Invading Privacy for School Credit

veryloco writes "Students in Prof. Avi Rubin's Security and Privacy course at the Johns Hopkins University completed a project where they gathered as much public data on residents of Baltimore City as possible. One interesting fact was that 50 deceased persons voted in the last election. Read on to find out what other interesting tidbits were discovered."

Re:OT: Article formatting

[Cecil]

Absolutely! Also, I love how you can click on the right half of the article to move to the next page, or left side to move back... it's completely contrary to web standards but it's so useful that I just love it anyway. The whole website's entirely Firefox compatable, has no shitty floating javascript toolbars or other garbage

I regularly point to it as an example of excellent corporate webdesign, but I don't think it gets NEARLY enough credit. It's a fantastic website.

invasion?

[spoonyfork]

How is a sustainable and legal business model of data warehousing and resale an "invasion" of privacy?

Necromancy

[Doc Ruby]

Rubin has been one of the people screaming the past few years about how easy the elections would be to hack. Now it seems that he's widened his scope, showing how much of a joke is any attempt at precise counting of so many people.

We need election laws that guarantee the margin of victory is larger than the sampling error. In fact, we need a law that requires the office get at least a simple majority (50%) of the eligible voters, or it goes unfilled. With so few eligible voters actually voting, that would force districts to hold runoffs, and parties to get out the vote. Or just get outnumbered by the representatives from districts which do turn out. Put a little competition into our rotten voting system, and cut out the deadwood.

multitiered privacy

[Felgerkarb]

I suppose this is a good opportunity to suggest an idea I have about protecting private information. There is a whole spectrum of sensitive information about a person, and a similar range of people who want every last tidbit of information completely private to those who are clueless or just unconcerned. There obviously should be a middle ground that allows for reasonable exchange of reaosnable information, but protects that which is truly sensitive.

I've thought, and I'm interested in (constructive) comments, that a three tiered system should be used. The 'green' level, is basically that which any person can get freely, which should be equivalent to that info one can get just by, let's say, seeing you in the street. Basic physical parameters. If a person chooses, they can make other information 'green' such as name and age, etc.

Yellow would be freely available to law enforcement, and to others only with express permision from the individual. This should include credit information, address, ssn, ....city hall sort of stuff.

Red would be available to law enforcement without permission only by court order, or with permission from the individual. This would include things like phone records, or other information that currently requires a supoena.

An individual can make information more or less private for the general public (i.e. I can decide that no one shold really know that I am 6'2 with brown hair.) or more available (i.e. I live here, come visit me!). I think an auditing system should be built in, tracking access, informing an individual of the identity of people accessing their information.

Auditing would require a central repository of information, which would then be the only source of the info, and that could be a problem, with privacy/security of information. However, the rest really only requires a change in legislation, but doesn't really provide a mechanism for enforcement or knowing if someone is invading your privacy.

What do you think?

B'More!

[srock2588]

It's actually true, the city has more then just crabs, heroin, and hospitals! Not mention syphilis and a yearly contender for US murder capital. Now they are a hot spot for identity theft, yippee! Its still better then moving to Virginia.

Infrastructure Mapping

[bubba_ry]

This reminds me a news item I saw/read about 1-2 years ago where a student wanted to see if he could map out the U.S.'s infratructure given public records/information. He was extremely successful in that he mapped out whole power grids, telecom lines, subways, etc and overlayed them all. Much to his dismay, he was held from presenting this (his doctorate thesis, I believe) by the Feds who worried that terrorists would want to get their hands on the info.

And if you're a terrorist, that makes sense; someone else has already done the work for you and provided additional instructions on how to do so. On the other hand, this poor guy can't complete his work. And all he did was what any Tom, Dick, or Harry could've done.

Re:Necromancy

[Adult film producer]

How about forcing people to vote, make it mandatory. Fine them if they decide to stay home on election day, in the way of income taxes. Don't Vote? Fine.. You get $250 less this april (or you end up paying $250 more.)

Just on what I've read in the comments/article

[Khyber]

I think this little test should be run in every state. First, let's find out just how many deceased people voted. Find out when they voted, find out their official date of death. If the vote came before their death date listed on the certificate, it's a valid vote. If not, vote stricken down.

To add to this, Every voter should be confirmed as a valid vote by linking with their SSN. There's only so many SSN's out and active today, and if the vote tally goes over the amount of SSNs available, you know something is wrong there as well.

Once an SSN has been recorded as having voted, that number is no longer allowed to be used anywhere else for the purpose of voting for that particular election. Any and all votes should also require other forms of identification, such as your Driver's License, Military ID, Gov't Id, etc. (No picture on credit card BS, anyone can get that.)

And to top that off, get rid of the Electoral College. (Oh, look, I've got a degree in rigging elections!) The whole voting system should not go by who gets the most electoral votes, it should be the TRUE majority of the population that should count in an election, such as it was done 150-200 years ago.

Now on the issue of privacy, unfortunately there are too many holes in the FOIA (Freedom Of Information Act for the legally-unaware) that allow for this kind of information to be gathered, not to mention anyone with enough money, looks, brains, or combination of either/all, could most likely obtain the information from some corrupt individual within an organization, for a nominal fee. (Money, blowjob, massage, whatever, you get the point)

The fact of the matter is that until the people themselves wake up (Seeing as most of the majority of the population, as Sum 41 put it, 'We're hopelessly blissful and blind') and realize that they're being anally raped, without lube, with a dildo double the size of Thor, inserted SIDEWAYS, this situation is not going to change. In fact, it will become easier for BS like this to happen as the technology progresses and people become smarter, or dumber as the case may be for certain issues. Until this happens (and pray to whatever invisible being you worship that it happens soon,) we're completely SOL.

Personal addresses

[Husgaard]

In the country where I live it is extremely hard to get the address of somebody from any government (or other public) office. The only place where you can get an address is from our public cencus office. They will give you the address for a small fee unless they have been asked to keep the address secret (in which case you cannot get the address at all).

You may ask why. This came about after a few cases of abused women trying to flee husbands and starting a new life in another part of the country, but being found and battered by their former husbands. When the media found out that the former husbands had gotten the new address of their former wifes from public offices, we had a sensible political reaction.

But then, I live in a european country. In Europe we have a very different attitude to, and better laws [eu.int] on the treatment of personal information compared to the US.

Re:It was over long ago

[It doesn't come easy]

If you maintain a totally horrendous credit rating, no one can steal your identity...

zerg

[Lord Omlette]

I fail to understand how any discussion of privacy can possibly take place w/out mentioning ZabaSearch [zabasearch.com].

I even submitted it to /. the other day, but I guess the editors didn't want any random /.er to search for their home phone numbers and every single place they've ever lived.

Ironic?

[Anonymous Coward]

Compare these headlines: Today

"Students in Prof. Avi Rubin's Security and Privacy course at the Johns Hopkins University completed a project where they gathered as much public data on residents of Baltimore City as possible."

versus this [slashdot.org]

"Local news in Chicago is reporting about two Hinsdale Central High School students who breached their school's computer system and retrieved all of their peers' (plus staff's) Social Security Numbers."

So it's ok if a group of College Students gathers information by social engineering and invade the privacy of thousands. But if a kid in high school manages to get the same kind of information on far fewer people, demonstrating his technical skills (and his poor sense of understanding or responsibility in terms of computer ethics, which is somewhat to be expected of children), then it's suddenly this horrible crime which needs to be punished by expulsion and decades behind bars!