Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Japanese Gov't Accidentally Shares Internal Email Over Google Groups

Soulskill posted about a year ago | from the top-secret-for-everyone's-eyes-only dept.

Japan 25

itwbennett writes "An official at Japan's Ministry of the Environment created a Google Group to share email and documents related to Japan's negotiations during a meeting held in Geneva in January, but used the default privacy settings, which left the exchanges wide open. According to Japan's Yomiuri Shimbun newspaper, over 6,000 items, including private contact information of government officials, was publicly accessible. Michihiru Oi, a ministry official, said the ministry has its own system for creating groups and sharing documents, but it doesn't always function well outside of Japan, sometimes leading to 'poor connections' and a 'bad working environment.'"

cancel ×

25 comments

Sorry! There are no comments related to the filter you selected.

The cloud. (0)

Anonymous Coward | about a year ago | (#44264817)

Default allow.

It's as secure as the desktop ca. 1995.

If you still take humanity seriously, it's only because you're dull.

They should always operate this way (5, Insightful)

ebno-10db (1459097) | about a year ago | (#44264861)

This mistake should be the standard way of working for all governments.

Re:They should always operate this way (2)

Frontier Owner (2616587) | about a year ago | (#44265025)

should, but the officials personal contact details, perhaps not.

Re:They should always operate this way (1)

Anonymous Coward | about a year ago | (#44265193)

Personal contact details, shouldn't be publicized, but their official government contact details certainly should. And they shouldn't be using their personal accounts to conduct government business.

Re:They should always operate this way (1)

ShanghaiBill (739463) | about a year ago | (#44265683)

Personal contact details, shouldn't be publicized, but their official government contact details certainly should.

A senior member of the government is going to receive thousands of emails every day from citizens, maybe a few dozen from staffers, and a few from family or friends. Those should be three different addresses.

Are you seriously suggesting that the number for the phone on Obama's desk in the Oval Office should be public information?

 

And they shouldn't be using their personal accounts to conduct government business.

A work email address is private information, but it is not a "personal account".

Re:They should always operate this way (1)

davester666 (731373) | about a year ago | (#44268215)

Tell that to Sarah Palin.

Re:They should always operate this way (0)

Anonymous Coward | about a year ago | (#44267223)

I suppose this is what they mean by security through obscurity.

Security backfire? (3, Insightful)

Urban Garlic (447282) | about a year ago | (#44264917)

So the article and summary hint at a common problem -- "the ministry has its own system for ... sharing documents", which "doesn't always function well outside of Japan". I've seen this in more than one enterprise, where the IT guys meet the need of users to securely move data around by buying or building a secure solution, and they pay very careful attention to the security, but less attention to the usability. Users will go for ease-of-use every time, and aren't thinking about security, so mistakes like this happen.

The obvious solution is to make the secure system easy to use, but usability itself is hard to get right, secure usability is very hard.

Re:Security backfire? (1)

Rich0 (548339) | about a year ago | (#44276027)

Sounds like my company's smartphone policies. They whitelist specific models, and generally turn all of them down (well, unless their names start with an "i"). So, the 90% of company employees who aren't covered end up forwarding mail/calendars/etc to completely insecure outside services, where they're synced to their phones.

I guess the company gets plausible deniability out of the deal, but that's about it. The employees get a sub-standard experience compared to just being allowed to directly sync, and the companies data gets mirrored who-knows-where.

Too Easy (2, Funny)

Anonymous Coward | about a year ago | (#44264927)

Come on guys. You can't make it too easy for the NSA or they'll suspect a honey pot.

Oh Japan.. (2, Insightful)

paysonwelch (2505012) | about a year ago | (#44264977)

The scary thing is that they were using Google a private US company to share private international secrets. This is just sloppy in my opinion. I mean.. come on how seriously are they trying to protect this sensitive information if they are uploading it to third party servers which probably never delete data and just deep freeze it?

Japan is more advanced than us (4, Funny)

gubon13 (2695335) | about a year ago | (#44265017)

They've already accepted that Google has all of their information anyhow.

Re:Oh Japan.. (1)

KingMotley (944240) | about a year ago | (#44265951)

How exactly is Google a private US company?

Re:Oh Japan.. (1)

KingMotley (944240) | about a year ago | (#44266013)

Google is actually a publicly traded international company with headquarters in the US. Is it that the headquarters that is in the US that bothers you? Or that the CEO is from the US? What makes either of those things more suspect than if Google was run by a German national with headquarters in the US, or a CEO born in the US with headquarters in Germany? Or is it that Google does business in the US? So if google had a German CEO, HQ in Germany, and did some business in the US, does that make it more suspect?

Re:Oh Japan.. (0)

Anonymous Coward | about a year ago | (#44266657)

Welcome, KingMotley.

News stories you missed while hiding under a rock:

1. PRISM
2. ...

No problem here (1)

mu51c10rd (187182) | about a year ago | (#44265021)

That's ok...the NSA has all the data already anyway...

It's okay... (1)

hahn (101816) | about a year ago | (#44265029)

The only person who cares is the person who accidentally posted it.

What was in it? (0, Troll)

Iniamyen (2440798) | about a year ago | (#44265065)

How much of it was tentacle porn?

You still risk jail time if you look at the files. (3, Insightful)

140Mandak262Jamuna (970587) | about a year ago | (#44265123)

The way most official secrets acts are written, it has some boilerplate language with a whole bunch of "whereas" and "notwithstandings" and eventually boil down to making it a crime to access government secrets, no matter how trivial or non-existent the protections were nor how clueless and braindead the officials were. Usually it has no due-diligence requirements on the part of the government to protect the secret data. It is usually a crime to look at what the government considers secret even if it was done accidentally, inadvertently.

Laws are actually drafted by government officials and they insert enough language to protect their tails.

Re:You still risk jail time if you look at the fil (0)

Anonymous Coward | about a year ago | (#44265653)

I was just about to say something about this... Given past history, you'd likely be accused of "hacking" for going onto a publicly accessible Google Group.

Re: You still risk jail time if you look at the fi (0)

Anonymous Coward | about a year ago | (#44266365)

Um no?

Only people with security clearances are not allowed to view classified information without authorization, at risk of losing their clearance.

It's not illegal for everyone else to view it. See pentagon papers FFS, and the government does due diligence to keep classified information secret including punishing those who leak it, EVEN accidentally, WTF are you talking about? We can even get in trouble for not having the proper cover sheet for classified papers.

As long as they don't leak their military secrets (0)

Anonymous Coward | about a year ago | (#44265195)

I know, I know. Japan has a very competent national defense force and they are all a great bunch of guys.

Pwned (0)

Anonymous Coward | about a year ago | (#44266293)

Your privacy might be worth a lot to you, but to Google it's something they can sell for $$$. Google makes cash out of selling ads. Not out of protecting privacy.

Default is off for sharing groups outside domain (1)

Anonymous Coward | about a year ago | (#44266511)

I"m surprised a Googler has not spoken up. I'm administrator for several Google Apps Business accounts and the source article is inaccurate. The default settings are to not share groups with outside domains. I really doubt the product marketed to governments is less restrictive than the Google Apps for Business. I don't work for Google - I'm an independent small business consultant.

I got it! (1)

sgt scrub (869860) | about a year ago | (#44266977)

I spotted a mistake in the post but will fix it for you real quick.

"An ex-official no longer at Japan's Ministry of the Environment created a Google Group to share email and documents related to Japan's negotiations during a meeting held in Geneva in January, but used the default privacy settings, which left the exchanges wide open."

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?