个人数据保护是数据安全里面非常重要的一环,其不仅对个人会造成一定影响,也是在考验一个企业、一个国家数据保护的重要指标。一个鲜为人知的警务应用程序帮助60多个执法部门进行了多部门突袭,它可能已经将这些突袭的机密数据、尚未被定罪的嫌疑人,以及在某些情况下,参与行动的警员的机密数据泄露到公开的互联网上。据周三《Wired》杂志报道,此次泄密涉及ODIN Intelligence开发的一款名为SweepWizard的应用程序。
一、SweepWizard是否泄露了警官和嫌疑人的个人数据
SweepWizard可能泄露了数百名警官和数千名嫌疑人的个人身份信息。这些细节包括突袭的时间、嫌疑人住所的地理坐标、个人的人口统计信息,在某些情况下,还包括嫌疑人的社会安全号码。报告指出,这些信息和其他细节结合起来,可能会被用来向嫌疑人提示可能发生的突袭。Gizmodo无法独立证实《Wired》杂志的发现。
该报告称,SweepWizard可能总共泄露了5770名嫌疑人的位置和姓名。据报道,这些嫌疑人中有大约1000人的社会安全号码。与此同时,数百名警察的姓名、电话号码和电子邮件地址以及大约200项行动的细节也被牵连其中。
据《Wired》报道,该应用程序的数据最早可追溯到2011年,最近可追溯到2022年12月。所有这些暴露都是由于应用程序API中的一个漏洞,允许任何拥有确切URL的用户从网络浏览器中找到应用程序中的机密数据,而无需登录。
二、现在是否有证据表明ODIN或SweepWizard是因为遭到破坏而导致个人数据泄露
ODIN情报机构没有立即回应Gizmodo的置评请求。Gizmodo无法从苹果应用商店访问SweepWizard的网站和应用程序。该工具似乎已下线。ODIN情报机构的网站声称它与各种各样的执法团体合作,包括国家警长协会、国际警察局长协会和美国惩教协会等等。
“ODIN情报公司非常重视安全问题。”ODIN情报公司首席执行官Erik McCauley在发给《Wired》杂志的一份声明中说。“我们已经并正在彻底调查这些指控。到目前为止,我们还无法在任何ODIN系统中重现所谓的安全妥协。如果有任何证据表明ODIN或SweepWizard的安全遭到破坏,我们将采取适当的行动。”
多家此前曾免费试用过SweepWizard的执法机构现在表示,他们正在调查这款应用的使用情况。据报道,洛杉矶警察局去年在一场名为“保护无辜行动”(operation Protect the Innocent)的大规模性侵行动中使用了这款应用。洛杉矶警察局告诉《Wired》杂志,在一项正在进行的调查结束之前,他们已经暂停使用SweepWizard。
三、SweepWizard事件暴露出了执法做法可能导致的个人数据泄露隐患
所谓的SweepWizard事件暴露出一种日益普遍的执法做法的潜在陷阱:将警务工作外包给小型私营公司。从地方警察到联邦调查局(FBI)和国土安全部(Department of Homeland Security),各机构都表现出愿意有偿收集位置和其他个人数据的意愿,一些隐私倡导者将这种做法称为“法律漏洞”。所以如何通过技术手段保护个人数据安全既是在保护个人,也是在保护整个国家。
Personal-data protection is a very important part of data security, which will not only affect individuals, but also test an important index of data protection for an enterprise and a country.A little-known policing app that has helped more than 60 law enforcement agencies conduct multi-agency raids may have leaked confidential data about those raids, suspects who have not yet been convicted and, in some cases, the officers involved into the open Internet. According to a report in Wired magazine on Wednesday, the breach involved an app called SweepWizard, developed by ODIN Intelligence.
Whether SweepWizard leaked Personal data of officers and suspects
The details include the timing of the raids, the geographic coordinates of the suspects’ homes, the individuals’ demographic information and, in some cases, the suspects’ social Security numbers. That information, combined with other details, could be used to tip suspects off to a possible raid, the report noted. Gizmodo could not independently confirm Wired’s findings.
In total, SweepWizard may have revealed the locations and names of 5,770 suspects, the report said. The suspects reportedly had social security numbers for about 1,000 people. Meanwhile, the names, phone numbers and email addresses of hundreds of police officers and details of about 200 operations have also been implicated.
According to Wired, the app’s data goes back as far as 2011 and as recently as December 2022. All of this exposure was due to a bug in the application API that allowed any user with the exact URL to find confidential data in the application from a web browser without logging in.
Is there any evidence that ODIN or SweepWizard has been compromised to expose personal-data
The ODIN intelligence agency did not immediately respond to Gizmodo’s request for comment. Gizmodo is unable to access SweepWizard’s website and app from the Apple App Store. The tool appears to be offline. ODIN Intelligence’s website states that it works with a wide variety of law enforcement groups, including the National Police Chiefs Association, the International Association of Chiefs of Police and the American Association of Corrections, among others.
“ODIN Intelligence takes security very seriously.” Erik McCauley, CEO of ODIN Intelligence, said in a statement sent to Wired magazine. “We have and are thoroughly investigating these allegations. So far, we have not been able to reproduce the so-called security compromise in any ODIN system. If there is any evidence that the security of ODIN or SweepWizard has been breached, appropriate action will be taken.”
Several law enforcement agencies that had previously tried SweepWizard for free now say they are investigating how the app is used. the Los Angeles Police Department reportedly used the app last year as part of a mass sexual assault campaign called operation Protect the Innocent. The Los Angeles Police Department told Wired that it has suspended the use of SweepWizard until an ongoing investigation is concluded.
The SweepWizard incident exposed the potential for personal-data to be compromised by law enforcement practices
The so-called SweepWizard episode exposed the potential pitfalls of an increasingly common law enforcement practice: outsourcing policing to small, private companies. Agencies ranging from local police to the FBI and Department of Homeland Security have shown a willingness to collect location and other personal data for a fee, a practice some privacy advocates have labeled a “legal loophole.”So the
personal-data protection is very important to every one.
翻译文章来源:https://gizmodo.com/sweepwizard-police-app-data-expose-leaked-1849977290
本文由数字化转型网(www.szhzxw.cn)翻译而成,作者:Mack DeGeurin;翻译:数字化转型网郑亚茹;翻译审核:数字化转型网默然。
免责声明: 本网站(https://www.szhzxw.cn/)内容主要来自原创、合作媒体供稿和第三方投稿,凡在本网站出现的信息,均仅供参考。本网站将尽力确保所提供信息的准确性及可靠性,但不保证有关资料的准确性及可靠性,读者在使用前请进一步核实,并对任何自主决定的行为负责。本网站对有关资料所引致的错误、不确或遗漏,概不负任何法律责任。
本网站刊载的所有内容(包括但不仅限文字、图片、LOGO、音频、视频、软件、程序等) 版权归原作者所有。任何单位或个人认为本网站中的内容可能涉嫌侵犯其知识产权或存在不实内容时,请及时通知本站,予以删除。
