Have to say, the cynical part in me is kind of surprised that the police (in Minnesota) have an audit system that tracks each lookup. They could easily have justified a system in which license lookups don't track the officer.
(obviously they don't run automated audits, though)
The programmers and administrators of that system also have CYA incentives.
I recently built a fairly complicated reservation/scheduling/accounting system. Because of office politics, I elected to design and implement an auditing feature even though it wasn't a requested (or even desired) feature.
I guess that makes sense...when an incident like this comes up, it's impossible for anyone at any part in the chain (from the chief to whoever hired the contractor) to justify: "We just didn't think we needed to track every time someone wanted to look up private info"
Given that such a computer system probably has a lot of redundancy (or machines spinning) to make sure that cops, at any time, can call up info and do everything else through that network...logging 10-100K logins would be pretty trivial.
Given that you weren't asked to do the auditing feature in the first place, did you also build any kind of suspicious-behavior detection?
I did consider building some kind of fraud detection system since there was some suspicion of... treachery. But I didn't know enough about the domain to believe that I could implement something that would work reliably.
In fact, my doubts about my domain knowledge is one of the main things that motivated me to build the auditing feature. If something went wrong I wanted to make sure that I could only be blamed for legitimate mistakes on my part.
I'm sure the same thing happens with larger systems.
Submitter: if you are going to submit print links, how about at least posting a comment giving the non-print link?
Print links have several problems:
1. They often use a small font and wide layout that makes them unreadable on mobile devices, and they are often hard to read even on desktops. (They are designed for printing, not reading on a screen).
2. They often (as in this case) bring up a print dialog that needs to be dismissed.
3. They generally provide no way to go to the non-print version. Sometimes it's possible to guess from the URL what the non-print URL is, but it is not obvious in this case. Contrast this to the non-print page, which usually has a link to the print page, so those who prefer the print page can easily get it from the normal page.
My apologies..., when I first opened the link, for some reason the Print dialog didn't come up (in Chrome). After I read the story and submitted it and then came back...lo and behold that print dialog came up.
(and you're right, this story was ESPECIALLY hard to find. Even on CityPages own carousel the link is broken...I had to search for the subject's name, which only took me to a slideshow, which luckily had that backlink)
I am surprised to see a bikini photo in an (internet!) article about a woman who's been trying to get away from creepy stalkers who know a little too much about her. You'd hope that the paper got informed consent before publishing, but...
(She's not as easy to find as one might fear, but Google does suggest "Anne Marie Rasmussen picture" when entering her name.)
In some branches of the civil service in the UK (I do not know exactly which ones but HMRC is one of them), we've had a system to deal with this for about 20 years now.
All accesses of personal data have some random chance (I think it's 5%) of being audited. If your request gets picked, a dialog pops up saying that your access is being audited and you must file a form immediately, explaining why you needed to access that record.
For celebrities and for anyone whose records have a history of abuse, the probability goes to 100%.
If you do not submit the form, or your explanation is not satisfactory, you get invited to a disciplinary interview.
That's cheaper than auditing all accesses, but is enough to discourage unnecessary "browsing" of data.
The author points a finger at police for leering over an attractive woman's photos -- then needlessly posts bikini photos.
The photos add no substantive content to the story; they're just there for gawking at.
The ostensible point of this article is that the law enforcement database should be more tightly controlled. But there's a more basic point that is missed: if you're going to wag a finger at a bunch of photo-gawkers, you shouldn't simultaneously encourage (and profit from) such gawking.
I have strong opinions about the politics of this (i.e. giving people power without accountability always causes problems, whether it's on this scale or the Department of Homeland Security scale), but since we're on Hacker News, I think it'd be more interesting to consider what this says about auditing, data access, and privacy. I noticed some comments already about auditing systems.
Can this story tell us anything interesting about audit trails we'd like to see in other applications - or that we should maybe implement in our own work?
The salient part of this story for me: here's a "facebook" that's already got legal and regulatory protections, and intended to be used by those sworn to protect us.
And it's being abused.
I'm shocked, shocked.
Now take the same system, and put it in private hands.
There are people who'll have access to that system: programmers, systems admins, DBAs, contractors, vendors, business partners, advertisers, marketers, .....
Yes, a fair number of organizations will put some level of control over the data. Pre-employment screens, background checks, security policies, independent audits, ....
And some won't.
And controls or not, the data will out.
How much of an intelligent, consenting adult's life should really go online?
How much of a teen's life?
How much of an infant's life?
A recent HN story on clearing Google browser history prompted the inevitable "I can't imagine what could possibly go wrong" (non-ironic) post.
18 comments
[ 4.0 ms ] story [ 21.5 ms ] thread(obviously they don't run automated audits, though)
I recently built a fairly complicated reservation/scheduling/accounting system. Because of office politics, I elected to design and implement an auditing feature even though it wasn't a requested (or even desired) feature.
Given that such a computer system probably has a lot of redundancy (or machines spinning) to make sure that cops, at any time, can call up info and do everything else through that network...logging 10-100K logins would be pretty trivial.
Given that you weren't asked to do the auditing feature in the first place, did you also build any kind of suspicious-behavior detection?
In fact, my doubts about my domain knowledge is one of the main things that motivated me to build the auditing feature. If something went wrong I wanted to make sure that I could only be blamed for legitimate mistakes on my part.
I'm sure the same thing happens with larger systems.
Print links have several problems:
1. They often use a small font and wide layout that makes them unreadable on mobile devices, and they are often hard to read even on desktops. (They are designed for printing, not reading on a screen).
2. They often (as in this case) bring up a print dialog that needs to be dismissed.
3. They generally provide no way to go to the non-print version. Sometimes it's possible to guess from the URL what the non-print URL is, but it is not obvious in this case. Contrast this to the non-print page, which usually has a link to the print page, so those who prefer the print page can easily get it from the normal page.
Here you go: http://www.citypages.com/2012-02-22/news/is-anne-marie-rasmu...
(and you're right, this story was ESPECIALLY hard to find. Even on CityPages own carousel the link is broken...I had to search for the subject's name, which only took me to a slideshow, which luckily had that backlink)
If a moderator could change the link to: http://www.citypages.com/2012-02-22/news/is-anne-marie-rasmu...
The mobile users would be much obliged...
I actually prefer print links. Bookmarklets like Readable make those articles, well, readable.
(She's not as easy to find as one might fear, but Google does suggest "Anne Marie Rasmussen picture" when entering her name.)
All accesses of personal data have some random chance (I think it's 5%) of being audited. If your request gets picked, a dialog pops up saying that your access is being audited and you must file a form immediately, explaining why you needed to access that record.
For celebrities and for anyone whose records have a history of abuse, the probability goes to 100%.
If you do not submit the form, or your explanation is not satisfactory, you get invited to a disciplinary interview.
That's cheaper than auditing all accesses, but is enough to discourage unnecessary "browsing" of data.
The photos add no substantive content to the story; they're just there for gawking at.
The ostensible point of this article is that the law enforcement database should be more tightly controlled. But there's a more basic point that is missed: if you're going to wag a finger at a bunch of photo-gawkers, you shouldn't simultaneously encourage (and profit from) such gawking.
The problem is that police officers are illegally accessing her private information to know more about her purely out of a puerile interest.
Can this story tell us anything interesting about audit trails we'd like to see in other applications - or that we should maybe implement in our own work?
And it's being abused.
I'm shocked, shocked.
Now take the same system, and put it in private hands.
There are people who'll have access to that system: programmers, systems admins, DBAs, contractors, vendors, business partners, advertisers, marketers, .....
Yes, a fair number of organizations will put some level of control over the data. Pre-employment screens, background checks, security policies, independent audits, ....
And some won't.
And controls or not, the data will out.
How much of an intelligent, consenting adult's life should really go online?
How much of a teen's life?
How much of an infant's life?
A recent HN story on clearing Google browser history prompted the inevitable "I can't imagine what could possibly go wrong" (non-ironic) post.
A well-known contemporary tech company was vitally engaged in civil rights and personal data tracking which lead to the deaths of some 6 million people. World War Two, Nazi Germany, the Holocaust, IBM: http://www.ibmandtheholocaust.com/ http://archives.cnn.com/2001/LAW/03/columns/fl.sebok.IBM.hol...
Social networking's upsides are pretty cool. I'm not down with the negatives though.