Invading Privacy for School Credit 422
veryloco writes "Students in Prof. Avi Rubin's Security and Privacy course at the Johns Hopkins University completed a project where they gathered as much public data on residents of Baltimore City as possible. One interesting fact was that 50 deceased persons voted in the last election. Read on to find out what other interesting tidbits were discovered."
50 deceased persons voted in the last election? (Score:5, Funny)
Re:50 deceased persons voted in the last election? (Score:4, Funny)
Re:50 deceased persons voted in the last election? (Score:5, Funny)
hey (Score:5, Funny)
Graaainnnnsss, GRAIINNSssss
Re:50 deceased persons voted in the last election? (Score:3, Insightful)
Re:50 deceased persons voted in the last election? (Score:2, Informative)
Re:50 deceased persons voted in the last election? (Score:4, Funny)
Re:50 deceased persons voted in the last election? (Score:4, Funny)
Re:50 deceased persons voted in the last election? (Score:3, Funny)
Re:50 deceased persons voted in the last election? (Score:3, Insightful)
This happened last autumn to students at the University of Pittsburgh (main campus) who signed a petition to legalize marijuana.
The
Re:50 deceased persons voted in the last election? (Score:5, Informative)
http://www.post-gazette.com/pg/04296/399788.stm [post-gazette.com]
Re:50 deceased persons voted in the last election? (Score:5, Informative)
Re:50 deceased persons voted in the last election? (Score:2, Insightful)
How about Chicago? (Score:5, Informative)
Seriously, Chicago does have this problem and every attempt to cleanse the voting roles of dead voters is shot down as being discriminatory against minorities.
Re:How about Chicago? (Score:5, Funny)
I guess you've never heard of the dead as "The Silent Majority" then...
Dead (Score:4, Funny)
Nah, they're usually too stoned to vote. Although if anyone named Garcia ran, he'd probably win.
Re:How about Chicago? (Score:4, Funny)
I'm glad that the dead are still a minority in Chicago. Given the city's reputation [usatoday.com], one would presume that they were in the majority [prairieghosts.com].
Re:How about Chicago? (Score:5, Funny)
Re:How about Chicago? (Score:5, Insightful)
See, someone who owns a home, rarely moves or changes address, and has a steady job is fairly easy to verify as "yep, we know who this person is, and they're a legit voter."
Someone who moves frequently, doesn't necessarilly have a lease in their own name, works a series of small jobs, doesn't have or doesn't know their social security number, is harder to verify. Some of these "registered voters" are probably illegal immigrants. But some are citizens--many homeless or urban poor. It's extremely difficult to seperate the wheat from the chaff here.
So, the net is we get a pool of "hard to verify" voters. Some legit, some not.
The reason this is a political football is because (again) these tend to be minorities, and minorities in urban areas tend (again, just statistics here) to vote Democratic. So, counting all these "who knows?" voters gives a slight edge to Democrats.
Which is why Republicans shout "Fraud! Throw the votes out!" and Democrats shout "Disenfranchisement! You can't turn away a single legitimate voter! And attempting to fix the system in any way is a blow to democracy!"
I'm sure if the voting record was pro-Republican from this demographic, the positions would be reversed.
Anyways, Chicago's an overwhelmingly Democratic (in the political party sense) town. So don't bet on seeing this any time soon.
This was the major issue with party "challengers" stationed at key poling places in swing states in the last election, and the concept of "provisional ballots" for voters that you heard so much about last November (if you happen to follow US news...)
Re:How about Chicago? (Score:3, Funny)
Of course, the dead are poor. That's easily explained by the old adage, "You can't take it with you."
Re:Forget Chicago, Check out Milwaukee, WI (Score:2)
Obligatory Simpsons quote (Score:2, Funny)
Re:50 deceased persons voted in the last election? (Score:5, Funny)
Hmm... brainless, concerned only with consuming, attack anyone who isn't like them... anyone else willing to bet that they voted Bush?
(Aww, c'mon, it's just a harmless joke... *ducks the "troll" mod's*)
Well you *know* who they're going to vote for... (Score:2)
Re:50 deceased persons voted in the last election? (Score:2)
Think of the children! (Score:2)
Missing the obvious (Score:4, Insightful)
. . . whose group discovered 1,500 dead people who were also listed as active registered voters. Fifty of those dead people somehow voted in the last election.
The 1500 are the ones you want to be concerned about, because if they're not removed from the rolls, their votes can be used fraudulently in the next election. The 50 are not necessarily a problem at all. This course was taken over the course of the last semester. I'm surprised it hasn't occurred to anyone that:
Most of those 50 dead people voted in the last election because they were alive during the last election. They probably died during the months following that. People do die, y'know.
Or they voted absentee (Score:3, Insightful)
Re:Missing the obvious (Score:3, Insightful)
OK, but how about this. What about people who take part in the advanced polls, then die before the actual election day? Should their votes still count? They did, after all, cast them early. But on the day of the election, their votes don't necessarily represent the will of the current voting populace.
I remember reading tha
OT: Article formatting (Score:3, Insightful)
Re:OT: Article formatting (Score:4, Interesting)
I regularly point to it as an example of excellent corporate webdesign, but I don't think it gets NEARLY enough credit. It's a fantastic website.
Re:OT: Article formatting (Score:3, Insightful)
Once again: it is FINE to use JS to enhance your web site, but making it a REQUIRED part of your site is foolish.
Re:OT: Article formatting (Score:2)
I'm sure some won't like it b/c of some programming incompatibility, but as a reader, it was very nice.
About those 50... (Score:5, Funny)
But how many of them are still posting to Slashdot?
Only the Insightful zombies! (Score:2)
Re:About those 50... (Score:2)
Re:About those 50... (Score:2)
When did they die? (Score:5, Insightful)
Ah, but did they die right around election time. Could they have sent in an absentee ballot before they died? Or did they die on election day after they voted? Not having all the info can lead to misleading ideas in our overactive imaginations.
Or, it could be like the earlier post... zombies or ghosts.
Re:When did they die? (Score:2, Funny)
Re:When did they die? (Score:2, Funny)
This word you use, "inceivable", I do not think it means what you think it means.
S
How is public data considered private? (Score:5, Insightful)
Re:How is public data considered private? (Score:3, Insightful)
This is called sensitive information. Public, but it should still only be made available to people who will not abuse it.
There is enough public information about most people to destroy them. (mostly financially, but there are other ways to destroy someone, with or without killing them) Than information needs to be public, because there are honest uses for it. However it needs to be restricted who can access it because of the damage they can do.
Cemetery records are public. They should not be availa
Cemetery records should be available (Score:2)
I understand you overall point, I disagree with you with respect to cemetery records. If they were readily available, it would (presumably) be easier for those in charge of voting to prevent the dead from voting than it would be for someone to use that dead person's name to vote.
Additionally, those of us interested in genealogy find our research much easier where cemetery records are available.
Being dead is one state of health that should not be considered private. :)
Re:Cemetery records should be available (Score:2)
/been there and done that
//including with the shaving cream trick
Re:How is public data considered private? (Score:2)
Re:How is public data considered private? (Score:5, Insightful)
Consider this metaphor: Someone is talking very quietly on their cellphone in a public park. If someone sits on the bench beside me and intently starts listening in on my conversation, at what point does that person's actions become an invasion of my privacy?
You're getting caught up in the semantic differences between "public data" and "privacy". "Public data" is simply defined as information that can be obtained legally and freely. "Privacy" though means different things in the literal, personal, and legal senses. And then we wonder about exactly what it means to "invade" one's privacy. Regardless of whether the data about me is public or not, if someone learns something about me I don't want them to know, I can consider that an "invasion of privacy".
Re:How is public data considered private? (Score:2)
When they follow you into your house and continue listening. When you're in public, you can expect no privacy. Hence "public".
1500 dead people were registered to vote (Score:5, Insightful)
Re:1500 dead people were registered to vote (Score:2)
invasion? (Score:3, Interesting)
Re:invasion? (Score:2)
Re:invasion? (Score:2)
I fail to see how the possession and sale of legally obtained data is a threat to anyone. Like guns or automobiles it is the use of the product that determines the threat or legality. For example it is not illegal for me to own and drive a legally purchased and registered car. However it is illegal for me to drive the car in a way that violates traffic laws such as
Re:invasion? (Score:3, Insightful)
For counter-example, in mosts states it is illegal for you to own lockpick tools, switchblade knives and machine guns. Such ownership causes no harm to anyone yet they are significant enough enablers for you to potentially do harm that your posession of them is outlawed.
Similarly your acquisition of perso
Re:invasion? (Score:3)
Similarly your acquisition of personal information is a significant enough enabler for you to do harm to the owner of that information that such possession should be outlawed.
A multi-million dollar industries of data collection and direct marketing completely disagrees with you. They believe personal information is a commodity to be collected, bought, and sold. This action is not illegal or harmful to anyone.
For counter-counter-example, there are many perfectly legal and countless highly profitable re
Re:invasion? (Score:3)
There are no benefits to the people who have their data bought and sold. The only benefit is to the corporations doing the buying and selling.
As an exercise, pretend you had to defend Big Data. How would you do it? What do you think your opponents would argue?
I wouldn't because the only arguments for "Big Data" are the ones you've been making and they are so full of holes that I would not bother to try in the first place.
Examp
It was over long ago (Score:5, Insightful)
So what is the solution? Just prepare for your identity theft now, keep good records and generally don't be a jerk to those you post about and email. Because its all out there.
Re:It was over long ago (Score:2)
True. What could have been more interesting is if the students in the class targetted legislators (state or federal) rather than generic residents of Baltimore.
Regardless of whether one considers this data "private" or not, there is a lot of *personal* information available in the *public* domain. Maybe if lawmakers were themselves targets and it was shown just how much information can be collected, organized and collated they would
Re:It was over long ago (Score:3, Interesting)
Necromancy (Score:5, Interesting)
We need election laws that guarantee the margin of victory is larger than the sampling error. In fact, we need a law that requires the office get at least a simple majority (50%) of the eligible voters, or it goes unfilled. With so few eligible voters actually voting, that would force districts to hold runoffs, and parties to get out the vote. Or just get outnumbered by the representatives from districts which do turn out. Put a little competition into our rotten voting system, and cut out the deadwood.
Re:Necromancy (Score:2, Interesting)
Re:Necromancy (Score:4, Insightful)
Of course, leaving unpopular seats empty isn't a silver bullet. People should be able to cast votes anytime in the month of November. A floating federal holiday, schedulable any time in November, should be validated with a poll receipt. And the feds should allocate each voter a unique, one-time voter ID# discarded upon authentication at the polling place - even if that's a telephone. That would at least make voting as convenient to modern voters as the old way was for ancient voters.
Re:Necromancy (Score:2)
Happened to some people in Brazil, where it is mandatory to vote.
Link not handy.
Re:Necromancy (Score:2)
Re:Necromancy (Score:2)
I would hope that if your idea ever gets any serious consideration that those pushing for it will be unhypocritical enough to insist that their method of voting be used to pass such a law. Put
Re:WHAT WONDERFULLY STUPID IDEAS (Score:2)
It works better than the US system for reasons discussed fully on /. before - voters can vote for the candidate they most want instead of trying to be effective by voting for one of the two most popular candidates just to try and make sure the other doen'st win, as many did in the last presiden
Re:WHAT WONDERFULLY STUPID IDEAS (Score:2)
Re:Necromancy (Score:2)
multitiered privacy (Score:2, Interesting)
I've thought, and I'm interested in (constructive) comme
Re:multitiered privacy (Score:2)
Re:multitiered privacy (Score:3, Insightful)
The problem most people have with the data being publicly electronic is not that it's available - the problem is that it becomes easy to correlate with other public (or private) information.
Your 'solution' pre-correlates all that data,
Misleading Title (Score:4, Informative)
and the primary focus of the article is on how easy it is to steal identities on line using legal methods and less than $50.
The slashdot title implies that a college course was used to invade the privacy of Baltimore individuals. This is most misleading. While this is nothing new to most readers here, the significant thing is that this article is in a mainstream media publication and may help to strengthen some of the right to privacy laws that are currently under the gun.
Engineering (Score:5, Funny)
once again proves that geek security is compromized by cleavage or the promise that someone likes you.
Obligatory Simpsons Quote (Score:4, Funny)
Patriotism... (Score:2, Funny)
That's the kind of thing that makes you proud of being an American.
Re:Patriotism... (Score:2)
Baltimore City (Score:2)
Where's that? Is it near Baltimore?
Re:Baltimore City (Score:4, Informative)
Re:Baltimore City (Score:4, Funny)
The true moniker applicable to any resident of Baltimore is, of course, Baltimoron.
Openness for those with public TRUST (Score:2)
The only benefit of openness comes with elected officials, government appointees, government contracts, campaign financing etc being available to us.
Everyone else deserves privacy.
B'More! (Score:2, Interesting)
Re:B'More! (Score:2)
Now, if you told me you were going 'downeoshun' this weekend, I might believe you.
And, yes, living in VA sucks, but the part I'm in is mighty pretty most of the year, and that partially makes up for the high total tax bill and the lack of any though of consumer protections.
Re:B'More! (Score:2)
Invasion of privacy? (Score:5, Insightful)
I'd say that the opposite is true - this information is in the public domain, and the students were able to demonstrate how easy it is to access and collate, thus stimulating debate (look, we're having a real debate, on Slashdot!).
Invasions of privacy, in my mind, constitute one of two things. 1) Attempting to make someone reveal personal information about themselves that they may not want to, or 2) revealing data on someone else that you have not been given permission to reveal.
While some of the original sources of the data that the students used could have invaded privacy to get the data, by using data already in the public domain the students weren't invading privacy.
If they'd acted illegally or persuaded someone to breach someone else's privacy as part of the project, that would be another thing, but the students weren't allowed to do that as part of this project.
Re:Invasion of privacy? (Score:2)
or 2) revealing data on someone else that you have not been given permission to reveal.
And I think that's just what we're talking about here. Whenever you reveal personal information to a 3rd party, there's an implied contract that they won't post it publically. Let's say I give out my SS# to a creditor. That doesn't mean the credit card company has the right to give that information out to just anyone who asks for it.
While some of the original sources of the data that the students used could have i
Infrastructure Mapping (Score:4, Interesting)
This reminds me a news item I saw/read about 1-2 years ago where a student wanted to see if he could map out the U.S.'s infratructure given public records/information. He was extremely successful in that he mapped out whole power grids, telecom lines, subways, etc and overlayed them all. Much to his dismay, he was held from presenting this (his doctorate thesis, I believe) by the Feds who worried that terrorists would want to get their hands on the info.
And if you're a terrorist, that makes sense; someone else has already done the work for you and provided additional instructions on how to do so. On the other hand, this poor guy can't complete his work. And all he did was what any Tom, Dick, or Harry could've done.
full article (w/o bullshit next button) (Score:4, Informative)
By Tom Zeller Jr. The New York Times
WEDNESDAY, MAY 18, 2005
BALTIMORE Ted Stevens wanted to know just how much the Internet has turned private lives into open books. So the U.S. senator, a Republican from Alaska and the chairman of the Senate Commerce Committee, instructed his staff to steal his identity.
"I regret to say they were successful," the senator reported at a hearing he held last week on data theft.
His staff, Stevens reported, came back not just with digital breadcrumbs on the senator, but also with insights on his daughter's rental property and some of the comings and goings of his son, a student in California. "My staff provided me with information they got from a series of places," he said. "For $65, they were told, they could get my Social Security number."
That would not surprise 41 graduate students in a computer security course at Johns Hopkins University in Maryland, who, with $15 less than that, became mini data brokers themselves over the last semester.
Working with a budget of $50 and a strict requirement to use only legal, public sources of information, groups of three to four students set out to vacuum up not just tidbits on individuals, but whole databases - death records, property tax information, campaign donations, occupational license registries - on citizens of Baltimore. They then cleaned and linked the databases they had collected, making it possible to enter a single name and generate multiple layers of information on individuals.
The Johns Hopkins students demonstrated - as has a growing chorus of privacy advocates around the United States - that there is plenty of information to be had on individuals without ever buying it (or stealing it) from big database companies like ChoicePoint and LexisNexis. And as concerns over data security mount, the inherent conflicts between a desire for convenience, openness and access to public records on the one hand, and for personal privacy on the other, are beginning to show.
The Johns Hopkins project was conceived by Avi Rubin, a professor of computer science and the technical director of Johns Hopkins's Information Security Institute. Rubin has used his graduate courses in the past to expose weaknesses in electronic voting technology, digital car keys and other byproducts of a society that is increasingly dependent on computers, networks and software.
"My expectations were that they would be able to find a lot of information, and in fact they did," Rubin said.
In some instances, students visited local government offices and filed official requests for the data - or simply "asked nicely" - sometimes receiving whole databases burned onto a CD.
In other cases, they wrote special computer scripts, which they used to slurp up whole databases from online sources like Maryland's registry of occupational licenses (barbers, architects, plumbers), or from free commercial address databases.
"I think what this professor and students have done is a powerful object lesson in just how much information there is to be found about most of us online," said Beth Givens, the director of the Privacy Rights Clearinghouse in San Diego, "and how difficult it is, how impossible it is, to control what's done with our information."
David Bloys, a private investigator in Texas, has helped craft a bill now pending in the state legislature there that would prohibit the bulk transfer and display over the Internet of documents filed with local governments.
There are real dangers involved, Bloys said, when such information "migrates from practical obscurity inside the four walls of the courthouse to widespread dissemination, aggregation and export across the world via the Internet." However convenient online access made things for legitimate users, the information is equally convenient for "stalkers, terrorists and identity thieves," Bloys said.
The bill, which was introduced in Austin by Representative Carl Isett, a Rep
I love this quote: (Score:2, Insightful)
Umm, you know, maybe the government should do that as part of the electoral process? If felons can be removed from voting lists, so can dead people.
Re:I love this quote: (Score:2)
Just on what I've read in the comments/article (Score:2, Interesting)
To add to this, Every voter should be confirmed as a valid vote by linking with their SSN. There's only so many SSN's out and active today, and if the vote tally goes over the amount of SSNs available, you know somethi
Re:Just on what I've read in the comments/article (Score:2)
How about abandoning the SSN problem and get your national voter ID number. Make it illegal to use, request, record, or distribute the number for anything but voting. Require that you bring it to the polling place.
But what happens when the id muber is used twice? Do you cancel both votes (there's a strategy)? Do you only take the first one (anot
Personal addresses (Score:4, Interesting)
You may ask why. This came about after a few cases of abused women trying to flee husbands and starting a new life in another part of the country, but being found and battered by their former husbands. When the media found out that the former husbands had gotten the new address of their former wifes from public offices, we had a sensible political reaction.
But then, I live in a european country. In Europe we have a very different attitude to, and better laws [eu.int] on the treatment of personal information compared to the US.
It's all there - taxes, political contributions (Score:5, Insightful)
Where I live now, anyone and their mom's dog can look up the tax records of my property. This database is searchable by either name or address and returns how much a given property has been accessed for (plus the five year history), how much the current taxes are, a picture of the property (which is often the front of the house), and sometimes the floorplan of the house. Not only would I never provide this information to any of my friends (much less a stranger), but I'd consider it rude if they were to ask.
Another invasive database, which has been mentioned several times here on Slashdot, is Fundrace. I work very hard to make sure that my political views are not know at the workplace. However Fundrace allows anyone to search by name or address who gave how much to a given political candidate or party. I understand the value of tracking political donations, I really do. Should my employees or peers have the capability to track me specifically? It somewhat defeats the point of the secret ballot. I'd love to contribute money to those candidates which I support, but I won't.
My colleagues don't need to know how much I make, pay in taxes, or contribute to a given political organization. At best the information simply satisfies some misplaced curiosity, but more likely this information is used to judge (often incorrectly) without any opportunity for a rebuttal or explanation on my part.
Re:It's all there - taxes, political contributions (Score:3)
zerg (Score:3, Interesting)
I even submitted it to
Re: (Score:2, Funny)
Re:OK, I'll start the flame war.... (Score:4, Insightful)
Comment removed (Score:4, Funny)
Re:OK, I'll start the flame war.... (Score:2)
That's right. The Democrats try to add voters to the roles. The Republicans, on the other hand, are busy trying to keep voters off the roles.
Re:So 50 dead people voted (Score:2)
Re:So what do we do about public records? (Score:2)