that says nothing about the numerous other filings that could contain additional valuable data. I wrote about this last month in Client Privacy and the Courthouse File:

Those records may contain social security numbers, birth dates and places, maiden names, kids names, schools attended, and the answer to almost any other type of “security” question that people ask in order to verify identities.

But as Carolyn Elefant writes at Legal Blog Watch, the times they are a changin’ as The Center for Information Technology Policy at Princeton University has started its RECAP the Law project. “RECAP” is PACER spelled backwards, and it seeks to “recapture” the law. It does this by a little Firefox program that adds every downloaded (and paid for) document to an online repository, making it easier (and free) for others to access data. RECAP describes itself like this:

RECAP is an extension (or “add on”) for the Firefox web browser that improves the PACER experience while helping PACER users build a free and open repository of public court records. RECAP users automatically donate the documents they purchase from PACER into a public repository hosted by the Internet Archive. And RECAP saves users money by alerting them when a document they are searching for is already available from this repository. RECAP also makes other enhancements to the PACER experience, including more user-friendly file names.

Elefant is a fan of the system, as are others. With PACER, you need the name of the case in order to obtain a document, throwing an extra hurdle in the way of searching for information. RECAP allows for word searches, thereby opening it up wide to go record hunting. RECAP is easier and cheaper. (Update: According to comments, the Google search feature is now disabled for this very reason.)

With so many people in favor of this new system to access the court files (see links below), I’m left to play the curmudgeon and give the concept of easy access a big thumbs down.

Now I’m not against this based on any issue of legality. Court files are public records, after all. The hurdles in obtaining records had both a pro and con. The easier they are to access, the better for lawyers and litigants. But it’s also easier for the criminal element.

So consider this post a big, fat yellow caution banner about what types of information gets filed. A simple hospital or doctor’s office record that is annexed to a routine discovery motion, for example, may be all a thief needs to steal an identity.

While those that deal with public policy issues may rejoice in the easy worldwide availability of information filed in my local courthouse, the lawyer in the trenches had damn well proceed with even more caution than before for every paper and exhibit that gets filed. Ease of use is generally lauded by all. But the failure to recognize its downside could result in significant damage to a client.

See also:

• The Blogosphere Weighs in on RECAP (RECAP the Law)

• Law Professors, Librarians, and Think Tankers Praise RECAP (Recap)

• Use RECAP To Bypass Court Document PACER Paywall (TechCrunch)

• Firefox Plugin Liberates Paywalled Court Records (Slashdot)

• Firefox extension liberates US court docs from paywall (ars technica)

• Firefox Plug-In Frees Court Records, Threatens Judiciary Profits (Threat Level @ Wired)

• Recap The Law: Getting Public Legal Data Back To The Public (Techdirt):
  

  “this is a fantastic idea that hopefully will help to open up public domain court information that has been locked behind PACER’s paywalls for too long.”

• Opening Up the Federal Court System, One Filing at a Time (Citizen Media Law Project)

Links to this post:

privacy concerns raised about recap
okay, i am definitely late to the game on this one, but there has apparently been a lot of discussion and concern about the new recap system introduced by princeton university. because it costs 8 cents per page to download court …

posted by Dissent @ August 27, 2009 12:08 PM

information should be free, unless you’re already paying for it
quoted text of an email i just received from the clerk of the united states district court for eastern north carolina: the court would like to make cm/ecf filers aware of certain security concerns relating to a software application or …

posted by Patrick @ August 24, 2009 5:45 PM

federal court using scare tactics to block sharing of public records
it appears that the us courts, concerned about competition from software that offers the possibility of widespread free access to documents filed on federal judicial dockets, for which the public would otherwise have to pay the courts …

posted by Paul Levy @ August 21, 2009 6:30 PM

Yesterday I wrote about privacy in the context of client information disclosed in public court files. Today is a guest blog on the related issue of lawyer information, specifically our Social Security Numbers, being collected by New York’s Office of Court Administration. Do the courts have any legal authority to collect those numbers from us?

This article was first published in the June issue of Suffolk Lawyer (pp 25, 31) and is presented here by the author, Stephen Kruger for wider distribution.

Abstract

Upon biennial registration, a New York lawyer is to disclose his social-security number to the New York Office of Court Administration. There is no legal basis for disclosure. The disclosure requirement is ultra vires.

Also, the OCA fails to provide a proper Privacy Act notice. The disclosure requirement is unenforceable.

Judiciary Law 468-b should not be amended to permit collection of SSNs by the OCA for attorney-registration purposes. SSNs were transformed into de-facto national-identity numbers. Though use of SSNs abounds, one more permissible collection of SSNs is a big deal. Liberty is lost in increments; liberty must be regained in increments. Since March 4, 1933, liberty has been entirely lost. A start to restoration of liberty must be made somewhere. Refusal of use of SSNs for attorney registration is a good place to start.

Article

Upon biennial registration, a New York lawyer is to disclose his social-security number to the New York Office of Court Administration. 22 N.Y.C.R.R. 118.1(e). There is no legal basis for disclosure.

It is “the policy of the United States” that, in the administration of state or local taxes, welfare, driver licenses, or motor-vehicle registrations, a state or local government “may . . . utilize” SSNs “for the purpose of establishing the identification of individuals affected by such law[.]” 42 U.S.C. 405(c)(2)(C)(i). A statement of a policy is not authority for a lawyer-financed client-compensation account to act, any more than a sense-of-the-Congress resolution is authority for a United States agency to act.

It is an open question, in any event, whether the $350 paid for biennial registration is a tax under New York law. The OCA describes the $350 payment as a fee.

New York Judiciary Law 468-a, the subject of which is biennial registration of attorneys, doesn’t mention SSNs at all. Disclosure of SSNs was instituted unilaterally by the OCA.

Absent a United States law which authorizes the OCA to require disclosures by lawyers of SSNs, and absent a New York law which permits the OCA to require disclosures by lawyers of their SSNs, the disclosure requirement of the OCA is ultra vires, and void.

Moreover, the OCA fails to provide a proper Privacy Act notice.

There is an uncodified provision of the Privacy Act (Pub. L. No. 93-579, Sect. 7, note to 5 U.S.C. Sect. 552a), Sect 7(a)(1) of which states that no one is required to disclose an SSN to a governmental agency, and no one may be penalized for not disclosing an SSN, unless the prescribed notice is given by the governmental agency.

Section 7(b) of the uncodified provision prescribes that a notice is to set forth whether disclosure is mandatory or is voluntary, the statutory or other authority for disclosure, and the uses which will be made of the disclosed SSN.

The Sect. 7(b) notice provided by the OCA is, “Social Security numbers are required in order to administer the collection of revenue obtained from attorney registration fees. 42 U.S.C. 405(c)(2)(C)(i). Social Security numbers will not be made public.

Inexplicably, the OCA notice does not track the form and language of Privacy Act 7(b). There are as well substantive deficiencies with the OCA notice.

The OCA asserts, in its Privacy Act 7(b) notice, that SSNs “are required in order to administer the collection of revenue obtained from attorney registration fees.” Administration is not the statutory rationale for collecting SSNs, and neither is collection of revenue. 42 U.S.C. 405(c)(2)(C)(i) specifies that, in the administration of laws such as tax laws, SSNs are for “establishing the identification of individuals affected by such law[.]”

There is no assertion by the OCA, in its Privacy Act 7(b) notice, that SSNs are used by the OCA for the purpose of identification of lawyers, because that assertion would be baseless. It is the province of the Appellate Division, not of the OCA, to identify lawyers. The Appellate Division informs the OCA who is a lawyer, by reference to the roll of attorneys maintained by each department of the Appellate Division.

The OCA keeps track of lawyers by assigning a number to each lawyer. An OCA number is not a Bar number. Rather, an OCA number is for internal record-keeping by the OCA. “Q: What is my New York Bar number?,” available at http://www.courts.state.ny.us/attorneys.

SSNs are extraneous to OCA administration. Use by the OCA, in its Privacy Act 7(b) notice, of “in order to administer the collection of revenue obtained from attorney registration fees[,]” is misleading.

The OCA states, in its Privacy Act 7(b) notice, “Social Security numbers will not be made public.” That statement, which is in the negative, does not meet the Privacy Act requirement that a Sect. 7(b) notice set forth the uses which will be made of disclosed SSNs. It is likely that the OCA allows use of collected SSNs for criminal matters, such as investigation, and allows use of collected SSNs for civil matters, such as obtaining overdue child-support payments.

Absent a sufficient Privacy Act 7(b) notice by the OCA, the requirement that a lawyer disclose his SSN is unenforceable.

Should Judiciary Law 468-b be amended to permit collection of SSNs by the OCA for attorney-registration purposes? Seemingly, one more permissible collection of SSNs is not a big deal, inasmuch as there is a socialist, authoritarian regime in Albany, the little brother of the socialist, authoritarian regime in the District of Columbia. Those regimes transformed SSNs into de-facto national-identity numbers.

Moreover, involvements by governments in the economy are indistinguishable from five-year plans. Taxes are confiscatory. Fee simple notwithstanding, a bureaucrat may order the transfer of real property from one private owner to another. There are thirty or more exceptions to the constitutional protection against searches and seizures. The constitutional protections against self-incrimination and against eminent domain are colanders. Everybody is fingerprinted for everything. Air passengers, like slaves, go beltless and shoeless. Men, women and children are strip-searched at the whims of TSA drones. Arrests are called “stops.” Preventive detention is lawful.

Yet, one more permissible collection of SSNs is a big deal. Liberty is lost in increments; liberty must be regained in increments. There’s a long way to go. Liberty, and limited government which preserves it, have been chipped and blasted and smithereened since March 4, 1933, to the point of nonexistence. Not even a decade will suffice to repair over seven decades of misdirection of New York law, and of manipulation of United States law, and of ruination of American life. Yet, a start must be made somewhere, and refusal of use of SSNs for attorney registration is as good as any other.