I haven't had a Facebook for years, yet I'm absolutely convinced that Facebook has maintained my social graph through pictures my friends and others have posted with me in them. This is the real unprecedented threat: crowdsourced surveillance by a private company. We need strong laws and leaders to prevent this sort of thing from happening in the first place. And should the government be allowed to "tap in" to this graph to monitor people with a warrant? Scary times.
Guatemala (1952-54) and Iran (1953) both come to mind. United Fruit and Anglo-Iranian Oil -- the latter a British firm, but with distinct US interests. Cuba (Bay of Pigs) and US sugar, alcohol, and tobacco interests.
Almost certainly Sukarno (Indonesia), though that nominally had Communist concerns as well. Indonesia was a source of oil, natural gas, tin, copper, gold, natural rubber, and tropical hardwoods.
Just a flat-out denial of a seemingly-true statement does nothing to advance the conversation.
(Why do I call it a seemingly-true statement? Because if a local ISP, say, will answer questions from the police, without a warrant, then the police are likely to feel free to call the ISP and ask questions when they don't have a warrant. Human nature likes not having to do the extra work.)
I don't need evidence to question a claim, only to make a counter claim.
I am questioning the claim that law enforcement doesn't need a warrant to legally view data about an individual or individuals collected by a 3rd party.
US v Jones, which your link discusses, didn't rule on the 3rd-party doctrine, which is (unfortunately) still being used. Yes, Justice Sotomayor, in her concurring opinion, made a very good case for revisiting what "expectation of privacy" means and suggested that constitutional protections should extend into 3rd party data. Chief Justice Roberts made similar comments[1] in the court opinion for Riley v. CA.
However, those cases addressed specific questions (placing a GPS tracking device, and searching a cellphone that was found upon arrest) and did not rule on the general use of the 3rd-party doctrine. I hope those cases are a sign of change in the court that will lead to broader rulings in the future, but that hasn't happened yet.
> But in the broader view, it is not merely one Justice who will not apply the third party doctrine in a strong form, and thus I have previously written the doctrine’s obituary.
First, "that's simply not true" is a counter claim. So now you need evidence.
Second, yes, law enforcement needs a warrant to legally compel a company to provide them with information. But what if the company (or an individual within it) is willing to provide data without being served with a warrant? Unless taking the information is in violation of privacy laws, what's to keep a police officer from using that? (Call it an "informant" if you wish to equate it with similar non-electronic situations.)
I withdraw the counterclaim, then. I simply dispute the original claim.
As for a company providing information without a warrant, recent case law is closing/has closed the door on a company's ability to do such a thing (not that they are, considering how many companies have stringent privacy agreements with their users).
1. If a company (or an individual) provide information to law enforcement on request, without a warrant, is that disclosure itself breaking the law? (Ignoring company policy and privacy statements here.)
2. If so, will the company be prosecuted for doing so?
3. Will the information be usable in court?
When you say "recent case law is closing the door on a company's ability to do such a thing", it sounds like you're talking about #3 (but feel free to clarify if I'm wrong). But #1 is still a concern, because it can show the police where to try to do parallel construction.
It's plausible only in spirit. An actual listing of terrorists does not have 3 terrorists within a 1-mile radius, and does not need volunteers; the FBI already has such a database. But as recent terrorism has shown, the databases are not be sufficient to prove or disprove terrorism. It's just more security theater.
If the FBI started extending its database to more trivial crimes, like say speeding tickets, then it might start being useful. A law that isn't enforced evenly isn't really a law; it's an excuse for the police to harm people they don't like. Computerized enforcement seems like a good goal to aim for.
Also they keep track of that info easily when somebody migrates their phone address book on to the Messenger or Facebook app, on first install it prompts you to push all that data. They have your name, number and the connection between that user and you.
> I haven't had a Facebook for years, yet I'm absolutely convinced that Facebook has maintained my social graph through pictures my friends and others have posted with me in them.
Considering that Facebook is known to construct shadow profiles of people who don't even use the service "yet", this shouldn't come as a surprise.
I wonder if we will dispense with the need for ID. Imagine borders where no passport is needed or ATM machines that just take a quick iris scan instead of a physical card. Or other emergency services such as hospitals able to check if you can pay the bills or have the required citizenship. I don't think that the crowd that have store loyalty cards would complain if CCTV rather than the card applied the perks.
In such a brave new world identity theft would be a thing of the past and everyone would have less theft to worry about. So there could be upsides for law abiding consumers and not just fascist government police forces.
That's a good point, there are many positive benefits to such a system. Unfortunately, men are not angels and governments tend to abuse such power (this is partly the reason I don't complain too much about oudated government inefficiency - I don't necessarily mind if the government is slow and clogged.)
> Or other emergency services such as hospitals able to check if you can pay the bills
Hospitals are required to provide emergency services regardless of whether you can pay the bills. Pausing for even a second to check a patient's ability to pay when their life is on the line would be heinous in my opinion.
Have you been to a hospital ER? Unless you are literally dying, you will be sat in a chair and handed a clipboard of papers to fill out before anyone with medical training looks at you. And one of those forms will be a financial agreement.
And? You'll fill it out, possibly lying, possibly not, and hand it back to them. They will not read it, they will serve you, and then they will attempt to get payment from you at some point in the future.
Not to derail this conversation, but I'm so happy I live in Canada. I don't understand why the US population is so vehemently against public healthcare.
Mostly because there isn't a well intentioned government program in the US that actually runs as it's supposed to, isn't abused, isn't bloated, ever shrinks in costs or gains efficiency, etc.
And I can't leave a comment like that without addressing the inevitable reply about the current state of healthcare, so to clarify, the current state of healthcare in the US is also the fault of the federal government for a bevy of reasons - most notably, incentivizing workplace health insurance that removed insurance coverage from the consumer market entirely, removing its costs and the natural market response to them and simultaneously removing the cost of healthcare itself from that same marketplace.
The federal government has what I like to call a financial firehose that it aims at different problems and every time it aims that firehose, things get worse. Whether we are talking about healthcare, farming, higher education or housing...everything just gets more bloated and expensive when you remove price from discouraging demand in the basic economics of supply and demand.
I've been to the ER a few times. When you show up, they hand you a clipboard full of papers. When you show up saying "I think I'm having a heart attack", they take you straight back.
From my understanding, one of the tricky bits of biometrics as passwords in general is that you can't really change them. What happens when the future's equivalent of an ATM skimmer scans your iris?
Could also lead to increased violence in muggings/robberies, etc. If fingerprints or eyes become necessary to access what it is they want to take, they'll just add those to the list of things to take from you.
Interesting point re: authentication vs. authorization. In the situation of an iris scan as authentication, what then becomes the authorization? Multi-factor biometrics, some sort of 2/3/4fa scan?
Broadly speaking, solutions to that problem which involve more biometric data make me uncomfortable, in no small part because I just don't trust the people who operate the systems.
Don't know on the passport thing, although my gut says no. Do you mean people just having a passport in general, so say an iris scan pulls your passport data & cross references it against a camera at the ATM? Or having it physically on you so its RFID chip is read?
I've just started thinking/learning about these sorts of problems, so as of now I don't have many opinions on how things should be done haha.
It is my (and not just mine) opinion that law abiding citizens who also care for their own health should push for free healthcare for everyone. If anything, at least until bacteria and viruses learn to properly tell "good" and "bad" people apart.
The loss of privacy should be balanced against the aid it provides to law enforcement to catch criminals. So, even though the loss of privacy is more extensive, the capability of the cops to catch the bad guys is also better.
Because they are using face recognition techniques? That's like the argument some politician made a while back: why do we have record prison populations when the crime rate is lower than ever?
> why do we have record prison populations when the crime rate is lower than ever?
Because it is very profitable for people in the prison industry (and I'm talking about both public and private prisons, along with third party vendors). If you don't talk 'tough on crime', you're not getting 1) funding in your campaign run 2) votes.
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. Those Who Sacrifice Liberty For Security Deserve Neither. He who would trade liberty for some temporary security, deserves neither liberty nor security."
"We knew the threat was looming. But a brand new report[1] from the Georgetown Law Center for Privacy and Technology indicates the problem is far worse than we could’ve imagined.
"In response to the report, EFF has joined a large coalition of privacy advocates[2] to demand the U.S. Department of Justice, Civil Rights Division take two major steps to keep facial recognition in check:
"1. Expand ongoing investigations of police practices and include in future investigations an examination of whether the use of surveillance technologies, including face recognition technology, has had a disparate impact on communities of color; and
"2. Consult with and advise the FBI to examine whether the use of face recognition has had a disparate impact on communities of color."
Seems like a lot of folks get 'privacy' and 'anonymity' confused. Should I have a right to keep information I create about me private? Sure. Should I be able to keep private or at least know the data that others collect about who they think is me? Muddier. Yes, perhaps when that information is used to make a tangible decision about me - think credit scores.
However, if I poop on a casino's lawn and it's truly me, and they bar me from their premises, and the casino uses some sort of digital, always on mechanism to ensure that I don't return, do I have a right to that data about me?
I'm not sure what logic you are using here. Is it "if someone does something bad, they no longer have the right to data about themselves"?
Privacy is something like the inability of one's neighbor to get any information about you. That would come if each person could anonymously some portion of the time or if there wasn't a way to aggregate the trails people leave or if the aggregations were somehow protected from all but "good people". Good luck on the later two parts - so anonymity seems like the main thing that's going to secure privacy.
But some efforts to stop aggregation are good even if they are going to be something of a fig leaf. Especially, it would be good if an ethos where bad actors were punished proportionately rather than in the "you something wrong so you no reason to complain your entire life is ruined and you'll have to sleep under bridge forever - unless you go to prison" manner.
When it isn't possible to avoid being observed, privacy depends upon the anonymity gained from misrepresentation.
Dan Geer's recommended[1] definition for 'privacy' in the age of ubiquitous surveillance:
> Privacy used to be proportional to that which it is impossible to observe or that which can be observed but not identified. No more -- what is today observable and identifiable kills both privacy as impossible-to-observe and privacy as impossible-to-identify, so what might be an alternative? If you are an optimist or an apparatchik, then your answer will tend toward rules of data procedure administered by a government you trust or control. If you are a pessimist or a hacker/maker, then your answer will tend towards the operational, and your definition of a state of privacy will be my definition: the effective capacity to misrepresent yourself.
But "breaking things" is kind of an anti-establishment act by definition.
You may not agree with it, but anarchist ideology was a fundamental part of hacker culture long before computer literacy became mainstream. The modern usage is a corruption of an ideal.
Yuppies were the children of hippies who rebelled against their parents by embracing conservatism, so it wouldn't be without precedent. How do you counter the counterculture when it wins and just becomes culture?
>> However, if I poop on a casino's lawn and it's truly me, and they bar me from their premises, and the casino uses some sort of digital, always on mechanism to ensure that I don't return, do I have a right to that data about me?
Yes.
Think of it this way: if they send someone to bust your kneecaps, do you still have a right to not have your kneecaps busted?
Yes you do. That you did something wrong, broke a law, etc does not mean all your rights are automatically forfeit.
Besides, their always-on system that ensures you don't return will also be surveiling me. How does having a plausible justification to take away your right to privacy make it OK to take away mine?
Imagine if the police routinely arrested entire neighbourhoods just to get that one guy they're really looking for.
I updated my Google Photos app and was amazed to see that it could search all of my photos by clicking on an icon of a person's face. It even found faces of people in multiple photos whom I don't know. I couldn't find any mis-labeled photos. When I showed this to a family member, they were not amazed but creeped out.
If there were a way to hook this up with my Nest Cam, I would be speechless.
The article focuses on its impact to people of color. Will this specific issue go away if accuracy becomes near perfect? We'll still have to deal with its impact on everyone - and that could invite broader regulation.
EDIT: I knew this would get downvotes from a crowd that simultaneously abhors surveillance yet trumpets spyware like Nest as innovative. Cognitive dissonance is strong here.
> I knew this would get downvotes from a crowd that simultaneously abhors surveillance yet trumpets spyware like Nest as innovative. Cognitive dissonance is strong here.
Shouldn't be a big surprise from the same crowd that thinks "gut bacteria" trumps CICO, never mind that gut biome being different in overweight/obese versus healthy weight is probably more an effect than a cause.
That's a whole nother topic. CICO isn't as important as where you get those calories from. If a majority are from sugar, you are getting way too much insulin which then creates fat in the body. If you get fibrous and fatty calories, it takes more energy to break them down and store them thus leading to healthier fat/muscle.
Nothing to do with cognitive dissonance. Some of us just aren't impressed by "hacks" that require the "hacker" to gain physical access to your home and the hardware.
> "Once an attacker has physical access"
Also, strangely the article isn't about the the Nest Cam, so it's really just the billionth in a series of articles that reinforce that if an attacker has physical access you're screwed.
That just generates hard edges for tracking, allowing the building of a 3D model. Requires motion tracking type software rather than regular facial recognition, but is quite do-able.
Problem is that so few people would be wearing dazzle makeup that the act of wearing dazzle makeup would get you more government attention instead of less.
EDIT: If you wore it all the time to avoid mass surveillance that would be a problem. If you selectively wore it only when, say you're visiting a prostitute or engaging in some other behavior you want to keep private, it's a viable alternative.
EDIT 2: Also, as a response to this, I foresee that people will just wear masks that impersonate other people, either some form of temporary plastic surgery or a full-on device similar to the one in the original Total Recall. Too many people value their privacy of movement.
A village isn't a matter simply of distance, but of scale.
A small town with a few thousand people who might interact or incidentally observe one another on any given day is worlds apart from an entire planet of billions of people any one of whom might, without the target being aware of it, stalk any one, or billions, of other people.
Or worse: sift through zottabytes of data at some unspecified future date, to generate some convenient narrative.
Or worse yet: completely fabricate, do a level of perfection beyond any detection, evidence to fit any desired narrative.
A facial recognition database of politicians would be easy to construct. There are plenty of pictures of them. We could have tracking sites for elected officials. Surveillance cameras around Washington could report their locations, and who is meeting with whom.
That might provoke something like the Bork Video Privacy Protection Act.
As long as this technology exists, and will eventually become ubiquitous, I see no reason why we shouldn't be doing exactly that. And for police as well.
I should have an app that tells me the name, badge number and location of every officer on duty within ten miles of me, updated in real time, with constant video and audio surveillance. If a cop so much as sneezes it should be posted on the internet before they wipe their nose.
That would put the "civil" back into "civil servant" real quick.
Elected officials and the police. But my assumption is everyone is going to be tracked anyway, to some degree.
Basically, I think the cost of using facial recognition against the populace should be having it used against you. If the state is watching us, why can't we watch them back?
This is an extension, and possible inversion, of Heinlein's axiom that "an armed society is a polite society." I would rather that society arm itself with information than with bullets.
Funnily enough, just strapping a camera on a LEO provides remarkable results[1]. Why not take it further? Public tracking is all the rage these days, let them have their cake & eat it too!
Eh, those that make and enforce the law could easily make it illegal to track them for 'security reasons'.
Also, does anyone think of the poor, respectable paparazzi? This tech would totally disrupt that industry or it could drive them to install surreptitiously cameras all over the place, hastening the ubiquity of mass surveillance.
>I should have an app that tells me the name, badge number and location of every officer on duty within ten miles of me, updated in real time, with constant video and audio surveillance.
It could easily prevent robberies by telling you that an officer is always within 5 minutes of any potential heist.
At this point though, most bank robbers are idiots, they show their faces on camera and it's just a matter of time until they're caught (e.g. with this facial recognition database, but mostly people just recognize the photos, although of course there's a false positive positive problem: https://theintercept.com/2016/10/13/how-a-facial-recognition...). Organized crime has moved on to more lucrative and lower-risk opportunities such as credit card and identity theft.
You're right, we should put video trackers on all civilians so we can know what they're doing at all times.
Consider how effective it has been at reducing police complains when they wore cameras. Imagine if everyone did.
Certainly your concerns about bank robbery could be easily proven false with recent crime rates, but you left out pedophiles, terrorists, and murderers.
I worked on a politics startup about 6 years ago (to help you find like-minded candidates), and people kept asking if we had a mobile app. I couldn't think of a good reason to add, say, location tracking, but I loved telling people I wished we could add location tracking for the politicians! I'm delighted to think that now there might be a way to do it. :-)
>That might provoke something like the Bork Video Privacy Protection Act.
Which oddly has be weakened by subsequent decisions and legislation to allow tracking of consumers while still keeping politician's records off limits to reporters.
I wonder when this technology will hit retail. Starbucks could recognize their customers. Walk into a Starbucks and your profile pops up on the barista's screen, they greet you by name, and your regular order is already being made.
Yes, it sounds creepy. But just a few years ago, it was considered creepy when American Express call center started greeting people by name when they called in from a known number. Now, if you call a call center where you have an account and they have to ask you who you are, the company seems incompetent.
Some women in Korea wear face masks to shield their skin from the sun (e.g. http://image.auction.co.kr/itemimage/f0/06/67/f00667450.jpg (and that's toned down from the style a few years ago when women were wearing this ridiculous welding-mask-looking thing http://m.cosnalmart.com/web/product/big/201505/77_shop1_3406... )) and lots of people wear masks when the air pollution drifting over from China gets bad. Combine this trend with sunglasses and CV-defeating patterns on the masks, you should be good to go.
Some citizens were known to wear masks during nine different months throughout the year. Some experts theorize that this gave them a way to escape from the rigid rules and class structures that controlled the actions of society members in Venice. Other scholars say this gave Venetians the advantage of anonymity so that they could indulge in certain activities, without suffering the repercussions from society and the church that they would otherwise face.
Not so far from it, they're discussing it at the evening news. Somehow SF is great as a story (or a movie) but as a place to live, I'm pretty much good with wood cabin and hill view (and the occasional medical tech).
It already has. My dentist uses something like this right now - as soon as I walked in the door (with no appointment, or call) the receptionist that I had never met knew my name and other details.
They use a camera to take a photo when you first come to your first appointment and they have cameras pointing at the door so they can tell which customer you are when you walk in.
All very slick but more than a little creepy once I realized what was going on.
I saw a demo by IBM perhaps 8 years ago, where all customers in a bank office where automatically tagged and tracked, and identified if they had previous photos.
It's actually of more value to super markets than banks, as the browsing habits in a super market is much more related to a sale.
I think it would hammer home to politicians the power of this technology. Especially if you leveraged technologies like tor and bit-torrent to do the tracking, so that legislation couldn't just shut it down.
Whether we like it or not, privacy is disappearing for citizens. And it's a one way street. If we want our legal system to evolve in a way that accommodates this intelligently, our lawmakers need to be feeling the full impact of the change.
Otherwise we will end up in a place where there's a class of people with no privacy at all, and a class of people who do the surveillance.
I think it would hammer home to politicians the power of this technology. Especially if you leveraged technologies like tor and bit-torrent to do the tracking, so that legislation couldn't just shut it down.
Whether we like it or not, privacy is disappearing for citizens. And it's a one way street. If we want our legal system to evolve in a way that accommodates this intelligently, our lawmakers need to be feeling the full impact of the change.
Otherwise we will end up in a place where there's a class of people with no privacy at all, and a class of people who do the surveillance.
Let's say we make laws that proscribe that no one shall use the tech "the wrong way", how do we ensure that everyone is adhering to those laws without using the tech "the wrong way"?
My point is that we can't constrain the technology by passing a law, because you have to enforce it, and to do that we have to use the technology.
In the limit we're going to have either hypocrisy and have a system like North Korea, or we're going to sort our shit out and have a system like Star Trek.
(I'm hopeful, despite being well aware of which of my examples is fictional.)
I'll give you a specific example. David Simon of The Wire talked about the longshoreman's union in Baltimore in a UC Berkeley lecture titled "The Audacity of Despair", available on YouTube. It's long but excellent. At 36m30s
In it, Simon mentions that the union was so corrupt that every day it had to forward a copy of documents -- possibly every document produced or received -- mail, memos, publications, P.O.s and receipts -- to either the DoJ or the state's AG office, under a consent decree. Basically, because of a long history of abuse of power the union had to run open books to law enforcement.
The financial world operates similarly: companies are subject to audits (by private companies, not even government agencies, though those companies are themselves audited) for compliance with accounting practices and such. That is, again, you open your books.
Regulation of other organisations operates on similar grounds. Pharmaceutical companies are regulated as to their drugs produced, food processors to their own practices, especially in beef, dairy, pork, and poultry. Some industries gain exceptions to anti-trust regulations in return for more regulation and oversight of other elements: major league sports, insurance (underwriting boards), telecoms, and transportation (rail, truck, air, sea). An item which popped up following Trump's request for followers to patrol polling places was a specific injunction on the GOP for doing just that dating to the early 1980s (and set to expire Real Soon Now, though Trump may just have fouled that up). Southern states in the US have operated under injunctions dating to the Voting Rights Act for violations of its provisions (some of which may have expired or been reduced by recent SCOTUS rulings, I've not kept close track).
Google itself is already operating under a consent decree running for 20 years until 2031 as a result of "deceptive privacy practices" (that's the FTC's language, not mine) in rolling out its Buzz social network:
"FTC Charges Deceptive Privacy Practices in Googles Rollout of Its Buzz Social Network"
The mechanism for enforcement:
The settlement requires the company to obtain users’ consent before sharing their information with third parties if Google changes its products or services in a way that results in information sharing that is contrary to any privacy promises made when the user’s information was collected. The settlement further requires Google to establish and maintain a comprehensive privacy program, and it requires that for the next 20 years, the company have audits conducted by independent third parties every two years to assess its privacy and data protection practices.
It turns out that people have faced the questions of trust, verification, audit, and compliance for a long time. Trust, third parties, bounties, and similar mechanisms are typical modes for ensuring compliance. There are ways of determining if personal or private information has leaked (look up "fictitious entries" or "honeytraps" -- I've made a recent HN submission on the topic though it didn't go far). And yes, there are times that the auditors themselves are corrupt: Arthur Anderson and Enron, Ernst & Young HK and the Mozilla v. WoSign and StartCom CA backdating scandal. Mozilla will refuse to accept further audits from E&YHK, meaning that E&Y effectively mined its own credibility to generate present business at a cost of any future trust (I'd really like to s...
Awesome and education reply, cheers! But I'm not sure that we're not talking past each other.
My point is that for the effective laws to be effective we have to use the technology to effect them.
Someone is going to have the tech. Just like the spy agencies have had the whole time, yes? You can't just pass a law that says "no one uses this" without enforcing it, and to enforce it you must "use this". Spy agencies have always been the logical "strange loop" in governance.
In other words, the technology is at a more fundamental level than the law. "Code is Law" as Lessig says.
-------
If I may be so bold, here is a blag post I wrote about three years ago on the subject:
"Total Surveillance is the Perfection of Democracy"
I believe that it is fundamentally not possible to "roll back" the degree of surveillance in our [global] society in an effective way. Our technology is already converging to a near-total degree of surveillance all on its own. The article itself gives many examples. The end limit will be Vinge's "locator dust" or perhaps something even more ubiquitous and ephemeral. RMS advocates several "band-aid" fixes but seems to miss the logical structure of the paradox of inescapable total surveillance.
Let me attempt to illustrate this paradox. Take this quote from the article:
"If whistleblowers don't dare reveal crimes and lies, we lose the last shred of effective control over our government and institutions."
(First of all we should reject the underlying premise that "our government and institutions" are only held in check by the fear of the discovery of their "crimes and lies". We can, and should, and must, hold ourselves and our government to a standard of not committing crimes, not telling lies. It is this Procrustean bed of good character that our technology is binding us to, not some dystopian nightmare.)
Certainly the criminally-minded who have inveigled their way into the halls of power should not be permitted to sleep peacefully at night, without concern for discovery. But why assume that ubiquitous surveillance would not touch them? Why would the sensor/processor nets and deep analysis not be useful, and used, for detecting and combating treachery? What "crimes and lies" would be revealed by a whistleblower that would not show up on the intel-feeds?
Or this quote:
"Everyone must be free to post photos and video recordings occasionally, but the systematic accumulation of such data on the Internet must be limited."
How will this limiting be done? What authority will decide who gets to post what and when? And (like any profanity filter) won't this authority need to see the content to be able to decide whether it gets posted publicly?
In effect, doesn't this idea imply some sort of ubiquitous surveillance system to ensure that people are obeying the rules for preventing a ubiquitous surveillance system?
Let's say we set up some rules like the ones RMS is advocating, how do we determine that everyone is following those rules? After all, there is a very good incentive for trying to get a privileged position vis-a-vis these rules. Whoever has the inside edge, whether official spooks, enemy agents, or just criminals, gains an enormous competitive advantage over everyone else.
Someone is going to have that edge, because it's a technological thing, you can't make it go away simply because you don't like it. If the "good guys" tie their own hands (by handicapping their surveillance networks) then we are just handing control to the people who are willing to do what it takes to take it.
You can't unilaterally declare that we (all humanity)...
> The settlement requires the company to obtain users’ consent before sharing their information with third parties if Google changes its products or services in a way that results in information sharing that is contrary to any privacy promises made when the user’s information was collected.
This seems like an awfully convenient explanation for why Google has started to demand affirmation of their terms of use every few weeks, if not for the date of 2011. I don't remember when they started with the demands, but it was 2014 or 2015.
Where losing control of our technology and privacy, when people start saying things like we'll get the government to fix surveillance, we are introuble.
I'm all for privacy tools for now, but the privacy-surveillance arms race feels like a hack compared to actually fixing the culture that creates a need for privacy. Is anyone discussing what it would take to solve the problem from that level?
Privacy is a lie by omission. Lies are a necessary feature for societies (even non-human animals can lie). Therefore, privacy is a necessary feature for societies.
147 comments
[ 52.2 ms ] story [ 2809 ms ] threadI can't remember where I read, or heard this. However, it made sense to me.
Almost certainly Sukarno (Indonesia), though that nominally had Communist concerns as well. Indonesia was a source of oil, natural gas, tin, copper, gold, natural rubber, and tropical hardwoods.
https://en.m.wikipedia.org/wiki/CIA_activities_in_Guatemala#...
https://en.m.wikipedia.org/wiki/1953_Iranian_coup_d%27état
https://en.m.wikipedia.org/wiki/Bay_of_Pigs_Invasion
Noam Chomsky should be a good source for more such information.
Just a flat-out denial of a seemingly-true statement does nothing to advance the conversation.
(Why do I call it a seemingly-true statement? Because if a local ISP, say, will answer questions from the police, without a warrant, then the police are likely to feel free to call the ISP and ask questions when they don't have a warrant. Human nature likes not having to do the extra work.)
I am questioning the claim that law enforcement doesn't need a warrant to legally view data about an individual or individuals collected by a 3rd party.
https://works.bepress.com/stephen_henderson/34/
However, those cases addressed specific questions (placing a GPS tracking device, and searching a cellphone that was found upon arrest) and did not rule on the general use of the 3rd-party doctrine. I hope those cases are a sign of change in the court that will lead to broader rulings in the future, but that hasn't happened yet.
[1] https://en.wikipedia.org/wiki/Riley_v._California#Opinion_of...
Second, yes, law enforcement needs a warrant to legally compel a company to provide them with information. But what if the company (or an individual within it) is willing to provide data without being served with a warrant? Unless taking the information is in violation of privacy laws, what's to keep a police officer from using that? (Call it an "informant" if you wish to equate it with similar non-electronic situations.)
As for a company providing information without a warrant, recent case law is closing/has closed the door on a company's ability to do such a thing (not that they are, considering how many companies have stringent privacy agreements with their users).
1. If a company (or an individual) provide information to law enforcement on request, without a warrant, is that disclosure itself breaking the law? (Ignoring company policy and privacy statements here.)
2. If so, will the company be prosecuted for doing so?
3. Will the information be usable in court?
When you say "recent case law is closing the door on a company's ability to do such a thing", it sounds like you're talking about #3 (but feel free to clarify if I'm wrong). But #1 is still a concern, because it can show the police where to try to do parallel construction.
The government has been benefiting for a long time from surveillance brought to you by Facebook, Google, Microsoft and Co.
Our leaders won't prevent anything.
And the People have been electing these leaders for a long time and continue to do so.
https://www.youtube.com/watch?v=RIuf1V1FhpY
If the FBI started extending its database to more trivial crimes, like say speeding tickets, then it might start being useful. A law that isn't enforced evenly isn't really a law; it's an excuse for the police to harm people they don't like. Computerized enforcement seems like a good goal to aim for.
Also they keep track of that info easily when somebody migrates their phone address book on to the Messenger or Facebook app, on first install it prompts you to push all that data. They have your name, number and the connection between that user and you.
Considering that Facebook is known to construct shadow profiles of people who don't even use the service "yet", this shouldn't come as a surprise.
In such a brave new world identity theft would be a thing of the past and everyone would have less theft to worry about. So there could be upsides for law abiding consumers and not just fascist government police forces.
Hospitals are required to provide emergency services regardless of whether you can pay the bills. Pausing for even a second to check a patient's ability to pay when their life is on the line would be heinous in my opinion.
And I can't leave a comment like that without addressing the inevitable reply about the current state of healthcare, so to clarify, the current state of healthcare in the US is also the fault of the federal government for a bevy of reasons - most notably, incentivizing workplace health insurance that removed insurance coverage from the consumer market entirely, removing its costs and the natural market response to them and simultaneously removing the cost of healthcare itself from that same marketplace.
The federal government has what I like to call a financial firehose that it aims at different problems and every time it aims that firehose, things get worse. Whether we are talking about healthcare, farming, higher education or housing...everything just gets more bloated and expensive when you remove price from discouraging demand in the basic economics of supply and demand.
Could also lead to increased violence in muggings/robberies, etc. If fingerprints or eyes become necessary to access what it is they want to take, they'll just add those to the list of things to take from you.
Serious question, would a passport be considered a password in this context?
>ATM skimmer scans your iris
Your credit card is authentication but your PIN is authorization. I imagine your iris will replace your card, not your PIN.
The difference between authentication and authorization can be confusing in some real world examples.
Broadly speaking, solutions to that problem which involve more biometric data make me uncomfortable, in no small part because I just don't trust the people who operate the systems.
Don't know on the passport thing, although my gut says no. Do you mean people just having a passport in general, so say an iris scan pulls your passport data & cross references it against a camera at the ATM? Or having it physically on you so its RFID chip is read?
I've just started thinking/learning about these sorts of problems, so as of now I don't have many opinions on how things should be done haha.
Thank you but no, thank you.
It is my (and not just mine) opinion that law abiding citizens who also care for their own health should push for free healthcare for everyone. If anything, at least until bacteria and viruses learn to properly tell "good" and "bad" people apart.
Because it is very profitable for people in the prison industry (and I'm talking about both public and private prisons, along with third party vendors). If you don't talk 'tough on crime', you're not getting 1) funding in your campaign run 2) votes.
I doubt the founders considered the impact of such developments when authoring the Constitution or Bill of Rights.
Benjamin Franklin
"In response to the report, EFF has joined a large coalition of privacy advocates[2] to demand the U.S. Department of Justice, Civil Rights Division take two major steps to keep facial recognition in check:
"1. Expand ongoing investigations of police practices and include in future investigations an examination of whether the use of surveillance technologies, including face recognition technology, has had a disparate impact on communities of color; and
"2. Consult with and advise the FBI to examine whether the use of face recognition has had a disparate impact on communities of color."
[1] https://www.perpetuallineup.org/
[2] https://www.aclu.org/letter/coalition-letter-department-just...
However, if I poop on a casino's lawn and it's truly me, and they bar me from their premises, and the casino uses some sort of digital, always on mechanism to ensure that I don't return, do I have a right to that data about me?
Privacy is something like the inability of one's neighbor to get any information about you. That would come if each person could anonymously some portion of the time or if there wasn't a way to aggregate the trails people leave or if the aggregations were somehow protected from all but "good people". Good luck on the later two parts - so anonymity seems like the main thing that's going to secure privacy.
But some efforts to stop aggregation are good even if they are going to be something of a fig leaf. Especially, it would be good if an ethos where bad actors were punished proportionately rather than in the "you something wrong so you no reason to complain your entire life is ruined and you'll have to sleep under bridge forever - unless you go to prison" manner.
When it isn't possible to avoid being observed, privacy depends upon the anonymity gained from misrepresentation.
Dan Geer's recommended[1] definition for 'privacy' in the age of ubiquitous surveillance:
> Privacy used to be proportional to that which it is impossible to observe or that which can be observed but not identified. No more -- what is today observable and identifiable kills both privacy as impossible-to-observe and privacy as impossible-to-identify, so what might be an alternative? If you are an optimist or an apparatchik, then your answer will tend toward rules of data procedure administered by a government you trust or control. If you are a pessimist or a hacker/maker, then your answer will tend towards the operational, and your definition of a state of privacy will be my definition: the effective capacity to misrepresent yourself.
[1] http://geer.tinho.net/geer.blackhat.6viii14.txt
I'm interested in breaking things, so now I have to hate my dad? He's the one who got me interested in breaking things!
You may not agree with it, but anarchist ideology was a fundamental part of hacker culture long before computer literacy became mainstream. The modern usage is a corruption of an ideal.
Yes.
Think of it this way: if they send someone to bust your kneecaps, do you still have a right to not have your kneecaps busted?
Yes you do. That you did something wrong, broke a law, etc does not mean all your rights are automatically forfeit.
Besides, their always-on system that ensures you don't return will also be surveiling me. How does having a plausible justification to take away your right to privacy make it OK to take away mine?
Imagine if the police routinely arrested entire neighbourhoods just to get that one guy they're really looking for.
If there were a way to hook this up with my Nest Cam, I would be speechless.
The article focuses on its impact to people of color. Will this specific issue go away if accuracy becomes near perfect? We'll still have to deal with its impact on everyone - and that could invite broader regulation.
http://www.computerworld.com/article/2476599/cybercrime-hack...
EDIT: I knew this would get downvotes from a crowd that simultaneously abhors surveillance yet trumpets spyware like Nest as innovative. Cognitive dissonance is strong here.
Shouldn't be a big surprise from the same crowd that thinks "gut bacteria" trumps CICO, never mind that gut biome being different in overweight/obese versus healthy weight is probably more an effect than a cause.
> "Once an attacker has physical access"
Also, strangely the article isn't about the the Nest Cam, so it's really just the billionth in a series of articles that reinforce that if an attacker has physical access you're screwed.
That 80's vision of the future really is here.
1. http://cvdazzle.com
1. Exactly.
2. (ironic, oblivious) Used to imply that an otherwise impossible task is just the opposite.
Time travelling is possible. We just need to get our hands on some of that negative energy.
EDIT: If you wore it all the time to avoid mass surveillance that would be a problem. If you selectively wore it only when, say you're visiting a prostitute or engaging in some other behavior you want to keep private, it's a viable alternative.
EDIT 2: Also, as a response to this, I foresee that people will just wear masks that impersonate other people, either some form of temporary plastic surgery or a full-on device similar to the one in the original Total Recall. Too many people value their privacy of movement.
1. At least it is a disaster that we experienced before.
2. At some point conformism will mean "you have to be like everybody else: unique".
Just because we did something in the past, doesn't mean we should start doing it again in the future.
A small town with a few thousand people who might interact or incidentally observe one another on any given day is worlds apart from an entire planet of billions of people any one of whom might, without the target being aware of it, stalk any one, or billions, of other people.
Or worse: sift through zottabytes of data at some unspecified future date, to generate some convenient narrative.
Or worse yet: completely fabricate, do a level of perfection beyond any detection, evidence to fit any desired narrative.
That might provoke something like the Bork Video Privacy Protection Act.
I should have an app that tells me the name, badge number and location of every officer on duty within ten miles of me, updated in real time, with constant video and audio surveillance. If a cop so much as sneezes it should be posted on the internet before they wipe their nose.
That would put the "civil" back into "civil servant" real quick.
Basically, I think the cost of using facial recognition against the populace should be having it used against you. If the state is watching us, why can't we watch them back?
This is an extension, and possible inversion, of Heinlein's axiom that "an armed society is a polite society." I would rather that society arm itself with information than with bullets.
Because they're going to wear riot helmets.
[1]90% decrease in complaints is impressive. Who would have thunk it...? https://www.sciencedaily.com/releases/2016/09/160929132458.h...
Also, does anyone think of the poor, respectable paparazzi? This tech would totally disrupt that industry or it could drive them to install surreptitiously cameras all over the place, hastening the ubiquity of mass surveillance.
That's a great idea. If you're a bank robber.
At this point though, most bank robbers are idiots, they show their faces on camera and it's just a matter of time until they're caught (e.g. with this facial recognition database, but mostly people just recognize the photos, although of course there's a false positive positive problem: https://theintercept.com/2016/10/13/how-a-facial-recognition...). Organized crime has moved on to more lucrative and lower-risk opportunities such as credit card and identity theft.
Unless you're trying to write a book! https://en.wikipedia.org/wiki/Hatton_Garden_safe_deposit_bur...
Consider how effective it has been at reducing police complains when they wore cameras. Imagine if everyone did.
Certainly your concerns about bank robbery could be easily proven false with recent crime rates, but you left out pedophiles, terrorists, and murderers.
Let's track everyone and end all crime.
Oh yes, I can see how you got that from what I wrote.
Make an app and track them in real time. See what happens.
Which oddly has be weakened by subsequent decisions and legislation to allow tracking of consumers while still keeping politician's records off limits to reporters.
Yes, it sounds creepy. But just a few years ago, it was considered creepy when American Express call center started greeting people by name when they called in from a known number. Now, if you call a call center where you have an account and they have to ask you who you are, the company seems incompetent.
http://www.history1700s.com/index.php/articles/14-guest-auth...
Some citizens were known to wear masks during nine different months throughout the year. Some experts theorize that this gave them a way to escape from the rigid rules and class structures that controlled the actions of society members in Venice. Other scholars say this gave Venetians the advantage of anonymity so that they could indulge in certain activities, without suffering the repercussions from society and the church that they would otherwise face.
There's the stuff you do every once in a while -- the one night stand. And there's what you want to take home and live with.
They use a camera to take a photo when you first come to your first appointment and they have cameras pointing at the door so they can tell which customer you are when you walk in.
All very slick but more than a little creepy once I realized what was going on.
It's actually of more value to super markets than banks, as the browsing habits in a super market is much more related to a sale.
Whether we like it or not, privacy is disappearing for citizens. And it's a one way street. If we want our legal system to evolve in a way that accommodates this intelligently, our lawmakers need to be feeling the full impact of the change.
Otherwise we will end up in a place where there's a class of people with no privacy at all, and a class of people who do the surveillance.
https://www.youtube.com/watch?v=0Uc4DI-BF28
Whether we like it or not, privacy is disappearing for citizens. And it's a one way street. If we want our legal system to evolve in a way that accommodates this intelligently, our lawmakers need to be feeling the full impact of the change.
Otherwise we will end up in a place where there's a class of people with no privacy at all, and a class of people who do the surveillance.
But I'll bet their response would be to protect themselves and nobody else 'in the name of national security'.
Since it can't be stopped, the thing to think about is how to adapt to it.
The question is not how to prevent it, because we can't (my premise.) The question is, who gets to use it and for what?
We're going to have to learn to live without hypocrisy.
We don't pass laws against things which cannot be done (at least not as a normal course of action).
My point is that we can't constrain the technology by passing a law, because you have to enforce it, and to do that we have to use the technology.
In the limit we're going to have either hypocrisy and have a system like North Korea, or we're going to sort our shit out and have a system like Star Trek.
(I'm hopeful, despite being well aware of which of my examples is fictional.)
https://m.youtube.com/watch?v=nRt46W3k-qw
In it, Simon mentions that the union was so corrupt that every day it had to forward a copy of documents -- possibly every document produced or received -- mail, memos, publications, P.O.s and receipts -- to either the DoJ or the state's AG office, under a consent decree. Basically, because of a long history of abuse of power the union had to run open books to law enforcement.
The financial world operates similarly: companies are subject to audits (by private companies, not even government agencies, though those companies are themselves audited) for compliance with accounting practices and such. That is, again, you open your books.
Regulation of other organisations operates on similar grounds. Pharmaceutical companies are regulated as to their drugs produced, food processors to their own practices, especially in beef, dairy, pork, and poultry. Some industries gain exceptions to anti-trust regulations in return for more regulation and oversight of other elements: major league sports, insurance (underwriting boards), telecoms, and transportation (rail, truck, air, sea). An item which popped up following Trump's request for followers to patrol polling places was a specific injunction on the GOP for doing just that dating to the early 1980s (and set to expire Real Soon Now, though Trump may just have fouled that up). Southern states in the US have operated under injunctions dating to the Voting Rights Act for violations of its provisions (some of which may have expired or been reduced by recent SCOTUS rulings, I've not kept close track).
Google itself is already operating under a consent decree running for 20 years until 2031 as a result of "deceptive privacy practices" (that's the FTC's language, not mine) in rolling out its Buzz social network:
"FTC Charges Deceptive Privacy Practices in Googles Rollout of Its Buzz Social Network"
The mechanism for enforcement:
The settlement requires the company to obtain users’ consent before sharing their information with third parties if Google changes its products or services in a way that results in information sharing that is contrary to any privacy promises made when the user’s information was collected. The settlement further requires Google to establish and maintain a comprehensive privacy program, and it requires that for the next 20 years, the company have audits conducted by independent third parties every two years to assess its privacy and data protection practices.
https://www.ftc.gov/news-events/press-releases/2011/03/ftc-c...
It turns out that people have faced the questions of trust, verification, audit, and compliance for a long time. Trust, third parties, bounties, and similar mechanisms are typical modes for ensuring compliance. There are ways of determining if personal or private information has leaked (look up "fictitious entries" or "honeytraps" -- I've made a recent HN submission on the topic though it didn't go far). And yes, there are times that the auditors themselves are corrupt: Arthur Anderson and Enron, Ernst & Young HK and the Mozilla v. WoSign and StartCom CA backdating scandal. Mozilla will refuse to accept further audits from E&YHK, meaning that E&Y effectively mined its own credibility to generate present business at a cost of any future trust (I'd really like to s...
My point is that for the effective laws to be effective we have to use the technology to effect them.
Someone is going to have the tech. Just like the spy agencies have had the whole time, yes? You can't just pass a law that says "no one uses this" without enforcing it, and to enforce it you must "use this". Spy agencies have always been the logical "strange loop" in governance.
In other words, the technology is at a more fundamental level than the law. "Code is Law" as Lessig says.
-------
If I may be so bold, here is a blag post I wrote about three years ago on the subject:
"Total Surveillance is the Perfection of Democracy"
For once I disagree with RMS, re: https://www.gnu.org/philosophy/surveillance-vs-democracy.htm...
I believe that it is fundamentally not possible to "roll back" the degree of surveillance in our [global] society in an effective way. Our technology is already converging to a near-total degree of surveillance all on its own. The article itself gives many examples. The end limit will be Vinge's "locator dust" or perhaps something even more ubiquitous and ephemeral. RMS advocates several "band-aid" fixes but seems to miss the logical structure of the paradox of inescapable total surveillance.
Let me attempt to illustrate this paradox. Take this quote from the article: "If whistleblowers don't dare reveal crimes and lies, we lose the last shred of effective control over our government and institutions." (First of all we should reject the underlying premise that "our government and institutions" are only held in check by the fear of the discovery of their "crimes and lies". We can, and should, and must, hold ourselves and our government to a standard of not committing crimes, not telling lies. It is this Procrustean bed of good character that our technology is binding us to, not some dystopian nightmare.)
Certainly the criminally-minded who have inveigled their way into the halls of power should not be permitted to sleep peacefully at night, without concern for discovery. But why assume that ubiquitous surveillance would not touch them? Why would the sensor/processor nets and deep analysis not be useful, and used, for detecting and combating treachery? What "crimes and lies" would be revealed by a whistleblower that would not show up on the intel-feeds?
Or this quote: "Everyone must be free to post photos and video recordings occasionally, but the systematic accumulation of such data on the Internet must be limited." How will this limiting be done? What authority will decide who gets to post what and when? And (like any profanity filter) won't this authority need to see the content to be able to decide whether it gets posted publicly?
In effect, doesn't this idea imply some sort of ubiquitous surveillance system to ensure that people are obeying the rules for preventing a ubiquitous surveillance system?
Let's say we set up some rules like the ones RMS is advocating, how do we determine that everyone is following those rules? After all, there is a very good incentive for trying to get a privileged position vis-a-vis these rules. Whoever has the inside edge, whether official spooks, enemy agents, or just criminals, gains an enormous competitive advantage over everyone else.
Someone is going to have that edge, because it's a technological thing, you can't make it go away simply because you don't like it. If the "good guys" tie their own hands (by handicapping their surveillance networks) then we are just handing control to the people who are willing to do what it takes to take it.
You can't unilaterally declare that we (all humanity)...
This seems like an awfully convenient explanation for why Google has started to demand affirmation of their terms of use every few weeks, if not for the date of 2011. I don't remember when they started with the demands, but it was 2014 or 2015.
Could you defend this assertion, please?
Does one exist yet that's works as reliably or almost as reliably as what the cops at using?