1. Photographs/video might be inevitable: cellphone cameras are ubiquitous, people love to share media and memories; There are strong cases for CCTV for security. however ...
2. Analyzing images for biometric markers and linking it to a database of persons can absolutely be legislated against.
3. One step further, utilizing biometric information for decision making is also very easy to legislate against.
Some companies might do these things secretly anyway, but then we have the need for audits and strong enforcement of the law, which is another matter. First step is to get this into legislation.
I agree. This is much like legislation around traditional weapons: Sure, you can't un-invent nuclear physics, gun powder, bows and arrows, knifes, sticks. They are to some level ubiquitous, available to anyone with enough resolve.
But that doesn't mean any entrepreneur can decide to produce or hoard large amounts of weapons for personal or commercial gains. In most countries, there are legislative boundaries that make sure the state has monopoly of violence and (preferably democratic) government controls that force.
That system of course is still dangerous and fragile, but far better than roving gangs or ultimate power at the hands of commercial organizations...
In a lot of countries you are not allowed to just record private conversations with listening devices (and it is not happening as a mass phenomenon), so clearly we can legislate successfully against use of technology.
What would prevent me from walking around the street or in semi-public places recording non-stop on my phone? Heck, I could have a few phones in my pockets!
Along the same lines: what would prevent you from using a knife to kill someone and hoping/attempting to make sure that no one notices?
Indeed, even though murder is illegal, it still happens. But the law is there to codify that murder is heavily frowned upon. Places where legislation were absent of the law isn't sufficiently effective enforced, tend to have more random violence.
> This is much like legislation around traditional weapons.
The problem with that comparison is that it would be very obvious and noteworthy if Nestle started to drop bombs or hired mercenaries to prey on villages who tried to fight their abusive water practices, or whatever analogous weapons fiction you can imagine to Big Tech abusing their data and resources for invasive spying. People would die and/or be injured, likely property would be destroyed--these are extremely tangible things.
Big tech could be using facial recognition for years and fly under the radar. Privacy is essentially intangible.
I guess that difference stems from the novelty of privacy invasion "weapons". A bit like attempting to threaten a Roman soldier by pointing a machine gun. It takes time, probably a couple of centuries to build up experience with surveillance to fully grasp the ramifications.
But we're also no longer at the unknown-unknown point; we understand that there might be serious problems unless we dial down the pace at which we allow data hoarding.
At least some privacy would be preserved if there was a law that said "if you have a legit reason to track people using facial recognition, you must throw away all inferred information after 1 hour". Or some other arbitrary limit. Or a law saying you're liable if your data were ever to leak. Or some other obstacle.
2: governments can legislate against against anything, but this feels like the other side of the same coin as pro cryptographic freedom: you're trying to ban maths.
We can, and IMO should, ban this type data use in commercial and party political contexts, but that isn't going to do anything to stop criminals and foreign governments doing these same things for their own commercial and political goals.
Many (most?) places in the US have outright bans on wearing masks in city/county ordinances, sometimes with exceptions for children or Halloween, sometimes not. Those laws were basically ignored for covid though and I know several people who found masking extremely beneficial for cold weather or allergies and they'll keep masks on hand for those circumstances.
No matter how popular that becomes I suspect it'll turn into something that police will enforce selectively whenever it suits them rather than those laws going away.
> I used to be worried about face scanning. But sometimes I wonder if it's an inevitable evolution of technology.
Werent you worried about face scanning precisely because its a seemingly inevitable evolution of technology? The use of “but” is confusing to me. It seems like the reason for being concerned has assuaged your concerns.
> I used to be worried about face scanning. But sometimes I wonder if it's an inevitable evolution of technology.
The cat's out of the bag. But you can still exercise caution. I remember when that app FaceApp was trending, and everyone wanted to see what they looked like when older, oblivious to the ulterior motives behind the app. Essentially they were building a FR database from user generated content. So, don't feed the beast and don't upload your faceprint to apps every chance you get.
When companies spy on their customers/users it's a 4 million Euro fine, when member states want to track the phones of its citizens it's a human rights violation, but when the EU it self wants something similar or worse it's a question of safety.
EU is not something different than the member states, it's %100 made of (elected) or (appointed by the elected) from the member states.
So the appointed by the elected will consult with the elected and come up(or already came up) with a proposal and the elected will vote on it.
This website is made by some interest groups(both from Italy) that want to pressure the elected to reject a certain proposal.
Nothing weird really, just politics of a democracy in action. If you agree with the position of these interest groups you can support them, if you don't care you can ignore them or if you disagree you can start a counter campaign.
I wish it was so simple, there are a bunch of different bodies; only the parlement is directly voted in. Especially the EU commmision the most powerful part are picked by the 27 leaders. Consequence is lot of deal making and influence by main countries France & Germany; and no direct responsiblity to citizens. It's not all bad, but also not all great.
The EU holds elections in each country which barely anybody knows about. They're not heads of state. Members of EU parliament are called MEPs, and are totally separate from heads of state elected in national elections.
Well, sarcasm works only so-so on the internet. And that people dont vote during EU elections, which are heavily advertized at least in Germany, is hardly the EUs fault.
The EU commissioners are the appointed ones by the EU parliament(elected directly by the citizens) and the 27 leaders(head of state of each country, directly elected) elect the EU president.
The direct responsibility to the citizens concerns the elected ones. The commission is powerful but their power is restrained by the elected ones and the elected ones can replace the appointed ones if they are not happy with it.
Anyway, direct democracy exists only in few places, like in Switzerland. EU and most of the democratic world runs on representative democracies, that is you elect people who you trust that will work the best for your interests and send them in a fancy building to vote on stuff and hoping for the best.
I find it useless to dive into a discussion on whose interests are the collective interests. Let's hope that we will get rid of those who's interests are not aligned with the collective interests.
How much the EU has a democratic deficit is a personal question for each constituent. In my case its democracy is very far removed from accountability and representation, so I believe the deficits are quite pronounced.
It is not really honest to say you can put layers upon layers of indirect representation and the democratic process would not suffer. Legitimacy is lost on the way.
The Commission is decidedly not the most powerful part! It is simply the secretariat for the EU, what in the UK is called the Civil Service. It is involved with policy formulation and implementation sure, but only at the behest of the other bodies.
The most powerful part is the Council, where each member government is represented and is the mechanism by which member states pool their sovereignty. Nothing happens without the (often required to be unanimous) agreement of the Council.
Recent case in point: an EU Commissioner stated that aid to Gaza would be cut in the aftermath of the Hamas attacks - this was quickly backtracked when a member state objected.
A governing body chartered for the collective interest of its members is indeed something different than a group of states working for their own interests. Just because I vote for my representative doesn’t mean my representative is no different from me.
> EU is not something different than the member states
This is clearly false. The member states exist independently of the EU. If you get rid of the EU, all the states still exist. Which means the EU is something more than “just the member states”. The EU is obviously a governing body on top of and between the member states. There is an EU president, parliament, and other offices for crying out loud. There is no way you yourself can believe what you’re claiming.
If 5 people come together and form a music band, is that band just that 5 people or something external? That's what EU is, 27 states who send people to do stuff that concern all the member states in Brussels.
You can load as much meaning as you like on top of it, but there's no external party. The president of the EU commission(there's no president of EU) is elected by the heads of the governments(the EU member state governments, elected by the people of that state) and approved by the EU parliament(directly elected by EU member state citizens). So, If one of the band members is elected by the other band members to be the lead singer, is that band member something external?
EU countries are allowed to spy just fine. I remember we were all freaking out by Snowden's revelations about phone tapping in the USA. Dutch Journalist were describing how scandalous it was, while at the same time the Dutch intelligence been doing that for a long time without needing a warrant, were and no one really cared about it.
There’s a difference between your own democratically elected government spying on its citizens and some other government you have no control over doing the same. Not saying that it’s good that the Dutch government was spying on its citizens, but it’s worse when it’s a foreign super power.
EU is not an unrelated 3rd party, its partly the democratically elected(the EU parliament) and partly the Dutch government(the Dutch head of state) and people appointed by those.
I disagree, it is the exact opposite in my opinion. Compromising data about myself isn't relevant to China (I am not in China), but perhaps relevant to my current or coming government.
The exception is if I am an official, a public persona or a dissident of the country doing the spying. But for everything else the impact of your own government spying on you is much more relevant.
Of course situations were friendly states spy on each other notwithstanding.
The EU doesn't have security services. What you're referring to is what (primarily) the member states want and they try to get it at the EU level so they won't be in violation of EU laws
In any case this specific request is about adding additional safeguards in a new act, not about stopping an ongoing practice or blocking a regressive proposal like the chatcontrol issue
What's weird about that other than the mistake of thinking "the EU itself" is a thing in this context?
States are allowed to have armies, corporations are not. States can send people with guns after you and lock you away, corporations can not. Do you think that's weird too? States hold more power than corporations because corporations exist only because states allow them to.
Now whether states are a good thing or not is another question of course.
The aim of this project/campaign is not to be scary, but to raise awareness among policy makers and citizens. This is the background I want to highlight:
1. the first political fight is about the ban of real-time identification in public spaces. that's the dystopian scenario that nobody wants, and that's why we participated in the creation of https://reclaimyourface.eu in 2019.
2. the second (not because it's less important, but because it comes later chronologically) is not to let the monopolists get stronger roots.
Both have their complexities, and the European Parliament made something OK for 1 and 2, now the Council of European Ministries is screwing up both.
The ethical arguments: (i) massive biometric surveillance is bad in itself, (ii) the models are trained on biometric data collected without consent, (iii) and this is also fundamental to building the deepfakes (because the GNA discriminator uses a constant biometric comparison).
Even if there are three reasons, the Council is saying "Dear Parliament, no, we want facial recognition and unregulated foundation model".
So, DontSpyEU try to explain the related parts with a little prankish attitude, (and, btw, Microsoft lobbyists are just pushing their solutions, which are only meant to consolidate their monopoly)
It's already pretty easy to spin up a facial recognition model, and it's likely that facial recognition will be an emergent property of multi-modal modals like GPT4/Dall-E.
How would the EU enforce a multinational ban on facial recognition or biometric pattern recognition?
I appreciate the humor. But in case there is a misconception at the root of this quip, I still have to point out that the annoying popup banners on every page are on the page owners, not the EU or the GDPR. Nowhere does the GDPR mandate popup banners. Banners are just the lazy answer to a very people-friendly law by an economy addicted to surveillance.
> I still have to point out that the annoying popup banners on every page are on the page owners, not the EU or the GDPR. Nowhere does the GDPR mandate popup banners.I still have to point out that the annoying popup banners on every page are on the page owners, not the EU or the GDPR. Nowhere does the GDPR mandate popup banners.
The GDPR requires notification and consent if a website uses cookies or collects information, right?
Seems like a banner is the best way to approach that, so it is kind of mandated indirectly.
No, "uses cookies or collects information" is too blanket a statement. The GDPR allows the collection and use of data on six lawful grounds. Five of those do not require consent or even notification. In fact, "consent" is the six justification.
Contractual obligations, legal obligations, vital interests, public tasks, and legitimate interests do not require consent. You ask for consent if you collect data you have no legitimate reason to collect in the first place. This should already tell you a lot about those pesky banners. The GDPR "homepage" [1] has a ton of information with regards to this topic. Don't be fooled by those who blame your shitty web browsing experience on the GDPR. It's on them, not the GDPR.
Your argument is that types of data collection don't require notification. But most of the sites that have the banner are engaging in types of collection that do require notification, hence the banners.
You might not like the business practices of these websites, but it's their business practices and they are legal. And if they want to continue doing them, then they do need the banners, which are dictated by GDPR.
Yes, if you want to collect, store, and use data that you have no legitimate reason (to be clear, in the scope of the GDPR) to collect, you need the consent of the owner of the data. That's what the GDPR says.
How you get the consent is up to you. The GDPR does not mandate any specific method, banners or otherwise.
Right, so we're agreed most of the websites that show a banner need to show a banner or equivalent to obtain consent because they are collecting data that the GDPR requires they gain consent to collect.
In that case then, a banner is the best and least intrusive way to do that, given the alternative is a popup or redirect.
Thus, for many of these sites, the GDPR does directly mandate the banners.
Depends on details of how autonomous weapons show up in the national medias.
It's political capital and the game is border security. Russia is moving to a position where they can bluff again. It's not a simple matter of true or false because it's a constant race condition.
I would like to quickly share this through my social media channels. A sub-page with pre-made material to spread the word would do it. For example 2-3 Instagram story templates, something for X/Twitter, TikTok, Facebook, …
Thanks for the suggestion, yesterday I implemented a way to link directly to each politician's face, i.e.: https://dontspy.eu/x/164/ so it can be easily embedded in social media.
It's not "announced" yet and the links aren't embedded in the page yet, I'm testing if the sentence at the top ("The AI Act must protect human rights and work for civil society, not fall into easy concessions to the surveillance ecosystem!") works well or not.
About Instagram stories (I'm building a GPT ), which would turn the most complex article into a series of stories. We don't have a graphic designer and we only do social media in a personal capacity, without a real strategy. I'll update here when I do, I guess if the day goes well it would be around midnight GMT.
The Don't Spy EU is a very unfunded project with only a few people working on it, with other day jobs. (But I'm very happy about the outpouring of support we've gotten from HackerNews - lots of new politician names have been imported, and lots of pictures too!)
For this reason I have really noticed a spike in views and input, it was very important to be seen now that time is running out. if any of you can also share it on reddit or other tech-politics related forums, it would be really helpful!
60 comments
[ 3.1 ms ] story [ 136 ms ] threadWhich – to be clear – is not support for it, but a question about what is emergent from the new things we create.
2. Analyzing images for biometric markers and linking it to a database of persons can absolutely be legislated against.
3. One step further, utilizing biometric information for decision making is also very easy to legislate against.
Some companies might do these things secretly anyway, but then we have the need for audits and strong enforcement of the law, which is another matter. First step is to get this into legislation.
But that doesn't mean any entrepreneur can decide to produce or hoard large amounts of weapons for personal or commercial gains. In most countries, there are legislative boundaries that make sure the state has monopoly of violence and (preferably democratic) government controls that force.
That system of course is still dangerous and fragile, but far better than roving gangs or ultimate power at the hands of commercial organizations...
Indeed, even though murder is illegal, it still happens. But the law is there to codify that murder is heavily frowned upon. Places where legislation were absent of the law isn't sufficiently effective enforced, tend to have more random violence.
The problem with that comparison is that it would be very obvious and noteworthy if Nestle started to drop bombs or hired mercenaries to prey on villages who tried to fight their abusive water practices, or whatever analogous weapons fiction you can imagine to Big Tech abusing their data and resources for invasive spying. People would die and/or be injured, likely property would be destroyed--these are extremely tangible things.
Big tech could be using facial recognition for years and fly under the radar. Privacy is essentially intangible.
I guess that difference stems from the novelty of privacy invasion "weapons". A bit like attempting to threaten a Roman soldier by pointing a machine gun. It takes time, probably a couple of centuries to build up experience with surveillance to fully grasp the ramifications.
But we're also no longer at the unknown-unknown point; we understand that there might be serious problems unless we dial down the pace at which we allow data hoarding.
At least some privacy would be preserved if there was a law that said "if you have a legit reason to track people using facial recognition, you must throw away all inferred information after 1 hour". Or some other arbitrary limit. Or a law saying you're liable if your data were ever to leak. Or some other obstacle.
We can, and IMO should, ban this type data use in commercial and party political contexts, but that isn't going to do anything to stop criminals and foreign governments doing these same things for their own commercial and political goals.
We need a milieu where we can survive that.
Banning research is entirely different.
No matter how popular that becomes I suspect it'll turn into something that police will enforce selectively whenever it suits them rather than those laws going away.
Werent you worried about face scanning precisely because its a seemingly inevitable evolution of technology? The use of “but” is confusing to me. It seems like the reason for being concerned has assuaged your concerns.
The cat's out of the bag. But you can still exercise caution. I remember when that app FaceApp was trending, and everyone wanted to see what they looked like when older, oblivious to the ulterior motives behind the app. Essentially they were building a FR database from user generated content. So, don't feed the beast and don't upload your faceprint to apps every chance you get.
When companies spy on their customers/users it's a 4 million Euro fine, when member states want to track the phones of its citizens it's a human rights violation, but when the EU it self wants something similar or worse it's a question of safety.
So the appointed by the elected will consult with the elected and come up(or already came up) with a proposal and the elected will vote on it.
This website is made by some interest groups(both from Italy) that want to pressure the elected to reject a certain proposal.
Nothing weird really, just politics of a democracy in action. If you agree with the position of these interest groups you can support them, if you don't care you can ignore them or if you disagree you can start a counter campaign.
The direct responsibility to the citizens concerns the elected ones. The commission is powerful but their power is restrained by the elected ones and the elected ones can replace the appointed ones if they are not happy with it.
Anyway, direct democracy exists only in few places, like in Switzerland. EU and most of the democratic world runs on representative democracies, that is you elect people who you trust that will work the best for your interests and send them in a fancy building to vote on stuff and hoping for the best.
The EU explicitly works for collective interest, not individual interest.
It is not really honest to say you can put layers upon layers of indirect representation and the democratic process would not suffer. Legitimacy is lost on the way.
The most powerful part is the Council, where each member government is represented and is the mechanism by which member states pool their sovereignty. Nothing happens without the (often required to be unanimous) agreement of the Council.
Recent case in point: an EU Commissioner stated that aid to Gaza would be cut in the aftermath of the Hamas attacks - this was quickly backtracked when a member state objected.
This is clearly false. The member states exist independently of the EU. If you get rid of the EU, all the states still exist. Which means the EU is something more than “just the member states”. The EU is obviously a governing body on top of and between the member states. There is an EU president, parliament, and other offices for crying out loud. There is no way you yourself can believe what you’re claiming.
You can load as much meaning as you like on top of it, but there's no external party. The president of the EU commission(there's no president of EU) is elected by the heads of the governments(the EU member state governments, elected by the people of that state) and approved by the EU parliament(directly elected by EU member state citizens). So, If one of the band members is elected by the other band members to be the lead singer, is that band member something external?
The exception is if I am an official, a public persona or a dissident of the country doing the spying. But for everything else the impact of your own government spying on you is much more relevant.
Of course situations were friendly states spy on each other notwithstanding.
The EU doesn't have security services. What you're referring to is what (primarily) the member states want and they try to get it at the EU level so they won't be in violation of EU laws
In any case this specific request is about adding additional safeguards in a new act, not about stopping an ongoing practice or blocking a regressive proposal like the chatcontrol issue
States are allowed to have armies, corporations are not. States can send people with guns after you and lock you away, corporations can not. Do you think that's weird too? States hold more power than corporations because corporations exist only because states allow them to.
Now whether states are a good thing or not is another question of course.
[0] https://dontspy.eu/country/#Germany
1. the first political fight is about the ban of real-time identification in public spaces. that's the dystopian scenario that nobody wants, and that's why we participated in the creation of https://reclaimyourface.eu in 2019.
2. the second (not because it's less important, but because it comes later chronologically) is not to let the monopolists get stronger roots.
Both have their complexities, and the European Parliament made something OK for 1 and 2, now the Council of European Ministries is screwing up both.
The ethical arguments: (i) massive biometric surveillance is bad in itself, (ii) the models are trained on biometric data collected without consent, (iii) and this is also fundamental to building the deepfakes (because the GNA discriminator uses a constant biometric comparison).
Even if there are three reasons, the Council is saying "Dear Parliament, no, we want facial recognition and unregulated foundation model".
So, DontSpyEU try to explain the related parts with a little prankish attitude, (and, btw, Microsoft lobbyists are just pushing their solutions, which are only meant to consolidate their monopoly)
How would the EU enforce a multinational ban on facial recognition or biometric pattern recognition?
The GDPR requires notification and consent if a website uses cookies or collects information, right?
Seems like a banner is the best way to approach that, so it is kind of mandated indirectly.
Contractual obligations, legal obligations, vital interests, public tasks, and legitimate interests do not require consent. You ask for consent if you collect data you have no legitimate reason to collect in the first place. This should already tell you a lot about those pesky banners. The GDPR "homepage" [1] has a ton of information with regards to this topic. Don't be fooled by those who blame your shitty web browsing experience on the GDPR. It's on them, not the GDPR.
[1] https://gdpr.eu/
You might not like the business practices of these websites, but it's their business practices and they are legal. And if they want to continue doing them, then they do need the banners, which are dictated by GDPR.
How you get the consent is up to you. The GDPR does not mandate any specific method, banners or otherwise.
In that case then, a banner is the best and least intrusive way to do that, given the alternative is a popup or redirect.
Thus, for many of these sites, the GDPR does directly mandate the banners.
It's political capital and the game is border security. Russia is moving to a position where they can bluff again. It's not a simple matter of true or false because it's a constant race condition.
It's not "announced" yet and the links aren't embedded in the page yet, I'm testing if the sentence at the top ("The AI Act must protect human rights and work for civil society, not fall into easy concessions to the surveillance ecosystem!") works well or not.
About Instagram stories (I'm building a GPT ), which would turn the most complex article into a series of stories. We don't have a graphic designer and we only do social media in a personal capacity, without a real strategy. I'll update here when I do, I guess if the day goes well it would be around midnight GMT.
The Don't Spy EU is a very unfunded project with only a few people working on it, with other day jobs. (But I'm very happy about the outpouring of support we've gotten from HackerNews - lots of new politician names have been imported, and lots of pictures too!)
For this reason I have really noticed a spike in views and input, it was very important to be seen now that time is running out. if any of you can also share it on reddit or other tech-politics related forums, it would be really helpful!