remove SSN as a stock patron ident type

Bug #1566016 reported by Galen Charlton on 2016-04-04
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Evergreen
Medium
Unassigned
2.10
Undecided
Unassigned
2.9
Medium
Unassigned

Bug Description

It is not recommended that U.S. libraries collect and store Social Security numbers (SSNs), as an attacker who successfully compromises a library's patron database that contains SSNs would have access to enough data to perform identity theft. Consequently, the seed data should be updated to remove the SSN as a stock patron ident type.

Evergreen master

Galen Charlton (gmc) wrote :

At this point in time, it is arguably a bug (or at least a misfeature) that Evergreen tacitly supports storing patron SSNs, so I've set the bug targets accordingly.

Changed in evergreen:
milestone: none → 2.10.2
importance: Undecided → Medium
Galen Charlton (gmc) wrote :

A patch is available at the tip of the user/gmcharlt/lp1566016_remove_ssn_ident_type branch in the working/Evergreen repository:

http://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/gmcharlt/lp1566016_remove_ssn_ident_type

The patch does not attempt to remove the SSN ident type from existing databases, but if folks want that, it would be easy to write an SQL update to removes that ident type if it is not in use.

tags: added: pullrequest
Changed in evergreen:
milestone: 2.10.2 → 2.10.3
Changed in evergreen:
milestone: 2.10.3 → 2.10.4
Sam Link (sam-link) wrote :

I'm going to mark this as confirmed, since it is definite that patron SSNs are stored if provided as identification. The default in PINES is Driver's License, but SSN is still provided as an option, and SSNs still exist in the system.

Hi Sam,

The bug is really more for the stock install than for existing systems.
Galen's patch will fix that. (I can test it and sign off if we need a sign
off, it's a straight forward patch.) But, if PINES or another library has
it as an existing type that would have to be addressed in an upgrade
script, along with what to do with the values in there. That wouldn't be
difficult but I don't know if we want to go that road with existing data in
systems.

If a library wants to remove the SSN option and wipe that data from an
existing db though that's a very simple bit of sql to do.

On Wed, May 25, 2016 at 2:03 PM, Sam Link <email address hidden>
wrote:

> I'm going to mark this as confirmed, since it is definite that patron
> SSNs are stored if provided as identification. The default in PINES is
> Driver's License, but SSN is still provided as an option, and SSNs still
> exist in the system.
>
> ** Changed in: evergreen/2.9
> Status: New => Confirmed
>
> --
> You received this bug notification because you are subscribed to
> Evergreen.
> Matching subscriptions: evergreenbugs
> https://bugs.launchpad.net/bugs/1566016
>
> Title:
> remove SSN as a stock patron ident type
>
> Status in Evergreen:
> New
> Status in Evergreen 2.9 series:
> Confirmed
>
> Bug description:
> It is not recommended that U.S. libraries collect and store Social
> Security numbers (SSNs), as an attacker who successfully compromises a
> library's patron database that contains SSNs would have access to
> enough data to perform identity theft. Consequently, the seed data
> should be updated to remove the SSN as a stock patron ident type.
>
> Evergreen master
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/evergreen/+bug/1566016/+subscriptions
>

Changed in evergreen:
milestone: 2.10.4 → 2.10.5
Changed in evergreen:
assignee: nobody → Terran McCanna (tmccanna)
Terran McCanna (tmccanna) wrote :

I have tested this code and consent to signing off on it with my name, Terran McCanna, and my email address <email address hidden>.

Additional detail: I tested on a clean master 2.10 installation and checked through both the xul client and the web client. I looked at both a new patron registration and editing an existing patron account.

Changed in evergreen:
assignee: Terran McCanna (tmccanna) → nobody
Galen Charlton (gmc) on 2016-06-02
tags: added: signedoff
Kathy Lussier (klussier) wrote :

Thank you Galen and Terran. Signed off and pushed to master, 2.10 and 2.9.

Terran, I neglected to include your signoff in the master and 2.10 merges. Apologies for the oversight. I did catch my mistake in time to include it in the 2.9 merge.

Changed in evergreen:
status: New → Confirmed
status: Confirmed → Fix Committed
no longer affects: evergreen/master
Changed in evergreen:
milestone: 2.10.5 → 2.next
Changed in evergreen:
milestone: 2.next → 2.11-alpha
Changed in evergreen:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers