Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's clear they didn't have expertise to do it, and I'm tired of reading people that know way more looking down at others over it and assuming they don't want to comply. If they hiding something and malicious, the end result wouldn't have been to send way too much, but I don't see the author realizing this fast enough.


I'm not sure why you think the only malicious response would be to send over too little. It's a common enough scene in TV shows and the like where a malicious actor attempts to hide incriminating information in a sea of irrelevant information.


I'm tired of reading people that know way more looking down at others over it

What do you mean "people that know way more"? He made a simple request for email metadata, spelled out each field he was interested in. He didn't tell the city how to do it.

Are you saying that the author knew more about how to retrieve email metadata than the actual Seattle IT staff that administer the mail system? And what bothers you most is that the author knew more about how to fulfill his request than the people that run the mail system?


Agreed. You're putting an overworked, underpaid public servant in a "damned if you do, damned if you don't" scenario. They complied with a far reaching request and got told their response was too far reaching? I'd quit my job if faced with a legal minefield like that, especially one not actually related to the job itself


Why do you think complying with these requests is not part of the job for Seattle IT?

I would think it’s pretty cool to retrieve this massive amount of data that I wouldn’t otherwise get to play with.


Presumably this should be considered overreaching should be considered an important though: if there’s an authorization process in play, then more information has been given out than the public servant was actually authorized to hand out. If me as a citizen starts receiving sensitive information despite only being authorized to receive insensitive info, that could easily become a significant security breach.

In fact, a known security check was actually bypassed in this case: the email review, reserved for the content of the email, causing the whole problem in the first place.

It seems to me imperative that they actually deliver up to the amount authorized. Ideally exactly the amount, but never more.


>They complied with a far reaching request and got told their response was too far reaching?

He requested metadata and they sent actual email content, kind of a big difference there.


If they hiding something and malicious, the end result wouldn't have been to send way too much

Wrong. Dumping a vast pile of irrelevant information at the last possible moment to obscure something embarrassing is a very common tactic in commercial litigation.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: