Saturday, December 19, 2009

Another Leak, the worst so far:

You're probably talking about this terrible security disaster already: the largest database leak ever. Arweena, a spokes-elf for Santa Claus, admitted a few hours ago that the database posted at WikiLeaks yesterday is indeed the comprehensive 2009 list of which kids have been naughty, and which were nice. The source of the leak is unclear. It may have come from a renegade reindeer, or it could be the work of a clever programmer in the Ukraine. Either way, it's a terrible black eye for Santa. Arweena promised that in the future, access to this database would be restricted on a “need to know” basis. And you know who that means!

The size of this database is astounding; it's not just for Christians. Abu Dhabi and India have registered official protests over the inclusion of their children in the comprehensive worldwide listings; And there have been howls of outrage everywhere about the inclusion of sixteen and seventeen year-olds. Santa's list is an inexcusable invasion of privacy for teenagers everywhere.

The myriad of inaccuracies (see Cory Doctorow's critique at Boing Boing) makes matters much worse. The majority of the children are accurately identified by their age, addresses, birthdates and (where possible) national identification numbers. All United States kids with Social Security numbers are now sharing their identities with the whole world. But in some cases, and for a few countries, the kids are identified by name alone. Aristotle Makektikutis, a thirteen year old Athenian, insists he is not the Aristotle Makektikutis in Santa's Greek records whose naughty deed is listed as “pollution.” His parents have issued a statement that their son does not even know how to pollute.

But it gets worse. In fact, this reporter thinks that any sober assessment of Santa's database can come to only one conclusion: it never should have been, and it should never be again. The mistakes! Jane Doe (actual name withheld), who is fully identified in the database and stands accused of “weak morals” is actually twenty-six, not eleven as shown in Santa's data record. Jane Doe has had to disappear into the FBI witness protection program to hide from the crowd of men seeking her company. Frequent age errors in the database mean that grown men and women who used their social security numbers as banking passwords are now losing their life savings. This outrage cannot go on.

16 comments:

Andrew said...

Dear Parent (of Child)

St. Claus takes his responsibilities to comply with national, state and local laws very seriously. In accordance with California Civil Code 1798.29, it is my duty to inform you that your child's unencrypted personal information is reasonably believed to have been acquired by unauthorized persons and supernatural entities.

In order to track which children have been naughty or nice, as well as where to deliver gifts, Claus Industries must maintain aggregated records of Naughtiness (TM) and Nicety (TM) as well as the physical addresses at which children are expected to be on Christmas Day, in combination with the full and complete names ("True Name") of your children.

In 2009 for reasons of economy Claus Industries made the decision to switch from HAL to Diviner as our database provider of choice. Name notwithstanding, we did not realize that Diviner is under the majority ownership of an entity whom a devout Christian would refer to as the Adversary.

Due to ongoing law enforcement operations and celestial-infernal disputes, we are unable to fully disclose the exact nature of the breach at this time.

It is your responsibility to guard your personal identity information from compromise or misuse. A True Name can be used to access information, blackmail, compel obedience, possess and in rare cases destroy the soul of any entity, possibly including your child(ren).

Because of the disclosure of your True Name, you may wish to contact NameGuard or other magikal name protection services. Christian subscribers are reminded that invoking the name of your Savior provides absolute protection; however, this safety message is not intended to discriminate against believers in other faiths. Renaming your child may also be an option that you may wish to consider at this time.

Atheists are advised that no action is necessary or advised in response to this message.

If any gift received on or around Christmas Day smells of fire, brimstone or other noxious substances, please immediately discard according to your jurisdiction's guidelines for the handling of household hazardous waste.

As our age databaase has been corrupted, please hand this letter to your minor child if and only if they are over fifteen (15) years of age. It is necessary to remind you that we are a mandatory reporter of Naughtiness (TM) and Nicety (TM) to a number of supernatural reporting bureaus and reputation tracking activities.

This message has also been posted on various Web sites including NORAD and santa.com

We appreciate the opportunity to gift your child(ren) with toys during each yearly holiday season and appreciate your patience as we resolve this matter.

E. Scrooge, Esq.
(for Clause Industries)

tobyr21@gmail.com said...

Andrew,
Marvelous! I'm glad you were able to include the Claus reponse here.
- PB

uk visa serf said...

You've got to feel for Santa especially given the breach has happened at his busiest time of year.
Last year he took a hit from the collapse of the Iceland banks; this year it's hackers... it just leaves you wondering: Is anything sacred anymore?

tobyr21@gmail.com said...

Ahh, the Iceland banks. That may explain how this leak occurred. Faced with a devastating loss of capital, Santa may have skimped on his security budget. Isn't it always like that?
- PB

Devin L. Ganger said...

Despite the official Claus response Andrew was kind enough to post, it's rapidly becoming clear that these sorts of incidents are the result of a legacy of negligence, not because Santa and his holiday empire are somehow poor victims. See my follow-up for some of the latest revelations.

Gerry said...

Very nice. Both the article and Andrew's response were very entertaining as well as informative. I'll make sure my kids know, and will make every effort to check their gift--and confiscate the tainted looking chocolate--before allowing them to open them.
Gerry Johnston
(Gideon)

tobyr21@gmail.com said...

Gery,
I'm glad you're thinking clearly, but it mightbe better to leave a copy of Bruce Schneier's "On Security" at the bottom of the chimney.
- PB

HandyGandy said...

A likely story about Aristotle Makektikutis. Anyone who has ever had to change a diaper knows that children are born being able to pollute.

tobyr21@gmail.com said...

HAndyGandy, I agree with you, up to a point. Since every child is born with this ability, it can't be the cause of Santa calling him Naughty. Frankly, I think Aristotle's data base entry is completely screwed up.
-PB

Christopher said...

I have it on reliable source that in the coming years the Naughty or Nice (NoN) dataset will not include actual data of children around the world, but will rather be based on a heuristic ruleset applied to geographical areas.

Apparently Santa Claus and Elves have received a donation from some highly-placed Google engineers in the form of a proprietary software algorithm system that makes short work of NoN calculations.

Work seems underway to provide Santa with real-time NoN index on any child along the reindeer route.

This will undoubtedly alleviate concerns about individual data being gathered and stored in a central database.

HandyGandy said...

PB
The plight of Miss Doe on your site has moved me to help. Should she ever find the FBI wanting, I can offer her refuge at my home.

My address:
1554 Walnut Avenue
Anitioch, California

Baylink said...

This is really all Damian's fault, isn't it?

I'm sure the Hammer, those KLF brotha's, and the rest of the JJL will take care of this real soon.

Adam said...

I would like to re-publish this text on my site, could Precision Blogger please contact me at webfarbror [at] skrattnet.se, please.

komputer said...
This comment has been removed by a blog administrator.
tobyr21@gmail.com said...

OK, Precision Engineering, now tell us: how are you going to make Santa's database more secure? You must have a good suggestion, else why did you post here? Come on, out with it...
- PB

Energy Patent said...

Very helpful post! I really enjoyed reading it. So wonderful to read a blog that's written in good English! I am going to surely be back for more from now on. Thank you.