The government couldn't do it this easily if it wasn't for sale.
It being for sale means anyone can be doing it which might be a framing that would be more alarming to the law-and-order types.
But really you need a two prong solution:
1) restrict this from being collected and compiled in the first place, eliminate the ability to default to this tracking unless someone opts out
2) restrict the government's ability to use or acquire through non-market-based means. The claim here is that there's already restrictions on this vs directly surveiling, but I haven't seen directly which specific restrictions those are for buying off-the-shelf info and the article doesn't specify.
There are very really no companies that I trust to keep my data safe for 10, 20, 50 years. Leadership changes, ownership changes, etc. We have to cut it off at the source.
It’s possible with a cooperative model that has no equity associated with it (no incentive to change hands), and the data is legally owned by the data producer (the individual)
So for example if all data between a user and a service is e2e and also legally considered property of the user then the org can explicitly borrow or buy that data for money from the individual- should they choose.
The user also has the default status of transparency around data collection, No data is stored unless paid for and fails secure.
> 2) restrict the government's ability to use or acquire through non-market-based means. The claim here is that there's already restrictions on this vs directly surveiling, but I haven't seen directly which specific restrictions those are for buying off-the-shelf info and the article doesn't specify.
This won't happen, our security state is built on private surveillance and partnerships between law enforcement and private surveillance companies.
Whether we like it or not, the intelligence and security apparatus feel like we need China-style surveillance, because terrorists/spies/civil unrest/FOMO/etc, and we're getting it one way or another. It's either outright illegal, or legally questionable, for the government to do exactly what the CCP has, but there's the loophole illustrated in the OP. Private companies are allowed to surveil Americans, and they're free to choose whether or not they share the data they collect with law enforcement.
Now we have companies like Amazon partnering with thousands of law enforcement agencies[1] to advertise[2], deploy and monitor Americans via their products like Ring. Amazon is free to share whatever data they collect from you whenever they want[3]. They can share your data with law enforcement without warrants and they don't even have to let you know that they did so[4].
The article in the OP goes into how phone records are being used to track people's locations, as well. As much as I'd like to, I can't see this genie being put back in the bottle.
The weird smart city concept and the total surveillance fetishism that comes with it is a product of post-9/11 surveillance, but it's also something that the CCP really nailed in its implementation. The Ring surveillance partnership with law enforcement mirrors what's already been rolled out successfully elsewhere in places like China, while the US is quickly catching up.
Comparing to a country whose practices in this regard are broadly considered authoritarian makes a lot of sense here. It is quite descriptive. IMO no less descriptive than post-9/11 surveillance
A government buying data for surveillance has little to do with capitalism. Perhaps part of the reason you see “everything” become “shitty” is you have a limited ability to identify, isolate, respond to, and avoid or change root causes.
Could some form of copyright or ownership help with this? The reason they can sell it is because it's theirs. Not yours. If you retained ownership of that data somehow would they need a warrant for it?
> Could some form of copyright or ownership help with this
Just pass privacy rights. Backing into a solution with copyright is unnecessarily messy. Nobody wants to deal with a lifetime of the courts deciding on the status of personal data seized in a bankruptcy proceeding or hypothecated to foreign investors.
Copyright isn't really ownership and only applies to creative works, software and works that exceed the threshold of originality. It doesn't apply to metadata, location information, secrets and facts about people.
Ownership as a concept doesn't really apply so well to digital things because they are infinitely copy-able. I can have something digital, and you can have it too.
There's certainly a need for better privacy laws which applies to PII but that doesn't really need to be conflated with copyright and ownership.
I've thought about a couple of analogous concepts.
The first is the automatic civil penalty for copying copyrighted music recordings. If you're caught and proven liable, the dollar amount of damages don't need to be debated -- they're pre-determined.
The second is the concept that mere possession of certain kinds of information (unspeakable pornography) is a criminal offense.
I think some combinations of these concepts could create a bounty system for victims to collect on the abuse of their personal information: 1) Improper possession is inherently illegal. 2) Offer for sale or transfer of the information carries an automatic civil penalty.
Since music "piracy" has been demonstrated to increase music purchases, this fixed dollar amount should therefore be negative. Any music I am found sharing shall result in the music industry paying me. Sounds about right.
> creating market for data, attaching speculative value to it and et cetera, and stinks of web3 bullshit
Creating tradeable property rights is older than web3. (Web3's innovation was turbocharging securitization by skipping the step of finding something worth securitizing.) The question is whether, and to what extent, we want personal data to be a market good. It currently is.
What i don't understand is why if it's illegal and forbidden for the government to directly indiscriminately collect information and data on citizens, they can buy the same information from data brokers without an issue? Surely this violates the intent of the law.
In theory, the data was provided willingly when collected.
If you rent a locker, and the terms of the rental agreement say that the person you're renting from has access to the locker for any reason, then the cops do not need a warrant to ask the lessor to open the locker, only a warrant to coerce the lessor to open the locker.
If the lessor is willing to let anybody take a picture of what is in the locker for $5, then the government doing so isn't abusing its special privilege.
In practice, most people do not understand the ramifications of the things they agreed to that put this data out there (if they even read it!) and in many cases did not have reasonable alternatives to the services that they signed up for.
>In theory, the data was provided willingly when collected.
That's spot on, and your analogy is a good one, except that in the realm of personal information, no warrant is required in the US.
There is quite a bit of law and numerous court decisions around this process in the US.
That jurisprudence is more generally called the Third-Party Doctrine[0]:
The third-party doctrine is a United States legal doctrine that holds that
people who voluntarily give information to third parties—such as banks, phone
companies, internet service providers (ISPs), and e-mail servers—have "no
reasonable expectation of privacy" in that information. A lack of privacy
protection allows the United States government to obtain information from
third parties without a legal warrant and without otherwise complying with
the Fourth Amendment prohibition against search and seizure without probable
cause and a judicial search warrant.[1]
Edit: To clarify, I disagree with this doctrine and would love to see limitations on data retention periods as well as warrant requirements for access to such data.
In Europe it doesn't work like that. There you give consent to collect for a specific purpose and for any other purpose you need to go back to the source for another round of consent. This is something that many companies haven't implemented properly yet (but a surprisingly large number actually do).
Yes, so? Check out the text to see exactly what the context for those exceptions is and it all looks fairly reasonable. It doesn't say 'law enforcement gets to do whatever they please'.
Nevertheless, law enforcement gets to do whatever the current governing regime permits, extrajudicially or otherwise.
Consider that police in the US have both handcuffs and guns while police in the UK just have the handcuffs.
Look at the effects, where so many in the US feel justified in their need to defend against extrajudicial force with guns (per 2A). Look also how many cops kill US citizens (suspect of a crime or not) compared to how many cops in the UK apparently don't feel such "fear for their life" which justifies the extrajudicial killings.
If people have a hammer, nails will be what they find.
And in reality, every process is a kafkean bureocratic nightmare were you end up having to say yes in order to advance and they milk your data anyway while also using privacy rethoric to prevent citizens from getting gov transparency.
The typical powerful west European countries are corrupt to the core and when people feel we are better off than in the US (self congratulatory posts are common) it's generally lack of political awareness and involvement more than anything.
In reality, it just mostly works. Source: ample experience with European (no idea why you added 'West') companies that deal with my data. Since the GDPR has gone 'live' (as in: fines are being issued for non-compliance) the situation is improving every day.
It doesn't. I added west because I've lived in several countries of Europe and I'm talking about those and some other hegemonic ones I know about. The ones usually lauded due to not knowing about them. I'm European.
In this site there's a trend to treat Europe as a monolithic entity and pretend it's awesome. Any criticism gets taken as "Americuns" being ignorant and europe is awesome.
In reality, I see a lot of unwillingness to accept the political reality and pretend "we are better than USA" via political apathy and coping.
People react negatively when you point out polítical facts they don't want to see. It's easier to look at USA with an air of superiority. This also happens the other way around, of course, but HN demographics make one more typical.
I have lived in no less than 7 EU countries as well as Canada and a bunch of others and EU privacy laws + implementation are hands down the best in the world right now. Could they be better? Yes, absolutely. But nothing else even comes close.
The 14 eyes alliance and legislation in countries like France make the GPRD seem more like protectionist laws that favor local corporations instead of actually protecting the privacy of everyday citizens.
If anything local corporations are far more at risk of enforcement so your comment makes not sense. Privacy of everyday citizens has measurably improved, both from the perspective of an EU data subject (myself) and someone who professionally looks into the kitchen of many EU companies that process data (myself).
That's because GDPR explicitly isn't meant to be a law that protects against governments but against private entities. There's nothing "protectionist" about that.
> In practice, most people do not understand the ramifications of the things they agreed to that put this data out there (if they even read it!)
True, but it's even worse than that. Many of those who do understand it, simply don't care ("nothing to hide", "nothing to fear", etc.).
The allure of a "free" service that everyone else uses is enough to abandon any expectation of privacy, and consciously come up with arguments that it doesn't matter.
> In practice, most people do not understand the ramifications of the things they agreed to
Going further, it must be clarified that the whole point of doing things this way is that people do not understand it. The people who want to surveil everyone could either do it illegally and get in trouble, or create an inscrutable bureaucratic system that so sufficiently obscures what they are doing that they get the same results along with a legal cover if they are discovered. If we did have privacy laws that prevented this, they would just collect it illegally. This is absolutely not to say that privacy laws are pointless (they would be helpful) but that we must understand this situation not as an accident, but as the slow creation of a class of people who want to exercise power over us and have been getting their way.
Google founders had some internal compass when they offered GMail "free" with an explicit statement that they would "index the emails" or whatever. I recall smart people, a few of them, noting it but the rush happened. Second was smart phones not being too coy about knowing your phone call records with an ID attached to it, every time, all the time. When the public accepted those two things, in recent memory, that was enough to tip IMHO here in the USA. Whatever legal powers behind the scenes with the Patriot Act were contemporaneous, after GMail.
The Patriot act was signed in to law in October 2001.
Bill Binney blew the whistle on illegal NSA mass data collection of email, web browsing, and cell phone records in 2002.
Hard to pinpoint when smartphones became mainstream, though as a point of reference the iPhone was launched in 2007.
So clearly the NSA was trying to do dragnet surveillance of the internet well before gmail or the widespread use of smartphones.
A quote from the Bill Binney wikipedia page:
"Binney has also been publicly critical of the NSA for spying on U.S. citizens, saying of its expanded surveillance after the September 11, 2001 attacks that 'it's better than anything that the KGB, the Stasi, or the Gestapo and SS ever had'"
There are a ton of 'workarounds' like that in play, parallel construction being one of the most extreme ones. It's interesting how these invariably work very well when it is the government in the position of the plaintiff but citizens will never ever see the benefit of any of this. Cameras everywhere, but good luck if your car gets stolen. Meanwhile all of your movements are tracked with abandon, ANPR on every second street and so on. Privacy is very hard to come by.
At the same time: I sympathize with LE and intelligence service operators that have their heart in the right place and that would just like to be able to do their jobs in a hostile and hard to navigate digital environment. Tech moves so much faster than they can keep up with.
If law enforcement has a reason to obtain data, they should be able to get a warrant to obtain data for people of direct interest. But especially the federal gov should not be able to have data that they cannot legally obtain directly from the population. What good is a law and right of the population, if it can be trivially circumvented?
Having data on everyone and then only using it against people they want to use it against is exactly what the Stasi did. Obviously this is their dream come true --just a little to late for them.
> What good is a law and right of the population, if it can be trivially circumvented
U.S. v. Miller [1], which established the third-party doctrine, turned on whether "the business records of the banks" to which the defendant could "assert neither ownership nor possession" could be accessed by subpoena versus court-authorized warrant. (The context turns on bank records. Smith v. Maryland [2] expands it to "phone numbers [conveyed] to the telephone company.")
This seems trivially fixable with legislation. Requests made by the government to third parties in respect of specific persons' non-public (even if not strictly confidential) records require court approval or the first party's consent. Also, easier than trying to expand he definition of "houses, papers, and effects" [3] to cover our data in various clouds: defining, in statute, that there is a legitimate and reasonable expectation of privacy in the phone numbers one dials to speak to or message with another person or persons, e-mails one sends to a small group of people, handles one provides a messaging service marketed as encrypted, and articles (e.g. documents, photos and work products) uploaded to a third party's server for personal use.
Agreed, but this is something that has been going on for decades. Their excuse - believe it or not, I can dig up the source if you want - is that as long as nobody looks at the data it is ok to have it. I thought that was being incredibly economical with words, clearly that is not the intent of the law.
It's ironic that this is what all repressive governments do. They hold data and when they need it they spring it. But I guess this escapes them -or maybe not.
You "agree" to give cnn.com (or whoever) the information when you visit their site through stupid TOS BS. You also "agree" that they can sell it.
Law says don't collect the data through surveillance. Law doesn't say "don't buy it from people selling it willingly" - probably nobody anticipated that, because... it sounds kinda stupid if you don't know how we got here... yet here we are.
So instead of trying to lawyerball it to make courts declare that it somehow falls under current restrictions, based on intent vs the actual words, we just need to update the damn laws.
The intent of the law was to limit government power specifically. Not unlike the law requiring most of the information on firearm sales at the federal level be kept in paper format so that it can't easily be mass-indexed and mass-crawled.
The NRA is backed by an ardent following of funders who sincerely believe curtailment of their ownership of firearms is an immediate and direct existential threat.
That's what privacy is missing. But get the right ad agencies on it to put together some good scare campaigns and maybe.
I'm sure that's already happening. Nixon would have killed for the kind of data our government is collecting and when this data is turned against citizens the Neo-McCarthyist witch-hunts will be devastating.
The government has the monopoly to violence, Google does not. The cops can arrest you, Netflix can't.
That's why information in government hands can be more dangerous than in corporate. A good example is when Nazis occupied Holland they used governmental data on religion (collected to properly allocate funds for places of worship) to track jews and send them to the camps.
So data in corporate hands is bad, but governmental data can be even worse.
I’ve read this entire comment almost verbatim so many times as a justification for private surveillance of society. Pervasive surveillance is a problematic issue, period.
Let me tell you what companies can do: they can make lists and pass it privately around to deny you gainful employment, loans, investment, etc. They can also sell it to the government, subverting privacy and due process rights.
What if that information was how you voted, or that stupid thing you posted on AITA six beers deep five years ago, or how much time you spend watching Netflix, maybe you watch too many war movies, maybe one time you posted anti advertising agency content six years ago and you applied to an ad agency because you desperately needed a job.
In highly competitive markets people use stupid things to deny people opportunities.
The constitution was written a long time ago and really says nothing about information technology for obvious reasons. The fact that we don't have amendments for a lot of modern issues is a scary thing for the general population.
Constitutions around the world were absolutely trampled under the guise of an axiomatically defined emergency that trumped fundamental freedoms and civil rights.
Freedom of movement, association, speech, religion, bodily autonomy and more... All down the drain.
All you need is a bit of collision between government media and tech and you're golden.
Just look at some of the things the sick freaks in the government collect data on through their massive data harvesting apparatus [0].
But in all seriousness, you should know it is actually possible to use data towards good aims. Policy makers can use data to produce better answers to questions exploring issues like poverty, disease, crime, financial literacy, etc. Setting up a massive survey is slow and extremely expensive, and that makes it extremely hard to iterate on findings. Getting answers years quicker makes it possible for the government to develop better policies, and that's a good thing. Sure the Nazis were evil, and information enabled the Nazis to be more efficient and effective at implementing evil policies. But an un/less-informed government isn't a goal to strive for. Good government implementing good policies is a goal worth striving for, as there are some problems that can only be addressed at government scale.
Ah yes the FBI is now buying civilian data to take surveys for us! I envy your rose colored glasses.
Considering I know what kind of data is available, I sincerely doubt this is what is happening. Does that mean, that it's all super evil bad bad stuff, nah, but it is exploitable for evil for sure.
The state's monopoly, qua Max Weber, is on the claim to the legitimate use of violence. That is, the right and legitimacy of that right, is restricted to the state, or an entity acting in the effective capacity of a state, whatever it happens to call itself.
Absent this, one of three conditions exist:
1. There is no monopoly. In which case violence is widespread, and there is no state.
2. There is no legitimacy. In which case violence is capricious.
3. Some non-state power or agent assumes the monopoly on legitimate violence. In which case it becomes, by definition The State.
The state's claim is to legitimacy. A capricious exercise would be an abrogation of legitimacy
Weber, Max (1978). Roth, Guenther; Wittich, Claus (eds.). Economy and Society. Berkeley: U. California Press. p. 54.
The misleading and abbreviated form that's frequently found online seems to have originated with Rothbard in the 1960s, and was further popularised by Nozick in the 1970s. It's now falsely accepted as a truth when in fact it is a gross misrepresentation and obscures the core principles Weber advanced.
In your comment, what you confuse is capacity for violence (inherent in all actors, state, individual, corporate, or non-governmental institutional, with numerous extant examples of each) with the Weberian definition of a monopoly on the legitimate claim to violence. In practice, enacting violence on virtually any actor will engender some counterveiling response, though the effectiveness will vary greatly depending on the comparative power and/or disinhibition of the entity responding.
There are numerous examples of private corporations or non-governmental actors engaging in violence, with or without state support or sanction. There are the 100 million souls lost, respectively, to the British East India Company's occupation and administration (as a private entity, with military powers) of India, of the transatlantic slave trade by numerous private commercial operators, and of the genocide against the indigenous populations of the Americas, again much by privately-chartered corporations (as the original British colonies were). There are extant mercenary forces such as Constellis (formerly Academi, formerly Xe, formerly Blackwater) in the US, or the Wagner Group presently transacting genocide in Ukraine. There are oil companies who have initiated coups, paramilitary actions, and assassinations throughout the world. There is the Pinkerton Agency, still extant, and with a storied role in violence against labour and civil rights movements. There are railroads, with their own (private) police forces, which are in fact registered as law enforcement despite being nongovernmental.
The truth is that there is no clean distinction between State and Private use of force, lethal or otherwise. What there is in government is, one hopes, legitimacy and accountability to the citizenry rather than to creditors and investors.
> The government couldn't do it this easily if it wasn't for sale.
I don't disagree with your overall point, but the government being allowed to buy this data can create the market for the data in the first place, even if no one else wanted the data.
Hundreds of billions of dollars are being made and the government is gaining and keeping control over us with this. If you think meaningful privacy laws will be passed in the US, you are delusional. We are on our own. If a candidate such as RFK says he will attack this practice, I am still skeptical of how successful he will be.
> The government couldn't do it this easily if it wasn't for sale.
Stronger: this being for sale means that it's already being purchased by someone.
Really the scoop to this piece is just "The CIA engages in open source intelligence", which sort of a "duh" kind of thing. If there's intelligence value in a product on the open market, of course they're going to consider buying it.
If it shouldn't be for sale it shouldn't be for sale. Let's fix that, not try to pretend that we're OK if Putin or Xi buys it but not the CIA.
I think that something that should have made lawmakers, and others in public office, sit up and take notice, is a couple of years ago when a prominent and highly-placed Catholic priest was found to be hanging out on Grindr and with other users of the app, shall we say. https://www.catholicnewsagency.com/news/248431/usccb-general...
If such incriminating data is so easily procured against just one guy using a gay hookup app, imagine the treasure troves of data that could be wielded against Members of Congress and other people in power. Even in the absence of wrongdoing, I still don't think that public figures would enjoy having the public know their every move, every minute of every day, but the reality is that all the apps they run are phoning home and uploading that data constantly, unceasingly, and it's all for sale.
I suspect all those who write the laws already have a Damoclean Sword threatening to drop on them at any time convenient. So I wouldn't count on much help from them whether the laws apply to them or not. It's a virtual certainty that noone who seeks power is free of exploitable skeletons. They are the kind of people who seek power. So the law enforcement and security infrastructure can leak that whenever they choose.
I guess what I'm saying is, your suggestion would be a good idea, but the security apparatus figured it out before you did a long time ago. See ABSCAM for instance.
I'm reminded of how Obama was vocally opposed to domestic surveillance and campaigned on ending all the new spying on the American people, but once he was in office he changed his tune very quickly and ended up expanding the NSA's ability to spy on the people instead.
I figure either he was shown some very strong and classified evidence that the data the NSA had been collecting was critical to protecting the people even while it violated their constitutional rights and freedoms or else he was shown how much dirt they have on him and his family and he was blackmailed into publicly declaring his love for NSA spying and handing them more tools to collect data while making only a few token changes.
I figure either he was shown some very strong and classified evidence that the data the NSA had been collecting was critical... or else he was shown how much dirt they have on him
Just, Devil's Advocate, but, yeah, why can't it be both?
That guy who was tracking celebrities's plane traffic and publishing on TWTTR could instead do this. Automatically and repeatedly publish legally obtained data on all politicians fed, state and local.
Now that would constitute a public service.
Could someone start the 'Decentralized Intelligence Agency(, LLC)', buying, collating, and analyzing open market data feeds, and allowing subscribers to see what's known about themselves and others?
If you have the wherewithal to protect yourself from the unsavory underworld types who will inevitably come after you for revealing things they'd just as soon keep secret.
There's a reason you only see the government doing this kind of thing.
Yea sure. I mean that's already a thing to some extent, but, if you want the honest answer. Everything you do digitally is known about you. Your physical location, places you regularly go to and when, Websites you visit, your account names, etc. Even ISPs can sell your data these days.
I'm aware of this; I think many ordinary people and lawmakers are perhaps less clear on it, and that making it easy to see would help people understand the situation.
It's being done, and has been done for around a decade now. New York times did a good piece on how every civilians cellphone gps data has been for sale a long time ago. Bounty hunters buy this kind of data all the time is my understanding.
Right, and they probably are vastly under represented in the world of "who is buying american information". There's probably foreign adversaries in there also.
This is mostly the wrong side of the coin. You have it right.
Please don't make excuses for the government. This is simply their way of getting around the spirit of the 1st and 4th amendments. It's governmental abuse and anyone with any common sense knows that. Companies can't arrest me and throw me in jail indefinitely.
I don’t fully disagree but there is still a big difference. People voluntarily give these companies their data. The companies aren’t skirting the law. We shouldn’t gatekeep disallowing government spying behind better consumer protections.
The kicker in all this is that the taxpayers are literally paying for this. We are paying to give the government our own data.
My alarm bells for the Appeal to the Law fallacy went off. I see it quite often. When we’re discussing what the law should be, what the law currently is is irrelevant (unless your position is that laws should not change).
The fact that it is currently legal to harvest this data and the fact that it is currently legal for the government to purchase it should have no bearing on whether they should be able to in the future.
Further, there is a serious question with regards to the extent to which these businesses had the actual informed consent of their users. Do people fully understand that their information will be sold to data brokers? Do they understand that the government will be able to purchase said info with our money (and possibly use this information to incarcerate them)? The latter is almost certainly no, which is why the government fought so hard to keep it a secret.
Every single person working in the adtech industry is complicit in this.
Joseph Cox’s reporting on the geolocation/tracking shit the US Gov buys up really highlights the direct link between consumer tracking (to sell them shit) and government intrusion into privacy.
I was an early employee at Disqus (YC S07). I helped build its 3rd party commenting plugin, because I had a blog and believed in distributed discussion. I genuinely believe the company did too (the founders, the employees, etc.). But eventually the rubber hits the road, and Disqus was sold years later to Zeta Global [1], a “data-driven marketing company”.
As long as you have a database in the cloud with a non-trivial amount of user data, you don’t really have control over what becomes of it.
>you don’t really have control over what becomes of it.
sure you do, as long as you remain in charge. once you sell it, of course you don't really have control. duh. but to say just because data exists means you can't decide what to do or not to do with it is absurd
It's the only truthful take. If you don't take capital you don't really qualify as being part of the "startup culture", you're just running a small business.
I mean, at the extreme like this: you're gonna die sometime. You don't have control after that. You could try to set up a trust etc etc etc but... on a long enough timeline, everything's gonna change control.
But in practice, almost everyone with these databases with significant amount of data is working for an entity with shareholders and creditors. It's much harder to stay in control forever in that world, especially if your company is not perpetually successful. Companies decline or fold all the time. Then they get sold off.
I think your conclusion is countered by something else you wrote:
> As long as you have a database in the cloud with a non-trivial amount of user data, you don’t really have control over what becomes of it.
Who I work for and what I do is the agency. If I want to better influence what happens to my work, I can make sure my work doesn't have this abuse incentive.
Even if you do not remain in charge you could institute serious irrevocable voluntary liquidated damages clauses paid out to your customers for any misuse of their data. This would bind any future actions with serious financial penaltys. In addition, IANAL, but I think if the government wishes to appropriate the data there is a good chance they might be required to pay the penalty for making you violate your contract.
> You don’t even have to work explicitly in adtech.
I agree, but I don't want anyone to think blame should be shared equally (not that I think you were suggesting this, but that others could interpret it this way). I also don't think that being complicit in an act equates to sharing blame. There is accountable complacency and unaccountable. This is more why it is important to think about how our work can be abused. It always will be abused, and you'll never be able to figure out all the creative ways that they can be. But that doesn't mean you shouldn't try. Intentional ignorance is accountable complacency. Everything is on a spectrum: complacency, blame, abuse, ignorance, etc. We do need to be careful in how we discretize the bins, and make sure we don't binarize. There's unwilling and unwitting complacency, and that should be accounted for. A lot does matter about how much control you have, as you said. But I also think recognition matters: if you realize that the tool will/is being abused then complacency is more explicit/accountable.
Things are easy to see post hoc, and we can always think "what if." I hope that, given what you wrote, you don't blame yourself. But now you, and others, have better tools to predict potential abuse. After all, the road to hell is paved with good intentions (the road to heaven is paved of the same stuff, which is why it is hard to distinguish).
> Every single person working in the adtech industry is complicit in this.
Please let me know how to buy bulk consumer data from Google/Microsoft/Apple/Amazon/etc-ad platform.
Ad-Tech isn't the ones selling data; they want to be high up in the value chain. Your ISP/phone company _is_ literally selling your geo-location and data (internet) usage.
And this is just the stuff they're public about. Also interesting to note that while they classify some of these as "warrants" or whatever else, they don't actually say whether it simply originated from a warrant, or whether they were legally obligated to comply due to the warrant.
Over the years it's been millions of accounts, and the data they gather from those millions of accounts also creates a vivid image of tens or hundreds of millions of other accounts.
Can't get the warrant to get the user data for some given person? No problem, get a reason to have a warrant for all 5,295 people she's ever communicated to over Google services. It effectively services as a warrant for her data specifically at that point.
My point is that I suspect Google complies with requests even when they legally don't have to, and provides data to the government that looks innocent on the surface for PR reasons but is still instrumental for widespread surveillance and infringes on the rights of Americans
Exactly. I'd go as far to say that attention on government and Google/Microsoft/Apple/Amazon is a (deliberate?) distraction from the shitty apps, internet service providers, and mobile phone companies selling all the data they can collect. If John Q Public knew that their visit history to adult websites was for sale, they would drop the service and demand legislation immediately.
And that's semi-how we got the Video Privacy Act [1].
Some journalist was like, "what happens if I go to [VHS Rental Store] and ask for the list of videos a supreme court nominee rented". And the store gave him the list and he subsequently published it and then congress panicked as they knew their rental history could be next.
A part of me still routinely wants Jon Stewart to move to Tennessee and run for the Turtle’s Congressional seat, on a platform of veteran and emergency worker welfare if nothing else.
We should be doing this kind of shit every week. Congress critters are supposed to represent us but most represent a cartoon version of their constituency or eventually just themselves.
Ad tech has been around since before the internet. Data brokers have been building detailed profiles on everyone for decades. They sell this data to the government.
In 1998 I sat in a meeting at the oldest data broker in the country where someone gleefully explained how they could predict menstrual cycles from consumer purchase data and use that for targeted ads optimized weekly for emotional state and all other known personal preferences. This isn't something invented by FB and Google. They're the noobs in this world.
>Ad tech has been around since before the internet.
True, but it was never this granular on this mass of a scale. I remember joking as a kid about the Nielson families that would kill a TV show because they went out to dinner instead of watching TV that night. The extrapolation that was applied to those kinds of numbers were always ripe for bad interpretation. The same thing can be said about polling numbers. The granularity is what makes modern day "ad tech" or tracking in general so damn dangerous in its accuracy
Every loyalty card purchase generates granular data about your consumer habits. Where you shop, what you buy, how much you spend. Coupled with age, income, race, sexual preference, political affiliation, and more makes for a deep insight into your inner life. These businesses don't operate out in the open so the general public is mostly ignorant about what has been going on. The level of invasiveness that has existed for 30+ years should not be underestimated.
It's only about you if you actually provided accurate information. I've never signed up with legit name, age, sex, phone, address with any system of loyalty payments. most of the time you can enter some random phone number and it'll work. so now you're just skewing someone else's metrics. there's all sorts of ways to get the store's "member" pricing without submitting your life to them
There's a universe of companies in adtech other than Google, etc, that advertisers leverage to tailor their shit and do the dirty work. Stuff like https://en.wikipedia.org/wiki/BlueKai that will suck up anything they can find and then help plug it into your other stuff.
How much plausible deniability of all of this stuff that can be happily plugged into the Google, etc, APIs and tools should we extend to the big players? I'm sure there are plenty of people at all those companies who know that the data connection integrations they provide aren't only getting first-party, originally-sourced data. Google's ad platform doesn't need to explicitly get their hands dirty tying all the threads together for you or maintain a singular massive database of everything, they just need to supply enough hooks to let all the OTHER companies do it. Which is probably good in that everyone's ad-hoc attempt is probably less-accurate than Google could do on their own... but all that data is still floating around and it all originally got connected to use to target ads in these systems.
EDIT: And if you extend it to the publishing arms (e.g. Youtube or MSN or whatever) than I'd bet many of the big players in ad serving have other departments that are running integrations with some of those data aggregation platforms. They know how the game works for sure.
GP never said adtech selling data, but they are complicit in the widespread sale of our data to governments. Is adtech not responsible for making the tools that only exist to sell us ads and soak up our data?
Lets say we have a company and I'll make up a name for them: Perizon. Perizon sells you phones and also collects your location whenever your phone is on. Perizon then sells this data to the USG and anybody (ex. journalists) claiming to be bounty hunters.
Continuing the story, lets say we have a company and I'll make up another name for them: Scroogle. Scroogle operates a popular website and collects your location whenever your phone connects to the website. Scroogle does not sell this data to the USG.
Which company is complicit in the widespread sale of data? Perizon has it's own data ingest system separate from Scroogles. It's always been separate and it's been operating for decades; Scroogle is not complicit in Perizon's decisions.
--
Now, there is certainly an arguement that Scroogle shouldn't collect all the data it does. But lets be calling a Spade a Spade here; Perizon is the company that fits your description.
The reality is this. Perizon sells you a phone with the ability to track your location. They do it. Websites do it. Apps do it. Let’s focus on the websites for a second. When you visit a website, you give up information about your device. User-Agent, device, maybe your location as well but definitely your IP address. This goes into a giant data lake where they can cross this with multiple other websites to determine if it’s “you”. Once determined, they put together a profile of you - your sites, apps, locations, buying habits, search history, demographics, income history, you name it - from multiple data brokers and sources. Then this profile is bundled and sold.
How do I know? I briefly worked for a company that enabled this. I didn’t stay.
You got hired at (the fictional company) Scroogle and can verify that they produced a data lake and then sell nice zip drives of that data to people?
I have no doubt that out of all the websites in existence some collect your location and sell it to any bidders. My point is that if you focus on the actual ad-platforms the behavior of selling location data is not what they do. If you have a problem with people selling location data you should be focusing on people selling location data and not some nebulous "ad-tech". Perizon does not validate if you're using the location data to catch criminals, sell shoes, or find your wife to beat her to death. Even without "ad-tech" Perizon still has a financial incentive to sell your data.
Personal accountability is a dying trait it seems. Sorry you are getting downvoted for what seems to be an accurate assessment of the situation. I wonder if the people downvoting would argue that advertisers for taco bell are not complicit in your buying a taco?
When it comes to adtech, I don't immediately think of Big Tech, but they are in fact the largest aggregators of data which feeds into the system. I always wondered why there isn't enough government pushback or regulation to limit this. I guess this post is maybe part of the reason.
I think in the public sphere, many don't think of Big Tech as privacy intruders, even with Facebook's public failures, many continue to use their services. I'm not sure if most people care or don't care. But when Apple took the initiative to limit 3rd party cookies by asking it's users directly whether they wanted to allow it or not, the majority chose not to allow it. Which shows people don't want their data to be tracked.
On a related note, I don't think I've ever clicked on a banner ad on a site, or any twitter/youtube ad, etc. There's certainly an element of marketing that's brand awareness. But all the other metrics about click rates, and purchase intent, etc- I have no idea how this all adds up to the massive numbers that Big tech pulls in from ads on the Internet.
> but they are in fact the largest aggregators of data which feeds into the system.
Feeds into what "system".
Do you really think Google/Amazon/Apple/etc are handing over your Name+Phone number to say Spokeo [1]? I just don't think you get it. Your phone company is the one that is selling your data to anybody not FAANG.
It's easy to say some "ad-tech" are doing X, but actually get a whiteboard out and start with say Google and list what products of theirs collect what data. Then list the process by which say the USG buys its from Google. I'm very interested in what names for the processes are going to be because I really doubt you'll find any for the ad-platforms.
I understand US carriers and ISPs are the most guilty parties that are selling data to third parties. Maybe not intentionally, but we have seen in the past when third parties get access to user information hoarded by Big Tech for e.g. Cambridge Analytica.
Even the data that is collected by Facebook + Google, are mostly non consensual and we don't know what they do with it. Or it's like the classic gun to your head, to use our "free" services aka, if you don't pay for it, you are the customer.
Placeiq is a third party data vendor that usually integrates with a demand side platform (dsp) like google’s dv360, the trade desk, xandr, etc. But you can use their data in other ways outside of dsps for things like measurement or maybe whatever the gov is doing.
It sounds like you just aren't aware of how deep a rabbit-hole the ad-tech space is. Google gets to be the relatively-clean "platform" at the top, but they don't exist independently of the rest of the industry.
As parent post noted, there is no mention of Google, Microsoft, Apple, or Amazon on the partners page for PlaceIQ.
In general, those companies aren't interested in bundling up data on users and selling it to third parties because the data itself is the nest egg. They go out of their way to, if anything, provide services for anonymous matching of interested parties to users they've collected data on, but not in a way that lets those parties pull the data back out.
The comment I replied to listed /etc so I gave an easy example. For placeiq google/etc is not the provider of the data but the platform where an advertiser would use the data.
I agree - faang/etc do not need to sell the data outside their walled garden but there are tons of vendors with sdks in millions of apps and pixels on millions of websites that have considerable location/user data. It’s easy to find how to buy + activate that data which is the point I wanted to make.
It is perfectly reasonable with the track record of the NSA to both pay Google to provide user data (under threats of NSLs or a million other things) along with also spying on Google to check to deceit or things they don't want to disclose.
Personally I’ve always found what the adtech industry is doing creepier than what the intelligence community is doing.
I find the motives of adtech darker than those of intelligence, especially when adtech intersects with dark patterns and driving addiction. I’ve seen what this can do to people, especially teens but adults too.
Intelligence at least nominally is supposed to be protecting me. Yes I realize there’s corruption and loose cannon agendas, but those are not its official reason to exist. Adtech on the other hand has the explicit goal of making me addicted, dumb, and poor. The corruption and ill intent isn’t an aberration due to poor oversight. It’s the point of the whole endeavor.
Even worse it targets my kids. Modern parenting is an endless battle to keep the kids out of obvious adtech and social media addiction funnels.
If the intelligence community is trying to buy from adtech, it’s because adtech is actually ahead in these areas. The darkest programs in intelligence history like MKUltra are less effective than what can be achieved with a smart phone, a dopamine loop, cute videos, and notifications.
> Adtech on the other hand has the explicit goal of making me addicted, dumb, and poor.
No, adtech has the explicit goal of increasing revenue by increasing impressions on ads. Whether you become addicted, dumb, and/or poor as a result is considered an acceptable risk.
"With thousands of attributes on more than 300 million
consumers and 126 million households, ConsumerView
data provides a deeper understanding of your customers,
resulting in more actionable insights across channels."
"When a user enters a venue and dwells for at least two minutes, our Pilgrim technology records all of the signals available on the phone. It then matches that person to confirmed signals from our panel of 13 billion in order to register a visit. Utilizing stop detection technology and dwell time is crucial for reporting visits because we are capturing true visits as opposed to someone driving by or sitting in traffic nearby."
"Cross-device targeting is a method of advertising where you display ads on various devices belonging to one user from the target audience.
An average user uses the internet on three different devices. They look at their smartphone first thing in the morning, work on their PC, surf the internet on their tablet on their way home, and drift off to sleep with their TV streaming turned on. Imagine that you can display your relevant ad on each of their devices, with your message following the user throughout their day."
Is it not fair to say those of us using adtech in our work are also complicit? I work in a highly regulated industry where consumer data is protected - except the data they unknowingly let f*cebook harvest by visiting our marketing sites.
> In France, the Senate just approved a controversial provision to a justice bill that would allow law enforcement to secretly activate cameras and microphones on a suspect’s devices. This type of surveillance would be activated without notifying the owner of the device. The same provision would also allow agencies easier access to geolocation data to track suspected criminals ... Critics are urging French parliamentarians to dismiss the controversial provisions. And it’s not too late – the update to the bill must still be approved in the National Assembly, the more powerful lower house of the Parliament.
Any startup employees working directly on technology trade secrets or otherwise non-public intellectual property should enable iOS Lockdown Mode.
Thanks to years of invasive online targeting, bulk data breaches and mobile phone network structural insecurity, it has never been cheaper to screen for higher-than-average-value targets with digital assets that can be exfiltrated.
Since targeting costs have fallen, it is profitable to target employees below the C-suite, e.g. those in strategic or development roles who routinely need to access sensitive information and digital assets.
This applies to enterprise, mobile and WFH environments, e.g. leveraging mobile phone foothold to reach other devices like a home router.
Many people could enable Lockdown mode, at the cost of opting-out specific websites or apps which are (a) trusted, (b) dependent on features disabled by Lockdown mode.
If you are an American citizen who is not against American interests, sure, go with iOS Lockdown Mode. They won’t come after you. If you’re not, then you can get an open-source OS device like GrapheneOS, be careful not to emit any information to the internet except without over anonymity networks like Tor, and use E2E messengers in your day to day comms for your baseline security for today. I don’t know what will happen when AIs will be able to identify any person from a paragraph of text they’ve written. Best to move to a place where no technological State exists and live self-sufficiently then, maybe. Still you’ll be visible to satellites and thus targetable for States, unless you live on hydroponics in an underground mine or something.
For people who are targeted or in risk of being targeted by three letter agencies, it’s a different story.
It’s so easy for any three letter agency to install a mole or buy someone in those open-source projects like GrapheneOS, for example to publish compromised binaries. The best option is always to not use anything connected to the cell (GSM, 4G, 5G etc.) network and carry all comms encrypted over internet, with pre-exchanged secret keys and preferably over a network like I2P and over public Wi-Fis. You can use I2P outproxies to connect to visible (normal) internet. I do NOT recommend Tor, there were reports of Tor being compromised and it’s too suspiciously popular to be trustable IMHO. Pay attention to CCTV cameras as well, don’t sit in a mall to connect its public Wi-Fi. All these things obviously introduce a lot of friction to your communications, but if you are such a high-value person you should have set up your network of people accordingly beforehand as well, to relay messages and such. QubesOS is a good OS for such people. If you have the means, custom device solutions to communicate over radio with encryption is by far the best option you can have, especially for receiving critical comms on time. This only leaves the risk of triangulation when you transmit, but you must be a really high value target for this to happen. And you can always still use internet as I described to transmit.
The privacy Americans previously enjoyed came for free and so contemporary Americans don't value it. The government OTOH places tremendous value on it so the natural result is what we see. It will continue to be eroded.
Unfortunately from what I see in history it's not usually until people are having trouble feeding their families that the people seize power back from government and short of that nothing will change. Ideological movements not related to our Maslow's-hierarchy-of-needs do come up and cause change but they're the exception and I'm not holding my breath.
HN crowd is more enlightened than most and I still see widespread hook-line-and-sinker consumption of 100% corrupt corporate media narratives on here.
I have to sadly agree. An earlier article talking about the erosion of privacy was met with more "what's the big deal" commenting than I am comfortable with in an environment such as HN. For me, it illustrated a direction in technology workers' attitudes that is frightening. I expected better.
People -- and I will call out my fellow Americans in this -- don't seem to really care until it directly affects them and in significantly adverse ways. Up until that point, the attitude seems to be "I can still get by" and by the time that's not true, it's generations too late. But, hey, as long as you got yours, why should you care about your neighbor, right?
I've seen too many people complaining how annoying dealing with GDPR is and how it is not government's business to regulate that.
Well, if you don't exactly this happens. But somehow when there is minuscule effort required to keep your freedoms there are always a plenty of people wanting to throw it away instead.
They don't have a different opinion. They have the null position of "who cares?".
The people being referred to in the above comment aren't people who have thought in any depth about the issue of privacy and the boundaries that should be put in place to prevent abuse of violation of individual privacy and come to a contrary opinion. It's about people who are so completely heads down in their tiny vision of work and life that they've never really thought about the issue and only see things like "individual right to privacy" as annoying roadblocks they have to deal with to do what they're paid to do.
The annoyance and frustration is with the apathy towards and issue, not with contradictory opinions.
People don't study history and so we're doomed to repeat it. The reason why the Nazi holocaust of jews was most effective in the Netherlands is because of how incredible that country's record keeping was. You could argue that the violation of privacy might not be terribly abused today, but the people in charge today won't be in charge forever.
Its not like private companies and foreign governments aren't doing the exact same thing. See the recent eBay security case, the Khashoggi journalist case, etc. Plenty of examples of things like Saudi's sovereign fund being a primary investor and demanding user data on dissidents.
The idea that this data can be collected and kept safe at all is fiction. Even if the legal framework is in place to prohibit selling or misusing it there will always be bad actors and compromised employees willing to subvert any controls you care to implement. Even something as simple as hijacking phone numbers happens at massive scale because both call center and retail cellular employees are so easy to fool or buy off.
FWIW I agree with you on corrupt corporate media. Consolidation has put a vast amount of media in just a few people's hands. Those extremely rich people don't want anyone telling them what to do and have bought a lot of deregulation especially of campaign finance so they can use the purse strings to control policy.
In the US the political parties used to have a tighter reign on things because they were the money funnel and party leaders were at least subject to party elections so at some level politicians who didn't do something to advance the party platform approved by the party's members would lose funding. That whole system has more or less been smashed to pieces. Politicians need to make the supposedly "arm's length" PACs and other groups happy. Groups directly funded by a handful of very rich people. Voters at large and within the party are less and less relevant.
> Unfortunately from what I see in history it's not usually until people are having trouble feeding their families that the people seize power back from government and short of that nothing will change.
If you want to be more cynical, how many of those "seizures of power" result in positive change vs neutral or negative? Even setting aside whoever dies in the revolution itself?
I don't trust anyone pushing for revolution vs organized campaigning within the system because of how often it just doesn't work for the better.
> Such data may be useful, it says, to “identify every person who attended a protest or rally based on their smartphone location or ad-tracking records.”
"May"? This is exactly how the January 6th protestors were identified.
doubtful. they were issuing subpoenas to the cell companies for their records of the tower registrations for a certain time frame when crimes were being committed. It doesn't take much to identify the owner of a smartphone via that and then correlate that with driver's license photo ids and correlate that with surveillance camera footage to bring a case. that had nothing to do with peaceful protester tracking but bog standard criminal investigation.
Either way, I don't think that matters. My point is that tech companies store data that can be used to identify everyone present at a specific location and timeframe, and that data is easily available to the government. There's no "may" about it.
> investigators obtained GPS and other cell phone records from Google via a search warrant
Search warrants are and remain the correct tool for the government to get this data. What this article is worrying about is the fact that sometimes the government simply purchases this data without any sign off from a judge. That's where constitutional protections are eroded.
Your outrage is misplaced until such time when the government can buy this data from Google without a search warrant.
I'm aware of the distinction. I guess I wasn't clear in my original comment because this keeps coming up: My point is merely that there is absolutely no doubt that once acquired, the data gives the government this capability. The article implies that this is uncertain, and it is not.
> Your outrage is misplaced until such time when the government can buy this data from Google without a search warrant.
Whatever outrage you read into my comments, I assure you it's not there. If you're looking for a fight, look elsewhere.
Also, the OP article is about the government doing exactly that. So if I was outraged, it would be well placed, according to you.
Are you sure about that? See Section 2.2 of the report, "Examples of CAI Contracts" that says "The IC currently acquires a large amount of CAI" and goes on to list specific data brokers contracted by specific government agencies. What am I missing?
The data brokers it contracts are pretty harmless, like getting business data from Dun & Bradstreet or getting military information from Janes Online. These data brokers aggregate publicly available information that you or I could find for free by accessing the right web pages. The only potential 4th Amendment violation, the one the article pretends is happening on a mass scale, is from purchase of mobile location data. The document says that the provider doesn't remove US data, so the government does that itself because accessing that data without due process would be a 4th Amendment violation. Due process was also followed when the government obtained location information from Google.
> DIA currently provides funding to another agency that purchases commercially available geolocation metadata aggregated from smartphones. The data DIA receives is global in scope and is not identified as “U.S. location data” or “foreign location data” by the vendor at the time it is provisioned to DIA. DIA processes the location data as it arrives to identify U.S. location data points that it segregates in a separate database. DIA personnel can only query the U.S. location database when authorized through a specific process requiring approval from the Office of General Counsel (OGC), Office of Oversight and Compliance (OOC), and DIA senior leadership. Permission to query the U.S. device location data has been granted five times in the past two-and-a-half years for authorized purposes.
It's worth noting that they do collect the data up front, and only querying it is restricted. But I suppose having to follow due process for that part is better than nothing.
How do they handle the Fourth Amendment rights of US citizens abroad, like me? My understanding is that those rights must be respected even abroad by US governmental entities when they know or reasonably should know that data they might search or seize belongs to a US citizen.
And if this data includes sufficient identifying info, they should be able to identify me as a US citizen. Even phone number would be enough, since I think that and my US social security number are together in various public data breach datasets.
(Yes, my US phone number should be generating foreign location data. I have two eSIMs simultaneously active, one US and one foreign. For odd reasons I don’t think I have proper roaming working for the US number where I am now, but it does work via Wi-Fi calling which does share the country info with the carrier - and I have had international roaming working at other times.)
Why should my SSN indicate citizenship, some might wonder? SSA certainly knows I was granted my SSN years ago as a newborn citizen, and the Department of State knows I hold a current US passport and have never relinquished my US citizenship.
sure... I don't disagree with you there. they did need to get a subpoena for that information using all the other evidence that was publicly out there on facebook that the affidavit said. they were using an android device that tracks you if you let it and stores that information on google's servers if you let it. you don't have to have that feature on and just having the phone on you is sufficient to be triangulated by the cell towers. I don't see how this is incompatible with modern society. google didn't just give up the data without going through the judge granting a subpoena. even if they didn't have that cell phone record it's just one piece of evidence of many that would still likely get a conviction.
it didn't start at gps data from google... it went from public posts on facebook to the email and phone number account associated with that to the google account associated with that to the gps data associated with the google account. if you show me them using a reach around route to get that gps data and persecute peaceful protestors that haven't been suspected of criminal activity then i do agree it's troubling. if you want me to agree that the government is not within their rights seek evidence via normal, judge approved, subpoenas to investigate/prosecute people storming the capital and doing legitimate crimes then i disagree. you need probable cause and that bar should be fairly high.
In the J6 case they used a subpoena, yes. The OP article says that they're now going around the legal process by simply buying the data.
But my point is that the article implies that there's some uncertainty as to whether this data can be used to identify everyone present at a place and time, and there isn't. It has been done before.
They used a bunch of different tricks to ID some of the people there (and they've still not arrested most of them). The lesson here isn't that they aren't collecting data effectively, or that they aren't able to learn whatever they want, but rather that the data isn't really intended or used for protecting America from attacks or threats or terrorism. It's certainly being used, but not to protect us.
The irony is they could have just bought the cellphone data. That's literally for sale. Maybe there was some legal reason they couldn't use it directly but it's already out there.
I don't doubt that this technique was used for the people who stormed the capital on January 6th, but I would hesitate to describe many of them as "protestors".
Actually, let's do call them protesters. If you want to get universal agreement on the need for privacy regulations, you need to present it a way that does not immediately turn away your intended audience.
When both sides really agree on something, it's amazing how fast it gets done. Which, of course, is why there are people trying to hard to keep both sides from ever agreeing.
On one hand I know that this is true. We have to guard against special pleading that allows oppression of those we disagree with because that inevitably leads to our own oppression sooner or later.
On the other hand I understand what the post you're replying to is saying, even if it's not said extremely well. There is an enormous online narrative with a lot of money and power behind it trying to normalize the most violent and anti-democratic parts of the right wing of American politics and using that to drive views, clicks, and votes.
I'm normally not someone to clutch pearls and will be the first one to acknowledge that the vast majority of Americans are just decent enough people trying to figure out how to keep fed, healthy, and safe. But the tendency toward fascism in the human animal is something we need vigilance against, as demonstrated over and over again in human history.
The people who attempted to violently attack the seat of democratically elected power in this country were not protestors. There were protestors outside, but the people who crossed the line to breaking and entering, assault, and terrorism were not protestors.
Yeah, that part where they were breaking down a window of a locked door in an attempt to get into the house inner chambers to attempt to impede the democratic process of the United States was totally a protest and not an insurrection.
The folks who were non-violent never made it inside the capital because they were there to protest? They were protestors.
The other ones? They were insurrectionists and they all deserve prison.
Remember to some people "there are no bad tactics, only bad targets", lots of people are blinded when their perceived political enemies are getting "what they deserve" and fail to understand the powers and tactics used on their political enemies will soon be used on them....
They will then go all shocked pikachu face then the government assault team in their door step taking them way... how can this bee they were the good ones.. they were on the "right side of history"...
Welcome to the system, everyone's a victim
Doesn't matter if you're red or blue it hates you all
This is literally what the Seattle populace is now doing after years of screaming "Defund the police". They have come full circle demanding more police presence due to raising crime rates. You get what you protest for or something like it.
It's not irrelevant to point out the false equivalency of putting constitutionally protected speech on the same level as forced entry, assault, and destruction of property.
I don't see this sentiment for the George Floyd riots that plagued the whole country for longer and did significantly more damage, instead of caring for corrupt politicians why not persecute those who robbed and stole from the common citizen.
If a protest doesn't make the news what's the point?
You don't see it because you're not looking for it. Plenty of protest groups were extremely vigilant about minimizing property damage and rooting out violent infiltrators.
The George Floyd protests were far more policed: twenty-five protestors died; around 14k were arrested. [1]
Hard to say any 1/6er suffered a similar fate, despite their significantly more egregious apparent crimes.
Do you not see the irony of your post? Did you not see the same at the 1/6? If they were more policed, the fires, and destruction didn't help it make it appear so. I could see the Floyd protests/riots outside. 1/6 affected some .1% of the elite I could care less about.
I'm still trying to see a reason why the common man hates that the citizens protest the government, or cares so much for the corrupt elite of either party. The government is not your friend. If the Floyd protests went to Washington it could have been less 1996 and more MLK.
To reiterate my point in the original post: If a protest doesn't make the news what's the point?
1/6 hurt Trump, and the Floyd riots hurt the BLM cause. If only either of them did something positive with the attention. One affected me and the people around me, the other could have happened on Mars to billionaire reptiles. I couldn't care less for those elites.
Any protest march and demonstration worth its salt can be described with terms such as "forced entry, assault, and destruction of property" (and has been)...
"subpoenaed cell phone data". It's completely justifiable, legally and morally, and been happening since cell phones existed, way before January 6th 2021. The article's claim that it was somehow new to this event shines a spotlight on their agenda.
Youre either not well informed or being deliberately obtuse. Cell phone data has been used in individual cases for almost as long as cell phones existed.
J6 was one of the first cases where mass surveillance paired with ad tracking and tower pings were used in combination for mass arrests.
We did not see this when the George Floyd riots occurred Despite the fact federal buildings were attacked yet it was brought out for this. It's very indicative of the existence of a police state that chooses its targets in a politically expedient way.
What we saw the government do and the fact the alleged conspirators have largely not been charged with anything but rather left to rot should terrify anyone. Just because you aren't the target today doesnt mean you won't be tomorrow.
Stop comparing January 6th with BLM. They're not even close to equivalent situations, in fact, they're complete opposites. BLM = Agent of the government murdered a citizen in the streets, citizens got angry. J6 = The highest agent of the government encouraged a mob of citizens to physically attack their political opponents.
There were tens of thousands of arrest during BLM. The national guard were sent in. Undercover agents of the government were throwing people into unmarked vehicles. The people at J6 walked home with love and well wishes from the standing president of The United States government. However, they were dumb enough to bring tracking devices and fully document themselves committing treason. That doesn't point to some deep state agenda, it's just plain idiocy.
I understand it might appear this way to someone who already has specific political leanings, but as someone without a dog in this fight - that does not appear supported by the evidence. Your conclusions reveal more about your priors than anything else.
Are there any countries which have the capabilities to spy on their citizenry that do not? I think there’s this idea of American exceptionalism, that spying on citizens is something that happens elsewhere but not in the good ‘ol US of A. But that’s probably more propaganda than fact.
The US gov has trampled on essentially every right we were taught about in 4th grade schoolhouse rock. They infiltrated and spied on Muslims in Minnesota [1] and before that had an entire program of spying on any activist at all. Before that they put entire races (Germans and Japanese) in internment camps and SCOTUS said it was fine. Hell, they even bombed people in Philadelphia.
My point is, exploiting the 3rd party doctrine to spy on Americans might be out of step with your conception of America and what you think it should be, but it’s not out of step with the historical reality of America.
I think the EU is at least a bit more aware of this kind of tracking, and trying to do something to stop it. If I became aware of some (EU) company collecting my location info on that scale, at least I have the right to get to know what data they have on me, and to ask them to delete it. Of course I don't believe all is perfect in the EU, nor that all those rules are always followed, but at least we are trying...
I like GDPR but that relates more to corporate data collection than government surveillance. Mass surveillance facilitated by third party corporations is only one kind of mass surveillance.
Supposedly China has ramped up regulations on corporate surveillance recently, implementing new restrictions on data that companies can store. That doesn’t mean the Chinese are free from surveillance.
What protections against mass surveillance does a person in the EU have?
> Are there any countries which have the capabilities to spy on their citizenry that do not?
The US?
Anyone who has worked with the IC knows that USPER data is highly controlled and targeting citizens requires layers upon layers of approvals and reviews. They collect every bit of data because having it and not needing it is obviously better than needing it and not having it.
Think of it this way: there is probably tons of data your employer has that you don't have access to. But just because HR has a record of how much they pay the receptionist doesn't imply everyone in the company is digging around in that data.
> I think there’s this idea of American exceptionalism
I think this goes in both directions. That some believe that America's exceptionalism is in non-spying (as you suggest) as well as the exceptionalism is that America does unprecedented spying on its citizens. I think that we let one of these two sides dominate the general conversations obfuscate the reality. People pro America will point to China, Russia, or any common "bad guys." Anti-America will point to abuses by America. The problem is that both evidences are valid, but that we binarize the situation. There's different levels of intrusiveness and abuse.
I say this because it all this makes your comment difficult to interpret. Our comments aren't books and often aren't monolithic. So it is difficult to tell if you are just pointing out issues that America has, which is in line with the article, or if you are specifically giving others a pass because "everyone else does it." Different readers have different priors and with a comment like this I think we'll see many different (and reasonable) interpretations.
Fwiw, I don't think many on the left or right (excluding the tails) would be happy about the government spying on its own citizens. I'm afraid we pick cases that fit our narrative for abuse and let others slide because they fit our narrative for justification. Not that this is particularly unique, but does make resolving the issues more convoluted than we give them credit for.
As for American exceptionalism, I'd say that at least one thing is clear: America's problems are more well known than that of other countries. The great American past time is criticizing America. The size economic dominance, and military dominance also makes these issues globally known[0]. Size is often a good reason to take focus, as big players often set the stage and standards. Other countries may be more transparent about their transgressions, but they may not easily permeate through their borders. So I think it is exceptional that America's transgressions are more apparent.
--- To the main point ---
I think that in a spectrum, that surveillance capitalism is better than explicit state surveillance programs, but I think both are unacceptable. I'd argue that surveillance capitalism even has bad consequences for your own country, as it means that adversaries can buy the same data that your own government can. That this can create more chaos as the information has utility to both sides. It is unclear if this chaos is better than a single actor with a clear and significant power/information imbalance, but I think it might be.
[0] As an example, since you brought up Japanese internment camps (by America) but I don't think many realize that similar internment camps existed in the UK, Australia, Canada and many other countries. Many with even higher percentages of Japanese interned than in America, though not in raw numbers. Similarly many Axis powers had internment camps and Ally powers had camps for Germans and Italians, who were generally interned at a lower rate (but in some countries these had a higher rate of longer established residency. So it's complicated). This is clearly not an excuse of the internment camps (I'm explicitly calling these transgressions) but rather an example that the American transgressions are more well known. I think nearly every American is aware of the atrocities of our Japanese internment camps as well as many non-Americans, but I do not think either group is well aware of the other camps. But it is also perfectly reasonable that this is the case.
I think it’s unclear whether state surveillance is always worse. It can be, but it doesn’t need to be. Surveillance that’s used for public safety is a very different animal than that for political ends. The first order effect of such a system would be the fast and accurate resolution of crimes. The second order effect is the absolute disempowerment of criminals: you can leave your bike unlocked because no one will try to steal it. What the US has now is pervasive but not very effective: mostly downside and little upside. Far too many crimes go unpunished in the US.
We haven’t reached the pinnacle of surveillance capitalism yet either. Very soon every customer will be profiled instantly as they enter the store based on facial recognition systems. Treating people differently based on protected characteristics is illegal, but remembering that they were kicked out of a club in LA to deny them services or jobs in NYC a decade later is not. These blacklist systems can be used to deny basic services even if you’re not in prison, have no transparency, and no accountability. And unlike government there is little recourse. You can’t vote on the decisions of Mastercard or Chase.
I definitely think these conversations can be hard and I thank you for bringing your opinion. I think discussion is needed without fighting :) FWIW I think you make good points and it is part of why I find it hard to put a definitive answer at which is worse. Do we agree that both are bad? I believe I understand your argument but there's two points I want to make in response. First about the nature of trust and second about abuse potential.
1. Nature of Trust: I think depending on how much you trust your government that views on state surveillance are going to change and similarly how you trust corporations. We should definitely acknowledge this because it plays a major factor. I believe your stance is from that of trust for government but distrust of corporations. Personally I distrust both (American). The two slight advantages I see to surveillance capitalism are that the collected data is distributed and that it is easier to poison the well. In the competitive corporate setting they _tend_ to not sell the data but rather access to the tools to process the data. (To be clear, both forms exist) If the data could be bought then it gives their competition advantages. So there's a weird incentive to keep that data locked tight (think Google & Facebook as opposed to Equifax). The hope is that no single entity can collect enough information. As for poisoning the well, I'd assume that this would almost always be illegal for a state surveillance program but difficult to sue in a corporate setting. I believe that it is also easier to fine or punish a single actor in the state case -- especially since they need to set examples -- while a corporate case they will likely not pursue as this is expensive unless you create and distribute tools. But maybe that's a bad assumption.
2. Abuse potential: This is the argument that I think privacy maximizers focus on and do not budge or even recognize the usefulness of surveillance (you got to understand if you want to prevent it). Personally I see democracies as perpetual balancing acts and naturally unstable. But that the benefits outweigh the costs. The issue, often called 'Turnkey Tyranny", is that a single bad actor can be democratically elected and then abuse that power (we've heard this, I'll move on in a sec). We don't have to point to Hitler, but we can even point to the abuse that the parent discussed with respect to the Patriot Act which we saw used and arguably abused under the Bush, Obama, and Trump administrations. Surveillance creep seems more pervasive within a government system, to me, as what I've seen is that once something is in place it is hard to remove. On the other hand, in a corporate setting you can move a lot faster. For example, Apple and WhatsApp/Facebook are both on privacy kicks, promoting their encryption. We all know that there's still collection, but the positioning themselves as privacy preserving has kicked off a competition in the other direction while we haven't seen such a movement in the US government (personally I wouldn't say GDPR is strong and that the EU articles are easily circumvented). That's a clear double edged sword but does feel like it can respond to user sentiment faster (one of the big differences in capitalism vs communism is market response and I see corollaries here). On the other hand I've continuously seen my government try to remove encryption and even attempt to hid it under the guise of universally hated things (child porn and terrorism). Essentially I see laws/regulations as more sticky than corporate decisions. Combine that with the above hope for distribution, I think there is less potential for abuse. The final factor we need to include is that a state can do more harm to a citizen than a corporate entity can.
For your specific cases about a bike being stolen or the common one about the feeling of safety walking down the street, especially at night, I think there are other correlating factors that we can't ignore. While we see examples of bikes being returned and bad guys quickly caught I'm not convinced these are statistically higher or primarily dependent on the surveillance itself. Perception obviously plays a role: perception of risk to commit crime as well as perception of likelihood of victimization. One of the most interesting statistics I see (I probably spend an unhealthy amount of time thinking about these numbers lol) is that Americans perceive crime as increasing year over year while there is a dramatic trend downwards[0,1,2,3]. Though I'll be honest in that [0] notes that less than half of crimes are reporter of solved, but the lowest rates are with sexual violence and we have been seeing a steady increase in reporting (likely related to MeToo and other such movements). But I also am having trouble finding estimates of under-reporting for other countries so this might be related to my original comment about America's failures being more in the open or possibly bad googling. I can at least state that from personal experience I have little fear in leaving my door unlocked and often friends comment at how crazy and careless I am but despite having lived in areas with perceived high crime rates (I look them up) I have yet to have had anything taken from my household. I will say that bike theft is common in my area, but the homeless rate is high and that's an easy to pawn item and probably a better indicator of a different problem (a confounding variable) than actual safety (which I'm mostly thinking is violent crime).
Sorry for the wall. I hope I didn't repeat too much that is argued to oblivion.
I’ve noticed now that I’ve replied to a few of your comments in the past and while we don’t always agree I hope you understand that I always come from a position of curiosity and humility.
I’ve lived in the US for a good amount of time, and have lived in Singapore and China for extended periods. My perception of both Singapore and China are that they are extremely safe. On top of that, the government of Singapore is functional and accessible in ways Americans are unfamiliar with (leading to further distrust of government). Singapore also has a reputation for being extremely non-corrupt. Both the US and China have a good deal of corruption but of different kinds. There was a great Freakonomics episode on this.
With respect to trusting government vs corporate power, we can only trust corporations to do one thing: maximize profit. Their interests only happen to align with ours to a first order approximation.
I thought I recognized your name! I hope I come across that way too but also ask for forgiveness when I fumble lol. I don't ever see disagreement as a bad thing (in fact, often welcome it), but like everyone I have some buttons (I more get upset when people tell me things I'm more well versed in and I don't think we've had any of those issues). I can say that I've enjoyed this conversation, thanks.
I definitely agree with the sentiment around what we can trust corporations to do. I feel that my main issue is that we can't trust governments to do anything. So that at least decreases entropy? The multi-agent part seems to help too, but this is also a simple model. Maybe my views would be different if I had similar lived experiences. I did enjoy that Freakanomics episode.
Mostly my belief is that things are complicated and people tend to oversimplify and that oversimplification leads to obscurification, which leads to substantial power imbalances. Which I a part I differ from many is that this can be done without directed action and that players that benefit don't need to actively collude (aka: no conspiracies required).
Quick, someone put up a web site where I can click on any legislator's name and read everything there is to know about them which can be commercially purchased. Maybe have a button to contribute to a fund to buy it so it can be published.
Believe it or not we’ve had the technology a long time to “look” or “track” everyone all the time. At this point it’s simply a political decison not to.
The leadership of the PRC with help from sensetime and other industrial leaders have a working and well tested comprehensive domestic individual tracking system in production. It’s been working well over a decade at this point.
Please point out easily found reports of the US governemnt kidnapping citizens and then torturing them and daring them to say something about it like happens on the regular in China and Russia and N. Korea. So yeah sorry, not the same. Do I think TLAs spy on US citizens without warrants or any good reason at all. Absolutely, but we aren't quite up to CCP/Russisan standards just yet.
I joke, ruefully, what would happen if we had another Stalin or Mao now. Vacuuming up dissidents would be easy - for many of them it’s probably been on their Facebook at least once. And if it’s not, check what people bought from certain businesses. Then use AI to analyze and weed out the rest.
> If you create data anywhere, assume some govt will eventually get a copy
I have a hunch that we've been giving these agencies too much credit this whole time
Every time there's an unmitigated act of terror makes me think: the intelligence community is either malicious (a crazy rabbit hole to go down) or incompetent
And also there's the problem of searching, like finding a needle in an ocean
no one is manually searching through petabytes of data. it's all ingested into ML systems which spit out inferences and predictions about individuals. repeat with enough people, combine datasets, now you're generating increasingly accurate predictions about society at large. less privacy = more data = better training = more accurate predictions.
I was once approached by a company located in a major city in Ohio. They were pitching me to come work for them but the role required getting clearance to do the work, because they were contracting for the federal government.
Without said clearance, all they could tell me was they scraped the open internet and built profiles on citizens, and then would surface this info in an easily searchable interface. I declined getting clearance and going deeper than that.
If some random ass company in Cleveland is doing contract work equivalent to the things Snowden exposed, it’s happening everywhere else, and nobody has a damn clue. This was after Snowden exposed Prism.
It's been going on for a long long time. Why people are only concerned about it now is probably the most surprising part for me personally. It's not like this has been a secret, there have been articles about it for years.
The stuff those profiles, etc include though, and what they try to determine about us citizens... That's for us to never know. Could be, vulnerable subjects for psychological experiments, predictions as to whether someone is a criminal, terrorist, etc, could be blackmail for purposes of gaining leverage, probably all fueled by some janky ass ML algorithms. Who knows, that's the joy of it I guess, we never will.
Information and knowledge are emergent, meaning they have to be repeated over and over again before spreading to a majority of the populace. Most of which are not particularly interested.
+1 for the article actually mentioning the 4th ammendment, even if it was only in a quote from Sen. Ron Wyden:
“I’ve been warning for years that if using a credit card to buy an Americans’ personal information voids their Fourth Amendment rights, then traditional checks and balances for government surveillance will crumble,” Ron Wyden, a US senator from Oregon, says.
I continue to try to highlight the degree to which the 2nd ammendmennt is quoted versus the 4th ammendment The 4th being much much more relvent to the current state of affairs.
The 2nd Amendment receives a lot of coverage, yes.
Broadly speaking, for a 2A advocate, every 2A conversation is also a conversation about 4A, 1A, 9A, etc. For example, the track record of the government on the Bill of Rights is seen as a rationale for staunchly protecting 2A. And the inverse: they feel the elimination of 2A will only clear the way for the complete disregard of the other Amendments.
Broadly speaking, those opposed to 2A think it highly unlikely that the state would ever side against the people in a "developed" nation in any meaningful way* (in contradiction with not just the history of states across time, but very contemporary examples in other countries).
But as Adam Michnik said, "the crucial distinction between systems...was no longer ideological. The main political difference was between those who did, and those who did not, believe that the citizen could - or should - be the property of the state." This observation from the 80's(?) in Eastern Europe becomes more relevant to the United States as the years go by, it seems. I'm writing this comment in a post about the US government building a massive data warehouse on its citizens, while coming out of the experience of the COVID years and in the context of the expose of the US government using the media corporations for public discourse censorship.
* Yes, I know there are grey areas in the middle and nuances to arguments, principally boiling down to moderation ("we just want common sense regulation"), gaslighting ("nobody wants to take your guns"), and futility ("you need an F-15 not an AR-15 to fight the government"), etc. Again, the comments above are intentionally broad to illustrate the contrast in political philosophy.
But yes, as a strong 2A advocate, I agree that the incursions on the other Amendments need more coverage. I would go so far as to say it's part and parcel to every 2A conversation.
Corporations use governments to get around laws and regulations. Governments uses corporations to get around the constitution. They each get what they want and the people get screwed.
They are purchasing information that is for sale. Worrying. What's more worrying is that we can assume this information is also available to every US adversary.
Tangentially, it's interesting that the US declassifies things and they become publicly available.
What you need to do is pick an entity that has the information you desire, and recursively enumerate the graph of all business deals which involve the sale of that information (their downstreams, effectively). After that, you do OSINT to map out all of the employees of every organization that has access to these databases. After you have mapped out these tens of thousands of individuals and their likely social graphs, all you have to do is pay one of them a relatively small sum to do a query on your behalf.
I blame them for buying. This goes against the rules they were founded on - to be focused EXTERNAL to the United States. It's technically within the letter of the law but not the spirit and we should pass a law preventing access (and preventing tracking but that's a whole other deal)
There's probably incentivization to collect in the first place, though. Either direct incentives ("if you collect this kind of data we will definitely buy it from you") or less direct ("there is an understanding that we'll let you get away with this collection").
One thought that occurred to me, regarding how to stop this kind of data being available:
First, a question: how does the government (or any buyer) determine that the data they are buying is genuine?
Second: Assuming that there's really no good way, then there's something you can do. Somebody could simply run lots of ChatGPT style models to generate a flood of nonsense but plausible-looking data about everyone on the planet. Flood the Internet with it. Compile it into lists and offer them for sale. Cheap!
Once there's so much nonsense data out there, then provenance becomes more valuable. It becomes less useful to just buy random data.
Doesn't solve the actual problem of privacy, but it might help in the short run.
I have never processed this data. You can find patterns for triangulation, and see where the cells are as this or this hour. Then you look at the calls and the texts (not using data, sms and phone calls) and determine their links. Mix this with credit card information and banking info and you have their names, shopping patterns, location and who that are in contact with through calls and texts (off the top of my head). With the data, you can see people's sites they visit from the ISPs, but with https and SSL not get everything, but you can get a very good idea from that.
There was a good NYTimes piece about it a few years ago. It’s easier than you’d think. If you know the target’s home address you can track the devices that come from there, and everywhere they go. On weekdays they’re probably going to work, which is also quasi-public info.
There was a time when it was incredibly obvious to virtually everyone in the country that if you start throwing the Bill of Rights away, this is the result.
I'm sure those 5 major companies called out in PRISM are all selling the data, and one of those companies runs advertisements claiming they keep things private and secure.
I'm no VIP, so its unlikely anyone would stumble across my name. However that typically can't be used as a defense for such a policy.
I suppose it can be used as a defense if you want to claim your device prioritizes privacy and security. Its not a valid defense, but profit doesn't really care about being logically sound.
I'm sure those 5 major companies called out in PRISM are all selling the data
Um, "selling"?
That's an, uh, interesting, characterization of what's likely going on.
I'm not sure companies have a lot of choice in what's going to happen to their data here in the US despite what they tell us. (In fact, I'd bet they don't have much of a choice what happens to their data in any country they do business in.) Maybe a few of the hardcore companies take it to court. But, OH! That's right! In the US we've got FISA courts for this kind of thing, so it's illegal for us to know anything about any of that either.
Oh well. Pity that I guess. Carry on citizens. Nothing to see here.
On a serious note, never put anything on the digital record that you would be unwilling to have entered as evidence against you in open court. Full stop. I don't care what assurances you get from companies about security, or privacy, or end to end encryption. You just shouldn't do it.
It helps to think of it this way, if it touches your phone or the internet in any way, it's part of the public record. No matter what app you were using. So be cognizant of that, it can come back to bite you 10 years later in ways you never would have imagined.
As an example, a company called Dataminr sells views of Twitter to a bunch of government entities. Those views include things like fires, flash mobs, explosions, riots, etc.
> It helps to think of it this way, if it touches your phone or the internet in any way, it's part of the public record. No matter what app you were using. So be cognizant of that, it can come back to bite you 10 years later in ways you never would have imagined.
Meh. If that's the case, why bother caring at all? Bring it on!
I'm curious what would happen if a privacy-focused nonprofit tried to purchase this bulk data and were refused. If it's only truly available to 3 letter agencies then they are acting more like contractors and the legal rationale might unravel.
This assumes that three letter agencies care about the law at all. They'll either come up with some other legal rationale that sidesteps the clear intent of the laws which would otherwise protect the rights of the American people or they'll just ignore it. I'd actually prefer it if at this point they just openly admitted that they were going to grossly violate our rights than this game where they smile and tell us how free we all are while they continue to come up with insane legal theories, imaginary guardrails against abuse, and toothless regulations which ultimately let them get away with doing whatever they want anyway. A little honestly would be very refreshing.
I agree with this. I'd rather them drop the pretense and say that we are spying on all of you, we don't abide by our own laws, and we have shown the inability to self-police, hold accountable, or be transparent about our methods and bad actors. However, that would go against the illusion of "democracy" that is sold to the people to make us feel that we still have agency.
It's a tangled mess. If the companies are voluntarily cooperating, it's not as simple as calling them contractors. Look at all the covid/Biden subject matter censorship that was going on for an example. These companies invited the agencies in for reasons; they became willing tools of government censorship. There's no crime in it unless the government is coercing them. If you've interacted with the agencies, you know that coercion can be very subtle and light-touch. It can also be unofficial bargaining to the look the offer to look the other way or the threat to look intensely in one direction or another. Point is, you're rarely going to see a demand letter on the record requiring compliance outside of the warrant system (including FISA). The agencies know they can't compel private companies or state governments to do their work legally, so they work within the gray areas.
Are the opt outs worth it? I don't see the benefit of giving them my real name, my info and telling them to delete it if they figured out it was me. Would it be easier to just change your name every once in a while legally?
Not sure what the play is here. By changing your name you are telling the government about your new name. So they will just search for all of your names.
Good luck looking though all the John Smiths. If the government can fuck up because they didn't check Firefox instead of internet explorer I'm hoping there's little human errors that will make it harder. I'm sure they have electronics checks but I'm sure there's human error too.
Probably in many countries there could be a sketchy but still potentially viable process of changing your DOB, for example by attesting to incorrect original documentation by various corruptible authorities and presenting such to other authorities (eg. claiming an off-by-one on month or day). This may be more effective in conjunction with name change as it pretty much removes the major de-duplicating factor in most government identification schemes.
I wish I could read more reporting like this. Incredibly relevant to the average American, devoid of any political nonsense, and pretty straight to the point. The loopholes being abused by surveillance branches is truly alarming.
The reporting is also wrong. (No surprise: the same reporter also hilariously misreported PRISM.) Luckily, it links to the report, so any motivated reader can get the real story.
What exactly is being sold here? Triangulation information, texts and calls? If so it's been there forever, this isn't new. It's been happening for over a decade. Who remembers lifelog from DARPA? Killedhttps://en.wikipedia.org/wiki/DARPA_LifeLog
Who's giving them information? You are (on Facebook, Instagram, Reddit, etc).
Don't forget the people including you in photos that go up on Facebook, Insta, etc.
You may not have accounts there but rest uneasy that unless your family and friends respect your privacy and right to informed consent, photos of you are getting processed for face recognition and location without you having to do much other than say "queso" for the photos.
I wonder if we can get our own information someday it would be fun to see how right and wrong they get this information. I've seen stuff like socialblade and aggregators guess, and they're always way off. With AI it's time to poison the well. :)
if your computing devices have cameras and microphones, disconnect them.
do not use credit cards or online payment systems. cash, grass, or ass.
... and they'll still know anything they care to about you; and failing that will make up anything they need, should anyone with access to the levers of power decide that you are a worthy target, for whatever reason.
Not talked about in the article, is that this report is actually trying to move progress forward to addressing the issues surrounding the new, abundant, and detailed information and how the current framework of 4A legislation isn't really appropriate in the new data market.
From the conclusion:
U) Third, as part of this set of policies and procedures, and/or as a complement to it, the IC (Intelligence Community) should develop more precise sensitivity and privacy-protecting guidance for CAI (Commercially Available Information). Again, we offer several suggestions for the development of such guidance.
So, in some light this should be considered progress, not the 800lb gorilla in the room.
Rules or guidance just serves to legitimize it. Hey, it's OK as long as we follow the rules... oops sorry we didn't follow the recommended practice there... quite different than getting caught breaking a law.
And if they are doing it to citizens, they are almost certainly doing it for non-citizens (most of the existing "protections" specifically state they don't apply to non-residents which always caused me to raise an eyebrow). :/
Now try to add the recent French law allowing remote access to vulnerable devices, Tesla employees who share videos recorded by someone else cars etc and think about a thing: the meaning is simple private companies have such possibility.
The cure is simple: software WITH ANYTHING AROUND (toolchains, docs, interfaces for the hw etc) must be open by law. So government in Democracies if Citizens allow that can potentially do something accepted by the majority BUT there are no black box on sale.
Secondly remember a thing: if someone can do something, anyone potentially can, anyone means also the enemy of the one doing something in the first place.
I have that right. But I'm not secure in these categories as a direct result of the government's patronage of private companies who make me insecure.
This applies to all US citizens - they are not secure either.
This has been the case, increasingly so, for my entire life and has driven my passion to join this industry to fix this insecurity which can technically be fixed, but the model is off where TPMs instead treat the device owner as the "untrusted" party.
It occurred to me there is an easy way to pressure the government to stop doing this:
Make it a huge PITA to keep this kind of data in the first place.
If everyone nationally submits a FOIA record to every agency which might be keeping data on them, it quickly will become un-economical to keep data on anyone but persons of interest.
I remember at like the third HOPE conference hearing a PI talk about all the data he can get about anyone from all kinds of sources, for pennies. That was 23 years ago. There's never been (to my knowledge) any law preventing the USG from using the same services.
And why should they be prevented? If a random stalker can pay for info about you, shouldn't your government be able to? Why cripple the state and enable the creeps?
Profiling has always been interesting to me from a commercial perspective, too. I used to have access to a database that would tell me if a certain sports fan was a gay republican, because the cookie-based mass-site-collection profile-generator needed to be able to tell advertisers what kinds of users they were selling ads to. I thought it was wild that you never needed to create an account for us to mostly-uniquely identify you. And that was 15 years ago.
Don't like it? A small handful of states have data privacy laws now. Tell your reps your state needs one too, and a federal one for good measure.
The difference is that they can't legally collect data _on americans_, so they need to outsource it to private companies. Non americans have no rights so they can just spy on them (through the cloud act for example).
Unpopular opinion: this is a theoretical problem and practically, no big deal.
What is US Gov actually going to do with the data? Worse case very small numbers of citizens might be quietly leaned on to stop whatever proscribed behaviours they're engaged in; of the very very few who might continue to persist, I guess they may be dealt with in some other way - terrible of course, but the absolute numbers of these citizens must be small...therefore a price worth paying if everyone else on aggregate has increased security?
Lets not forget that these spy agencies report to democratically elected politicians who are ultimately public servants we can vote out. This is not like one of those authoritarian states
I disagree with your first point (people are extrajudicially "leaned on") but agree with your last point. People act like these things are not accountable to anyone. In reality- we are able to read about them because of transparency, they are accountable to Congress whom we directly elect, and they are checked via the courts.
We are reading about this now because of publicly released self reporting, that's oversight!
How would you prevent every school shooting without literally going through everyone's private communications? They're not criminal conspiracies or even planned, they're some guy using a gun to shoot people at a school.
This is America, tons of people are buying ungodly amounts of guns and ammo right now. Only like 0.1% of them will ever shoot up a school (95% of them will just use it on deer and shooting ranges, and 5% will either kill themselves or have it stolen by criminals who will use it for carjackings), and courts will strike down the FBI going after people for buying ammo
> without literally going through everyone's private communications?
Most shooters had mental issues that went ignored or were swept under the rug by the adults that were supposed to help.
> Only like 0.1% of them will ever shoot up a school
This is still at least two orders of magnitude larger than the real number. It's what the people who wants to take legally-owned firearms away want to the public to think.
A much better way to prevent most school shootings (which preserves far more civil rights imo) would be to harden schools as targets. If we’re going to live in a society where anyone can buy a machine gun it’s insanity that it hasn’t been done already.
Add thicker doors. Remove entrances. Add metal detectors. Guard those doors. It’s not foolproof but if shooters start getting stopped at the entrance maybe kids can stop being slaughtered.
The first thing has been tried. Unfortunately lobbying has made sane gun regulation effectively impossible. So if we want kids to stop dying in schools we need a better way.
>It is almost as if that is an acceptable price to pay, to some.
It is an acceptable price for some people. You just have to look at the sheer number of shootings. We have more mass shootings than calendar days in a year in the US. This is normal. This is how things should be.
>For what,exactly?
The right to keep whatever guns they want in whatever quantity. They value that more than actual humans. But given which crowd is noisier about their gun enthusiasm and fascist tendencies of dehumanizing everyone who isn't WASP, that shouldn't come as a surprise.
I'm sure they would have dozens of (law-violating) suggestions on how to improve their access to firearm acquisition patterns and online activity to enable them to prevent more school shootings.
Bombings, public shootings, etc., too. In some cases, they even furnished the assailants with their weapons and encouraged them to refine their plans and follow through on them.
I think the main issue here is that they cannot actually do this themselves because it would violate their remit as agencies focused outside the United States for good reason, but somehow buying the same data makes it "OK" from a compliance / constitutionality perspective.
It doesn't make it OK from a compliance / constitutionality perspective to access non-publicly available data on Americans without due process by buying it. That's a misreading of the report. Previously discussed: https://news.ycombinator.com/item?id=36302666
> it's starting to become hard to really qualify what I really get for being american
I’m preparing to renounce my American citizenship (lived most of my life elsewhere, no remaining ties to the USA), and I am amused by the frequent exhortation on internet fora against renunciation "If you have a US passport, you can rely on the US government to get you out of trouble". People really seem to think that Seal Team Six is on standby to save any ordinary American facing violence or natural disaster abroad. Me, I remember the aftermath of the 2004 Indian Ocean tsunami when many European countries swiftly evacuated their citizens or citizens of fellow EU states, while US citizens were mainly left to fend for themselves.
Well, you have to ignore all the ideological stuff (read: propaganda) and think about actual advantages. FYI, if you’re considering other citizenships I think it’s safe to assume you’re not struggling financially. (If you think you can just move to Canada think again, it’s not that easy.)
In practical terms, it’s a good passport. You will be able to travel to many countries visa free. Not the best passport (Japan’s is, but much harder to get) but still pretty good.
You also have work authorization in a highly developed economy. Probably the highest pay for Software Engineers.
The US is also a good place to start a company. Large market, mostly homogeneous, pretty developed.
The US isn’t great when it comes to economic equality but also not the worst. However its anti poverty programs aren’t great and companies can be predatory with little by way of consumer protection.
Buying a house is still achievable in the US but getting harder.
Schools are pretty good if you live in a nice neighborhood. If you’re poor, good luck.
You will be surveilled. Pretty much every country with the means to do so will surveil its citizens, so that’s not a differentiator for me. The question is how much, and how that information can be used in the future.
I think a lot of times people go through things they're not happy about in their own lives (the glaring one in your comment could be the stress of a long distance relationship) and they project outwards, trying to make it about something external like the place where they live. From there, we invent boogeymen such as "criminals" getting away scot free, or unruly immigrants. Focus on removing stress from your own life and away from the boogeymen and scapegoats.
Yeah, it's also getting less appealing because the whole "game" of fancy cars, expensive houses and showing how much you have just isn't that interesting to me.
I like investing basically all of my money and traveling whenever I want to. I'm not married yet so this has been working out pretty well - especially since I left NYC.
> Bay Area - people are nice, streets are clean and police do their job
I don't know about NYC, but the Bay Area doesn't fulfill those anymore. The number of people on the street. Trash. Crime. It's getting wild out there. I live in a very safe community and a 70 year old woman was beat up for a few dollars last week a few blocks from my house (and 1 block from the police department!).
Yeah, I left after one friend in NYC was attacked on the subway and another beaten in broad daylight in Wallstreet after leaving his office.
Sad that even in my prior neighborhood (los altos) there are carjackings and armed home invasions now... Impossible to imagine in 2015 while I was there :(
I've been to a number of countries that by GDP are "poor" compared to the US. They have perfect roads, very little crime and far fewer cultural problems that plague america.
Italy, Switzerland and the Netherlands all seem to be getting along just fine.
Switzerland is one of the richest countries in the world. And I wouldn't call Italy or NL "poor."
Switzerland's GDP per capita is around 25% higher than the United States. I would further guess that Switzerland probably has much less inequality than the United States. The Swiss are uniformly rich compared to the extremes of America.
I don't think Switzerland is "problematic" because they prioritize laws and policies that benefit the Swiss for ex. Same for iran etc. I don't see what the skin color or cultural diversity of the country really has to do with anything.
Italy has a range of physical features that would surprise a lot of Americans and most Americans would not bucket every fully-native-for-generations Italian as white based on appearance. (In addition to the other side, lots of people that most Americans would think look too northern European to be Italian.)
I think you are projecting American racism onto other places. (Not that these other places don't have their own racism.)
> Canada drives me nuts with how much of an edge it lacks, how slow and sort of boring it is
Yep! It’s alright. We definitely aren’t the greatest country in the world, but it’s nice enough to be enjoyable, and boring enough to not put random personal or societal disasters in your way with any sort of regularity.
I have no clue why GP's comment was flagged. Brigading going on?
Few years ago we acquired something in Montreal related to AI, and it's interesting because when we tried to get the team to relocate to California many weren't interested. A lot of the key personnel ended-up moving, but they still kept a significant presence in the city. Even today, when hiring they'll have engineers indicate early in the process they won't ever move (despite pretty much everyone considered for that office being eligible for an O-1 due to the nature of the work being done there).
What's interesting is we opened a satellite location in Toronto and it was a completely different experience. First thing people asked coming into interviews was about relocating to the US and if we could sponsor their visa. The demographics also skewed heavily toward recent immigrants to Canada.
The irony was, the Toronto location was opened specifically to house developers that simply couldn't pass the higher bar for US immigration.
Having lived and worked in Montréal and Toronto before, I can totally understand that sentiment. People are priced out of Toronto making 110k$/year if they wanted to live in an urban city. So people just aren’t attached to it. They probably lived further near or into the GTA where it’s less urban, or were paying a 1900$/month rent for a small bachelor apartment and were constantly comparing their experience with the bill.
Montréal on the other hand, people will fight for. You can live here for (relative to Toronto) cheap, get the whole urban dream, and live around some very nice people that are equally proud of their city.
The USA is good for making money and being safe from foreign invasion.
Otherwise a lot has been going downhill and there is too much patriotic pride to admit or change it. But it's multiple issues, hyper-capitalism, lobbyists, no form of conflict of interest rules for politicians or anyone working for them, multiple news channels supporting "2 views", but all on the same page of ignoring the class warfare.
I've talked to lots of people from other countries as I meet a lot of people and talk to many and most see us as going downhill or having poor worker rights and no social safety net (healthcare).
Someone from China told me their parents think Americans work too much. Another person from Eastern Europe things we are in the toilet, etc. Other people from South America saying how they would pick Canada over the US any day. I just laugh when I hear it, because I feel we are too blind to see it.
School shooting solutions are all about guns instead of the real issue, mental health.
Politicians that want people limited on what they can earn with SS (keeping elderly people poor), when they get very good retirement benefits. Politicians dodging taxes or making sure the IRS is ill staffed, when its proven more IRS helps get the bungled dollars from Big Companies and Pockets that are cheating the system.
It's interesting you went into quite a lot of detail about the various "foreign" terror cells, but skipped domestic terrorism, which has been far more impactful in the last what, decade+?
This is just authoritarian BS. You could have a federal agent posted in every single neighborhood in the country who does nothing but spy on all the neighbors and still not be sure you've identified every "terror cell" or whatever other boogeyman you want to use to justify the surveillance state.
"Let me say that what the US government is doing wouldn't even be controversial in 99% of the world, including probably 90% of democracies" Really? I'd say perhaps you need to back your estimates with some sort of hard data but these numbers are really plucked out of thin air...
Your whole post reeks of whataboutism and classic fallacies. To address:
1) US agencies can track 'dormant terror cells' from adversaries without hovering up everyone's data.
2) And let's not forget about Chinese drones. If your assumption that they were indeed launched from onshore agents, US agencies can triangulate data and get a few POIs under surveillance - not every single person, everywhere, all the time.
Might we ask how well this High-Surveillance/High-Paranoia/Low-Rights approach to state security worked out for the German Democratic Republic?
In the version of things that I've heard, the GDR state collapsed ~instantly after the de facto occupying power (USSR) lost interest - because the "ultimate surveillance state" strategy had left the GDR with ~zero good will and ~zero legitimacy in the minds of its own citizens. But doubtless that is just more malicious anti-American propaganda, created and spread by America's countless enemies.
You hit all the propaganda talking points in one comment. Usually such comments stick to one talking point. "China, china, china" or "russia, russia, russia" or ...
> Let me say that what the US government is doing wouldn't even be controversial in 99% of the world, including probably 90% of democracies.
That's a problem for most of the world. Not the US.
> People in other countries are much more clear eyed and pragmatic about these things.
Most of the people around the world don't have any problems with iran, russia, china and mexico. Maybe we should look into why we have conflicts with people all over the world.
You're not wrong about the propaganda talking points.
>Most of the people around the world don't have any problems with iran, russia, china and mexico. Maybe we should look into why we have conflicts with people all over the world.
In fact, most liberal democracies are at odds with Russia, Iran, China, and nearly everyone is concerned about Mexican Drug Cartels.
We can simultaneously acknowledge that we have an adversarial relationship as a country with Iran, Russia, and China and that it's not an excuse to extract data from the people.
Then the courts are wrong, as they often are when it comes to constitutionality. Domestic dragnet surveillance is a very obvious violation of the 4th amendment.
In what sense are they “wrong”? You don’t agree with them. But theirs is the final word on the matter until a new court or new law comes around. The interpretation of the Bill of Rights has varied greatly over the last 250 years even though the words have stayed the same. The law isn’t based on our ideas of what it is, the law is based on what is enforced.
Multiple revelations including Snowdens reveal that the data is not uncorrelated/anonymous, if it were I'd imagine it'd be of little use for intelligence purposes. Maybe I am too dismissive/cynical but I don't put much stock in what the courts decide or why on issues like this, they're all under somebody's thumb from what I can tell. They're the same folks that brought us such hits as "corporations are people and money is speech", call me crazy but I don't think they're making their decisions based on high-minded constitutional principles
> In fact, most liberal democracies are at odds with Russia, Iran, China
What's a liberal democracy? Oh you mean our vassals are at odds with the countries we are at odds with? I find that odd.
What is the "liberal democracies" problem with russia, iran, china and the mexican cartels. Take ireland for example. What's their beef with russia, iran, china and the mexican cartels?
Oh they have no beef. It's just that they have to follow orders. We say jump and they say how high. Maybe one day, these liberal democracies will be liberated and regain their sovereignty. Hey maybe russia, iran, china and the mexican cartels can help liberate them.
An influential and prominent bureaucrat once said america has no friends or enemies, just interests. Think about it.
Isn't it more insulting to call countries you firebombed and nuked "friends and allies". Imagine if china firebombed germany and currently occupies it. Would we not laugh if china called germany their friend and ally? Imagine if russia nuked japan and occupied it. Would we call them besties for life?
Edit: You still haven't answered what ireland's problem with iran is? What's ireland's problem with russia and china. And what issues do they have with the mexicans.
why isn't the west or the islamic world doing anything about this? isn't the forever war in the middle east over by now? why can't we redeploy some of those military assets to invade china next? certainly we can get support from saudi and israel and pakistan and the UK to support us, right?
If anything that has been the example the US has set for the rest of the world by "spreading democracy" through regime change and war. The correct way to spread democracy is to be a shining example of a free society by being prosperous without killing people that have done you no harm.
So then the liberal democracies were against the US when we invaded iraq? Are they against the occupation of germany, japan, korea, italy, etc? Or is it not conquest when we do it?
> China has concentration camps
"Concentration camps". Yes and liberal democracies have torture chambers all over the world. Strange. Did they disband these "concentration camps"? Have the ugyhers been genocided already? Why the complete radio silence on the "genocide" of the century? Because it turned out to be a lie and propaganda? Wasn't it 3 million died in the camps. Then it was 300K. Then 300. Then 3. Then 0. Now do you want to discuss palestine? Or do muslims in palestine not matter?
> Iran brutally oppresses women
No they don't. Just because they have their own cultural values doesn't mean they oppress women. No more than saudi arabia does. You support diversity right?
> The US and its allies are free democracies where people vote.
So is russia, iran, venezuela, etc...
> Spare us this sophomore in college "both sides are the same" nonsense
No. One side is clearly worse - the "liberal democracies".
Who invaded more muslim countries and destroyed more muslim lives? Liberal democracies or china, russia, iran, mexican cartels?
Which country is more oppressive to women? Saudi arabia ( liberal democracies favorite muslim country ) or iran?
Which country has waged more wars of conquest? Liberal democracies or russia, china, iran, mexican cartels?
By your own criteria, the liberal democracies are the worst.
> That's a problem for most of the world. Not the US.
The popular notion of civil rights in America and the historical reality are at odds. Americans have always been spied on, it was just less publicized in the past.
Russia is an existential threat to our democracy. Surveillance is necessary so no election can interfered by the Russians. Millions of lives have been lost because of an illegal president. We don't want that to happen again.
That's the Sinclair Broadcast Group forcing the news orgs they own to read from the same script. They also had "must run" news segments that include conservative commentary. That doesn't mean Russia isn't a threat to democracy world wide, it just means we have a problem with mega corps owning too much media. I don't think that gives the US an excuse to spy on our own citizens however.
Way to be ultimately dismissive and basically call PC a shill and with a smugness that is unnecessary. Different people have different interests and you can’t just ad hominem them as propaganda.
He expressed the most absolutely brainwashed take on why surveillance is necessary. It's difficult to take him seriously when his talking points couldn't have been written better by any three-letter agency PR department.
Do you have a good reason to be defending obviously bad talking points? In the free marketplace of ideas, this one has evidently been assigned a value less than zero.
Do I need a reason other than curiosity? Asking for a rebuttal that isn't a personal attack is hardly defending. It should be the base level of discussion according to site guidelines.
It's a 32-day-old account named after the bad guy from a Star Wars movie. I'd be suspicious of them before even reading the comment, which was fairly bonkers. As for substantive rebuttal of their statements, others have already done it elsewhere in the thread.
If I was in a room with someone who said "I think the world would be better off if everyone in this room except me were dead", I think you'd understand my nervousness around and dislike of the person.
You said there should be 6.9 billion less people on the planet and when asked if you'd be one of the 0.1 billion remaining people you said yes and basically acknowledged you'd already said too much. If that's what you left up, I shudder at whatever this [1] might have been
> If I was in a room with someone who said "I think the world would be better off if everyone in this room except me were dead", I think you'd understand my nervousness around and dislike of the person.
No, what you said was, you think the world would be better off if 6.9B people were dead and you were one of the remaining 100M. And what I'm saying is, those two statements are not very different.
It being for sale means anyone can be doing it which might be a framing that would be more alarming to the law-and-order types.
But really you need a two prong solution:
1) restrict this from being collected and compiled in the first place, eliminate the ability to default to this tracking unless someone opts out
2) restrict the government's ability to use or acquire through non-market-based means. The claim here is that there's already restrictions on this vs directly surveiling, but I haven't seen directly which specific restrictions those are for buying off-the-shelf info and the article doesn't specify.
There are very really no companies that I trust to keep my data safe for 10, 20, 50 years. Leadership changes, ownership changes, etc. We have to cut it off at the source.