When Good Intentions go Bad
Two incidents from the last several days have provided excellent studies in how difficult it is to ensure that the data sets that you are working with are accurate, and also how much a website can be considered a mini-dictatorship - where whatever the site owner says, goes.
Popular blogging site, LiveJournal, has been busy deleting accounts that reference incest, sex abuse, paedophilia and other related vicious crimes. The deletions are the result of a third party that complained to LiveJournal that unless they deleted accounts that discussed the various matters, then they would present that information to the LiveJournal advertisers, in an attempt to force LiveJournal to take a financial loss if they did not delete the accounts.
The intent behind these deletions is admirable, however the implementation is causing some trouble. While there are deletions that are appropriate, it appears that many of the account deletions have hit blogs that have been established to help victims of abuse. Keyword-based deletions mean that no only will you hit the perpetrators, but you will also snare those who are supporting the victims.
Understandably, this has annoyed many of the site users. For a site where the community is tightly-knit (compared to many other sites), the apparently arbitrary deletions are having a much wider effect than would normally be expected. That many of the account holders are also paying subscribers means that there is also a financial basis for the incorrectly-deleted users to complain about.
In an ironic twist, the website of the group behind the original push to have the accounts removed is embedded with significant levels of spyware and other malicious software that will infect any unprotected system that browses their site.
Since the major outcry, the LiveJournal management have back-pedalled and acknowledged that a number of their deletions were in error, and they will be taking steps to try and ensure that those accounts are reinstated. From community reactions, it appears to be too-little, too-late.
The second major case affected MySpace, which recently introduced a plan to identify and suspend account holders who were sex offenders. As with the LiveJournal issue, it appears that one or more false-positives have resulted - an innocent woman was identified as a sex offender because she shared the same name and birthdate as an offender who lived in a nearby state.
Observers have pointed out that this suggests that MySpace is engaging in a fairly poor cross referencing of the government list of sex offenders that they are using as the basis for identifying users as potential sex offenders. This suggests poor validation, and ignorance that it is a simple process for users to supply false information in order to register on the site.
Fortunately for the user who was mis-identified, MySpace did not publicly identify the reason for the account suspension, which means that there would be no reason for other users to even know why the suspension took place. Unfortunately, even though MySpace is not responsible for the original database being used to cross reference names, it is turning over data from the suspended accounts to law enforcement, which could lead to dilution of the official databases with incorrect data.
1 June 2007
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.Comments will soon be available for registered users.