I'm very surprised they gave out this information. I'm not talking about the mistake, I mean the actual request. In the UK I don't think you could even get a production order for this. Like, it's effectively getting Communications Data simultaneously against thousands of people not suspected of any crimes??<p>Like, do people know that by emailing their local government their email address is now free for scammers to request under FOI? Could I request this data myself, then start emailing them scam emails "I know you contacted us in June, could you call me on 555-1223 etc"<p>This seems totally against the spirit of FOI
A few years ago I found a random SSD on the ground while on a walk with my son.
The drive contained unencrypted records which squarly fall under HIPPA. I also did the right thing and returned it to the proper owner and told them about how their mdb files were readable by anyone.<p>The same exact thing happened. They thanked me and then their lawyers nicely asked me to clone my hard drive and sign a bunch of shit.<p>It was not fun at all. A lot of them thought that I hacked something.
Interesting dataset. Data like this can be used to identify strong links between contractors and government officials.<p>One problem is that the metadata should have only contained <i>anonymized</i> entries for the email addresses of the counterparties of the Seattle.gov addresses, the article leaves this unclear.<p>Another potential problem is that if a case of corruption or nepotism is identified that has not been passed to the authorities for review that the author suddenly finds himself in the possession of data that can be used to blackmail some fairly powerful people, in fact there might be fish at a higher than city level government in the trawl because there have to be links between Seattle officials and state officials.<p>Yet another problem is that the addresses most likely contain the names of private individuals (including employees) as well, and I am not quite sure what to think of that but feel that the city has no business releasing that in cleartext.<p>A better way for amateur sleuths and the city government to work together to battle corruption would be to release only anonymized data to protect the identities of the people working for the city, for instance by releasing only hashes of the email addresses, for instance a hash@hash format where the hash for all Seatle domains is released to the requester. All the relevant analysis could still be done, and if something interesting was found it could be released to law enforcement who in turn should have then used a judge to order de-anonymization of those entries they are interested in.
> After that call, I asked my lawyer to reach out to their lawyer and was pretty much told that Seattle was approaching the problem as if they were pursuing Computer Fraud And Abuse (CFAA) charges. For information that they sent. Jiminey Cricket..
Somewhat related, I'm constantly shocked (maybe I shouldn't be anymore) at the tech ineptitude of cities that are supposed to be big tech hubs. I live in Seattle, and my regular tech complaint is we can't get the buses connected to an app that is accurate within +-10 minutes. I know it doesn't sound like much, but how much tech brainpower is here, and why isn't that tech shining more clearly?
The writer has fessed up to reading a lot of the emails. As evidenced by summarizing the content (e.g. cheating spouses, zabbix etc.). Wouldn't the responsible thing to do be stop reading the emails once you realise what is going on?
> The passive aggression is thick.<p>From this I can accurately deduce that you really were talking to a person in Seattle. /local-in-joke.<p>Pretty amazing story; Seattle, collectively, always tends to <i>mean</i> well, but so often they stumble.
> Seattle was approaching the problem as if they were pursuing Computer Fraud And Abuse (CFAA) charges. For information that they sent. Jiminey Cricket..<p>> So, I deleted the files.<p>Isn't it great to live in a country where we have generic felonies that governments can apply to just about anything involving a computer and ruin your life?<p>Land of the "free" and the home of the 'fraid.
I can't tell whether this is a testament to the incompetence of public IT operations or an indictment of public records keeping practice. Maybe both?
I was quoted almost $200k for a similar request for emails. I was trying to investigate a shady real estate deal, and they made it as difficult as possible. I was never actually able to get the information I requested.<p>I'm completely disgusted and fed up with corruption.
In case Matt Chapman is reading this -- the contact email at the bottom of the page (matt@mchap.com) is probably not correct, given that the domain mchap.com redirects to an australian photographer.<p>The alternative is that the email address is correct and Matt is redirecting his domain to another Matt Chapman, which would be totally hilarious.
To me, the most interesting thing in this entire post is the following:<p>> Funny enough, in the middle of that question, my internet died and interrupted the call for the first time in the six months I lived in that house. Odd. It came back ten minutes later, and I dialed back into the conference line, but the mood of the call pretty much 180’d.<p>I find that when strange things happen like this, they’re hardly coincidence. Did you run a traceroute after the disconnect anywhere? Did you see an IP address change? If so, was it a significant change in the CIDR block it was within?
I'm simultaneously impressed and saddened by how fast the responses for these FOIA requests were proceeded by the government.<p>And here in my country, I needed a court order to get <i>at least</i> an acknowledgement of my FOI request.<p>And now I'm petition court intervention to get the FOI processed in accordance with the law.
This could have been an extremely valuable dataset for the legal community. The Enron data is currently guiding much of our machine learning validation, simply because it's available.
FTA:<p>>Seattle's first response included a bit of gobsmackery that I’ve almost become used to<p>Brit here. I'm always amused that 'gobsmack' and its derived words are still used these days, more so across the Atlantic.<p>Roughly translated: lost for words, typically for a short time.
The dump includes email addresses, both government and private. That does not seem good.<p>There is a surprisingly little spam. Either that is about to change, or spam didn't get included in the FOIA.
Interesting read to learn of challenges cities have and what mistakes they make along the way, but the author comes across as defensive and quite arrogant.
I find the writer to be a bit of a dick in his responses. Yes, the city IT may not be at the same level as Google engineers, but there’s no need to mock their ballpark estimates, and after the mistake there’s no need to be a jerk about it. Be forthright about the error.<p>Consider being on the other side of this, due to a careless mistake the data for many people is exposed on a random strangers hard drive. Asking for an independent third party verification is reasonable.<p>Bringing lawyers in the mix was also unnecessary. And if more people follow in the authors actions then the state level FOIA laws may be put at risk over the long term.
It's clear they didn't have expertise to do it, and I'm tired of reading people that know way more looking down at others over it and assuming they don't want to comply. If they hiding something and malicious, the end result wouldn't have been to send way too much, but I don't see the author realizing this fast enough.
Author of article has no background/understanding of the "sunshine" laws in effect in WA. Those laws may (do) explain a lot of why things go this way with any/all FOIA in WA.<p>Source: 100s of FOIA requests to various WA government agencies.