Police To Google: Make Our Site More Secure By Delisting It
from the how-not-to-fix-anything dept
Having trouble keeping your secure website secure? Why not try a DMCA takedown request?
Of all the things DMCA takedowns have been used for (mainly removing infringing material, censorship), I’ve yet to see one deployed as an ad hoc extension of a cop shop’s IT department.
The Idaho State Police would apparently like Google to forget all about its publicly-accessible login page for its evidence database.
We have a private login page that is not on any internet webpage. It is law enforcement sensitive and we are trying to minimize the attempts to hack the site. We would appreciate Google not indexing the site. https://ilims.isp.idaho.gov/prelog/LIMSPrelog/
It’s still indexed, although you have to perform a very specific search to see it. The URL takes you to the login page for access to its LIMS (Laboratory Information Management System) database. That’s it.
It’s not the only page of its type accessible via a Google search. Login pages for law enforcement agencies from York County (South Carolina), Westchester County (New York), Kansas (Criminal Justice Information System) and Minnesota (Dept. of Public Safety) can all be accessed using “LIMS” “prelog” or other related terms. If you’d like a copy of Porter Lee’s “Crime Fighter BEAST” software — which most of these databases utilize — the Alabama Department of Forensics has a handy download link on its website. (Not that you can do anything with it but attempt to log in…)
A DMCA notice is not for removing pages you’d rather Google didn’t index. It’s for taking down infringing content. Beyond that, simply delisting the link will likely have no noticeable effect on hacking attempts. The page will still be accessible from the web — and that’s the main problem if the Idaho State Police are looking for a more closed/protected system. (And it doesn’t help that the login screen indicates Internet Explorer and Adobe’s PDF reader are both needed to make full use of the site…both of which have their own security issues, especially the latter.) It appears a blanket disallow was added to the site’s robot.txt, but all it seems to have done is prevent Google from returning any descriptive information along with the URL.
Google appears to have ignored the request, which is how it should be. This has nothing to do with copyright and everything to do with people thinking DMCA takedown notices are the best hammer for every nail they come across.