Court Allows Arkansas To Hide Wikipedia Edits

← Back to Stories (view on slashdot.org)

Court Allows Arkansas To Hide Wikipedia Edits

Posted by Soulskill on Saturday December 20, 2008 @01:15AM from the change-we-don't-believe-in dept.

rheotaxis writes "A circuit judge in Arkansas will not order the state to reveal where its computers were used to edit Wikipedia articles about former governor Mike Huckabee while he was running for President. Two Associated Press journalists used WikiScanner to track the edits to IP addresses used by the state. Writer Jon Gambrell and News Editor Kelly P. Kissel filed a suit in October 2007 asking the state to reveal which state offices used the IP addresses, because state rules don't allow using computer resources for political purposes. The director of the Arkansas Department of Information Systems, Claire Bailey, claimed in court that releasing this information would allow hackers to target these state offices."

31 of 145 comments (clear)

Huh? by Anonymous Coward · 2008-12-20 01:21 · Score: 4, Funny

What, you need more then a IP to hack a computer?
1. Re:Huh? by The+MAZZTer · 2008-12-20 03:38 · Score: 2, Insightful
  
  If you're the RIAA that's all you need to sue.
2. Re:Huh? by AmberBlackCat · 2008-12-20 04:27 · Score: 4, Informative
  
  What's interesting here is they were able to shutdown an investigation into government corruption in the name of security. I guess it's not just for federal government anymore.
3. Re:Huh? by Smallpond · 2008-12-20 09:20 · Score: 2, Informative
  
  That's for private investigators - note the "private". If you aren't investigating private persons, then you don't need a PI license.
4. Re:Huh? by Tenebrousedge · 2008-12-20 13:54 · Score: 2, Interesting
  
  A link to opensecrets would have been sufficient. Most of the Media money goes to Democrats, most of the Oil money goes to Republicans.
  Pointing this out is not particularly insightful; the troll mod is justified. Making Democrats out to be particularly heinous because they accept money from the RIAA is disingenuous. As far as leeches on society go, the MPAA/RIAA are not the greatest, and the issue of bribery crosses all party lines.
  
  --
  Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
Secrecy or Transparency? by BadAnalogyGuy · 2008-12-20 01:23 · Score: 3, Insightful

It is certainly a fine concept to want a fully transparent government. We (at least those of us here at Slashdot) demand the same of our operating system. And likewise, we try to argue that "security through obscurity" is a useless endeavor.
However, the security of systems relies at some point on the obscurity of certain pieces of data. Whether it be a user password or a map of a network topology, the information itself has no real reason to be made public just for the sake of openness, one could argue.
Even considering that the system may have been used inappropriately, is the crime worth the possible destruction of the entire network at the hands of hackers? Shouldn't there be a great deal of discretion when risking opening up of confidential information that could have a severe detrimental impact on society as a whole?
1. Re:Secrecy or Transparency? by RiotingPacifist · 2008-12-20 01:37 · Score: 5, Insightful
  
  I fail to see how network topology is something to be hidden, the computers either in front of a firewall and thus mappable anyway or behind one and so it doesn't really matter if you have the IPs because you cant send any traffic to them anyway.
  A map of a bank's safe isn't much use if the bank is secure.
  
  --
  IranAir Flight 655 never forget!
2. Re:Secrecy or Transparency? by nurb432 · 2008-12-20 01:38 · Score: 4, Insightful
  
  Why would i be entitled? Well, its owned and paid for by the public.
  I agree its a sticky situation, but never forget the government is the people, funded by the people and works for the people.
  
  --
  ---- Booth was a patriot ----
3. Re:Secrecy or Transparency? by Gorshkov · 2008-12-20 01:43 · Score: 5, Insightful
  
  However, the security of systems relies at some point on the obscurity of certain pieces of data.
  if it relies on obscurity, then it's not secure, period.
  
  Whether it be a user password or a map of a network topology, the information itself has no real reason to be made public just for the sake of openness, one could argue.
  A user password IS a secret, and is intended to be. Internal network topology is a way of organizing a network for administrative purposes, and is in NOT designed, nor CAN be be designed, to provide security.
  
  Some topologies make it easier to secure certain things, yes - but that is an administrative consideration in selection of a topology made to make implementing security easier; it is not, in itself, a security measure.
  
  Lastly .... the information was not sought "just for the sake of openness" - it was sought as part of the process to discover who had been engaged in criminal behaviour.
  
  is the crime worth the possible destruction of the entire network at the hands of hackers?
  If knowing which particular device is enough to give hackers the ability to destroy an entire network, there's a butt load and a half of network administrators working for the state that need to be fired - and the sooner, the better.
4. Re:Secrecy or Transparency? by Jeff+DeMaagd · 2008-12-20 02:03 · Score: 5, Insightful
  
  Using government resources to edit wikipedia entries does not sound like an ethical thing to do, anonymously or not. In this case, it looks like taxpayer money being used for political gain, another no-no.
5. Re:Secrecy or Transparency? by wilder_card · 2008-12-20 03:24 · Score: 4, Interesting
  
  Gorshkov (932507) said: ...there's a butt load and a half of network administrators working for the state that need to be fired - and the sooner, the better.
  Unless Arkansas' IT department is radically different from those of states I'm familiar with, this is pretty much a given. You didn't really need the qualifying "if".
6. Re:Secrecy or Transparency? by Jeff+DeMaagd · 2008-12-20 04:18 · Score: 4, Insightful
  
  I don't know how what you're saying even applies. Most Obama supporters are not in the Obama campaign, Obama's campaigns don't have access to Ohio government resources like some in Huckabee's campaign might have been in Huckabee's home state, nor did Obama ask his supporters to violate the privacy of Samuel Joseph Wurzelbacher. Don't conflate these situations needlessly. All those that misuse their government office for election gain should be held accountable. In this case, it looks like maybe those in the Huckabee campaign may been doing this, but this veil of secrecy prevents knowing whether this is true. Maybe that this was the work of an independent Huckabee supporter, but without a proper investigation, we won't know. In SJW's case, Ohio government resources aren't under Obama's jurisdiction.
7. Re:Secrecy or Transparency? by sumdumass · 2008-12-20 05:54 · Score: 3, Insightful
  
  if it relies on obscurity, then it's not secure, period.
  No, that isn't exactly correct. Obscurity is good at protecting against unknown exploits that are targeted at specific agencies. This is a branch of government who might actually be a target more so then a website or something. We know there are zero day exploits and puting a sign up saying the important shit is here probably isn't the best idea.
  So while security through obscurity is crap, there are still legitimate reasons for not wanting the IP locations or departments to be public knowledge.
  
  Lastly .... the information was not sought "just for the sake of openness" - it was sought as part of the process to discover who had been engaged in criminal behaviour.
  Well, no. This isn't really criminal behavior. First, Arkasas state law allows for campaigning to be done on state property if hte office or space is open to the public for this purpose without regard to political party or affiliation. Violation of that is a misdemeanor. Second, all you have so far is allegations from two reporters, you don't have any official criminal proceedings. So even if it is unethical or appears that way, there are perfectly legal ways in the State of Arkansas that it could have happened.
  So the corect statement would be more like "The information was not sought "just for the sake of openness" - it was sought as part of the private endeavors to discover if someone had been engaged in criminal behavior.
  
  If knowing which particular device is enough to give hackers the ability to destroy an entire network, there's a butt load and a half of network administrators working for the state that need to be fired - and the sooner, the better.
  Government networks are gifted with resource shortages, out of date technology and so on. It's logical to expect any government network to contain routers that are 15 years old that might still have the superman password hard coded in the firmware, it's entirely possible that some agency is still using windows 2000 or worse, windows 98. A lot of the technology decisions are over ruled or determined with political expectations.
  I actually work with some governments and I see this all over the place. I'm not in Arkansas but here is how the situation plays out, An group of angry citizens calls in and complains because the pot holes in from of their drive still isn't fixed and it has chewed up another tire or causes suspension damage when they hit is at 10 MPH over the speed limit(of course they don't admit to speeding). Now this is more from a local governmental perspective but it can easily transfer to higher offices with a little but different of a scenario play out. Anyways, the state or county goes and fixes the pot hole then the money to upgrade the server is missing from the budget so it has to wait another 90 days or so. Or there is a rash of crimes in the area and the police work overtime to catch the criminals or deter the crime and then the police budget is used up, cuts go from somewhere else, there goes the router upgrade until next year. And Sure, it's probably a piss poor job of communications when the IT guy can't make the case for why the routers need replaces or upgraded above the pothole being fixed or the crime wave being addressed but the people ultimately making these decisions are the emotional and political officers who depend on the public to get reelected so it is going to happen.
  But this decision didn't say the network will be hacked, it said it gives the hackers a (refined) target. As I mentioned earlier, there are zero day exploits and if your subject to the will of a politician or MS or Cisco or Dell or some other company, you are going to be subjected to them. A firewall isn't always capable of protecting the computers, Symantec just had a big problem in their internet securities and firewall program
Next question by Concern · 2008-12-20 01:50 · Score: 4, Insightful

Should that circuit judge be able to keep their job?
After all, he's blatantly participating in a cover-up of illegal activities in the Arkansas state government.

--
Tired of Political Trolls? Opt Out!
1. Re:Next question by elnico · 2008-12-20 02:20 · Score: 2, Interesting
  
  After all, he's blatantly participating in a cover-up of illegal activities in the Arkansas state government.
  Either that, or it's just not the job of citizens to go around doing "investigations" into relatively minor breaches of state law.
  Look at it this way. Is it more likely that these journalists are true sentinels of fairness and democracy and are about to uncover a massive and elaborate plot to illegally elect Huckabee in '08, or is it more likely that they need someone concrete to point the finger at for a tabloidesque story on an ultimately inconsequential Wikipedia edit.
2. Re:Next question by evanbd · 2008-12-20 02:42 · Score: 4, Informative
  
  Corruption in government should be investigated and cleaned up, even on small scales. If you leave it alone, it will fester. And yes, using government resources for political gain is corruption.
Security through obscurity by MosesJones · 2008-12-20 01:52 · Score: 4, Insightful

This isn't about transparent government v security. Security through Obscurity is the well known worst approach to security that you can have, because if anyone ever does get that information (hell bribing a sys admin can't be that hard if you really want the info) then your have no security.
Its a bogus claim and a bogus judgement. If they were claiming that it shouldn't be released because editing Wikipedia isn't actually a political thing anyway then I could see a reason to toss it out. But the risk of hackers "targetting" bits of the network is just plain bogus, the implication is that these IP addresses are therefore in some secure part of the (ARKANSAS!) government and those IP addresses have already been released. What is being asked is a map back from a known IP address to its source. Claiming that knowing the physical source would some how make security worse is like saying that "Sure you have the keys, you know where the front door is and you can get in.... but I'm not telling you the NAME of the house".
Having the IP address is like having 1600 Pennsylvania Avenue and the keys to the door but the government not telling you that it is called the "Whitehouse" for security reasons.

--
An Eye for an Eye will make the whole world blind - Gandhi
Will this balloon? by Registered+Coward+v2 · 2008-12-20 02:00 · Score: 2, Insightful

The real problem for Gov Huckabee is that if he plans to run again for President this will become an issue - an IPGate that he wants to avoid so it can't be used against him. Of course, the press will start to look for other ways to get the information. Of course, the real problem is the coverup - did the Gov order the information not to be released? Did he know someone in government was using official computers for political purposes?

--
I'm a consultant - I convert gibberish into cash-flow.
Hacking by A_Lost_Frenchman · 2008-12-20 02:01 · Score: 2, Funny

It's true ! Releasing this information would allow hackers to target these state offices in person.
Government corruption by Anonymous Coward · 2008-12-20 02:04 · Score: 4, Insightful

When I read that the "state rules don't allow using computer resources for political purposes" it seems clear to me that someone broke the law by using one or more State of Arkansas computers to perform the edits. The decision by the State court tells me that they are either clueless about technology or there's collusion between State agency's. Now, that couldn't be?
To say that I don't have to provide information in a criminal case because my computer could be hacked is laugh. Come on! ANY public IP address can attacked. The IT director is not telling the truth because she's either ignorant (and misinformed by her staff) or outright lying. She should be fired either way. Then again, lying seems to be a job requirement for most leadership positions within government nowadays. Maybe she gets a raise?
It's simple, a public IP address was used to break the law. The organization should be required to identify the internal machine that used that use that public IP address. Unless of course they no longer have the logs to provide that information. Oops, your honor, the logs weren't working during that time.
This story stinks of government corruption.
Huckabee 2012 by Doc+Ruby · 2008-12-20 02:07 · Score: 3, Interesting

When Reverend Huckabee runs for president again in 2012, just remember then that you can't see how much of his Wikipedia entry was cooked by his staffers still buried in the Arkansas government he controlled up until he ran for 2008.
Consider how Reverend Huckabee destroyed evidence on many state computers to cover probable crimes (hard to prove when he's destroyed the evidence) when he left office in Arkansas to start campaigning for president.
Reverend Huckabee stands for faith based government. Why shouldn't he rely on a "mysterious hand" to improve his image?
And keep in mind just how much power he'd have with a covert government built on the foundation installed by Bush/Cheney.

--
--
make install -not war
1. Re:Huckabee 2012 by Doc+Ruby · 2008-12-20 03:47 · Score: 2, Insightful
  
  #1: Obama is not a "grass roots person", he was the Democratic candidate, which is the largest political organization in the world. Nice try at making Huckabee look like Obama, when they're totally different. Especially since Huckabee isn't at all grass roots in any way.
  #2: Just because a snaky Rapture peddler says something rational doesn't mean the snake oil inside the sensible bottle is going to save you.
  #3: Huckabee didn't "let" McCain have the nomination. McCain ripped the nomination away from Huckabee. Or, more accurately, Republicans ignored Huckabee in favor of McCain. And not over the "fair tax"
  FWIW, I myself prefer a national sales tax (with all bare necessities exempted for everyone) replacing the income taxes. But I prefer Huckabee spend more time playing bass than playing president.
  Click the links I provided to see exactly what batshit crazy faithy government Huckabee has actually been working on his whole career. That is, if you prefer facts to faithy propaganda.
  
  --
  --
  make install -not war
2. Re:Huckabee 2012 by Z34107 · 2008-12-20 11:41 · Score: 2, Funny
  
  Click the links I provided to see exactly what batshit crazy faithy government Huckabee has actually been working on his whole career. That is, if you prefer facts to faithy propaganda.
  Funny... but most of those links are to the dailykos...
  
  --
  DATABASE WOW WOW
Re:That must drive Wikipedia Nazis up the walls by hobbit · 2008-12-20 02:29 · Score: 4, Funny

Why don't you sign in and say that ;)

--
"Wise men talk because they have something to say; fools, because they have to say something" - Plato
location, location, location by DotDotSlashDot · 2008-12-20 02:29 · Score: 2, Insightful

Knowing the name of the agency and the building would make it easier for reporters to pursue the truth about who did the editing and why. You can't question a suspect until you obtain knowledge about their current location and their presence at the place and time of the incident being investigated. It's not about computer security. It's about government agency PR and legal liability.
But if it only appears to be secure... by Chmcginn · 2008-12-20 02:34 · Score: 3, Interesting

A map of a bank's safe isn't much use if the bank is secure.
But the architect's drawing of the bank could reveal it's actually not very secure at all, if it reveals a point of attack that's easier than going after the vault door.

--
Have you been touched by his noodly appendage?
1. Re:But if it only appears to be secure... by unlametheweak · 2008-12-20 03:35 · Score: 2, Insightful
  
  But the architect's drawing of the bank could reveal it's actually not very secure at all, if it reveals a point of attack that's easier than going after the vault door.
  It's one of the concepts of open source software; such things can more easily be spotted and fixed when they are in the open.
On the other hand... by Somebody+Is+Using+My · 2008-12-20 03:06 · Score: 2, Insightful

Obviously the notion that they can't provide the IP information for security reasons is bogus. But could we not look at this decision as a win because it may set a vital precedent for similar cases in the future? The government has ruled it cannot be forced to give out IP information on people accused of wrong-doing on the Internet. By this logic, neither should ISPs or people who run a website be forced to surrender their logs at request. Surely the government wouldn't take privileges unto itself that it would not give to its citizens, right?
Oh yeah? by Nick+Driver · 2008-12-20 04:15 · Score: 2, Insightful

Internal network topology is a way of organizing a network for administrative purposes, and is in NOT designed, nor CAN be be designed, to provide security
Ever heard of Network Admissions Controls?
802.1x Authentication?
The largest threats to IT security comes from internal users and internal physical access.
Locking down internal access to your network resources is one of the biggest steps you can take towards improving security. The number of organizations who leave lots of unused RJ-45 wall jacks around their office buildings actively patched into hot switch ports is astounding. In that situation, all it takes is someone with a laptop and a few freeware software tools to plug in and do all kinds of "nifty things" on such a network.
Re:That must drive Wikipedia Nazis up the walls by moxley · 2008-12-20 05:53 · Score: 2

I'll take that truth, (where masses of ordinary people peer review said truth) versus the "truth" we get from mainstream news networks.
Re:That must drive Wikipedia Nazis up the walls by moxley · 2008-12-20 06:27 · Score: 2

If we still had the mainstream media of those days I would agree with you. Things are utterly and completely different now - we have a corporate/government controlled media with an agenda.