I agree with you, but we also collectively bought devices with active mics, cameras and a constant internet connection while legal aspects of data privacy were (and still are) a bit of a Wild West, so I'm not sure what anyone expected. We as consumers and citizens need to stop assuming our governments and corporations will just do the right thing and not tread those ethically grey lines. When "consent" is defined by those doing the exploiting, only total abstinence from the decision is the safe option, but we all continued to buy smart phones.
Note, this is not a justification, but an attempt to understand how we got to now in hopes that by seeing where we've been, we can collectively make better decisions about where we are headed.
> legal aspects of data privacy were (and still are) a bit of a Wild West, so I’m not sure what anyone expected. […] we all continued to buy smart phones.
Widespread breach of privacy is not a valid excuse for companies to continue violating privacy and even collecting potentially illegal surveillance, right? Phone taps and home searches without a warrant have been illegal for decades, and the fourth amendment to the constitution prohibits government search without probable cause in general. So what I expect is that the existing and established laws and goals carry forward in obvious and reasonable and unsurprising ways from the consumer’s point of view, without vested interests trying to pretend like digital devices’ ability to communicate are somehow radically different from any other type of communication. The only thing that’s changed is that recording and sharing and searching got much, much faster and easier. People who stand to benefit from that are arguing that because it got easier, it should be allowed, but from the privacy perspective it’s the opposite: because it got easier it means we need to actually enforce privacy, and put a stop to the contorted arguments that try to justify data collection without explicit consent.
American law doesn’t generally prevent them from surveillance, so long as a shrinkwrap license provides consent and any token one-time fines are classifiable as necessary opex if they survive a decade of court appeals.
This is slowly changing, but with 50 member states and aging union leadership, there is no GDPR equivalent yet for citizens of the US.
(And, CCPA protections are only offered to citizens of California, which demonstrates the corporate incentives to keep it fractured and at the state level nicely.)
The most effective way to get this changed would be to identify the cars used by every US senator, and then write them letters pointing out that their cars have granted a sometimes-foreign corporation permission to record every conversation they have, keep a file on who they meet, and document their sexual activities. This is standard espionage tactics, and as awareness of it should be spread in Washington DC in particular.
You’re right, of course, but we shouldn’t really need a GDPR when we should already have an established reasonable expectation of privacy inside a car. Google search takes me to lawyers who agree, for what that’s worth… https://dworkenlaw.com/when-can-the-police-search-my-vehicle....
A person can give up their right to privacy to any officer of the law, and to a corporation just as easily.
US corporations now demand you give up all rights that the law permits you to give up, and they do so by shrinkwrap licenses that are “take it or leave it”, while denying the ability to deactivate a reasonable and small subset of functionality if the buyer disagrees.
This is typically where regulation steps in, and does so quite successfully in the EU but not the US, to say that consumers may not contractually give up their right to privacy without express, plainly-sought consent — so, not just shrinkwrap licenses — and that refusal or revocation of that consent shall not deny someone access to functionality that can be reasonably delivered without it. The US has its work cut out for it to catch up here.
Not directly related to the car situation, but the last time I bought a TV my first question was whether non-smart TVs exist. They do, but they're not worth the effort and my best option was to not connect the TV to the network.
It sounds like it's no longer even an option to buy a car that doesn't come with a bunch of uplinks to the car company, maybe to the insurance company airplane-black-box-style, etc.
Some IoT devices now are programmed to reach out to public or known (ISP) wifi networks and connect automatically without your knowledge or consent. This is what it looks like when your government is by and for corporations.
> We as consumers and citizens need to stop assuming our governments and corporations will just do the right thing and not tread those ethically grey lines.
We—as in most people on this forum—can do much more than that. We can actually refuse to work for these companies, and to build such features. We can implore our colleagues to do the same, and inform our family and friends of these features, and suggest alternatives.
Yet many of us don't think twice about working for an adtech company, because of the prestige, compensation, or some other personal benefit.
Note, this is not a justification, but an attempt to understand how we got to now in hopes that by seeing where we've been, we can collectively make better decisions about where we are headed.