FC: Feds' "safe harbor" site displayed private info about U.S. firms

From: Declan McCullagh (declanat_private)
Date: Fri Jul 06 2001 - 07:12:44 PDT

  • Next message: Declan McCullagh: "FC: DigiGold sues software developer to keep currency servers online"

       'Secure' U.S. Site Wasn't Very
       By Declan McCullagh (declanat_private)
       2:00 a.m. July 6, 2001 PDT
       WASHINGTON -- A U.S. government website devoted to helping businesses
       keep sensitive information private instead revealed confidential
       information about American firms.
       A Commerce Department privacy website exposed proprietary information
       -- such as revenue, number of employees, and the European countries
       with which the firm does business -- that U.S. companies provided to
       the government in strict confidence.
       This information has been publicly accessible since the site went
       online last year.
       Casual visitors even could modify information stored in the agency's
       database, permitting anyone to delete, for instance, Microsoft, Intel,
       or Procter & Gamble from a government-certified list of companies that
       can freely exchange information with European firms.
       In response to queries from Wired News, the Commerce Department
       plugged the security hole at 5 p.m. EDT on Wednesday. "We are aware of
       the concerns, and are taking all necessary steps to identify and
       resolve the issue," a department official said.
       The irony of gaping security holes in a Commerce Department "Safe
       Harbor" site established to aid U.S. firms in offering adequate
       privacy protection wasn't lost on some privacy advocates.
       "If the government can't control its own information, why is it asking
       the private sector to do any better?" says Jim Harper, editor of
       Privacilla.org. "When it comes to information management, government
       is the gang that couldn't shoot straight."
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    To subscribe, visit http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/

    This archive was generated by hypermail 2b30 : Fri Jul 06 2001 - 07:46:04 PDT