434 comments

[ 2.7 ms ] story [ 407 ms ] thread
> Such data may be useful, it says, to “identify every person who attended a protest or rally based on their smartphone location or ad-tracking records.”

"May"? This is exactly how the January 6th protestors were identified.

I don't doubt that this technique was used for the people who stormed the capital on January 6th, but I would hesitate to describe many of them as "protestors".
You're free to describe them however you like, it's irrelevant to my point.
Remember to some people "there are no bad tactics, only bad targets", lots of people are blinded when their perceived political enemies are getting "what they deserve" and fail to understand the powers and tactics used on their political enemies will soon be used on them....

They will then go all shocked pikachu face then the government assault team in their door step taking them way... how can this bee they were the good ones.. they were on the "right side of history"...

Welcome to the system, everyone's a victim Doesn't matter if you're red or blue it hates you all

It's not irrelevant to point out the false equivalency of putting constitutionally protected speech on the same level as forced entry, assault, and destruction of property.
It's irrelevant because my entire and only point is that the government has this capability, no "may" about it.

Whether my choice of words implied the level of ideological purity that you wished to see has nothing to do with that.

Any protest march and demonstration worth its salt can be described with terms such as "forced entry, assault, and destruction of property" (and has been)...
I don't see this sentiment for the George Floyd riots that plagued the whole country for longer and did significantly more damage, instead of caring for corrupt politicians why not persecute those who robbed and stole from the common citizen.

If a protest doesn't make the news what's the point?

You don't see it because you're not looking for it. Plenty of protest groups were extremely vigilant about minimizing property damage and rooting out violent infiltrators.

The George Floyd protests were far more policed: twenty-five protestors died; around 14k were arrested. [1]

Hard to say any 1/6er suffered a similar fate, despite their significantly more egregious apparent crimes.

[1] https://en.wikipedia.org/wiki/George_Floyd_protests

Do you not see the irony of your post? Did you not see the same at the 1/6? If they were more policed, the fires, and destruction didn't help it make it appear so. I could see the Floyd protests/riots outside. 1/6 affected some .1% of the elite I could care less about.

I'm still trying to see a reason why the common man hates that the citizens protest the government, or cares so much for the corrupt elite of either party. The government is not your friend. If the Floyd protests went to Washington it could have been less 1996 and more MLK.

I don't know how to tell you that there were George Floyd protests in DC.

https://en.wikipedia.org/wiki/George_Floyd_protests_in_Washi....

Somehow they managed to avoid breaking into the Capitol building and rifling through the offices of Congresscritters.

To reiterate my point in the original post: If a protest doesn't make the news what's the point?

1/6 hurt Trump, and the Floyd riots hurt the BLM cause. If only either of them did something positive with the attention. One affected me and the people around me, the other could have happened on Mars to billionaire reptiles. I couldn't care less for those elites.

Actually, let's do call them protesters. If you want to get universal agreement on the need for privacy regulations, you need to present it a way that does not immediately turn away your intended audience.

When both sides really agree on something, it's amazing how fast it gets done. Which, of course, is why there are people trying to hard to keep both sides from ever agreeing.

On one hand I know that this is true. We have to guard against special pleading that allows oppression of those we disagree with because that inevitably leads to our own oppression sooner or later.

On the other hand I understand what the post you're replying to is saying, even if it's not said extremely well. There is an enormous online narrative with a lot of money and power behind it trying to normalize the most violent and anti-democratic parts of the right wing of American politics and using that to drive views, clicks, and votes.

I'm normally not someone to clutch pearls and will be the first one to acknowledge that the vast majority of Americans are just decent enough people trying to figure out how to keep fed, healthy, and safe. But the tendency toward fascism in the human animal is something we need vigilance against, as demonstrated over and over again in human history.

The people who attempted to violently attack the seat of democratically elected power in this country were not protestors. There were protestors outside, but the people who crossed the line to breaking and entering, assault, and terrorism were not protestors.

I'm sorry, but before your diatribe you should have checked the facts.

They were protesters.

All the violent stuff you saw was replays of a few seconds from instigators, there's video of security helping the q anon shaman inside, escorted calmly by the security ever since the "storming". There is 0 indication he was violent at all. Feel free to prove me wrong.

Yeah, that part where they were breaking down a window of a locked door in an attempt to get into the house inner chambers to attempt to impede the democratic process of the United States was totally a protest and not an insurrection.

The folks who were non-violent never made it inside the capital because they were there to protest? They were protestors.

The other ones? They were insurrectionists and they all deserve prison.

Yep. It was also used against Occupy Wall Street protestors.
Source?
"subpoenaed cell phone data". It's completely justifiable, legally and morally, and been happening since cell phones existed, way before January 6th 2021. The article's claim that it was somehow new to this event shines a spotlight on their agenda.
Youre either not well informed or being deliberately obtuse. Cell phone data has been used in individual cases for almost as long as cell phones existed.

J6 was one of the first cases where mass surveillance paired with ad tracking and tower pings were used in combination for mass arrests.

We did not see this when the George Floyd riots occurred Despite the fact federal buildings were attacked yet it was brought out for this. It's very indicative of the existence of a police state that chooses its targets in a politically expedient way.

What we saw the government do and the fact the alleged conspirators have largely not been charged with anything but rather left to rot should terrify anyone. Just because you aren't the target today doesnt mean you won't be tomorrow.

I understand it might appear this way to someone who already has specific political leanings, but as someone without a dog in this fight - that does not appear supported by the evidence. Your conclusions reveal more about your priors than anything else.
(comment deleted)
Stop comparing January 6th with BLM. They're not even close to equivalent situations, in fact, they're complete opposites. BLM = Agent of the government murdered a citizen in the streets, citizens got angry. J6 = The highest agent of the government encouraged a mob of citizens to physically attack their political opponents.

There were tens of thousands of arrest during BLM. The national guard were sent in. Undercover agents of the government were throwing people into unmarked vehicles. The people at J6 walked home with love and well wishes from the standing president of The United States government. However, they were dumb enough to bring tracking devices and fully document themselves committing treason. That doesn't point to some deep state agenda, it's just plain idiocy.

doubtful. they were issuing subpoenas to the cell companies for their records of the tower registrations for a certain time frame when crimes were being committed. It doesn't take much to identify the owner of a smartphone via that and then correlate that with driver's license photo ids and correlate that with surveillance camera footage to bring a case. that had nothing to do with peaceful protester tracking but bog standard criminal investigation.
I posted the source in another comment but I'll put it here as well: https://www.businessinsider.com/doj-is-mapping-cell-phone-lo...

The data came from Google and included GPS data.

Either way, I don't think that matters. My point is that tech companies store data that can be used to identify everyone present at a specific location and timeframe, and that data is easily available to the government. There's no "may" about it.

sure... I don't disagree with you there. they did need to get a subpoena for that information using all the other evidence that was publicly out there on facebook that the affidavit said. they were using an android device that tracks you if you let it and stores that information on google's servers if you let it. you don't have to have that feature on and just having the phone on you is sufficient to be triangulated by the cell towers. I don't see how this is incompatible with modern society. google didn't just give up the data without going through the judge granting a subpoena. even if they didn't have that cell phone record it's just one piece of evidence of many that would still likely get a conviction.

it didn't start at gps data from google... it went from public posts on facebook to the email and phone number account associated with that to the google account associated with that to the gps data associated with the google account. if you show me them using a reach around route to get that gps data and persecute peaceful protestors that haven't been suspected of criminal activity then i do agree it's troubling. if you want me to agree that the government is not within their rights seek evidence via normal, judge approved, subpoenas to investigate/prosecute people storming the capital and doing legitimate crimes then i disagree. you need probable cause and that bar should be fairly high.

In the J6 case they used a subpoena, yes. The OP article says that they're now going around the legal process by simply buying the data.

But my point is that the article implies that there's some uncertainty as to whether this data can be used to identify everyone present at a place and time, and there isn't. It has been done before.

That's missing the point. Your article says

> investigators obtained GPS and other cell phone records from Google via a search warrant

Search warrants are and remain the correct tool for the government to get this data. What this article is worrying about is the fact that sometimes the government simply purchases this data without any sign off from a judge. That's where constitutional protections are eroded.

Your outrage is misplaced until such time when the government can buy this data from Google without a search warrant.

I'm aware of the distinction. I guess I wasn't clear in my original comment because this keeps coming up: My point is merely that there is absolutely no doubt that once acquired, the data gives the government this capability. The article implies that this is uncertain, and it is not.

> Your outrage is misplaced until such time when the government can buy this data from Google without a search warrant.

Whatever outrage you read into my comments, I assure you it's not there. If you're looking for a fight, look elsewhere.

Also, the OP article is about the government doing exactly that. So if I was outraged, it would be well placed, according to you.

> Also, the OP article is about the government doing exactly that.

The OP article doesn't match the document it describes, which says that the government authorized 5 searches of this data in the past 2.5 years.

Are you sure about that? See Section 2.2 of the report, "Examples of CAI Contracts" that says "The IC currently acquires a large amount of CAI" and goes on to list specific data brokers contracted by specific government agencies. What am I missing?
The data brokers it contracts are pretty harmless, like getting business data from Dun & Bradstreet or getting military information from Janes Online. These data brokers aggregate publicly available information that you or I could find for free by accessing the right web pages. The only potential 4th Amendment violation, the one the article pretends is happening on a mass scale, is from purchase of mobile location data. The document says that the provider doesn't remove US data, so the government does that itself because accessing that data without due process would be a 4th Amendment violation. Due process was also followed when the government obtained location information from Google.
Ah I see it, looks like you're right:

> DIA currently provides funding to another agency that purchases commercially available geolocation metadata aggregated from smartphones. The data DIA receives is global in scope and is not identified as “U.S. location data” or “foreign location data” by the vendor at the time it is provisioned to DIA. DIA processes the location data as it arrives to identify U.S. location data points that it segregates in a separate database. DIA personnel can only query the U.S. location database when authorized through a specific process requiring approval from the Office of General Counsel (OGC), Office of Oversight and Compliance (OOC), and DIA senior leadership. Permission to query the U.S. device location data has been granted five times in the past two-and-a-half years for authorized purposes.

It's worth noting that they do collect the data up front, and only querying it is restricted. But I suppose having to follow due process for that part is better than nothing.

How do they handle the Fourth Amendment rights of US citizens abroad, like me? My understanding is that those rights must be respected even abroad by US governmental entities when they know or reasonably should know that data they might search or seize belongs to a US citizen.

And if this data includes sufficient identifying info, they should be able to identify me as a US citizen. Even phone number would be enough, since I think that and my US social security number are together in various public data breach datasets.

(Yes, my US phone number should be generating foreign location data. I have two eSIMs simultaneously active, one US and one foreign. For odd reasons I don’t think I have proper roaming working for the US number where I am now, but it does work via Wi-Fi calling which does share the country info with the carrier - and I have had international roaming working at other times.)

Why should my SSN indicate citizenship, some might wonder? SSA certainly knows I was granted my SSN years ago as a newborn citizen, and the Department of State knows I hold a current US passport and have never relinquished my US citizenship.

They used a bunch of different tricks to ID some of the people there (and they've still not arrested most of them). The lesson here isn't that they aren't collecting data effectively, or that they aren't able to learn whatever they want, but rather that the data isn't really intended or used for protecting America from attacks or threats or terrorism. It's certainly being used, but not to protect us.
The irony is they could have just bought the cellphone data. That's literally for sale. Maybe there was some legal reason they couldn't use it directly but it's already out there.
I'm sure those 5 major companies called out in PRISM are all selling the data, and one of those companies runs advertisements claiming they keep things private and secure.

I'm no VIP, so its unlikely anyone would stumble across my name. However that typically can't be used as a defense for such a policy.

I suppose it can be used as a defense if you want to claim your device prioritizes privacy and security. Its not a valid defense, but profit doesn't really care about being logically sound.

I'm sure those 5 major companies called out in PRISM are all selling the data

Um, "selling"?

That's an, uh, interesting, characterization of what's likely going on.

I'm not sure companies have a lot of choice in what's going to happen to their data here in the US despite what they tell us. (In fact, I'd bet they don't have much of a choice what happens to their data in any country they do business in.) Maybe a few of the hardcore companies take it to court. But, OH! That's right! In the US we've got FISA courts for this kind of thing, so it's illegal for us to know anything about any of that either.

Oh well. Pity that I guess. Carry on citizens. Nothing to see here.

On a serious note, never put anything on the digital record that you would be unwilling to have entered as evidence against you in open court. Full stop. I don't care what assurances you get from companies about security, or privacy, or end to end encryption. You just shouldn't do it.

It helps to think of it this way, if it touches your phone or the internet in any way, it's part of the public record. No matter what app you were using. So be cognizant of that, it can come back to bite you 10 years later in ways you never would have imagined.

FWIW, also selling.

As an example, a company called Dataminr sells views of Twitter to a bunch of government entities. Those views include things like fires, flash mobs, explosions, riots, etc.

It's a loophole, the 4th amendment prohibits the government from seizing data, however the government can legally purchase data from a third party.
> It helps to think of it this way, if it touches your phone or the internet in any way, it's part of the public record. No matter what app you were using. So be cognizant of that, it can come back to bite you 10 years later in ways you never would have imagined.

Meh. If that's the case, why bother caring at all? Bring it on!

They are purchasing information that is for sale. Worrying. What's more worrying is that we can assume this information is also available to every US adversary.

Tangentially, it's interesting that the US declassifies things and they become publicly available.

Where can I buy this information? I'd like to track some politicians.
They list Thomson Reuters CLEAR, LexisNexis, Exactis, PeekYou
If you're serious about it, check out this article: https://www.vice.com/en/article/nepxbz/i-gave-a-bounty-hunte...

What you need to do is pick an entity that has the information you desire, and recursively enumerate the graph of all business deals which involve the sale of that information (their downstreams, effectively). After that, you do OSINT to map out all of the employees of every organization that has access to these databases. After you have mapped out these tens of thousands of individuals and their likely social graphs, all you have to do is pay one of them a relatively small sum to do a query on your behalf.

The government couldn't do it this easily if it wasn't for sale.

It being for sale means anyone can be doing it which might be a framing that would be more alarming to the law-and-order types.

But really you need a two prong solution:

1) restrict this from being collected and compiled in the first place, eliminate the ability to default to this tracking unless someone opts out

2) restrict the government's ability to use or acquire through non-market-based means. The claim here is that there's already restrictions on this vs directly surveiling, but I haven't seen directly which specific restrictions those are for buying off-the-shelf info and the article doesn't specify.

There are very really no companies that I trust to keep my data safe for 10, 20, 50 years. Leadership changes, ownership changes, etc. We have to cut it off at the source.

> It being for sale means anyone can be doing it which might be a framing that would be more alarming to the law-and-order types.

How about "more alarming to the lawmakers?"

Someone could show that movement info, for example, is available for sale on a legislator. Or a legislator's spouse or child.

Now do you see the problem, oh you who write the laws?

> Someone could show that movement info, for example, is available for sale on a legislator. Or a legislator's spouse or child.

Surely someone is already doing this? It wouldn't be especially expensive, but even if it were we could probably crowdfund it easily enough.

(comment deleted)
It's being done, and has been done for around a decade now. New York times did a good piece on how every civilians cellphone gps data has been for sale a long time ago. Bounty hunters buy this kind of data all the time is my understanding.
I suspect all those who write the laws already have a Damoclean Sword threatening to drop on them at any time convenient. So I wouldn't count on much help from them whether the laws apply to them or not. It's a virtual certainty that noone who seeks power is free of exploitable skeletons. They are the kind of people who seek power. So the law enforcement and security infrastructure can leak that whenever they choose.

I guess what I'm saying is, your suggestion would be a good idea, but the security apparatus figured it out before you did a long time ago. See ABSCAM for instance.

I'm reminded of how Obama was vocally opposed to domestic surveillance and campaigned on ending all the new spying on the American people, but once he was in office he changed his tune very quickly and ended up expanding the NSA's ability to spy on the people instead.

I figure either he was shown some very strong and classified evidence that the data the NSA had been collecting was critical to protecting the people even while it violated their constitutional rights and freedoms or else he was shown how much dirt they have on him and his family and he was blackmailed into publicly declaring his love for NSA spying and handing them more tools to collect data while making only a few token changes.

I figure either he was shown some very strong and classified evidence that the data the NSA had been collecting was critical... or else he was shown how much dirt they have on him

Just, Devil's Advocate, but, yeah, why can't it be both?

I think that something that should have made lawmakers, and others in public office, sit up and take notice, is a couple of years ago when a prominent and highly-placed Catholic priest was found to be hanging out on Grindr and with other users of the app, shall we say. https://www.catholicnewsagency.com/news/248431/usccb-general...

The entity that orchestrated that outing, with the accompanying simple purchase of location data, etc. was a Roman Catholic newspaper known for high-quality investigative pieces. https://www.pillarcatholic.com/p/pillar-investigates-usccb-g...

If such incriminating data is so easily procured against just one guy using a gay hookup app, imagine the treasure troves of data that could be wielded against Members of Congress and other people in power. Even in the absence of wrongdoing, I still don't think that public figures would enjoy having the public know their every move, every minute of every day, but the reality is that all the apps they run are phoning home and uploading that data constantly, unceasingly, and it's all for sale.

(comment deleted)
That guy who was tracking celebrities's plane traffic and publishing on TWTTR could instead do this. Automatically and repeatedly publish legally obtained data on all politicians fed, state and local. Now that would constitute a public service.
Except they would make that illegal for politicians and let us all twist in the wind.
I wonder if the Equal Protections Clause of the 14th Amendment could be used to knock down these "for everyone but us" caveats.
Could someone start the 'Decentralized Intelligence Agency(, LLC)', buying, collating, and analyzing open market data feeds, and allowing subscribers to see what's known about themselves and others?
Sure.

If you have the wherewithal to protect yourself from the unsavory underworld types who will inevitably come after you for revealing things they'd just as soon keep secret.

There's a reason you only see the government doing this kind of thing.

Yea sure. I mean that's already a thing to some extent, but, if you want the honest answer. Everything you do digitally is known about you. Your physical location, places you regularly go to and when, Websites you visit, your account names, etc. Even ISPs can sell your data these days.
I'm aware of this; I think many ordinary people and lawmakers are perhaps less clear on it, and that making it easy to see would help people understand the situation.
What i don't understand is why if it's illegal and forbidden for the government to directly indiscriminately collect information and data on citizens, they can buy the same information from data brokers without an issue? Surely this violates the intent of the law.
The intent of the law was to limit government power specifically. Not unlike the law requiring most of the information on firearm sales at the federal level be kept in paper format so that it can't easily be mass-indexed and mass-crawled.
Maybe the world needs an NRA type agency for privacy - strident and extremist in scope so that the government invariably wilts before it.
The NRA is backed by an ardent following of funders who sincerely believe curtailment of their ownership of firearms is an immediate and direct existential threat.

That's what privacy is missing. But get the right ad agencies on it to put together some good scare campaigns and maybe.

Maybe they just want to check if it is dangerous for the security of the US? Someone could blackmail the president or a senator with this data
I'm sure that's already happening. Nixon would have killed for the kind of data our government is collecting and when this data is turned against citizens the Neo-McCarthyist witch-hunts will be devastating.
In theory, the data was provided willingly when collected.

If you rent a locker, and the terms of the rental agreement say that the person you're renting from has access to the locker for any reason, then the cops do not need a warrant to ask the lessor to open the locker, only a warrant to coerce the lessor to open the locker.

If the lessor is willing to let anybody take a picture of what is in the locker for $5, then the government doing so isn't abusing its special privilege.

In practice, most people do not understand the ramifications of the things they agreed to that put this data out there (if they even read it!) and in many cases did not have reasonable alternatives to the services that they signed up for.

In Europe it doesn't work like that. There you give consent to collect for a specific purpose and for any other purpose you need to go back to the source for another round of consent. This is something that many companies haven't implemented properly yet (but a surprisingly large number actually do).
And in reality, every process is a kafkean bureocratic nightmare were you end up having to say yes in order to advance and they milk your data anyway while also using privacy rethoric to prevent citizens from getting gov transparency.

The typical powerful west European countries are corrupt to the core and when people feel we are better off than in the US (self congratulatory posts are common) it's generally lack of political awareness and involvement more than anything.

In reality, it just mostly works. Source: ample experience with European (no idea why you added 'West') companies that deal with my data. Since the GDPR has gone 'live' (as in: fines are being issued for non-compliance) the situation is improving every day.
The 14 eyes alliance and legislation in countries like France make the GPRD seem more like protectionist laws that favor local corporations instead of actually protecting the privacy of everyday citizens.
That's because GDPR explicitly isn't meant to be a law that protects against governments but against private entities. There's nothing "protectionist" about that.
If anything local corporations are far more at risk of enforcement so your comment makes not sense. Privacy of everyday citizens has measurably improved, both from the perspective of an EU data subject (myself) and someone who professionally looks into the kitchen of many EU companies that process data (myself).
It doesn't. I added west because I've lived in several countries of Europe and I'm talking about those and some other hegemonic ones I know about. The ones usually lauded due to not knowing about them. I'm European.

In this site there's a trend to treat Europe as a monolithic entity and pretend it's awesome. Any criticism gets taken as "Americuns" being ignorant and europe is awesome.

In reality, I see a lot of unwillingness to accept the political reality and pretend "we are better than USA" via political apathy and coping.

People react negatively when you point out polítical facts they don't want to see. It's easier to look at USA with an air of superiority. This also happens the other way around, of course, but HN demographics make one more typical.

I have lived in no less than 7 EU countries as well as Canada and a bunch of others and EU privacy laws + implementation are hands down the best in the world right now. Could they be better? Yes, absolutely. But nothing else even comes close.
Except GDPR is full off "except law enforcement" exceptions
Yes, so? Check out the text to see exactly what the context for those exceptions is and it all looks fairly reasonable. It doesn't say 'law enforcement gets to do whatever they please'.
Nevertheless, law enforcement gets to do whatever the current governing regime permits, extrajudicially or otherwise. Consider that police in the US have both handcuffs and guns while police in the UK just have the handcuffs. Look at the effects, where so many in the US feel justified in their need to defend against extrajudicial force with guns (per 2A). Look also how many cops kill US citizens (suspect of a crime or not) compared to how many cops in the UK apparently don't feel such "fear for their life" which justifies the extrajudicial killings. If people have a hammer, nails will be what they find.
>In theory, the data was provided willingly when collected.

That's spot on, and your analogy is a good one, except that in the realm of personal information, no warrant is required in the US.

There is quite a bit of law and numerous court decisions around this process in the US.

That jurisprudence is more generally called the Third-Party Doctrine[0]:

   The third-party doctrine is a United States legal doctrine that holds that 
   people who voluntarily give information to third parties—such as banks, phone 
   companies, internet service providers (ISPs), and e-mail servers—have "no 
   reasonable expectation of privacy" in that information. A lack of privacy 
   protection allows the United States government to obtain information from 
   third parties without a legal warrant and without otherwise complying with 
   the Fourth Amendment prohibition against search and seizure without probable 
   cause and a judicial search warrant.[1]

[0] https://en.wikipedia.org/wiki/Third-party_doctrine

Edit: To clarify, I disagree with this doctrine and would love to see limitations on data retention periods as well as warrant requirements for access to such data.

> In practice, most people do not understand the ramifications of the things they agreed to that put this data out there (if they even read it!)

True, but it's even worse than that. Many of those who do understand it, simply don't care ("nothing to hide", "nothing to fear", etc.).

The allure of a "free" service that everyone else uses is enough to abandon any expectation of privacy, and consciously come up with arguments that it doesn't matter.

> In practice, most people do not understand the ramifications of the things they agreed to

Going further, it must be clarified that the whole point of doing things this way is that people do not understand it. The people who want to surveil everyone could either do it illegally and get in trouble, or create an inscrutable bureaucratic system that so sufficiently obscures what they are doing that they get the same results along with a legal cover if they are discovered. If we did have privacy laws that prevented this, they would just collect it illegally. This is absolutely not to say that privacy laws are pointless (they would be helpful) but that we must understand this situation not as an accident, but as the slow creation of a class of people who want to exercise power over us and have been getting their way.

Google founders had some internal compass when they offered GMail "free" with an explicit statement that they would "index the emails" or whatever. I recall smart people, a few of them, noting it but the rush happened. Second was smart phones not being too coy about knowing your phone call records with an ID attached to it, every time, all the time. When the public accepted those two things, in recent memory, that was enough to tip IMHO here in the USA. Whatever legal powers behind the scenes with the Patriot Act were contemporaneous, after GMail.
I checked a few dates.

Gmail launched in 2004.

The Patriot act was signed in to law in October 2001.

Bill Binney blew the whistle on illegal NSA mass data collection of email, web browsing, and cell phone records in 2002.

Hard to pinpoint when smartphones became mainstream, though as a point of reference the iPhone was launched in 2007.

So clearly the NSA was trying to do dragnet surveillance of the internet well before gmail or the widespread use of smartphones.

A quote from the Bill Binney wikipedia page: "Binney has also been publicly critical of the NSA for spying on U.S. citizens, saying of its expanded surveillance after the September 11, 2001 attacks that 'it's better than anything that the KGB, the Stasi, or the Gestapo and SS ever had'"

https://en.wikipedia.org/wiki/Gmail

https://en.wikipedia.org/wiki/Patriot_Act

https://en.wikipedia.org/wiki/William_Binney_(intelligence_o...

https://en.wikipedia.org/wiki/Trailblazer_Project

There are a ton of 'workarounds' like that in play, parallel construction being one of the most extreme ones. It's interesting how these invariably work very well when it is the government in the position of the plaintiff but citizens will never ever see the benefit of any of this. Cameras everywhere, but good luck if your car gets stolen. Meanwhile all of your movements are tracked with abandon, ANPR on every second street and so on. Privacy is very hard to come by.

At the same time: I sympathize with LE and intelligence service operators that have their heart in the right place and that would just like to be able to do their jobs in a hostile and hard to navigate digital environment. Tech moves so much faster than they can keep up with.

If law enforcement has a reason to obtain data, they should be able to get a warrant to obtain data for people of direct interest. But especially the federal gov should not be able to have data that they cannot legally obtain directly from the population. What good is a law and right of the population, if it can be trivially circumvented?

Having data on everyone and then only using it against people they want to use it against is exactly what the Stasi did. Obviously this is their dream come true --just a little to late for them.

Agreed, but this is something that has been going on for decades. Their excuse - believe it or not, I can dig up the source if you want - is that as long as nobody looks at the data it is ok to have it. I thought that was being incredibly economical with words, clearly that is not the intent of the law.
It's ironic that this is what all repressive governments do. They hold data and when they need it they spring it. But I guess this escapes them -or maybe not.
It escapes them but it shouldn't.
> What good is a law and right of the population, if it can be trivially circumvented

U.S. v. Miller [1], which established the third-party doctrine, turned on whether "the business records of the banks" to which the defendant could "assert neither ownership nor possession" could be accessed by subpoena versus court-authorized warrant. (The context turns on bank records. Smith v. Maryland [2] expands it to "phone numbers [conveyed] to the telephone company.")

This seems trivially fixable with legislation. Requests made by the government to third parties in respect of specific persons' non-public (even if not strictly confidential) records require court approval or the first party's consent. Also, easier than trying to expand he definition of "houses, papers, and effects" [3] to cover our data in various clouds: defining, in statute, that there is a legitimate and reasonable expectation of privacy in the phone numbers one dials to speak to or message with another person or persons, e-mails one sends to a small group of people, handles one provides a messaging service marketed as encrypted, and articles (e.g. documents, photos and work products) uploaded to a third party's server for personal use.

[1] https://tile.loc.gov/storage-services/service/ll/usrep/usrep...

[2] https://tile.loc.gov/storage-services/service/ll/usrep/usrep...

[3] https://constitution.congress.gov/constitution/amendment-4/

The government has the monopoly to violence, Google does not. The cops can arrest you, Netflix can't.

That's why information in government hands can be more dangerous than in corporate. A good example is when Nazis occupied Holland they used governmental data on religion (collected to properly allocate funds for places of worship) to track jews and send them to the camps.

So data in corporate hands is bad, but governmental data can be even worse.

And this is why the constitution is in place. To prevent the government from overstepping.
It needs to start doing a better job then, cause it looks like it's asleep on the job
The people have to wield its power. It won’t act on its own.
Constitutions around the world were absolutely trampled under the guise of an axiomatically defined emergency that trumped fundamental freedoms and civil rights.

Freedom of movement, association, speech, religion, bodily autonomy and more... All down the drain.

All you need is a bit of collision between government media and tech and you're golden.

The constitution was written a long time ago and really says nothing about information technology for obvious reasons. The fact that we don't have amendments for a lot of modern issues is a scary thing for the general population.
I’ve read this entire comment almost verbatim so many times as a justification for private surveillance of society. Pervasive surveillance is a problematic issue, period.

Let me tell you what companies can do: they can make lists and pass it privately around to deny you gainful employment, loans, investment, etc. They can also sell it to the government, subverting privacy and due process rights.

>deny you gainful employment, loans, investment

If you are hiding information that would cause people not to do business with you that is almost fraud.

Anti discrimination laws exist for a reason.
What if that information was how you voted, or that stupid thing you posted on AITA six beers deep five years ago, or how much time you spend watching Netflix, maybe you watch too many war movies, maybe one time you posted anti advertising agency content six years ago and you applied to an ad agency because you desperately needed a job.

In highly competitive markets people use stupid things to deny people opportunities.

Just look at some of the things the sick freaks in the government collect data on through their massive data harvesting apparatus [0].

But in all seriousness, you should know it is actually possible to use data towards good aims. Policy makers can use data to produce better answers to questions exploring issues like poverty, disease, crime, financial literacy, etc. Setting up a massive survey is slow and extremely expensive, and that makes it extremely hard to iterate on findings. Getting answers years quicker makes it possible for the government to develop better policies, and that's a good thing. Sure the Nazis were evil, and information enabled the Nazis to be more efficient and effective at implementing evil policies. But an un/less-informed government isn't a goal to strive for. Good government implementing good policies is a goal worth striving for, as there are some problems that can only be addressed at government scale.

[0] https://www.census.gov/

Ah yes the FBI is now buying civilian data to take surveys for us! I envy your rose colored glasses.

Considering I know what kind of data is available, I sincerely doubt this is what is happening. Does that mean, that it's all super evil bad bad stuff, nah, but it is exploitable for evil for sure.

The state's monopoly, qua Max Weber, is on the claim to the legitimate use of violence. That is, the right and legitimacy of that right, is restricted to the state, or an entity acting in the effective capacity of a state, whatever it happens to call itself.

Absent this, one of three conditions exist:

1. There is no monopoly. In which case violence is widespread, and there is no state.

2. There is no legitimacy. In which case violence is capricious.

3. Some non-state power or agent assumes the monopoly on legitimate violence. In which case it becomes, by definition The State.

The state's claim is to legitimacy. A capricious exercise would be an abrogation of legitimacy

Weber, Max (1978). Roth, Guenther; Wittich, Claus (eds.). Economy and Society. Berkeley: U. California Press. p. 54.

<https://archive.org/details/economysociety00webe/page/54/mod...>

There's an excellent explanation of the common misunderstanding in this episode of the Talking Politics podcast: <https://play.acast.com/s/history-of-ideas/weberonleadership>

The misleading and abbreviated form that's frequently found online seems to have originated with Rothbard in the 1960s, and was further popularised by Nozick in the 1970s. It's now falsely accepted as a truth when in fact it is a gross misrepresentation and obscures the core principles Weber advanced.

In your comment, what you confuse is capacity for violence (inherent in all actors, state, individual, corporate, or non-governmental institutional, with numerous extant examples of each) with the Weberian definition of a monopoly on the legitimate claim to violence. In practice, enacting violence on virtually any actor will engender some counterveiling response, though the effectiveness will vary greatly depending on the comparative power and/or disinhibition of the entity responding.

There are numerous examples of private corporations or non-governmental actors engaging in violence, with or without state support or sanction. There are the 100 million souls lost, respectively, to the British East India Company's occupation and administration (as a private entity, with military powers) of India, of the transatlantic slave trade by numerous private commercial operators, and of the genocide against the indigenous populations of the Americas, again much by privately-chartered corporations (as the original British colonies were). There are extant mercenary forces such as Constellis (formerly Academi, formerly Xe, formerly Blackwater) in the US, or the Wagner Group presently transacting genocide in Ukraine. There are oil companies who have initiated coups, paramilitary actions, and assassinations throughout the world. There is the Pinkerton Agency, still extant, and with a storied role in violence against labour and civil rights movements. There are railroads, with their own (private) police forces, which are in fact registered as law enforcement despite being nongovernmental.

The truth is that there is no clean distinction between State and Private use of force, lethal or otherwise. What there is in government is, one hopes, legitimacy and accountability to the citizenry rather than to creditors and investors.

(comment deleted)
The intents of those enforcing the law is more powerful predictive of what will happen in practice than any intent of the law itself...
It absolutely does. Hopefully this gets brought to court.
You "agree" to give cnn.com (or whoever) the information when you visit their site through stupid TOS BS. You also "agree" that they can sell it.

Law says don't collect the data through surveillance. Law doesn't say "don't buy it from people selling it willingly" - probably nobody anticipated that, because... it sounds kinda stupid if you don't know how we got here... yet here we are.

So instead of trying to lawyerball it to make courts declare that it somehow falls under current restrictions, based on intent vs the actual words, we just need to update the damn laws.

> The government couldn't do it this easily if it wasn't for sale.

Stronger: this being for sale means that it's already being purchased by someone.

Really the scoop to this piece is just "The CIA engages in open source intelligence", which sort of a "duh" kind of thing. If there's intelligence value in a product on the open market, of course they're going to consider buying it.

If it shouldn't be for sale it shouldn't be for sale. Let's fix that, not try to pretend that we're OK if Putin or Xi buys it but not the CIA.

Could some form of copyright or ownership help with this? The reason they can sell it is because it's theirs. Not yours. If you retained ownership of that data somehow would they need a warrant for it?
> Could some form of copyright or ownership help with this

Just pass privacy rights. Backing into a solution with copyright is unnecessarily messy. Nobody wants to deal with a lifetime of the courts deciding on the status of personal data seized in a bankruptcy proceeding or hypothecated to foreign investors.

Just pass mask rights.

If we have no problem with privacy, it shouldn't be illegal to wear a mask in public.

That implies creating market for data, attaching speculative value to it and et cetera, and stinks of web3 bullshit.
> creating market for data, attaching speculative value to it and et cetera, and stinks of web3 bullshit

Creating tradeable property rights is older than web3. (Web3's innovation was turbocharging securitization by skipping the step of finding something worth securitizing.) The question is whether, and to what extent, we want personal data to be a market good. It currently is.

  > turbocharging securitization by skipping the step of finding something worth securitizing
Best description of web3 I’ve ever read
Copyright isn't really ownership and only applies to creative works, software and works that exceed the threshold of originality. It doesn't apply to metadata, location information, secrets and facts about people.

Ownership as a concept doesn't really apply so well to digital things because they are infinitely copy-able. I can have something digital, and you can have it too.

There's certainly a need for better privacy laws which applies to PII but that doesn't really need to be conflated with copyright and ownership.

I've thought about a couple of analogous concepts.

The first is the automatic civil penalty for copying copyrighted music recordings. If you're caught and proven liable, the dollar amount of damages don't need to be debated -- they're pre-determined.

The second is the concept that mere possession of certain kinds of information (unspeakable pornography) is a criminal offense.

I think some combinations of these concepts could create a bounty system for victims to collect on the abuse of their personal information: 1) Improper possession is inherently illegal. 2) Offer for sale or transfer of the information carries an automatic civil penalty.

Since music "piracy" has been demonstrated to increase music purchases, this fixed dollar amount should therefore be negative. Any music I am found sharing shall result in the music industry paying me. Sounds about right.
You likely granted surveillance companies licenses to use and share your content however they see fit, assuming EULAs and ToS are binding.
I don’t fully disagree but there is still a big difference. People voluntarily give these companies their data. The companies aren’t skirting the law. We shouldn’t gatekeep disallowing government spying behind better consumer protections.

The kicker in all this is that the taxpayers are literally paying for this. We are paying to give the government our own data.

My alarm bells for the Appeal to the Law fallacy went off. I see it quite often. When we’re discussing what the law should be, what the law currently is is irrelevant (unless your position is that laws should not change).

The fact that it is currently legal to harvest this data and the fact that it is currently legal for the government to purchase it should have no bearing on whether they should be able to in the future.

Further, there is a serious question with regards to the extent to which these businesses had the actual informed consent of their users. Do people fully understand that their information will be sold to data brokers? Do they understand that the government will be able to purchase said info with our money (and possibly use this information to incarcerate them)? The latter is almost certainly no, which is why the government fought so hard to keep it a secret.

[dead]
> The government couldn't do it this easily if it wasn't for sale.

I don't disagree with your overall point, but the government being allowed to buy this data can create the market for the data in the first place, even if no one else wanted the data.

Make it illegal to sell personal information and the incentive to collect it goes away.
Nice redirection of focus there.
It’s possible with a cooperative model that has no equity associated with it (no incentive to change hands), and the data is legally owned by the data producer (the individual)

So for example if all data between a user and a service is e2e and also legally considered property of the user then the org can explicitly borrow or buy that data for money from the individual- should they choose.

The user also has the default status of transparency around data collection, No data is stored unless paid for and fails secure.

This is a plausible ethical data centric design.

Hundreds of billions of dollars are being made and the government is gaining and keeping control over us with this. If you think meaningful privacy laws will be passed in the US, you are delusional. We are on our own. If a candidate such as RFK says he will attack this practice, I am still skeptical of how successful he will be.
> 2) restrict the government's ability to use or acquire through non-market-based means. The claim here is that there's already restrictions on this vs directly surveiling, but I haven't seen directly which specific restrictions those are for buying off-the-shelf info and the article doesn't specify.

This won't happen, our security state is built on private surveillance and partnerships between law enforcement and private surveillance companies.

Whether we like it or not, the intelligence and security apparatus feel like we need China-style surveillance, because terrorists/spies/civil unrest/FOMO/etc, and we're getting it one way or another. It's either outright illegal, or legally questionable, for the government to do exactly what the CCP has, but there's the loophole illustrated in the OP. Private companies are allowed to surveil Americans, and they're free to choose whether or not they share the data they collect with law enforcement.

Now we have companies like Amazon partnering with thousands of law enforcement agencies[1] to advertise[2], deploy and monitor Americans via their products like Ring. Amazon is free to share whatever data they collect from you whenever they want[3]. They can share your data with law enforcement without warrants and they don't even have to let you know that they did so[4].

The article in the OP goes into how phone records are being used to track people's locations, as well. As much as I'd like to, I can't see this genie being put back in the bottle.

[1] https://www.theverge.com/2021/1/31/22258856/amazon-ring-part...

[2] https://www.businessinsider.com/amazon-ring-require-police-a...

[3] https://www.cnn.com/2022/07/14/tech/amazon-ring-police-foota...

[4] https://www.wired.com/story/amazon-ring-police-videos-securi...

everything we're seeing is capitalism in action. the security state part of it is basically just the overall shittification of technology.
A government buying data for surveillance has little to do with capitalism. Perhaps part of the reason you see “everything” become “shitty” is you have a limited ability to identify, isolate, respond to, and avoid or change root causes.
Gotta love how post-9/11 surveillance style got rebranded into "Chinese-style"
Comparing to a country whose practices in this regard are broadly considered authoritarian makes a lot of sense here. It is quite descriptive. IMO no less descriptive than post-9/11 surveillance
The weird smart city concept and the total surveillance fetishism that comes with it is a product of post-9/11 surveillance, but it's also something that the CCP really nailed in its implementation. The Ring surveillance partnership with law enforcement mirrors what's already been rolled out successfully elsewhere in places like China, while the US is quickly catching up.
Right, and they probably are vastly under represented in the world of "who is buying american information". There's probably foreign adversaries in there also.

This is mostly the wrong side of the coin. You have it right.

Please don't make excuses for the government. This is simply their way of getting around the spirit of the 1st and 4th amendments. It's governmental abuse and anyone with any common sense knows that. Companies can't arrest me and throw me in jail indefinitely.
[flagged]
Shouldn’t you be wearing khakis and marching in a protest somewhere?
https://cybernews.com/news/france-senate-surveillance-camera...

> In France, the Senate just approved a controversial provision to a justice bill that would allow law enforcement to secretly activate cameras and microphones on a suspect’s devices. This type of surveillance would be activated without notifying the owner of the device. The same provision would also allow agencies easier access to geolocation data to track suspected criminals ... Critics are urging French parliamentarians to dismiss the controversial provisions. And it’s not too late – the update to the bill must still be approved in the National Assembly, the more powerful lower house of the Parliament.

Any startup employees working directly on technology trade secrets or otherwise non-public intellectual property should enable iOS Lockdown Mode.

Thanks to years of invasive online targeting, bulk data breaches and mobile phone network structural insecurity, it has never been cheaper to screen for higher-than-average-value targets with digital assets that can be exfiltrated. Since targeting costs have fallen, it is profitable to target employees below the C-suite, e.g. those in strategic or development roles who routinely need to access sensitive information and digital assets.

This applies to enterprise, mobile and WFH environments, e.g. leveraging mobile phone foothold to reach other devices like a home router.

Lockdown mode gives them a handy shortlist of higher than average value spying targets
i guess if everyone enables lockdown mode, the list is not short, if everyone can enable lockdown mode.
Many people could enable Lockdown mode, at the cost of opting-out specific websites or apps which are (a) trusted, (b) dependent on features disabled by Lockdown mode.
> higher than average value spying targets

Acquisition of a per-device, client-side signal is orders of magnitude more expensive than bulk purchasing the data of millions of individuals.

iOS Lockdown Mode? Ever heard of PRISM?
Which mobile phone and operating system would you recommend?
If you are an American citizen who is not against American interests, sure, go with iOS Lockdown Mode. They won’t come after you. If you’re not, then you can get an open-source OS device like GrapheneOS, be careful not to emit any information to the internet except without over anonymity networks like Tor, and use E2E messengers in your day to day comms for your baseline security for today. I don’t know what will happen when AIs will be able to identify any person from a paragraph of text they’ve written. Best to move to a place where no technological State exists and live self-sufficiently then, maybe. Still you’ll be visible to satellites and thus targetable for States, unless you live on hydroponics in an underground mine or something.

For people who are targeted or in risk of being targeted by three letter agencies, it’s a different story.

It’s so easy for any three letter agency to install a mole or buy someone in those open-source projects like GrapheneOS, for example to publish compromised binaries. The best option is always to not use anything connected to the cell (GSM, 4G, 5G etc.) network and carry all comms encrypted over internet, with pre-exchanged secret keys and preferably over a network like I2P and over public Wi-Fis. You can use I2P outproxies to connect to visible (normal) internet. I do NOT recommend Tor, there were reports of Tor being compromised and it’s too suspiciously popular to be trustable IMHO. Pay attention to CCTV cameras as well, don’t sit in a mall to connect its public Wi-Fi. All these things obviously introduce a lot of friction to your communications, but if you are such a high-value person you should have set up your network of people accordingly beforehand as well, to relay messages and such. QubesOS is a good OS for such people. If you have the means, custom device solutions to communicate over radio with encryption is by far the best option you can have, especially for receiving critical comms on time. This only leaves the risk of triangulation when you transmit, but you must be a really high value target for this to happen. And you can always still use internet as I described to transmit.

Don’t ask how I know all this.

Thanks for the detailed response. We need more opsec guides for "targets", especially if cheaper targeting => more targets.
Not talked about in the article, is that this report is actually trying to move progress forward to addressing the issues surrounding the new, abundant, and detailed information and how the current framework of 4A legislation isn't really appropriate in the new data market.

From the conclusion:

  U) Third, as part of this set of policies and procedures, and/or as a complement to it, the IC (Intelligence Community) should develop more precise sensitivity and privacy-protecting guidance for CAI (Commercially Available Information). Again, we offer several suggestions for the development of such guidance.
So, in some light this should be considered progress, not the 800lb gorilla in the room.
Rules or guidance just serves to legitimize it. Hey, it's OK as long as we follow the rules... oops sorry we didn't follow the recommended practice there... quite different than getting caught breaking a law.
+1 for the article actually mentioning the 4th ammendment, even if it was only in a quote from Sen. Ron Wyden:

“I’ve been warning for years that if using a credit card to buy an Americans’ personal information voids their Fourth Amendment rights, then traditional checks and balances for government surveillance will crumble,” Ron Wyden, a US senator from Oregon, says.

I continue to try to highlight the degree to which the 2nd ammendmennt is quoted versus the 4th ammendment The 4th being much much more relvent to the current state of affairs.

The 2nd Amendment receives a lot of coverage, yes.

Broadly speaking, for a 2A advocate, every 2A conversation is also a conversation about 4A, 1A, 9A, etc. For example, the track record of the government on the Bill of Rights is seen as a rationale for staunchly protecting 2A. And the inverse: they feel the elimination of 2A will only clear the way for the complete disregard of the other Amendments.

Broadly speaking, those opposed to 2A think it highly unlikely that the state would ever side against the people in a "developed" nation in any meaningful way* (in contradiction with not just the history of states across time, but very contemporary examples in other countries).

But as Adam Michnik said, "the crucial distinction between systems...was no longer ideological. The main political difference was between those who did, and those who did not, believe that the citizen could - or should - be the property of the state." This observation from the 80's(?) in Eastern Europe becomes more relevant to the United States as the years go by, it seems. I'm writing this comment in a post about the US government building a massive data warehouse on its citizens, while coming out of the experience of the COVID years and in the context of the expose of the US government using the media corporations for public discourse censorship.

* Yes, I know there are grey areas in the middle and nuances to arguments, principally boiling down to moderation ("we just want common sense regulation"), gaslighting ("nobody wants to take your guns"), and futility ("you need an F-15 not an AR-15 to fight the government"), etc. Again, the comments above are intentionally broad to illustrate the contrast in political philosophy.

But yes, as a strong 2A advocate, I agree that the incursions on the other Amendments need more coverage. I would go so far as to say it's part and parcel to every 2A conversation.

Quick, someone put up a web site where I can click on any legislator's name and read everything there is to know about them which can be commercially purchased. Maybe have a button to contribute to a fund to buy it so it can be published.
Next week: "Congress passes bill banning sale of US Gov employee data."
And if they are doing it to citizens, they are almost certainly doing it for non-citizens (most of the existing "protections" specifically state they don't apply to non-residents which always caused me to raise an eyebrow). :/
There was a time when it was incredibly obvious to virtually everyone in the country that if you start throwing the Bill of Rights away, this is the result.
[flagged]
Maybe this place you dream of does not yet exist.

I, like you, wish there was such a place where everything just worked. Everyone got along. I think we all long for such a place.

I've been to a number of countries that by GDP are "poor" compared to the US. They have perfect roads, very little crime and far fewer cultural problems that plague america.

Italy, Switzerland and the Netherlands all seem to be getting along just fine.

> far fewer cultural problems

Do most people in those countries look the same?

yes - as an american I take the uncommon position of not making prescriptive judgements on how other countries should conduct their affairs.
What does that mean?
I don't think Switzerland is "problematic" because they prioritize laws and policies that benefit the Swiss for ex. Same for iran etc. I don't see what the skin color or cultural diversity of the country really has to do with anything.
My point is that it's easier to have fewer cultural issues when your whole country looks the same.
A cursory look at a world history book proves that isn't the case.
I didn't say there were utopias but it eliminates an entire class of racism related cultural issues.
The same issues exist, just mapped onto other concepts like ethnic group, tribe, nationality, religion, class, etc.
Switzerland has 3 official languages.

Italy has a range of physical features that would surprise a lot of Americans and most Americans would not bucket every fully-native-for-generations Italian as white based on appearance. (In addition to the other side, lots of people that most Americans would think look too northern European to be Italian.)

I think you are projecting American racism onto other places. (Not that these other places don't have their own racism.)

Switzerland is one of the richest countries in the world. And I wouldn't call Italy or NL "poor."

Switzerland's GDP per capita is around 25% higher than the United States. I would further guess that Switzerland probably has much less inequality than the United States. The Swiss are uniformly rich compared to the extremes of America.

> it's starting to become hard to really qualify what I really get for being american

I’m preparing to renounce my American citizenship (lived most of my life elsewhere, no remaining ties to the USA), and I am amused by the frequent exhortation on internet fora against renunciation "If you have a US passport, you can rely on the US government to get you out of trouble". People really seem to think that Seal Team Six is on standby to save any ordinary American facing violence or natural disaster abroad. Me, I remember the aftermath of the 2004 Indian Ocean tsunami when many European countries swiftly evacuated their citizens or citizens of fellow EU states, while US citizens were mainly left to fend for themselves.

Well, you have to ignore all the ideological stuff (read: propaganda) and think about actual advantages. FYI, if you’re considering other citizenships I think it’s safe to assume you’re not struggling financially. (If you think you can just move to Canada think again, it’s not that easy.)

In practical terms, it’s a good passport. You will be able to travel to many countries visa free. Not the best passport (Japan’s is, but much harder to get) but still pretty good.

You also have work authorization in a highly developed economy. Probably the highest pay for Software Engineers.

The US is also a good place to start a company. Large market, mostly homogeneous, pretty developed.

The US isn’t great when it comes to economic equality but also not the worst. However its anti poverty programs aren’t great and companies can be predatory with little by way of consumer protection.

Buying a house is still achievable in the US but getting harder.

Schools are pretty good if you live in a nice neighborhood. If you’re poor, good luck.

You will be surveilled. Pretty much every country with the means to do so will surveil its citizens, so that’s not a differentiator for me. The question is how much, and how that information can be used in the future.

You may make more money here but it doesn't seem to go far compared to how much of the American lifestyle is captured by rent seeking.
Yeah, it's also getting less appealing because the whole "game" of fancy cars, expensive houses and showing how much you have just isn't that interesting to me.

I like investing basically all of my money and traveling whenever I want to. I'm not married yet so this has been working out pretty well - especially since I left NYC.

I think a lot of times people go through things they're not happy about in their own lives (the glaring one in your comment could be the stress of a long distance relationship) and they project outwards, trying to make it about something external like the place where they live. From there, we invent boogeymen such as "criminals" getting away scot free, or unruly immigrants. Focus on removing stress from your own life and away from the boogeymen and scapegoats.
> Canada drives me nuts with how much of an edge it lacks, how slow and sort of boring it is

Yep! It’s alright. We definitely aren’t the greatest country in the world, but it’s nice enough to be enjoyable, and boring enough to not put random personal or societal disasters in your way with any sort of regularity.

Montreal has so much character, quebec in general really. It reminds me of the city you'd get if you combined boston, bits of manhattan and amsterdam.
I have no clue why GP's comment was flagged. Brigading going on?

Few years ago we acquired something in Montreal related to AI, and it's interesting because when we tried to get the team to relocate to California many weren't interested. A lot of the key personnel ended-up moving, but they still kept a significant presence in the city. Even today, when hiring they'll have engineers indicate early in the process they won't ever move (despite pretty much everyone considered for that office being eligible for an O-1 due to the nature of the work being done there).

What's interesting is we opened a satellite location in Toronto and it was a completely different experience. First thing people asked coming into interviews was about relocating to the US and if we could sponsor their visa. The demographics also skewed heavily toward recent immigrants to Canada.

The irony was, the Toronto location was opened specifically to house developers that simply couldn't pass the higher bar for US immigration.

Having lived and worked in Montréal and Toronto before, I can totally understand that sentiment. People are priced out of Toronto making 110k$/year if they wanted to live in an urban city. So people just aren’t attached to it. They probably lived further near or into the GTA where it’s less urban, or were paying a 1900$/month rent for a small bachelor apartment and were constantly comparing their experience with the bill.

Montréal on the other hand, people will fight for. You can live here for (relative to Toronto) cheap, get the whole urban dream, and live around some very nice people that are equally proud of their city.

(comment deleted)
> Bay Area - people are nice, streets are clean and police do their job

I don't know about NYC, but the Bay Area doesn't fulfill those anymore. The number of people on the street. Trash. Crime. It's getting wild out there. I live in a very safe community and a 70 year old woman was beat up for a few dollars last week a few blocks from my house (and 1 block from the police department!).

Yeah, I left after one friend in NYC was attacked on the subway and another beaten in broad daylight in Wallstreet after leaving his office.

Sad that even in my prior neighborhood (los altos) there are carjackings and armed home invasions now... Impossible to imagine in 2015 while I was there :(

The USA is good for making money and being safe from foreign invasion.

Otherwise a lot has been going downhill and there is too much patriotic pride to admit or change it. But it's multiple issues, hyper-capitalism, lobbyists, no form of conflict of interest rules for politicians or anyone working for them, multiple news channels supporting "2 views", but all on the same page of ignoring the class warfare.

I've talked to lots of people from other countries as I meet a lot of people and talk to many and most see us as going downhill or having poor worker rights and no social safety net (healthcare).

Someone from China told me their parents think Americans work too much. Another person from Eastern Europe things we are in the toilet, etc. Other people from South America saying how they would pick Canada over the US any day. I just laugh when I hear it, because I feel we are too blind to see it.

School shooting solutions are all about guns instead of the real issue, mental health.

Politicians that want people limited on what they can earn with SS (keeping elderly people poor), when they get very good retirement benefits. Politicians dodging taxes or making sure the IRS is ill staffed, when its proven more IRS helps get the bungled dollars from Big Companies and Pockets that are cheating the system.

I believe this is the report in its original form:

https://www.dni.gov/files/ODNI/documents/assessments/ODNI-De...

Named providers...

Reuters CLEAR has no clear opt out and is being sold as "prevention" (precog). https://legal.thomsonreuters.com/en/products/clear-investiga...

LexisNexis https://optout.lexisnexis.com/

Exactis has no clear opt out. https://www.exactis.com/about-us/

PeekYou https://www.peekyou.com/about/contact/ccpa_optout/do_not_sel...

Are the opt outs worth it? I don't see the benefit of giving them my real name, my info and telling them to delete it if they figured out it was me. Would it be easier to just change your name every once in a while legally?
Not sure what the play is here. By changing your name you are telling the government about your new name. So they will just search for all of your names.
Good luck looking though all the John Smiths. If the government can fuck up because they didn't check Firefox instead of internet explorer I'm hoping there's little human errors that will make it harder. I'm sure they have electronics checks but I'm sure there's human error too.
Probably in many countries there could be a sketchy but still potentially viable process of changing your DOB, for example by attesting to incorrect original documentation by various corruptible authorities and presenting such to other authorities (eg. claiming an off-by-one on month or day). This may be more effective in conjunction with name change as it pretty much removes the major de-duplicating factor in most government identification schemes.
Isn’t a name change just another entry in a database saying user_id X now points to make Y?

How hard can it be to combine one more database entry into a deanonymisation process?

Where can I buy my own information? I’d like to know what info I am leaking so I can make adjustments to limit what I’m sharing
It's bulk. You are going to be buying a lot of information. I'm sure it includes triangulation information.
I assume it’s also somewhat anonymized too? But easily de-anonymized?
I have never processed this data. You can find patterns for triangulation, and see where the cells are as this or this hour. Then you look at the calls and the texts (not using data, sms and phone calls) and determine their links. Mix this with credit card information and banking info and you have their names, shopping patterns, location and who that are in contact with through calls and texts (off the top of my head). With the data, you can see people's sites they visit from the ISPs, but with https and SSL not get everything, but you can get a very good idea from that.
There was a good NYTimes piece about it a few years ago. It’s easier than you’d think. If you know the target’s home address you can track the devices that come from there, and everywhere they go. On weekdays they’re probably going to work, which is also quasi-public info.
(comment deleted)
I can only read that title literally
I wish I could read more reporting like this. Incredibly relevant to the average American, devoid of any political nonsense, and pretty straight to the point. The loopholes being abused by surveillance branches is truly alarming.
I suppose it's relevant but (devil's advocate) how does it affect/harm you? The reason the public doesn't seem to care is because it's benign.
The reporting is also wrong. (No surprise: the same reporter also hilariously misreported PRISM.) Luckily, it links to the report, so any motivated reader can get the real story.
lose yer phone.

if your computing devices have cameras and microphones, disconnect them.

do not use credit cards or online payment systems. cash, grass, or ass.

... and they'll still know anything they care to about you; and failing that will make up anything they need, should anyone with access to the levers of power decide that you are a worthy target, for whatever reason.

What exactly is being sold here? Triangulation information, texts and calls? If so it's been there forever, this isn't new. It's been happening for over a decade. Who remembers lifelog from DARPA? Killedhttps://en.wikipedia.org/wiki/DARPA_LifeLog Who's giving them information? You are (on Facebook, Instagram, Reddit, etc).
Don't forget the people including you in photos that go up on Facebook, Insta, etc.

You may not have accounts there but rest uneasy that unless your family and friends respect your privacy and right to informed consent, photos of you are getting processed for face recognition and location without you having to do much other than say "queso" for the photos.

I wonder if we can get our own information someday it would be fun to see how right and wrong they get this information. I've seen stuff like socialblade and aggregators guess, and they're always way off. With AI it's time to poison the well. :)
I'm curious what would happen if a privacy-focused nonprofit tried to purchase this bulk data and were refused. If it's only truly available to 3 letter agencies then they are acting more like contractors and the legal rationale might unravel.
This assumes that three letter agencies care about the law at all. They'll either come up with some other legal rationale that sidesteps the clear intent of the laws which would otherwise protect the rights of the American people or they'll just ignore it. I'd actually prefer it if at this point they just openly admitted that they were going to grossly violate our rights than this game where they smile and tell us how free we all are while they continue to come up with insane legal theories, imaginary guardrails against abuse, and toothless regulations which ultimately let them get away with doing whatever they want anyway. A little honestly would be very refreshing.
It's a tangled mess. If the companies are voluntarily cooperating, it's not as simple as calling them contractors. Look at all the covid/Biden subject matter censorship that was going on for an example. These companies invited the agencies in for reasons; they became willing tools of government censorship. There's no crime in it unless the government is coercing them. If you've interacted with the agencies, you know that coercion can be very subtle and light-touch. It can also be unofficial bargaining to the look the offer to look the other way or the threat to look intensely in one direction or another. Point is, you're rarely going to see a demand letter on the record requiring compliance outside of the warrant system (including FISA). The agencies know they can't compel private companies or state governments to do their work legally, so they work within the gray areas.
Contractually, they wouldn't be able to talk about it legally since most of these purchases are done via MNDA.
One thought that occurred to me, regarding how to stop this kind of data being available:

First, a question: how does the government (or any buyer) determine that the data they are buying is genuine?

Second: Assuming that there's really no good way, then there's something you can do. Somebody could simply run lots of ChatGPT style models to generate a flood of nonsense but plausible-looking data about everyone on the planet. Flood the Internet with it. Compile it into lists and offer them for sale. Cheap!

Once there's so much nonsense data out there, then provenance becomes more valuable. It becomes less useful to just buy random data.

Doesn't solve the actual problem of privacy, but it might help in the short run.

Hello, does anyone know where an average, every day Joe would buy this same data? I want direct links.
Where is my old TIA presentation from Adm. Poindexter?
Wonder what it is being actively used for and how it is influencing our politics?

They're not going through all this effort just to sit on all the data.