Slashdot Mirror

← Back to Stories (view on slashdot.org)

MATRIX Database Schema Altered Due to Privacy Concerns

Posted by michael on from the matrix-treats-privacy-laws-as-obstacles-and-routes-around-them dept.

nusratt writes "Associated Press: 'The Multistate Anti-Terrorism Information Exchange combines state vehicle and crime records with commercial databases owned by a private company, Seisint, covering half the U.S. population,' but there were 'questions about the legality of sending state-owned records to Seisint'. The solution? "Each state will maintain its own records . . . Software will search each state's records as necessary.' 'The new setup is designed to get around obstacles in some states' data laws.'"

5 of 101 comments (clear)

  1. NFG, Really. by mfh · · Score: 4, Insightful

    Each state will maintain its own records . . . Software will search each state's records as necessary. The new setup is designed to get around obstacles in some states' data laws.

    I am a programmer and let me just say that this is a really bad idea. Why? Because it's always a bad idea to design a large system that acts like a server but essentially is only a client.

    Each state running their own version of the system, operating independently of the other states, will only ensure that the system could become easily corruptible (both criminally and data corrupted), without anyone higher examining the system for audits, outside of audits applied to the individual systems.

    It's actually better to have one system and have multiple clients to the system with downgraded permissions, so that a team can go through and audit the whole system easier.

    Now I'm not saying I'm all for Seisint holding the keys. Really the government should run this system themselves and hire the right people for the job, with the adequate level of security clearance to do the work. But diffracting a system into multiple independent systems operating on roughly the same premise, is not going to make it any better. It's going to cause lots of problems and I can foresee the following results without much effort, even:

    1. Some states will apply problematic functions to the system.
    2. Zero data cohesion for audits over the multiple systems.
    3. Easier to corrupt state driven systems than federal ones.
    4. Criminal activity changes jurisdiction (ie: no longer federal crime, perhaps?)
    5. Bugs cropping up in one state won't be present in another.
    6. Fifty times the cost of maintaining the systems; the guys doing this, just multiplied their haul by the number of states involved, instead of getting paid one lump sum to do the fsking job.
    7. Social Engineers can break into state-run systems much easier, because they don't have to travel half way across the country to get in.
    8. Criminals are now able to falsify criminal information like on that horrible movie The Net!
    9. Awareness of a fragmented system is not enough to safeguard privacy.

    --
    The dangers of knowledge trigger emotional distress in human beings.
  2. Fourth Amendment "Obstacles" by Grue · · Score: 4, Insightful

    Read this statement from the article carefully:

    The new setup is designed to allow for more frequent updates of the information and get around obstacles in some states' data laws, Zadra said

    Yes, that's right, those pesky laws designed to protect your privacy are "obstacles" that are getting in the way.

    *sigh*

  3. Re:Security through software then? by nusratt · · Score: 4, Interesting

    "but each state will have software that will only allow them to access information about people in their state?"

    NO, THAT'S THE SNEAKY PART. Everyone involved will still be able to get to the same data. It's just a shell game, to circumvent privacy regulations.

  4. What's the problem? by no+longer+myself · · Score: 4, Insightful
    Collecting this information may seem scary at first, but privacy isn't really lost. Just try finding your driver's license photo online, and unless you put it there yourself, you'll see that you're fairly well protected.

    The most harm that could come of this sort of system is the tendency for authorities to embarass you with such broad access to your history. Like the time the cop ran down my driving record after I denied speeding when he pulled me over for the offense. I already looked foolish enough to the passengers in my vehical, but it made me look even worse now that they knew every ticket I had for the past three years. Boy, did he ever put me in my place!

    So now they will have access to the websites you surf, the television you watch, the videos you rent, the foods you buy, the property you own, the banks you use, the crimes you've committed, the people you've met, the jobs you've held, the classes you've attended, the doctors you've seen, the diseases you've had, the opionions you've expressed, the sports you play, the religion you follow, the taxes you've paid, and so on, and so on...

    I guess the scariest part is when somebody else who meshes up with all the things you do and enjoy, happens to commit some kind of horrible atrocity. Now they run profiles through their database to determine other likely culprits for similar crimes, and lo- your name appears. You couldn't win the lottery, but you've won a free "closer inspection". But if you didn't do anything wrong, don't worry about it. You probably won't even know they were investigating you.

    It's easy to see where potential employers may also eventually have access to this information, and that's good too, because you wouldn't want to work with somebody who has a shady history now would you? Obviously, current employers need access to this information as well. Employees can be such a handful! Personal information can help you better manage them to make them more productive.

    Needless to say, one could only hope that banks will also be in line to have a shot at your personal info, because they need to know the spending habits of their clients in order to detect fraud. It's for your protection.

    Eventually many responsible corperations will have some degree of access to this information to better improve the comfort and security of their clients and associates. It will bring greater stability and certainty to the markets.

    And of course these records will always be available to local, state, and federal law enforcement for obvious beneficial reasons. It's much more effecient to investigators if they don't actually have to run around to investigate who, what, when, where, why, and how on a person's history. You can immediately establish links and let the obvious story fall into place. It's not as if you'll be denied a jury trial if it's a major offense.

    No... Only good can come of this so called "invasion of privacy" and the sooner it starts, the better.

    Note: Even when I play devil's advocate, this kind of thinking still scares the shit out of me, though I have no criminal history. Now can someone explain why that is?

  5. Take a look at my Sig by cyranoVR · · Score: 4, Informative

    A few weeks ago I attended the Fifth HOPE conferenece in New York City. While I was there, I saw Steven Rambam, a private investigator and former federal agent, give a presentation entitled "Privacy: It Ain't What It Used to Be." A better title would have been "Privacy is Already Dead."

    He started out by asking if anybody in the room (about 200+ tin-foil-hat wearing hackers) had ever heard of Seisent. Not a single hand went up, and he seemed to be genuinely suprised and disturbed by this.

    He made a very good point repeatedly throughout his presentation: we shouldn't be worried because Government has this data on us; no, we should be terrified because private corporations that don't even answer to the government have this data. And it's not just limited to name, address and telephone number: criminal records, addresses of residence, education, employers, telephone calls, magazine subscriptions, travel records, television viewing habits (if you have cable), internet downloads, gun ownership and voting records. Yes voting records - they know if you voted and what party you registered under.

    Suffice to say, these guys should be the household name, not the RIAA. Why does the media focus on the MPAA et al and their paltry lawsuits and not these guys?!?

    So I changed my sig to read "What is Seisint?" and I tell everyone I know about them.

    Some have responded to me with ambivalence. "What's the big deal?" "Meh, they have the data, there's nothing we can do about it." I'm not sure how to respond to people like that except with "the dumber you are the happier you are" or something.

    What could they do with that data? Use your imagination, stupid.

    Rambam finished by giving a live demonstration of a smaller database of individual information that he owns (derived mostly public records). He demonstrated how quickly you could compile information on any random person with just their SSN - as it turned out, the "victim" he took from the audience was already a real victim of identity theft. The query took less that 10 seconds. It was pretty amazing / disturbing.

    During the Q&A portion of the presentation, several audience members asked what they could do to "get out" of the database. Rambam replied that there was nothing we could do: the data was now the property of this one private company - even the data that was collected from State governments (Aside from being one of the egregiou privacy invasions in human history, it was also one of the most gernerous corporate subsidizations ever).

    Rambam did say one thing we could do: "Vote, vote, vote." Private corporations have too many protections and powers compared to individuals, and Government is the only way to change that.

    The final questioner for the session had a very +5 Insightful comment on what everyone in the audience should do just in case the voting didn't work out:

    "Buy, and learn how to use, a rifle."

    The audience response to this comment was, of course, thunderous applause.