Stories with Tag Public Records

• I asked police to send me their public surveillance footage of my car

  permalink

  Posted: 2025-03-28 12:14:06

  Verbose tl;dr

  A journalist drove 300 miles through rural Virginia, then filed public records requests with law enforcement agencies to see what surveillance footage they had of his car. He received responses from various agencies, including small town police, sheriff's departments, and university police. Some agencies had no footage, while others had license plate reader (LPR) data or images from traffic cameras. The experience highlighted the patchwork nature of public surveillance, with data retention policies and access procedures varying widely. While some agencies promptly provided information, others were unresponsive or claimed exemptions. The experiment ultimately revealed the growing, yet inconsistent, presence of automated surveillance in even rural areas and raised questions about data security and public access to this information.

  This Cardinal News article chronicles a meticulous, self-funded experiment conducted by journalist Dean Seal in the Commonwealth of Virginia. Driven by a desire to ascertain the pervasiveness of automated license plate reader (ALPR) surveillance technology deployed by law enforcement agencies, Mr. Seal embarked on a 300-mile journey through predominantly rural regions of the state. Subsequent to this excursion, he systematically filed Freedom of Information Act (FOIA) requests with eight distinct sheriff's offices, specifically requesting any and all ALPR data pertaining to his vehicle’s license plate number captured during his travels. The article details Mr. Seal’s procedural approach, including the specific counties targeted and the varying responses he received from each agency.

  His findings illustrated a patchwork landscape of ALPR adoption and data retention policies. While some sheriff's offices confirmed possessing ALPR systems and readily furnished him with records – often pinpointing his vehicle’s location with remarkable precision, down to the specific time and roadway – others disclosed that they either lacked such technology entirely, or did not retain the requested data due to storage limitations or policy decisions. The article emphasizes the variability in responses, highlighting the decentralized nature of ALPR implementation and the resulting inconsistencies in data accessibility across different jurisdictions within Virginia. It further underscores the potential privacy implications inherent in this widespread, yet unevenly applied, surveillance technology. Mr. Seal’s personal experience serves as a practical illustration of the challenges faced by citizens seeking to understand the extent to which their movements are being monitored and recorded by public authorities. The article concludes by emphasizing the need for greater transparency and standardized regulations regarding the use and retention of ALPR data, allowing individuals to exercise informed consent regarding the collection of their personal information.

  • police surveillance
  • Public Records
  • surveillance footage
  • ALPR
  • automatic license plate readers
  • Virginia
  • rural surveillance
  • privacy
  • Civil Liberties
  • Data Collection
  • transparency
  • FOIA
  • Freedom of Information Act
  • police technology
  • car tracking

  Summary of Comments ( 255 )
  https://news.ycombinator.com/item?id=43504413

  Verbose tl;dr

  Hacker News users discuss the implications of widespread police surveillance and the journalist's experience requesting footage of his own vehicle. Some express concern about the lack of transparency and potential for abuse, highlighting the ease with which law enforcement can track individuals. Others question the legality and oversight of such data collection practices, emphasizing the need for stricter regulations. A few commenters suggest technical countermeasures, such as license plate covers, while acknowledging their limited effectiveness and potential legal ramifications. The practicality and cost-effectiveness of storing vast amounts of surveillance data are also debated, with some arguing that the data's usefulness in solving crimes doesn't justify the privacy intrusion. Several users share personal anecdotes of encountering ALPRs (Automatic License Plate Readers), reinforcing the pervasiveness of this technology. Finally, the discussion touches upon the challenges of balancing public safety with individual privacy rights in an increasingly surveilled society.

  The Hacker News post "I asked police to send me their public surveillance footage of my car" generated a moderate discussion with several interesting points raised in the comments. Several commenters focused on the practicalities and legalities surrounding the request and the broader implications of such surveillance.

  One commenter discussed the variability of police responses to such requests, noting that some departments are cooperative while others are obstructive, even when legally obligated to provide the information. They highlighted the importance of public records laws and advocated for utilizing resources like MuckRock to facilitate these requests. This commenter also touched on the disparate impact of ALPRs (Automatic License Plate Readers) based on geographic location, suggesting that smaller towns might have less comprehensive or easily retrievable data compared to larger cities.

  Another commenter shared a personal anecdote about their experience obtaining ALPR data from their local police department. They emphasized the ease with which they received the information, contrasting it with the difficulties described in the original article. This difference highlighted the inconsistency in how different police departments handle these requests.

  A significant thread developed around the legality of license plate scanning and the legal precedent surrounding it. Commenters discussed the Fourth Amendment implications and the varying interpretations by courts across the US. Some argued that tracking vehicles without probable cause constituted a violation of privacy, while others cited court decisions that have upheld the practice. The discussion also delved into the potential for abuse of this technology and the lack of clear regulations governing its use.

  The technical aspects of ALPR data were also explored, with commenters discussing the types of data collected, the storage methods employed, and the potential for inaccuracies in the data. One commenter pointed out the possibility of "ghost plates" – misreads of license plates leading to incorrect data being associated with a vehicle. This raised concerns about the reliability of the data and the potential for misidentification.

  Finally, some comments offered practical advice for individuals seeking to obtain their own ALPR data, recommending resources like the Electronic Frontier Foundation (EFF) and providing tips on framing the request to law enforcement agencies. This practical focus complemented the broader discussion on legal and societal implications.

  Overall, the comments section offered a multifaceted perspective on the use of ALPRs and the public's access to the data they collect, covering legal, technical, and practical considerations. The variety of experiences shared by commenters highlighted the inconsistencies in law enforcement practices and the need for greater clarity and regulation in this area.

• I Went to SQL Injection Court

  permalink

  Posted: 2025-02-25 18:39:10

  Verbose tl;dr

  The author recounts their experience in an Illinois court fighting for access to public records pertaining to the state's Freedom of Information Act (FOIA) request portal. They discovered and reported a SQL injection vulnerability in the portal, which the state acknowledged but failed to fix promptly. After repeated denials of their FOIA requests related to the vulnerability's remediation, they sued. The judge ultimately ruled in their favor, compelling the state to fulfill the request and highlighting the absurdity of the situation: having to sue to get information about how the government plans to fix a security flaw in a system designed for accessing information. The author concludes by advocating for stronger Illinois FOIA laws to prevent similar situations in the future.

  This blog post, titled "I Went to SQL Injection Court," details the author's experience assisting a journalist, named David, in pursuing legal action against the Illinois State Police (ISP) for improperly denying a Freedom of Information Act (FOIA) request. David's request, which sought statistical information about arrests related to traffic stops, was rejected by the ISP due to security concerns, citing the potential for SQL injection vulnerabilities. The author, possessing expertise in database security, analyzed the ISP's web form and determined that it was indeed vulnerable to such attacks. This vulnerability could allow malicious actors to manipulate the form's input fields to execute arbitrary SQL commands, potentially exposing sensitive data from the underlying database.

  The author then meticulously documented this vulnerability, providing a comprehensive explanation of how it could be exploited. This documentation included specific examples of malicious queries that could be entered into the form, demonstrating the real-world risk associated with the flaw. Armed with this evidence, the author and David proceeded to file a lawsuit against the ISP, arguing that their rejection of the FOIA request based on security concerns was invalid because the ISP's own system was insecure. The crux of their argument was that the ISP could not legitimately cite security concerns as a reason for denying the FOIA request while simultaneously neglecting to address a significant vulnerability in their own system.

  The blog post narrates the court proceedings, highlighting the author's testimony as an expert witness. The author explained the nature of SQL injection and the specific vulnerability in the ISP's web form to the judge. The judge, after considering the evidence and testimony, ultimately ruled in favor of David and the author. The judge ordered the ISP to fulfill the FOIA request, implicitly acknowledging the validity of the author's security assessment and the spurious nature of the ISP's initial rejection. The post concludes by expressing the author’s satisfaction with the outcome, viewing it as a victory for transparency and accountability in government agencies. The author further underlines the importance of robust security practices and emphasizes that genuine security concerns should be addressed proactively rather than being used as a pretext for withholding public information. The case underscores the importance of technical expertise in legal battles surrounding technology and access to information.

  • SQL Injection
  • FOIA
  • Illinois
  • Open Records
  • Government Transparency
  • Data Access
  • Legal Case
  • Court Case
  • Public Records
  • Freedom of Information
  • information access
  • transparency
  • Civic Tech
  • government data

  Summary of Comments ( 370 )
  https://news.ycombinator.com/item?id=43175628

  Verbose tl;dr

  HN commenters generally praise the author's persistence and ingenuity in using SQL injection to expose flaws in the Illinois FOIA request system. Some express concern about the legality and ethics of his actions, even if unintentional. Several commenters with legal backgrounds offer perspectives on the potential ramifications, pointing out the complexities of the Computer Fraud and Abuse Act (CFAA) and the potential for prosecution despite claimed good intentions. A few question the author's technical competence, suggesting alternative methods he could have used to achieve the same results without resorting to SQL injection. Others discuss the larger implications for government transparency and the need for robust security practices in public-facing systems. The most compelling comments revolve around the balance between responsible disclosure and the legal risks associated with security research, highlighting the gray area the author occupies.

  The Hacker News post "I Went to SQL Injection Court" (regarding the blog post about FOIA issues in Illinois) has several comments discussing various aspects of the situation.

  Many commenters focus on the absurdity of the legal arguments and the judge's apparent lack of technical understanding. One commenter highlights the judge's confusion between SQL injection and simply using SQL, pointing out that using SQL isn't inherently malicious. This commenter expresses frustration with the legal system's inability to grasp basic technical concepts, leading to flawed judgments. Another commenter sarcastically suggests that using a web browser constitutes "browser injection" because it involves sending commands to a server, mirroring the faulty logic applied to SQL injection.

  Several comments discuss the implications of this case for security research and vulnerability disclosure. Commenters express concern that this ruling could discourage security researchers from reporting vulnerabilities, fearing legal repercussions for simply demonstrating how an exploit works. They argue that this chilling effect could have detrimental consequences for online security. One commenter draws a parallel to medical research, arguing that prosecuting someone for demonstrating a vulnerability is akin to prosecuting a medical researcher for demonstrating how a virus spreads.

  Another commenter expresses concern over the reliance on "intent" in determining the legality of security testing. They argue that focusing on intent is subjective and difficult to prove, making it a poor basis for legal decisions in technical matters. This commenter suggests that a more objective standard based on the actual actions taken would be preferable.

  Some comments delve into the specifics of Illinois law and the legal arguments presented. One commenter notes the apparent contradiction between the court's ruling and the Illinois Compiled Statutes, suggesting a misinterpretation of the law. Another points out the apparent lack of evidence presented by the prosecution, focusing solely on the method used rather than any demonstrable harm caused.

  A few commenters offer practical advice and alternative perspectives. One commenter suggests that using a proxy server could potentially circumvent the legal issues raised in the case. Another commenter offers a more cynical view, suggesting that the prosecution may be motivated more by politics and personal vendettas than a genuine concern for cybersecurity.

  Finally, some commenters express broader concerns about the increasing criminalization of security research and the potential for chilling effects on legitimate activities. They advocate for clearer legal frameworks and better education within the legal system about technical matters to prevent similar situations in the future.

• Show HN: New search engine and free-FOIA-by-fax-via-web for US veteran records

  permalink

  Posted: 2025-01-13 04:22:06

  Verbose tl;dr

  Birls.org is a new search engine specifically designed for accessing US veteran records. It offers a streamlined interface to search across multiple government databases and also provides a free, web-based system for submitting Freedom of Information Act (FOIA) requests to the National Archives via fax, simplifying the often cumbersome process of obtaining these records.

  A new, specialized search engine and Freedom of Information Act (FOIA) request facilitator has been launched, specifically designed to aid in the retrieval of United States veteran records. This resource, hosted at birls.org, aims to streamline and simplify the often complex and time-consuming process of obtaining these vital documents. Traditionally, requesting information through the FOIA has involved navigating bureaucratic hurdles, including locating the correct agency, understanding the specific requirements for each agency, and managing the often lengthy waiting periods. This new tool seeks to mitigate these challenges by providing a user-friendly interface for searching existing records and a streamlined, web-based system for submitting FOIA requests, specifically leveraging fax technology to interact with government agencies. The implied benefit is a more accessible and efficient method for veterans, their families, researchers, and other interested parties to access crucial information pertaining to military service. The website itself presumably hosts a searchable database of already digitized veteran records, allowing users to potentially find information without needing to file a formal request. For records not yet digitized or publicly available, the integrated FOIA request system purports to simplify the process by automatically generating and submitting the necessary paperwork via fax to the relevant government entity, potentially reducing processing time and administrative overhead for the user. This service is being offered free of charge, further lowering the barrier to entry for individuals seeking these records.

  • US Veterans
  • Veteran Records
  • FOIA
  • Freedom of Information Act
  • Search Engine
  • Fax
  • web application
  • Military Records
  • Genealogy
  • History
  • Government Records
  • Open Records
  • Open Government
  • Public Records
  • Birls.org

  Summary of Comments ( 38 )
  https://news.ycombinator.com/item?id=42680048

  Verbose tl;dr

  HN users generally expressed skepticism and concern about the project's viability and potential security issues. Several commenters questioned the need for faxing FOIA requests, highlighting existing online portals and email options. Others worried about the security implications of handling sensitive veteran data, particularly with a fax-based system. The project's reliance on OCR was also criticized, with users pointing out its inherent inaccuracy. Some questioned the search engine's value proposition, given the existence of established genealogy resources. Finally, the lack of clarity surrounding the project's funding and the developer's qualifications raised concerns about its long-term sustainability and trustworthiness.

  The Hacker News post titled "Show HN: New search engine and free-FOIA-by-fax-via-web for US veteran records" linking to birls.org generated several comments, largely focusing on the practicalities and potential impact of the service.

  Several commenters expressed appreciation for the service, highlighting the difficulty and often prohibitive cost usually associated with obtaining veteran records. They saw this as a valuable tool for veterans, their families, and researchers seeking information. The simplification of the FOIA request process via fax automation was specifically praised.

  Some questioned the legality of charging for expedited processing of FOIA requests, a feature mentioned on the site. This sparked a discussion around the nuances of FOIA law and whether the service was charging for the expedited processing itself or for the value-added service of preparing and submitting the request.

  Technical aspects of the service were also discussed. One commenter inquired about the search engine's underlying data source and indexing methods. Another questioned the choice of fax as the communication medium, suggesting more modern, potentially more efficient methods. The reliance on fax was explained by the creator as a workaround for government agencies that are slow to adopt modern technology, particularly regarding FOIA requests.

  The creator of the website actively participated in the discussion, responding to questions and clarifying the service's functionality and purpose. They explained the motivation behind the project, emphasizing the desire to make veteran records more accessible. They also addressed the pricing model, stating the fee was for the service provided and not for the expedited processing itself, which is at the discretion of the government agency.

  Overall, the comments section reflected a mixture of enthusiasm for the service's potential to simplify access to veteran records, queries about its technical implementation and legal aspects, and appreciation for the creator's initiative in tackling a complex bureaucratic process. The discussion highlights the challenges of navigating the FOIA process and the need for services that can bridge the gap between individuals and government information.