Invading Privacy for School Credit

veryloco writes "Students in Prof. Avi Rubin's Security and Privacy course at the Johns Hopkins University completed a project where they gathered as much public data on residents of Baltimore City as possible. One interesting fact was that 50 deceased persons voted in the last election. Read on to find out what other interesting tidbits were discovered."

How about Chicago?

[Ironsides]

I bet if they had done this in Chicago, the number would be above 5,000 dead voting people. And, many of them would have voted at least twice.

Seriously, Chicago does have this problem and every attempt to cleanse the voting roles of dead voters is shot down as being discriminatory against minorities.

Re:50 deceased persons voted in the last election?

[REggert]

Actually, Kerry won Maryland.

Misleading Title

[shancock]

This article appears in the NY Times today http://www.nytimes.com/2005/05/18/technology/18dat a.html? [nytimes.com]
and the primary focus of the article is on how easy it is to steal identities on line using legal methods and less than $50.

The slashdot title implies that a college course was used to invade the privacy of Baltimore individuals. This is most misleading. While this is nothing new to most readers here, the significant thing is that this article is in a mainstream media publication and may help to strengthen some of the right to privacy laws that are currently under the gun.

full article (w/o bullshit next button)

[Anonymous Coward]

Privacy vs. openness: A data dilemma in U.S.
By Tom Zeller Jr. The New York Times

WEDNESDAY, MAY 18, 2005
BALTIMORE Ted Stevens wanted to know just how much the Internet has turned private lives into open books. So the U.S. senator, a Republican from Alaska and the chairman of the Senate Commerce Committee, instructed his staff to steal his identity.

"I regret to say they were successful," the senator reported at a hearing he held last week on data theft.

His staff, Stevens reported, came back not just with digital breadcrumbs on the senator, but also with insights on his daughter's rental property and some of the comings and goings of his son, a student in California. "My staff provided me with information they got from a series of places," he said. "For $65, they were told, they could get my Social Security number."

That would not surprise 41 graduate students in a computer security course at Johns Hopkins University in Maryland, who, with $15 less than that, became mini data brokers themselves over the last semester.

Working with a budget of $50 and a strict requirement to use only legal, public sources of information, groups of three to four students set out to vacuum up not just tidbits on individuals, but whole databases - death records, property tax information, campaign donations, occupational license registries - on citizens of Baltimore. They then cleaned and linked the databases they had collected, making it possible to enter a single name and generate multiple layers of information on individuals.

The Johns Hopkins students demonstrated - as has a growing chorus of privacy advocates around the United States - that there is plenty of information to be had on individuals without ever buying it (or stealing it) from big database companies like ChoicePoint and LexisNexis. And as concerns over data security mount, the inherent conflicts between a desire for convenience, openness and access to public records on the one hand, and for personal privacy on the other, are beginning to show.

The Johns Hopkins project was conceived by Avi Rubin, a professor of computer science and the technical director of Johns Hopkins's Information Security Institute. Rubin has used his graduate courses in the past to expose weaknesses in electronic voting technology, digital car keys and other byproducts of a society that is increasingly dependent on computers, networks and software.

"My expectations were that they would be able to find a lot of information, and in fact they did," Rubin said.

In some instances, students visited local government offices and filed official requests for the data - or simply "asked nicely" - sometimes receiving whole databases burned onto a CD.

In other cases, they wrote special computer scripts, which they used to slurp up whole databases from online sources like Maryland's registry of occupational licenses (barbers, architects, plumbers), or from free commercial address databases.

"I think what this professor and students have done is a powerful object lesson in just how much information there is to be found about most of us online," said Beth Givens, the director of the Privacy Rights Clearinghouse in San Diego, "and how difficult it is, how impossible it is, to control what's done with our information."

David Bloys, a private investigator in Texas, has helped craft a bill now pending in the state legislature there that would prohibit the bulk transfer and display over the Internet of documents filed with local governments.

There are real dangers involved, Bloys said, when such information "migrates from practical obscurity inside the four walls of the courthouse to widespread dissemination, aggregation and export across the world via the Internet." However convenient online access made things for legitimate users, the information is equally convenient for "stalkers, terrorists and identity thieves," Bloys said.

The bill, which was introduced in Austin by Representative Carl Isett, a Rep

Re:Baltimore City

[Jurph]

"Hons" (residents of Baltimore) make the distinction between "Baltimore City" and "Baltimore County" in their writing. Hearing just one can be confusing unless you know the local geography, and realize that just the word "Baltimore" refers to a large number of towns (like Towson) that are part of Baltimore but are actually in "the county". This map [bcinfobank.com] shows the difference.

Re:50 deceased persons voted in the last election?

[Skye16]

Excuse me, the main campus hit by this in PA was IUP, not Pitt. Pitt was also hit, but apparently not as much.

http://www.post-gazette.com/pg/04296/399788.stm [post-gazette.com]

Re:50 deceased persons voted in the last election?

[Andy Dodd]

Similar problems had at Rutgers University - Voting registration forms for hundreds of students were conveniently "lost" by a Republican county official.

Forget Chicago, Check out Milwaukee, WI

[Anonymous Coward]

Milwaukee, WI has become a much for voter fraud than Chicago. In the last Presidential election, there was:

- over 5600 invalid address on the rolls (including vacant lots)
- 1200 votes from invalid addresses
- 100 votes where people voted twice, or used fake names, false addresses or the names of
dead people
- 278 felons illegally voted
- tire slashing of vehicles meant to bring people to the polls

And this is just the city of Milwaukee. And this is just the proven problems. And this is a state that had the narrowest margin on the presidential race in the county.

Here is a article [jsonline.com] from the Milwaukee Journal-Sentinal talking about the problems and the various suggestions for fixing it.

Re:hey

[mcfuddlerucker]

Please cite [bash.org] it if you didn't come up with it.