FC: Feds' "safe harbor" site displayed private info about U.S. firms

Declan McCullagh declan at well.com
Fri Jul 6 07:12:44 PDT 2001 


http://www.wired.com/news/privacy/0,1848,45031,00.html
   
   'Secure' U.S. Site Wasn't Very
   By Declan McCullagh (declan at wired.com)
   2:00 a.m. July 6, 2001 PDT
   
   WASHINGTON -- A U.S. government website devoted to helping businesses
   keep sensitive information private instead revealed confidential
   information about American firms.
   
   A Commerce Department privacy website exposed proprietary information
   -- such as revenue, number of employees, and the European countries
   with which the firm does business -- that U.S. companies provided to
   the government in strict confidence.
   
   This information has been publicly accessible since the site went
   online last year.
   
   Casual visitors even could modify information stored in the agency's
   database, permitting anyone to delete, for instance, Microsoft, Intel,
   or Procter & Gamble from a government-certified list of companies that
   can freely exchange information with European firms.
   
   In response to queries from Wired News, the Commerce Department
   plugged the security hole at 5 p.m. EDT on Wednesday. "We are aware of
   the concerns, and are taking all necessary steps to identify and
   resolve the issue," a department official said.
   
   The irony of gaping security holes in a Commerce Department "Safe
   Harbor" site established to aid U.S. firms in offering adequate
   privacy protection wasn't lost on some privacy advocates.

   "If the government can't control its own information, why is it asking
   the private sector to do any better?" says Jim Harper, editor of
   Privacilla.org. "When it comes to information management, government
   is the gang that couldn't shoot straight."
   
   [...]



-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------


----- End forwarded message -----

More information about the cypherpunks-legacy mailing list