For many years, we've been reporting on stories of e-voting malfunctions, mainly from Diebold/Premier, ES&S and Sequoia. For a sampling of such stories click on any of the following links: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25. And that's just the first 25 I found (there are lots more), and only cover stories that I actually covered. I'm sure plenty more glitch-infused elections have happened. Given all these glitches and errors, and a seeming lack of followthrough to make sure they don't happen again, a group is asking Congress to authorize a public national database of e-voting election problems.
The really scary part is that the researchers who wrote the report note that many of the problems are repeats -- a problem happens in one location, but another voting district uses the same machines configured in the same problematic way in another election, totally unaware of the problems it will cause. It's still amazing that after nearly a decade of examples of problems with e-voting, just how little has been done to fix these machines.
Nearly two years ago, we wrote about a company, called Leader Technologies with an incredibly broad patent (7,139,761) that covered associating a piece of data with multiple categories, that was suing Facebook for infringement. Our usual group of patent system defenders rushed to the comments to quickly declare that I was an idiot for daring to question this patent. The case took a weird turn when the court actually ordered Facebook to hand over its source code. We were confused as to how this made sense. Since the lawsuit was about patents, not copyright, the specific source code shouldn't really matter.
Either way, it looks like the jury in the case seemed to agree with me about the quality of the patent. The jury has declared the patent invalid. Clearly, the only explanation is that the jury was also made up of idiots. Next time, Leader Technologies should file the lawsuit in East Texas where they know how to make juries, rather than Delaware.
As part of NY Attorney General Andrew Cuomo's grandstanding against child porn, he's mostly been making silly threats against the wrong parties in ways that don't actually help stop child porn (and could make it worse). However, his latest announcement actually sounds a lot more reasonable. His office is putting together a database of offending photos, and letting social networks compare uploads to the database to try to stop the uploads of known offending photos. I would imagine that it also records who was trying to upload that content. Some care would need to be taken to make sure that this effort really does focus on actually offending images -- one thing that makes such an effort tricky. I also do wonder if it makes sense for a gov't agency to be putting together the database, rather than having it done by the industry itself. On top of that, given Cuomo's earlier grandstanding and his usual methods, you have to expect that it would be long before Cuomo would start threatening any social network that doesn't use his system with some sort of bogus (but very, very public) legal threats. In other words, when the gov't (especially someone like Cuomo) sets up a system like this, how long until he starts acting like it's mandatory, rather than optional?
In the last year, there's been a sudden resurgence in interest in the concept of "hot news," a doctrine that most people thought was dead and buried, which allowed a judicially-created form of intellectual property on factual information that was deemed to be "hot news." There's no statute that covers this. Just a court decision. And that was a century or so ago. But... the concept started showing back up in court recently, and in March a ruling came down, blocking a website from reporting on news for two hours, using this doctrine. With that on the books, other "hot news" lawsuits were quickly filed.
However, one such recent lawsuit seems to stretch the concept of hot news so far that you can only sit back and admire the audacity of including it in the lawsuit, while fearing the results should a court actually buy it. Thomas O'Toole has the details of what is likely to be a very interesting lawsuit on a few different factors, beyond just the hot news claim (but we'll get to those other issues, so read on...).
The case apparently involves an employee at Goldman Sachs (or potentially multiple employees) who got the username and password of another account holder on a database put together by a company called Ipreo Networks, called "Bigdough." Bigdough is apparently a database of contact info on 80,000 financial industry people. The Goldman Sachs employee(s) logged in with someone else's username/password and downloaded a bunch of information.
This sort of thing happens all of the time. People share logins all of the time. Violating it is basically a terms of service violation, but here the company has broken out the big guns. Yes, it's claiming that the contact info in its database represents "hot news," and Goldman accessing it is a violation of the "hot news" doctrine. Think about that for a second. Contact information. "Hot news?" And, of course, the whole purpose of the "hot news" doctrine is about another publisher republishing the information -- something that Goldman Sachs didn't do here at all. The whole "hot news" claim here seems to stretch the (already questionable) concept way past the breaking point. Hopefully that part gets tossed quickly. Otherwise, imagine what else will suddenly be called "hot news."
But that's not all that's interesting in this case. As O'Toole notes in his report, there are two other interesting legal questions, having to do with the use of someone else's login. First, there's the question of whether or not Goldman Sachs is liable here, even if the actions are just that of a rogue employee (or group of employees). O'Toole points out that the legal standard to get GS on the hook here is pretty damn high. The second question, of course, is whether or not just using a login that someone shared with you is a violation of the Computer Fraud and Abuse Act (CFAA). We recently discussed how there are also a growing series of cases trying to stretch the CFAA to make all sorts of activities classified as "unauthorized access." CFAA was really designed as an anti-hacking law -- which was about people really breaking in to a computer system. If someone simply shares their login credentials with you, does that really count as criminal hacking? If that's the case, an awful lot of people may be guilty of doing so.
So, this should be a fun one to follow. Three separate interesting legal questions, and in all three cases, Ipreo appears to be trying to stretch the law beyond its intentions, so hopefully the court recognizes this. If you want to see the full filing, it's below:
Remember the MATRIX? No, not the movie, but the highly controversial gov't database that was to store and access all sorts of information on people, and kick out any individual's "terrorist quotient," if necessary. After a lot of negative publicity... and someone hacking into the database, the project was shut down in 2005. But, apparently the guy behind it is back with another attempt at a massive database. Michael Scott points us to a profile of the guy who ran the MATRIX (turns out he's a former drug smuggler, so that should make you more comfortable), who since then has started another operation that is also trying to build up another big database of private info, and is using the always popular method of positioning it as something useful "to protect the children."
Apparently, he's set up the database to help find missing children and track down those who abduct them. This is absolutely a worthy cause -- but there are some serious questions about the method here. He's letting law enforcement use the technology he's developing for free, but in exchange many believe he's trying to get access to government databases to add more data to his own collection. Certainly, some government officials are happily using his technology, but others were turned off by some of the meetings, where they felt that the guy was asking for way too much -- including financial records and even movie rental history.
It's no secret that there are a bunch of big database companies out there creating huge profiles of pretty much everyone... but it does seem a bit sketchy when a guy who has tried to do similar things in the past (and had them shut down) shows up again trying to gain access to private government databases to include in his own system, in exchange for giving the police free access to that system.
We've talked in the past about how pretty much any government database eventually gets abused by someone looking for info about someone beyond the scope of what the database is for, and now Michael Scott points us to news of how the executive director of the Arizona Republican Party, Bruce Mecum, has been accused of using the party's voter database to stalk a female grad student. This isn't a "government" database, as it's just the political party's database. But, the database is used like a marketing database to better target messages. Or stalking opportunities, which apparently seriously creeped out some people. The response from the party's treasurer wasn't exactly reassuring:
"He used Voter Vault. The The Republican National Committee owns Voter Vault....It's a private list. We own the list. We can do what we want with the list, quite frankly."
Including stalking? This isn't a "Republican" thing either. I'm sure some Democrats misuse their databases as well, so hopefully the comments can avoid blindly supporting or hating on this or that political party. The key point here is that it's yet another example of a database that's supposed to be used for one purpose, being used for stalking instead.
We were just talking about how pretty much any government database will get abused by government employees eventually. But it's not just on the accessing or revealing of data that this can happen. How about the collection of data as well? Jabberwocky alerts us to the news that police in the UK have supposedly been arresting innocent people just to add them to the UK's DNA database. The report looking into this, sarcastically titled "Nothing to hide, nothing to fear?" finds that nearly one in five of the DNA records in the database are from innocent people. And part of that is an "arrest first, ask questions later" policy towards collecting DNA:
The commission had received evidence from a former police superintendent that it was now the norm to arrest offenders for everything possible. "It is apparently understood by serving police officers that one of the reasons, if not the reason, for the change in practice is so that the DNA of the offender can be obtained," said Montgomery, adding that it would be a matter of very great concern if this was now a widespread practice.
Oh yeah, to make matters worse: "there is very little concrete evidence on the importance of the DNA match in leading to a conviction and whether the suspect would have been identified by other means anyway." Don't you feel safer now?
It's been pointed out time and time again, that if a government (or a corporation) puts together a big database of information on people, that database will be abused. It's just what happens. Yet, with the UK gov't looking to store (or have ISPs store for it) all sorts of info, it's worth noting that its current ID card database was apparently being abused to look up info on celebrities. Yes, the people doing the snooping were apparently caught and fired, but it still highlights that these sorts of databases are never really private, and someone with access will always try to use them for purposes beyond what was intended.
Apparently, some folks in the UK haven't yet realized that no database is fully secure, and any large database of info will almost certainly be abused at some point. In what appears to be a stunningly bad idea, the UK has put together a giant database including info on every child in the UK. The goal is for it to be used by childcare professionals, but you can bet it will be misused quite soon. As internet law expert Michael Scott notes: "Who thought this was a good idea? And why?"
The British government says it has dropped its plans to create a central database "of all phone calls, e-mails and websites visited." Instead, it wants ISPs and phone companies to hold all of the info. A government minister says having all of the information in a central database represented an intrusion of personal privacy, and that having individual firms store it raised fewer concerns. That may be true, but privacy issues still exist; simply storing all the data in different places might mitigate some risk, but it certainly doesn't eliminate it. Meanwhile, the government wants to expand the data that communications companies must retain for 12 months, going beyond phone records and web sites visited. It also wants them to hold on to records of third-party information crossing their networks, including phone use and internet traffic from outside the country. And, to boot, it wants them to organize all of the data to make it easy for authorities to search. Two issues remain: first, again, throwing more and more data into the retention mix won't magically make the country safer, it just makes it harder to find useful data. Second, this seems like little more than a cunning political ploy to replace a pretty reprehensible plan with one that's only slightly less worrisome. The revised plan still raises plenty of issues, but hey, it's not as bad as the original plan, so it must be pretty good, right?