"From 1971 to 1996, the U.S. Senate published, in the Congressional Record, the name and the full Social Security number of every military officer promoted. If the officer was senior enough, they printed their birth date as well just to make sure the wrong General Jones wasn't promoted. From 1997 until this year, they switched to only printing the last four digits of the Socials in a note to privacy. (We'll remind readers of the recent article by John Markoff in the New York Times that explained how you can usually guess the first 5 digits of a Social Security number, and since Congress provides the last four digits, you have one-stop shopping for identity theft). Public.Resource.Org learned of this situation when we copied all Government Printing Office (GPO) docs and put them on our server. A military officer wrote to me and said we had his social on our web site. We did a full scan on our archive, and it appeared that GPO forgot to redact two years of these numbers when they went on the Internet. We called their Inspector General, and they promptly put 50 people in a room and manually scanned every single page of the Congressional Record for those two years, performing the redaction of all SSNs. Of course, we immediately redacted our copies as well. But, after that we ran into a brick wall. On the Internet, there's a security rule: when you find a bug, you give the vendor a little time to fix it, but then you notify the public. The reason you do that is otherwise you know the bad guys will all know about the bug, but the good guys won't. So, we started calling around and sending email to get things fixed, and ran into a brick wall with the U.S. Congress Joint Committee on Printing. This is the joint committee that has oversight of GPO and would be in a position to fix things. The staff of JCP totally refused to do anything." - Steven Perez from Bookmarklet