Slashdot Mirror
Invading Privacy for School Credit
veryloco writes "Students in Prof. Avi Rubin's Security and Privacy course at the Johns Hopkins University completed a project where they gathered as much public data on residents of Baltimore City as possible. One interesting fact was that 50 deceased persons voted in the last election. Read on to find out what other interesting tidbits were discovered."
You know what that means... Zombies!!!
But how many of them are still posting to Slashdot?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
50 deceased persons voted in the last election
Ah, but did they die right around election time. Could they have sent in an absentee ballot before they died? Or did they die on election day after they voted? Not having all the info can lead to misleading ideas in our overactive imaginations.
Or, it could be like the earlier post... zombies or ghosts.
Evolution or ID?
There is a lot of public data about everyone. Basically, any transaction you do with a government office or agency is public data. If someone views that public data, how are they invading your privacy?
The previous comment is purposely vague and generalized, but all of the facts are completely true.
1500 dead people were registered to vote. But did they join those records on SSN or some other unique identifier? There might be some cases of people with the same name, right?
Irene KHAAAAAAN!
I bet if they had done this in Chicago, the number would be above 5,000 dead voting people. And, many of them would have voted at least twice.
Seriously, Chicago does have this problem and every attempt to cleanse the voting roles of dead voters is shot down as being discriminatory against minorities.
Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
The "privacy battle" was over long ago. This article just shows how slow senators can be in figuring stuff out. Sadly no legislation is ever going to put the horse back in the barn. Granted, things like public offices handing over entire databases burned to CD MIGHT (depending on the data) be preventable. However as anyone who comes to slashdot should know, social engineering works great.
So what is the solution? Just prepare for your identity theft now, keep good records and generally don't be a jerk to those you post about and email. Because its all out there.
50 votes for Kerry if history is any indicator.
If thou see a fair woman pay court to her, for thus thou wilt obtain love
Rubin has been one of the people screaming the past few years about how easy the elections would be to hack. Now it seems that he's widened his scope, showing how much of a joke is any attempt at precise counting of so many people.
We need election laws that guarantee the margin of victory is larger than the sampling error. In fact, we need a law that requires the office get at least a simple majority (50%) of the eligible voters, or it goes unfilled. With so few eligible voters actually voting, that would force districts to hold runoffs, and parties to get out the vote. Or just get outnumbered by the representatives from districts which do turn out. Put a little competition into our rotten voting system, and cut out the deadwood.
--
make install -not war
This article appears in the NY Times today http://www.nytimes.com/2005/05/18/technology/18dat a.html?
and the primary focus of the article is on how easy it is to steal identities on line using legal methods and less than $50.
The slashdot title implies that a college course was used to invade the privacy of Baltimore individuals. This is most misleading. While this is nothing new to most readers here, the significant thing is that this article is in a mainstream media publication and may help to strengthen some of the right to privacy laws that are currently under the gun.
once again proves that geek security is compromized by cleavage or the promise that someone likes you.
CS: It is all sink or swim...oh and did I mention there are sharks in that water?
The brain-hungry flesh-eating undead zombies roaming the Earth were like, "hey, that candidate looks like us. He's got my vote!".
Slashdot requires you to wait longer between hitting 'reply' and submitting a comment.
Bart: "Oh my God...the dead have risen and they're voting Republican!"
I'd say that the opposite is true - this information is in the public domain, and the students were able to demonstrate how easy it is to access and collate, thus stimulating debate (look, we're having a real debate, on Slashdot!).
Invasions of privacy, in my mind, constitute one of two things. 1) Attempting to make someone reveal personal information about themselves that they may not want to, or 2) revealing data on someone else that you have not been given permission to reveal.
While some of the original sources of the data that the students used could have invaded privacy to get the data, by using data already in the public domain the students weren't invading privacy.
If they'd acted illegally or persuaded someone to breach someone else's privacy as part of the project, that would be another thing, but the students weren't allowed to do that as part of this project.
This reminds me a news item I saw/read about 1-2 years ago where a student wanted to see if he could map out the U.S.'s infratructure given public records/information. He was extremely successful in that he mapped out whole power grids, telecom lines, subways, etc and overlayed them all. Much to his dismay, he was held from presenting this (his doctorate thesis, I believe) by the Feds who worried that terrorists would want to get their hands on the info.
And if you're a terrorist, that makes sense; someone else has already done the work for you and provided additional instructions on how to do so. On the other hand, this poor guy can't complete his work. And all he did was what any Tom, Dick, or Harry could've done.
Privacy vs. openness: A data dilemma in U.S.
By Tom Zeller Jr. The New York Times
WEDNESDAY, MAY 18, 2005
BALTIMORE Ted Stevens wanted to know just how much the Internet has turned private lives into open books. So the U.S. senator, a Republican from Alaska and the chairman of the Senate Commerce Committee, instructed his staff to steal his identity.
"I regret to say they were successful," the senator reported at a hearing he held last week on data theft.
His staff, Stevens reported, came back not just with digital breadcrumbs on the senator, but also with insights on his daughter's rental property and some of the comings and goings of his son, a student in California. "My staff provided me with information they got from a series of places," he said. "For $65, they were told, they could get my Social Security number."
That would not surprise 41 graduate students in a computer security course at Johns Hopkins University in Maryland, who, with $15 less than that, became mini data brokers themselves over the last semester.
Working with a budget of $50 and a strict requirement to use only legal, public sources of information, groups of three to four students set out to vacuum up not just tidbits on individuals, but whole databases - death records, property tax information, campaign donations, occupational license registries - on citizens of Baltimore. They then cleaned and linked the databases they had collected, making it possible to enter a single name and generate multiple layers of information on individuals.
The Johns Hopkins students demonstrated - as has a growing chorus of privacy advocates around the United States - that there is plenty of information to be had on individuals without ever buying it (or stealing it) from big database companies like ChoicePoint and LexisNexis. And as concerns over data security mount, the inherent conflicts between a desire for convenience, openness and access to public records on the one hand, and for personal privacy on the other, are beginning to show.
The Johns Hopkins project was conceived by Avi Rubin, a professor of computer science and the technical director of Johns Hopkins's Information Security Institute. Rubin has used his graduate courses in the past to expose weaknesses in electronic voting technology, digital car keys and other byproducts of a society that is increasingly dependent on computers, networks and software.
"My expectations were that they would be able to find a lot of information, and in fact they did," Rubin said.
In some instances, students visited local government offices and filed official requests for the data - or simply "asked nicely" - sometimes receiving whole databases burned onto a CD.
In other cases, they wrote special computer scripts, which they used to slurp up whole databases from online sources like Maryland's registry of occupational licenses (barbers, architects, plumbers), or from free commercial address databases.
"I think what this professor and students have done is a powerful object lesson in just how much information there is to be found about most of us online," said Beth Givens, the director of the Privacy Rights Clearinghouse in San Diego, "and how difficult it is, how impossible it is, to control what's done with our information."
David Bloys, a private investigator in Texas, has helped craft a bill now pending in the state legislature there that would prohibit the bulk transfer and display over the Internet of documents filed with local governments.
There are real dangers involved, Bloys said, when such information "migrates from practical obscurity inside the four walls of the courthouse to widespread dissemination, aggregation and export across the world via the Internet." However convenient online access made things for legitimate users, the information is equally convenient for "stalkers, terrorists and identity thieves," Bloys said.
The bill, which was introduced in Austin by Representative Carl Isett, a Rep
Where I live now, anyone and their mom's dog can look up the tax records of my property. This database is searchable by either name or address and returns how much a given property has been accessed for (plus the five year history), how much the current taxes are, a picture of the property (which is often the front of the house), and sometimes the floorplan of the house. Not only would I never provide this information to any of my friends (much less a stranger), but I'd consider it rude if they were to ask.
Another invasive database, which has been mentioned several times here on Slashdot, is Fundrace. I work very hard to make sure that my political views are not know at the workplace. However Fundrace allows anyone to search by name or address who gave how much to a given political candidate or party. I understand the value of tracking political donations, I really do. Should my employees or peers have the capability to track me specifically? It somewhat defeats the point of the secret ballot. I'd love to contribute money to those candidates which I support, but I won't.
My colleagues don't need to know how much I make, pay in taxes, or contribute to a given political organization. At best the information simply satisfies some misplaced curiosity, but more likely this information is used to judge (often incorrectly) without any opportunity for a rebuttal or explanation on my part.
I am a vegitarian zombie, you insensitive clod!
Graaainnnnsss, GRAIINNSssss
The Kruger Dunning explains most post on