Once information has been released it is almost impossible to recover what has been published. The more sensitive or 'interesting' the information then the more likely it is that it will eventually reach widespread dissemination. Efforts to suppress distribution can and often do backfire (Streissand effect) and this is the lesson that Matasano Chargen has experienced first hand with their accidental release of the technical details behind Dan Kaminsky's DNS discovery.
Other times, the inadvertent release of information can come back to the user in odd ways. A case that received coverage in the RISKS digest should give anybody reason to pause and think twice about exactly what it is that is being sent out across the Internet.
A part time school library employee in New York was arrested and held for more than 30 hours after a complaint was levelled against him by his supervisor. The employee has since filed a Civil Rights Lawsuit, claiming false arrest and malicious prosecution.
What led to the arrest and subsequent lawsuit?
The employee's supervisor mistyped his email address when exchanging emails about the whereabouts of a library key and sent it to a Ben Hallowell, not William Hallowell, the employee.
In a case of poorly attempted humour, Ben Hallowell replied to the supervisor claiming that the key had been sold for hookers, drugs and a gun and then went on to suggest a sexual encounter with the supervisor in the library.
Ben Hallowell didn't identify himself in the replied email and so William Hallowell was arrested based on the content of a reply that he didn't send to an email that he didn't receive.
Further complicating the matter was the length of time (four months) that it took for the Prosecutor's Office to dismiss the case against the employee.
Unfortunately this seems to be a problem that isn't isolated, with two other significant cases in the last 12 months where employees have faced legal prosecution and loss of employment due to other employees (and in one of the cases IT staff) not comprehending that the disagreeable content on the victim's systems were the result of malware and not intentional activity by the victim. For Julie Amero and Michael Fiola it has been the widespread media coverage of their plight that has helped raise awareness of what happened but it still hasn't completely been resolved, with Julie Amero still facing legal challenges more than 12 months after the incident took place. It is doubtless that there are many others out there who have not had the benefit of public scrutiny to clear their names and who now find themselves at some disadvantage due to someone not understanding what they have done or are seeing.
Of course, you could always blame potentially incriminating data and activity on hackers, much as Detroit's mayor is doing to try and prevent the release of text messages that could implicate him in perjury and other criminal activities.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.