October 03, 2007

Homeland Security Floods Users With Private E-Mail

Greetings. It's hard to suppress a knowing sort of smile when reading how a configuration error at the Department of Homeland Security created a flood of over two million messages, with private e-mail ending up going to an entire DHS-related mailing list.

This sort of problem is all too familiar to many mail system administrators, and usually it's just an annoyance. But the scale of this screwup, and the fact that it was associated with DHS, makes it difficult to really chuckle.

What's especially noteworthy about this event is how long it apparently continued flooding people, many of whom might have needed to receive important e-mail -- mostly security-related recipients and their like were reportedly involved.

But just like with so much of the Internet these days, tracking down a responsible party to fix an immediate issue when things go wrong, even in the case of very serious problems, can be extremely difficult, even when the organization that is the source of the trouble is known.

Such situations are all the more problematic if the "event" is being generated from a site with a private WHOIS domain listing that hides their identity and/or direct contact information (these private listings are now aggressively marketed by various registrars, including Network Solutions).

There were no serious repercussions from the DHS mail flood today, but the next time we might not be so lucky.

In an Internet that increasingly operates as a massive number of individual fiefdoms, where even basic information about participants may be hidden or considered to be proprietary, how can we assure that technical problems of significant scope will be addressed rapidly and correctly, before major damage can occur?

Without a significant change in the Net's current evolutionary path, it's hard to see how to avoid having these sorts of problems worsen significantly, and perhaps dangerously, over time.

--Lauren--

Posted by Lauren at October 3, 2007 09:58 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein