Slashdot Mirror
FBI Databases Used for Stock Fraud
Phronesis writes "The Associated Press reports that two FBI agents have been indicted for conspiring with the owner of InsideTruth.com to short stocks and then leak information from the FBI's internal databases (e.g., unpleasant personal information about corporate officers). They also allegedly blackmailed companies with the threat of revealing such information. This case illustrates the failure of law enforcement agencies to implement adequate protection against the abuse of information they collect."
Why these guys were collecting such information in the first place. Seriously, there are a lot of privacy activists out there, but it seems to me that the vast majority of them are complaining about the cookie-of-the-month problem when what they should really be looking at are the kinds of scams government data collecting enables. Identity theft, for instance, wouldn't be possible if not for the ubiquity of Social Security numbers as a "citizen ID" of sorts.
Dog is my co-pilot.
So yet another case of government intruding privacy, and yet the same government is against encryption, embraces companies that sell privacy info and can't make a proper bill about privacy?
Little wonder we trust them.
Think nothing is impossible? Try slamming a revolving door.
Anyone who thought that the FBI is beyond reproach only had to look at the Hanssen case. This one, however, is even more interesting because it represents commercial use of sensitive information. I will treasure this as an example of why Governments should also have a 'need-to-know' applied to them.
This illustrates once again that the most frequent abuses of security are inside jobs. The vast majority of cases where security systems are breached for personal gain are done by people inside the organisations keeping the data.
How much bigger would this story be if the data had come from hackers penetrating the FBI? Since its an inside job, its not front page news.
We don't need huge security structures and new laws to keep out black hat hackers, we need a closer watch on people inside companies and organisations keeping data. And, if the data isn't needed for a clear purpose, it shouldn't be collected.
And that applies as much to government agencies as companies, since the people inside those, as this case proves, can't be trusted either.
Here's my suggestion: Have the FBI, or even some more reputable organization, run a full-bore background check on them, followed by total surveillance for some period of time from 30 days to life, depending on the seriousness of the violation.
Then post the results, complete with photos and video clips, on a website for the duration of the sentence.
I see that privacyviolators.com is available, as is publicstockade.com.
Come on. We've known forever that the FBI has huge files on tons of people, there where stories about the FBI file on einstein on here a week or so back. Had it been the actual FBI selling this information and not a couple of bad apple agents pissed they didn't get a raise this year then perhaps it would be a huge story.
As it is, this just shows they need a little stronger check as to who has access to what, but they did catch the people so I am assuming some checks are already there.
--"Karma is justice without the satisfaction"
Stock Fraud
:-)
Glad to see the FBI is doing something useful
Tales from behind the Lagom Curtain
otherwise they are just normal people. FBI employees around 30 000 people. A little city. I bet they use the database for criminal purposes hundreds of times every day.
A clip from here:
" The Webster commission is expected to recommend limiting highly sensitive files to those with a strong need-to-know -- "role-based access," in FBI jargon. "
'Expected to recommend...' exactly what is the procedure currently?!?! These systems and their databases are extremely scary.
As governmental databases will reach critical mass, especially with cross-indexing and cross-searches are made more and more common (Oracle database proposals anyone?), I can safely predict that this kind of abuse will only become more and more common.
Do you still think your government does not spy on you? Think again...
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
No. Fundamentally, this case illustrates the corruption of power. Governments are made up of lots of individuals, with their own problems, stresses and challenges. They are not angels. If the opportunity to profit from their position appears, many will take it. Putting more levels of bureaucracy and control is just a form of "moving the problem around."
If you want to grant the government more power to accomplish things, abuse of power is the natural, and practically inevitable result. Get used to it. It will happen more and more often over time as we surrender more and more of our freedoms. Especially for the never-ending war on terrorism.
The question we should be asking is "Why does the FBI have this data in the first place?", not "why aren't there sufficient controls to protect this data?"
This is an outrage! FBI agents using personal information collected by the agency on citizens to promote their own interests? Obviously we just need to change the administration of the FBI; after all, this would have never happened under the first and greatest FBI chief, J. Edgar Hoover!
Er... wait a minute...
Seriously, I've just come to expect that the FBI is going to be corrupt and incompetant until the day that it is disbanded and replaced by another institution, which will probably just follow suit anyhow. The place just begs for it; national authority, minimal oversight, intentional segregation from other government offices, a long history of this sort of abuse with little public repercussion, etc.
Where in the hell else do you think our extremists, fascists, and power-hungry psychos are going to try to get into? It sucks that there are actually some good people that work in the FBI since they have to get caught up in this crap as well, but at least there are good parts to it. But I'll be damned if I'm ever going to trust the FBI in general, given, oh, decades of an example to go by. The USA PATRIOT act did us a favor by potentially saving us a fortune in investigations by making legal what the FBI was going to do on their own anyhow.
"This case illustrates the failure of law enforcement agencies to implement adequate protection against the abuse of information they collect."
This case illustrates the failure of trusting and empowering large beaurocratic entities to snoop into everyone's lives in the mistaken notion that will somehow make us all "safer."
Individuals have never come close to committing the level and magnitude of atrocities that governments, including our own (USA), have, in terms of lives destroyed and even taken, not to mention human suffering in unthinkable numbers. Consider WW I, WW II, the Nazi regime, the Stalin regime, the Mao regime, the Khmere Rouge regime, the Saddam Hussein regime, and the Taliban regime. Even Osama bin Laden, with government support was unable to match any of those in shere atrocities committed (and what Osama "the fallatio queen" bin Laden did manage to do he likely couldn't have pulled that off without ongoing aid and support from the Taliban regime).
If events like these do not illuminate the fallacy of giving up freedom and handing the government authority over our lives in the mistaken notion that it will keep us safer, then really nothing will and our society as such is doomed.
The Future of Human Evolution: Autonomy
This sort of thing is the answer to that constant refrain when one tries to protest or object to the ever-increasing government surveillance, information and data interception and storage. "I've done nothing wrong, so I've got nothing to hide." You may not have broken the law, but mebbe your husband would be interested to know about that drunken fling a couple of years ago at the office christmas party, and say, aren't these expenses claims a bit... creative? And tell me, why ARE you browsing gay porn from home, what with you being married with kids? and so on, and on. Humans are of course the weakness in all these systems promoted by clue-lite technocrats - those politicians who advocate technological solutions to everything, but who don't read the RISKS digest, or CryptoGram, or Incidents, Bugtraq, "Crash!" (the Tonty Collins book, not the Ballard one...) and so on.
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
The real problem here is that our government is so powerful that it is allowed to collect such information on us in the first place. Look, people: it's an intelligence organization. Once they have the information, they are unaccountable to anyone as to what they do with it. There is no public oversight of the FBI, because that would violate "national security."
So, you think, "I'm not so important. The FBI isn't coming after me." Repeat the litany about not speaking up for the Jews, etc. and realize that this particular abuse is only one of countless ways in which our too-powerful federal government violates our rights on a daily basis.
Don't be so quick to give up rights you don't exercise: instead, think of what kinds of rights you exercise that the majority might not care about (fair use, use of strong cryptography, etc.), and realize that if you have the ability to surrender their rights, they have the ability to surrender yours.
Do you want small government? Join the Libertarian Party.
[ home ]
In this case, the FBI had a legitimate reason for having the data. The abused persons were under active FBI investigations at the time. As stated above, the agents would borrow shares of a small company when they knew that one of the principals of the company was under investigation. They'd sell the shares, leak the bad secrets, wait for the share price to fall, buy them back, return them to the original owners, and pocket the difference. It's certainly abuse, but in this particular case the FBI as a whole had good reason to have the data.
Virg
Actually, they were leaking information about ongoing investigations to affect stock prices. The way they'd do this is to borrow stocks in companies whose principal(s) were under investigation, sell the stock, leak the data, wait for the stock price to fall, buy back the shares, return them to the original owners, and pocket the rest. So, in answer to your question, the "who"s that wouldn't want this:
1.) The individuals under investigation. Remember, they are innocent until proven guilty, and more than half of people investigated by the FBI are exonerated, so the reputation damage done by the leak may not be deserved.
2.) The stockholders, both the ones from whom the stocks were borrowed and other stockholders whose investments are getting trounced by these leaks. Remember, more than half of these investigations do not result in charges.
3.) Others who are also being investigated by the FBI. What assurance do they have that they won't be the next targets of this?
4.) The stock market in general, which takes a very dim view of insider trading of any kind, since it undermines faith in the system, which is key to its survival.
That ought to be enough to start with. The thing to remember in this is that they were not just leaking data about past offenses, they were leaking the fact that they're under investigation currently.
Virg
People won't REALLY understand the scope of the SS#/identity-theft problem when you relate it as an ID number and not as a Password.
The solution is to detour companies from using your SS# number as a password by making them liable for any damages, then add some fines on top of that.
"Communism is like having one [local] phone company " - Lenny Bruce
It's amazing how as more and more police powers are being granted that the whole innocent until proven guilty thing is going out the window.
These days they collect information on bad tips, and hunches. The lack of oversight is appalling. I do admit that some of the laws where overly tight. The whole must get a warrant for each device for tapping is a bit extreme, even as a privacy advocate. What I don't like are the fishing expeditions that they're engaging in now. Especially they're imply threats against those who don't cooperate. The whole "your unamerican and not patriotic" if you don't wholly bend over and take it from law enforcement is a bit much.
Speeding for me is a great example. Arbitrarily enforced and most often broken by officers without need (no lights or sirens). It seems that many officers take their badge as a right to be outside the law. TV shows and movies make police look bad, but when some of the real stories come out... it's usually so much worse then the fiction that you wonder why we ever wanted to trust these people.
I will also be the first to admit that law enforcement is a thankless task. I do appreciate those individuals that are honestly serving.
You just can't win.
"This case illustrates the failure of law enforcement agencies to implement adequate protection against the abuse of information they collect."
Michael, take a deep breath. You're starting to sound like Jon Katz.
This case illustrates exactly why mandatory encryption key repositories are a bad idea. It illustrates why keeping excessive information is a problem. It highlights the fact that we don't live in a safe world.
We will never. Ever. Ever! eliminate leaks, corruption, and fraud. If the information exists at all, then there's no way of protecting it perfectly from unintended use. (Which, it occurs to me, is exactly why people have argued against copy-protection. Hmmm...) Sooner or later someone will find a way of getting to it and exploiting it.
Note also that (as others have pointed out), the law enforcement agencies worked!" The perps were caught and punished, exactly like they should be.
The only answer we have to threats like this goes as follows.
1) Limit the amount of information collected to what's necessary. (in this case, the info. was necessary. Private key repositories are definitely not)
2) Limit the amount of cross-referencing between separate databases.
3) Implement and enforce legal protections on the data.
4) Implement and enforce technical protections on the data.
5) (really 3a) When things are abused or leaked, punish the perpetrators and reevaluate policies 1-4.
This is old, old, OLD stuff but is changing now for a few reasons. Massive networking, storage, and databases are fundamentally contrary to items (1) and (2). Technology moving as fast as it is makes (4) a difficult moving target. The fact that too many people (legislators and judges especially included) consider this to be a different situation than it was 25 years ago makes (3) more complicated than it should be.
In other words, reevalutate, enforce, and repeat.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
If they are unaccountable, why are these agents being indicted for misuse of the information?
Isn't that a contradiction?