In an incident underscoring the insecurity of many government records, the State Department revealed that at least four workers snooped into supposedly private passport files of all three presidential contenders. The breaches involved electronic files that contained personal information about Senators Barack Obama, Hillary …
At least it couldn't happen here ...
When we have our über-database for the ID system it's a good thing we can trust that none of our zillion government employees will ever look in it for politically-sensitive, or celebrity-sensitive, or racially-sensitive, or anything-elsely-sensitive stuff. I'm so glad I live in a free country.
...couldn't happen ...
If it was in the UK....
they would just wait fior the free CDs to be distributed.
The Ghandi Gambit Defense
The audit trail of access is sometimes more important than the actual information stored. It is also something that most organisations do not like to release.
If we really want to stop id systems, then if we all on mass request the audit trail of access to our records, it should make the economics of keeping a centralized id database unworkable, especially combined with repeated automated requests,
If unathorized access is found then we form a class action and sue for damages for all those affected. And I am fairly sure they will be a lot of it, curiosity is a problem with those tasked in keeping front of house, and who only require the minimal level of access.
They will probably try and instigate a charge system for the audit logs to minimize request, but this should also increase the damages awarded and once the first case is won, also make the argument for refund requests. Both the snooper (cracker) and those in charge of the miscreant should be personally fined, along with all those up the line.
All flagged problems to dev/null
"The snooping episodes were detected by an internal process inside the State Department's computer system that flags each time a high-profile person's records are viewed without a valid reason. Despite the system, senior department officials only learned of the breaches on Thursday after receiving an inquiry from a reporter at The Washington Times."
An Automatic System, which did Nothing?
And with the majority of American people not possessing a passport, would that be an act of defense against such, as such? - a Class Act, or Class Action lawSuit?
Are the records of high-profile persons kept more secret, as is suggested, if so, why? The BBC story on this, http://news.bbc.co.uk/1/hi/world/americas/7309165.stm
states that at least two contractors have been sacked over this. Will they be re-employed next month, or will more contractors from the same supplier take their place? Is is considered good practice to grant temporary workers access to a large database of personal information?
The BBC article continues:
"US passport files include data such as age and place of birth, foreign travel records, and a Social Security number.
That number can be used to obtain credit records and other personal information."
Is this an admission that passport numbers are commercially valuable? For we all know that credit card numbers are sold.
What information do British passport files contain?
... and only if you're a celebrity
And note too that as an added layer of security they only bother to flag access if it's a 'high profile' person. I'm sure that they'll do something similar with ID cards so that us mugs can rest easy in the knowledge that if we're not high profile then no one will bother to see who's accessing our data and you'll have no way to ask the government why that access occurred either either.
I take the avoidance of ID cards as an added incentive to finish my PhD on time and get the hell out.
What goes around, comes around
I would actually be perfectly happy to see all my personal details out in the public arena if the pay-off was that I had access to the same information for powerful politicians and billionaires etc and their friends and relatives.
This kind of action is easily defeated - they'll just change the data protection law to remove your right to do it.
The only way to defeat mass surveillance is to win the ideological debate - in a country where many subscribe to "nothing to hide, then nothing to worry about", there's still a lot of debating to be done.
Paris because we've all seen her personal details.
Fetish Computer Week are State Department experts?!
Does anyone else find a Fetish, um, Federal Computer Week quote completely out of place in this article?
This happened long before desktop computers or the Internet became popular. Watergate. Or at least, that's what it feels like. Regardless, where's the IT angle?
Removal of rights
The problem with that response is it starts to highlight the totalitarian nature of the system.
So, yes whilst there are always responses that one would wound them quite a bit in the ideological debate.
Having the right to see the access trail is the only way to ensure centralized data is not abused. Remove that right and one can immediately assume the data is being abused. I am not sure they would be that daft - but I wouldn't put it pass them.
The real solution is to have no centralized databases for personal data. Required split key access, and the right to store at a location of your own choosing is the answer as far as storage of personal information is concerned.
But making the current system unworkable with on mass requests would certainly drive the point home that people are opposed to centralized data storage of personal details. I think quite a few would even go as far as to welcome a revolution of sorts to sort out the current practices, it may beat being slowly boiled alive.
bribery and corruption
Every ID scheme is wide open to bribery and corruption of the people maintaining it. The cost of unauthorised access to the data isn't the cost of hacking the system but the cost of bribing someone.
If you really want a scare, remember that BAA is proposing to fingerprint EVERYBODY who enters the new terminal at Heathrow. They say the records will be destroyed after 24 hours but how much are Paris Hiltons fingerprints on EBay?
How to maintain security
Maybe we should demand on equal data security for the general public AND the people in power. If those with power think they might be at risk then they'll make damn sure that the systems are secure.
C'mon, If you had access to private info, you would access it!! I have had access to this kind of info a lot of times, and I have accessed it, just for fun. But you just have to be carefull.. no gui access, just SQL you stupid!!
Non-Americans incoming though American airports have finger prints taken.
It is Foggy Bottom after all
It is Foggy Bottom , so in reality to cover large amounts of their database leaking like a sieve all over the place and being used to create either forged passports with valid RFID tags and real names for cloners/CIA to use on the black market or other , they are using this line of crap .
The real question now becomes just how much real data has been lifted from all their files within the past decade without the management noticing .
As any cynic would say , they would rather tell much fiction and lies plus a very light touch of the truth to add a thin veneer of credibility because that is what "Foggy Bottom" does for a living in real life .
Any statement they issue on any matter , should be taken as a grain of salt .
"If it was in the UK....
By Stewart Haywood.......
they would just wait fior the free CDs to be distributed."
Yep. it'd be on the front cover of "Government Laptop Weekly".
really - is anyone surprised?
I would expect that bored call-centre staff around the world look up the records of famous people. The only shock here is the reaction to it. Maybe that's because this is one of the few administrative functions that the yanks haven't outsourced - so it's still within their control.
No doubt the credit-card bills, medical records, call-logs and police files of pretty much anyone you can name is available in a low-pay, english-speaking country that hosts outsourced workers. All you have to do is find the right place, stand outside and wave money.
Maybe, just maybe the synapses of whichever of these candidates is unlucky enough to win the elections will fire at some point in the next 4 years and make the connection: personal data in database ..... potential for bad people to access it .... we mustn't store more than is absolutely necessary. However, I'm sure there's almost no chance of this happening.
to turn it back onto the Protected Classes...
"if you have nothing to hide, who cares if it's visible?"
But, you can't have Politicians, especially prominent Democrats, having their records checked by non Party controlled persons. Notice there is not one bit of flak about McCain, other than a mention. Methinks that the "third person" who "remains employed" according to TFA was the one who tagged McCain records in order to keep this from being an obvious "Protect the Democrats" scheme.
Any bets on how many times RuPaul...err Ron Paul, or Fred Thompson were checked and the Media didn't go on all out alert?
If he'd been a conservative, it would have been "What do you have to hide, Mr. Obama?" and the Daily KOS would have been flooded with stuff saying that the Feds' firing of the contractors involved was "politically motivated" and demand impeachment.
But will anyone remember when the shoe goes on the other foot? Not hardly. Leftists seem to forget easily. Might just have something to do with the constant influx of emotionally loaded, logic-free media and "legalize now" pharmaceuticals and the effect on short term memory.
The first error...
The first error in this farce was that the contractor trainees were using the live database for training.
Re-tellings of the story on NPR pointed up that the trainees were at one point requested to look up the data of a family member or close friend, (i.e. "We are about to breach data confidentiality. Please pick a target who will be unlikely to sue us or you.") Seems it was during training that the "unlawful access of data" occurred, or at least commenced.
Wiser practices would have had a training database to go with their training exercises.
Aside from the blatant inequality of an access monitoring system for the data records of "high-profile" people, this highlights the pointlessness of log files that are only reviewed postmortem.
I hate to say it
It probably was just curiosity. There is a Tory party IT solution I will never name which has some hilarious security questions.
"But, you can't have Politicians, especially prominent Democrats, having their records checked by non Party controlled persons."
Load of BS . What was accessed was not public records. Sorry even politicians have some level of expectation of privacy.
Obama was mentioned cause he was the first person they found out out about. They didn't say much about Hillary either
It made news because the system in place to prevent this abuse did not work. It would of been news if McCain was the first it still would of made the news
"emotionally loaded, logic-free media and "legalize now" pharmaceuticals and the effect on short term memory."
Please turn of fox news now.
- Bugger the jetpack, where's my 21st-century Psion?
- Something for the Weekend, Sir? Why can’t I walk past Maplin without buying stuff I don’t need?
- Review 'Mommy got me an UltraVibe Pleasure 2000 for Xmas!' South Park: Stick of Truth
- The land of Milk and Sammy: Free music app touted by Samsung
- Privacy warriors lob sueball at Facebook buyout of WhatsApp