Hacker News new | past | comments | ask | show | jobs | submit login
Judge orders Google to turn over a full year of actor’s data (chicagotribune.com)
353 points by nkurz 14 days ago | hide | past | web | favorite | 409 comments

The deeper problem is that old laws are being used to deal with new behaviors. This inadequacy will continue to grow as human beings and computers slowly merge over the next century or two, where at some point, “your Google data” will be more-and-more equivalent to “all of your thoughts.”

Those who say that this is justified because warrants were obtained seem to miss the point that state’s ability and desire to gather information has grown exponentially over time. And that’s why we need data protection laws, alternatives to Google, and other privacy measures.

The philosophical concept of embodied cognition is a good place to start on this issue:


I'd say that very much depends on why you believe the warrant process exists in the first place. I honestly don't know that much about the historical context of search warrants. Do they exist because philosophers of old believed in a right to privacy as an end unto itself? Or do they exist for some more practical reason, like because they were used for extra legal retaliation against enemies of the state, or for intimidation, or to go on fishing expeditions.

Or, why does the protection from self-incrimination exist? Is it because we are concerned that the government might have access to your thoughts? Or is it because the government would torture people to get confessions, and the people wanted to remove the incentive to do so?

Depending on your belief about this, you might feel differently about what should be done about this Google situation. If you believe the latter view in the second paragraph, for example, you might have no problem with the breadth of the search. In fact, you might not even have a problem with involuntary brain scans, provided they were proven accurate. As long as the rule of law is strong and the materials were used only for a defined and limited purpose, you might think it would be better if the government could compel the true personal perspective of the accused.

So this really enters into questions about each individual's perspective on the purpose and value of privacy. I think it might not be accurate to say that people who say it is justified are missing the point. They might just think the point is different from what you think it is.

I think you are spot on with your reasons for why these things actually do exist, but I think there is definitely an argument to be made for why they should actually protect privacy instead of merely inhibiting the government.

My version of the argument goes something like this: It's often said that drivers (in the US anyway) are constantly violating minor traffic laws, and that if the police want to pull someone over, all they have to do is follow them for long enough and they will find a legitimate reason to do so.

I believe that this extends far beyond the sphere of traffic. I think we all accidentally break minor laws way more often than we think we do. We all way overestimate how "good" we are.

If it was possible to automatically punish everyone for every violation of the law, we would quickly realize that many laws aren't actually that important, that they can be broken a little bit, constantly, by basically everyone, and society still functions just fine, and that privacy is more important than perfect enforcement of law.

Of course this might lead to a new equilibrium where we perfectly enforce a smaller set of laws.

All this is to say that I think people think they value law enforcement more than privacy, but if they had the full force of the law brought down on them for every minor violation, they would quickly change their mind. In that way, privacy (in the form of the government not having perfect information) is actually quite valuable.

All of what you said is perfectly valid. That being said, I think it's probable that if we perfectly enforced traffic laws, two things would happen:

1. People would start to build in tolerances instead. The speed limit is 35? Ok, I'll drive between 25 and 30. People would not just say, "Welp, I guess I'm gonna get $200 tickets constantly!" There would be a (very) short adjustment period, and then people would just treat limits as the actual limits.

2. The limits would be changed to actually reflect the unsafe limit.

I don't think either of these are bad outcomes. In fact, I think the world where we perfectly enforce the law and also adjust the law to reflect the actual needs of the citizens is far better than the one we live in today. It is a much better world than the one in which certain real crimes go unpunished due to privacy, all other things being equal.

You have just changed my understanding of the world. Thank you.

How? That people think differently about reality and have different motivations and values is not really a new revelation i think? Nor should it surprise anyone that a lot of people believe they are doing the right thing. What changed for you? It seems to be much more interesting then the initial conversation.

What didnt i get?

edit: While it might sound stupid its an honest question. Changing how you think about the world is quite a jump from discussing the origins of warrants. Its a jump i dont understand and I think there is interesting insight to be gained here.

warrants' purpose is not to protect privacy, their purpose is to make it difficult for governments to target citizens they don't like.

Or, more generally, warrants are not a positive attribute of an individual, instead they are a negative inhibitor of governments.

I dont get how the purpose of a warrant is relevant to the discussion about the effects of actions. We are faced with the issue, that technological development has created new opportunities for mass surveillance. Some people might think mass surveillance is a good idea, others dont. Both have their reasons, both are convinced they are right. It has been like this for ever, the only thing new is that new opportunities present themself. Everyone thinks they are right, but some think this means they can tell others what to do. You have pushes of authoritarianism and antiauthoritarianism in every society, depending on your moral believes you will either be in favor or against it. So far goes human history.

>In fact, you might not even have a problem with involuntary brain scans, provided they were proven accurate. As long as the rule of law is strong and the materials were used only for a defined and limited purpose, you might think it would be better if the government could compel the true personal perspective of the accused.

Hits it right on the nail how the argument goes, but i dont see how its related to the question of the true original meaning of a warrant. Its a moral question if you think it should be allowed or not. And since we are stuck together, at least some of us, this means its a political question. Do more of us think its good or bad, and can the other side prevent or do it either way? Can we compel the government to stop this? But framing this as a question of constitutional law instead of a moral question misses the point from my perspective. The point isnt if warrants should cover digital age surveillance. Why would anyone care about this who isnt a fundamentalist proponent of the status quo? Its not the dictatorship of the eternal legal code. Which of course would also just another motivation for your morals and thus your actions.

This just sounds like a religious discussion to me. Similar to, what does the bible say about flying planes? Allowed on Sunday? I first thought people in the discussion were just being pedantic, but i dont get how this changes someones view on the world.

To me its just same old same old, this stark difference has to be interesting to figure out.

It always appeared to me that the spirit of the law is obvious, at least in the broad strokes. The thought experiment with involuntary brain scans, whose admissibility is not obvious when extrapolating from the spirit of current law, was eye opening for me.

NB: I think that's why Norwegian laws come with the rules in effect and associated writeups of why the rules were made this way.

It's far beyond the issue of the inherent purpose of warrants in the first place, because the material reality of the nature of information has changed dramatically.

Practical justifications have to come face to face with reality, and 'searching one's home for drugs' is a lot different than 'reading all of one's thoughts for the last year'.

We are where we are with warrants, so now we have to address the disproportionate issue that can arise with the online world.

The courts and law enforcement aren't the issue here. Google is.

Why do they even have this data-- deleted material, browsing histories, the content of voice calls? Why did they store it in the first place?

Google can't keep all of its own internal secrets private. The fact that information on you can be extracted via a targeted court order shouldn't be your greatest concern: The fact that they possess it means that it can likely be exploited or extracted in many different ways including via dragnet surveillance and espionage.

Just because law enforcement asks for it doesn't mean Google has it. They might just ask for it because many companies actually do keep that data, but Google provides in its privacy policy some fairly strong guarantees on data deletion. The documentation at https://policies.google.com/technologies/retention?hl=en is a good read to get an idea of what is kept and for how long.

Disclaimer: I work at Google, some of my work relates to privacy infrastructure, but I don't speak for the company.

This is the correct answer. Often times warrants ask for the moon and stars. You can only hand over what you actually have.

That is a waste of or an invalid warrant then, as the correct response to a warrant for something you don't have isn't everything you do have, but the null set.

That's still problematic though, because with clever orchestration of multiple warrants, you essentially figure out the "shape" of hidden information anyway, until you can get the request just right.

The idea though is that a judge should get tired of signing warrants for the same person by that point though, as it should not be an automatic process, and should only be being done on a case by case basis as evidence or procedure requires.

In theory at least.

A warrant for all the data you have about a person activity in 2019 is perfectly covered by giving only December data if that is all you have. A warrant obviously needs to be a bit larger in scope than needed, at the very least by requiring data that is relevant to the data you are interested in.

Because you can sell targeted ad space for a lot more money.

Also they allow people to opt out of tracking, which is probably how they kept the govt off their backs thus far. But of course few people are aware and savvy enough to opt out of systems which allow it, which is why many want to change organ donation to an opt-out system rather than opt-in for example.

To the extent that Google has any of that data, they have it because the user wanted them to retain it. You probably never read your old email drafts, but people would be upset if Google deleted it without them saying to do so.

Everything Google knows about you is available for you to retrieve, delete, and often even change. You totally can selectively edit your location history. It's not a forensic log because that's not the utility users get from it. The fact that courts want to use it as a forensic log is their own damn problem.

Because their business model relies on your personal data?

The question is not why Google has your data, it's why you chose to continue using Google despite the awareness of such a scenario happening. As someone else commented, this article should be circulated far and wide, and people need to be educated on privacy friendly alternatives like ProtonMail.

Lastly, the courts and law enforcement are a problem if they knowingly overreach their limits. Protections against unlawful search and seizure and right to privacy are guaranteed by the Constitution

The 4th Amendment SPECIFICALLY stops unreasonable searches stating the exception is with a warrant asking for specific things. They had such a warrant in this case.

Just because you hate Google doesn't mean that the warrant is invalid or the search is unreasonable here.

Jussie may have committed a crime. They have the right to investigate.

It also specifies that the warrant must be specific in describing the list of things to be turned over, and specifically prohibits overly broad warrants without cause.

Never mind that that Amendment technically has nada to do with this, because technically speaking, 4th Amendment for the person in question stopped applying due to Third Party Doctrine.

This is purely a procedural issue between Google and the government.

Read that and take it in for a minute. You're only as secure in information about yourself as you can say that you alone are the chief facilitator of your day-to-day activity, and that where you aren't, those who are hold government to the proper standard of access.

Furthermore, I"m fairly sure that Google has far more detailed information hoovered up with regards to everyday people than they wish to go on the public record as having. If this were a fishing expedition, and they handed over replication tracks for 2 months for instance. That would become verified public knowledge that they collect that information, and store it in queryable form.

Google is acting very shrewdly to disclose as little about their true data collection capabilities as possible. Likely because of the backlash that would occur if people were aware of just what they were sitting on.

There was a Jeffrey Deaver book that somewhat touched on the dangers of sitting on reams of correlable data, even if measures were in place to ensure none could be written down or physically exfiltrated from the building. The Broken Window I believe it was.

Either way, it should disturb everyone that the government has essentially got a one-stop-shop for just about all the detail about what you're thinking about, all enabled thanks to the requisite tracking for ad targeting.

Heck, If I had more spare time, I'd start building my own search indexer. The balance between personal privacy and government access to reams of metadata about your every day life can't be reconciled with Third Party Doctrine. Period.

Unfortunately ending their data collection is not as simple as leaving Gmail. For example they have Google maps, analytics, recaptcha and the contents of emails sent from friends to your protonmail account.

> Protections against unlawful search and seizure and right to privacy are guaranteed by the Constitution

US courts have pretty consistently ruled that you don't have much expectation of privacy for material you handed over to someone else. To the extent that its usually available with just an administrative subpoena.

Skipping all forms of due process is probably a step too far-- but a direct court order? After all, if Google can commercially exploit your data including handing it over to partners-- why should a court order result in less access?

They could at least encrypt it, storing the key in the user’s devices.

That damages the user-friendliness of their offering, because users with that configuration are always one misplaced key away from losing everything with no way for Google to recover it for them (and yes, users will absolutely blame the company for this failure mode, and companies that do not offer this failure mode tend to succeed in the marketplace).

since the option is not available, we ll never know if users prefer it

Systems providing such services exist; they aren't as popular.

https://tresorit.com/, for example, may be a useful litmus test to monitor for this use case. They've had to implement soft deletion because "The option to recover files has been among the top feature requests we’ve heard from our users and customers" (https://tresorit.com/blog/file-restore-launch/).

google should offer this option everywhere

See my original statement; they're offering an easy-to-use system, and handing out foot-guns to users is the opposite of that goal. "Should" implies a forcing function that doesn't exist.

There are foot-gun manufacturers if people want an alternative.

I read in a Chinese programmer forum that they just mark it as deleted when you delete photos,it seems to be a common practice, not sure about google.

It is common practice.

It's not how it works at Google.

However, Google creates cold backups of "hot data" that last for much longer than deleted data. Depending on the breadth of a warrant, data that was "hot deleted" and removed from servers could still be available on cold backups of the system made before the data was deleted. Unless we have evidence that deletion of hot data implies Google has a method to swiftly and reliably knock out that data in all its cold backups (including offsites).

This is, hypothetically, possible if they encrypt all data on-disk with a per-data-item key and the key itself is never backed up; if deletion deletes the hot key, the cold backups are now just noise and it doesn't matter if Google deletes them.

Probably or provably?

From linked article[0]:

>— Cook County prosecutors drop all charges against Smollett, calling it an “appropriate resolution to this case.”

>“After reviewing all of the facts and circumstances of the case, including Mr. Smollett’s volunteer service in the community and agreement to forfeit his bond to the City of Chicago, we believe this outcome is a just disposition and appropriate resolution to this case,” the statement said.

WTF? Since when bribe constitutes a ground for dropping charges?

0. https://www.chicagotribune.com/news/breaking/ct-met-cb-jussi...

> WTF? Since when bribe constitutes a ground for dropping charges?

You mean fines? I mean, fines have been around forever, and everyone from the President down to the little guy has paid fines to have charges dropped. This is not a modern thing, nor is it rare.

It's more surprising that you are surprised by this.

I mean bail not returned.

Money has always been the only reliable way to stay out of jail. Usually you have to give it to lawyers, so it looks like they're just cutting out the middleman.

German law also seems to allow for it under some circumstances. Bernie Ecclestone for example: https://www.bbc.co.uk/news/world-europe-28656050

That was only 10k wasn't it. The story above says the city is suing him for 130k.

Forfeiting a bond usually means you have to pay the full amount. $100k in his case.

You aren't concerned the government can get all your data after you've pleaded guilty to something? Because I'm concerned people can't identify what a bribe is.

Is this different in any practical sense to an old fashioned request for physical paper documents?

The only difference I can think of is traditionally documents are destroyed after they are no longer needed. Now they can see “deleted” documents and document change history.

i.e. emails stored locally on a personal or company server can be permanently destroyed. Traditional email systems won’t have a change history of the email writing process)

(I imagine all sorts of games could be played by lawyers with access to this additional types of information.)

> Is this different in any practical sense to an old fashioned request for physical paper documents?

Just that the measure of recorded data is perhaps several orders of magnitude larger that it was merely ~20-30 years ago.

I think back to my life in the 90s, and what information was recorded about me as I went about my day-to-day life, and it was minuscule compared to today. You could track who I called, but not what I said. You could track some of my purchases, but I used electronic forms of payment much less then.

Now, I text or message much more than I voice call, so that is all recorded. Every now and then if I want to get really freaked out I go to myactivity.google.com (I've got an Android phone and am otherwise "all in" on Google services) and, say, playback my location history, search history, or everything I've said to Google assistant.

I think we are really just coming to terms with the fact that "ephemera" no longer really exists, and the deep impact this will have on society.

Of course, all that stuff could still have been recorded with a warrant 20-30 years ago. Though it's true it would have required foresight & more effort.

Google's actually really good at truly destroying deleted things within something like 35 days.

If it's sitting on a backup tape in a vault somewhere, they delete all copies of the corresponding one-time personal decryption key instead.

So is Microsoft, at least, on Linked-In. I tested it last year and deleted my profile. Had a friend check and everything was gone...Everything including public posts.

LinkedIn has a remorse period of something like 21 days. And I had plan to test recovery process also. Then got busy with a contract and was too late to recover. It's awesome!

I think any global IT company must deal with GDPR kind of like most automakers in U.S. follow California emission standards. It's easier to create a policy for all than create "one off" policies for a geopolitical region.

Quality of the record keeping is vastly higher. Imagine a subpoena for every paper mail you sent in a year. You can't get that from the US Postal service.

USPS has been storing images of all envelopes delivered for many years now.

Prior to that, it was possible to have that information manually logged. If you corresponded with people in a Warsaw Pact country in the 1960s, that mail was recorded and sometimes opened.

Knowing a letter was delivered by USPS doesn't yield the contents. The state would have to subpoena each individual recipient - and they may have destroyed or lost the letter.

It would only be equivalent if every letter was opened and recorded so that all the contents would later be available because this subpoena covers not just emails but also drafted and deleted messages; any files in their Google Drive cloud storage services; any Google Voice texts. This isn't metadata the government is coming for, it is the full content.

Sometimes the contents almost don't matter. For example, if you saw multiple letters from an oncology department to a household, followed by letters from government departments and a funeral home, it wouldn't be hard to figure out what was going on.

It's the exact same problem with phone metadata. The connections can be made to tell the story, and are even easier to manipulate into whatever narrative the prosecution wants to sell.

In my example, you probably thought "person has cancer, household receives letters from the government post-death, bill from the funeral home", which is exactly how it could be sold. But it could just as easily be "person beating cancer, household receives government forms related to healthcare subsidies, funeral home letter was a condolence letter sent one year after the death of their parent." This is why metadata is so dangerous, it's far too easy to spin.

Just the same, I would feel a lot less violated if the government had header information for every email I received in the past year, than if they had the full email.

>USPS has been storing images of all envelopes delivered for many years now.

If this was of any doubt at all - they’ve made this accessible over email. If you enable “informed delivery” you get an email of the scan before it hits your mail box.

> USPS has been storing images of all envelopes delivered for many years now.

You mean those emails I get that the USPS claims it doesn't have an image for?

Oh don't worry they always have images of the blanket spam everyone gets. But actual mail with bills or letters? It's more usual to get "A piece of mail that we do not have an image for is included in today's mail."

Usually those are things that run late for the batch system they use to send the emails. Usually when I get those it’s in the portal.

No. The only difference is that you typically don’t put papers in the custody of a third party.

My dad at one point was an inspector general at a government agency. They would use records and “physical metadata” like building logs and receipts for the purposes of their work. The difference today is that your allowing many third parties to gather that data.

That’s the key thing. If you store data in the custody of a third party, it isn’t yours.

Well, people do typically put papers in the custody of a third party. Always have.

Pretty much every paper that is involved in discovery is classified by the "custodian". Also of course, all the digital information, but traditionally it's paper.

If you use and/or have a dispute with a lawyer, a doctor, a contractor, an accountant, whatever, they're going to have papers pertaining to you.

I’m talking about an individual, not a business scenario. Your papers in your custody in your home are only accessible via warrant, as opposed to your online stuff that requires as little as an administrative subpoena.

Your doctor and attorney are unique in that professional relationship is legally privileged.

I'm just saying the fact that everything in the legal business is classified by "custodian", without any more context, kind of indicates that the default is not to assume ownership in the manner you're suggesting. Like, when something is legally disputed, there's a good chance people are hiding things, giving them to others, intermingling evidence with other things, etc. The system couldn't work if it assumed that everybody followed the rules. No, I'm not a lawyer, but come on.

I (and we should all) act as if this could happen to anyone. Essentially that the state can deputize any company to snitch on the digital ephemera that constitutes our daily lives, but especially those that we are deeply engaged: Google, Facebook, Lyft, Amazon.

As such, we should not self-censor, but instead disengage from these proxy-cops and move to more distributed spaces.

State has a duty to prosecute law breakers. This is a load bearing wall of civil society. Everywhere.

Making sweeping general statements is good for riling up the mobs but I would implore HN readers to be more pragmatic about these things.

Look at the context. This person sought to ignite racial tensions for personal gain. He was given a sweetheart deal. The State is going after him and those protected him. They (the State prosecutors) have every right to collect and gather evidence to build the case.

I would agree with you if our legal systems were built for that, but our legal systems are built to deal with a society that has privacy. People unknowingly commit crimes, or implicate themselves in crimes, all the time, because there are too many ways to do that. No reasonable person can be expected to avoid committing crimes when the government itself can't even keep track of the number of criminal laws there are.[0] You're supposed to follow rules that the government itself can't even keep count of. This works reasonably well as long as the government doesn't have evidence about everything you've done, but the moment that they can track a large chunk of your life is when this system stops working.

With data from Google they can prosecute you for all the things you've done wrong or seem to have done wrong. It just takes an ambitious prosecutor to do it. This pretty much destroys the point of the fifth amendment. The "Don't Talk to the Police" lecture [1] is still relevant today, but if the state has this much evidence of what you do, then I'm not sure that will protect people. It is a nightmare scenario if this sets a precedent on law enforcement being able to vacuum up all of your data about your life.

I agree that Smollett seemingly getting a slap on the wrist was outrageous, but I think that this is Pandora's Box that they're playing with.

[0] https://blogs.loc.gov/law/2013/03/frequent-reference-questio...

[1] https://www.youtube.com/watch?v=d-7o9xYp7eE

I wrote this comment elsewhere below but it still applies

The State has always been able to look up phone records, bank records, land records, criminal records, medical records etc etc as in order to pursue justice and prosecute.

How is this any different?

It's way different because big tech cos acquire and retain far more data about individuals than anyone ever expected to be available.

10-ish years ago, it wasn't possible to retroactively subpoena a year of minute-by-minute location history, because unless you had an ankle monitor, that data didn't exist. You couldn't get a letter-by-letter log of every term typed into a search engine or a log of the amount of time spent looking at pages of reference material. You couldn't get a record of every keystroke ever typed into a mail client or word processor. You couldn't get every photograph ever taken by the individual, because cameras didn't automatically send a copy to the mothership. This is way above and beyond standard paper seizure or record demands.

"Write angry letters, but don't send them" used to be good advice, but now that the government can just casually dash off a search warrant to produce every keystroke and every location ping within a year of a suspected crime, we all have good reason to be scared. Why'd you search "marijuana" that day last October? You expect me to believe you were just researching a ballot measure? Pfft.

This makes Big Brother a tangible reality. It certainly feels big to me.

Well you can also view things a different way. It will be a lot harder for real criminals to get away with anything in the future.

Now it becomes scary only if the authorities decide to go amok and make criminals of us all, but assuming it goes this way without anyone pushing back is not too realistic.

Many of the things we consider just and right today were illegal at one point in time but change was eventually made because of people who would have been considered criminals.

Like faking a racially-motivated crime?

We're already all criminals, with many people inadvertently committing multiple felonies (yes, felonies) every day: https://kottke.org/13/06/you-commit-three-felonies-a-day

This becomes terrifying when you realize the implications for quashing dissent. An inconvenient activist is an easy target for the legal system.

I had the misfortune of looking through your link, finding it to be a waste of time. The "committing three felonies a day" is the title of a book, the Amazon reviews claim it to be extreme hyperbole and just a series of case studies where the process of the law was admittedly abused.

The other anecdote in that link is the story of Joseph P. Nacchio, a CEO who was convicted for cashing out over $50 million in stock when the price was around $40, only for the price to drop all the way to $2 a year later. The NSA involvement was a failed bid by his defense to make it seem like his trading was legitimate.

> a series of case studies where the process of the law was admittedly abused

This is exactly the point. The way the law is written gives prosecutors too much leeway to convict, and if you become a problem in the eyes of the powerful, they can "throw the book at you".

> The other anecdote in that link is the story of Joseph P. Nacchio, a CEO who was convicted for cashing out over $50 million in stock when the price was around $40, only for the price to drop all the way to $2 a year later. The NSA involvement was a failed bid by his defense to make it seem like his trading was legitimate.

You left out how the government canceled their contracts with Qwest after Nacchio refused to give them access to phone records, which impacted the company's health. There were certainly other problems at Qwest, of course, but given the lax prosecution of many others involved in such scandals, it certainly feels like this is an example of this process in action.

Only a police state can totally stop crime entirely. As the state is more aggressive in prosecuting crimes, it limits human rights more and more.

Just like security and usability are tradeoffs, so is this.

> Only a police state can totally stop crime entirely.

Only if that involves a complete overhaul of the police itself. Currently we have body cams that just fail at convenient times, policemen stalking their ex girlfriends and whistle blowers that get the short end of the stick. Giving the police more and more power is more likely to reach a turning point where it inherently starts to attract the corrupt and power hungry, increasing the abuse well above what we already see.

The police already attracts the corrupt and power hungry. This is just how security services work and why their power needs to be checked and there has to be oversight.

If the system ran amok they would just do whatever they want regardless.

First they came for the socialists, and I did not speak out— Because I was not a socialist.

Then they came for the trade unionists, and I did not speak out— Because I was not a trade unionist.

Then they came for the Jews, and I did not speak out— Because I was not a Jew.

Then they came for me—and there was no one left to speak for me.

The State has not always been able to do that. The idea that a search can be executed merely for the purpose of collecting evidence is a relatively recent development. Records, papers, etc. used to be protected under the Fourth Amendment.


In broad strokes: Originally, the Fourth Amendment only allowed for the seizure of stolen and counterfeit goods, the "fruits of a crime." This was slowly expanded to include the "instrumentalities" of a crime, i.e. the things used in the commission of a crime. The difference between the instrumentalities and mere evidence was always shaky, and eventually crumbled.


40, or even 20 years ago, the State might have been able to note a record of phone calls, postal correspondence (look up "postal covers"), some financial purchases, periodicals subscriptions, and with a great deal of effort, some of my travels and movements, mostly limited to specific port entries and exits, and air travel.

But unavailable would have been: dictionary queries, encyclopedia queries, books read, specific magazine articles read, the contents of virtually all conversations, detailed movement and location history, social associations, detailed purchase history, and more.

Today, mobile devices report location to a precision of inches at a frequency of minutes. Any random query of momentary interest can create a permanent record. As a HN submission earlier today notes, simply casually perusing a document -- clicking a link -- can result in having your home raided and all electronic devices confiscated and held for a year: https://news.ycombinator.com/item?id=21992491

The scope and scale of intrusiveness is absolutely unprecedented.

Yes, the State has some rights and powers. It also has a tremendous responsibility, which it increasingly seems to fail to excercise appropriately.

And I say this regardless of specific country or jurisdiction -- the story linked above comes from Germany, and instances readily come to mind from the UK, US, Japan, China, Russia, India, Saudi Arabia, and elsewhere.

The corruption of absolute power is not bounded by culture, constitution, or ideology.

Sorry to go off on one irrelevant point but I feel it is highly important to say this at every opportunity: states don't have rights. It is an absurdity and a mockery of human rights to claim such a concept and legitimize fiefdoms over real people. So called rights in their case would be entitlement to powers for power's sake.

Anyway to get to your main body I agree and note what makes the scale bad ultimately is abuse potential for it. For a fantastic example being able to look up details of everyone but only 500 years or more ago wouldn't be abusable for instance because everyone is long dead and it wouldn't be viable to try to change ownership based on it because it already diverged for several generations. Even if you could backtrace they couldn't be reconciled very effectively.

At a pragmatic level, rights exist for any entity capable of, whether by individual or collective action, claiming and defending them.

The notion of innate human rights is a collective claim on rights. It is not the only mechanism for claims to rights.

States' levels of effective control, and hence, access to rights, vary greatly, from near-absolute to wholly impotent.

This approach is based on rights as a pragmatic reality, not a moral ideal.

If you add all those records together you get a fraction of the information you get from someone's Google history. We're talking records like search history, live GPS data and emails. That is a completely different level of scrutiny.

So the difference is seeing something through a window with curtains vs. having a camera installed in the room. In principle, not so different. In practice there really is no comparison. It is basically a warrant to ruffle through someone's life.

It is basically a warrant to ruffle through someone's life

Which, for what it's worth, is a warrant that is perfectly within the powers of a judge to grant.

"You went 61 in a 60. Here's a ticket. Also, because you broke the law once and I'm in a pedantic mood, I'm issuing a warrant to go through all of your GPS history for the past two years. Oh look, 1 year ago you went 36 in a 35. Another ticket for you. 2 years ago you jaywalked. Another ticket."

At what point do we want the legal system to no longer have the power to scrutinize an individual's history?

I don't believe that a warrant to "ruffle through someone's life" without limits is within the powers of a judge. A warrant to procure relevant evidence to a case being investigated, legally, certainly.

Issuing an order for someone's entire Google history for a year is bordering "an unreasonable search and seizure", by my understanding. Do they have legitimate reason to believe that there is an email containing evidence? Or a document in Google drive? Location data for an entire year - how is this relevant to the case?

It’s not the same thing. He is suing the city of Chicago for “malicious prosecution”. As part of that lawsuit, the city must attempt to show that the prosecution was not malicious.

That’s different than stating that you would like to browse through someone’s history for the purpose of finding crimes where they may not exist.

What? They're collecting evidence post facto to argue whether the previous prosecution was malicious or not?

He's being sued by the city for the costs of the hate crime investigation.

He's counter-suing for malicious prosecution.

Can't wait for an AI that does that after a subpoena. Given these terabytes of personal data, find all infractions. Palantir working on it? </sarcasm>

Also imagine just how much more power law firms on the plaintiff side would have if they want to find something wrong with the defendant's profile. Which, if there is power misuse, like in current society, is bad.

Extrapolating completely outside of the scope of the current case being discussed is not very helpful.

It needs to be phrased more specifically, or it will violate the prohibition on general warrants.

>>is a warrant that is perfectly within the powers of a judge to grant.

Not under the 4th amendment of the US Consitution they don't, they have the power to grant a warrant for a Specific thing to be searched pursuant to probable cause a specific crime has been committed

General Search warrants are and should remain unconstitutional

"If you add all those records together you get a fraction of the information you get from someone's Google history."

With 'Google Home' etc. it changes everything. Door locks, home cameras, audio recordings etc. etc..

Can the argument you had with your wife, totally irrelevant to the case, wherein you got angry and called her a big 'B' be used against you in court as demonstration of your character?

The time is now to be concerned about 'police state'. I think we can mostly have our cake and eat it too. Proportionality matters on all sides.

I met with someone from a privacy focused search engine and a line from his deck stuck with me: “you tell your search engine things you wouldn’t tell your friends or spouse”

It’s different because tech companies have inserted themselves as intermediaries into aspects of our lives that used to be essentially private. Activities such as: reading, dating, talking to friends, exercising, driving, reading a map, cooking, checking the weather, listening to music, watching movies, viewing pornography, getting medical advice, breaking and forming habits, menstruating, learning, sleeping, and many others are now frequently monitored and analyzed “in order to provide and improve the service”. All of this is subject to subpoena.

Edit: A few more: reading a newspaper, turning on a light, making a grocery list, setting the thermostat, going for a walk in the park.

In my view, the state has to ask a court to approve the purpose of each request, based on a reasonable hypothesis about what might be found.

How this seems different is the lack of any limitation on the kind of content that can be turned over. And in my view, that was a mistake on the judge's part for approving such a sweeping request.

For instance if I were accused of committing a crime against X, then I suppose that Google could be asked to turn over e-mails that I wrote about X, but not e-mails about my bicycle. This is how the system prevents the state from going on a hunting and fishing expedition.

How do you propose that works? Someone at Google searches for the information? An algorithm or an actual Google employee? If it is a human being then what about your privacy then?

What if the Jussie and his manager were using codewords to disguise intent? A search algorithm would not be able to recognise that but a human being can easily infer meaning and intent from the context. What then?

There are no easy answers.

Warrants shouldn't be intended to discover evidence, they should be intended to secure evidence that is expected to exist in a particular location.

This distinction wasn't a major concern when the former was impractical.

Because of digital records and search agents, suddenly either is practical.

The intent of privacy law has always been to raise the cost of targeted prosecution. E.g. "We want to charge this person with a crime, let's find a crime."

The state absolutely has a duty to prosecute and hold individuals accountable. And in extraordinary circumstances, may even need to target prosecution.

What is unacceptable in a free society is that the state should have the ability to target anyone for prosecution with no effective bounds in the number of simultaneous times it does so (aka everyone).

The difference between Orwell and a safe democracy is scale.

I'm missing something.

In this case, the state is expecting evidence to exist in the form of incriminating email communication between Smollett and his manager, and possibly additional people. From the public evidence so far, it sure seems like a reasonable expectation! I'm a pretty hardcore civil libertarian, and I'm having a hard time faulting the judge here.

What else do you expect?

I would expect a warrant for just the e-mail exchanges between Smollet and his manager (and perhaps other digital communication methods), not for his entire life.

I hear you, but that doesn't seem like how anything works in our legal system. When warrants are issued for cellphone records, text messages, financial records, etc, they don't have so narrow a scope.

The state has probable cause to believe there is evidence of criminal behavior in your <insert anything here>. Therefore the warrant gives them access to it in order to look for that (previously specified) criminal behavior. In this case everyone expects to find a smoking gun in his email - either talking to his manager or talking to someone else. That seems like probable cause to me.

> In this case, the state is expecting evidence to exist in the form of incriminating email communication between Smollett and his manager, and possibly additional people.

Then why is the warrant not for _that_? Instead, we have a broad-reaching data pull that will be filled with a ton of information is irrelevant.

If you don't have enough evidence to specify the particular thing you are searching for, too bad. That limitation is written into the Constitution.

It is, though that limitation is essentially ignored by the NSA.

Google records include every place you've ever been (if you use an Android device), every wifi hotspot you've ever connected to, every website visited, every app executed, every message (text or email) you've sent. It's like having a voice recorder permanently on your shoulder and then having to turn that over to law enforcement.

It's very bad. Text and email should be private, unless it is in the context of the action being pursued. This is just too much data to just turn over willy nilly. Very slippery slope.

>The State has always been able to look up phone records, bank records, land records, criminal records, medical records etc etc as in order to pursue justice and prosecute.

>How is this any different?

The cost of doing those lookups. Both in money and time. Looking up an entire life's history would have taken months if not more, and would involve a lot of legwork, from picking up the phone and making calls, to traveling around neighborhoods or farther. That cost limited the charging/prosecution only to people suspected of, or implicated in crimes. Today you can do that on a whim because you don't like a person or because they are your political/business opponents.

Our internet communications are way more intimate than physical or telephone or bank record searches of the past (which was the scope of the law when these things were legislated). These search and seizure laws have been grandfathered in unreasonably imho. A person's google searches are literally his thoughtstream, they are private expression that doesn't incite anything, and there is no reason why anyone would judge people by their thoughs. Police used to need torture to get this kind of data, it shouldn't be handed to them on a platter. imho it's very different

I don't believe it is different. Rather our trust in government has degraded in the last 100 years.

Also don't forget the search warrant. I think this is what most closely matches the digital variant.

He allegedly did something quite bad, and if guilty I’d like him to face justice. But if the cost of convicting him is setting a precedent that effectively strips hundreds of millions of people of their privacy and subjects us all to an unofficial form of state surveillance, then let him walk.

This seems just as with any other search warrant - it's a specific search sanctioned by the court; just as a physical warrant for your house will involve LEO's that can search your underwear drawers for to verify if there's something relevant for the case, the same applies for your online records.

There's no new precedent involved, noone ever had any privacy whatsoever from a properly court-approved search. What's the most privacy-invasive thing I can think of? If a judge believes there's probable cause in searching your anus and other internal cavities and authorizes such a search, then such a search is compatible with all the precedent regarding fourth amendment in USA.

> This seems just as with any other search warrant - it's a specific search sanctioned by the court; just as a physical warrant for your house will involve LEO's that can search your underwear drawers for to verify if there's something relevant for the case, the same applies for your online records.

No, not really. A physical warrant might be issued for your home, your work and maybe one other place you frequent.

However, because this is very much not a specific search, but rather the whole year of data, it's more akin to issuing search warrants against every business you've walked passed in a year, whether or not you actually entered the premises, and that's just to begin with.

And if you tried to issue warrants in that matter, they wouldn't approved, because you do have certain reasonable expectations of privacy with regards to a court-approved search. Specifically, that a court will not explore things that are not pertinent to the case.

The precedent lies in law enforcement getting their hands on minute by minute details of your life from a year ago and probably much more. There might not be protections against this, but there should be. Judges shouldn't have too much power.

woah, woah, hold on. don't let him walk?! just use the old way for finding evidence. data gathered by companies like google is mostly permanent, too easy to retrieve, and in one place. that's the real problem. nobody likes doing hard work.

US police are fat and lazy. The days of a skilled gumshoe hitting the streets for information is a romanticized memory. The only time they get their blood pumping is when they get to use some new toys, kicking in a door guns blazing, shooting the family dog, killing innocents at the wrong address.

The State has always been able to look up phone records, bank records, land records, criminal records, medical records etc etc as in order to pursue justice and prosecute.

This is a necessary "evil". We give up some freedoms so that we have a civilisation and an orderly society.

And this isn't setting up any precedent that is egregious. This is on the front page of Chicago Tribune newspaper and on the front page of HN. This is not some shady in the shadows invasion of privacy.

Those things do happen and I think we should preserve our outrage for those moments. Otherwise it just becomes background noise to be constantly and without context offended.

Those records are mandated by The State and are very limited in scope. Nobody is idly wondering about the legality of X or Y in them, as one might in a google search, or making a culturally insensitive remark, as one might in a private message to a friend.

Be wary of the motte-and-bailey fallacy - the issue is not that The State can look at certain records in certain prosecutions, its that the records currently being requested are too broad and too potentially intimate to trust The State with.

>Those things do happen and I think we should preserve our outrage for those moments

That creates an almost arbitrary, "this fits my worldview so I'll support rights this time" thought process. Like, "Well, this guy's a Nazi so we should trample his rights. But this woman's an abortion activist, so we should be sure to protect hers."

How do you propose we prevent ideological blindness in the protection of rights? Should we take the government's word that, "this time, it's really worth trampling rights"? Or would you create an unbiased oversight board that tells us when protecting rights is appropriate? Or should each person look at a case and decide for themselves whether or not they should take a stand against rights infringement?

There's a big difference between dragnet surveillance & executing a warrant. This was the latter.

This is not some shady in the shadows invasion of privacy.

I would argue that there are no rights being "trampled" here at all.

How is this different from a warrant that lets prosecutors read your snail mail?

I mean this passed the proper checks and balances of the law, and the only reason this is on HN is that's about electronic instead of paper mail, and it involves a big Corp.

The post office doesn't have a copy of all the snail mail I sent and received over the past years. Gmail definitely does.

but if you have a snail mail hard copy in your home, that's discoverable.

You gave up your privacy when you gave all that data to google, not when the state requested it from google.

Ok, lets look in context. In 1920 records were kept about beeing a jew. It was perfectly ok, no harm done, some record no one cared about. In 1942 those records became mortal, sponsored by state. Should we talk about anti-gay laws? One day it is fine, second day you can get prisoned.

No one should keep such records as society is changing and not always to best. This is one of the reasons, privacy is one of fundamental human rights. And is blatantly violated for the profit.

> In 1920 records were kept about beeing a jew. It was perfectly ok, no harm done, some record no one cared about. In 1942 those records became mortal

As a legacy of this, the US government doesn't count Jews in the census. (And, to preserve nondiscrimination values, doesn't count other religious denominations either.)

Interestingly, the census does enthusiastically collect race data on everyone. This is logically incoherent; racial groups (such as the Jews, actually) are at least as much a natural target of extermination efforts as religious groups.

It’s hard to understand how things that are harmless today can be prosecuted tomorrow. Imagine a drugstore keeping a list of its customers who have diabetes... or AIDS.

Having AIDS was stigmatized right from the beginning, because it was obvious right from the beginning that if you had AIDS, you were gay.

(It was also stigmatized because it was a lethal disease that spread by unclear means, but that seems less relevant to the topic at hand.)

Maybe, do you have a source you could share please ? I often read this argument around but have not verified it. I've also heard some records produced under Napoleon were used.

But this was a real crazy time. Hypothetical scenario (in the sense that I have not verified it, but I do think it's a very likely scenario to have happened): There were medical records of people with physical conditions before 1933 (so they could be treated) that were used under the Nazi regime to persecute them. Does that mean it that hospitals and doctors maintaining a list of medical records to treat their patients efficiently was a bad idea ?

I don't have the answer to this, I just wanted to point out that this is a delicate issue that society needs to figure out fairly quickly if they want to have an influence its outcome.

I wonder what godwin would have thought about all this :)

Just for the last part, for everything else you can use duckduckgo (or qwant).

Anyway it is not such a hypotetical scenario, nazis were really killing the disabled persons based on their medical record (yes, qwant or duckduckgo for it).

Yes, it is a bad idea that doctors keep those data. If insurance companies get those information (and my dentist said he was already aproached by some company to sell dental records, I wouldnt be surprised if this is a common practice in states) you will have issues. Same with employees etc., even if nothing wrong with your health but there is x% chance that you get terminal disease.

Those records should be handed over to the patient, tamper proofed (no, not blockchain, just RSA will do fine) or stored, but encrypted with patient key. Actually when writting this I remembered that we (as in my country) are having a medical smart card that needs to be given to the doctor to access our medical records. Maybe we already have such a system.

Anyway it is a bit sick comparing google with doctors. The need and trust is on completely different scale not to mention that trust between doctor and patient is handled by laws and hippocratic oath since 257 AD.

Doesn’t seem like the issue is with the state, it’s that we’re entrusting third parties with enough information to paint an incredibly intimate portrait of our personalities and proclivities. This in turn is available to the state at essentially zero cost, which may then be leveraged heavily to ensure compliance.

You're right. The issue indeed is that these companies can just vacuum up all of this data and keep it around. The problem, however, is that this is possible now. This means that if people (or companies) somehow figure out a way to either keep this information from the state or keep this information from being collected, then the state themselves could start collecting (some of) this information. We've seen it before that intelligence agencies don't seem to care about spying on their own citizens through technicalities and then abusing that information.

> They (the State prosecutors)

With a warrant they convinced a court to issue. This is totally different from e.g. dragnet surveillance.

Exactly this. I've seen cases where a prosecutor has gotten a John Doe warrant to send to cell companies that effectively asked for the IDs of all phones that were present the closest cell tower at the times of multiple robberies (eg "give me all phones that were present at ABC tower on Monday at 1pm, DEF tower on Tuesday at 4pm, AND GHI tower on Thursday at 10am). Which obviously only the robber is likely to show up on. To me, they're effectively searching my data even though I don't meet all the criteria because I was only near one tower one day. This is way different than what the court did to Smollet. They already had tons of dirt on him - and thus probable clause to dig deeper.

I'd be weary of them using this data to try to go after him for some obscure crime completely unrelated to the false report (e.g. pics of him walking his dog in a state park that forbids pets).

They did this very thing to associates of Trump in the course of the Mueller investigation. Unrelated tax issues, failing to register as a foreign agent and other charges were brought against certain individuals for things they did years before they joined the Trump campaign. Whatever your thoughts are on this, there is already established precedent for it.

Which all seem like notable things to encounter when doing an investigation like that and to not drop when encountered? 'Let's look if money was sent from x to y. Get bank and tax statements. Well (it didn't come from x but) it sure as hell wasn't taxed'

It's not like this was brought up as part of a single court case if not related which would make it a relevant precedent here.

What a sweeping authoritarian view on human rights. I'm sorry but this really raises my hackles. The state absolute does not have every right to collect and gather evidence to build a case with such a sweeping dragnet. There is a reason that search warrants have to be specific and evidence of even obvious other crimes is not admissible.

There is nothing pragmatic about being totally ignorant of Fourth Amendment protections that have been eeked out, injustice after injustice, over two centuries.

You're completely missing the point. Whatever Smollett did or didn't do is immaterial. What is material is that Google, Facebook, etc are now single points of privacy failure that make abuse by law enforcement much easier than it used to be. This case may or may not be an example of said abuse, but the potential is clearly there. The solution is to retake control of our digital lives from these companies.

In a democracy the job of the police must be difficult.

> They (the State prosecutors) have every right to collect and gather evidence to build the case.

They should have the right to do it. Actually doing it should be as difficult as humanly possible. It should not be as easy as sending a letter to Google and getting a suspect's entire life records in return.

Why not? How is this different from a warrant to search a home? Would you argue in that case that personal paper letters should be kept in a safe that's very difficult to open for law enforcement even if they have the warrant to do it?

> Why not?

Because if it's too easy they will be tempted to do it as a matter of routine.

> How is this different from a warrant to search a home?

They have to actually go to the home in question in order to execute the warrant. They can't automatically search all homes.

Even if tempted, they still would need to get warrants.

They can't automatically search all accounts - they need to demonstrate the probable cause to a judge first.

> State has a duty to prosecute law breakers. This is a load bearing wall of civil society. Everywhere.

That doesn't mean there should be enormous databases of everything people do for the state to access at will.

What does that have to do with the case being discussed? A judge issued search warrants for information that Google has. Your hyperbole about the government being able to access anyone's information whenever they want isn't helpful to a conversation about privacy.

At anytime a judge could order your information and put a secret gag order. A valid concern. The government seizes domains they deem possible copyright infringement. One judge order could open the floodgates.

> At anytime a judge could order your information

For a judge to issue a warrant, a prosecutor or cop has to swear that they have probable cause to believe that you've committed a specific crime. Judges can't just write warrants arbitrarily. (Of course, this process can be abused, but it's still pretty far from a judge being able to authorize pulling the data of random people.)

The Fourth Amendment says: "... no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

Why makes probable cause against you in some direct or indirect way?

  You worked here and had access to x
  you fit a profile or someone you know
  you are an enemy of the state
No one needs to break an oath.

There's lots of stuff that nobody should be able to access. Especially things that never should have been stored in the first place.

It's bad that one signature from a judge can unlock all of that.

they didn't access at will but with a warrant, there's a foundamental difference in that, which is the warrant process's guarantee oversight against abuse

beside, it's not a case of the state tracking persons unwittingly, it's persons willingly giving up their data to private companies.

This is all fine in theory. But why this guy? With limited prosecutorial resources, why are they doubling down on this guy? That is what I am always suspicious of.

This case is not specifically about Smollett. It's a about the perceived view that that prosecutor in the case was somehow compromised by abruptly dropping the charges. When she was asked why, she gave conflicting answers.

Personalizing it is trivializing on an absurd scale. Getting the idea in prosecutors' heads that they can just grab a year of data on any accused party is the danger here, and it should scare the pants off all of us. Over the course of a year, you've surely typed something into Google that could be misconstrued.

But why this guy?

How about "because he couldn't let sleeping dogs lie"? The guy got a lucky break when someone dropped the prosecution. He had the opportunity to shut up and let the story fade away. He didn't take it.

No matter how lucky you are, if you keep doubling down, eventually the house takes your money.

Why not this guy? Possibly because he generated a little too much infamy and now the public wants blood. Or maybe the prosecutor believes in the defendant's guilt and thinks they can make a strong case. Maybe a mix of both.

Perhaps you'd prefer the prosecutor look at some other case but then the exact same question could be asked - why that guy?

So why not this guy?

I imagine they have a lot of more serious crimes to pursue. This just seems to be high publicity so it is getting more resources. That means other crimes with high impact victims get de-prioritized. Plus it is Chicago, it is still rather corrupt there. I would mistrust anything with publicity involved until it is proven to be valid.

The fake lynching looks like a crime done in order to pass a law, possibly to help someone get elected president, which is quite serious. Dropping the charges is highly suspicious too, having been done by people who were also associated with the presidential candidates trying to get their law passed.

Yep. The prosecuter who dropped the charges was also being mentored at the time by the senator who was trying to pass the "anti-lynching" law the same week. Their bill had failed several times, then this incident happened and the bill passed within a week. The actor was also close friends with the same senator.

This story isn't about politics, it's about corruption at the high offices.

Something that should never be overlooked in this case is that after police identified the suspects and made arrests Smollett still stuck to his lie.

He was ready to send innocent people to a potential life sentence or the death penalty (which is how hate crimes are treated), and in fact is still maintaining his lie.

All over a contract dispute. Evil stuff.

Not to diminish what a dunce this guy was, but the only crimes currently punishable by death in the US are ones in which the victim has died. And maybe treason, espionage, and other weird crimes against the government. Those are unclear at the moment.

For political reasons of course. The prosecutors are elected. They must pick cases that encourage votes.

Even someone who has done wrong has a rights and I would think that a year of Google data would compromise too much information not relevant to the case. In my opinion this clearly qualifies as "unreasonable searches".

Even if you have been naive enough to voluntarily share data with Google.

They do. But I'm not in your jurisdiction. And this could happen to me too. And my company.

I don't see how the context of his alleged crime (he's not been found guilty of anything) is relevant. Beyond a felony/misdemeanor the means available to the state to build a case/prosecute should be identical regardless of the specific crime alleged.

Is there some line you don't want it to cross? As tech progresses, there will be increasingly more about everything you do that gets logged.

If any community has the power to reverse that trend, it is HN and the rest of the software community that actually builds the tech. I am constantly battling it in my own company, where they want to track everything our users do. And they even have some legit reasons for it, to use the data to build better UX, etc. I am the only person fighting against it, saying that tracking should be limited to only the cases where there is truly a compelling business question it can answer.

If Google were to apply the same logic to their tracking, we'd be in a better place. For example, they may want real-time location data for the traffic alerts when using Maps. And they may desire some aggregated form of that data long-term. But I cannot see any business benefit to Google maintaining my personal location data at specific times and dates in the past. There is zero business benefit to keep that level of detail in their logging.

Or, to answer your question more directly, that is the line I do not want to cross - where we are logging personal data "Just in case" we ever might need it. I'd like to see every piece of tracked data tied to a specific business need, and then have it deleted when that need no longer is relevant.

The media seeks to ignite racial tensions for personal gains all the time, shouldn't we prosecute them too?

I think CNN just found out the answer to that the hard way. They settled with that Covington kid.

This is yet another reason why for profit media should be taxed like cigarettes and liquor. People like it, it's bad for them, and it costs money to undo the damage it causes.

Plow the money into courses on basic reasoning, civics, and grants to non-profit, independent media so that the people benefit when for profit media pushes a war for profit or racial divison for more ad revenue.

This suggestion befits an authoritarian dictatorship which seeks to control the press and muffle its critics, but it is ill-suited for a people who wish to remain free.

Everyone seeks to ignite racial tensions for personal gain. Politicians, journalists, even a lot of people on HN are out doing it in the comments all the time. But you can't prosecute every jay walker, nor every speeder. That doesn't necessarily mean that you shouldn't punish any speeders.

The problem here is that they are going about it in the wrong way. Issuing a warrant that says, "Well, show me everything this guy ever did, and I'll tell you the crime I want to prosecute him for later."

That's not how most warrants work. Most of the time it's, "We suspect X evidence generated in the commission of Y crime is at Z location". What this does is say, "We need all his data to figure out exactly what crime was committed". That's an ominous warrant.

yes we have seen you know how to make this comment.

Another way to look at that 'duty' is to say [The] state has a responsibility to ensure justice for all. That may seem like the same thing but vagueness is at times valuable given that life rarely satisfies the black and white dichotomies many of us would prefer.

What exactly are you saying? That the State should let this one go?

More so that laws are a social construct.

We can have a discussion about how the state should behave without using catastrophic examples to shift debates about principles and policies.

The post I was responding to sees the role of the state as a absolutist binaric executor of often fuzzy laws and rules. The context of this example doesn't have any affect on whether or not that naive belief is a path to a functional and just society.

Whatever happens with Smollett, or the next example, simply doesn't support a belief that every crime should be prosecuted. There was a (hamfisted but entertaining) TNG episode about this for gods sake...

> Look at the context.

The context is extremely partisan twisting of the justice system on all sides. Normally DA's have complete discretion to drop charges as they see fit. Because of the partisan outrage a Republican special prosecutor has been appointed to overrule the prosecutor and now he's on a witch hunt going through a year of Google records trying to find everything incriminating, this is a farce and high level corruption

“Ignite racial tensions”? There was no chance of that happening. Smollett was a laughingstock the day the story hit the news. Foxx declined to prosecute because she correctly saw it as a ridiculous and embarrassing stunt.

Another thing to keep in mind: “igniting racial tensions” as an investigatory justification was how MLK got labeled the gravest domestic security threat to the United States. You’re advocating a categorical justification with a fraught and bloody history.

Better civilian oversight is overdue.

> There was no chance of that happening

Mens rea is the guilty mind required for something to be a crime. Intent matters as much as outcome or chance of outcome in the judgement of whether a crime has occurred, and explains the use of "sought" in the comment you replied to.

Well, it hadn’t even entered my mind that increasing racial tensions could be a crime, so that didn’t make it through my legal framework. Why did it occur to you?

His actions and motivations in committing a crime, alleged or proven, are relevant, that's why it entered my mind - he is under investigation for a crime, is he not? Igniting racial tensions doesn't need to be the crime, just as stealing money to pay off debts doesn't make paying off debts a crime, but it's still relevant in showing mens rea and the kind of mens rea e.g. knowing, negligent, reckless etc and in assessment of the effects of his actions.

I guess I’d call it an appeal to racial sympathy more than anything else. If Chicago wants to charge him with filing a false report, they can go right ahead, but I’m pretty sure they don’t need his personal records to establish that.

Smollett may have been a laughingstock amongst people who were actually able to think for a moment about how plausible his claims were, or (if we're being more cynical) amongst people outside the left wing who were inclined not to believe his claims from the start. Most world media and all his fellow celebrities not only went along with his claims, they went after anyone who questioned them right up until the point it became clear that the police had indisputable evidence.

That’s true, and the public anger at Smollett that I see as unreasonable might have to do with that suppression of questioning. But I think the anger has more to do with a) white people who feel defensive about being called racist and b) law-and-order types who are offended by the attempt to deceive the police. They are taking this opportunity to push back against a falsehood, even though it’s a stupid falsehood.

The story was just uncomfortable for me, so I felt relief when contradictory testimony was found. I live near Chicago in an area both white and black, and mainly left-wing. I didn’t dare bring the story up with my black neighbors, and never heard about it from them either, despite its high profile. It was a very self-conscious couple of weeks. In contrast, when Obama was running for office people couldn’t help talking about that, and the sense of pride was real.

There was really no benefit to expressing doubt either; actual tragedies and abuses (Laquan McDonald murdered by the CPD, for instance) are still fresh in everyone’s mind. If current events weren’t as horrific people might be more comfortable expressing doubt and maybe even laughter over a guy with basically a homemade lanyard around his neck.

>the state can deputize any company to snitch on the digital ephemera that constitutes our daily lives

this is not true, but in the way that makes your point much, much worse.

In the US, case precedent is already set that digital data that you don't physically own is not yours. IANAL, but my understanding is that the standards for digital search-and-seizure are lower for cloud services, not equivalent or (god-forbid) higher.

Right. But I suppose the thing is under it is conveniently (for the prosecution) consolidated under one company's umbrella, so I don't think it totally invalidates OP's point. What about companies such as Proton Mail? Would they just hand over all their data? I don't know. Honestly asking.

ProtonMail could, but it looks like just raw IP logging and most everything else is encrypted by design. I dunno if turning over those IP logs killed or maimed their warrant canary in the process.


Edit: obv PM’s canary is public and has disclosed they’ve released data to the Swiss courts, but it’s pretty much as advertised; ip logging is raw but the rest is encrypted.

Queue the Google alternative posts. This is some terrifying stuff.

> not just emails but also drafted and deleted messages; any files in their Google Drive cloud storage services; any Google Voice texts, calls and contacts; search and web browsing history; and location data.

The scariest part is that this amount of data access can be very effectively weaponized to build a strong case against anyone. All of us are inadvertently breaking some law or the other all the time. If the government doesn't like you for any reason they are one court order away from blackmailing you or putting you away.

Including Google. There was a well-publicized case in which they were "hoist on their own petard" a few years back.

What happened, basically, from memory, is that someone was arguing that Google did something wrong (I forget, but it might have been the collusion to keep down employee wages or something) and so there was discovery of emails by Google, and they eat their own dogfood so it was gmail.

So Google smugly said "hah, there aren't any incriminating emails", but then it turned out that the autosaved drafts of some of their emails were incriminating, and were preserved, and ended up being produced in court.

So remember that the next time you type an email or a forum or facebook post, and you revise it extensively before hitting the button to send it.

It's incredibly interesting that unsent emails were used to support a case. Were they used to prove intent of some kind?

Well, after...Googling...it, there's a little more to the story. It was actually a fight with Oracle about the usual stuff (Java patents), and the email itself was covered by attorney-client privilege, and therefore didn't have to be shown to the other side, but the drafts slipped through by accident because, you know, the subject didn't actually say "Attorney work product - confidential" until almost the final version. And although there is something called a "clawback", the judge ruled that their attempt was too little and too late. "Your honor, it's devastating to my case!"

Basically, Google relied on an algorithm/search engine to screen for privileged documents instead of having lawyers review things the old-fashioned way and they got bit by that.

Agree. Why giving it all away to google then? I don’t get people who complain about privacy though insist on using a gmail email, chrome and make all their search on google, not clearing cookies regularly and using adblockers.

> they are one court order away

The implication being that the courts are corrupt?

If that's the case I think you have way worse things to worry about than "data access", the courts have much greater powers than that.

The scale of it is what is of most interest.

If the court gave a similar order to retrive similar amounts of physical (eg paper) information from your house, and anyone you happened to correspnd with it would be extremely notable and expensive as well as creating dramatic television pictures. Some of that is a deterrant to its abuse.

"Google, fetch" the scale, ease and speed of that is worrying. How is its abuse to be stopped?

Courts may or may not be corrupt, but regardless of that it hasn't historically been very difficult for authorities to find a judge to sign off on a very wide-reaching warrant (like this very case).

Yeah. We voluntarily give info to Google (most of us don't think about it that way, but we do). Google winds up with all this data. In theory, I don't have a problem with the authorities being able to get their hands on it, after getting a warrant. In practice, "getting a warrant" doesn't seem to be as high a bar as it should be.

> The implications being that the courts are corrupt?

You don’t have to be corrupt to be ineffective. Have you been following patent rulings? Or FISA?

It should be queue the reduce use of electronic communications posts.

This isn’t a phenomenon unique to Google. Google just attracts attention because of the broad scope of what they do.

Everyone, it's cue, not queue.

And live how? Anything you use these days leaves a trail. You could be carrying a basic feature phone with nothing but email, use duck duck go, and still get hit by this.

Keep in mind that instant messages and voicemails, for instance, get produced in court all the time, and that has nothing in particular to do with Google. Calls made from jail are another thing that comes to mind.

(I am not a lawyer but) AFAIK there's no particular form of communication that's immune to discovery but for Google.

What's the difference between this and a normal warrant, where they take every scrap of paper and electronic equipment in your house?

If your objection is that it's weird Google has kept that data, sure. I get it, I use DuckDuckGo, Firefox, and I host my own email server on a VPN. I'm struggling to understand why this particular aspect is weird though. It seems totally normal that the government would seek this information as part of a criminal probe.

The difference is that this absurd amount of data exists, with no useful distretention policy.

Remember that the govt seizes this info about you to prosecute you, but you don't get this info about them for all their suspected crimes.

> Queue the Google alternative posts.

How would that help? They'll just get a warrant for those.

> This is some terrifying stuff.

You have a strange definition of terrifying. This is how the law is supposed to work.

You do realize they can also go in his house and search through his things? Or order his friends to talk? That's what search warrants are.

> How would that help? They'll just get a warrant for those.

In terms of e-mail, any service that encrypts at rest and doesn't maintain the key can only hand over encrypted data. ProtonMail would be one example.

>How would that help? They'll just get a warrant for those.

If the business is not based in the US, it will make getting a search warrant much more difficult. Your (e.g.) Protonmail account is less likely to be subpoenaed than your Gmail.

Even if user data were seized, it would be impossible to decipher because of ProtonMail's encryption. Unlike Gmail or Outlook, email you send with ProtonMail is encrypted before it's sent to the ProtonMail servers.

Then they would seize his phone and use that to decrypt the email.

Or order him to turn over his own email.

> Or order him to turn over his own email.

Which they could have done in this case. So why subpoena Google?

Apparently some concern he might accidentally click delete instead of duplicate. Non technical user and all. Google staff have more training.

It’s clear you have no idea what this actor did. He staged a hate crime in Chicago and the main cook county attorney dropped the case after CPD proved it was fake. With your radical views, where do you draw the line? Will you vote to protect criminals, child abusers, rapist? All in an effort for “privacy”?

Is this not a standard tactic for moving the bar of what's acceptable? Similar to the San Bernardino case (https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_d...), it makes sense for LE/Government to cherry-pick cases with defendants who have committed terrible crimes to create precedent for their new methods, as it's harder politically to take a position "defending" them. Defence of holistic rights can be painted as defence of a terrorist/racist/paedophile etc to score points.

If you know this is true then you don't need to subpoena a year's worth of all his data.

Alexander Hamilton and James Madison also had "extreme" views

It's clear you have made up your mind without the facts. Note the Tribune's reticence to come to that conclusion based on the actual evidence? I have zero opinion about it.

Separate to that this comment has absolutely nothing whatever to do with the parent comment, whether you agree with the parent or not. Rights should exist for everyone, not just everyone you happen to like. Whether this warrant has gone too far as the parent suggests and it is necessary to take countermeasures or not is the argument, not your feelings about someone accused of something which frankly have no baring on anything in such a discussion.

Is there anyone, anyone at all, who disputes that he made a false report?

I have little idea and care even less, myself.

The source material, ie article published by the Tribune, was completely unwilling to come to that same conclusion in the story. So to me it seems more likely that it is in dispute on that basis rather than that is is indsiputable due to wholly unsupported comments here.

But again it doesn't matter at ALL. It has zero relevance to this discussion. None. No really.

Rights are especially important when they relate to people you dislike doing things you also dislike. That situation is exactly when you lose your rights. Like maybe think about if that's is what is happening here.

It matters in that if no one is contesting the accusations, they are, in fact, facts. That he staged the thing is a fact. Period.

Repeated assertion is no substitute for evidence. Good Soviet technique that one.

The Tribune refusing to come to the conclusion that such is a fact is a conspiracy? Something stranger? Could be, I guess. A less likely than an alternate interpretation of the evidence I've seen here. But i don't care at all about it. Zero.

It still has absolutely no baring at all on the discussion of rights erosion.

I disagree on your last point.

Whether it's Google, Microsoft, your ISP, a databroker, a webscraper, an unscrupulous app developer, or even your TV, I think it's safe to assume that one day or the next, every piece of content you produce, or topic you discuss will leak its way onto a major adcorp's servers.

I can hardly think of anyone I know that can't attest to the experience of discussing something as a non-sequitur, only to receive ads about it shortly thereafter. Even visiting an old friend with vastly different interests, never enabling location services, or connecting to their WiFi, I've noticed vast changes in my ad regime.

Decentralising your web activity can only make you less easily monetizable, but you'll never escape the panopticon, and Google can release data it got from third-parties just as easily as the data it collected itself.

If you want to say something you don't want Facebook, Amazon, MS, Google, or the state to hear about, do it in the woods or a private room away from anything digital.

The other week I was out in a National Forest hiking. I was about 6 miles from the nearest Forest Service road. I took a break and sat there eating a sandwich and looked up to see a camera mounted on a tree about 4 feet from me. I imagine some hunter put it there. I'm just saying that even out in the middle of nowhere, not near any paved roads, there are still cameras watching and recording.

If it's for the purpose our wildlife people are going to try to do, it is for animal count and trail tracking.

Satellite surveillance, or spy-planes/drones also might record you in the wilderness.

Dishearteningly true.

>I can hardly think of anyone I know that can't attest to the experience of discussing something as a non-sequitur, only to receive ads about it shortly thereafter.

No way in hell that's true. Things are bad enough, you don't need to make stuff up.

I'm working from my personal experience. If you've never had something similar happen, then good for you.

I'll admit that it's quite likely that advertising algorithms are sophisticated enough to anticipate our needs based on previous behaviours with uncanny precision and timing.

But I don't trust to that, given the proliferation of cheaply made gimmick apps which contain embedded third party ad libraries.

Since I have no way to verify either way, and my experiences are echoed by my social circle, I personally think it best to assume the worst of my device.

I will mention that a recent study* concluded that most apps with microphone permissions will not unduly access do so. This has been taken by articles I've read to dispel the urban legend of the listening phone.

But, given that the tests lasted 5000 random user events (at ~16mins), on a more or less clean device, and as the study says

"…we did not use pre-configured text inputs, which vary across apps and require substantial manual effort; instead, we relied on random interactions. Accordingly, we miss some events that only human in teractions trigger, e.g., in apps that require login."

I don't think it can be taken as an authoritative final answer. Especially given that the devices had no pre-existing identities apps to latch onto and inform about.

The study also looked principally at network traffic, with a focus on detecting conventional media formats. This is fine for detecting the transfer of visual content, and audio. But it doesn't account for the device itself listening for keywords, and reporting them, or partially resident models, which would perform their first few operations on-device, before transfering their outputs for final processing server-side (mentioned in their study's limitations section).


EDITED for formatting, flow, to acknowledge parent's experience, and to remove a few points made redundant later in the post.

It's 3am so I'll read the article tomorrow.

In the mean time: I think it would be trivially easy to verify: just take a rooted phone and log accesses to the microphone. Somebody would've found that it's being activated when it shouldn't by now.

>I'll admit that it's quite likely that advertising algorithms are sophisticated enough to anticipate our needs based on previous behaviours with uncanny precision and timing.

Or it could be that among the hundreds of random ads we see online everyday one of two happen to be related to one of the dozens of conversations we had in the past days.

No worries, I look forward to your response. I honestly doubt either of us will be able to fully convince the other of our conviction, but it'll be worth the exercise to refine my position.

That's actually a pretty good idea. When I'm in a position to get a rootable handset, and have the time to audit my apps, I'll have to try it.

With respect to your second point, it's quite possible. But I don't actually see much diversity of ads to begin with (typically tracking closely with my purchase and search history) so anomalies stick out like a sore thumb. But I'll be the first to admit that I spend a lot of time trying to figure out why I see what ads when, and I may at times overfit my explanations.

I'll never be able to prove the assumptions I make.

It is a phenomenon I've seen reported in the media, and it tracks with how I percieve my own experiences, as well as the experiences of my friends.

If it made no financial sense, I'd dismiss it. Likewise if I saw a study that convinced me beyond a shadow of a doubt, I would dismiss it. If there were legislation with teeth in my market to prevent it, I'd dismiss it.

But with the ubiquity of voice recognition, and the financial incentives at play, I just don't see a reason companies wouldn't leverage the tech for the purposes of superior ad targeting, and profiling, when they already go so far as to record our screens.

Most articles (like the one you linked or ) conclude that it's technically possible, but found no evidence of the microphone being used when it shouldn't.

>That's actually a pretty good idea. When I'm in a position to get a rootable handset,

I meant easy for any security researcher, to the point where one would've found something by now. But if you have assistant or siri on your phone then the microphone is always on, so it wouldn't really be trivially easy to test.


The day before yesterday a work colleague asked me if I had read a particular book, the next day Amazon emailed me to recommend that book. Could be coincidence but what are the chances?

It can be a coincidence. You were probably asked or talked about hundreds of things in last week and noticed this one situation.

It can be just targetted marketing, perhaps your colleague googled the book or saw the book on Amazon after getting a random ad. Ad companies understand that if someone close to you liked a product, there is a chance you will like it to so they prioritize advertising similar things to those on your WiFi/location or background.

In any case, I find it very unlikely that our devices are listening to us talk and report it to ad servers. I doubt conspiracy of level to pull it off would be still a secret. It would need to have both Apple and Google engage in it, engineers working on it would have to keep silent, it should be virtually untraceable and so on. It's just much easier to explain as coincidence along with some targetting due to ads your social circles engaged with.

Depends on how many irrelevant emails Amazon send to the whole population.

See: lottery fallacy [1]


I read a horoscope and some of its predictions came right.

I imagine that being distributed makes it easier to obtain the data for a person. If a court can't get data on a user from the the main server's owner, they might go after more vulnerable server owners that happened to be federated with the main server (vulnerable, as in less disposable income for lawyers).

> the [US] state can deputize any [US-incorporated] company to snitch

FTFY. I don't believe they have the same legal authorities to compel companies incorporated outside of their country jurisdiction to do the same, correct me if I'm wrong. This isn't the same as a sharing agreement done as a diplomatic quid-pro-quo however, which I'm sure also happens.

It could but it's more than likely not. In this case a crime was committed and possibly covered up. As much as I agree with you to move to distributed spaces and increased privacy, I think Google has an obligation to comply here.

I believe Smollette staged this, but the state should not be allowed to simply get a year's worth of his personal data without cause. This tantamounts to unlawful search and seizure and a gross violation of his right to privacy, both guaranteed by the Constitution.

As much as I disapprove of Smolette, we cannot let the state overstep it's boundaries and jurisdiction. They'll have to prove it while being compliant with the Constitution

if you were a witness or had a document that proved he was/wasn't at x place, you, as an individual, would be forced to testify. Maybe this is way overbroad but odds are that Google knows what happened, either by location data or via a search. I think Google should NOT be able to keep this data so such requests are mute by definition.

I have no problems with search and seizure that is backed by irrefutable "probable cause". But one year?!! Why not his entire life? The courts are stretching common sense definitions of "cause", and simply fishing for anything to nail him

As for Google, while I agree with you, the reality is that their business model relies on personal data, and we're none the wiser continuing to use them despite this knowledge. How many, even within the HN community, will bother transitioning away from Google, after reading this?

The supposed assault on him took place slightly more than 11 montha ago in January 2019, and there's evidence suggesting he was plotting it in advance of that date. He sued the city of Chicago claiming malicious prosecution in November. One year about covers the time period where there is definitely going to be evidence related to this.

The year is due to the possible length of planning. I have heard through some channels that they believe he has been working himself up to it for a while.

In January of 2016, he performed "Strange Fruit." In 2017, he released a music video featuring a fake Trump, "alternative facts," and a noose. I haven't dug into it myself to verify, but I had heard in 2018 he and Kamala Harris were around one another on some kind of anti-hate-crime bill rally. I am less sure on that one.

Now, I am not sure how much actual planning (detailed plotting) went into it, because as hoaxes go, it does not seem especially well-executed. Downtown Chicago as "MAGA Country" is especially far-fetched.

They said one year because its better to have more than less. Court /lawyers should've or should push back.

The entire premise of our Justice/legal system is not to nail someone at all costs, but to do it within the bounds of the law. More is obviously good for the state, but not the legal, ethical, moral way to go.

On the flip side of the loss of privacy: location and similar data can be used as a solid alibi if you are accused incorrectly.

How many people have been silently tagged as innocent because of their data stored?

That said, ersonally I find the loss of privacy abhorrent, especially because I have fuck all rights in the US (not a citizen, so the US government and US corporations can abuse my personal information with very little recourse from me or my own government).

> location and similar data can be used as a solid alibi if you are accused incorrectly.

Except you don't control them and could be faked and used to frame you. The power imbalance here is absolutely astonishing.

It should be up to the falsely-accused to allow their siphoned data to be release to create an alibi.

They could claim you faked your alibi data. If you innocently were near a crime you could be convicted by circumstantial evidence.

Unfortunately, our website is currently unavailable in most European countries. We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market. We continue to identify technical compliance solutions that will provide all readers with our award-winning journalism.

I can't read it from the US either due to having an adblocker. And even if you allow ads the paywall appears after viewing one story per day.

Google the title. Others news sites have it.

I'm in the same case, it this the story ?


Yeah that's it. The OP removed the name from the headline for some reason.

When convenience comes back to bite you in the ass. I’m interested to see if and what Google releases and if there would be any different if Apple was asked to release the same information.

Does the “Ad” company have more data on an individual versus the “privacy” company? Or does it actually depend on the user opting in to give this data to said company?

From what I can tell in the news, Apple will share data if ordered to -- “WE GAVE THEM ALL OF THE DATA IN OUR POSSESSION,” SAYS APPLE from (https://www.theverge.com/2020/1/7/21054836/fbi-iphone-unlock...)

The iPhone unlocking for the mass shooter was slightly different -- FBI wanted them to create a new tool (that did not exist) to unlock an existing phone.

This sounds more like a fishing expedition than a typical search warrant. I expect that Google fought or is fighting this request as stated as they have for others in the past.

"And if we believe a request is overly broad, we seek to narrow it -- like when we persuaded a court to drastically limit a U.S. government request for two months' of user search queries."[1]

If they refused to hand over 2 months of search queries, I guarantee they didn't just hand over a full year of all user data.

[1] - https://support.google.com/transparencyreport/answer/7380434...

"Unfortunately, our website is currently unavailable in most European countries"

Does anyone have an alternative source for this story please?

Thanks very much.

Thank you.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact