I do agree that the EU has less of an entrepreneurial spirit. Some cultural elements, but also practical: It is difficult to scale an app, since there are such large language and culture barriers between EU member states. There is a decades long brain-drain of highly technical (AI) people. Finally, it is very hard to compete with US companies, as they skirt the rules, winning all network effects with huge VC infusions.
I always suspected some of that was accomplished with military and intelligence support: The American economy and intelligence apparatus stands to benefit a lot with the entire world using Google and Facebook. The other side of this coin is that the pro-privacy anti-surveillance movement may also be supported by foreign intelligence agencies in an attempt to hurt US economic and military interests. https://en.wikipedia.org/wiki/Lernout_%26_Hauspie#History was close to establishing an AI-type Silicon Valley in Belgium in the early 2000's, but was unsuccessful.
If you log for security purposes that is a "legitimate interest" which would allow you to keep doing that, provided:
- You make a note that this data is being logged.
- You state for how long this is logged (6 months is reasonable), and justify that time frame.
- You state who else has access to these logs.
- You state what steps you have taken to try to minimize unauthorized access to these logs.
- In a register (these statements should be delivered on request of a law supervisor) you also provide your personal details, which users are affected by this data processing, and your goal (which should be something along the lines of: "fraud prevention and intrusion mitigation" to have legitimate interest. Expect big companies with law firms to push this "security interest"-angle hard, as they try to justify their data processing).
Pretty reasonable, no? It would be nice if the large web logging softwares provide standard options to automatically limit disclosure of PII web logs.
You already described far more work than I'm willing to do for the small web site I happen to host. If there's a simple geoblocking switch I'd much rather flip the switch and block Europe than continuously worry that I didn't dot every 'i' and cross every 't' to make some obscure European regulator happy.
> It's a foreign requirement that feels like a violation of sovereignty.
Sure, if you cater to users in your own country. If you cater (read: deal with data) to users from the EU, you should follow local consumer protection laws.
EU laws have always been more strict than US privacy laws: This caused unfair competition, where US companies were free to export their privacy-damaging business model overseas, while local companies were forced to respect privacy. Respecting privacy is just not very competitive/profitable at the moment.
Your viewpoint pushed to the extreme (sorry if you don't recognize your original view): China selling counterfeit goods or unsafe toys to the US, and feeling like any push-back is messing with their sovereignty of lax copyright -, trademark -, and health laws.
>Sure, if you cater to users in your own country. If you cater (read: deal with data) to users from the EU, you should follow local consumer protection laws.
If I have a brick and mortar business in the US and some one from the EU decides to do business, do I have to follow EU consumer protection laws? Unless I have an physical presence in the EU why should I have to follow their regulations?
Further, why cannot the EU just allow its citizens just do business with other extra-national companies if they choose to? Meaning, if an EU citizen chooses to do business with a non-GDPR compliant website, why does the EU care?
>EU laws have always been more strict than US privacy laws: This caused unfair competition, where US companies were free to export their privacy-damaging business model overseas, while local companies were forced to respect privacy. Respecting privacy is just not very competitive/profitable at the moment.
So what? If the EU wants to stifle competition, why should the US care. They are only hurting themselves.
> If I have a brick and mortar business in the US and some one from the EU decides to do business, do I have to follow EU consumer protection laws? Unless I have an physical presence in the EU why should I have to follow their regulations?
You don't.
If they're not In The Union, and you're not In The Union, then you're not required to comply with the GDPR.
> Further, why cannot the EU just allow its citizens just do business with other extra-national companies if they choose to? Meaning, if an EU citizen chooses to do business with a non-GDPR compliant website, why does the EU care?
It's impossible to give consent for something if you don't fully understand the ramifications of what you're consenting to[1].
What does it mean for a website to "cater" to just my home country? The internet doesn't know political boundaries and most sites cater to all visitors on some marginal level.
Even my simple blog with no ads has google analytics on it. I don't feel like I was doing anything wrong or abusive, but I guess there's a case to be made.
I assure you I have been against the DMCA since before it passed, though I don't think it's quite the same nor do two wrongs make a right.
DMCA is only one example. In the financial world, the extra-territoriality of US laws is widespread, such that for example even securities sold outside of the US, to non US customers, by non-US institutions, issued by non-US entities have long US laws compliance sections in their documentation. Non US banks outside of the US are reluctant to take US clients because of these laws (not dissimilar to the discussion on blocking EU IPs here).
I even read somewhere a while ago that the US claims jurisdiction on any financial transaction in the world as long as it's done using USD... Talk about overreach.
IP addresses are not PII unless you also have timestamps and a legal avenue for querying the ISP records to see which account and thus person was behind the IP address at that time.
As a small blog, no ISP is going to give you the time of day, so it's not PII because you have no avenue for converting it to a person. If you transmit that data (say to google analytics) it might /become/ PII because google (or any other person you transmit it to) may combine it with other data they have access to, to turn it into PII.
The reasons large organizations are fretting about IP addresses are thus:
a) They have IP/timestamp records going back years, maybe decades
b) They may have ISPs willing to talk to them about who had the IP address at a specific time
c) They can't confidently allow that data to pass to partners in case their partners have access to ISP records
d) That data is a ticking timebomb, because even if they don't have an agreement with an ISP now, if an ISP offers that service for free to all takers in the future, their trove of IP/timestamp pairs could suddenly become PII overnight through no action from them
So yeah, for businesses operating at a certain scale, IP/timestamp combos are now a toxic asset. That doesn't mean your log files for your blog are suddenly a GDPR violation, unless you share them with people or have an inside track with a local ISP.
> Tell that to this US law the whole world has to comply to called DMCA.
If a site has no US presence and blocks all users in the US, what negative repercussion can violating the DMCA incur? Maybe their domain can be siezed, but that can be avoided by not having a domain hosted in the US. The US could block all traffic to the site, but that should be moot if the site has no US users.
With the DMCA, if a US judge determines that a foreign company has broken the law, and someone associated with the company ever visits the US, that person is at a high risk of being orange-jump-suited in a barbaric punishment system.
This is outside the scope of my previous comment. If someone visits the US then they have a physical presence in the US.
I'm still failing to see how the original claim, that everyone has to abide by the DMCA, is true. This seems like claiming that everyone has to abide by Thailand's Lese Majeste laws (laws criminalizing insults to the monarchy). Yes people may face repercussion if they have an economic or physical presence in the country. But if they don't, then theres nothing Thailand can do to enforce this law .*
* not without cooperation with other countries at least. Some nearby countries are known to enforce Thailand's Lese Majeste laws abroad and extradite people. But in most countries, this isn't the case.
The "Pirate Bay guys" were persecuted in Sweden, nothing I can find on the coverage of their arrests and trials mention American copyright law. Extradition treaties are voluntarily made by the countries that establish them.
Again, if a country doesn't want to abide by the DMCA then they don't have to. Extradition treaties and the Pirate Bay do not disprove this claim.
The internet doesn't know, but e-commerce/data business pretty darn well knows where their customers/users are situated.
The old web was mostly static websites. We spoke of visitors. The new web is app-ified/interactive, walled off to logged-in agreement-abiding geolocated users, and even a single logged-out "visit" broadcasts this to 100s of trackers who will remember your every move online.
If you aren't collecting and storing PII, you have nothing to fear from the GDPR. Even if you are, you're fine as long as you only collect what you legitimately need to offer your services.
IANAL, but if your company is a targeted marketing company (think Groupon) and users sign up explicitly to get sent offers, then you're probably in the clear. If your company offers some other service, but you also want to sell your users' data for targeted marketing, the GDPR requires you ask for and get real consent.
I find it odd that people take issue with regulation, perhaps its been ingrained into the cultural consciousness of the west that regulation is always bad, but historical analysis shows that regulation has always had an overwhelmingly net positive effect for the members of a given society. You can link the stage of a country's development to how effective their government is in protecting it's constituents.
I am European browsing from a non-EU IP. Seems to me a blanket ban on EU IPs is both draconic and ineffective.
As for SV seeing GDPR as more of a hindrance: SV was build on the freemium model of gathering as much data as possible. Companies were funded under the assumption that their user growth would lead to valuable data stores.
GDPR and an increased privacy aware public are existential threats to these companies, as there is little chance to pivot to a non-data-use company. You have to start over.
I hope we will look back at these companies as ugly centralizing dinosaurs, as little by little, the consumers realize the power they gained back (or always had) over their usage and data, does not justify these business models to exist.
(Also, GDPR, even when seen as an opportunity, _is_ a hindrance to implement. Regulation in response to market evils is known to be heavy-handed and clumsy).
But they still process European user data if they do not block my IP. So they are not complying at all with GDPR's main requirement, just a poorly singled-out subclause.
Do EU laws protect you in China? I feel, partially, that going through a proxy means you are more under the discretion of the laws of the country with which the last proxy is operating under. Do you disagree? It's all very confusing
you're saying that blocking eu ip is insufficient. so you can, at leisure, forcibly subject anyone to attack by gdpr, against their will, by circumventing their access controls.
the only way for all businesses around the world to avoid abuse and subjugation to eu regulators, who they cannot influence, is to not exist at all?
No, the blame would be on you then and you would be held responsible for whatever legal action is necessary, not the company trying to block Europeans users like you. Benefit of the doubt is for the company because of their best effort European citizen blocking.
I believe this is what Antonov meant when he said: "A pre-designed scenario is being implemented, Again, we are being threatened. We warned that such actions will not be left without consequences." in response to the latest Syria strike.
WWIII may not be nukes, but complete economic chaos after banks, hospitals, militaries, and electricity networks are taken down.
Even worse than having your peers crap on you, is the author stating that you wish these crappy remarks don't define your profile (like they did previous profiles), and then having exactly that happen.
This will now probably forever be his angle in the popular media: Godfather of AI, mistaken, scoffed at by his peers. Not necessarily wrong, but not flattering either.
I can relate to the gut-wrenching feeling of seeing your ideas being bandied around as original, without any attribution. Of course someone in the field of reinforcement learning is obsessed with the credit assignment problem, no matter the time passed. How can AI researchers hope to solve this pressing problem, when they can't even assign credit to the originators of their ideas?
I wonder if this harsh piece would have been written the way it was, if the author realized that Schmidhuber may be on the spectrum, and that his erratic and obsessive behavior is an ailment, not a deliberate choice.
In the future, Schmidhuber will be mentioned in the same breath as Turing. Of his peers wishing he'd shut up, I don't have the same expectation.
It is just not a good idea to authenticate yourself as a Googler in these sorts of discussions. If there is doubt in the media about a tech from Google, Google's PR department is more than capable to handle that in due time.
I think part of this guideline applies, and following it should avoid disclosure, embarrassment, or being forced to speak on the defensive of an entire company (not a job that most developers are automatically good at).
> You probably know that our policy is to be extremely careful about disclosing confidential proprietary information. Consistent with that, you should also ensure your outside communications (including online and social media posts) do not disclose confidential proprietary information or represent (or otherwise give the impression) that you are speaking on behalf of Google unless you’re authorized to do so by the company. The same applies to communications with the press. Finally, check with your manager and Corporate Communications before accepting any public speaking engagement on behalf of the company. In general, before making any external communication or disclosure, you should consult our Employee Communications Policy and our Communications and Disclosure Policy.
While a compiler may block you from writing faulty code, the media will just take your faults, and then present them as truths coming from upper management.
He broke no policy here. He made the claim that it was real (the same as Google's public stance as evidenced by Pichai's statements at Google IO) and that he's seen the code (if you've seen enough publicly available Google talks you'd know all code is public for whoever wants to view it internally).
I'm not saying he broke any policy. People will simply misrepresent - or take advantage of - his just well-intended representation.
Just take out of context or read the following with a different job role and see why these guidelines make sense:
> we are Google ... These kind of systems need 99% precision ... I feel it was full of tiny imperfections ... Internally, the criticism is brutal ... It seems that I am "attacked" primarily by fellow googlers ... There are a dozen variations of this question already for TGIF ... the team wanted to fake a demo, they could had done that years ago ... a team at Google could fake something at this scale and have the face of the company back it at our most high-profile event of the year ... Would volkswagen be able to do what they did ... I've been told that there were cases were the human would react by saying "no, you are not a robot, you are human!" when they were told that the caller was a bot
Nobody forced me to defend the company, that should be obvious, plus I'm sure I'm within policy here.
It seems that I am "attacked" primarily by fellow googlers, which speaks to my point: If this demo was fake, it would have been rightfully torn appart internally.
By the way, did you just copy-paste our internal policy on a public forum ?
I am not trying to imply you are against the policy, just that it isn't a good idea to make yourself an accessible target in a "witch hunt".
The media is clearly trying to kick up some shit. They know Duplex is hot, and so they try to find another angle/drama/controversy to continue the clicks-cycle. If they had anything of substance, then plenty of AI researchers would be lining up to be cited, warning against AI-hype and winters. The article would be called: "Google faked its Big A.I. Demo!". Now they are still on the prowl for anyone that will dignify them with a soundbite, be that on social media.
Notice how few Facebookers stepped up here on Hackernews, when Facebook was the target of a negative news cycle. There is just no winning, just a lesser of two evils: Take a temporary hit to your pride, or let the media and fellow Hackernews posters take everything you say as an official company statement, attacking you and your colleagues while you weren't even directly involved in the project and can do little to alleviate any concerns or lies.
My 2 cents: The demo was not faked. But of course the samples were cherry-picked to make for a good demo. Also, a large part of the negative coverage stems from irrational fear or misunderstanding of AI, futurism potential, and the first uncanny valley for natural conversation.
> a large part of the negative coverage stems from irrational fear or misunderstanding of AI...
Irrational? No. At the heart of this demo is deception. After the deception comes "impressive tech" and all the rest.
Booking hair appointments is one thing, but we all know these systems will be babysitting our children, teaching them new things, and responding to their verbal prompts.
Emotional development in children is crucial for psychological health. FAKE synthetic emotion is not healthy, it's not cool.
Having "Googlers" at the top of the ethics pyramid for AI systems in our homes, is worth a healthy dose of fear and loathing. "We are Google. We don't need to fake demos [of our fake human voice]" is precisely why Google shouldn't be dictating the terms of AI standards around ethical concerns and communication disclosures.
This is about more than hair appointment bookings.
The article and comments you are responding to is about the demo being poorly faked.
You seem to conflate this with another issue with the demo: It was so good that it seemed real, and you deem this to be deception/deceptive.
While I may share some of your concerns, I can't help but compare it to the rants against video games: unhealthy, fake social interaction. Often used by politicians without any scientific backing of their claims.
I do understand the current attraction from the general public to the unsurprising AI research going on at top labs. You don't need any relation to the field to muse about killer robot singularities and 2000 year old ethics philosophy, and no one will brand you a fool like they did to the people warning about earth-eating black holes at CERN.
No, I was responding to your comment, and your comment only, which is why I quoted you. I'm not conflating anything. Your tangent about "irrational fear" is what I was responding to, there's nothing more I can add to make that clearer.
You mention video games. In a video game, the interactions via voice chat, or text chat are person to person. I am not aware of any politicians calling that "fake". It's not related though, as online multiplayer gaming is a sub-set of a specific type of digital activity, whereas AI and bots and voice recognition is all-pervasive. It will be everywhere, and deserves scrutiny because you won't need to be a "gamer" to be exposed to this technology. IMHO it's vital we continuously examine the ethical concerns.
I do agree that the EU has less of an entrepreneurial spirit. Some cultural elements, but also practical: It is difficult to scale an app, since there are such large language and culture barriers between EU member states. There is a decades long brain-drain of highly technical (AI) people. Finally, it is very hard to compete with US companies, as they skirt the rules, winning all network effects with huge VC infusions.
I always suspected some of that was accomplished with military and intelligence support: The American economy and intelligence apparatus stands to benefit a lot with the entire world using Google and Facebook. The other side of this coin is that the pro-privacy anti-surveillance movement may also be supported by foreign intelligence agencies in an attempt to hurt US economic and military interests. https://en.wikipedia.org/wiki/Lernout_%26_Hauspie#History was close to establishing an AI-type Silicon Valley in Belgium in the early 2000's, but was unsuccessful.