FC: Feds' "safe harbor" site displayed private info about U.S. firms
Declan McCullagh
declan at well.com
Fri Jul 6 07:12:44 PDT 2001
http://www.wired.com/news/privacy/0,1848,45031,00.html
'Secure' U.S. Site Wasn't Very
By Declan McCullagh (declan at wired.com)
2:00 a.m. July 6, 2001 PDT
WASHINGTON -- A U.S. government website devoted to helping businesses
keep sensitive information private instead revealed confidential
information about American firms.
A Commerce Department privacy website exposed proprietary information
-- such as revenue, number of employees, and the European countries
with which the firm does business -- that U.S. companies provided to
the government in strict confidence.
This information has been publicly accessible since the site went
online last year.
Casual visitors even could modify information stored in the agency's
database, permitting anyone to delete, for instance, Microsoft, Intel,
or Procter & Gamble from a government-certified list of companies that
can freely exchange information with European firms.
In response to queries from Wired News, the Commerce Department
plugged the security hole at 5 p.m. EDT on Wednesday. "We are aware of
the concerns, and are taking all necessary steps to identify and
resolve the issue," a department official said.
The irony of gaping security holes in a Commerce Department "Safe
Harbor" site established to aid U.S. firms in offering adequate
privacy protection wasn't lost on some privacy advocates.
"If the government can't control its own information, why is it asking
the private sector to do any better?" says Jim Harper, editor of
Privacilla.org. "When it comes to information management, government
is the gang that couldn't shoot straight."
[...]
-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------
----- End forwarded message -----
More information about the cypherpunks-legacy
mailing list