Government and corporate employees engage in an "epidemic" of snooping into databases

Posted by Cory Doctorow, February 24, 2008 11:59 PM |
The Associated Press reports on an "epidemic" of snooping into corporate and government databases by unscrupulous employees and contractors. The governments and corporations of the world keep on blithely amassing these gigantic, toxic, immortal databases of our personal lives, and then treating them as though they required no more security than any other file on their hard drive. Large databases of personal information are as potentially deadly and long-lived as plutonium.
Vast computer databases give curious employees the ability to look up sensitive information on people with the click of a mouse. The WE Energies database includes credit and banking information, payment histories, Social Security numbers, addresses, phone numbers, and energy usage. In some cases, it even includes income and medical information.

Experts say some companies do little to stop such abuses even though they could lead to identity theft, stalking and other privacy invasions. And companies that uncover violations can keep them quiet because in many cases it is not illegal to snoop, only to use the data for crimes...

"People were looking at an incredible number of accounts," Joan Shafer, WE Energies' vice president of customer service, said during a sworn deposition last year. "Politicians, community leaders, board members, officers, family, friends. All over the place."

Her testimony came in a legal case involving an employee who was fired in 2006 for repeatedly accessing information about her ex-boyfriend and another friend. An arbitrator in November upheld the woman's firing. The AP reviewed testimony and documents made public as part of the case.

Link (via /.)
posted in: Civlib
Favorite this! ( 1 )
Share this
Older Nebula finalists announced
Newer TimesMachine: hackable browser for the public domain NY Times archive

Discussion

Take a look at this
#1 posted by Pipenta , February 25, 2008 5:26 AM

Funny how if a kid downloads a song, that's stealing, but anybody can nab your personal information and that's not...

Take a look at this
#2 posted by Cory Doctorow , February 25, 2008 7:29 AM

Weightedcompanioncube: When, exactly, was Boing Boing less political?

Take a look at this
#3 posted by Jeff , February 25, 2008 9:43 AM

If we were able to record and store our life as a Mind State, wouldn't it be interesting to see how access to our entire life might be controlled? It would no longer be just an issue of Who has access to your data, but rather, who has access to You. I assume at that point you could control access from inside the AI you reside in. Ultimately your Mind is intellectual property, and as such you can't own it. So, maybe your "Mind State" could not be controlled by anyone, not even you.

Take a look at this
#4 posted by st vincent , February 25, 2008 10:12 AM

Many organizations are wising up and realizing that amassing and storing great gobs of personal data on their clients or customers is a bad idea. Storing and attempting to protect such data often proves to have little or no benefit to the organization, and indeed, may actually emerge as a not-insignificant liability for everyone involved.

IMHO, a sensible and ethical organization wouldn't collect more personal data than it strictly needs to conduct business or serve its clients and would ditch it when it no longer serves its intended purpose. And hey, if you don't collect sensitive data, you needn't be worried about protecting it from creeps, right? Enlightened self-interest.


Take a look at this
#5 posted by st vincent , February 25, 2008 10:14 AM

Many organizations are wising up and realizing that amassing and storing great gobs of personal data on their clients and customers is a bad idea. Storing and attempting to protect such data often proves to have little or no benefit to the organization, and indeed, may actually emerge as a not-insignificant liability for everyone involved.

IMHO, a sensible and ethical organization wouldn't collect more personal data than it strictly needs to conduct business or serve its clients and would ditch it when it no longer serves its intended purpose. And hey, if you don't collect sensitive data, you needn't be worried about protecting it from creeps, right? Enlightened self-interest.

Take a look at this
#6 posted by eiconoclast , February 25, 2008 3:16 PM

This doesn't surprise me at all. I doubt it's a new phenomenon. I have had access to various private data in the past as part of my job and I've felt the temptation to snoop. I didn't unless there was some legitimate need, but I can imagine that many people would go ahead and snoop, especially if they didn't plan on using the data.

People are curious (nosy). I agree with others... it's best not to store extra data. You can also use access restrictions and access logs to see who is looking at what.

Take a look at this
#7 posted by License Farm Author Profile Page, February 25, 2008 5:02 PM

@ #1 Pipenta: Funny how if a kid downloads a song, that's stealing, but anybody can nab your personal information and that's not...

Kids don't have moneyed congressional lobbyists, per se.

@ #2 WeightedCompanionCube: So, the only hard facts in that article point to how people have been caught and fired for abusing databases. Nothing but speculation about how much undiscovered abuse might be occuring.

More sweeping, draconian legislation has been put into effect based upon far more spurious speculation than that. Given the iffy oversight of the organizations that have access to this information and how guarded they are about what the public learns of them, it's not exactly a leap of logic that for every abuser who's caught because they're sloppy there may be ten who don't because they aren't.

Post a comment

Anonymous