Slashdot Mirror
Database Records and "In Plain Sight" Searches
chriswaco writes "A federal appeals court ruled that database records are not 'in plain sight' when other records in the same database are subpoenaed. The case involved Major League Baseball drug test results, but the implications are far wider."
Otherwise, what would keep someone from gaining access to information completely irrelevant to the records being subpoenaed in the first place? I'm actually surprised HIPAA didn't get involved sooner since patients' privacy could have been compromised.
Loading...
SELECT Results, TestingLab FROM SteroidTests WHERE LastName = 'DiMaggio' AND FirstName = 'Joe' does not mean that SELECT * FROM SteroidTests is in plain sight.
Especially since large databases keep track of more and more things (like your credit cards, names, address, ssn, what you last purchased, credit scores, ...) legitimate seizures of data should be severely limited by the judges issuing a warrant. Right now the feds can get away with: "Judge, this terrorist location is stored in this companies database, let's seize all the database servers of the company" and the judge not understanding how records are stored or how databases work practically gives a warrant for all the data the feds can find including 'collateral' records.
Custom electronics and digital signage for your business: www.evcircuits.com
No it's news. This really does have all kinds of implications on future data searches. Apparently the cops saw it as "already got this query thingy open... might as well see what else they have in here". That's a huge issue for all kinds of privacy reasons.
Computer related.... check.
Privacy related..... check.
Does it matter?..... check.
And out of curiosity where is your line between pandering and providing a real service to your users?
No comprende? Let me type that a little slower for you...
Actually, it's called pointing out the significant information in the article. If you think this article is about baseball, you're not paying attention.
The Appeals court specifically indicated how this ruling should be applied to cases you'd probably be more interested in, such as if Google's servers were searched.
If anything, cnn.com is pandering to its audience by focusing on the baseball aspects of a story that's really about the legal bounds of search where databases are involved; and while the court reached its conclusion via a line of logic I don't care for (essentially an appeal to force - "if I decide this way, the consequences would be harmful, so I'll decide a different way"), it is a pro-privacy conclusion that a lot of folks around here are probably interested in.
But by all means, argue that the information shouldn't be made available here because it happens to come from a case that deals with sports and I suppose you think nerds don't do sports.
Oh yeah, a much better article on Wired! Despite the bad link and very short summary, it is still an important issue. They key is that they say "Ideally, when searching a computerâ(TM)s hard drive, the government should cull the specific data described in the search warrant, rather than copy the entire drive, the San Francisco-based appeals court ruled. When thatâ(TM)s not possible, the feds must use an independent third party under the courtâ(TM)s supervision," So basically, they had a warrant for 10 drug results, but happened to find 104 results, and took them all. This ruling is a good one in my eyes. Now, they keyword I see there is "ideally", which seems to mean it could be stretched both ways by a smart lawyer, but still overall good stuff.
"It's ok, I'm completely secure as long as my iron is off"
is it just me, or does anyone else have a mental image of Barney Fife cocking his hat, scratching his head trying to cobble together a SQL select statement?
"Gee Andy....How do you create an Inner Join again?"
WTF? Over?
No. From TFA:
If the cops subpeona records looking for Cowboy Neal's crhacking somebody's porn server, thay can't use evidence of Cnik70's use of illegal hamburger buns that they find in that database.
It is relevant.
Free Martian Whores!
The salient facts of the matter were that:
1. A group of people took tests, the results of which were guaranteed to be confidential.
2. The government subpoenaed some of the test results.
3. Investigators collected substantially more test data than the subpoena allowed, stretching the "plain sight" doctrine to the breaking point to do so.
4. Investigators leaked the test results to others.
5. The people who took the tests suffered adverse employment consequences, years after the tests were taken.
Exactly that same sort of thing could happen to you. Let's imagine. Five years ago you tested positive for THC when a random test was required the day after you were, uncharacteristically, at a party thrown by an old friend where there was a great deal of smoke in the air (You don't remember inhaling). Your employer sent you through the spanking mill for the next year and there were additional tests and you were forced to endure flash presentations on drug abuse against your will. You figured that was the end of it.
Little did you know that the Anytown Police Department happened to hang onto a list of positives they got from ABC Testing and Compliance Services (where you took the test) as the result of an unrelated investigation into a person you do not know. The list was leaked via a cop's wife to the local Human Resources Disucssion Group that meets every 2nd Wednesday at the Perkins. And guess what? Now you can't get a job in Anytown and you don't know why.
The ruling at issue is a step in the right direction, because it helps plug one of the holes through which some of this data gets out. If you don't care, you should -- unless you have nothing to hide.
Except they weren't searching the physical premise where these 10 players reside... nor any virtual equivalency. They were searching third party records of drug tests performed on these 10 players. The closest pre-digital analogy I can come up with is bank records. If it was 1909 and the police had obtained a warrant to search my bank records, would that give them the right to also peak at yours that are stored in the same filing cabinet at the bank?
Life has many choices. Eternity has two. What's yours?
Too often that means "reasonable because the cops can snoop around and violate the privacy of other people, regardless of whether those other people don't want that like I do." I'll give an analogy that involves only physical evidence.
At least in my country, an officer is not allowed to just randomly pull over a vehicle for no reason and then search that vehicle. They are supposed to have probable cause; they can't just go search someoneone to see what they can find. Unless they have a dog, that is. That's right. A police dog can decide your vehicle has drugs or whatever else they're looking for and when the dog starts barking, suddenly the officer has a perfectly legal search. Yes, it would be illegal and a violation of civil rights if that officer used his hands and eyes to locate the same drugs. However, the same search performed with a dog's nose instead of a human officer's hands and eyes is suddenly legal and constitutional. Isn't that amazing, how you can take an unconstitutional act, filter it through the nervous system of the lowly dog, and suddenly it becomes legal and has the court's blessing?
Declaring additional records (i.e. those which were not specified in a search warrant or subpoena) as "in plain sight" and legal to search is worse than this. It's worse because it disposes of even the pretense that using a dog to conduct a search is somehow fundamentally different than using your hands and eyes to conduct the same search. It's like declaring everything up-for-grabs so long as the cops can get their hands on it. It's not "in plain sight", it's residing on privately owned hardware on private property. The cops confiscated it by force or by threat of force (what do you suppose a warrant or a subpoena is?) and now that they've dragged it back to their offices and loaded it up on their hardware it's in "plain sight" to them. That sure is a strange definition of "plain sight." This is something that WILL be abused, though I imagine that when this happens a lot of you are going to act surprised. The sad thing is that the surprise will often be sincere.
It is a miracle that curiosity survives formal education. - Einstein
>>>"Hello, I'm a constituent, and I'd like to talk to [ my rep ] about technical issues being proposed / in the news / reflecting the upcoming election.
>
Several times. They just don't listen. For example I spoke to my Senator about the DTV conversion, and how the power levels were set too low for VHF channels 6, 8, 10, 11, and 13 such that they could not be received with the indoor antennas most viewers use. He thanked me and then promptly did nothing.
Next I talked to him about Comcast's monopoly and how it is working to "lock up" television programming (cable shows) behind walls, such that only Comcast subscribers could access them, but not Verizon subscribers (like me). He gave told me he supports net neutrality and that's why he's not going to interfere with Comcast's running of its business and he sees nothing wrong with the practice. (Huh?) I later checked and found he gets million from Comcast in contributions.
And of course I've witnessed what's happening with the townhalls, where he basically told the people he's not listening to their cries to "leave my healthcare alone". He's taken a Nixon-like tactic of saying there's a silent majority and he's serving them. (I would argue if such a majority existed, it should speak up not be silent.)
Democracy doesn't work if the reps refuse to hear what we're saying.
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall