Slashdot Mirror
Database Records and "In Plain Sight" Searches
chriswaco writes "A federal appeals court ruled that database records are not 'in plain sight' when other records in the same database are subpoenaed. The case involved Major League Baseball drug test results, but the implications are far wider."
Otherwise, what would keep someone from gaining access to information completely irrelevant to the records being subpoenaed in the first place? I'm actually surprised HIPAA didn't get involved sooner since patients' privacy could have been compromised.
Loading...
SELECT Results, TestingLab FROM SteroidTests WHERE LastName = 'DiMaggio' AND FirstName = 'Joe' does not mean that SELECT * FROM SteroidTests is in plain sight.
Especially since large databases keep track of more and more things (like your credit cards, names, address, ssn, what you last purchased, credit scores, ...) legitimate seizures of data should be severely limited by the judges issuing a warrant. Right now the feds can get away with: "Judge, this terrorist location is stored in this companies database, let's seize all the database servers of the company" and the judge not understanding how records are stored or how databases work practically gives a warrant for all the data the feds can find including 'collateral' records.
Custom electronics and digital signage for your business: www.evcircuits.com
No it's news. This really does have all kinds of implications on future data searches. Apparently the cops saw it as "already got this query thingy open... might as well see what else they have in here". That's a huge issue for all kinds of privacy reasons.
Computer related.... check.
Privacy related..... check.
Does it matter?..... check.
And out of curiosity where is your line between pandering and providing a real service to your users?
No comprende? Let me type that a little slower for you...
Surely you are jesting.
The ruling is really about data and I don't think that a baseball story needs to attract a few tech geeks and lawyers to increase banner ad revenue.
Personally, I am a bit reassured that there is such a ruling, because it gives some protection against a cop obtaining a warrant to get some data and issuing the wrong sql query that brings too much data including mine (or the tech guy asked to do it that does not refine the query enough, or just give a report that has the relevant data in it and then some not relevant etc.).
Actually, it's called pointing out the significant information in the article. If you think this article is about baseball, you're not paying attention.
The Appeals court specifically indicated how this ruling should be applied to cases you'd probably be more interested in, such as if Google's servers were searched.
If anything, cnn.com is pandering to its audience by focusing on the baseball aspects of a story that's really about the legal bounds of search where databases are involved; and while the court reached its conclusion via a line of logic I don't care for (essentially an appeal to force - "if I decide this way, the consequences would be harmful, so I'll decide a different way"), it is a pro-privacy conclusion that a lot of folks around here are probably interested in.
But by all means, argue that the information shouldn't be made available here because it happens to come from a case that deals with sports and I suppose you think nerds don't do sports.
Oh yeah, a much better article on Wired! Despite the bad link and very short summary, it is still an important issue. They key is that they say "Ideally, when searching a computerâ(TM)s hard drive, the government should cull the specific data described in the search warrant, rather than copy the entire drive, the San Francisco-based appeals court ruled. When thatâ(TM)s not possible, the feds must use an independent third party under the courtâ(TM)s supervision," So basically, they had a warrant for 10 drug results, but happened to find 104 results, and took them all. This ruling is a good one in my eyes. Now, they keyword I see there is "ideally", which seems to mean it could be stretched both ways by a smart lawyer, but still overall good stuff.
"It's ok, I'm completely secure as long as my iron is off"
It is just me or did I miss the part of the US Constitution that said Congress shall have the power to ensure the integrity of Major League Baseball? I can't be the only one that finds it absurd that our Government is devoting resources to outing cheating athletes. Surely there are more pressing issues for them to worry about?
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
is it just me, or does anyone else have a mental image of Barney Fife cocking his hat, scratching his head trying to cobble together a SQL select statement?
"Gee Andy....How do you create an Inner Join again?"
WTF? Over?
No. From TFA:
If the cops subpeona records looking for Cowboy Neal's crhacking somebody's porn server, thay can't use evidence of Cnik70's use of illegal hamburger buns that they find in that database.
It is relevant.
Free Martian Whores!
It can be called "my cat.jpg" and be the database of positive results. So, when agents request search warrants for electronic they articulate a need to search the entire media.
And unfortunately thinking like that is why they can literally tear your car down to the nuts bolts and wires at the border when doing a search for drugs. When they're done, and haven't found a thing, you know what you get? A toolbox full of tools and a space in their parking lot to try to put your entire car back together by yourself. (I know two that have had this happen to them when traveling between the USA and Canada)
By your logic they could literally tear a house down, tear apart the walls and the joists and dig up the foundation if they could suggest that a crack rock could fit in there, when searching a house on a drug warrant.
Unfortunately this is one of the innumerable examples of where the law is given overly broad power and it's left up to someone's judgement as to "how far to go" with it. Unless you have good evidence to suspect the perp has gone to extreme measures to hide something, you can't just ransack the place.
I work for the Department of Redundancy Department.
I think the point is that once you find said database you can only go looking in it for information that is within the scope of your warrant, ie: within that database you're searching for references to elephants your search should be limited to elephants, not major league baseball players.
If you're looking for MLB players but have a list of 10 specific ones, you should be limited to searching for those players names... if they use an alias you're out of luck and will need to convince a judge that this is so important that you need a 'john doe' warrant to search all records for evidence. Better yet just find some other specific criteria that is likely to pull up your aliased individuals records - such as a data, address, etc. that will properly narrow your results so as to exclude as many false matches as possible.
A fool throws a stone into a well and a thousand sages can not remove it.
Fail. I don't think this has anything to do with searching for child porn. This is dealing with a highly organized collection of data at some company/organization. In that case, if you need to find 10 guys test results, then you use a where clause; otherwise it is the same thing as searching where an elephant cannot be housed... you will never find the test result of ARod housed in the record for McGwire. So you must use a properly formed query... just as you would when trying to pull a report on sales to make a business decision.
No comprende? Let me type that a little slower for you...
The salient facts of the matter were that:
1. A group of people took tests, the results of which were guaranteed to be confidential.
2. The government subpoenaed some of the test results.
3. Investigators collected substantially more test data than the subpoena allowed, stretching the "plain sight" doctrine to the breaking point to do so.
4. Investigators leaked the test results to others.
5. The people who took the tests suffered adverse employment consequences, years after the tests were taken.
Exactly that same sort of thing could happen to you. Let's imagine. Five years ago you tested positive for THC when a random test was required the day after you were, uncharacteristically, at a party thrown by an old friend where there was a great deal of smoke in the air (You don't remember inhaling). Your employer sent you through the spanking mill for the next year and there were additional tests and you were forced to endure flash presentations on drug abuse against your will. You figured that was the end of it.
Little did you know that the Anytown Police Department happened to hang onto a list of positives they got from ABC Testing and Compliance Services (where you took the test) as the result of an unrelated investigation into a person you do not know. The list was leaked via a cop's wife to the local Human Resources Disucssion Group that meets every 2nd Wednesday at the Perkins. And guess what? Now you can't get a job in Anytown and you don't know why.
The ruling at issue is a step in the right direction, because it helps plug one of the holes through which some of this data gets out. If you don't care, you should -- unless you have nothing to hide.
I think you forgot barney reaching for his one bullet from his shirt pocket (assuming Andy let him have it back) because this is serious police work.
It is as if they would be allowed to do a search in an apartment and find keys to his mothers apartment and his office. Places they did not have a warrant for before.
Don't fight for your country, if your country does not fight for you.
The U.S. government has granted this league monopoly status, so they have a big interest in making sure this entity is operating on the up and up.
Baseball is also something that greatly affects many Americans (congressmen included). I think they'd be remiss if they ignore these illegal acts coming from an American icon (the league).
Lastly, the Federal Government is pretty big and has a lot of people working for it. Yes there are more pressing issues to worry about, but rest assured they can worry about those and this issue concurrently.
From the article:
So the question is, why isn't the players' union suing Major League Baseball for breach of contract? Anonymous and confidential is not the same as identifiable but confidential; if the results actually had been anonymous as promised, this breach never could have happened.
My guess is the system is trying to correct itself from the abuses of the Bush Administration. I wonder if this would over-ride the Patriot Act?
Interesting that you reference the Patriot Act while talking about the abuses of the "Bush Administration" but fail to mention the fact that the vast majority of Democrats in the House and all but one in the Senate voted in favor of it.
You'll forgive me if I'm skeptical that they will do any better now that they are in charge.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
in government, when you can't be EFFECTIVE, yet you are asked 'what are you doing with your time' its shit like this that keeps the burrocrats (sic) 'busy'.
clearly, they don't want to touch any 3rd rails (real issues that need real attention yet will get them unelected next go-round). so they go for easy fruit.
pathetic.
I have zero respect for lawmakers, judges and those in the position of power. lately, all 'understandings' of things technical make me puke. legal guys are worse than children in how illogical they really are, once you look close enough.
So when was the last time you went to your rep's office and told them about yourself?
"Hello, I'm a constituent, and I'd like to talk to [ my rep ] about technical issues being proposed / in the news / reflecting the upcoming election.
"I represent a group that [ tech tech tech ], and I wanted to let you know about services we can provide for you. You're an expert on government and the law, and sometimes you'll hear about technical bills. Some things proposed may be impossible, or split very fine hairs on details that you don't have the time to devote to total research. If there are ever questions we can answer for you, we're here, for you, as a resource, to provide a high-level summary."
Since you're complaining on /., I'd say you're a slacktivist who has never done such a thing. Do you even know your rep's name?
---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
The U.S. government has granted this league monopoly status
No, they granted it an exemption from the anti-trust laws. There's no law stopping you from starting your own baseball league to compete with the MLB.
Baseball is also something that greatly affects many Americans
No it's not. It's something that a great many Americans (myself included, Let's Go Mets!) enjoy watching but it doesn't "greatly affect" you unless you are unlucky enough to get killed by the police while celebrating the victory of your favorite team.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
Do you even know your rep's name?
Maurice Hinchey and he doesn't give a damn what I think because my political views do not align with his own and his district is so gerrymandered that he only has to worry about what his supporters think.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
I am not sure how you arrived at the "System" is correcting itself from the abuses of the Bush Administration. In case you haven't been following the news lately the current administration is stepping up law enforcement at every level and in May of this year Obama not only renewed the Patriot-Act, but his DOJ has issued a number of rulings and guidance that have taken the Patriot Act even further than the Bush administration did in violating our civil rights. For example did you know that the Obama administration claims the Patriot Act renders the U.S. immune from suit under other surveillance laws. This means that the government cannot be held accountable for illegal surveillance under any federal statutes. So in many of the above example even if you are harmed and the court rules in your favor, once the cat is our of the bag you have no recourse against the government?
Except they weren't searching the physical premise where these 10 players reside... nor any virtual equivalency. They were searching third party records of drug tests performed on these 10 players. The closest pre-digital analogy I can come up with is bank records. If it was 1909 and the police had obtained a warrant to search my bank records, would that give them the right to also peak at yours that are stored in the same filing cabinet at the bank?
Life has many choices. Eternity has two. What's yours?
Too often that means "reasonable because the cops can snoop around and violate the privacy of other people, regardless of whether those other people don't want that like I do." I'll give an analogy that involves only physical evidence.
At least in my country, an officer is not allowed to just randomly pull over a vehicle for no reason and then search that vehicle. They are supposed to have probable cause; they can't just go search someoneone to see what they can find. Unless they have a dog, that is. That's right. A police dog can decide your vehicle has drugs or whatever else they're looking for and when the dog starts barking, suddenly the officer has a perfectly legal search. Yes, it would be illegal and a violation of civil rights if that officer used his hands and eyes to locate the same drugs. However, the same search performed with a dog's nose instead of a human officer's hands and eyes is suddenly legal and constitutional. Isn't that amazing, how you can take an unconstitutional act, filter it through the nervous system of the lowly dog, and suddenly it becomes legal and has the court's blessing?
Declaring additional records (i.e. those which were not specified in a search warrant or subpoena) as "in plain sight" and legal to search is worse than this. It's worse because it disposes of even the pretense that using a dog to conduct a search is somehow fundamentally different than using your hands and eyes to conduct the same search. It's like declaring everything up-for-grabs so long as the cops can get their hands on it. It's not "in plain sight", it's residing on privately owned hardware on private property. The cops confiscated it by force or by threat of force (what do you suppose a warrant or a subpoena is?) and now that they've dragged it back to their offices and loaded it up on their hardware it's in "plain sight" to them. That sure is a strange definition of "plain sight." This is something that WILL be abused, though I imagine that when this happens a lot of you are going to act surprised. The sad thing is that the surprise will often be sincere.
It is a miracle that curiosity survives formal education. - Einstein
The "in plain sight" doctrine came about as a result of an old Supreme Court case. What it boils down to is, if the cops execute a search warrant or other lawful search, and they happen to spot evidence of another crime "in plain sight", they can use that evidence to arrest and charge someone. Say the cops are checking your motel room for an escaped prisoner. They can't go rifling through your bag looking for drugs once they've searched the room. But, if you have a meth lab set up in the room, they can get you for that.
The same thing with this database search. Databases can be any arbitrary size : a database could have records on every citizen in the United States. If the cops were given a warrant to check on the records of a specific citizen, the rest of the database should be off limits. Otherwise, there's no real limit to the games the cops could play, and they would effectively have the power to investigate every citizen in the United Stats for a crime at all times. What if the "database" contained the banking records of every citizen in the U.S.?
At least in my country, an officer is not allowed to just randomly pull over a vehicle for no reason and then search that vehicle. They are supposed to have probable cause; they can't just go search someoneone to see what they can find. Unless they have a dog, that is. That's right. A police dog can decide your vehicle has drugs or whatever else they're looking for and when the dog starts barking, suddenly the officer has a perfectly legal search. Yes, it would be illegal and a violation of civil rights if that officer used his hands and eyes to locate the same drugs. However, the same search performed with a dog's nose instead of a human officer's hands and eyes is suddenly legal and constitutional. Isn't that amazing, how you can take an unconstitutional act, filter it through the nervous system of the lowly dog, and suddenly it becomes legal and has the court's blessing?
The dog still has to be near your vehicle for a reason. That reason could be that you were parked in a lot where the dog was walking, but you still can't be pulled over for no reason other than to have the dog sniff your vehicle.
Now, let's take the dog out of the equation. Your parked in that same random parking lot and a cop walks by and smells the pot emanating from your car. He's been on the force for a while and has been involved with drug busts before. He knows, with no doubt whatsoever, the smell of pot. He now has a legal reason to search your car. Complete with the court's blessing.
Life has many choices. Eternity has two. What's yours?
>>>"Hello, I'm a constituent, and I'd like to talk to [ my rep ] about technical issues being proposed / in the news / reflecting the upcoming election.
>
Several times. They just don't listen. For example I spoke to my Senator about the DTV conversion, and how the power levels were set too low for VHF channels 6, 8, 10, 11, and 13 such that they could not be received with the indoor antennas most viewers use. He thanked me and then promptly did nothing.
Next I talked to him about Comcast's monopoly and how it is working to "lock up" television programming (cable shows) behind walls, such that only Comcast subscribers could access them, but not Verizon subscribers (like me). He gave told me he supports net neutrality and that's why he's not going to interfere with Comcast's running of its business and he sees nothing wrong with the practice. (Huh?) I later checked and found he gets million from Comcast in contributions.
And of course I've witnessed what's happening with the townhalls, where he basically told the people he's not listening to their cries to "leave my healthcare alone". He's taken a Nixon-like tactic of saying there's a silent majority and he's serving them. (I would argue if such a majority existed, it should speak up not be silent.)
Democracy doesn't work if the reps refuse to hear what we're saying.
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
Riiiiiight. You're not too familiar with subpoena are you. They deliberately make them as vague as possible so they can use them as a large net. This helps to prevent some of that abuse.
"Growing old is inevitable; growing up is optional."
The physical analogy everyone seems to be missing is if they went to the drug testing lab and asked for the person's records in question, then followed the records keeper to a room full of filing cabinets, watched him open a drawer labelled something along the lines of 'Baseball players that failed their drug test', and then forcefully took every folder in the cabinet, rather than waiting for him to find the one for which they were given a warrant.
The thing is that if they had formed the query on the database properly, it never would have shown them the other records, but instead they went on ahead and grabbed everything they could get their hands on once someone gave them access to the database.
-PainKilleR-[CE]
The thing is the "view" in "plain view" is defined totally arbitrarily. The 4th Amendment to the constitution doesn't say anything about plain view; it just prevents unreasonable searches without a warrant. Over the years, the courts pulled this "plain view" stuff out of their asses.
I'm not criticizing them for that; they ultimately had to try to draw the line between what is reasonable vs unreasonable somewhere. So they made up something that most people think is fair. And now it's pounded into all our heads as though the words were actually in the Bill of Rights, even though they aren't.
The courts' decisions that the "plain viewness" of something is relevant, is a very human definition. Our eyes are a big deal, which is why they call it view instead of scent. That doesn't mean scent doesn't apply -- the courts aren't so dumb/rigid/pedantic to be unable to analogize sight with smell and apply the same criteria. But there's a reason the courts used the word "view" -- we all have a very intuitive idea of what it really means, with a lot of consensus.
What if we violate that underlying meaning?
I think allowing either search (dog or electronics) without a warrant or other probably cause, is flirting with disaster. What if the officer (or machine) has radical powers, such as ability to see through walls, read people's minds (in a science fictiony "telepath" way, not by just being socially well-tuned), etc? At some point, the "plain" in "plain view" should be called into question. If the dog or machine can sniff something that a human 1.0 nose can't, maybe that's not really a reasonable search.
If the concentration is so dilute that you can't smell it, then the molecules, even if yes, they really are floating in the air, aren't in plain view. Just like if you have your drugs inside a cardboard box -- some photons actually are going through the box. We humans just can't see them. If you build a machine that can see them, or have a cop with super-powers that can see them, that doesn't mean the contents of the box are in plain view, regardless of how easily that super-powered cop can see 'em.
I do think we would all change our minds about that, if many of us did have such super-powers. If everyone knew a cardboard box does not delimit privacy, we would no longer consider objects in a box to not be in plain view. I don't mean "know" it in a rational hypothetical sense; I mean knowing it in visceral, obvious, day-to-day in-your-face kind of way, just like most of us can effortlessly and instantly perceive that a cardboard box blocks the view of whatever is inside he box.
Likewise, if we all had, and routinely hung out with, trained dogs: we would all know that faint scents that people can't smell, are still in "plain smell."
But we don't. We don't have the super-powers, nor the trained dogs, nor the electronics. I'm not saying we don't have access to them, just that they aren't part of most people's routine lives. So if you need these things to detect something, that something isn't in plain view. And more importantly: a search that uses these things, if there isn't due process, is not a reasonable search.
"Believe me!" -- Donald Trump
Would you be happier if they were using some sort of electronic detector instead of a dog?
The thing is, dog handlers know their dogs, and dogs know their handler. They are a well integrated team. And if the handler feels like he needs an excuse to search that car driven by those black lads, he can signal his dog via subtle body language cues that he should pretend he smelled something...
An electronic detector may (or may not...) be more difficult to manipulate.