Kowabunga

Joe the Plumber’s Illegally Accessed in Ohio

We’re going techie today. It has been revealed in the Columbus Dispatch that Joe the Plumber’s BMV records, and possibly other government databases, were illegally tapped for private information shortly after the debate. This should result in a serious criminal investigation.

Here’s the thing that disturbs me as a techie:

Records show it was a “test account” assigned to the information technology section of the attorney general’s office, said Department of Public Safety spokesman Thomas Hunter.

If this was a a production database, who set up a “test” account to access, especially one that is shared by multiple users as the article goes on to report? If this was not a production database, then why is private information not scrubbed in such a fashion so as to make it useless? What kind of data security (or, more accurately, lack of) are they practicing in Ohio, and the rest of the United States?

Never set up a test account in production databases. Never put private data that must be secured in non-production databases. Always, when dealing with this kind of information, implement fine-grain auditing policies so that data access can be tied to specific individuals in the event of abuse or illegal access.

The people in charge of securing these databases have failed in their jobs and should be terminated. Those individuals accessing the information should be identified and prosecuted to the full extent of the law. IN both cases these people as gatekeepers of government databases, have failed and violated the public trust and should not be allowed to continue in these positions.

Tags:

Joe the Plumber Ohio BMV Databases Security

Tags: Civil Liberites, Ohio, privacy, security, technology