> In France, the Senate just approved a controversial provision to a justice bill that would allow law enforcement to secretly activate cameras and microphones on a suspect’s devices. This type of surveillance would be activated without notifying the owner of the device. The same provision would also allow agencies easier access to geolocation data to track suspected criminals ... Critics are urging French parliamentarians to dismiss the controversial provisions. And it’s not too late – the update to the bill must still be approved in the National Assembly, the more powerful lower house of the Parliament.
Any startup employees working directly on technology trade secrets or otherwise non-public intellectual property should enable iOS Lockdown Mode.
Thanks to years of invasive online targeting, bulk data breaches and mobile phone network structural insecurity, it has never been cheaper to screen for higher-than-average-value targets with digital assets that can be exfiltrated. Since targeting costs have fallen, it is profitable to target employees below the C-suite, e.g. those in strategic or development roles who routinely need to access sensitive information and digital assets.
This applies to enterprise, mobile and WFH environments, e.g. leveraging mobile phone foothold to reach other devices like a home router.
The entity that orchestrated that outing, with the accompanying simple purchase of location data, etc. was a Roman Catholic newspaper known for high-quality investigative pieces. https://www.pillarcatholic.com/p/pillar-investigates-usccb-g...
If such incriminating data is so easily procured against just one guy using a gay hookup app, imagine the treasure troves of data that could be wielded against Members of Congress and other people in power. Even in the absence of wrongdoing, I still don't think that public figures would enjoy having the public know their every move, every minute of every day, but the reality is that all the apps they run are phoning home and uploading that data constantly, unceasingly, and it's all for sale.
The data came from Google and included GPS data.
Either way, I don't think that matters. My point is that tech companies store data that can be used to identify everyone present at a specific location and timeframe, and that data is easily available to the government. There's no "may" about it.
https://www.dni.gov/files/ODNI/documents/assessments/ODNI-De...
Reuters CLEAR has no clear opt out and is being sold as "prevention" (precog). https://legal.thomsonreuters.com/en/products/clear-investiga...
LexisNexis https://optout.lexisnexis.com/
Exactis has no clear opt out. https://www.exactis.com/about-us/
PeekYou https://www.peekyou.com/about/contact/ccpa_optout/do_not_sel...
That's spot on, and your analogy is a good one, except that in the realm of personal information, no warrant is required in the US.
There is quite a bit of law and numerous court decisions around this process in the US.
That jurisprudence is more generally called the Third-Party Doctrine[0]:
The third-party doctrine is a United States legal doctrine that holds that
people who voluntarily give information to third parties—such as banks, phone
companies, internet service providers (ISPs), and e-mail servers—have "no
reasonable expectation of privacy" in that information. A lack of privacy
protection allows the United States government to obtain information from
third parties without a legal warrant and without otherwise complying with
the Fourth Amendment prohibition against search and seizure without probable
cause and a judicial search warrant.[1]
Edit: To clarify, I disagree with this doctrine and would love to see limitations on data retention periods as well as warrant requirements for access to such data.
https://en.wikipedia.org/wiki/Bellingcat
https://www.goodreads.com/book/show/54680228-we-are-bellingc...
The George Floyd protests were far more policed: twenty-five protestors died; around 14k were arrested. [1]
Hard to say any 1/6er suffered a similar fate, despite their significantly more egregious apparent crimes.
https://en.wikipedia.org/wiki/George_Floyd_protests_in_Washi....
Somehow they managed to avoid breaking into the Capitol building and rifling through the offices of Congresscritters.
U.S. v. Miller [1], which established the third-party doctrine, turned on whether "the business records of the banks" to which the defendant could "assert neither ownership nor possession" could be accessed by subpoena versus court-authorized warrant. (The context turns on bank records. Smith v. Maryland [2] expands it to "phone numbers [conveyed] to the telephone company.")
This seems trivially fixable with legislation. Requests made by the government to third parties in respect of specific persons' non-public (even if not strictly confidential) records require court approval or the first party's consent. Also, easier than trying to expand he definition of "houses, papers, and effects" [3] to cover our data in various clouds: defining, in statute, that there is a legitimate and reasonable expectation of privacy in the phone numbers one dials to speak to or message with another person or persons, e-mails one sends to a small group of people, handles one provides a messaging service marketed as encrypted, and articles (e.g. documents, photos and work products) uploaded to a third party's server for personal use.
[1] https://tile.loc.gov/storage-services/service/ll/usrep/usrep...
[2] https://tile.loc.gov/storage-services/service/ll/usrep/usrep...
[3] https://constitution.congress.gov/constitution/amendment-4/
Gmail launched in 2004.
The Patriot act was signed in to law in October 2001.
Bill Binney blew the whistle on illegal NSA mass data collection of email, web browsing, and cell phone records in 2002.
Hard to pinpoint when smartphones became mainstream, though as a point of reference the iPhone was launched in 2007.
So clearly the NSA was trying to do dragnet surveillance of the internet well before gmail or the widespread use of smartphones.
A quote from the Bill Binney wikipedia page: "Binney has also been publicly critical of the NSA for spying on U.S. citizens, saying of its expanded surveillance after the September 11, 2001 attacks that 'it's better than anything that the KGB, the Stasi, or the Gestapo and SS ever had'"
https://en.wikipedia.org/wiki/Gmail
https://en.wikipedia.org/wiki/Patriot_Act
https://en.wikipedia.org/wiki/William_Binney_(intelligence_o...
What you need to do is pick an entity that has the information you desire, and recursively enumerate the graph of all business deals which involve the sale of that information (their downstreams, effectively). After that, you do OSINT to map out all of the employees of every organization that has access to these databases. After you have mapped out these tens of thousands of individuals and their likely social graphs, all you have to do is pay one of them a relatively small sum to do a query on your behalf.
This won't happen, our security state is built on private surveillance and partnerships between law enforcement and private surveillance companies.
Whether we like it or not, the intelligence and security apparatus feel like we need China-style surveillance, because terrorists/spies/civil unrest/FOMO/etc, and we're getting it one way or another. It's either outright illegal, or legally questionable, for the government to do exactly what the CCP has, but there's the loophole illustrated in the OP. Private companies are allowed to surveil Americans, and they're free to choose whether or not they share the data they collect with law enforcement.
Now we have companies like Amazon partnering with thousands of law enforcement agencies[1] to advertise[2], deploy and monitor Americans via their products like Ring. Amazon is free to share whatever data they collect from you whenever they want[3]. They can share your data with law enforcement without warrants and they don't even have to let you know that they did so[4].
The article in the OP goes into how phone records are being used to track people's locations, as well. As much as I'd like to, I can't see this genie being put back in the bottle.
[1] https://www.theverge.com/2021/1/31/22258856/amazon-ring-part...
[2] https://www.businessinsider.com/amazon-ring-require-police-a...
[3] https://www.cnn.com/2022/07/14/tech/amazon-ring-police-foota...
[4] https://www.wired.com/story/amazon-ring-police-videos-securi...
But in all seriousness, you should know it is actually possible to use data towards good aims. Policy makers can use data to produce better answers to questions exploring issues like poverty, disease, crime, financial literacy, etc. Setting up a massive survey is slow and extremely expensive, and that makes it extremely hard to iterate on findings. Getting answers years quicker makes it possible for the government to develop better policies, and that's a good thing. Sure the Nazis were evil, and information enabled the Nazis to be more efficient and effective at implementing evil policies. But an un/less-informed government isn't a goal to strive for. Good government implementing good policies is a goal worth striving for, as there are some problems that can only be addressed at government scale.
Some journalist was like, "what happens if I go to [VHS Rental Store] and ask for the list of videos a supreme court nominee rented". And the store gave him the list and he subsequently published it and then congress panicked as they knew their rental history could be next.
[1]: https://en.wikipedia.org/wiki/Video_Privacy_Protection_Act
I was an early employee at Disqus (YC S07). I helped build its 3rd party commenting plugin, because I had a blog and believed in distributed discussion. I genuinely believe the company did too (the founders, the employees, etc.). But eventually the rubber hits the road, and Disqus was sold years later to Zeta Global [1], a “data-driven marketing company”.
As long as you have a database in the cloud with a non-trivial amount of user data, you don’t really have control over what becomes of it.
[1] https://techcrunch.com/2017/12/05/zeta-global-acquires-comme...
https://www.dni.gov/index.php/newsroom/reports-publications/...
Feeds into what "system".
Do you really think Google/Amazon/Apple/etc are handing over your Name+Phone number to say Spokeo [1]? I just don't think you get it. Your phone company is the one that is selling your data to anybody not FAANG.
It's easy to say some "ad-tech" are doing X, but actually get a whiteboard out and start with say Google and list what products of theirs collect what data. Then list the process by which say the USG buys its from Google. I'm very interested in what names for the processes are going to be because I really doubt you'll find any for the ad-platforms.
Is Snowden some kind of 4d chess false flag? lol ....
[1]: https://www.theverge.com/2013/10/30/5046958/nsa-secretly-tap...
https://transparencyreport.google.com/user-data/overview?use...
And this is just the stuff they're public about. Also interesting to note that while they classify some of these as "warrants" or whatever else, they don't actually say whether it simply originated from a warrant, or whether they were legally obligated to comply due to the warrant.
Over the years it's been millions of accounts, and the data they gather from those millions of accounts also creates a vivid image of tens or hundreds of millions of other accounts.
Can't get the warrant to get the user data for some given person? No problem, get a reason to have a warrant for all 5,295 people she's ever communicated to over Google services. It effectively services as a warrant for her data specifically at that point.
What if I told you that the NSA has been doing that for the last 20 years?[0]
https://en.wikipedia.org/wiki/Social_cycle_theory#:~:text=Po....
How much plausible deniability of all of this stuff that can be happily plugged into the Google, etc, APIs and tools should we extend to the big players? I'm sure there are plenty of people at all those companies who know that the data connection integrations they provide aren't only getting first-party, originally-sourced data. Google's ad platform doesn't need to explicitly get their hands dirty tying all the threads together for you or maintain a singular massive database of everything, they just need to supply enough hooks to let all the OTHER companies do it. Which is probably good in that everyone's ad-hoc attempt is probably less-accurate than Google could do on their own... but all that data is still floating around and it all originally got connected to use to target ads in these systems.
EDIT: And if you extend it to the publishing arms (e.g. Youtube or MSN or whatever) than I'd bet many of the big players in ad serving have other departments that are running integrations with some of those data aggregation platforms. They know how the game works for sure.
As an example, Apple complied with 90% of government requests for user data: https://www.businessinsider.com/apple-complies-percent-us-go...
The US gov has trampled on essentially every right we were taught about in 4th grade schoolhouse rock. They infiltrated and spied on Muslims in Minnesota [1] and before that had an entire program of spying on any activist at all. Before that they put entire races (Germans and Japanese) in internment camps and SCOTUS said it was fine. Hell, they even bombed people in Philadelphia.
My point is, exploiting the 3rd party doctrine to spy on Americans might be out of step with your conception of America and what you think it should be, but it’s not out of step with the historical reality of America.
[1] https://www.nytimes.com/2021/09/01/magazine/fbi-terrorism-te...
"With thousands of attributes on more than 300 million consumers and 126 million households, ConsumerView data provides a deeper understanding of your customers, resulting in more actionable insights across channels."
https://www.experian.com/assets/dataselect/brochures/consume...
"When a user enters a venue and dwells for at least two minutes, our Pilgrim technology records all of the signals available on the phone. It then matches that person to confirmed signals from our panel of 13 billion in order to register a visit. Utilizing stop detection technology and dwell time is crucial for reporting visits because we are capturing true visits as opposed to someone driving by or sitting in traffic nearby."
https://location.foursquare.com/visits/docs/how-does-visits-...
"Cross-device targeting is a method of advertising where you display ads on various devices belonging to one user from the target audience.
An average user uses the internet on three different devices. They look at their smartphone first thing in the morning, work on their PC, surf the internet on their tablet on their way home, and drift off to sleep with their TV streaming turned on. Imagine that you can display your relevant ad on each of their devices, with your message following the user throughout their day."
https://www.onaudience.com/resources/what-is-cross-device-ta...
... and many many many many many many others.
Absent this, one of three conditions exist:
1. There is no monopoly. In which case violence is widespread, and there is no state.
2. There is no legitimacy. In which case violence is capricious.
3. Some non-state power or agent assumes the monopoly on legitimate violence. In which case it becomes, by definition The State.
The state's claim is to legitimacy. A capricious exercise would be an abrogation of legitimacy
Weber, Max (1978). Roth, Guenther; Wittich, Claus (eds.). Economy and Society. Berkeley: U. California Press. p. 54.
<https://archive.org/details/economysociety00webe/page/54/mod...>
There's an excellent explanation of the common misunderstanding in this episode of the Talking Politics podcast: <https://play.acast.com/s/history-of-ideas/weberonleadership>
The misleading and abbreviated form that's frequently found online seems to have originated with Rothbard in the 1960s, and was further popularised by Nozick in the 1970s. It's now falsely accepted as a truth when in fact it is a gross misrepresentation and obscures the core principles Weber advanced.
In your comment, what you confuse is capacity for violence (inherent in all actors, state, individual, corporate, or non-governmental institutional, with numerous extant examples of each) with the Weberian definition of a monopoly on the legitimate claim to violence. In practice, enacting violence on virtually any actor will engender some counterveiling response, though the effectiveness will vary greatly depending on the comparative power and/or disinhibition of the entity responding.
There are numerous examples of private corporations or non-governmental actors engaging in violence, with or without state support or sanction. There are the 100 million souls lost, respectively, to the British East India Company's occupation and administration (as a private entity, with military powers) of India, of the transatlantic slave trade by numerous private commercial operators, and of the genocide against the indigenous populations of the Americas, again much by privately-chartered corporations (as the original British colonies were). There are extant mercenary forces such as Constellis (formerly Academi, formerly Xe, formerly Blackwater) in the US, or the Wagner Group presently transacting genocide in Ukraine. There are oil companies who have initiated coups, paramilitary actions, and assassinations throughout the world. There is the Pinkerton Agency, still extant, and with a storied role in violence against labour and civil rights movements. There are railroads, with their own (private) police forces, which are in fact registered as law enforcement despite being nongovernmental.
The truth is that there is no clean distinction between State and Private use of force, lethal or otherwise. What there is in government is, one hopes, legitimacy and accountability to the citizenry rather than to creditors and investors.
1. Nature of Trust: I think depending on how much you trust your government that views on state surveillance are going to change and similarly how you trust corporations. We should definitely acknowledge this because it plays a major factor. I believe your stance is from that of trust for government but distrust of corporations. Personally I distrust both (American). The two slight advantages I see to surveillance capitalism are that the collected data is distributed and that it is easier to poison the well. In the competitive corporate setting they _tend_ to not sell the data but rather access to the tools to process the data. (To be clear, both forms exist) If the data could be bought then it gives their competition advantages. So there's a weird incentive to keep that data locked tight (think Google & Facebook as opposed to Equifax). The hope is that no single entity can collect enough information. As for poisoning the well, I'd assume that this would almost always be illegal for a state surveillance program but difficult to sue in a corporate setting. I believe that it is also easier to fine or punish a single actor in the state case -- especially since they need to set examples -- while a corporate case they will likely not pursue as this is expensive unless you create and distribute tools. But maybe that's a bad assumption.
2. Abuse potential: This is the argument that I think privacy maximizers focus on and do not budge or even recognize the usefulness of surveillance (you got to understand if you want to prevent it). Personally I see democracies as perpetual balancing acts and naturally unstable. But that the benefits outweigh the costs. The issue, often called 'Turnkey Tyranny", is that a single bad actor can be democratically elected and then abuse that power (we've heard this, I'll move on in a sec). We don't have to point to Hitler, but we can even point to the abuse that the parent discussed with respect to the Patriot Act which we saw used and arguably abused under the Bush, Obama, and Trump administrations. Surveillance creep seems more pervasive within a government system, to me, as what I've seen is that once something is in place it is hard to remove. On the other hand, in a corporate setting you can move a lot faster. For example, Apple and WhatsApp/Facebook are both on privacy kicks, promoting their encryption. We all know that there's still collection, but the positioning themselves as privacy preserving has kicked off a competition in the other direction while we haven't seen such a movement in the US government (personally I wouldn't say GDPR is strong and that the EU articles are easily circumvented). That's a clear double edged sword but does feel like it can respond to user sentiment faster (one of the big differences in capitalism vs communism is market response and I see corollaries here). On the other hand I've continuously seen my government try to remove encryption and even attempt to hid it under the guise of universally hated things (child porn and terrorism). Essentially I see laws/regulations as more sticky than corporate decisions. Combine that with the above hope for distribution, I think there is less potential for abuse. The final factor we need to include is that a state can do more harm to a citizen than a corporate entity can.
For your specific cases about a bike being stolen or the common one about the feeling of safety walking down the street, especially at night, I think there are other correlating factors that we can't ignore. While we see examples of bikes being returned and bad guys quickly caught I'm not convinced these are statistically higher or primarily dependent on the surveillance itself. Perception obviously plays a role: perception of risk to commit crime as well as perception of likelihood of victimization. One of the most interesting statistics I see (I probably spend an unhealthy amount of time thinking about these numbers lol) is that Americans perceive crime as increasing year over year while there is a dramatic trend downwards[0,1,2,3]. Though I'll be honest in that [0] notes that less than half of crimes are reporter of solved, but the lowest rates are with sexual violence and we have been seeing a steady increase in reporting (likely related to MeToo and other such movements). But I also am having trouble finding estimates of under-reporting for other countries so this might be related to my original comment about America's failures being more in the open or possibly bad googling. I can at least state that from personal experience I have little fear in leaving my door unlocked and often friends comment at how crazy and careless I am but despite having lived in areas with perceived high crime rates (I look them up) I have yet to have had anything taken from my household. I will say that bike theft is common in my area, but the homeless rate is high and that's an easy to pawn item and probably a better indicator of a different problem (a confounding variable) than actual safety (which I'm mostly thinking is violent crime).
Sorry for the wall. I hope I didn't repeat too much that is argued to oblivion.
[0] https://www.pewresearch.org/short-reads/2020/11/20/facts-abo...
[1] https://news.gallup.com/poll/1603/crime.aspx
[2] https://www.pewresearch.org/short-reads/2022/10/31/violent-c...
[3] https://news.gallup.com/poll/404048/record-high-perceive-loc...
Make it a huge PITA to keep this kind of data in the first place.
If everyone nationally submits a FOIA record to every agency which might be keeping data on them, it quickly will become un-economical to keep data on anyone but persons of interest.