The ramifications from inadvertent release of information should give people
pause prior to sending or publishing information online.
Once information has been released it is almost impossible to recover what
has been published. The more sensitive or 'interesting' the information
then the more likely it is that it will eventually reach widespread dissemination.
Efforts to suppress distribution can and often do backfire (Streissand
effect) and this is the lesson that Matasano Chargen has experienced first
hand with their accidental release of the technical details behind Dan
Kaminsky's DNS discovery.
Other times, the inadvertent release of information can come back to the
user in odd ways. A case that received
coverage in the RISKS digest should give anybody reason to pause and think twice
about exactly what it is that is being sent out across the Internet.
A part time school library employee in New York was arrested and held for
more than 30 hours after a complaint was levelled against him by his supervisor.
The employee has since filed a Civil Rights Lawsuit, claiming false arrest
and malicious prosecution.
What led to the arrest and subsequent lawsuit?
The employee's supervisor mistyped his email address when exchanging
emails about the whereabouts of a library key and sent it to a Ben Hallowell,
not William Hallowell, the employee.
In a case of poorly attempted humour, Ben Hallowell replied to the supervisor
claiming that the key had been sold for hookers, drugs and a gun and then
went on to suggest a sexual encounter with the supervisor in the library.
Ben Hallowell didn't identify himself in the replied email and so William
Hallowell was arrested based on the content of a reply that he didn't
send to an email that he didn't receive.
Further complicating the matter was the length of time (four months) that
it took for the Prosecutor's Office to dismiss the case against the employee.
Unfortunately this seems to be a problem that isn't isolated, with
two other significant cases in the last 12 months where employees have
faced legal prosecution and loss of employment due to other employees
(and in one of the cases IT staff) not comprehending that the disagreeable
content on the victim's systems were the result of malware and not
intentional activity by the victim. For Julie Amero and Michael Fiola
it has been the widespread media coverage of their plight that has helped
raise awareness of what happened but it still hasn't completely been
resolved, with Julie Amero still facing legal challenges more than 12
months after the incident took place. It is doubtless that there are many
others out there who have not had the benefit of public scrutiny to clear
their names and who now find themselves at some disadvantage due to someone
not understanding what they have done or are seeing.
Of course, you could always blame potentially incriminating data and activity
on hackers, much as Detroit's mayor is
doing to try and prevent the release of text messages that could implicate him
in perjury and other criminal activities.