Google has got into trouble every now and then. From U.S. Congress to Kindergarten, Google had to resolve quite a few isues, some serious, some absolutely silly. The latest one in the series concerns Catawba County Schools. They accuse Google of getting hold of information that they should not have and posted it on the interweb. This included social security numbers as well as test scores of 619 students. The classified information, which required a username and password to access, was still available online even after the schools removed them.
In the ensuing follow up, the scool board has won a temporary injunction against Google. Judge Richard D. Boner issued the injunction in favour Catawba County Schools. However, there has been loads of misinformation about the case. The Inquirer reported about the 'hacking.' However, the school never accused Google of 'hacking.' Dr. Tim Markley, Superintendent said,
We do not know how Google was able to access the secure, password-protected site. Once Google does access a site, it places a copy of the data on its own server. We immediately called and emailed Google, requesting the urgent removal of the link and site data. We have eliminated the link from our end and it appears that as of Friday night, June 23, 2006, Google eliminated the site from their end.
Catawba County School's chief technology officer Judith Ray sid that, nbsp; We asserted that Google had somehow bypassed our login information, not that they had hacked their way into the system. Hacking, to me assumes malicious intent and we never intended to imply that Google was doing anything other than spidering all the web sites available.
There is also miscommunication about "all users" being required to log in. The DocuShare server is a repository for both public and private information with logins being required for users who are authorized to view the restricted information. There are hundreds of pages of information that we share from DocuShare with users around the state. These are completely open and are not supposed to [be] password protected.nbsp; We did troubleshoot this situation by searching for the students' information at Yahoo, Dogpile, and AltaVista. We did not find any information on these three search engine returns and we attempted the searches over a three-day period.
We acted so aggressively with Google because, until the media got involved, we could not get beyond an operator at Google. We could not get operators to connect us with technical support, the legal department, or to anyone higher up in the organization. We were only given an email address to which we could submit a complain – which we did but got no response. Google has a link to submit an emergency request [see here] but on both Thursday and Friday of last week, the link took you to a dead page. Only when the news media submitted its own inquiry to Google did we get a call regarding the situation. And [Google] has been most helpful in working through this situation with us.
So there were some pages that didn't require a login to be viewed. As per the reference to Xerox in the school district's explanation, it was noted that the server was managed by Xerox and shared by other companies as well. Material for those companies appeared to be hosted on the school district's domain. As noted, the school district didn't know why this was happening.
Clearly the school didn't have secure protection of the documents. And Google is being blamed needlessly. So the answer lies in the code where the passwords were stored than in Google crawlers.