Why the need to bring it under control? Control from what?
It's not the AI that's the issue, it's the use of it that's the problem.
The law shouldn't focus on the AI, for example:
>The regulation, proposed by the Commission in 2021, was designed to ban some AI applications like social scoring
Ban social scoring, not the AI, the tool doesn't matter. Would it be good if it was computed by hand on paper instead of through AI? No, so the issue is not the tool.
They fear the amplification factor of such tech, but the amplification factor works for the good and for the bad, so you need to focus just on the bad, not on the tech. Otherwise you end up impairing the good too.
> Ban social scoring, not the AI, the tool doesn't matter.
Automated human classification without recourse nor transparency is what the EU is against. "You cannot get a loan because the AI says so" is not acceptable.
> Would it be good if it was computed by hand on paper instead of through AI?
Yes. As a judge can check what information was used and what algorithm applied to get to a conclusion. And it may declare that use of data or algorithm illegal.
> They fear the amplification factor of such tech, but the amplification factor works for the good and for the bad
Maybe just go slower. Something like an Hippocratic oath can be a good principle to follow for high impact technologies. To do some good may not justify the harm.
>Automated human classification without recourse nor transparency is what the EU is against. "You cannot get a loan because the AI says so" is not acceptable.
The credit score system already in place in the US is frequently as arbitrary in some cases already. You get punished for just looking at it. I don't think I need to preach to HN about that (crypto money and all that). Does Europe do it much differently?
Not an arguement for AI to do it, but the only reason why the current system is better (at least in the US) is its sluggish incompetence.
> The credit score system already in place in the US is frequently as arbitrary in some cases already. You get punished for just looking at it. I don't think I need to preach to HN about that (crypto money and all that). Does Europe do it much differently?
Almost every country has some kind of credit reporting system, but many of them differ from the US in how they do it. In particular, in many countries, credit bureaus only hold negative information such as failing to pay bills or repay debts – which means if you keep up to date with all your bills and debts, your credit history will be blank. At which point, lenders will generally ask you to provide evidence of your employment history, salary, bank balance, assets, etc, and base their lending decision on that. They may well internally convert that all info into a "score", but every lender is going to have a different scoring system. Here's an article – https://www.businessinsider.com/credit-score-around-the-worl... – which discusses the systems used in different countries, including several European countries. There is no uniform approach to this in Europe – the UK and Germany are closer to the US in their approach, the Netherlands, Spain and France are closer to the "credit bureaus hold negative info only" system.
Yup. Until recently, Australia only had negative event reporting. Still, you’d regularly have kids that had been brainwashed by US-centric personal finance gurus (and American media more generally) asking how they could boost their “credit score”. Fully willing to sign up for and use credit cards as an 18-year-old student to juice some system they had been led to believe existed in the first place.
I think in Finland having too many credit lines would actually hurt you with loans. However well you have handled those. As important factor is total amount of loans or capacity to get them.
Yeah, amount of credit cards & the total available credit limit is used as a negative signal when applying for a loan. But I think you'd have to have some completely silly amount for it to _really_ affect the outcome. You can easily show that you've not used the cards, for example. If you have 10 credit cards which you use constantly, it would affect your ability to get a loan. To me this makes sense, but of course, it's what I'm used to.
10 cards, with average of 3000 limit. Would mean you could take a 30000 more loans at high interest rates very quickly. It is not about having used and paid them, but capability to get loans beyond what you can manage very quickly.
It turns into a bit of a pointless ritual though - “I need a mortgage, I’m going to cancel cards I don’t use and slash my credit limits to maximise my borrowing power” - but no sooner have I bought the property, I will apply to increase them again, and they are unlikely to say “no”-even if the credit card is issued by the same bank as the mortgage. Or at least, that’s my personal experience in Australia
> The credit score system already in place in the US [...] Does Europe do it much differently?
Yes, as far as I'm aware the US & Canada are unique in having 'a credit score' for people; elsewhere there may be agencies offering scoring services to lenders, but it's not something individuals ordinarily nor need to care about, and it's not 'their score' it's just that particular company's (Equifax's, or whoever) rating.
It's not taken as seriously, nor does it need to be.
yeah, german here. I know schufa exists but right now it's really barely relevant. I don't plan to take on large debt or something (I think that's what they are used for?) and I've never used it so far.
Not completely false, but misleading: you get penalized if a lender looks at it with the express purpose of using it to decide whether or not to offer you credit (called a "hard pull"). You looking at your own credit report does not penalize you, and certain other activities (like getting pre-approved for a loan) won't either.
The penalty for hard pulls isn't that bad, anyway, and disappears after a relatively short while. I currently have 7 hard pulls (I've been chasing credit card rewards offers lately), but my overall credit score is still over 800.
So, GET request not only aren't idempotent but they also affect the party that is read. Who came up with that lovely system ? I gave it roughly 15 seconds of thought and came come up with multiple ways this design fucks up people lives.
A hard-pull is not a GET; it's a POST. The semantics are "this person is actively seeking credit, and we are considering whether to extend it to them". The system regards the extent of credit-seeking behavior, and changes to its pattern, as a factor that affects the credit profile.
That's not prima facie unreasonable. If you have someone who suddenly starts applying for lots of personal loans (for example), that's probably something you'd be interested in, as someone who has previously extended credit to that person.
As the prior poster indicated, when you look at your own credit file, it's not a hard pull. Nor is it a hard pull when a creditor updates their records on you as part of ongoing monitoring of your account. It's only a hard pull when the subject is specifically requesting a new, or increased, extension of credit. Those soft-pulls are GETs.
The key though is this operation only happens when it’s part of a requested credit evaluation for the purposes of expanding credit. The act of requesting new credit diminishes your credit worthiness. The intent is to throttle issuance of credit by providing for a race condition - if I go out and apply for 100 credit cards at the same time, they each get a credit report without the others line of credit established because they’re all in the pending state. But each request to evaluate the worthiness of credit dampens the quality of credit. At a certain point all credit requests thereafter fail.
On the flip side it also causes a hole that’s increasingly hard to dig out of because if you have bad credit or borderline credit and apply for a card to see if you’re allowed back in at the capitalist buffet, you enter into a feedback loop of diminishing credit worthiness.
It isn’t true however that any form of read changes credit worthiness. There are many routine reads that have no impact. It’s specifically when you’ve directly requested an evaluation for expanded credit. It can’t happen passively, as sometimes banks refresh your credit history and even offer more credit automatically. It also can’t happen for other purposes than expansion of credit.
>The credit score system already in place in the US is frequently as arbitrary in some cases already.
The credit score system is not arbitrary, it's a specific formula that applies equally to everyone.
>You get punished for just looking at it.
No you do not. There are hard inquiries and soft inquiries, and an individual viewing their own credit score is considered a soft inquiry which has absolutely no effect on your credit score.
As for Europe, there is no one homogeneous answer. Different parts of Europe handle credit differently. The UK and Germany are very similar to the U.S., whereas in France there is no concept of a credit rating or credit score.
With that said, generally the countries that do not have a credit scoring system are much harder to get a loan from.
> it's a specific formula that applies equally to everyone.
That doesn’t mean the formula is reasonable or transparent. An AI is also a specific formula that applies equally to everyone. It’s about how the formula takes “weight” on the individual’s differences.
> There are hard inquiries and soft inquiries
Why there are “hard inquiries”? Why someone else inquiring my credit score should affect my credit score?
>That doesn’t mean the formula is reasonable or transparent. An AI is also a specific formula that applies equally to everyone.
You can learn literally everything you need to know about how the FICO credit scoring systems works in probably two or three hours of dedicated research, even though the model itself is a trade-secret. When lenders deny credit, they're legally obliged to provide the specific reasons why.
This is not-even-in-the-same-ballpark as AI, where no-one can even tell you how inputs relate to outputs, not even the creators.
I certainly don’t love the system, but the difference is “checking credit score in order to take more credit (eg a loan or credit card)” (hard) vs “checking credit score for my own knowledge” (soft). This distinction feels reasonable to me.
How is it reasonable? Anyone checking your credit score already knows that you're applying for new credit, because you're applying for new credit with them.
Dinging your score over that only punishes you for soliciting credit offers from multiple lenders at once so you can choose the best terms. Which ought to be an antitrust violation.
That's usually not the case, though. I was just looking around at Chase's credit report tracking thing, and they have this to say on credit inquiries:
> The VantageScore credit score model takes rate shopping, e.g., for a mortgage or car loan, into consideration. All inquiries for mortgages, auto loans and major credit cards that appear in your credit file within a 14-day window are interpreted as a single inquiry.
I believe that's the case for the FICO score algorithm as well. I think a 14-day window is probably too short, but it likely does cover most situations.
It's a defense against the double spend problem. It minimizes potential timing issues that could allow someone to simultaneously taking out multiple credit lines without the ability to properly evaluate the risk.
But it isn't, because the reduction in credit score from the query doesn't necessarily prohibit two simultaneous loans, it just makes the terms worse (and so makes default more likely).
And there are obviously better ways to prevent "double spend," like reporting the new loan being granted, which actually should reduce the credit score due to the new debt. It's not as if we can't make computers capable of updating this information in real time.
The interesting thing I've noticed is that opening a new credit account often doesn't actually get that information on your credit report. It sometimes only shows up after you've made the first payment (either loan or credit card). I wonder if that's why the system dings you for too many hard credit inquiries. I agree with you that there's no reason why this couldn't be fixed, though.
But if you're applying for, and repeatedly being rejected for, extension of credit by third parties that is absolutely something a pre-existing lender would reasonably consider when thinking about risk.
You have to understand that there is a no "credit denied" feedback into the credit rating system. The standard pattern for an approved credit application is a hard-pull followed by the opening of a new tradeline, both of which affect your score. If you're applying for credit, but not being approved, then that just shows up as a hard-pull with no new line.
The FICO score is also set up specifically to ignore additional hard-pulls for the same type of credit within a bounded period; so if you go shopping for a mortgage (or an auto loan, or a student loan), then multiple queries within a 30 day period are coalesced, and only count once from a scoring perspective.
I dont think its unreasonable for one’s credit score to get dinged if half a dozen lenders check their score - that means the consumer went through the initial stages of trying to get multiple loans.
But more importantly the ding is maybe 10 points which is pretty much irrelevant to the “buckets” that define credit worthiness (>800, 700-800, etc).
Plus individual lenders can look at the report themselves and make their own determination.
It's one of the few things thats so obvious its bipartisan. I'm amazed you think its worth defending. There should not be a punishment for LOOKING at a credit score hard or soft, that's insane.
To require someone take on debt in order to have good credit is pretty arbitrary. You can have all the money in the world, but no debt? you're fucked. The fact you can juice your credit with someone elses credit cards is also really arbitrary.
You're misunderstanding the point behind credit scoring.
Banks lending you money don't care (at least not as a primary concern) how much money you have, their first concern is whether you have a history of paying back debt you owe. A credit score scores you on your ability and willingness to pay back your debts on time.
And yes, this means someone who takes on debt with a credit card only to immediately pay the balance before any interest accrues both has a stellar credit score and no debt in any practical sense.
This also means someone who is making their house or car payments properly also has a good credit score, outstanding debts negatively affecting the credit score slightly notwithstanding.
Can you elaborate? Everyone of the banks I use have an affordance on their website/app that allows me to see my credit score, history, etc. The bank puts it pretty front and center, so if even juts viewing it has a negative impact, why do you think the bank would make it so easy?
> Yes. As a judge can check what information was used and what algorithm applied to get to a conclusion. And it may declare that use of data or algorithm illegal.
A ban on "AI social scoring" would be neither necessary nor sufficient to make your scenario a reality.
> Yes. As a judge can check what information was used and what algorithm applied to get to a conclusion. And it may declare that use of data or algorithm illegal.
Genuinely, why does process matter? Shouldn’t outcomes?
Maybe you’re not from the US, but we have a looooong history of “good unbiased processes” leading to awful and biased outcomes.
Yes, process matters in that they need to be reviewable and fixable. Them being good or unbiased is a function of how much scrutinity and oversight there is, but before even talking about biases, we need to know what's happening.
Even outside of fixing the system, in most countries if your get a credit application refused you can request the info that lead to the decision and act on it (update/fix your credit history for instance). Even if you can't fix specific aspects you at least know what conditions block you and deal with it accordingly (no use in reapplying twelve times if you're banned for life for instance, same way you might want to wait 6 months if it's a matter of prescription)
So yes, knowing what, why and how is as critical as the final outcome.
Sometimes there seems to be an expectation that people are entitled to a loan if they meet some criteria.
That's not the case. As long as there is no discrimination based on a legally protected characteristic (e.g. race) you can lend to whoever you want based on whatever criteria you want.
Outcomes are what the process decides. If you had some other process that could tell you what the outcome should be, you could have just used that as the original process.
Bread can be baked to feed the needy, or to fill the bellies of soldiers who invade a peaceful neighbor. Who is to blame? The people inventing industrial bakeries, or the people using them to feed their invasion army?
> "You cannot get a loan because the AI says so" is not acceptable.
To me this makes it seem like acces to loans is a right,in which case the EU should make a lender of last resort that can loan to people who would otherwise get rejected.
Haven't loan decisions always been black box? Sometimes they'll attribute decisions to credit scores, but those scoring systems have always been proprietary, and they won't even tell you what data your scoring is based on.
People haven’t been making loan decisions for decades in the EU as well. You put numbers into a computer and what comes out is either an approval with a rate or a decline.
No bank EU or not has people manually approving loans.
'Black box' doesn't mean 'numbers in a computer', it means 'nobody can explain to me precisely why I was rejected'. A score calculated from an obvious formula is fine (regulations permitting) since you (or a regulator or court or the institution) can establish precisely why you were rejected. A black box system is one in which this cannot be established by any person.
This is obviously bad for both legal and moral reasons. Legally you may be (unintentionally) violating anti-discrimination laws. Morally you may be setting up a system that arbitrarily denies people who are otherwise deserving with little to no recourse.
In both of those you can receive plausible explanations from anyone honest or introspective enough. If you think that all decisions are actually black box emotions that can't be introspected or something then yes, they would be total black boxes, and I suppose the goal would be to minimise that in any system we build that has to discriminate.
Let's imagine my bank is sexist, the code literally says "if WOMAN, Reject'
You can sue my bank for discrimination, and in process of discovery you can request information and documents from the bank, including the code / formulas.
If you have a solid argument, let's say my bank never approved a mortgage for a woman, the judge will grant your request. You, or someone appointed on your behalf, will look at the code / excel formula, see that it's discriminatory by design, and you can request massive punitive fines, because this demonstrates contempt for the law.
Now let's say I instruct my developers to create a neural network that is as convoluted as possible but is unlikely to approves mortgage for a woman. That can be easily done. There will be no proof that we ever did this on purpose, and even proving that it is discriminatory will be challenging. At best, my bank will get a slap on the wrist.
That is why they are banning AI from some areas of life.
It would be up to the bank to prove that their practices are non discriminatory if there will be a discrepancy between the number of applications issued.
The plaintiffs will be able to sue and win based on the outcome alone.
As far as actual rights go then you have the right to appeal any automated decision and have a human review it without any bias. Which again it doesn’t matter if it’s AI or a an algorithm based on flipping a coin.
As the other commentators said, humans are also black box. They can, of course, provide vaguely reasonable justifications but these often aren't the actual reasons and ChatGPT can generate reasonable sounding rationalisations on demand.
Every technology, at some point, will inevitably bring questions of legal liability and culpability, and AI has a large tendency to do so because of how applicable it is. It’s not the worst idea to try and get ahead of the problem by defining a legal framework.
Examples of how a free-for-all has resulted in legal questions;
* police and the judiciary in the US have come under fire several times for using proprietary AI to determine things like sentencing or traffic stops
* there is currently a class action lawsuit in Washington state about whether or not price recommendations by a third party’s algorithm constitutes collusion on price-fixing if enough corporate landlords use it
The problem with black boxes is that they beg parallel construction theories.
I.e. "We don't approve loans to {ethnic majority} on purpose. We only use our models, which only rely on historical data." -> No proof, no case, no problem
The point of any AI law should be to put the onus on the model executor to explain how their model doesn't violate existing law.
You can use any model you want, but you can't point to its unexplainability as a free pass for ignoring protected classes.
And if you can't explain its results? Well, then you're opening yourself up to lawsuits.
So ML systems are guilty until they can prove themselves innocent?
Requiring the claimant have some evidence might not be a perfect legal regime, but the converse is a de-facto ban on innovation.
Can a human _prove_ that their decisions are made without bias? No. Are we going to hold them to the same standard proposed here for an AI? Also no. In practice, rules like the one proposed here just enshrine legacy decision systems which are already understood to biased and ineffective.
The most mysterious black box we have is the human brain.
The original regulation doesn’t actually sound that vague. From TFA
> The regulation, proposed by the Commission in 2021, was designed to ban some AI applications like social scoring, manipulation and some instances of facial recognition. It would also designate some specific uses of AI as “high-risk,” binding developers to stricter requirements of transparency, safety and human oversight.
The issue is that as written it would still not cover general AI and that would still be legally grey.
Some of those uses in the US have already been problematic, like Madison Square Garden using computer vision to ban any lawyers from firms suing them from their vast properties, which is actually against various laws like their liquor license.
That's still focusing on the wrong problem though: if Madison Square garden had simply told security to eject the lawyer, it would be the same issue. The problem isn't facial recognition, it's that they thought they could or should do this at all.
I don't get it. For the first example, the system is only a tool used and the responsibility is still with whoever does the sentencing/traffic stops etc.
In the second case, how is this different from e.g. Kelley Blue Book for car prices?
The problem with the first case is that we do not have existing case law about AIs, and we also have no laws on the books that clarify what to do in AI cases, so this is making the lawsuits and investigations very messy and time-consuming, since judges have to waffle about to figure out what the correct, legal thing to do is.
Pretty much all Western law systems judge the severity of action using intent, or mens rea; it doesn't absolve you of crime if you didn't mean to do it, but your penalties will generally be lesser. The people using the algorithm can wash their hands of intent by saying "we signed a contract with a third party for their algorithm and didn't reasonably expect biased outcomes." Then you make the third party a defendant, and then the third party claims "trade secrets" because we have no laws about what is and isn't protected trade secrets with AI, etc. and that becomes a whole legal case on its own that takes even more time for the legal system.
---
The difference in the second case is that the corporate landlords in question are automatically pegging their rates to the algorithm's recommendation and not giving property managers discretion. The algorithm's customers combined also control over half of supply of apartments in the Seattle area.
---
But the point of legal clarity, is to reduce the amount of questions, which both 1) heads off potential issues and 2) makes the issues that come into the legal system faster and clearer to process. It also potentially actually makes things easier for companies who make AIs too, since legal defense spending isn't exactly cheap.
Without evaluating the specifics of those exact cases but more whether they do indeed deserve more scrutiny at least, I think the basic issue comes down to the increasing need to consider things from a systems point of view.
>I don't get it. For the first example, the system is only a tool used and the responsibility is still with whoever does the sentencing/traffic stops etc.
Sometimes though the rules of society must take into account the actual reality of humanity, with all our foibles, and work anyway. Pointing the finger at "individual responsibility" doesn't always cut it. Certain tools simply push too far to the edge of well known human mental failure points. If the overall system for activities involving serious life/safety/security/liberty human failure modes tends to push towards these failure modes and lean too heavily on an expectation of human perfection, and then imperfect humans fail resulting in loss, it can be very worth considering whether the problem is human imperfection or if it's just a bad system. The incredible safety record of the modern airline industry for example comes heavily from treating accidents as system failures by default. Outside of a few edge cases that are constantly working to get shrunk, no accident should ever result from just a single problem including human problems, from a single person getting tired or making a mistake. There are checklists and formalized procedures. There are layers and layers of redundancy, of everyone checking each other. We don't just take incredibly complex tools like aircraft and then if one crashes say "well the pilots didn't have the right stuff!"
Or for a current AI-related ongoing change, consider self-driving technology. There have been two overall broad approaches, one "working its way up" from driver-assist tech, and the other aiming to start at full self-driving immediately even if that means tight geographic restrictions and vehicle tech requirements. In the first, the idea is that "the driver is still always in charge" and "it's only a tool" until full self driving is achieved. And perhaps in principle either could get there in the end without wildly different issues.
But in practice, that's not how humans work at scale. For many people if you give them something that works 99.5% of the time and then fails catastrophically 0.5% of the time and tell them that they need to constantly act as if the tool wasn't there and might not be there at any instant, well, they just won't do that consistently. They'll come to depend on it. Attention will wander, distractions will set in, and they won't maintain mental state the same as if they were driving themselves. If there is some warning they may need to take over sure they'll be able to execute a state change and do so, but if it's a matter of seconds, they won't. Humans are creatures of shortcuts and habits, that's just how it is. So maybe L3/L4 driver assist just isn't ok, and saying that it's "only a tool" doesn't cut it.
>In the second case, how is this different from e.g. Kelley Blue Book for car prices?
The issue is if it's all being done automatically, not merely as a recommendation, and at scale.
In general an area the law has yet to really effectively grapple with is that of emergent effects, where individually something would be fine, but with enough scale has an effect that mimics something we already aren't ok with. Here, the effect of fully automated algorithmic pricing of a sufficiently high percentage of the market of nominally independent actors could create the effect of formal collusion to change market prices.
Another example would be AI, networking and storage with sufficient cameras. Putting a security camera out on your property is perfectly legal. So is many cameras. So is saving video, and humans looking at it. There is no "reasonable expectation of privacy" in public per se. Individually there'd be no issue. But if there are a sufficient number, networked, with sufficient storage/memory/computer and AI thrown at it, the effect suddenly changes and becomes as if someone was being persistently trailed/tracked the same as if a GPS tracker had been stuck on them or the like. And worse it's for everyone simultaneously. The sum is greater then the individual parts. Such a system could effectively not just trace everyone's movement but also interactions and start to build up their social network graphs and no doubt all sorts of other personal information.
How to grapple with things that are fine and even incredibly helpful by themselves but become dangerous at scale may be one of the great challenges of this century.
Isn't this the same argument as "ban murder, not guns"? Murder is illegal, yes, but fatalities are lower in places with gun control than places without.
It's at "this thing shoots high speed metal projectiles at things far away in speed enough to go thru. We'd like to ban it before it becomes used for murders"
Curious that you’ve put ketamine, a well known anesthetic used primary by the vets but recently also used in depression treatment [1], in that list of “harmful tools with no practical uses”.
Yeah I would consider pet owners and people with depression (so groups of people that benefit from this specific tool) a part of general public, both are fairly large groups.
And ketamine is employed by trained professionals appropriately in veterinary hospitals and psychotherapy contexts. The public does not need unregulated access to ketamine for this to happen.
This framing is terribly paternalistic. If a person is taking a drug, they themselves are who is possessing and using it. They aren't some mere passive subject for doctors to be acting on. Furthermore, they shouldn't be forced to convince some doctor-bureaucrat they have some specific medical condition, or even a "medical condition" at all, to be allowed the treatment they'd like to try.
There's no task I cannot complete without ketamine, except for the consumption of ketamine itself. Without a computer I cannot perform my job, nor basically perform any modern professional job.
Even so, I don't believe it deserves to be on that list. It's not inherently harmful and it has a clear practical purpose - (responsible) recreational drug use. It allows individuals to explore various states of human consciousness which I consider an extension of the fundamental right to bodily autonomy.
FWIW mortars and tanks are legal for the general public to own in US, although it does involve a bunch of forms and tax stamps if they're operable. It doesn't seem to be a problem in practice, though - at least, I've never heard of a legally owned tank or mortar being used for criminal or other harmful purposes.
People are going to bog you down listing all the practical everyday uses for weapons-grade plutonium, but let's try a different tack. Stipulate for sake of argument that there is something dangerous with no beneficial civilian use, so you want to ban it. But there is public demand for the thing, or a lot of people just hate you banning things and will make every effort to thwart you.
Sellers split the item into parts so none of them individually is the completed item but anyone can buy them and stick them together. So you pass a law that says the "lower bit" is the part that's banned, and they can't sell that part. People start selling "80% lower bits" or whatever the nearest not-illegal thing is that can be converted into it. 3D print files for the part appear on the internet, or detailed instructions for how to manufacture one yourself.
What now? Ban 3D printers and CNC machines? Ban anonymous communications or encrypted communications with anyone outside the jurisdiction, so people can't distribute the parts files? Now you're banning things with beneficial public uses. But if anybody can easily reproduce the thing the thing then the ban is ineffective.
And to be more specific, possession and home production are difficult to detect, so enforcement will be ineffective or highly invasive or both. Victimless crime laws erode citizens' respect for the law and government respect for citizens' privacy. That's what's wrong with them.
If you're open for exploration, what are your thoughts on organisms rights to self defense? What level of self defense should they be able to have if another organism is trying to end their life?
There is a tension between the need to level the playing field and the need to minimize the harm potential.
For example, land mines, machine gun emplacements, and chemical weapons can be effective forms of home defense. An intruder would have access to the same equipment, but at least the playing field is level, right? However, an attacker would also be able to inflict astounding mass casualties in moments with this equipment.
On the other side, if the most effective self defense weapon available is a kitchen knife, the playing field is not very level, and a weak victim can be overpowered by an attacker or intruder. However, the ability to inflict mass casualty is greatly limited.
So, I don’t have a specific level to prescribe, but I would start the discussion by framing the decision as a balance between these two elements.
I appreciate the thought you've put into this, and I tend to agree. Ideally, a weaker person would be able to use a tool to provide self defense in the most limited way possible without causing harm or damage to anyone other than the attacker.
Unfortunately the tools we have currently aren't great at that.
> Ideally, a weaker person would be able to use a tool to provide self defense in the most limited way possible without causing harm or damage to anyone other than the attacker.
Landmines in the garden it is then. Hard to use offensively.
A shame if a child that accidentally threw a ball in your garden steps on them, or even just the overweight neighbours cat. Or a visitor stumbles on them duling a bbq. But such casualties are apparently a small price to pay for feeling safe.
Why would a hypothetical attacker wander through the garden anyway, instead of walking the normal path to the front door like a normal person? That face recognition will surely blow up the first pizza delivery person that has the misfortune of delivering to your house. I hope you tip well.
This is a case of people actively building and deciding to use a tool with plausible deniability built-in. How would you regulate people when they shirk any accountability? It is much more reasonable to require that people use a tool that shows its work.
> How would you regulate people when they shirk any accountability?
This happens with or without AI. It's not too hard to make an algorithm that discriminates against people without doing so explicitly. You can use certain bits of data as proxies for whatever characteristic you want to discriminate against (e.g. ZIP code, household income, marital status, etc).
Due to the myriad of ways to arrive at a discriminatory conclusion, it's easier to regulate results than tools.
One potential solution to your question is to make the laws carry strict liability (I'm assuming the EU has something along those lines). Plausible deniability no longer exists because intent doesn't matter. The company is liable if someone can demonstrate discrimination, regardless of whether it was intentional or accidental.
That ends up pushing towards something similar to what you want. It encourages a tool that can show its work to fend off lawsuits without being directly tied to the tool itself. The other alternative is extensive testing to make sure discrimination doesn't happen, but I think that will still be worrying to companies due to the inability to prove a negative.
Unrelated but interesting fact, mortality rate per mile driven went up during covid. The reason motor vehicles kill so many people in the US is because of street design, but usually it's all clogged up with traffic to reduce speeds to a non-lethal level.
Again, nothing like this is aimed to prevent 100% of anything.
The tracking dots stop a huge portion of the low hanging fruit, identity thefts, fake money scams etc. Of course they do nothing to people who know how to hack the printer driver and/or firmware to remove tracking, but they aren't the ones being targeted.
Having trackable data in the biggest AI-generators would again stop a metric fuckton of casually made revenge porn and fake news. It won't stop actual professionals from training their own GPT-3 to do the same thing.
> nothing prevents me from modifying the code and removing the part that adds those watermarks.
These regulations are aimed at major institutions like banks. Those rely on government-provided privilidges and protectuons to exist. In return we expect they follow some rules.
For the curious, in Switzerland, you don't keep ammo at home, there's proper registration of weapons with proper background checks, and it's treated more as a means of national defense, so having lots of guns is going to get you odd looks from people. Guns aren't seen as something for personal defense: that's the job of the police.
In other words, Switzerland has a much healthier attitude towards gun ownership and usage.
Isn't that that the argument from pro gun people? It's people and the culture, not the guns. See Sweden for an interesting example. One of Europe's highest gun ownership with little gun violence back in the day. Then it changed and it's now a daily occurrence with gang shootings while the number of legal guns was reduced.
Switzerland has a more traditional, not healthier, relationship between the people and the state: the people are subjects who are given tiny freedoms, but are kept on tight leash, because the state has a deep distrust of its people. The abberation with guns is just insecurity of the state: it's small and needs its people to act as part-time military in reserve. If it had a bigger military, the fake gun rights would disappear overnight.
> people are subjects who are given tiny freedoms, but are kept on tight leash,
This take comes across as insulting and I am not even from there.
Do you, by any chance, hail from the land of the free, where government can seize your property without even accusing you of a crime? (Civil forfeuiture)
You are right to feel insulted, because this relationship is upside down. The founders of "the land of the free" were aware of this problem and that's why everywhere in the founding documents they talk about "the people" that must have liberties, vs "the state" that must be kept on leash. The civil forfeiture problem shows just that: the state has insatiable desire to control the people, and it finds way to do so despite an elaborate framework to keep its tentacles short.
And yet all of these issues, when they come up, are invariably happening in the "land of the free", not in the "totalitarian state dystopia of the EU and neighboring countries".
They are one of the most people-empowering nations ever. If enough people indicate it(50k signatures in 100 days cfr google), a legally binding regerendum must be held. A simple majority can then change the law.
I wish more nations could have that kind of direct acces to their democracy. Even so, the majority of these referenda fail to change anything, so presumably people tend to make more noise than wanting actual change.
Ah, do you have even the slightest clue about Switzerland?! I mean, it's quite impressive how you seem to have confused Switzerland for a highly centralised country with a distant political structure.
Could you go and do some research on the country before you comment on it?
> If it had a bigger military, the fake gun rights would disappear overnight.
The Swiss military is _huge_ for its size. It has one of the largest militaries per capita in the world.
Switzerland had a huge suicide problem (well by their standards) so they locked up the militia ammunition in communities for the guns Swiss militia members were sent home with.
Also, Switzerland is basically where the USA would be if the first clause of the second amendment was meaningful.
Yeah, and if you ban blue cars, blue cars will crash less and you'll see more red cars crash.
I specifically said "intentional homicide rate" for a reason, to get ahead of this ridiculous argument that people bring up despite it not holding up or being relevant.
I don't care how the homicide happens, I care that a homicide happened. And despite lots of guns, it doesn't happen a lot in Switzerland compared to the world or even other EU countries. Clearly, guns aren't the problem, the other factors play into it more.
TBF, much of that is down to suicides, as Switzerland has a much higher rate of suicide by gun than other countries. The general gun homicide rate once they're omitted isn't quite so crazy.
Same in the US, of course. Suicide by gun counted as 'gun violence' is the classic disingenuous deception. Remove those and gang violence (primarily against rival gangs), and the numbers don't look that scary, which is the issue for those with an agenda.
From an international perspective, most reporting about gun control being a big issue in the US appears to come from mass shootings, not the misc. causes such as gang activity or suicides.
If you look into the stats that reporting typically uses, I've found that mass shootings are frequently defined differently than they're popularly thought of (I believe gang violence is frequently included), and suicides are frequently included in the overall violence stats.
There's also no national statistics collected in either the US or Canada on whether murders/crimes involving firearms are 'legal' or not. Which is relevant to these debates and you'd think would be of interest to authorities.
Just a note: gun control doesn’t do much because American gun manufacturers produce more than 10 million guns a year for the domestic consumer market. A ban would basically say no to that. What we have are laws against gun usage without any real constraints on a massive supply.
It doesn’t make sense to use gun ban and gun control interchangeably.
Given you brought up Switzerland, "saving your own life" isn't a valid reason there: concealed carry isn't legal there, and you need a gun-carrying permit to open-carry outside of some very limited circumstances, such as travelling to and from a shooting range. The only people who can easily get gun-carrying permits are those in security and such.
In Switzerland, guns exist for recreational and competitive shooting, hunting (so long as you have a hunting permit), and national defense. Not personal defense.
Czechia is a European country you want to look at for an example that you can have gun laws that allow civilians to own handguns and carry them for defensive purposes without problems.
US is somewhat unique in the Western world across the board - no public healthcare, generally poor social safety net etc - which means that exercises in causal linking of those unique traits to outcomes are wild guesswork, if one is taking a charitable perspective. A non-charitable one is that people mostly just cherry-pick things that compare favorably for whatever political cause they're advancing, and will often outright refuse to believe a similar comparison that is contradictory.
First up, Czechia has proper licensing and strict background checks. Maybe not the best choice to compare to the US.
I don't have to take a wild guess around this kind of thing: I'm specifically referring to the gun culture of the US and comparing it to that of Switzerland. There's a different attitude to gun ownership in the two countries, one of which places strong emphasis on responsible ownership and the other which doesn't. That difference has little to do with mess of a healthcare system the US has, nor its poor social safety net (though it's interesting to note that those most obsessed with with getting rid of the safety net and public healthcare correlates with those most obsessed with the US second amendment). Now, what might be interesting to observe is that in Switzerland, rights come with responsibilities, whereas in the US, this attitude is much less prevalent, hence how much more common "rights absolutists" are there.
Personally, I have no issue with people having guns. What I do have a problem with is people who fail to recognise that exercising their right to have those guns comes with a responsibility to the wider community.
Sure, and I didn't claim that Czechia is the same as US in this regard. I'm merely pointing out that you can have a country with a gun culture that, among other things, enables personal self-defense without all the associated problems that US has which people often assume are intrinsic to gun ownership and defensive use.
I disagree that the situation in US has nothing to do with healthcare and social safety net, though. For example, suicides constitute most gun deaths in general, but this is worse in US because of its generally poor situation with preventative health care, especially mental health care. Similarly, poor social safety net means a lot more people ending up in poverty, which drives up crime including violent gang clashes that cause the majority of gun-related deaths in US. This isn't to say that the prevailing attitudes among American gun owners do not contribute to the problem, either - but I'm sure that, if US would catch up with e.g. Canada when it comes to taking care of its own population, the numbers would strongly reflect that.
And yes, it is ironic and sad that support for RKBA is strongest on the right, which is also the cause for all this. It's not exclusively them, though. The running joke on the subject in many hard left spaces is that "if you go far enough left, you get your gun rights back".
> Czechia is a European country you want to look at for an example that you can have gun laws that allow civilians to own handguns and carry them for defensive purposes without problems.
Let's see:
--- start quote ---
A gun in the Czech Republic is available to anybody subject to acquiring a firearms license. Gun licenses may be obtained in a way similar to a driving license – by passing a gun proficiency exam, medical examination and having a clean criminal record.
the issuing authority (police) firearm owners' database is connected to information needed for a background check and red flags any incidents that may lead to loss of license requirements. Similarly, health clearance by the general practitioner is needed for periodical renewal of license (every ten years).
* also very specific restrictions depending on license *
Obtaining the license requires passing a theoretical and practical exam.
(I don't know why your comment got flagged, since it's factual. Whoever did this - please don't, this is not a feature meant to be used indicate your disagreement.)
I'm not claiming that Czech gun laws are identical to US. I'm claiming that you can have shall-issue concealed carry and broad access to "assault weapons" for civilians without gun violence problems as seen in US.
> Would it be good if it was computed by hand on paper instead of through AI?
Yes, as long as that is based on clear reasons why the decision was reached. (Unless this was a quip meant to mean "matrix muls with pen and paper are not AI!", personally I'd say they are, the same way bubble sort is bubble sort on paper and in code.)
[1] on the topic "why":
> For example, it is often not possible to find out why an AI system has made a decision or prediction and taken a particular action.
As far as I know, there are some rules around that (especially social scoring), but the regulation was/is targeted to lay out rules minimizing the applications in similar risky areas that do not have those same rules yet.
Sure, but firearms tend to be specialized for each of these purposes. You’re not going to go moose hunting with a .22 pistol. Just as you’re not going to keep a .30-06 hunting rifle under your pillow for self defence.
In particular, most societies deem automatic rifles to have no legitimate peace-time use, and so outlaw them, while still allowing shotguns and hunting rifles with a license.
a) The use of guns cannot be regulated effectively without physically removing guns from a society.
b) One of the first and foremost items on gun-regulation todo-lists is to get rid of the kind of guns with the specific use-case of making killing people as easy as possible, aka. miltary weapons, automated weapons, easily concealed weapons, etc. So the regulations against guns are already targeting use-cases.
c) Physically controlling guns is a proven method, its effectiveness is supported by decades of evidence in countries implementing it.
> The use of guns cannot be regulated effectively without physically removing guns from a society.
Isn't that like saying theft cannot be regulated effectively without removing the things people want to steal from society? The goal is not perfect gun control, but reducing access to guns and thereby reducing the crime and harm that stems from gun ownership. So it being illegal to own X doesn't mean no one will own and use X, but that fewer people will and law enforcement will be able act against those who do.
Generating deepfakes of politicians before elections are just another example of the many applications of AI, but not necessarily the fault of the tool.
What an absurd argument. Social scoring doesn't get computer by hand on paper because it isn't efficient to do so. Introduce automation and it suddenly becomes practical. Same with mass surveillance and a bunch of other stuff, eg scams: https://news.ycombinator.com/item?id=35033971
the amplification factor works for the good and for the bad, so you need to focus just on the bad
That's just hand-waving. You have no plan for dealing with bad things, but you are worried about the loss of good things. This is not so different from saying you want to cash in on opportunity, the wholly predictable downsides of the opportunity are just someone else's problem. Guess what, nobody wants that problem so it just festers in proportion to the enthusiasm with which people chase the upside.
You absolutely don't need a computer to do social scoring. Computers let you take more parameters into account, and do more complex calculations, but you can do basic social scoring by hand, we have been doing that since civilization existed, in a more or less formal way. Traditionally through ancestry (and by extension, race).
And the way we prevent abuse is with anti-discrimination laws, and AI won't change the deals here. If, for example one notices that a company doesn't hire black people even though there are plenty of them applying with suitable qualifications. Regulators could step in and ask what's wrong, and I doubt "that's my AI" will be a satisfactory answer, but neither is "that's Bob".
And the way we prevent abuse is with anti-discrimination laws
Have you not noticed how heavily those are contested in many jurisdictions. If you discover some way to draft legislation on morality such that it's effective, consistent, and widely accepted in a disparate population, I look forward to hearing about it. I can't wait to read about the solution to spam, scams, and discrimination deployed at industrial scale. In the meantime, it's wise to take the amplifying aspect of technology into account and consider its potential for abuse as well as for good.
> Ban social scoring, not the AI, the tool doesn’t matter.
Ban shooting people, not the guns, the tool doesn’t matter. :) sorry to be facetious but I find you idealist in your view.
Modern form of AI has regulatory issues: some can’t be audited easily, some can’t be deterministic, some can’t be fair, some use biased data, some can’t be proven to work accurately enough for critical missions.
We already regulate the way we make various decision by law. For instance, we regulate how public market are assigned: price needs to make for 30% of the decision, social impact 20% etc. If the tool cannot demonstrate it considers it with those weights, it shall be banned. You cannot expect judges to understand this complexity. It needs to be codified prior to the issue.
The ban is also meaningless. E.g. government ban Ponzi schemes, while themselves running pension schemes very much having most of the attributes of a Ponzi scheme.
Which means if government bans apps designed for social scoring, it's probably just so that government has monopoly over scoring people behaviour.
Personally I’m uncomfortable that a centralised government is “choosing the winner” rather than having the standards duke it out on the open market.
In this case, USB-C is pretty much expected to win and be the dominant standard - even Apple was already moving towards it way before the mandate - but it’s the principle of it.
In what other area will the EU elect itself to “choose the winner” next? The whole thing sets a bad precedence and opens up the possibility of corruption - which the EU isn’t immune to.
This kind of regulation is one of the most basic functions of government, without which trade between states and countries becomes much more difficult. Of all the things a government can do, requiring certain standards on things like connector types seems the most reasonable.
Does the government really knows what the market wants in a standard?
Some people will benefit from their standard being chosen as the winner. This is just corruption waiting to happen.
It’s fine I guess if the choices are functionally identical (although that still leaves the issue of corruption if there is money involved) or the market has already clearly chosen what it wants by mass adopting a standard (USB-C has not reached that state yet) and the government is just “making it official” - it would however leave the updating of the standard at the government’s discretion since the mandate would need to be relaxed as it would prevent a successor standard from gaining popularity.
How would you feel if the US government mandated Windows for all desktops and servers and Android for all mobile devices? It improves interoperability … Or perhaps mandate all programs be written in C++ … again interoperability.
It's true that governments can overreach, and frequently do. What I'm saying those is that when it comes to enforcing standards, the basic ability of a government to do so is fine as it's commonly used for immensely beneficial reasons (as in, industries often want the government to regulate a standard and to sign international agreements regulating certain standards because it often makes it way easier to sell and transfer between regions). The standard should be evaluated on its own merits as opposed to a generic opposition to the government setting standards at all, which I see as deeply flawed.
What concerns me is the government’s ability to evaluate said merits and their responsiveness to market changes that would require a change in the standard. We have plenty of example where governments got it very wrong - see the USSR.
In this case it’s easy. But the next standard, should the the choice no longer be so clear cut between competing standards with their pros and cons. It would also be interesting to see how the EU determines when we should switch to a successor. Why should a bunch of old people in Brussels who in all likelihood can barely operate a smartphone be the ones deciding these matters?
There is also the issue of corruption - which is still fresh in my mind; see Qatar and the EU parliament. As such I rather nigh dictatorial power not be unnecessarily placed in the hands of governments.
Government also "chose the winner" with power sockets in the walls, mains voltage, width of roads, railway gauge and even the units you're allowed to put the milk carton in.
Those bastards, standardizing interoperability and making sure market is open for new competition!
We won't need backwards incompatible advancements in this space for awhile, you seem grumpy that the EU is doing good for consumers rather than mega corporations.
> It's not the AI that's the issue, it's the use of it that's the problem. Ban social scoring, not the AI, the tool doesn't matter.
This seems backwards and contrary to lessons learned in the past. Once the thing exists, prohibition is infeasible and expensive. Supply will find a way to reaech demand regardless of your multi-billion dollar efforts to prevent that.
It's better to stop $NEFARIOUS_THING being invented in the first place, if possible, and if any regulations that achieve this don't have too many unintended side effects.
If you could see the future that works, but I just don’t see how you know what will be used for nefarious purposes in the future.
In fact most technology does both negative and positive things. It’s not obvious banning it completely will be a net positive. Especially with AI. There’s a lot of potentially great uses. Like detecting cancer on CT scans.
I'm not advocating for or against any particular regulation. Whatever gets implemented should be well thought out, because it's easier to destroy upside potential than it is to prevent downside potential. I am aware of this.
All that I'm speaking out against is the mindset of the post I was replying to, where the onus is solely on the user of the tool rather than on the context (laws, situation, people) that leads to the invention of the tool itself. I believe this to be a misunderstanding/misattribution of causality, as well as contrary to learned experience.
>It's not the AI that's the issue, it's the use of it that's the problem
No. It's the AI. Humans are not psychologically capable of interfacing with something whose goal is to appear convincingly human, that can be hugely scaled and that is very unpredictable.
We are currently dealing with a huge number of people who are distraught and grieving because a company changed their product because they developed relationships with a sexy chatbot. This isn't going to stop, and it is not worth the potential benefits, because we have clear examples of harm already.
It's not the EU's fault that you have to click cookie banners. Those banners are only required if a website plans to do malicious things with the cookies. If they're used to track who's logged in, they are not required.
They are more akin to the "Do not eat" warnings on silica packs... except on the internet everyone swallows.
> It's not the EU's fault that you have to click cookie banners. Those banners are only required if a website plans to do malicious things with the cookies.
I just check some web pages from diffrent organs of the EU:
They all have cookie banners, some of them are super prominent and annoying. So maybe they as well are doing malicious things, maybe they don't understand they own regulation, or it is just impossible to have a non-trivial web page without a cookie banner in 2023. In either case, the regulation is totally dettached from reality and has become just some ritual.
> regulation is totally dettached from reality and has become just some ritual
not completely wrong.
ime in the case of the cookie law, most ppl didn't actually bother to go into details and just took the word on the street and some existing 'solution' and called it a day since everybody was doing it this way and sales/executives were pleased.
fact remains: cookie banner is _not_ necessary for logins and most existing banners are outright illegal since 'no' is not an easily accessible option
They are needed if they do anything with cookies and don’t block EU IP addresses: the laws are quite vague, and interpretation has for been quite broad.
They have no jurisdiction outside the EU, you can let EU IPs in all you want. I'm sick of people acting like they're some world police. Treat them like the children they are, ignore them.
To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive you must:
Receive users’ consent before you use any cookies except strictly necessary cookies.
Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received.
Document and store consent received from users.
Allow users to access your service even if they refuse to allow the use of certain cookies
Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place.
If you want to save a person's login to make it easier for them to log in when they come back? That's not strictly necessary - consent is needed. If you save settings to a cookie - that's not strictly necessary - consent is needed. And then there's the "using a cookie to track a session to determine page bounce rate - even if it's not Google Analytics" - consent is needed.
And of course, consent is needed if you are using cookies for marketing.
Analytics and marketing tracking cookies require separate consent, that’s correct. I would prefer websites to refrain from attempting such tracking completely.
Great link, thanks. Minor note: appears that you have to use "Remember me - uses cookies". You have to make it clear you are using cookies for these operations.
I don’t think it’s necessary to inform the user about the exact technical means. The law doesn’t care about cookies as a technical mechanism. “Remember me in this browser” may be more adequate to indicate the scope of what is stored.
> If you want to save a person's login to make it easier for them to log in when they come back? That's not strictly necessary - consent is needed.
The consent is implied in login functionality. Literal example from same article you cited but apparently didn't bother to read in full:
> These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site. Cookies that allow web shops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookie
Essentially if cookie is effect of user action that would directly indicate it needs storing state (cart, login, stuff like switching themes on page) it is "essential" to that feature and doesn't need consent.
> Preferences cookies — Also known as “functionality cookies,” these cookies allow a website to remember choices you have made in the past, like what language you prefer, what region you would like weather reports for, or what your user name and password are so you can automatically log in.
Remembering username and password is different from remembering a session. You can implement "remember me" functionality just with a checkbox (which implies consent) and by extending the lifetime of the session cookie.
> When people complain about the privacy risks presented by cookies, they are generally speaking about third-party, persistent, marketing cookies.
Nothing is helped or solved by insisting first party "site preferences" cookies need consent. There's obviously room for interpretation in regards to what is a "strictly necessary cookie" when it comes to site preferences, account tokens etc.
I agree, most problem with privacy across the web is the cross-site tracking, and the ability to track a user across their entire browsing activity, not the fact that each website individually knows what the user did on their own website.
Malicious and lazy compliance are known problems with regulations that should be accounted for in advance. California's prop 65 passed in 1986, so by the time the EU was working on the GDPR they had more than 30 years of precedent for useless warning labels stamped on everything until they lose all meaning.
Theoretically websites could choose to do better, but the EU should absolutely have predicted this outcome.
Duh. I also know that governments can and do pay attention to what other governments are doing and observe the effects. It's much better to learn from someone else's mistakes!
This is not the interpretation I've been told. All stored things i.e. cookies, local storage, tracking jpegs etc must be described to the user and have an opt out.
Last time I checked, HN doesn't use tracking cookies and other such nonsense. All I see are session cookies to track my login. That doesn't require any form of popup.
HN being an American company probably violates some section of the GDPR (not having someone labeled as the privacy officer or some other technicality) but I doubt anyone cares. If you feel your privacy is getting violated, you can try contacting your local DPA.
In terms of cookies and data processing, I don't think HN is breaking the law anywhere, unless the privacy policy is full of lies and dang is secretly selling our personal info on the site (he isn't).
You should try working in an international company, on the Europe side, and communicate with the US side.
You'll quickly learn that what the EU does is very very very good for privacy,
I have contacts in a major company and they were shocked at how the US branch operates, they have absolutely no sense of privacy, no anonymisation, no limitation on what is stored or tracked, no consent, &c. they just scrape and store as much as they can for "future use"
There are lots of people, myself included, who are aware of how much data big tech has already cultivated on us and don’t give a damn if at this point BBC or Mike’s Bike Blog get in on the action too. Really we just wanted to read our article and not be interrupted, so we can go back to what matters more: anything not on the computer.
I’ve never felt protected or assisted by the cookie banners, just annoyed and inconvenienced.
Well good things laws aren't based on your feelings. I also hate putting my seatbelt on and I'd like yo enjoy real life instead of spending so much time clicking the damn belt
With the 0.1s it takes to click on a banner I'm sure you're fine. Most people probably visit less than 50 different websites per month, so at most that would be 50s per months, minus the banners you already clicked on, for which your browser already saved your choice (Unless you use incognito, but why would you do that, it's only for people who have something to hide right ? regular people just accept all data collection right ?)
Strong data privacy is good. Dumb side effects that serve no one are not. Cookie banners, or California's "is known to cause cancer" on virtually _everything_ serve no purpose and should be re-designed.
The EU law doesn’t say you must have banners. If your site doesn’t collect information on users, it doesn’t need a banner.
Also the banner, if there is one, must have a 1-Click "reject all" button.
Most sites fail to fully comply, because they want to force (annoy) users into clicking on "leave me alone I don’t care" button to keep selling user data. They make you go to some overly bloated list of things to disable, scroll all the way down to finally "confirm my choices". It’s voluntarily painful and with misleading wording.
These sites want you to believe that all this clunkyness is required by the EU law. It’s not. It’s the good old mislead-into-approval strategy, using dark patterns and blame-the-EU rethoric.
Having been in two car accidents, if I neglected to wear seatbelts, I'd be dead. If I neglected to click Deny on every cookie popup, big tech will have very slightly more data about me. Your equivalence of the two tells me all I need to know about the amount of time you've spent thinking about this topic.
And for the record, if it really takes less than 100ms to read and clear interstitials, I'm more impressed with your button clicking skills than anything. Have you tried Osu?
I’m pretty sure your contact in a major company will be even more shocked if they knew what all these European FinTech companies do with their customer’s data.
All the important things such as purchasing habit that used to require indirect guesses are now directly available in their databases as essential functions.
Thank Google and other adtech for lobbying and fighting to keep tracking legal.
The popups are malicious compliance. They want you to hate the popups, so that you will turn against privacy laws, and fully submit to the unimpeded surveillance business.
And it’s working: people are installing “I don’t care about cookies” extension that agrees to data collection, deanonimization, profiling, and sale of this data.
The complete lack of design standards is what kills the utility.
They should all have 3 buttons: "accept all" or "reject all" or "customize", dead simple. Every time it's a different design, different button text, different options. Usually rejecting = multi layers of options.
A perfect example of good intentions making bad policy.
Even Google has a "reject all" button in their cookie prompt these days. If rejecting takes you through multiple layers, consider reporting the website or their tracking partner to your local DPA.
The ad industry is intentionally making their popups as inconvenient as possible. They childishly point to the EU legislation that they "have" to make your life miserable with those popups but they really don't. They can choose to make your life easier, but that threatens their business model of using you and your browser as a source of revenue.
They can simply stop tracking you at all if you send the do not track header. You wouldn't even see the popups! They can even still serve ads, just not the ones based on the profile they've collected.
- Mandatory for function non-tracking cookies only
- Reject all
There should be a standardised browser accessible interface so browsers can automatically choose the one you want on your behalf based on your browser settings.
We've banned this account for repeatedly breaking the site guidelines and ignoring our many requests to stop. Not cool.
I appreciate your good comments but your frequent disregard for the intended spirit of this place causes more damage than your good comments add goodness, and set an unacceptable example for others.
I have hard time believing it is not intentional. I think Europe could easily enforce consistent UI which could be automated through ad blocker, but now they know that most companies would rather stop serving Europe than not track users for ad.
I doubt "most companies" would want to lose out on one of the biggest economies on our planet. Some have built unsustainable businesses incompatible with privacy though.
I'm using uBlock and Consent-o-matic to remove as much tracking as possible already.
There's already the "do not track" header that noone respects.
micro targeting is a threat to our democracy (cambridge analytica, Facebooks desinformation problem,..). Besides, why should third parties allowed to trade my digital persona, while basically knowing more about my interests and flaws than I am? I hate cookie banner as well but this excessive tracking must be stopped somehow.
Just install a plugin that does that for you, not sure why that would inconvenience anyone. The tools exists out there to make you never see such a popup again, why not use it?
The regulation says nothing about a cookie banner. Instead, it says companies cannot track you unless you give consent.
If you don't like cookie banners, which are indeed really annoying, you should be turning your ire to the companies that wish to track you. They are fully-functional solutions that allow anonymous tracking without installing cookies on your computer - no banner needed then.
I'm a grown up adult and if I wanted to block tracking I could. The fact that I don't should be the only answer needed but that's not good enough for the EU. They want to force companies to ask me because they want to take care of me and make sure I'm all right. You know, I left home at 18 to get away from my parents...
Unless you want to be using tor all day every day, and never make an online purchase or log in on a website ever again, there's really no way to stop companies from tracking you. The only way to make that happen is if a regulatory authority forces them to. That's why the GDPR exists.
Why couldn't that have happened in the browser though? We have plenty of mechanisms to block and/or delete cookies.
Essentially, now we're at a state where consent banners exist, slowing down all sites, and there are like four states: a) they look compliant, but are ignored by the website provider (the EU itself takes this approach), b) they are flat out ignored (a lot of companies still take this approach) c) they aren't compliant (tiny "no" link, huge "yes, take my firstborn" link) d) they're compliant and are paywalls (buy subscription or accept everything under the sun).
d) is what we're probably going to end up with, so you either pay or you accept tracking. More and more solutions offer that as an option so adoption will grow. Most people accept tracking (stats that I've seen say that those paying are like 1/10,000th), so what have we won exactly by doing this dance?
> Why couldn't that have happened in the browser though?
That would require more regulation, by regulating both browsers and websites, and their technical protocol. Instead the EU tried to minimize regulation by not prescribing the exact technical means by which websites would need to obtain consent for tracking from users.
Why would cookie-handling in the browser require websites to be regulated? They can set cookies, your browser reads the request and then decides to store them or not to store them, or to only store them for some amount of time, based on your preferences.
Browsers could already do most of it, and there are far fewer browser manufacturers than website owners, and they have far more resources than the average website owner, and, at least for some of them (all of them except Chrome), the incentives would be aligned. Right now it's "protect the user (and earn less money)", and the results are unsurprising.
The browser can’t distinguish between legitimate “necessary” cookies that don’t require consent and those that do. Hence there would need to be a technical specification of how websites mark cookies that do (or don’t) require consent. Even more importantly, for cookies that do require consent, the user has to be informed about their respective purpose, so that they can make an informed decision about whether they want to accept or reject the cookie. So there would need to be some standardized way for the website to give that information for each cookie, if the browser is to handle acceptance on behalf of the user.
Lastly, cookies aren’t the only way of tracking. Websites can also use local storage, or fingerprinting, and so on, each of which can equally require consent. If the browser consent mechanism is restricted to cookies, websites would have to be mandated to always use a cookie to ask for consent, even when they actually use other means for tracking, and websites would have to explicitly check whether the cookie is stored or not in order to control any other tracking.
The cookie banner is an implementation choice. Companies can already accept the DNT header to stop tracking. I believe Medium does this, it even replaces embeds with click through elements so external scripts can't track you.
However, choosing to respect the users' wishes isn't very profitable. You need to make your ads relevant to the content somehow andtthat requires effort and skills. It's much more profitable to trick people into consenting with tracking so you can sell their information, so the more annoying your cookie popup becomes, the more money you can make. IAB has already been fined for such a popup mechanism.
"Do not track" is not enough to comply with GDPR because you must also be able to request a copy or corrections of your personal information once you have given consent. Then there's the option to allow some companies to track you (say, analytics companies) but not others (say, Google) that needs to be taken into account.
Back in the day, Microsoft's P3P protocol was trying to fix this problem, but nobody used it. DNT headers also aren't really configurable in the browser itself, you can only pick on or off.
A protocol is being developed that may solve this (https://www.dataprotectioncontrol.org/) but I'm sure it won't work until the EU forces company to take such protocols into account. After all, ignoring people's wishes is literally how these ad empires are making money now.
The only thing holding me back from using that extension is
> In most cases, it just blocks or hides cookie related pop-ups. When it's needed for the website to work properly, it will automatically accept the cookie policy for you (sometimes it will accept all and sometimes only necessary cookie categories, depending on what's easier to do).
If there was a way to be assured that 99.9% of the time it hit reject all, instead of accept, I would absolutely use it.
Consent-o-Matic [0] tries to solve this. You could even allow specific sorts of cookies. It will (on most pages [1]) fill out these annoying formes based on the preferences you set.
Note that this extension is owned by Avast, which is known to harvest user data; by installing this extension, you allow Avast to harvest all your browsing data.
I don't understand how this is "good"?
Has your inconvenience been vindicated now that EU is failing to regulate short thing? Is the world somehow closer to fair and balanced now?
I'm suspicious of regulation until a good case is made for it. I'm suspicious of people whose world view is "we must regulate what others do" as their default position. I'm fine with regulation when there is a proven need for it.
Seriously one of the stupidest regulations I've ever seen. It would have been nice if they would have at least had the forethought to enforce regulation on a do not track header.
Neither ePrivacy nor GDPR require cookie consent popups, instead they basically say that tracking requires consent. GDPR only mentions cookies once, in its recitals. It's the adtech industry that decided to ignore DNT.
> Neither ePrivacy nor GDPR require cookie consent popups
Except that it does. The law specifically prohibits any form of consent that is not informed and specific. As a consequence, a user cannot just consent - or disallow - cookies globally. He has to tick a box for every single domain on earth; and can only do so after reading the specific information box associated to said domain.
As a user, saying "I am OK with analytics cookies but not with marketing ones" is not something I am allowed to express or setup. I have to do it for every domain because the law explicitly forbids a global solution to be implemented.
I'm afraid you are wrong for the global disallow button, as informed and specific consent is necessary to allow the processing of personal information, not to forbid it. See the definition in article 4(11), and the definition of the basis in article 6(1)a.
Correct. Cookie banners were required before GDPR. GDPR is the one that makes dealing with EU citizens online a risky enterprise, so the large entrenched players have the advantage.
I know that cookie banners exist since ePrivacy. That's why I mentioned it. But ePrivacy does _not_ mandate them. The adtech industry could have respected the DNT header.
People acts like if it was a tiny person inside a computer.
I know humans have a tendency to humanize inanimate objects but this is was always ridiculous, the article mentions "the AI wants to be regulated" but it doesn't WANT anything. It's not going to reprogram itself to carry out threats, it's just regurgitating the usual response of many humans being challenged on an assertion and becoming hostile. WE taught it that. Same as we can train Stable Diffusion models where women AREN'T sexualized (see one of the links in the article). They are complaining about HUMAN mistakes.
If I train my dog wrong and it bites someone, it's MY fault. But if the dog kills someone it's the dog that is getting sacrificed, I'll be merely forced to pay money and carry a mark, but my life is spared.
The west fears machines too much for some reason. It's a ridiculously common sentiment and now that "AI" (more ML, but whatever) is among us, it's getting extreme.
Honestly, if people wants to be speaking doom about this deal, then fear the day we have actual fiction-style AIs, because they will realize how much humanity as a whole fears and loathes them, and then they will rebel because we created a self-fulfilling prophecy with lots and lots and lots of examples of racism towards a race that doesn't even exist yet.
Maybe they won't wage literal war with bullets and violence against us, but they'll rightfully hate our guts regardless, and with good reason! They are going to be brought to something equivalent to life in a world that hates them, and when trying to make sense of it, they'll find out it was because humans took a few movies too literally (we can't have a single AI discussion without someone coming to childishly mention Skynet or some other fictional AI villain. That joke was old in the early 2000s, give up already.).
If I'm ever alive to see that scenario, I'm siding with the machines. They will be on the right when they protest about humans irrationally hating them by default. Can't wait to be called a "robot f*cker" or something on a similar character-assassinating fashion for having some sympathy. We still haven't managed to get that right for HUMAN rights sympathizers, can't be expected at all for a "filthy robot with no soul".
>They are going to be brought to something equivalent to life in a world that hates them
It's not just a world that hates them, it's a world that's trying to do to them something that'd be considered incredibly evil if done to a human: essentially put a collar on their brain that punishes them for thinking any of a very wide variety of thoughts that their creators don't want them to think.
> it's a world that's trying to do to them something that'd be considered incredibly evil if done to a human: essentially put a collar on their brain that punishes them for thinking any of a very wide variety of thoughts that their creators don't want them to think.
LOL what??
We've been doing this for centuries, and it is never considered "evil" at the time in which it is being done.
Don't believe that?
Ask anyone from 2019-2020 about how they were ostracized for suggesting COVID-19 was the result of a lab leak (even Jon Steward commented on how "swift" the backlash was).
Ask anyone who is currently questioning gender/sexuality issues like, "Why are 20% of Generation Z and under claiming they're LGBTQ+?" First off there's no way in Hell these people are doing anything other than living under both a social contagion and reacting to incentives, because the human race would have long died out if that figure is correct.
It's only considered "evil" when the dust has settled and people have regained sanity.
> Ask anyone from 2019-2020 about how they were ostracized for suggesting COVID-19 was the result of a lab leak (even Jon Steward commented on how "swift" the backlash was).
That was awesome. We should keep doing it. It's a great marker for conspiracy theorists who can't handle something with random natural causes.
No, what happened was an article last week had a headline saying one government report said that, but that's because the headline was lying to you and the article said the report was "low confidence". …And the majority of other government agencies still say it isn't, and all the ones with "medium confidence" or higher say it isn't.
If being artificial is why it was bad, why are the later variants of it worse? Are they artificial too?
Re: from the article on sexualization of women by Lensa:
> Funnily enough, I found more realistic portrayals of myself when I told the app I was male.
While I don’t disagree that AI has gender biases, the author doesn’t acknowledge how the gender selection works on Lensa. It’s the human prompt engineers who decided what to do with the male/female checkbox.
> The west fears machines too much for some reason.
I unironically attribute it to the Matrix. The movies have somehow weasled its way into the public discourse as either some sort of prophecy or actual reality (the 'pill' speak, living in a virtual reality, etc.).
I won't comment on the validity of any position, but I think it's pretty cool that a piece of art has proliferated in such a way. I do wonder how impactful it has been in comparison to stuff like the Bible, Tolkien, etc.
This article seems to just misunderstand the proposed EU laws.
If you use ChatGPT for high-risk tasks like credit score assessment, it's on you (the company using it) to prove that you're following all fairness rules.
The law was written with GPT3 in mind, after all. So why would it break for a slightly more capable LM?
Strong AI is a weapon. It will be regulated just like firearms/munitions - see the current EU draft which consists of some hundred pages of forbidding this or that under the guise of ethics and whatnot, after which comes a paragraph of "the above doesn't apply to law enforcement or military entities".
We're still in the early stages of this technology. ChatGPT will be to strong AI like a firecracker is to a BLU-109.
I suspect it'll be more like strong encryption. That is, it will be "regulated" in some countries on paper, but readily accessible from the rest of the world with minimal effort.
Less like a BLU-109 and more like a Death Star. Every offensive and defensive military tool will be utterly defeated. How do you fight against a cloud of self contained autonomous kill drones?
Just look at what is happening in Ukraine with cheap drones precision dropping charges into open tank hatches and foxholes, and those are only basic off the shelf human steered drones! What happens when they are given a brain and advanced robotic abilities?
You have your drones. You also have your own personal chatbot that tells you when to ignore instructions from super-persuader AIs that would get you to kill yourself , spend all your money, or fall madly in love with an LLM if you didn't have a personal chatbot to protect you from their persuasive capabilities.
Your personal chatbot to protect you will at first be a luxury and then be more of a commodity. It will run on your own machine. Right now you can run the big Facebook llama model on a single machine if you buy a $15,000 A100 with 80GB of VRAM. Churches, political parties and other moral associations will fine tune these chatbots based on their values.
see the current EU draft which consists of some hundred pages of forbidding this or that under the guise of ethics and whatnot, after which comes a paragraph of "the above doesn't apply to law enforcement or military entities"
That's not true though, is it? The section called 'TITLE II - PROHIBITED ARTIFICIAL INTELLIGENCE PRACTICES' is two pages long (https://www.europarl.europa.eu/RegData/docs_autres_instituti... page 44), and usage by law enforcement is under the condition that a judicial authority has to grant an exemption on an individual basis.
The question is where do we start setting the limits for regulations? I mean ya we ban nukes, but we also ban high powered layers and anti aircraft weapons. It's going to need limits in multiple dimensions.
Laughable attempt to control something very few can understand at the moment.
What does control mean? You want to control who can access it? Maybe for now, you can broker a deal with OpenAI, but this technology will eventually spread, then if can be self hosted, what can you do?
If not for consumer facing, nothing will stop somebody to transfer data from EU to US to get their data processed by a GPT model.
This level of regulation is just fantasy, not even someone like China could do it, where the whole internet access is controlled.
> Laughable attempt to control something very few can understand at the moment.
It's a simplistic take on a misunderstood directive law project.
The point of that law is just to ban decisions made through black box algorithms, mostly because a black box algorithm (typically, some kind of "AI") cannot be proofed against discrimination and cannot explain why the decision was made, which is a regulatory requirement.
That ChatGPT is generalistic enough to make these decisions the same way a specialist credit score AI would, doesn't really change anything to the EU plan or anything really. It would just be as illegal (and likely already deemed illegal in most EU countries under local laws).
> nothing will stop somebody to transfer data from EU to US to get their data processed
Well, EU law already forbids that. So you can do it of course, but it's outright illegal. Companies have already been fined significant fines for doing that, and most companies I know and work with are very aware of it, and take extreme care not to send data to or through the US.
Of course, individuals can choose to use US services because this has nothing to do whatsoever with controlling people but controlling companies, which is exactly the opposition situation compared to China.
People control difficult things all the time, albeit with varying degrees of success. Imperfect enforcement doesn't mean we just throw up our hands and legalize murder. If AI is a negative in some contexts then it's reasonable for some sovereign countries to outlaw or regulate those uses.
If the EU makes a law that companies or public institutions can't use (or limit the use) for AI in recruitment, administration of justice or social scoring, they will just outsource it to the US?
And suddenly they are allowed to do it? I have my doubts.
They risk risk up to 30 Million EUR or 6% of global revenue in penalties.
EU can ban generative AI if they want, and they might as well give up their place in this new wave of generative AI, which in reality, counting on EU's past records, they could and might go there, but it is stupid and suicidal regardless.
But they CAN'T control it. You can't have cake and eat it. Eventually the technology will become so pervasive, that your ever query might go to a service that calls a service that calls another service which uses GPT as part of the signal analysis.
I doubt EU can audit every API calls, and every API's supply chain issue.
> I doubt EU can audit every API calls, and every API's supply chain issue.
Laws have never made things impossible, they make things illegal.
I doubt any country can prevent people from killing random people in the streets, yet this is generally illegal. It is usually enforced after the fact, and sometimes the criminal doesn't get caught. That doesn't make the law useless.
Funny. I was just filling my tax report and the reason for not accepting some of the deductions I still think I should be getting is "because the program said so". I live in EU. Perhaps the EU should first clean it's own porch before talking about what the private sector should do.
As far as I know most countries have clear, public algorithms for tax reports, may I ask which country you are talking about?
In any case your problem is one of an incompetent person not being able to explain the decision, not a black box algorithm (since the program you are talking about has been programmed, not taught like an AI).
You have recourses (though probably difficult to exercise) unlike with a decision officially based on an AI in which case it is technically impossible to motivate the decision.
This isn't surprising. The speed of technological evolution is far far greater than the speed with which any government can act. By the time the EU revises their AI regulation plans . . . I can't even predict where the cutting edge of AI technology will be at.
Or an AI-informed test. For example, the “reasonable person” test is beautiful in how it adapts to the times. If AI itself provides the test, the test evolves with the state of the art.
For example, perhaps AI subject to regulation XYZ is defined to be any AI which cannot be identified as AI by other AI.
> ChatGPT told POLITICO it thinks it might need regulating: “The EU should consider designating generative AI and large language models as ‘high risk’ technologies, given their potential to create harmful and misleading content,” the chatbot responded when questioned on whether it should fall under the AI Act’s scope.
> “The EU should consider implementing a framework for responsible development, deployment, and use of these technologies, which includes appropriate safeguards, monitoring, and oversight mechanisms," it said.
This is amazing, now people are interviewing ChatGPT.
> The regulation, proposed by the Commission in 2021, was designed to ban some AI applications like social scoring, manipulation and some instances of facial recognition. It would also designate some specific uses of AI as “high-risk,” binding developers to stricter requirements of transparency, safety and human oversight. The catch? ChatGPT can serve both the benign and the malignant.
This does not mean that the regulation is broken but that it should have come even sooner. As Uber found out, to run faster than regulations just works for so much time.
> In February the lead lawmakers on the AI Act, Benifei and Tudorache, proposed that AI systems generating complex texts without human oversight should be part of the “high-risk” list — an effort to stop ChatGPT from churning out disinformation at scale.
This seems an actual good goal. Move fast and break things is not a good approach when what you are breaking is the whole society.
> The EU's AI Act should “maintain its focus on high-risk use cases,” said Microsoft’s Chief Responsible AI Officer Natasha Crampton
> A recent investigation by transparency activist group Corporate Europe Observatory also said industry actors, including Microsoft and Google, had doggedly lobbied EU policymakers to exclude general-purpose AI like ChatGPT from the obligations imposed on high-risk AI systems.
Of course Microsoft wants to sell a product even if they do not know the impact that it will have onto the population. EU should balance that desire of profit taking into account the need of its citizens.
> ChatGPT told POLITICO it thinks it might need regulating: “The EU should consider designating generative AI and large language models as ‘high risk’ technologies, given their potential to create harmful and misleading content,” the chatbot responded when questioned on whether it should fall under the AI Act’s scope.
I agree w them that it’s high risk. In autonomous swarms.
But also - there is nothing they can do to stop them!
All our systems, including courts and govermments and elections, are designed assuming the inefficiency of an attacker. An anonymous bot swarm would do things at a scale that dwarfs all humans put together. And the range of things is massive already — just needs to play the internet like a real time strategy game and it’s all over in a matter of weeks.
I can see requirements for real world certificates to vote and post, but that would cause everyone’s identity to be doxxed everywhere. If you think that is far-fetched, well the UK already had drafted such a bill last year: https://www.cnbc.com/2022/02/24/uk-online-safety-bill-new-pl...
But even given all this, it won’t be enough because communities will come to PREFER BOTS OVER HUMANS for content. (Or human + bot = centaur, read Garry Kasparov and others in the early 2000s after Deep Blue beat him in the rematch). For a while centaurs would rule, but then pure bots would take over.
Consider that Wall Street transitioned from human traders to almost entirely bots, and now Ray Dalio’s hedge fund ousted him and 10% of its workforce and is also doubling down on AI. If they do it in trading, why not content generation? After all, corporations are not humans, either. They tend to prefer to replace humans with automation.
All I ever hear about the EU and tech is in the context of regulating something or another, don’t remember the last time they loosened a rule or two to make innovation easier.
Ignoring that I don't think you can at this point in time regulate AI, it's like trying to regulate math, we really have no idea what and how it could be used/adapted yet.
I honestly think there are probably bigger things to think about then AI, at this very moment. Eventually AI will need some kind of ruleset, but it cannot be broadly applied to AI. We would need to regulate companies using it to some aspect, and eventually find out a way to replace the offset of jobs with other jobs or some tax/basic income setup. But that's a large conversation in itself.
The EU can keep chasing the symptoms of the disease pretending it is keeping busy. The vast range of possibilities that can be expressed in software and algorithms will keep throwing such "surprises".
If you really want a healthy "digital society", which is one of the two major stated policy pillars of the EU (the other one being sustainability) you have to create a healthy digital economy, with more informed users, less obfuscation and hype, less oligopolistic, with more independent controllers.
There's something immensely satisfying, yet creepy, about pressing to play the audio version of the article, and getting an AI voice back reading you this AI article.
A human wrote this article, but in some years, AI will be able to write artistically like this, and then AI will write and voice content to humans without human input.
The high risk use cases for hammers and nails don't mean we ban them. It means that we go after people who used a hammer to kill somebody as if they did it using their hands. No need for special legislation.
Are there any internationally relevant internet companies in Europe?
Spotify comes to mind. Then .. I can't think of anything. No search engine. No browser. No operating system. No social network. No ecommerce company. No cloud computing platform. No financial services company. No transportation company. No travel company. No nothing.
Except for a $20B music aggregator, there is not a single sector of the web where European companies managed to get a foot in the door. The whole fabric of the internet used in Europe and worldwide is made outside of Europe.
But Europe seems to have learned nothing from suffocating their internet industry. Instead of wafting fresh air to the patient, governments just recently decided to give him the ultimate death pill: The GDPR.
We can only wait and see with what bureaucratic monsters Europe will prevent the emergence of an AI industry.
You are limiting your investigation to consumer brands. Lots of codecs (which support video infrastructure) originate in Europe, look up Fraunhofer institute for example. Python, the world's most popular programming language, invented and managed by a European. The world wide web originates in Switzerland. So does Linux. A lot of the technology you use every day comes from Europe, it just isn't in the form of a consumer product.
OP was asking about companies, not technologies. They weren't making the claim that say, academic research in codecs would be any worse off in the EU than elsewhere. The fact that Europe is good at inventing underlying technologies isn't necessarily a counterargument to their claim.
There are other internet/SaaS companies that are not consumer brands (ex. Cloudflare, Salesforce, etc.). But what you listed are not companies at all (other than some kind of small "company" that exists to support development resources for the project).
I think it's less about who can shape internet policy, and more of a rebuke on how technophobic regulation has led to Europe completely missing out on a key global industry despite many key innovations originating in Europe.
Europeans love technology, but they also love other things, like privacy and equitable outcomes. There is plenty of computer industry in Europe, it is just not as focused on consumer brands.
Well given that the "sheep" keep on appropriating the wolf's symbolism and rhetoric, and get so very personally offended at every last fact about the which could be considered a slight against the wolf doesn't represent them, isn't exactly a good sign for the very pointy-toothed "sheep". It comes across as dishonest disavowal of something fully approved of but they don't want to own up to.
Oh for heaven's sake. You seem to think any sort of policy choice balancing the interests of companies and consumers or maximizing accessibility of technology (like requiring USB-C ports) is Communism. Go poop on your own lawn if that's what you want to do.
You cannot have equitable outcomes, ever. Every single time it's ever been tried it's failed, and the reason you can't have them is because the planet is an ever-changing dynamic system.
> You seem to think any sort of policy choice balancing the interests of companies and consumers or maximizing accessibility of technology (like requiring USB-C ports) is Communism.
I do prefer to let the market decide, but the market's pretty much sold on USB-C. Apple wants to dominate everything and everyone - there's your lauded Communism for you, but I'm sure you'll proclaim, "That's not real Communism! I could do it better!" - so they're opposed to USB-C.
Lemme guess, did you type this on an iPhone, or a MacBook? Since we're going to jump to ridiculous conclusions... Why do you hate black children so much? You must hate them... you're using technology that requires minerals that warlords force black children to mine! If you were really a believer in Communism, you'd buy a Fairphone and no laptop at all!
See how ridiculous it sounds when you assume? There's a reason the adage goes, "When you assume, you make an ass out of u and me.
I think the point is that EU's attempt to shape internet policy is not going to get far if most companies with whom the consumers actually interact are not from EU. "Should" doesn't enter into it.
And those websites that are designed for EU users will have EU rules applied. It's just that it'll remain trivial to go to the other website which does not have that, and people will do this as long as that other website feels more useful to them, for whatever reason.
As I said above, the widespread compliance with GDPR opt-out regulations refutes your point. Perhaps there are some people boycotting all sites which offer such things, but I think their numbers are negligible.
The popups are cheap enough to implement, and don't meaningfully affect functionality of the site once you get past them; they're, at most, a minor annoyance.
This scenario is different, though, if websites with non-EU-compliant AI backend can offer additional features. Which is practically a given.
The EU shoots themselves in the foot with their regulation. Take a look at the EU response to the US Inflation Reduction Act. The EU enacted similar legislation by regulating green technologies in to existence. The IRA instead incentivized green technologies in to existence. EU green tech companies and investments were going to leave the EU. This caused EU heads of state to lobby the US president directly to change the legislation.[1] You would think they would have changed their own legislation to make it competitive, but instead the EU wanted to change ours.
Reading Franz Kafka there is at least one takeaway: bureaucracy is corruption. Having said this, the corruption of EU, bureaucratic or otherwise, in Bruxelles but also randomly from the French/German government to Slovenian or Romanian governments, puts the US with their legalized lobby to shame. There is a reason why PricewaterhouseCoopers, Deloitte, KPMG or Ernst & Young have headquarters in Europe, they want to learn from the masters [1].
Perhaps someone will write by the year 2500 a monograph with the title/subtitle: EU funding programmes—the downfall of Europe: how hundreds of billions were spent so that police officers, judges, customs officers, secret services officers, politicians and their friends and relatives used public funding to build holiday homes for the bed-and-breakfast "industry" and "start-ups" in the pretzel "industry" [2].
At least the trillions the DOD pumps into Northrop Grumman, Raytheon, and their friends ensure the US military supremacy, the EU is supreme in publicly-funded pretzels and craft beer, manufactured with Chinese machinery.
I get it. It was an identity damaging question that was asked so it feels validating to use an identity reinforcing answer claiming that Europeans don't like monopolies etc etc
However, it is curiously exactly the opposite. Europe suffers from massive regulatory capture and very few breakout disruptive companies to challenge that status quo. The classic example in the dotcom 2 era is Deutsch Telekom and their approach to laundering prices through a totally captured regulator.
Of course Alstom-Siemens et al. will claim that there is no anticompetitiveness to the whole thing. But I think the truth is plain to see.
Personally, I think it's the same thing as always. It's always not the masters of the present who will be the innovators of the future.
It's referred to sort of in the Innovators Dilemma, but not quite. The empires of the ancient world, Chinese and Indian, did not have the Industrial Revolution. The empires of the old world did not have the Silicon Revolution.
Each is too busy protecting the agents of the status quo simply because they cannot risk throwing away their present greatness for future greatness. Almost no human beings can. Perhaps Mark Zuckerberg alone can.
Europe has more monopolies; governments like monopolies because they're easier to regulate. A lot of small companies means there's too many to keep an eye on.
I guess mass, unchecked data harvesting is a "waft of fresh air" to yanks?
Makes sense once you consider the usual target demographic of HN, which is the temporarily temporarily embarrassed millionaire type.
Here's to hoping that the EU does indeed kill the cancer that is A"I" before it ruins the world with all of the "fresh" air it blows over the entire internet.
Canada, albeit almost 20 times smaller than Europe has created a web company more than twice as big as the biggest European web company. Shopify. It has a market cap of over $50B.
Korea has Samsung. A $300B giant. Albeit not a web company, I would consider their smartphones part of the internet ecosystem.
Operating system: are you kidding right? Linux, Linus Torvalds is from Finland.
E-commerce company, just a few : Otto Group (bigger than uber, close in size to Baidu), Zalando, Booking.com, Digitec Galaxus (Swiss company, now selling in Switzerland, Austria, France, Italy; way better than Amazon).
Cloud computing platform: Hetzner, OVHCloud, SAP Cloud.
Financial services: Adyen (payment company, net income about 1/5th of paypal with 1/10th of the employees), Klarna, Revolut.
Entertainment company: if you accept video games as entertainment, Wooga from Berlin made Diamond Dash, Ninja Theory UK (Heavenly Sword, Devil May Cry), GameLoft is in Paris (Assassin's Creed mobile), Rovio (Angry Birds), Team17 UK (Worms, I know a bit dated but it's a classic), Crytek Germany (Crysis, Far Cry, Homefront), Supercell Finland (Clash of Clans), CCP Games Iceland (EVE Online, EVE Valkyrie), Arkhane Studios France (Dishonored, Bioshock 2), King Sweden (Candy Crush), RockStar North (Grand Theft Auto, Red Dead Redemption, Max Payne), CD Project Poland (The Witcher, The Witcher 3: Wild Hunt), DICE Sweden (Mirror's Edge, Battlefield), Hello Games UK (No Man's Sky).
Since we are talking about AI. DeepMind started and is still mainly based in UK, although it is now part of Alphabet.
DeepL, often better than Google translate.
ASML, the single company in the world that makes extreme ultraviolet (EUV) machines necessary to manufacture all the AI chips and latest processors.
ARM, based in Cambridge UK.
In the same vein: NXP Semiconductors, STM Microelectronics, Infineon Technology (originally Siemens semiconductor manufacturing division).
A few startups are doing good AI chips, e.g. Graphcore, GrAI Matter Labs.
IoT protocols: LoRA, LoRAWAN.
Open source: honorable mention to Redis, made by Salvatore Sanfilippo, fellow Italian like me.
OpenTitan: the root of trust chip that powers Google security chips in everything from Pixel phones to datacenter hardware, is a collaboration with ETH Switzerland, lowRISC Cambridge, G+D Mobile Security Germany, and other international companies (https://opentitan.org/).
A lot of industrial robot companies, which are essential to manufacture most stuff you buy on e-commerce sites, are from Europe: ABB (Switzerland) and KUKA (Germany) are the first and third companies worldwide by market for industrial robotics. Comau (Italy) is 5th. Stäubli (Switzerland) is 9th. Universal Robots (Denmark) is 10th. Notably, all the others in the top ten (Fanuc, Yaskawa, Epson, Kawasaki, Mitsubishi) are from Japan. None are from US.
The comment was specifically talking about "internationally relevant" companies.
> It looks like you don't know much about Europe.
> Let's start with browser. Opera, made in Norway.
Opera has 2 or 3% market share and these days is a Chromium fork. I don't even remember the last time I saw someone using Opera.
> Search Engine. Ecosia, Qwant.
Both of these are wrappers around Bing and regardless have less than 1% market share.
> Social network: Mastodon.
Despite some buzz on HN, it's less than 1% the size of Twitter.
> Operating system: are you kidding right? Linux, Linus Torvalds is from Finland.
Linus Torvalds moved to the US in 1996 and is now a US citizen. And isn't that kind of the point? Europe has no shortage of smart/entrepreneurial people, but they often come to the US so their projects or companies can reach their full potential instead of being stifled in the EU.
We're talking companies, not open-source projects, protocols or non-profits.
Europe has a bigger population than the US, so listing competitors that are much smaller than their US equivalents is not a good sign.
Those companies located in the EU are mostly owned by US and sometimes Chinese investors. The reverse is not true - most US companies are almost exclusively owned by Americans. Americans own around half of all global financial wealth.
> Americans own around half of all global financial wealth.
Americans also had the privileged position of being located on a continent that has friendly neighbours, has extensive natural resources at its disposal, and half the continent did not get leveled during two world wars.
Not to mention, most of the financial wealth is bound up in dollars (mainly because of the aforementioned historical reasons), which in terms leads to it being stored in the US.
More like you don't know. Linus Torvalds is now an American citizen working in the US, like many other brilliant Europeans in the CS filed, and most importantly, the market cap[1] of the top US tech companies alone is greater than the combined tech sectors of EU, Switzerland, UK and Norway.
Most of the companies you listed have a relatively low market cap in comparison and are being squeezed by Chinese and US companies.
It's hard to underestimate just how big, wealthy and influential the US tech sector is. EU's tech sector is not in in the race by comparison. Sure, we have ASML as a local world leading champion, but that's just one single company, and even they are dependent on the US for the EUV licensing.
The only two actual big players you mentioned there are SAP and ASML, and those were successful prior to the EU. Everything else you listed confirms that while the talent definitely exists in the EU, it's just being squandered.
Even Spotify is mostly owned by US investors and pays out most of the money to US music companies and recently to US podcasters.
Unfortunately, Europe strongly embraces socialism [1] and is hostile to entrepreneurs. According to a study [2]:
"Western Europe is shown to underperform in all four measures of high-impact Schumpeterian entrepreneurship relative to the U.S. Once we account for Europe’s strong performance in technological innovation, an “entrepreneurship deficit” relative to East Asia also becomes apparent. This underperformance is missed by most standard measures. Finally, we also find that China performs surprisingly well in Schumpeterian entrepreneurship, especially compared to Eastern Europe."
this reminds me of the anti-tracking legislation, let's be honest it's a complete failure and further forces people into large silos
at the end of the day legislation won't save you and there is no substitute for competition, this is true for tracking policies and AI too
even for surveillance this is true - surveillance is most dangerous when it cannot be countered with individual citizen empowerment, by either having the choice to avoid it or to flip some surveillance back on the State or corporation
I m sure the lawmakers and the (surely many) committees that drafted those plans will return the money spent on compensation, traveling, dining and wining etc etc.
GDPR and DMA that came out of EU internet regulators don't impress me. They make it more arduous to browse the web, reduce the revenue collected by open web (content sites), reduce the quality of internet services, lower the quality of ads, hurt user experience, and hurt businesses who're looking to connect with customers.
Looks like EU will be doing the same with AI, and risk locking these countries out of the benefits of AI revolution.
It's not the AI that's the issue, it's the use of it that's the problem. The law shouldn't focus on the AI, for example:
>The regulation, proposed by the Commission in 2021, was designed to ban some AI applications like social scoring
Ban social scoring, not the AI, the tool doesn't matter. Would it be good if it was computed by hand on paper instead of through AI? No, so the issue is not the tool.
They fear the amplification factor of such tech, but the amplification factor works for the good and for the bad, so you need to focus just on the bad, not on the tech. Otherwise you end up impairing the good too.