| 2 people marked this as a favorite. |
It doesn't really work when it's an organization. The California Dept of Ed has been ordered to produce the data and has legally objected. You can't throw Bob the DBA in jail, since he's not the one refusing. It's the artificial person known as the Dept of Ed.Just to be very clear: I am 100% in agreement with Orfamay, and glad he(?) joined the discussion, because I find his legal insights unparalleled on such threads.
Yes, it is entirely the DoE's fault. Yes, they are obviously hiding something.
However, my preference still would have been for the judge to start throwing DoE employees in jail for contempt, rather than an easier-but-higher-risk solution of, "Fine, we'll let them go in and get it themselves."
I see jailing people for contempt used far too sparingly. Put a DBA in prison for a week. Your data will appear...
That is where the current system breaks down for me.
Take the head(s) of the department of education and throw them in jail. Today. If they object and say they had nothing to do with the decision, say, "Well, then, who's in charge of the database?"
Add that person.
And so on, and so on.
Yes, maybe you end up with 50-60 people in a set of holding cells. But it's likely much easier. You really only need to go after Bob the DBA. "Here is a mandated court order for you to allow us access to the database right here, right now. You cannot be fired for granting us access. Do it."
So yes, you could go after Bob the DBA, as long as he first had a chance to comply with your physical presence on-site.
As you might be able to tell, I'm a strong opponent of incorporation for precisely situations like this: Because they are incorporated, they can ignore court orders and no one goes to jail for contempt, the fines are levied against the organization, not individuals, and hence there really is no incentive for them to suddenly start cooperating.
But the current situation is very much like Solomon's decision on the child: Because the DoE is being intransigent, children's information is being jeopardized by being almost certainly downloaded and transported before being parsed and purged.
"Oh, well, the DoE is stonewalling and we can't throw anyone in jail, so we'll do something that's effective, but that violates 20 years of best security practices," is not, in my mind, a solution.
But both you and Orfamay are making it clearer and clearer that the DoE has legally managed things to this point. So we know where the fault lies. I'd just like to see a solution that matches industry best practices.
And I like throwing recalcitrant administrators in jail. I have to admit, after years in the public school system, it would tickle me pink.
| 1 person marked this as a favorite. |
It doesn't really work when it's an organization. The California Dept of Ed has been ordered to produce the data and has legally objected. You can't throw Bob the DBA in jail, since he's not the one refusing. It's the artificial person known as the Dept of Ed.
I see jailing people for contempt used far too sparingly. Put a DBA in prison for a week. Your data will appear...
That is where the current system breaks down for me.
Take the head(s) of the department of education and throw them in jail. Today. If they object and say they had nothing to do with the decision, say, "Well, then, who's in charge of the database?"
Add that person.
And so on, and so on.
There is unfortunately this little thing called the "presumption of innocence." It's considered extremely bad form to jail someone because you think they might have disobeyed a court order. More significantly, there's a very good chance your order will be set aside upon appeal (as in, within hours).
| 1 person marked this as a favorite. |
Well, as I said, that's my issue with the current system. As is being amply demonstrated here, the DoE has no incentive to do anything other than what is happening, the judge has little recourse, and what is happening is wrong.
Under the current legal system, I see no way around it (other than for those of us who ARE concerned to file our objections). But the fact that it has come to this indicates to me a fundamental flaw in the system.
Because the DoE is being intransigent, children's information is being jeopardized by being almost certainly downloaded and transported before being parsed and purged.
I'm not sure whether you're writing this out of ignorance or paranoia, but I assure you that the Special Master is better at computer security than you are. Or even than you realize.
In a case like this, the data that he's looking for will typically arrive by courier -- possibly by FexEx, possibly by something even more secure involving armed guards -- and signed for. Inside the package will be a hard drive or set of hard drives, possibly encrypted. If you can "download" the information from an encrypted hard drive sitting in a box inside a FedEx truck, your kung fu is, ahem, exceptional.
Once she (the Special Master) has the data, every time the disks change hands, they will be signed for -- literally. This is called "chain of custody" -- she has to be able to prove that at no time did anyone have an opportunity to manipulate the data, or else it's worthless as evidence. The hard drives are typically kept in a locked (secure) location when not in use -- and even the copies of the disks (which are made under fairly tight security themselves, for obvious reasons) will be tracked, to make sure that the chain of custody is not broken.
It's common practice for the machines used for this kind of analysis to be protected from the Internet at large by an air gap, so there's no direct connection to the Internet, and any software you want to use is brought in on removable media.
So I'm not sure how the information is supposed to be downloaded.
And yes, these are fairly routine precautions for a Special Master to take. So while you're right that one more database is one more attack surface, it would be much easier to get to the database where it's living at the DoE, and the actual increase in risk is negligible.
| 1 person marked this as a favorite. |
So basically, you are arguing that the data exists at all somewhere, so making a copy of it in another place doesn't make things worse?
Yeah.
It's a question of degree's.
Spreading the information around does make it more vulnerable, but giving people access to the information could prove helpful.
Does the potential for harm outweigh the potential for good?
In this case, the judge has so far ruled that it doesn't.
By the way, I'm totally with you on the idea that we need to reduce the number of databases like this and how much is stored in them. Government's in particular hold onto these things for as long as they can and they hold onto as much as possible, making them particularly big targets and often quite vulnerable. As a general rule, I would like to see as much of this stuff destroyed as possible.
| 1 person marked this as a favorite. |
In this case, it might be a better solution.
Honestly, I think even in this case, it's a worse solution.
Let's face it, none of us has read all the submissions filed in this case. I've read a number of the submissions, but I've not found anything by the DoE that details how the data is stored and the technical challenges involved in scrubbing it. We've been talking about how it's probably stored in a SQL database as though any trained monkey could deal with it, but that's merely an assumption, and a questionable one at that.
When we're dealing with a government agency, and especially a long-standing one like the California DoE, there's a very good chance that the records are stored (or worse, partly stored) on some proprietary legacy system (or, ugh, systems). In fact, such a system was specifically referred to in a number of filings, and I don't think they pulled that phrasing out of thin air. If this is the case, there's a good sporting chance that there is literally no commercially available software even to read the database, let alone make the mass modifications necessary to scrub it, and there's no one at the DoE -- possibly no one alive anywhere in the world -- who's familiar enough with the legacy software to do the reverse-engineering and modification in a timely fashion. Anyone who's done any work for large companies is familiar with this problem.
If this is the case, then the statement that it would be too burdensome to deliver scrubbed data is a simple statement of fact.
It's not fair -- and more importantly, not legal -- to jail anyone over failure to obey a court order when compliance is impractical to the point of impossible.
None of us on this forum know the exact details of the DoE's database, and it's not clear to me that the judge knows them either. Indeed, if they really are a collection of legacy systems, neither does the DoE. But in the interests of justice, the judge is making the correct ruling that will move the trial forward, by putting the evidence in the hands of a neutral third party who knows exactly how to keep it secure.
Irontruth posed a good question:
Does the potential for harm outweigh the potential for good?
In this case, the judge has so far ruled that it doesn't.
The first thing to note is that this is exactly the sort of thing that the judge is supposed to decide, on behalf of all of society. The judge has, of course, made her ruling. The second thing to note is that the judge is also familiar with the capacities and capabilities of the proposed Special Master, and knows more or less the risk she's creating.
As I outlined above, the additional risk in the hands of a capable Master is extremely small, as these people are trained in both forensics and security, and this is what they do for a living. Handling computer materials securely is actually a fairly routine task in many parts of the world; I can't imagine that this data would require any more security than the stuff Top Secret, or even Secret, needs, and I also can't imagine that the DoE includes TS-level security precautions.
So I think that the judge made the right call. The case moves forward at minimal risk to the public.
| 2 people marked this as a favorite. |
I'm not sure whether you're writing this out of ignorance or paranoia, but I assure you that the Special Master is better at computer security than you are. Or even than you realize.
It's not the Special Master I'm concerned about, it is to whom the Special Master grants access to those disks.
I've worked at military-level security sites, where protocol demanded that I be escorted by armed guards to every location I visited, including the bathroom. I've seen the special couriers with their handcuffed briefcases in the halls.
And then I've seen the engineers who are entrusted with this data carrying it around once it arrives in USB thumb drives in their shirt pockets.
Is it really supposed to be one man or woman who takes possession of those disks, practices exemplary security protocols, performs the database analysis and extraction him- or herself, and presents the cleansed data to the plaintiff?
Or could it be that the Special Master is a courier who will ensure the data is safe until it is delivered to the people who are supposed to analyze it, at which point is where my experience indicates the security risks lie.
EDIT: Just saw your post: So the Special Master is indeed responsible for the forensics as well. In that case, the judge definitely made a good call. My impression from the (sensationalistic) article was that the data was going to be mined and analyzed by a third-party contractor. Having worked with said contractors, security is NOT their strong suit.
| 1 person marked this as a favorite. |
I'm not sure whether you're writing this out of ignorance or paranoia, but I assure you that the Special Master is better at computer security than you are. Or even than you realize.It's not the Special Master I'm concerned about, it is to whom the Special Master grants access to those disks.
Is it really supposed to be one man or woman who takes possession of those disks, practices exemplary security protocols, performs the database analysis and extraction him- or herself, and presents the cleansed data to the plaintiff?
The Special Master is not a courier. S/he is a domain expert as well as a forensic expert. While s/he may not perform the analyses personally, s/he is ultimately responsible for the security and treatment of the evidence --and the people who do are responsible for following the same security protocols and report to her.
Or could it be that the Special Master is a courier who will ensure the data is safe until it is delivered to the people who are supposed to analyze it, at which point is where my experience indicates the security risks lie.
The Special Master is not a courier.
| 1 person marked this as a favorite. |
Let's be honest folks, with the kids these days nothing in that database is any more dangerous than personal information that they share on the instatwitbookchat before brushing their teeth.
Social media posts rarely contain information necessary to access bank accounts, sign up for loans, etc.
| 3 people marked this as a favorite. |
Let's be honest folks, with the kids these days nothing in that database is any more dangerous than personal information that they share on the instatwitbookchat before brushing their teeth.
Ah. The prime privacy fallacy. On the surface, this seems like a sensible argument. After all, people post lots of stuff without regard to security. However, by thinking all of a few seconds, it becomes obvious that when someone posts their own stuff, they CHOOSE to do so. We all have that right, and nobody has ever talked about prohibiting it, to my knowledge. But what the above argument says is that "since some people CHOOSE to post stuff, nobody should have any privacy whatsoever". Which is obviously a moronic argument. It specifically denigrates CHOOSING NOT TO post stuff - i.e. the right to privacy. It's a catchy tune if you want to abolish privacy. If you don't want everyone's data to be always available for all sorts of bad things like ID theft and so on, don't use it. Krensky, you're smarter than that.
And if it's not difficult to get someone's SSN, and the SSN can be used for bad things, then the protections in place for someone's SSN are not adequate and should be strengthened. It is not an argument for lowering the bar for all data security, and never was.
You realize it's not that hard to find out a person's SSN right?Let's be honest folks, with the kids these days nothing in that database is any more dangerous than personal information that they share on the instatwitbookchat before brushing their teeth.Social media posts rarely contain information necessary to access bank accounts, sign up for loans, etc.
You realize you're changing the subject?
| 1 person marked this as a favorite. |
Okay Krensky. Let's see your SSN, address, full name, phone number, and any codes to your bank accounts, here on the public board. Privacy is a myth, after all, so what would be the problem?
Or maybe, there is something to it, and you don't want to post those things...
| 2 people marked this as a favorite. |
Okay Krensky. Let's see your SSN, address, full name, phone number, and any codes to your bank accounts, here on the public board. Privacy is a myth, after all, so what would be the problem?
Or maybe, there is something to it, and you don't want to post those things...
There was an awesome radio commercial where the CEO of an identity security company announced his SSN, claiming that his company's protection was so good that nefarious ne'er-do-wells getting your SSN wasn't an issue if you had his company's protection...
...then his identity got stolen... multiple times....It was epically hilarious...
Needless to say, the commercials stopped.
| 1 person marked this as a favorite. |
Okay Krensky. Let's see your SSN, address, full name, phone number, and any codes to your bank accounts, here on the public board. Privacy is a myth, after all, so what would be the problem?
Or maybe, there is something to it, and you don't want to post those things...
There was an awesome radio commercial where the CEO of an identity security company announced his SSN, claiming that his company's protection was so good that nefarious ne'er-do-wells getting your SSN wasn't an issue if you had his company's protection...
...then his identity got stolen... multiple times....It was epically hilarious...
Needless to say, the commercials stopped.
Yep. When I lived in Phoenix, I saw multiple billboards containing nothing but this guy's grinning face, the company logo, and his SSN. I was very amused when I read later about how his company was clearly not up to snuff.
I'm curious if the billboards are still around.
| 3 people marked this as a favorite. |
Okay Krensky. Let's see your SSN, address, full name, phone number, and any codes to your bank accounts, here on the public board. Privacy is a myth, after all, so what would be the problem?
Or maybe, there is something to it, and you don't want to post those things...
Goodness, Sissyl. While privacy isn't a myth, it's certainly (in this case) a distraction. The California DoE is playing you and your white-hot indignation like a violin.
First of all, let's look at the actual value of a stolen Social Security Number. You can buy them in bulk on the black market if you know where to look for a penny apiece. SSNs for minors are worth even less because you can do so much less with them, and by the time you can do anything with them, the rest of the information is sufficiently out of date that the number itself is useless. So the actual value of the entire database is something less than $10,000.
The simple fact of the matter is anyone who actually wants an SSN already has it. The banks are well aware of that, which is why the SSN is (sometimes) useful as a database key, but it's not going to unlock a magical financial goodie box, even in the hands of an expert hacker. It's rather like credit card numbers in that regard, which nowadays arrive from the factory pre-stolen. Yes, literally every card number in your wallet is known to the major criminal rings -- the problem is that it's nearly impossible to monetize those numbers, and eventually they expire unused because no one could figure out a way to persuade the Bank of Sweden to allow you to make a cash withdrawal from some machine in sub-Saharan Africa. In fact, the Bank of Sweden has probably already received dozens of such requests and simply rejected them on your behalf.
So rather than pretending that the sky is falling, let's actually look at the risks. As I said, the Special Master knows what she's doing; they're generally much better at information security than the security professionals at the agencies and banks, because their level of "acceptable" risk is much higher (it's basically "what they can afford to insure against"). As I said, the actual value of this database to the criminal underground is less than $10,000, which by legal standards is a pittance. The value of this data to the DoE is much much higher, because it could result in fines in the millions of dollars. Indeed, the Special Master will be paid --- has already been paid -- substantially more than the value of the data she is dealing with. At this level, this particular database is chump change, but the same chain-of-custody precautions need to be taken anyway for legal reasons, something that do not apply in typical circumstances to the CA DoE.
So, as I said before, the additional risk is negligible. The threat to privacy in this case is indeed a myth.
But let's put that threat where it belongs. It is solely the responsibility of the DoE. They agreed (with the agreement reinforced by a court order) more than a year ago to produce a redacted version of these documents, and have not done so. They were offered, as an alternative, the option of producing the data on-site in a secure environment, and turned that down. Having had the opportunity to comply with best practices, and having claimed to be incapable of following best practices, they are reaping the harvest of their own practices -- the risks are entirely of their own making,
And most of us already suspect them of active malice in this. Reading between the lines, I'm sure both the magistrate judge and the district judge do as well. They are attempting to mislead both the public and the judicial system by raising irrelevant privacy concerns to distract people from their real misconduct.
And you're falling for it, with eyes wide shut.
| 2 people marked this as a favorite. |
I don't particularly not trust the special master (wow, that's some title...), nor do I think privacy necessarily outweighs every other concern. What gets me riled up is when people spout general anti-privacy slogans. There aren't actually that many:
"Why worry about privacy when so many put stuff up on Instagram and Facebook anyway?" The answer to this is that the difference between having your data mishandled and mishandling it voluntarily is the same as between giving something and having it stolen. Or, if you prefer, between consensual sex and rape. Whether the data leak is voluntary MATTERS, just as much as in other interactions between people. Pretending it doesn't is dishonest to the worst degree.
"Privacy is a myth", also often stated "you people have zero privacy anyway, get over it" The issue here is that anti-privacy people pretend there already is no privacy, thus why would an additional breach of privacy be a problem? It also casts those who care about it as fools. Still, a cursory examination shows this is utterly nonsensical. The most obvious problem is that anti-privacy people still try to make new breaches of privacy. If it didn't exist, why would they ever need to?
"Those with nothing to hide have nothing to fear" This is the absolute worst of the lot. The key here is "who judges whether you had something to hide?" You can only be absolutely certain it's not you. Truth be told, everyone has stuff that could implode on them, or others. Guess what? That is OKAY. We must never be so stupid as to believe the authorities who say they can protect us if only we give up privacy. It doesn't matter how much we have, what matters is that currently, we have too little.
Also, I note that Krensky did not take the bait. As for the difference between privacy and security... it's written in the stars how anyone could maintain security if they had no privacy. With every sort of communication scrutinized, you obviously can't keep your bank codes secure.
"Privacy is a myth", also often stated "you people have zero privacy anyway, get over it" The issue here is that anti-privacy people pretend there already is no privacy, thus why would an additional breach of privacy be a problem? It also casts those who care about it as fools.
Most of the time, it doesn't need to do that, because the privacy advocates have already done such a marvelous job all by themselves.
Case in point: We must never be so stupid as to believe the authorities who say they can protect us if only we give up privacy.
I couldn't ask for a better example of a knee-jerk, unthinking, hysterical reaction with no regard to the facts on the ground.
Privacy policy is always a tradeoff, because things need to get done. In the current case, the state of California has a legal duty to monitor compliance with the various Federal directives regarding special education. If your proposed privacy policy prevents the state from carrying out its Federally mandated duty, then your proposed privacy policy is out-of-the-box unacceptable. Your desire to privacy doesn't trump thousands of California school children's right to an acceptable education. In fact, their right trumps you.
Similarly, California has been credibly accused of failure in this duty. The people concerned have the right to petition the government for redress of grievances (that's actually in the Constitution) and the government accordingly has the right as well as the duty to investigate those grievances, which means it too needs access to the data.
In theory, California has a corresponding duty to protect the security of the data that it collects -- depending upon the technical details that we don't have, it may or may not be in breach of that duty, and that in turn will be resolved if anyone has the political will. But that's another question. Right now, the courts need to get access to that data, and they've taken steps that actually have more regard for the privacy of the people involved than California has.
But privacy is never an absolute right -- in fact, no right is absolute -- and anyone who thinks otherwise is a fool. Not "is being cast as" a fool, but actually is.
The impetus is gathering data with the aim to sell it, not protecting anyone.
I'm wondering who you think is going to be selling the data in this instance. The Special Master? The magistrate judge? The district judge? Or perhaps the MHCPA (the nonprofit)? Surely not the California DoE, since they already have the data to hand, and would be selling it already if they wanted to.
Even your claim that society doesn't care about what happens to its citizens is shown to be false in this instance; this claim was brought by a single group of concerned parents on behalf of all similarly situated people statewide, a position that they clung to even when they were offered a chance to narrow their scope and claims. If they didn't care, they wouldn't have filed suit in the first place, and if they were only concerned about their own children, they would have accepted that offer, and then allowed themselves to be bought off with a suitably narrow fix that would have addressed the issue in their community but thrown the rest of the state under the bus.
Indeed, the group that are trying to hide behind privacy claims are doing so precisely because they fear that people who care what happens to California citizens will learn what is actually happening.
| 1 person marked this as a favorite. |
You realize you're changing the subject?You realize it's not that hard to find out a person's SSN right?Let's be honest folks, with the kids these days nothing in that database is any more dangerous than personal information that they share on the instatwitbookchat before brushing their teeth.Social media posts rarely contain information necessary to access bank accounts, sign up for loans, etc.Nope. SSN is the only thing not typicwlly found on a social media feed needed for that.
This is a case of the CA DoE screaming about privacy and the sky falling to distract people from the fact that they've been doing kids wrong.
Privacy is a myth and always has been.
I'm not even sure what thing I said that you're arguing against. Are you just going off randomly?
Are we still discussing what kids do and don't share on social media? That was the post I responded to.
Edit: To add, if you look back up to my first post, I'm not siding with the CA DoE on this specific case. There are obviously ways to share the information without making it more vulnerable, particularly in this specific case. There have even been documented suggestions that would maintain security on the information, while allowing an investigation to happen.
There are obviously ways to share the information without making it more vulnerable, particularly in this specific case. There have even been documented suggestions that would maintain security on the information, while allowing an investigation to happen.
You obviously know a lot more about the DoE's data storage procedures than others in this thread (including myself), if you can verify of your own knowledge that they are "documented suggestions" instead of "wild-assed guesses based upon assumptions about how the database MIGHT look."
Privacy is a myth and always has been.
In a way I think you are correct, but like some myths, there is also truth involved. In the USA privacy is a Right, protected by law (note that half the words in that sentence should probably be in quotes). Like most rights, it isn't something you generally notice, until someone violates it. If and/or when someone violates it, you are entitled to bring the case into the legal system, with all of the fun that entails. Like most other rights and protected things, there is no magical shield or alarm that goes off when it is violated. It is only as good as the mechanism that protects it, and The Law is notoriously inconsistent.
The concept of privacy was strongly protected when I was younger. Nixon was impeached largely because he violated the privacy of some powerful interests. We supposedly fought the Cold War because we valued our rights, and did not want our own government spying on us like the hated KGB. Citizens reporting on their fellow countryman was what they did in East Germany, and that was as un-american as it gets!
All of that changed around the turn of the millennium, with 9/11 being used as a Reichstag fire moment, that turned the government against it's own people, and against it's previously proclaimed virtues. Privacy became a dirty word, and security replaced it as a virtue.
The other change in privacy is technology. In my parents day, usable cameras and sound recorders were large, bulky devices that generally produced a single unique piece of media. Film recorders were especially so. That media produced was relatively expensive, bulky and required special equipment and techniques to reproduce and share in a meaningful way. For a G-Man or Private Dic to bust you, they would have to follow you in person, take a photo, have that photo developed and copied, then physically deliver a copy of that photo to someone. If they wanted that photo to be seen broadly, they would have to mail copies, or at best display it on TV.
From the 1990's through early 2000's things could be done digitally, but quality was poor, and storage, especially of video, was very expensive. Also, operating the digital stuff required a fair amount of expertise to be done in a reliable way.
Today, things are totally different! I can go to my local supermarket, and for less then $100 buy a drone with a 1080 camera that links with the click of a button to my $100 smartphone. I can store hundreds or thousands of hours of video at virtually no cost, and can even have speech-to-text and automated searches done instantly. Privacy is easier to threaten then it has ever been, by far.
One important point: SS Numbers are valuable, but not the only valuable piece of info related to this case. These records could contain information (especially disciplinary info) that could be very useful in political or legal situations. If it is on the internet, it can be used against you in court.
There are obviously ways to share the information without making it more vulnerable, particularly in this specific case. There have even been documented suggestions that would maintain security on the information, while allowing an investigation to happen.You obviously know a lot more about the DoE's data storage procedures than others in this thread (including myself), if you can verify of your own knowledge that they are "documented suggestions" instead of "wild-assed guesses based upon assumptions about how the database MIGHT look."
You talk about it in this post.
We both know there are ways to format the database to share the required information that doesn't include information like linked names and SSNs.
You've posted methods and referenced court documents that say the same thing.
So....
There are obviously ways to share the information without making it more vulnerable, particularly in this specific case. There have even been documented suggestions that would maintain security on the information, while allowing an investigation to happen.You obviously know a lot more about the DoE's data storage procedures than others in this thread (including myself), if you can verify of your own knowledge that they are "documented suggestions" instead of "wild-assed guesses based upon assumptions about how the database MIGHT look."
You talk about it in this post.
We both know there are ways to format the database to share the required information that doesn't include information like linked names and SSNs.
Yes, and neither of us knows if any of those ways are actually feasible given the existing state of the systems. As the old joke has it, "if I wanted to go there, I wouldn't start from here." Or rather, I know that I don't know, which makes my musings "wild-assed guesses."
| 1 person marked this as a favorite. |
There are obviously ways to share the information without making it more vulnerable, particularly in this specific case. There have even been documented suggestions that would maintain security on the information, while allowing an investigation to happen.You obviously know a lot more about the DoE's data storage procedures than others in this thread (including myself), if you can verify of your own knowledge that they are "documented suggestions" instead of "wild-assed guesses based upon assumptions about how the database MIGHT look."
You talk about it in this post.
We both know there are ways to format the database to share the required information that doesn't include information like linked names and SSNs.
Yes, and neither of us knows if any of those ways are actually feasible given the existing state of the systems. Or, as the old joke has it, "if I wanted to go there, I wouldn't start from here."
Maybe I took something out of context. Either way, having worked with databases before, it's a b+#@@&*! argument. Like seriously b@@#%!$~.
It's like saying you can't start your car, because you need the key to unlock it, but you can't unlock it, because you're trying to use the key to start the car.
If the database can't give you select information, it's a useless database to begin with, and there's no reason they'd be using it because it'd be worthless. If the database can use search functions, then it can sort and display different pieces of information in different context.
Essentially, the CDE's argument is that they can't give any information without giving all the information. This is b!$@+~%* and untrue. Because if it was true, their database would be of no use for their own purposes. It would be pointless and they'd switch to a different system, probably years ago.
If you look at this page and read this link, you'll find out that the database uses the DBF format, which is a pretty standard format for databases. In fact, it's so standard, you can import it into Microsoft Excel.
Did you know you can delete entire row's or columns in Excel? Insert new column, use auto-fill to assign each student a number 1 through X (X being however many students there are in the file). Save the file and keep it at the school. Then delete the name and SSN column and give that to the non-profit.
Done.
Now, it might be a little more complicated than that, but we're mostly talking about double-checking and making sure the formatting comes through and our data is intact.
Edit: when I say I've done work with databases, I helped do a database migration while I was in the military. The database was a Navy-wide system. The hard part is putting it INTO another database. The easy part is getting the stuff out of your old database.
| 1 person marked this as a favorite. |
Another thing, reading their documentation a little more... they accept freaking .txt files for database input, which means they can output a .txt file as well (especially considering this is meant to exchange data between databases in their system of schools).
Seriously, the more I read, the more it sounds like this.
| 1 person marked this as a favorite. |
If the argument seriously is that "since it's a lot of work to give them the scrubbed data, you can just give them everything", the very sensible counter-argument is "since it is eminently possible to build a database that would very easily give the scrubbed data, your database should follow such a structure". Fix it. Voila. Privacy problem, SOLVED. Then you won't need to "balance" (duckspeak for "removing") people's privacy.
Also, you have an extremely naive view of the effects of 9/11 on privacy and surveillance.
Go read up on J Edger Hoover.
I have an extremely naive view about a lot of things, but I'm only somewhat naive about privacy and surveillance. I know of Hoover and FBI abuses. I get that things like CoIntelPro went on, and know that there were other abuses before my time. I get that various groups were targeted, especially minority and Lefties.
However, at the end of Hoover's reign, the FBI had had about 15 thousand agents and support staff, in 70 offices. They had to carry out their most sinister programs in secrecy, because the public viewed spying on fellow citizens as wrong. In cases like Nixon's fall, (which was before my time, I was born in '75) people went to jail for spying on fellow citizens. In NYC abuses by the NYPD resulted in the Handschu_agreement that put sever limits on police abuse of power.
I worded it poorly in my previous post, but my point was, it was once considered wrong among the general population for the government to spy on it's own citizens. The government did these things on relatively small scale (primarily the FBI), with a fairly small chunk of the budget, and targeted a fairly small percentage of the population. After 9/11 a much larger chunk of the budget and government was directed inward toward surveillance. In my lifetime the number of FBI personnel has approximately doubled. In the last 15 yeas "Homeland Security" and a huge "private sector" surveillance apparatus flourished on lavish funds and unchecked power. I wound guess their offices number in the thousands. But the biggest change is that many people really don't seem to care about being spied on. I don't think Hoover, or even George Orwell would believe the scale, efficiency and acceptance of the modern surveillance state.
Oh, and I did grow up in a small town where everyone knows everyone's business. There is a big difference between gossipy neighbors, and being spied on, especially when it comes to photographic, video and other media monitoring.
If the argument seriously is that "since it's a lot of work to give them the scrubbed data, you can just give them everything", the very sensible counter-argument is "since it is eminently possible to build a database that would very easily give the scrubbed data, your database should follow such a structure".
That's an interesting equivocation. You reject option a) because it's "a lot of work" and then demand option b) because it's "possible," which is in fact a lot more work than what you previously rejected.
However, it doesn't work that way. A discovery request that is unduly burdensome is not allowed. And the courts are required to balance the risk to the public in deciding what to order.
But in this case, the "balancing" is extremely easy:
* The additional risk to the public in creating a copy of that database is -- literally -- negligible. (This is the point you've been systematically ignoring.)
* The value of this information to resolve an actual issue of the public good is extremely high -- it's critical to this case.
Therefore, the judge's order was correct and appropriate.
If the DoE disagrees, it's welcome to appeal the order and have a second set of eyes look at it. Funny, though, but I think when any rational person looks at the risks and rewards, they'll support the judge's order.
Bad database structures are not a problem anyone suddenly discovered. Expensive, take a long time, yes. That is why it is important to do it well from the start. There could even be rules for how such databases should be structured in a government entity. I am not saying they should rebuild anything now. I am saying they should fine government entities for not having good databases. Do that for a while and getting scrubbed data will not be a problem.
Besides, you guys attribute a lot of stuff to me that I have not said. Please stop doing that.
Bad database structures are not a problem anyone suddenly discovered. Expensive, take a long time, yes. That is why it is important to do it well from the start.
So, you're suggesting that the court should order that the Department of Education go back in time, now?
I am saying they should fine government entities for not having good databases.
Not having good databases is not a fineable offense. And, for that matter, not designing a database in 1995 that fits standards in 2016 is also not a fineable offense, nor should it be. If the best alternatives you have to the judge's order involve time travel and/or precognition, that's actually a pretty ringing endorsement of the judge's decision.
| 1 person marked this as a favorite. |
Not having good databases is not a fineable offense.In theory it could be. No real reason government databases couldn't be held to a minimum standard, with penalties to force compliance.
Of course, once such standards were developed time would need to be allotted to allows entities to reach them.
.... and, perhaps more importantly, money. Database updates aren't free, and the dollars you spend on database updates aren't being spent on building upkeep, teacher's salaries, sports equipment, et cetera. I can't see a proposal to spend billions of dollars upgrading databases to 2016 standards getting a lot of backers in this political climate, and of course, by the time the upgrades were completed, everyone would be looking at the new databases and saying "Ewwww, that's so 2016!"
| 1 person marked this as a favorite. |
BTW, you can download CASEMIS from the CDE's website. So I did.
You can export to Excel format.
At the bottom of page 3, this PDF, says the same thing. It's an 11 page guide to help you use CASEMIS.
The more I look at this, the less time I estimate that it would take me to do the actual thing. I bet I could do it in 20 minutes, easily, depending on how it was supposed to be done.
For example, if every school in California had to be a different file, that might take a couple days, but only cause there are thousands of schools.