So many loopholes, the bill becomes 'feel good' legislation instead of effective legislation.
Why stop there? If this data is dangerous for governments to have it, why is it safe for corporations to have it? Why not have a bill banning the collection of this data or these specific use cases of already collected data? I don't understand why we should inherently trust corporations more than governments.
If McDonalds maintained a SWAT team and was run by people known to bomb weddings in the pursuit of regional stability, I'd be worried about them having my location data too. But they're not going to so that, they're going to come up with a crooked scheme to feed me more burgers.
The quality of the outcome is arguable, but the level of risk is much lower.
It won't stop at burgers.
I wonder if you know these people's lives as well as you think you do.
The number of people a government imprisons, de-homes, kills or otherwise causes trouble for is orders of magnitude higher than any corporation. Said government is working on blanket principles and regularly makes mistakes.
Them knowing where I am is orders of magnitude more concerning than some dude trying to hawk me stuff based on my location. Last century, if someone was killed by human intervention it was probably at the behest of a government. It'll be same again this century. It will be the same again pretty much every century.
I'd rather nobody was tracking where I am, but it is going to be a government that actually abuses the information. How a body can look at the US government go Bush-Obama-Trump-Biden and think "yeah, I'd trust these people to keep tabs on where I am" is beyond me.
They should just ban them from selling it to anyone. Otherwise, they can buy the information from a homeless Russian?
"An Ohio farmer, Roscoe Filburn, was growing wheat to feed animals on his own farm. The US government had established limits on wheat production, based on the acreage owned by a farmer, to stabilize wheat prices and supplies. Filburn grew more than was permitted and so was ordered to pay a penalty. In response, he said that because his wheat was not sold, it could not be regulated as commerce, let alone 'interstate" commerce'..."
It did not, illustrated by among others, US v. Lopez.
A company commercially gathering data that is not exclusively limited to data on in-state activities of in-state residents from (transitively) exclusively in-state sources, and selling it, is engaging in interstate commerce.
that could make some of 'the goods' illegal.
and no I don't think t-mobile's recent email about privacy changes should count as opted in - I know the other users of the plans did not even get such an email also.
(I haven't seen the ACLU provide any legal citation to the claim that it starts from the coastline.)
Maybe what you say was the origina intent, but we know how the enforcement agencies love to reinterpret the laws to their advantage.
The key relevance I see is https://www.courtlistener.com/recap/gov.uscourts.mied.316027... (which includes the CBP's response to the allegations of the 100-mile border being counted from the coastline), where the CBP sort of denies that this is the case. It also sort of doesn't deny it, but this can very easily be a case of "we don't want to stake out a position in legal documents if we don't have to" (which is not an unreasonable thing for a lawyer to do whether the ACLU's claim is right or wrong).
Unfortunately many are fine with this because they believe it benefits their ideological group, which is more important than individual rights.
A good example from this year:
>...the FBI relied in some cases on emergency orders that do not require court authorization in order to quickly secure actual communications from people...
I remember back in the day when this would outrage people.
After all, it's a conspiracy theory, which means it's verboten.
The press ran the story in my opinion half heartedly and imo forgave the transgressions because it was Obama in at the time. Most of the kick was directed right or wrong back to Bush.
It’s not like Brennan or Clapper or Rice or Yates ever faced even a degree of heat for directly lying to Congress about domestic spying.
I don’t at all disagree we live in a different world now, I just don’t have a perspective that this specific example was really that big at the time. Blurbs and tweets and Snowden Celebrity withstanding, the leaks had little to no actionable effect I can recall. I could be forgetting though.
If you find a place where people don't think this way please let me know so I can move there.
Since the cell phone system literally cannot work without location data (base stations need to know where the handset is) the data will always be there. But there's no reason to store it for 2-5 years as is currently done by US telcos. A "fix" for this situation would be to limit the stored location data to, say, a week. Then there would be no incentives for the companies to sell the data.
There's a please clear justification for holding that data and making it accessible via a warrant.
What here needs reform is the warrant process, and more precisely, the incentive structures around policing.
US DAs/Judges/Police/etc. need to be independent and impartial. At the moment excessive US electoral "democracy" creates pathological incentive structures.
They'll do just fine after location data.
Especially with all the other digital breadcrumbs left around (security cameras and whatnot). If you don't think someone was somewhere they say they were there's a million other ways than phone data to check it out.
Besides, it's not like "oh look his phone was elsewhere" ever stopped police from investigating someone. They just assume you left it at home or gave it to someone for the purposes of an alibi.
I hear this sort of argument a lot, and often use it myself, but... did they? Sure, law enforcement existed and solved cases before they had access to location data, but are there some (more recent) cases that would have been unsolvable without it? Or has police efficacy not increased at all because of access to location data? Do we have data on this?
As much as I'm not positive on law enforcement in general, I think it's reasonable to have access to location data. But that access should be gated behind a limited-scope court order, and judges should not be rubber-stamping them.
On the other hand, it seems like any capability granted to law enforcement ends up getting abused, so I'm sympathetic to the idea of just banning all location data use.
Meanwhile it can and does put innocent bystanders (often minorities) at risk of arrest or defamation for simply being in the area.
>US DAs/Judges/Police/etc. need to be independent and impartial.
This is like wishing hell had an air conditioner.
Yes, in some cases this means a guilty person will go free but we have a long standing belief in western legal culture that it is better for some of the guilty to go free than to punish the innocent for the actions of the guilty. Invading everyone's privacy in the name of catching the small minority that engage in criminal activities is punishing the innocent for the crimes of the guilty.
One need to look no further than the widespread use of swat teams and no knock raids for mundane purposes, when even 50 years ago most cities didn't even have a swat team.
Kind of hard to justify the "APC maintenance" line item if the answer to "how much did you use that thing" is "never" so things like MRAPs and the swat team get used in situations they shouldn't be just to inflate their usefulness on paper.
I think that's a fine ideal (that I agree with), but I don't think any reverence for it is shared by many in law enforcement or the legal profession in general. Conviction rates are king, and incentives are often not aligned with true justice.
What you're arguing for here is to holding data on everyone for several years on the grounds that you might commit a crime in the future or be planning to commit a crime now. I'm OK with this for someone who has aroused sufficient suspicion to justify surveillance, but your approach makes mass surveillance the default condition.
That's not a justification, that's an argument.
A justification would involved evidence-based analysis of why the potential benefits (that you point out) outweigh the potential risks (abuse of process, targeting, etc.).
Given the current state of affairs (as you point out) it's not clear at all that the benefits win.
Note this is not an endorsement of the grandparent's policy view, just an explanation of how it can be applied.
They'd just sell it to the same buyer, or an intermediary, as it happens.
That's just not true. You do realize that they sell your live location data, right?
On page 2 of the bill, the definition of 'covered customer or subscriber record' includes the following:
(II) an intermediary service provider that delivers, stores, or processes communications of such covered person;
There isn't like, a piece of evidence presented here that any of this will matter.
Wyden and others introduce bills of little substance all the time, they turn the best polling headline / title into bills.
So in one perspective this is just politics as usual. Wyden's idiosyncratic donor focus groups ranked this highest this month and we're only hearing about it because this is Hacker News, and on some other forum there's some other bill we don't care about but also polled well with some other senator's donor focus groups.
This isn't saying much, that legislation is reactionary, but it's interesting the specific mechanisms nowadays are super-representative, super-cheap focus groups and polling, enabled by services like Facebook and Instagram that these bills, ironically, target.
Do these bills advance the cause of privacy? I don't really need location tracking data to guess that most of the time, you're at home or at work.
And if you're eeking out such a subsistence existence that you don't have a permanent home or you're jobless? The bigger injustice is that the government has set an adversarial sight on you in the first place.
If companies want PII from their users, they should ask those users directly for permission. The legal test for a violation is straightforward: if a user can be de-anonymized from what the company shares along with public information.
California has made headway with CCPA, you don’t need many more states before it becomes the default without federal action.
There is momentum, and it’d be a shame to waste it.
Now if we could just do something about js popups...
Would it be unreasonable to require any proposed legislation include a comprehensive summary written at something like a 10th grade reading level?
Something like this could help eliminate the manner in which long-form effectively bars most citizen participation in the legislative process. It would also force a degree of clarity on the implications and meanings within a proposal.
We should never, ever have to hear "We need to pass it so we can see what's in it."
As an aside, I also think there should be hard limits on the size of a single piece of legislation. If a competent reader can't sit down, read, and understand it in a single sitting, it's too long.
Yes, and it took a long time and really pissed off the sales person. Apparently I was the only one to actually read that stuff. And I learned how to opt-out of their marketing crap and I did so - boy were they bothered when I called them on sharing my info after I opted out. I think I must have been the only one ever to opt-out.
I really hate this response, and I've heard it so many times. It's "boilerplate" only because nobody can be bothered to read it to find out how they're being screwed, mostly because most of these are ridiculously long. If one doesn't want to negotiate, that's fine, but just be straight about it and quit wasting my time.
In one particular "contract", it was also insinuated that I didn't know what I was talking about, because I was (am) not a lawyer. I might not be, but I am not signing anything about "copywrite" (sic). (And there were more semantic errors to that particular one: I was being asked to sign over rights to a work that I didn't have rights to. They had waited until literally the day of a performance to show us this, too. It didn't get signed.)
Then the title person later was like, "Almost all of this is standardized stuff. It's not really like you can negotiate it at this point."
Whatever, lady, I want to know what I'm signing, I want to see that this version matches the version I already signed last night (it didn't), and for half a million bucks, you can hang out for ten minutes while I do it.
But there’s a lot of inertia against changes like this. And hard limits on bills mean there’s less horse-trading to help certain legislators sign onto a bill (which often might be pork). Not a great realization, but it’s part of how bills get passed.
I think this is necessary to get us out of the quagmire that we find ourselves in, but any additional transparency will inevitably lead to witch hunts which -- even if deserved -- will lead to instability. We need to give ourselves and our representatives a path to transition to the light without letting cynical people bomb out the foundations of our society with emotion-fueled rage mobs.
Perhaps another post on the front page right now is relevant here:
On the bare necessity of psychological safety - https://news.ycombinator.com/item?id=26860743
We already have that, except a) it's not as easily to read as it might be and b) without significant study, it's often not obvious what the import of a change is.
I think we need to be thinking about a long term goal fo dispensing with representatives as they currently exist and moving toward a wiki-ocracy, where anyone can write or edit parts of the legal code but there are procedures for conflict resolution, as well as constraints of various kinds.
"Specifically, the bill expands voter registration (e.g., automatic and same-day registration) and voting access (e.g., vote-by-mail and early voting). It also limits removing voters from voter rolls."
"The bill addresses ethics in all three branches of government, including by requiring a code of conduct for Supreme Court Justices, prohibiting Members of the House from serving on the board of a for-profit entity, and establishing additional conflict-of-interest and ethics provisions for federal employees and the White House."
What does any of that mean specifically? Expands voter registration and access how? Imposes what limits on removing voters from voter rolls? What's in the code of conduct for Supreme Court Justices? And on and on and on.
There has to be middle ground between a useless and abstract summary - that sounds more like a commercial than a true summary - and the bill itself with several pages of preamble just to define well-understood terms.
We can do better. It would be very easy to establish a broad “good-faith” standard for a legislative summary while also specifying it’s use for “informational purposes only.”
It's insane to me that it's legal, and my current guess is it'll take ~20 years for the current 60+ year olds in power who don't know how to use computers to age out.
This bill sounds nice in principle, but like everything else, could be completely negated by simple loopholes. It could even be smoke and mirrors, so that they can say this issue has already been addressed by legislation. Defective legislation is rampant.
The republicans have made a similar shift in that the moralizing christian right has a lot less influence among the new ones.
I think things will be a lot better in 10-20yr as the dinosaurs from both parties drop dead.
No specific warrant, the data cannot be used.
I can think of good uses for the data (the census, mapping traffic patterns, pandemic modeling).
Purchase histories seem more telling to me if you want to know someone's secrets?
Isn't the whole point of organisations like 5-eyes to bypass what little domestic restrictions there are?
There are plenty of other entities I'd prefer not to access my data including state and lower level governments, corps, insurers, foreign governments (I'm a brit to be fully transparent).
So why this particular combination of conditions?
Do people think things have fundamentally changed after Snowden?
The loopholes that this bill leaves unclosed make this entire bill just another dog-and-pony-show.
This is just for show, not to affect any type of meaningful change.
Making the SALE of ALL location data illegal, to any 3rd party, would more than suffice. This proposal is just a song and dance for the generally uneducated and uninformed populace.
The government will simply purchase the data from another government...
...YOU KNOW LIKE THEY DO NOW WITH THE 5 EYES PROGRAM...
Useless pandering. They suck.
I see that the cosponsors cross party lines. But is it enough that it will make it into law ?
People in government want power.