Comments on: Why The Government Can’t Be Trusted With Your Data

By: Bryan

Bryan — Sun, 06 Jul 2008 06:14:03 +0000

I’ve always preferred uncivil disobedience.

By: Kryten42

Kryten42 — Sun, 06 Jul 2008 06:05:32 +0000

I wasn’t going to comment (laughing too hard!) But…

no comment! LOL :p

By: Bryan

Bryan — Sat, 05 Jul 2008 01:05:40 +0000

Oh, you think no one will notice the tape? Put a peace symbol outside and a flower sticker on the inside, that will almost guarantee an arrest.

If they ask about it, tell if you don’t do it the scientologists will be able to control your mind.

By: hipparchia

hipparchia — Sat, 05 Jul 2008 00:14:51 +0000

there are any number of creative suggestions being put forth in various places around the web, but i’m in favor of acts of civil disobedience here, not safer ways of complying with a surveillance state.

By: Bryan

Bryan — Fri, 04 Jul 2008 18:03:23 +0000

Hipparchia, you can shield it with a small piece of aluminum duct tape. Not the cloth type, but the actual aluminum strips with adhesive on the back. They also sell a copper tape version at craft stores for stained glass work.

Badtux, there are so many products and devices available these days that will protect a system, that not protecting one is simply stupid.

This is the same set of problems that arises with electronic voting software – there is no serious attempt at securing the system. It’s not like they don’t have an entire group at NSA who do nothing but harden government systems, but apparently no one knows they exist, although it is one of the stated purposes of the Agency on its non-classified mission statement, and has been for decades.

These people don’t really care or understand about security. They don’t seem to care or understand that the information they are making available is quite valuable to “terrorists”. What could better than having a faked passport that has all of the real information of another person on it.

By: Badtux

Badtux — Fri, 04 Jul 2008 08:43:05 +0000

Jeezus fuckin’ keee-ryst. Now, back when I was doing school administration systems (working for a contractor), our software wasn’t the most secure on the planet. But at least we *tried*. And sometimes we even succeeded, like when the principal went into the computer and changed a grade for the daughter of a prominent politician to be a better grade on the transcript because said daughter needed it to win out over another student for a scholarship. That was a no-no under state law — only the teacher could assign a grade and the grade in the computer had to match the “official” grade, the one in the last column of her (or his) physical grade book, which was the one and only “definitive” grade and if the one in the computer didn’t match, it was the one in the computer that was wrong. Any correction had to be made to the “official” grade book and signed off by the teacher, under state law the principal did not have that power. The principal denied doing it, but our audit trail clearly showed that the edit came from his terminal from his user ID at a time that he was in his office. Pretty damned conclusive. The principal ended up getting fired for lying to the school board. (And for other things — he was a pretty lousy principal, actually — but that was the one that finally got the school board peeved enough to send him on his way).

Anywho… our customers were adamant about privacy issues. We assigned our own student ID’s rather than using social security numbers as student ID’s, for example. We had to have social security numbers in the system in order to match up with the federal free lunch database so we could report the proper number of free lunch students to get the Title 1 funding for those students, but those social security numbers lived in an obscured field that you needed a special access code to change or view, and were not used on any reports produced by the system. And so on and so forth. We weren’t perfect, but mostly because the computer hardware and database software of the day just didn’t support the kinds of things like encryption that we take for granted today, I mean we were running an entire school district off of a 66mhz machine with 4MB of RAM and an 80GB hard drive for cryin’ out loud! The upside is that the data was decidedly less portable then, the actual computer lived in a secured area and all that you could do to access it was come in through a dumb terminal over a serial line. If you managed to escape from our menu system and found a Unix shell, there was no way to ship the data out en masse — there was no development environment, no network, no modem software to dial out on the modem, etc. The modem would answer calls but only allow the central office ID to come in to retrieve data via UUCP protocol (the nightly updates of the central office computer from the individual school computers). You couldn’t just grab a laptop and head out the door. The closest you could do to that would be to grab a QIC-80 tape and head out the door… not much to be done about that other than exhort the school secretaries to secure those when they did the weekly tape rotation, and folks able to read QIC-format tapes probably numbered in the low thousands.

Ah yes, the good old days. Hard to believe that was only 15 years ago! Now look at where we are. Everything’s on the Internet. Everything’s hacked and trojan’ed and root-kitted to a fare-thee-well. Nothing’s secure. And nobody seems to have a clue as to how to secure it. Ah yes, “progress”.

– Badtux the “If that’s progress…” Penguin

By: hipparchia

hipparchia — Fri, 04 Jul 2008 07:41:23 +0000

zzzzzz-zap! [although i understand it's illegal]

By: Bryan

Bryan — Fri, 04 Jul 2008 05:01:39 +0000

We only know about it because of the political people who had their data accessed. Now, we discover that it is widespread and affects all kinds of people.

They require a passport for more and more places and don’t have the people available to process the claims. They hire Joe’s Septic Tank Service and Passport Processing Company to fill in the gap, and they don’t do background checks on anyone. They still don’t have the final design for the ID cards for ports, much left have a system in place.

They are just totally incompetent, and so are the contractors they hire.

By: Steve

Steve — Fri, 04 Jul 2008 04:50:29 +0000

There is really no good reason for the government to have any of this data in the first place.

Well, maybe some kind of case can be made that the fed gov should have some relatively small number of employees to keep track of but beyond that, nope.

Not only can they not secure the data the opportunity for misuse is exceedingly large.

By: Bryan

Bryan — Fri, 04 Jul 2008 04:44:21 +0000

I’m on a credit watch because of the VA laptop theft. This is truly pathetic when they keep bleating about securing everything and they can’t protect their own files.

If I were still flying around and lost my passport, I’d just order another one from Hong Kong. It would probably have higher quality materials, and they would already have the data needed.