Torturing Open Government Systems for Fun, Profit and Time Travel

Presented at DEF CON 21 (2013), Aug. 2, 2013, 11 a.m. (45 minutes)

"I'm from the government and I'm here to help you" takes on a sinister new meaning as jurisdictions around the world stumble over each other to 'set the people's data free'. NYC boasts in subway ads that 'our apps are whiz kid certified' (i.e. third party) which of course translates to 'we didn't pay for them, and don't blame us if somebody got it wrong and the bus don't come.' This session reports on my (and other people's) research aimed at prying out data that you're probably not supposed to have from Open Government Systems around the world. For example, Philadelphia, PA cavalierly posted the past 7 years of political contribution receipts which contained the full names and personal addresses of thousands of people, some of whom probably didn't want that information to be out there in such a convenient form. The entire database was also trivially downloadable as a CSV file and analysis of it yielded some fascinating and unexpected information. Referring back to classic computer science and accounting principles like 'least privilege' and 'segregation of duties' the presentation will suggest some ways to have our Open Data cake without letting snoopy people eat it.


Presenters:

Links:

Similar Presentations: