Database Records and "In Plain Sight" Searches 154
chriswaco writes "A federal appeals court ruled that database records are not 'in plain sight' when other records in the same database are subpoenaed. The case involved Major League Baseball drug test results, but the implications are far wider."
Makes sense to me (Score:5, Insightful)
From a technical standpoint (Score:5, Insightful)
SELECT Results, TestingLab FROM SteroidTests WHERE LastName = 'DiMaggio' AND FirstName = 'Joe' does not mean that SELECT * FROM SteroidTests is in plain sight.
Especially since large databases keep track of more and more things (like your credit cards, names, address, ssn, what you last purchased, credit scores, ...) legitimate seizures of data should be severely limited by the judges issuing a warrant. Right now the feds can get away with: "Judge, this terrorist location is stored in this companies database, let's seize all the database servers of the company" and the judge not understanding how records are stored or how databases work practically gives a warrant for all the data the feds can find including 'collateral' records.
Re:Is it just me or..... (Score:5, Insightful)
Computer related.... check.
Privacy related..... check.
Does it matter?..... check.
And out of curiosity where is your line between pandering and providing a real service to your users?
Re:Is it just me or..... (Score:5, Insightful)
It is just me or did I miss the part of the US Constitution that said Congress shall have the power to ensure the integrity of Major League Baseball? I can't be the only one that finds it absurd that our Government is devoting resources to outing cheating athletes. Surely there are more pressing issues for them to worry about?
Re:Is it just me or..... (Score:5, Insightful)
No. From TFA:
If the cops subpeona records looking for Cowboy Neal's crhacking somebody's porn server, thay can't use evidence of Cnik70's use of illegal hamburger buns that they find in that database.
It is relevant.
warrant != permission to ransack (Score:4, Insightful)
It can be called "my cat.jpg" and be the database of positive results. So, when agents request search warrants for electronic they articulate a need to search the entire media.
And unfortunately thinking like that is why they can literally tear your car down to the nuts bolts and wires at the border when doing a search for drugs. When they're done, and haven't found a thing, you know what you get? A toolbox full of tools and a space in their parking lot to try to put your entire car back together by yourself. (I know two that have had this happen to them when traveling between the USA and Canada)
By your logic they could literally tear a house down, tear apart the walls and the joists and dig up the foundation if they could suggest that a crack rock could fit in there, when searching a house on a drug warrant.
Unfortunately this is one of the innumerable examples of where the law is given overly broad power and it's left up to someone's judgement as to "how far to go" with it. Unless you have good evidence to suspect the perp has gone to extreme measures to hide something, you can't just ransack the place.
Re:Actual implications (Score:4, Insightful)
I think the point is that once you find said database you can only go looking in it for information that is within the scope of your warrant, ie: within that database you're searching for references to elephants your search should be limited to elephants, not major league baseball players.
If you're looking for MLB players but have a list of 10 specific ones, you should be limited to searching for those players names... if they use an alias you're out of luck and will need to convince a judge that this is so important that you need a 'john doe' warrant to search all records for evidence. Better yet just find some other specific criteria that is likely to pull up your aliased individuals records - such as a data, address, etc. that will properly narrow your results so as to exclude as many false matches as possible.
Re:Actual implications (Score:3, Insightful)
The dangers of screening tests (Score:5, Insightful)
The salient facts of the matter were that:
1. A group of people took tests, the results of which were guaranteed to be confidential.
2. The government subpoenaed some of the test results.
3. Investigators collected substantially more test data than the subpoena allowed, stretching the "plain sight" doctrine to the breaking point to do so.
4. Investigators leaked the test results to others.
5. The people who took the tests suffered adverse employment consequences, years after the tests were taken.
Exactly that same sort of thing could happen to you. Let's imagine. Five years ago you tested positive for THC when a random test was required the day after you were, uncharacteristically, at a party thrown by an old friend where there was a great deal of smoke in the air (You don't remember inhaling). Your employer sent you through the spanking mill for the next year and there were additional tests and you were forced to endure flash presentations on drug abuse against your will. You figured that was the end of it.
Little did you know that the Anytown Police Department happened to hang onto a list of positives they got from ABC Testing and Compliance Services (where you took the test) as the result of an unrelated investigation into a person you do not know. The list was leaked via a cop's wife to the local Human Resources Disucssion Group that meets every 2nd Wednesday at the Perkins. And guess what? Now you can't get a job in Anytown and you don't know why.
The ruling at issue is a step in the right direction, because it helps plug one of the holes through which some of this data gets out. If you don't care, you should -- unless you have nothing to hide.
Re:Is it just me or..... (Score:2, Insightful)
Baseball is also something that greatly affects many Americans (congressmen included). I think they'd be remiss if they ignore these illegal acts coming from an American icon (the league).
Lastly, the Federal Government is pretty big and has a lot of people working for it. Yes there are more pressing issues to worry about, but rest assured they can worry about those and this issue concurrently.
Re:Makes sense to me (Score:3, Insightful)
And sarbanes Oxley is defined as a pain in the ass for all the IT people.
Seems like there's another problem here... (Score:4, Insightful)
From the article:
So the question is, why isn't the players' union suing Major League Baseball for breach of contract? Anonymous and confidential is not the same as identifiable but confidential; if the results actually had been anonymous as promised, this breach never could have happened.
Re:Major Victory (Score:5, Insightful)
My guess is the system is trying to correct itself from the abuses of the Bush Administration. I wonder if this would over-ride the Patriot Act?
Interesting that you reference the Patriot Act while talking about the abuses of the "Bush Administration" but fail to mention the fact that the vast majority of Democrats in the House and all but one in the Senate voted in favor of it.
You'll forgive me if I'm skeptical that they will do any better now that they are in charge.
Re:Makes sense to me (Score:2, Insightful)
Re:Is it just me or..... (Score:4, Insightful)
in government, when you can't be EFFECTIVE, yet you are asked 'what are you doing with your time' its shit like this that keeps the burrocrats (sic) 'busy'.
clearly, they don't want to touch any 3rd rails (real issues that need real attention yet will get them unelected next go-round). so they go for easy fruit.
pathetic.
I have zero respect for lawmakers, judges and those in the position of power. lately, all 'understandings' of things technical make me puke. legal guys are worse than children in how illogical they really are, once you look close enough.
So when was the last time you went to your rep's office and told them about yourself?
"Hello, I'm a constituent, and I'd like to talk to [ my rep ] about technical issues being proposed / in the news / reflecting the upcoming election.
"I represent a group that [ tech tech tech ], and I wanted to let you know about services we can provide for you. You're an expert on government and the law, and sometimes you'll hear about technical bills. Some things proposed may be impossible, or split very fine hairs on details that you don't have the time to devote to total research. If there are ever questions we can answer for you, we're here, for you, as a resource, to provide a high-level summary."
Since you're complaining on /., I'd say you're a slacktivist who has never done such a thing. Do you even know your rep's name?
Re:Is it just me or..... (Score:5, Insightful)
The U.S. government has granted this league monopoly status
No, they granted it an exemption from the anti-trust laws. There's no law stopping you from starting your own baseball league to compete with the MLB.
Baseball is also something that greatly affects many Americans
No it's not. It's something that a great many Americans (myself included, Let's Go Mets!) enjoy watching but it doesn't "greatly affect" you unless you are unlucky enough to get killed by the police [wikipedia.org] while celebrating the victory of your favorite team.
Re:Is it just me or..... (Score:5, Insightful)
Except they weren't searching the physical premise where these 10 players reside... nor any virtual equivalency. They were searching third party records of drug tests performed on these 10 players. The closest pre-digital analogy I can come up with is bank records. If it was 1909 and the police had obtained a warrant to search my bank records, would that give them the right to also peak at yours that are stored in the same filing cabinet at the bank?
Re:Is it just me or..... (Score:5, Insightful)
Too often that means "reasonable because the cops can snoop around and violate the privacy of other people, regardless of whether those other people don't want that like I do." I'll give an analogy that involves only physical evidence.
At least in my country, an officer is not allowed to just randomly pull over a vehicle for no reason and then search that vehicle. They are supposed to have probable cause; they can't just go search someoneone to see what they can find. Unless they have a dog, that is. That's right. A police dog can decide your vehicle has drugs or whatever else they're looking for and when the dog starts barking, suddenly the officer has a perfectly legal search. Yes, it would be illegal and a violation of civil rights if that officer used his hands and eyes to locate the same drugs. However, the same search performed with a dog's nose instead of a human officer's hands and eyes is suddenly legal and constitutional. Isn't that amazing, how you can take an unconstitutional act, filter it through the nervous system of the lowly dog, and suddenly it becomes legal and has the court's blessing?
Declaring additional records (i.e. those which were not specified in a search warrant or subpoena) as "in plain sight" and legal to search is worse than this. It's worse because it disposes of even the pretense that using a dog to conduct a search is somehow fundamentally different than using your hands and eyes to conduct the same search. It's like declaring everything up-for-grabs so long as the cops can get their hands on it. It's not "in plain sight", it's residing on privately owned hardware on private property. The cops confiscated it by force or by threat of force (what do you suppose a warrant or a subpoena is?) and now that they've dragged it back to their offices and loaded it up on their hardware it's in "plain sight" to them. That sure is a strange definition of "plain sight." This is something that WILL be abused, though I imagine that when this happens a lot of you are going to act surprised. The sad thing is that the surprise will often be sincere.
Makes sense (Score:5, Insightful)
The "in plain sight" doctrine came about as a result of an old Supreme Court case. What it boils down to is, if the cops execute a search warrant or other lawful search, and they happen to spot evidence of another crime "in plain sight", they can use that evidence to arrest and charge someone. Say the cops are checking your motel room for an escaped prisoner. They can't go rifling through your bag looking for drugs once they've searched the room. But, if you have a meth lab set up in the room, they can get you for that.
The same thing with this database search. Databases can be any arbitrary size : a database could have records on every citizen in the United States. If the cops were given a warrant to check on the records of a specific citizen, the rest of the database should be off limits. Otherwise, there's no real limit to the games the cops could play, and they would effectively have the power to investigate every citizen in the United Stats for a crime at all times. What if the "database" contained the banking records of every citizen in the U.S.?
Re:Is it just me or..... (Score:3, Insightful)
At least in my country, an officer is not allowed to just randomly pull over a vehicle for no reason and then search that vehicle. They are supposed to have probable cause; they can't just go search someoneone to see what they can find. Unless they have a dog, that is. That's right. A police dog can decide your vehicle has drugs or whatever else they're looking for and when the dog starts barking, suddenly the officer has a perfectly legal search. Yes, it would be illegal and a violation of civil rights if that officer used his hands and eyes to locate the same drugs. However, the same search performed with a dog's nose instead of a human officer's hands and eyes is suddenly legal and constitutional. Isn't that amazing, how you can take an unconstitutional act, filter it through the nervous system of the lowly dog, and suddenly it becomes legal and has the court's blessing?
The dog still has to be near your vehicle for a reason. That reason could be that you were parked in a lot where the dog was walking, but you still can't be pulled over for no reason other than to have the dog sniff your vehicle.
Now, let's take the dog out of the equation. Your parked in that same random parking lot and a cop walks by and smells the pot emanating from your car. He's been on the force for a while and has been involved with drug busts before. He knows, with no doubt whatsoever, the smell of pot. He now has a legal reason to search your car. Complete with the court's blessing.
Re:Is it just me or..... (Score:2, Insightful)
The physical analogy everyone seems to be missing is if they went to the drug testing lab and asked for the person's records in question, then followed the records keeper to a room full of filing cabinets, watched him open a drawer labelled something along the lines of 'Baseball players that failed their drug test', and then forcefully took every folder in the cabinet, rather than waiting for him to find the one for which they were given a warrant.
The thing is that if they had formed the query on the database properly, it never would have shown them the other records, but instead they went on ahead and grabbed everything they could get their hands on once someone gave them access to the database.
Re:Is it just me or..... (Score:5, Insightful)
Would you be happier if they were using some sort of electronic detector instead of a dog?
The thing is, dog handlers know their dogs, and dogs know their handler. They are a well integrated team. And if the handler feels like he needs an excuse to search that car driven by those black lads, he can signal his dog via subtle body language cues that he should pretend he smelled something...
An electronic detector may (or may not...) be more difficult to manipulate.