*By Teo Morca
For HB 1143 and its ilk, I believe we can/should attack from a different angle than constitutionality: data privacy and security.
Any time there is a data collection requirement (e.g., to establish a gun owner registry), we should hammer on the data privacy and security aspect of the requirement. Even if a lawmaker is not swayed by constitutionality arguments or SCOTUS rulings, they generally know not to play games with consumers’ personally identifiable information (PII) data, as doing so can lead to severe penalties.
The data collection and warehousing aspect of HB 1143 and all of the similar bills the Democrats want to use to establish a searchable gun owner database through is very troubling. A large and highly skilled workforce is needed to custodially manage PII and other sensitive data (like the HIPAA data that gun owners ALSO are forced to waive their confidentiality rights to for most gun purchases in Washington state). Data custody is UNFORGIVING and can lead to extreme liability that no government agency can responsibly manage. This kind of data processing and security CANNOT be simply managed by an independent software vendor as the sponsors of this bill seem to believe will be able to simply build a data transfer portal for managing the data flows to and from FFLs and WSP or other agencies.
A close friend of mine works at well-known Washington state government agency and based upon her stories about how insecure their data handling practices are (e.g., still using dial-up connections alongside ancient computers and other outdated connections and legacy routing hardware), I have ZERO confidence in Washington state’s ability to keep this massive trove of terabytes after terabytes-worth of sensitive data secure.
As more states adopt stricter data privacy and security laws patterned after the EU’s General Data Protection Requirement (GDPR), which California already has done with its California Privacy Rights Act of 2020 (CPRA), we must understand that these regulations impose not only severe civil/financial penalties to data mishandling or failures to disclose an event or data breach, but also criminal penalties! Will the Democrats pushing for Washington state gun owner registry be willing to sign up to personal/individual criminal accountability as well as civil/financial liability in the event a Washington gun owner’s PHI is improperly accessed and the WSP fails to inform that gun owner within the strict notification timeframe?
Bear in mind that in California, AG Bonta’s office flippantly leaked the sensitive PHI of lawful gun owners/concealed carry permit holders from the “2022 Firearms Dashboard Portal,” which was supposed to “improve transparency and information sharing for firearms-related data,” including names, birth dates, gender, race, driver’s license numbers, addresses, and criminal history. Data from several other dashboards were also impacted, including an Assault Weapon Registry, Handguns Certified for Sale, Dealer Record of Sale, Firearm Certificate Safety, and Gun Violence Restraining Order dashboards. This represents an utterly appalling and unacceptable breach of custodial trust. Yet, the impacted gun owners likely had/have no recourse and AG Bonta’s office showed zero accountability other than a shoulder shrug.
California Gov. Newsom and AG Bonta also elected to make similar records of lawful gun owners available to the University of California system, which is populated by extreme anti-gun activist groups. This was done without any notice or consent of the gun owners, and is another absolute outrage, since any privacy-impacting event typically requires clear notice and consent.
As someone who works at one of the world’s most trusted data custodians and processors, I can say with a straight face that when the sponsors of HB 1143 explained the data collection and transfer portal that is required by this bill, I was horrified. Data privacy and security CANNOT be maintained casually ad hoc without constant, proactive attention and expertise. This is even more true with government agencies notorious for using inexpensive, low-bid, outmoded, obsolete hardware, and out-of-date personnel practices. In the world of data privacy and security, the very moment your hardware or best practices become outdated, a sophisticated state-level actor (China, Russia, Iran, North Korea) or a technically skilled activist hacker with the tools and cyber weapons of the criminal hacker trade from the Dark Web WILL breach your network and steal and expose or sell your data. This is not a question of IF, but WHEN. Washington state is not prepared to defend yet another new database or network of sensitive PHI against these threats. This represents extreme degrees of liability and also potential dangers to personal safety as unauthorized bad actors are able to gain access to not only personal addresses of any individual, but personal addresses of lawful gun owners. In this case, the state WILL become the enabler of potentially deadly criminal behavior like residential invasions and gun thefts.
Registries of firearms owners have historically been the first action of oppressive regimes, and could be used to confiscate firearms in the future. The Nazis versus Jewish Peoples of Europe, Maoist China, Australia, and the United Kingdom all used registration of firearms as a precursor to outright confiscation. This bill would be used as a stepping stone towards further restrictions on gun ownership, which is a violation of multiple constitutional and civil rights. History does not support the assertion that registering gun owner data is a legitimate or benevolent matter.
Convince me that Washington state government is prepared for this level of accountability and that lawful gun owners’ data will not be breached. This is an impossibility and MUST be taken as good reason to REJECT HB 1143 NOW.
We are working hard to fight for Washington
and conservative values.
WE NEED YOUR HELP!
Please consider becoming a member or making a
financial contribution today!