And, here's EFF's position: " Americans Deserve More Than The Current American Data Privacy Protection Act" https://www.eff.org/deeplinks/2022/07/americans-deserve-more...
The Internet is a global entity, and it doesn't strike me as being well served by the "laboratory of the states".
Federal legislation is slow, but executive agencies can move faster if they are empowered by legislation to make rules. Congress sets broad principles, and it's not unreasonable that those principles should stay the same for a decade at a time, even in a fast-moving domain like privacy. And while regulatory agencies can be their own pieces of work, it is much easier to deal with one national agency's rules than 50 different ones.
And it doesn't matter that the rules can be ruled as ineffective by a high court, because it takes ages to get through the whole court process. So in the time that the court took ruling something totally unconstitutional, people's rights are squandered (especially without any democratic consensus to enact it), and the people that enacted and enforced the later-deemed-unconstitutional rulings face zero repercussions. And guess what? They then move on to the next unconstitutional ruling that squanders as many rights as possible for as long as possible.
Not going into the US-centric gun debate and assuming that guns are simply tools, isn't it reasonable that gun owners need to monitor the regulations? If you operate heavy machinery or run a chemical lab, I'd expect you to keep a close eye on upcoming legislation and rules. I'd not be surprised if a food truck operator would need to keep track of more rules than gun owners.
To make your example equivalent, imagine if the food truck or some piece of equipment in that truck was suddenly made illegal. And if you’re in possession of it you are now a felon. Yesterday (literally) it was legal and you were not given advanced notice anymore than waking up this morning and receiving notice.
If heavy machinery and food industries operated this way there would be much less competition and likely no food trucks at all
Your comparison is factually incorrect on every count. I do hope that you’re just ignorant of the mind boggling amount of legislation your average food truck is subject to.
To bring this full circle, gun owners are de facto legally assumed to be reasonable and responsible owners that abide the law and diligently pay attention to the changes of laws. If you become a felon “overnight” because of an illegal weapon; well that’s on you. Being responsible sucks because it demands humility and accountability. If you’re neither capable of admitting your mistakes nor following the glacial pace of state/federal law making then you’ve no business owning tools capable of killing masses of people in seconds from hundreds of yards away. Great power, great responsibility. Lately some politicians have become tunnel visioned on the power part, I’d like to remind you that in order to maintain a lawful society we must be responsible lest the unwashed masses take Justice for themselves in whatever capacity they can. This is the compromise of a civilized society, you would be wise to learn more about why things are they way they are before you write up factually incorrect justification for your grievances.
Please explain how, exactly.
> I do hope that you’re just ignorant of the mind boggling amount of legislation your average food truck is subject to.
Operating one on the side with some in-laws, I'm quite well aware of the legislation. Yet I'm still not aware of a single instance where a food truck operator became a felon overnight because they had a "high capacity grill". In what cases can a food truck operator become a felon when their activities that made them a felon were legal the literal day before?
> If you become a felon “overnight” because of an illegal weapon
Why is overnight in quotes? Do you not believe I was using the correct definition of literally?
> Being responsible sucks because it demands humility and accountability.
I think you'll find that a great majority of us are responsible, that's why we know about these laws and the ATF. I can't say the same for those that are pro gun control, they tend to be very ill informed on the subject and assume others are. Nobody is saying they shouldn't be responsible, we're saying they shouldn't be allowed to arbitrarily remove rights from people because of who's politically in control of the ATF. If you take a step back and remove personal bias, every sane person in the US would agree.
> If you’re neither capable of admitting your mistakes nor following the glacial pace of state/federal law making then you’ve no business owning tools capable of killing masses of people in seconds from hundreds of yards away. Great power, great responsibility. Lately some politicians have become tunnel visioned on the power part, I’d like to remind you that in order to maintain a lawful society we must be responsible lest the unwashed masses take Justice for themselves in whatever capacity they can. This is the compromise of a civilized society, you would be wise to learn more about why things are they way they are before you write up factually incorrect justification for your grievances.
You're clearly going on some rant here that I'm not sure where you're basing this argument from and it really shows your bias (which has no place on a forum of engineers and other technical people). The point being if this were laws being passed by congress, with months of advanced notice, nobody would be complaining. The ATF can release a rule right now stating owning an AR-15 with a pistol grip is a felony, active at midnight and you best hope you pay attention to the few hours notice you've been given.
ATF rules get published in the Code of Federal Regulations
and are subject to the Administrative Procedure Act
and therefore are announced ahead of time in Notices of Proposed Rulemaking (NPRMs) published in the Federal Register
and later, upon finalization, published again in the same place.
I don't mean to defend the scope of ATF's (or other agencies') power or discretion, which is quite broad, but the ambush rule with just a few hours' notice is pretty implausible under the APA. Normally the APA calls for at least 30 days' notice, and months are more typical.
There is an emergency rulemaking exception under the APA for "good-cause", but this is comparatively rarely used and (like other aspects of a rule) may be reviewed by the courts. ATF knows that it has a lot of critics who are likely to sue to challenge its rulemakings, and has often taken a considerable amount of time to make new rules even when there was a lot of political pressure brought to bear in favor of expanding regulations.
It's unfortunate that you might have to go to court to vindicate your rights under the APA, but that's almost equally unfortunately true of almost anything improper that any part of government might do to you. If a police officer decided to randomly seize your weapons because he just thought they looked scary and you oughtn't own something so dangerous-looking, you would also need to go to court to establish that the police office wasn't entitled to do that. Or if, like in the Hitchhiker's Guide, a local government authority decided to demolish your house without proper notice, you'd probably also have to go through the courts to get a remedy.
To add, I’m down to talk to about governmental overreach if we can rationally prioritize issues. Gp seems to prioritize absolutist gun rights. I’m keen to consider extrajudicial murder, extrajudicial armed robbery by police, the separation of church and state, or the Supreme courts usurpation by the federalist society - before I think it’s worth discussing the loosening of gun rights in this country that has more gun involved MCEs (military conflicts excluded) than every other country combined.
As I’ve strayed a bit from the topic I’ll bring my point back by saying; sure there’s issues worth complaining about in almost every us regulatory process, but let’s prioritize by how many lives we can improve instead of lesser reasons that are used as a fundraising platform by the minority political party without regard for the trail of destruction their reckless policies engender.
I worked on an issue a few years ago where the FCC was attempting to completely ban something, and it took them somewhere around a year to complete the process of actually banning it, despite having been very clear on their goal. If they'd simply said that people shouldn't have this, full stop, right away, well, I imagine the D.C. Circuit would have been even more upset with them than it actually was. :-)
I'm glad you found my reply helpful.
If your interest in regulatory hell take a look at the fdas campaign against vaping. Then compare it to the nhs to see what a semi functional system can accomplish.
With it already being illegal for certain criminals to own firearms, what regulation short of a total ban would help? This is where the "add more laws" logic fails. The thinking is that adding more laws will keep criminals hands off of guns. Criminals by definition ignore laws. Guns can be made via a 3d printer now. Ammunition used to be made (reloaded) by campfires. It's impossible in these days to keep guns out of the hands of those who shouldn't have them. If you have a CNC machine you can make your own AR-15.
Instead the solution is quite the opposite. More guns. You don't have to carry one yourself, just don't stop the rest of us. And by law if someone is carrying a concealed weapon near you and your life is in danger, they must protect it. We end up with peer to peer police. Nobody has a problem adding classroom work onto concealed carry permits to ensure carriers know the laws. Nobody has a problem with carriers also being required to qualify to ensure they can accurately shoot their weapon.
As far as school shootings, that solution is quite easy and technical. AI powered cameras in classrooms and hallways that alert if someone not in faculty or the student body steps on the grounds. Alert for gun shaped objects. Ballistic class on the interior and exterior windows with doors that partition the hallway when closed and locked to block in any assailants.
The guns rights group has many solutions to the problems, but the gun control group doesn't want them. Gun control groups have created a situation where it's easier for criminals to get guns and use them than it is for law abiding citizens.
Your solution is naive, unsupported by research, reasonably hypothesized by people far more intelligent and accomplished than either of us, to be a failure on arrival, and conveniently requires no requires no acceptance of responsibility in the current horrific state of affairs nor does it requires a change in mind on anything.
More guns = more suicides and accidents. You should already know this.
the nra/federalist society, and similar organizations have been using their lackey’s to prevent progress on gun control for decades. Mitch McConnell has publicly taken pride in his ability to prevent anything from getting done regarding anything.
So now only wealthy people can exercise a right?
> Once we accept that all we need to do stateside is adopt sensible legislation that demonstrably works in countries without a belligerent group incapable of intelligent debate.
Again, what legislation. I want specific laws you think will work.
> I’m not going to engage with you on a slippery slope argument.
It honestly sounds like you have no argument, just that you don't like guns and want them gone.
> More guns = more suicides and accidents. You should already know this.
I don't count suicides as deaths. This is used by the pro gun control groups to artificially inflate the numbers. Suicidal people will use other means if you take the guns away. And yes of course, the increased use of any object results in increased accidents with those objects. That's why some parents teach their kids gun safety early (I was handed a shotgun at age 8) and we develop proper procedures for handling weapons (Such as always visual and physically ensure the chamber is clear even if you "know" it's unloaded).
> the nra/federalist society, and similar organizations have been using their lackey’s to prevent progress on gun control for decades. Mitch McConnell has publicly taken pride in his ability to prevent anything from getting done regarding anything.
Do you think that perhaps the NRA is just representing the people that belong to its organization? Or said another way, if the NRA had nobody to represent would they exist?
While it may be hard for you to understand my position and the position of others like me, it's not the NRA fighting. It's me, other's like me. And we certainly aren't giving up anytime soon.
Every scenario you’ve presented Ive disproven. Remember this was started when it was said that food truck operators can become felons.
Further what site guidelines have I violated?
I want specific laws you’d enact to resolve the issues as you see them. Can you provide them or not?
> Nobody has a problem adding classroom work onto concealed carry permits to ensure carriers know the laws. Nobody has a problem with carriers also being required to qualify to ensure they can accurately shoot their weapon.
This is untrue. Half the country has constitutional carry established. I carry every day and do not have a permit. I get myself to the range frequently enough to be proficient. I do not need the government to "allow" me to practice my rights.
There is a difference in practicing one's rights and endangering others. We require the same of our police officers. While I'm a fan of constitutional carry, I have no problem taking 8 hours of classroom courses and qualifying with my carry pistols.
What other enumerated rights shall we remove under the guise of saving lives? Should we remove access to vehicles? Alcohol? Shall we enact a speech control board that if you violate it you lose your enumerated rights? This would open the door for the same abuse gun owners receive for exercising their right.
You're right, I'm a gun rights absolutist. I will not settle for the removal of this right nor the government making it difficult to exercise. They don't do this with any other right why this one? Can other rights not be just as dangerous? (See Democrats stating they needed to misinformation due to the damage caused to democracy).
Wait a second, who doesn’t? In fact on this board they have been discussed more than a few time, including by myself.
> just the right for every angry terrified fan of tucker carlsons propaganda (legally not News remember) to go to their local gun shop and buy dozens of semi automatic long guns with 10+ round clips and have a few pallets of ammo delivered to their house with merely a signature and maybe a waiting period.
This is a biased rant again. None of what you said sounds dangerous to me. The problem is now with what law abiding citizens buy and own, they will never use the “dozens of long guns” kill innocent people. Why are you conflating criminals and law abiding citizens?
Can you also tell me, using your example, why any waiting period past the first one does anything? If someone already owns a gun, why are they being subjected to yet another waiting period? The entire point of a waiting period was to cool off and not do something stupid with your new purchase. But if the person already has a gun on hand then what is the point of it?
Only if there is no exception that allows them to wave the comment period. The key being "emergency actions".
> There is an emergency rulemaking exception under the APA for "good-cause", but this is comparatively rarely used
Bingo. Now imagine living in fear because of a particular government body's overreach. You can clearly see that this can and will be abused based on political bent. The exceptions are the problem. Remove them. Require all rules have a 180 day waiting period.
Are you aware of the origins of the fda? Chefs and pharmacists got rightfully chilled by the dozens of bills it took to fully reign in their murderous proclivities.
The only reasons that we’re having this discussion is because of elementary (bad faith) disagreements over the semantic interpretation of laws that predate world changing technologies our great grand parents took for granted in their childhood.
Overnight is in quotes because your use of it is needlessly inflammatory. One felony conviction equates a lifetime felon. Your usage of overnight is superfluous and only acts as a conservative dog whistle in your comments.
Who is us, precisely? Names, addresses, and gun permit numbers please. I like to stay as far away from anti-regulation outspoken second amendment types as possible. They’re too shooty and screamy. That said, what are you and your “responsible” gun owners doing to control the irresponsible ones? If responsible people set the rules we wouldn’t have drunk driving laws, or urine screens at work, or even currency. The nra has only supported gun control legislation when its toothless or black people are effectively asserting the same rights. If not The nra being the de facto national steering body and figure head for the “responsible gun owner” cohort then who? I’ve not heard of any organization with a fraction the membership of that side of the gun control war.
Funny how you cast the people with your beliefs in a broad positive brush and those who consider your beliefs the direct cause of countless deaths in a broad negative brush. Some might consider that an argument in bad faith. The anarchist and socialist gun owners I know all know to code switch when talking to people proudly exclaiming the same beliefs as you.
Your appeal to authority is dehumanizing, fallacious, and thoroughly refuted by a sibling comment to your post. It’s up to you recognize that your beliefs create a perverse incentive to engage in illegal vigilantism and thus in order to protect democracy and secure the most rights for the most people we must continue to aggressively regulate firearms until their misuse is inline with peer countries. All other domestic attempts to curtail wanton gun violence and vigilantism have failed to have substantial. The time has passed for 2a absolutists to be taken rationally as we’re witnessing countless preventable murders of children go unaddressed.
Drop the bad faith flame bait and transparent insults. You’re sidestepping my points and demanding I engage you on your terms. It’s uncouth and ironically hypocritical. This is no rant, but I can understand why someone of your beliefs may feel that way. I am a recovered 1-2a absolutist libertarian myself, and I cannot help but full body cringe at the ridiculous justifications and mental gymnastics I used to justify my hatred, prejudices, and wave away the inevitable externalities in such a society that is so improbable it cannot even exist in fiction.
This is clearly not true as evidenced by the high rate of mass shootings in the US
As a person who's data is being sold I would one up it and wish that each county would produce their own regulations. That business is a cancer.
So a pragmatic person chooses a solution that maximizes the benefit and mitigates the tradeoffs.
That seems obviously bad to me, having more jurisdictions to work out what the best laws are seems like a better idea.
Preemption is always a mistake, i am not sure why everyone wants federal laws for everything, without even touching the fact that Data privacy is in no way even close to any of the enumerated power of the US Federal Government
Federal Laws almost always favor large companies, the exact companies these laws are needed to protect the consumer from
Facebook, Microsoft, etc would love nothing more than to have the federal government take over because has "stake holders" they will be called on to write their own legislation, and will start the revolving door of hiring current, former and future regulators to work in the very corporations they are supposed to regulate.
Federal laws never work for the average citizen
So that my marriage is recognized across state lines, for a start.
This argues for federal legislation that defines marriage simply as a compact between two consenting adults with some basic legal record keeping.
The /impact/ of that marriage can be both federal and state (e.g., federal vs. state tax laws).
Individual state laws defining marriage could mean your next of kin could change if you die in the wrong state. That way lies dragons.
This cuts both ways—with preemption, you can provide baseline rights or guarantees to citizens. The trade-off is that you have federal legislation in the mix and you then need to deal with laws that are slower/harder to change; a big issue if the law was badly written or needs to be changed in a timely manner.
In what way is data privacy regulation for corporations not a regulation on interstate commerce? That's like, the whole deal. That's the entire internet. If anything, Internet regulations applying at the state level is even more insane, because of the inherently cross-state nature of globally networked communication.
Wickard that expanded that to include all commerce that may touch another state even indirectly was / is one of the WORST supreme court decision ever and it is eternal dream that the Supreme Court will reverse it and instantly shrink the power of federal government by at least 75%
I'm not sure why anyone wants to be held to 50+ different and conflicting privacy and data protection requirements just to have a website or provide a service online because that's what we'd be getting if we left online privacy regulation up the states.
that's not possible for people who do business with people who live in other states. If I make a website in Ohio I'm responsible for following Florida's laws on how I handle data collected from Florida's citizens.
If you never create a business or service that anyone from any other state or country uses you'll never have to worry about compliance with their laws, but most of us want to build things for more than just the people in our immediate surroundings.
Why? For decades in the US we have had the concept of "Nexus", and just because a person visits your website in Ohio from Florida does not you have a Nexus in FL to where you need to follow FL Law
Just like today if I put up a website, and a person from the EU visits it, I as a US Citizen with no business interests in the EU have no obligation to follow GDPR or put up cookie notices or any other EU Laws
Because the alternative is that businesses do for data privacy the same thing they already do for things like manufacturing and corporate taxes. That's even worse.
It's a lot easier for big business to control a single state government than all fifty of them.
You'd possibly have an obligation under GDPR, but you are free to ignore that and face the consequences. Same with laws passed in other states. You're free to ignore them so long as you're fine with what ignoring them will cost you. If you enjoy being able to conduct business in and travel to places outside of your state it's probably a good idea not to violate the laws of those places.
It creates a national standard. If we’re still debating the solution, sure, devolve to states. But if we’re near consensus, preëmption provides scale. This is American strength in a nutshell.
Perhaps someone reading this can explain why, but I did not see anyone from the EFF at the 8 September 2022 public forum on the FTC's ANPR on Commercial Surveillance and Data Security. EPIC was there providing cogent commentary. The operater of thenexusofprivacy.net was there, too.^2
1. For example, here is a comparison of the ADPPA with the CCPA from the folks at EPIC.
2. This is another topic that may interest HN thread readers. This is Section 18 "Mag-Moss" rulemaking so public input is mandatory. Those who understand the issues should submit comment to the FTC to support the process. The deadline is 21 October. https://www.regulations.gov/comment/FTC-2022-0053-0001
As a Californian I would prefer that bills add additional protections especially when it comes to privacy.
I'm really trying not to be cynical here, but I started so I might as well finish. Step #2 is if it does happen to pass, the parts of the bill that are actually consumer protections will be unenforceable, be ruled unconstitutional or have unintended negative consequences. The bad parts of the law will have no issues in the courts or with enforcement. They, too, will have unintended added negative consequences.
obfusication of a bills content and intention by using a dissociative title must stop
It's even more insane we allow the state-affiliated entities of our adversaries to do this.
Well, it would be rather pointless to elect to hire a representative to represent you and then not take time to make your position known with them. They certainly are not mind readers.
And you can't realistically remove big businesses from citizenry as those who are stakeholders in big business are going to bias their position to what benefits their business. Business is people, after all. ByteDance certainly has stakeholders who are American citizens.
So we make a best effort to register those biases for the sake of transparency. The only real alternative, short of abandoning democracy entirely, is to leave it a mystery who talked to their representatives.
Also, don't the representatives have pre-election issues based manifesto when they are seeking votes to get elected? Shouldn't they stay true to the promises they made?
The advantage big business has is scale. Big business, by definition, has many more stakeholders. This means that big business will be disproportionately represented by the constituents. If those biases weren't made clear, and each constituent's position was taken at face value, then the unified front would appear stronger than it would actually be if each actor were acting without those biases.
> Shouldn't they stay true to the promises they made?
I'm not sure why you'd want them to. The state of the world is constantly changing and new information continues to flow in. You will be constantly reevaluating your position in the face of new information. A representative will respond to that.
Representatives know that some segment of the population honestly believe that they are mind readers and will offer up some examples of how they might try to read the minds of those who buy into that witchcraft to attract their vote, but marketing and reality are quite different.
I'm glad that Pelosi is using her position to impose some changes on the bill so maybe something good will come out of it, but I really can't stand that in US bribery is essentially legal.
What Microsoft, IBM and others won as the privacy bill evolved - https://www.protocol.com/newsletters/policy/cloud-enterprise...
Privacy bill triggers lobbying surge by data brokers - Privacy bill triggers lobbying surge by data brokers
$11.5 billion is not small.
Revenue, classified by significant product and service offerings, was as follows:
Year Ended June 30, 2022 2021 2020
Server products and cloud services $ 67,321 $ 52,589 $ 41,379
Office products and cloud services 44,862 39,872 35,316
Windows 24,761 22,488 21,510
Gaming 16,230 15,370 11,575
LinkedIn 13,816 10,289 8,077
Search and news advertising 11,591 9,267 8,524
Enterprise Services 7,407 6,943 6,409
Devices 6,991 6,791 6,457
Other 5,291 4,479 3,768
Total $ 198,270 $ 168,088 $ 143,015
I'm not sure of the term. It's like a regulatory legal barrier that keeps new companies from entering the market.
What do you expect people to do instead?
The bill outlines exemptions for business making less than 40 million annually. I haven't read the whole thing so it's possible I missed something, could you point out which sections you're referring to to draw that conclusion?
barriers to entry 
> SEC. 210. UNIFIED OPT-OUT MECHANISMS.
For the rights established under sections 204(b) and (c), and section 206(c)(3)(D) not later than 18 months after the date of enactment of this Act, the Commission shall establish one or more acceptable privacy protective, centralized mechanisms, including global privacy signals such as browser or device privacy settings, for individuals to exercise all such rights through a single interface for a covered entity to utilize to allow an individual to make such opt out designations with respect to covered data related to such individual.
the tl;dr for that story is that it wasn't mandated to be honored, the industry didn't voluntarily adopt it widely, and when IE 10 tried to turn it on by default and the standard's lead supporter responded by submitting a patch to Apache web server to ignore the DNT signal coming from IE 10 because "does not protect anyone's privacy unless the recipients believe it was set by a real human being, with a real preference for privacy over personalization," that situation pretty much killed it in the crib.
The problem is technologically simple to solve; all the challenges are social and legal.
In the end Google ends up in a script on the page somehow in the name of privacy.
Otherwise, google could claim its current policies are compliant. ("Just log in if you want to be 'anonymous'...")
The ad industry has had these opt-outs for a while, but you have to set opt-out cookies on about 500 sites, so it's not practical. DNT solves that problem, but the industry won't voluntarily adopt any solution that has any realistic chance of making a difference.
I opted out.
I pressed the trash can button in Firefox Focus.
I reopened the site. It said I was opted in.
Their "disable tracking" button simply does not work.
I'm not enabling cookies so I can opt out and they can just buy my tracking information from some other ad network. There is a reason I disable persistent cookies and want DNT headers to be legally binding.
Another option would be to spoof/containerize/pollute/sabotage the cookies through the browser or an extension, and opt back in for sites that you need persistence with.
Paying any sum of money to receive a copy of or request to delete my private data is unreasonable in nature.
Yes we should. But there are a few too many systems, and we add and drop systems with such regularity that it would still be a non-stop engineering challenge.
For the few records we do return as part of GDPR requests, they are usually associated to customer and billing data. I don't know how you run a business without that.
> eu citizens wont have such a fee.
They do and it's collected in the cost of higher product costs.
A majority of requests are actually this way - people use online services that submit blanket removal requests.
$100 for an occasional person? No biggie.
Potentially infinite? That's a bit more than normal overhead.
While we haven't seen this sort of DDoS attack through our GDPR process yet, the potential is already there if bad actors or competitors wanted to exploit it.
>Although, the ICO also notes that a firm may charge a “reasonable fee” when “a request is manifestly unfounded or excessive, particularly if it is repetitive.”
Privacy request shouldn't enable mechanisms of denial of service type attacks against companies.
Courts rule on the evidence provided. If a user challenges the fee, the company can easily document where every penny went, and therefore claim it is a reasonable charge. The user's only real recourse would be to prove that company is over-billing, but that would require evidence.
Pegging the cost to a set number of labor hours by law signals to companies that part of the cost of collecting this data is they must develop their internal systems in a way that they can quickly and easily comply with requests.
Almost always to the dismay of one party, and sometimes to the dismay of the general public.
But in general, EU/EC law is full of policy that gets interpreted as human judgement calls, and US law is full of details that are interpreted as badly-written code with a choice of parsers. The two styles are not compatible.
If cloudflare required people to pay to bypass their denial of service protections... well, I guess I dont know what would happen, other then that I would hate them even more then I already do for all the terrible things they do for my experience as a default tor browser user.
How would this even happen? I genuinely don't understand what you mean.
I mean, what year is this? We've been hearing "automate it, automate it, etc" for years and years now. But to get your personal data, these companies just throw up their hands and say that it's too hard?
It's our data, dammit!
Completely disingenuous argument. Literally nobody claimed that.
By the same token of strawmanning, you're claiming that businesses should do nothing than hire people to send your data back to you. Why even have businesses if that's the only thing you think they should do?
If you're so invested in "your data, damnit", then don't give it to them in the first place.
Even ignoring implementation cost, there was a significant computational cost that's pretty hard to avoid.
4/5 times there aren't any - people doing the requests often use services that submit blanket requests.
These companies are happy to harvest up all your data, run all this crazy automation, spend millions analyzing algorithms, setting up machine learning, NFTs, run datacenters, networks, etc etc, but they can't figure out how to automate GDPR requests? FUCKING BULLSHIT.
There is literally zero reason why a data request should add any burden to a tech company.
You talk to people and ask them why they are worried about companies collecting data, and a certain percentage will tell you they don't like that the government could get it with a court order. That'd be a HUGE improvement over the current situation where they don't have to, they just collect it directly.
I'm disappointed to find most of the complaining on this thread about businesses collecting personal data, rather than the government. Even more so that the first comment's top response regarding this is shooting it down because of an imagined loophole.
It disgusted me about CCPA that a private company can have a breach and be fined millions, but the CA govt is immune. Same thing here, and it should disgust everyone who supposedly cares about privacy.
In this setting the gov can hint at what data it wants, and private parties will manage to get it for resale.
I am not afraid of my data being used against me to sell products. I am afraid of the government abusing their monopoly on violence. The first seems like misdirection.
It just seems irrealistic to have basically a "don't be evil" policy on gov side while letting gorrilla size businesses roam free.
For instance we already have a very bad time dealing with VISA/Mastercard policies that straight dictate what businesses are allowed to thrive online. VISA/MC duopoly is not the gov, yet it has arguably more power on the online cultural landscape. And any gov making their life easier can have them implicitely return the favor in some way would be basically untraceable (the gov might not even need to ask for anything. VISA/MC would just apply changes in line with the gov.'s stated policies)
User surveillance is the same, you can't have unruled gigantic entities allowed to do whatever they want, with the gov limited to a small set. That chinese wall is just bound to leak.
That's your targeted ads (and your cellphone tracking, and your transaction records.)
Companies collecting data on you directly or indirectly is a problem, even if they don't do anything malevolent with it (and some already do). The issue is that eventually they'll be breached, and then that data can end up in the hands of malicious actors that might use it in a way that could harm you (e.g. identity theft, compromising other accounts thanks to peronal info, etc.).
Who's after you? I'm not making the lame "only wrongdoers have something to fear" argument, just wondering what circumstances you're dealing with.
A close reading of the wording implies this only covers requests backed by a law, i.e. it does not cover "polite requests" from a government agency. However that is a theoretic protection, practice could be different.
I think this is not about protecting the rights to data and privacy of american indivudal citizens...the other kind of american citizen, the american corporation, on the other hand, stands to gain a lot from this.
> To provide consumers with foundational data privacy rights, create strong oversight mechanisms, and establish meaningful enforcement.
ah, so corporations can well-foundedly and meaningfully consume the data of 'consumers' (an euphenism for fuel) in a way such that the historic shadow suckers of everything's energy (banks) can continue to partake on the sucking down of everybody's data/information (with real time measurements, which is a novelty in this ancient system build around trade, commerce, insurance, and power-authority concentration).
So far five states have passed local Data Privacy laws (CA, VA, UT, CT, MA). They are all different. This situation makes it much more likely that federal data privacy legislation will happen: while companies wish they could have 0 laws, they would still much rather prefer 1 law rather than 5 (trending towards 50) different laws that contradict each other.
There's a whole buncha specifics about what data is covered and what companies are covered and bleh blah bluh. That's not the most important thing. There are two things which are more important than that. These two issues also happen to be the topics most hotly debated between Dems & Repubs.
1. Private Right of Action, aka "Can I, a private citizen, sue someone?"
Everyone violates GDPR a dozen ways to Sunday, and nothing happens. Why? Because no one can actually enforce the law except for the local regulators who are underfunded. By contrast, the ADA lets anyone sue over violations, and as a result companies care a lot about handicap accessibility.
To my understanding the current negotiations are trending towards a limited Private Right of Action. Meaning it will exist for some violations but not others. This is how CCPA works in California right now: private citizens can sue over data breaches, but any other violation can only be enforced by the Office of the Attorney General.
2. Pre-emption, aka "Does this repeal CCPA."
Can states give additional protections to their residents, or is the Federal government removing the ability of states to define additional requirements for businesses. Again, the current state of negotiations seems to trend towards partial, but not total, pre-emption.
A perfect example of how these megacorps destroy the fabric of our political process. The fact that dealing with state regulations is a burden isn't our (the people's) problem, we have a right to have our state's reflect our will. They want to scale up to this massive size raking in billions of dollars, that should come with the territory.
Individuals can enforce GDPR in court:
Art. 79 GDPR
Right to an effective judicial remedy against a controller or processor
1. Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Article 77, each data subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data in non-compliance with this Regulation.
2. Proceedings against a controller or a processor shall be brought before the courts of the Member State where the controller or processor has an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where the data subject has his or her habitual residence, unless the controller or processor is a public authority of a Member State acting in the exercise of its public powers.
Granted they would be in the wrong since this is clearly and unambiguously interstate commerce, but that hasn't stopped them before
SEC. 203. INDIVIDUAL DATA OWNERSHIP AND CONTROL.
(e) Verification And Exceptions.—
(1) REQUIRED EXCEPTIONS.—A covered entity shall not permit an individual to exercise a right described in subsection (a), in whole or in part, if the covered entity—
(C) determines that the exercise of the right would require access to or correction of another individual’s sensitive covered data; or
No way. The threshold of consensus required to put a constitutional amendment through is far higher than that of passing a bill (maybe too high, but that's another conversation). The fact that such an ammendment would consist of terse, high-level, abstract statements rather than pages and pages concrete specifics would also make it harder to achieve consensus because too many people would be afraid of it getting read by SCOTUS in a way they didn't want.
We need to work on federal laws here and not wait for a pie-in-the-sky constitutional ammendment. (State-by-state laws don't make a whole lot of sense on this topic. Glad CA has been test-driving some, but we need a unified approach.).
Why would digital privacy be a fundamental human right before normal privacy?
I just checked on my mail (look at headers, for smtp hosts not just senders and receivers).
For me its 76% for the past 7 years, that either originated or ended in one of the big three silos.
But I meant the major services all must give access to virtually any federal government entity on request, warrantless. I think they even have portals, imagine how that is abused by anyone and everyone.
Not sure how it would be enforced but I would guess if the feds wanted access to your server, even without a warrant, you'd be forced to give it to them.
Of the 15 or 20 business owners in the room, I was the only "pro privacy" voice. People were very focused on what would be the perceived additional cost of complying with any GDPR-style rules in the US, and weren't yet thinking about the negative effects of having different privacy rules in different markets. "Different markets have different rules all the time," in short.
I maintain that it would be less complicated, less expensive, and more human-friendly to use data privacy rules as globally universal as can be achieved. There will always be capitalism leeches that drain money through arbitrage between the policy gaps, yes, but it would help.
(Also: there is zero chance this gets through the current US Senate. Would never clear filibuster.)
A filibuster by who? Neither party would support any privacy rules that placed any undue importance on privacy.
I think this is a bit naive. As someone who has had to dwell a lot on the specific nuances of German privacy laws vs GDPR or South Korea's, I have come to the conclusion that conflicting privacy laws are a designed feature.
I think lawmakers certainly have consumer protection as one of their goals, most privacy legislation has many features intended to benefit domestic industries at the expense of foreign ones. Or to benefit national security in some way (such as requirements for certain types of data to be stored on servers inside the country).
Even if the US was to homogenize with GDPR in some way, I wouldn't doubt that the EU would fast follow with a slightly different spin on it just to give US tech companies an extra set of hoops to jump through.
In a way, this is already how safety regulations work in the automobile industry.
If one outcome of GDPR is that 10-15 years later, the US adopts some sort of national privacy framework that motivates industry to reevaluate their data monetization business models, that's a good outcome.
Reading the tea leaves a bit, Speaker Pelosi seems dead set against it and I dont think will allow it to be moved as is. she has publicly stated that "states must be allowed to address rapid changes in technology", IE, the bill preempts to many state privacy regulations, esp in California. But as a rule my default assumption for the "real reason" why Pelosi is against something is because she thinks it will harm chance of caucus holding majority in house.
Skeptical as I am of her motives / methods, I'm inclined to agree with her in this case. Act should be a floor not a ceiling.
There are also other great privacy orgs that are not quite as big but are also fantastic in their own ways, like Restore the Fourth (which also has local chapters like shameless plug) rt4mn) Fight for the Future, Demand Progress, Cato, and Privacy International
Also, If you want to do more then just donate, you can help the EFF with its lobbying efforts by joining the Electronic Frontier Alliance https://www.eff.org/fight We participate, its pretty great.
> We do privacy lobbying at the municipal and state level and our local ACLU affiliate has been a huge, huge ally.
I disagree with them on a whole range of issues, but when it comes to privacy and mass surveillance they are almost always spot on. Most of my disagreements in that area have to do more with political tactics and messaging then anything else.
The only way implement these sorts of mandates is stomping all over a developer's right to freedom of expression. I'm a firm believer that code is speech and that limiting what a developer can do is infringing on his own right to free speech.
>Rep. McMorris Rodgers, Cathy [R-WA-5]
>Rep. Schakowsky, Janice D. [D-IL-9]
>Rep. Bilirakis, Gus M. [R-FL-12]
Have you read the book? It's nothing at all like how we live today, and (as far as I can tell) this would do nothing towards making our lives more like how the lives of Winston and Julia were in the novel.
Keeping a diary is punishable by death (that's the premise of the entire story), it's kind of silly to compare that with our lives today.
The thing I tell most people is that we currently live under more surveillance then folks in 1984. "You had to live—did live, from habit that became instinct—in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized." nowadays your movement is not safe even in darkness.
We would be even more screwed then folks living in that fictional regime if we backslide away from rights based democratic rule of law.
I urge you to reread 1984, and focus on how people who broke the rules were treated. People weren’t deplatformed or cancelled, they were murdered.
On a more serious note (in case it was not clear that I was being facetious), you are absolute correct that an important theme (and, arguably, the primary / key message) of 1984 is to highlight the horror and dangers of a totalitarian government, and to push back against the very, very pressing danger of Nazi Germany and the Soviet Union.
But one of the great things about sci-fi / dystopian / utopian fiction is that it lets us look at a potential future, ask ourselves if thats a world we want to live in, and if its not, we can think about what it might take for us to go down that path, and what steps we should take if we want to avoid it.
You are right to point out that we dont live an a totalitarian surveillance state run by elites without respect for the rule of law. But my point is that we could, and that we currently do live in a surveillance state. It just happens to be a democratic surveillance state run by elected representatives of the people with a strong culture of respect of the rule of law. But its a surveillance state nevertheless.
I wont suggest you re-read 1984, but I would suggest taking a look at this opinion piece by Pussy Riot's Nadya Tolokonnikova: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2l... (or i guess https://www.nytimes.com/2020/08/26/opinion/navalny-russia.ht..., but I suggest the onion link)
Or at least the last paragraph: "Our president has only just recently had the law changed so that he can stay in power until 2036, but his program of repression didn’t start out this blatantly. These things happen in pieces, bit by bit, small acts. And each one may even seem relatively benign at first, perhaps bad, but not fatal. You get angry, maybe you speak out, but you get on with your life. The promise of our democracy was chipped away in pieces, one by one: corrupt cronies appointed, presidential orders issued, actions taken, laws passed, votes rigged. It happens slowly, intermittently; sometimes we couldn’t see how steadily. Autocracy crept in, like the coward it is."
Persistent mass surveillance is not mentioned. Abusive government surveillance tends to fly under the radar. But one of the lessons of 1984 is that you ignore it at your peril.
That's an important point, and I think there are a lot of folks who would try to disagree. There are people in this very comment thread that believe 1984 is not a work of fiction, and that's silly. Those are the people I'm disagreeing with.
I'm not really interested in generic, "society is falling apart" conversations, as every society ever has been saying that about different things, and yes they even followed up with, "No but for us it's real!"
Of course 1984 is not a reflection of current reality. it was not a reflection of current reality back when it was written. Science fiction is not a fun-house mirror reflecting back a warped version of the present, its a kaleidoscope looking into the future.
I have not seen anyone in this thread say "1984 is totally real and not a work of fiction", or confusing that world with reality. I've only seen people using the novel as it was intended to be used (as a rhetorical and persuasive tool) and pointing out: "There are a number of very real parallels between the world we live in and the world of 1984, and the number of parallels is increasing. This is a giant blinking warning light, and we should change course"
> I'm not really interested in generic, "society is falling apart" conversations, as every society ever has been saying that about different things, and yes they even followed up with, "No but for us it's real!"
I sympathize with your lack of interest in that conversation, its not a fun one, but its important and your rational for avoiding it is flawed. True, very society every has had its doomsayers, and they were very often wrong. But a lot of them were right, too. Progress is not inevitable. Societal backsliding has happened many times throughout the course of human history, and democratic / rule of law backsliding has happened a lot in very, very recent history. Back when that opinion piece I linked too was written, the new york times had reporters based in russia. Now they don't.
Judge Doomsayers like me based on the specific doom we forsee, not on the fact that we are doomspeaking. (and now I promise I'm done editing, even for spelling, since thats gotten me hooked two bloody revisions ago)
> The thing I tell most people is that we currently live under more surveillance then folks in 1984.
> In ~20 years you'll see how silly you are for welcoming totalitarianism. You won't care until it effects you.
Three examples from this thread (one by you) of folks claiming "1984 is totally real and not a work of fiction", at least to the degree of what I originally said (you're misconstruing what I wrote for rhetorical value, but if you look at what I actually claimed, these quotes fit).
There are not "a number of very real parallels between the world we live in and the world of 1984", this is a misremembering of the content of the novel. You don't get to just hand select a few things from the novel and say, "Look, 1984!" in the same way you don't get to cite "well the humans in Lord of the Rings breathed air so it's the same as today!"
For example, without the critical, "or else you die" consequences of misbehavior in the 1984 novel, none of the "scary" things in the novel carry anything remotely approaching the weight or meaningfulness.
I'm not sure that you can accuse anyone of misconstruing anything unless you can find this quote in another comment, or anything resembling it.
Then when others call you out, you call it semantics games. Rich.
Your right, I am! Aint rhetoric grand? Its such a powerful tool, and 1984 was such a sublime and impactful example of rhetoric that more then 70 years later its still being routinely invoked to create discussion just like this one.
Although I guess I would say "deliberately exaggerating" rather then "misconstruing", but that's being too nitpicky right out the gate. being nitpicky should come in the middle of the comment, like so:
> what I originally said
was "It's nothing at all like how we live today". Which would be a valid criticism in the lord of the rings example, since it is fundamentally a work of fantasy. but not so with 1984. There are a number of incredibly striking parallels, some of which you helpfully highlighted.
> You don't get to just hand select a few things from the novel and say, "Look, 1984!" in the same way you don't get to cite "well the humans in Lord of the Rings breathed air so it's the same as today!"
I do actually get to do just that, depending on what those things are. Although I would look silly if did the lord of the rings thing. Everyone knows they breathe Aether.
But as I said, the whole point of 1984 was to be a warning about the dangers of a world where totalitarianism wins. 1984 was a rhetorical tool. Taking a few things from the novel and highlighting the similarities in an effort to convince others of the potential danger of a all powerful government is pretty much exactly the function it was written to serve.
> without the critical, "or else you die" consequences of misbehavior in the 1984 novel, none of the "scary" things in the novel carry anything remotely approaching the weight or meaningfulness.
I am going to assume you dont mean this part literally and are exaggerating for effect (or maybe I'm just misunderstanding you) because I don't think you mean to say that making comparisons between 1984 and modern life would not be apt unless the US government had an active policy of killing people for dissenting speech/writing/thought-crime.
I think what you are trying to say is that the harsh brutality of 1984 is so distant from modern reality in the US, that any rhetorical arguments analogizing to it is de-facto excessive hyperbole?
I disagree, and to highlight why, let me ask two questions. first, as you say, in the novel:
> Keeping a diary is punishable by death (that's the premise of the entire story), it's kind of silly to compare that with our lives today.
But in Orwells time the UK (where he lived and where the novel takes place) did not punish people with death sentences and torture for writing "down with the king" in their private diaries. In your mind, would making comparisons between the status quo of the UK in 1948 when the book was published and the future world imagined by orwell have been apt?
To further clarify this question, what, In your view, would the status quo of civil rights and the rule of law need to be for a comparison to 1984 need to be to be apt? that is tosay, on the spectrum between "government punishes you with a fine, after a fair trial, for not paying taxes" and "government openly admits it kills people for thought crime" do we have to fall?
If I'm entirly off base, and you do think that making comparisons between 1984 and modern life would not be apt unless the US government had an active policy of killing people for dissenting speech/writing/thought-crime, then I would gently remind you again that the purpuse of 1984 was to serve as a rhetorical warning, and that a warning sign that you cant see until the danger is right on top of you is utterly useless.
And then it will be too late for you to do anything about it.
For all you know I prefer "Brave New World" analogies!
We all know your position, and you're not on the right side of history. Period.
"Most writers don't write things like this. You should consider for a moment whether this is how you want to present yourself to others. Press [suggestions] for alternate ways to express a similar idea, or press [submit] to become legally and socially liable for the consequences of your actions."
> If there is hope, wrote Winston, it lies in the proles.
Have you...? Imagine being this far away from the truth. Yikes.
You’re not adding any value without diving into details.
It's not my job to spoon-feed you the problems and solutions.
You mean stopping online crime, identity theft, and cyberbullying. Going after encryption is the goal, the stated goal is usually about more tangible, friendly concepts.
>SEC. 406. COPPA.
>(a) In General.—Nothing in this Act shall be construed to relieve or change any obligations that a covered entity or another person may have under the Children’s Online Privacy Protection Act of 1998 (15 U.S.C. 6501 et seq.).
>(b) Updated Regulations.—Not later than 180 days after the enactment of this Act, the Commission shall amend its rules issued pursuant to the Children’s Online Privacy Protection Act of 1998 (15 U.S.C. 6501 et seq.) to make reference to the additional requirements placed on covered entities under this Act, in addition to those already enacted under the Children’s Online Privacy Protection Act of 1998 that may already apply to some of such covered entities.
Not exactly new rules, but they're making sure this doesn't overwrite anything they already enacted "for the children".