Major problem with a heavily underfunded understaffed company, they simply don't have the resources to put up any kind of legal resistance to this type of judicial pressure.
>they simply don't have the resources to put up any kind of legal resistance to this type of judicial pressure
a very simple solution to this, don't keep the data once you've provided a service to the customer. Or anonymize it and scrub any association.
It's never a question of "we don't have the resources to protect your data". The conclusion should be, if you don't have the ability to protect your customers you don't get to harvest their information.
This is the only way things will change. Companies need to be our in the position where holding personal data is a major liability. And not gpdr type that relies on admins or politicians. It needs to be something that excites the trial lawyers approaching the level of mesothelioma.
Idk how we get there, whether it be through the courts, Congress, or some other way. I think getting rid of third party doctrine will do more towards this goal than most people realize, but it has to be in a way that treats any data acquired by government as if it were collected by the government, to 4th amendment levels of scrutiny.
But if things are going to change, major liability on government and private sector will have to be the result, unless we want eventual relapse.
Things like this are why tools like Ring doorbells or Alexa make me scared. Sure, nobody is normally paying attention to that data. But it's all just a subpoena/warrant away from being searched. If it's physically possible to look through a dataset, then there are legal pathways for the government to use that data.
Especially since Amazon seems eager to give police et al easy access. Up until now, the fact that most of this data even existed wasn't known to many government entities, let alone who to subpoena to get data.
Ring seems hell bent not only on promoting universal awareness of such data, but monopolizing the means of access.
I wonder how a bigger corp, like 23andme, would handle this.
Interestingly, their transparency report[1] claims they've received 7 requests from law enforcement, and denied all of them.. shows they're willing to put up somewhat of a fight at least.
>GEDmatch hit the spotlight in 2018, when DNA data from its site led to the eventual arrest of a man suspected to be the "Golden State Killer," responsible for dozens of rapes and murders in California between 1976 and 1986.
This Golden State Killer case was the biggest public relations boon to police wanting access to these DNA. In general the public wants rapists and killers to be caught. I think the public thinks that if these people don't care enough about their privacy to send DNA samples to a private company (that is not a health care company), then they should not object if police use that information to catch killers and rapists.
Yes it was a relative's DNA. So you have to not only submit your DNA, you have to talk your all your kin out of submitting theirs. That includes sisters or brothers separated by adoption in early life.
At this point, particularly as a matter of principle, I think it’s better to pull your DNA profile out of the system, and request that it be destroyed.
He's already been busted lying about providing access when it was against policy. After being in the bad position of not having a policy for police requests, he set a policy then almost immediately broke it.
I think policy was only for a murder, and he personally approved access for a non-lethal stabbing, or something similar.
People, like my siblings and mother, see this as a game. They see no problem with giving a private company access to their most uniquely identifying information. They'd likely hand over their fingerprints and retina scans for a free photo of themselves doing it. My mother shreds every piece of mail but jumped on 23andme without hesitation.
The world has become dumber and less concerned with personal information than some weird shared social experience. I'm not worried about the feds getting my data (ish) as much as I am about Bad Actors in the future. (I still very much want the government out of my business and personal life though.)
Easy to say, now that other kind folks have done the heavy lifting to find the problem and publish stories raising it and we've been lucky enough to stumble upon those stories. But, that of course is the problem. Awareness.
But, should it be a problem? Shouldn't we have a basic right to privacy?
We get sold on the need for police to catch "Murderers". But then its "attempted murder". Later it's "attempted violent crimes" 1). Will anyone be surprised when it starts being used by debt collectors to harass you or your relatives?
How long after that before someone figures out how to use it to efficiently ID people with early dementia and to they can target and swindle them?
Edit, Also incredibly relevant: https://news.ycombinator.com/item?id=21461957