Hacker News new | past | comments | ask | show | jobs | submit login
New German government calls for European ban on biometric mass surveillance (reclaimyourface.eu)
637 points by giuliomagnifico 6 days ago | hide | past | favorite | 188 comments





It's the automation that worries me. I'm not too concerned about proper companies using CCTV to record, as it's well managed and gets deleted unseen, unless something happens. I'm not too concerned about the police pulling those CCTV pictures to investigate a crime either.

Things like ring doorbells on the other hand should be cracked down - the number of times I see people in the UK posting pictures of public areas on facebook is shocking, but if they're just sat there, being deleted unless pulled for a proper reason, that's fine too.

What really does concern me is when things like image recognition come into the picture. A corporation can't montior me by paying someone to sift through CCTV pictures. They can montior me by using automation to process everything though.

This is a good thing, how successful it is remains to be seen.


The other matter of concern is how many of these bits of data end up on servers outside of the EU, if you want something done about it you are essentially powerless.

At the end of the day, does it even really matter where the data is stored?

It shouldn't be recorded in the first place.


Not always true. It depends on the circumstances.

That being said, I will never get a Ring doorbell or something similar. I also believe that the tech companies should not be allowed to hoard data about people’s private or public lives at all.


Should CC processors be allowed to hard data about people's purchase and spending? What about merchants?

If yes, why them, and not tech firms?


No, absolutely not.

So, a store can't record that you bought something from them.

Why should they record that?

That's the way it used to work.

Is there an equivalent to the AML/CFT regulations?

What about no?

I don't think that's true.

We had abusive neighbours who damaged our belongings before so we essentially had to install a CCTV system. They were coax cameras hooked up to a DVR with no internet functionality (and that data had to be overridden regularly due to the size of the disk).

At the end of the day, if you're under threat of damage to your things, I would recommend a CCTV system. You won't see me recommending Amazon's offerings (or any other "cloud" solution rolls eyes), though.


I wouldn't care about that at all. A foreign government has far less possibility for abuse. It shouldn't happen either, but the domestic player should be the focus here. Mass surveillance doesn't improve anything aside from paranoia. We don't suffer crime or terrorism waves, so why even increase security at all? For some property damage? I get that data protection get in the way sometimes, but for this case I want to be meticulously excluded.

Any yes, I have been victim of vandalism multiple times. Doesn't mean I want to be surveilled forever. There is no absolute security.


I believe you can complain to your local data commissioner, eg https://ico.org.uk. They should cover this and the right to have an automated decision reviewed manually.

.uk is not European

Not the EU*

Unless I'm mistaken the UK hasn't drifted off and become and independent island chain separate from Europe


European means different things in different contexts. Sometimes it is used as the adjective form of EU member state. Discussion of an aarticle in which Germany is calling for a Eurpean ban is such a context, since that is the form the title is using.

> Sometimes it is used as the adjective form of EU member state.

Sometimes people make mistakes, sometimes outright errors. Sometimes people use language to push ideas they like, such as "the EU is Europe" and thus not being a part of the EU is somehow an offence against nature. I'm not sure why these mistakes, errors, and mendacities should go unchallenged and uncorrected.

Every use of "Europe" in that article could be replaced with "EU" and it would be the better for it.


It doesn’t help that this has been codified into the names of various organizations, like the Council of Europe (ECHR, etc.), EEA, EU, and others that all refer to different subsets of countries on the continent. I suppose this renders any straightforward alternative relatively limited in scope even if a term to refer to one of these memberships was agreed upon.

People outside the EU do not realize this: “Not European” is used colloquially by people in the European Union to refer to EU countries, institutions, etc.

Many countries/languages use versions of “The US” and USA to avoid confusing the US with America. So it’s only reasonable that we make the distinction for Europe and the EU.

The problem is the there’s no specific term for the people living in either the US or the EU, so we “wrongly” use Americans and European.


European Union citizens and United States citizens are an extremely heterogeneous group of people, which is the situation at hand. Besides being a citizen, there is truly no shared identity in this situation.

Note: I say this as both a US|EU citizen.


In my experience it's mostly people outside of Europe who confuse the EU with Europe, whereas Europeans are less likely to make that error.

> Unless I'm mistaken the UK hasn't drifted off and become and independent island chain separate from Europe

Some would argue that's exactly what happened but your point is valid, EU != 'Europe the continent'. The problem is that such imprecise usage is rampant.


At least it's not up for grabs by the EU as easily there

If a law says a company doing buisness in EU may not track users with face recognition, then you surely could charge them, if they merely outsource to outside of the EU as they are still the ones ordering the illegal surveillance.

> if you want something done about it you are essentially powerless.

I wouldn't say people are "essentially powerless", especially in the EU with GDPR. I can't speak for other parts of the world of course (CCPA is the only thing remotely similar to GDPR that I'm aware of in America).


> I'm not too concerned about proper companies using CCTV to record, as it's well managed and gets deleted unseen, unless something happens. I'm not too concerned about the police pulling those CCTV pictures to investigate a crime either.

Question: Wouldn't it be reasonable to have a law that recordings of public areas for the sake of investigation of serious crime be immediately encrypted such that they could only be decrypted by a court order? (Such a law might be enforced by random inspections and huge fines.)


Probably not reasonable. You will get into problems deciding whose keys to use, key distribution, people not being able to use their equipment correctly...

But banning devices from automatically posting everything to the manufacturer's computers without any user intervention is easy, and quite probably enough for the near future.


> You will get into problems deciding whose keys to use

How about a secret-sharing scheme that requires keys from a certain number of judges?


I don't know what problem you are trying to solve? To stay with the example: Germany already bans CCTV except for specific locations such as train stations. People follow the law reasonably well, and the police just does it because any law-breaking would be revealed at trial. I'm sure there are ways for them to set up temporary cameras for specific purposes. Maybe it would be nice to restrict the possibility of distribution, but I can't remember any cases of abuse.

Now id yo could restrict the police's use of databases to send hate mail to anyone left of the clan (as in Bernie Sanders, not as in left over), that would be a worthy endeavor. But if I have a choice, I'll take a law with teeth and a prosecutor who cares over technology.


> I don't know what problem you are trying to solve?

The problem is that it is impossible to use public spaces without being recorded -- which is uncomfortable in itself -- and that various people who do not need to have access to the recordings -- which is extra uncomfortable. There is also the unnecessarily large potential for abuse. The default should be that noone has access, and, as far as I can see, it could be.


It would be interesting to send these things to whatever the equivalent to NZ's office of the privacy comissioner is, for example, which would probably lead to sound oversight (until pressure to replace privacy-focused staff with compliant ones eventually kicked in).

> Things like ring doorbells on the other hand should be cracked down - the number of times I see people in the UK posting pictures of public areas on facebook is shocking.

While I do share your concern, the current rule of thumb - at least in the USA - is that privacy is not expected in public spaces. I can see that since, by definition, that's what makes public public.


There is a difference between incidentally public (someone can see you, snap a picture, but only on occasion) and surveilence public (someone can track your location and activity continously in public). If someone does the latter, and I know about it, I can still sue them for harassment, and maybe get a restraining order. Can I get a restraining order against Nest or similar?

I understand that this might not be the law, but I'm interested in if it should be.


Again, I agree and empathize.

But the counter argument would be "Harassed by a doorbell, how so?" and "I have a right to protect my property and my family. My camera allows this to happen."

Unless the legal definition of "in public" changes, the surveillance will continue.


Both arguments are valid though imo.

If you take a photo in town square and I'm in the background no worries, that's fine. If you follow me around taking photos of me in town square then that's harassment - not fine.

If your Nest doorbell watches me walk past your house that's also fine. However if your entire street has Nest then has Amazon identified me as having walked down your entire street? If so, that should also be harassment.

The issue isn't that the photo or video was taken, it's the correlation that happens after the fact.


I mostly agree, but disagree with the "taking a photo of me on the pavement" part. It's actually illegal in Sweden. We have some of the strictest camera regulations I know of, and I'm very pleased with that.

I'm NOT a fan of Teslas sentry mode.


> disagree with the "taking a photo of me on the pavement" part. It's actually illegal in Sweden.

It is? Since how long; when was that law changed?


Fixed installations has been regulated since forever.

But "taking a photo of me on the pavement" doesn't sound like "fixed installations"; it sounds like me as a tourist not being allowed to take a snapshot of a picturesque street just because you happen to be standing on the pavement.

I think I wasn't clear enough that I was referring to the nest camera the parent was talking about.

Ah, yeah, good. Because I've taken quite a few snapshots when I've been out and about, always under the impression that what I was doing was perfectly legal. :-)

My understanding was that correlation after the fact with ai is what also allows you to obfuscate identifiers so its technically anonymized until "extracted and inspected". Completely unrelated- you might dig this satellite tracker visualization :) https://platform.leolabs.space/visualization

In the UK we have guidance about how to use CCTV to protect your property and family

https://www.gov.uk/government/publications/domestic-cctv-usi...

For example

"you should make sure that the information recorded is used only for the purpose for which your system was installed (for example it will not be appropriate to share any recordings on social media sites)"

This is of course routinely ignored and unenforced


I most often see Nest recordings posted to local community groups warning against and seeing to track down porch pirates. I recently saw extensive footage of young people breaking into a house to have a party while the owner was out. All of their parents were notified and they'll be doing community service.

I think if you're in public, you should assume you're going to be recorded. I don't think it should be this way, but it is.

I think the inflection point between surveillance and home security is "cloud." The footage should not be accessible to third parties without a warrant, and it should be under the individual's control. Questions of life, limb, and liberty should not be offloaded to unelected, self-interested, profit seeking corporations like Amazon and Google.


> used only for the purpose for which your system was installed

So install it for the purpose of sharing on social media. Problem solved!

(I'm only half joking)


Could be stalking. It is known that employees at cloud services access customer data from time to time. Complete data protection is nearly impossible here.

My understanding is that in Finland only the Government (or an other democratic entity such as the Municipality or the City) can execute surveillance on a public space. For example the bike parking area next to my office is deemed a public space, the office building next to it cannot point its security cameras to that direction. Which is a shame since there is a lot of bike theft and vandalism, but the city doesn't want to install their own cameras.

People are allowed to take photos and videos on a public area, but aren't allowed to leave a recording device there.


Yes, and it shows how US[1] interpretations of the constitution and general lawmaking hasn't really evolved. It's one thing to say, "you're in public, deal with it" when (say) taking a photo of me and publishing it is likely to be time-consuming and local and scope; it is another to be able to follow me all day, publish globally, and for essentially zero cost.

[1] The US is hardly alone in this - they just happen to be the point here.


There are about 5 different Ring and security cameras that point into my private property, and one pointing directly into one of my windows. None of them are my cameras.

Just because you can't expect privacy doesn't mean you can exploit it and record everything.

If you can site a law / legal decision that would help.

I can't imagine any civilized jurisdiction not making that distinction.

You typically have to ask for a permit to surveillance any public space and the difficulty of getting one often ranges from hard to illegal.


Will you also be requiring people to avert their eyes when you are nearby such that they dont mistakenly observe you?

Nothing I wrote even hints at that, so obviously no.

But in the UK it's not allowed, however nor is that "not allowed" enforced.

Alas US cultural hegemony pushes strongly the the rest of the world, especially the western anglosphere


Sure, but perhaps this could be seen to come under the purview of stalking legislation, or a similar principle?

Not a lawyer here but it seems that there are exceptions carved out:

In particular, we ask the Commission to prohibit, in law and in practice, indiscriminate or arbitrarily-targeted uses of biometrics which can lead to unlawful mass surveillance.

-

So long as it is discriminate and non-arbitrary that can be ok then?

We have seen so many legal justifications and equivocations to laws from the surveillance state that I now assume legal counsel will always find a way to break the prima facie law.

German intelligence broke many German laws with the NSA, while Merkel virtue signaled and decried the NSA (comparing them to the Stasi) and Obama spying on her.

https://www.dw.com/en/edward-snowden-germany-a-primary-examp...

https://www.dw.com/en/danish-secret-service-helped-us-spy-on...

https://www.theguardian.com/world/2013/dec/17/merkel-compare...


To quote the original from the Koalitionsvertrag (https://www.tagesschau.de/koalitionsvertrag-147.pdf):

> Biometrische Erkennung im öffentlichen Raum sowie automatisierte staatliche Scoring Systeme durch KI sind europarechtlich auszuschließen (page 19)

Translated: Biometric recognition in public spaces as well as AI-based, automated scoring systems ran by governments are to be prohibited by European law.

> Flächendeckende Videoüberwachung und den Einsatz von biometrischer Erfassung zu Überwachungszwecken lehnen wir ab

Translated: We refuse widespread video surveillance as well as usage of biometric recognition for surveillance purposes.

To summarize: Using biometrics or other technology for surveillance, particularly any attempt to recreate China's Social Credit Score, is banned. The exception in the English text is to allow biometric measures for identification (e.g. passports) and access control.


> Biometric recognition in public spaces ... are to be prohibited by European law.

That's ok but an exception for law enforcement and national security would be useful.

This technology is a tool, like all technologies, and as such it may be used positively or negatively.

For instance, here in the UK we have automatic plate recognition cameras that are used to track uninsured or wanted cars. In the same spirit it might be useful to have similar cameras operated by the police to match people with a database of wanted or missing people (with only matches stored and reported for further investigation). Now this may not not work very well yet, there may be caveats and procedures to develop, etc but IMHO this means we should work on it and see if it can become useful rather than killing it off completely so early by having a blanket ban.

In any case, individual member states can draw their own laws on this.

On a side note, the wording in English might give the impression that the German government decides EU law...


Exceptions for law enforcement have proven to be a very slippery slope in the past. Police is constantly trying to erode restrictions around tools that are only available for serious crimes and unfortunately also has a record of successfully circumventing any access checks for surveillance tools that have been put in place by lawmakers. There is constant and incessant lobbying from these circles to get more surveillance in place. But, when pressed, no one can point to cases where this actually helped.

The only realistic way to counter this is to say no to surveillance technology from the start.


Additionally we als have a dark security IT that makes good cash with dubious security solutions. Getting rid of that again will be difficult.

You seem to be vaguely gesturing at some kind of abuse but have provided no evidence. Even if a tool is abused in isolated incidents, it can be useful to society overall.

> But, when pressed, no one can point to cases where this actually helped.

This seems like an early dismissal. It is obvious how facial recognition can help locate suspects for some crime more easily than a police officer hoping to randomly find the suspect while driving around.

> The only realistic way to counter this

Counter what exactly? This just feels like FUD.


I am not dismissing anything early. Journalists press law enforcement regularly on what crimes the existing intrusive measures helped to solve and the answers are consistently platitudes about how useful e.g. hacking into suspect's devices is without so much as a referral to a study or even mention of a single example case where it helped. The only data that is available is showing an ever expanding use of these powers. It's nuts.

Checks and balances on police have been tried and the result wasn't even remotely what politicians promised. Judicial oversight, for example, isn't actually working. Police and judges go through the motions, but judges routinely get so many requests for warrants that they sign almost anything in practice because they have too little time to check each one thoroughly. That's how we get police searching the homes of security researchers who dared to report gaping security holes just because they pissed off whoever had the security issues in the first place. It's a pattern that repeated quite a few times. I don't have the time now to dig up a list of cases that followed this pattern and where, in the end, the researchers walked away scot free, but often with considerable financial damages.

Another example: police has pretty extensive databases with private details of individuals. Officers are only allowed to access records in them when their work assignment warrants it. The software keeps audit logs on database accesses so that misuse can be discovered and held in check. But it turned out that nobody ever checks these logs. This came to light initially when police officers started to leak contact details of lawyers to far-right extremists to have them threatened. Under political pressure, the logs were finally reviewed and they found wide spread abuse of the available databases. The result: two years later, the same lawyers and some politicians receive another set of death threats, even after moving to new addresses they kept painstakingly secret. Again, the trace leads back to police officers leaking personal information.

Politicians are also gradually expanding existing police powers in somewhat bad faith. First, it's just for an extremely narrow set of sufficiently horrible crimes like terrorism or sexual abuse of children. And they swear by all that's holy that this will be all that it's ever going to be used for. Then, maybe two or three years later, when public interest is drawn to other issues, the same parties start to steadily and quietly amend this list time and again. [Curiously, many such law changes get discussed and voted on during big football tournaments (think European Championship or World Championship) when they don't draw much attention. But I can't tell whether that's merely the result of election cycles aligning with these tournaments by chance or a deliberate tactic.]

To sum it up: if there is a way to put working checks on police powers, politicians haven't found them or don't establish them in a way that is effective. In light of these patterns, the only realistic stance that remains is to either give police full unchecked access to certain tools or none at all. I wish I could subscribe to your view on this matter, and to be fair, many years ago I would have agreed. But I have been disillusioned since.


I think that if the people see the government and especially the police as the enemy then society has a bigger problem than surveillance technology.

Of course, there should be checks, controls, limitations placed upon those institutions, and transparency in their workings. But the police is here to protect and serve the community, at least it should be, not to oppress it. I've noticed that this is a difference in the way the police is often seen in Europe vs. in the UK for instance.


> But the police is here to protect and serve the community, at least it should be, not to oppress it.

The key question when the phrase "protect and serve the community" comes up is "which community?" and the answer is: it primarily serves the interest of the rich and powerful. If you are poor, not in the majority ethnic or in any other way not "mainstream", you have shit times ahead of you. No matter the country, the only difference between a cop in the US and a cop in the UK is better training and less reliance on guns.

Homeless, being a person of color, being LGBT, protesting the government (especially from the left wing) - all common risk factors for adverse interactions with police. If you never have had a negative interaction with police, ask yourself why and prepare for an answer you likely would not have liked to hear.


>the only difference between a cop in the US and a cop in the UK is better training and less reliance on guns

Ah, so that’s why American cops routinely murder random people and go unpunished - it’s just the lack of training!

(The reality is that there’s a fundamental difference in that in Europe police is just another government branch that’s helping people, like firefighters and doctors; normal people don’t need to fear them and avoid any unnecessary interactions, which seems to be the case in the US.)


> The reality is that there’s a fundamental difference in that in Europe police is just another government branch that’s helping people, like firefighters and doctors; normal people don’t need to fear them and avoid any unnecessary interactions, which seems to be the case in the US.

I'm German. Our cops are infamous for racial profiling and can, at least according to several independent investigations, even get away with murdering people in their jail cells (https://de.wikipedia.org/wiki/Oury_Jalloh).


Both things can, and are to an extent in Europe, true at the same time. The random acts of police violence are much lower here, I would attribute it to better training.

Better training doesn't prevent racial profiling and this kind of problems.


> That's ok but an exception for law enforcement and national security would be useful.

Jesus hell no. Law enforcement already has too many permissions, and you can bet that there are more than enough people who would like the police to put iris scanners, gait monitors and other crap on each train station and public square. Minority Report and Little Brother should be warning enough, I feel no desire to see science fiction becoming reality.

> but IMHO this means we should work on it and see if it can become useful rather than killing it off completely so early by having a blanket ban.

We need a blanket ban because when you grant the government a single digit of your hand, tomorrow it has your whole arm in a vice. "War on terror!" "War on drugs!", "war on prostitution!", "protect our children from kidnapping!!!" - the list of stuff that people will bring up once the technology is in place is endless, and there are enough voters convinceable with fear mongering that the authoritarians will get what they want.

> In any case, individual member states can draw their own laws on this.

Blanket bans and mandatory requirements cannot be overridden, which is part of why many politicians from all EU countries choose the "Brussels backdoor" to pass shit they would get kicked out of office for at home, and when local voters rightfully complain, they just say "complain in Brussel, not my fault, we are just doing the whims of the EU".

(Side note: this despicable behavior and complicit/ignorant media are a major reason for public trust in the EU eroding!)

> On a side note, the wording in English might give the impression that the German government decides EU law...

Let's be real: Germany, France, Italy and Spain are the dominant powers in the European Union. As long as only the Commission has the right to initiate the passing of laws, most initiatives will come out of these "big four" countries, and there will not be any initiatives where it isn't clear from the beginning that they have a high likelihood of passing.


I would say that, on the contrary, police and secret services are the institutions it's most important to keep this out of the hands of.

While private companies are using this data in ways that cause harm quite indirectly (influence, consumerism - societal evils to be sure, but no immediate threat to your life), police and the SS are most likely to cause very active harm with such technologies.


A technology that is especially easy to use very negatively and relies on a constant maintenence of good moral virtue in government or law enforcement is a dangerously unstable risk. Its like how actively cooled nuclear reactors are just a technology, but its a far better idea to build them such that if power is lost even for a moment you don't experience a dangerous meltdown.

Especially considering that you also have to look at the benefits. There still is no evidence that mass surveillance helped even in the most trivial cases.

Crime numbers? Completely unaffected. I have no illusion that it is a mechanism to empower executive forces of course, but these invasive mechanism have to justify their existence. They have not done that to any degree at all.


> On a side note, the wording in English might give the impression that the German government decides EU law...

First, the text „lehnen wir ab“ can be read as “we won't accept”, in the sense that these legislators are against it. But legislators all over the world say stuff like that all the time, and in the end they often get overruled or outvoted anyway.

Second, I think in a (negative) sense the German government does decide EU law — just like any other national government within the EU does: IIRC, in at least one of the (confusingly) many entities that decide on EU-wide legislation (Council? Commission? Ah, fuck knows...), all the national governments are represented with one vote each, and unanimity is required, i.e. they each have a veto.


I think the prevalence of CCTV in the UK warrants skepticism about its effectiveness as the UK doesn't necessarily have better crime numbers than comparable countries. I know video surveillance is mostly available in hot spots, but for me it is certainly uncomfortable to be under scrutiny constantly and it isn't something I would want to get used to as it does not provide significant benefits.

I'm generally positively surprised by the coalition-agenda (Koalitionsvertrag) that was presented by the upcoming German government yesterday. Fairly centrist policies and a focus on modernization. There's a separate question about how much of it will actually be implemented, but the uncommon mix of three fairly different parties seems to have created a sensible equilibrium.

What's interesting is that in the weeks leading up to the agenda, the Chaos Communication Club put up their own demands written like a digital agenda, essentially prewritten rules. And it turns out that the new agenda includes many of these rules! See https://blog.fefe.de/?ts=9f60b12e

Things like companies being legally responsible for security holes in their products, a right to encryption, open standards in government bodies, no 'hackbacks' from German security agencies, software updates and replacement parts need to be available for the lifetime of a product, all these things in the new government's agenda seem to come from the CCC.

Lobbbying works!

English auto-translation of the CCC's demands:

https://www-ccc-de.translate.goog/de/updates/2021/ccc-formul...


They want to turn around mass surveillance at least, although they did not say anything about state trojans. The state bought NSO Pegasus too.

But let us wait on their deeds, most of the new government was also part of the old government, which was very prone to increase "security®" to the detriment of everyone already living in the safest time of humanity.

In a country that managed to build a totalitarian nightmare twice in just one century the belief in the state and general fear is already stuffily high in my opinion.


All parties have strong conservative wings.

There is some potential for reform-pushing within the Greens and FDP, and I expect we won't see as much of that in the agreement but things will pop up once the chancellor has been elected.


It’s not just governments across Europe, but this petition also calls for the ban of companies doing it too.

I wonder how the “watchdog” piece of this would work, practically speaking, since nowadays almost anywhere with a decent camera can implement some kind of facial recognition or tracking, and cameras are ubiquitous.

Maybe places will find a workaround like just export the video to a different geographic zone datacenter to analyze it.

I don’t see all governments or businesses agreeing to this because: 1. They wouldn’t want to, 2. It would be hard to prevent if the ways to do it still exist, 3. The “big enough” places will just do it anyway in secret.


> Maybe places will find a workaround like just export the video to a different geographic zone datacenter to analyze it.

Which is also illegal.


Believe it or not, straight to jail.

In most EU countries you can't just record people in public without their opt-in consent (Nope, not even taking pictures). Shipping the footage to another location is also not allowed unless you get informed consent exactly who and why will have access to your details.

I'm generally confused as to how the EU seemingly gets things right when it comes to privacy like banning biometric surveillance yet seems completely hell bent on creating a surveillance state in other areas (like banning encryption outright [0] or creating outsized penalties for wrong-speak [1]).

Of course the US just builds things like this for political gain and taxation.

0 - https://mailbox.org/en/post/it-companies-warn-eu-plans-to-ba... 1 - https://ec.europa.eu/commission/presscorner/detail/en/qanda_...


And also forcing biometric data in ID cards:

https://blog.hidglobal.com/2021/09/european-union-already-ro...


The biometric data (fingerprints and facial images) are stored on a chip in the card. This is a pragmatic way of increasing security without enabling mass surveillance.

> The biometric data (fingerprints and facial images) are stored on a chip in the card.

Only on the card, genuinely asking? If I lose my citizen's card and ask for a new to be reissued is that information not retrieved from a central database for the 2nd card?


What’s wrong with the biometric data as long as it’s only inside the card and not stored elsewhere ?

The only thing you can do is to be able to prove (or not) that it’s your ID.

Or am I missing something ?


How did the data get into the card? And how do you know it isn't stored elsewhere? It wouldn't be the first time a government failed to admit exactly what information it was keeping about its citizens, and how it was using it against their interests:

https://www.ibtimes.co.uk/bulk-personal-datasets-how-mi5-gch...


I don't think the UK is a good country to project from when it comes to matters of surveillance. They're quite on the extreme end.

Lots of different interests hashing it out in an at least somewhat functioning democracy are going to experience somewhat schizophrenic behavior.

>Since 2020, the Reclaim Your Face coalition has actively put pressure on decision-makers by uncovering surveillance, publishing research reports, and mobilising people for a society free from harmful technologies such as facial recognition in publicly-accessible spaces.

Emphasis mine. This won't do much, and all the surveillance data will be shipped to China anyway. You're already in their database somewhere and they know more about you than the rest of the West combined.


I think the defeatist stance of 'it will go to China anyways is quite harmful. We should at least try to legislate useful things and enforce them for the common good. Besides, if companies want to avoid the legislation, sending the data to China will not do them much good: what they are doing will be just as illegal. And presumably companies recording video on EU soil can be regulated from the EU.

Yet scanning a QR code which uniquely identifies an individual to get into any venue is totally fine because we didn't update the source code yet and so it's not phoning home this week.

Well, if the source (of the scanner) is even legit, since the app stores provide no way to verify that anyway.


You can choose whether or not to show a QR code, or even disclose whether you have one, and to whom.

Mass surveillance is imposed and can't be opted-out from (unless you have an invisibility device, in the case of widespread cameras).

QR codes can also be discarded, or new ones issued. Biometrics (e.g. face structure) cannot be replaced once "compromised". I use quotes for the latter, since biometrics are never secret in the first place (e.g. if we could keep our faces, fingerprints, DNA, etc. secret then they'd be useless in criminal investigations!).


Oh do pipe down.

If I am in Germany, I can choose not to show a QR code if I _never go out_.

Thankfully I live in the UK with none of this nonsense _and better outcomes_.


Who cares about new qr code when you scan and receive the same PI every time? You can scan a new code but keep recording.

I am required to show a QR code to eat.

...to eat at a restaurant. You can shop at a supermarket and eat at home. The thing is that yes, during the pandemic (and only then) for reasons of public health and safety, society has deemed this small violation of privacy necessary.

Yeah, no, being logged everywhere you go is not "small".

I can't cook when I work.

In Germany you can also just show the Europäischer Impfausweis (official yellow booklet containing all your vaccinations) that doesn't contain any QR codes.

Not in Berlin. Only the digital version is allowed for entry to those places.

Source: https://www.rbb24.de/panorama/thema/corona/beitraege/2021/09...


Can't you just show the paper with the proof of vaccination? Like I might not have a smartphone but I have the paper and ID card in my wallet.

And the paper has a QR code and the checking application makes a request to a state-run server with its data (including owner ID).

That's incorrect, the verification happens fully locally. The check app occasionally has to update trusted certificates but otherwise it runs locally. No personal data is sent to any kind of server.

Until it auto updates.

If it even matches the source as is. Play Store and App Store are non reproducible.


Do you pay cash when you go to restaurants or shopping? If you pay electronically then why do you trust the payment system? (it is not open source,reproducible and for sure your purchases contain much more data then what you imply the QR code scanner collects)

Many Germans refuse to use anything but cash for that very reason, so this isn't a very strong argument.

Yes. And meal tickets for most people here - so cash equivalent.

Yes.

It's on f-droid with reproducible builds.

Obviously there's a risk that the person scanning the QR code does shady things with it but it's rather unlikely the app itself will. It would be caught really quickly.


It depends on location, I doubt some shop or restaurant worker will bother to scan your paper and upload it to the government. QR code scanning should work without Internet I bet if you (the group that thinks it is a conspiracy not you personally) could just disassemble the Android app and see exactly what it sends and to who.

Yeah they don't bother, but that's illegal and the state is trying its best to force them to scan it.

The new German government is also anti-lockdown and presumably passport (at least moreso than Merkel). One of the first things he did was scrap Merkel's plans for a new two-week countrywide lockdown.

It's also worth pointing out that Germany DOES recognize natural immunity and allows this to serve in place of a jab. Haven't seen that reported in US news but you can find it in European papers.


One of the first things he did was scrap Merkel's plans for a new two-week countrywide lockdown.

That lockdown was not a completely unfounded suggestion though, given that both the number of infected and the number of new cases/day are twice as high as during last year's peak [1] -- and last year's peak was around Christmas, not in November.

[1] https://www.worldometers.info/coronavirus/country/germany/#g...


Why does anyone care about cases?

If I get corona I get a bad cold.

Non issue for the vaccinated below 70.


The majority are unvaccinated people. It's really their own god damn fault for not getting vaccinated. At the most there should be a lockdown for unvaccinated people.

I'm vaccinated and I'm German. Your suggestion ignores that vaccinated people are part of the transmission chain exactly as the non-vaccinated. We believed that vaccinated wouldn't transmit it, but they do. Kids too. If you are vaccinated and visit your grandma, you are putting her in risk. Testing everyone and quarantining the positives still our best bet to avoid social conflict while trying to fight this pandemic.

References:

https://www.nature.com/articles/d41586-021-02689-y

https://www.tagesschau.de/inland/innenpolitik/impfdurchbruec... (german)


WIth this attitude you will never visit your grandma again. The classic influenza lineage has been around since 1918.

which attitude? The only way to visit your grandma safe is testing. PCR.

Exactly

So if vaccinated people can still spread the virus, what is achieved by preventing the unvaccinated from eating in restaurants?

- Vaccinated people (presumably) shed lower viral loads. Just that both can spread them does not mean that there's no difference in transmission rates.

- Unvaccinated people are at greater risk of complications from catching COVID, so limiting the avenues for transmission to them helps curb fatality rates and hospital occupancy.

- And, undoubtedly, it's also an incentive for individuals to get vaccinated. Again, with the goal to reduce the overall number of hospitalizations and deaths.


> Unvaccinated people are at greater risk of complications from catching COVID, so limiting the avenues for transmission to them helps curb fatality rates and hospital occupancy.

I’m tired of this argument. Unless one has a medical condition preventing them from being vaccinated, who cares? We somehow got in a state where we protect unvaccinated minority who doesn’t care about how inconvenient they make the lives of everyone else.

One way of convincing people to vaccinate may be to make the ecmo treatment non-coverable under medical insurance for unvaccinated with no confirmed condition preventing vaccination and let’s move on with our lives. What’s the plan otherwise? Another 2 years? 5 years? 10 years?


> Unless one has a medical condition preventing them from being vaccinated, who cares? We somehow got in a state where we protect unvaccinated minority who doesn’t care about how inconvenient they make the lives of everyone else.

This wouldn't be such a big problem if the unvaccinated weren't overwhelming the hospitals and ICUs, which affects everybody in case of emergencies or even planned surgeries.


That’s my point. Perhaps they would vaccinate if they knew it will cost €€€€€ when they end up in treatment.

For a 12 year old boy who is as likely to be hospitalized with jab-induced myocarditis as they are to be hospitalized with covid, both options cost $$

There is basically no difference in transmission rates. Look at the study linked in the RKI FAQ (eyre et Al I believe). It is a clear-cut contact tracing study.

You were infected? -> who were you in close contact with? -> did they get infected?

Result? Negligible impact, rapidly declining. Reducing your contacts by 30% has a much greater impact on spread than vaccination does.


>(presumably)

They've studied this and shown it to be untrue.

https://www.ucdavis.edu/health/covid-19/news/viral-loads-sim...


that's what I said. The only real solution would be: Everything open to every one, the only condition should be a negative test, valid for 24 hours. Like it is today, the vaccinated still carrying virus around and the unvaccinated do home party with other people and no tests are involved. The only benefit from the vaccine is that it reduces the changes to go ICU. The RKI institute in Germany says that 94% of people on ICU are unvaccinated.. P=0.94 is a strong correlation.

https://www.zdf.de/nachrichten/panorama/corona-studie-impfdu...


I agree with you on everything, except 94% is out of date. 35% of ICU patients are now vaccinated, 46% in the 60+ age group. And the percentage keeps rising, especially in the most vulnerable group > 60.

Check out their weekly reports, the relevant tables are usually around page 21 or 22. In the most recent one, it's on page 24.

https://www.rki.de/DE/Content/InfAZ/N/Neuartiges_Coronavirus...


The numbers aren't my opinion. I just read what ZDF wrote.

The Ms. Wagenknecht said something similar with the numbers presented by you: From 3000 people on the ICU, 2/3 were unvaccinated. A pretty high number of Vaccinated.

Reference:

https://www.youtube.com/watch?v=sS5-qOCSZhQ


And what the ZDF wrote is from August and thus completely out of date. GP is completely correct.

Not to mention that at this time the RKI was still counting reported hospitalizations into the "unvaccinated" category if there was no vaccination status known.

Currently that figure is at around 60% of all reported hospitalizations and can be checked by everyone, since the raw data is public.


Non issue, if you are vaccinated and not old you will not die to 3dp.

If you're not vaccinated and not old you will not die to 1-2dp.

It's finished, done, boring now.


Complaining about straw-man arguments is not bringing much. The facts are: the scanners code is opensource and does not phone home. The rest is fantasy - a valid ethical discussion of course, and it's up to us to discuss it properly (that is, keeping in touch with reality).

A restaurant or company could use its own scanner app to save the data, but I assume this would be illegal

Technically they could - if they had the skills (a restaurant with programmer staff?), had a the reason (risking to alienate the customers?) and had the guts to go against GDPR (somebody will spill the beans). So...

QR codes aren't effective at all as a surveillance mechanism. Why the hell does the government need to monitor which venues you visit based on QR code check-ins? They literally just ask Apple, Google, or any other big tech company about your phones geolocation and IP log history to monitor your whereabouts.

Most people with accounts to these platforms have credit-cards, payment history and communication with others. There is nothing particularly special about vaccination QR codes being more unique than any of the other multitudes of data you already provide, willingly, to these tech corps.


Asking Google or Apple means asking a foreign corporation, likely through legal means and definitely targeted to individuals, not population-wide.

Checking logs of a state-run server is way easier.


> Asking Google or Apple means asking a foreign corporation, likely through legal means and definitely targeted to individuals, not population-wide.

Which would be a local telco.


Not really. My telco sees encrypted traffic only.

We are talking about check-ins and location tracking. Your telco knows where you are.

No, we're talking about actual user data. My position is only very small part of the whole story. While my telco can triangulate me, that's not as useful (precise) as you'd think, especially in vertically built-up areas and/or behind walls.

No. Original point:

> QR codes aren't effective at all as a surveillance mechanism. Why the hell does the government need to monitor which venues you visit based on QR code check-ins? They literally just ask Apple, Google, or any other big tech company about your phones geolocation and IP log history to monitor your whereabouts.

This is about locating a user based on QR code scanned at a venue. All I’m saying: no need to ask Apple or Google. Your telco already knows you have been at a location at the time of the venue.


My telco is most definitely not able to determine which particular restaurant, shop or highrise apartment I visited (I know because I have direct experience with requesting this data from telcos via courts and how precise it actually is).

Telcos can calculate approximately where I was (with accuracy worse than raw unaided GPS - so ±10m at least, and unpredictably wrong if I'm behind a wall or in a vertically built-up area) at a particular point in time - but they don't know the exact timestamp to look for.


The QR verification app doesn't ping back to a server, though. You can literally check. It's open source.

Not true. I just spent half an hour googling and otherwise looking for the source code, and it's not published anywhere (Czech version - apps named "čTečka" and "Tečka").

Sorry for the reality check: said states make requests all the time to Google and Apple and also receive the requested data, and we have apparently no issue with this. Instead we use an imaginary feature no scanner outside China has (phoning home) and complain about that.

That's alright - because that request goes through courts. When the state owns the server being requested, they just read the logs without having to consult a judge.

"Things are already bad, therefore it's okay if they get worse!"

Nothing will change with biometric and other mass surveillance either - the temporary feeling of security will always put these things first.

I just hope that the new balance of power in Germany will energize Europe to take concrete next steps towards an altenative way of organizing digital life.

Another good opportunity for improving digital life in Europe is with the proposed Digital Markets Act[0], which looks set to mandate that phone OSes allow side-loading, and require social media & messaging services to interoperate with competitors.

[0] https://www.euractiv.com/section/digital/news/eu-parliaments...


These measures are good and necessary but on their own will not solve the problem. It is not sufficient to say "no", you need to provide (=invest)in alternatives that show what "good" looks like.

For some bizarre reason the European continent has outsourced digital infrastructure. It is then no surprise that what is on offer is not congruent with the values and attitudes of its citizens.


Ha! I read "biometric mass surveillance" as some new remote sensing method to determine how much people weigh.

The actual article makes more sense & is a good thing.


Thanks to FDP and Green Party —- you cannot trust Social Democrats on such issues at all!

Neither can you trust the FDP. When they became part of the governing coalition in the state of NRW they immediately passed a bill for more video surveillance and abolished the requirement for law enforcement to wear visible name labels or badge numbers.

…the same kind of bitter pill the Green Party has to take whenever they are a minority partner in a State Government. Nothing new for both parties that they need to compromise - now, it’s new that they can act together on a lot of issues against a relatively smaller and potentially very weak third party. I know from first hand experience how deeply rooted the „law and order“ thought is within the Social Democratic Party, since I‘ve been running for office against one of their hard liners in 2013. Hint: it’s been the one caught buying crystal meth a couple of months later :)

Michael Hartmann?

Meanwhile from 2022 onwards all entry to the EU from non-eu citizens will require Fingerprints and Facial scans to be saved [0].

One rule for us, one for the rest, it seems.

(For the record, I am absolutely against this, having recently lost my EU citizenship).

0: https://ees.secunet.com/en/about-entry-exit-system/


I'm curious why I've been down voted here -- I'm an EU resident, legally, and I am also Scottish -- so my EU citizenship that I was born with, was taken from me by the members of a country I consider rather different to myown, but who unfortunately rule over us due to pure numbers..

But I don't think I said anything offensive or false..

Fuck brexit, but also fuck fingerprinting foreigners (of whom I am now one apparently)...


It isn't one rule for us, one for the rest. As a EU citizen my fingerprints and facial scans have already been saved and I didn't have to travel anywhere. Do you not have any form of ID in Scotland? If you do, does it not contain your picture and were you not required to give a fingerprint when you first requested it?

Oh super late reply, but yes my photo is on my passport, no I didn't have to give fingerprints and I live in Germany, which has a rather tight view on such surveillance given their history..

I would refuse to give fingerprints, if asked, unless compelled to by a court. Same for my children.


It's good meassure to prevent abuse of immigration opportunities. It's not possible for everything to be ideal, this is an acceptable compromise for most.

Biometric surveillance should get stopped. People deserve their privacy. EU should focus on greater human interests.

I hope to see more of this all over the world. Just because you -can- do something doesn't mean you should do it. Technology that infringes on the right of privacy should be heavily curtailed as a matter of first intent and should only be reversed for things like criminal warrants. I would hope this would become a basically understood right if the West really wants to maintain liberal democracies rather than forever inching towards one-party fascism like we are currently headed in the USA.

Biometric mass surveillance is a problem because bad actors in government and corporations have and will use it to the individual’s detriment. People are prevented or made to endure hardship at acquiring food, water, shelter and clothing, imprisoned and punished, for nothing more than not being part of the party holding power.

Where this all becomes problematic is either government or corporate entities using it to manipulate and punish individuals for being individuals but not harmful to others. Controlling whether you can even get water food and shelter and imprisonment for not promoting or for demoting their own world view.

I guess now that the UK is no longer part of the EU, this has a higher probability of happening.

Maybe I missed it, but to what level is BMS happening already? Mind you, I understand the issue / problem. What I'm trying to gauge is the likelihood of a ban based on how embedded the behaviour is already.

Their new government seems like an absolute dream: legalize cannabis, push European federation, now this.

There's gotta be a catch somewhere.


I will respawn as a barbarian if we create a European federation. I think this is populism from Scholz to pick up naive voters. I mean I understand the want to be part of something greater and I like all the countries in the EU, but this would basically be a foul compromise for everyone. The rest seems decent. It won't be implemented tomorrow and we have to wait if they keep their word.

The "catch" is the doubt if they can get all these proposals through without significant watering down.

But ok non-Eu especially china. Or you refuse technology to them as well. Wonder.

But not phone-based mass surveillance, which is much lower cost.

I read the title as being about a ban on profiling fat people.

How can they stop 5G?

The parent comment may look like a baseless conspiracy theory, but it is worth considering the unintended consequences for privacy of bombarding public areas with more radio data. For example:

> Researchers in the US have used WiFi signals to detect the gait of people through walls and match it to video footage in order to identify individuals.

https://www.theengineer.co.uk/wifi-walls-walkers-gait/


There are dozens+ papers like that specifically focused on mm-wave stuff, "passive" localization/identification/sensing. Gait doesn't go far enough to describe it. It's basically the equivalent of face recognition tech but in the mm-wave spectrum with standard router hardware.

The various mm-wave bands being used in 5G (and being proposed for "6G") are much more dense (spatially and information theoretically) than the < 5GHz bands, but sparse enough compared to visible light that many obstacles are quite translucent.

mm-wave antenna arrays are kinda just big low frequency eyeballs.

Here's an old comment with some references: https://news.ycombinator.com/item?id=22480444

And a video to drive it home: https://www.youtube.com/watch?v=kBFMsY5ZP0o


Exactly right. But I wouldn't be sure those who agreed to the new coalition agreement understand any of this. Germany's legislature is hopelessly clueless when it comes to tech stuff (and other matters).

It also appears to me that even many who do understand the danger aren't thinking their stance through properly. We live in a data world now more than ever. Data is power, data can be used as a weapon. I'm completely against mass surveillance, the same way I'm against war. At the same time, if the EU forbids any data collection in that regard, even by private companies, then the ones producing and controlling this data will be the likes of the US and China without doubt. Already facial recognition is used in machine learning, to auto-verify IDs, to catch criminals on the run, and for all sorts of other purposes. This is part of a much larger problem. We're under surveillance not just by cameras but microphones in devices all over, satellites, the various sensors in our phones, digital payment, social media activity, and so forth. Heck, most EU citizens have "smart" meters monitoring their electricity use now, which have been found make the leaking of all sorts of private information possible. The internet makes it all possible and in all cases I know about governments have not been proactive in legislation making. A blanket ban seems like an absolutely helpless and populist "solution" to the problem.


I don’t get why people want to ban facial recognition. There shouldn’t be an expectation of privacy in public spaces. And facial recognition is simply making a manual task police need to do a lot cheaper, helping them identify suspects who break the law. At least in the US, west coast cities definitely need greater surveillance of public spaces, with facial recognition (and other such tech), if they want to deal with the contagion of large raids on stores which began in SF and now has spread to LA. I feel like we can use this tech with some very simple controls like requiring reasonable suspicion of a crime, and keeping a human in the loop to verify matches, and make the best of this technology to help society. The group processing facial recognition matches can even be separate from the police force, essentially providing tips to police dispatch when they find a likely match.

"There shouldn’t be an expectation of privacy in public spaces." Perhaps not to some degree, but facial recognition takes it up a notch. And ultimately what we should or shouldn't expect is up to us right?

Suppose someone found a way to passively and remotely read people's minds. And as a result you can't go anywhere in public unless you were OK with your thoughts being captured and recorded. You could see how that would suck right? And the potential for abuse? Might be great for the police I suppose, and would probably lower the crime rate. But would you want to live like that? Facial recognition isn't that extreme of course, but they are both in the privacy ball park, at least in my opinion. So maybe its just a matter of degree...like what you're willing to put up with / feel comfortable with.


> Suppose someone found a way to passively and remotely read people's minds

Can a trained chimp do that now? No.

Can a trained chimp recognise a face. Yes.

Computer facial recognition is simply digitising human workflow, like converting a speech to text. I assume people also have a similar problem with electronic transcription or 'word recognition technology'.

Scanning peoples brains and reading their thoughts is literal mind reading science fiction.


It is science fiction right now, but who knows in say, 30 years. My point is, if it did become a reality, I assume you would be against it right? What would be your reason? Because a chimp can't be trained to do it? That seems kinda arbitrary to me.

"Computer facial recognition is simply digitising human workflow" I get that, but that one simple change comes with a tremendous increase in power and responsibility. And I'm not convinced the pros outweigh the cons. Maybe if there was an "opt-in" clause then I'd be a little less concerned. Like "If you want the government to keep an eye on you and a record of everywhere you go, sign here."


It wouldn't suck. Nothing would change for you. The impact to the average person's life would be 0.

This is a proposition to ban mass facial recognition, not all forms of facial recognition.

There are no reason that laws should authorise mass automated face recognition without a judge approval and/or without any crime being committed on the footage.

As far as I know nothing proposed here would prevent facial recognition in case-by-case crime situations like you suggest.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: