NYPD can’t get story straight on evidence system backups

IoE News

October 21, 2017

reader feedback 80

based on an Ars record on a courtroom hearing in new york on October 17, long island metropolis and big apple metropolis Police department officers attempted to clarify the character of the issues surrounding a lawsuit filed by way of the nonprofit criminal defense corporation Bronx Defenders. according to reporting that the Property and facts monitoring system (PETS) didn’t have database backups, NYPD Deputy Commissioner Stephen Davis spoke of by means of e mail, “opposite to a few posted stories suggesting that NYPD doesn’t electronically again up the statistics in its Property and facts monitoring gadget (PETS), all such information is backed up continuously in numerous information facilities.”

That commentary would look like in direct conflict with an affidavit filed with the aid of metropolis attorneys (PDF) in the case, wherein NYPD Director of Strategic expertise programs Christian Schnedler stated, “currently, there is not any secondary or lower back-up device, and no repository of the statistics in PETS backyard of PETS itself.”

Schnedler’s affidavit, which is part of the NYPD’s effort to dam an external audit of cash-seizure records recorded in PETS, claims that the equipment is so fragile that even simply using a “web scraping” device to retrieve cash-seizure information could crumple the total device. “The risk of introducing and working a popular internet scraping device into a posh, functioning law enforcement database, which has no backup device, is to risk disrupting NYPD operations, corrupting and/or dropping some or the entire information, devoid of a method to retrieve it,” Schnedler testified beneath oath.

The NYPD has sought to block a swimsuit by way of Brooklyn Defenders inquiring for data on cash seizures via the department, claiming there isn’t any way to export that records from the equipment, which city attorneys say isn’t in accordance with an IBM DB2 database. This conflicts with a Capgemini description of the gadget given when PETS changed into nominated for an award in 2012. at the moment, Capgemini observed:

Capgemini utilized commercial industry choicest practices in the substances administration and warehouse management areas to the executive/public sector: SAP presents a tier one, completely built-in utility software answer. Its gold standard follow company approaches are used through eighty% of Fortune 500 agencies international. The answer comprises an IBM DB2 database, a frontrunner in complete system availability, scalability, and protection. The PETS utility is delivered on a state-of-the-art IBM z10 mainframe laptop platform, committed to the SAP answer at NYPD. It integrates with other key NYPD purposes to cut back information redundancy, improve effectivity, and aid ensure data accuracy.

one more dealer may have replaced IBM DB2, as Capgemini isn’t any longer the contractor helping PETS, in response to Schnedler’s affidavit.

Davis’ observation would seem to conflate NYPD’s company continuity plan with “backups.” The PETS device is replicated across distinct NYPD information centers, however all copies of the gadget are in active use. that would mean that if some thing have been to corrupt the facts within the system, or if there was a local failure at one of the vital facts centers, some statistics would possible be misplaced.

The PETS entrance-end is an internet interface into the SAP ERP gadget PETS is in accordance with. within the affidavit, Schnedler stated that “the use of internet scraping or statistics mining equipment” to extract facts from the gadget to assemble money seizure facts can be “inadvisable as to the chance of safety breaches and the outstanding chance of destructive or disabling the database.”

“web scraping”—using a tool to drag facts from an internet interface to an counsel gadget—can be too a whole lot of a burden, he cautioned, as a result of “NYPD guidance safety experts commonly don’t let using internet scraping tools from the internet because of the heightened problem for capabilities threats to the security, confidentiality, and integrity of legislation enforcement counsel… therefore, NYPD is unable to download and utilize an internet scraping or other facts mining software without first reviewing its safety implications, probably including penetration trying out of the tool and its supply code.”

because industrial reveal scraping equipment commonly use the web interface to get to statistics from a relied on customer on the network, that might suggest NYPD is uncertain of the security of PETS itself. Schnedler testified that the NYPD has no inside skills within the PETS system’s internals. “The current vendor contract from PETS is upkeep only,” he observed within the affidavit. “The normal PETS vendor didn’t supply documentation for upgrades or changes to the application.”

Biz & IT – Ars Technica