Japanese Gov't Accidentally Shares Internal Email Over Google Groups 25
itwbennett writes "An official at Japan's Ministry of the Environment created a Google Group to share email and documents related to Japan's negotiations during a meeting held in Geneva in January, but used the default privacy settings, which left the exchanges wide open. According to Japan's Yomiuri Shimbun newspaper, over 6,000 items, including private contact information of government officials, was publicly accessible. Michihiru Oi, a ministry official, said the ministry has its own system for creating groups and sharing documents, but it doesn't always function well outside of Japan, sometimes leading to 'poor connections' and a 'bad working environment.'"
They should always operate this way (Score:5, Insightful)
This mistake should be the standard way of working for all governments.
Security backfire? (Score:4, Insightful)
So the article and summary hint at a common problem -- "the ministry has its own system for ... sharing documents", which "doesn't always function well outside of Japan". I've seen this in more than one enterprise, where the IT guys meet the need of users to securely move data around by buying or building a secure solution, and they pay very careful attention to the security, but less attention to the usability. Users will go for ease-of-use every time, and aren't thinking about security, so mistakes like this happen.
The obvious solution is to make the secure system easy to use, but usability itself is hard to get right, secure usability is very hard.
Oh Japan.. (Score:2, Insightful)
You still risk jail time if you look at the files. (Score:4, Insightful)
Laws are actually drafted by government officials and they insert enough language to protect their tails.