Sten Vesterli's Blog

Public Incompetence

California shows why you don’t want to entrust your government with more data than it absolutely needs. California is building a database with all donations to political and non-profit organizations. Free-speech advocates from a Charles Koch foundation to the NAACP are against it, and the Supreme Court will soon rule whether this is okay. As a European, I don’t much care either way.

The IT security part is interesting, though. It is fairly sensitive information whether someone dontated to Donald Trump or Black Lives Matter. California of course promises to protect it, but they have built a website where you can simply change the URL to get access to every donation record in the entire database.

That is mind-boggling incompetence. I am not blaming the individual developer, though an experienced lead programmer could have spotted this glaring vulnerability. But I am blaming the IT leaders in the organization that have failed to put any kind of security review in place, even for highly sensitive data. That is a firing offense in my book. Maybe a competent CIO should run against Governor Newsom in the California recall election.