Slashdot Mirror
Databases and Privacy
A couple of stories made an interesting juxtaposition today. First read this story about information marketers scouring public records to compile personal information. Note the emphasis on cross-linking data from various sources to provide more information than any one source did - databases are synergistic. Now read this column about David Nelson, and its follow-up.
There's no point in questioning authority if you aren't going to listen to the answers.
Bet that would make things get sorted out pretty quickly.
"It is a greater offense to steal men's labor, than their clothes"
...but isn't this the same set of issues that lead to the various privacy measures that web portals enacted somewhere around 1999?
Totally idiotic, and I for one, am glad that I don't work in the US anymore.
-- Samir Gupta, Ph. D. Head, New Technology Research Group, Nintendo Co. Ltd., Kyoto, Japan.
Yes, you can access public records online for free:
Public records online
Free directory Info from AT&T
Looks like we don't even need to worry about Total Information Awareness, Carnivore or our FBI files. The corporations are going to do all the work towards the police state, at the low low rate of $8 a record!!! They gather our information, they push for laws to restrict our freedom and extend the control of a few over cultural symbols, means of communication, and ideas themselves.
"Fascism should more properly be called corporatism, since it is the merger of state and corporate power"-- Mussolini (I think)
The Rise and Fall of Online Community
Seriously, I spend a large amount of my time working with gov't. and private databases and info sources. Reconciling different views of the universe is nearly impossible. WHen I read about people cross referencing databases the amount of checking, QA and scrubbing required to have any confidence in the results iis horrendous.
Example: person A gives you a download from thier database into a SS, person B (who may actually work for the same agency or company) supposedly gives you the same information but the 2 version do not match.
And this is assuming that there are other areas where they may or may not be in alignment (e.g. abbreviations, type of info gathered, spelling variations etc.).
Now take the combinatorics of tens of thousands of gov't and private DB's, and you will understand that:
1) A good clean DB is horrendously expensive.
2) Driven by the profit motive, most compaies are unwilling to take the time and spend the money to properly QA and scrub thier data.
3) Much of the cross matching is therefore useless due to noise.
4) TIA is totally bogus. See above.
5) Having some anonymous DB of information tracking your life is very scary.
putting the 'B' in LGBTQ+
It was just last year that myself and the other people of Missouri were shocked to find out that the local DMV was selling our personal information to the private sector. Unbelievable, a state goverment run institution that essential everyone who wants to drive and own a car has to deal with. Thats what I call being forced to opt-in.
Anyone else? I Lie. Sometimes I'm a yak herder with a yearly income of ~$6000, other times I'm a "Decision Maker" with a yearly income of $800k+.
I used to get frustrated and angry when asked for personal info. Now I wind up happy because I'm stickin' it to the man, and the shlub collecting my info is happy because he didn't get called a nosy fuckhead by an irate stranger.
[Set Cain on fire and steal his lute.]
Once again, proof that passenger screening is counter-productive.
Seeing as Google provides as much as 75% of referrals, this is an enormous amount of very sensitive information. From the behavior of other internet companies, it's unlikely that google would fight a subpoena for this information, some companies even hand over data on simple request. The threat exists today that one may end up on a terrorist watch list simply because of their searching habits. You may not even even know you've been red flagged.
Give me Classic Slashdot or give me death!
I work in information privacy and security in health care. The situation is already beyond repair. The only thing giving anyone in the industrialized world any semblance of privacy is sheer numbers.
I can take your last name, gender, a guess about your age within five years, a guess about what region of the US in which you live, and right here, from the very terminal from which I type this message, probably determine where you have lived for the past seven years, your neighbor's names, your family members' names, your social security number, your driver's license numbers, any public records (criminal, civil, real estate) in less time than it takes to reload slashdot on a busy saturday afternoon.
The key is that the results I get back will be fuzzy, I'll have to try to make sense of them, and not all of the hits will be accurate. But anyone with a brain can sense a "theme" running through the hits and nail your ID beyond a reasonable doubt.
Think you're off the grid? Only if you have never applied for utilities or credit of any kind, never gotten a publicly issued license, and never graduated from any school. If all that's true, why would I be looking for you anyway? You can't buy anything.
We need to collectively grow up here. It's not about limiting our invasions of privacy, we need to be licensing and bonding people who can mine it, like we license doctors, attorneys and cops.
The information really is out there, and it really is indexed, and it really is being used. That's why these Internet cookie monsters are so bold and shameless. They're not doing anything new and they know it.
The best way to do is to be.
The whole POINT of marketing is to make people think they want something, when in fact they never wanted it before the marketing got to them. I don't want incessant ads that companies think I "want" to see; the only thing I want is to be left alone, and not be "persuaded" to buy useless junk that will just sit in a corner and collect dust.
From the article, "They [David Nelsons] realize there are trade-offs between liberty and security."
That trade-off would be, "We, the Government, take your liberty, and give ourselves security."
Sigs are like bumper stickers.
There is a way, however, to maintain your privacy where it matters. They want to collect information on you? Fine, let them. But insert some misleading data into those records. Here is just one way to do it:
Take two persons, of similar hight, eye color, skin color and hair color. They are good friends and developed a relationship of trust between them. They are not criminals and have no criminal intentions. These two persons can each have two copies of their identfications - say, two copies of a driver's license (say one is "lost"...). One copy they of course give to the other one. One of them must be the 'good person' and one must be the 'bad person'.
Now imagine one of these persons is stopped for a traffic violation. He hands over the 'bad person' ID, and the traffic violation is registered on his name. He doesn't own the car, though - because the car is registered to the 'good person'. When it's time to pay insurance, and the 'good person' record is being pulled, it's a clean slate.
The sample here is sketchy at best, won't work if the car history is checked as well (unless...), and I don't want to give any more ideas to anyone here, but it is possible to fake the records just such - have someone else buy your house, and have a contract with this person saying he has no claim in it, switch salaries with your neighbour, bank accounts... If it has a purpose.
Don't do it 'just to spite', because every such transaction has an inherent danger, but if done right and to an end, it can be beneficial to the people involved, despite the best efforts of those information correlators to the contrary.
Oh, yes, standard disclaimer apply, use this information at your own risk, don't come yelling to me, it's probably highly illegal, be warned.
I don't want to be sold to. If I need something, I'll go looking. The only advertising I trust is word of mouth. Otherwise, stay out of my consciousness.
Give me Classic Slashdot or give me death!
http://www.anybirthday.com
It's got that great hook: birthdays (so sweet and innocuous)! And of course you can "remove" yourself from the database. The only question is what happens once you remove yourself, and confirm your birthday, identity, etc.
In Transparent Society, he said we can't keep that privacy, like you say, it's long gone from the barn. But trying to restrict who gets to see it is also a long gone horse. The rich and powerful will always have access, legally and openly or otherwise.
Best to let EVERYBODY look at ALL info. Right now, the rich and powerful can look at everybody's info, but (1) we don't know it, and (2) we can't look at theirs.
I'd rather be able to look at everybody's info, including the rich and powerful, even at the tradeoff of knowing that my neighbors are looking at mine.
The problem isn't that the info is available. The problem is that it is only available to the rich and powerful.
Infuriate left and right
But I do want the miracle-product that makes me look and feel 20 years younger! (I'm 19 and a half...)
Hell is not other people; it is yourself. - Ludwig Wittgenstein
But he does say that people who want to see if their name is on either list or who want to make a complaint, can call the agency's contact center at 866-289-9673 or send an e-mail to TellTSA@tsa.dot.gov.
- "Hi, my name is Rob Malda, am I on the list?"
- "You are now." [click]
Ronald said nothing. He flung himself from the room, flung himself upon his horse, and rode madly off in all directions.
The integrity and quality of the data isn't so much as important as the sheer volume of it.
...sometimes I wish we really could copyright facts. I sure as hell would copyright my personal information.
A marketer (or really anyone) who is actually using this data is probably using it on a statistical basis.
Very few, if any, are using this to check out individuals. What they are doing is focusing in on their target market. This way they dramatically increase their probability of getting a sale... or getting a mark given the potential for abuse.
For example, someone sets up a "fake" evangelical fund and targets wealthy old baptists with cold calls and mailings.
It statistical targets us.
Ah well guess I'll have to continue acting erraticaly to throw the stats off.
And honestly, you'd be surprised how many privacy laws we have to follow (which is a good thing). For instance, we only sell accounts to people who have a legitimate purpose for searching information (such as insurance companies when you apply for insurance, law enforcement agencies to track down criminals, collection agencies who are trying to track down people who skip payments, etc.). If I were to search for information about someone besides myself or others in the development team whom have agreed to let me search their names, even when testing, I'd be fired within the hour. We have a compliance department who keeps track of all searches, has to report them to various authorities, etc. If someone searches for someone marked as a celerbrity, their account is shut down within minutes and one of our compliance people is on the phone getting documentation about why they searched for that name. In fact, the applications to get to the data we sell are quite nasty, and we only have a very narrow scope of people that we can sell data to.
I think in general, personal data is protected more than you would think (at least public records, credit agency data, etc)-- I really have no idea how these 'unscruplous' companies get by with public data without having anyone come down on them. I'm a privacy & security advocate, and I don't feel what I do crosses my moral boundries (at least at this point).
Excuse me, but I don't think that swapping my privacy for the chance to only get 'relevant' spam is a fair trade. If I don't mention some fact about myself to other people, maybe it's because I don't think they need to know it? If my would-be employer doesn't trust me enough to employ me without finding out everything that can be, then they're not worth my trust, either. What about if I'm a millionaire, but I don't show it - some random thugs can buy my file for $8. And so on. The new slogan should be: "I gave away my privacy, and all I got was this lousy penis enlarger"
Hell is not other people; it is yourself. - Ludwig Wittgenstein
I'm not sure which is scarier, the idea that these databases are being opened to anyone who has a credit card and a willingness to snoop on their neighbors, or the idea that they should be restricted so that only "legitimate" businesses like telemarketers can get it.
Considering the recent actions of ChoicePoint, I find the latter far more scary than the former. At least with the former, I can log into their site and see what they say about me. I can't do that with ChoicePoint. Imagine how different things might be in our country right now if all the banned voters in Florida had been able to see that they were incorrectly on the list before the last Presidential election.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
Face it, we are stamped, coded and catalogued. All they need to do now is make us get GPS chips implanted and the picture is complete.
/paranoid rambling
We have crossed so any bridges on the way down this road, that short of a complete breakdown of society we are never going to get away from this. We are defined by what we consume, and what we buy. If we cannot purchase we are dead weight. All of society is built around giving us enough money so that we can spend it back to the system. Credit and lending creates money, and someday more money will be owed than there is in circulation (if it isn't already)
Total gain: 0
Our entire society adds up to 0.
On Wall Street they say "buy low, sell high" On the pad we say, "buy high, sell high" Isn't that somehow better?
For what it's worth, check out this article (admittedly dated) about one paranoid who's done something about this very problem. Even if, as another poster argued, I did graduate from high school and have a bank account, if you followed this guy's advice and went cash-only, the database info they've got on you might be relatively useless after a few years.
The bottom line is, if you want to "beat the system," you've gotta give up a lot of what "the system" provides. There's no better weapon than simple non-participation.
"It's an erotic, spectacular scene that captures the thrusting, violent, vibrant world Bohemian spirit..."
I'm still a traditional fan of cash, rather then a credit card for most daily transations. It has the benifit of being remarkably easy to budget, as in alocate daily spending, impossible to go over your self imposed set limits. But importantly, it's none too traceable.
I may be slightly paranoid, but after buying electronic goods at a shop, I got a phone call within days asking me how i'm enjoying my thingie. It's like, "how did you get my number, I didn't give it to you".
I guess I have in the past given my personal info to radio shack to get free batteries, and actually they send me a christmas gift certificate every year... and actaully I enjoyed getting their catalogs back when they actually had them.
But the point i'm making is, cash is a remarkable means to provide some privacy. Not that you can't get away from things like morgages, cars, air line tickets, and other larger purcahces, but there is some info that random people don't have the right to know, like an employer checking to see if you buy alot of porn or booze.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
From the second "David Nelson" article:
As previously reported on Slashdot, the issue of requiring ID when traveling within the US has already been challenged as unconstitutional. EFF co-founder John Gilmore sued the government and two airlines for not letting him board aircraft without ID.
See his site for history and court documents.
Time for all and sundry to go back and re-read (or read) "Shockwave Rider" by John Brunner. Then remember it was written in 1976.
Well, this appears to confirms everyone's worst suspicions about these so-called watch lists. They are ineffective. They tend to brand people as suspects for no real reason, and this allegation sticks even in light of evidence to the contrary. No one involved in accusing these fliers has any real interest in making sure it doesn't happen again, or trying to help this customer, who is, after all, a potential terrorist who might blow up your plane.
The concept of these watch lists is inane. 19 people have hijacked planes in this country in the last 25 years. There have probably been 5 billion passenger flights in that time. If even 1% of 1% (1/10,000) of these are incorrectly flagged, that's 500,000 false accuation for every hijacker, assuming that they every bad guy is on the list. After 10,000 people are incorrectly flagged, how closely will these rules be followed?
The problem isn't the existence of the system; a good system could work well and get buy in from the public. A bad system will only serve to alienate people, and it will eventually stop working as no one believes it any more. So you will end up needlessly harrassing innocent people, but since 90% of these "incidents" will be treated as an annoyance, it's doubtful that they'll catch a hijacker anyways. Instead, it will only serve to hassle those who express anti-government views, and those who share their names.
And it's only getting worse!
The antidote for misuse of freedom of speech is more freedom of speech.
-- Molly Ivins
Quoting:
I would worry about Choicepoint if I were you.
"dope will get you through times of no money better than money will get you through times of no dope"
If someone setup a website for all these people to log on, it shouldn't take more that a month or two to figure out the list.
I can't cite the exact paragraph but a piece of the law says that "everybody has a right of checking and rectification for every database he is written in. Be it COMMERCIAL or GOVERNEMENTAL".
AFAIk, this is exactly why the EU protested against the APIS/CAPS program. Because this would violate this fundemmental law (data would go in the US govt without right of rectification in case of error and would stay there for an unknown time).
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
The interesting thing to watch would be if all the various David Nelsons chartered a private flight to DC... Would they get off the ground, would they be forced down before reaching their destination, or what? Imagine the scene in the control tower:
Pilot: This is the David Nelson flight requesting landing clearance...
Flight Controller: NO! Go Away! You can't land here!
Pilot: You don't understand - I'm low on fuel. I'll be landing shortly whether I want to or not...
Suppose these kind of "security measures," delaying people at airports because their name is on a list, become commonplace in other areas of life: say, bank loans, college applications, flags on credit reports, applying for any kind of license, and so forth. Now, suppose the government leaks to the media the various "reasons" people get on The List.
Okay, it sickens me to go on, so use your imagination.
How will something like this affect the actions of the general population (a.k.a. "sheep")? People will become afraid to do anything that may get them on the list of people subject to legal, unrelenting harrassment.
People will even be afraid to be friends with such people.
The kind of character this instills in a citizenry is kafkaesque. People fear do anything "out of the ordinary" for fear that some nameless, intractable and omniscient power will make their lives miserable.
It's frightening that so many accept these changes as a fait accompli.
quiquid id est, timeo puellas et oscula dantes.
My point is that if comprehensive data is being collected about you by any organisation with which you have had no contact, and without informing you, you are running into a really dangerous situation which is only too easily abused.
A simple case would be crimes like burglary (income, address, occupation==times of absence). Then you can get into really ugly cases like stalking, rape and murder. And I'm not even going to get started on the possibilities for identity theft, etc.
George Bush - the pres flies AF1, all others suspicious
George Washington - rumor has it this is a revolutionary leader.
Abraham Lincoln - leader of a fight for freedom group.
Thomas Jefferson - Drafted revolutionary decrees.
Ben Franklin - supports freedom of information, writes subversive literature.
David Nelson - no reason, just want to harass a friend of the pres.
Mahatma Ghandi - leader of a revolutionary group.
Surely you can add more to this list. We might even come up with all 300 of the no-fly, or screen first list.
-Rusty
You never know...