The article does does do a fair job of exploring the nuance of the situation at hand. However, even as someone who is obsessed with privacy, I do think that FOIA is essential and that putting up...
The article does does do a fair job of exploring the nuance of the situation at hand. However, even as someone who is obsessed with privacy, I do think that FOIA is essential and that putting up barriers does more harm than good.
For one, they noted this is difficult to do en-mass. This alone makes me question the usefulness of putting more barriers up.
The more barriers there are, the harder it becomes to request information without it being denied or heavily redacted. This almost certainly be abused to conceal information.
A (probably not great) example: While I consider it a generally good thing for student records to be sealed, doing so means that an investigative journalist can't study for systemic biases in grading.
I think there are two better approaches:
Two-pass FOIA. The first pass has heavily masked datasets protecting large amounts of PII. A second pass can then be requested to unmask it, with more scrutiny and something to the effect of an NDA which sets a much higher bar for public interest. Possibly requiring the second pass requests themselves to be publicly documented with a Name, Email, data requested, and stated reason for unmasking.
Mandating data polices that minimize the collection, distribution , and retention of PII as a whole, such that a FOIA request is much less likely to touch on it. I work for a public institution that does this anyhow to reduce chances of leaks, but processes could be improved. Using the fishing license example: Only active permits have PII stored with them. After the season, most of the data gets wiped. The primary purpose of fishing/hunting licenses is revenue generation and capping creature death, as such data isn't really needed long term unless there are heavy policies like 'only one every 5 years' or something.
I see attaching a name and home address as the highest risk. Stalking victims are such a low priority for most policies, but the consequences can be so extreme that separating those two pieces of...
I see attaching a name and home address as the highest risk. Stalking victims are such a low priority for most policies, but the consequences can be so extreme that separating those two pieces of information should be THE priority for providing privacy. These folks currently have to deal with it by limiting their lives, sometimes for years.
If it's possible to redact some residential addresses, I'd argue it's possible to redact all of them. I don't know what exactly is involved, but special cases tend to make software more complicated than treating everything the same. In cases like building permits, include an address but not a name.
Howso? If you own your home, your name is trivially connected by doing a lookup against property tax records. Your address and name are essentially public info anyhow from a far broader spectrum....
Howso? If you own your home, your name is trivially connected by doing a lookup against property tax records. Your address and name are essentially public info anyhow from a far broader spectrum. Notice data aggregators aren't doign FOIA requests for property tax records.
The correct answer is to never use your real name online unless you're willing to deal with the reality of everybody being able to identify you instantly. I never comprehended people using their real name in a non-professional setting online.
Protecting against security breaches largely comes down to making the effort troublesome enough that it's not worth the bother. I don't think giving up is the best approach.
Protecting against security breaches largely comes down to making the effort troublesome enough that it's not worth the bother.
The article does does do a fair job of exploring the nuance of the situation at hand. However, even as someone who is obsessed with privacy, I do think that FOIA is essential and that putting up barriers does more harm than good.
For one, they noted this is difficult to do en-mass. This alone makes me question the usefulness of putting more barriers up.
The more barriers there are, the harder it becomes to request information without it being denied or heavily redacted. This almost certainly be abused to conceal information.
A (probably not great) example: While I consider it a generally good thing for student records to be sealed, doing so means that an investigative journalist can't study for systemic biases in grading.
I think there are two better approaches:
Two-pass FOIA. The first pass has heavily masked datasets protecting large amounts of PII. A second pass can then be requested to unmask it, with more scrutiny and something to the effect of an NDA which sets a much higher bar for public interest. Possibly requiring the second pass requests themselves to be publicly documented with a Name, Email, data requested, and stated reason for unmasking.
Mandating data polices that minimize the collection, distribution , and retention of PII as a whole, such that a FOIA request is much less likely to touch on it. I work for a public institution that does this anyhow to reduce chances of leaks, but processes could be improved. Using the fishing license example: Only active permits have PII stored with them. After the season, most of the data gets wiped. The primary purpose of fishing/hunting licenses is revenue generation and capping creature death, as such data isn't really needed long term unless there are heavy policies like 'only one every 5 years' or something.
I see attaching a name and home address as the highest risk. Stalking victims are such a low priority for most policies, but the consequences can be so extreme that separating those two pieces of information should be THE priority for providing privacy. These folks currently have to deal with it by limiting their lives, sometimes for years.
If it's possible to redact some residential addresses, I'd argue it's possible to redact all of them. I don't know what exactly is involved, but special cases tend to make software more complicated than treating everything the same. In cases like building permits, include an address but not a name.
Howso? If you own your home, your name is trivially connected by doing a lookup against property tax records. Your address and name are essentially public info anyhow from a far broader spectrum. Notice data aggregators aren't doign FOIA requests for property tax records.
The correct answer is to never use your real name online unless you're willing to deal with the reality of everybody being able to identify you instantly. I never comprehended people using their real name in a non-professional setting online.
Protecting against security breaches largely comes down to making the effort troublesome enough that it's not worth the bother.
I don't think giving up is the best approach.