FBI Databases Used for Stock Fraud 137
Phronesis writes "The Associated Press reports that two FBI agents have been indicted for conspiring with the owner of InsideTruth.com to short stocks and then leak information from the FBI's internal databases (e.g., unpleasant personal information about corporate officers). They also allegedly blackmailed companies with the threat of revealing such information. This case illustrates the failure of law enforcement agencies to implement adequate protection against the abuse of information they collect."
Hmmmm (Score:3, Insightful)
Little wonder we trust them.
As usual its an inside job (Score:4, Insightful)
How much bigger would this story be if the data had come from hackers penetrating the FBI? Since its an inside job, its not front page news.
We don't need huge security structures and new laws to keep out black hat hackers, we need a closer watch on people inside companies and organisations keeping data. And, if the data isn't needed for a clear purpose, it shouldn't be collected.
And that applies as much to government agencies as companies, since the people inside those, as this case proves, can't be trusted either.
Bad agents (Score:5, Insightful)
As it is, this just shows they need a little stronger check as to who has access to what, but they did catch the people so I am assuming some checks are already there.
Predictable... (Score:5, Insightful)
As governmental databases will reach critical mass, especially with cross-indexing and cross-searches are made more and more common (Oracle database proposals anyone?), I can safely predict that this kind of abuse will only become more and more common.
Do you still think your government does not spy on you? Think again...
Fundamental Misunderstanding of Reality (Score:5, Insightful)
No. Fundamentally, this case illustrates the corruption of power. Governments are made up of lots of individuals, with their own problems, stresses and challenges. They are not angels. If the opportunity to profit from their position appears, many will take it. Putting more levels of bureaucracy and control is just a form of "moving the problem around."
If you want to grant the government more power to accomplish things, abuse of power is the natural, and practically inevitable result. Get used to it. It will happen more and more often over time as we surrender more and more of our freedoms. Especially for the never-ending war on terrorism.
The question we should be asking is "Why does the FBI have this data in the first place?", not "why aren't there sufficient controls to protect this data?"
Where's the integrity? (Score:4, Insightful)
Er... wait a minute...
Seriously, I've just come to expect that the FBI is going to be corrupt and incompetant until the day that it is disbanded and replaced by another institution, which will probably just follow suit anyhow. The place just begs for it; national authority, minimal oversight, intentional segregation from other government offices, a long history of this sort of abuse with little public repercussion, etc.
Where in the hell else do you think our extremists, fascists, and power-hungry psychos are going to try to get into? It sucks that there are actually some good people that work in the FBI since they have to get caught up in this crap as well, but at least there are good parts to it. But I'll be damned if I'm ever going to trust the FBI in general, given, oh, decades of an example to go by. The USA PATRIOT act did us a favor by potentially saving us a fortune in investigations by making legal what the FBI was going to do on their own anyhow.
"But I have nothing to hide..." (Score:5, Insightful)
The problem here isn't lacking a privacy policy... (Score:4, Insightful)
So, you think, "I'm not so important. The FBI isn't coming after me." Repeat the litany about not speaking up for the Jews, etc. and realize that this particular abuse is only one of countless ways in which our too-powerful federal government violates our rights on a daily basis.
Don't be so quick to give up rights you don't exercise: instead, think of what kinds of rights you exercise that the majority might not care about (fair use, use of strong cryptography, etc.), and realize that if you have the ability to surrender their rights, they have the ability to surrender yours.
Do you want small government? Join the Libertarian Party [lp.org].
Re:Which leads one to wonder (Score:1, Insightful)
No.
Not Citizen ID, SS# is used as a PASSWORD (Score:3, Insightful)
The solution is to detour companies from using your SS# number as a password by making them liable for any damages, then add some fines on top of that.
Utterly unavoidable. Now DEAL WITH IT!!! (Score:4, Insightful)
Michael, take a deep breath. You're starting to sound like Jon Katz.
This case illustrates exactly why mandatory encryption key repositories are a bad idea. It illustrates why keeping excessive information is a problem. It highlights the fact that we don't live in a safe world.
We will never. Ever. Ever! eliminate leaks, corruption, and fraud. If the information exists at all, then there's no way of protecting it perfectly from unintended use. (Which, it occurs to me, is exactly why people have argued against copy-protection. Hmmm...) Sooner or later someone will find a way of getting to it and exploiting it.
Note also that (as others have pointed out), the law enforcement agencies worked!" The perps were caught and punished, exactly like they should be.
The only answer we have to threats like this goes as follows.
1) Limit the amount of information collected to what's necessary. (in this case, the info. was necessary. Private key repositories are definitely not)
2) Limit the amount of cross-referencing between separate databases.
3) Implement and enforce legal protections on the data.
4) Implement and enforce technical protections on the data.
5) (really 3a) When things are abused or leaked, punish the perpetrators and reevaluate policies 1-4.
This is old, old, OLD stuff but is changing now for a few reasons. Massive networking, storage, and databases are fundamentally contrary to items (1) and (2). Technology moving as fast as it is makes (4) a difficult moving target. The fact that too many people (legislators and judges especially included) consider this to be a different situation than it was 25 years ago makes (3) more complicated than it should be.
In other words, reevalutate, enforce, and repeat.
Re:Which leads one to wonder (Score:3, Insightful)
Because all of the information in question concerned criminal activity, and collecting information on criminal activity is what the FBI is for.
They did not have access to some giant dossier on every citizen like you seem to think. The only database even mentioned in the article is the one maintained National Crime Information Center (NCIC). The NCIC database contains nationwide information about criminal cases, including convictions, stolen property, missing persons, etc.
The NCIC is a reference which ensures that all levels of law enforcement have access to the same basic information. When you're stopped for a traffic violation the officer probably performs an NCIC check (and maybe one of the equivalent statewide system) to make sure that the car isn't stolen and that you're not wanted for some other crime. It's a perfectly reasonable thing to do, and a surprising number of hardcore criminals get caught this way.
The other stuff the article mentioned were corporate crimes (or suspected crimes) which the FBI also knows about because they are, after all, criminal activities.
These corrupt agents were using legitimately collected information for illegitimate and illegal purposes. The bad thing is not the fact that the FBI has this information, but that it was used for personal gain and for blackmail. There are many good examples of government agencies and private corporations collecting information they shouldn't be collecting, but this is not such a case.
Re:The problem here isn't lacking a privacy policy (Score:3, Insightful)
Isn't that a contradiction?
Re:Why not? (Score:2, Insightful)
When you're applying for a job, you give consent for a background search.