People are shocked by laws which abrogate and abuse their human rights, because people do not realize that their human rights depend on constant, vigilant awareness of what the government is doing with the super-powers granted them by the general population.
Whenever events such as this occur - and this admission from Google is but one in a long line of shit-pearls - folks get uppity about it, because fundamentally we should all be paying better attention in the first place, and nothing upsets peoples' sensibilities more to find out that their rights are being abrogated, than the understanding that, its happening because we are allowing human rights to be abrogated at massive scale as a course of state policy.
What we do to our enemies, we do to ourselves. Where once, Americans - and American culture, and American companies - were absolutely repulsed by the notion of stasi-like, draconian data-reporting policies - they are now, instead, motivated by the extreme power such activities can provide.
Sure, it sucks that the government now has a way of identifying its internal enemies - but the fact is, the corporations have had that power, every minute of the day, for decades, also.
This is a problem because the government is just the tip of the shit-iceberg, and not many of us have stomach for what it takes to fix the problem.
> people do not realize that their human rights depend on constant, vigilant awareness of what the government is doing with the super-powers granted them by the general population.
Literally every grade school history and civics class I took pounded this idea ad infinitum. I think people by-and-large just don't care because they're probably not being visibly effected even if they feel uncomfortable when it's talked about.
> > people do not realize that their human rights depend on constant, vigilant awareness of what the government is doing with the super-powers granted them by the general population.
People happily waive their rights and their privacy in exchange for “the new trendy app” or trick, “alexa order a large pizza” was life really that hard before? We turned from physically lazy to mentally lazy and AI is just accelerating the pace. People have become “comfortably numb” to the lost of privacy, I don’t know if it’s by design but surely is a nice side effect for some.
The highest, unelectable, courts allow and encourage this behavior. The police are unelected standing army that carry it out.
It's a difficult problem that maybe by the most generous interpretation can be voted out, but not really. Only way I see an end is emigration or the US not existing in anything resembling what we see today.
> People are shocked by laws which abrogate and abuse their human rights...
You'll want to avoid signing any NDAs then. They virtually all have a clause like the following which says that parties may divulge information in response to a court order.
> The Receiving Party may make disclosures required by law or court order provided the Receiving Party uses diligent reasonable efforts to limit disclosure and to obtain confidential treatment or a protective order and has allowed the Disclosing Party to participate in the proceeding.
I just picked this out of the latest NDA sitting in my email queue. This one is better than most in that it actually attempts to stand up for the rights of the party divulging secrets. Every single NDA I've ever signed had similar language.
If people don't have an uproar every time they're reminded, it normalizes and legitimizes it. The outrage forces them to operate it in the shadows.
As much as I hate it happening on any level, I feel that the forced secrecy must have some cooling effect on if not the collection, but at least the use and application of it.
It is impossible to have a critical conversation about the government and its reach into one's personal data on the Chinese internet so I don't know if the comparison is apt.
Actually, we know for a fact that the US 3-letter agencies routinely engage in illegal activities and perform illegitimate searches even on their own citizens, let alone the rest of the world. It's been 11 years since Snowden leaks, it's insane how many people seem to pretend that it never happened
Considered illegitimate by whom? Chinese citizens might find the requests from the Chinese government legitimate.
On the other hand, citizens of the EU might find requests from the US government illegitimate. US national security is far less a legitimate reason if you are not a citizen of the US.
We are talking about the US context here specifically and the legal process they have set up in place to ensure the rights of their citizens are balanced appropriately against the country’s national security concerns.
If you’re making a larger point that espionage is a thing however that’s a very different conversation and not a particularly fruitful one I don’t think.
In the same way that all people across the world are potential targets of collection from any group who has the capability to do so. At that point we are just back to the exact same set of arguments that apply to online advertising for example. There are things in there to be pissed about no doubt but it’s a lot more nuanced than that too.
The Chinese are largely brainwashed too, yes, as are most poeple that don't go out of their way to consume information that isn't approved by their respective government. Governments listening to their citizens on how to run themselves has been changed into governments getting their citizens to behave how the government wants all around the world.
It was part of their political violence filter[0], and has been fixed. I’m no fan of Google’s, but that does seem like a legitimate filter to have in place. I’d give Google the pass on this one.
So the conspiracy being alleged is that Google "censored" the autofill but not the actual search (which they admitted to) and... featured mainstream media sources (which they always do) and... somehow got all of those news agencies to purposely write stories badly, omitting details and pushing opinions (which they always do) so that Google could push the results for the real stories past the fold, where it would take the monumental effort of scrolling the mouse wheel and maybe clicking a link to find?
Great example of the RWNJ crowd where everything is a conspiracy against them all the time so that they never have to answer questions like why their family won’t talk to them anymore.
Actually, it was great example of trying to dismiss a bunch of real individual actors doing real things to label people on conspiracy theories and RWNJ as you just did.
Many people hate Trump. Many of them said they wish he was killed. Many still wish he will get jailed or will get killed. Is it really shocking that those people act in a way that hides or belittles the assassination attempt? Is it really shocking that when added together, it can seem like a conspiracy, because it really seems that coordinated? The people that are so deeply infected with TDS have one mission in mind, without even talking to each other.
Granted, at the same time, I'm guessing your going to tell me there aren't any conspiracies ro murder Trump, and that this assassination attempt is no way connected to one?
Why are you shocked to find out people are oblivious to the implications of giving US megacorporations their data when those people willingly continue to give those corporations even more and more of their data?
"Give" is a strong word for a company whose main product is surveilling their customers to show them ads. I'm not sure how much you can avoid "giving" Google your personal information at this point without deep knowledge of the various ways they attempt to track you (and you'll probably still fail to avoid them).
Breaking the law can also make you a lot of money. OP probably refers to "the cost of doing business", with the implication that sometimes breaking the law and paying all the associated costs (compliance officers, lawyers, lawsuits, and fines) still amounts to less than the profit made from breaking that law.
I find it very hard to assume good faith behind the question. GDPR certainly made things better but it's by no means a cure all because enforcement is slow and relatively weak. You can take https://noyb.eu as a very good resource for this.
Some excerpts:
> Microsoft's Xandr grants GDPR rights at a rate of 0%
> Norwegian court confirms € 5.7 million fine for Grindr
> Meta ignores the users’ right to easily withdraw consent
> Streaming service DAZN took almost five years to answer a simple access request
> First major fine (€ 1 million) for using Google Analytics
> Spotify fined € 5 Million for GDPR violation
> € 1.2 billion fine against Meta over EU-US data transfers
There seems to be a weird quasi-anarchist/libertarian streak in tech and SV culture that expects tech companies to be somehow anti-statist and willing to defy the government on principles these companies simply do not have. Maybe it's because for capitalist reasons these companies skirt regulations when they can get away with it? Maybe because they use F/OSS software, and people assume that means they embrace the culture? I don't know why. A lot of people still seem to think Google's "don't be evil" means they're eternally and existentially committed to some standard of moral and ethical purity that even most radical idealists don't meet, or that any tech company having any communication with the government is implicitly nefarious.
Even 4chan complies with law enforcement when they have a valid warrant. No one is going to take a bullet for you or your data.
That's the real rub though. There is a ton of information that, in isolation, isn't confidential but when combined really should be considered confidential based on how clear of a picture it can paint about a person's life.
Knowing an anonymous device ID went to CVS yesterday isn't that dangerous. Knowing everywhere that device has been tells you exactly who the person is, how they spend their time, what businesses they patronize, who their friends are, etc.
You should The Circle and The Every by Dave Eggers. They present a future where it is expected that everyone share everything publicly. It seems shockingly plausible in some ways.
I think the comment they're responding to might clarify the point they're trying to make. Not capturing, storing, and retaining information tends to go directly against their stated mission.
That's not a realistic option. Google is legally obligated in many, many different areas of its business to capture/store/retain confidential information.
If you want to keep your data private from the USG, you have to custody it yourself. This is well-established legal doctrine that should surprise no one at this point. https://en.wikipedia.org/wiki/Third-party_doctrine
I would hope that sometime in the past ~20 yrs Google would have lobbied for those laws to change.
"Cloud" storage should be treated the same as local storage in law.
The legal system should need to present you with a search warrant to inspect your cloud data, in the same way they need to give you a Search warrant to go through your local data.
I would like that, too. But they haven't, and these statements remain aspirational. We don't do ourselves any favors if we deny the reality of law in favor of the way we would like things to be.
Not really. Apple has recently implemented comprehensive encryption measures. They themselves cannot access your data, so there is nothing for them to disclose. It's hard to understand why anyone would choose anything other than Apple these days tbh.
You probably don't need to compel them. PRISM have shown it's easy to setup a program where they are forced to just share everything through a back door to the gov and not tell anyone.
They are willing to give you the only key, provided you release them from obligation to help you get your own information back if you lose your key.
For most people's threat model, this is not necessary, as even in the case of the San Bernardino terrorist iPhone, Apple doesn't tend to defeat their own security measures on demand. But following that situation and others, Apple added additional measures making it even more difficult for themselves.
See this support article:
"Advanced Data Protection for iCloud is an optional setting that offers our highest level of cloud data security. If you choose to enable Advanced Data Protection, your trusted devices will retain sole access to the encryption keys for the majority of your iCloud data, thereby protecting it using end-to-end encryption. Additional data protected includes iCloud Backup, Photos, Notes and more."
Are you sure? Do you have the skills and equipment necessary to verify that apple's software and hardware work as they claim. A safer bet would be to assume that apple's government spy device is just as good at spying as google's government spy device.
I mean or you could just look at cases where the encryption has been tested in court by law enforcement. Unless they're sending your phone to Israel at great expense they're not getting in if you have anything but the simplest passwords.
It's not like phone and iCloud data hasn't been subpoenaed before.
The government will read it only when it really wants to. The hospital shooter and the trump shooter were not worthwhile revealing that they can access all the data.
You misunderstand me. They are reading it. They won't tell people they they're reading it without a good reason. They want people to keep sending data.
If the US government wants your data badly enough they can compel apple to push and update to work around all of these measures. As long as you don't own your device no amount of encryption matters.
> It's hard to understand why anyone would choose anything other than Apple these days tbh.
You could just not put your data into the hands of one of these companies.
I think they're arguing that encryption done by someone else on your behalf is not actually in your control. And if the people who do control it are beholden to the government requests, then they are not a safe option either.
I'm not deeply familiar with Apple's encryption systems, but from the other commenters here, it appears that Apple holds the keys and also controls the source code and distribution to the device. It sounds like it might be trivial for them to invalidate their own security.
They're also apparently incapable of breaking it in that specific way on newer phones. (force update that allows unlimited PIN unlock attempts, only possible on the 5c and below)
I don’t know if maybe you missed what I said but the point I was making was that you can’t actually get the full picture of the situation from Apple’s information alone so I don’t know how sending me a link to a PDF that their marketing made is going to help no matter how many pages it is.
Here is a document with other third party certifications of the validity of the original document.
The full picture is quite complicated but a curious person has access to more than enough data to either make an informed decision or decide to trust no one.
"When we receive a request from a government agency that is legally valid and binding and requires us to produce documents without redacting confidential customer information, Google may produce documents that contain confidential information pursuant to the terms of your agreement(s) with Google."
But when Google is asked to prouduce its _own_ information as part of antitrust litigation they destroy it and get threatened with sanctions.
Not sure why businesses would continue to choose "cloud" computing when it means a so-called "tech" company is now in control of the businesses' confidential information. Perhaps the costs to these businesses of using their own computers instead of Google's is greater than the costs of their confidential information being disclosed to the government without their prior consent.
As I understand things, US law lets US spy agencies get secret warrants, requiring Google and AWS to give them access to everything while keeping the existence of such access secret.
EU law, meanwhile, prohibits such access, under the GDPR.
There is an obvious conflict here, when a US cloud provider operates an EU data centre.
Luckily, cloud providers have never received a secret warrant they can't reveal the existence of wink and spy agencies would never operate outside the law wink so the apparent conflict has never arisen in reality wink
Yes, all data stored in data centers administered by US companies like Apple/Google/Amazon/Microsoft should be considered available to the US Government and US competitors. There are known examples of the US government doing industrial espionage for US businesses in the past.
This is an extremely uncomfortable truth that European businesses really don't want to acknowledge and just keep pretending it's not true, not a big deal, and even if it was there is nothing they can do about it.
Instead they focus on complying with endless security check lists with unlikely scenarios while ignoring the elephant in the room.
> This is an extremely uncomfortable truth that European businesses really don't want to acknowledge and just keep pretending it's not true, not a big deal, and even if it was there is nothing they can do about it.
Doesn't seem true. We have to use local hosting. Hetzner, OVH or a local DC are popular options. Using US services for sensitive data is just not legal.
With the Cold War ended, officials of the CIA and other U.S. intelligence agencies have acknowledged that they are redirecting efforts away from traditional spying toward gathering information aimed at ensuring that the United States remains economically and technologically competitive.
and Operation Eikonal hoovered up more than it should have:
After the revelations made by whistleblower Edward Snowden the BND decided to investigate the issue; their October 2013 conclusion was that at least 2,000 of these selectors were aimed at Western European or even German interests
That's less direct than "ECHELON was used for industrial espionage", which is the specific question being asked. Everyone should be aware of Five (and 18) Eyes, but the TLAs having personal information about individuals is different from them passing Boeing data from Siemen's private business documents.
I think that so much data is currently shared with third parties that warrants are obsolete. One can build a data heavy case long before needing a court issued warrant.
> There is an obvious conflict here, when a US cloud provider operates an EU data centre.
American agencies don't need a secret warrant. The CLOUD ACT already resolved this particular predicament for the government just as Microsoft appealed its 2018 case to the Supreme Court.
Secret warrants only in the context of counterintelligence and counterespionage investigations that target foreigners.
Which in that particular context I don’t know what else would possibly be considered a reasonable alternative.
The vast majority of countries don’t have to go in front of a court at all to do this exact same thing they just go ahead and do it. I know people here tend to get super pissed about the boogeyman that is FISA but if you had a more transparent example to point to I would love to see it. I think people get really caught up on the fact that they personally don’t have access to that information and then make a large magical leap to all kinds of conclusions that aren’t based in reality at all.
If that system was being abused to go after illegitimate targets for example then sure, that’s something to be pissed about but I don’t think we have any compelling evidence of that at this stage.
I just find the entire public debate on this topic incredibly lacking in nuance but never lacking in conviction.
> Secret warrants only in the context of counterintelligence and counterespionage investigations that target foreigners
That sounds like a limited context - but the courts were happy to give spy agencies a warrant covering records of every phone call made in America [1]
So it turns out the warrants don't have to describe the place or person to be searched, and don't have to be limited to foreigners. And that wasn't a one-off error or individual mistaken judge - it was reauthorized 34 times under 14 different judges.
Granted some of the rules were changed after that specific surveillance was revealed - but the "fixes" ignored the fundamental problem that secret courts aren't effective at preventing spy agency overreach.
> Luckily, cloud providers have never received a secret warrant they can't reveal the existence of wink and spy agencies would never operate outside the law wink so the apparent conflict has never arisen in reality wink
European states are fully aware of that problem, hence why eg companies storing medical data must do so with servers located in Europe and owned by European companies.
There's the question of whether it's safe to use servers provided by a european subsidiary of an american company and if the company would bypass their european employees or order them to break the law, but it's not a question that stakeholders are pretending doesn't exist.
How many people are currently sitting in prison as a result of evidence provided to the prosecution by “big tech?” Or at least what are the stats on the frequency that such data is used by law enforcement or prosecutors in their proceedings against an individual?
I’d argue that “police work” is the most impactful aspect of Google’s value proposition as unlike with the historical investigations, near zero resources are required to compile a detailed historical profile on anyone. Just download the file and charge with everything that even remotely has a chance of sticking knowing that the accused will plea bargain to avoid a potentially lifelong prison sentence.
