Slashdot Mirror
Court Allows Arkansas To Hide Wikipedia Edits
rheotaxis writes "A circuit judge in Arkansas will not order the state to reveal where its computers were used to edit Wikipedia articles about former governor Mike Huckabee while he was running for President. Two Associated Press journalists used WikiScanner to track the edits to IP addresses used by the state. Writer Jon Gambrell and News Editor Kelly P. Kissel filed a suit in October 2007 asking the state to reveal which state offices used the IP addresses, because state rules don't allow using computer resources for political purposes. The director of the Arkansas Department of Information Systems, Claire Bailey, claimed in court that releasing this information would allow hackers to target these state offices."
What, you need more then a IP to hack a computer?
I fail to see how network topology is something to be hidden, the computers either in front of a firewall and thus mappable anyway or behind one and so it doesn't really matter if you have the IPs because you cant send any traffic to them anyway.
A map of a bank's safe isn't much use if the bank is secure.
IranAir Flight 655 never forget!
Why would i be entitled? Well, its owned and paid for by the public.
I agree its a sticky situation, but never forget the government is the people, funded by the people and works for the people.
---- Booth was a patriot ----
if it relies on obscurity, then it's not secure, period.
A user password IS a secret, and is intended to be. Internal network topology is a way of organizing a network for administrative purposes, and is in NOT designed, nor CAN be be designed, to provide security.
.... the information was not sought "just for the sake of openness" - it was sought as part of the process to discover who had been engaged in criminal behaviour.
Some topologies make it easier to secure certain things, yes - but that is an administrative consideration in selection of a topology made to make implementing security easier; it is not, in itself, a security measure.
Lastly
If knowing which particular device is enough to give hackers the ability to destroy an entire network, there's a butt load and a half of network administrators working for the state that need to be fired - and the sooner, the better.
Should that circuit judge be able to keep their job?
After all, he's blatantly participating in a cover-up of illegal activities in the Arkansas state government.
Tired of Political Trolls? Opt Out!
This isn't about transparent government v security. Security through Obscurity is the well known worst approach to security that you can have, because if anyone ever does get that information (hell bribing a sys admin can't be that hard if you really want the info) then your have no security.
Its a bogus claim and a bogus judgement. If they were claiming that it shouldn't be released because editing Wikipedia isn't actually a political thing anyway then I could see a reason to toss it out. But the risk of hackers "targetting" bits of the network is just plain bogus, the implication is that these IP addresses are therefore in some secure part of the (ARKANSAS!) government and those IP addresses have already been released. What is being asked is a map back from a known IP address to its source. Claiming that knowing the physical source would some how make security worse is like saying that "Sure you have the keys, you know where the front door is and you can get in.... but I'm not telling you the NAME of the house".
Having the IP address is like having 1600 Pennsylvania Avenue and the keys to the door but the government not telling you that it is called the "Whitehouse" for security reasons.
An Eye for an Eye will make the whole world blind - Gandhi
Using government resources to edit wikipedia entries does not sound like an ethical thing to do, anonymously or not. In this case, it looks like taxpayer money being used for political gain, another no-no.
When I read that the "state rules don't allow using computer resources for political purposes" it seems clear to me that someone broke the law by using one or more State of Arkansas computers to perform the edits. The decision by the State court tells me that they are either clueless about technology or there's collusion between State agency's. Now, that couldn't be?
To say that I don't have to provide information in a criminal case because my computer could be hacked is laugh. Come on! ANY public IP address can attacked. The IT director is not telling the truth because she's either ignorant (and misinformed by her staff) or outright lying. She should be fired either way. Then again, lying seems to be a job requirement for most leadership positions within government nowadays. Maybe she gets a raise?
It's simple, a public IP address was used to break the law. The organization should be required to identify the internal machine that used that use that public IP address. Unless of course they no longer have the logs to provide that information. Oops, your honor, the logs weren't working during that time.
This story stinks of government corruption.
Why don't you sign in and say that ;)
"Wise men talk because they have something to say; fools, because they have to say something" - Plato
Gorshkov (932507) said: ...there's a butt load and a half of network administrators working for the state that need to be fired - and the sooner, the better.
Unless Arkansas' IT department is radically different from those of states I'm familiar with, this is pretty much a given. You didn't really need the qualifying "if".
I don't know how what you're saying even applies. Most Obama supporters are not in the Obama campaign, Obama's campaigns don't have access to Ohio government resources like some in Huckabee's campaign might have been in Huckabee's home state, nor did Obama ask his supporters to violate the privacy of Samuel Joseph Wurzelbacher. Don't conflate these situations needlessly. All those that misuse their government office for election gain should be held accountable. In this case, it looks like maybe those in the Huckabee campaign may been doing this, but this veil of secrecy prevents knowing whether this is true. Maybe that this was the work of an independent Huckabee supporter, but without a proper investigation, we won't know. In SJW's case, Ohio government resources aren't under Obama's jurisdiction.