Blaming Google For Your Own Failure To Protect Info
from the blame-anyone! dept
Everybody loves to blame Google -- but perhaps people should take the time to understand how Google works before flinging around baseless lawsuits. Recently it was the NY politician who falsely accused Google of profiting off of child porn (a suit he just dropped). Now, Digg points out that a school district that exposed the names, social security numbers and test scores of over 600 students is blaming Google for the leak, saying that Google somehow got behind their password protection -- which is not how Google works. The school district tries to explain how Google got behind the password protection, but the statement doesn't make much sense: "One of the students on the list had a presence on the Web. In Google's effort to get information on her, one of its spiders latched onto her name in this document. We were not aware that password-protected sites are set up like that." If someone can explain what that means, that would be great. However, it certainly sounds like the school district left the information open, and doesn't want to admit it. In the meantime, though, they've convinced a judge to issue an injunction to get Google to remove all info from the school district from its index -- and a trespassing suit will follow (unless someone explains to them how this lawsuit is bound to fail).
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Can Google Prevent it?
[ link to this | view in chronology ]
why bother?
on a more realistic level *win* a few high profile cases (google that is) get *all* related costs back and maybe a few legal types will take the hint.
google works reasonably well as it is. at some point whoever admins the web server needs to be asked *why* this information was avalible anyway.
google could probably offer to remove *all* references to the organisation in question. i.e. do not index *anything* for them. they may go for it but i doubt it.
[ link to this | view in chronology ]
Re: why bother?
[ link to this | view in chronology ]
Re: Re: why bother?
[ link to this | view in chronology ]
Re: Re: why bother?
Thanks
[ link to this | view in chronology ]
Re: Re: why bother?
Now for my contribution. This is an all too common problem in school districts. They are victims to their own inability to educate their own students. That and it's hard to find good help when they pay their employees (yes, not only teachers are paid badly) so poorly.
Peace out...
[ link to this | view in chronology ]
Re: why bother?
[ link to this | view in chronology ]
Stupidity of the masses
It's not google...
it's half-baked wanna-be comp technicians that get their A+ and people think it means something, when 90% of the people with the A+ have very little idea of what they are doing...
The school in particular, needs to beat the crap out of their admin for not securing their network, not harass a search engine...
This case is a clear cut, we want money and noteriety...
Frankly boys and girls it's people with a clue need to rise to the occasion and put a stop to frivilous lawsuits, which are not the fault of the company and or person their are blaming...
[ link to this | view in chronology ]
Re: Stupidity of the masses
[ link to this | view in chronology ]
Re: Stupidity of the masses
You make a good point in your statements.
But it sounds like you did not pass your A+ test?
[ link to this | view in chronology ]
Re: why bother?
oooh! sparkly things!
[ link to this | view in chronology ]
But remember...
The word of the day is sarcasm
[ link to this | view in chronology ]
Obviously
Shouldn't the folks at Techdirt be aware of this?
[ link to this | view in chronology ]
Re: Obviously
[ link to this | view in chronology ]
SCHOOL IS PROBLEM
The guy had a couple of MAC's in his classroom, and that was it.
The guy actually THOUGHT he knew the stuff, and was telling folks how stuff worked that, to a real IT person, sounded like made up gobblety-gook. The folks he was preaching to swallowed hook line and sinker. They would believe him over IT folks, and we ended up with a staff that was working with a total mis-conception of technology. Still am trying to fix it, but folks still say,"Tim said "Blah", and he KNEW what HE was talking about!"
Bottom line? The admin in charge of the student data & district WWW are to blame, period. Obviously, their security was crap, and it looks like they still don't know it.
[ link to this | view in chronology ]
Idiots (which means i'll probably wind up working
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I can see what happened...
I know of many examples of this. The Hays Daily News in Hays, Kansas has implimented this kind of "fake password" system on their PDF editions for years with Google finding the PDF documents for years as well. Just becuase it looks like security doens't mean it is security.
[ link to this | view in chronology ]
This is a clear case of an admin who knew nothing about making site password protected and un searchable. Maybe he/she thought that if i can bury this under a lots of folders, then google might not be able to get to it.
[ link to this | view in chronology ]
school webmasters
Unfortunately, a lot of the gradebook programs with web publishing capabilities work this way. They simply create html files and slap an entry page on them. They don't even check to make sure that someone coming into the grade pages for little Timmy actually came from the entry page. In many places the teachers are making decisions to post grades on the web and don't go through the webmaster. Many schools have a district webmaster (often a former teacher) who, over the course of time, learns how to be a webmaster. The schools themselves tend to treat the webmaster position as something the librarian can do in their spare time. It's unfortunate but that's the way it is.
To keep things like this from happening schools need to be more active in deciding what grade book teachers should use across their district. They need to dedicate money to pay school webmasters rather than make it something a teacher does in their spare time. Finally they need to hire a full time district webmaster who has input into some of these decisions and is capable of learning to be a real webmaster. Until that happens data will be posted under the guise of being password protected.
[ link to this | view in chronology ]
I have the Answer!!!
That way, No one can see anything harmful from Google's search engine.
Or we could expect that whatever you put on the web is public?
Just my 2¢, YMMV
[ link to this | view in chronology ]
Re: I have the Answer!!!
Then we can all go back to using Gopher!
On second thought, maybe this Internet thing is too dangerous. We should go back to stone tablets. Then I'd have something to hit this idiot sysadmin over the head with. :)
[ link to this | view in chronology ]
Ignorance is Bliss I guess
It is starggering actually when you talk to many people that they don't understand the concept of WORLD WIDE WEB, that anything you put online is subject to WORLD WIDE exposure. How many local businesses put up a website only expecting local coverage, and instead get international requests. In this case, the school POSTED something online so that only the students attending the school could see it, without realizing that without proper protection, this information is viewable by the world.
My recommendation to anybody making a website or using the Internet, if you don't intend to make information global and public, DON'T PUT IT ONLINE. If it is important, DON'T PUT IT ONLINE. Period. Its the WORLD WIDE WEB and it means that even if you put a password on it, you are potentially exposing the information globally.
Sounds like the school wanted to save a few dimes and not print report cards and use the Internet for a cheap way to disseminate information. When will the legal system start implementing the "Slap upside the head" clause when people file lawsuits because of their own stupidity.
[ link to this | view in chronology ]
Why point the finger?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Why is everyone so focused on Google?
About a year ago... I had a problem with their caching engine. I had a document posted on my own IIS server at home. I made it available to myself for the sake of my own benefit when I'm out and about. The IIS directory was NT protected...[supposedly]. There was a password applied.
This particular document contained a share of my own personal information - up to AND INCLUDING my Social Security Number.
Interesting how a password-protected directory was ACCESSED by one of Yahoo's 'spiders'... It managed to grab this personal, password-protected document AND CACHE IT in it's own index! The only way I found out about it was through my significant other. She ran a Yahoo search for my name (for some reason... She does odd things like that sometimes when she's bored. Like she's checking to see if I am FAMOUS yet or something. LOL.) She found this very document that I had gone to the trouble of securing on Yahoo's search results of my name. LISTED IN THE SEARCH SUMMARY WAS MY SOCIAL SECURITY NUMBER.
Needless to say...I was PISSED.
I contacted Yahoo about the issue and DEMANDED that they remove this cached document - IMMEDIATELY. They sent me a response giving me excuses, etc. They told me that it would take anywhere between 7-14 business days for the 'caching cycle' to 'rotate' the document out of it's cache.
This was MOST DEFINITELY unacceptable.
I threatened them with legal action if they did not remove this personally sensitive information AND complete liability if my identity were to be compromised. I was VERY clear to them on that matter.
CRYSTAL...
The document was gone the NEXT DAY. (Thankfully for THEM...)
Now here is my question to the general populace...
WHY are we so focused on one particular search engine when they're ALL guilty of creating some security issue or breach of privacy? I'm pretty sure that it's only because they're so noteworthy in the media of late. Everyone is picking on Google like we have an actual reason.
NO ONE is perfect. But I think that Google does stand above the rest considering the amount of effort they put into innovation and how much they really do give to the people. After all... I can't overlook the fact that most people I see loading their browsers end up having Google as their homepage... *raises hand* Heh...
As for this school system... I'm pretty sure that they missed something in their security. My own personal web server at home didn't stop Yahoo's spider. Why should they be any different? I'm fairly familiar with system security. I never really bothered to research the issue. I simply deleted the directory from the WWW and put the document on my personal secured SCP server instead. I find it disgusting that we hear about these legal battles but NEVER even HALF of the details.
THINK, people. THINK!!
Regards,
Cyryl
[ link to this | view in chronology ]
Re: Why is everyone so focused on Google?
Problem #2 - I'm fairly familiar with system security. I never really bothered to research the issue...
Its your own fault, people like you working in IT and making ASSumptions is what makes the WWW interesting.
Leave IT to the professionals or better yet RTFM!
[ link to this | view in chronology ]
Re: Why is everyone so focused on Google?
The school district did not protect their information on their publicly accessable website.
It would take a couple of minutes to tell ALL search engines to not access a portion or even all of any web site.
Think idiots, think!
[ link to this | view in chronology ]
Re: Why is everyone so focused on Google?
But why would you need to document your SSN and have it accessible on the go? If you're over 18 and you don't have your SSN memorized by now, it's time to catch up. Things like SSN & other "simple" data bits are easy to memorize.
And I don't care how "reasonably secure" a server is... if anyone else can access it besides yourself, it isn’t safe. Don't put personal info on there. It's really that easy.
If you want to keep things secure and accessible "on the go", type up a little business card (Avery makes some nice, cheap stock for that) and keep it in your wallet.
What if you wallet is stolen? Easy. Do what I do. Write the info up in code. A simple substitution code means that it'll be unintelligible at a glance, and you can translate it back easy enough when you need the info. You're not trying to thwart government super-spies or cryptology teams here. Anyone who is going to take the time to break a coded, unknown, peice of paper in your wallet is going to get that info no matter what you try to do.
[ link to this | view in chronology ]
Blame it on ignorance
Further, I am sure that a lot of you would agree that it would be quite impossible for google to go through every indexed page in their database to ensure that those pages do not violate the interest of that particular school or any institution for that matter.
If the school is not capable of securing thier website, perhaps it is best for them not to have a website at all.
If I was a judge, I will make sure that the IT manager, Web Master, and anyone involved in the development of the school's website, should never be allowed to hold such positions until their have proven that they are capable of working for such institutions (e.i. Schools, hospitals, etc) where data protection is not an option, but a must have measure.
[ link to this | view in chronology ]
The judge's name is boner.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Stupid School
goes to buying administrators. There was a time in this country when students had clubs for computer
lovers and that club would have set up the site with
teacher supervision and it would have been secure. Now they can't afford to let the kids have a club but they can pay some numbnut to not even get it somewhat right. This is just the latest in a long line of symptoms that herald the fall of the education system in this country. It all started with the NEA
and it will only get better when the NEA is abolished
and teachers are hired for there educational skills and not their political skills.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
DocuShare?
[ link to this | view in chronology ]
Not Google's Fault
As a matter of fact, there is no way to gaurantee 100% secrecy of any information on the web no matter how good the admin.
So why was this information online at all? Why was that necessary?
[ link to this | view in chronology ]
Robots.txt
Anyone who knows anything about webdesign should have put in Robots.txt with a Disallow on any areas supposed to be secure, and then those areas should have been properly secured.
Now they just have to put a Disallow:
Too bad they don't know a thing about decent web design.
[ link to this | view in chronology ]
Robots.txt
[ link to this | view in chronology ]
robots.txt
[ link to this | view in chronology ]