The government couldn't do it this easily if it wasn't for sale.
It being for sale means anyone can be doing it which might be a framing that would be more alarming to the law-and-order types.
But really you need a two prong solution:
1) restrict this from being collected and compiled in the first place, eliminate the ability to default to this tracking unless someone opts out
2) restrict the government's ability to use or acquire through non-market-based means. The claim here is that there's already restrictions on this vs directly surveiling, but I haven't seen directly which specific restrictions those are for buying off-the-shelf info and the article doesn't specify.
There are very really no companies that I trust to keep my data safe for 10, 20, 50 years. Leadership changes, ownership changes, etc. We have to cut it off at the source.
It’s possible with a cooperative model that has no equity associated with it (no incentive to change hands), and the data is legally owned by the data producer (the individual)
So for example if all data between a user and a service is e2e and also legally considered property of the user then the org can explicitly borrow or buy that data for money from the individual- should they choose.
The user also has the default status of transparency around data collection, No data is stored unless paid for and fails secure.
> 2) restrict the government's ability to use or acquire through non-market-based means. The claim here is that there's already restrictions on this vs directly surveiling, but I haven't seen directly which specific restrictions those are for buying off-the-shelf info and the article doesn't specify.
This won't happen, our security state is built on private surveillance and partnerships between law enforcement and private surveillance companies.
Whether we like it or not, the intelligence and security apparatus feel like we need China-style surveillance, because terrorists/spies/civil unrest/FOMO/etc, and we're getting it one way or another. It's either outright illegal, or legally questionable, for the government to do exactly what the CCP has, but there's the loophole illustrated in the OP. Private companies are allowed to surveil Americans, and they're free to choose whether or not they share the data they collect with law enforcement.
Now we have companies like Amazon partnering with thousands of law enforcement agencies[1] to advertise[2], deploy and monitor Americans via their products like Ring. Amazon is free to share whatever data they collect from you whenever they want[3]. They can share your data with law enforcement without warrants and they don't even have to let you know that they did so[4].
The article in the OP goes into how phone records are being used to track people's locations, as well. As much as I'd like to, I can't see this genie being put back in the bottle.
The weird smart city concept and the total surveillance fetishism that comes with it is a product of post-9/11 surveillance, but it's also something that the CCP really nailed in its implementation. The Ring surveillance partnership with law enforcement mirrors what's already been rolled out successfully elsewhere in places like China, while the US is quickly catching up.
Comparing to a country whose practices in this regard are broadly considered authoritarian makes a lot of sense here. It is quite descriptive. IMO no less descriptive than post-9/11 surveillance
A government buying data for surveillance has little to do with capitalism. Perhaps part of the reason you see “everything” become “shitty” is you have a limited ability to identify, isolate, respond to, and avoid or change root causes.
Could some form of copyright or ownership help with this? The reason they can sell it is because it's theirs. Not yours. If you retained ownership of that data somehow would they need a warrant for it?
> Could some form of copyright or ownership help with this
Just pass privacy rights. Backing into a solution with copyright is unnecessarily messy. Nobody wants to deal with a lifetime of the courts deciding on the status of personal data seized in a bankruptcy proceeding or hypothecated to foreign investors.
Copyright isn't really ownership and only applies to creative works, software and works that exceed the threshold of originality. It doesn't apply to metadata, location information, secrets and facts about people.
Ownership as a concept doesn't really apply so well to digital things because they are infinitely copy-able. I can have something digital, and you can have it too.
There's certainly a need for better privacy laws which applies to PII but that doesn't really need to be conflated with copyright and ownership.
I've thought about a couple of analogous concepts.
The first is the automatic civil penalty for copying copyrighted music recordings. If you're caught and proven liable, the dollar amount of damages don't need to be debated -- they're pre-determined.
The second is the concept that mere possession of certain kinds of information (unspeakable pornography) is a criminal offense.
I think some combinations of these concepts could create a bounty system for victims to collect on the abuse of their personal information: 1) Improper possession is inherently illegal. 2) Offer for sale or transfer of the information carries an automatic civil penalty.
Since music "piracy" has been demonstrated to increase music purchases, this fixed dollar amount should therefore be negative. Any music I am found sharing shall result in the music industry paying me. Sounds about right.
> creating market for data, attaching speculative value to it and et cetera, and stinks of web3 bullshit
Creating tradeable property rights is older than web3. (Web3's innovation was turbocharging securitization by skipping the step of finding something worth securitizing.) The question is whether, and to what extent, we want personal data to be a market good. It currently is.
What i don't understand is why if it's illegal and forbidden for the government to directly indiscriminately collect information and data on citizens, they can buy the same information from data brokers without an issue? Surely this violates the intent of the law.
In theory, the data was provided willingly when collected.
If you rent a locker, and the terms of the rental agreement say that the person you're renting from has access to the locker for any reason, then the cops do not need a warrant to ask the lessor to open the locker, only a warrant to coerce the lessor to open the locker.
If the lessor is willing to let anybody take a picture of what is in the locker for $5, then the government doing so isn't abusing its special privilege.
In practice, most people do not understand the ramifications of the things they agreed to that put this data out there (if they even read it!) and in many cases did not have reasonable alternatives to the services that they signed up for.
>In theory, the data was provided willingly when collected.
That's spot on, and your analogy is a good one, except that in the realm of personal information, no warrant is required in the US.
There is quite a bit of law and numerous court decisions around this process in the US.
That jurisprudence is more generally called the Third-Party Doctrine[0]:
The third-party doctrine is a United States legal doctrine that holds that
people who voluntarily give information to third parties—such as banks, phone
companies, internet service providers (ISPs), and e-mail servers—have "no
reasonable expectation of privacy" in that information. A lack of privacy
protection allows the United States government to obtain information from
third parties without a legal warrant and without otherwise complying with
the Fourth Amendment prohibition against search and seizure without probable
cause and a judicial search warrant.[1]
Edit: To clarify, I disagree with this doctrine and would love to see limitations on data retention periods as well as warrant requirements for access to such data.
In Europe it doesn't work like that. There you give consent to collect for a specific purpose and for any other purpose you need to go back to the source for another round of consent. This is something that many companies haven't implemented properly yet (but a surprisingly large number actually do).
Yes, so? Check out the text to see exactly what the context for those exceptions is and it all looks fairly reasonable. It doesn't say 'law enforcement gets to do whatever they please'.
Nevertheless, law enforcement gets to do whatever the current governing regime permits, extrajudicially or otherwise.
Consider that police in the US have both handcuffs and guns while police in the UK just have the handcuffs.
Look at the effects, where so many in the US feel justified in their need to defend against extrajudicial force with guns (per 2A). Look also how many cops kill US citizens (suspect of a crime or not) compared to how many cops in the UK apparently don't feel such "fear for their life" which justifies the extrajudicial killings.
If people have a hammer, nails will be what they find.
And in reality, every process is a kafkean bureocratic nightmare were you end up having to say yes in order to advance and they milk your data anyway while also using privacy rethoric to prevent citizens from getting gov transparency.
The typical powerful west European countries are corrupt to the core and when people feel we are better off than in the US (self congratulatory posts are common) it's generally lack of political awareness and involvement more than anything.
In reality, it just mostly works. Source: ample experience with European (no idea why you added 'West') companies that deal with my data. Since the GDPR has gone 'live' (as in: fines are being issued for non-compliance) the situation is improving every day.
It doesn't. I added west because I've lived in several countries of Europe and I'm talking about those and some other hegemonic ones I know about. The ones usually lauded due to not knowing about them. I'm European.
In this site there's a trend to treat Europe as a monolithic entity and pretend it's awesome. Any criticism gets taken as "Americuns" being ignorant and europe is awesome.
In reality, I see a lot of unwillingness to accept the political reality and pretend "we are better than USA" via political apathy and coping.
People react negatively when you point out polítical facts they don't want to see. It's easier to look at USA with an air of superiority. This also happens the other way around, of course, but HN demographics make one more typical.
I have lived in no less than 7 EU countries as well as Canada and a bunch of others and EU privacy laws + implementation are hands down the best in the world right now. Could they be better? Yes, absolutely. But nothing else even comes close.
The 14 eyes alliance and legislation in countries like France make the GPRD seem more like protectionist laws that favor local corporations instead of actually protecting the privacy of everyday citizens.
If anything local corporations are far more at risk of enforcement so your comment makes not sense. Privacy of everyday citizens has measurably improved, both from the perspective of an EU data subject (myself) and someone who professionally looks into the kitchen of many EU companies that process data (myself).
That's because GDPR explicitly isn't meant to be a law that protects against governments but against private entities. There's nothing "protectionist" about that.
> In practice, most people do not understand the ramifications of the things they agreed to that put this data out there (if they even read it!)
True, but it's even worse than that. Many of those who do understand it, simply don't care ("nothing to hide", "nothing to fear", etc.).
The allure of a "free" service that everyone else uses is enough to abandon any expectation of privacy, and consciously come up with arguments that it doesn't matter.
> In practice, most people do not understand the ramifications of the things they agreed to
Going further, it must be clarified that the whole point of doing things this way is that people do not understand it. The people who want to surveil everyone could either do it illegally and get in trouble, or create an inscrutable bureaucratic system that so sufficiently obscures what they are doing that they get the same results along with a legal cover if they are discovered. If we did have privacy laws that prevented this, they would just collect it illegally. This is absolutely not to say that privacy laws are pointless (they would be helpful) but that we must understand this situation not as an accident, but as the slow creation of a class of people who want to exercise power over us and have been getting their way.
Google founders had some internal compass when they offered GMail "free" with an explicit statement that they would "index the emails" or whatever. I recall smart people, a few of them, noting it but the rush happened. Second was smart phones not being too coy about knowing your phone call records with an ID attached to it, every time, all the time. When the public accepted those two things, in recent memory, that was enough to tip IMHO here in the USA. Whatever legal powers behind the scenes with the Patriot Act were contemporaneous, after GMail.
The Patriot act was signed in to law in October 2001.
Bill Binney blew the whistle on illegal NSA mass data collection of email, web browsing, and cell phone records in 2002.
Hard to pinpoint when smartphones became mainstream, though as a point of reference the iPhone was launched in 2007.
So clearly the NSA was trying to do dragnet surveillance of the internet well before gmail or the widespread use of smartphones.
A quote from the Bill Binney wikipedia page:
"Binney has also been publicly critical of the NSA for spying on U.S. citizens, saying of its expanded surveillance after the September 11, 2001 attacks that 'it's better than anything that the KGB, the Stasi, or the Gestapo and SS ever had'"
There are a ton of 'workarounds' like that in play, parallel construction being one of the most extreme ones. It's interesting how these invariably work very well when it is the government in the position of the plaintiff but citizens will never ever see the benefit of any of this. Cameras everywhere, but good luck if your car gets stolen. Meanwhile all of your movements are tracked with abandon, ANPR on every second street and so on. Privacy is very hard to come by.
At the same time: I sympathize with LE and intelligence service operators that have their heart in the right place and that would just like to be able to do their jobs in a hostile and hard to navigate digital environment. Tech moves so much faster than they can keep up with.
If law enforcement has a reason to obtain data, they should be able to get a warrant to obtain data for people of direct interest. But especially the federal gov should not be able to have data that they cannot legally obtain directly from the population. What good is a law and right of the population, if it can be trivially circumvented?
Having data on everyone and then only using it against people they want to use it against is exactly what the Stasi did. Obviously this is their dream come true --just a little to late for them.
> What good is a law and right of the population, if it can be trivially circumvented
U.S. v. Miller [1], which established the third-party doctrine, turned on whether "the business records of the banks" to which the defendant could "assert neither ownership nor possession" could be accessed by subpoena versus court-authorized warrant. (The context turns on bank records. Smith v. Maryland [2] expands it to "phone numbers [conveyed] to the telephone company.")
This seems trivially fixable with legislation. Requests made by the government to third parties in respect of specific persons' non-public (even if not strictly confidential) records require court approval or the first party's consent. Also, easier than trying to expand he definition of "houses, papers, and effects" [3] to cover our data in various clouds: defining, in statute, that there is a legitimate and reasonable expectation of privacy in the phone numbers one dials to speak to or message with another person or persons, e-mails one sends to a small group of people, handles one provides a messaging service marketed as encrypted, and articles (e.g. documents, photos and work products) uploaded to a third party's server for personal use.
Agreed, but this is something that has been going on for decades. Their excuse - believe it or not, I can dig up the source if you want - is that as long as nobody looks at the data it is ok to have it. I thought that was being incredibly economical with words, clearly that is not the intent of the law.
It's ironic that this is what all repressive governments do. They hold data and when they need it they spring it. But I guess this escapes them -or maybe not.
You "agree" to give cnn.com (or whoever) the information when you visit their site through stupid TOS BS. You also "agree" that they can sell it.
Law says don't collect the data through surveillance. Law doesn't say "don't buy it from people selling it willingly" - probably nobody anticipated that, because... it sounds kinda stupid if you don't know how we got here... yet here we are.
So instead of trying to lawyerball it to make courts declare that it somehow falls under current restrictions, based on intent vs the actual words, we just need to update the damn laws.
The intent of the law was to limit government power specifically. Not unlike the law requiring most of the information on firearm sales at the federal level be kept in paper format so that it can't easily be mass-indexed and mass-crawled.
The NRA is backed by an ardent following of funders who sincerely believe curtailment of their ownership of firearms is an immediate and direct existential threat.
That's what privacy is missing. But get the right ad agencies on it to put together some good scare campaigns and maybe.
I'm sure that's already happening. Nixon would have killed for the kind of data our government is collecting and when this data is turned against citizens the Neo-McCarthyist witch-hunts will be devastating.
The government has the monopoly to violence, Google does not. The cops can arrest you, Netflix can't.
That's why information in government hands can be more dangerous than in corporate. A good example is when Nazis occupied Holland they used governmental data on religion (collected to properly allocate funds for places of worship) to track jews and send them to the camps.
So data in corporate hands is bad, but governmental data can be even worse.
I’ve read this entire comment almost verbatim so many times as a justification for private surveillance of society. Pervasive surveillance is a problematic issue, period.
Let me tell you what companies can do: they can make lists and pass it privately around to deny you gainful employment, loans, investment, etc. They can also sell it to the government, subverting privacy and due process rights.
What if that information was how you voted, or that stupid thing you posted on AITA six beers deep five years ago, or how much time you spend watching Netflix, maybe you watch too many war movies, maybe one time you posted anti advertising agency content six years ago and you applied to an ad agency because you desperately needed a job.
In highly competitive markets people use stupid things to deny people opportunities.
The constitution was written a long time ago and really says nothing about information technology for obvious reasons. The fact that we don't have amendments for a lot of modern issues is a scary thing for the general population.
Constitutions around the world were absolutely trampled under the guise of an axiomatically defined emergency that trumped fundamental freedoms and civil rights.
Freedom of movement, association, speech, religion, bodily autonomy and more... All down the drain.
All you need is a bit of collision between government media and tech and you're golden.
Just look at some of the things the sick freaks in the government collect data on through their massive data harvesting apparatus [0].
But in all seriousness, you should know it is actually possible to use data towards good aims. Policy makers can use data to produce better answers to questions exploring issues like poverty, disease, crime, financial literacy, etc. Setting up a massive survey is slow and extremely expensive, and that makes it extremely hard to iterate on findings. Getting answers years quicker makes it possible for the government to develop better policies, and that's a good thing. Sure the Nazis were evil, and information enabled the Nazis to be more efficient and effective at implementing evil policies. But an un/less-informed government isn't a goal to strive for. Good government implementing good policies is a goal worth striving for, as there are some problems that can only be addressed at government scale.
Ah yes the FBI is now buying civilian data to take surveys for us! I envy your rose colored glasses.
Considering I know what kind of data is available, I sincerely doubt this is what is happening. Does that mean, that it's all super evil bad bad stuff, nah, but it is exploitable for evil for sure.
The state's monopoly, qua Max Weber, is on the claim to the legitimate use of violence. That is, the right and legitimacy of that right, is restricted to the state, or an entity acting in the effective capacity of a state, whatever it happens to call itself.
Absent this, one of three conditions exist:
1. There is no monopoly. In which case violence is widespread, and there is no state.
2. There is no legitimacy. In which case violence is capricious.
3. Some non-state power or agent assumes the monopoly on legitimate violence. In which case it becomes, by definition The State.
The state's claim is to legitimacy. A capricious exercise would be an abrogation of legitimacy
Weber, Max (1978). Roth, Guenther; Wittich, Claus (eds.). Economy and Society. Berkeley: U. California Press. p. 54.
The misleading and abbreviated form that's frequently found online seems to have originated with Rothbard in the 1960s, and was further popularised by Nozick in the 1970s. It's now falsely accepted as a truth when in fact it is a gross misrepresentation and obscures the core principles Weber advanced.
In your comment, what you confuse is capacity for violence (inherent in all actors, state, individual, corporate, or non-governmental institutional, with numerous extant examples of each) with the Weberian definition of a monopoly on the legitimate claim to violence. In practice, enacting violence on virtually any actor will engender some counterveiling response, though the effectiveness will vary greatly depending on the comparative power and/or disinhibition of the entity responding.
There are numerous examples of private corporations or non-governmental actors engaging in violence, with or without state support or sanction. There are the 100 million souls lost, respectively, to the British East India Company's occupation and administration (as a private entity, with military powers) of India, of the transatlantic slave trade by numerous private commercial operators, and of the genocide against the indigenous populations of the Americas, again much by privately-chartered corporations (as the original British colonies were). There are extant mercenary forces such as Constellis (formerly Academi, formerly Xe, formerly Blackwater) in the US, or the Wagner Group presently transacting genocide in Ukraine. There are oil companies who have initiated coups, paramilitary actions, and assassinations throughout the world. There is the Pinkerton Agency, still extant, and with a storied role in violence against labour and civil rights movements. There are railroads, with their own (private) police forces, which are in fact registered as law enforcement despite being nongovernmental.
The truth is that there is no clean distinction between State and Private use of force, lethal or otherwise. What there is in government is, one hopes, legitimacy and accountability to the citizenry rather than to creditors and investors.
> The government couldn't do it this easily if it wasn't for sale.
I don't disagree with your overall point, but the government being allowed to buy this data can create the market for the data in the first place, even if no one else wanted the data.
Hundreds of billions of dollars are being made and the government is gaining and keeping control over us with this. If you think meaningful privacy laws will be passed in the US, you are delusional. We are on our own. If a candidate such as RFK says he will attack this practice, I am still skeptical of how successful he will be.
> The government couldn't do it this easily if it wasn't for sale.
Stronger: this being for sale means that it's already being purchased by someone.
Really the scoop to this piece is just "The CIA engages in open source intelligence", which sort of a "duh" kind of thing. If there's intelligence value in a product on the open market, of course they're going to consider buying it.
If it shouldn't be for sale it shouldn't be for sale. Let's fix that, not try to pretend that we're OK if Putin or Xi buys it but not the CIA.
I think that something that should have made lawmakers, and others in public office, sit up and take notice, is a couple of years ago when a prominent and highly-placed Catholic priest was found to be hanging out on Grindr and with other users of the app, shall we say. https://www.catholicnewsagency.com/news/248431/usccb-general...
If such incriminating data is so easily procured against just one guy using a gay hookup app, imagine the treasure troves of data that could be wielded against Members of Congress and other people in power. Even in the absence of wrongdoing, I still don't think that public figures would enjoy having the public know their every move, every minute of every day, but the reality is that all the apps they run are phoning home and uploading that data constantly, unceasingly, and it's all for sale.
I suspect all those who write the laws already have a Damoclean Sword threatening to drop on them at any time convenient. So I wouldn't count on much help from them whether the laws apply to them or not. It's a virtual certainty that noone who seeks power is free of exploitable skeletons. They are the kind of people who seek power. So the law enforcement and security infrastructure can leak that whenever they choose.
I guess what I'm saying is, your suggestion would be a good idea, but the security apparatus figured it out before you did a long time ago. See ABSCAM for instance.
I'm reminded of how Obama was vocally opposed to domestic surveillance and campaigned on ending all the new spying on the American people, but once he was in office he changed his tune very quickly and ended up expanding the NSA's ability to spy on the people instead.
I figure either he was shown some very strong and classified evidence that the data the NSA had been collecting was critical to protecting the people even while it violated their constitutional rights and freedoms or else he was shown how much dirt they have on him and his family and he was blackmailed into publicly declaring his love for NSA spying and handing them more tools to collect data while making only a few token changes.
I figure either he was shown some very strong and classified evidence that the data the NSA had been collecting was critical... or else he was shown how much dirt they have on him
Just, Devil's Advocate, but, yeah, why can't it be both?
That guy who was tracking celebrities's plane traffic and publishing on TWTTR could instead do this. Automatically and repeatedly publish legally obtained data on all politicians fed, state and local.
Now that would constitute a public service.
Could someone start the 'Decentralized Intelligence Agency(, LLC)', buying, collating, and analyzing open market data feeds, and allowing subscribers to see what's known about themselves and others?
If you have the wherewithal to protect yourself from the unsavory underworld types who will inevitably come after you for revealing things they'd just as soon keep secret.
There's a reason you only see the government doing this kind of thing.
Yea sure. I mean that's already a thing to some extent, but, if you want the honest answer. Everything you do digitally is known about you. Your physical location, places you regularly go to and when, Websites you visit, your account names, etc. Even ISPs can sell your data these days.
I'm aware of this; I think many ordinary people and lawmakers are perhaps less clear on it, and that making it easy to see would help people understand the situation.
It's being done, and has been done for around a decade now. New York times did a good piece on how every civilians cellphone gps data has been for sale a long time ago. Bounty hunters buy this kind of data all the time is my understanding.
Right, and they probably are vastly under represented in the world of "who is buying american information". There's probably foreign adversaries in there also.
This is mostly the wrong side of the coin. You have it right.
Please don't make excuses for the government. This is simply their way of getting around the spirit of the 1st and 4th amendments. It's governmental abuse and anyone with any common sense knows that. Companies can't arrest me and throw me in jail indefinitely.
I don’t fully disagree but there is still a big difference. People voluntarily give these companies their data. The companies aren’t skirting the law. We shouldn’t gatekeep disallowing government spying behind better consumer protections.
The kicker in all this is that the taxpayers are literally paying for this. We are paying to give the government our own data.
My alarm bells for the Appeal to the Law fallacy went off. I see it quite often. When we’re discussing what the law should be, what the law currently is is irrelevant (unless your position is that laws should not change).
The fact that it is currently legal to harvest this data and the fact that it is currently legal for the government to purchase it should have no bearing on whether they should be able to in the future.
Further, there is a serious question with regards to the extent to which these businesses had the actual informed consent of their users. Do people fully understand that their information will be sold to data brokers? Do they understand that the government will be able to purchase said info with our money (and possibly use this information to incarcerate them)? The latter is almost certainly no, which is why the government fought so hard to keep it a secret.
It being for sale means anyone can be doing it which might be a framing that would be more alarming to the law-and-order types.
But really you need a two prong solution:
1) restrict this from being collected and compiled in the first place, eliminate the ability to default to this tracking unless someone opts out
2) restrict the government's ability to use or acquire through non-market-based means. The claim here is that there's already restrictions on this vs directly surveiling, but I haven't seen directly which specific restrictions those are for buying off-the-shelf info and the article doesn't specify.
There are very really no companies that I trust to keep my data safe for 10, 20, 50 years. Leadership changes, ownership changes, etc. We have to cut it off at the source.