Advocate now. This is arguably the most important regulation review the USGOV will conduct in the next few years, here's why:
- It is a national security issue. Foreign actors can exploit this data to perform highly targeted attacks on individuals at scale.
- It will be an issue for you as a senior. We will all get old, and our ability to detect, ignore and counter misuses of this data declines with age.
- Its an anti-monopoly issue. Much of this data is concentrated and sequestered in large companies. Small businesses, responsible for most employment in the US, cannot afford and is not aware of the availability of this data.
- Privacy should be a human right. I know there is push-back to this argument, but seniors aside, many young adults (and some plain old adults) simply are not aware and not capable of understanding the data they are giving up, how it is (mis)used, and what that means for them.
I hope all of us will engage with this form and provide comments.
Be sure to write useful comments. Your opinion ("I think Bluetooth beacons are bullshit") is much less useful than specific, actionable information:
I have noticed the widespread use of Bluetooth beacons and commercial license plate cameras in my area. In addition to causing me to worry that the local grocery store is price-discriminating against people that do not own cars, some such businesses are adjacent to health clinics, and certainly inadvertently harvest HIPAA protected information about the appointment schedules of those clinics. In addition to this, in-store beacons other technologies, such as shopping cart RFID tags, allow marketers that work with grocery stores to infer health information by tracking patients as they move about inside a store. This information could then be used by insurance companies to unfairly adjust premiums, or by pharmaceutical marketers to better-target ads for frequently-abused prescription drugs.
Health care is only one of many industries likely to abuse the information provided by passive surveillance systems. It is technologically infeasible to ensure such systems are used responsibly and legally.
The FTC regulates technologies such as stalkerware apps, and has implemented anti-bait-and-switch marketing rules in other industries. Similarly, it provides guidance for responsible use of IP cameras. For these reasons, I think it would be well within your authority to institute wholesale bans of Bluetooth beacons and regulation of commercial license plate cameras that feed into data aggregation infrastructure.
They're recommending ways for everyone to make useful comments to the FTC (and talking personally about their problems with bluetooth), not telling the person they're replying to that their comment was not useful.
>> Much of this data is concentrated and sequestered in large companies.
Even the claimed use "advertising" does not require data collection. It probably does make advertising more efficient, but that isn't a reason to allow it. Once collected it does tend to get aggregated in a large player, so most playing the game do not win anyway.
I'd prefer they ban this data collection (and certainly its transfer or sale) but I fear they just want to "regulate" it.
I'm honestly pleasantly surprised that "commercial surveillance" is the term they're using. You're also absolutely right, the time to lay the case is now.
Also pleasantly surprised. Rebecca Slaughter used the term surveillance-economy previously when advocating for data minimization, saying that this "should mean that companies collect only the information necessary to provide consumers with the service or product they actually request and use the data they collect only to provide that service or product."
It's a principle that we use in making our own design choices, but we are an outlier, for now.
Anyway, interesting starter questions include:
1. Has X company gone beyond data minimisation?
2. If so, in what ways is this done?
3. To what extent does this amount to commercial surveillance?
4. What are the known and potential consumer harms of this commercial surveillance?
5. What problems can be solved, in society and the economy, with data minimisation as the default?
It depends on who appointed the people reading the comments. I suspect we have some Biden and Obama people in at the moment.
Also, there are people in these organizations that have made a career of working at the FTC because they believe in its mission. They will also be involved in the process.
like for example, all of the applications for national security status managed by the State Department ?
Why do citizens get tracked while buying bread, when actual National Security is exploited from afar? Where is the accountability for what has already transpired?
Dude, what are you smoking? I'm talking DNA data collected by Ancestry. I'm thinking behavioral data ala Tik Tok. Not sure what the US Dept of State has to do with this, especially since 99% of their mission is overseas engagement as opposed to domestic. If you're referring to collection on foreign citizens, well no joy to be had with the FTC. Lobby your foreign government to engage with USGOV on treaty obligations that sync privacy... shouldn't take more than 30 years to get that done.
* The FTC is the US Federal Agency here, edit, my armchair error
* FTC rules review will discuss ... more reading on the agenda here
* a post (above) claims that this is a "national security issue" as in, bad foreign agents might track citizens here
* But wait, actual national security is held in trust with the Federal Government, and has provably failed to protect itself against serious compromise, as mentioned in my reply
* But wait again, US citizens are getting no reprieve in being relentlessly tracked for "ads" while some claim there is a national security issue so it is important that we engage in this feedback
* Where is the accountability in Federal Government for real, actual National Security? and why are citizens being tracked doing daily things, in the first place?
Also, the government is not a monolith. In particular, note that they're targeting commercial surveillance, and the biggest surveillance companies on earth have ties to other parts of the executive branch.
Dude... you are conflating the national security risks from foreign actors accessing US citizen privacy data, with your concern about the risks of domestic surveillance. Your comment is off-topic to mine and therefore whiney and immature.
> actual national security is held in trust with the Federal Government, and has provably failed to protect itself against serious compromise, as mentioned in my reply
Nat Sec folks have to be right all the time (impossible). Threats only have to get it right once. There have been failures and there will be more. If you think not hearing about successes means they aren't commonplace, then too bad for you that you never worked in Nat Sec or held a clearance. A lot of bad people have been taken off the playing field by USGOV and more will follow. But keep judging something you have no personal experience with.
Crash reports, error events, feature flags, installation telemetry, however convenient it is to have this information, none of it is essential.
The services that are often used to implement these things (sentry, segment, launchdarkly, etc. etc.) - and then in particular the APIs and the "all-batteries-included" SDKs they usually offer, make it very easy to collect a much wider array of data beyond these faux essentials at, essentially, the flick of a switch. And, besides, whose to say these services don't and/or won't abuse these capabilities?
I hope for this official debate to push back a bit against the normalization of this.
Consumer protection encompasses reliability and change management as well as privacy. Tossing software out into the world with no idea if it’s working and no ability to mitigate bugs could, in a more regulated climate, come to be seen as a kind of software engineering malpractice or negligence. Telemetry and feature flagging are an essential part of my employer’s compliance story with at least one of its EU regulators.
That would invalidate - partially, at least - those accountability-waiver and acceptance and acknowledgement that there could be defects clauses you will find in the terms and conditions of nearly all modern software.
If it is being monitored and continuously optimised, then the consumer should be safe to expect the moon and have options for recourse if the condition or functioning of the software does not reflect what the reasoning for gathering all this telemetry implies, and what the possession of the data would allow for.
In summary: we do this so we can do that, but then not actually delivering on it don't fly
As with most things it is about taking reasonable steps given the situation, following industry best practices, etc. That doesn’t always work! But there is a difference between an outage for dumb and easily preventable reasons like “wasn’t even looking” vs. more subtle chains of causation.
Everyone wants this -- well, everyone except the online-advertising industrial complex, whose profits depend on being able to collect and sell people's data without having to worry too much about the societal costs.
The online-advertising industrial complex won't want to give up its sweetheart deal: private gains with public costs. Going forward, I'd expect to see a big PR/lobbying fight about this, possibly including astroturfing and even personal attacks on Lina Khan.
This is a really important area for the policy community to address. We have an opportunity to forge a third way, learning from both Europe's well-intentioned efforts and China's hybrid capitalism surveillance state. Technologies like end-to-end encryption, differential privacy, and secure multi-party computation create opportunities for systems that deliver the benefits of the crowd while respecting individual autonomy and privacy much better than current solutions.
If we get this right, it will be a win for both individuals and businesses.
This is great, thanks for sharing. Let's submit comments. Doesn't have to be an essay, you can comment on the individual items listed there. If we all here tackle one or two items, we should be able to make a sufficient impression.
GDPR is great on paper but suffers from a significant lack of enforcement, so a lot of malicious actors willingly breach it or practice fake compliance (intentionally obnoxious consent flows that are hard/impossible to actually decline even though the law requires it to be as easy as accepting).
- It is a national security issue. Foreign actors can exploit this data to perform highly targeted attacks on individuals at scale.
- It will be an issue for you as a senior. We will all get old, and our ability to detect, ignore and counter misuses of this data declines with age.
- Its an anti-monopoly issue. Much of this data is concentrated and sequestered in large companies. Small businesses, responsible for most employment in the US, cannot afford and is not aware of the availability of this data.
- Privacy should be a human right. I know there is push-back to this argument, but seniors aside, many young adults (and some plain old adults) simply are not aware and not capable of understanding the data they are giving up, how it is (mis)used, and what that means for them.
I hope all of us will engage with this form and provide comments.