It looks like this system applied security through obscurity, more or less, though.
I doubt it's the intention of the system to make all tickets "publicly visible" in this way.
I'm not sure we'll legal threats involved (who knows, hopefully not) but I suspect the city will be motivated to find some way to lock down the system to prevent this kind of enumeration attack on their database.
