"simple" solution (that breaks a whole lot of the world as we know it): Make a law that states people have ownership (including copyright) over their own PII.
If that goes too far, do something like the UK's Data Protection Act of 1998 that insists almost all PII is subject to review by the individual and they can demand erroneous data be fixed. They can also demand deletion in various scenarios.
But personally, I like the copyright idea. If a copy of a song can be protected from being made legally, even if I personally make the copy, I see no reason why my most personal of details cannot be similarly protected.
I posit that that would make a huge difference in the public. Most people I know, both technical and non-technical, don’t realize such nuances until put in direct laymen’s terms when seeing anything legal related. It’s why companies use dark patterns and vague language around accepting TOSes, EULAs, etc.
The problem isn’t the awareness so much so as who has leverage.
Even people who are aware they are giving up their information are often willing to do so since they know the only alternative is to go without such service all together.
You could just say that requiring a license to use data for purposes that aren't essential to running the service is forbidden, similar to GDPR. The GDPR pop-ups are annoying, but you can genuinely collection of data now.
Consent pop-ups are more appropriately described as "surveillance industry pop-ups" rather than GDPR popups. The GDPR doesn't require nagging someone for consent to process data necessary for the service (otherwise the requests to even show those dialogs would be illegal). Rather the surveillance industry is trying to trick you into giving your consent to use your information for their own non-necessary purposes.
> GDPR is the prop65 of privacy, and there was no chance of any other result.
If this is true, then why do the pop-up dialogs have meaningful choices? And if the dialogs are the fault of the GDPR, why does there exist GDPR-compliant websites without the pop-up dialogs?
You can levy your criticism at the earlier Cookie Law, for its failing to anticipate its nullifcation via terms of adhesion and general lack of technical aptitude. But the GDPR addressed those flaws.
> why do the pop-up dialogs have meaningful choices?
Very few of them do. Typically it’s “accept” and “x”.
> why does there exist GDPR-compliant websites without the pop-up dialogs?
Because GDPR doesn’t make those other sites have them. It’s perfectly possible for GDPR to force some websites to have popups and not force others to. It’s still GDPR forcing the ones that it forces to do the thing it’s forcing them to do.
> But the GDPR addressed those flaws.
As you can clearly see from being on the internet for more than about 5 minutes, it in fact does not.
This is not a comment on GDPR one way or the other; my point is that we shouldn’t engage in political word games to try and avoid the inevitable consequences of actions.
It's not word games, rather it depends on your starting perspective. If you believe in the right of individuals to be generally left alone, then the surveillance industry was aggressing before the GDPR. So surveillance companies adding a nag screen in an attempt to continue surveilling you isn't a fault of the GDPR, rather it's due to their own malicious compliance. They could have also chosen to just respect individuals privacy rather than attempting to ignore the law with a nag wall.
The general fallacy with the rest of your argument is that you're pointing to imperfect enforcement as a reason to indict the law. This is essentially defeatism and acceptance of whatever might be commercially lucrative.
I’ll say it again since you don’t seem to be able to understand. If a law makes you display a banner, it’s that law’s fault that the banner exists. Either change the law or be happy that it’s having it’s intended effect.
As to your strange fallacy paragraph, I’m not sure what you mean by imperfect enforcement. Perhaps you should explain in an amicus brief to the courts that decided those banners are compliant?
> If a law makes you display a banner, it’s that law’s fault that the banner exists
You're treating the surveillance activity as a constant. One could also just stop surveilling, and then one wouldn't need to display a banner either.
What you're saying is akin to saying that the law makes muggers wear masks to hide their faces. If you take the mugging activity as a given, and then compare how muggers act with the law to how they would act if robbery weren't illegal, then sure it's technically true. But unless you're making some larger constructive argument, then that characterization isn't particularly enlightening.
> I’m not sure what you mean by imperfect enforcement ... courts that decided those banners are compliant
Can you point me to these court decisions that say putting take-it-or-leave-it nag walls on websites suffices for obtaining consent to process personal information for non-necessary purposes? Because that would seem to run directly counter to the wording of the law.
It's a "fact" that a book has specific words in a specific order, yet we're not allowed to share that fact with other people without legal repercussions.
I fully understand laws are not written by computer scientists and that nuance is involved, I'm just saying that the idea that PII could be copyrightable doesn't seem THAT crazy to me.
> It's a "fact" that a book has specific words in a specific order, yet we're not allowed to share that fact with other people without legal repercussions.
Talking about the order of words in text X is not the same as a reproduction of text X.
Example:
Original: The quick brown fox jumped over the lazy dog
Reproduction: The quick brown fox jumped over the lazy dog
Talking about the order: In the sentence beginning with the following fair-use excerpt "The quick brown", the word "fox" precedes "dog".
> I'm just saying that the idea that PII could be copyrightable doesn't seem THAT crazy to me
It would be awesome, because then I could license out my address and collect royalties any time it is used or mentioned.
The first word of the sentence is "The".
The second word of the sentence is "quick".
The third word of the sentence is "brown".
The fourth word of the sentence is "fox".
The fifth word of the sentence is "jumped".
The sixth word of the sentence is "over".
The seventh word of the sentence is "lazy".
The eighth word of the sentence is "dog".
Eight facts. Would replicating an entire book like this violate the copyright? The entire text is reproduced in order, there's just a bunch of junk added. I suspect courts would rule that it is a copyright violation.
Yea because your “fact” is literally a reproduction of the creative work with superfluous additions. Instead, if you publish a list of books and their unique word count it would be a collection of facts - and someone can copy your list (including mistakes) because your list isnt covered by copyright.
Huh, one can obviously share snippets of paragraphs or pages for review and all for books. Same with address, it is snippet of information about a person and not the whole detail of everything in a house.
Yes, exceptions exist. But while you can use a small sample of a song in a review (say), you can't take the same sample and use it in your own song, even if it's just a few seconds.
Perhaps PII for commercial use could be treated differently than for private use?
You can measure the duration, key, BPM etc and publish that which are all facts.
A recording of a song (even if it falls under fair use) is not a “fact”, it’s information that took creativity to produce, multiple people working independently would not produce the same exact song - unlike going around and measuring the height of bridges where if multiple people did it they would arrive at the same measurement
Just as it's a fact that PI is 3.14 when approximated to 3 digits, it's also a fact that a particular recording can be represented by an MP3 file when approximated to about 3 MB.
One portion of our daily 10,000 steps will be to write out some copywritten works in the GPS path to make sure our data is doubly copywritten and should not be reproduced!
> You can choose to not give away your data by not using those services.
This is just plain wrong. There are privacy violating services where people are not given a choice. I don't have a Facebook account, but they bought tons of data about me from brokers and used to it to create a shadow profile that they continuously update using any scrap of information on me that they can find including what they can get out of the conversations held by my friends and family members who do have facebook accounts. What choice did I have in any of that?
Critical services and even government websites force you to hand information over to privacy hostile companies.
You can't even go to irs.gov without pinging Google's servers, allowing them to collect data on you. Sorry, but "never use the internet again" isn't really a viable option and as long as you use the internet your data will be taken from you without your consent, or even your awareness. Choice, isn't really a factor.
To your point on family ties, potential DNA matching between relatives will not be avoidable. I wonder if there could be a constitutional amendment to protect us.
FTC Enforcement Action to Bar GoodRx from Sharing Consumers’ Sensitive Health Info for Advertising [2023/02/01]
Under proposed order, GoodRx will pay a $1.5 million civil penalty for failing to report its unauthorized disclosure of consumer health data to Facebook, Google, and other companies
FWIW, I used to work in healthcare IT, mid 2000s. At the time, it was understood that sharing data for the purposes of marketing and advertising was illegal.
Also, being a geek somewhat familiar with stuff like tracking pixels, I'm still not sure what to make of GoodRx's response.
If I can't make head's or tails of this case, what hope does a layperson have?
That would never work for a variety of reasons, namely that it would result in an unsustainable amount of litigation. Arguments would also be made that copyright exists not just for the creator but for the public good, and if it harms society as a whole (which is conceivable if any given datum shared has a high probability of being a copyright violation) then it couldn't be justified. That is, of course, the insidiousness of copyright; it's used against the public routinely under the guise that it helps the public.
> people have ownership (including copyright) over their own PII
I like this idea in concept. The catch is how to define "PII". The current definition of it is incredibly inadequate, as it omits a great deal of information that is personally identifying.
I do object to the expansion of copyright that this would require, though. Copyright law is already overly oppressive, and I fear this would make that worse. Perhaps make a distinct property right over PII instead?
For copyright there has to be a minimum amount of creativity involved before the law applies. Small snippets of PII would not overcome that hurdle but these small pieces of PII are protected like you describe in the UK and the EU (GDPR).
The rights grante by the GDPR cannot be signed awy by a licensing agreement, but the can be overruled by other laws (e.g. mandatory retention times for tax purposes).
Perhaps in tandem, incorporate everyone/turn everyone into LLCs. Corporations seemed to have more rights than people even before corporations were "people". Might as well level the playing field there too.
I used to add a copyright notice to the bottom of my resume, to prevent distribution. Don't know how well this works practically speaking, especially in this electronic day and age.
The law would also need a provision that the right to use someone else's personal information could only ever be licensed, and that license could be revoked at any time. Otherwise the surveillance industry would just do the usual American dance of nullifying rights through contracts of adhesion.
The FBI here is merely a symptom and the tip of the iceberg. The US sorely needs something akin to the GDPR, to prohibit this unaccountable shadow government that is the surveillance industry. I personally think passing the GDPR verbatim and letting the courts sort it out would be a decent approach given how our legislative process otherwise undermines regulation by letting corporate lobbyists buy exceptions that destroy the intent of the law while leaving only the bureaucratic red tape intact as an anticompetitive warning. But I do think that if the GDPR were to be translated into the US legal concepts, it would take the shape you've started to lay out.
This is bad, but the data is for sale. I think the solution it not allowing data sales. It seems odd that we’re upset that the FBI did what anyone else in the world can do, but data on US citizens.
When I read that, I though “duh, of course, everyone buys data.”
" Anyone else in the world " cant build a criminal case against you using parallel construction tactics while bypassing American's constitutional right to due process.
I'm pretty sure "due process" means being tried in a court of law. Buying data doesn't skip being tried in court.
I assume you're implicitly referencing that the FBI is skipping getting a warrant, but why do they need a warrant? Your information is already publicly for sale.
As other's have mentioned, it's not really an FBI issue, it's a general privacy issue - that companies are collecting, compiling, and selling this information and it's all legal. Which is darned hard to get people to care about - because it's convenient to give your information away. I know about these things and still use google for almost everything (I finally moved my business email to fastmail... but didn't yet bother to move my personal email.)
That's an interesting point. Wonder how foolproof/incorruptible the chain of custody is supposed to be for the provided data?
We've probably all worked on IT systems at one point or another that the outside world regards as really good, but the admins / ops staff know is really held together with sticky tape + bubblegum. Sometimes with data not quite being stored as it was entered (heh MySQL springs to mind).
> Wonder how foolproof/incorruptible the chain of custody is supposed to be for the provided data?
Not enough any prosecutor would prosecute someone based on that data alone. However, I do see a case where the data provided could be used to further an investigation. And in some ways, that makes sense. The data is a clue, but it's not what is going to put someone away.
It's a log entry. A log entry is only as good as your logs and provides a clue for further investigation, but it's not where you stop the investigation.
I'm not commenting on the legality or whether access to this data is right, merely my assumptions on how this data could be useful in one aspect that doesn't necessarily need it to be foolproof or incorruptible.
It’s not the right to due process that stops the FBI from gathering whatever data they want on you (all the right to due process says is that your life, liberty, and property can’t be abridged without due process of law)
The right to privacy isn’t exactly even a right in the US constitution, it’s a construction out of a combination of many of the amendments in the bill of rights. And as such anything that doesn’t specifically conflict with a part of the bill of rights is fair game for data collection on citizens. And, because the bill of rights was created such a long time ago, the idea of the government being able to buy such a massive amount of data on you from third parties that it would be a violation of your privacy isn’t exactly written in as a problem. The constitution is getting to the point where it really needs amendments to clarify things for the digital age.
The US was founded on the principle that the federal government only has the right to do things that are specified in the constitution. The States and the people, by default, retain all other rights. This idea has been greatly eroded in the last century, especially using the Commerce Clause, but could be revived with not too many Supreme Court decisions. Many of the founders were concerned that having a bill of rights would lead to exactly the idea that you are professing. Namely that if a right is not listed in the Constitution then that right does not exist. The tenth amendment specifically states the principle that the Constitution gives a limited set of powers to federal government by the people (and the States) and everything else is to unrestricted at the federal level.
"The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people."
That’s sort of an orthogonal idea in my mind. Yes, the Federal Government has a list of the types of things it is allowed to pursue. This is a separate idea from the bill of rights, which essentially says “while the federal government is doing the things it is allowed to do, here are things they are not allowed to do in pursuing those actions”.
So what you’re talking about it more relevant to the question “should the FBI be allowed to exist at all.” Is a federal bureau of investigation something that the federal government is allowed to make under the constitution, and if so what sorts of situations and crimes are they allowed to investigate? If you don’t believe the FBI should exist at all, then the sort of argument you’re giving makes sense.
But what the rules as to the Federal Government’s allowed sphere’s of actions don’t say is how they are to go about pursuing those actions. (“To constitute Tribunals inferior to the supreme Court;” is a right of the federal government, but no mention is made of how those tribunals should be structured or how they should function.) So we get to the question of “If the FBI is allowed to exist, what sort of methods is it allowed to use to investigate.” And that’s where the bill of rights comes in, excluding certain types of actions.
Or the general question could be stated “Is it disallowed for the federal government to purchase data about its citizens from private entities in pursuit of the rights it is granted by the constitution.”
True, but I’m much more likely to be harmed by getting diabetes and mental illness due to advertising targeted so well as to be ubiquitous and effective.
So while the FBI buying data causes great harm for a few thousand, everyone else buying data causes moderate harm for pretty much every other human.
That's exactly it. This article is about the wrong half of the problem. I mean, of course, if you have a law enforcement agency with an emphasis on surveillance, they're going to employ open source (in the intelligence sense) methods where practical. Duh.
The question is what is on the market, not whether or not the cops are going to buy it if it's there.
So... what is on the market? It's not in the article!
Sure, but then we have to ask which will be more difficult, preventing the sale of all user data by everyone, or preventing law enforcement/gov agencies from buying it? I want the former, but the latter may be easier to stop first, and only focusing on the former seems like letting perfect be the enemy of good.
I think it’s easier to prevent all than just the FBI. Data should not be collected on individuals and sold.
Having a blanket ban is easier to enforce than a special law just for FBI. You’d also want to prevent other law enforcement. And you’d want to allow some stuff like user feedback data, etc etc.
I'm pretty sure they can't without a warrant because that's harassment?
Which brings us to another point.
If I was to meticulously stalk and document the activities of one individual that would obviously be stalking -- but if a group does that to everyone that's a successful business?
Good. The data shouldn't be for sale in the first place. These are attempts to deflect the data privacy issue away from tech giants and toward our favorite punching bag, law enforcement.
It’s not just a deflection. If I could choose for my data to be public to everyone except for the government or private to everyone except for the government I would choose the former.
This is only news if your opinion of institutions is much higher than it should be. Any large organization has bad actors in it. Undesired behavior is reduced/filtered first by culture, then by policy, then by law, then by technical ability. Anyone at the FBI who cares to has the technical ability to invade your privacy on a whim. Barrier removed. Whether or not it's technically illegal, any law that isn't enforced effectively doesn't exist. Barrier removed. It's openly admitted to having a policy that changes with its needs. Barrier removed. It sure as shit doesn't have an organizational culture geared toward respecting people and their privacy.
Very much doubt this. Maybe at some point in the past but it would be very surprising if anyone could unilaterally read an email at Google without going through hoops with justification
I'm not sure what those hoops might look like that don't still leave at least one person with the ability to unilaterally read an email.
Assuming that backdoor exists, at best there's some kind of oversight committee that has to review and approve a request to read an email. Meaning the door is there and someone has the keys, it's only process that tries to remove the risk of a unilateral invasion of privacy.
Yeah they can just prevent unilateral access. If there's a conspiracy between however many members of the group that is required to give permission there's not much you can do about it, but I'm just saying it's unlikely a single employee can do anything.
Well think of it that way, the policy might be here, the punishment planned for and the monitoring in place. Then ofc there s a way to bypass it to debug prod incidents without a lawyer present, and so anyone can read anything.
I hope you re right, but I ve worked at a company that had very sensitive data on individuals and I could see it all. We were even GDPR compliant: Im a french citizen working in China and I can ssh to a finland database no problem: the data never left Europe ... that was our interpretation of it anyway and an audit would have had trouble to fault us, for various reasons.
I had a girlfriend working at a giant telco... showing ME proudly the graph of all calls for the day she had to browse for something... and she was remoting on the private vpn all good and compliant... but nobody controls who else is behind the screen.
Best is not to commit crimes on public spaces, and not assume public spaces are private: even letters can be intercepted by the mailman, so... I think you can reasonably expect that it would be hard for one of your enemies to access your data for nefarious reason, but I always assume random access by an employee is possible.
This purchase is just a proof that privacy protections given by US law are totally ineffective.
As soon as the data is on the open market, no GDPR, and no US law protects the customer, since public prosecution is not interested in blatant violation of privacy here.
This is also the main reason why EU continuously threatens US with withdrawing _safe harbor_ provisions.
As soon as the data enters US, the open market assures it will be widely available contrary to all regulations.
> EU continuously threatens US with withdrawing _safe harbor_ provisions
safe harbor was invalidated in 2015, replaced by "Privacy Shield" which was overturned in 2020. Now "Trans-Atlantic Data Privacy Framework" is being worked on but i suspect it won't hold up either because muricans can't even protect their own citizens from governmental spying let alone foreigners.
Exactly. The root issue is that the US doesn't attach a dollar value to privacy.
Which is to say that if I have {personally identifiable information}, I have no innate {dollar risk} to holding it, outside of specific protected classes like personal health information (PHI).
If we wanted to fix this in one swoop, we could just... quantify that risk in $ terms. It largely worked as intended in healthcare via HIPAA.
- If you store PII, you are required to submit to a yearly audit by an independent third party
- If you have a breach that exposes PII, you are penalized order-of profits (or equivalent measure) for a year
- If you are a US company that obtains PII from a source outside your company, you are required to obtain and retain a full chain of custody of the source of that data. If you originate or sell PII, you are required to furnish a full chain of custody of that data. If you are found with PII without a valid chain of custody, you are dissolved as a company
That this would make some businesses like Experian or Facebook/Google's ad targeting products unprofitable to run is intended -- they're only profitable now because they don't have to pay to violate people's privacy.
It's surprising how many Americans seem cool with losing such a fundamental right because it was the basis for getting rid of Roe v. Wade. I guess they assume their guns will keep the government out of their affairs.
"We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness."
I'd agree that the FBI using legal means to get their hands on data isn't proof the FBI has done something wrong, but I would worry that if the FBI came to rely on it, they might be motivated to further impede better privacy protections.
> the FBI using legal means to get their hands on data isn't proof the FBI has done something wrong
Perhaps not, but the FBI using one method to get their hands on data without a warrant, while a different method to acquire that same data would require a warrant, is definitely a sign that something is going wrong.
Anonymized clustering and graph tracing, to identify the geographic interconnectedness (or lack thereof) of criminal organizations.
It would be very useful to the FBI to identify whether they're looking at a solo criminal enterprise or a multi-state organization.
I'll gripe about intel community abuses as much as anyone else, but it's a lack of imagination to say there are no valid, privacy-preserving uses for this.
Historically, Google rightly identified PII as the goose that lays golden eggs, and so voluntarily put safeguards in place around it to prevent individual abuses from killing it.
The FBI could do the same. I doubt it'd be effective, given political pressure from threats and constantly changing leadership, but it's technically possible.
“To my knowledge, we do not currently purchase commercial database information that includes location data derived from internet advertising,” Wray said. “I understand that we previously—as in the past—purchased some such information for a specific national security pilot project. But that’s not been active for some time.” He added that the bureau now relies on a “court-authorized process” to obtain location data from companies.
I thought this paragraph was super weasely. He is specifically saying that they don't buy directly from internet advertising sources, but there are private intel firms[1] that act as middle-men. They offer an interface and tooling that is geared for national security purposes.
The wording of this comment specifically excludes a conclusion on private intel firms. Private Intel middle men would still evade application of the Carpenter decision, and it is obviously superior for the government to work with an agency like that do to human rights and what-not.
“What I wanted to see is if you could give me a yes or no answer to the question ‘Does the N.S.A. collect any type of data at all on millions or hundreds of millions of Americans?’ ”
[. . .]
“Not wittingly,” Clapper replied. He started scratching his forehead and looked away from Wyden. “There are cases where they could inadvertently perhaps collect, but not wittingly.”
What's worse is that Clapper was using the NSA's definition of "Collect", which is what everyone else calls "Read and Analyze". What everyone else would call "Collection" the NSA calls something like "Interception".
Here's DNI Clapper in a 2013 interview, talking about that very question:
> First, as I said, I have great respect for Senator Wyden. I thought though in retrospect I was asked when are you going to start--stop beating your wife kind of question which is, meaning not answerable necessarily, by a simple yes or no. So I responded in what I thought was the most truthful or least most untruthful manner, by saying, “No.” And again, going back to my metaphor, what I was thinking of is looking at the Dewey Decimal numbers of those books in the metaphorical library. To me collection of U.S. Persons data would mean taking the books off the shelf, opening it up and reading it.
Again, according to DNI Clapper, wiretapping and recording the results isn't collection. It's only collection when someone pulls the information out of storage and reads it.
You can claim whatever you'd like. In the real world Clapper apologized for his response.
After telling Congress that the National Security Agency does not collect data on millions of Americans, National Intelligence Director James Clapper has issued an apology, telling Senate Intelligence Committee Chairwoman Dianne Feinstein that his statement was "clearly erroneous."
And in the real world nearly every major telecommunications company in the US was granted (by Congress) retroactive, blanket immunity for the years and years and years they spent actively participating in the domestic wiretapping that the NSA was performing that was clearly prohibited by FISA.
> Section 215 has been reviewed and renewed by Congress twice since 2006. The Supreme Court has held that phone records are not considered private or privileged information for Fourth Amendment purposes because they are voluntarily provided to telecommunications carriers for billing purposes. As of July 31, 2013, the FISC had reauthorized the program 34 times under 14 different judges. More recently, however, two federal judges came down on opposite sides of the issue. Judge Richard K. Leon of the District of Columbia District Court ruled the 215 collection program illegal, while Judge William H. Pauley of the Southern District of New York upheld the legality of the programs.
Starting with "to my knowledge" gets him off the hook, then he names a very specific type of data and a very specific source, he doesn't describe what kind of "court authorized process", and he only says the unspecified pilot project has been inactive for "some time" (decades? years? days?)
Well why wouldn't they? They have no perceivable budget, clandestine in nature, and need all info on everything, so why wouldn't they be even the highest bidder to any and all info related to their affairs?
If I were to impose my will as a dictator of a nation or crime organization with an unlimited budget, it's what I would do too.
To me, the weirdest thing about this is that the US already has total government surveillance and all the massive issues that come with that. Then instead of just using that, the FBI play this weird game of paying for the same data privately. It's like watching the Army rent tanks when they have 1000s sat in storage waiting to be used or something.
That is what confuses me. The data is freely available for things like undermining democracy, the rule of law, having an internal US coup etc. But using it to solve murders would be overreach.
In an interview with Seymour Hersh recently he also mentioned how in the George W Bush era, the FBI was illegally using NSA wiretap on Americans to prosecute cases. In many instances he said, the oversight actually does work. Sometimes though, it doesn't.
It isn't overreach if you have a warrant. Seriously, police (and agencies like the FBI) already abuse any power they have and should have more oversight. These government agencies already undermine democracy - usually in other countries, though - and I'm not sure of any example of this sort of thing being purchased to undermine democracy (except at government levels). Sure, it could be used like that, but folks have monitored locations of assassination targets long, long before we ever had such technology.
All that said, I don't think this sort of information should be for sale to anyone. If the police agencies actually need such a thing, they should have limited scope and a warrant. The larger the scope, the more folks should have to sign off on the warrant. Police - because of their power - shouldn't have free access to such things even if the criminals have them. Following "rule of law" doesn't mean folks are doing immoral or wrong things as the laws aren't always just - and often, the methods of change include illegal things, hopefully nonviolent.
One of the issues with clandestine programs is you won't KNOW they undermined democracy at home for years (if ever). That's why they're banned.
Generally I agree, though "It isn't overreach if you have a warrant." is (forgive me) wishful thinking. If real courts with real judges were considering a real right to privacy that would be true. But we are well past that. And that's without considerations for things like Parallel Construction...
That is true about clandestine programs: This has little to do with current tech, though, and of course folks invested are going to use the tools of today to do it today.
I know overreach still happens and I truly think we could do better - but I'd rather have it than not.
> police (and agencies like the FBI) already abuse any power they have
Do you know anybody who works in law enforcement? I do and they've told me that if they screw around and don't follow procedure or don't get a warrant then the perp will walk.
You are assuming they violate these rights out of a need to seek justice. Most of the times it's ego or just bad police. There are hundreds of examples; so much these channels reporting on them have a lot of content.
There are many, many other channels, most of them local to where the person lives. It's gotten so bad an entire industry has spawned reporting on it. I have hope though, now that all this is out and body cameras are almost everywhere, you're starting to see prosecution of some of these bad police.
Alright. Hundreds of examples. Hundreds sounds like a big number. How many LEOs are there in the United States? A quick Google search says there is ~670,000. Therefore hundreds is a relatively small number. Especially when many act like a majority of police are corrupt and bad rule breakers.
I'm glad it doesn't bother you, you seem to be ok with it, but it sure bothers me. I don't like being afraid of police, particularly when I don't break laws. There's some egregious stuff going on, and most of the time it gets covered up. I hope it doesn't happen to you or anyone in your family.
Well remember that politics is about legitimacy. If you just give permission to use data like that (e.g. for solving ordinary crimes) then it’s a whole other game than folks sneaking around for data. With the latter, you will have whistleblowers.
The downside to running a huge domestic surveillance state is that it undermines democracy and the rule of law. The upside is you could use it to catch a lot of murderers, rapists etc.
The US IS running just such a state. And democracy is in peril.
But the US does NOT use it for the only upside it might bring: less serious crime.
The US has created the worst of all worlds. Maximum risk, minimum benefit.
It's related because the point of warrants is to minimise this sort of activity. But having already maxed out the amount of activity (recording all that data from everyone all the time), the warrants become pointless. The moment the data is being collected, the risk is there. Paperwork is useful ONLY to the extent it stops collection, it's not a end in itself. It's just a means to minimisation.
That is about 90% of my point. Everything ELSE is tangental. What I have written is basically the key point on mass surveillance. Everything else is at best extra and at worst irrelevant to the actual points.
I don't see how the FBI buying data that's for sale in the open market is any worse than the likes of Equifax doing so, and no-one seems to care about that.
This is what is extremely strange to me (by principle). When the government does it, it seems to make many more headlines and people are outraged, but when a company does it, there is far more acceptance.
In principle, it should be far more concerning to see private entities getting access to personal data - because they operate without any opportunity for the public to be involved (their pure tyrannies in a sense) and are completely opaque, but the government is far more transparent and the one institution which you can change by democratic involvement.
Of course, this type of data gathering is concerning in any case, but the government is the last on the list of entities we should be worried about having it.
Government surveillance is supposed to require a warrant. Efforts to bypass that requirement are scandalous because the warrant requirement is there to protect against tyranny of the majority. It's a known failure mode of democratic governments and the check on government power is important.
Corporate surveillance is a different beast because people can choose which corporations they do business with, absent market consolidation. We are not absent market consolidation, but it's that which is the scandal, not what would otherwise be voluntary associations between private parties.
> We are not absent market consolidation, but it's that which is the scandal, not what would otherwise be voluntary associations between private parties.
This is the crux of it, it's not voluntary association to be a participant in the surveillance economy. If I didn't live in the EU this would be my train of thought: I didn't choose it, I just accessed a website that had trackers and eventually that data is sold, I wasn't willing to do it and the contract for it is buried somewhere and simply by accessing it I've implicitly given the system tacit agreement to get my data scooped up.
That's why I believe GDPR was a major advancement for data privacy, I can actually choose to block trackers or to not access a website if they make it hard to not be tracked.
In here though I talked explicitly about GDPR and data privacy in the surveillance economy sense.
I'm not discussing encryption or government overreach on privacy matters in the EU in general, unsure why it is brought up in this thread, care to expand?
So worrying about corporations and privacy from them when the government who literally has a “monopoly on violence” is taking away your privacy is like worrying about a mosquito bite when you have been shot.
I can worry about both, no? Because it's like... I do. And I can praise that the EU found a solution for one case while it's trying to overreach on another, it's not 1 or 0 here.
I still don't get why you brought this up when I'm specifically talking about one case of data privacy where I believe the EU has done right, I believe it's doing wrong with encryption and I'm actively contacting MEPs to share my view.
Again, what's your point? They're different issues, why are you conflating them and creating a strawman?
> Government surveillance is supposed to require a warrant.
No, invasive government surveillance is supposed to require a warrant. Invasive is defined as a search of your 'person, house, papers, or effects'.
A third party's records on you aren't your person, house, papers, or effects. They are records concerning you, but they are not your records.
The government (just like every other government in the world) doesn't need a warrant to receive a tip, to ask your neighbour if they want to volunteer/sell any information about you, or to surveil you when you go about your public activities.
I'm sure you didn't consent to be the subject of that tip, or to your neighbour snitching on you. That still doesn't mean that it's not a legitimate form of surveillance.
Did you consent to the long list of trackers and brokers? Charles Schwab communicates your web activities to Facebook and many others, even before you log in or have even signed up. Did you consent to that?
Corporate surveillance is different because corporations can't throw you in jail, can't send police and such at you. That's all.
The fact that government involvement is needed is really semantics. No one affected by this decision could hold the officials responsible for this decision accountable, so the government is really an arm of the corporation at this point. This is inevitable when consolidation of wealth/power isn’t limited.
Historically, there are several instances of governments accumulating more and more power until they turn into a totalitarian state and remove freedoms from their citizens. I don't know of any companies who have abused their power to that extent.
Historically (and currently) there are many companies that directly or indirectly working to limit freedoms, either alone or complicit with governments. Corporations are powerful and in many places have as much power over people as governments. It can be as varied as surveillance (Cisco in China) to murdering opponents (Shell in Nigeria), to industry lobbying. Look around and you'll find many more.
The solution to the problem is to go down the EU route of reducing the rights of anyone to collect all this information and make it harder to access that which is collected. It's by no means perfect but it is the right direction.
> taking testimony from all the principals, including Rockefeller Sr., who testified that, even after knowing that guards in his pay had committed atrocities against the strikers, he "would have taken no action" to prevent his hirelings from attacking them.
Well, private industries don’t have a “monopoly on violence”. The number of things that a private company can do to me pale in comparison to what the government can do
On the other hand, the US is essentially an oligarchy masquerading as a democratic republic, and the relationship between Big Tech (particularly the big social media silos) and three-letter agencies/the military industrial complex is disturbingly incestuous. Government having the monopoly on violence doesn't imply corporate power is benign when people are killed over their metadata.
Private industries routinely buy government officials with a monopoly on violence, and regular citizens have no recourse to remove those officials so the distinction is meaningless.
Go through history and tally up the human rights violations done by companies and govts and see who the leader is.
The govt has an army, police, and jails. The govt has legal means to use violence against people and deny them their freedoms. Any company that could do that would be doing it with the blessing of the govt first, which kinda just makes them a govt contractor.
Govt having information is not the same as a company who just wants to pre-approve you for a loan or show you a YouTube ad.
> This is what is extremely strange to me (by principle). When the government does
it, it seems to make many more headlines and people are outraged, but when a company does it, there is far more acceptance.
Exactly, and all it needs to keep people calm is to create a puppet advertising company that does its job and covertly pass the data to govt organizations, or infiltrate an established one. Problem is that personal data mining has become vital for our modern toxic economy, so I don't see how the practice could go away anytime soon, especially when those making the laws and those taking advantage from it are essentially the same entities.
While I do agree that this data should be available for purchase at all, private companies don't have the same authority as the government.
Equifax can use it to alter my credit score and could have implication on a future credit application.
The FBI can use it as justification for a federal investigation that they may have otherwise had no justification for. They also have the ability to work with other branches of the government to file criminal charges and throw a person in prison for the rest of their life. I'm well aware that's a huge jump, but the point is the level of risk between a private company buying data and the FBI buying data is entirely different.
private companies can't take the data and put you in prison for something they find out about you in it - sure, they can use it to try and sell you more widgets - but having your data weaponized against your civil rights by an all-powerful central government with the power to take away all your civil rights seems a lot worse to me.
1. Equifax collection is more or less voluntary. It's triggered on taking out loans, carrying debt, etc. The reason I said more or less is people need to do these things to live these days.
2. The FBI can abduct you, put you in a cage, and/or kill you.
I've been doing some experimentation in ChatGPT with this, and it is amazing.
With just slightly different ChatGPT query prompts, extremely different, conflicting narratives for a given event can be produced, and each of them sounds/seems perfectly reasonable, and True.
For someone to be invulnerable to this sort of thing, they would have to have fairly substantial background in several different obscure domains (none of which are taught in school, quite conveniently), as well as violate several strongly enforced social norms (ie: engaging in "pedantry", thinking in ways we've been trained to pattern match to conspiratorial thinking, falling for Russian propaganda, etc).
It does not surprise me in the least how much polarization there is in society over what is actually going on, and how each side genuinely believes that they are take on it is correct. It seems (to me) almost like the system has been deliberately designed to produce this output, because it certainly isn't that hard to figure out how to vastly improve on it.
I actually want the FBI and law enforcement to to buy and use commercial data to solve crimes. Otherwise, we will end up with private investigators for the rich who have access to commercial data and hobbled law enforcement for everyone else who are prevented from accessing commercial data.
If the data can be bought on the open market, law enforcement should have access to it.
There is limited use for private investigators - and the end result is rarely the systematic oppression of people, rarely involved someone in prison, rarely involves things like violence, and rarely are using tax money to do it. I'd also argue that more often, a PI isn't for someone rich and famous, but rich enough to afford it and has reason to hire. (divorce, for example).
If the police need to purchase such information, they should have to get a warrant like they do for other things. Someone (or two) not involved in the investigation should have to agree that it is necessary. Law enforcement should be somewhat hobbled because the opportunity for abuse is much greater, especially to general society because of its reach.
In short: PIs are limited in what they can actually do. They can't imprison you or kill you. However, the government has the monopoly on violence and imprisonment. Seems pretty clear to me which one should be able to purchase this information and which one shouldn't.
If that goes too far, do something like the UK's Data Protection Act of 1998 that insists almost all PII is subject to review by the individual and they can demand erroneous data be fixed. They can also demand deletion in various scenarios.
But personally, I like the copyright idea. If a copy of a song can be protected from being made legally, even if I personally make the copy, I see no reason why my most personal of details cannot be similarly protected.