Skip to content

DBAzine.com

Sections
Personal tools
Who Are You?
I am a:
Mainframe True Believer
Distributed Fast-tracker

[ Results | Polls ]
Votes : 1984
 

Massive Data Sweep Massive Data Sweep

Ruminations on data privacy, security, and freedom.
This blog is about data and database systems - and anything that relates to the management of data. I try to keep an eye out for newsworthy items on data to discuss here. As such, I could not ignore this article (US Plans Massive Data Sweep, 2/9/2006).

One of the biggest growing concerns for those of us who deal with data on a daily basis is the impact that data analysis can have. Along with this comes many issues including security, personal privacy, and the potential for abuse. The article describes an effort called ADVISE, which is an acronym for a little-known system called Analysis, Dissemination, Visualization, Insight, and Semantic Enhancement. It is basically a big data mining program. When I read this article, my mind immediately goes to George Orwell's 1984.

But let's think about this a bit longer. I have little-to-no problem with sifting through data in the public domain. I think it becomes potentially problematic when data that you think is personal becomes public. My e-mails, my purchases, the books I check our of the library - these are things I hope to be personal. Assuming that this is so, or will be so in the future, seems to be naive.

But what responsibility does a company have with its customers concerning their data. Should my ISP be able to guarantee the security of my e-mail such that no one can access it? Perhaps on their servers (unless the government tries to force them to turn the data over - not far-fetched; I refer you to this recent article Feds after Google data), but can anyone guarantee what happens to data as it floats through the ether from originator to destination?

More on corporate responsibility: shouldn't the details of my credit card records be only between me and the credit card company? OK, I can understand a credit bureau needing information on current balances, but no one should be able to gain access to what I bought and where I bought it. Should they?

To me, the following quote from the article is scary: "It would collect a vast array of corporate and public online information - from financial records to CNN news stories - and cross-reference it against US intelligence and law-enforcement records." Now I understand the desire to catch and thwart terrorists. I am all in favor of that. I just don't know how much freedom we should be willing to give up in order for that to happen. As Ben Franklin put it, much more elegantly than I ever could, "Those who would sacrifice freedom for security deserve neither."

So what can a DBA do about it? Well, perhaps not much at this juncture. But be prepared for some extreme requests on your data. It looks like the government will be asking for it. In more ways than just this one, especially when you take a look at government regulation and compliance requirements (such as Sarbanes-Oxley). And that is a whole different kettle of fish (frankly, I like government regulations that force companies to take care of their data as they should already be doing). But more on that at a later date...

Monday, February 13, 2006  |  Permalink |  Comments (3)
trackback URL:   http://www.dbazine.com/blogs/blog-cm/craigmullins/blogentry.2006-02-13.8131650582/sbtrackback

French point of view

Posted by GenieLog at 2006-02-16 10:54 AM
Hi,

I read your article with a deep attention, and even if I can share with you the concerns about security, privacy and so on, I'm suprised that the subject seems just to raise on the surface.

Here in France, we have a governamental comission named CNIL (could be translated : National Comission for Freedom and IT) which is in charge of supervising all files / databases from private companies or public institution.

When building a a file with private data (names, card #, adresses, etc.) you have to declare the file to the CNIL as well as the purpose of the file.

Then, you're not allowed to use thoses data for any other purpose than the one declared. You're not allowed to disclose those data to any other party or that party should make a declaration to the CNIL as well.

Any violation of the law an individual may suspect can be declared at the CNIL that will in turn take charge of the investigation and procecute the faulty institution.

Tracking users's activities do exist. There's nothing you can do against that since it's part of the business. But you can promote instution like the CNIL that will regulate usage and circulation of the data.

Regards,
Jean-Lin Pacherie, GenieLog

A new concern for DBAs?

Posted by howardfci at 2006-02-21 03:55 PM
Craig raises a little-explored aspect of our profession that is becoming increasingly important to consider. A DBA could find him or herself in the position of helping an organization violate the privacy or other rights of those in its databases.

We DBAs may find ourselves facing new kinds of dilemmas, such as--

1. Is my organization engaged in an illegal use of data?
2. Is my organization engaged in a legal use of data, but one that I personally disagree with or find "wrong"? (for example, you feel the organization is unfairly "taking advantage" of those in the database)

As DBAs we were previously immune to the "messy" ethical decisions one sometimes faces in other professions. That day may be behind us.

Consider this hypothetical -- what would you do if you worked for the phone company and the government asked for (and got) unrestricted use of all your corporate databases to "fight terrorism"? And then you witnessed that the government was clearly miusing this data?

Do you speak up and maybe lose your job? Do you feel it's not your decision, you're just an implementor, so you do nothing? Do you secretly try and get the word out to somebody without disclosing your identity?

These choices are not simple. We may have to consider them in the future. I recommend the book "The Digital Person" by Daniel Solove as a balanced, objective place to start exploring these issues.

BTW, the hypothetical is what the Electronic Freedom Foundation alleges in its current lawsuit against the federal government (see www.eff.org for details).





Craig Mullins
Data Management Specialist
Bio & Writings
Subscribe to my blog Subscribe to my blog
« February 2007 »
Su Mo Tu We Th Fr Sa
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28      
 
 

Powered by Plone