Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Government The Courts

Cop Awarded $585K After 'Dozens' Of Police Officers Accessed Their DMV Data 500 Times (arstechnica.com) 140

A Slashdot reader shares a story from Ars Technica about what happened after Minnesota's Department of Natural Resources sent a privacy notification to a police officer in 2013: An employee had abused his access to a government driver's license database and snooped on thousands of people in the state, mostly women. Krekelberg learned that she was one of them. When Krekelberg asked for an audit of accesses to her Department of Motor Vehicles records, as allowed by Minnesota state law, she learned that her information -- which would include things like her address, weight, height, and driver's license pictures -- had been viewed nearly 1,000 times since 2003, even though she was never under investigation by law enforcement... She later learned that over 500 of those lookups were conducted by dozens of other cops. Even more eerie, many officers had searched for her in the middle of the night.

Krekelberg eventually sued the city of Minneapolis, as well as two individual officers, for violating the Driver's Privacy Protection Act, which governs the disclosure of personal information collected by state Departments of Motor Vehicles. Earlier this week, she won. On Wednesday, a jury awarded Krekelberg $585,000, including $300,000 in punitive damages from the two defendants, who looked up Krekelberg's information after she allegedly rejected their romantic advances, according to court documents...

More lawmakers have started advocating for data privacy regulations at the state and federal level, but those conversations have mostly focused on reining in big tech companies, rather than information that public employees can access.

Minneapolis's city attorney responded that the police department has changed its policies -- which had previously encouraged officers learning how to use the database to "go back to work and look up some of [their] friends and family members."
This discussion has been archived. No new comments can be posted.

Cop Awarded $585K After 'Dozens' Of Police Officers Accessed Their DMV Data 500 Times

Comments Filter:
  • This just in (Score:5, Insightful)

    by Opportunist ( 166417 ) on Monday June 24, 2019 @02:46AM (#58812354)

    Unsupervised data access will be abused.

    Hope I don't give away a state secret...

    • by DrYak ( 748999 ) on Monday June 24, 2019 @04:33AM (#58812584) Homepage

      Unsupervised data access will be abused.

      Hey, where is the "If you have nothing to hide..." crowd when you need an explanation about why this is actually a good thing?

    • Data will be abused.

      Richelieu or whoever he copied had that right with that "six lines..." quote.
      Lack of supervision, transparency, regulation, data safety and security, ethics and the legal ramifications for the lack of all of those are merely additional incentives for abuse.

      It's not just the Chinese [techcrunch.com] or Mark Zuckerberg [wikipedia.org] that want databases on people which can be sort by "fuckability".
      Or by race... when they feel that urge to deal with their issues by murdering a black man, like what Liam Neeson described.

      The database also contained a subject's approximate age as well as an "attractive" score, according to the database fields.

      But the capabilities of the system have a darker side, particularly given the complicated politics of China.

      The system also uses its facial recognition systems to detect ethnicities and labels them - such as "Ãf¦Ã±Ãf¦--" for Han Chinese, the main ethnic group of China - and also "ÃfÃf¦--" - or Uyghur Muslims, an ethnic minority under persecution by Beijing.

      Where ethnicities can help police identify suspects in an area even if they don't have a name to match, the data can be used for abuse.

      The Chinese government has detained more than a million Uyghurs in internment camps in the past year, according to a United Nations human rights committee.
      It's part of a massive crackdown by Beijing on the ethnic minority group.
      Just this week, details emerged of an app used by police to track Uyghur Muslims.

    • by tlhIngan ( 30335 )

      Unsupervised data access will be abused.

      Hope I don't give away a state secret...

      Except the data wasn't unsupervised. Typically those records log every access to them, and the person accessing those records typically is already authorized to access the database containing those records.

      Except what happens is people get curious, and they say "I already have access, let's see if I can't look it up".

      People who have access to your tax information are the same - and more than once has someone been caught sneaking

  • For over half a mil, the cops can poke around my records to their hearts' content. They can even make a couple of advances if they like (they won't)
    • by quenda ( 644621 )

      For over half a mil, the cops can poke around my records to their hearts' content. They can even make a couple of advances if they like (they won't)

      For that kind of money, I'd blow them. So would most people, if they really were honest and rational.
      Very unpleasant, but beats 5-10 years in the average job.

    • Proof right here that this is a gaping hole in the system. A team of people can make this happen, on purpose, and split up half a million.
  • "their" (Score:5, Informative)

    by Anonymous Coward on Monday June 24, 2019 @02:57AM (#58812378)

    Can we please just write "her" when it's clearly a woman in question? The headline is confusing enough without this PC silliness.

    Cop Awarded $585K After 'Dozens' Of Police Officers Accessed Her DMV Data 500 Times

    • Re:"their" (Score:4, Interesting)

      by RhettLivingston ( 544140 ) on Monday June 24, 2019 @09:36AM (#58813488) Journal

      How does that make it more confusing? Adding "her" instead of "their" might cause some to see it either as a problem just because the victim was female or as only a concern for females. Real idiots might even dismiss it as excusable because she was female.

      As a man, I have experienced police stalking at least twice in my life (the ones I know of).

      The first officer I had troubles with was the ex of a girlfriend in Missouri. He tracked me, phoned many times at 2 in the morning apparently hoping he'd hear her in the background (never spoke and always hung up), and broke into my home at least once. I was only able to put a stop on it by having the phone company trace the "unknown caller" phone calls and pressing charges for harassment after three documented hangups.

      The second time I had trouble, about a decade later in another state, involved several officers who were friends with an insane construction contractor who was a distant ex of my fiance. They informed him of my location when I was away from home so that he could attempt to catch her at home without witnesses to "talk" with her. We had a restraining order on him so the "without witnesses" was particularly important. They also ignored evidence when he broke in and vandalized our home and let him escape on another occasion when he was spotted dressed in black from head to toe (including black ski mask and tennis shoes) pouring kerosene around the foundation of our home.

      In both cases I have reason to believe they abused their data access to research me, my partners, and even my neighbors seeking to find ways to further leverage their power.

      Though both of these cases involved a female both directly and indirectly, officers routinely abuse their data access for personal reasons, many of which have nothing at all to do with stalking females. I have known them to use it to find leverage in disputes with neighbors, pricing from people providing them services, against parents of children their kids have fights with, etc.

      It is insane that all access to such databases in every state is not thoroughly secured, tracked, and audited on a continual basis. And penalties for abuse should start with criminal charges, not slaps on the wrists.

      • by Anonymous Coward

        It's confusing because the antecedent of the pronoun "their" in the headline is likely to interpreted as "police officers" instead of the intended antecedent, "cop."

      • How does that make it more confusing?

        See: +5 Grammar post above for lengthy points on why in fact in that case it was very much correct to use "her".

      • How does that make it more confusing? Adding "her" instead of "their" might cause some to see it either as a problem just because the victim was female or as only a concern for females. Real idiots might even dismiss it as excusable because she was female.

        Because "their" is a plural pronoun. As such, reading the headline makes it seem like one cop was awarded damages after dozens of cops accessed their own data on DMV servers. It confuses the headline because you have a single subject and a plural subject so, grammatically, you may well assume that the plural pronoun somehow references the plural subject instead of immediately seizing on the concept that "their" in this instance is intended in the overloaded non-gender specific single subject sense that has

        • by Zeroko ( 880939 )

          Wikipedia says singular "they" dates to the 14th century, although that usage was discouraged (but prevalent) in the 19th century before once again becoming more widely acceptable (& even preferred in some cases) in the 20th.

  • by Anonymous Coward

    At least while the cops were searching her details in the middle of the night they weren't beating their wives, or at least were only able to do so with one hand.

    Studies have shown that at least 40% of cops are beating their wives at any one time, so any reduction in this is welcome.

  • This is why Facebook and other such trash media are so successful

  • by Anonymous Coward

    People's inherent self preservation instinct keeps them safe.

    I am a frequent bicyclist and pedestrian. In my experience, whether or not people's instincts keep *them* safe, many drivers have no such instinct toward the preservation of *others*. Preserving the safety of the driver is *not the purpose* of licensing a driver. It's for the safety of the rest of us.

  • by Anonymous Coward on Monday June 24, 2019 @04:24AM (#58812560)

    Nope. Not "Cop Awarded $585K After 'Dozens' Of Police Officers Accessed Their DMV Data 500 Times," but "Cop Awarded $585K After 'Dozens' Of Police Officers Accessed Her DMV Data 500 Times " The former one means that officers accessed their own information; the latter means that they accessed one cop's data. (My capcha is "frisking" btw).

    • Nope. Not "Cop Awarded $585K After 'Dozens' Of Police Officers Accessed Their DMV Data 500 Times," but "Cop Awarded $585K After 'Dozens' Of Police Officers Accessed Her DMV Data 500 Times " The former one means that officers accessed their own information; the latter means that they accessed one cop's data. (My capcha is "frisking" btw).

      Or, if you want to still use "their" you could re-order the sentence: "Cop Awarded $585K After Their DMV Data was accessed 500 Times by 'Dozens' Of Police Officers"

  • by Quakeulf ( 2650167 ) on Monday June 24, 2019 @05:40AM (#58812730)
    He should not come to Norway with that name. It means "pitiful mountain".
  • by indytx ( 825419 ) on Monday June 24, 2019 @05:59AM (#58812778)

    This story is so indicative of why more police power is almost always a bad thing. Every single time that American politicians make the argument for more power and less privacy, they act as if it's the FBI is carefully using the data and access under close supervision to stop something horrible. In reality, it's usually something like this.

    • This story is so indicative of why more police power is almost always a bad thing. Every single time that American politicians make the argument for more power and less privacy, they act as if it's the FBI is carefully using the data and access under close supervision to stop something horrible. In reality, it's usually something like this.

      Nonsense! If only we had another bunch of police policing these police officers, it would all be good. Although, someone would have to police the police policing the police though... hmm...

  • she knew the appropriate law that protected the data, and she knew how to request an audit of the people accessing her account.

    I knew a woman who was a 911 dispatcher, who would access peoples records whenever she wanted to get dirt on someone. She would spread gossip about people based on the info she found. She eventually lost her job for it, but no one ever sued her for it.

  • Victim was a civilian: A payout of 10 bucks, in the form of a voucher that's only valid if you spend over 100 in shop you never go to.

    Perpetrators were civilians: A swatting.

  • by rickb928 ( 945187 ) on Monday June 24, 2019 @09:15AM (#58813400) Homepage Journal

    Auditing and near-real-time tracking (because real-time tracking is expensive, yes, ha) are the answers. Monitoring access and activity are the only proper and meaningful measures.

    First, the thought hat you can trust the users is clearly wrong. So regulation implies you can coerce or threaten users sufficiently to prevent abuse. If that were the case we would need no police. Woops.

    Second, detecting abuse is too late, but since prevention isn't practical, then detection needs to be 'immediate'. At least timely.

    Third, when detected, abuse needs to be addressed, both by sanctions and by restricting or suspending access to violators. So if they cannot do their job, they are furloughed. And that was their choice, to break the rules.

    Speaking of rules, consider the facts known about this case; some accesses were 'in the middle of the night'. Is that permitted, despite some of these officers being shift workers? And the 'rules' regarding workplace behavior? 'romantic advances'? There is a lot wrong here. And ypou can be sure this sort of behavior isn't limited to one department or even one state.

    I work for a financial institution where if I were to examine my own data, MY OWN DATA, I would be dismissed. Promptly. And if I were to examine, without good and preexisting reason, consistent with my responsibilities and past performance, the data of significant or 'public' persons, I would also be dismissed. This behavior is monitored constantly. And I've been asked before, offering full explanation.

    Privacy regulations can never put data back into the secure and confidential state is was before an abuse. Punishing the transgressors is a must.

    Oh, and in the financial world, the US and other nations might consider the example of Iceland. Token fines and business restrictions are not enough.

  • Police department should have installed something like ObserveIT, the insider threat management software that integrates with SIEM and alert the watchers of the watchers when this first happened. Second and subsequent occurrences would have been prevented.
  • Just for once, I'd like to see one of these lawyers admit that their client fucked up.

    Minneapolis's city attorney responded that the police department has changed its policies -- which had previously encouraged officers learning how to use the database to "go back to work and look up some of [their] friends and family members.

    Bull shit. This had nothing to do with their policy. They were looking her up after she rejected their advances, so obviously she's not a friend or family. They got caught with their pants down, and you're claiming that the department told them to try walking around without a belt.

You know you've landed gear-up when it takes full power to taxi.

Working...