DDA Info Policy
to: Susan Pollay <spollay@a2dda.org>
bcc: Mayor Hieftje<JHieftje@a2gov.org>, Edward Vielmetti
Dear Susan,
I’m writing to follow up a (as yet, unreturned) phone call expressing my concern for recent actions taken by the DDA involving access to real time parking data. As you know (summarized here http://www.voiptechchat.com/voip/255/a2dda-blocks-asterisk-parking-data/ and in a number of other articles) the DDA has taken action to prevent access of publicly provided information to specific individuals citing “security risks”.
I would greatly appreciate a list detailing these security risks, the process by which they were identified, and the names and titles of the people at the DDA (or people who the DDA contacted) who have the necessary technical expertise to both determine and enact this identification process. A reply by email is sufficient, although I am willing to submit a formal FOIA request by mail for this information.
To address how these security risks are currently being solved:
It appears that the parties you’ve specifically targeted were accessing a publicly available webpage (http://www.a2dda.org/parking__transportation/available_parking_spots/) and transforming the information on this page into an alternate format.
If you truly believe that providing real-time parking data represents a threat or risk, I’d suggest you remove that information from a publicly available site. There is no difference between human- and computer-initiated requests for a web page. To all the systems involved in the process both human- and computer-initiated request are identical and expose identical risks.
Accessing this public information and repurposing it for different forms of consumption is a trivial computer task for many of Ann Arbor’s technical community.
Here is an application designed for Apple’s iPhone to access that same data http://a2-park.appspot.com/#_home
Here’s is the real time parking data presented in XML format: http://a2parking.heroku.com/
Here are the 30 lines of computer code that make this possible: http://a2parking.heroku.com/source
I’m providing these examples to show that there are several parties who are actively using technology to provide different or supplemental access to real time parking information. I’d also like to note that the technology to repurpose this data is simple enough to craft that your current measures to tighten this alleged security risk (blocking a specific computer address from accessing your site) are woefully inadequate and can be effortless circumvented: a new computer address can be obtained daily, hourly, every minute, or even for each specific attempt to access your site.
I believe the parties you’ve targeted are attempting to resolve this matter personally rather than technically. If you don’t already realize, it’s extremely polite and politic of them to use this as teachable moment to improve the DDA’s (and city’s) information policy. It would be far less effort on their part to make the DDA’s opinion in this matter irrelevant. You should understand their willingness to invest time and knowledge solving their problem in a way that also improves the city as an act of civic volunteerism on par with any other trained expert who offers their free services to the city.
If, as most of us suspect, there are no real “security risks” and you are simply spreading libelous fear, uncertainty, and doubt about local volunteers attempting to provide a valuable, free, and open service I strongly suggest you reconsider before adopting this as the city’s policy for public information reuse.
Difficult though it may be for traditional business people to understand, it’s extremely common in the tech community to both provide services like the one you’ve blocked *and* to release the valuable parts of the service (the code) into the public domain for unlimited reuse by anyone (including the DDA). You don’t stop that kind of innovation; you support it, publicly and loudly, in hopes of fostering more innovation and attracting the dollars of tech companies who would rather stay in a hip city that “gets” them instead of packing up for California or Chicago.
My final request and comment. If you *are* just trying to deny access of publication information to parties who use this information in ways you don’t like (or fully understand) could you at least use the old “it’s for the safety of the children” yarn? I recognize that “security” has recently become the preferred false pretense for pushing through unfavorable policy at the state and national levels, but “safety of the children” has a long, successful history of ushering ill-advised decisions into official policy or law. ”Safety of the Children” doesn’t expose ones ignorance of technical matters or alienate a lucrative industry. It has the added benefit of being nearly impossible to counter with any form of logic because it encapsulates the powerful “Are you saying you don’t think we should protect the children?” retort.
