Journal News website exposed list of gun owners' addresses

January 21, 2013

A heatmap of the pistol permit locations in Westchester and Rockland counties, New York. Yellow indicates areas of high concentration, orange low. This image is CC-BY-SA Ben Keith, made using Toner and OpenStreetMap.

Google Fusion Tables exposes the information you put in it. This is a feature of the product, and one that The Journal News was apparently not aware of when they published the names and addresses of over 33,000 gun owners in New York.

When first published, The Journal News webpage claimed that "The maps do not allow you to input a person's name and search the entire geographical area for his/her location." That was technically true, the worst kind of true in this situation. With only a modicum of technical knowledge, anyone could search and download the lists.

What follows is only being published because The Journal News have removed the maps from their website. They've removed the databases and destroyed the maps. Unfortunately, the information has already been posted online in multiple places.

The list of names and addresses cannot be removed from the Internet now. It's too late for those 33,000 people. But news organizations can learn from The Journal News' mistakes.

Don't put sensitive information online

This should be inherently obvious. Once something is online, it can never be removed.

The Journal News received three tables of information from Rockland and Westchester county clerks. Westchester County returned a list of pistol permits; Rockland returned a list of active pistol permits and a list of inactive pistol permits. The Journal News dumped these lists into Google Fusion Table and used GFT's mapping tools to generate the maps on their website.

GFT makes the information public by default. There are options to disable access, but The Journal News didn't have them enabled at first.

The Rockland County Google Fusion Table, with addresses and names blurred out.

Alternatives ways to present this information

A heat map showing areas of high gun concentration, like the one shown at the head of this article. Heat maps show areas of relatively high gun ownership, and open up possibilities of comparison with gun crime rates in the area.
Pin points without addresses or names attached. If the street address translation was accurate, this could potentially be dangerous. While several New York addresses were placed in other states, and some even made their way across the Atlantic to England and the Netherlands, the majority of addresses were positioned correctly.

The heat map at the top of this article is merely one way of displaying the data without listing the addresses of the permit-holders.

Trying to fix the problem

I sent an email to The Journal News January 5 explaining the nature of their exposure:

Anyone who views the source code of your website maps page can see the code embedding the maps. Each map embed is itself a webpage. In the source code of each of those pages is a piece of JavaScript. In the source code of the JavaScript is a parameter 'from: "string"', where "string" is the ID of a Google Fusion Table document presumably created by you. These documents are publicly available.

These documents are searchable by name and address, using the "Filter" button.

These Google Fusion Tables can be downloaded as comma-separated-value spreadsheets and as KML files suitable for import into Google Maps or Google Earth. To do this, click on the "Map of" tab, then "File" and "Save".

Janet Hasson, president and publisher of The Journal News, replied:

I am having my team research and will respond tomorrow. Thank you for bringing this to my attention.

Hiding the dirt under the rug

On January 8, they changed the GFT interface slightly, setting the default view to hide the lists of names. They also disabled the download links, but I didn't receive a reply from Hasson.

I sent a follow-up email January 8, detailing how visitors could still search through the site:

Unfortunately, the Google Fusion Tables interface still presents a searchable interface of all lists. All someone must do is click the "+" button next to the "Rows 1" tab, then choose "Add row layout". This new tab, "Rows 2", is still searchable and filterable. This can be performed in all three maps' table interface.

The list of names and addresses remains available and searchable through the Google Fusion Tables interface.

Clicking the 'new tab' button showed a list of the data

A phone call

The Journal News called me on January 13. My follow-up emails on January 9 and 10 had pushed them past a tipping point.

The Journal News information technology representative on the phone was as concerned about the availability of the data as I was. Unfortunately, I couldn't offer him any specific information about how to secure the tables, other than removing the name and address fields from the tables, leaving only the latitude and longitude points generated by GFT.

They disabled public access to the GFT documents on or around January 17. Visitors received an error message saying they did "not have the permissions to view the requested table."

My guess is that they used the Google Maps API for Business to hide the tables while keeping the maps public.

But, the information was still public. As the Fusion Tables documentation reads:

However, if you embed a private table on a public website, you are allowing all users to access the data underlying the table through the FusionTablesLayer. It is possible for a user to manually click on each entity and record its details, just as they could 'screen scrape' any private database exposed by a public website.

The Journal News removed the maps sometime on January 18. They were replaced with static images of the default zoom level of the maps. The images remain online at the time of this writing. They don't reveal any information, just seas of points.

The data removed

In a statement issued January 18, Janet Hasson wrote:

Today The Journal News has removed the permit data from lohud.com. Our decision to do so is not a concession to critics that no value was served by the posting of the map in the first place. On the contrary, we’ve heard from too many grateful community members to consider our decision to post information contained in the public record to have been a mistake. Nor is our decision made because we were intimidated by those who threatened the safety of our staffers. We know our business is a controversial one, and we do not cower.

But the database has been public for 27 days and we believe those who wanted to view it have done so already. As well, with the passage of time, the data will become outdated and inaccurate.

Equally important, the legislature has weighed in on the issue and representatives of residents from across the state have said that some New Yorkers who hold gun permits should have the right to keep that information private.

It's too late to keep that information private. A post appeared on Pastebin on January 19 with links to copies of the Google Fusion Tables data.

A paste on Pastebin containing URLs to archived versions of the Google Fusion Tables data.

Their data will forever be public. The Journal News moves on, continuing to chase its stories. But the lives of 33,000 households have been changed forever.

Technical details

The Google Fusion Tables interface allowed the download of comma-separated-value and KML files for each of the maps. Multiple people have posted these files online, and I've emailed The Journal News about this.

The heatmap at the top of this article was generated from Active pistol permits in Rockland County.csv and Westchester pistol permits.csv, using Seth Golub's heatmap.py and Dotspotting's Toner Cartography by Stamen Design. The heatmap and a screenshot of the Toner map tiles were assembled using Google Earth. Toner is based on OpenStreetMaps data. The heatmap is available under a Creative Commons Attribution-ShareAlike 3.0 Unported license, should you want to use it.

Should you run across the files and want to verify their integrity, here are statistics about the files:

 md5sum:  
 176bdbd9119d2a2a82662d92f9e07b48  Active pistol permits in Rockland County.csv  
 7f9d1e4365f726a0763247831f38061c  Active pistol permits in Rockland County.kml  
 7618fdc59411053cf730536a091180d0  Inactive pistol permits in Rockland County.csv  
 513be1751cd9895f74fd8dd377a7cdf2  Inactive pistol permits in Rockland County.kml  
 af7d66fc0aa3a44049ffdf2b8ba28490  Westchester pistol permits.csv  
 5296e6d0db6053eeaa1284a77eaf8dfe  Westchester pistol permits.kml  

 wc:  
   lines    words    bytes  
    3908    27037   218048 Active pistol permits in Rockland County.csv  
   82066   167593  2022527 Active pistol permits in Rockland County.kml  
   12806   136444  1171748 Inactive pistol permits in Rockland County.csv  
  421716   897969  9973012 Inactive pistol permits in Rockland County.kml  
   16618   157189  1604650 Westchester pistol permits.csv  
  614846  1128731 12831330 Westchester pistol permits.kml  

Note that these statistics include the header of the CSV, something not included in at least one version circulating online.

The original embed code has since been pulled from the Lohud.com website.