Monday, January 4, 2016

Second murder related to WA DOC faulty software

If you follow this blog, you already know that at least one person was killed by an inmate that should have still been locked up. Unfortunately, we now know that number of innocent people killed by inmates that should have still been locked up is at least two.  Worse yet, the inmates (suspected to be) involved in the killings were released after the state knew about the software bug.

The state released Jeremiah Smith in May, but should not have until August.  While he was out early, he allegedly robbed a tattoo parlor and killed 17 year old Ceasar Medina.  The robbery occurred only 12 days after his early release.

This again should be cannon fodder for the "worst case" assessments organizations make when evaluating software security.

The DOC has created a website with some information, but the site was very slow to load and periodically times out, probably due to heavy use.  At Rendition Infosec, we always advise clients preparing for an incident (or responding to one) to ensure that their PR and media relations are on point.  The PR handling of this hasn't been horrible so far.  However, the slow website should probably be moved to a more capable hosting platform though.  When victims experience delays in obtaining information, it makes the organization's handling of the incident seem amateur at best.

Some followers have noted that extra time would not have likely made a difference in whether prisoners would have committed additional crimes.  I can't speak to that - and nobody can.  The facts of the matter are:
  1. They were supposed to be locked up.
  2. Faulty software released them early.
  3. The state knew the software was faulty when they were released early 
  4. The state failed to act on the known faulty software
  5. At least two innocent people were (allegedly) killed by criminals released while they should still have been in prison
It's worth noting that early release due to a software glitch is not unprecedented.  Special thanks to Ben Jackson who pointed out this article which notes a 2006 error in software used by the Michigan DOC.  The main differences here are:
  1. The DOC discovered the error themselves with internal auditing
  2. The DOC fixed the problem
  3. The problem was discovered much more quickly
  4. Nobody was reported killed by criminals during their early release times
Ben also pointed out that California had its own problem with faulty data in corrections computer systems releasing 450 violent inmates early.

One final article noted by Ben identified that a LA criminal was erroneously released on bail while he should have been serving time for another crime.  This was again attributed to inaccurate data in a computer system.  I think I'm noticing a pattern here...

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.