(UPDATED at 3:15 PM PDT with statement from Attorney General Rob Bonta’s office.)
In an attempt to “improve transparency and information sharing,” the California Attorney General’s office published a firearms data dashboard Monday. Yes, despite the fact that California’s state government isn’t interested in transparency in any other area, they spent tax dollars to get information on CCW permit issuance, Gun Violence Restraining Orders (GVROs), “assault” weapon registrations, and Dealer Record of Sales (DROS) out to the public. But the data was much too transparent, and included personally identifying information (PII) for all CCW holders, including judges, prosecutors, defense attorneys, and law enforcement officers, statewide, and could be downloaded by any user.
In addition, Firearms Safety Certificate (FSC) stats and Dealer Record of Sales (DROS) information accessible through the site contained some PII.
When RedState accessed the website Tuesday morning, the downloadable data no longer included the PII. Since the AG’s office has not responded to questions from journalists regarding the breach, we don’t yet know how many times the database was downloaded while it contained the PII.
A Redditor sounded the alarm:
Through a process that we will be not discussing, but is relatively easy and not even slightly hidden to do, you can access the names, addresses, and DOB’s of all CCW holders in the state of CA. That includes judges, reserve officers, and random people like you and me. They also released information on FSC stats which has DOB and ID/DL numbers, and a file that includes DROS information, which has DOB, race, gender, and which dealer a given gun was purchased at since at least 2012. As you can see, this is devastating to the privacy of gun owners. It’s fairly trivial to begin cross referencing data between these three documents to determine who owns what guns with decent accuracy, especially if they have a CCW that already says where they live.
Attorney Konstadinos Moros, who works on gun rights cases in California, reviewed video evidence showing the PII included in the database but did not publish that video for obvious reasons. Journalist Stephen Gutkowski writes:
The Reload reviewed a copy of the Lost Angeles County database and found 244 judge permits listed in the database. The files included the home addresses, full names, and dates of birth for all of them. The same was true for seven custodial officers, 63 people with a place of employment permit, and 420 reserve officers.
2,891 people in Los Angeles County with standard licenses also had their information compromised by the leak, though the database appears to include some duplicate entries as well. The databases with detailed information were initially available for download via a button on the website’s mapping feature. They appeared to have been removed from public access by Tuesday afternoon and replaced with spreadsheets without the individualized identifying information.
While CCW permit information is subject to public disclosure generally in California, PII for people who work in the criminal justice system can be withheld.
Here’s the only CCW info that can be (but isn’t necessarily required to be) withheld from public disclosure. Everything else is open to disclosure, including application docs, fingerprints, and copies of licenses. See Cal. Govt Code 6254(u) and Cal. Const. Art. I Sec. 3(b). pic.twitter.com/QSyl8pnKqP
— Firearms Policy Coalition (@gunpolicy) June 28, 2022
The code reads:
Except as provided in Sections 6254.7 and 6254.13, this chapter does not require the disclosure of any of the following records:
(u) (1) Information contained in applications for licenses to carry firearms issued pursuant to Section 26150, 26155, 26170, or 26215 of the Penal Code by the sheriff of a county or the chief or other head of a municipal police department that indicates when or where the applicant is vulnerable to attack or that concerns the applicant’s medical or psychological history or that of members of their family.
(2) The home address and telephone number of prosecutors, public defenders, peace officers, judges, court commissioners, and magistrates that are set forth in applications for licenses to carry firearms issued pursuant to Section 26150, 26155, 26170, or 26215 of the Penal Code by the sheriff of a county or the chief or other head of a municipal police department.
(3) The home address and telephone number of prosecutors, public defenders, peace officers, judges, court commissioners, and magistrates that are set forth in licenses to carry firearms issued pursuant to Section 26150, 26155, 26170, or 26215 of the Penal Code by the sheriff of a county or the chief or other head of a municipal police department.
As the tweet from Firearms Policy Coalition correctly notes, information from the CCW permit and/or license for other Californians, including fingerprint data, is subject to public disclosure – but it shouldn’t be, since we know that the information will be used to target and harass gun owners.
Interestingly, it seems that the databases relating to Gun Violence Restraining Orders did not include any PII.
This isn’t the first time that the California DOJ “accidentally” published personal data relating to gun owners. Back in 2016, under Attorney General Kamala Harris (seriously, she’s so full of fail), the entire list of firearms instructors in California, including name, date of birth, and California drivers license or ID number, was accidentally released in response to a Public Records Act request. At that time the state had to inform those whose information was compromised about the leak and offered 12 months of identity protection – and that leak contained less personal information than was included in the CCW database.
The leak comes just days after the Attorney General’s office was forced to issue a directive instructing CCW issuing authorities that they “should no longer require proof of good cause for the issuance of a public-carry license.”
BREAKING: California Attorney General says "effective immediately, issuing authorities should no longer require proof of good cause for the issuance of a public-carry license." pic.twitter.com/8GfQqXuvlJ
— Firearms Policy Coalition (@gunpolicy) June 25, 2022
RedState contacted the Attorney General’s press office with a list of questions about the leak, including what checks were in place to ensure that personal information was not included in the database files. There was no reply by press time.
UPDATE: The Attorney General’s Press Office responded to RedState’s inquiry:
We are investigating an exposure of individuals’ personal information connected to the DOJ Firearms Dashboard.
Any unauthorized release of personal information is unacceptable.
We are working swiftly to address this situation and will provide additional information as soon as possible.
Join the conversation as a VIP Member