As you are aware, the Maryland State Police have enlisted the help of multiple non-MSP agencies and tasked up to 200 employees with entering Personal Identifying Information (PII) for the MSP in order to reduce the current backlog. In their Press Release, the MSP assured us that the information was secure and that we have nothing to worry about
MSI has spoken to multiple sources within these agencies and confirmed that this is not the case. There are serious concerns and issues that need to be addressed.
Employees are accessing a searchable database of 77R forms.
The web portal to that database is insecure, does not use SSL, has an expired security certificate and is accessible from anywhere on the Internet. It is not contained within Maryland Government networks.
All of the employees were given the same login and password.
The database is searchable. You can search by name and even enter partial searches.
From what we understand, the original 77R’s have been scanned in .TIF format and placed on encrypted disks. The employees are accessing the data from the disk and entering it through the insecure web portal.
However, since they all use the same login, it will be virtually impossible to know who accessed what information and when. It also means that if the login information is shared with an outside source, the MSP would have no way of tracking down the source of the leak and enforcing their “confidentiality agreement.”
This information is accessible from anywhere if you have the login information. You can even access it from a smartphone.
Martin O'Malley and the Maryland General Assembly spoke at length about how they want to make Maryland safer through strict gun control. It is UNFATHOMABLE that people who claim to be proponents of making our state safer could allow such a grievous breach of security. Not only did MSP allow unauthorized persons to view and input this information, they now are allowing it to be transmitted online without any encryption into a database where everyone shares the same account.
Understand in very simple terms: Your recent order with Amazon.com is FAR more secure than your personal identifying information with the Maryland State Police.
As of right now MSI is working with some of our 2A friendly delegates to find out these answers but we believe that you should know exactly what is going on at this moment.
Delegate Mike Smigiel has submitted two PIA requests to the MSP. You can read the requests here. http://delegatemike.com/pia-request/
We will update you with any information as it develops and we appreciate your support. Without you and your support, efforts such as these would not be possible.
MSI has spoken to multiple sources within these agencies and confirmed that this is not the case. There are serious concerns and issues that need to be addressed.
Employees are accessing a searchable database of 77R forms.
The web portal to that database is insecure, does not use SSL, has an expired security certificate and is accessible from anywhere on the Internet. It is not contained within Maryland Government networks.
All of the employees were given the same login and password.
The database is searchable. You can search by name and even enter partial searches.
From what we understand, the original 77R’s have been scanned in .TIF format and placed on encrypted disks. The employees are accessing the data from the disk and entering it through the insecure web portal.
However, since they all use the same login, it will be virtually impossible to know who accessed what information and when. It also means that if the login information is shared with an outside source, the MSP would have no way of tracking down the source of the leak and enforcing their “confidentiality agreement.”
This information is accessible from anywhere if you have the login information. You can even access it from a smartphone.
Martin O'Malley and the Maryland General Assembly spoke at length about how they want to make Maryland safer through strict gun control. It is UNFATHOMABLE that people who claim to be proponents of making our state safer could allow such a grievous breach of security. Not only did MSP allow unauthorized persons to view and input this information, they now are allowing it to be transmitted online without any encryption into a database where everyone shares the same account.
Understand in very simple terms: Your recent order with Amazon.com is FAR more secure than your personal identifying information with the Maryland State Police.
As of right now MSI is working with some of our 2A friendly delegates to find out these answers but we believe that you should know exactly what is going on at this moment.
Delegate Mike Smigiel has submitted two PIA requests to the MSP. You can read the requests here. http://delegatemike.com/pia-request/
We will update you with any information as it develops and we appreciate your support. Without you and your support, efforts such as these would not be possible.