Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Privacy United States Your Rights Online

Databases and Privacy 173

Posted by michael from the bonfire-of-the-privacies dept.
A couple of stories made an interesting juxtaposition today. First read this story about information marketers scouring public records to compile personal information. Note the emphasis on cross-linking data from various sources to provide more information than any one source did - databases are synergistic. Now read this column about David Nelson, and its follow-up.
This discussion has been archived. No new comments can be posted.

Databases and Privacy More

Databases and Privacy

Comments Filter:

  • Some comfort (Score:5, Insightful)

    by rgmoore ( 133276 ) * <glandauer@charter.net> on Friday May 16, 2003 @07:50PM (#5977013) Homepage
    From the Courant article:
    While infoUSA allows access to virtually anybody who logs onto its website, ChoicePoint screens subscribers.
    I'm not sure which is scarier, the idea that these databases are being opened to anyone who has a credit card and a willingness to snoop on their neighbors, or the idea that they should be restricted so that only "legitimate" businesses like telemarketers can get it. One way you don't know what kind of lowlives are going to use the data to ruin other people's lives. The other way, many potentially legitimate users will be shut out but some slimy people will still have access because the companies selling the data don't have the same views as ordinary people about which businesses really ought to see it. I guess that's the general problem with data like this; it's tough to know who is going to misuse it until it's already too late, so it's almost impossible to make it available without it causing problems.

    • Re:Some comfort (Score:4, Informative)

      by hswerdfe ( 569925 ) <`slashdot.org' ` ... .swerdfeger.com'> on Friday May 16, 2003 @08:49PM (#5977277) Homepage Journal
      There needs to be some simple rules on DataBases and collection of Information.

      One I am partial to is
      Any Person should have, the Right to request a copy of any and all information a company, or government agency stores about them.

      I find it strange when I can't even look at data that is specifically about me.

      thats the only one I have seen so far that doesn't have much of a down side... ...anybody have any more
      • There needs to be a corollary to that rule - any new information exposed by the process of requesting a copy of information related to you can not be (legally) added to the database

        Ok, a corollary to the corollary - Consent to legally add any newly exposed information can not be a prerequisite for, or in any way influence the process of, getting the requested information.
      • Any Person should have, the Right to request a copy of any and all information a company, or government agency stores about them.

        Thank you, Corporal Carrot.

      • Re:Some comfort (Score:2, Interesting)

        by PetWolverine ( 638111 )
        What we really need is an amendment to the Constitution. The Bill of Rights protects most of our important rights, but one that is conspicuously missing is the right to privacy. Beyond "unreasonable search and seizure", our privacy is not protected constitutionally, and until it is it will be much harder to ensure legally than our right to freedom of speech or religion.
      • I can't cite the exact paragraph but a piece of the law says that "everybody has a right of checking and rectification for every database he is written in. Be it COMMERCIAL or GOVERNEMENTAL".

        AFAIk, this is exactly why the EU protested against the APIS/CAPS program. Because this would violate this fundemmental law (data would go in the US govt without right of rectification in case of error and would stay there for an unknown time).
        • This doesn't help you if you have not been informed that someone is collecting information about your affairs.

          In the article they are talking about the possibilities for re-identification of individuals from public-domain data. I can think of several types of organisation who would profit from that type of information, and none of them would be welcome in my home.

      • comfort ...? (Score:3, Interesting)

        by BrokenHalo ( 565198 )
        I don't know that simple safeguards would, in themselves, be useful. Any Slashdot readers remember that Max Headroom episode about credit fraud? Dated, I know, but as they said, only 20 minutes into the future...

        My point is that if comprehensive data is being collected about you by any organisation with which you have had no contact, and without informing you, you are running into a really dangerous situation which is only too easily abused.

        A simple case would be crimes like burglary (income, address, occup

    • The ChoicePoint Way (Score:5, Insightful)

      by Valdrax ( 32670 ) on Friday May 16, 2003 @09:22PM (#5977411)
      I'm not sure which is scarier, the idea that these databases are being opened to anyone who has a credit card and a willingness to snoop on their neighbors, or the idea that they should be restricted so that only "legitimate" businesses like telemarketers can get it.

      Considering the recent actions [topdog04.com] of ChoicePoint, I find the latter far more scary than the former. At least with the former, I can log into their site and see what they say about me. I can't do that with ChoicePoint. Imagine how different things might be in our country right now if all the banned voters [gregpalast.com] in Florida had been able to see that they were incorrectly on the list before the last Presidential election.

    • Re:Some comfort (Score:4, Insightful)

      by IdleTime ( 561841 ) on Friday May 16, 2003 @09:52PM (#5977537) Journal
      In most other countries than the US, this would have been illegal to collect.

      I know several countries where you as a company would have to apply for a license and with very strict rules as to what you can or can not store of information and for how long and how people can ensure that all the information collected about you can be deleted permanently if you wish so.

      There is no need for any company to have all that information about a person and it severly impacts my privacy.
      • You never had a right to privacy.

        Senator Rick Santorum (R-PA), one of the up-and-coming little neoconservative darlings of the Republican party, made this abundantly clear in an interview [google.com] with the AP several weeks ago. Nobody took much note of what he said regarding privacy, because it was viewed by the press as a "gay" issue since he picked on them specifically. But he was essentially saying that if you did have a right to privacy, government would be powerless to regulate certain behavior, such as you ha
        • You never had a right to privacy.

          Yes, we do have a right to privacy.

          Amendment IX

          The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.

          The problem is that this (and the other amendments) applies to actions taken by government. The US Constitution guarantees no such right when data is collected by a commercial entitiy.

          On a side note, Senator Santorum should more properly be labeled a paleoconservative a la Pat Buchan

  • The New Government Blacklist (Score:3, Insightful)

    by Alien54 ( 180860 ) on Friday May 16, 2003 @07:52PM (#5977028) Journal
    Personally, I would like to add the names of a few politicians and other politically connected celebrities to the "cannot remove list".

    Bet that would make things get sorted out pretty quickly.

  • Correct me if I'm wrong... (Score:3, Insightful)

    by Bold Marauder ( 673130 ) <boldmarauderNO@SPAMgmail.com> on Friday May 16, 2003 @07:55PM (#5977043) Homepage
    ...but isn't this the same set of issues that lead to the various privacy measures that web portals enacted somewhere around 1999?

  • oh no! (Score:1, Funny)

    by edrugtrader ( 442064 )
    someone has probably already cross referenced my slashdot record with my driving record and found that i like to drive with the images turned off!

    this is a dumb story... of course the data is out there... of course you can scour multiple sources and build a more complete picture... its still the same data.

  • Fake ID (Score:3, Insightful)

    by Samir Gupta ( 623651 ) on Friday May 16, 2003 @07:56PM (#5977048) Homepage
    Re: the David Nelson story... what's to stop a bona fide from using a fake ID and name for the reservations? It seems the "no fly" and "fly after stringent checking" lists are a list of names only. Maybe if they had photos associated with the names, this might reduce some of this inadvertent David Nelson discrimination, but it still doesn't solve it, if you're a real terrorist and get some plastic surgery.

    Totally idiotic, and I for one, am glad that I don't work in the US anymore.

    • the idea is that no one knows if they are on the list. so the david nelson has no idea that he is on the list and he may try to fly on his own name and will be arrested. police do these kind of things all the time. you may be suspected in some crime but you have no idea. when you are stopped by a traffic cop, he/she will check your license and see if you are wanted for any investigation. it is just that sometimes, the names are too common, search is too wide, inconvenience is very high, name remains on the

  • Access public records online (Score:3, Informative)

    by Anonymous Coward on Friday May 16, 2003 @07:56PM (#5977050)
    Yes, you can access public records online for free:

    Public records online [got.net]

    Free directory Info from AT&T [anywho.com]

  • DARPA (Score:4, Insightful)

    by anaesthetica ( 596507 ) on Friday May 16, 2003 @07:59PM (#5977069) Homepage Journal

    Looks like we don't even need to worry about Total Information Awareness, Carnivore or our FBI files. The corporations are going to do all the work towards the police state, at the low low rate of $8 a record!!! They gather our information, they push for laws to restrict our freedom and extend the control of a few over cultural symbols, means of communication, and ideas themselves.

    "Fascism should more properly be called corporatism, since it is the merger of state and corporate power"-- Mussolini (I think)

    • Google (Score:4, Interesting)

      by Hatta ( 162192 ) on Friday May 16, 2003 @08:20PM (#5977169) Journal
      Speaking of corporations building databases, Google does this too. From GoogleWatch [google-watch.org]:

      Google records everything they can:

      For all searches they record the cookie ID, your Internet IP address, the time and date, your search terms, and your browser configuration. Increasingly, Google is customizing results based on your IP number. This is referred to in the industry as "IP delivery based on geolocation."


      Seeing as Google provides as much as 75% of referrals, this is an enormous amount of very sensitive information. From the behavior of other internet companies, it's unlikely that google would fight a subpoena for this information, some companies even hand over data on simple request. The threat exists today that one may end up on a terrorist watch list simply because of their searching habits. You may not even even know you've been red flagged.

      • Re:Google (Score:3, Informative)

        by scrod ( 136965 )
        The threat exists today that one may end up on a terrorist watch list simply because of their searching habits.

        Fortunately there are always public proxy servers, and of course this google search proxy available on google-watch as well:
        http://www.google-watch.org/cgi-bin/proxy.h tm
    • My cynicism tells me that TIA is the result of Madison Ave. campaign contributions....

      You think the corporations aren't going to get ahold of that data? You know they're just drooling at the concept of it -- full-time, high-resolution demographic data recording, as good as having us radio collared like bears.

      That pesky concept of "individualism" can go away all together after that...

      • You think the corporations aren't going to get ahold of that data? You know they're just drooling at the concept of it -- full-time, high-resolution demographic data recording, as good as having us radio collared like bears.

        We'll be forced to live like wild animals in some kind of police state!
        -Phil Hartman as Bill McNeal

  • Why can't all the David Nelsons get together and sue for damages? The constitution guarantees right to travel and right to equal protection under the law.

    • Constitution? (Score:1, Funny)

      by Anonymous Coward
      Constitution?? Didn't that burn up a couple of years ago. Seems I heard something about a fire at the National Archive......

      AC Cause I don't wanna make the list.
      • Constitution?? Didn't that burn up a couple of years ago. Seems I heard something about a fire at the National Archive......

        Fire at the National Archives? No, you're thinking of the fire at the Reichstag. It was set by some Moslem.

        Moslems are a great threat to the State and the Volk. We need a strong Fuhrer, unencumbered by such sentimental twaddle as "Constitutions" or "Rights" or "Opposition Parties", to fight the perfidious Moslem.

        Ein Reich, ein Volk, ein Fuhrer!
    • Apparently, being tagged as a potential terrorist is enough to get you locked up without access to legal representation, without a trial, and without even notification to your family. If Homeland Security can do all that without worrying about the Bill of Rights, why would they care about someone's right to travel?

      The interesting thing to watch would be if all the various David Nelsons chartered a private flight to DC... Would they get off the ground, would they be forced down before reaching their destina

  • Good thing databases are perfect! (Score:5, Informative)

    by plopez ( 54068 ) on Friday May 16, 2003 @08:01PM (#5977083) Journal
    Seriously, I spend a large amount of my time working with gov't. and private databases and info sources. Reconciling different views of the universe is nearly impossible. WHen I read about people cross referencing databases the amount of checking, QA and scrubbing required to have any confidence in the results iis horrendous.

    Example: person A gives you a download from thier database into a SS, person B (who may actually work for the same agency or company) supposedly gives you the same information but the 2 version do not match.

    And this is assuming that there are other areas where they may or may not be in alignment (e.g. abbreviations, type of info gathered, spelling variations etc.).

    Now take the combinatorics of tens of thousands of gov't and private DB's, and you will understand that:
    1) A good clean DB is horrendously expensive.
    2) Driven by the profit motive, most compaies are unwilling to take the time and spend the money to properly QA and scrub thier data.
    3) Much of the cross matching is therefore useless due to noise.
    4) TIA is totally bogus. See above.
    5) Having some anonymous DB of information tracking your life is very scary.

    • The integrity and quality of the data isn't so much as important as the sheer volume of it.

      A marketer (or really anyone) who is actually using this data is probably using it on a statistical basis.
      Very few, if any, are using this to check out individuals. What they are doing is focusing in on their target market. This way they dramatically increase their probability of getting a sale... or getting a mark given the potential for abuse.
      For example, someone sets up a "fake" evangelical fund and targets wea
    • But the information doesn't have to be scrubbed. All we need is a LOT of it. Don't assume that the people doing the correlations are stupid. For example, you left information in your post above.

      From your post, I deduce that you have a college level (post-secondary) education [spelled anonymous correctly]. You are not a "professional" typist. [misstyped "their" as "thier". Confirms first point, you didn't use a spell checker]. Since you used "QA" and "DB", you have familiarity with, or work in the Information field. You used the expression "totally bogus". From this, I deduce you are between 22 and 37 year of age.

      I could go on. But I won't. This type of information can be extracted from (say) 10 minutes of your life.

      The point I am making (and one of the articles was making), is that it is possible to track EVERYTHING. ALL the minutes of your life.

      Nothing by itself may be relevant, but it is possible to uniquely identify a person by 3 or 4 markers. These markers may vary, but they CAN be pulled together. TIA is GOING to pull them together. Indeed, private companies are doing it.

      "They" are going to know us better than we know ourselves.

      And, it seems that only reasons are to prevent a few people from blowing things up, and to sell us more razorblades.

      Ah well, progress.

      Ratboy.

      • [I]t is possible to track EVERYTHING. ALL the minutes of your life ... Nothing by itself may be relevant, but it is possible to uniquely identify a person by 3 or 4 markers. These markers may vary, but they CAN be pulled together.

        Right, it's not so much that one data point be absolutely correct, but that there be enough roughly correct points to build a composite picture.

        The metaphor I like for this is of an ever-thickening fog, where as the particle density increases so does the visibility of pattern

      • From your post, I deduce that you have a college level (post-secondary) education [spelled anonymous correctly].

        This is stupid. College generally does not teach spelling, and high-school-only grads have access to spell-checkers also. I have a college degree, but my spelling is sh8tty.

        You used the expression "totally bogus". From this, I deduce you are between 22 and 37 year of age.

        Sometimes older workers purposely use "young" phrases to sound "with it". They don't want to be fired for seeming "too

      • And, it seems that only reasons are to prevent a few people from blowing things up, and to sell us more razorblades.

        ... and so "they" can all trash our Resume because some data entry guy at AT&T screwed up and sends you a phone bill for $5000 which you don't pay so they took you to Court and Felonise you, great system!

        Is the recession really caused by a crash in IT, or because 99% of people in the US are now suddenly unemployable because our great grandmothers had cancer or something? Health insuranc

      • I have no college degree, but I have a large vocabulary and usually flawless spelling.

        But, I agree with your general point. That part just rankled me.

    • And this is assuming that there are other areas where they may or may not be in alignment (e.g. abbreviations, type of info gathered, spelling variations etc.).

      A lot of the variances can be correlated using fuzzy match technology. Everything from "sounds like", to matching on common variations (John and Johnathan, Bill and William), along with looking for initials, sex, location (address, city, postal code), and other commonalities.

      The amount of information required to achieve a 95% match is not that gre

    • Re:Good thing databases are perfect! (Score:5, Informative)

      by stanwirth ( 621074 ) on Friday May 16, 2003 @10:03PM (#5977584)

      Actually, governments and corporations are very willing to spend tremendous amounts of money on:

      • data cleansing and QA
      • data warehousing
      • surrogate key generation
      • data correlation
      • data mining
      • geocoding (linking an address to a lat/lon, identifying the lat/lon with a neighborhood, municipality, county, state, country; linking a lat/lon to an address)
      • database integration
      • data migration
      • legacy systems
      • data audit trail generation
      • dataset purchases
      It's not "impossible" to reconcile different data on the same subjects, it's just a whole lot of work, much of it analysis and data discovery, and being able to do the work typically requires that you be familiar with a variety of RDBMS's, billing engines, debt engines, file formats and platforms. The combinations are almost endless.

      Take heart. You'll start seeing the same kinds of problems over and over: middle initial vs. middle name, spacing and capitalisation issues, address data entered as a small number of big long strings that needs to be parsed out into attributes, date/time format inconsistencies, record doubling, data integrity issues (1 supposedly unique key identifying multiple distinct records), data accuracy issues (data way out of range, data incorrect), null values with meaning, attributes used to identify a range of different things, "smart keys" that are not so smart being used to code everything about a customer in 8 characters, and so on and so forth. And you'll know to look for these "usual suspects" first, and develop some standard ways of dealing with them.

      Metadata management and ETL tools make the job easier, but as you say, data are imperfect. There are plenty of legitimate applications--every merger, acquisition and JV is yet another opportunity for some more mind-numbing, back-breaking, soul-destroying, spirit-crushing DB work. Oh goody. That's why they call it "work," I suppose. I'm surprised the work Neo was doing in The Matrix -- before he found his "calling" so to speak--was something as creative and interesting as software development. The real grind is the big databases. As you so aptly point out.

      Many industries have, as their primary asset, data and data only . Banking and insurance are the classic examples. Companies in these industries are certainly willing to invest in their most important asset, because just about all the money in the world is in databases.

      A database is like a gun. It can protect you, it can kill you. You can shoot yourself in the foot, somebody else can take you out in a 'hunting accident.'

      The difference between a database and a gun is that a gun needs someone behind it pulling the trigger. A database, OTOH, has triggers that can fire based on whatever criteria's been set--like when a 'David Nelson' tries to fly to Peoria. Yah, it's scary, all right.

      • It's not "impossible" to reconcile different data on the same subjects, it's just a whole lot of work, much of it analysis and data discovery, and being able to do the work typically requires that you be familiar with a variety of RDBMS's, billing engines, debt engines, file formats and platforms. The combinations are almost endless.
        Take heart. You'll start seeing the same kinds of problems over and over: middle initial vs. middle name, spacing and capitalisation issues, address data entered as a small n

        • Try using ODBC on joins between three tables, one with 57 million rows another with 200 million rows and a third with 1.5 million rows--using character-based "smart keys." Nah, better to load them into new tables with indexed 64-bit surrogate keys first, and issue the join on the server, in one instance of a DB, don't you think?

          Now try doing diffs (changed data) between two versions of the same DB, where both are OVER 100 GB . Try working with databases between 100 GB and a terabyte with these tools.

        • ... Hint: for a job doing multitable correlates or joins on 100 GB to 1TB production databases each running under different DBMS and OS's, Beliskner , you're most likely going to have to dump ODBC altogether, and implement a comms standard over raw sockets because, besides being functionally inadequately specified, ODBC slows everything down by at least an order of magnitude -- which means the difference between a correlation taking 10 hours or 10 DAYS. If it has to be done EVERY DAY, 10 hours works, 10

          • Oh, and by the way, Beliskner, you've contradicted yourself in two paragraphs. In one, you say that it's your full-time job to repair data, and in the last line, you imply that it's not. I suspect the truth is the latter.

            The latter paragraph meant "if I was posting on Slashdot full-time", I am doing databases full-time. It's a lot like C++ coding, you just hack it until it works right. I've even got SQL Server installed on my home machine so don't you fool with me ;-)

            Try using ODBC on joins between thre

  • DMV (Score:5, Interesting)

    by RightInTheNeck ( 667426 ) on Friday May 16, 2003 @08:02PM (#5977087)
    It was just last year that myself and the other people of Missouri were shocked to find out that the local DMV was selling our personal information to the private sector. Unbelievable, a state goverment run institution that essential everyone who wants to drive and own a car has to deal with. Thats what I call being forced to opt-in.

  • Random Lies (Score:5, Insightful)

    by miu ( 626917 ) on Friday May 16, 2003 @08:09PM (#5977120) Homepage Journal
    I only give good info to my bank, insurance company, employer and the government.

    Anyone else? I Lie. Sometimes I'm a yak herder with a yearly income of ~$6000, other times I'm a "Decision Maker" with a yearly income of $800k+.

    I used to get frustrated and angry when asked for personal info. Now I wind up happy because I'm stickin' it to the man, and the shlub collecting my info is happy because he didn't get called a nosy fuckhead by an irate stranger.

    • Re:Random Lies (Score:5, Informative)

      by Cygnusx12 ( 524532 ) on Friday May 16, 2003 @08:43PM (#5977261)
      Anyone else? I Lie. Sometimes I'm a yak herder with a yearly income of ~$6000, other times I'm a "Decision Maker" with a yearly income of $800k+.

      As someone who used to work in database aggregation with this sort of data. I can tell you that we corrollated income as a function of your home value. (Which is freely available right down at your local county court house in most states).

      You typically don't have 800k/yr decision makers living in 12k/yr apartments. There's a process in compilation here, they don't just enter this into a database and sell it.

      • There's a process in compilation here, they don't just enter this into a database and sell it.

        Hmm, perhaps what we need is an auto-spoofing service kinda like a combination of a free HTTP proxy and something like a free online encyclopedia [wikipedia.com]. Rather than submitting information that is obviously false (judged by internal consistency it sounds like from your comment), you should be able to submit a request to a server that generates false but plausible personal data.

  • Carnival Booth Attack (Score:5, Interesting)

    by smiff ( 578693 ) on Friday May 16, 2003 @08:14PM (#5977140)
    Once again, proof [mit.edu] that passenger screening is counter-productive.
    • Here's a breif summary of Carnival Booth

      CAPS is the system where passengers are catagorized and the most dangerous are given special treatment: Additional searches, etc. If you lead a cell of terrorists bent on doing harm, all you have to do is to start sending your men through one at a time when they're unarmed. Eventually you'll know which ones trigger special treatment, and which ones don't for whatever reason. Sine CAPS suppositly uses the same algorythm, once a terrorist knows he can get through u

  • It's times like these when I hope the cockroaches like whatever smoldering heap we leave for them.
    (And no, I'm not off topic, thankyouverymuch.)
  • I work in information privacy and security in health care. The situation is already beyond repair. The only thing giving anyone in the industrialized world any semblance of privacy is sheer numbers.

    I can take your last name, gender, a guess about your age within five years, a guess about what region of the US in which you live, and right here, from the very terminal from which I type this message, probably determine where you have lived for the past seven years, your neighbor's names, your family members' names, your social security number, your driver's license numbers, any public records (criminal, civil, real estate) in less time than it takes to reload slashdot on a busy saturday afternoon.

    The key is that the results I get back will be fuzzy, I'll have to try to make sense of them, and not all of the hits will be accurate. But anyone with a brain can sense a "theme" running through the hits and nail your ID beyond a reasonable doubt.

    Think you're off the grid? Only if you have never applied for utilities or credit of any kind, never gotten a publicly issued license, and never graduated from any school. If all that's true, why would I be looking for you anyway? You can't buy anything.

    We need to collectively grow up here. It's not about limiting our invasions of privacy, we need to be licensing and bonding people who can mine it, like we license doctors, attorneys and cops.

    The information really is out there, and it really is indexed, and it really is being used. That's why these Internet cookie monsters are so bold and shameless. They're not doing anything new and they know it.

    • I can take your last name, gender, a guess about your age within five years, a guess about what region of the US in which you live, and right here, from the very terminal from which I type this message, probably determine where you have lived for the past seven years, your neighbor's names, your family members' names, your social security number, your driver's license numbers, any public records (criminal, civil, real estate) in less time than it takes to reload slashdot on a busy saturday afternoon.

      OK.

      • I can't comply with your request without also violating the law and the user agreement for the DB service we use. I wish I could, I wish you could. We should own our own information, but we don't.

        Yes, your search would return many hits, but understand that if I were doing this in the proper context, I would also know that you've interacted with my employer and what the details of that interaction were, so you have a point--it's not exactly true that I could just pick you out cold from the hits on those p

    • David Brin had it right (Score:5, Insightful)

      by A nonymous Coward ( 7548 ) * on Friday May 16, 2003 @08:34PM (#5977223)
      In Transparent Society, he said we can't keep that privacy, like you say, it's long gone from the barn. But trying to restrict who gets to see it is also a long gone horse. The rich and powerful will always have access, legally and openly or otherwise.

      Best to let EVERYBODY look at ALL info. Right now, the rich and powerful can look at everybody's info, but (1) we don't know it, and (2) we can't look at theirs.

      I'd rather be able to look at everybody's info, including the rich and powerful, even at the tradeoff of knowing that my neighbors are looking at mine.

      The problem isn't that the info is available. The problem is that it is only available to the rich and powerful.

      • privacy vs openess (free vs. totalitarian) (Score:5, Insightful)

        by Broadcatch ( 100226 ) on Friday May 16, 2003 @11:19PM (#5977849) Homepage
        The problem isn't that the info is available. The problem is that it is only available to the rich and powerful.

        And it's only getting worse!

        One of the fundamental contrasts between free democratic societies and totalitarian systems is that the totalitarian government [or other totalitarian organization] relies on secrecy for the regime but high surveillance and disclosure for all other groups, whereas in the civic culture of liberal democracy, the position is approximately the reverse.
        -- Professor Geoffrey de Q Walker, dean of law at Queensland, critiquing ID cards (1986)
      • In some societies, privacy is a matter of politeness. Lots of things happen where everyone can see them, it's just rude to see things you're not supposed to.

        If all info was available to everyone, you could legislate the same sort of politeness: spamming is illegal, following people who have asked for you not to follow them is illegal, identity theft is illegal, that sort of thing. Everyone would know everything, yet everyone would have an imitation of privacy.

  • Liberty and Security (Score:5, Funny)

    by Poeir ( 637508 ) <poeir@geo.yahoo@com> on Friday May 16, 2003 @08:23PM (#5977178) Journal
    From the article, "They [David Nelsons] realize there are trade-offs between liberty and security."

    That trade-off would be, "We, the Government, take your liberty, and give ourselves security."

  • Subvert the system for fun and profit (Score:4, Interesting)

    by arikb ( 106153 ) * on Friday May 16, 2003 @08:24PM (#5977180) Homepage
    It is obvious that privacy is an illusion. Once the information is out there and can be correlated, there is virtualy nothing you can do to keep it out of anybody's hands.


    There is a way, however, to maintain your privacy where it matters. They want to collect information on you? Fine, let them. But insert some misleading data into those records. Here is just one way to do it:


    Take two persons, of similar hight, eye color, skin color and hair color. They are good friends and developed a relationship of trust between them. They are not criminals and have no criminal intentions. These two persons can each have two copies of their identfications - say, two copies of a driver's license (say one is "lost"...). One copy they of course give to the other one. One of them must be the 'good person' and one must be the 'bad person'.


    Now imagine one of these persons is stopped for a traffic violation. He hands over the 'bad person' ID, and the traffic violation is registered on his name. He doesn't own the car, though - because the car is registered to the 'good person'. When it's time to pay insurance, and the 'good person' record is being pulled, it's a clean slate.


    The sample here is sketchy at best, won't work if the car history is checked as well (unless...), and I don't want to give any more ideas to anyone here, but it is possible to fake the records just such - have someone else buy your house, and have a contract with this person saying he has no claim in it, switch salaries with your neighbour, bank accounts... If it has a purpose.


    Don't do it 'just to spite', because every such transaction has an inherent danger, but if done right and to an end, it can be beneficial to the people involved, despite the best efforts of those information correlators to the contrary.


    Oh, yes, standard disclaimer apply, use this information at your own risk, don't come yelling to me, it's probably highly illegal, be warned.

  • ..the company does care about privacy; any consumer can call the company and have his or her data suppressed.

    Just thinking about how much this information is worth (especially if it's linked to a social security number) should make all of us very uncomfortable...

  • Here's a scary database . . . (Score:4, Interesting)

    by jaske ( 177320 ) on Friday May 16, 2003 @08:29PM (#5977205)
    A database that appeals to Mom's, grandma's and any Hallmark-loving sucker with a modem:

    http://www.anybirthday.com

    It's got that great hook: birthdays (so sweet and innocuous)! And of course you can "remove" yourself from the database. The only question is what happens once you remove yourself, and confirm your birthday, identity, etc.

  • What happened to "information wants to be free"? (Score:1, Insightful)

    by Anonymous Coward
    What happened, Linux lovers? Double standard, perhaps? Hypocrisy?

    The silence is deafening.
    • Actually, yes, it wants to be free. FREE. Not paid for and not accessible only by people who are wealthy or powerful, or who work for the government and get special clearance to it. Here's an idea, lets set up our own free service/servers to host information and make it free to everyone, because that's the only way to fight the access controls that are being put on data.
    • I only exist on the net in the form of information (filled registration forms, /. posts, IRC transcripts (some channels record them), my 'signature' on an anti-war petition, etc), that information is me in some sense. And I want to be free, not owned and sold wholesale by some company.

  • I just called... (Score:5, Funny)

    by Barkmullz ( 594479 ) on Friday May 16, 2003 @08:37PM (#5977233)
    But he does say that people who want to see if their name is on either list or who want to make a complaint, can call the agency's contact center at 866-289-9673 or send an e-mail to TellTSA@tsa.dot.gov.

    - "Hi, my name is Rob Malda [cmdrtaco.net], am I on the list?"

    - "You are now." [click]

  • How to help change this (Score:1, Insightful)

    by Anonymous Coward
    What I was to know is when can I get a complete, real-time dossier on every member of the U.S. Congress.

    And lest anyone be fooled into thinking that just passing some laws will solve this, I urge you to remember all of the IT outsourcing going on. Our laws aren't applicable to India. An example of this was a recent article on sfgate.com, noting how Kaiser was sending its IT work to India, including the management of databases.

    What we have here is an unstoppable force, that not even Congress can legislate

  • I work for a "Risk Management" company.. (Score:5, Informative)

    by booms ( 38889 ) on Friday May 16, 2003 @08:42PM (#5977255) Homepage
    And honestly, you'd be surprised how many privacy laws we have to follow (which is a good thing). For instance, we only sell accounts to people who have a legitimate purpose for searching information (such as insurance companies when you apply for insurance, law enforcement agencies to track down criminals, collection agencies who are trying to track down people who skip payments, etc.). If I were to search for information about someone besides myself or others in the development team whom have agreed to let me search their names, even when testing, I'd be fired within the hour. We have a compliance department who keeps track of all searches, has to report them to various authorities, etc. If someone searches for someone marked as a celerbrity, their account is shut down within minutes and one of our compliance people is on the phone getting documentation about why they searched for that name. In fact, the applications to get to the data we sell are quite nasty, and we only have a very narrow scope of people that we can sell data to.

    I think in general, personal data is protected more than you would think (at least public records, credit agency data, etc)-- I really have no idea how these 'unscruplous' companies get by with public data without having anyone come down on them. I'm a privacy & security advocate, and I don't feel what I do crosses my moral boundries (at least at this point).

    • Re:I work for a "Risk Management" company.. (Score:5, Interesting)

      by TrackDaddy ( 630566 ) on Friday May 16, 2003 @09:12PM (#5977376)
      Not to offend, but... GIVE ME A FSCKING BREAK

      Now, lets talk about how it works in the real world. I wanted a copy of my credit report, so I tried using www.freecreditreport.com (it's not really free, but hey, good marketing). When I submitted my request and tried to set up my account, I was given an error that my password was incorrect. Now, never having set up an account, I thought "hey, this is odd". So I called their 800 number and promptly found out that I did indeed have an account. After about 5 minutes of social engineering, I had the e-mail address that was associated with "my" account. Low and behold, it belonged to a guy that had received a copy of my rental application (yes it is legal for him to get a credit report, but not by impersonating me).

      So, I said to the helpful young man on the phone "you've given my information to someone impersonating me". His response, and that of his supervisor was to tell me I should go file a police report. When I asked if they would take any action, the answer was a very resounding "NO".

      So, I called back a few minutes later, with my new-found e-mail address and talked to another helpful gentleman whom I convinced to change the password and e-mail address on the account so that the previous dirt-bag would be locked out.

      That is how things work in the real world. The companies who compile/manage/sell this information do not give a flying-frig about access control as long as money changes hands along with the data. If someone wants your info, and they have your name and a few other facts... they can get all the juicy stuff w/in about half an hour. Your only protection is the sheer volume of bio-mass that makes up the target group.

      • Re:I work for a "Risk Management" company.. (Score:4, Informative)

        by booms ( 38889 ) on Friday May 16, 2003 @09:30PM (#5977442) Homepage
        Like I said, I don't know how other companies get around all of the various laws. He also violated FCRA by getting information about you which was used in a decision to "allow or deny credit" without it being a place which is certified for that, which is a pretty nasty penalty as I understand it. I don't know the specifics, as IANAL.

        I can see why the local police would probably not do much about it to be honest, but they are lazy for not pointing you in the right direction. If you want, I can ask around to see who the proper authorities would be to report this occurance to.

  • What's wrong with law enforcement these days, anyway?

    They could just submit an Ask Slashdot [slashdot.org] question on "Where is David A. Nelson who works for Tektronix?".

    As we all know, most Ask Slashdot questions can be found on Google [google.com]. Is it really so hard?? Come on people.

  • Face it, we are stamped, coded and catalogued. All they need to do now is make us get GPS chips implanted and the picture is complete.

    We have crossed so any bridges on the way down this road, that short of a complete breakdown of society we are never going to get away from this. We are defined by what we consume, and what we buy. If we cannot purchase we are dead weight. All of society is built around giving us enough money so that we can spend it back to the system. Credit and lending creates money, and

  • Friends don't let friends pay with credit cards (Score:5, Interesting)

    by zakezuke ( 229119 ) on Friday May 16, 2003 @09:42PM (#5977495)
    I'm still a traditional fan of cash, rather then a credit card for most daily transations. It has the benifit of being remarkably easy to budget, as in alocate daily spending, impossible to go over your self imposed set limits. But importantly, it's none too traceable.

    I may be slightly paranoid, but after buying electronic goods at a shop, I got a phone call within days asking me how i'm enjoying my thingie. It's like, "how did you get my number, I didn't give it to you".

    I guess I have in the past given my personal info to radio shack to get free batteries, and actually they send me a christmas gift certificate every year... and actaully I enjoyed getting their catalogs back when they actually had them.

    But the point i'm making is, cash is a remarkable means to provide some privacy. Not that you can't get away from things like morgages, cars, air line tickets, and other larger purcahces, but there is some info that random people don't have the right to know, like an employer checking to see if you buy alot of porn or booze.

  • Gilmore v. Ashcroft (Score:3, Informative)

    by tsvk ( 624784 ) on Friday May 16, 2003 @09:43PM (#5977499)

    From the second "David Nelson" article:

    Dennis Radke finds it ominous. "Given sufficient time, is it unreasonable to expect we Americans will be required to carry travel papers inside the U.S., just as residents of Nazi Germany and Stalin's Soviet Union" did?

    As previously reported on Slashdot [slashdot.org], the issue of requiring ID when traveling within the US has already been challenged as unconstitutional. EFF co-founder John Gilmore sued the government and two airlines for not letting him board aircraft without ID.

    See his site [cryptome.org] for history and court documents.

  • Shockwave Rider (Score:3, Interesting)

    by jefu ( 53450 ) on Friday May 16, 2003 @10:15PM (#5977637) Homepage Journal
    Time for all and sundry to go back and re-read (or read) "Shockwave Rider" by John Brunner. Then remember it was written in 1976.
  • IBM Almaden has a group that works on privacy-preserving data management. Intelligent Information Systems Research [ibm.com] research group. (Note that Srikant Ramakrishnan of the group was awarded the 2002 Grace Murray Hopper [acm.org] award on association rules and data mining.

  • David Nelsons of the world, unite! (Score:3, Interesting)

    by fname ( 199759 ) on Friday May 16, 2003 @11:15PM (#5977839) Journal
    Well, this appears to confirms everyone's worst suspicions about these so-called watch lists. They are ineffective. They tend to brand people as suspects for no real reason, and this allegation sticks even in light of evidence to the contrary. No one involved in accusing these fliers has any real interest in making sure it doesn't happen again, or trying to help this customer, who is, after all, a potential terrorist who might blow up your plane.

    The concept of these watch lists is inane. 19 people have hijacked planes in this country in the last 25 years. There have probably been 5 billion passenger flights in that time. If even 1% of 1% (1/10,000) of these are incorrectly flagged, that's 500,000 false accuation for every hijacker, assuming that they every bad guy is on the list. After 10,000 people are incorrectly flagged, how closely will these rules be followed?

    The problem isn't the existence of the system; a good system could work well and get buy in from the public. A bad system will only serve to alienate people, and it will eventually stop working as no one believes it any more. So you will end up needlessly harrassing innocent people, but since 90% of these "incidents" will be treated as an annoyance, it's doubtful that they'll catch a hijacker anyways. Instead, it will only serve to hassle those who express anti-government views, and those who share their names.

  • Choicepoint in bed with US Govt (Score:3, Interesting)

    by dogfart ( 601976 ) on Saturday May 17, 2003 @01:27AM (#5978410) Homepage Journal
    See this article [guardian.co.uk].

    Quoting:

    Governments across Latin America have launched investigations after revelations that a US company is obtaining extensive personal data about millions of citizens in the region and selling it to the Bush administration. Documents seen by the Guardian show that the company, ChoicePoint, received at least $11m (£6.86m) last year in return for its data, which includes Mexico's entire list of voters, including dates of birth and passport numbers, as well as Colombia's citizen identification database.

    I would worry about Choicepoint if I were you.

  • Use for rich millionaires money! (Score:3, Interesting)

    by mabhatter654 ( 561290 ) on Saturday May 17, 2003 @04:47AM (#5978964)
    Someone rich should buy up entire planes for innocent people [and lots of people with similar names] on the "list" for the Christmas busy season! If several key planes were "flooded" with passangers, air travel would slow to a crawl, and the airlines would suffer for being so stupid to allow something like this in the first place! Because of the smeading system they use, the key is to get a lot of people "near" the list, with misspellings, alternates, similar names to the computer filing system, etc. They wouldn't set off the bells when the tickets were ordered, only at the gate. You could even dilute the groups with friends and family not on the list, but traveling with people who are, who of course won't board the flight without their pals! You would have to buy full-fare tickets, so the people who get hassled and their pals can demand refunds for not being able to fly--airlines worship full-fare travelers. That would make it even worse!

    If someone setup a website for all these people to log on, it shouldn't take more that a month or two to figure out the list.

  • Potential for intimidation (Score:3, Insightful)

    by mariox19 ( 632969 ) on Saturday May 17, 2003 @08:34AM (#5979423)

    Suppose these kind of "security measures," delaying people at airports because their name is on a list, become commonplace in other areas of life: say, bank loans, college applications, flags on credit reports, applying for any kind of license, and so forth. Now, suppose the government leaks to the media the various "reasons" people get on The List.

    1. Using PGP
    2. Knowledge of computer security
    3. Attending a political protest
    4. Writing a "politically incorrect" letter to the editor
    5. Regular phone calls to the Middle East
    6. Listing your occupation as "clerk" on your tax return
    7. Regular surfing to Web sites which have been flagged as "subversive"
    8. Writing cranky posts to Slashdot

    Okay, it sickens me to go on, so use your imagination.

    How will something like this affect the actions of the general population (a.k.a. "sheep")? People will become afraid to do anything that may get them on the list of people subject to legal, unrelenting harrassment.

    People will even be afraid to be friends with such people.

    The kind of character this instills in a citizenry is kafkaesque. People fear do anything "out of the ordinary" for fear that some nameless, intractable and omniscient power will make their lives miserable.

    It's frightening that so many accept these changes as a fait accompli.

  • names for the reject or screen first lists (Score:3, Interesting)

    by rusty0101 ( 565565 ) on Saturday May 17, 2003 @01:50PM (#5980748) Homepage Journal
    George Bush - the pres flies AF1, all others suspicious
    George Washington - rumor has it this is a revolutionary leader.
    Abraham Lincoln - leader of a fight for freedom group.
    Thomas Jefferson - Drafted revolutionary decrees.
    Ben Franklin - supports freedom of information, writes subversive literature.
    David Nelson - no reason, just want to harass a friend of the pres.
    Mahatma Ghandi - leader of a revolutionary group.

    Surely you can add more to this list. We might even come up with all 300 of the no-fly, or screen first list.

    -Rusty

Slashdot Top Deals

"May your future be limited only by your dreams." -- Christa McAuliffe

Close