Techdirt. Stories filed under "databases"

Senate Not Concerned About How Often NSA Spies On Americans, But Very Concerned That It Built Open Source Software To Do So

Mike Masnick — Wed, 18 Jul 2012 12:17:23 PDT

Wired has a troubling story of how the Senate Armed Services Committee is pushing a bill that would likely kill off an open source NoSQL project that came out of the NSA called Accumulo. Like many other such NoSQL efforts, the NSA basically took some Google white papers about its BigTable distributed database setup, and built its own open source version, with a few improvements... and then open sourced the whole thing and put it under the Apache Foundation. It's kind of rare to see such a secretive agency like the NSA open source anything, but it does seem like the kind of thing that ought to be encouraged.

Unfortunately, the Senate Armed Services Committee sees things very differently. As part of a 600-page bill that's being floated, it actually calls out Accumulo by name, and suggests that it violates a policy that says the government shouldn't build its own software when there are other competing commercial offerings on the market. The reasoning is basically that the government shouldn't spend resources reinventing the wheel if it can spend fewer resources using existing code. You can see the basic reasoning behind that, but applying it here makes little sense. As the article notes, here we're talking about software that's already been developed and released -- not a new effort to rebuild existing software. In fact, those who follow this stuff closely note that Accumulo did "break new ground" with some of its features when it was being built. To then kill it afterwards seems not just counterproductive, but could also create a chilling effect for government open source efforts, which seem like something we should be encouraging, not killing.

What's really odd is the close interest that the Senate seems to be paying to this. The discussion is very specific, naming Accumulo and some of the competing offerings on the market. They're specifically calling out this one product. Of course, as Julian Sanchez notes, there's a bit of irony in the fact that the very same Senate appears to have absolutely no interest in finding out how often the NSA spies on Americans... but sure is concerned about what database it uses to store all of the information it's getting.

Of course... all of this raises a separate issue in my mind: can the NSA even open source Accumulo? I though that creations of the federal government were automatically public domain, rather than under copyright. And, thus, putting it under a specific license might, in fact, present limitations that the government can't actually impose on the software.... Thus, shouldn't the software code actually be completely open as a public domain project? The government should be able set up an Apache-like setup, but one without any restrictions on the code.

Permalink | Comments | Email This Story

Canada Post Claims Copyright Over Postal Codes, Meets Resistance

Leigh Beadon — Tue, 17 Apr 2012 00:02:00 PDT

A few years ago, we wrote about the UK's Royal Mail using a dubious copyright claim to bully a website into shutting down because it offered postal code data. In that case, the company chose not to fight the claim—and yet not long afterwards, UK officials decided to free up postal code data. Now, Michael Geist reports that a similar conflict is brewing in Canada—except this time, the company is fighting back:

Canada Post has filed a copyright infringement lawsuit against Geolytica, which operates GeoCoder.ca, a website that provides several geocoding services including free access to a crowdsourced compiled database of Canadian postal codes. Canada Post argues that it is the exclusive copyright holder of all Canadian postal codes and claims that GeoCoder appropriated the database and made unauthorized reproductions.

GeoCoder, which is being represented by CIPPIC, filed its statement of defence yesterday (I am on the CIPPIC Advisory Board but have not been involved in the case other than providing a referral to CIPPIC when contacted by GeoCoder's founder). The defence explains how GeoCoder managed to compile a postal code database by using crowdsource techniques without any reliance on Canada Post's database. The site created street address look-up service in 2004 with users often including a postal code within their query. The site retained the postal code information and gradually developed its own database with the postal codes (a system not unlike many marketers that similarly develop databases by compiling this information).

GeoCoder is putting forth a huge array of defenses. They point out that postal codes, as facts, should not be copyrightable, that Canada Post's copyright claim over the database itself is questionable, that even if such copyright exists their crowdsourced database is not infringing, that free postal code data is in the public interest, and that Canada Post's complaint represents anti-competitive copyright misuse. As such, this will prove to be a test case for a bunch of legal questions that have yet to be fully answered by Canadian courts.

Ultimately, attempting to control postal codes makes no sense. Making it harder for people to utilize them and build services around them just decimates their purpose, and speeds their path to irrelevance in a world with lots of much better and more accessible location data—not to mention a world where physical locations and permanent addresses matter less and less for many purposes. It also seems entirely unfair: since postal codes are required for all sorts of things, including most interactions with the government, how can Canada Post (a state-owned corporation) restrict access to them? All these arguments and more are likely to be raised, and could attract some interesting interveners to the case. This will definitely be a trial to watch.

Permalink | Comments | Email This Story

FBI Agents Getting More Power To Spy On People With Less Oversight

Mike Masnick — Tue, 14 Jun 2011 14:38:16 PDT

The FBI has quite a history of abusing its powers in spying on people. Over the past few years, revelations of massive abuses of the National Security Letter (NSL) process to get info on people without proper oversight, has showed how agents will quite frequently go beyond what is legal to obtain info on people. So it seems quite troubling to find out that the FBI is adapting its manual for agents, known as "The Domestic Investigations and Operations Guide," to let agents do electronic lookups on people without first justifying the reasons.

Under current rules, agents must open such an inquiry before they can search for information about a person in a commercial or law enforcement database. Under the new rules, agents will be allowed to search such databases without making a record about their decision.

We've seen over and over and over again, when people have access to giant databases of info (especially in the government) without clear tracking or oversight, that data gets abused. Allowing FBI agents to search willy nilly is a recipe for widespread abuse.

Permalink | Comments | Email This Story

UK Whistleblowers Highlight The Dangers Of Widespread Police Surveillance/Database

Mike Masnick — Fri, 5 Feb 2010 13:53:44 PST

We've had numerous stories concerning some rather concerning trends in law enforcement, including the use of things like redlight cameras to increase revenue, not make things safer, as well as the fact that more data can often make it harder for law enforcement to keep people safe. Finally, we've had a bunch of posts on the fact that government databases will almost always be abused.

It looks like all of this is coming together in the UK (way ahead of the US), and the end result is something of a disaster. In the past, we'd already seen widespread expansion of UK camera-surveillance programs, even as there was evidence they weren't working. Add to that, the facts show that the increase in data was causing police to miss important clues, while other police were clearly abusing the system -- and you create quite a volatile situation.

It seems that whistleblowers are beginning to speak up about the end result of all of this in the UK, and it's not pretty at all. Basically, police are regularly abusing database systems to find questionable reasons to arrest people, just to boost either revenue or their own "stats" on arrests:

So fixated had officers become on their pursuit of arrests and ticket quotas that, until recently, the most successful vied for a prize known as the Bang It Out Cup. The officer with fewest results received the booby prize of an Underperforming Pig.

This target culture has allegedly led to unethical practices during roadside stops, according to concerned police sources. Some officers, they say, trawl through drivers' personal data on police databases to find any reason to arrest. Alternatively, they "wind up" motorists who, in their frustration, become abusive and are then arrested for a public-order offence.

"In short, officers do not have a complete understanding of the law, use flawed databases to justify immediate seizures, fail to adequately research and evidence the basis of their belief and almost certainly knowingly seize vehicles just to satisfy service and personal performance targets," one said.

These are the sorts of unintended consequences that people need to be aware of as this sort of surveillance society becomes prevalent elsewhere. Meanwhile, the stories of police trolling through the big database to find reasons to arrest people should (hopefully) quiet those who claim "if you've done nothing wrong, you've got nothing to worry about." If only that were true.

Permalink | Comments | Email This Story

Can You Copyright An SQL Query?

Mike Masnick — Mon, 7 Dec 2009 12:56:00 PST

Reader JohnForDummies alerts us to yet another example of extreme "ownership culture" found in a Stack Overflow query from a guy who works in IT for a school district. The school district needed to export a list of all its students every year to send to a company that handles their online exams -- and for years (before this guy was hired in IT), the district had contracted out the process to a guy who charged them $500 per year, to basically write and then run an SQL query that exported the data. Each year, all he had to do was change the date, but he still charged them $500. So the IT guy figures that he can change the date himself, but noticed that the contractor had put a nice copyright notice in the file:

// This code was writtend by [the guy]
// and is the property of [his company]...Copyright 2005,2006,2008,2009
// This code MAY NOT BE USED without the expressed written consent of
// [his company].

The Stack Overflow community basically suggested that the best course of action is to rewrite the query (even potentially asking the Stack Overflow community via a separate entry, with the details of what the query needs to do), but it does raise some basic questions about whether or not an SQL query can be covered by copyright. The answer, tragically, might be more complicated than it needs to be, but assuming that the query wasn't anything really out of the ordinary, it's difficult to see how a single SQL query, by itself, would be considered unique enough to be covered by copyright. However, I'm sure there will be differences of opinion here, so let's see if any of our copyright lawyer readership would like to weigh in on this one... As for the IT folks, it would be interesting to see what people think of the idea of copyrighting a single SQL query for something like this.

Permalink | Comments | Email This Story

Once Again, If The Gov't Has Data, It Will Be Abused

Mike Masnick — Tue, 24 Nov 2009 05:00:00 PST

We've pointed this out over and over and over and over and over again, but whenever a government puts together a big database of info on people -- the data gets abused. The latest example, found via Michael Scott is the news that a police chief in Iowa has been suspended after he supposedly revealed data that he never should have had in the first place, supposedly handing out information on someone's driving record and criminal history, despite having no legal reason to even have that info, let alone distribute it to anyone. So why do we keep assuming that governments won't abuse such data collections?

Permalink | Comments | Email This Story

No Surprise Here: Telco Employees Access Obama's Phone Records

Mike Masnick — Fri, 21 Nov 2008 03:25:03 PST

We've pointed out plenty of times in the past, that any time there's a database of info out there, the data is almost certain to be abused. The latest example? Employees at Verizon Wireless improperly accessed Barack Obama's phone records to see who he was calling and who was calling him. The access was just for his regular phone used for voice communications -- not his Blackberry. Also, the employees had no access to his voicemail or anything -- just calling records. At least Verizon Wireless came out and admitted this, rather than covering it up, but it's yet another reminder, that data will be abused.

And, of course, Obama isn't the only one facing such an issue. Reader lavi d writes in to point out that eighteen background checks were conducted in Ohio by gov't employees on Joe Wurzelbacher, better known as Joe the Plumber. Eight of those background checks were done for no legitimate reason, including one at the request of the director of Ohio's Department of Job and Family Services (who has now been suspended). We had mentioned three such cases earlier, but even more have since come to light.

Permalink | Comments | Email This Story

Gov't Computers Used To Dig Up Info On Joe The Plumber

Mike Masnick — Tue, 28 Oct 2008 05:12:26 PDT

We have pointed out in the past that people need to realize that any government database of info will be abused. It's almost impossible for it not to be abused. People use it to look up info on ex-girlfriends or friends or relatives. The data is there, and if someone has access to it, it's simply too tempting not to look up some info, no matter what "safety precautions" are in place.

Over on Slashdot there's yet another example of this happening, as apparently three separate people accessed various databases to look up info on Samuel Joseph Wurzelbacher, better known as "Joe the Plumber," right after the third Presidential debate, in which Joe was a central part of the discussion. It's not entirely clear what the nature of those database lookups were, though it wouldn't surprise me if it was just individuals who knew they had access to the government databases, and were just curious and couldn't resist looking. But, what's more interesting is that no one caught this database snooping until the Columbus Dispatch asked for log information.

Permalink | Comments | Email This Story

What Sun Should Be Doing With MySQL

Mike Masnick — Wed, 23 Apr 2008 13:31:46 PDT

Earlier this year, Sun scooped up MySQL for a cool $1 billion. However, while Sun has been somewhat friendly towards open source software, there were plenty of concerns about what the company planned to do with MySQL. Some of those fears are now being realized. After first disappearing some of MySQL's public statements on the evilness of software patents, Sun caused quite a bit of controversy with a plan to close source certain new features in an attempt to push people to upgrade to a premium, paid version of the software. While that's certainly one strategy, it could be a dangerous one, ticking off many MySQL users who will go searching for alternatives.

So, what could Sun do with MySQL to help build a bigger and better business that doesn't involve locking up any software? The blog Milking The Gnu has a very interesting suggestion that makes a lot of sense (and certainly fits in directly with the economics we discuss around here). The idea is not to worry about locking up the software, but to turn MySQL into a cloud computing web-platform. The reasoning makes a tremendous amount of sense (much more than Sun's current strategy). Basically, on the low end, you have folks who will never pay for a premium version of MySQL anyway. At the high end, most of those companies (if pushed) will probably lean towards Oracle or IBM. But in the middle-tier there's a real opportunity -- not to be a database software company, but to build that all important web platform we've been discussing.

Already, Amazon and Google are trying to build that platform, with Amazon seeing a fair bit of success (and Google just starting). Sun has promoted the concept of cloud computing for years, so why not flip things around and make MySQL the database part of a cloud computing offering. With so many folks already comfortable with MySQL, it will be much easier for many of them to embrace this offering, rather than having to figure out the details of Amazon's SimpleDB or Google's AppEngine/BigTable setup. Then, the more people you get to adopt the free open source version of MySQL, the more likely they are to make use of Sun's cloud computing offering over the alternatives. And, then, Sun can charge for the use of cloud computing resources (scarce resources) while knowing that the infinite nature of MySQL promotes that scarce good. Given that Sun's been such a promoter of cloud computing for so long, you would think this was a no-brainer. But it's latest actions with MySQL suggest it may be going in a different direction, and that's unfortunate. Update: Marten Mickos of MySQL/Sun responds in the comments, and Glyn Moody points us to an interview he recently conducted with Mickos suggesting that Mickos is thinking along similar lines about cloud computing.

Permalink | Comments | Email This Story

How Deep Should Deep Search Go?

Mike Masnick — Wed, 16 Apr 2008 18:02:00 PDT

For years, people have talked about the "deep web" or "dark web" of information that's hidden from the public (and search engines), sometimes behind registration or paywalls, but more often behind specific forms. That is, there's a lot of information that's dynamically generated on the fly, based on how someone fills out a form. For a search engine, that's problematic, as it doesn't get to see any of that information and inform people that it's there (even if it's "public" info). However, it looks like Google is attacking this problem by setting up its spiders to actually enter information into public forms to try to dig a layer or two deeper. The search engine is trying to be quite careful on this, as obviously it might make people question whether a search engine should be entering "fake" data into a form to dig deeper into it. It appears that Google is only doing this on specific sites -- and is paying attention to all robots.txt type info that wards off its spider. As for the more interesting question of what Google is entering into forms, apparently it tries to guess reasonable info from the context of the site. Who knows how well this actually works? But it's an interesting experiment. However, how long will it be until someone freaks out when they realize some info they thought was "private" or hidden from search engines is made public by this process?

Permalink | Comments | Email This Story

Not Just The Government Who Abuses Access To Confidential Records

Mike Masnick — Tue, 26 Feb 2008 23:29:47 PST

Last month, we wrote that whenever a government entity puts together a large database of private, confidential data, it will get abused. In all honesty, we never should have limited that to just the "government." News reports are coming out about a case in Wisconsin where apparently employees at the state's largest energy company regularly snooped through private records to find out all sorts of information on all different kinds of people. Among the information accessed by employees: "credit and banking information, payment histories, address and phone numbers, and Social Security numbers." And, for what purposes? "Examples included a woman that often perused information on an ex-boyfriend, a woman who searched for the address of her child's father, and a part-time landlord who investigated prospective tenants. Another worker leaked information on a mayoral candidate's habit of paying heating bills late, possibly affecting the election." Once again, at this point, you probably should just assume that you have no privacy whatsoever -- but you should be wary any time someone tells you that the database they've put together is somehow secure and safe from privacy violations.

Permalink | Comments | Email This Story

When Governments Put Together Big Databases On People, They Get Abused

Mike Masnick — Fri, 18 Jan 2008 02:07:15 PST

For years, the government has pushed repeatedly to build bigger and more comprehensive databases of information around citizens. There are certainly justifications that can be made for such databases -- so long as people weigh those justifications against the fact that the databases will absolutely be abused. We recently wrote about the case where a government employee used a Homeland Security computer system to track an ex-girlfriend. The latest story is that a corrupt customs agent was selling access to federal databases. While it's good that he was caught, he wasn't caught due to any protection mechanisms put in place, but because a drug dealer who had been paying the customs agent for access to the database, was stopped for a traffic violation, and the police officer noticed the business card for the customs agent. The police then followed up to try to figure out why the guy had the agent's card, leading to the story unfolding. Hopefully, since then, more stringent protections have been put in place, but it seems likely that there are still plenty of questionable uses of these sorts of databases.

Permalink | Comments | Email This Story