The well-named Daily WTF has posted an article about Oklahoma’s online federally-required Sex Offender Registry.
But before we jump into that morass, let’s remember that our federal government wants the states to comply with the federal Real ID laws and put all your identifying information online for easier theft. It will all be in one big database. And they claim it will be Real Secure.
So back to the Daily WTF: Not all the sex offenders in the Sexual and Violent Offender Registry are child molesters. Sex offenders include teenagers who have sex with other teens, children who take nude photos of themselves, and people who urinate in public (this is Oklahoma, remember).
The OK database uses SQL Select statements in the URL. The database query used to display the page’s data is right there in your browser’s address bar: social security numbers, dates of birth, addresses, and the like, even if they weren’t actually displayed.
The intrepid reporter massaged the URL and got a page listing 10,597 records with names, SSANs, age, race, gender, address, city, state, ZIP, and county.
It turns out all employees of the prison system were also in the database, and the OK government didn’t fix the problem until the WTF reporter sent them a list of their own SSANs. Is there a message there?
And the federal government wants the states to put all our identifying information online to protect us from terrorists.
[A cartoon explaining the OK problem: http://xkcd.com/327/ ]
3 months ago