Snips and such
> From: Jesse Wilkins <[log in to unmask] <mailto:[log in to unmask]>>
> Subject: Re: Register of deeds: Bill would 'destroy the integrity' of records
> Date: June 5, 2015 at 11:39:04 AM EDT
>
>
> The problem here is that the open records laws don't say, "it's open but
> you have to come to our vault, be grilled by administrative staff as to
> your interests, and begrudgingly be granted access." They mandate public
> access to certain records. Open records gadflys/concerned citizens know
> this and I know several who are making 6 figures a year by requesting lots
> of open records and suing when they are not provided.
The towns in the Northeast solve this problem in many regards by escorting the interested party into the vault or file room and allowing access. The person involved may not have a cell phone/camera in the vault and may only have a pencil without an eraser. (So no changes can occur to the Deed Books.) The visitor must define the nature of their search. Town Clerks are very helpful in assisting citizens. The Church of the Latter Day Saints travels around recording birth and death and marriage and genealogy for their work and the Towns typically are helpful. Many great finds come out of this.
The people trying to make a living out of finding an unresponsive records request often tire of days in vaults with helpful staff. They charge for copies at 25¢ each and if it is a long search they can charge for the attendants time. This is fair as the Town should not have to absorb the cost of one individual search.
> So I get the "law of unintended consequences" thing. However, the answer is
> not to wring our hands and bemoan the advent of the Internet,
I don’t bemoan the Internet. I find it most helpful but I bemoan the idiots who design systems that are so easily hacked. If Boeing acted in a manner like the IT community behaves, planes would fall from the sky on an hourly basis.
We need something like the FDA for computers that will not allow new technology to be released until it is vetted and secure and establish liability.
For example blade servers… how stupid! They run so hot they are a risk to the whole server room. The CRAC cannot keep up with the heat. Some engineer should have said: “Nice idea but go back and figure out how to make this run cooler.” Oh wait Apple did that.
> but to work
> to push changes to those laws to remove that information en toto or at
> least where there is no legitimate public interest.
> Lots of work going on
> right now in the content analytics space that would allow for wholesale
> automated redaction of names, credit card numbers, etc. but still work to
> be done both on the technology and on getting all those clerk & recorder
> offices to recognize the need.
Content analytics are big because of the need for E-Discovery. The genius IT guys throw all their jelly beans in a jar and when the subpoena comes, they are ill prepared to deliver the content.
If the big IT guys would use some forethought, then the ability to load Malware and ransomware into systems would not be so easy that high school kids can lock up their high schools records.
Back up tapes are saving many a ransomware victim.
>
> As an aside, “The Cloud" is *not* being hacked daily.
I work with clients all over the world and it is happening but the Gartner and Forrester consultants are the PR arm of big IT. Download the material from some of the companies that fight these threats. I like one called ThreatTrack and they discuss how the IT departments are so overwhelmed they cannot even respond to threats. Advanced Persistent Threats (APTs) simply untrue wherever the hackers desire using social engineering and customized malware.
We install ServerVaults now because where they cannot intrude with one technique they simply intrude via actual intruders. Offline and near-line are the only tools that work to avoid the “Command and Control” that means the battle is lost.
> For all but the very
> largest and most competent IT organizations, the cloud is much more robust
> and secure than what their IT staff can manage precisely because "the
> cloud" - major cloud service providers like Amazon & Microsoft at least -
> is such a huge target. I love my IT staff - all 3 or 4 of them - but there
> is simply no way they can do the penetration testing and hacking that major
> cloud providers see on an hourly basis even if they had those skills. The
> cloud providers in contrast hire significant numbers of the best &
> brightest and are targeted by the same on an ongoing basis.
There is no way these organizations can avoid “one” member of their staff taking the money offered to open the door. Some even build the back door for future profit. The bigger they are the more valuable a target and like the old castles in Europe, the siege always works because the castle cannot get up and run away.
>
> Furthermore, it's still the case that most "hacks" are committed either
> through social engineering - getting employees to open malware-laced emails
> or links, guessing passwords - or through disgruntled current or former
> employees.
Exactly! So that means that the more attractive, the higher value the target, the more likely that someone is out there developing their reconnaissance at this moment.
> Again, the cloud is much less susceptible to this than most
> organizations.
You just explained how this is not so. Did not the DHS and IRS have amazing security. They thought they had the best.
Snowden is another example where one rouge IT person or analyst with access can open doors no one can close. I wish I had the solution but no one does because IT always values speed and density over security. Processor magazine ran two articles: 1) “What is your biggest need in the Data Center?”
2) “What would you do if you were given an additional million dollars in your budget?”
The said absolutely Security was their biggest need.
The very next article, they spent all of their money on faster servers, more storage. And no one even remarked how contradictory that was. There is never enough money in the budget for security.
> It isn't immediately clear to me, but from most of the
> stories I've read the OPM breach seems to be a direct hack into OPM's
> systems and a result of poor security, not a cloud-based breach.
Everybody who is visible gets hacked. Just like I keep having to replace credit cards because overtime I use them, they are exposed. They have a chip but that made them easier to steal not more difficult.
>
> TL; DR: Cloud is *more* secure, not less, for all but the most
> sophisticated organizations. If you want your information to be secure you
> are better off having it in the cloud than in your own, probably poorly
> secured, systems, accessed by your poorly trained or inattentive staff.
All systems are hacked, big systems are more desirable and therefore more aggressively hacked. Storing as much as possible offline and not in the Cloud is the best solution. Let the records manager protect it. That worked so well for so many years. No one has ever hacked a tape sitting in a vault offline.
> My tuppence the day after heckacious hail in CO,
>
> Jesse Wilkins, CIP, CRM, IGP
> Denver, CO
Hugh Smith
FIRELOCK Fireproof Modular Vaults
[log in to unmask]
(610) 756-4440 Fax (610) 756-4134
WWW.FIRELOCK.COM
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]
|
