By Chuck Strouse
By Scott Fishman
By Terrence McCoy
By Ryan Yousefi
By Ciara LaVelle, Kat Bein, Carolina Del Busto, and Liz Tracy
By Pepe Billete
By Ryan Yousefi
By Kyle Swenson
Although it has cost approximately $36 million to create and operate SPIRIT, Ruvin claims that the system will eventually save money through the elimination of clerical jobs. Right now, he says, SPIRIT saves an estimated million dollars a year, money that otherwise would have gone to employee salaries. And while he concedes it isn't perfectly secure, it represents a "warp-speed jump" from the paper-based system it has begun to replace. "This is light-years ahead of any traffic system in the country," he boasts.
But optical imaging systems come with their own evils. They slow down, they freeze, they crash. They need upgrading every few years as the computer industry rolls out new versions of software and operating systems (the SPIRIT application relies on Oracle, FileNet, Windows, and IBM's AIX to function). And in some cases, their databases can be penetrated.
County programmers found problems with SPIRIT soon after Andersen Consulting began developing the application in 1993. Many of those problems, including the vulnerable security mechanism, had not been resolved by 1997, when conversion of the traffic-court system to SPIRIT was completed. At that time Andersen Consulting was still managing the project but preparing to turn it over to county programmers. Ruvin hired Tom James in 1998 and Tom McGovern in 1999 as private consultants to manage the handover. As Ruvin's chief information officer, James had ultimate supervisory control over Andersen's employees and the county's tech department programmers assigned to SPIRIT.
Still the security problems remained. Entry to the database -- which stores DUI, speeding, and other citations, as well as trial records and judgments -- requires just one shared user ID and password. This ID and password are hard-coded into the application, which means they haven't been changed since the program was written and can't be altered without extensive reworking of the code. Thus about 50 current and former programmers possess that crucial security information. In addition the clerk's office employs some 200 people involved in the processing of traffic citations, all of whom could enter the database if they obtained the ID and password and gained sufficient programming knowledge. If SPIRIT were expanded to the entire court system, the number of support staff would likely double, plus twenty additional programmers would be given the ID and password, or could easily find them.
In 2000 Randy Feigenbaum, a senior county programmer who had joined the SPIRIT team a year earlier, analyzed the security problem. "Providing adequately sophisticated security was beyond the resources of the development team," he wrote in a memo. He offered a proposal for rewriting the application so a security administrator could more tightly control database access through the use of IDs and passwords the administrator could cancel at will. Feigenbaum, who retired this past January at age 61 after 30 years with the county, says Tom James and Tom McGovern ignored his proposal. "If the information in the SPIRIT database represents something of value and is therefore a target for criminal activity, then there are more than enough people with the capability of attacking that database," Feigenbaum warns. "No program is perfect, but it all comes down to money. This problem can be solved by the appropriate expenditure of money."
Feigenbaum, Byron Jones, and several other programmers with extensive SPIRIT experience maintain that altering court records without a trace is child's play. For someone with access to the computer system, it would be this simple: Click open the Windows 2000 menu in the lower left-hand corner of the screen, select the Programs folder, open the program called SPIRIT. In the window that pops open, type in the same user ID and password that has been used since 1993, and enter a database called FileNet. Scroll through the columns and rows of data until the one containing the record to be altered appears. Click on the row to highlight it. Then hit the delete key. Finito. And there's no way to trace the culprit. That row of data was the only link to the scanned citation image burned onto an optical disk (like a big CD) housed at tech department headquarters. Theoretically someone could find the citation image again, but he'd have to know it was missing in the first place and then search through millions of other image files on the disk.
Instead of permanently losing your right to drive because of one too many DUI or speeding convictions, why not bribe someone to tamper your citations into oblivion? A devious programmer or hacker could alter citation scans and pretrial documents, and modify judgments, say the programmers. It's even possible to move a case through SPIRIT's automated court calendar without it ever coming before a judge: Type in the server address for the county courthouse where the case is to be heard. Find the window pertaining to the case. Change one field from "00," which means case pending, to "05," case heard. It's unlikely anyone will notice and very likely the case will simply disappear. And because of the database design, there's no way to determine who made the changes.
Want to steal some money? Easy. Just enter the fines paid by several different traffic violators into one individual's file. The system will recognize that the person had overpaid and the clerk's office will send out a refund.