Invading Privacy for School Credit 422
veryloco writes "Students in Prof. Avi Rubin's Security and Privacy course at the Johns Hopkins University completed a project where they gathered as much public data on residents of Baltimore City as possible. One interesting fact was that 50 deceased persons voted in the last election. Read on to find out what other interesting tidbits were discovered."
OT: Article formatting (Score:3, Insightful)
When did they die? (Score:5, Insightful)
Ah, but did they die right around election time. Could they have sent in an absentee ballot before they died? Or did they die on election day after they voted? Not having all the info can lead to misleading ideas in our overactive imaginations.
Or, it could be like the earlier post... zombies or ghosts.
Re:50 deceased persons voted in the last election? (Score:3, Insightful)
How is public data considered private? (Score:5, Insightful)
1500 dead people were registered to vote (Score:5, Insightful)
Re:OT: Article formatting (Score:3, Insightful)
Once again: it is FINE to use JS to enhance your web site, but making it a REQUIRED part of your site is foolish.
It was over long ago (Score:5, Insightful)
So what is the solution? Just prepare for your identity theft now, keep good records and generally don't be a jerk to those you post about and email. Because its all out there.
Re:OK, I'll start the flame war.... (Score:4, Insightful)
Re:How is public data considered private? (Score:3, Insightful)
This is called sensitive information. Public, but it should still only be made available to people who will not abuse it.
There is enough public information about most people to destroy them. (mostly financially, but there are other ways to destroy someone, with or without killing them) Than information needs to be public, because there are honest uses for it. However it needs to be restricted who can access it because of the damage they can do.
Cemetery records are public. They should not be available to just anyone with an internet connect though because you want to make it hard on those voting in a dead person's name.
Invasion of privacy? (Score:5, Insightful)
I'd say that the opposite is true - this information is in the public domain, and the students were able to demonstrate how easy it is to access and collate, thus stimulating debate (look, we're having a real debate, on Slashdot!).
Invasions of privacy, in my mind, constitute one of two things. 1) Attempting to make someone reveal personal information about themselves that they may not want to, or 2) revealing data on someone else that you have not been given permission to reveal.
While some of the original sources of the data that the students used could have invaded privacy to get the data, by using data already in the public domain the students weren't invading privacy.
If they'd acted illegally or persuaded someone to breach someone else's privacy as part of the project, that would be another thing, but the students weren't allowed to do that as part of this project.
Centralized government control the worst thing (Score:1, Insightful)
And it's a crime to watch the border ... (Score:1, Insightful)
Re:50 deceased persons voted in the last election? (Score:3, Insightful)
This happened last autumn to students at the University of Pittsburgh (main campus) who signed a petition to legalize marijuana.
The point is, both major parties (and probably many minor parties) will do everything they can to get votes. Whether that means screwing people out of the right to vote or voting as dead people, they're going to do it. How about next time you show a little class, dignity, and honesty and confront the real problem - voter fraud - instead of twisting it into something that fits your personal political preference.
I love this quote: (Score:2, Insightful)
Umm, you know, maybe the government should do that as part of the electoral process? If felons can be removed from voting lists, so can dead people.
Yes! Nothing would make the country better... (Score:1, Insightful)
MORE WONDERFULLY STUPID IDEAS!
Re:multitiered privacy (Score:3, Insightful)
The problem most people have with the data being publicly electronic is not that it's available - the problem is that it becomes easy to correlate with other public (or private) information.
Your 'solution' pre-correlates all that data, and practically mandates that everyone exist in the database. The access levels don't actually provide the security you think they will, when a court order is just a document or a digital signature, and the database is available to every police station or library. No amount of security or encryption is going to solve the huge undertaking it would be to create an access database that actually works, nevermind securing the machines from even simple attacks.
-Adam
Re:Necromancy (Score:4, Insightful)
Of course, leaving unpopular seats empty isn't a silver bullet. People should be able to cast votes anytime in the month of November. A floating federal holiday, schedulable any time in November, should be validated with a poll receipt. And the feds should allocate each voter a unique, one-time voter ID# discarded upon authentication at the polling place - even if that's a telephone. That would at least make voting as convenient to modern voters as the old way was for ancient voters.
Re:How about Chicago? (Score:5, Insightful)
See, someone who owns a home, rarely moves or changes address, and has a steady job is fairly easy to verify as "yep, we know who this person is, and they're a legit voter."
Someone who moves frequently, doesn't necessarilly have a lease in their own name, works a series of small jobs, doesn't have or doesn't know their social security number, is harder to verify. Some of these "registered voters" are probably illegal immigrants. But some are citizens--many homeless or urban poor. It's extremely difficult to seperate the wheat from the chaff here.
So, the net is we get a pool of "hard to verify" voters. Some legit, some not.
The reason this is a political football is because (again) these tend to be minorities, and minorities in urban areas tend (again, just statistics here) to vote Democratic. So, counting all these "who knows?" voters gives a slight edge to Democrats.
Which is why Republicans shout "Fraud! Throw the votes out!" and Democrats shout "Disenfranchisement! You can't turn away a single legitimate voter! And attempting to fix the system in any way is a blow to democracy!"
I'm sure if the voting record was pro-Republican from this demographic, the positions would be reversed.
Anyways, Chicago's an overwhelmingly Democratic (in the political party sense) town. So don't bet on seeing this any time soon.
This was the major issue with party "challengers" stationed at key poling places in swing states in the last election, and the concept of "provisional ballots" for voters that you heard so much about last November (if you happen to follow US news...)
Re:How is public data considered private? (Score:5, Insightful)
Consider this metaphor: Someone is talking very quietly on their cellphone in a public park. If someone sits on the bench beside me and intently starts listening in on my conversation, at what point does that person's actions become an invasion of my privacy?
You're getting caught up in the semantic differences between "public data" and "privacy". "Public data" is simply defined as information that can be obtained legally and freely. "Privacy" though means different things in the literal, personal, and legal senses. And then we wonder about exactly what it means to "invade" one's privacy. Regardless of whether the data about me is public or not, if someone learns something about me I don't want them to know, I can consider that an "invasion of privacy".
Re:Necromancy (Score:1, Insightful)
neither were gonna do what they said, but hey "yup yup he's for america"
we honestly dont have a problem with not enough people voting, we have a problem of too many people voting.
It's all there - taxes, political contributions (Score:5, Insightful)
Where I live now, anyone and their mom's dog can look up the tax records of my property. This database is searchable by either name or address and returns how much a given property has been accessed for (plus the five year history), how much the current taxes are, a picture of the property (which is often the front of the house), and sometimes the floorplan of the house. Not only would I never provide this information to any of my friends (much less a stranger), but I'd consider it rude if they were to ask.
Another invasive database, which has been mentioned several times here on Slashdot, is Fundrace. I work very hard to make sure that my political views are not know at the workplace. However Fundrace allows anyone to search by name or address who gave how much to a given political candidate or party. I understand the value of tracking political donations, I really do. Should my employees or peers have the capability to track me specifically? It somewhat defeats the point of the secret ballot. I'd love to contribute money to those candidates which I support, but I won't.
My colleagues don't need to know how much I make, pay in taxes, or contribute to a given political organization. At best the information simply satisfies some misplaced curiosity, but more likely this information is used to judge (often incorrectly) without any opportunity for a rebuttal or explanation on my part.
Re:election fraud (Score:1, Insightful)
Re:50 deceased persons voted in the last election? (Score:2, Insightful)
Missing the obvious (Score:4, Insightful)
. . . whose group discovered 1,500 dead people who were also listed as active registered voters. Fifty of those dead people somehow voted in the last election.
The 1500 are the ones you want to be concerned about, because if they're not removed from the rolls, their votes can be used fraudulently in the next election. The 50 are not necessarily a problem at all. This course was taken over the course of the last semester. I'm surprised it hasn't occurred to anyone that:
Most of those 50 dead people voted in the last election because they were alive during the last election. They probably died during the months following that. People do die, y'know.
Re:invasion? (Score:3, Insightful)
For counter-example, in mosts states it is illegal for you to own lockpick tools, switchblade knives and machine guns. Such ownership causes no harm to anyone yet they are significant enough enablers for you to potentially do harm that your posession of them is outlawed.
Similarly your acquisition of personal information is a significant enough enabler for you to do harm to the owner of that information that such posession should be outlawed.
Re:Ok, I'll burn the karma (Score:1, Insightful)
See also Volusia County, Florida. Negative votes for Gore in 2000... ok, that might be a glitch. Then shit happens in the same county with the same election board in 2004. Certainly looks less like a random error to me now.
Or they voted absentee (Score:3, Insightful)
Re:Missing the obvious (Score:3, Insightful)
OK, but how about this. What about people who take part in the advanced polls, then die before the actual election day? Should their votes still count? They did, after all, cast them early. But on the day of the election, their votes don't necessarily represent the will of the current voting populace.
I remember reading that this exact issue was actually raised during the last US federal election. I never heard how it turned out. Do they still count advance ballots cast by people who died in the two weeks prior to the election?
Identity theft is an illusion. (Score:1, Insightful)
Or, we can eliminate identity theft simply by no longer calling it identity theft.
Say someone goes to my bank and withdraws all of my money. We could call this identity theft, or we could call it "those fucktards at the bank gave all of my money to someone just because they claimed to be me" and thus "those fools at the bank are out $10,000 because they went and gave it to someone they thought was me" instead of "I'm out $10,000 because someone 'stole' my identity."
The term "Identity Theft" is nothing but a way for those who are responsible for identifying people to pretend as if they didn't make a mistake.
Imagine living in a world where you are no longer responsible for making sure that whatever flimsy systems (like knowledge of a SSN) other people use to identify you actually work. You would no longer have to burn papers with your SSN on them (so they don't get dug out of your trash) because it would no longer be your problem, it'd be the problem of the fool who was stupid enough to think that a SSN is some kind of PIN.
That's the real problem here. The problem isn't that this information is available, but that certain people are stupid enough to believe that just because someone knows this information that it means that they are you.