Database Records and "In Plain Sight" Searches 154
chriswaco writes "A federal appeals court ruled that database records are not 'in plain sight' when other records in the same database are subpoenaed. The case involved Major League Baseball drug test results, but the implications are far wider."
Re:Is it just me or..... (Score:5, Interesting)
Actually, it's called pointing out the significant information in the article. If you think this article is about baseball, you're not paying attention.
The Appeals court specifically indicated how this ruling should be applied to cases you'd probably be more interested in, such as if Google's servers were searched.
If anything, cnn.com is pandering to its audience by focusing on the baseball aspects of a story that's really about the legal bounds of search where databases are involved; and while the court reached its conclusion via a line of logic I don't care for (essentially an appeal to force - "if I decide this way, the consequences would be harmful, so I'll decide a different way"), it is a pro-privacy conclusion that a lot of folks around here are probably interested in.
But by all means, argue that the information shouldn't be made available here because it happens to come from a case that deals with sports and I suppose you think nerds don't do sports.
Re:Is it just me or..... (Score:1, Interesting)
in government, when you can't be EFFECTIVE, yet you are asked 'what are you doing with your time' its shit like this that keeps the burrocrats (sic) 'busy'.
clearly, they don't want to touch any 3rd rails (real issues that need real attention yet will get them unelected next go-round). so they go for easy fruit.
pathetic.
I have zero respect for lawmakers, judges and those in the position of power. lately, all 'understandings' of things technical make me puke. legal guys are worse than children in how illogical they really are, once you look close enough.
Re:Just read this somewhere else... (Score:3, Interesting)
But I agree with the quoted laywer in teh Wired article. I doubt the ruling would survive scrutiny of the SCOTUS with it's current makeup.
Actual implications (Score:1, Interesting)
Here's my opinion, I have done search warrants like this before.
The issue is not subpoenas, but search warrants. Obviously, if the government requested a subpoena on all players even though they only had probable cause for 10, then that would be unreasonable. Consequently, nobody would be surprised if the subpoena got shot down (which is why I think the summary is wrong. If it's right, then this isn't news).
The other half of the summary deals with "plain sight" seizure. Plain sight refers to contraband found during a search for something else. I.e., if you are searching a house for stolen money, you can search anywhere a stolen bill could fit and any contraband found during that search is admissible in court. However, if you are searching for a stolen elephant, you can only search in areas large enough to house an elephant.
So, what is exciting in this case deals with is search warrants for electronic information. Every slashdotter should know this: searching for electronic information is a pain, and information can easily be hidden. The file can be called "negative testing results.xls" and actually be the database of positive results. It can be called "my cat.jpg" and be the database of positive results. So, when agents request search warrants for electronic they articulate a need to search the entire media. Again, any slashdotter knows this is the ONLY way to find the requested information. Consequently, search warrants for small amounts of information usually include all media. And, according to plain sight doctrine, any information found indicating illegal activity would be admissible in court. I doubt that a court has changed this doctrine to say anything different (but I can't find the actual opinion!).
Re:Makes sense to me (Score:5, Interesting)
And the "A" stands for "Accountability" (which refers, in large part, to 'accountability for use of personal information'.) The major regulatorions under HIPAA include the Privacy Rule which controls use and disclosure of protected health information (PHI) by covered entities, the Security Rule which covers the required protection of electronic PHI held and communicated by covered entities, and the Transactions and Code Sets rule which establishes standards for how insurance-related transactions are conducted in electronic media. The first two of those rules are directed at protecting privacy.
HIPAA isn't all about privacy, but privacy protections are an important part of it (they were incorporated largely because privacy fears were one of the reasons people were resistant to the rest of the pieces aimed at acheiving efficiency by promoting and standardizing use of electronic transactions for health insurance billing and related activities.)
Re:Major Victory- Hollow Victory? (Score:2, Interesting)
Re:Makes sense to me (Score:3, Interesting)
HIPAA isn't an entity, and doesn't have "its own web site". You appear to be referring the Department of Health and Human Services' Office of Civil Rights web site about HIPAA.
OTOH, the privacy rule prevents them from getting the information without your consent from your insurer or provider. But, yes, the Health Insurance Portability and Accountability Act (HIPAA) applies almost entirely to health providers and insurers.
IME (and I work directly with HIPAA rules a lot) more people, including a disturbing number whose jobs are touched by HIPAA, think that the acronym pronounced 'Hi-pah' is spelled HIPPA and have no idea what any of the letters stand for.
As the Privacy Rule is the only aspect of HIPAA that most people who don't actually work in a health care, health insurance, or in IT directly related to handling health insurance related transaction will ever actually deal with, thinking that the "P" stands for "privacy", while factually wrong, is hardly a big mistake.
Thinking that HIPAA is designed solely to protect them is not far from truth--its designed to protect consumers against:
1) Not being able to get new health coverage after losing eligibility for previous group coverage, such as through job changes.
2) Not being able to get the right health care even with coverage because providers can't afford to operate, or can only afford to operate with a single insurance carrier, because the cost of dealing with a multiplicity of different billing forms and systems mandated by different insurance, some paper and some electronic, is prohibitive.
3) Harms resulting from deliberate but unnecessary and unauthorized (by the patient) exposure of personal health information by parties that must have access to it in the health care and health insurance chain to others that do not need that access for that reason.
4) Harms resulting from accidental exposure of personal health information stored and transmitted in the health care and health insurance chain, due to lack of security.
The bigger problem than believing that HIPAA is focussed on "privacy" (which HIPAA rules actually do to a considerable extent) is mistaking the scope of their applicability; It's not that people get the "P" part wrong that misleads them as to the impact of HIPAA, but that they don't appreciate the significance of the "HI" part -- that HIPAA is focussed on health insurance industry, and has little impact outside health care and health insurance industry, even where it concerns health information.
Re:Is it just me or..... (Score:3, Interesting)
The thing is the "view" in "plain view" is defined totally arbitrarily. The 4th Amendment to the constitution doesn't say anything about plain view; it just prevents unreasonable searches without a warrant. Over the years, the courts pulled this "plain view" stuff out of their asses.
I'm not criticizing them for that; they ultimately had to try to draw the line between what is reasonable vs unreasonable somewhere. So they made up something that most people think is fair. And now it's pounded into all our heads as though the words were actually in the Bill of Rights, even though they aren't.
The courts' decisions that the "plain viewness" of something is relevant, is a very human definition. Our eyes are a big deal, which is why they call it view instead of scent. That doesn't mean scent doesn't apply -- the courts aren't so dumb/rigid/pedantic to be unable to analogize sight with smell and apply the same criteria. But there's a reason the courts used the word "view" -- we all have a very intuitive idea of what it really means, with a lot of consensus.
What if we violate that underlying meaning?
I think allowing either search (dog or electronics) without a warrant or other probably cause, is flirting with disaster. What if the officer (or machine) has radical powers, such as ability to see through walls, read people's minds (in a science fictiony "telepath" way, not by just being socially well-tuned), etc? At some point, the "plain" in "plain view" should be called into question. If the dog or machine can sniff something that a human 1.0 nose can't, maybe that's not really a reasonable search.
If the concentration is so dilute that you can't smell it, then the molecules, even if yes, they really are floating in the air, aren't in plain view. Just like if you have your drugs inside a cardboard box -- some photons actually are going through the box. We humans just can't see them. If you build a machine that can see them, or have a cop with super-powers that can see them, that doesn't mean the contents of the box are in plain view, regardless of how easily that super-powered cop can see 'em.
I do think we would all change our minds about that, if many of us did have such super-powers. If everyone knew a cardboard box does not delimit privacy, we would no longer consider objects in a box to not be in plain view. I don't mean "know" it in a rational hypothetical sense; I mean knowing it in visceral, obvious, day-to-day in-your-face kind of way, just like most of us can effortlessly and instantly perceive that a cardboard box blocks the view of whatever is inside he box.
Likewise, if we all had, and routinely hung out with, trained dogs: we would all know that faint scents that people can't smell, are still in "plain smell."
But we don't. We don't have the super-powers, nor the trained dogs, nor the electronics. I'm not saying we don't have access to them, just that they aren't part of most people's routine lives. So if you need these things to detect something, that something isn't in plain view. And more importantly: a search that uses these things, if there isn't due process, is not a reasonable search.