01 February 2008

It's the software's fault

Apparently the latest provincial government InfoSec breach can be blamed on the software, specifically a file sharing program known as LimeWire.

A popular file-sharing program exposed the private details of more than 150 people over the internet [sic]earlier this month, the Newfoundland and Labrador government said Thursday.

That's an interesting take on the story, given that people operated the computer involved, loading the software without changing the default settings.

Apparently, no one at the Workplace health and safety commission had anything to do with it either, even though they handed over highly confidential information without ensuring the outside contractor was following appropriate security procedures.

No people were involved at all.

Well, that is, except, ummm, of course for the 153 people whose files were exposed, including 108 who had their medical histories and work histories, as well as names and birthdates openly accessible on the Internet for 24 or so days.

And that identity theft thingy that Attorney General Jerome Kennedy warned about in the news release on Thursday? Well, when he spoke to reporters, Kennedy had a slightly different tune to sing:

"The file sharing program allows for access of various information that's on an individual's computer. It doesn't mean it will be accessed," Kennedy told reporters.

So why all the big fuss about government officials taking proper measures in the wake of the leak or of the giant lock-down being applied to every computer in government? Apparently it was nothing to worry about after all.

In other words, the giant news release Kennedy authorized for distribution was just a waste of energy.

Is it just an overactive imagination or did the province's attorney general sound less like a cabinet minister looking out for the public interest and more like the government's chief legal counsel representing a client staring at potential lawsuits?

-srbp-

Remember the story yesterday and the Telegram's short version? The story on page three of the Friday edition didn't mention identity theft anywhere.