Via Wired’s Thread Level blog, we find this: FBI Spy Docs Show G-Men Don’t Understand Security. And they’re right. Click through.

Instead of personal userids, the FBI relies on log sheets. This may provide sufficient accountability if everyone follows the rules. It provides no protection against rule-breakers. It is worth noting that Robert Hanssen obtained much of the information he sold to the Soviets by exploiting weak permission mechanisms in the FBI’s Automated Case System.