A class of 41 graduate students in a computer security course at Johns Hopkins University in Baltimore, MD, worked on a project finding personal information on the Internet, and proved what privacy advocates have been saying for years -- all it takes to obtain reams of personal data is Internet access, a few dollars and some spare time.
Working with a strict requirement to use only legal, public sources of information, groups of three to four students set out to vacuum up not just tidbits on citizens of Baltimore, but whole databases: death records, property tax information, campaign donations, and occupational license registries. They then cleaned and linked the databases they had collected, making it possible to enter a single name and generate multiple layers of information on individuals. Each group could spend no more than $50.
The Johns Hopkins project was conceived by Aviel D. Rubin, a professor of computer science and the technical director of the Information Security Institute at the university. He has used his graduate courses before to expose weaknesses in electronic voting technology and other aspects of a society that is increasingly dependent on - and at the mercy of - digital technology. "My expectations were that they would be able to find a lot of information, and in fact they did," he said.
Several groups managed to gather well over a million records, with hundreds of thousands of individuals represented in each database.
* NYTimes (use BugMeNot Mozilla plug-in for logging in)
Posted by volubis at May 19, 2005 09:39 PM