The fact that a 100% of the think-tanks taking corporate funding (from the likes of Microsoft, Amazon, Twitter, Facebook, Google, Airbnb, Uber, Verizon, eBay) are trying to undermine excellent privacy laws passed by California [0] and Illinois state assemblies should come as a surprise to no one.
The problem is these think-tanks or variants thereof might end up representing the tech industry in most places where it matters anyway, just like how most of the standard bodies have been taken over by them and now slowly approve of features that further their business motives (I am looking at you ITU).
Two ways (there must be more?) I can think of to fix the behaviour of these behemoths:
1. External: Internet Activism. This has been well underway for a long time now but the corporates are patient beasts. The problem always remains gathering enough support [1] and generally the short attention span of the larger populace.
2. Internal: The employees. Be critical, put yourselves in akward situations, start demanding answers [2]. The problem might be risking job security? That could be offset by forming a large enough group?
Is there any law/legal mechanism which could put automatic expiration on new laws? Is there anything I could suggest to my lawmakers for this to happen?
I mean, we seem to be following a pattern:
Big power wants something that directly and negatively impact the quality of life of the majority of the populace.
Populace rises up against this.
Big power 'loses'.
Big power makes the push again next year. People rise up, but a little less.
Big power 'loses'.
Repeat until popular power is worn out and big power gets what they want.
Once passed, popular outrage won't remove it, it's way harder to get support for repealing than for approving.
So...
I'd like to support something that changes that system from working that way.
I'd think an expiration date would due... but I'm open to supporting anything that would break this pattern.
> Is there any law/legal mechanism which could put automatic expiration on new laws?
It can be (and has been for some laws) done. In the past, it's been done by including "sunset provisions" in the law itself, where the law must be periodically confirmed by a new vote or it automatically ceases to have force of law.
It would also be legally possible to create a law that places sunset provisions on all subsequent laws. I have been in favor of this approach for a very long time. Practically, it's not going to happen, though.
It's like when you suggest that maybe getting rid of lobbying is a solution to political corruption.
Practically it might not happen, but if enough people move in the direction of supporting something like this, the pressure will build. Just as it was not practical to make marijuana legal in the 60s.
Remember that the people in power are mostly old dinosaurs who will die soon (they are old already)
They will be replaced and the vision of those replacing them will shape the future.
I have had similar ideas and would love to propose something even more radical. Treat laws like theories and model the expected/desired effects that a law should have at certain time points/intervals. If the observed outcomes diverge too much from the intended outcomes there would need to be an automatic review of that legislation.
There are obviously huge challenges associated with this as we are living in a dynamic world but I would love to see a push towards more evidence based politics and more rational discussions around the often implicit assumptions underlying specific legislation.
INAL and maybe there is something like this going on internally in politics but I think there is more to be done in making this accessible to the public and giving it more room in political discussions.
the slow pace of how this all plays out is even worse. it's designed to be invisible to the naked eye. nation states have all the time.
I can't recommend Jacques Ellul and his "The Technological Society" any higher. He traces it back to the early stages of the industrial revolution. Also his "Propaganda, The formation of Mans attitudes"[2] is unfortunately not wide enough known in the English speaking world.
Law makers do this all the time, they're called sunset clauses. If you're saying it should be automatically applied to all laws, well the idea of automatic anything sounds nice if it actually works as intended, the problem is it so often ends up not working as intended.
The problem with your cited pattern isn't the duration of laws. It's the founding principle of the "big power" to only serve its own interests. With that founding principle, it can only ever require constant vigilance to push back. One possible alternative founding principle is the "benefit corporation" that requires by company charter, to have social benefit in addition to seeking profit.
This can be done voluntarily in the bill at the time it's written. If you want to make it compulsory, it'd need to be a city charter amendment, a state constitutional amendment, or a federal constitutional amendment. Doing something like this doesn't just magically happen. It's in fact a kind of law that would be much harder to pass than it just being what it is, which is sometimes used and sometimes not used, on a case by case basis.
Sure. I’m not asking for magical intervention here :)
It’s a thought experiment to see how our lawmaking might change under such a regime. California’s constitution can be amended by ballot propositions, and it's not too crazy to think that such a prop might pass.
I can see a scenario where a city, state, or other political division sees volatility on the horizon, and enacts just a change as a kind of defense against future laws being ossified
Democratically speaking, the only reason Big Power wins is due to the fact that it's incredibly inefficient to stand behind interests of many parties investing small amounts against single players investing huge amounts.
Would love to see more of those, especially in the EU, and the way they have them in the US. I'd love a privacy focused action group, but I don't want to buy a host of unrelated political issues with that. The EFF and similar organisations do a pretty good job at that, would love if we had more groups like that over here.
I love the idea, especially as a way of un-bundling beliefs so we're not all beholden to one of two massive and far reaching belief systems.
That said, I worry that it's too easy for small advocacy groups to get steamrolled by bigger interests if they prove to be a problem. Even if they're popular with the public, it just takes a payment to a PR firm of your choice to roll a story that they're selling dead babies and suddenly everyone is confused.
True, but EFF and others managed to get past that as well, I think mostly by not overreaching, always being fact-based and consistency. It would certainly take quite a while to gain enough trust and support if you're not ideologically aligned.
I worry that it's just hard to do. It takes a special kind of person (and lots of them) to keep general politics out, even more so when you're successful and advocating your personal politics would be easy and effectful. Oh, and being vigilant so you don't get co-opted by a political movement.
So... I'm a worried netizen. I have concerns about data monopolies, privacy, surveillance, the ad-tech industry, cambridge analyticas... which puts me in the hn majority, I guess.
That said, what specifically are we aiming for. Privacy laws? Is there a bullet point of what these laws prohibit/require? Enforcement mechanisms? Standards? Protocols?
"Pro-privacy" isn't really enough, for a political program.
It would be great if one of these think tanks could put forward a specific agenda, preferably one that a large portion of us can support. What is it we want achieved?
I think the best approach to informational self-determination is to define that any information concerning you as a person belongs to yourself. Any diversion needs active consent. This is what this think tank (a name for every sweaty office) allegedly wants to get rid off.
I doubt this clear definition is impractical or utopian and could very well be implemented, so I doubt effective privacy legislation needs to be extensive. People consent to share information all the time. That would of course cost an industry that has stakes in information about you, even if that is not their primary business.
Furthermore it is worth to think about if there is any information about you which you are not eligible to share.
It is not trivial to determine if information is personal. Perhaps there should be a formal process to determine that.
> any information concerning you as a person belongs to yourself. Any diversion needs active consent
But in the US that isn't true even outside of the internet. If you walk outside of your home/land, I can legally photograph and record video of you. I can write down what you're wearing, make assumptions about your income based on your address, record you gender/age/etc. All of that is 100% legal - you willingly give up information about yourself when you go to public places.
You could argue the internet is not a public space but that counters most pro-privacy people's opinions on free speech/etc online.
Exactly. What if I remember seeing you somewhere? Do I need to forget that information if you ask me to, because it's information about you and you own it?
> you willingly give up information about yourself when you go to public places.
No, I really don't. I just can't do anything about it. I would agree with some form of this "implied consent" argument if going outside were an optional activity, but it's not.
I'm not willingly giving up any information by being in a public space, because I don't have any choice about being in public spaces. Any information people gain about me is being taken, not given freely.
> I don't think going online is an optional activity either.
I think that can be debated, but let's say you're right: that just reinforces my point.
My essential point is that the "public space" argument isn't terribly meaningful. Actual consent can only be given in the absence of coercion. If being surveilled is a requirement in order to simply function as a human being, then consent doesn't enter into it.
And, in my view, all of the arguments about privacy and spying hinge on the issue of consent. If data is being gathered about me without my consent, then I'm being spied on.
I very strongly disagree. There is a ton of data that wouldn't exist without the products you use. At best, it would be jointly owned because it is jointly created, but just as you are deserving of privacy, so too are companies with respect to their code and technology.
Do you "own" server logs simply because they reference your user id or an action you performed? Do you own the model architecture of machine learning models that may have incorporated your data?
The idea that you should own any information relating to you is entirely impractical, and completely disregards any notion of intellectual property too. There needs to be some protections for users with respect to privacy, absolutely, but it cannot be anywhere close to that one sided.
In particular, if you as a user want to use a service, you must agree that some data derived or about you is going to be kept private, because it is combined with IP of the company providing the service to you. It's reasonable to limit what companies providing services can do with such data, but at a minimum "providing the service to you" must be protected.
I think the biggest problem here is that nobody can agree on the sort of information that they want to protect. Obviously everyone is fine with these organizations collecting their forum posts (this is the whole point). Likewise, few want these organizations collecting unauthorized photos by way of laptop cameras. There seems to be some legitimate disagreement on whether organizations should be allowed to collect e.g. your browsing history.
- US equivalent of GDPR: A law that would guarantee us the right to control data about us, be informed of data collected on us, and request a copy or delete that data. The critical impact here is to protect our privacy with regards to corporations.
- A generally-defined right to privacy: The EU enshrines privacy as a fundamental human right, the US equivalent would be for us to define a general right to privacy as an amendment to the Constitution. Much like the original Bill of Rights, I would like a right to privacy which is more solidified than the implied one built on other existing rights, but open to interpretation enough to allow for it to adapt to changing situations in the future. The core concept here is to protect our privacy with regards to the government.
Parts of the gdpr are good. Imo, these are mostly the data security elements (leak reporting to users and legal barriers data selling).
The consent/privacy elements are near useless, imo. In practice, they amount to a "we value your privacy" notice. I don't think individually "negotiated" consent for users visiting a website or downloading an app is useful or privacy promoting. It just amounts to "tick this box to use this app," most of the time. Other times, there is a UI actively directing the large majority of people away from the rational choice.
I disagree wholeheartedly. In many cases the "tick this box to use this app" is not GDPR compliant, and once more enforcement is done, you'll see this pattern diminish or go away. Businesses will eventually transition away from surveillance capitalism, as it becomes increasingly less profitable and it's visibility makes products using it increasingly less appealing to consumers.
Furthermore, GDPR is already in effect in the EU, and multinational companies already have to follow it. There's no reason for us to fail to implement all of GDPR, since so many already have to implement all of it anyways.
I can't wait for the CA law to come into effect. "The law, set to take effect next year, gives California residents the power to view the types of data companies collect from them, request that the data be deleted, and allows residents to declare that their data not be sold to third parties."
Does anyone know if the law includes the ability to demand that data third parties have collected be deleted as well? Will I be able to tell what third parties already have my data from the source of collection?
At this point the statement and other gestures that a company "value's your privacy" is just a default poster someone puts up, while they do other things.
I'm working on a side project and the setup is basically that you get to see all the data I have on you. Granted this is a tiny project that is largely just for me, but as a policy that seems like that is the most clear cut way to go.
Yeah kind of cool. I believe tools like that came from either mass opt-out tools by the Network Advertising Initiative or the Digital Advertising Alliance.
They accomplish what they intend to do, its just that most users want them to do more.
If you use that tool on all of your devices (and don't clear your cookies/etc) you will be opted out of those vendors tracking. But that doesn't accomplish since that type of targeting only makes up maybe 15% of targeted advertising. All that tool does is get you shittier ads. (Oracle's just shows you what data they know about you, it doesn't actually delete or opt you out).
> They accomplish what they intend to do, its just that most users want them to do more.
That hasn't been my experience. When I've used the tools, the opt-outs have failed for the majority of the companies in the list (as reported by the site itself).
That said, as you point out, they're pointless even if they worked correctly as you still have to engage in all the blocking that you usually do regardless.
> (Oracle's just shows you what data they know about you, it doesn't actually delete or opt you out).
Ah, so Oracle's offering is worse -- worthless by design rather than implementation.
It is so sad to see the bad actors in the tech industry pushing so hard to advance policies that are harmful to society at large and people individually.
It is even more sad that I'm not the least bit surprised by this.
I wish I could say I was surprised by this... but I am not.
What I am really curious about, are any of these companies linked to Apple?
Considering the very public stance they have been recently taking. The article does not specifically mention them either way (and they are the only of the big ones missing).
Not sure about Apple but I like that all the companies linked are all supporters of NN. Almost as if a public face, NN, and a private face, think tanks to overturn privacy laws.
I wouldn't necessarily tie net neutrality and this together, since NN supports them as much as us.
Considering it most likely would be them footing the bill (or loosing traffic) without NN
>I wouldn't necessarily tie net neutrality and this together, since NN supports them as much as us.
How we know? Because they told us that? They would be funding thinktanks to pass NN if they had to. The truth about NN is only ONCE was a carrier ever really found to be selectively throttling for non-congestion reasons in the mid-2000s and the FCC shut that down immediately. NN still allows for throttling if you claim it's for congestion.
YET... SV likes to promote the idea of a slow internet without regulation.
Just because you agree with the idea doesn't mean you shouldn't pay attention to the propaganda.
Are public companies required to show which organizations / think tanks they are a part of and what role they play therein as part of their periodic financial updates (quarterly or annual)?
The thing with money and speech in politics is that speech must be loud enough in order to be an effective agent for change whereas the effectiveness of money is considerably more independent that. By loud, I mean a quality more like the amount public awareness and genuine understanding a given issue has.
Is there any possibility to recoup losses incurred while accessing siloed and hostile websites trying to pull my private information? I'm using some privacy enhancements in browser, and major websites don't work properly because of them. Is it possible to win a claim for incurred losses at least in time, if not in data leaks?
yet, courageous and far-sighted individuals working towards federated and private data models pre-FB, struggled to find any funding, and were vocally criticized for "asking for money" or "trying to charge money" by intellectuals .. idcommons dot org
TL;DR: the key is to insulate lawmakers from concentrations of wealth.
A law that prevents corporations from spending resources on politics would do this. Or low contribution limits could work, to limit billionaire influence.
A lot of comments in this and other privacy threads correctly worry about the combination of "diffuse costs, concentrated benefits" and the electorate's short attention vs sustained private lobbying. My feeling is those effects cannot be overcome once in effect, so we have to roll back to prevent the effects in the first place.
Sounds politically unlikely, but stranger things have happened in American politics.
True, but we all know the people are so self-enlightened to not stick their neck out.
I've been wondering lately if the solution to politics (at least at the state and federal level) would be to have a two level representative democracy. Meaning instead of one person getting the vote for 700K people and being very bribe-able (1 of 435), you have one person actually at the legislature but they have a different role. They must negotiate based on another set of real representatives. They must collect facts and evaluate laws for this other set. These 14 (e.g.) people would be responsible for a much smaller number of people (50K) and have a much smaller geographical region. These 14 would be the ones who actually vote for/against the laws and the top level must cast their vote in their stead. The top level could also be elected and serve at the discretion of this set of 14. Each representative has a smaller sphere of influence and concern. Bribing (lobbying) becomes much harder since it goes up by a factor of 7 (or more). Gerrymandering becomes much much harder because of all the little sub-districts that would be created. It also helps give a truer voice of the people unlike certain states/districts where you may be blue in a sea of red or vice-versa. Of course, the powers that be would never let this happen but I think it is at least an interesting thought experiment.
The problem is these think-tanks or variants thereof might end up representing the tech industry in most places where it matters anyway, just like how most of the standard bodies have been taken over by them and now slowly approve of features that further their business motives (I am looking at you ITU).
Two ways (there must be more?) I can think of to fix the behaviour of these behemoths:
1. External: Internet Activism. This has been well underway for a long time now but the corporates are patient beasts. The problem always remains gathering enough support [1] and generally the short attention span of the larger populace.
2. Internal: The employees. Be critical, put yourselves in akward situations, start demanding answers [2]. The problem might be risking job security? That could be offset by forming a large enough group?
--
[0] https://news.ycombinator.com/item?id=17420849
[1] Btw, the signees of this letter care about your privacy: https://www.eff.org/document/december-2018-preemption-letter
[2] https://demandprogress.org
/offtopic https://firstlook.media is doing a great job. Almost all their articles are of high quality.