Widespread Vulnerability Found in Dozens of Government 'Open Data' Websites
8:07 AM, Feb 20, 2014 • By JERYL BIER
Health and Human Services is not the only government agency at risk. The White House announced "Project Open Data" in May 2013 with dozens of federal agencies and sub-agencies taking part. As recently as January 14, the White House released a Fact Sheet on the White House Safety Datapalooza, an initiative to safeguard government data that is "part of the Administration’s larger commitment to unleash the power of open data."
Other examples of profiles such as the one above are numerous, including other federal agencies, plus state, county and local governments. The products and information being pushed range from private loans to debt consolidation to even "artificial turf":
Each of the pages above (and dozens of others discovered in the preparation of this story) contains a link to an external website that is obviously not an officially sanctioned site by the government host, but neither are there any disclaimers to warn potential viewers. The pages appear to violate the Terms of Service of the Socrata platform since "[u]nsolicited promotions, political campaigning, advertising or solicitations" are prohibited.
More malicious sites could be used for data harvesting or even identity theft since scammers are able to trade on the credibility conferred by the official government websites that host these profile pages. We have no direct evidence that such activity has yet taken place via an "open data" website, but at this point, clearly the door is wide open to such abuse.
An email to an official at data.gov seeking comment was referred to another official who has not yet responded. A emailed request to Socrata for comment was initially returned Tuesday evening with a promise of a response, but so far, no additional response has been received.
Recent Blog Posts