Did you have immigration lawyer watch list on your 2025 authoritarianism BINGO card? If so, congrats! But for everyone else, it’s yet another sad slide into federal control to learn that Immigration and Customs Enforcement (ICE) posted what appears to be a covert roster of immigration attorneys buried on its own website.
The list was discovered by attorney Arlene Amarante, who stumbled upon the list while interacting with ICE’s website and found her own name on it. The list has since been pulled from the website, which is usually what agencies do when a documents is totally normal. Now Al Otro Lado, an immigration advocacy group, has filed a Freedom of Information Act request demanding to know who created the list, why it existed, and what ICE thought it was doing cataloging attorneys in the first place.
How do you even accidentally publish a list like this onto your website? As a web developer I’ve never accidentally copied some random documents to a directory that’s later built into a Docker image. Is this like some FTP server or some other obsolete, Windows-style bullshit? I get really big “open SMB port” vibes from this.
I choose to believe that this is active resistance from within.
I really, really hope you’re right.
If it’s not active resistance, it’s the usual incompetence of fascists
Never rule out intimidation
You don’t accidentally publish the list.
At very large organizations, sharing files easily is a pain in the ass. The available tools are usually tied to your Active Directory, which means you have to know who you’re sharing with, or at least have some idea of what permission groups allow what access.
To share documents appropriately, you still have to do the hard work of finding out who and what permission groups you should be sharing with, even if that means coordinating with other IT teams to make sure you understand their permissions structures properly.
Or you half-ass it, and put the document somewhere public and hope the link doesn’t get shared beyond your control (or found).
I guess I’m saying it’s not intimidation, accident, or resistance — just laziness and stupidity. Both of which are not unfamiliar ground for this administration.
Even easier with SharePoint. A part of my job is making sure that users doesn’t accidentally share literally everything with everyone.
Yeeeaahh… At my org our default security policy for all of our site collections prevents sharing outside of our domain, and requires managed devices to access our SharePoint.
To share things outside of our org via SharePoint, a site collection with a different security policy has to be created, and only admins can control the sharing. We can only share with people who have some sort of identity service that can federate with ours.
No user is granted above contribute access, and sharing is turned off. (People can share links, but they cannot change the permissions of an item to share it.).
Theoretically it’s possible that a SharePoint can be created that allows public access, but to my knowledge we do not do that.
OneDrive files cannot even be downloaded by external parties (although they can be viewed in the browser!), and Teams workspaces are also not accessible externally unless by special circumstance.
I would imagine the federal government is… well, hopefully at least as locked down as my work.
I’d go with incompetent. This isn’t too many steps removed from how insecure the no fly list was (iirc, Maia Arson Crimew didn’t have to run any actual exploits to grab that and it was just an insecure jenkins)
Probably attached it in the CMS and didn’t upload the file as private even if the page itself was, or something like that. Users mess up permissions all the time.
Probably there’s a set of pages that require login, and a set of public pages, and since ICE employees are always logged in, if they make a new page, they may not know whether it was internal only or public, and they never checked.