Opinionated @ CFE

Irrational Self-interest

Jun
10

“I’m not poor. Why should I care about poverty?”

“I’m not black. Why should I care about racism?”

“I’m not sick. Why should I care about cancer?”

“I have nothing to hide. Why should I care about privacy?”

What do these four statements have in common?

(more…)

Google and Facebook Tell the Dishonest Truth

Jun
07

While the NSA has been engaged in a lot of data collection since, well, forever, the press has recently decided to let them have it. It’s been disclosed that they collect the phone records of everyone in the country. They also collect the credit card transactions of everyone in the country. To top it all off, a leaked presentation brags that they have direct access to data from a variety of online service providers including Google and Facebook. Larry Page denies that Google is doing this. Mark Zuckerberg does the same on behalf of Facebook. I think they’re both telling carefully crafted truths to deflect from the one they don’t want you to know.

Both make pains to point out that they do not provide any direct access to use data. Direct. Nothing about indirect access, you see. The NSA is most likely conducting some man-in-the-middle attacks to provide some kind of plausible deniability. If this is the case, then it would be true, and yet dishonest, to insist that no request for bulk data has been received. Why would they need to make a request for the data they’re already getting?

Then there’s the line about following the law. It’s no secret that Google has fought back on national security letters and related requests that prevent them from even talking about the existence of the request. If they’re under a Fight Club rule to not talk about it, how do we know it isn’t the case? After all, those are technically legal.

Then there’s the urging from both for governments to be more transparent about their data collection efforts. Given the rest of the facts, it almost reads as a pleading to please confess to doing it so that they don’t have to.

At the end of the day, I’m not accepting what either company has to say about these allegations, either because they are scared to implicate themselves or found face legal consequences for opening up. Maybe a little of both. This is why the national security state is terrifying.

If you're concerned about privacy, you should be concerned about the Census

Mar
16

Every 10 years, the federal government is required to carry out a Constitutionally-required enumeration of the people for purposes of apportioning representation. As part of the census form, many additional questions are asked as well including your phone number, race, occupant names, birthdays, and a host of other personal information. This information can prove to be very useful for data geeks, but I and anyone else who values privacy should be greatly concerned about the amount of information collected by the federal government.

Very plainly on the census form, it states that federal law prohibits sharing this data in any personally identifiable fashion. I have founded doubts as to whether or not this actually happens. In World War II, census data was used to round up Japanese families to put them into internment camps. More recently, information on individuals of Middle Eastern decent was requested by and provided to the Department of Homeland Security for unspecified purposes; it was never established if that personally identifiable information was held in confidence or not. Combined with actions like the PATRIOT Act, warrantless wiretapping, and Carnivore, I have little confidence that the data collected about me will actually remain in confidence, especially if a “national emergency”, real or fabricated, dictates its disclosure to law enforcement agencies.

Even if the federal government were using this data for purely innocuous purposes, I also have doubts about their ability to properly secure the information. For decades, federal agencies have received D+ or lower grades on information systems security, frequently experiencing breaches and compromises. Combine this paper-thin security with a treasure trove of personal data and you are just asking for a major theft of data that could impact every family in America. It makes the infamous TJ Maxx data theft seem like child’s play.

It’s also concerning that despite that the feds already have all of the information requested, they are asking for it again. Again, we see the ineptitude of federal IT staff as a whole at work. We have disparate data systems scattered over hundreds of agencies with no way of collecting that data together. Instead of fixing those fundamental flaws, the census bureau is instead sending out reminder letters a week before sending the actual census and dispatching tens of thousands of workers across the country to do what a couple of DBAs, with the right tools, could get done in a week with a case of Mountain Dew and a freezer full of pizza rolls. It would probably even be more efficient to pay one of those background check companies to collect the data at $40 a head; at a population of around 300M, the census would end up taking less time and 1/10 of the money with arguably better results.

I, for one, will only be filling out those fields I would feel comfortable with the feds having in a central database that I knew could be used to less-than-altruistic purposes or exposed to the criminal data theft underworld. I would encourage all of you to do the same.

Bad Behavior has blocked 272 access attempts in the last 7 days.