Computer and networking technology has allowed private data to be stored in databases to make it readily accessible to those who have a legitimate reason to access it, but in the process have made it entirely too susceptible to unauthorized access.  It is easy to blame this on programmers for writing shoddy software, and there certainly is some truth to that, but no matter how good the software is, there will still be problems with the people authorized to use the databases making mistakes such as using weak passwords.

Even if it’s a losing battle, we should fight tooth-and-nail to try to hold onto privacy.  As Dylan Thomas wrote, “Do not go gentle into that good night.  [...] Rage, rage against the dying of the light.”

That being the case, presumably they wouldn’t have any problem with citizens surreptitiously planting GPS tracking devices onto police cars.  WIth suitable distribution of the tracking information via the internet to mobile devices (e.g., smart phones), that could be quite useful for people that want to avoid speed traps, etc.

The appeals court did write that “We are also concerned about the private use of GPS surveillance devices. [...] Consequently, we urge the legislature to explore imposing limitations on the use of GPS and similar devices by both government and private actors.“  I think the outcome of that is predicable.  The legislature will impose substantial limitations on the use of GPS trackers by private actors, and minimal or no limitations on their use by the government.

A New York appeals court just reached the opposite decision (PDF), that the police should not plant GPS tracking devices without a warrant, citing Supreme Court Justice Brandeis’ dissenting opinion in Olmstead v. United States:

“The protection guaranteed by the Amendments [the Fourth and Fifth] is much broader in scope [than the protection of property]. The makers of our Constitution undertook to secure conditions favorable to the pursuit of happiness. They recognized the significance of man’s spiritual nature, of his feelings and of his intellect. They knew that only a part of the pain, pleasure and satisfactions of life are to be found in material things. They sought to protect Americans in their beliefs, their thoughts, their emotions and their sensations. They conferred, as against the Government, the right to be let alone — the most comprehensive of rights and the right most valued by civilized men. To protect that right, every unjustifiable intrusion by the Government upon the privacy of the individual, whatever the means employed, must be deemed a violation of the Fourth Amendment. And the use, as evidence in a criminal proceeding, of facts ascertained by such intrusion must be deemed a violation of the Fifth.”

Google stores only the most recent automatic update or location selection you manually entered on our servers.

does NOT say, to wit, whether the data might be stored on servers other than “our servers”.

If DHS wants to track your location via your cell phone, they don’t really need Google’s help doing that. On the other hand, if a private company is already collecting data on people’s movements, that must look like a mighty tempting target…

I’m used to new operating system installations wanting a very small amount of personal information from the user. Windows asks for the user’s name and company, though it allows the user to leave the company blank, as would be typical for home users. Fedora Core Linux asks for the users full name (not required) and a username. Neither of these seem very onerous, and the reasons for requesting the user’s name are reasonably clear. It’s less obvious why Microsoft wants a company name, but since you can omit it, I don’t much care.

Mac OS X, on the other hand, requires the user’s full name, postal address, phone number, expected place of use (home, small business, medium business, large business, etc), and industry. It will not allow the user to proceed until this information is entered. I don’t mind entering my name, but I’ll be damned if I’m going to tell my computer any of that other stuff without a very good reason. If I don’t put personally identifying information into a computer, that makes it less likely that the information will be misused or compromised. I’m pretty sure that the C compiler isn’t going to need any of that in order to compile my programs successfully.

The pages requesting the information have a button to view Apple’s privacy policy, which explains that Apple collects the information in order to provide an exceptional user experience. Exceptionally bad, in my opinion. I was put in the position of lying to the computer. I put “n/a” for all the fields that would accept that, and all nines for the ZIP code and phone number. I selected “home” for the place the computer will be used, though I wasn’t very happy about it. I selected “other” for the industry.

Apple shouldn’t force the user to choose between revealing personal information for no good reason, and providing false information. They should allow the user to skip providing the unnecessary information, or better yet, not even attempt to collect it.

Given how many such cases of personal data theft or loss are reported, I wonder how many are covered up, and how many go undetected?

While I don’t have any ill will toward Monster.com, I think the only thing that would significantly reduce the number of cases of this nature would be to hold parties that collect personal data criminally liable for any misuse, loss, or theft of the data, with statutory damages. As long as companies have only minimal liability for data theft, they are not going to take adequate precautions to prevent it.

• The US President, Vice President, and cabinet members
• US Senators and Representatives
• Board members and executives of Fortune 500 corporations

and many more!

This SSN database available for sale on a DVD-R, and is updated monthly. A single issue is available for $19.95 plus $4.95 shipping and handling. A 12-month subscription is available for the disounted rate of $199.95 plus $29.95 shipping and handling. Send orders with payment to:

SSN Database Offer
142 N. Milpitas Blvd. PMB 379
Milpitas, CA 95035

For a limited time only, with every order for the SSN Database we will include at no extra charge a complimentary copy of our ZIP Code Database and a complimentary copy of our Birth Date Database, together containing the ZIP Codes and birth dates of over 290 million US citizens and legal residents. These databases have been carefully screened to ensure that every entry is valid.

Allow four to six weeks for delivery.

Opt Out: If you wish to have your Social Security Number removed from our SSN database, mail a copy of your Social Security Card and a $1.95 processing fee to:

SSN Database Opt Out
142 N. Milpitas Blvd. PMB 379
Milpitas, CA 95035

For removal from our ZIP Code Database and Birth Data Database, mail a copy of your birth certificate and a $1.95 processing fee to:

ZIP Code/Birth Date Database Opt Out
142 N. Milpitas Blvd. PMB 379
Milpitas, CA 95035

It seems obvious that this is just more of their plan to run a protection racket, which is why they so vehemently oppose net neutrality. What they really want is to only transport “legitimate” content from providers that pay them for the privilege. Nevermind that the end user and the content provider are already paying AT&T for the privilege of having their broadband internet connections; AT&T wants to be paid again for the content. “That’s a nice video you’ve got on your web site; it would be a shame if no one could watch it.”

While I join the opinion of the Court, I feel compelled to reply to the separate concurring opinion of my Brother WHITE, which I view as a wholly unwarranted green light for the Executive Branch to resort to electronic eaves-dropping without a warrant in cases which the Executive Branch itself labels “national security” matters.

Neither the President nor the Attorney General is a magistrate. In matters where they believe national security may be involved they are not detached, disinterested, and neutral as a court or magistrate must be. Under the separation of powers created by the Constitution, the Executive Branch is not supposed to be neutral and disinterested. Rather it should vigorously investigate [389 U.S. 347, 360] and prevent breaches of national security and prosecute those who violate the pertinent federal laws. The President and Attorney General are properly interested parties, cast in the role of adversary, in national security cases. They may even be the intended victims of subversive action. Since spies and saboteurs are as entitled to the protection of the Fourth Amendment as suspected gamblers like petitioner, I cannot agree that where spies and saboteurs are involved adequate protection of Fourth Amendment rights is assured when the President and Attorney General assume both the position of adversary-and-prosecutor and disinterested, neutral magistrate.

There is, so far as I understand constitutional history, no distinction under the Fourth Amendment between types of crimes. Article III, 3, gives “treason” a very narrow definition and puts restrictions on its proof. But the Fourth Amendment draws no lines between various substantive offenses. The arrests in cases of “hot pursuit” and the arrests on visible or other evidence of probable cause cut across the board and are not peculiar to any kind of crime.

I would respect the present lines of distinction and not improvise because a particular crime seems particularly heinous. When the Framers took that step, as they did with treason, the worst crime of all, they made their purpose manifest.

I wonder what Justice Douglas would have written had he considered a case concerning FISA.

Now that Congress is considering specific “pretexting” legislation, the LA Times reports that the MPAA and RIAA are asking to be exempted from it.  In other words, they are asking Congress for permission to commit fraud.  [via Slashdot and The Inquirer]

Yesterday they didn’t tell me to do that, and I’d forgotten about it, so I just sent my entire backback including laptop through the scanner.

I was expecting them to pull one of my bags aside for manual screening, because it contains a CPAP machine, and they always manually screen those now. (I have no idea why, as a CPAP machine isn’t the least bit dangerous, nor does it look particularly strange on an xray.) But because of the laptop, they had to manually screen both of my bags.

They removed the laptop from the backpack and swabbed it. Then they ran the backpack (but not the laptop) through the xray again.

I can’t think of any rational basis for the manual screening of CPAP machines after they’ve been xrayed, nor why a laptop must be xrayed separately from a bag. I’m fairly sure that this is just another case of “security theater,” trying to make the public feel like something is being done to protect them, even if the so-called security measures are actually silly.