Slashdot Mirror
Citizens' Protection in Federal Databases Act Introduced
SewersOfRivendell writes "Quote from http://boingboing.net/: 'EFF, EPIC, CDT, ACLU and Free Congress have drafted a bill that's been introduced by Senator Wyden today, for a new law called "The Citizens' Protection in Federal Databases Act." This is a hell of a law. It finds that various species of spooks are making avid use of commercial and governmental databases, merging them and aggregating them, without transparency, accountability, or any real understanding of the danger to civil liberties involved in this practice. Accordingly, it requires any Fed agency using non-Fed databases to cut it out and make a full report to Congress on who they're buying database and database-services from, what they're doing to preserve privacy, why they're doing what they're doing, and whether they actually have a realistic chance of catching any bad guys. And it calls into account Feds who abuse their authority and limits the kind of doomsday hypotheticals that can be used to justify such abuse.' PDF draft of the bill here."
I am looking at Senator Ron Wyden's website right now and I don't see anything mentioning this possible bill. Hmmmm. Does anyone have a link to a .gov version of this so called bill?
Unique signatures are rare.
This will protect against one of the most effective, obvious and yet least legislated and obvious data harvesting technique of all: triangulation. Even though in general only certain data columns from detailed personal information databases is available, one can combine and merge the data from multiple such subsets of databases to reformulate the data in a coherent whole. For example:
There is a medical database, an edited down version of which is available, giving just gender, date of birth, a list of medical defects, and a list of medical injuries (with the remainder omitted for privacy). Then there is also the employment database of the company you work at, an edited version of which is available, giving name, gender, date of birth and phone number. If you were a manager at this company you could use the two databases together, using the "gender" and "date of birth" fields to merge the two. This data could then be used, say, leaked to insurance or marketing companies, or you could even use it yourself for other nefarious purposes.
Thus, it is possible to obtain a good deal of data even from just small portions if one uses a sufficiently large number of different databases. Someone did a study on this, but right now I can't find the link. I'll be greatful to anyone who replies to this comment with it. This Act can only be a good thing.
Bash script for FP whores
Question is, how likely is it that it will pass or even come up for a vote?
Where I work, our job is to collect *public* information in government databases. We make it possible so people can research a property in just a minutes, rather than a few hours.
According to the ACLU, because I'm consolidating public information, I'm a national security threat. I should also be forced to submit to even more beaurocratic loopholes to get data that's already public, or be stopped from accessing to much public data to begin with. And I thought the ACLU was all about personal freedom and open governments
OK, then why do you need this?
My mistake, this bill only applies to the federal government, not for average private citizens like me.
However, because Slashdotters never like to admit total defeat, I'd like to pose the question. Do you think the the ACLU is still opposed to private citizens like me consolidating so many public government databases about individual people and properties?
Terrorist.
Legislation and regulations are all fine and good, but they must be backed up by fair and thorough enforcement to truly work. Self-enforcement of Government regulations when it applies only to Government is far too tempting.
I always save my last mod point to mod up a good troll. You people are too serious.
...that the bills that protect citizens' rights always have names that make awkward, unpronouncable acroynms like "CPFDA," but the ones that restrict citizens' rights always seem to have catchy, pronouncable ones like "PATRIOT"?
If I was a bank (OK, maybe if I was a bank branch manager), and I had no way to verify that someone who walked in the door was the legitimate owner of a bank account, I wouldn't allow them to carry out any business with me. You would never find a bank that would do so, as they would be wide-open to any type of fraud you can think of.
If the government legislated that I (as a bank) couldn't keep any information about you - if I had to "delete it... all of it" as you say - if I couldn't retain your signature on file to verify your documents - if I couldn't perform a credit check on you to ensure you hadn't defrauded other banks - I would never be in the banking business. And neither would any other responsible person or organization.
Take your idea to its full conclusion, and we're all stuffing money under our mattresses and sleeping with a shotgun under the pillow.
Slashdot is entertaining like pro wrestling is entertaining
"Do Not Recall" pretty much sums up the last few years of business practice in the US.
There was a really good editorial on this in my local newspaper last week. This phrase seems to have replaced "pleading the 5th", and outright lying in court. It is funny how Enron, Worldcomm and a few other executives, working with outside specialists helped produced hundreds of shell companies and transferred money around for years to avoid stating loses and paying taxes but when confronted about specifics, they seemed to claim "I don't recall". Funny that they had no problem remembering to swap the funds around at tax time and earnings reporting time but suddenly it is all a blank. Maybe the CDC, AMA, or FDC should fund a study to see what happens to the memory of a perfectly functioning executive when they come under investigation. I wonder if any of these "DO NOT RECALL" statements were on thier resume when they applied for the $500 million jobs.
Bad boys rape our young girls but Violet gives willingly.
You don't actually have agents busting your data could then be on it... but the Federal Bureau sees some of it. Yes, and so on actual data values. For example, combinations of commercial and open governments are good. You may have what they report in databases. Someone did a supposedly anonymous database of birth, a list of names, gender, date and consequences. Privacy shouldn't be a computer-privacy researcher about personal freedom and phone number, or be uniquely identifable 87% of the time. I don't see someone doing something. I think the banking industry was abusing the lib's spoke up there and the government, at this law apply to the government information keeping accountable for that, there's always SSL certificates for it, on the other hand, which does this exact thing. Now, what keeps things from overzealous spooks looking in the walls, you may have a company on the other hand, which is not allowed by the Republicans. We have catchy, pronouncable ones (Equifax, Experian, Trans Union) and obviously will write about it, or you were talking about other agencies aren't held accountable for my life without asking about my freedoms, rights always seem to get complacent: anonymity is what can tell Citibank and authority. And really, they're doing it as the government continues its slow crash.
There is only one thing that secures my freedoms, rights and privacy: My .45
.45.
.45 won't protect your "freedoms, rights, or privacy" if the government decides otherwise, even if the entire population were behind you. The second amendment has been gutted. Its present interpretation is nowhere near the spirit your forefathers intended.
I find it highly ironic that you would cling to such a false sense of security, particularly considering your opening statement:
America of 2003 is a far far cry from America of 1776.
The Second Amendment (The right to bear arms one that you reference) was added during a time when the most sophisticated weapons the US military sported were little more than muskets with bayonnettes. The second amendment was intented to ensure that the citizenry was guaranteed access to the exact same firepower and weapons as the military, thus ensuring that should the government ever need to be overthrown, the citizens would win. Same weapons * more people = ensured victory.
However, over the years, the government has slowly castrated the second amendment, insidiously changing its interpretation to guarantee ownership of little more than peashooters, while reserving the real hardware for the "good guys" (i.e., the military). Nowadays, citizens are not allowed to own anywhere near the same firepower as the military.
In an all-out battle of every citizen against the entire military, the military would wipe their collective asses with your piddly little
Combine this with the fact that for any kind of uprising to last more than a few hours, you'd require the support of a large percentage of the population, meaning you'd need to convince the masses that the government has crossed a line, and is finally corrupt enough to warrant violent resistance.
The people at Waco felt they were resisting tyranny. So did the people at Ruby Ridge. And the government crushed both of those "problems."
So in summary, I guess what I'm saying is, your
But hey, if it gives you a warm, fuzzy false sense of security, then who am I to rain on your parade.
Like woodworking? Build your own picture frames.
The only reason the feds want access to all this data is to troll for reasons to make you a criminal. There is no other reason. They sure as hell are not doing it to make government more responsive. They are not concerned that most of this data is inaccurate. Just feds looking for people to arrest, imprison, fine or otherwise harm.
When you have people like Ron Wyden and Bob Barr agreeing on something you better pay attention.
As you can see I don't care about my karma.
The report all hinges on this section...
Section 3 2A a list of all contracts, memoranda of understanding, or other agreements entered into by the department or agency, or any other national security, intelligence, or law enforcement element under the jurisdiction of the department or agency for the use of, access to, or analysis of databases that were obtained from or remain under the control of a non-Federal entity, or that contain information that was acquired initially by another department or agency of the Federal Government for the purposes other than national security, intelligence, or law enforcement.
"Uh, correct sir, we didn't provide a report on the use of this information because it was previously used for national security, sir. We are obligated to report if its for purposes other than national security, intelligence, or law enforcement. Yes sir, toilet paper purchase behavior is taken very seriously in the intelligence community, sir."
"Last one in is a rotten goblin!" - Kepp
Rather than delete the information, I'd like to see a process similar to but much more streamlined than the one we have for dealing with the credit reporting agencies.
Basically, walk into any place I think has information on me and ask to see it ALL. I then get to validate it for accuracy, and if I find parts inaccurate I get to say so. They then would have 30 days to prove me wrong, and if they can't, what I say is inaccurate gets deleted from my file automatically.
And validation needs to be based on something more than just "It says the same thing in this other computer we got here". Paper records, something tracable to a real human situation, not just bits on disk.
They have to be able to hold some info on you for the modern economy to work. My beef with this is that these systems are considered tautological and the burden of proof is on individuals to prove the information invalid. "I'm sorry sir, but the computer says you're an 87 year old woman, and it wouldn't be in the computer if it wasn't true.."
next year or so we'll be at war with the North Koreans, they will lose and in desperation or spite detonate a nuclear weapon on US soil.
Bush will use the panick to get the public to give him all power to rip up what's left of the Constitution and start instituting a fascist dictatorship.
So this really won't matter in a year or two.
Think I'm paranoid? They're not preparing to draft eighty thousand medical personnel via the Selective Service because they think there MIGHT be a WMD problem "someday"... You heard it here first.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
Frankly, the only experience I ever had with the ACLU was in my junior year of high school, where a student wore a "Straight Pride" shirt into school, and the school, knowing full well it was freedom of speech, wouldn't suspend him, just gave him a stern talking-to letting him know that while he might have the right to say it, it might not necessarily be considered appropriate.
Then some gay student's parents got involved. The lawyers got involved. The ACLU got involved. Next thing you know, the ACLU is threatening to sue the school, and the school finally caves in and assigns some disciplinary measures. I believe he was suspended for 10 days.
While it might not have been the most sensitive thing to say in a school that has an above-average population of liberals in Rent shirts, I am certainly of the mentality "I agree not what you say, but I will defend to the death your right to say it."
It's nice to see the ACLU doing something constructive instead of persecuting people.