> The entire population of Afghanistan was biometrically catalogued - supported by the German Bundeswehr. The motivation for this systematic collection of fingerprints, irises, faces and DNA was to enable the distinction between good and bad people. Programs such as the Automated Biometric Identification System (ABIS) were designed to identify known criminals, as well as local collaborators or Afghan security forces, at any time.
Yes and the same people (ie feds) would do it and other worse things they’ve done overseas to American citizens, always worth remembering. These people aren’t your friends, and they certainly don’t have your best interest in mind.
Institutions tend to trend toward power consolidation and authoritarianism over time. It's just how it is. Free society needs to constantly work to prevent it.
I'm far more concerned about the Americans, many here, who's knee jerk reaction is to engage in all sorts of mental gymnastics to give the government the undeserved benefit of the doubt and minimize the significance when these things come to light. If I wanted to give them the same undeserved benefit of the doubt they give government I would say they are ignorant of the danger.
What I don't understand is the tendency to limit this thinking to the government. Look at Google's evolution from "Don't be Evil" to today as an example, but they're far from the first to follow that path. People will decry China's Social Credit score, but seem fine with America's private credit scores.
If we based what should/shouldn't be allowed for a corporation or any individual based on if it physically causes harm to any person, then we'd have a really shitty place to live.
That actually sounds like an awesome place to live, where victimless crimes have been eliminated and obnoxious busybodies have no recourse but to impotently whine.
You seem to be confused on my intent. Victimless crimes are completely different than crimes that do not cause physical harm to the victim. I'm suggesting things like hacking where your bank account is drained, but without any form of violence. The person I replied to implied that would be okay, so I was pointing out that violence should not be a precursor.
You've taken it as something totally not what was the spirit of the thread. But sure, eliminating laws that make victimless crimes a possibility seems like a good idea. Have fun getting that to happen.
> You've taken it as something totally not what was the spirit of the thread.
The exact same thing can be said of your reframing of "physical harm" to be "violence" exclusively. You've clearly never debated someone from the voluntarism persuasion, because otherwise you'd know about the concept of externalities. But here is your chance to shine: will you acknowledge the fact that industrial pollution causes physical harm and that your unnecessary reframing creates that blind spot, or will you double down and hamfistedly attempt broaden the definition of "violence" to include pollution (and a thousand other things I could follow up with)?
Anyone who knew what Snowden did and did not report it is a fed. There are no two ways about it. DoD, Congress, the executive branch (CIA, FBI, NSA) are all feds.
I read this in disbelief, picturing a uniformed INS employee drawing vials of blood in some poorly sanitized strip mall. It turns out US green card applicants are required to show proof of vaccinations and undergo a physical exam by performed by USCIS certified physician. For adults, the exam includes a blood test for syphilis. Source: https://www.uscis.gov/tools/find-a-civil-surgeon
It's not that simple, Once you have been exposed to TB, you will always test positive. A chest X-ray is the only way to know if the TB is active or not(that I'm aware of currently). Source: I'm one of those that always test positive to TB tests.
Wow. Just got citizenship and I was in disbelief. So glad I missed this. Absolutely dystopian to have to submit to a physical for citizenship for any country.
We already do have federal ID: our social security numbers. And if you're a man your selective service number, too. Both are technically not mandatory, but the steps to avoid them are incredibly byzantine and lock you out of lots of social services.
> We already do have federal ID: our social security numbers
Social security numbers (or cards) are not ID, in any meaningful sense.
> And if you're a man your selective service number, too.
Also not an ID.
> Both are technically not mandatory, but the steps to avoid them are incredibly byzantine and lock you out of lots of social services.
“Immigrate to the US after age 25” isn’t that byzantine. And, actually, selective service registration is technically mandatory, during a narrow age band.
Social security numbers are unique IDentifiers for almost all people (legally) living in the US. Their whole point is to uniquely identify each person in the country. Even if you immigrate to the US after 25 you'll be assigned an SSN after becoming a permanent resident.
You can't board a flight with it because there's no photo, but it's still a near-universal way to ID each person residing in the US.
Their point is to identify a unique taxpayer record or a unique social security recipient. They lack a photo, so their utility is limited in identifying a physical human being.
They are, pedantically, "an ID". Just like a UUID is an ID. They're just not the type of ID we're talking about: an ID that authenticates the identity of a human who possesses it.
> You can’t board a flight with it because there’s no photo
Exactly. When we discuss “national ID” we are talking about an identification document: a tool that allows authenticating a person; an SSN doesn’t do that. It is an identifier, not an identification document.
(We do have a actual national IDs, but they aren’t universal or mandatory, either in theory or in practice, though they are required for certain purposes and will be soon for more, and are increasingly common. Passports, state-issued IDs meeting REAL ID standards, Enhanced Driver’s Licenses, etc.)
SSN are supposed to be unique. They are not. If you try to use them as a unique identifier in a database, your customers/end users will be sorry. In the payroll app that I'm currently working on, 111111111 is used as a temporary number. Which ends up not being temporary enough.
So will you, because your database is now bleeding red-hot PII across every query and foreign key. Chances are you'll now end up with a web interface that uses SSNs in its URLs.
Working on my 3rd bachelors degree - in my early 50s - required me to provide my selective service registration number. Something I had not needed since the 1970s.
The status quo is that the states already have IDs that are exactly how they want them. There’s no practical benefit to them, and it’s a politically convenient argument for privacy rights and states rights.
Because it feeds into the "mark of the beast" thing. State legislators want to appeal to the fundamentalist crowd so they occasionally have to make noises to satisfy them. Since enough people in my state believe such a thing about Social Security numbers, there is a form that the DMV (who I used to work for) has for people who are against SSNs due to religious reasons (SSN required for driving & occupational licenses by Uniform Interstate Family Support Act [0]).
> It also forced all people, great and small, rich and poor, free and slave, to receive a mark on their right hands or on their foreheads, so that they could not buy or sell unless they had the mark, which is the name of the beast or the number of its name. [1]
The states are fine with it, as it would make their lives easier and yield more federal dollars.
National ID was a core GOP platform issue post 911. It never happened because both extremes of the political spectrum are against it. Right wingers are into the mark of the beast stuff and see it as a tool of government tyranny. Left wing types see it as a way to disenfranchise voters and deny resources to marginalized people.
Both are right and wrong. So the status quo prevails.
For “normal” people, it’s a non-issue. Once you get to the people who fall out of the funnel, it gets more complex. How do you keep ID current for a 95 year old in a nursing home? Or a kid who can’t get vital records documentation?
Compulsory federal ID is a weird issue that the extremes
of political discourse agree on, and the moderates mildly support or meh.
Why does a 95 year old in a nursing home make it any different if it is a national ID vs state ID? I'd assume the 95yo no longer has a valid license, but at that point the state ID is issued in its place.
A kid that can't get vital records is also going to have an issue with getting a state ID. So again, doesn't matter if state/national.
It would get them out of the ID business, or yield federal dollars to be in that business.
It would also streamline lots of use cases that require ID. Various federal programs administered by states require that you authenticate people in different ways. The states spend millions to do a shitty job (driven by Fed requirements) for unemployment, social services, Medicaid, etc.
> First of all, they don't want to be out of the ID business.
How do you know?
State motor vehicle orgs are revenue generators. ID operations are expensive and operationally risky.
A federal ID would put the states in the business of selling endorsements. A drivers license would be like a deer tag or fishing license - higher margin and lower overhead.
It would also enable online services and local/county/state government could significantly reduce workforce and other expenses.
How would a state assign endorsements to an ID they do not maintain or control? How would they use an ID database they don't have?
The answer is that they'd have to rely on the federal government instead, and given the functional relationship between the states and the federal government, states just aren't going to voluntarily give up that power and trust them to do this for them. It is in the existential interest of the states to maintain as much power as they can, despite the associated cost.
Easy. Just validate the Federal id, probably at a higher trust level than they do today.
Because state dmv compacts govern data exchange and DMVs are all about selling stickers, state programs don’t have access to the ID data they own, except for law enforcement purposes. Companies like id.me, experian, etc buy that data from states and the. sell it back. (usually do a shitty job at it to boot)
Validating a federal ID would tell someone that I am who I say I am. A federal ID wouldn’t indicate whether I am qualified to drive a vehicle according to any state law.
> the people in the US decrying Federal ID are exactly correct as shown by the reality in Afghan?
Sort of. The defence in America against a Taliban-style takeover is more in its decentralisation. From politics to financial records, the data are held in multiple spots, making an automated canvassing difficult. The downside of that decentralisation is a lot of corruption and fraud can go uncaught.
Just FYI, I downloaded the document that they referenced, and it doesn't say that the entire population was biometrically catalogued. It says that people "of interest" and "threats".
Who needs a federal ID when you have credit companies that already track everything you do from the shadows anyway? This way the program can run without oversight, transparency and that pesky freedom of information act!
For context, this was a known threat when the US evacuated Afghanistan. It was just one aspect of the mess that occurred at that time so it didn't get much attention, but here's an article from August 2021. [0]
The main worry was that we basically handed the Taliban a list of Afghan translators and US cooperators. It's been 18 months since then. Does anyone know if there were consequences for those people? Has the Taliban acted on this database to enact retribution?
This article highlights the responsibility that ALL technical workers share. We must be ethical in our actions at all times. For example: Is it ethical to create a biometrics capture & storage system that does not encrypt the data it stores?
-Hey PM, I'm worried about this. We don't have the resource allocation to ensure the on-device data can't fall into the wrong hands. It's not even encrypted!
-I hear your concerns and agree. There are strong protocols set in place to make sure devices are taken care of after use, and only personnel trained on this device may use and access it. Don't worry, they know what they are doing. We can add that encryption into firmware v2 so relax. Did you sign up for that conference in Florida btw? It's going to be the bomb, sunshine, fun like no tomorrow!
I've been called a trouble maker and low performer for discovering and insisting on fixes to security flaws. I thought my concentration in Infosec would have been an asset to my career, but so far it's been a liability.
The biggest problem in these situations is that people are highly dependent an their current job (especially in the US) and of the boss says do it you do it. The lack of a safety net and your insurance being tied to your job makes this sadly a very easy choice. I was fortunate enough that out of college I could decline working for defense contractors unlike many of my colleagues.
There would need to be some protection for workers like there is for whistleblowers but smaller things like this don't count as whistle blowing.
> The biggest problem in these situations is that people are highly dependent an their current job (especially in the US)
It's not only that, it's also that the money is really good, comparatively speaking.
One of my close friends is a tech guy and works for the biggest European defence company, which is mostly a French-German alliance (they're also in the business of making planes), and two of his last job stints abroad have been in Afghanistan and in Saudi Arabia. There's no way he could have made the sort of money that he made had he decided to work for a local, very boring company (I live in an Eastern European capital city).
'... Biden administration this week used the provisions of a 96-year-old labor law to force unions representing thousands of railway workers to accept a contract ...'
Thanks for the article, I’m not American nor do I live there so I’m not so well versed on US labour law and unions. From reading the article however it seems this issue was particular to rail union workers?
> Unlike the National Labor Relations Act, he said, which leaves both labor and management with "economic weapons" they can threaten to use (strikes for unions, and lockouts for management), the Railway Labor Act has a provision allowing the government to block a strike from taking place.
Unions aren't like in western Europe, for example, where they are more considered in the business. Just two years ago OSHA (worker safety regulator) crammed down a vaccinated-or-fired mandate to nearly all companies and unions didn't help much. The only safety is to financially be able to quit.
> people are highly dependent an their current job
It is often voluntary lifetime debt slavery to have payments on the latest gadgets/car/timeshare/oversized house.
Recently train workers union had working conditions crammed down on them by no less than Biden. If the workers were not in debt slavery they could have quit. Biden showed a union they don't have a choice when their members are debt slaves.
Your protection will arrive when you change your lifestyle to get out of debt slavery.
The truth is most people would operate just fine in any environment, including Nazi Germany, justifying it like you just did. It's plain luck that they aren't.
In this specific case it's very easy to morally justify such data collection to yourself, after all your friend was just torn to pieces by an IED placed by partisans, and another one two weeks ago.
Russians are really "good" at this counter-insurgency game, they simply torture, run concentration camps, ethnically cleanse by sending to Siberia. Worked in Chechnya, works now in Ukraine.
I would've stopped at 'Is it ethical to create a biometrics capture & storage system ' , thus highlights the problem with allowing technical workers to judge the morality of their own actions.
> Jacobsen's gripping account of how a platoon's deployment revolved around biometrics and how it ultimately led to a grave betrayal of justice is a must-read. Jacobsen fails to substantiate her connection between counterinsurgency and domestic policing norms. Nonetheless, she makes a compelling case for why deliberate thought must go into how governments use biometrics in the future. She rightly points out that citizens of the U.S. must be wary of the creep of battlefield biometrics into everyday policing. Questions still exist as to who should own biometric data of populations, what rights individuals have over their biometric fingerprint, and who should have access to such databases, especially when a war is over. Perhaps a future Geneva Convention-like treatment of biometrics is the answer in our ever-connected world.
The headline should be edited to specify the database was specific to Afghanistan citizens.
I recommend this because when I read the headline I assumed it was referring to the Defense Biometric Identification System (DBIDS) which is the central system used to verify US military, dependents, contractors, GS civilians, etc., when accessing US military bases or other secure areas.
This is why I don't understand all the funding that goes into cyber security research and related technology: in so many cases, the technology is not even the weakest link.
It's a technology problem too: the devices should have been encrypted such that it wouldn't matter if they fall into the wrong hands.
Of course, it all comes down to organizational issues in the end (they knew about the risk and ignored it), but this seems like exactly the kind of thing that politics want to prevent when they throw around money for "cybersecurity".
…or before the German Constitutional Court[0], given that the German government is bound by the German constitution (which includes a right to privacy / informational self-determination[1]).
You can’t just bring stuff before the German constitutional court in most cases. The court is no ordinary court, it does not judge on cases. It judges on whether a decision of an ordinary court or a law violated your constitutional rights. So you’d have to bring this to a normal court first, go through the appellate process and then, maybe, the constitutional court will accept your case.
That is not entirely true. There is the „Verfassungsbeschwerde“. There are limitations in place that boil down to three criteria that have to be met. The complainant has to be personally, currently and immediately effected. The later is the criteria that is fulfilled if you were convicted. That’s why a lot of decisions of the court are part of an ongoing process. However a decision of a lower court is not the only way to fulfill that criteria. A recent example is the decision regarding the climate protection act
Note that the Verfassungsbeschwerde in the climate protection case argued that the state failed to create sufficient laws to protect constitutional rights (sorry, edit, I recalled that wrong): the challenge was actually directed at a specific law, arguing that the law is insufficient to protect constitutional right. It was partially successful in that regard.
This, however, is unlikely to be a successful line of arguing here: A law exists, and I doubt the affected afghan people would like to challenge that law’s constitutionality.
(Sidetrack): there are more cases where you can appeal directly to the Verfassungsgericht. A relatively common case is when the police forbids or severely limits demonstrations and time is to short for a regular court to make a decision. This is still similar to going through the ordinary courts, because you’re challenging the constitutionality of a state-actor decision.
To add a bit, obviously this was outside of Germany's borders and direct jurisdiction. Does that mean a German citizen can use German public money to perform actions that are against the convention on human rights abroad? And, similar to how the getaway vehicle provider gets a different sentence than the mastermind who also held the gun, probably there is reduced responsibility here. But is there none at all?
And all this is still besides the question whether the employment was necessary and the least-invasive method possible. If you can prove a need greater than the lost privacy, as well as the lack of an alternative option, if I understand how the system works correctly, then it's perfectly legal also inside of Germany.
German law knows no jurisdiction boundary for german citizens. A german that breaks german law but can't be charged in the country were they did it can still be charged in germany. (Weltrechtsprinzip)
“Taten, die ein deutscher Amtsträger oder für den öffentlichen Dienst besonders Verpflichteter während eines dienstlichen Aufenthalts oder in Beziehung auf den Dienst begeht”
Now, all of this first requires that a crime was committed - and that’s not even clear. If the collection happened on the basis of a law, doing the collection would not be a crime. The article shows no proof that the Bundeswehr mishandled the data.
Seems that article 8 of ECHR could be relevant indeed.
> S and Marper v United Kingdom [2008] ECHR 1581 – Retention of DNA information in respect of persons arrested but not convicted of an offence was held to breach Article 8.
Is ccc worth attending remotely this year? Use to be my favorite con but it is mostly german (I don't know the language) and I haven't seen anything that stands out last year or for this years' schedule. Been watching since 26c3.
COVID measures. Germany is relatively strict, for example, N95 (FFP2) masks are still mandatory in long distance trains, and at the time where they would have had to decide whether to do or cancel the event, it was completely unclear if measures would be lifted or if e.g. such events would be banned or hit with limitations that would make them infeasible.
> "The irresponsible handling of this high-risk technology is unbelievable," said Matthias Marx, who led the CCC research group. The consequences are life-threatening for the many people in Afghanistan who were abandoned by the western forces.
> "It is inconceivable to us that the manufacturer and former military users do not care that used devices with sensitive data are being hawked online," Marx continued.
I dare say this will be met by many in the west with <shrug>
> And yet all of this was predictable, because biometric databases cannot be effectively or permanently secured against illegitimate interests.
> What happened in Afghanistan is just a foretaste of the many biometric databases that will fall into the wrong hands in the future.
This might stir a few people though - when it becomes commonplace for roaming police in the US, UK, Australia, Germany, etc to carry hand held devices with compressed offline usable biometric ID scanners ...
When the Cambridge Analytica story blew up and Facebook was the main character of the week, I spent an entire 3 hours in a weird state of shock.
Not because of the contents of the story. I was shocked because this story had broken like eight months prior and everybody shrugged then.
But then it was framed politically, and suddenly people gave a shit. It was surreal.
So if you want to get people to talk about it, and be emotionally invested, simply frame it as evidence of [Specific Politician] mishandling [Specific Element of News Story].
It doesn't matter much which politician you slot in there, but current and former presidents on opposite parties can work with different audiences. For example, make unsubstantiated allusions to an alleged stolen laptop and connect the dots through some vague sense of poor data security practices and you can get them to repeat it with fervor.
(I realize I'm risking devolving this thread into a politics discussion here. I'd like to avoid that if possible. I'm more interested in the "how to motivate people to care about this story" angle, with references to prior art, rather than the specifics of any particular party, person, or scandal.)
>But then it was framed politically, and suddenly people gave a shit. It was surreal. So if you want to get people to talk about it, and be emotionally invested, simply frame it as evidence of [Specific Politician] mishandling [Specific Element of News Story].
To talk yes. But they still don't really care. They just use the story as a weapon against the party they don't like...
You're of course right about that. But that's also a consequence of a story being manufactured for weaponization.
It should be possible (although probably only if you can control the message; i.e. if you owned the news media) to hijack the political interest towards a humanitarian end goal.
I say possible here because I haven't figured out the specific mechanics of accomplishing just that. But I'm bad at social situations, so I could be missing something.
Iraq was the false accusation. Afghanistan was correctly accused of sheltering Al Qaida. (That we then allied with Pakistan, who also sheltered Al Qaida, to bomb Kabul is a separate curiosity.)
Also, the hypocrisy: US is basically leaking super sensitive data because careless I SLEEP Assange / Snowden release proof of human right violations REAL SHIT
While I understand the argument being made, the fact that the data was apparently split across two machines with a relatively small number of data points (just over 2000) does suggest that the databases were specifically structured for the task at hand. Therefore, the assertion that the data of the whole afghan population is readily accessible seems somewhat exaggerated, and as a member of the CCC, I would have expected a more nuanced approach in communication. I like linus but since he took over as the defacto press officer all the releases get a bit sensationalized.
Of course, these were just the devices they managed to buy on (presumably) eBay. There may well be a big pile of them being held by the Afghan equivalent of CCC or some other organisation that isn't publicising it. If you see a mouse in your house it doesn't mean there's one, it means there's loads.
You are as speculative in your comment as the press release its just bad manner. Why not just be truthful and communicate something "We expect that the data of the whole afghan population is compromised but we can't be sure at this moment." Just don't paint your suspicions as facts if you have no way to validate them.
The problem the CCC is presenting, is that now the Taliban probably can identify workers that helped the US. And everyone knows what they do with every single one of them.
They don't need to find all.
Does something in this raw data distinctly separate collaborators from "common people"? It's a travesty that they left the devices and the data behind, but I can't see anything in the article clearly stating that the 2632 identities found in those devices either all belonged to collaborators, or was "tagged" in order to discern them. So how would the Taliban positively identify them without having access to the complete refined/processed database that these raw biometrics went into?
It’s a signal. The database is a giant signal the people were of interest to the US gov.
The Taliban will be able to figure out if they were criminals or Taliban or not.
That leaves a small
group of people they can torture to figure out the rest. Just have to hand out these same bioscanners to local police then hand off any matches to the higher organs.
This device had a few thousand people. They can collect hundreds of these devices and rebuild the whole database.
--> One of the devices contained biometric data on more than 2600 people, some of which had entries such as "Volunteer Background Checks," "Host Nation Police," or "Host Nation Military."
"Some of which" isn't the same as "all of them", and none of those three categories exclude being an islamist. I get that it's a serious case of recklessness, but the reactions here are too alarmist.
Your reply makes no sense. Not every Afghani collaborated, and plenty of collaborators follow Islam. This is obvious. This doesn't make those who collaborated any safer.
You don't even need to know any specifics: it's a well-known humans tend to punish traitors even if they have a lot in common.
Is this attitude why you and everyone else is making the assumption that exactly every stray biometric identity that can be salvaged from this disaster is guaranteed to be a traitor, and guaranteed to be found and executed by the Taliban? You don't need to explain the Taliban to me - I was born in an Islamic country to a Muslim family - but maybe you can help me understand your alarmist reasoning regarding the biometric identities themselves.
No, we don't it's mostly assertions and I hate it. We don't know about how these two machines were used and were they come from despite ebay. The whole release should have used way less absolute wording because in the end the CCC could look like a clown show just because of assumptions.
What more do we need to know? The devices were found and they contained unencrypted and unobfuscated biometric data. There's so many things about these devices that should never have happened at all.
I think the point he wants to make is that the biometric data itself is raw and nothing about it is "tagged" to discern between collaborators and common people, nor is it circumstantially implied that all of the data belonged to collaborators, because all of the population - not just collaborators - were catalogued. For some reason people seem to immediately jump to the conclusion that a) every collaborator is now at risk, because b) this raw data is functionally identical to the final processed and augmented database that was built using this raw data.
Absolutely right but the fact still stands that we have no valid data to paint it as a fact that the data of the entire population is compromised. It's a communication 101 that you never communicate in absolutes if you can't verify your findings.
Skimming a couple of the sources mentioned in the article and the linked german government Q&A it seems they scanned a) collaborators and b) "potentially dangerous" afghan citizens.
So we can reasonably assume that biometric data of those two population groups was leaked by left behind devices. Not the entire population, but the two most sensitive groups. Sounds pretty bad imo.
As I said before you are absolutely right it's fucking bad and repulsive but you can still communicate facts without making assumptions especially with a serious topic like this.
> the assertion that the data of the whole afghan population is readily accessible seems somewhat exaggerated
I don't see where they say that everyone's biometrics are supposed to be on a single ebay-purchasable device. To me, it sounds like separate statements:
1. Those devices contain biometrics of various individuals and were left behind as well as being sold online without being wiped as part of decommissioning
2. The entire population was catalogued in general, and I imagine is stored on some servers somewhere (or, for more privacy, in the cloud)
I never said that they say that the data is available on a single-ebay purchasable device. You did. I said that the writing insinuates that the data is available at all but there is no certain way of knowing it.
I presume that's what the document linked in that sentence (https://dserver.bundestag.de/btd/17/068/1706862.pdf) is supposed to back up, but I don't read German so I just take "The entire population of Afghanistan was biometrically catalogued" at face value and don't assume they base it on any device when they really have no way of knowing. If I have now understood what you're saying in the second instance.
The document says the bundeswehr did participate in the data collection as part of their EUSAF mandate and that it was close to the entire population. It doesn't say anything about how the database was stored. I wouldn't have said anything if the wording wasn't as absolute at it is in the PR but the part about that all of the data is compromised just because it got collected just stinks.
I always loved the CCC and what its members are doing, but the "new" face (including Fluepke, Lilith) make them look inexperienced, naive, loud without being constructive and everything feels a bit unscientific. Also they don't really respond to any critique and just say they don't want to talk about the stuff they're criticizing.
> the "new" face (including Fluepke, Lilith) make them look inexperienced, naive, loud
This characteristic can describe most of young human beings and people listed above are young human beings. It's not reasonable to expect "fresh blood" in the scene to be experienced, young and worldly at the same time. When it comes to "being loud" - could also be attributed to the age but being "social media native" and being able to use it as a tool also is an useful (and potentialy powerful) skill
Yes I understand this, but with great power comes great responsibility. They should know this & not abuse it. Somebody that tries to educate the general public should not just shout, but take part in a dialogue.
Can you quote the sentences your are concerned about. While one could maybe make some non-sequitur conclusions by reading quickly, I do not see that much sensational reporting. The question really is what 'large amounts' mean when speaking of PII (when talking about single site I assume thousands is relatively large). But I agree that such subjective measures could easily be replaced by numbers.
>Some devices were left behind during the hasty withdrawal of NATO troops. CCC researchers found large amounts of biometric and other personal data when analyzing such devices
> The extracted data was all the more impressive: The various devices shopped online contained names and biometric data of two U.S. military personnel, GPS coordinates of past deployment locations, and a massive biometrics database with names, fingerprints, iris scans and photos of 2,632 people. The device containing this database had last been used somewhere between Kabul and Kandahar in mid-2012.
That means from six devices there was only one with an intact database and the one with the database wasn't used since 2012. Concluding that the device in question was indeed captured after the retreat and that there is a massive amount of unwiped devices out there without providing data about the other devices is at least misleading because their very own anecdotal evidence speaks against them.
What's unclear exactly? Also please stop putting words in my mouth nowhere did I say that the leak of 2632 of extremely personal and identifiable information is anything but massive and why do you not make your affiliation with the release and the CCC clear, Zach? Fucking child's play.
Plus leaving the devices containing the data at the mercy of the Talibans. I can't believe they hadn't planned for collecting back all devices, or at the very least render them FUBAR to prevent information extraction and/or reverse engineering; those are US Military property just like weapons, they must have had instructions on how to deal with them.
It is unethical to attribute words to someone that they did not use, especially when presented as a quote. Misuse of technology can have tragic consequences, and it is important to remain factual in our statements in order to accurately convey the gravity of such situations. Every life lost due to the misuse of technology is deeply reprehensible, and it is crucial that we strive for honesty and accuracy in our discourse, and this means both sides of the discussion. You and me.
>attribute words to someone that they did not use, especially when presented as a quote. Misuse of technology can have tragic conse
It's called a paraphrase. It's not a journalist secretly fabricating a quote to leak ahead of an election, it's a comment section where the context is visible and the paraphrase functions to restate an element of the argument that merits special attention. I've never before seen people get confused about this idea except on hn.
Can you acknowledge that a paraphrase is not the same as attributing a verbatim quote? You're free to object to one just as much as the other but this was not an instance of the latter.
wtf. Since when is being true to the information we have at hand "deliberately downplaying the issue"? The only thing I did was to argue for more nuanced communication. Especially because I know linus and his way of communicating since he took over from Constanze and Frank.
If you are so close to Linus, I suggest you take the discussion about this communication style up with him directly, instead of airing your personal quibbles/laundry with him on HN.
>It is unethical to attribute words to someone that they did not use, especially when presented as a quote.
In a discussion about the use of technology that can be used to effect ethnic cleansing, you want to argue about the ethics of "attributing words to someone they did not use" as a straw man .. ?
An attempt was made to minimize the impact of this crime against humanity - thats what it is, a crime against humanity - and I made the comparison with other attempts to minimize crimes against humanity in order to indicate the fallacy of the position that "this is not a crime against humanity". That's called a rhetoric method, and if it upset your sensibilities, it might be more due to the fact that your sensibilities on this issue are completely out of whack.
It is a fact that the mass collection of biometric data always leads to abuse and further crimes against humanity. So why justify its collection?
It appears that your perspective on the matter at hand diverges from mine, and I suspect that you may have ulterior motives beyond simply discussing the factual information that is relevant to the conversation. Regardless, I hope you have a pleasant day.
My agenda is to disallow the minimization of crimes against humanity, which is what this is.
Your agenda appears to be to justify it in an attempt to minimize the impact.
Unfortunately, it appears you are therefore aligned with the criminals themselves.
In which case, I hope your day is spent considering the ills of your life. Nobody should be attempting to justify these kinds of crimes against humanity. There is simply no excuse for the mass collection of human biometric data - especially in a region where crimes against humanity and war crimes are consistently (daily) being committed by the so-called 'morally authoritative' parties involved ..
I do not believe that is the case at all. I believe I have a rational, sane approach to the commission of crimes against humanity, whereas your view seeks to justify those crimes - which can only be done under conditions of extreme delusion.
"Therefore, the assertion that the data of the whole afghan population is readily accessible seems somewhat exaggerated"
No, this is not correct. The assertion that the data of the whole afghan population is readily accessible is not negated by the 'mere' existence of 'only two devices'. These two facts are not related.
The truth is this:
1. The entire Afghan populations' biometric data was captured and is now in the hands of a totalitarian-authoritarian body that will actually use it to murder people.
2. This biometric data has started to leak - for example, the two devices easily obtained by CCC hackers.
3. It can be asserted with confidence that further leaks are possible.
None of this justifies the capture of human biometric data.
Your comments are anything but rational and I am not disregarding the fact that alone the existence of two unwiped devices is absolutely repulsive. I am just arguing for a factual discussion and the actual representation of the information at hand instead of making assumptions and insinuations like you do. The only thing that will come from being dishonest and passive aggressive is that no one will take you seriously.
It's not. These lists could be used to track down people who worked with the US government. They will be executed for this.
These lists were a scandal a few months ago in Netherlands already as people who worked for the Dutch army in Afghanistan were scared for their lives when the government in A fell and NL was not able to get them out quickly enough and NL didn't destroy the records in the Ambasassy
despite accusatory inferences, nothing in this suggests the data says whether someone worked with the US govt. the entire point of the project was to catalog the entire country, everyone got scanned at some point or another
You're certainly on to something in so far as this is why it happened: in an environment where it's a regular occurrence that bystanders die in violent clashes between one side that exposes itself in uniform and another that disguises themselves as (and/or considers themselves) regular people, "some PII" seems to be a very low price to pay for untangling the bloody mess a little. But as evidenced here, that PII won't go away and the consequences can be just as bloody as what it helped preventing, or worse. This is not about brandishing haughty principles, this is about difficult decisions and learning in a maze of known und unknown unknowns. Expect mistakes to be made and try to find the right balance between fostering a blame culture where too much is swept under the rug to learn and a careless culture where too much is blanketly forgiven.
Also USA:
> The entire population of Afghanistan was biometrically catalogued - supported by the German Bundeswehr. The motivation for this systematic collection of fingerprints, irises, faces and DNA was to enable the distinction between good and bad people. Programs such as the Automated Biometric Identification System (ABIS) were designed to identify known criminals, as well as local collaborators or Afghan security forces, at any time.