Note on Design of Monitoring Systems
Dissent reports “State Department official admits looking at passport files for more than 500 celebrities.”
A passport specialist curious about celebrities has admitted she looked into the confidential files of more than 500 famous Americans without authorization.
This got me thinking: how does someone peep at 500 files before anyone notices? What’s wrong with the State Department’s IDS systems?
One can get lists of famous people pretty easily. They’re not complete, but you don’t need complete. You simply track queries against it, and look at the outliers in your peepers list.
For the State department to have takens so long to notice, they’re obviously not doing this. I join Barack Obama, Hillary Clinton and more than 500 famous people in hoping they get on it soon.
Also, I wonder if the celebs got breach notice letters?
But to the question of what can you learn from this, think about how your employees might peep, and how you can catch that behavior on the cheap.
EPIC.org had uploaded a very redacted OIG audit conducted in July 2008 to http://epic.org/privacy/travel/pass/oig_report.pdf
But I haven’t found anything more recent than that.
And it’s not just celebrities’ files we should be concerned about as State Dept. was associated with a big ID theft ring case (also in 2008) where almost 400 people were notified: http://www.msnbc.msn.com/id/27475651/
So what did they do after that to prevent recurrences?