Blame it on Google
An incident at the school district for Catawba County, North Carolina has caused a bit of a stir. It seems that names and Social Security Numbers of 620 students were indexed by Google. The Schools Superintendent Tim Markley lashed out at Google and made an outrageous claim that the school system’s computer system was very secure.
Meanwhile, the school system filed a suit against Google on 23 June, 2006, claiming trespass by the search engine. A judge granted a temporary injunction to remove the names and other data of the students from the Google indices and servers. Google complied.
The schools technology officer Judith Rae stated that the information was not accessible to search engines, requiring a login and password. So the question remains how did security not work when Google followed a path into the system. Was security only at the entry level but compromised security at deeper levels? Google’s bot was following a path for one of the students that lead into the county’s server; apparently deep inside.
Search engines are a fact of life on the Internet and have been for a long time. This behavior is nothing new. Passing the buck and blaming others is a fact of life for the American way as has been for a long time. It’s easier for most people to point a finger and not address their own shortcomings and own their own troubles.
Since legitimate search engines follow links, the place to look is how the server linkage turned an external link into a security breach. If a mindless bot made the breach, a human certainly can. And, there are snoopy or malicious search entities that will attempt to crawl an entire site. There are entities that care little about links, but scan directories in an attempt to harvest information.
Members of Congress, and the Bush coterie, blame search engines for providing adult information to adults. They climb on the backs of children in their attempt to censor the free exchange of information. The fact is that “harmful to children” is a pablum phrase used to pander to a small minority of Americans and to attempt to control how Americans think and speak.
These same people criticize Google, MSN, and Yahoo for adhering to the laws of countries where they provide a service. The United States expects no less from foreign corporations doing business here. It is even more bizarre when these representative of the United States work overtime to censor fellow Americans and then criticize the search engine companies for following the censorship requests or demands from other governments. Perhaps our censorship is believed to be more noble than theirs.
Back at the school district, Markley should consider thanking Google. After all, Google, MSN, and Yahoo (and many other search engine companies) are well behaved. They honor the robots.txt file which tell them what not to index. They don’t try to break into permission protected directories. And, Google had no argument with deleting the sensitive student information.
There are other companies that are more nefarious. These are companies that will crawl a website stem to stern, ignore the robots file, and repeatedly try to enter directories that are closed to the public. Some of these companies will spoof their identity so it is not obvious from looking at server logs who they are. Sometimes they leave droppings in the form of server errors in their attempt to break into unauthorized areas. Markley has no idea how many of these bottom feeders have gained deep access into his school systems servers.
The superintendent used malarkey to avoid placing responsibility where it belongs. He claimed that the school system’s server was “very secure.” If it were secure, this would not happen. His attempt to divert attention is interesting. He stated that there were private businesses that did not have good security. That is true, but not the issue. This was a poor attempt to direct parent’s attention to other places rather than the school system where the problem occurred.
There have been several prior incidents where Social Security information was exposed to the exploitation of internet vandals. Some of the victim organizations took the hint and stopped using Social Security Numbers for identification. This really needs to be prohibited. These organizations also took responsibility and became better at security.
So blaming it on Google or any other search engine is deceptive. Congress censors Americans and criticizes search engines for complying with requirements of other countries to censor information. The Bush Administration is vocal about search engines supplying information to other countries for criminal charges and then demands information for our citizens under the guise of protecting children or national security.
Markley blames Google for coming in the front door and accessing information that is supposed to be protected but was not. He ignores the fact that using Social Security Numbers for identification is a really bad idea. He ignores the fact that there is obviously an unsecured path to private information. And, he has no idea who or what is really crawling the school district’s web site and servers and how deep they go.
* An article about this breach and reaction appeared in the Winston-Salem Journal North Carolina on 24 June, 2006.
by Brian McCorklein category Rants