Friday, November 26, 2010

Wikileaks: Part of Why I'm Itchy About Database Function Creep And The "One Big Database" Approach To Government Records

This story is about the wikileaks and how low level access to "secure" databases can lead to information being disseminated without controls. While I am ambivalent about some of the information wikileaks has released (specifically the names of informers in Afghanistan and such), I am actually more concerned about what these kinds of incidents mean for our collective privacy.

The anti-war guy, and anti-secrecy guy in me applauds transparency, the privacy freak in me is worried about protecting the medical databases that I am charged with protecting as part of my occupation. Technology, privacy, security, and records management are all inextricably interlinked.

"Manning claimed to have leaked 260,00 cables. But he was charged on July 5 with downloading more than 150,000, and with allegedly leaking at least 50 of them to an unauthorized third party.

The cables were widely accessible within the U.S. military under an information-sharing initiative called Net-Centric Diplomacy.

Established in the government’s post-September 11 drive to break down information barriers between agencies, Net-Centric Diplomacy makes a subset of State Department documents available on the Secret Internet Protocol Router Network, or SIPRNet, the Pentagon’s global, Secret-level wide area network. SIPRnet is accessible to cleared American military service members and civilian agencies around the world."

Wired Mag - WikiLeaks Diplomatic Cable Dump Reportedly Imminent

----

Once again - your privacy is at stake. Suppose someone dumped a secure police database and your name was in there as having provided eyewitness information related to a gang hit. That would probably not be good.

Suppose University registration information was released - home addresses of students (which has happened) and some guy was stalking a young woman (which has happened).

"One big database" as a goal has unintended consequences.

1 comment:

  1. First - let me point out that i think you are URL spamming my site. I may delete your comment and link after I peruse the site you link to.

    ----

    Thanks for the comment, skdadl, but my commentary is not about whether wikileaks should have leaked what they did or not.

    The thesis of my post is that we should all be concerned "About Database Function Creep And The "One Big Database" Approach To Government Records" "and how low level access to "secure" databases can lead to information being disseminated without control"

    One low level staffer leaked all that data. From a database design standpoint that is lousy design.

    If the prisons in which people are tortured falls down in an earthquake, that is a good thing. But it is still likely lousy design of the building.

    Same thing. This was supposed to be a secure military/foreign affairs database and it looks like one guy walked off with a big chink of it.

    Wikileaks may have ethical standards, but what if it is the Russian mafia hiring someone to steal your banking info or such.

    I am critiquing the fact that a supposedly secure database relied almost entirely on trust of their staff. Bad choice.

    ReplyDelete