By Tiffany Donnelly
July 1 marked the one-year anniversary of the Americans for Prosperity v. Bonta ruling, the Supreme Court’s most important decision on the First Amendment right of association in over 60 years.
In the 6-3 decision, the Court held that a California rule requiring charities and other nonprofit organizations to submit an annual list of donors to state officials violated the First Amendment right to freedom of association. Organizations have the right to keep one’s memberships, affiliations, and financial support private.
Sadly, news reported shortly before the one-year anniversary last week provides a poignant reminder of the risks of donor exposure and the importance of donor privacy.
On June 28, The Reload reported that California gun owners’ personal, confidential identifying information had been exposed by the state Attorney General’s office:
The California Department of Justice’s 2022 Firearms Dashboard Portal went live on Monday with publicly-accessible files that include identifying information for those who have concealed carry permits. The leaked information includes the person’s full name, race, home address, date of birth, and date their permit was issued. The data also shows the type of permit issued, indicating if the permit holder is a member of law enforcement or a judge.
The Reload reviewed a copy of the Los Angeles County database and found 244 judge permits listed in the database. The files included the home addresses, full names, and dates of birth for all of them. The same was true for seven custodial officers, 63 people with a place of employment permit, and 420 reserve officers.
In a statement, the California Department of Justice admitted it exposed the personal information of “individuals who were granted or denied a concealed and carry weapons (CCW) permit between 2011-2021”, which apparently affects as many as hundreds of thousands of Californians. The state DOJ also admitted that the Assault Weapon Registry, Handguns Certified for Sale, Dealer Record of Sale, Firearm Certificate Safety and Gun Violence Restraining Order dashboards could have exposed confidential data.
Donor privacy advocates have seen similar unfortunate scenarios play out time and time again. State governments simply cannot be trusted to keep citizens’ personal information private.
In Americans for Prosperity Foundation, the district court made factual findings that leaks were commonplace and the State’s security protocols for maintaining the confidentiality of donor lists were “indefensible.” The petitioner in that case identified nearly 1,800 donor lists that California had inadvertently released online, including a copy of Planned Parenthood’s Schedule B that “included all the names and addresses of hundreds of donors.”
Prior to reaching the Supreme Court, a five-judge dissent from denial of rehearing en banc in the Ninth Circuit noted that “[a]lthough the state is required to keep [Schedule B] donor names private, the district court found that the state’s promise of confidentiality was illusory. The state’s database was vulnerable to hacking and scores of donor names were repeatedly released to the public, even up to the week before trial.” The dissent goes on:
The evidence produced at trial in this case provided…ample evidence of human error in the operation of the state’s system. State employees were shown to have an established history of disclosing confidential information inadvertently, usually by incorrectly uploading confidential documents to the state website such that they were publicly posted…
There was also substantial evidence that California’s computerized registry of charitable corporations was shown to be an open door for hackers. In preparation for trial, the plaintiff asked its expert to test the security of the registry. He was readily able to access every confidential document in the registry—more than 350,000 confidential documents—merely by changing a single digit at the end of the website’s URL. When the plaintiff alerted California to this vulnerability, its experts tried to fix this hole in its system. Yet when the expert used the exact same method the week before trial to test the registry, he was able to find 40 more Schedule Bs that should have been confidential.
Given this record, how could anyone be surprised that it happened again, this time with the private information of California gunowners?
The Concealed Coalition, a group that provides training nationwide for those seeking permits to carry concealed firearms, questioned the timing of the breach. The leak occurred less than a week after a controversial Supreme Court decision striking down New York’s system for concealed weapons permits.
Chris Picou, the coalition’s CEO, also expressed concern that those with concealed carry permits could be subject to workplace discrimination by anti-gun co-workers or employers.
“Now their information is exposed,” he told RealClearPolicy. “This is something that you can’t take back.”
As it did in AFPF, the state claims this data breach was inadvertent, but it’s hard to blame the group for wondering. It wouldn’t be the first time a government agency showed political bias.
Although California Attorney General Rob Bonta called for an internal investigation into the gunowner data breach, don’t hold your breath for justice.
One year later, no one has been punished.
Einstein is credited as saying, “Insanity is doing the same thing over and over and expecting different results.” Continuing to trust federal and state agencies to keep your information private? At this point, you’d be crazy.