Slashdot Mirror
Invading Privacy for School Credit
veryloco writes "Students in Prof. Avi Rubin's Security and Privacy course at the Johns Hopkins University completed a project where they gathered as much public data on residents of Baltimore City as possible. One interesting fact was that 50 deceased persons voted in the last election. Read on to find out what other interesting tidbits were discovered."
You know what that means... Zombies!!!
Sorry this is off topic but is anyone else enamored with the way IHT formats their articles?
But how many of them are still posting to Slashdot?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
They voted for BRAINS I want to eat BRAINS BRAINS HUNGRY FOR BRAINS!!
Slashdot requires you to wait longer between hitting 'reply' and submitting a comment.
50 deceased persons voted in the last election
Ah, but did they die right around election time. Could they have sent in an absentee ballot before they died? Or did they die on election day after they voted? Not having all the info can lead to misleading ideas in our overactive imaginations.
Or, it could be like the earlier post... zombies or ghosts.
Evolution or ID?
There is a lot of public data about everyone. Basically, any transaction you do with a government office or agency is public data. If someone views that public data, how are they invading your privacy?
The previous comment is purposely vague and generalized, but all of the facts are completely true.
1500 dead people were registered to vote. But did they join those records on SSN or some other unique identifier? There might be some cases of people with the same name, right?
Irene KHAAAAAAN!
I bet if they had done this in Chicago, the number would be above 5,000 dead voting people. And, many of them would have voted at least twice.
Seriously, Chicago does have this problem and every attempt to cleanse the voting roles of dead voters is shot down as being discriminatory against minorities.
Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
Speak truth to power.
The "privacy battle" was over long ago. This article just shows how slow senators can be in figuring stuff out. Sadly no legislation is ever going to put the horse back in the barn. Granted, things like public offices handing over entire databases burned to CD MIGHT (depending on the data) be preventable. However as anyone who comes to slashdot should know, social engineering works great.
So what is the solution? Just prepare for your identity theft now, keep good records and generally don't be a jerk to those you post about and email. Because its all out there.
50 votes for Kerry if history is any indicator.
If thou see a fair woman pay court to her, for thus thou wilt obtain love
Rubin has been one of the people screaming the past few years about how easy the elections would be to hack. Now it seems that he's widened his scope, showing how much of a joke is any attempt at precise counting of so many people.
We need election laws that guarantee the margin of victory is larger than the sampling error. In fact, we need a law that requires the office get at least a simple majority (50%) of the eligible voters, or it goes unfilled. With so few eligible voters actually voting, that would force districts to hold runoffs, and parties to get out the vote. Or just get outnumbered by the representatives from districts which do turn out. Put a little competition into our rotten voting system, and cut out the deadwood.
--
make install -not war
I've thought, and I'm interested in (constructive) comments, that a three tiered system should be used. The 'green' level, is basically that which any person can get freely, which should be equivalent to that info one can get just by, let's say, seeing you in the street. Basic physical parameters. If a person chooses, they can make other information 'green' such as name and age, etc.
Yellow would be freely available to law enforcement, and to others only with express permision from the individual. This should include credit information, address, ssn, ....city hall sort of stuff.
Red would be available to law enforcement without permission only by court order, or with permission from the individual. This would include things like phone records, or other information that currently requires a supoena.
An individual can make information more or less private for the general public (i.e. I can decide that no one shold really know that I am 6'2 with brown hair.) or more available (i.e. I live here, come visit me!). I think an auditing system should be built in, tracking access, informing an individual of the identity of people accessing their information.
Auditing would require a central repository of information, which would then be the only source of the info, and that could be a problem, with privacy/security of information. However, the rest really only requires a change in legislation, but doesn't really provide a mechanism for enforcement or knowing if someone is invading your privacy.
What do you think?
This article appears in the NY Times today http://www.nytimes.com/2005/05/18/technology/18dat a.html?
and the primary focus of the article is on how easy it is to steal identities on line using legal methods and less than $50.
The slashdot title implies that a college course was used to invade the privacy of Baltimore individuals. This is most misleading. While this is nothing new to most readers here, the significant thing is that this article is in a mainstream media publication and may help to strengthen some of the right to privacy laws that are currently under the gun.
once again proves that geek security is compromized by cleavage or the promise that someone likes you.
CS: It is all sink or swim...oh and did I mention there are sharks in that water?
The brain-hungry flesh-eating undead zombies roaming the Earth were like, "hey, that candidate looks like us. He's got my vote!".
Slashdot requires you to wait longer between hitting 'reply' and submitting a comment.
Bart: "Oh my God...the dead have risen and they're voting Republican!"
The dead have risen, and they're voting Republican!
That's the kind of thing that makes you proud of being an American.
diegoT
Nah, they're usually too stoned to vote. Although if anyone named Garcia ran, he'd probably win.
It's actually true, the city has more then just crabs, heroin, and hospitals! Not mention syphilis and a yearly contender for US murder capital. Now they are a hot spot for identity theft, yippee! Its still better then moving to Virginia.
Ehh...this is the life we chose.
I'd say that the opposite is true - this information is in the public domain, and the students were able to demonstrate how easy it is to access and collate, thus stimulating debate (look, we're having a real debate, on Slashdot!).
Invasions of privacy, in my mind, constitute one of two things. 1) Attempting to make someone reveal personal information about themselves that they may not want to, or 2) revealing data on someone else that you have not been given permission to reveal.
While some of the original sources of the data that the students used could have invaded privacy to get the data, by using data already in the public domain the students weren't invading privacy.
If they'd acted illegally or persuaded someone to breach someone else's privacy as part of the project, that would be another thing, but the students weren't allowed to do that as part of this project.
This reminds me a news item I saw/read about 1-2 years ago where a student wanted to see if he could map out the U.S.'s infratructure given public records/information. He was extremely successful in that he mapped out whole power grids, telecom lines, subways, etc and overlayed them all. Much to his dismay, he was held from presenting this (his doctorate thesis, I believe) by the Feds who worried that terrorists would want to get their hands on the info.
And if you're a terrorist, that makes sense; someone else has already done the work for you and provided additional instructions on how to do so. On the other hand, this poor guy can't complete his work. And all he did was what any Tom, Dick, or Harry could've done.
Privacy vs. openness: A data dilemma in U.S.
By Tom Zeller Jr. The New York Times
WEDNESDAY, MAY 18, 2005
BALTIMORE Ted Stevens wanted to know just how much the Internet has turned private lives into open books. So the U.S. senator, a Republican from Alaska and the chairman of the Senate Commerce Committee, instructed his staff to steal his identity.
"I regret to say they were successful," the senator reported at a hearing he held last week on data theft.
His staff, Stevens reported, came back not just with digital breadcrumbs on the senator, but also with insights on his daughter's rental property and some of the comings and goings of his son, a student in California. "My staff provided me with information they got from a series of places," he said. "For $65, they were told, they could get my Social Security number."
That would not surprise 41 graduate students in a computer security course at Johns Hopkins University in Maryland, who, with $15 less than that, became mini data brokers themselves over the last semester.
Working with a budget of $50 and a strict requirement to use only legal, public sources of information, groups of three to four students set out to vacuum up not just tidbits on individuals, but whole databases - death records, property tax information, campaign donations, occupational license registries - on citizens of Baltimore. They then cleaned and linked the databases they had collected, making it possible to enter a single name and generate multiple layers of information on individuals.
The Johns Hopkins students demonstrated - as has a growing chorus of privacy advocates around the United States - that there is plenty of information to be had on individuals without ever buying it (or stealing it) from big database companies like ChoicePoint and LexisNexis. And as concerns over data security mount, the inherent conflicts between a desire for convenience, openness and access to public records on the one hand, and for personal privacy on the other, are beginning to show.
The Johns Hopkins project was conceived by Avi Rubin, a professor of computer science and the technical director of Johns Hopkins's Information Security Institute. Rubin has used his graduate courses in the past to expose weaknesses in electronic voting technology, digital car keys and other byproducts of a society that is increasingly dependent on computers, networks and software.
"My expectations were that they would be able to find a lot of information, and in fact they did," Rubin said.
In some instances, students visited local government offices and filed official requests for the data - or simply "asked nicely" - sometimes receiving whole databases burned onto a CD.
In other cases, they wrote special computer scripts, which they used to slurp up whole databases from online sources like Maryland's registry of occupational licenses (barbers, architects, plumbers), or from free commercial address databases.
"I think what this professor and students have done is a powerful object lesson in just how much information there is to be found about most of us online," said Beth Givens, the director of the Privacy Rights Clearinghouse in San Diego, "and how difficult it is, how impossible it is, to control what's done with our information."
David Bloys, a private investigator in Texas, has helped craft a bill now pending in the state legislature there that would prohibit the bulk transfer and display over the Internet of documents filed with local governments.
There are real dangers involved, Bloys said, when such information "migrates from practical obscurity inside the four walls of the courthouse to widespread dissemination, aggregation and export across the world via the Internet." However convenient online access made things for legitimate users, the information is equally convenient for "stalkers, terrorists and identity thieves," Bloys said.
The bill, which was introduced in Austin by Representative Carl Isett, a Rep
"Hons" (residents of Baltimore) make the distinction between "Baltimore City" and "Baltimore County" in their writing. Hearing just one can be confusing unless you know the local geography, and realize that just the word "Baltimore" refers to a large number of towns (like Towson) that are part of Baltimore but are actually in "the county". This map shows the difference.
"If some citizen is concerned about dead people remaining registered to vote, he can simply obtain the database of deaths and the voter registration database and cross-correlate," said Joshua Mason,
Umm, you know, maybe the government should do that as part of the electoral process? If felons can be removed from voting lists, so can dead people.
I think this little test should be run in every state. First, let's find out just how many deceased people voted. Find out when they voted, find out their official date of death. If the vote came before their death date listed on the certificate, it's a valid vote. If not, vote stricken down.
To add to this, Every voter should be confirmed as a valid vote by linking with their SSN. There's only so many SSN's out and active today, and if the vote tally goes over the amount of SSNs available, you know something is wrong there as well.
Once an SSN has been recorded as having voted, that number is no longer allowed to be used anywhere else for the purpose of voting for that particular election. Any and all votes should also require other forms of identification, such as your Driver's License, Military ID, Gov't Id, etc. (No picture on credit card BS, anyone can get that.)
And to top that off, get rid of the Electoral College. (Oh, look, I've got a degree in rigging elections!) The whole voting system should not go by who gets the most electoral votes, it should be the TRUE majority of the population that should count in an election, such as it was done 150-200 years ago.
Now on the issue of privacy, unfortunately there are too many holes in the FOIA (Freedom Of Information Act for the legally-unaware) that allow for this kind of information to be gathered, not to mention anyone with enough money, looks, brains, or combination of either/all, could most likely obtain the information from some corrupt individual within an organization, for a nominal fee. (Money, blowjob, massage, whatever, you get the point)
The fact of the matter is that until the people themselves wake up (Seeing as most of the majority of the population, as Sum 41 put it, 'We're hopelessly blissful and blind') and realize that they're being anally raped, without lube, with a dildo double the size of Thor, inserted SIDEWAYS, this situation is not going to change. In fact, it will become easier for BS like this to happen as the technology progresses and people become smarter, or dumber as the case may be for certain issues. Until this happens (and pray to whatever invisible being you worship that it happens soon,) we're completely SOL.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
You may ask why. This came about after a few cases of abused women trying to flee husbands and starting a new life in another part of the country, but being found and battered by their former husbands. When the media found out that the former husbands had gotten the new address of their former wifes from public offices, we had a sensible political reaction.
But then, I live in a european country. In Europe we have a very different attitude to, and better laws on the treatment of personal information compared to the US.
Where I live now, anyone and their mom's dog can look up the tax records of my property. This database is searchable by either name or address and returns how much a given property has been accessed for (plus the five year history), how much the current taxes are, a picture of the property (which is often the front of the house), and sometimes the floorplan of the house. Not only would I never provide this information to any of my friends (much less a stranger), but I'd consider it rude if they were to ask.
Another invasive database, which has been mentioned several times here on Slashdot, is Fundrace. I work very hard to make sure that my political views are not know at the workplace. However Fundrace allows anyone to search by name or address who gave how much to a given political candidate or party. I understand the value of tracking political donations, I really do. Should my employees or peers have the capability to track me specifically? It somewhat defeats the point of the secret ballot. I'd love to contribute money to those candidates which I support, but I won't.
My colleagues don't need to know how much I make, pay in taxes, or contribute to a given political organization. At best the information simply satisfies some misplaced curiosity, but more likely this information is used to judge (often incorrectly) without any opportunity for a rebuttal or explanation on my part.
The true moniker applicable to any resident of Baltimore is, of course, Baltimoron.
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
From TFA:
. . . whose group discovered 1,500 dead people who were also listed as active registered voters. Fifty of those dead people somehow voted in the last election.
The 1500 are the ones you want to be concerned about, because if they're not removed from the rolls, their votes can be used fraudulently in the next election. The 50 are not necessarily a problem at all. This course was taken over the course of the last semester. I'm surprised it hasn't occurred to anyone that:
Most of those 50 dead people voted in the last election because they were alive during the last election. They probably died during the months following that. People do die, y'know.
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
I am a vegitarian zombie, you insensitive clod!
Graaainnnnsss, GRAIINNSssss
The Kruger Dunning explains most post on
I thought that our public duty to vote ended once you died, but I stand corrected.
-Michael, AKA Frankie.
A lot of seniors vote using absentee ballots (from nursing homes, particularly) months before the elections, and it is not uncommon for many of them to die before all ballots are counted.
I fail to understand how any discussion of privacy can possibly take place w/out mentioning ZabaSearch.
/. the other day, but I guess the editors didn't want any random /.er to search for their home phone numbers and every single place they've ever lived.
I even submitted it to
[o]_O