U.S. Department of Interior Ordered Offline

The whole of the U.S. Department of Interior has been forced off of the internet as a result of a court case Cobell v. Babbit. This was the result of compromises with the Microsoft Windows servers. A judge decided to take the whole of the organization down. Should this judge have this much power? Info here on the indian trust web site. This includes the BLM, USGS and the Park Service. Staggering, really. CD: Hold off on the blaming of MS, it's still not clear.

Makes sense to me

It seems to me that the Government wasn't taking proper steps to keep that which was entrusted to them safe.

This would be like the Government sending my tax return in cash -- it's irresposible because anyone could easily open my mailbox and find almost $3 of totally spendible money ready and waiting.

It seems to be that forcing the whole system offline until it's ready for the modern internet was the only responsible course of action here.

Re:Makes sense to me

I agree. Think of it like a bank.

If a bank was FDIC insured, and their physical security was absolutely horrible, then the government would yank the insurance and effectively shut the bank down. Fortunately for the banks, the government isn't competent enough to rate their Internet security as they are the physical and fiscal security.

If no one ever lays the hammer down on something like this, people will never start to equate online security with the physical security they take for granted. And much better for the government to start policing itself before it makes more noises about policing the rest of us.

I have to agree...

Well at least there is one competent judge in the US. Personally this decision makes alot of sense, as in previously posted... if you can't keep confidential information confidential then you shouldn't have the information. All and all a good decision. I wonder how this affects Microsoft? Maybe now their get their collectively large asses moving and fix those damn security issues before each major release so we don't have to go updating to Microsoft Windows Service Pack 143.

Re:I have to agree...

Umm.. how about.. it probably won't affect MS in any way shape or form.

It looks like from the sketchy info available that this only applies to federally manadated/maintained data. I mean, if I run joe smoes website and collect some info, I don't that this judge has legal backing to just shut me down.

The main thing seems like because these Native American groups are required to house this data with the government the government is required to secure it. Seems pretty basic application of the 4th amendment - an illegal or unwarranted "search" by provided for by the government is basically what this is.

Also, the article pretty much doesn't say what platform was utilized. Could be MS, but maybe not. Lots of platforms are vulnerable, especailly in the hands of the government.

Re:Are you sure it's a MS server?

From Netcraft's Survey [netcraft.com]:

The site www.doi.gov is running Apache/1.3.12 (Unix) on Solaris.

Of course, we don't know whether this was the system which the government investigators broke in, or whether it's something in this domain.

of course.

Of course the judge should have this much power.. it's what we called a "check" in civics class. The executive branch is sucking, and nobody could make it stop sucking if the judicial branch had no power.

Re:of course.

Exactly. Anyone who's heard anything about the case knows the goverment has been screwing the Indians out of billions of dollars (er, actually we don't know how much $$$ because of the ulta super crappy record keeping). The white man is still sticking it to 'em. It is an extreme disgrace.

Re:Where does it say Windows?

Good point; Quoth Netcraft
The site www.doi.gov is running Apache/1.3.12 (Unix) on Solaris
Other sub-domains are Netscape Enterprise on Solaris and Lotus Domino on NT4/98.

wow.

so a judge cut off a computer network because it housed sensitive data important to particular individuals which was not secure.

whats the problem here? i wish this would happen more often.

Not Soon Enough...

I managed to get in before it all went down. I am now officially 3/4 Cherokee and the legitimate owner of South Dakota.

Thank you Microsoft.

-Rothfuss

ah

I know I ruined my slashdot credibility by actually READING THE ARTICLE, but this applies only to systems that provide access to the Indian Trust data, and its an emergency order designed to protect the people whose data is stored there. This was a "computer infrastructure so easily penetrable that a court investigator and his team of security experts were able to break in and repeatedly access, modify and even create trust data -- all without raising a response from the government." This involves the finances of over 300,000 people, I don't think the judge was out of bounds in ordering it closed.

Informative? *sigh*

Folks, this is not rocket science. The easiest way to determine if the DOI is on the net or not is to try to connect to the DOI homepage [doi.gov] itself. As of this moment (1:00 AM Central time), the entire DOI is off the net. It's not just the BIA or the agencies and sites directly related to it. It's the entire DOI. I am a DOI contractor and I can assure you that our facility (which has nothing to do with the Bureau of Indian Affairs) was most certainly yanked off the net this afternoon, and it remains off the net.

This is really causing pandemonium at our workplace. We cannot access our electronic timesheets because the server is external to our network, and as a result, I've just finished filling out my timesheet from home (because otherwise, it's not going to get done.) The silly part of it is that the facility [usgs.gov] that I work at has quite robust security, and yet we were still forced offline. This is not an "intelligent decision." This is a knee-jerk reaction that is going to end up inconveniencing a lot of people that have paid a lot of money for Earth science data. It's going to cost the government (and, as a result, you, the taxpayer) a lot of money.

By the time you read this comment, the whole issue may have been rendered moot; there was some hope that the court order might be rescinded overnight. If the order was rescinded and you are able to connect to the above links, then I'm glad (because I'll be able to do my job tomorrow.) But rest assured that the entire DOI lost network connectivity this afternoon. This is judicial idiocy, plain and simple; there is no more diplomatic way to put it.

Yes, this is justified ...

If you read the article, it states:

brought on behalf of 300,000 American Indians whose assets are housed on a computer infrastructure so easily penetrable that a court investigator and his team of security experts were able to break in and repeatedly access, modify and even create trust data -- all without raising a response from the government.

It basically points at gross (security) negligence on the part of some gov't types that are supposed to be responsible for sensitive data. It's not like they aren't allowed to maintain the data - just that they are supposed to secure it appropriately.

It may seem a bit extreme to make the ruling so pervasive, but then again that may be the only way to get those brain-dead govt managers to create a real system (like perhaps without MS software to start).

Should this judge have this much power? Yes!

Yes, absolutely, a Federal Judge should have this much power. It's one of the best checks against the possibility of tyranny.

Since the Executive and Legislative branches of government routinely ignore the U.S. Constitution, it is extremely important that we can count on the check of the Judiciary.

You know,

...on the indian trust web site...

You'd think they would use apache...

Patrick Cable II

background info

it might be helpful if the person who posts the story actually provides some background info or a link to it. guess i have to go to google myself...

Microsoft servers?

This was the result of compromises with the Microsoft Windows servers.

However, I see no mention of the operating/database that was compromised. Following one of the background links there is reference to an IBM mainframe.

Among the facts omitted was the name of the Denver firm that maintains the IBM computer mainframe for the trust system

Just thought that should be pointed out.

Now the webservers may be IIS but the database being hacked was IBM. Most likely just a poor implementation.

Indian Trust: Cobell v. Norton

Lots of information is available at the Indian Trust: Cobell v. Norton [indiantrust.com] web site. Press releases plus offical court documents.

Of particular interest is this document [indiantrust.com], which more fully explains why the judge ordered all Internet access to the Department of Interior. Apparently, court investigators were able to break in and modify lots of important information without any response from the DoI.

Seems like this sets a legal precendence for locking down an entire business, organization, or corporation involved in a legal situation. If it can be demonstrated that it would be possible for an outside entity to modify data crucial to the proceeding of the case (such data would be subpeonaed), the judge can order all external access to that data cut off.

Since simply running a some Microsoft software makes it possible for a large number of outside entities to modify such data without difficulty, and to know that doing so is possible without having to figure it out, I could see this becoming a problem for businesses and organizations that run said Microsoft software.

However, it also means that lax UNIX administrators could have their systems' access cut off if court investigators demonstrate that they are able to get in. Sounds like Mac OS 9 is the best protection against this now.

Whoa!

Before half of ./ creams their jeans, let's get the facts straight:

Entering via the Internet, the "hackers" found they could break many of the passwords protecting accounts, using a tool called a "cracker." Many of the passwords, according to the report, were easy to guess, particularly one -- "passwd" -- which was frequently used.

This had nothing to do with the fact that they were running IIS, Apache, Joe's Web Server, etc. The issue was weak database passwords.

netcraft

netcraft shows lots of different OS and servers are being used. The security breach could have been done through anyone of them, or the bad security could've been on the database itself.

For example :

The site doi.gov is running Lotus-Domino/5.0.8 on NT4/Windows 98.

The site www.den.doi.gov is running Netscape-Enterprise/4.0 on Solaris 8.

The site www.ios.doi.gov is running Apache/1.3.12 (Unix) on unknown.

The site www.doi.gov is running Apache/1.3.12 (Unix) on Solaris

I couldn't spot a document on indiantrust.org which went into technical details either ... then again, that's not the sort of information they want to make public if the DOI wasn't addressing the problem.

Pulling a Clinton

Wow, the judge really got pissed... but then, I guess I would too, if I had to deal with...

Fader [Govt. Lawyer] responded that he didn't know what was meant by such basic terms as "individual trust data" and "computer," to which Lamberth [judge] shot back: "I don't believe a word you're saying now." "You're just ruining your credibility talking to me that way."

But not Pulling an Ashcroft

At least this guy didn't pull an Ashcroft. He would have "Pulled an Ashcroft" if he had accused his critics of harming the security of the data by criticizing his security measures. "Pulling an Ashcroft" is a new phrase. It is defined as saying that any criticism of a policy prevents that policy from being effective.

Today, before the Senate, John Aschroft, the Attorney General of the United States, stated in plain terms that any criticism of Ashcroft's policies of extrajudicial military tribunals and other suspensions of civil and human rights will help terrorism. (LINK) [nytimes.com].

More disproving of the initial story? (NPS online)

..at least when I check a few minutes ago. And SamSpade is reporting the front-end NPS server is Netscape Enterprise v4.1.

.. why let the facts hamper you? :)

-'fester

This is a solved problem

If you have important data that you would like to give access to over the web, the secure solution to this problem exists and can be implemented regardless of your operating system.

• Keep the "real" system completely disconnected from the Internet
• On a periodic basis, write the entire DB to some compressed format. Optionally you can write only "changes" if your update interval is high, but that's a detail.
• Send the compressed information via a temporary, read-only link to the Web-Connected system. Read-Only can be sneakernet with magnetic tape for the paranoid or an Ethernet cable with the Rx portion cut for the slightly less paranoid (yes you'd need custom software), or just a time-clock enabled FTP server for the appropriately paranoid.
• Connect your read-only system to the Internet, protecting it with a decent firewall. Use SSL.
• If you absolutely MUST allow web-enabled users to change data, write all change requests to a file which is shipped back to the real system on intervals and fed into the real system one-transaction-at-a-time while monitored by a human.

Insurance companies do this. I know, because I helped enable one. When you have low-volume, high importance data (like the personal records of Native Americans!!) this approach is justified. I'm not surprised in the least, however, that our underfunded park service wasn't able to hire a government contractor that would take security seriously. We can be as condescending as we like (and we usually are) but if you've ever tried to work through federal procurement procedures, you understand you're dealing with a very limited talent pool.

Umm. doi.gov is a solaris box

The site www.doi.gov is running Apache/1.3.12 (Unix) on Solaris. [netcraft.com]

The site www.blm.gov is running Apache/1.3.22 (Unix) PHP/4.0.6 on unknown. [netcraft.com]

The site www.nps.gov is running Netscape-Enterprise/4.1 on Solaris. [netcraft.com]

Oh, and nps [nps.gov] is still up....

I read the penetration protion of the report p 133

This is bad. There have been many, many reports and firestorms about these computer systems according to the Special Master's Report released as a court document.

Predictive (the security company) broke in and documented abysmal security -- no firwalls, blank administrator passwords, other stuff that would make any script kiddie drool. The response of the B. of Indian Affairs was "naw, it's not that bad; you cheated".

So Predictive did it again. Got basically the same results. So after the .gov agency has the report detailing their secuirity holes, they left many of them wide open. So much so that Predictive could add bogus accounts and transfer real monies from real accounts into the bogus accounts, get sensitive documents and lots of other mischief. Really bad.

In classic Dilbertesque style, the Gov blames the messenger, says it's not really that bad (again) and promises to do a whole lot of nothing -- just like it has been doing for 10 years according to the special master's report you can click on here:

http://www.indiantrust.org/documents.cfm

This is bad. Real bad. Sad to say this judicial action was necessary. Sad.

why the link?

Umm... why is there a link to the DoI website if they've been forced off line...?

Re:why the link?

You must have missed it in the article where the judge ruled that there should be a story posted on /. with a link to the DOI website to enforce the downtime via the /. effect.

This judge is one smart cookie, I tell ya.

Specific info on systems/applications compromised

Here's a snippet from an indianz.com article [indianz.com] which specifies what was actually compromised:

With permission from U.S. District Judge Royce Lamberth, the special master's team logged onto computer servers, accessed databases, broke into Interior and Bureau of Indian Affairs networks, discovered they could modify and erase sensitive data and even created an Individual Indian Money (IIM) trust account in Balaran's name. All of these breaches occured repeatedly and with ease -- and all without being noticed, or even tracked, by the Interior's own computer officials.

Here's a rundown of how it happened.

Predictive originally planned a two-phase test of the Interior's computer infrastructure. First, it would try to access the system from the public Internet; and second, it would test the network from within.

However, the company soon found it could scrap the second phase because protections were non-existent.

"Early on in the testing it became apparent that it was possible to access the sensitive internal data from the Internet and that the internal on-site testing phase was not needed due to the lack of overall perimeter security," Predictive wrote in August after a first round of hacking.

Using widely available, and free, tools employed by hackers all over the world, Predictive tapped into a number of systems the Interior deemed "critical" to bringing its trust duties into the 21st century. These systems included:

• The Trust Asset and Accounting Management System (TAAMS)

• Predictive was able to break into a TAAMS server because it had "no password." As a result, the firm could perform administrative, high-level functions typically not available to low-level users.

  Also, Predictive could access TAAMS because the BIANET, a BIA network accessible via the Internet, had "blank" passwords. Through this vulnerability, the firm gained administrative powers that allowed it to access data stored in a TAAMS database.

  TAAMS is housed on two AS/400 servers, made by IBM, in Addison, Texas. The servers, the database and all its associated logic (coded in dBase) are fully owned by a third party, Applied Terravision Systems, because the Interior failed to consider long-term ownership and development issues.

• The Integrated Records Management System (IRMS)

• A so-called "legacy" system in use since 1982, Predictive was able to gain "complete access" to IRMS, which tracks leases and distributes payments to account holders. Weaknesses on the BIANET allowed the firm to see every IRMS account that has ever existed.

  Predictive could modify and delete user accounts, meaning it could prevent authorized Interior users from entering the system and give access to non-authorized outsiders.

  Further, Predictive gained "complete control" to an IRMS server because it had a "blank" password. The firm was able to copy files and create links to sensitive data to outside networks via standard and highly vulnerable Microsoft Windows capabilities.

  IRMS is coded in Cobol 74, an outmoded but pervasive language, and is composed of six databases -- including individual and tribal ownership and leasing data -- that reside on a Unisys Clearpath NX server in Reston, Virginia. Reston is the location of the BIA's Office of Information Resources Management, whose controversial move from Albuquerque, New Mexico, was temporarily halted by Lamberth.

• Other Unnamed Systems.

• Additionally, Predictive found numerous problems on a number of systems, most of which are not specifically named because information in the report is redacted. The firm was able to access "sensitive" information including "gigabytes" of BIA e-mail, configuration files, log reports, and all usernames and passwords on an unnamed system. Many of these systems had weak password or no password protections.

  Certain Interior computers were also running web servers, file transfer programs, remote access servers and other technologies that could allow anonymous access by outsiders. Other systems were prone to well-known hacking techniques, including denial of service, buffer overflows, "Trojan Horse" programs and Microsoft Windows "scripting" attacks -- all of which are typically preventable by applying readily available "patches" to fix security holes.

All of this hacking -- which took place between June 24 and July 8 -- led Predictive to conclude in an August report that the BIA lacks "basic security" measures. "Even if every security vulnerability in this report was corrected, BIA's overall lack of a secure network perimeter would still leave BIA exposed to additional risk," the firm wrote.

Predictive recommended the BIA implement such standard protections as a firewall and intrusion devices. Along with Balaran, the firm informed BIA of the numerous problems at a meeting with Brian Bowker, then-director of OIRM.

Despite Predictive's damaging report, Bowker indicated the company was successful only because he had "turned over the keys to the store." Balaran said he felt Bowker was trying to "discount" the findings, so he again instructed Predictive to break into the system on August 30.

It was during this time that Predictive created a trust account for Balaran, whose report is not specific as to which system was accessed to perform this incredible breach. Predictive was able to create its own trust data and modify existing data on an unnamed system, leading the firm yet again to warn BIA of problems and make a number of specific recommendations to correct the deficiencies.

no surprise here

I used to work for the USGS as a student employee in their computer services dept. Lack of security and competent network administration would be too kind for me to say. Stupidity like, each and every government computer has a public ip address, regardless if it is serving up web services. NT4 servers running with service pack four. And worse yet, users with full admin rights on their PCs, installing software and changing settings that could open them up for god knows what.

curioser and curioser said alice...

You know.. I just thought of something. There is the WayBack Machine [archive.org] which lets you get past copies of ANY website. Do you think one could get a copy of the DOI [doi.gov] and get cached copies of the data, or some such stuff?

Uh Oh!

Its time to withdraw my $4,000,000,000.12 from my BIA trust account. It seems their servers might get hacked from the internet. Darn /. hackers!

the AC

Please forgive me....

CD: Hold off on the blaming of MS, it's still not clear.

Can I still bash Microsoft if I really, really want to?

I just couldn't help blaming Microsoft whenever I see 'Microsoft Windows' in the news roundup. This is something like complusory-anti-microsoft something, I think I've medical clearance to back my action. People in 'Anti-Microsoft Anonymous' recommends me to post in /., they said it'd help.

Norton's behavior admirable, in a weird way

Norton could easily blame someone else. The newest part of the system was put into place in 1999, and the personnel responsible for the more egregious security breaches (such as blank passwords) are civil servants who have likely been in their jobs for some time. If she wanted, she could easily point the finger at the Clinton administration which arguably is indeed responsible for the mess having procured the system, hired the people, and established the policies. That she is not doing this can be seen as admirable restraint. If only it didn't involve screwing over the people she's supposed to be serving.

None of which changes the fact that her lawyer is apparently a total weenie.

college debate topic

This is interesting because the college debate topic for NDT/CEDA this year deals with increasing federal control over Indian Country, and these people research voraciously. I suspect a lot of future lawyers will begin to learn about how ridiculous Microsoft is as a result of this, and to think about the ways that policy and software interact (Lessig anyone?)

We'll see.

Is it REALLY so amazing?

I remember about a year and a half ago, being called in to do some networking work in a department of a nearby county's office.

I found that the system I was in front of was primarily used to process permits for construction and the like within that county. It was open to the Internet (I did a full, nasty, in-your-face port scan and nobody blinked) and the hard drive was shared - to the world!

I was able to connect to the HD via SAMBA, from my HOME WORKSTATION! I bitched, complained, sent letters. They paid a consultant company something in the 6 figure range to do a "security survey" - and they recommended replacing the POP3 servers with MS Exchange!

I gave up, having other profitable ventures to go for.

But, do you think this doesn't happen like ALL THE TIME?!?!?

People, this is GOVORNMENT!

Re:Should a judge

Yeah, judges should be limited to minor things like imprisoning human beings and deciding how to preserve our fundamental rights. No way should they be able to pull the plug on a bunch of machines.

Re:Should a judge

A judge in New Jersey has sent 100+ teachers to jail [cnn.com] because they won't work without a contract (would you?).

*That's* what I call abuse of power. This strikes me more as steps to help ensure that the carelessness of a dimwitted government agency doesn't end up hurting anyone unnecessarily.

Re:Should a judge [OT]

Drifting off topic, but here goes anyway...

True, but the fundamental feeling behind unions is one of solidarity -- that *everyone* should be taken care of, not just those who are extremely skilled.

CNN.com [cnn.com] says the average salary of the striking teachers is $56k/year + benefits, only a little less than I make as an electrical engineer in the midwest. That isn't solidarity, it's larcency, a natural consequence of communism.

Re:Should a judge

Its not an abuse of power. The law says that teachers cannot strike, and this has surely been upheld by the courts since lots of states have that law. The teachers are striking, and were ordered by the judge to comply with the law and return to class. Since they refused, they were arrested.

This is what happens when you disobey a lawful order from a judge. Now, the teachers may still be doing the right thing, but if you want to practice civil disobedience, you might end up in the clink.

Judges do not have the luxury of ignoring the law, or just saying "oh well" when people fail to follow their lawful orders. Again, this isn't flamebait...teachers may be doing the right thing by standing up for themselves, but the judge is also doing the right thing in enforcing the law.

Re:Should a judge

One good whore deserves another, I suppose.

The power of judicial review is not "ignoring the law". Judicial review is the power to say that a given law violated the terms of another, "higher" law -- in the US, that's the Constitution. A judge cannot (or at least should not) choose to ignore a law on the basis of "I just don't like it".

The power the judge is exercising in this case, is the ability for a judicial or quasi-judicial authority (ie: a congressional committee) to hold someone in contempt. When one violates the order of a judge in a given situation -- that is, a case is brought before him/her, and in the course of that proceeding orders a certain thing to be done, or not be done -- and that order is violated, they can be held until such time as they satisfy the judge that they will comply, or until suitably punished. Yes, the power of holding someone in contempt is broad, with only the barest hint of restraint (many jurisdictions only allow someone to be held on contempt for a year or less).

This says nothing of the laws themselves -- where one is charged, tried, and formally sentenced to a given term in accordance with the law violated.

Re:Should a judge..Did you read the Indian Trust?

"In a sweeping action with far-reaching but unclear ramifications, U.S. District Judge Royce Lamberth granted the emergency request, which was brought on behalf of 300,000 American Indians whose assets are housed on a computer infrastructure so easily penetrable that a court investigator and his team of security experts were able to break in and repeatedly access, modify and even create trust data -- all without raising a response from the government."

it's actually well past time for the courts to hold organizations whose systems are busted by 12 year old scriddies running "canned scripts" from Toolz sites

how would you feel if this were your families' or your companie's sensitive and/or private information??? Information about your 502 or your daughter's rape, or your son's juvenille arrest for possessing underage TeleTubbie Pr0n?

"Coupled with the judge's action were criticisms from members of Congress about the security failures. "The GAO told us five years ago that the fund was in shambles," said Rep. Jim Hansen (R-Utah,) chairman of the House Resources Committee, which has jurisdiction over Indian affairs. "Now we learn that a computer security system deployed in 1999 is virtually worthless," he said."

i don't think anyone on /. wants to see liability extended to the same absurd levels of product and contingent liability that have been demonstrated in the McDonalds and other Python-esque liability cases, BUT...

...isn't it about time the direct creators, distributors and managers of dangerously insecure computer systems have at least SOME small legal responsible (and limited accompanying monetary liability)????

If the facts on the Indian Trust website ARE true, DOI (and Congress) have long been aware of the problems and have been ducking the bullet on fixing it...if this were my money/info, I'd sure be upset...

Re:McDonald's....Blood Sucking Liabilty Lawyers

"Actually, that McDonald's case you're so quick to dismiss is exactly like this."

since you seem to be defending a legal system that perceived as rampantly irresponsible by most Americans (in poll after poll*n)...to be precise, i wasn't dismising the McDonald's lawsuit, I was ridiculing it for illustrative purposes.

The DOI/Indian Trust case is not a product/contingent liabilty civil suit, you must think that all /.'rs are stupid. The DOI/Indian Trust case is about the DOI failing to exercise due diligence in the handling of the Indian Trust, to wit, the irresponsible and deleterious handling of both trust fiduciary assets and confidential trust data on its participants and beneficiaries Its ***NOT*** about Bottom Feeding Contingent Liability Lawyers who are sucking this country dry. I hope the Judge in the DOI case breaks it off at the knee in the DOI.

People who support extremely irresponsible and irrational jury decisions, such as the McDonald's case, are costing everybody in America both money and opportunity, here's why:

1."McDonald's profit on coffee sales for two days. That is hardly a burdensome amount - enough to get your attention, but probably something like $20-$50 for us..."

THE SETTLEMENT DIDN'T COST MCDONALD'S ONE NICKEL, IT WAS PAID FOR BY MCDONALD'S ***CUSTOMERS***, ...the "us" you were talking about. There is NO "McDonald's". The judgement was also paid for by McD's shareholders.

2. By encouraging people like that the person that sued McD, you create a society that values litigation over common sense.

I don't WANT to be on the road with someone who doesn't grasp that "coffee is hot". Like Stella Liebeck. I hope Stella (and her blood sucking attorney) remain objects of ridicule for every day of the rest of their lives. I also don't want to be on the road with someone who can't identify and manage simple threats to their personal safety.

"Consumer" Lawyers (contingent liability bottomfeeders specifically -- there are many lawyers who contribute to society and do great work for the poor and the needy) create an environment that discourages innovation and makes everyone American intelligent enough to grasp the (scalding liquids = personal danger) equation feel like the legal system is a bad joke designed for morons and con-artists.

Liability insurance add huge dollars to the cost of ***EVERY PRODUCT WE BUY***, it adds enormous costs to every startup company that wants to produce a item for public consumption/operation. When I bought my first Honda Interceptor I was trolling through the Owner's Manual and there in 20pt "Liability Lawyer Bold" was an instruction NOT TO DRINK THE BATTERY ACID!

Bob Heinlein used to have some of his literary characters joke that the standard you should have to meet in order to be allowed to reproduce was the ability to grasp and perform rudimentary integral calculus....I wonder what Bob would think about people who had be instructed that "hot coffee is hot" or "don't drink lethal chemicals"?

BONUS ROUND: Last year/b4 in Canada, some poor kid, during finals, had been on a classic "study to you drop" push, after a particular exam (Math???), he went on a drinking binge with his friends, got good and tanked (hadn't had much sleep/food for a coupla days)...sometime, early AM, he went to get a Coke from the dorm vending machine, he didn't have any change, so he shook the machine to loosen a Coke...didn't work too well, the machine fell over and crushed him to death (suffocation)....

his parents are sueing (Coke and the College) for big $$$$, claiming that Coca-Cola hadn't met the Canadian labeling laws for "dangerous machinery", by not providing an instructional label....they parents are angry and grief stricken and some a'hole attorney is looking to collect his 40-50% on their grief...Let's see; drunk, stealing a coke, shaking a several hundred pound vending machine with no one in sight, couldn't get out of the way in time...yeah, sure sounds like Coke's fault to me
.....

I work at the USGS ...

... and I heartily agree with your statement.

I'm sympathetic to the Indians. That accounting system has never been fully functional. And a lot of suspicious things, like fires that have destroyed records, have occured over the years to the Indian Trust. I'm heartended to see some positive progress behing made on correcting that horrible situation. The Indians already have it bad enough without this debacle making their plight worse.

However, the judge has done more harm than good by shutting the entire Interior's network access. As you pointed out, the USGS makes available the largest and most comprehensive repositories of geospatial data in the nation, and perhaps the world. Much of this data is free. And many universities, government organizations, and companies use that data; e.g., where do you think Rand-McNally gets its data to make maps?

Though I'm not as familiar with the other DOI departments and bureaus, I know that they, too, provide valuable public services that a number of people need to do their jobs.

Another angle is the impact on DOI employees. I can tell you I witnessed a number of people standing around the halls looking mystified at the USGS' headquarters in Reston this afternoon. We all depend on network access in some capacity to get our work done. In my case, it's crucial as I work with folks at the Mid-Continent Mapping Center in Rolla, Missouri. I was logged into one of their suns debugging some errant code when the plug was pulled. Most aggrivating.

(Initially I had thought that the network was down because of the Goner virus since the USGS has a history of shutting its network down when the system gets swamped by propogating virii and worms.)

Re:Should a judge

The "misuse of power" here is that of the executive branch's (i.e, the DOI) total breach of its fiduciary duty to manage, account, and safekeep native american trust funds. This litigation has been going on for years, in both democrat and republican administrations. It goes way beyond mere tech issues; in fact, I recall that entire warehouses of paper documents were basically destroyed and/or quarantined because they were infested with rat droppings and pathogens. Do some googling on this and you'll see that the DOI has nobody but itself to blame and that the executive branch has often left the judicial branch no alternative but to take actions such as this. You'll find many specific instances of neglect by the DOI that are just mind-boggling. Here's a copy of the hearing transcript for starters: http://www.indianz.com/docs/12062001/computeracces s.txt

This isn't about a judge not understanding technology; this is about the DOI failing to uphold its statutory obligations so egregiously that thousands of people have been harmed.