Slashdot Mirror
Databases and Privacy
A couple of stories made an interesting juxtaposition today. First read this story about information marketers scouring public records to compile personal information. Note the emphasis on cross-linking data from various sources to provide more information than any one source did - databases are synergistic. Now read this column about David Nelson, and its follow-up.
There's no point in questioning authority if you aren't going to listen to the answers.
Bet that would make things get sorted out pretty quickly.
"It is a greater offense to steal men's labor, than their clothes"
...but isn't this the same set of issues that lead to the various privacy measures that web portals enacted somewhere around 1999?
someone has probably already cross referenced my slashdot record with my driving record and found that i like to drive with the images turned off!
this is a dumb story... of course the data is out there... of course you can scour multiple sources and build a more complete picture... its still the same data.
MARIJUANA, SHROOMS, X: ONLINE?! - E
Totally idiotic, and I for one, am glad that I don't work in the US anymore.
-- Samir Gupta, Ph. D. Head, New Technology Research Group, Nintendo Co. Ltd., Kyoto, Japan.
Yes, you can access public records online for free:
Public records online
Free directory Info from AT&T
Looks like we don't even need to worry about Total Information Awareness, Carnivore or our FBI files. The corporations are going to do all the work towards the police state, at the low low rate of $8 a record!!! They gather our information, they push for laws to restrict our freedom and extend the control of a few over cultural symbols, means of communication, and ideas themselves.
"Fascism should more properly be called corporatism, since it is the merger of state and corporate power"-- Mussolini (I think)
The Rise and Fall of Online Community
Why can't all the David Nelsons get together and sue for damages? The constitution guarantees right to travel and right to equal protection under the law.
Seriously, I spend a large amount of my time working with gov't. and private databases and info sources. Reconciling different views of the universe is nearly impossible. WHen I read about people cross referencing databases the amount of checking, QA and scrubbing required to have any confidence in the results iis horrendous.
Example: person A gives you a download from thier database into a SS, person B (who may actually work for the same agency or company) supposedly gives you the same information but the 2 version do not match.
And this is assuming that there are other areas where they may or may not be in alignment (e.g. abbreviations, type of info gathered, spelling variations etc.).
Now take the combinatorics of tens of thousands of gov't and private DB's, and you will understand that:
1) A good clean DB is horrendously expensive.
2) Driven by the profit motive, most compaies are unwilling to take the time and spend the money to properly QA and scrub thier data.
3) Much of the cross matching is therefore useless due to noise.
4) TIA is totally bogus. See above.
5) Having some anonymous DB of information tracking your life is very scary.
putting the 'B' in LGBTQ+
It was just last year that myself and the other people of Missouri were shocked to find out that the local DMV was selling our personal information to the private sector. Unbelievable, a state goverment run institution that essential everyone who wants to drive and own a car has to deal with. Thats what I call being forced to opt-in.
I think you meant Ogg Blah
I'm a partner in a market firm in LA, and I don't understand why /.'s would be opposed to this.
Techniques like this allow us to more effectively advertise products to you that you actually WANT. You don't want penis cream, you won't see it.
Targeted marketing is good for both the business and the consumer. It puts both of you in touch - they sell something YOU want to buy.
Seems like just a lot of kneejerk rebels that oppose this, if you ask me.
Anyone else? I Lie. Sometimes I'm a yak herder with a yearly income of ~$6000, other times I'm a "Decision Maker" with a yearly income of $800k+.
I used to get frustrated and angry when asked for personal info. Now I wind up happy because I'm stickin' it to the man, and the shlub collecting my info is happy because he didn't get called a nosy fuckhead by an irate stranger.
[Set Cain on fire and steal his lute.]
Your father meant it when he said you're a failure.
Once again, proof that passenger screening is counter-productive.
MooKore, at the head of FAILURE!
It's times like these when I hope the cockroaches like whatever smoldering heap we leave for them.
(And no, I'm not off topic, thankyouverymuch.)
Boobies never hurt anyone. - Sherry Glaser.
Seeing as Google provides as much as 75% of referrals, this is an enormous amount of very sensitive information. From the behavior of other internet companies, it's unlikely that google would fight a subpoena for this information, some companies even hand over data on simple request. The threat exists today that one may end up on a terrorist watch list simply because of their searching habits. You may not even even know you've been red flagged.
Give me Classic Slashdot or give me death!
Why is NAMBLA, a organization where the NA stands for "North American", in a .de German domain?
I work in information privacy and security in health care. The situation is already beyond repair. The only thing giving anyone in the industrialized world any semblance of privacy is sheer numbers.
I can take your last name, gender, a guess about your age within five years, a guess about what region of the US in which you live, and right here, from the very terminal from which I type this message, probably determine where you have lived for the past seven years, your neighbor's names, your family members' names, your social security number, your driver's license numbers, any public records (criminal, civil, real estate) in less time than it takes to reload slashdot on a busy saturday afternoon.
The key is that the results I get back will be fuzzy, I'll have to try to make sense of them, and not all of the hits will be accurate. But anyone with a brain can sense a "theme" running through the hits and nail your ID beyond a reasonable doubt.
Think you're off the grid? Only if you have never applied for utilities or credit of any kind, never gotten a publicly issued license, and never graduated from any school. If all that's true, why would I be looking for you anyway? You can't buy anything.
We need to collectively grow up here. It's not about limiting our invasions of privacy, we need to be licensing and bonding people who can mine it, like we license doctors, attorneys and cops.
The information really is out there, and it really is indexed, and it really is being used. That's why these Internet cookie monsters are so bold and shameless. They're not doing anything new and they know it.
The best way to do is to be.
From the article, "They [David Nelsons] realize there are trade-offs between liberty and security."
That trade-off would be, "We, the Government, take your liberty, and give ourselves security."
Sigs are like bumper stickers.
There is a way, however, to maintain your privacy where it matters. They want to collect information on you? Fine, let them. But insert some misleading data into those records. Here is just one way to do it:
Take two persons, of similar hight, eye color, skin color and hair color. They are good friends and developed a relationship of trust between them. They are not criminals and have no criminal intentions. These two persons can each have two copies of their identfications - say, two copies of a driver's license (say one is "lost"...). One copy they of course give to the other one. One of them must be the 'good person' and one must be the 'bad person'.
Now imagine one of these persons is stopped for a traffic violation. He hands over the 'bad person' ID, and the traffic violation is registered on his name. He doesn't own the car, though - because the car is registered to the 'good person'. When it's time to pay insurance, and the 'good person' record is being pulled, it's a clean slate.
The sample here is sketchy at best, won't work if the car history is checked as well (unless...), and I don't want to give any more ideas to anyone here, but it is possible to fake the records just such - have someone else buy your house, and have a contract with this person saying he has no claim in it, switch salaries with your neighbour, bank accounts... If it has a purpose.
Don't do it 'just to spite', because every such transaction has an inherent danger, but if done right and to an end, it can be beneficial to the people involved, despite the best efforts of those information correlators to the contrary.
Oh, yes, standard disclaimer apply, use this information at your own risk, don't come yelling to me, it's probably highly illegal, be warned.
Just thinking about how much this information is worth (especially if it's linked to a social security number) should make all of us very uncomfortable...
http://www.anybirthday.com
It's got that great hook: birthdays (so sweet and innocuous)! And of course you can "remove" yourself from the database. The only question is what happens once you remove yourself, and confirm your birthday, identity, etc.
Down San Antonio way, they'd say of you "He NEEDED killin'"
In Transparent Society, he said we can't keep that privacy, like you say, it's long gone from the barn. But trying to restrict who gets to see it is also a long gone horse. The rich and powerful will always have access, legally and openly or otherwise.
Best to let EVERYBODY look at ALL info. Right now, the rich and powerful can look at everybody's info, but (1) we don't know it, and (2) we can't look at theirs.
I'd rather be able to look at everybody's info, including the rich and powerful, even at the tradeoff of knowing that my neighbors are looking at mine.
The problem isn't that the info is available. The problem is that it is only available to the rich and powerful.
Infuriate left and right
What happened, Linux lovers? Double standard, perhaps? Hypocrisy?
The silence is deafening.
But he does say that people who want to see if their name is on either list or who want to make a complaint, can call the agency's contact center at 866-289-9673 or send an e-mail to TellTSA@tsa.dot.gov.
- "Hi, my name is Rob Malda, am I on the list?"
- "You are now." [click]
Ronald said nothing. He flung himself from the room, flung himself upon his horse, and rode madly off in all directions.
The integrity and quality of the data isn't so much as important as the sheer volume of it.
...sometimes I wish we really could copyright facts. I sure as hell would copyright my personal information.
A marketer (or really anyone) who is actually using this data is probably using it on a statistical basis.
Very few, if any, are using this to check out individuals. What they are doing is focusing in on their target market. This way they dramatically increase their probability of getting a sale... or getting a mark given the potential for abuse.
For example, someone sets up a "fake" evangelical fund and targets wealthy old baptists with cold calls and mailings.
It statistical targets us.
Ah well guess I'll have to continue acting erraticaly to throw the stats off.
What I was to know is when can I get a complete, real-time dossier on every member of the U.S. Congress.
And lest anyone be fooled into thinking that just passing some laws will solve this, I urge you to remember all of the IT outsourcing going on. Our laws aren't applicable to India. An example of this was a recent article on sfgate.com, noting how Kaiser was sending its IT work to India, including the management of databases.
What we have here is an unstoppable force, that not even Congress can legislate away (nor will they even try, until their own information starts appearing).
And honestly, you'd be surprised how many privacy laws we have to follow (which is a good thing). For instance, we only sell accounts to people who have a legitimate purpose for searching information (such as insurance companies when you apply for insurance, law enforcement agencies to track down criminals, collection agencies who are trying to track down people who skip payments, etc.). If I were to search for information about someone besides myself or others in the development team whom have agreed to let me search their names, even when testing, I'd be fired within the hour. We have a compliance department who keeps track of all searches, has to report them to various authorities, etc. If someone searches for someone marked as a celerbrity, their account is shut down within minutes and one of our compliance people is on the phone getting documentation about why they searched for that name. In fact, the applications to get to the data we sell are quite nasty, and we only have a very narrow scope of people that we can sell data to.
I think in general, personal data is protected more than you would think (at least public records, credit agency data, etc)-- I really have no idea how these 'unscruplous' companies get by with public data without having anyone come down on them. I'm a privacy & security advocate, and I don't feel what I do crosses my moral boundries (at least at this point).
Constitution?? Didn't that burn up a couple of years ago. Seems I heard something about a fire at the National Archive......
AC Cause I don't wanna make the list.
What's wrong with law enforcement these days, anyway?
They could just submit an Ask Slashdot question on "Where is David A. Nelson who works for Tektronix?".
As we all know, most Ask Slashdot questions can be found on Google. Is it really so hard?? Come on people.
We are Artificial Intelligence. Religion is our programming/mind control. Religion is mind control for people whom are artificial intelligence. Visit http://www.matrix4.net for more info. This site clearly states why aliens or god does not exist. Cheers!
Only Germany will let paedophiles have a domain name.
There's a process in compilation here, they don't just enter this into a database and sell it.
Hmm, perhaps what we need is an auto-spoofing service kinda like a combination of a free HTTP proxy and something like a free online encyclopedia. Rather than submitting information that is obviously false (judged by internal consistency it sounds like from your comment), you should be able to submit a request to a server that generates false but plausible personal data.
wouldn't a terrorist, if they thought or knew they were on the list just use an assumed identity if they wanted to perform an act of terrorism?
I talking to them right now, and they say they can't give out any information, and they've never heard of this issue. Does anyone know any more ?
I'm not sure which is scarier, the idea that these databases are being opened to anyone who has a credit card and a willingness to snoop on their neighbors, or the idea that they should be restricted so that only "legitimate" businesses like telemarketers can get it.
Considering the recent actions of ChoicePoint, I find the latter far more scary than the former. At least with the former, I can log into their site and see what they say about me. I can't do that with ChoicePoint. Imagine how different things might be in our country right now if all the banned voters in Florida had been able to see that they were incorrectly on the list before the last Presidential election.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
Face it, we are stamped, coded and catalogued. All they need to do now is make us get GPS chips implanted and the picture is complete.
/paranoid rambling
We have crossed so any bridges on the way down this road, that short of a complete breakdown of society we are never going to get away from this. We are defined by what we consume, and what we buy. If we cannot purchase we are dead weight. All of society is built around giving us enough money so that we can spend it back to the system. Credit and lending creates money, and someday more money will be owed than there is in circulation (if it isn't already)
Total gain: 0
Our entire society adds up to 0.
On Wall Street they say "buy low, sell high" On the pad we say, "buy high, sell high" Isn't that somehow better?
For what it's worth, check out this article (admittedly dated) about one paranoid who's done something about this very problem. Even if, as another poster argued, I did graduate from high school and have a bank account, if you followed this guy's advice and went cash-only, the database info they've got on you might be relatively useless after a few years.
The bottom line is, if you want to "beat the system," you've gotta give up a lot of what "the system" provides. There's no better weapon than simple non-participation.
"It's an erotic, spectacular scene that captures the thrusting, violent, vibrant world Bohemian spirit..."
I'm still a traditional fan of cash, rather then a credit card for most daily transations. It has the benifit of being remarkably easy to budget, as in alocate daily spending, impossible to go over your self imposed set limits. But importantly, it's none too traceable.
I may be slightly paranoid, but after buying electronic goods at a shop, I got a phone call within days asking me how i'm enjoying my thingie. It's like, "how did you get my number, I didn't give it to you".
I guess I have in the past given my personal info to radio shack to get free batteries, and actually they send me a christmas gift certificate every year... and actaully I enjoyed getting their catalogs back when they actually had them.
But the point i'm making is, cash is a remarkable means to provide some privacy. Not that you can't get away from things like morgages, cars, air line tickets, and other larger purcahces, but there is some info that random people don't have the right to know, like an employer checking to see if you buy alot of porn or booze.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
From the second "David Nelson" article:
As previously reported on Slashdot, the issue of requiring ID when traveling within the US has already been challenged as unconstitutional. EFF co-founder John Gilmore sued the government and two airlines for not letting him board aircraft without ID.
See his site for history and court documents.
from the very terminal from which I type this message, probably determine...
So all of that health care data is on a network that's connected to the internet?!?
Actually, yes, it wants to be free. FREE. Not paid for and not accessible only by people who are wealthy or powerful, or who work for the government and get special clearance to it. Here's an idea, lets set up our own free service/servers to host information and make it free to everyone, because that's the only way to fight the access controls that are being put on data.
So, does anyone want to start watching the watchers? Maintain a database offshore. Any time any agency is caught violating individuals' privacy, they give their own up. They get published: names, home addresses and phone numbers, e-mail addresses, salaries (if we've got 'em). And they get postally spammed.
Time for all and sundry to go back and re-read (or read) "Shockwave Rider" by John Brunner. Then remember it was written in 1976.
He's not talking about real drugs. Magnasushi indeed. Bola my butt.
How small a thought it takes to fill a whole life
Let's see: Free Source code access vs my private %#^&@# information. I don't see the correlation.
Basically this boils down to money. The ones collecting want to sell it, the ones that want to buy it want to use it to make money.
Who's personal information is it. YOURS!
So, when someone has your info and tries to use it to sell you something. Tell them they must pay you first for the information they have. It wouldn't be useful if it wasn't about you. Kind of like a patent. My personal info is mine. Otherwise it would be someone else.
I know the @ssholes are never going to pay me, but I never make the info they paid for useful either. On a No Call List with the state, the ones that are allowed to call never get any business out of me. I don't respond to any junk mail (always goes in the recycle bin).... That isn't to say that sometimes an idea isn't planted in my head and I think, "Ya, I need to get one of those." I usually have a way around that also. I earmark money in my savings for it till I can almost or fully pay for it. If by that time I still get it, then I must have still wanted it over that period of time and probably didn't even get it from the business that planted the idea in my head at the moment.
Visit matrix4.net for information on the real matrix called Earth.
http://www.matrix4.net
IBM Almaden has a group that works on privacy-preserving data management. Intelligent Information Systems Research research group. (Note that Srikant Ramakrishnan of the group was awarded the 2002 Grace Murray Hopper award on association rules and data mining.
Vomit on my keyboard, is really hard to clean. The word synergistic is the cause! Please stop using buzz words. My stomach hurts.
OH THE SHAME I fell off the wagon and use sigs again!
Well, this appears to confirms everyone's worst suspicions about these so-called watch lists. They are ineffective. They tend to brand people as suspects for no real reason, and this allegation sticks even in light of evidence to the contrary. No one involved in accusing these fliers has any real interest in making sure it doesn't happen again, or trying to help this customer, who is, after all, a potential terrorist who might blow up your plane.
The concept of these watch lists is inane. 19 people have hijacked planes in this country in the last 25 years. There have probably been 5 billion passenger flights in that time. If even 1% of 1% (1/10,000) of these are incorrectly flagged, that's 500,000 false accuation for every hijacker, assuming that they every bad guy is on the list. After 10,000 people are incorrectly flagged, how closely will these rules be followed?
The problem isn't the existence of the system; a good system could work well and get buy in from the public. A bad system will only serve to alienate people, and it will eventually stop working as no one believes it any more. So you will end up needlessly harrassing innocent people, but since 90% of these "incidents" will be treated as an annoyance, it's doubtful that they'll catch a hijacker anyways. Instead, it will only serve to hassle those who express anti-government views, and those who share their names.
And it's only getting worse!
The antidote for misuse of freedom of speech is more freedom of speech.
-- Molly Ivins
Actually, it turns out that Informations really wants to be tied up and spanked!
There's a lot of good comments about how data matching works, does anyone have links for finding out more about this process? I'm interested from the POV that I'm a librarian and of course one of the big issues we're faced with is do we allow law enforcement and others to know what people have borrowed? How are crimes connected with reading habits? etc.
Oh, wait, that's when you correlate multiple DNS databases.
Quoting:
I would worry about Choicepoint if I were you.
"dope will get you through times of no money better than money will get you through times of no dope"
I'm going to get "Novelty" I.D. with the name David Nelson.
I am David Nelson's smirking revenge.
I am David Nelson's cold sweat.
I am David Nelson's raging bile duct.
I am David Nelson's broken heart.
I am David Nelson's complete lack of surprise.
I am David Nelson.
I'm John Smith!!
You never had a right to privacy.
Senator Rick Santorum (R-PA), one of the up-and-coming little neoconservative darlings of the Republican party, made this abundantly clear in an interview with the AP several weeks ago. Nobody took much note of what he said regarding privacy, because it was viewed by the press as a "gay" issue since he picked on them specifically. But he was essentially saying that if you did have a right to privacy, government would be powerless to regulate certain behavior, such as you having sex with your dog. Apparently this is a big problem in Pennsylvania and having to tolerate it would be too high of a price to pay for privacy.
No privacy for you!
I only exist on the net in the form of information (filled registration forms, /. posts, IRC transcripts (some channels record them), my 'signature' on an anti-war petition, etc), that information is me in some sense. And I want to be free, not owned and sold wholesale by some company.
Hell is not other people; it is yourself. - Ludwig Wittgenstein
If someone setup a website for all these people to log on, it shouldn't take more that a month or two to figure out the list.
I can't cite the exact paragraph but a piece of the law says that "everybody has a right of checking and rectification for every database he is written in. Be it COMMERCIAL or GOVERNEMENTAL".
AFAIk, this is exactly why the EU protested against the APIS/CAPS program. Because this would violate this fundemmental law (data would go in the US govt without right of rectification in case of error and would stay there for an unknown time).
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
I know this, because my previous employer's business was doing just that. Most of the uses of this technology are benign - for example, finding multiple instances of the same individual in a given hospital's records, so that the hospital's medical records about that individual are not fragmented. However, it would not shock me to learn that the same technology is being used to join records from disparate databases in order to profile individuals for not-so-benign purposes, such as this article describes.
The good news is that the government is on the trailing edge of information technology. If the feds ever wanted to build the Big Brother Database, they could do it simply by joining the records held by the FBI with those held by the IRS; hopefully, the "bureaucratic waste and inefficiency" that politicians love to denounce will delay the building of the BBD for some time to come.
[this
Thousands of americans are labeled terrorists becuase they buy the right kind of Draino and some Aluminum foil when they goto the supermarket...
Candy-Coated Knowledge
Suppose these kind of "security measures," delaying people at airports because their name is on a list, become commonplace in other areas of life: say, bank loans, college applications, flags on credit reports, applying for any kind of license, and so forth. Now, suppose the government leaks to the media the various "reasons" people get on The List.
Okay, it sickens me to go on, so use your imagination.
How will something like this affect the actions of the general population (a.k.a. "sheep")? People will become afraid to do anything that may get them on the list of people subject to legal, unrelenting harrassment.
People will even be afraid to be friends with such people.
The kind of character this instills in a citizenry is kafkaesque. People fear do anything "out of the ordinary" for fear that some nameless, intractable and omniscient power will make their lives miserable.
It's frightening that so many accept these changes as a fait accompli.
quiquid id est, timeo puellas et oscula dantes.
My point is that if comprehensive data is being collected about you by any organisation with which you have had no contact, and without informing you, you are running into a really dangerous situation which is only too easily abused.
A simple case would be crimes like burglary (income, address, occupation==times of absence). Then you can get into really ugly cases like stalking, rape and murder. And I'm not even going to get started on the possibilities for identity theft, etc.
are they biased? biased against quality open source advice?
George Bush - the pres flies AF1, all others suspicious
George Washington - rumor has it this is a revolutionary leader.
Abraham Lincoln - leader of a fight for freedom group.
Thomas Jefferson - Drafted revolutionary decrees.
Ben Franklin - supports freedom of information, writes subversive literature.
David Nelson - no reason, just want to harass a friend of the pres.
Mahatma Ghandi - leader of a revolutionary group.
Surely you can add more to this list. We might even come up with all 300 of the no-fly, or screen first list.
-Rusty
You never know...
This is a great idea for Missouri. You fuckers need to fix your fucking roads, and I mean all of them. Some of the potholes are so deep that when you look into them, they look into you.
Whether it's a number swapping algorithm in a program, the first 60 notes in a Metallica song, or your name, it's information, facts. Facts cannot be owned, remember? The fact about your name, your address, they are facts. No one can own a fact. Practice what you preach.
With a slash of my big black dick, I'll plunge into the dot where's your Mom's pussy and fuck her Negro style.
Oh, I forgot, you paid nothing to Google for using their page. Then in that case, SHUT THE FUCK UP.