Hacker News new | past | comments | ask | show | jobs | submit login
The U.S. Treasury is buying private app data to target and investigate people (theintercept.com)
389 points by _-david-_ 70 days ago | hide | past | favorite | 366 comments



Don't like it? Organizations like the EFF have been working to stop overreach:

https://www.eff.org/deeplinks/2021/01/eff-fincen-stop-pushin...

You can help financially, and contact each of your representatives and senators and request they act to stop this end run around the constitution.


Upvote for the EFF.

They really are the heroes of digital time. And they stayed true to their mission amidst the woke wave other organizations have been swayed with.


I gave them $100 and about a year later they saved youtube-dl.

Soon as I'm actually making money again, they'll get some.


Who is working to stop corporate overreach?

I don’t really understand why the species should put its faith in industrialist billionaires given the history.


Great point. Insurance companies have access to way more private data than the government.


Is this over reach? Seems like it would be good for the treasury to go after tax dodgers and money launderers.


They have other means that won’t have an impact on everyone when it’s not necessary


Destroying confidentiality of data on the net is a greater cost than getting small time tax evaders. The brunt of tax evasion is legal and fully a legislative issue.


I used to be a big EFF supporter until I learned they take millions in donations from the same organizations they’re supposed to be watching. Best case scenario it’s a massive conflict of interest, it’s a big problem for me that they find it to be ok.


This is an irresponsible claim if not backed up with a citation.

Further, I happen to monitor corporate funding to nonprofits (including the EFF) and public reporting suggests EFF only received $7500 from Google in 2018 and $25K from Facebook.

Whereas Center for Democracy and Technology, which was founded by the former Executive Director of the EFF in 1994, received $430K and $500K, respectively.

See https://news.bloomberglaw.com/privacy-and-data-security/face...


“ Google gave the Electronic Frontier Foundation $75,000 in calendar year 2017, $15,500 in calendar year 2016, and $325,000 in calendar year 2015, according tax forms, annual reports, and interviews with the nonprofit.”

Add up all the money they’ve accepted from these types of companies over the last 10 years. They shouldn’t be accepting $1 from Google.


All of the figures from said article add up to EFF receiving a total of $478K from Facebook and Google over four calendar years (2015 through 2018).

Of course I agree that these orgs shouldn't accept money from tech giants, but any critique should be done accurately with citations.


I don't think forum posts require citations, especially when they're correct. This isn't a peer-reviewed paper, it's a forum comment.


> especially when they're correct

But that's the thing, its not correct. You stated the EFF has accepted millions from Facebook and Google, as in multiple millions of dollars. $478k is significantly less than multiple millions. Its over a million dollars away from being correct.


I didn’t specify a time frame or the specific companies. I’ve provided enough evidence to indicate this is true.

The larger point is also unequivocally proved: the EFF has massive conflicts of interest that it apparently thinks are fine, which makes it untrustworthy. If they accepted $100,000 from Google that would be just as much of a problem — it’s a huge amount of money. Extrapolating out from the sample data that’s easy to find, it does look like millions. If you want to conduct some in-depth research to prove that wrong please do, I’d be interested to see a full qualification for their horrible conflict of interest.


> I’ve provided enough evidence to indicate this is true.

Have you? You've provided evidence for less than half a million, yet you claim its at least $2M.

I do agree IMO they really shouldn't accept much money but you're claiming you've shared proof they've received multiple millions and yet you've only shared proof for less than half of that.


Yes, that amount in that time frame and from only those companies extrapolates out to millions over a larger time frame and with any companies in that category. Again, if anyone is really concerned they’re free to conduct detailed research. I feel extrapolating is reasonable enough to make a forum comment.


Showing that they've accepted a few hundred thousand is far short of showing they've accepted millions. For the facts presented all we know was there were only three years these companies made any donations to the EFF.

If I gave someone $1 today, $10 the next day, and $100 the day after, would you then assume at the end of the year I gave the person hundreds of millions of dollars? Clearly I'm increasing this by 10x every day, so obviously this should continue in perpituity, right? Or maybe these were three one-off things, and it would take further analysis to determine I only actually made these three contributions?

I don't know the EFF took millions from Facebook and Google. They might have! But the data given doesn't prove it, and extrapolating it is only a little less crazy than the extrapolation above. There's guesses, and there's facts.


Since you seem so invested in this here’s another source: https://thebaffler.com/salvos/all-effd-up-levine

“ Over the past years, EFF has taken millions in funds from Google and Facebook via straight donations and controversial court payouts that many see as under-the-radar contributions. Hell, Google co-founder Sergey Brin’s foundation gave EFF at least $1.2 million.” You can argue with that guy about his sources too. He’s also making an even bigger claim since I wasn’t limiting my assessment to those two companies.


I went through every 990 from the Sergey Brin Family Foundation and see no donations to the EFF in any of them (from 2014-2019).

Happen to know of a source for Yasha's claim?

https://projects.propublica.org/nonprofits/organizations/472...


I do not, although he might be willing to share it. I did, however, write an email to EFF requesting records that could shed some light on the full extent of their conflicts of interest. I'm not expecting them to reply with anything useful but I guess there's a chance.


I hadn't heard this before, could you provide a source or examples?



That's a mighty big claim. Do you have similar scale supportive references?


Here’s a start but you can dig for more https://news.bloomberglaw.com/tech-and-telecom-law/facebook-...


We need a Supreme Court ruling or law that says if the government doesn’t have a warrant to collect your data, they also can’t buy it from third parties.

We also need privacy protections so these companies wouldn’t exist in the first place.


Not a Supreme Court ruling: if there's no law outlawing it, there's no basis for them to rule against it. Do you really want five unelected, unaccountable lawyers deciding this matter?


Here you go:

"Amendment IV: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."


But, nothing is being searched or seized here; it seems like people gave up their personal data, ignored or didn't read a ToS, and companies are selling it - not being forced to give it up. I don't like it, but does it mean it's illegal?


The government purchasing this data is tantamount to a search. There's quite a bit of precedent on this, much of which was needed after telephones became ubiquitous. Just because the electrical signals carrying a private conversation pass through wires that are owned by a third party does not make the conversation public. Similarly, just because internet traffic is observable by anyone with a network tap does not mean that the government can passively collect this data "just in case". Purchasing the data from a third party does not magically absolve the government of its Constitutional duty to first obtain a warrant for the data.


> Just because the electrical signals carrying a private conversation pass through wires that are owned by a third party does not make the conversation public

Without data protection laws that data isn't your private data, that data is the company's data. And you are free to do whatever you want with your data, and since the company owns this data the company can sell it to the government, it doesn't matter if you consider it to be your private data the company still owns it. Europe has GDPR which clarifies this, the data is yours even if it is stored on company servers, I'm not aware of USA having anything similar except for health data.

So to me it sounds like you'd want USA to create something akin to GDPR.


We have laws, though. The Fourth Amendment is a law, and it's reasonable to say that purchasing what is (arguably) the company's data is still tantamount to a search of our "effects".

Or maybe it's not, and we need new legislation specifically targeting this. That's where the Supreme Court comes in: their raison d'être is to resolve ambiguities in existing law.


> The Fourth Amendment is a law, and it's reasonable to say that purchasing what is (arguably) the company's data is still tantamount to a search of our "effects".

Got any precedents for this? All examples given in this thread was about the government forcing companies to hand over data, not companies just plain selling it to the government. These companies are already selling this data to other companies, like credit score companies gets a lot of data from banks, so to them selling it to the government as well is just another buyer. Does the fourth amendment really apply to cases like this? My hunch is that it does not, and you wont find any such cases since it is so clear that it doesn't apply that it hasn't even reached a court.


I don't. My point is just that the Supreme Court can set a precedent, so it's possible that if the case were brought to them they might decide that it's covered under the Fourth Amendment (or something similar) without needing additional legislation.


I think this could win with a supreme court with judges who have a looser interpretation of the constitution, which right now is not the supreme court we have. The majority of the justices right now have a stricter interpretation and would not see government buying data as "search and seizure."

The better solution would be to have laws legislated. However, unfortunately, there is so much gridlock because congress members are just chasing after Ws for their respective parties and minimizing Ls.


I don't see any reasonable way they could find a way to expand the Fourth Amendment to cover this without it also covering things like the government using information given to them by informants and witnesses without a warrant.


You misunderstand the fourth.

1. The data is not yours. It’s the company’s 2. The government is not “search or seizing” the data, they are purchasing it or a license to it. 3. The company is selling it voluntarily, the government is not compelling it.

The fourth does not apply.


Nobody reads ToS. Doesn't mean people should give up their personal data.

Maybe it should be illegal?


> Maybe it should be illegal?

Then Congress has to pass a law to make it illegal.


Data held by 3rd parties falls under "papers and effects".


Not really. It’s the service’s papers and effects, which happen to contain information about you.

There’s obviously something very wrong here, but it’s a dead end to say no one can sell the government info about people. Need a different approach in the vein of outlawing crazy TOSs, keeping user ownership of their data even if used to make a service operate, right to be forgotten, etc.


As far as I know, a warrant is required to tap a landline phone. I don't see how the principle behind that (reasonable) interpretation of the 4th amendment would not also apply to any kind of data (or metadata) from Internet traffic. Just because some 3rd party collected what is, by legal precedent, clearly considered personal effects and papers does not mean that 3rd party can grant absolution to the government in its need for a warrant to obtain that same data.


Telephones actually have a specific exemption to what’s called Third Party Doctrine: the government’s right to acquire information sans warrant when that information is lawfully held by a third party.

Telcos are exempt for exactly the reason you mention: phones are really important to daily life and they collect tons of sensitive data as a side effect of normal use.

IMO this is one of the more viable routes to getting this behavior changed: expand Third Party Doctrine exemptions to a lot more services, but to do that we’d have to confront just how much data we’re choosing to share, and whether we’re actually choosing to share it.


According to what law or precedent?


The USA definitely needs to pass a 'GDPR on steroids' law here to get the bored government agencies off our backs.


Amendment IV doesn't actually expressly include a warrant requirement for anything.

It requires searches and seizures to be reasonable.

It also creates requirements for the basis of any warrants that are issued.

It is a series of Supreme Court rulings that infers a general warrant requirement with some exceptions from that text.


The biggest weasel word of all time: "reasonable".


The fourth amendment doesn't address the case where people voluntarily provide information to a third party which contracts with the government to pass it on. It's indicative of the attitude we should have in the matter, but it's not basis enough for a legitimate Supreme Court opinion — not that that will prevent one being given, mind you. There really does need to be a law preventing government from contracting with private companies to provide confidential information without a warrant.


How is this not different from asking a phone company for the transcript of a private conversation? Or of asking a bank for account statements? It is the nature of any sufficiently complex economy that private entities will possess extremely intimate knowledge about their customers, knowledge which their customers "voluntarily" provided in the course of business. None of this has any bearing whatsoever on the constraints applied by the 4th amendment, unless we are trying to move toward the interpretation that literally any interaction with the outside world is subject to unlimited surveillance by the state.


The difference is none of those things are freely available for purchase?

That’s the key here - these companies are already selling this information. The govt is just saying “cool, we’ll buy it too”.


This comment above does a good job of explaining how phone calls are different: https://news.ycombinator.com/item?id=29170649


The ruling shouldn't be on the Fourth Amendment but on unenforceable blanket ToS's. It would require a law or another amendment though. Any information collection that is not affirmatively allowed by your actively posting it yourself, or that you allow on each individual instance should be illegal.


The amendment doesn't say "secure from government" or "secure from law enforcement." It just says "secure."

A person cannot sell themselves into slavery. Yet we allow the US government to endorse indentured servitude for immigrant labor, because corporations want indentured servitude.

Nor can a US citizen sign away workplace safety rights, legally. Yet we allow US construction companies to rampantly hire off-the-books undocumented labor so that they can freely ignore workplace safety rights, since no one will exist to make claims against them.

It would have been perfectly reasonable for a court to broadly ban surveillance of individuals by telecom companies back in the 1990s, based on the same principles that those courts have willfully violated on behalf of corporations in the other examples above.


I think you're making the opposite argument from what you hope to. You start off suggesting that the fourth amendment might apply here, but then point out that in every analogous case you can think of, the court has declined to stand up for people wronged by government acting through corporations. What makes you think they would do differently here? More to the point, why do you want the judicial branch to exercise legislative power in this, or any, case?


Let me clarify: I'm not suggesting that precedent and consistency demand one way or the other, I'm saying precedent and consistency only matter until it's a corporation with lots of political donations brought to bear, in which case precedent and consistency cease to matter.

Therefore, arguing precedent and consistency is relatively pointless. My point was an exercise in "anything goes, so make the law fit the argument." That's what Chevron would do.

In other words: What's the desired outcome? That corporations cannot wantonly create mass surveillance any more than the government can. So make the law fit the desired reality: extend the 4th amendment to say that privacy is a basic human right and people cannot contractually sign it away any more than they can contractually sign away themselves into forced labor. A clever judge could outlaw H1 visas in the same ruling and get 2 birds with 1 stone.


I'm sorry to nitpick, but a judge can't outlaw anything. Judges don't make laws. They interpret them, and I can't imagine a court willing to opine with any sort of honesty that the fourth amendment provides the sort of protection you're suggesting. I'm as angry about it as anyone, but I recognize that neither my opinion nor my anger is law, a sentiment which I hope for the courts to share.


It doesn't bind private persons, but it can certainly be argued that by the government making a purchase, the collection (even if retroactive) is pursuant to government direction through the incentive or interest nexus, and therefore the collection itself should be unconstitutional as soon as the government makes one purchase.


This falls under the 4th amendment. Certainly under the purview of the Supreme Court.

I'm not going to pretend to know what the ruling would/should be according to the 4th amendment, though.

> Do you really want five unelected, unaccountable lawyers deciding this matter?

No but that's what happens when Congress is so split right now.


The judiciary doesn't just rule on the constitutionality of laws (actions by the legislature) but also actions by the executive, for example vaccine mandates.


Sure, but the CIA has existed since 1947- if it were illegal for them to gather information on citizens from companies who willingly give it up (for free or for sale), it would've already been decided and would apply to today's data.


If a private company can buy the data why shouldn't the government be able to?

The real solution is to not allow the data to be sold to anyone.


Private companies (theoretically/ideally) don't have the power of life and death over you


But they do. Private companies have killed people with ill-made products [1], pollute our air and water [2], have purposely targeted people for harassment [3], and created drugs solely for addiction [4]. These examples only took 30 seconds of thought.

The idea that businesses (whether public or private) can't hurt me or my family is absurd.

[1] https://en.wikipedia.org/wiki/Fisher-Price#Rock_'n_Play_reca...

[2] https://www.consumerreports.org/water-contamination/how-frac...

[3] https://en.wikipedia.org/wiki/EBay_stalking_scandal

[4] https://en.wikipedia.org/wiki/Sackler_family#Opioid_lawsuits


Like literally, the amount of instances where the government is weighing life/death is very small, even smaller at the federal level (most death penalty cases are against state laws). If you're meaning in the 'government programs can greatly affect my quality of life', then private companies can totally do that too - through targeted advertising.


I'm not sure if this is satire/sarcasm. Are you comparing the power to imprison people with targeted advertising?


That the government has power over you at all is what matters, not how often it exercises that power against you. Already parallel case construction is a troubling problem (given the warrantless domestic surveillance). Grant the government access to surveillance capitalism / ad tech, and now you've got another vector to launder evidence.


Like literally, that is the basis for state power - several iterations of "...or else" finally end with "we kill you". Private companies don't enjoy that privilege - because they don't have the power to distinguish murder from justifiable homicide.


More broadly, a monopoly on violence.


Slightly less broadly, a monopoly on "legitimate" violence not limited to self-defense or a proportional, reciprocal response to prior violence.

If the state actually managed to monopolize all violence that would be much better than what we have in practice, with plenty of non-state violence in addition to that instigated by the state, though calling any aggressive use of violence "legitimate" would remain a travesty.


not to mention the power to imprison you.


>don't have the power of life and death over you

Actually they do. See this for just one of the many ways they have that power:

https://www.mercurynews.com/2007/12/21/teen-dies-hours-after...


I'd go farther than that and say that such data shouldn't be collected in the first place.


There is a solution - individually act in a way to limit what is collected. Take charge of the tracking devices you own, and of your spend. For extra credit, seed with bad data or misdirection.

Statistically zero people make any effort, other than maybe saying the government should limit government data mining. Here is an idea, turn off mobile phone location tracking this weekend.


>Statistically zero people make any effort, other than maybe saying the government should limit government data mining. Here is an idea, turn off mobile phone location tracking this weekend.

What, exactly, do you mean by "mobile phone location tracking"?

Your phone provider needs to be able to locate your device to provide voice and data services. You'd need to remove your battery to disable that "phone location tracking." In which case, it's just a lump of glass and plastic. Which might make a good paperweight.

As for "location services" and GPS, I never turn those on.

As I said, the data shouldn't be collected -- at all. That's a regulatory issue, not a technical one.


Because the Government has a strictly limited power: it is subsidiary.


There are plenty of things government can do that private industry does not have the ability to do.

Making transactions (and even paying informants for information) are and should be within the power of the government.


We can't rely on SCOTUS to make this ruling for another 50+ years, so our best hope is to start with state legislators. The majority of law enforcement happens at a state level, and most state legislators aren't as hamstrung as the federal one is, so this is the easiest way to achieve the most impactful results.

Also, POTUS is in charge of most federal law enforcement agencies. So it might be possible to handle this at a federal level through an executive order. Obviously, this doesn't have the staying power of a proper law, but it's something.


>> We can't rely on SCOTUS to make this ruling for another 50+ years

If that's a comment about the bureaucracy working slowly as hell, that is reasonable. If it's about the makeup of the court, I disagree.

Kavanaugh and especially Gorsuch are two you want on the court in this case.


Judiciary doesn’t make laws. Every controversial ruling that people worry the SCOTUS could be permanently solved by passing a law or amending the constitution. But if that happens then lawmakers no longer have the talking point to use when running for re-election every 2/6 years so both parties they a shared incentive to keep the status quo.

If you don’t put it into law/constitution then a new set of justices could reverse the ruling in the future.


> Kavanaugh and especially Gorsuch are two you want on the court in this case.

What makes you say that? From what I can tell, Gorsuch doesn't seem keen on limiting law enforcement powers at all. Kavanaugh is a bit of a wild card, but I'd be curious to hear times when he's agreed on limited police powers.

> The new rule the Court seems to formulate puts needed, reasonable, accepted, lawful, and congressionally authorized criminal investigations at serious risk in serious cases, often when law enforcement seeks to prevent the threat of violent crimes. And it places undue restrictions on the lawful and necessary enforcement powers exercised not only by the Federal Government, but also by law enforcement in every State and locality throughout the Nation.

https://en.wikipedia.org/wiki/Carpenter_v._United_States


We just need members of Congress to have embarrassing info or evidence of criminality exposed by data broker collection. Then they'll seal everything up like with video rental records.


I'm not sure most members of Congress have the capability to be embarrassed anymore. The ones that do probably don't have much interesting to hide.


Feels like it would be more airtight to amend the Constitution. Why hope that precedence falls a certain way instead of removing any ambiguity from the law?


The last amendment to the US constitution that was proposed and then ratified came in 1971. With bipartisanship being what it is today, do you think there’s any chance of pushing another one through at this point in time? The bar is high, and American politicians are loathe to give any opponents perceived wins, even if it’s regarding overwhelmingly popular policies.

Sure, you’re probably right that it’d be more airtight. It’d also mean an almost herculean effort. It’s probably best to explore other options as well.


Between 1971-72 there were 2,500 politically motivated domestic bombings in the US. Partisanship now, as bad as it is, doesn’t come close to that level of violence.


That maybe more because getting away with bombing was easier then than now?.

While there was issues that got escalated in the past - there was literally civil war over one, the data shows that amount of legislation passed has slowed down considerably recently.


I suspect the bigger issue is public indifference. Only a small percentage of voters anywhere on the political spectrum vote on privacy as an issue.


There's a good chance the Constitution covers this now. What we need are uncompromised courts to hear and rule on 4A violations.


I'd agree that the 4th Amendment ought to cover it.

It isn't unambiguous, though. It isn't hard to see how a lawyer could point out that "and to forever secure the people, their persons, houses, papers, and effects, against all unreasonable searches and seizures under the guise of law" says nothing about purchasing data from a 3rd party. This wasn't really something that would have come up in the 18th century.

Extending the letter to match the spirit is why reflection is built into the runtime of the current constitution.


Can a Gov agent legally avoid the warrant requirement by paying some rando to perform an invasive search?


And furthermore can they reverse the order of said invasive search and payment through a wink-wink arrangement? I think the case is pretty strong against the government here. The EFF should bring a suit.


The federalist society which has hugely influential attorney and judicial membership believes in a textual interpretation of the constitution.

They wouldn't go for a sensible modern reading but instead stick to gospel like dogma on how it was intended to be read 250 years ago I guess.


I could get behind an originalist reading of the copyright clause.


The intentions that 3rd party has changed, but having a PI follow a suspect, or coercing (with money or threats) a CI to provide information predates computers and the Internet and probably the Industrial Revolution as a police tactic by a huge margin.

Purchasing "data" from a 3rd party is a modern Internet spin, but it's not like the concept is brand new to the law or the legal department.


I don't necessarily believe a Constitutional amendment is necessary, since this would be a law limiting government reach, not extending it.

In all likelihood, the amendments text would look something like:

> Section 1: The fourth article of amendment to the Constitution of the United States is hereby extended to include information or detail held, owned, or otherwise under the custody of those other than the accused.

> Section 2: The Congress shall have power to enforce this article by appropriate legislation.

Which then necessitates some accompanying legislation to further clarify. But I'm pretty confident we can get there through legislation alone.


I'm not so pessimistic. United States v. Jones showed that both wings of the court can unite to push back on this kind of overreach.


Third party doctrine has been decided on a case by case basis with respect to the type of data provided. Recently the SCOTUS has been pushing back on this, in particularly around automatic data sharing intrinsic to the operation of a device, such as cell phone location records.

However, no one has gone as far as Utah in requiring warrants.

https://en.wikipedia.org/wiki/Third-party_doctrine

https://www.wired.com/story/utah-digital-privacy-legislation...


Are warrants necessary? I thought a warrant was a legal way to compel compliance. If the company who owns the data wants to sell it then that's that.

It either shouldn't be collected or if it is then the sale should be prohibited.


If I hire a hitman who murders you, I will be guilty of first-degree murder. Our legal doctrine is sophisticated enough to handle this kind of first-order misdirection.


The hitman is committing a crime. You are hiring the hitman to commit that crime.

The data broker selling your information is not committing a crime, so the situation is not at all comparable.


If SCOTUS outlawed buying the data, they’d just find ways around that too. Maybe they’d just start creating apps and directly monitoring people. With an unlimited marketing and development budget, they could wind up on the majority of Americans’ phones pretty fast. Depending on the kinds of apps they created, they might get warrantless access to millions of bank accounts, text messages, emails, video conferences, full real-time location tracking, and more.


Startup idea: Buy dirt on your enemies and donate it to the treasury - with just a press of a button! Now they aren't buying it anymore so all should be well.


You'd get industry screaming bloody murder faster than you can say 'Uncle Sam'. See why the NWS/NOAA are restricted in the weather products they can offer, and why a simplified tax filing option has been so long in coming.


Oh I don’t think anyone would know about the government being behind it. They could do it through front companies. The government already does all kinds of other activities through front companies.


They'd just nudge their other Five Eyes friends into sharing their copies.


Warrantless access to all of those things is basically the definition of an unreasonable search and seizure. It is prima facie prohibited by the 4th amendment. There is no "way around" it.


Why? I understand the subject is unpleasant but I don't see anything that remotely qualifies as legal over reach.

Users must sign a consent statement to a terms of services agreement. That is a voluntary action where users erode their own privacy protections and surrender their contributions. Anything that happens later is completely incidental and solely between the data owner (which is not the user) and the third party.


Irrelevant to the 4th amendment. A service's TOS does not absolve the government of its constitutional prohibition against unreasonable search and seizure. Buying data from a 3rd party service is still a search and seizure, much like paying a hitman is still first-degree murder. The question is whether it is reasonable.


Social media is not the third party once you surrender your data to them. You, the user/product, become the third party in any forthcoming transactions. The only legal challenge therein are details related to exposure of bulk PII which remain protected without regard for the fourth amendment by other laws.

This has been the case for decades. I remember before the internet publishers selling their users subscription and preference data to solicitors. People don’t gain new privacy protections where they never existed prior, especially if the absence of expectations is explicit and agreed upon by the user.


I’m confused. Aren’t we talking about the 4th amendment here? The implied “right to privacy” is only in relation to the government. To me, this means there is a categorical difference between random third parties buying data about you, and the government buying data about you.


No. The fourth amendment does not apply here. In US legal doctrine there is no right to privacy. The fourth amendment exists to provide a right against improper search and seizure.



The Third-Party Doctrine is about the ability to compel third parties to turn over information they hold on others. They don't need to resort to that when they can just buy the data on the open market.


I absolutely think that the government should be able to purchase data in order to conduct investigations.

Unlike private actors, governmental actors are publicly constrained in their actions and representatives of the will of our society.


the subpoena system, for all its failings, is that public constraint. if it can be circumvented, that constraint effectively no longer exists.


The requirement of a subpoena doesn't prevent the government from taking actions that private actors could legally do, it compels private actors to act according to state whims.

If someone volunteers information, it is not a "circumvention" of the subpoena.

Breaking into Google and stealing information for a criminal investigation would be circumventing it.


> The requirement of a subpoena doesn't prevent the government from taking actions that private actors could legally do

Irrelevant. Gov wants data, Gov gets a narrowly targeted warrant first. Beyond this lies 4A violations.


Can the government buy an autobiography I wrote detailing my crimes to help their investigation? Or is that a 4th amendment violation?


The Gov can acquire data that you - with full willful consent - have chosen to make publicly available. eg: public social media posts.


Can the government use my ex-wife's autobiography detailing the crimes she saw me commit in order to help investigate me?


Because search is the scope of our discussion, the answer is that the government can read your wife's book for the same reasons they can read your book.


Is one suggesting not detailing our crimes in any recorded format and making it public if we do not want said recordings to be part of a government investigation?


> Irrelevant. Gov wants data, Gov gets a narrowly targeted warrant first. Beyond this lies 4A violations.

No? What are you basing this off of?


No... Government asks nicely, and business decides whether being a known narc will kill their business prospects, then either hand over the data, or ask the Government to pretty please get a warrant so they have an excuse.

Let's be realistic here.


And it's still a violation of the 4th amendment. Now, whether the fact that the violation occurred is surfaced in court, and successfully used to exonerate a defendant, is where the problems occur.


It is not a violation. Third Party Doctrine. You waive 4th Amendment once you share something with someone else. This is the same legal phenomena that pretty much guarantees LE will get access to card based financial activity, and telephone metadata.

They'll need a warrant for a wiretap, but tracing contact graph has been open season for as long as I've been around.


Arizona v. Gant


Paying someone for information != warrantless search. A search involves compulsion.


No, it is more nuanced than that and depends on the nature of the information. Banks hold massive amounts of highly personal information about their customers, and this knowledge is an unavoidable consequence of the business relationship. I think most people would agree that the government needs a warrant to obtain this information, even if the bank was willing to sell it anyway.


> I think most people would agree that the government needs a warrant to obtain this information, even if the bank was willing to sell it anyway.

I don't think it is legal for banks to sell their balance information to other private entities either. But if it were, then I think it would be permissible for the government to be one of the buyers.

Your interpretation of 4A is not backed by any legal precedent.


> A search involves compulsion.

Exclusively? That's a novel interpretation of 4A. Where did you get it?


I get the impression that a majority of the commenters here are (somehow) not aware that there is a deep body of legal precedent interpreting 4A.


> there is a deep body of legal precedent interpreting 4A

I don't think there's any landmark decision contrary to the interpretation of 4A that I'm putting forth.

As it stands now, the interpretation I am putting forth is the one the government abides by - it can buy data from brokers without warrant if there is no compulsion.


> I don't think there's any landmark decision contrary to the interpretation of 4A that I'm putting forth.

There are tons of case law that have interpreted 4A out to it's currently upheld boundaries - boundaries that aren't well represented by the original wording.

> the interpretation I am putting forth is the one the government abides by - it can buy data from brokers without warrant if there is no compulsion.

You can believe that if you choose. It is curious tho, why you feel a compulsion to keep roping compulsion into it.


> You can believe that if you choose. It is curious tho, why you feel a compulsion to keep roping compulsion into it.

Because that is where the current boundaries are at? That is the DHS/DOJs interpretation of 4A, and so far there has not been any successful court challenge of it.


I think that's a sound assessment.


>> Unlike private actors, governmental actors are publicly constrained in their actions and representatives of the will of our society.

Are you aware of the term 'unelected bureaucrat', and do you know how many of them exist? They are accountable to no one. They continually prove to be significant problems.


Even the most unelected bureaucrat in America is more representative of the will of the people than a middle manager at Facebook.


I'm more afraid of police and local prosecutors than anyone at Facebook, including Zuck himself.


No


My major concern with this is the accuracy of the information. I regularly put in dodgy data on registration forms where there is no financial contract. This puts me at risk of being held to that information. Because it's on the computer, it must be right.


Sounds like this is a reason why this is not a foolproof approach for the government, not a major concern for you.


Almost all investigative work is asking people to share information that they don’t legally have to.


Interviewing a person is not "search and seizure"; the two things are categorically different.


So looking at all your comments so far, it appears that:

1. If Bob is selling data that he legally obtained about Alice and legally can sell, it is a search if the government buys that data from Bob, and

2. If the government interviews Bob and Bob gives them data about Alice, it is not a search.

I'm failing to see the distinction you are making.


Why should dark web data brokers get to look at all of my nudes but not the Supreme Court?


Web data brokers can't legally kick in your door and kill everyone inside.


Neither can the government generally.


It may not be precisely legal, but they're unlikely to suffer any repercussions if they do it anyway. Which amounts to the same thing in the end.


I think instead we need people to not give away their personal information.


But why? I would like to be able to text my wife while she’s at work. Shouldn’t I be free to do that without sacrificing my right to privacy? Or should we just keep technology the same as it was in the 18th century?


Please take a closer look at the article. Directly collecting texts do not appear to be the type of data involved. If they were included in any way, it would be the result of users granting apps access to them.

Also please note-- and I should have made this note in my original post-- I'm. It saying people can avoid data acquisition by 3rd parties. Merely that users frequently give away far, far more than they have to: whenever they install an app that asks for more permission than necessary to function. Whenever they agree to the popup in browsers that as for access to location data or to receive notifications from the site. (I say something about cookies and JavaScript, but many sites are useless without JavaScript and navigating the dark patterns for those sites that allow cookie preferences is ridiculous. A good ad blocker will at least catch some of that though./


We need to make a law that says the wolves can't eat the sheep


Unfortunately, this isn't really the Fed's buying their way around the 4th amendment as the article states: it's people selling away their 4th amendment rights by giving their personal data & right to resell it to companies that will sell to anyone with the cash to buy it.


As I understand it, that's not quite true. I can't get a phone provider that won't pen register my data off. It's not an option and it's entirely not practical to conduct life without a phone of some kind.


Mint mobile. Buy the SIM card with cash.

People say they want privacy, but people say a lot of things they don't mean. Instead I look at their actions. No one's willing to inconvenience themselves even slightly for privacy.


> Mint mobile. Buy the SIM card with cash.

Where can you buy a SIM card with cash and not have to show any ID? And for bonus points: where you will also not be recorded on CCTV doing so.


At any store. There is no registration requirement for SIM cards in the US. Wearing a mask is completely socially acceptable in the US now :)


Try it at your local store, and if they ask, tell them that you don't have an ID card because your wallet got stolen last week. Be a little adventurous.

>where you will also not be recorded on CCTV doing so

This begs the question on whether you are trying to avoid automated surveillance and correlation or whether you are trying to out-do Usama bin Laden at competitive hide and seek. The more important question is: how long is that CCTV data stored for?


You used to be able to buy mint mobile cards at Best buy, maybe still can.


I just spent the last couple days on a business trip, trying to do dev work while mobile and even though I have all the latest, common tech it's still death by a thousand cuts. If I'd be doing this kind of thing with obscure distros and hardware I'd probably not have even slept last night. When in a pinch, it really does not seem realistic at all. I don't understand how you guys do it.


It's perfectly reasonable for people to want greater privacy in off-the-shelf products they buy. People shouldn't have to resort to buying SIM cards with cash (???) to preserve their privacy.


You can purchase with a debit card to preserve your privacy if you'd like if your debit card is held by an institution that values that sort of thing. But the point of buying SIM cards with cash is to be sure nobody, not even Visa/Mastercard or your bank can tie it back to you. There's a difference between data privacy and having a phone number that isn't linked to your person (besides if someone manually reviews CCTV footage), the OP is advocating for the latter.


Yes, exactly. There are differences between confidentiality, privacy, and anonymity. It's a Venn diagram. Using effective crypto and self-hosted services gets you confidentiality of your data, but not necessarily anonymity if your hardware, accounts, and payments are tied to your name.


It is true when you're trying to mix pen register data into this. That is a completely different class of data that no law enforcement agency has to pay for or contract with an outside company to access, mixing apples & oranges from what the Treasury is purchasing.

The context of this story is data willingly given up by users through apps or websites that people give permission to use & resell. A decade ago or more there may have been more of an excuse for consumers: awareness of just what was tracked and how it was repackaged and sold on to other entities was not as well known. Now there is little excuse: If someone installs an app and hits "agree" to the data it wants to access, or clicks "okay" to the browser popups on sites that want their location, that's on them.

Data legally (if dubiously) collected explicitly for law enforcement purposes that still require a court order to access is a completely separate issue in terms of giving up 4th amendment rights.


Telco data is actually specifically protected specifically for this reason. It’s immune from third party doctrine, which is the whole, “the govt can ask someone else who has your data for it.”

Not sure how that exception is being handled in the Treasury case.


I didn't give anyone shit. Don't accuse me (or anyone else) of that. This is advertising tracking data that normal people can't avoid generating. Ever had a product advertisement follow you around the web? That's the kind of data we're talking about here. I aggressively block, limit and quash everything like this (to the point of things often not working on my networks and devices) and I still generate massive amounts of data that I would prefer not be used to target me for anything. Blaming the user for this arguably illegal abuse of their data is irresponsible and borders on malicious blame shifting.


You're point would have been better made without the confrontational tone and upfront profanity.

The article specifically talks about apps as well, and that is a user choice. Web pages also ask for location data in popups: this can be denied to them, which limits (though only limit, not prevent) pinpoint location tracking. I never said all tracking can be prevented. I said that people give away their personal data. That is a true statement regardless of whether certain types of data are taken without their consent.

I think we're probably (mostly, or at least partly) on the same page here. But if you want to continue a discussion that's fine, but only if you review HN community guidelines on discourse and civility beforehand. Also not that I often go days without revisiting threads to see if further conversation on a topic would interest me, but I'll try to make a trip back to this one to check in.


I don't think much of the constitution but surely this goes against the spirit of the 4th amendment. It kind of defeats the whole purpose. The sale seems to be conducted under duress. Also, the way you frame it sounds wrong. You wouldn't expect it to be legally binding for someone to sell his constitutional right not to be made a slave, for (an extreme) example.

The easy way out would be to make such information not suitable as evidence. Perhaps exceptions will be made for cases when there's a clear risk to public safety. (such as prosecuting al capone)


People do have, in certain situations, the ability to sell their constitutional rights. You sell your right to free speech when you sign an NDA. You can't sell yourself into slavery because slavery itself is illegal.

Slavery itself is also somewhat of a special case because entering into a contract requires the ability for each party to seek redress or other appropriate methods of enforcement. But once a slave, all personal agency is lost and therefore the enslaved party is no longer on equal grounds with respect to having the contract honored. It is an inherently paradoxical contract.

Contrast this with selling your right to free speech with an NDA: you still have access to all the methods of enforcement and redress if disagreements about the terms arise while the contract is in effect.


I'd recommend doing some reading on constitutional law and specifically interpretations of the 4th amendment. One cannot "sell" their 4th amendment right, because the text of the amendment places obligations on the government. The act of buying 3rd party data is tantamount to a search and seizure, regardless of whatever TOS was signed by the user who provided that data.


> The act of buying 3rd party data is tantamount to a search and seizure, regardless of whatever TOS was signed by the user who provided that data.

Legally, this is false, but obviously most people here would advocate for data ownership and control, even when it's transferred under a contract (regardless if it's via a checkbox, or signed and notarized).


One could argue that the data becomes public, after it became sellable.

I’m all for the 4th. But restraining law enforcement not to use public data?

Now should it be so easy to give up your rights to your data is a different question.


Regulation could easily reverse the flow of data


We need an FCRA for data. We need the ability to rescind the data if it’s a third-party.


Just to clarify: the Federal Reserve and the Treasury Department are separate things.


When I said Feds I meant it as the federal government in general, not a reference to The (Fed)eral Reserve. Because I'm guessing that if Treasury can do this, it's also an option available to any investigative branch of the federal government.


Idea: get together some money, buy data of 100 of the CEOs of Fortune 500 companies.

Publish everything found, see if the laws are then changed...


A good start, but their profiles are probably incredibly well scrubbed (or whatever is out there is already mitigated).

Instead, collect it on every Congressperson and then see how fast things change. Most politicians don't have the means to scrub their backgrounds like multi-million dollar PR-vulnerable CEOs.


> A good start, but their profiles are probably incredibly well scrubbed (or whatever is out there is already mitigated).

I have serious doubts about this.


Congresspeople are also all multimillionaires who are PR vulnerable.

As of 2011, the average Senator had a net worth of $14 million and the average Representative had a net worth of $6.5 million.

Presumably it has only gone up in the decade since, given the long bull market in everything.

https://ballotpedia.org/Net_worth_of_United_States_Senators_...


Seems more likely that those same Congresspersons (Congresspeople?) will try to stomp you out of existence, before making any changes to the law.

I don't imagine people with such amount of power and connections to just roll over because "they caught us with the hand in the cookie jar!"


They did that, twice. Panama and Pandora papers (2016, 2021).

https://en.m.wikipedia.org/wiki/Panama_Papers

https://en.m.wikipedia.org/wiki/Pandora_Papers


It's probably faster to buy data on members of Congress. I assume that's where things likt the Video Privacy Protection Act came from.


It seems apparent that the US government is pursuing a novel strategy to route around the Bill of Rights:

Steps:

* Allow (and encourage) private sector monopolies to form

* Use its leverage and influence to "encourage" those monopolies to do things which the US government is not allowed to do (examples: censorship, data collection)

The list of First Amendment precedents, for example, with respect to the government is long and detailed. On the other hand, private companies operate under fewer restrictions and can act much more freely.

So if we have a situation where there are a small number of monopolies and they, through personal relationships (marriage), lobbying, and the revolving door have a cozy relationship with the US government, then the government can effectively censor (for example) by more or less declaring "will no one rid me of these turbulent tweets" and have the monopolies jump to comply (or face increased risk of antitrust action for example).

This is a win-win for both: the monopolies avoid antitrust and other unwanted regulation by playing ball, and the government gets to ignore the Bill of Rights by "outsourcing" actions to what are in effect de facto quasi-governmental entities. It's only a loss for the people for whom the Bill of Rights was written to protect.


This is exactly what is happening. And afaict as far back as the 70's. Major isp's taking public funds, close relationship between nsa and Google


Kind of reminds me of Confessions of an Economic Hit Man. The discretionary federal budget averages like 8% of the economy--that is an ungodly amount of economic resources that can be directed to private entities to accomplish basically anything the government wants to do, regardless of what the Constitution dictates.


If one sees the U.S. constitution and its amendments merely as dated conventions, there is no reason for the IRS and other agencies not to leverage tech to drive enforcement numbers, and for the agencies themselves to just become the policy levers they want to have. However, there are others who believe the rules are in place to prevent this precise type of eventuality, where a technological change shifts the balance of power and shreds any perception of a social contract, so you need rules that limit the scope and powers of government so it doesn't consume and enslave everything.

I think a generation of people who believe the former statement have taken control of institutions, and we're watching it play out now. If you want to predict what this generation of bureaucracy will do, find the emergency exceptions and notwithstanding discretion to every law that protects the individual and limits the power of government, and then contrive the excuse that enables it, and this will be the policy and tactics of the people behind it. This Treasury collecting data story isn't about legalisms and principles, the people doing it really are nihilists, where language itself is just words that can mean anything, so it might as well mean whatever they want. Arguing under the false belief that principles and logic matters means doing nothing while they ratchet up controls and make themselves impossible to dislodge.

You aren't going to persuade the Treasury or other people involved in these plays with reason, as the prospect of total, permanent, tech-facilitated dominion means the stakes are too high for them not to make a play for it. Only the courts, or sadly, conflict can dislodge it I think. We need to seriously consider how much tech is causing our governments to metastasize, and what the options for mitigating it are.

There is no reason to believe your phone that tracks everything about you will not be used by people in government without accountability as leverage against you personally. This was paranoid ranting 20 years ago, and today it's just unpopular buzzkill. All that's left is to say "it was ever thus" and the only people who complained were the ones merely maladapted to the change and the inevitable progress of history.


> There is no reason to believe your phone that tracks everything about you will not be used by people in government without accountability as leverage against you personally.

I have one small revision: There is no reason to believe your phone that tracks everything about you will not be used by people without accountability as leverage against you personally.


> people without accountability

The difference is that the government is, in some sense, unaccountable by fiat. At least with private actors we can have the possibility of accountability through legal recourse.


"I think a generation of people who believe the former statement have taken control of institutions" I think the cause and effect are backwards here. It is their having taken control of institutions that makes individuals less likely to take seriously the spirit of pesky constitutional protections. Which was of course foreseen by the founding fathers.


a) Both contracts are tiny ($150k each) although obviously these may be pilot programs.

b) Finding evaders of sanctions seems like it should fall under a national security agency's purvue. We all take it for granted that the NSA could pinpoint our locations pretty easily, right? One thing that's particularly insane about the US government is how many departments have intelligence agencies. Obviously the ideal would be to have a small handful of well regulated intelligence agencies (emphasis on "well regulated", and you only have to look at the overreach by e.g. the CIA over the past 50 years to know that the US has had issues with that.)

c) The tax evasion contract looks at social media posts to find tax evaders. I wouldn't be particularly upset if the IRS had their own internal tech department doing this - if you're going to have a tax agency, you want it to be able to prevent cheating, otherwise the tax system falls apart. Finding people who have declared themselves to have beaten the system in a public forum is a cheap and easy way to go after cheaters.

There's a lot of pork in contracts that government agencies give out to private contractors, but this seems like a relatively low spend, and so it doesn't seem particularly bad that the IRS has decided that this is outside of their current expertise and given out a contract to chase it.


> We all take it for granted that the NSA could pinpoint our locations pretty easily, right?

In the same way we take it for granted that a SWAT team could kill any of us pretty easily. They have (and probably should have) the ability, but the authority to use it should be very limited and subject to stringent oversight.


No doubt. But, say that the NSA were given the purvue over enforcing sanctions (because they are the national security agency). Should they be able to monitor who is visiting the country with the sanctions?

Sanctions are kind of like the tax agency situation - if you're going to wield them as a national security tool, then you want to be able to enforce them, otherwise they're relatively meaningless. And enforcing them necessarily involves watching to see if your country's citizens are evading them.


I don't want the NSA to perform domestic civilian law enforcement functions any more than I want the army to, for similar reasons.

The type of oversight applied to military and foreign intelligence action is fundamentally political. Whether and how to impose sanctions against, spy on, or invade another country are questions for congress and the president in the US and rarely involve the courts.

The type of oversight applied to law enforcement is fundamentally legal. Courts apply existing law to the set of facts in a given case. Congress and the president do not get involved directly and any attempt by political officials to influence the outcome is scandalous, if not criminal.

So should the NSA hack Iran's immigration database to see who's been going there? Perhaps. Should anything discovered that way be admissible in a criminal trial? Almost certainly not. Should the NSA tip off the FBI about domestic crimes? Mostly no, I think, but perhaps in a very limited fashion when the crimes involve national security or foreign policy. Gathering evidence that can be used in a criminal trial would still be the responsibility of the FBI.


What about when Russian hackers shut down American hospitals and can't be extradited? Who's going to hack back and enforce the law? The FBI can't do it.


When foreign actors commit such an act from outside the country, and their government isn't cooperative about stopping/punishing them, that's exactly the kind of thing intelligence agencies should be involved with.


So you want intelligence agencies to enforce the US criminal code?


Certainly not. I want US intelligence agencies to take action against foreign threat actors to reduce their capacity to cause harm to US citizens and infrastructure.


So if the FBI can arrest them, they're criminals and we should follow criminal procedure, but if the FBI says they can't arrest them, then we "take action" (what action)?


You're bending over backwards to misunderstand.

The original author said: "I don't want the NSA to perform domestic civilian law enforcement functions"

In other words, the FBI (and police, etc) perform domestic law enforcement, following criminal procedure. The NSA, CIA, etc handle non-domestic (foreign) threats, in whatever manner they see fit.


We should be asking why the fuck this is for sale. Why is this okay? I hate this new normal but I look around and nobody cares. Nobody I talk to IRL gives a shit. This is our reality. How do we learn to navigate this strange new post privacy environment?


For a start, by opting out of as much of the "conveniences" that enable this bullshit to begin with. Easier said than done, but it's truly the most necessary step.


Why is because Congress has been captured by big corporations and their lobbying money for nearly a century now. Anything pro-consumer that stands to limit the upper bounds of profit (that doesn't literally threaten the collapse of the nation) is just a signal for their corporate donors that they haven't been paid enough that year to keep quiet.


DeFi and free and open source clients that users can modify/compile at will for whatever platform they are on, solves this.

Really cannot trust centralized entities with the incentives in place now.


Babel Street, the firm selling data to the IRS, seems to say they don't have to follow the California CCPA requirements around data access or data deletion. Their only mention of CCPA is obtuse but implies it's their customers' responsibility: https://www.babelstreet.com/privacy-policy

My understanding was that if a company has my personal data and is selling it, the CCPA requires that they allow me to put in a request to access that data or delete it. Babel Street seems to be saying that it's their customers who needs to follow these requirements not them.

Is this legit? Tons of other big sketchy personal data brokers actually allow you to access and delete your data under the CCPA even though they have the same customer arrangement. Acxiom for example: https://www.acxiom.com/data-privacy-ethics/california-consum...


CCPA calls these companies data brokers[0], which are still subject to the CCPA. They might be acting facetious in saying that, since you'd usually have to also go to their customers to get your data deleted in addition to asking them for deletion [as in, they don't have to inform their customers to delete the data].

> Data brokers are subject to the CCPA. On the Data Broker Registry website, you will find contact information and a website link for each registered data broker, as well as additional information to help you exercise your CCPA rights.

0: https://oag.ca.gov/privacy/ccpa#sectiong


Was genuinely curious. Thanks for the info. Of course Babel Street isn’t listed in the official CCPA Data Broker registry: https://oag.ca.gov/data-brokers

So by not allowing me to access and delete my data on Babel Street, it seems like they are in violation of the CCPA? What’s my recourse?

Anyone interested in privacy who can claim California residency should be interested too!


It's interesting how companies, and governments, are quick to tell us how our data isn't worth anything so they don't have to pay us for it. It's not private, but they recognize the violation of privacy laws by purchasing through 3rd parties.

Our data is worth $,$$$,$$$,$$$'s and it's time we campaigned to get paid. It's time we change privacy laws worldwide to make violations of individual privacy worth 30% of a company's gross income for 5 years. If the penalty is large enough, they'll stop screwing us.

We can't send a company to prison, but we sure as hell can take that prison tax right off the top of their bottom line. Hell 30% gross profits for 5 years is probably not even enough, but it's a good damn start


I'm curious what the overall take will be on this. Normally, this action would be frowned upon if it was a private company, but I'm assuming that people may be more open to it being done by Treasury because it's "for the societal good".


Funny, I assume the exact opposite. I'm guessing many people oppose government data collection but because they are buying data on the open market from people who "opt in", they're okay with it.

I wish there was the ability to make a poll:

* This is fine, privacy is dead.

* This is okay because of private companies collecting and selling the data, even to the government

* This is okay because the government is using this data to enforce laws I believe in, even though it rewards private data merchants.

* Everyone involved is evil, the contracts should be voided and the companies dissolved.


There's also

* The data collection is fine, but the government shouldn't be allowed to circumvent checks and balances by buying this data

* The government using such data without warrant is fine, but it shouldn't be sold on the open market


We all committed privacy suicide when we bought smartphones. The data that we thought should be out of government hands, we put into the hands of many businesses. I agree it seems unsettling, but why can’t the government purchase information on the open market?


> … why can’t the government purchase information on the open market?

The most obvious answer would be that they're spending our money in a way which is contrary to our interests. If it were their own funds, and they had no powers beyond those of any other private citizen or organization, that would be one thing. But they're supposed to be acting on our behalf, in our interests rather than their own, and to many people this does not qualify.

Personally I would focus less on the fact that they've obtained this information and more on (a) the fact that this information is available on the market and (b) how they (and others) intend to use it.


That was the point I was inadequately trying to draw attention to also. Yes.


* It’s much more urgent to address how private companies use the data, since we at least have some visibility into what the government is doing with it.



Can we...can we have at least one "not okay" option that doesn't brand everyone involved as evil?


If it's not okay, then everyone involved made a choice to be complicit in something that is "not okay". Willingly participating in harmful activities isn't evil?


The action is evil, but I don’t think that makes the person evil.

People are much more complex than a single choice.

Second, while I might think the action is “not okay”, they might be reasoning from different principles, or different evidence than I am. Maybe, instead of being complicit in something I view as “not okay”, they have valid reasons to think it’s “okay”.

I’m just not so willing to condemn every person with such a broad brush just because I disagree on this conclusion.


Only if you do it while twirling a mustache.


this is bad because people who opt in think either that their data is not being sold to third parties or that the third party buying data is another company, nobody when opting in assumes that their data will be used in an investigation that can then lead to criminal charges.


Whether I think it's fine or not, privacy is dead.


> but I'm assuming that people may be more open to it being done by Treasury because it's "for the societal good".

Politics in America has become so hostile that people are now openly celebrating harm done to "the other side", so I don't doubt that there are people who will feel that way.

But I suspect that most of them will feel quite differently when the White House is controlled by the other party.


I don't have a problem with the government accessing the data per se. Given that the data exists and is commercially available, it would seem silly to tie their hands from accessing it. Police routinely run credit checks or just google people of interest to learn what is publicly known about them and I don't really have a problem with that. What I do have a problem with is that our privacy laws and culture are so lax that detailed location information has essentially become part of the public record of a person. It seems like one way or the other, governments will find avenues to get at that data if it exists, and if you don't want the government tracking people, better to cut the data off at the source.


There is a reason the government is not allowed to buy this kind of data from telcos. What makes buying it from a professional surveillance group any different?


Imagine the government wanted to know who "deepthroat" was during Watergate: just buy the location data of the journalists and anyone nearby.


And then they are violently removed from the populous like the single journalist who reported on the Panama Papers

https://www.theguardian.com/world/2017/oct/16/malta-car-bomb...


That journalist published a lot of articles that exposed a lot of powerful people long before the Panama Papers.


“ Critics of the software say it essentially allows the state to buy its way past the Fourth Amendment, which protects Americans from unreasonable searches.”

Interesting. Clearly data analysis can find all the tax dodgers, but is that an unreasonable search?


It stands to reason that the government won't need a warrant to gather criminally admissible data from a service broker if it is voluntarily transferred to the government and the service broker forced its users to agree to a terms of service agreement.

I also see lots of talk in the comments about a social credit and hiring potential. There are no restrictions on hiring software developers. As horrible as a social credit sounds at least its some kind of guardrails, where now there are none. In any system without constraints there is maximum potential for implicit bias.


Overreach like this is how governments spin out of control.

I'm shocked and amazed by how much of this stuff more and more people are not only content to ignore, but defend!

9/11 opened more of a pandoras box than anyone could have ever imagined. Our concerns back then now seem quaint compared to the stuff that is going on right now with many of our government institutions :(


If this wasn't mentioned in "Dragnet Nation" (2014) it was at least (strongly) suggested.

https://en.m.wikipedia.org/wiki/Dragnet_Nation

That is, once data is on the open market (including at dark web) then a gov acquiring it is a click or two away.


Privacy invasion and surveillance is like invading countries a bipartisan issue. They always moan when one side uses government excesses against the "other" side but still vote for enhanced executive power and overreach all the time.

The national security and surveillance state is as bipartisan as putting economic sanctions on poor Latin American countries, arming proxies, funding NGO fronts and bombing countries.


Does anyone know what day Tech Inquiry provided these documents to The Intercept?

Seems kinda convenient we get our nice exciting "adversarial" article about this four days /after/ the infrastructure bill passes and we are locked in to have tons of new bank surveillance and like 80,000 new IRS agents...


I imagine they're trying to stagger news, this is one of those articles where it's probably a scoop, but you don't want to have it buried by everything about the infrastructure bill lest nobody see this one.


The article was published Nov. 4, days before the infrastructure bill passed. Not yesterday. You can easily find this in the header of the article.


Our go-to adversarial source asking all the tough questions about digital data rights, surveillance capitalism, and new digital banking surveillance is a paper edited by PayPal, inc.


You should see the data they are buying on crypto related persons. 8-/


A lot of right vs left division is one side wanting to restrain corporations and the other side wanting to restrain government. Privacy concerns are one way to break through that divide when government and corporations unite.


This is not a new take, but I think "the west" is effectively building their own version of China's social credit. It's just distributed among a range of private companies and accessed via subpoena or contract. The fact that the government doesn't operate most of it directly is largely irrelevant to those negatively affected by it and in some ways makes the situation worse (who do you even contact to correct inaccurate information?).


> "the west" is effectively building their own version of China's social credit.

China's social credit system allegedly assigns (or will assign?) all citizens scores and punishes them for social wrongdoings. The IRS has always been tasked with auditing and catching tax cheats, the Treasury always went after people who violate economic sanctions. What's the similarity other than data collection?


The similarity is global system of collecting every piece of data about citizens.

You start with the little. Due to complexity and sheer amounts of laws, bylaws etc. each one of us breaks few of those every day. The systems like the one being mentioned will eventually be able to track those as well making every citizen an offender. Then when the time comes who do you thing they will choose to prosecute? Most likely those pesky human rights advocates and other similar people who are already monitored.

I think unless some "Reset" button is pushed we will end up exactly like this. End up on various lists (already happening) and private companies denying vital services.


> What's the similarity

Wasn't there some kerfuffle a few years ago about "special attention" being given to political targets?

(Cue Richelieu's "six lines")


The fact that we were allowed to discuss and protest this "special attention" shows that we are a far, far ways away from China's Social Credit system.


Pretty much everyone in the west gets a credit score the math of which is nebulous and proprietary. It is increased by acting in a desireable manner even if that manner is unhealthy or unproductive for the individual - and a lot of random BS can go into the math that we can't even see.

In the west these things aren't public so it isn't the government grading you - but you still are very much being graded by private corporations. Since we have no idea what they're actually using to grade us we can't confidently say they aren't using any "social misbehavior" we'd find offensive.

If these programs were run by the government we could file FOIA requests - but with private organizations we're S.O.L.


A poor credit score does not limit your ability to board a plane, to be admitted to a university, or to found a political organization.

If you want a taste of low social credit score in the US life, consider the status of a convicted felon, or a status of a sex offender.


> A poor credit score does not limit your ability to board a plane, to be admitted to a university, or to found a political organization.

Is it possible to do any of those things without money?


I don't think I really see evidence of this. I mean, the IRS wants to catch people who cheat on their taxes. That's something they've been empowered to do for a long time. And when they catch people for that, they audit them, perhaps take them to court, and fine them. Which seems reasonable.

If the IRS is going to start telling people they aren't allowed to ride trains or get on airplanes because they applied a deduction to their taxes in a way that's not allowed, then we should worry; that sounds like the China-style social credit system people talk about. But I don't see that as being realistic; the IRS doesn't have that kind of power.


Well, I think to be fair to this, we had ought to look at the expansion of government agencies. The ATF, NSA, CIA, FBI, FDA, and so on and so forth are all additions to power. It's not a far reach to assume that granted some new ability to "remedy" some social ill, that establishment of some new agency is probable with implied powers and the necessary and proper clause. And it's really not necessarily just the IRS, but setting a precedent, there are various agencies that have been leveraging data-broker deals to track individuals. The more agencies jump on this the closer we get to crystallizing the behavior. If that's the case, it seems like a considerable hazard, which in the end could lead to some real consequences in the future. We've seen democracies turn into empires, and emperors of all kinds inherit those powers. This is the sort of gravitas no man, nor government had ought to be permitted to wield.


First thing I was told when I arrived in the US in 2001 and was picked up by a friend from the airport : "If the police says pull over to the shoulder, stop at the side of the road".

Second thing : "Credit score is really important".


Credit score isn’t that important really. I have terrible credit (low 600s) and I was able to finance a car and live in a nice apartment. It might make buying a house more expensive, but I’ve also been able to raise it from the low 500s in the last year.


Has anybody studied or quantified the evolution of "effective liberty" over time in the US? Say you buy groceries once per week. That activity might have triggered 1 governmental control touchpoint in 1800 (sales tax?), but in 2020 it might have triggered many more due to increased automation, logging and third-party delegation. All of this, of course, without fundamental changes to the Law of the Land -- simply because some of the assumptions built into our core restrictions on governmental power no longer hold.


Sales taxes weren't a thing then. Before the 20th century government played pretty much no part in the average person's life.


Wow, I didn't realize that. It does look like retail sales taxes were first introduced in the US during the 1930s.


Wait until the US public finds out about the concept of a credit score (new in the 1980s).


Credit score for ghee most part tries to assure lenders you can repay your debts.

Social credit score is about how close you hew to proscribed behavior at large.


Credit scores are used as a proxy for Ideal Citizenship. It just so happens to have baked into it enough plausible deniability as to not run afoul of anti-discrimination laws.

Turns out, a lot of "bad" actions result in missed bill payments.


In a semi anonymous society how else do you suppose one should determine the creditworthiness of someone?

It used to be the merchant had to know you and you had to build up your credit with each merchant over time. Credit scoring made it easier for merchants and customers to issue and leverage we credit.


My comment might come off as an indictment of credit scores. But it really isn't.

They absolutely solve the problem that you are pointing out. But they also serve to kind of solve a whole class of other problems around identifying behaviors that correlate with bad credit scores.

For example, if you're a land lord who vehemently opposes divorce, it's possible to use a poor credit score as cover to deny renting to this middle-aged guy who is clearly just gone through one.


Sure but previous to credit scores what was the option? References from friends and business acquaintances?

Sure credit scores aren’t perfect but they are better than the legacy alternative.


...Excuse me? Is there a way that could be better rephrased?

What was the option for what? You're replying to a post about discriminating against a divorcee, but having the landlord hide it behind the justification of "bad credit".

Not to be the missing antecedent police, but are you referring to by 'ther option' the pre-existing excuse to paper over arbitrary discrimination, or to practice of lending/renting in general?

The answer is sadly important to the final assessment of meaning. I don't think you mean the former, but I figured I'd be daft and ask.


I hear ya. A landlady could very well find out someone is an Antivaxxer who lost their good job and took a lesser job and now has degraded credit and may deny the lease or may want bigger advance.

What do you suppose is a better tool you have or would build which hides this person’s history but can vouch for their creditworthiness or lack of it?


>What do you suppose is a better tool you have or would build which hides this person’s history but can vouch for their creditworthiness or lack of it?

I'm still lost on the part where we're stuck on having to be able to lookup a datastore managed by some private party in order to facilitate these arrangements?

I have no interest in perpetuating the credit bureau system. If you're convinced that it's some priceless fixture we must have, then we can talk about setting up a public Bureau; with strict regulations around what type of information they collect, how it is used, how it is dispensed, etc, security measures around its access, but most importantly, synchronous notification of the reported on by the Bureau, with services provided to the notified to aid in prompt remedy, or failing that a means dispute or correct fraudulent information.

Other than that, I object vehemently to these types of datastores. Welcome to investing. Them's the risks.

I've worked in finance. Finance for its own sake is not high on my list of things to facilitate. I also prefer discriminatory people be required to appear discriminatory.


I don't know how you can avoid discrimination. By nature of credit you have to discriminate the creditworthy form those who aren't credit worthy. On the other hand, sure, we don't need to know if someone voted for Biden or voted for Trump, is for vaccines or isn't for vaccines. You're still not providing a way for a creditor to make a judgement on someone's creditworthiness. A creditor, lacking that information may have to require advances or "security" payments which is more burdensome for the poor.

Looks at the how Japan handles apartment credit. It's a different system but in my estimation its a worse answer than Credit Bureaus are.


Maybe we shouldn't have mountains of consumer debt


Credit score can affect employment, I.E. you can't get hired because you are too poor.


Is this actually true, or is it the case that you can't get financial related jobs because your credit score has been lowered by your past cases of poor handling of money?


The education system utterly fails when it comes to educating students in financial literacy.

They’d much rather teach them activism than actually give them useful tools for evaluating their finances and making good decisions.


Absolutely.

This is a great primer for those completely unfamiliar: https://www.amazon.com/Basic-Economics-Thomas-Sowell/dp/0465...


You really think it's because of activism and not because a lack of personal financial literacy is good for the oligarchs and more time spent teaching other subjects is also good for the oligarchs (employable skills)?


Failure to navigate a capitalist system of hoop-jumping due to lack of funds causes a self-fulfilling prophesy of poor performance at said hoop-jumping and associated poor credit scores. Blaming the victim comes to mind.


If I only pay my bills on time does my credit score go up in the US? Asking because I don't know, but if that is the case, not sure why you can call it 'hoop jumping'.

I don't care for the credit companies, they're total scum. But I'm not sure how to do anything better.


Afaict, your credit score will likely be lower if you haven't had a credit card open for a long time, run your balances too close to the limit (available credit) on those cards, or don't use them at all. My understanding is that your bills, depending on their type, may not even bother reporting to the credit agencies, or only report when they believe you have failed to pay; reliable ones seem to be big loans like mortgages, student or auto loans, and then credit cards. Rent, utilities, etc haven't seemed to affect my credit positively (or if they do they haven't been noticeable compared to the first category)

When I graduated, rented, and paid all my student loans off early and did not have a credit card my credit score actually went down significantly until I opened credit cards and used them regularly.


Average age of accounts is a pretty big factor in credit scores. Every bank will probably have its own proprietary rules for deciding when to offer credit, but the credit reporting agencies who generate a number use fairly well known criteria. Amount of credit, number of accounts, payment history, percentage of credit used, age of accounts, diversity of types of accounts.


Yep, that's all that's required for it, no hoops to jump through. The only catch is if you don't have any debt, you can't build credit, but it's pretty simple to get a credit card and pay it off every month.


Try to build credit with a secured credit card and on a minimum wage. Decide which bills you have to pay late this pay period. After years of this, you’ll be lucky if you can convert to an unsecured credit card, let alone maintain your (low) credit score, let alone improve it.

Most folks in US can’t even afford a $400 emergency expense. Good luck doing even that when your credit is maxed out and your car breaks down so you can’t work.


Why would I work for years at minimum wage? That doesn't seem like a good aim.

>> Most folks in US can’t even afford a $400 emergency expense.

It looks like they can, and fortunately the number of people in poverty continues to decline: https://policyadvice.net/insurance/insights/average-american...


Seems like you’re not able to empathize with others. Way to completely miss the point.


I was under the impression we were discussing facts here, and not feelings.


We are discussing facts, not just your own personal circumstance. The fact that you are not in these situations does not discount the experiences of others to the contrary.


If they're credit bills, yes. If they're just phone, power, rent, etc, not unless you've specifically set them up to go to the credit reporting companies.


Some corporate landlords report all rental accounts, some only report if you default.


Or rent an apartment/house in many cases


While this is true on a very shallow level, most landlords are happy to rent to "high risk" tenants with increased deposits if you talk to them directly instead of taking your initial rejection at face value.


More and more rentals are being gobbled up my big corporations. Finding someone to talk to who has the authority to make an exception can be nigh impossible.


Eh maybe. I think that largely depends on where you live. Granted, most apartment complexes are falling into that category, but venture out of the city a bit and if you're renting a small 2 bedroom house for $750/mo in Nebraska, it's probably owned by an individual.

Worst case scenario, even in a city, you could sublet or get roommates while you rebuild your credit.


>I think that largely depends on where you live.

I suspect you are right. I walk down my block and every other building is owned by the same slumlord. It is bad.


Your credit score is run before you can buy a house or rent an apartment.

We are already there.


The difference between a credit score and a social credit score system is one is based on debt payment history and the other based on political dissent & debt payment.

Currently saying "Lets Go Brandon" doesn't drop your credit score, in China you may lose quite a few points for posting that pesky bear that likes honey.


Having an arrest on your record is enough to bar your from job and housing, even if charges were dropped or you were found not guilty. That alone is enough of a chilling effect to affect behavior: for example, staying away from protests or not questioning a police officer.

Again, we are already there.


A criminal background check is not connected to your credit score and a convicted criminal charge is not the same as political dissent. Stop moving goal posts.

I was arrested once and I got the charge expunged with community service. Hasn't affected my job applications so far.


Is there any evidence that political dissent drops a social credit score?


Let's wait for the CCP to answer that...

They may be too busy with genocide though.


A background check is run in addition to a credit check.


My understanding was it basically was providing a way to incentivize indigent people to behave the law by imposing penalties for failing to pay fines.

In the US, fines are mostly meaningless if you are poor as debtor prisons are (rightfully) illegal.


In the civil context, which you obviously intended, this true. Unfortunately many people are (back) in jail because they can't afford to pay criminal court fines/probation fees


> In the US, fines are mostly meaningless if you are poor as debtor prisons are (rightfully) illegal.

You're overwhelmingly correct, however someone is going to shortly reply to your comment with a link to a story about how someone somewhere got jailed over a debt and how debtor prisons are making a comeback. It's extraordinarily rare in the US.


Yes, and also wage garnishment is another thing that is definitely a common thing.


Wage garnishment is predominantly for child support and alimony, no? Is that a bad thing?


I don't think so.


And unpaid taxes.


We're doing it to ourselves. We're the ones who keep clicking "I agree", who keep feeding these companies. Of course they're going to look to make a profit off of your data, there's nothing stopping them because we willingly gave it up.


So your suggestion is for everyone to become digital hermits? Start sending snail mail invoices and writing checks again?


Vote with your money and buy from a competitor that sells the same product/service but privacy friendly.


From what I've read China's social credit system does not yet incorporate any non-financial information; that part is more aspirational.


That is the narrative the CCP pushes. 'It is just like a government run checking score.' But it isn't. Crimes, including political ones, will penalize your social credit score. If your score falls too low, you and your children will become ineligible for government programs and assistance.


[citation needed]

What you describe is something that is often said, but I'm yet to see any reliable sources; everything turns out to be editorials based on some plans that never got implemented.


Being able to correct inaccurate information is an often underappreciated but important part of the GDPR. It's also probably the biggest motivation why you have a right to ask any company what data they have stored about you: so you can spot mistakes in the data of rating agencies. The other use cases are more of a nice bonus.


While i completely agree that the right to correct data is an underappreciated aspect, the biggest motivation is the fundamental right to your own personal data. It motivates the more detailed ones like the right to know who processes your personal data, for what purpose, which data they have, and to correct that data. Not to forget the right to be informed and asked for consent. The "why" of these rights is not found in the robber barons wish to improve the quality of their data swamps. It is found in the wish of the european people to preserve their freedom in the digital age against surveillance capitalism and/or totalitarian governments. I can only hope our brothers and sisters worldwide will one day understand that and demand such a fundamental right as well.


Utah released plans for the new electronic ID a couple of weeks back which, among other things, would contain your "vaccination status" and "social credit scoring".

Conservative press is abuzz with this (including photos of the promo leaflet), liberal press is dead silent. Since nobody on this site will believe a conservative news source, I'm not even going to bother providing a link. If you're in Utah, ask your local government to put an end to this horseshit before it's too late.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: