Database Abuse
-
This is truly a frightening story of database abuse, but it does bring to light some of the issues with having large amount of data centralized in a place where one person can access it. A 911 dispatcher abused his access to records and used information to stalk his former girlfriend and killed her and her new boyfriend. If that weren't hard enough for the manager and former co-workers to deal with, now the family is suing saying that they did not do enough to protect the privacy of the victims.
This is a tough thing to police for a company and it sounds like the supervisor did the right thing with suspending the individual. Unfortunately the suspension was deferred and even after being suspended, the accused used friendships to get information. I hope all of those people who helped now regret their actions.
Security of information is hard. Not because of the systems but because of the type of problems that occurred here. People are human and develop friendships. In terms of our data security, this often means sharing information or obtaining it for those that don't have the access, clearly violating the intent behind the access.
Most people are willing to help friends, even other employees they barely know because of that human desire to please and help others. Even beyond that, we often don't want to exclude people when we should, allowing access to remain long after someone has moved on.
In some of my jobs if a trusted individual resigned, we let them go that day, disabled their accounts immediately, and paid them a severance for the time of their notice. In some jobs I've had, if anyone left that had been trusted with keys we changed locks. Other jobs kept me around for the full time of my notice with full rights. I know that a resignation is different from a termination, but in many cases someone is resigning ahead of a termination.
The rules around access don't always make sense. But they are there to protect us. Recently I wrote about the Men in Black, looking at the NCSA and someone accused me of making a political statement. I didn't intend it that way, but more that trusting people with large amounts of personal data is bad. People are corruptible and if the people that run the system now aren't, sooner or later someone will be.
"Power tends to corrupt; absolute power corrupts absolutely". This was true when Lord Acton said it and it is still true today. Probably always will be.
Laws, rules, and regulations should be in place to protect data, especially information about individuals with reasonable restrictions on its use as well as disclosure.
Steve Jones
-
That Bob McEuen post was so out of line. I am new to this forum so I didn't say anything then, but there was absolutely nothing political about your post then or now.
When I see someone react so irrationally like that I become suspicious they are a political extremist. In my experience extremists see the world from a very narrow, but highly distorted point of view and as a result they percieve everyone as out to attack them and their extremist brand of politics.
The idea that people are corruptable and that power can and does corrupt is as old as time. THe reason that some extremists today have to reject that obvious fact, is that so many of the policies they advocate hinge on the fact that government agents are perfect, and uncorruptable. It's so foolish you almost laugh were it not so scary and dangerous.
The story you cited here, of the girl and the new boyfreind being murdered by a stalker misusing data access, is an excellent example. I bet the data this nutjob used was only addresses and phone numbers. Imagine what a potentially angry CIA agent could do with every phone call someone makes. They claim they are only logging the numbers, and dates and times of the calls but how many of you really believe that? I maintain a healthy suspicion myself, and I do emphasize, HEALTHY.
A healthy amount of suspicion makes us better DBA's.
-
To anyone who tends to excuse the current unaccountable surveillance process ... please, regardless of your political position, think of the politican you distrust most... now think of that person with these powers established by precedent.
Our people are not different from countless other countries where police and politicians have secretly abused enemies and critics. It's our SYSTEM of controls that have prevented much of this, when you take away the controls, the result is inevitable, maybe not this year, but it WILL happen.
...
-- FORTRAN manual for Xerox Computers --
-
SteveJ, thanks for bringing this tragic story about the 911 database abuse to our attention. It's actually a very good model to use when thinking about government use of data.
We have to ask ourselves the question: Is 911 data subject to abuse? We now know, tragically, that it is indeed. Then we need to ask ourselves, does the fact that it is possible to abuse this data lead us to the conclusion that 911 systems should be dismantled? I think most of us would say, Whoa! that doesn't follow - the benefit of the 911 systems far outway the potential for abuse. We need to insure that there are safeguards in place to prevent abuse and to learn from mistakes.
Likewise, we need to look at the alleged NSA data-analysis program the same way. Can a database of billions of phone call records be abused? Of course that's possible. Does the benefit outweigh the potential for abuse? That's the 64-dollar question. But it is a real question, and not one that we can easily toss off an answer one way or the other.
It's clear from court decisions that obtaining phone call records is not a violation of 4th Amendment privacy rights (Smith v. Maryland 1970). But there may be other statutory issues involved. There is also the issue of very clear Article II powers of the President as Commander in Chief in dealing with defending against foreign attack.
In the case of a massive data-mining program by NSA, besides whatever procedures NSA put in place to safeguard the data from misuse, there is also the ability of potential whistleblowers to notify various Inspectors General as well as any number of House and Senate committees. This provides checks and balances against the possiblity of data abuse by the Executive.
Is this enough? That's the question we as a society need to answer for ourselves. As for me, I believe that given the world we now live in, it is "enough", in the sense that it is a tradeoff I feel comfortable with. I would not demean a fellow citizen for coming to a different conclusion after going through this thought process, however.
There is one way of dealing with a program like the alleged NSA data mining program that is not appropriate, however - and that is going directly to the New York Times or USA Today without first going through the Inspectors General and congressional committees (and there is no evidence at all that those established processes were first tried for any of the several NSA/CIA/etc issues that have blared from the headlines these past few years.)
-
It's also clear that you need a warrant to obtain phone call records.
Paragraph 1, section 2, Article II of the US Constitution:
"Section 2. The President shall be commander in chief of the Army and Navy of the United States, and of the militia of the several states, when called into the actual service of the United States; he may require the opinion, in writing, of the principal officer in each of the executive departments, upon any subject relating to the duties of their respective offices, and he shall have power to grant reprieves and pardons for offenses against the United States, except in cases of impeachment."
Where in that paragraph is there an unlimited power to defend the nation against foreign attack?
Yes, I agree there are risks and benefits to maintaining the data in the first place, and most of us would agree 911 databases are worth the risk. National call databases are clearly not worth the risk for several reasons. Terrorists are so rare that even if they were dumb enough to pick up a telephone and call Osama in Afhganistan (and I really doubt they are as dumb as many people like to think), it's still a needle in a haystack. Maintaining databases that log every call is a brute force apprach because the truth is the government doesn't have any better ideas. Another reason is that this is simply too much of a violation of civil liberties. If America has to suffer a terrorist attack every 5 years or so (that on average will never be on the scale of Sept 11, 2001) then so be it, but I would rather take my chances with a loose terrorist or two than a 3 trillion dollar a year funded federal government with limitless powers to spy on every citizen.
And going through inspectors general in my one experience was a total disaster, and that was in the military. The IG for the command sent the best freind of the accussed to investigate. Brilliant. Naturally no wrong doing was discovered. The other problem is that by going to the IG, the upper hand is given to the agency, and retaliation can then take place, subtle or overt. I fully support the actions of the leaker in the case of the CIA/terror flights case. I am shocked and disgusted that people even dare to question the morality of the leaker in such a case.
-
hello nmt,
"...It's also clear that you need a warrant to obtain phone call records. .."
Actually, it's not at all clear that the gov't needs a warrant to obtain records of calls as opposed to content of calls. I've read an awful lot about this in the past few weeks. I'm not a lawyer, but from my layman's perspective of what I've read, an NSA program as alleged would not be illegal.
"...Where in that paragraph is there an unlimited power to defend the nation against foreign attack?..."
The courts have again and again interpreted the "Commander in Chief" clause to mean that the president has broad powers to carry out war and is has the principal authority to determine the means of war-fighting, including "signals intelligence" (which is what we're talking about here.)
"...And going through inspectors general in my one experience was a total disaster.." I'm sorry for your one bad experience - but there are countless examples of where IGs worked just as intended.
"...I am shocked and disgusted that people even dare to question the morality of the leaker in such a case..."
The leaker had, among other things, the opportunity to take his concerns to the ranking member of the House Intelligence Committee, Jane Harman (D-CA) or ranking member of Senate Intelligence Committee, Jay Rockefeller (D-WVa) - I think both Cong. Harman and Sen Rockafeller could be trusted to pursue what was presented as a serious charge against a Republican-led executive branch, don't you?
But the leaker didn't do that - he decided to be above the law (e.g. U.S. Criminal Code Sec 789) and made unauthorized disclosures to the media.
-
I am not a lawyer either so I am not an expert.
However, as I understand the electronic commmunications issue, it is in fact the law that the justice department must seek a warrant, from a special FISA court (http://en.wikipedia.org/wiki/Foreign_Intelligence_Surveillance_Act).
The current administration cites the war powers clause and the precedent dating back to Lincoln during the civil war. I reject this claim for two reasons. One, is that the definition for "war" is being twisted here. Congress has not declared any "war on terrorism" nor will they. Congress hasn't declared war since WW2. Secondly, despite the fact that Congress does not declare war anymore, the US is in a constant state of military conflict and operations all over the world. For the last fifty years the US has almost consistently been involved in some type of military conflict, such as Korea, Vietnam, Grenada, Columbia, Laos, Iran, Iraq, Saudi Arabia, Kuwait, Beirut, Ethiopia, Sudan, Kosovo, and on and on. It's the president who makes the decision to persue these "wars" and yet it's the president and government in general that legislation that limits government powers (such as that requiring warrants) is designed to protect us from. Thats tantamount to letting the fox guard the hen house isnt it. The "war on terror" is in my opinion a marketing campaign when it is in reality just a continuation of ongoing US involvement (both military and otherwise) in almost every part of the world. As a result I will give no credibility to any case for warrantless surveillance that hinges on any special "wartime" powers.
The actions of the CIA are such a disgusting violation of law and the intent of those laws limiting their powers (for good reason!) that it is vital to the health of our constitutionally limited republic for those actions to become public. No, I do not trust that the democratic ranking members of the intelligence committee will persue justice in this case. Republicans and Democrats collude together to commit all sorts of evil (such as gerrymandering district lines for pre-known electoral outcomes) and even if the democratic members were to use the information, I suspect they might have the incentive to wait until later and use it for political gain at the most advantageous time for them, such as a looming congressional election.
I'll take your word for it that IG's do work in many cases, but just for my own interest could you cite one of the countless examples that relate to the CIA?
-
hello nmt,
"...However, as I understand the electronic commmunications issue, it is in fact the law that the justice department must seek a warrant, from a special FISA court ...."
Not necessarily, and for a lot of reasons, both statutory and constitutional. There is a VERY long but compelling monography that supports this position at http://www.fed-soc.org/pdf/terroristsurveillance.pdf
Also, please not that there are TWO distinct programs that NSA has been alleged to be engaged in:
(1) Listening to phone conversations (i.e., message *content*) where one end of the call is outside the US and one participant in the call has been identified as a member of Al Queda or its affiliates.
(2) Obtaining records (i.e., billing records) of many millions of long-distance phone calls for purposes of trying to find patterns that might lead to uncovering terrorist activity. These records have *no content*.
One might argue that FISA might cover (1) above; however, there is no valid argument that (2) is also covered by FISA. The media, as well as some politicians, constantly conflate the two programs, so it is not surprising that many Americans would think that (2) may violate FISA.
Over and above this, there is serious debate (and has been for decades) as to whether the FISA law is constitutionally well-grounded. We got a taste of this when 5 retired Federal judges recently testified before the Senate Judiciary committee and pretty much agreed that a president has the constitutional authority to pursue a program such as (1).
Furthermore, this is not a new debate - like many of the tensions between the 3 parts of our government. For example, this exact same issue was defended by the Clinton administration in 1994: ("The Department
of Justice believes, and the case law supports, that the President has inherent authority to conduct warrantless physical searches for foreign intelligence purposes." - testimony of Deputy Attorney General Jamie S. Gorelick in Hearings before the House Permanent Select Committee on Intelligence on amending the Foreign Intelligence Surveillance Act, 103d Cong. 2d Sess. 61 (1994).
"...No, I do not trust that the democratic ranking members of the intelligence committee will persue justice in this case. Republicans and Democrats collude together to commit all sorts of evil (such as gerrymandering district lines for pre-known electoral outcomes) and even if the democratic members were to use the information, I suspect they might have the incentive to wait until later and use it for political gain at the most advantageous time for them, such as a looming congressional election. ..."
OK, I now understand why you think it's OK for a person to think he is above the law and make unauthorized disclosures of whatever classified information he likes to whomever he chooses, regardless of the unambiguous wording of US Criminal Code and the alternative, legal processes specified by his elected representatives (IGs and Congressional oversight committees.). You've lost faith in the complete system - I don't blame you, but I feel sad about that.
Best regards,
SteveR
-
The very first sentence of the document you cited supporting warrantless search starts with:
"The Federalist Society for Law and Public Policy is pleased to make a contribution to the current debate about the scope of the President’s powers in wartime by publishing this monograph on the legal and constitutional
issues implicated by NSA’s global al Qaeda surveillance program."
I was willing to read the document until I realized it's arguing that the current illegal searches are constitutional under some special wartime powers grounds.
As I previously mentioned, I think this idea is flawed because the US is basically always engaged in some kind of military conflict somewhere in the world, and so there is no special exception about it anymore. Logically something can't be a special wartime power if it is permanently used. Furthermore Congress has not declared war, and has not declared war since WW2. What then, is the standard legal definition for being at "war"? I am certainly not willing to accept that we are at war because the President says we are. Every President will then simply engage in some type of military escapade, as they all have for the previous 50+ years, thus making any remaining fourth amendment rights nonexistant.
You're right, I have lost faith in the system. I also have no faith in American voters to protect their constitutional rights and hold the government within the boundaries enumerated in the constitution. I'm not the idiot that most Americans are, and I know when my rights are being/have been whittled away. The current administration as well as past administrations have been very successful at using fear to whittle away those rights. Fear of communism, drugs, poverty, pornography, terrorism, and on and on. For me, I don't fear those phantom enemies as much as I fear an unlimited federal government unrestrained by anything other than public opinion, which they also control in a roundabout way through the mass media.
I'm also still interested in the countless examples of a successful uses of an IG related to reporting wrongdoing at the CIA.
-
OK
-
Is that to say you agree, or you disagree but you're tired of this thread?
I am open to hearing that I am wrong. It happens all the time!
-
About fifteen years ago, I was working as a delivery driver at a pizza chain that I'll decline to identify. It's sufficiently well-known that it doesn't need any publicity assistance from me.
My fellow drivers and I used to joke that if we happened to deliver a pizza to a good-looking girl, we'd have a head start on asking her for a date because we already had her address and phone number. In reality, though, no one ever followed through with that ... it was just joking that never went any further than us drivers.
But after reading that news story about the 911 dispatcher ... in retrospsect, we shouldn't even have been joking about stuff like that. It was the relatively innocent early 1990s, but even so ...
Well, call it a lesson re-learned. Thanks for the food for thought, Steve.
-
Sorry, I fat-fingered the message form just after I typed "OK ".
I was going to say something like "OK, I hear what you're saying and I'll just have to leave it that we disagree on some fundamental principles."
At least we agree that SQLServerCentral.com is a very worthwhile place to hang out 😉
Best regards,
SteveR
-
Agreed!
Cheers,
Neil
Viewing 14 posts - 1 through 13 (of 13 total)
You must be logged in to reply to this topic. Login to reply