The Daily Parker

Politics, Weather, Photography, and the Dog

Why are phone records private?

In the four days since USA Today reported that the NSA has millions of phone records, millions of decent, hard-working Americans have said, "So what?" I think there are two reasons for this: first, data security seems like an esoteric and hard-to-understand sub-field of computer science, which makes people disinclined to think about the problem; and second, most people need concrete examples to understand things clearly.

How about this simple, concrete example: ABC News is reporting today that reporters' phone logs are being used in the ongoing CIA leak investigation.

By figuring out who reporters called and when, and who called the reporters, investigators—and heck, any modestly-trained chimpanzees for that matter—will have little trouble figuring out who leaked information to them.

Let's all say it together, shall we?

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Polls open in 175 days, 18 hours.

Wettest May in New Hampshire record

I arrived in Nashua, N.H., from Chicago just a few minutes ago, and two hours later than anticipated because of rain. Lots of rain. In fact, it turns out, they've had more rain than during any May on record—and the month isn't even half-over:

Two weeks into the month, rainfall totals in Concord were expected to wash out the May record of 9.52 inches set in 1984, Cannon said. Official totals have been tracked since 1864.

I believe it has rained almost every day this month, and rain is forecast every day until Saturday. Wonderful.

Pop quiz: Why does this code fail?

Here's some code I discovered while tracking a bug this morning:

const string DATE_FORMAT = "M/d/yyyy";

string dateString = 
   ConfigSettings.GetString("Some setting", DateTime.Now.ToString(DATE_FORMAT));

DateTime someDate = 
   DateTime.ParseExact(dateString, DATE_FORMAT, CultureInfo.InvariantCulture);

The DateTime.ParseExact method throws a FormatException if the string (dateString) doesn't exactly match the format string. I mean, exactly. So when dateString comes back from the configuration settings class as "5-12-2006" (instead of "5/12/2006"), guess what happens.

My correction:

DateTime someDate = DateTime.Parse(dateString, CultureInfo.InvariantCulture);

The DateTime.Parse method takes any legal input and attempts to parse it, freeing the developer from having to know what formats may occur. The DateTime.ParseExact method has some specific applications, but when you don't know what you're getting, it's risky—especially when you don't actually catch the FormatException anywhere.

Of course, the DateTime.Parse method could also throw a FormatException. In the code I'm debugging, since the date isn't really coming from a configuration set that we control and is, in fact, coming from an unknown third party[1], I'm actually going to go with an even more forgiving option:

string dateString = ConfigSettings.GetString("Some setting", string.Empty);

DateTime someDate;
if (DateTime.TryParse(dateString, someDate) == false)
   someDate = DateTime.Now;

Moral: Never assume anything about inputs you don't directly control.

[1] You could tell all that from the name of the class, right? I mean, if you see something called "ConfigSettings" you kind of assume that the class has something to do with configuration settings, and doesn't have anything to do with talking to computers in Ohio, right? I'm not making this up: the method call in question may go to Ohio for its data. This highlights the importance of naming your classes correctly so that people trying to use your code don't curse your name unto the generations.

Republican governor of Kentucky indicted for corruption

A grand jury has indicted Republican Governor Ernie Fletcher on three misdemeanor charges of conspiracy, official misconduct and political discrimination:

The jury also indicted former transportation Cabinet official Sam Beverage for perjury, which is a felony. And the jury also submitted to Franklin Circuit Judge William Graham 14 more indictments that are under seal.
Those indictments cover crimes that may have occurred before Aug. 29, 2005 when Fletcher pardoned all administration officials except himself.

Here's a fun game you can play tonight: Count the number of times Fox News mentions Fletcher's party affiliation, then when they run a story about Democratic Illinois Governor Rod Blagojevich, count the number of times they mention his.

On second thought, don't watch Fox News if you can avoid it.

NSA has your phone records

USA Today reported earlier that the National Security Administration has collected an enormous volume of phone records from AT&T, Verizon, and Bell South. Only Qwest refused the NSA's request:

With access to records of billions of domestic calls, the NSA has gained a secret window into the communications habits of millions of Americans. Customers' names, street addresses and other personal information are not being handed over as part of NSA's domestic program, the sources said. But the phone numbers the NSA collects can easily be cross-checked with other databases to obtain that information.
... Qwest declined to participate because it was uneasy about the legal implications of handing over customer information to the government without warrants.
Qwest's refusal to participate has left the NSA with a hole in its database. Based in Denver, Qwest provides local phone service to 14 million customers in 14 states in the West and Northwest. But AT&T and Verizon also provide some services — primarily long-distance and wireless — to people who live in Qwest's region. Therefore, they can provide the NSA with at least some access in that area.

This is absolutely stunning. The phone companies' disclosure without court orders may be criminal. The NSA's collection of the data is certainly illegal.

I don't care what your political views, do you really want the U.S. government knowing how often you called your mother last month? Do you want some bureaucrat in Maryland figuring out how many links separate you from Kevin Bacon? Or, more to the point, Osama bin Laden? Say you call a restaurant to make reservations frequented by the uncle of the brother-in-law of the daughter of (insert terrorist suspect here)...do you really want someone to make that connection for you?

Do you want your phone company to just give this data over to the government in the first place?

I remember a simpler time when a cop had to go to the U.S. Attorney who had to go to a judge to get permission to get the phone records of a Mafia boss.

Just in case anyone has forgotten: the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. This is the law, and has been so for 215 years. It's time to enforce the law.

Polls open in 179 days and 18 hours.

Update: Anne found that the Electronic Frontier Foundation has an ongoing class-action suit against AT&T stemming from the revelations last November that AT&T had helped the NSA listen in on conversations. I imagine they'll amend the suit to take into account USA Today's allegations.

New, improved El cars coming

The Chicago Tribune reports today that the Chicago Transit Authority has agreed to buy 406 new El cars for the Blue and Pink lines. The cars will have aisle-facing seating rather than the mixed seating arrangement currently in use (see the Tribune graphic). This is a long-overdue improvement on the Blue line, whose trains go to O'Hare. Struggling with luggage on the current trains causes pain; the new arrangement will alleviate it.

The CTA expects the cars to roll by 2009, shortly after we have a new President (984 days from now).

Getting your pocket picked without your knowledge

Bruce Schneier linked to this Wired article about Radio Frequency ID (RFID) tags. It will fascinate or terrify you, depending on how thorough and disciplined you think the implementations will be. Choice passage:

"I was at a hotel that used smartcards, so I copied one and put the data into my computer," Grunwald says. "Then I used RFDump to upload the room key card data to the price chip on a box of cream cheese from the Future Store. And I opened my hotel room with the cream cheese!"

Cool...?

"Congress is a Joke:" Motley Fool

I don't agree with everything Motley Fool columnist Bill Mann says, but I think in essence he's correct:

My editors hate it when I call people idiots. But I mean it. Our elected officials are either stupid, or they think enough of us are stupid that they can say stupid things and we'll just thank 'em for it. ... Pay $100 from the federal Treasury to compensate Americans for high gas prices? Are you people completely, utterly devoid of brain matter?
You want to blame $3 gas on something? Fine, let's start with where blame should go—on $0.95 gas.

I think he's right that cheap gas hurt in the long run, but I'm not sure that the free market justifies the enormous profits oil companies are reaping. I'll think more about this.