Invading Privacy for School Credit

veryloco writes "Students in Prof. Avi Rubin's Security and Privacy course at the Johns Hopkins University completed a project where they gathered as much public data on residents of Baltimore City as possible. One interesting fact was that 50 deceased persons voted in the last election. Read on to find out what other interesting tidbits were discovered."

OT: Article formatting

[kevin_conaway]

Sorry this is off topic but is anyone else enamored with the way IHT formats their articles?

Re:OT: Article formatting

[wowbagger]

Enamored? No, more like "enraged" - if you are running Javascript disabled you simply cannot view any aspect of the story - unless you use the "View->Use Style->None" option of Mozilla to strip all the stupid formatting BS out.

Once again: it is FINE to use JS to enhance your web site, but making it a REQUIRED part of your site is foolish.

When did they die?

[millahtime]

50 deceased persons voted in the last election

Ah, but did they die right around election time. Could they have sent in an absentee ballot before they died? Or did they die on election day after they voted? Not having all the info can lead to misleading ideas in our overactive imaginations.

Or, it could be like the earlier post... zombies or ghosts.

Re:50 deceased persons voted in the last election?

[srikantux]

ah! now i know why bush won in the elections.

How is public data considered private?

[Kainaw]

There is a lot of public data about everyone. Basically, any transaction you do with a government office or agency is public data. If someone views that public data, how are they invading your privacy?

Re:How is public data considered private?

[bluGill]

This is called sensitive information. Public, but it should still only be made available to people who will not abuse it.

There is enough public information about most people to destroy them. (mostly financially, but there are other ways to destroy someone, with or without killing them) Than information needs to be public, because there are honest uses for it. However it needs to be restricted who can access it because of the damage they can do.

Cemetery records are public. They should not be available to just anyone with an internet connect though because you want to make it hard on those voting in a dead person's name.

Re:How is public data considered private?

[AAAWalrus]

If someone views that public data, how are they invading your privacy?

Consider this metaphor: Someone is talking very quietly on their cellphone in a public park. If someone sits on the bench beside me and intently starts listening in on my conversation, at what point does that person's actions become an invasion of my privacy?

You're getting caught up in the semantic differences between "public data" and "privacy". "Public data" is simply defined as information that can be obtained legally and freely. "Privacy" though means different things in the literal, personal, and legal senses. And then we wonder about exactly what it means to "invade" one's privacy. Regardless of whether the data about me is public or not, if someone learns something about me I don't want them to know, I can consider that an "invasion of privacy".

1500 dead people were registered to vote

[GQuon]

1500 dead people were registered to vote. But did they join those records on SSN or some other unique identifier? There might be some cases of people with the same name, right?

It was over long ago

[maczealot]

The "privacy battle" was over long ago. This article just shows how slow senators can be in figuring stuff out. Sadly no legislation is ever going to put the horse back in the barn. Granted, things like public offices handing over entire databases burned to CD MIGHT (depending on the data) be preventable. However as anyone who comes to slashdot should know, social engineering works great.
So what is the solution? Just prepare for your identity theft now, keep good records and generally don't be a jerk to those you post about and email. Because its all out there.

Re:OK, I'll start the flame war....

[jaymzter]

50 votes for Kerry if history is any indicator.

Invasion of privacy?

[Jumbo+Jimbo]

I think that the original headline to this article isn't the most informative - Invading Privacy for School Credit

I'd say that the opposite is true - this information is in the public domain, and the students were able to demonstrate how easy it is to access and collate, thus stimulating debate (look, we're having a real debate, on Slashdot!).

Invasions of privacy, in my mind, constitute one of two things. 1) Attempting to make someone reveal personal information about themselves that they may not want to, or 2) revealing data on someone else that you have not been given permission to reveal.

While some of the original sources of the data that the students used could have invaded privacy to get the data, by using data already in the public domain the students weren't invading privacy.

If they'd acted illegally or persuaded someone to breach someone else's privacy as part of the project, that would be another thing, but the students weren't allowed to do that as part of this project.

Centralized government control the worst thing

We need responsibility and liability. Those that provide public records need to be responsible for security and cleansing of data. Those that aggregate and disseminate these records for profit need to be liable and responsible for security. If any of these institutions are derelict in their duties, they must be 100% responsible for cleaning up the mess and paying off the debts. I suspect this will never happen, as industry will lobby against it, and government NEVER makes itself liable for any failings. And potential legislations will surely absolve the government from liability. If no one can be found responsible and liable for damages they will have no reason to fix things.

And it's a crime to watch the border ...

Every one is completely digitized execept the 30 million illegal immigrants.

Re:50 deceased persons voted in the last election?

[Skye16]

Yes, because Republicans never do the same. They also don't get a bunch of college students to sign a petition and then change their voter registration information (address and party) using their signatures. They also aren't responsible for hundreds of people who weren't able to vote because, due to the changes, their voting location was changed - without their knowledge.

This happened last autumn to students at the University of Pittsburgh (main campus) who signed a petition to legalize marijuana.

The point is, both major parties (and probably many minor parties) will do everything they can to get votes. Whether that means screwing people out of the right to vote or voting as dead people, they're going to do it. How about next time you show a little class, dignity, and honesty and confront the real problem - voter fraud - instead of twisting it into something that fits your personal political preference.

I love this quote:

"If some citizen is concerned about dead people remaining registered to vote, he can simply obtain the database of deaths and the voter registration database and cross-correlate," said Joshua Mason,

Umm, you know, maybe the government should do that as part of the electoral process? If felons can be removed from voting lists, so can dead people.

Yes! Nothing would make the country better...

...than forcing the apathetic to randomly select our leaders!

MORE WONDERFULLY STUPID IDEAS!

Re:multitiered privacy

[stienman]

And what about those who don't wish to participate? Is there a black level which indicates that the data is not in the data base, and should the data become available to the database through whatever means then the data is rejected (ie, not inserted into the database)?

The problem most people have with the data being publicly electronic is not that it's available - the problem is that it becomes easy to correlate with other public (or private) information.

Your 'solution' pre-correlates all that data, and practically mandates that everyone exist in the database. The access levels don't actually provide the security you think they will, when a court order is just a document or a digital signature, and the database is available to every police station or library. No amount of security or encryption is going to solve the huge undertaking it would be to create an access database that actually works, nevermind securing the machines from even simple attacks.

-Adam

Re:Necromancy

[Doc+Ruby]

Paying or forcing people to vote makes them hate the system even more. People get a lot back from paying taxes, but they're universally hated. Voting is mainly a way to get people to accept the winner, secondarily (by a large margin) useful as a way for people to chose the best government. Instead of a big carrot/stick apparatus that alienates people from our government, lets see simple competition get people to back their own interests - or abandon them, if that's their level of apathy. They can always "take back" their representation just by going to the polls. Just like now, except it's not so obvious that people get motivated.

Of course, leaving unpopular seats empty isn't a silver bullet. People should be able to cast votes anytime in the month of November. A floating federal holiday, schedulable any time in November, should be validated with a poll receipt. And the feds should allocate each voter a unique, one-time voter ID# discarded upon authentication at the polling place - even if that's a telephone. That would at least make voting as convenient to modern voters as the old way was for ancient voters.

Re:How about Chicago?

Hardly a Chicago problem. The basic argument is that most of the "questionable" voters on most states voter roles tend to be the poor, who are more likely than the average population to be minorities (no value judgement here--just statistics)

See, someone who owns a home, rarely moves or changes address, and has a steady job is fairly easy to verify as "yep, we know who this person is, and they're a legit voter."

Someone who moves frequently, doesn't necessarilly have a lease in their own name, works a series of small jobs, doesn't have or doesn't know their social security number, is harder to verify. Some of these "registered voters" are probably illegal immigrants. But some are citizens--many homeless or urban poor. It's extremely difficult to seperate the wheat from the chaff here.

So, the net is we get a pool of "hard to verify" voters. Some legit, some not.

The reason this is a political football is because (again) these tend to be minorities, and minorities in urban areas tend (again, just statistics here) to vote Democratic. So, counting all these "who knows?" voters gives a slight edge to Democrats.

Which is why Republicans shout "Fraud! Throw the votes out!" and Democrats shout "Disenfranchisement! You can't turn away a single legitimate voter! And attempting to fix the system in any way is a blow to democracy!"

I'm sure if the voting record was pro-Republican from this demographic, the positions would be reversed.

Anyways, Chicago's an overwhelmingly Democratic (in the political party sense) town. So don't bet on seeing this any time soon.

This was the major issue with party "challengers" stationed at key poling places in swing states in the last election, and the concept of "provisional ballots" for voters that you heard so much about last November (if you happen to follow US news...)

Re:Necromancy

i dont care if people vote or not. i hope most people dont in fact because they are idiots and buy into whatever john kerry or bush said on the tv last election

neither were gonna do what they said, but hey "yup yup he's for america"

we honestly dont have a problem with not enough people voting, we have a problem of too many people voting.

It's all there - taxes, political contributions

[xplenumx]

I'm all for open government and the freedom of information, but there certainly comes a point where it can harm the individual.

Where I live now, anyone and their mom's dog can look up the tax records of my property. This database is searchable by either name or address and returns how much a given property has been accessed for (plus the five year history), how much the current taxes are, a picture of the property (which is often the front of the house), and sometimes the floorplan of the house. Not only would I never provide this information to any of my friends (much less a stranger), but I'd consider it rude if they were to ask.

Another invasive database, which has been mentioned several times here on Slashdot, is Fundrace. I work very hard to make sure that my political views are not know at the workplace. However Fundrace allows anyone to search by name or address who gave how much to a given political candidate or party. I understand the value of tracking political donations, I really do. Should my employees or peers have the capability to track me specifically? It somewhat defeats the point of the secret ballot. I'd love to contribute money to those candidates which I support, but I won't.

My colleagues don't need to know how much I make, pay in taxes, or contribute to a given political organization. At best the information simply satisfies some misplaced curiosity, but more likely this information is used to judge (often incorrectly) without any opportunity for a rebuttal or explanation on my part.

Re:election fraud

If that were true, you could rig elections by committing some simple but detectable fraud (like having a dead person vote) in districts where your opponent is popular.

Re:50 deceased persons voted in the last election?

[joschm0]

The next time that I'm asked to sign a petition, I think I'll ask to see an ID of the petitioner.

Missing the obvious

[xant]

From TFA:
. . . whose group discovered 1,500 dead people who were also listed as active registered voters. Fifty of those dead people somehow voted in the last election.

The 1500 are the ones you want to be concerned about, because if they're not removed from the rolls, their votes can be used fraudulently in the next election. The 50 are not necessarily a problem at all. This course was taken over the course of the last semester. I'm surprised it hasn't occurred to anyone that:

Most of those 50 dead people voted in the last election because they were alive during the last election. They probably died during the months following that. People do die, y'know.

Re:Missing the obvious

[Kombat]

Most of those 50 dead people voted in the last election because they were alive during the last election. They probably died during the months following that. People do die, y'know.

OK, but how about this. What about people who take part in the advanced polls, then die before the actual election day? Should their votes still count? They did, after all, cast them early. But on the day of the election, their votes don't necessarily represent the will of the current voting populace.

I remember reading that this exact issue was actually raised during the last US federal election. I never heard how it turned out. Do they still count advance ballots cast by people who died in the two weeks prior to the election?

Re:invasion?

[Jherek+Carnelian]

For example it is not illegal for me to own and drive a legally purchased and registered car. However it is illegal for me to drive the car in a way that violates traffic laws such as running red light.

For counter-example, in mosts states it is illegal for you to own lockpick tools, switchblade knives and machine guns. Such ownership causes no harm to anyone yet they are significant enough enablers for you to potentially do harm that your posession of them is outlawed.

Similarly your acquisition of personal information is a significant enough enabler for you to do harm to the owner of that information that such posession should be outlawed.

Re:Ok, I'll burn the karma

Oh, quit your bullshit. You know as well as anyone else that the Republicans are more than happy to stoop to voter fraud, just like the Democrats. Both of the parties are just pigs swimming in their own shit laden mud.

See also Volusia County, Florida. Negative votes for Gore in 2000... ok, that might be a glitch. Then shit happens in the same county with the same election board in 2004. Certainly looks less like a random error to me now.

Or they voted absentee

[ChePibe]

A lot of seniors vote using absentee ballots (from nursing homes, particularly) months before the elections, and it is not uncommon for many of them to die before all ballots are counted.

Identity theft is an illusion.

> Just prepare for your identity theft now

Or, we can eliminate identity theft simply by no longer calling it identity theft.

Say someone goes to my bank and withdraws all of my money. We could call this identity theft, or we could call it "those fucktards at the bank gave all of my money to someone just because they claimed to be me" and thus "those fools at the bank are out $10,000 because they went and gave it to someone they thought was me" instead of "I'm out $10,000 because someone 'stole' my identity."

The term "Identity Theft" is nothing but a way for those who are responsible for identifying people to pretend as if they didn't make a mistake.

Imagine living in a world where you are no longer responsible for making sure that whatever flimsy systems (like knowledge of a SSN) other people use to identify you actually work. You would no longer have to burn papers with your SSN on them (so they don't get dug out of your trash) because it would no longer be your problem, it'd be the problem of the fool who was stupid enough to think that a SSN is some kind of PIN.

That's the real problem here. The problem isn't that this information is available, but that certain people are stupid enough to believe that just because someone knows this information that it means that they are you.