In response to an Ars report on a court docket listening to in New York on October 17, New York Metropolis and New York Metropolis Police Division officers tried to make clear the character of the problems surrounding a lawsuit filed by the nonprofit authorized protection group Bronx Defenders. In response to reporting that the Property and Proof Monitoring System (PETS) did not have database backups, NYPD Deputy Commissioner Stephen Davis stated by way of e-mail, “Opposite to some revealed experiences suggesting that NYPD doesn’t electronically again up the information in its Property and Proof Monitoring System (PETS), all such knowledge is backed up repeatedly in a number of knowledge facilities.”
That assertion would seem like in direct battle with an affidavit filed by city attorneys (PDF) within the case, through which NYPD Director of Strategic Expertise Applications Christian Schnedler said, “Presently, there isn’t a secondary or back-up system, and no repository of the information in PETS outdoors of PETS itself.”
Schindler’s affidavit, which is a part of the NYPD’s effort to dam an exterior audit of cash-seizure knowledge recorded in PETS, claims that the system is so fragile that even simply utilizing a “Net scraping” device to retrieve cash-seizure knowledge may collapse the entire system. “The danger of introducing and working a generic Net scraping device into a posh, functioning legislation enforcement database, which has no backup system, is to threat disrupting NYPD operations, corrupting and/or dropping some or all the knowledge, with out a option to retrieve it,” Schnedler testified below oath.
The NYPD has sought to dam a swimsuit by Brooklyn Defenders requesting knowledge on money seizures by the division, claiming there isn’t a option to export that knowledge from the system, which metropolis attorneys say just isn’t primarily based on an IBM DB2 database. This conflicts with a Capgemini description of the system given when PETS was nominated for an award in 2012. At the moment, Capgemini said:
Capgemini utilized business business greatest practices within the supplies administration and warehouse administration areas to the federal government/public sector: SAP gives a tier one, totally built-in software software program resolution. Its greatest apply enterprise processes are utilized by 80% of Fortune 500 firms worldwide. The answer contains an IBM DB2 database, a pacesetter in whole system availability, scalability, and safety. The PETS software is delivered on a state-of-the-art IBM z10 mainframe pc platform, devoted to the SAP resolution at NYPD. It integrates with different key NYPD functions to cut back knowledge redundancy, enhance effectivity, and assist guarantee knowledge accuracy.
One other vendor might have changed IBM DB2, as Capgemini is not the contractor supporting PETS, based on Schnedler’s affidavit.
Davis’ assertion would seem to conflate NYPD’s enterprise continuity plan with “backups.” The PETS system is replicated throughout a number of NYPD knowledge facilities, however all copies of the system are in lively use. That will imply that if one thing have been to deprave the information within the system, or if there was an area failure at one of many knowledge facilities, some knowledge would probably be misplaced.
The PETS front-end is a Net interface into the SAP ERP system PETS relies on. Within the affidavit, Schnedler stated that “the usage of Net scraping or knowledge mining instruments” to extract knowledge from the system to gather money seizure knowledge can be “inadvisable as to the danger of safety breaches and the good threat of damaging or disabling the database.”
“Net scraping”—the usage of a device to tug knowledge from a Net interface to an info system—can be an excessive amount of of a burden, he steered, as a result of “NYPD info safety consultants typically don’t allow the usage of Net scraping instruments from the Web as a result of heightened concern for potential threats to the safety, confidentiality, and integrity of legislation enforcement info… Thus, NYPD is unable to obtain and make the most of a Net scraping or different knowledge mining software with out first reviewing its safety implications, doubtlessly together with penetration testing of the device and its supply code.”
Since business display scraping instruments typically use the Net interface to get to knowledge from a trusted shopper on the community, that might imply NYPD is unsure of the safety of PETS itself. Schnedler testified that the NYPD has no inside experience within the PETS system’s internals. “The present vendor contract from PETS is upkeep solely,” he stated within the affidavit. “The unique PETS vendor didn’t present documentation for upgrades or adjustments to the software program.”