Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Blame game [Google posting student info]
JournalNow -- Nort Carolina ^ | Lauren Williamson

Posted on 06/26/2006 11:41:42 AM PDT by WaterDragon

Catawba County Schools took aim at Google Friday.

The system filed an injunction against the Internet search engine

The temporary injunction, granted by the Honorable Richard D. Boner, calls for Google to remove any information pertaining to Catawba County Schools Board of Education from its server and index and alleges conversion and trespass against the corporation.

In short, schools say Google grabbed information they shouldn’t have.

Google says they are wrong.

Either way, the names, Social Security numbers and test scores of 619 students were still bouncing around the Web for people with computers to find and read until late Friday, when the page was apparently removed.

Catawba County Schools chief technology officer Judith Ray said her department removed the file from its storage server Friday. They are also working to delete any other electronic files that may contain Social Security numbers or other secure student information.

The information was stored in the system’s DocuShare server, which required a username and password to access, Ray said.

“One of the students on the list had a presence on the Web,” she said. “In Google’s effort to get information on her, one of its spiders latched onto her name in this document. We were not aware that password-protected sites are set up like that. To our knowledge, Google could only cache unsecure information that did not require a password or username.”

(Excerpt) Read more at journalnow.com ...


TOPICS: Business/Economy; Constitution/Conservatism; Crime/Corruption; Culture/Society; Extended News; Miscellaneous; News/Current Events
KEYWORDS: bigunit; boner; google; idtheft; lawsuit; northcarolina; privacy; schoolboard; students

1 posted on 06/26/2006 11:41:45 AM PDT by WaterDragon
[ Post Reply | Private Reply | View Replies]

To: WaterDragon

The Honerable Dick Boner?


2 posted on 06/26/2006 11:44:27 AM PDT by bigcat32
[ Post Reply | Private Reply | To 1 | View Replies]

To: WaterDragon

"Honorable Richard D. Boner"

Oh, no, they didn't. Surely not! Cruel, cruel parents.


3 posted on 06/26/2006 11:44:37 AM PDT by MineralMan (non-evangelical atheist)
[ Post Reply | Private Reply | To 1 | View Replies]

To: WaterDragon

More:

In response to Judge Boner's injunction, Google V.P. for Community relations, Michael Hunt, said, "Neener, neener, neener.


4 posted on 06/26/2006 11:46:31 AM PDT by MineralMan (non-evangelical atheist)
[ Post Reply | Private Reply | To 1 | View Replies]

To: bigcat32

Maybe he's French. Bo-nair?


5 posted on 06/26/2006 11:46:49 AM PDT by HaveHadEnough
[ Post Reply | Private Reply | To 2 | View Replies]

To: WaterDragon

THeir system was secure. That isnt Googles fault.

Google spiders (any searche ngines spider really) is nothing more than a web browser that plucks links and follows it. If it hits a brick wall like a username and password, it wont get the document but it appears the system the school has doesnt block squat. I think the school should be sued by the parents if anything.


6 posted on 06/26/2006 11:47:05 AM PDT by smith288 (goBIGnetwork.com - You a startup?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: MineralMan
It looks like the school district screwed up and now they're trying to blame Google.

Oh, no, they didn't. Surely not! Cruel, cruel parents.

Always run your child's potential name in front of your friends. If they snicker, don't use that name.

7 posted on 06/26/2006 11:47:13 AM PDT by KarlInOhio (Never ask a Kennedy if he'll have another drink. It's nobody's business how much he's had already.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: MineralMan

Bet Dicky D had a tough childhood.


8 posted on 06/26/2006 11:47:13 AM PDT by edcoil (Reality doesn't say much - doesn't need too)
[ Post Reply | Private Reply | To 3 | View Replies]

To: MineralMan
"Honorable Richard D. Boner"

Dick D. Boner.... curiously, this just happens to be my porn screen name.

9 posted on 06/26/2006 11:48:57 AM PDT by Lazamataz (I hate asshat Islamics with Scuds in their Volkswagen Minivans.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: edcoil

"Bet Dicky D had a tough childhood."

Not as tough as his brother, A. Hugh Boner. Nobody's heard from him since his 14th birthday, when he ran, screaming from his home.


10 posted on 06/26/2006 11:48:58 AM PDT by MineralMan (non-evangelical atheist)
[ Post Reply | Private Reply | To 8 | View Replies]

To: MineralMan

The ideal husband for James Bond's girlfriend in Goldfinger!


11 posted on 06/26/2006 11:49:43 AM PDT by ProtectOurFreedom
[ Post Reply | Private Reply | To 3 | View Replies]

To: Lazamataz

"Dick D. Boner.... curiously, this just happens to be my porn screen name."



Ah, irony...


12 posted on 06/26/2006 11:49:49 AM PDT by MineralMan (non-evangelical atheist)
[ Post Reply | Private Reply | To 9 | View Replies]

To: MineralMan

I had a high school classmate (I graduated in 1974) named Richard B. Slack. You can imagine the hell he went through.


13 posted on 06/26/2006 11:49:54 AM PDT by P8riot (Stupid is forever. Ignorance can be fixed.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: WaterDragon
Honorable Richard D. Boner

I had a professor named Richard Head.

14 posted on 06/26/2006 11:50:45 AM PDT by fso301
[ Post Reply | Private Reply | To 1 | View Replies]

To: WaterDragon

It's not googles fault at all. They need to learn what robots.txt.

Here's freerepublics.

http://www.freerepublic.com/robots.txt


15 posted on 06/26/2006 11:51:24 AM PDT by bahblahbah
[ Post Reply | Private Reply | To 1 | View Replies]

To: bigcat32

And his wife, Ima.


16 posted on 06/26/2006 11:51:56 AM PDT by Izzy Dunne (Hello, I'm a TAGLINE virus. Please help me spread by copying me into YOUR tag line.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: WaterDragon
If Google's spider can effectively breach password protected web sites I would love to have a copy of that.

But it can't. Whatever linked to the page with the sensitive info is how google got there. If it was truly a login/password protected link, google's spider couldn't read it. I would suspect the school is either lying or someone else has posted a link to that page with login and password in the link URL. If the latter is the case, then the school is still wrong for having it's website poorly configured.

Has to be the school's fault, but don't expect them to take the blame, they NEVER do.
17 posted on 06/26/2006 11:52:10 AM PDT by American_Centurion (No, I don't trust the government to automatically do the right thing.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: American_Centurion
I'm betting the school had a password protected page, but failed to password protect the pages behind that page which contained sensitive info. The student's site must have linked directly to a non-password protected page. Poor website management.

If the school does not want Google searching their pages, they need to add code to the site to instruct the Google web spiders to skip the site.

18 posted on 06/26/2006 12:06:12 PM PDT by 6SJ7
[ Post Reply | Private Reply | To 17 | View Replies]

To: 6SJ7

Google bump...


19 posted on 06/26/2006 12:13:06 PM PDT by Palladin ("Governor Lynn Swann."...it has a nice ring to it!)
[ Post Reply | Private Reply | To 18 | View Replies]

To: American_Centurion

You nailed it- if they put the info on unsecure web pages THEY are at fault, not google.


20 posted on 06/26/2006 12:14:14 PM PDT by Mr. K (Some days even my lucky rocketship underpants don't help...)
[ Post Reply | Private Reply | To 17 | View Replies]

To: WaterDragon
Image and video hosting by TinyPic Catawba County Schools Superintendent Tim Markley discusses his frustrations with Google on Friday. The names and social security numbers of 620 students from Catawba County Schools are posted on the Internet search engine. ROBERT C. REED (RECORD PHOTOGRAPHER) -------------------------------------- If ever there was a "Caption this pic"...this guys is NOT happy with Google, no, not one little bit. "I'd like to get the guy in charge of Google and wrap my hands around his scrawny little neck and...!!" :-)
21 posted on 06/26/2006 12:15:16 PM PDT by pillut48 (CJ in TX)
[ Post Reply | Private Reply | To 1 | View Replies]

To: 6SJ7
If the school does not want Google searching their pages, they need to add code to the site to instruct the Google web spiders to skip the site.

Yeah, it's the school's fault. Google respects robot.txt files. Actually, it's a good thing that they found out through Google, there are LOTS of other spiders that are testing web sites for security holes. Heaven knows what else got out.

22 posted on 06/26/2006 12:15:23 PM PDT by glorgau
[ Post Reply | Private Reply | To 18 | View Replies]

To: 6SJ7
Yep, happens all the time. I frequently tell people that they SHOULD NOT put any information on the web that they don't want the whole world to see, and I'm constantly shocked at the number of people who will argue the point. Web servers are PUBLIC RESOURCES. When you publish information onto the Internet, you are putting it somewhere that the whole world can view. For non-programmers, effectively protecting sensitive data online is almost impossible.

Situations like the one you described are common...people will put the "protected" files in an otherwise public folder, and then limit access to it via a password protected page. Unless you're on a Unix box with a well crafted htaccess file, that just isn't going to work. All it takes is ONE person or ONE web page to link into your "protected" folder, and the security will be irreparably broken. It's the security equivalent of sticking a key under your doormat.

I once visited a webpage that had customer data hidden behind a "secure" login. The routine was written in Javascript, and was entirely client side. When I caught what they were doing, I was all set to get the password from the source code (hey, it's on my computer, it's perfectly legal for me to read it) and send the webmaster a flaming email, but when I looked at the code I found an even dumber mistake...the code contained the actual URL of the "protected" pages". I copied it into my browser, hit enter, and read this wonderful list of fairly sensitive client documents. That kind of stupidity was staggering.

23 posted on 06/26/2006 12:25:50 PM PDT by Arthalion
[ Post Reply | Private Reply | To 18 | View Replies]

To: WaterDragon
Quoth the IT weenie Ms. Ray...
“One of the students on the list had a presence on the Web,”... “In Google’s effort to get information on her, one of its spiders latched onto her name in this document. We were not aware that password-protected sites are set up like that. To our knowledge, Google could only cache unsecure information that did not require a password or username.”
It sounds like Ms. Ray is unaware of the fact that a null password isn't really a password at all. St00pid n00b.
24 posted on 06/26/2006 12:33:35 PM PDT by Redcloak (Speak softly and wear a loud shirt.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Arthalion

Perhaps someone with your technical saavy could have contacted them with a warning and offered to help secure the site. A little moonlighting that would also earn you the gratitude of your fellow (less technical) human beings.


25 posted on 06/26/2006 12:44:32 PM PDT by Libertina
[ Post Reply | Private Reply | To 23 | View Replies]

To: WaterDragon
School Finds Out It's Not Google's Fault

More controversy was added to the situation after some sources reported that Google spiders had "hacked" the school system's server to index the information. But both the school's chief technology officer and Google (and a few others with the skinny on how this works) say that Google crawlers cannot bypass password protection to access and cache content.

In short, it's most likely the school's error and if lawsuits ensue from the parents of affected students, Catawba County Schools Superintendent Tim Markley will likely be making the same face he's making in this photo

26 posted on 06/26/2006 9:49:31 PM PDT by af_vet_rr
[ Post Reply | Private Reply | To 1 | View Replies]

To: Libertina
Perhaps someone with your technical saavy could have contacted them with a warning and offered to help secure the site.

I've known people who tried to do this very thing and were accused of "hacking their computers".

Of course, accusing somebody who is pointing out your security problems is much cheaper than winding up with a bill from them.

The US Navy had a lot of information posted recently on service members and families, including SSNs and birthplace/dates, and the same thing happened.

Like others have said, if it's connected to the internet, unless you really secure it, it's fair game for Yahoo, Google, MSN, etc.
27 posted on 06/26/2006 9:53:19 PM PDT by af_vet_rr
[ Post Reply | Private Reply | To 25 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson