Martyn Williams reports:
In addition to personal phone numbers and email addresses for hundreds of people who corresponded with him, there’s something else inside the cache of emails that Jeb Bush released this week: computer viruses.
Earlier this week, Bush, who some tip as a presidential hopeful, released thousands of emails from his time as governor of Florida, when he promoted his “[email protected]” email address as a way for voters to interact with him. The emails were released unredacted—a deliberate move intended to demonstrate transparency but one that backfired because the messages included the names, email addresses and phone numbers of thousands of people.
Alongside a Web interface to read the emails, Bush also offered raw Microsoft Outlook files, and it’s in those files where the viruses lurked in file attachments.
Read more on PC World.
So to review: the state was sending out all this material to any reporter or PAC who requested it under public records law, and then those recipients can upload this all to the Internet where others can also be put at risk?
I don’t recall ever seeing any case where a state’s response to a public records request resulted in the dissemination of viruses or malware, can you?
But while that is a tad concerning, I’m still more focused on the state’s failure to redact sensitive information from the records before releasing them to others. And despite trying to wade through Florida’s statutes and this summary, it is still not clear to me whether the state had an obligation to redact SSNs and other sensitive information from these records before releasing them. For my money, they should have, but can anyone point to an authority on that?
SSN in emails!? And even more weird, emails to the governor? His own SSN perhaps, but others?
Keep in mind that before 2006, the warning about emails being public records did not appear when people went to email the Governor. If they were reaching out to help with a problem, they might have included their SSN, if relevant/necessary.