Reader JG notes this disturbing incident, an echo of my privacy scenario post.
Michael Michalski worked for Allegheny County, Pa., as an emergency dispatcher. He began running searches on the internal computer network and databases to locate his former girlfriend…A supervisor… became aware of Michalski’s misuse of government databases and placed him on a deferred suspension….Because he still had access to the databases before his suspension began, Michalski continued to gain unauthorized access to personal information about Phillips….Then, while on suspension, Michalski phoned his co-workers at the call center, who allegedly helped him continue the database lookups even though they were aware it was for an illicit purpose.
On Oct. 29… the supervisor met with Michalski and confronted him…Later that day, Michalski shot and killed his ex-girlfriend, Ferderbar, and her new boyfriend, Phillips, according to a Pittsburgh Post-Gazette article.
Sed quis quaerodiet ipsos quaeres? (Probably bad Latin) Who searches the searchers?
Any database of private information should have a reinforced audit trail and enforced access layers. A system such as that could restrain certain patterns of searches, alert supervisors, or prevent others from performing similar searches after it was identified.
Doesn’t sound like there was a question of them being aware that the searches were happening (although it’s unclear how they became informed of them), there should have been a straightforward way to cut off access to specific kinds of searches or databases on an individual level.
1- There are softwares available that would allow an I.T. Manager to instantly cut off access of a suspended employee from a Database, but sadly, no one could have controlled his colleagues from helping him.
2- Equally as disturbing, is the lack of concern about Pro-active communication … read the excepts below.
ONE GODD**M phone call could have prevented this…
In terms of the privacy concern, since this person was working for an emergency call center – that was part of the county’s law enforcement umbrella – those databases MAY have been intergrated for a reason.
The permissions to look up detailed information may have helped save lives or prevent crimes. But perhaps a compromise could be enacted where a Supervisor would have to sign-off on certain TYPES of personal detailed look-ups, or given a mandatory second pasword to open the database.
(lets just hope that supervisor does not have a breakdown)
Sadly, I wouldn’t be surprised if the media uses this story as another reason to outlaw guns or attack gun rights. Which of course ignores the important issues involved.
I think that in this situation, the people who helped him get info and the people who didn’t deactivate his access quickly enough should be charged with accessory to homicide. Of course, I don’t think the law would lead to that, but that’s my take.
Make the punishment fit the crime, so maybe not a lot of prison time, but definitely something harsh enough to make people take other people’s information seriously.
A similarly asinine story happened last year in a county near Houston, TX, where they scanned on tons of homeowners’ papers at one county clerk’s office. The hitch? Those now-available-on-the-net papers included social security numbers. And what did the clerk’s office say about that? That it’d be too expensive to change what was put online now that it’s already up.
Ridiculous. If people don’t start taking this stuff more seriously, somebody’s going to get … oh, wait.