I'm trying to think through this from a legal perspective.
If I'm going from store-to-store around town, my understanding is that police are allowed to watch me and even go into the businesses and ask questions or pull security footage without a warrant. The information they gather is circumstantial and probably would not hold up in court, but they can use it as grounds to get a warrant.
Let's imagine a different case. Instead of police having to go in and ask nicely for customer logs and security footage, the owner happens to have meticulous notes that he keeps and sells to randos around town. Creepy... but it's largely the same data that they could have gotten by asking nicely enough anyway.
If there is no law against the proprietor bundling up his customer data and selling it, it doesn't seem like there is a strong legal case against police using it.
Obviously, this is a MUCH bigger problem on the internet than in real life - just in the huge difference in scale in the amount of data and the ability to parse it.
I think this gets down to a fundamental problem with tech that society is ignoring like a pink elephant in the room.
Society fundamentally changed with the introduction of computers. Things have become possible that were never possible before. This is obvious if you consider the tech of 1900, 1950, and today.
The elephant in the room is that the more complete the dataset the more dangerous it is. Its like gunpowder. Firecrackers are sold without license, small amount of gunpowder. Dynamite and other explosives with larger amounts of gunpowder are heavily restricted because of the damage that can be done. Today, there are laws against re-packaging explosives to protect people.
I believe the damage that these datasets are doing to society are covert and second-order effects that are hard to track. Most datasets like what the NSA are doing are kept secret precisely because they don't want transparency. If there was transparency, the damage would become obvious that regulations would swiftly come.
There's the chilling effect, people not wanting to protest or organize against government overreach for fear of being put on a watch list. This allows the state to enact more draconian laws with less push back from the general public.
It's like a vicious circle that feeds itself, the more surveillance the government permits, the less the public are able to complain or fight back against it. Thus leading to even worse surveillance.
You are talking about the panopticon, where, in the perfect jail, anyone can be looked at but they themselves have no awareness of that fact. This changes behaviour. The implementation of technology we have is the panopticon across the whole of society. This is not accidental, it is part of the governance control system.
Generally, there is plenty of reasons to be worried:
- Firmware-wise (e.g., Intel Management Engine, Coreboot, Libreboot, system on a chip)
- Hardware-wise (i.e., Von Neumann architecture - Code + Data)
- Operating System-wise
(e.g., 0-click exploits, remote code execution to manipulate the CPU's instruction pointer,
stack overflow, Pegasus)
- Facility-wise (e.g., electromagnetic waves, cell towers, Faraday cloth)
- You (making mistakes)
What you can ultimately do is: rely on randomness (e.g., rolling casino-grade dice), Diceware, one-time pad, no computers of any kind.
Further, hope that time traveling backwards remains impossible.
Otherwise officers will travel back in time and can see what you wrote (e.g., unencrypted message) back then.
If you need some electronics go with analogue electronic devices.
Or, make your own computer systems from scratch with transistors etc.:
We can talk about the datasets, but the elephant in the room - to me - is that the world is deeply deeply intermediated.
Our lived experiences are filled with countless powers preying upon us humans. They want to stay middlemen, they want to keep us using their convenient systems, they want their hand in every pot, and they use networks to vend their position to as many other would industrialists as they can.
That's them, what about us? We humans have lost direct and authentic connection to the world around us. We lack orientation & cannot make sense & decide & understand (and that alone may be a ghastly threat to democracy). We don't have visible economies around us anymore.
There's such a deeply Dark Forest scenario playing out, as companies invisibly consume & process society. It's so asymmetric, so hard to even grasp how thoroughly & tightly the corporate surveillance winds itself around us. Are the datasets generated terrifying? Sure, yeah. But the result is not the only horror here. The potential power of what is gathered is only one form of damage that the de-huamnizing/intermediating of humanity strikes against us with.
> The BBC reported that before departing, he told a friend on Snapchat: "On my way to blow up the plane (I'm a member of the Taliban)."
> Security services saw the message and flagged it to Spanish authorities, who sent two F-18 jets to follow the airliner until it landed, per the BBC.
> He faces a public-disorder charge, which could result in him being ordered to pay over $120,000 if he's found guilty.
> About $103,000 of that is from the Spanish Defense Ministry for the cost of scrambling the fighter jets.
Definitely alarming than encrypted Snapchats are clearly not private, but the response as a whole still seems fairly reasonable, no? He did kinda threaten to blow up a commercial airliner.
I think the BBC article about his acquittal has a lot more points relevant to the discussion about privacy:
No, charging 100k to a teenager over a shitty joke over private encrypted communication channel is absolutely not reasonable. Spanish military can eat the cost of their false positive response. Why would you think an innocent individual paying for trigger happiness of authorities would ever be reasonable?
> No, charging 100k to a teenager over a shitty joke over private encrypted communication channel is absolutely not reasonable.
Where are you putting the stress in this sentence?
If your issue is with the encrypted private channel being spied upon, then I completely agree, and so did the court system.
But outside of that, if he had said this via SMS, this would be the standard response. It may be a shitty joke, but jokes don't make you magically immune to consequences. You can't yell "fire" in a clouded theater, and you can't say "on my way to blow up the plane (I'm a member of the Taliban)" while boarding a commercial airliner. Well, you can, you just should expect to be sued.
Also, it appears that a lot of the danger is political. Both Trump and Biden were presumably being spied on by the incumbent administration (Trump because of the Russia thing, Biden because of the Ukraine thing). It seems likely that Trump is being spied on again, and there is no reason to believe this pattern is going to stop.
The hazing process for electing a president is already cruel enough that nobody sane runs. Add in the risk of the incumbent administration finding a way to leak all your dirty laundry from as far back as the records go and it will be really weird. Probably corrupt, ugly and with bad results for everyone outside the intelligence apparatus.
In some sense that isn't new, there are questionmarks over the US spooks dating back to J. Edgar Hoover. But the damage that sort of actor can do is greater the more data they have to make decisions with.
I'd argue there's an even more fundamental reason for the hazing process, as you call it, which is that the voting system itself incentivizes negative campaigning as just as if not more effective than positive. In other words, a dollar spent trashing the "other side" is destructive yet effective. This destroys healthy competition and encourages mutually destructive behavior.
yes, because it allows centralized control and that control is absolute.
Whether an organization decides to lock things down or not is a different discussion, but software itself is absolutely authoritarian in nature.
And the scary part is that it's absolute. If you have employees who shouldn't be doing a thing you make it company policy, but with software you flat out enforce it.
Software has its absolutes - and those are often good things. Security, ability for backup, redundancy, scalability. We value these things.
Whether those attributes are applied toward authoritarianism or freedom is largely up to the developer and the backers and users.
And over time we may have started with systems that are centralized because our abilities were young at the time, but distributed systems are very popular and often the goal. One example is version control systems: all the systems prior to Git/Mercurial and those after.
With social networks, the network effects are dominant, but I am hopeful that distributed systems will eventually dominate.
Well, yes. American discourse has got backed into this corner:
- "the government" (broadly defined) is not supposed to be able to spy on people
- there is no general privacy law, only narrowly defined bits for e.g. video rental records and libraries
- corporations spying on people is completely normalized
- reporting the results of your spying to other people is free speech
> If there is no law against the proprietor bundling up his customer data and selling it, it doesn't seem like there is a strong legal case against police using it.
So long as there's a strong "corporations good, government bad" faction this is going to continue to be a problem.
(Weirdly, the "government bad" faction don't seem to be concerned with police accountability at all, except in very narrow cases where one of their own is arrested for blatent crimes)
Technically, if we'd consider corporations part of the government (which we arguably should; many acts of regulation that would be impractical to implement directly through the government are farmed out as the responsibility of corporations as a pre-req of doing business), many surveillance capitalism patterns would become fraught by default.
The "corporations aren't government entities" defies logic. As without government recognition, they aren't even a thing.
It does not. If you're a legal fiction, at some level your existential DNA is entwined with your political system's existence.
It doesn't make a nonsense of "part-of" at all; unless you don't want to inherit government centric probibitions to deal with in calculating your business model.
You're talking about police, but the NSA has a charter and in that charter is supposed to (for SIGINT : signals intelligence, i.e., gathering) be doing signals gathering outside the US on at least one end of conversations.
Perhaps something changed over the last 20 years. But perhaps the rule still applies (or is supposed to apply) and that's the implied misbehavior.
They aren't allowed to collect the data directly...so they have the other UKUSA/5eyes do it for them with what used to be call ECHELON. There are supposed to be restrictions on that but it is hard to tell from the outside.
You aren't wrong but the misuse is within the bounds of what you are saying. They only need to make a reasonable effort to avoid directly surveilling conversations between two Americans if there's evidence available they are both Americans. They collect until they realize both parties are American and from what I understand those communications after the realization are not purged.
Additionally if you are speaking with foreigners they are also authorized to collect. The idea is that they can only use it for intelligence purposes but those data sets including domestic communications which were collected 'by accident' are exposed to the FBI for counter intelligence reasons. The problem is that the FBI has notoriously abused this and run searches against the database for domestic individuals for reasons other than counter intelligence.
I think it comes down to quantitative differences resulting in qualitative differences.
It's not unreasonable for anyone (public or police) to notice when I am out in public, and what I do in public. But at some point an accumulation of these OK interaction becomes not OK, in the same way we already recognize that an individual simply seeing somebody in public is a protected right but stalking is not.
When the technology exists to track everything I do in the public sphere, catalog, summarize it, and sell it for profit, we are dealing with a qualitatively different animal that has entirely different implications morally and with respect to our rights as individuals.
Technology automates the spying so there is no upper limit on the amount compared to in person spying.
Some Google servers can do stuff that Stasi could not even dream about. The upper limit of Stasi was that all DDR citizens were to be Stasi employees or informants. Google can do it no-hands.
E.g. I am all for the Police ticketing speeders, but I don't want some automated spy network tracking me instead. At least the Police should have to work for getting me if I speed ...
The bigger issue that people always miss is that NSA is not law enforcement so they do not need a warrant. The Census Bureau does not need a warrant to gather information on Americans either, but for some weird reason people find the NSA controversial but not the census.
I don't know why you think them not being law enforcement changes anything?
Constitutional prohibitions generally apply to all governmental bodies, i.e. a school is limited in its ability to constrain your freedom of speech or religion.
The difference there is that the first amendment applies to actions of the individual but the fourth amendment applies to actions of the government. That difference in scope of application thus determines not just whom is protected but also to whom is limited. These first ten amendments exist explicitly to provide individuals lawful rights and when these rights are not violated these laws thus do not apply. For an example see the exclusionary rule. Thus the 4th amendment’s application does not apply all functions of government equally and no law or prior practice says otherwise.
> The information they gather is circumstantial and probably would not hold up in court, but they can use it as grounds to get a warrant.
Just to clarify a possible misunderstanding: an officer testifying that they saw you go into a store is direct evidence that you were in that store. Likewise, a cashier testifying to what they saw you buy is also direct evidence. It’s eyewitness testimony.
On the other hand, for example, a receipt found in your wallet is circumstantial evidence. There are many possible explanations, some more plausible than others. Circumstantial doesn’t mean weak—-all forensic evidence is circumstantial.
The US Supreme Court has already shown its reluctance to allow wide-spread, but otherwise legal, data gathering.
In US v Jones, a GPS tracking case, the minority opinions were basically concerned with the fact that the GPS monitoring continued over a wide period of time, covering a wide area:
In his concurring opinion, Justice Samuel Alito wrote with respect to privacy: "short-term monitoring of a person's movements on public streets accords with expectations of privacy" but "the use of longer term GPS monitoring in investigations of most offenses impinges on expectations of privacy"
This BS is allowed by "Third Party Doctrine" which means that once you give information to a third party, you no longer have a legitimate "expectation of privacy" so therefore you don't have one.
For example, if I want to pay you $100:
- I can give you $100 directly in cash. We can limit that knowledge to two people, therefore it could remain private.
- If I pay you via check, credit card or Paypal, now I've involved a third party and the government can collect any information they want. It's up to that third party to choose not to share it.
Check out the book "Habeas Data" if you want to understand the US rules - and how we got there - https://amzn.to/311a0yl
Think of it this way: knives are available on the open market, that doesn't mean NSA can just go around stabbing people.
The concept of a warrant is to have an authorization to do something that an entity would normally not be allowed to do. So if the NSA would normally not be allowed to have some bit of information, then it doesn't matter where that information is, how it is acquired or how 'available' it is.
Of course, that's all up to interpretation because the various documents/amendments etc. are all made up in legalese that relies on precedent and opinion to make some sort of sense of what's actually allowed. So in the case of the NSA they would make the same argument you are making: the NSA didn't "get" the information so therefore they don't need to be authorised to "have" it. But the issue is that "getting" something and "having" something isn't the same thing.
Realistically, the problem is exactly as you describe it, you can't really protect people if you're allowing random parties to just collect data on everyone with no consent or legal base for processing. Because even if the NSA needs a warrant, you can just proxy that too where you don't even buy the data, you just buy 'search results' and offload the entire data mining process. Now the NSA doesn't acquire the data nor hold it, it just gets results. And then we'd all get a discussion about that, and they could just proxy that too (have some other entity to collection and investigation etc. and just relay results as anonymous tips to the NSA). It never seems to end.
It seems like the problem is that the information is for sale at all.
I generally think warrants should be needed when police (or i guess spies) do something that an ordinary citizen wouldn't be allowed to do. If the info is available for purchase by anyone, then i don't think warrants should be needed.
This makes it seem as if the NSA would stop spying on Americans if the data wasn’t available on the open market. If we just change our data privacy laws! Historically, the NSA doesn’t care whether they get the info off the open market or from in-house infrastructure. They’re probably doing both now.
The problem isn’t this particular method they happen to be using today. The problem is that the NSA and the 4th Amendment are often in conflict, and the NSA wins because there’s no consequences for violating it.
Really truly hate agreeing with brookings, but they are right here.
I find it interesting where the line between freedom and acceptable government intervention seems to be for many people. There must be an aspect of “what do I have to worry about” that doesn’t kick in until people explicitly see what they have to worry about looming.
It's the classic "I have nothing to hide" argument. Which immediately breaks down when you realize that, with enough information about someone, you can implicate them in something illegal. A case can be built against them, a narrative spun, and an innocent person spending their lives locked up. This happens constantly in the US judicial system, though I believe it is often unintentional, just human bias doing it's thing.
I've read the article, and it addresses the point vaguely at best:
"The standard argument in favor of unfettered government purchases of private data is that such data is commercially available, and so anyone should be able to purchase it, including government officers."
Agreed.
"... while government officials can generally purchase items available to the public without constitutional restriction, sensitive private data about cell phone users isn’t actually available to the public."
What? I may be misunderstanding, but this looks like a deliberate attempt to conflate two concerns: publicly available data for sale and sensitive private data. I don't see any argument here against the government buying publicly available data.
Just because it is for sale, doesn’t mean it’s for sale to just about anyone - a lot of the brokers that collate, match, and enrich this data choose to only sell their product to government agencies.
Because it’s “on the market” it’s deemed “public”, but that market only is open to governments.
But they are though? I agree that intrinsic privacy rights should prevent this. But the fact is this data is freely available, it's public information, the individual has released it appropriately. The problem isn't the govt using public data, the problem is that the data is public. You simply cannot have a privacy concern when you've agreed for it to not be private in the first place.
Regardless, if people cannot have privacy because companies can coerce and buy so much information about them, then that too is a violation that should be illegal. (For example because it's increasingly impractical to live without a smart phone and cell tower connections, or avoid iTags.)
The third-party doctrine is a loophole in the fourth amendment.
> The third-party doctrine is a United States legal doctrine that holds that people who voluntarily give information to third parties—such as banks, phone companies, internet service providers (ISPs), and e-mail servers—have "no reasonable expectation of privacy" in that information. A lack of privacy protection allows the United States government to obtain information from third parties without a legal warrant and without otherwise complying with the Fourth Amendment prohibition against search and seizure without probable cause and a judicial search warrant.
> The government is bound by the fourth amendment.
The fourth amendment is a restriction on the government's ability to search or seize - things that a regular private entity is not permitted to do at all, that represent an enormously abusable power. I don't see how buying public information fits into that.
> if people cannot have privacy because companies can coerce and buy so much information about them, then that too is a violation that should be illegal.
Perhaps. But looking to ban the government from buying that information on the open market is putting the cart before the horse. If the problem is our private information being sold, let's look for a fix for that that would protect us from large companies or wealthy individuals with a grudge, rather than focusing narrowly on the government.
It is not a violation of the fourth amendment to buy information you’ve granted to parties to sell. Hacking your router and gathering the information that way would be illegal, this is just buying data like a thousand other businesses do.
Right, but raising a panic by saying the government has this data or China gets this data is a distraction from the real issue, that such a vast marketplace exists openly for anyone to shop.
Its a perfect, self serving loop, if you think about it from a governance perspective.
Government takes taxes. It uses those taxes to spy on its citizens. This makes the citizens more compliant. Compliant citizens acquiesce more easily. Government therefore increases its power and does more of the same.
Greater invasive control results in more extraction from the citizens and more power to government.
From a governance perspective, this is a positive feedback loop. From a citizens perspective, it is a negative feedback loop.
Many threat intelligence companies buy that data and then resell it as a service. I'm not very clear as to how accessing that data in the first place is legal...
If I'm going from store-to-store around town, my understanding is that police are allowed to watch me and even go into the businesses and ask questions or pull security footage without a warrant. The information they gather is circumstantial and probably would not hold up in court, but they can use it as grounds to get a warrant.
Let's imagine a different case. Instead of police having to go in and ask nicely for customer logs and security footage, the owner happens to have meticulous notes that he keeps and sells to randos around town. Creepy... but it's largely the same data that they could have gotten by asking nicely enough anyway.
If there is no law against the proprietor bundling up his customer data and selling it, it doesn't seem like there is a strong legal case against police using it.
Obviously, this is a MUCH bigger problem on the internet than in real life - just in the huge difference in scale in the amount of data and the ability to parse it.