"When you sign the TOS you are saying that you agree that admins are allowed to go through any of your data at any time."
That gets them off the hook w.r.t. you suing them for invading your privacy. It says nothing about whether their conduct is criminal. Crime is an issue between the perpetrator and the state, and your signature cannot bind the state to anybody's TOS unless you are signing as an agent of the state.
I understand about TOS. I *am* a sysadmin, and I depend on those agreements to permit me to do my job. But it's possible for an overreaching sysadmin to get himself in trouble even though he adheres to the letter of the user agreement. Absent a specific complaint, rummaging through users' files is just too dangerous, and I consider it poor practice. (I also consider it just plain wrong. I work hard to *avoid* knowing what our users are up to, until someone gives me a valid reason to find out.)
I have to agree with Microsoft on this one. It is long past time for MS to bite the bullet and stop worrying about breaking shoddy software from the dawn of time -- stuff that never should have worked, but did because earlier OSes allowed unforgiveable sloppiness. There are a lot of app.s out there that deserve to die and be replaced by correct code.
I'm very much in favor of preserving backward compatibility for decent software, but many PeeCee products are great examples of how not to design and build software, and they should go. Now.
(Can you tell how many hundreds of hours I've lost trying to get antiproductivity software running for someone who simply *must* have it?)
I don't suppose those are the miscreants who have been flooding our network with winpopups essentially offering degrees for sale? "They never will be missed...."
I wasn't talking about TOS, I was talking about law. If your school computing establishment's TOS said it is okay to rob banks, would that give you immunity from the laws which say it is not okay?
Hey, if you have evidence of a crime being committed across state lines, do what that other guy did and get the FBI involved. Maybe that'll wake the locals up.
Now I have to wonder: if someone goes looking for sexually explicit materials in people's accounts, without any complaint to prompt the action (because nobody but the account holder has ever seen it), could he be successfully prosecuted for voyeurism? (Setting aside for a moment the question of whether those materials were a permitted use of the equipment.)
Just because A acted improperly does not prove that B was not acting improperly in the act of discovering A's impropriety.
"I get a panic phone call from a major supplier of T1's etc in our area calling to find out why I sent the FBI after them."
Duuh, because they were too lazy to do their jobs or their civic duty?
The bad guys are organized, but usually we are not. In too many cases a victim wants to simply clean out the mess, get back in production, and forget it ever happened. We need to make better use of the collective mechanisms already in place to not only fix the immediate problem but make it less likely to happen again.
We could use more help from the tool makers. On your average antivirus gadget, how obvious is the button for "no, don't just flush it; package, preserve, and document the evidence." How much more could security product vendors do to help establish a chain of evidence that can bring distributed attacks home to the perpetrator?
Many forms of attack are safe only because the whole world is busily scrubbing away the bad guy's footprints. It's time we turned that around.
I think that product liability is probably the wrong path. It's easy to stir up, but the manufacturers will fight like crazy to keep the problem from sticking to them. Better to find and show them a way to pass the hot potato along to someone else, someone whose removal from the game would decrease the number of hot potatoes being passed. Get the people with massive resources on our side, instead of fighting them.
While I understand that some people actually prefer IE and would even go and get it if they had to, many IE users simply take whatever comes with the machine. So far the latter has not been true of Netscape/Phoenix/Firebird/Firefox.
I suspect that people who choose their browsers are simply less swayed by advertising, especially the least-common-denominator sort that swirls continually around the virtual ankles of the WWW user. Maybe if the ad.s were less annoying, more informative, and promoting something that choosy people find worth having, the numbers would be different.
Wow...trusting the collective brainpower of an entire society, instead of depending on mechanisms created only by a handful of people who think and act just like the politicians...what a revolutionary idea!}irony off{
Yeah, my first thought was, "they put Doctor/Eliza in a can."
Now, if they can add some pattern *creation* then they'll have something really special.
Person: I'm bored. Robot: You enjoy talking with $FRIEND. You two haven't visited in several weeks. Maybe $GOOD_TIME would be a good time to telephone him/her today.
Person: I'm bored. Robot: What would you like to do? You enjoy playing go. Do you know someone who would like to play today?
or even:
Person: I'm bored. Robot: Have you cleaned the kitchen recently?
> > How would you know that student #1234 at College U. was student #5678 at Hometown High?
> Social Security Number.
Oops!
Further, what if he has two SSNs? It happens. The SSA hasn't much incentive to worry about such things, since the only *proper* use of SSNs is for crediting SS contributions. SSNs are *nothing like* identification. That's the real problem with flinging SSNs about.
Schools shouldn't have student SSNs in the first place, since students are not employees. (If a student is also an employee, that's a separate relationship.) Depending on current laws regarding financial aid, colleges *might* have a reason to have students' SSNs but they shouldn't be giving them to anyone but the IRS and just possibly SSA. (It's hard to say when IRS should and should not receive SSNs since they collect contributions on behalf of SSA.)
"There was a day when you could, with reasonable trust, assume that the transaction you were about to engage was between you and the other party, and no one else."
That day must be from prehistory. One or two hundred years ago, if you bought a hammer at the local store, the storekeeper might actually volunteer the information to some of his other regular customers just by way of making conversation, and nobody would think it was improper. And if someone turned up on your property dead of a hammerblow the next day, a lot of folk would think they knew you did it and might tell any of their acquaintances so, *especially* if you were habitually secretive about your affairs. Today our privacy laws may be inadequate, but they are 100% stronger than what our ancestors had.
And yes, what you buy and how you use your time tells a lot about what you consider important, which is a big part of "who you are".
I deny, also, that e.g. credit bureaus get all the benefit thereof. You and I benefit from a system that gives remote strangers the assurance to extend us credit. You can do thousand-dollar deals with people on another continent whom you've never met before and never will meet, and they will deal with you, because you have a trusted introducer: the lender, who trusts you only because of what the credit bureaus know about you. The relationship is out of balance, but that can be fixed without junking the entire system.
Furthermore, you might be shocked to learn what casual acquaintances know about you despite your best efforts to keep it to yourself.
And last, very often the real problem is not what people know about us, but what they do not *know* yet think they do.
The minority in the car has committed no crime yet, and may not at all. The government has committed no crime yet (in this instance) and may not at all. The time to punish government officials is *after* they go wrong, not before, just as with the rest of us.
And falsification of public records is a *crime*. The teacher doesn't have to sue, she only has to present enough evidence to convince the authorities that a crime has been committed, or that someone was trying to start up a conspiracy to commit a crime. That should put away the principal. Meanwhile, an ongoing criminal investigation should be enough to get serious treatment for charges of wrongful personnel action. A lawyer really might not have very much work to do, to get the ball rolling. There may be no reason for her mistreatment to go to trial.
Oh, yeah. It's only when the scary evil Government becomes involved that people howl. Only government employees can be corrupt. Only government employees can make mistakes. Everyone else is perfect, and perfectly nice all the time.
*sigh* That's why responsibility is a web, not a tree. The principal is playing hardball, so it's time for the teacher to play hardball. If a principal is ordering teachers to break the law (you know, *falsifying public records*) then it should be possible to get a judge to trump the superintendent's hand. And if the superintendent is complicit in the falsification of records, he may get a cell next to the principal.
But it isn't going to just happen because it should. That teacher is gonna have to *make* it happen. If things have happened as asserted, then she has a *duty* to report evidence of corruption.
And that's how the system works. When people break the rules, then they can be punished and removed from power. Trying to do it in advance is like imprisoning someone because he "looks like he might commit a crime." If you're against cops hassling minority members who drive cars that are nicer than they "should" have, then you should be against the blocking of public projects for the sole reason that someone could use data illegally. It's exactly the same error, except that in the latter case the victim is everybody.
How would you know that student #1234 at College U. was student #5678 at Hometown High? And if you don't know that, how do you know how well Hometown High is preparing students for college?
"But the college already knows that," you say. But 10,000 colleges will have 10,000 different ways of collecting, storing, processing, and interpreting that information, and 10,000 different sets of hoops to jump through in order to get at any of it.
The information will be gotten anyway, somehow, but it'll be much more expensive and of poorer quality. I'd feel much better to just let them do it the easy way as long as, if someone abuses my information, I can send him to jail. A few careless bureaucrats behind bars should do wonders for data stewardship throughout the land.
Demonstrate that we ever had any privacy. The days before massive databases were also the days before credit cards and faceless megacorps that could care less who you are as long as you pay on time. If you weren't a hermit or a pioneer, your doctor/banker/grocer/etc. all knew you personally. People who *didn't* know you personally wouldn't take significant risks with you until they did, or until they'd checked you out with "respected members of the community". The whole town knew who you were, and if they didn't like who you were, it was time to find a new town.
We probably have more real privacy today than ever before. Some people seem to want total anonymity, and that's never existed.
They don't care who you are; they only care that they can match your college records to your primary school records, along with millions of other young citizens, so they can maintain the continuity of the data. There shouldn't be any researching of individuals' background here.
Of course it would have been a better design if they'd simply asked the primary schools to issue serial numbers and used those to track the data on through college without personal identification. If there were some reason to identify a single data stream with a person, the primary school could do it, but with strict rules about such disclosures (and strict punishment for infractions) all legitimate uses could have been provided for without worrying millions of people. (A few would be worried no matter what. You can't please everyone.)
I suspect it's Yet Another Failure to think long enough about what the current project means by "identity". A person's name, precise address, and SSN are irrelevant to any study of the effectiveness of public education, and a lot of other studies, but that doesn't prevent lots of people thinking they've just got to have those fields.
I was in high school back when we had conscription. They didn't need a database of college students to run it; every kid was required to take the ASVAB test (in what school year, I forget) so they knew us that way, and disclosing one's existence to Selective Service was legally required. I was a very happy 1H when the draft ended.
With National Defense as the motive, the government didn't have to sneak around deducing things; Congress just said, "do it, or go to jail." Don't think you can prevent conscription by fighting the creation of a database.
Between a family that's always on the go to somewhere, and all the reading I have to do in order to merely be falling behind *slowly*, when would I do side work?
If I did have the time, I'd be doing IT work, but concentrating on the interesting stuff I don't get enough of at my "day job". (More creating, less fixing.)
...a big outfit is going to have a lot of failed projects, *because* it is big enough to fail and survive to keep trying, and because it has been around long enough to get big. A single failure can kill a small organization, but the way to get big is to generate lots of ideas, keep spending from going wild (*not* the same as pinching every penny till it screams), and know how to make money from the ones that don't bomb.
It's important to understand one's corporate identity, though. If Intel came round to ask my advice, the one thing I'd tell them is to remember that they make *parts*. Not computers or TV sets; parts. They can best succeed by making downstream system-builders successful.
(AMD probably has some interesting failures to discuss, too. They've been around since 1969, and made some of the parts in the DEC mainframes I used and ran back in the 1970s-80s.)
Slashdot Mirror
"When you sign the TOS you are saying that you agree that admins are allowed to go through any of your data at any time."
That gets them off the hook w.r.t. you suing them for invading your privacy. It says nothing about whether their conduct is criminal. Crime is an issue between the perpetrator and the state, and your signature cannot bind the state to anybody's TOS unless you are signing as an agent of the state.
I understand about TOS. I *am* a sysadmin, and I depend on those agreements to permit me to do my job. But it's possible for an overreaching sysadmin to get himself in trouble even though he adheres to the letter of the user agreement. Absent a specific complaint, rummaging through users' files is just too dangerous, and I consider it poor practice. (I also consider it just plain wrong. I work hard to *avoid* knowing what our users are up to, until someone gives me a valid reason to find out.)
I have to agree with Microsoft on this one. It is long past time for MS to bite the bullet and stop worrying about breaking shoddy software from the dawn of time -- stuff that never should have worked, but did because earlier OSes allowed unforgiveable sloppiness. There are a lot of app.s out there that deserve to die and be replaced by correct code.
I'm very much in favor of preserving backward compatibility for decent software, but many PeeCee products are great examples of how not to design and build software, and they should go. Now.
(Can you tell how many hundreds of hours I've lost trying to get antiproductivity software running for someone who simply *must* have it?)
"With any luck the phone in your pocket will have a gigabit link by the year 2015."
Meanwhile, voice communication (you know, "telephone") still only uses bandwidth of about 4kHz and is not likely to change in the foreseeable future.
I don't suppose those are the miscreants who have been flooding our network with winpopups essentially offering degrees for sale? "They never will be missed...."
I wasn't talking about TOS, I was talking about law. If your school computing establishment's TOS said it is okay to rob banks, would that give you immunity from the laws which say it is not okay?
Hey, if you have evidence of a crime being committed across state lines, do what that other guy did and get the FBI involved. Maybe that'll wake the locals up.
Now I have to wonder: if someone goes looking for sexually explicit materials in people's accounts, without any complaint to prompt the action (because nobody but the account holder has ever seen it), could he be successfully prosecuted for voyeurism? (Setting aside for a moment the question of whether those materials were a permitted use of the equipment.)
Just because A acted improperly does not prove that B was not acting improperly in the act of discovering A's impropriety.
"I get a panic phone call from a major supplier of T1's etc in our area calling to find out why I sent the FBI after them."
Duuh, because they were too lazy to do their jobs or their civic duty?
The bad guys are organized, but usually we are not. In too many cases a victim wants to simply clean out the mess, get back in production, and forget it ever happened. We need to make better use of the collective mechanisms already in place to not only fix the immediate problem but make it less likely to happen again.
We could use more help from the tool makers. On your average antivirus gadget, how obvious is the button for "no, don't just flush it; package, preserve, and document the evidence." How much more could security product vendors do to help establish a chain of evidence that can bring distributed attacks home to the perpetrator?
Many forms of attack are safe only because the whole world is busily scrubbing away the bad guy's footprints. It's time we turned that around.
I think that product liability is probably the wrong path. It's easy to stir up, but the manufacturers will fight like crazy to keep the problem from sticking to them. Better to find and show them a way to pass the hot potato along to someone else, someone whose removal from the game would decrease the number of hot potatoes being passed. Get the people with massive resources on our side, instead of fighting them.
While I understand that some people actually prefer IE and would even go and get it if they had to, many IE users simply take whatever comes with the machine. So far the latter has not been true of Netscape/Phoenix/Firebird/Firefox.
I suspect that people who choose their browsers are simply less swayed by advertising, especially the least-common-denominator sort that swirls continually around the virtual ankles of the WWW user. Maybe if the ad.s were less annoying, more informative, and promoting something that choosy people find worth having, the numbers would be different.
Exactly -- there are 65533 other TCP ports that may also need domain resolution. Internet !== WWW.
Wow...trusting the collective brainpower of an entire society, instead of depending on mechanisms created only by a handful of people who think and act just like the politicians...what a revolutionary idea!}irony off{
Yeah, my first thought was, "they put Doctor/Eliza in a can."
Now, if they can add some pattern *creation* then they'll have something really special.
Person: I'm bored.
Robot: You enjoy talking with $FRIEND. You two haven't visited in several weeks. Maybe $GOOD_TIME would be a good time to telephone him/her today.
Person: I'm bored.
Robot: What would you like to do? You enjoy playing go. Do you know someone who would like to play today?
or even:
Person: I'm bored.
Robot: Have you cleaned the kitchen recently?
> > How would you know that student #1234 at College U. was student #5678 at Hometown High?
> Social Security Number.
Oops!
Further, what if he has two SSNs? It happens. The SSA hasn't much incentive to worry about such things, since the only *proper* use of SSNs is for crediting SS contributions. SSNs are *nothing like* identification. That's the real problem with flinging SSNs about.
Schools shouldn't have student SSNs in the first place, since students are not employees. (If a student is also an employee, that's a separate relationship.) Depending on current laws regarding financial aid, colleges *might* have a reason to have students' SSNs but they shouldn't be giving them to anyone but the IRS and just possibly SSA. (It's hard to say when IRS should and should not receive SSNs since they collect contributions on behalf of SSA.)
"There was a day when you could, with reasonable trust, assume that the transaction you were about to engage was between you and the other party, and no one else."
That day must be from prehistory. One or two hundred years ago, if you bought a hammer at the local store, the storekeeper might actually volunteer the information to some of his other regular customers just by way of making conversation, and nobody would think it was improper. And if someone turned up on your property dead of a hammerblow the next day, a lot of folk would think they knew you did it and might tell any of their acquaintances so, *especially* if you were habitually secretive about your affairs. Today our privacy laws may be inadequate, but they are 100% stronger than what our ancestors had.
And yes, what you buy and how you use your time tells a lot about what you consider important, which is a big part of "who you are".
I deny, also, that e.g. credit bureaus get all the benefit thereof. You and I benefit from a system that gives remote strangers the assurance to extend us credit. You can do thousand-dollar deals with people on another continent whom you've never met before and never will meet, and they will deal with you, because you have a trusted introducer: the lender, who trusts you only because of what the credit bureaus know about you. The relationship is out of balance, but that can be fixed without junking the entire system.
Furthermore, you might be shocked to learn what casual acquaintances know about you despite your best efforts to keep it to yourself.
And last, very often the real problem is not what people know about us, but what they do not *know* yet think they do.
The minority in the car has committed no crime yet, and may not at all. The government has committed no crime yet (in this instance) and may not at all. The time to punish government officials is *after* they go wrong, not before, just as with the rest of us.
And falsification of public records is a *crime*. The teacher doesn't have to sue, she only has to present enough evidence to convince the authorities that a crime has been committed, or that someone was trying to start up a conspiracy to commit a crime. That should put away the principal. Meanwhile, an ongoing criminal investigation should be enough to get serious treatment for charges of wrongful personnel action. A lawyer really might not have very much work to do, to get the ball rolling. There may be no reason for her mistreatment to go to trial.
"lessons so clearly taught by our nation's founders, that the government is the enemy of liberty"
Would those be the same founders who set up a government for us? It seems there's another lesson here.
Oh, yeah. It's only when the scary evil Government becomes involved that people howl. Only government employees can be corrupt. Only government employees can make mistakes. Everyone else is perfect, and perfectly nice all the time.
Yeah.
*sigh* That's why responsibility is a web, not a tree. The principal is playing hardball, so it's time for the teacher to play hardball. If a principal is ordering teachers to break the law (you know, *falsifying public records*) then it should be possible to get a judge to trump the superintendent's hand. And if the superintendent is complicit in the falsification of records, he may get a cell next to the principal.
But it isn't going to just happen because it should. That teacher is gonna have to *make* it happen. If things have happened as asserted, then she has a *duty* to report evidence of corruption.
And that's how the system works. When people break the rules, then they can be punished and removed from power. Trying to do it in advance is like imprisoning someone because he "looks like he might commit a crime." If you're against cops hassling minority members who drive cars that are nicer than they "should" have, then you should be against the blocking of public projects for the sole reason that someone could use data illegally. It's exactly the same error, except that in the latter case the victim is everybody.
How would you know that student #1234 at College U. was student #5678 at Hometown High? And if you don't know that, how do you know how well Hometown High is preparing students for college?
"But the college already knows that," you say. But 10,000 colleges will have 10,000 different ways of collecting, storing, processing, and interpreting that information, and 10,000 different sets of hoops to jump through in order to get at any of it.
The information will be gotten anyway, somehow, but it'll be much more expensive and of poorer quality. I'd feel much better to just let them do it the easy way as long as, if someone abuses my information, I can send him to jail. A few careless bureaucrats behind bars should do wonders for data stewardship throughout the land.
Demonstrate that we ever had any privacy. The days before massive databases were also the days before credit cards and faceless megacorps that could care less who you are as long as you pay on time. If you weren't a hermit or a pioneer, your doctor/banker/grocer/etc. all knew you personally. People who *didn't* know you personally wouldn't take significant risks with you until they did, or until they'd checked you out with "respected members of the community". The whole town knew who you were, and if they didn't like who you were, it was time to find a new town.
We probably have more real privacy today than ever before. Some people seem to want total anonymity, and that's never existed.
They don't care who you are; they only care that they can match your college records to your primary school records, along with millions of other young citizens, so they can maintain the continuity of the data. There shouldn't be any researching of individuals' background here.
Of course it would have been a better design if they'd simply asked the primary schools to issue serial numbers and used those to track the data on through college without personal identification. If there were some reason to identify a single data stream with a person, the primary school could do it, but with strict rules about such disclosures (and strict punishment for infractions) all legitimate uses could have been provided for without worrying millions of people. (A few would be worried no matter what. You can't please everyone.)
I suspect it's Yet Another Failure to think long enough about what the current project means by "identity". A person's name, precise address, and SSN are irrelevant to any study of the effectiveness of public education, and a lot of other studies, but that doesn't prevent lots of people thinking they've just got to have those fields.
I was in high school back when we had conscription. They didn't need a database of college students to run it; every kid was required to take the ASVAB test (in what school year, I forget) so they knew us that way, and disclosing one's existence to Selective Service was legally required. I was a very happy 1H when the draft ended.
With National Defense as the motive, the government didn't have to sneak around deducing things; Congress just said, "do it, or go to jail." Don't think you can prevent conscription by fighting the creation of a database.
Between a family that's always on the go to somewhere, and all the reading I have to do in order to merely be falling behind *slowly*, when would I do side work?
If I did have the time, I'd be doing IT work, but concentrating on the interesting stuff I don't get enough of at my "day job". (More creating, less fixing.)
...a big outfit is going to have a lot of failed projects, *because* it is big enough to fail and survive to keep trying, and because it has been around long enough to get big. A single failure can kill a small organization, but the way to get big is to generate lots of ideas, keep spending from going wild (*not* the same as pinching every penny till it screams), and know how to make money from the ones that don't bomb.
It's important to understand one's corporate identity, though. If Intel came round to ask my advice, the one thing I'd tell them is to remember that they make *parts*. Not computers or TV sets; parts. They can best succeed by making downstream system-builders successful.
(AMD probably has some interesting failures to discuss, too. They've been around since 1969, and made some of the parts in the DEC mainframes I used and ran back in the 1970s-80s.)
"If you can't spell properly, what else can't you do properly?"
/. who believe this.
Oh, I agree, but we seem to be among only about a dozen on