This quote from the article highlights the problem at hand:
> Organizations like the Center for Democracy and Technology, which received at least $960,000 from [Google and Facebook] in 2018, are often quoted in the media as unbiased third parties and influence how policy is developed in Washington as such, despite receiving the tech company funding.
> The group supports allowing tech giants to sell user data to third parties with limited restrictions, a position that is in line with technology companies that profit handsomely from such sales, but not so popular with consumers.
I guess "Privacy Advocacy Groups" does not equal "Pro-Privacy Advocacy Groups".
The problem with this theory is that it doesn't align with facts.
Google and most of the other major tech companies don't actually sell user data. They collect it to use internally. The biggest companies who actually do that are the ISPs, but that doesn't really fit the same narrative, and I doubt they donate a lot to privacy groups.
The reason a lot of privacy groups don't try to restrict selling user data is a combination of a potentially legitimate first amendment problem with restricting it and a finite amount of political capital. Sometimes political capital has to be spent making sure that e.g. the FBI director doesn't push through a law against strong encryption. Sometimes it's better to have a bill that improves privacy a little and actually passes than a bill that improves privacy a lot but never makes it into law, or start with one that isn't as easy for Comcast to have struck down by the courts and in so doing create a problematic legal precedent.
Meanwhile you ask why Google and Facebook donate to privacy groups, but their goals are actually aligned on a lot of things, like promoting the use of HTTPS over HTTP and opposition to draconian copyright laws.
This is gotcha journalism, and it's problematic because what are you proposing as a solution? That privacy groups stop accepting money from tech companies? What that would do is cause them to have less money for privacy advocacy. Ask yourself who benefits from that.
So the facts are wrong because rather than selling the data directly they only exploit it themselves for profit? That only holds while ignoring the fact that most of that profit comes from third parties who they're effectively selling data access to (e.g. ads where the profit is from Google's ability to know which ads to put in front of which users, effectively selling that user's privacy for profit).
Pointing out that ISPs are worse is really neither here nor there. Just because big tech isn't the worst does absolve them of criticism nor is a compelling argument for why we cannot talk about them lobbying for the law to allow them to continue to do what they're doing or even expand it.
I'm not even going to try and address why we cannot have privacy because of "legitimate first amendment problem[s]" or because it would result in "law[s] against strong encryption." I don't consider those arguments to even pass the basic sniff test, they feel like throwing out every argument under the sun and seeing what sticks. Almost to Gish Gallop levels.
> This is gotcha journalism
That isn't what "gotcha journalism" means. Collecting facts, presenting those facts, and putting a negative spin on it isn't "gotcha journalism" because the journalist didn't trick Google or Facebook into doing these things, they're simply telling the public that they did. In fact the term doesn't really to apply to journalism outside of interviews, see:
I don't agree that just because 3rd parties are where google profits, means that they are buying the data.
If I ran a newsletter, "selling data" would be me giving a 3rd party my mailing list. Profiting from the data would be me "selling eyeballs" from my list.
That is effectively what Google and Facebook do. They are in the eyeball selling industry, not email selling.
They create a medium the advertisers want to advertise into.
They "own the eyeballs," as it were. They create the newspaper that people read.
Google does not own the eyeballs, they are an aggregator but they loudly point out that users could switch. Let's acknowledge that users are not likely to switch away from Google websites, Android, etc. but it's as if Google snatched the newspaper and stuck advertising stickers all over it just before you read it in the morning.
I can see where you are going with this, but I disagree with it (mostly).
Google owns the eyeballs on the places of the internet that have sold that space to google.
If I have a website and want to monetize it with ads, I'm giving that section of my page to Google. Who now rents the "tower" in my sidebar, and owns the eyeballs of my visitors. The advertisers don't get to own my data. I'm just exposing my audience to their products. If my audience decides that they want the advertised widget, they are then willingly giving their data to the advertiser when they purchase/sign up/whatever.
The only point I agree with you on (if this is what you meant) is how Google ranks search results based on the speed of the content, and who's content loads fastest for Google? AMP... owned by Google.
I think the browser is the equivalent of a newspaper.
It's just you can "open your newspaper" to pages defined by someone on the internet, as opposed to only getting the 30-to-50 pages put out by the newspaper company.
I think the pages within it can be Google, but there's a browser in between. If you use Chrome, then Google totally owns your eyeballs (according to my viewpoint).
But you are spot on with publishers opening up a "tower" on their page, and Google moving in and paying rent. And from that point on, Google is watching you.
Maybe the ISP owns the eyeballs? ISPs are often characterized as either a "content network" (such as Netflix) or an "eyeball network" (such as Comcast). And the networks sometimes fight because Comcast thinks they're the big, bad eyeball network. Netflix, of course, thinks they're the big, bad content network.
> but it's as if Google snatched the newspaper and stuck advertising stickers all over it just before you read it in the morning.
Google gives free reading glasses that allows you to read the newspaper. The problem is that they only work for the newspapers they like and the newspapers they like happen to have advertising stickers all over it.
Purportedly unrelated to that they have also told all the newspaper sellers to take a note of when and where you buy your newspaper, but they assure you that is completely unrelated to the advertising side of things.
That sounds like what TV, radio and newspaper ad space sells.
Google on the other hand is selling the data attached to those eye balls. You want Male eye balls, between the age of 18-35? You want eye balls from a certain state? city? county? How about college educated eye balls?
Knowing everything about your eye balls and monetizing that information is Google's real racket...that and fraudulent clicks (that is Google often sells fake eye balls).
This is still not very different than TV. Cable channels know what demographics of the people that watch their shows and sell their eyeballs accordingly. Hell, entire shows exist to specifically attract certain types of eyeballs.
If I pay you $5 to show an ad in front of a certain type of person and you come back and tell me that you did it I haven't really learned anything about that person. It seems hard to say that that is the same as selling people's data.
A major difference is that TV doesn't spy on you while online advertisers do. TV targets ads based on the content of the shows, similar to how contextual ads used to work based on the content of the websites they were placed in. They don't try to spy on your each and every move.
This is true but not super relevant to the question of whether paying someone to place an ad in front of certain demographics is selling information.
Because sure, Google knows a lot of people and they have a lot of ad space to fill which means they have a good chance at finding and reaching the demographics I asked for but I don’t get any of that information as part of my transaction with them.
Does it really matter if the data is technically being "sold" or not? The fact that any one entity holds an unprecedented level of information about us is alarming in and of itself. As Snowden said in his first interview, all that data is just sitting there waiting to be abused, and the only thing stopping anyone from doing so yet if they haven't already are policies that can and will change in the future. It doesn't matter who has access to the actual data as long as someone does.
If adtech wants to serve us "relevant" ads, that's fine but the intrusive spying has to stop. Plain old contextual ads should be more than enough for that purpose.
If I target 21-26 year olds with an advertising campaign, and someone clicks on that add. Then Facebook just told me they think the person at the other end of that click is 21-26. From my perspective they just sold that information.
With TV, it’s all vague guess on their part about what kind of content people like. Are the people watching daytime soaps can be 18 or 80, it’s vague topic and time of day based filtering.
If you put an ad, untargetted, with a bikini clad woman in it, you can be confident the person that clicked it is an 18-26 year old male.
Google's guessing of your demographics is amusingly wrong sometimes (you can see the categories it puts you in).
> With TV, it’s all vague guess on their part about what kind of content people like
People with HBO have disposable incomes. People watching Nick or Disney channel are or have children, whose ages and genders can be further refined based on the shows in question. "You have a 8-11 year old daughter" is absolutely trivial to accurately glean from television, and is basically the single most valuable advertising demographic.
Google is not Facebook, and the question is what their selling not that the information is official. Anyway, I think you will find 17- and 27+ year old men also click on bikini clad woman.
As to Disney watchers, my male collage roommate used to love those shows. At the extreme end MLP friendship is magic has a vastly wider following than the original target demographic.
They both correlate with demographic data, TV is swimply wildly inaccurate and not tied to a specific individual.
On TV, you can target so many demographics indirectly by buying ads on shows they like. Companies like Nielson have been reporting on the demographics watching shows for decades. You can also target geographically at least down to the county-ish level.
TV stations and Google both know who is watching what and selling access to their customers to advertisers. Google might be a bit more sophisticated than TV, but besides "retargeting" (following you around different sites) they use the same basic techniques and offer the same things to Advertisers
Yes the facts are wrong and there is a major difference between selling the data and using it. It is like the difference between a salesman asking a bartender what type of drinks you prefer and them having a transcript of everything you ever said in the bar.
>It is like the difference between a salesman asking a bartender what type of drinks you prefer and them having a transcript of everything you ever said in the bar.
Correct. The better analogy is the salesman asking the bartender that when someone orders X drink, give them Y drink also for free. The salesman never actually gets to find out what customers got Y, though they can learn how many Y were given away and thereby get some secondary signal on how popular X is (and, of course, if individual bar patrons walk directly out of the bar and say "Hey, can I buy more Y?" the salesman can make a pretty strong guess that the patron in question likes X).
Yes. And as we know, Prolog is turing complete. Therefore†, anything which the salesman could do if he could hear ever bar patron's conversation, he can do by a clever set of ad deployments (though it may be orders of magnitude less efficient).
----
† Yes, I'm stretching the "proof" beyond its breaking point here.
It's too simple to say they don't learn anything. If you actually click on the ad, advertisers sometimes gain some information (based on IP address, third-party cookies, and maybe browser fingerprinting) Sometimes they might get some information just by running the ad via analytics.
It's a bit murky whether the amounts to being able to identify you. It's not clear how much advertisers care about identifying people who don't buy or how effective advertising actually is. And this data goes stale pretty quickly anyway.
So it comes down to, "well, it depends." None of this is comforting to people who don't want to be tracked. On the other hand I haven't heard anything credible about people being directly harmed by it? It seems more about the principle of the thing?
You're absolutely correct. That's what I was trying to capture in the parenthetical; clicking on an ad is like wandering directly out of the bar and straight into the salesman's shop.
One tells you something relevant to what sort of domain - what to get them. The bartender doesn't tell them about your nasty divorce, trouble at work, etc. Likewise Google doesn't just hand out your embarrassing search history to the highest bidder - because both would be both wrong and absolutely terrible for business.
Large differences of scale are difference of kind. This holds true for information (it's crucial that e.g. property records be available at your local planner's office; it's not clear things are similar when talking about large centralized databases that are searched from anywhere). It also holds true for systems, especially biological systems. (There's a great book called "Scale" that talks about this.)
> So the facts are wrong because rather than selling the data directly they only exploit it themselves for profit? That only holds while ignoring the fact that most of that profit comes from third parties who they're effectively selling data access to (e.g. ads where the profit is from Google's ability to know which ads to put in front of which users, effectively selling that user's privacy for profit).
When the argument is that the privacy groups have a perverse interest in opposing a specific rule because of donations from tech companies, it seems pretty relevant that the tech companies already aren't actually violating that rule.
> Pointing out that ISPs are worse is really neither here nor there. Just because big tech isn't the worst does absolve them of criticism nor is a compelling argument for why we cannot talk about them lobbying for the law to allow them to continue to do what they're doing or even expand it.
But that isn't what they're talking about. They're talking about laws against selling user data, which the ISPs are doing (so there is a strong lobby against passing a law to prohibit it), but the tech companies generally aren't.
To prohibit what the tech companies are doing you would basically need a law against collecting user data, or something much more invasive and specific about what it could be used for than "don't sell it", and that's a whole different debate. Because then you run into problems like entrenching the incumbents by creating a complex regulatory environment that only huge tech companies can navigate. Which is why opponents try to tar them with "selling user data" instead, which is a lot easier to define and be opposed to, even though they aren't actually doing that.
> I'm not even going to try and address why we cannot have privacy because of "legitimate first amendment problem[s]" or because it would result in "law[s] against strong encryption." I don't consider those arguments to even pass the basic sniff test, they feel like throwing out every argument under the sun and seeing what sticks.
Political realities exist even when they're complicated and inconvenient. Mocking them doesn't make them go away.
> Collecting facts, presenting those facts, and putting a negative spin on it isn't "gotcha journalism" because the journalist didn't trick Google or Facebook into doing these things, they're simply telling the public that they did. In fact the term doesn't really to apply to journalism outside of interviews
The term originally dates from a time when "interviews" were a thing that happened after you actually agreed to be interviewed. Now the debate happens live on the internet and trolls get to ask their loaded questions in front of the public with the implication that you're guilty if you don't respond.
But the question is phrased so as to make an exonerating response impossible. It's the rhetorical equivalent of "have you stopped beating your wife" -- have you stopped allowing tech company money to influence your policies? Respond right now, while the question is on the front page, or you're guilty.
> When the argument is that the privacy groups have a perverse interest in opposing a specific rule because of donations from tech companies, it seems pretty relevant that the tech companies already aren't actually violating that rule.
You conveniently left out one of the two companies, and I wonder why you omitted that Facebook has actually been convicted of violating the rule.
> But that isn't what they're talking about. They're talking about laws against selling user data, which the ISPs are doing (so there is a strong lobby against passing a law to prohibit it), but the tech companies generally aren't.
Yes, Facebook totally got caught selling user data.
> To prohibit what the tech companies are doing you would basically need a law against collecting user data, or something much more invasive and specific about what it could be used for than "don't sell it", and that's a whole different debate. Because then you run into problems like entrenching the incumbents by creating a complex regulatory environment that only huge tech companies can navigate. Which is why opponents try to tar them with "selling user data" instead, which is a lot easier to define and be opposed to, even though they aren't actually doing that.
Such as... GDPR?
> Political realities exist even when they're complicated and inconvenient. Mocking them doesn't make them go away.
Totally agree.
> The term originally dates from a time when "interviews" were a thing that happened after you actually agreed to be interviewed. Now the debate happens live on the internet and trolls get to ask their loaded questions in front of the public with the implication that you're guilty if you don't respond.
Sigh, all those sources are talking about API access, not packaging up a tarball of their user database and shipping it off. Some of those links are just speculation about early ideas of charging for API access.
In either case, the model for having API access was that the end user would get a nice clear permissions dialog telling them what info they were giving to the third party and having them click "I Agree" before any data was transferred.
Even better, in the case of the device partnerships, you had to login with your FB username and password!
Those articles are the equivalent of saying Apple shares data with Google because iMail can open your Gmail account
Because people are profoundly bad at understanding how modern online advertising works and the companies profiting from it have done a notably bad job of consumer education.
The most common behavior people observe that makes them think companies are selling their data is when they visit some site P that sells widget p and then on completely unrelated site Q they start seeing ads for p. The obvious conclusion to draw is that Q now knows they visited P. In reality, ad broker X knows the user visited P, and is satisfying queries from Q (really, from the user agent visiting Q) by vending ads for p to the user agent that is displaying site Q's content alongside that ad. But the ad and Q's content are generally sandboxed from each other the same way that your bank account login state is sandboxed from Q also (1). In reality, Q has no idea the user has visited P, but the content on the page strongly suggests that Q does.
(1) note: It is possible there are holes in the security model that an unscrupulous Q could use to gather information on a user about their history on P; that's generally considered a violation of the ad vendor's policy and will get Q kicked off the ad network.
There is also an element of people (esp. on this forum) who strongly dislike big tech companies, and want to use inflammatory language to strengthen their point.
well politicians certainly can make hay of it, in fact they seem to be the biggest spreaders of misinformation. most don't get called out on it because of either that it sounds good or because people who could aren't in positions to be heard.
throw these companies have lots of money to pay fines, suits, and campaign donations with, and the outcome is decided
Just bc data doesn't leave the platform doesn't mean they are not selling products with it baked in. Maybe it's semantics, but if you buy an audience to target based on data that FB is capturing, you are buying user data.
The distinction people have been using in this thread is "buying eyeballs" vs. "buying user data." And it's a meaningful distinction; I might trust FB to show me an ad microtargeted at employees of my company, but I don't trust every advertiser to know what company I work for.
It's more than a semantic difference. Buying user data means you are purchasing data. That is not what is happening here.
When you purchase data, it can be remixed and resold, can be used outside the original terms of service agreed to between FB/Google and their users. This is difficult to enforce agreed upon protections, and is a troubling issue (e.g. Cambridge Analytica had user data they used in a "clearly wrong" manner -- a problem that AFAIK was from 3 years ago and has since been shut down).
Buying access to the users means an advertiser is purchasing the ability to put a message in front of the user. This data is covered by user agreements, and is much harder for third parties to use in a "clearly wrong" manner. This data must be deleted at the request of the user, and can be (relatively) easily deleted by going to the original source (a key distinction -- it's very hard to delete data that has been sold and resold).
It is important to use the correct description of what is happening. On FB, you're not "buying an audience" so much as "defining an audience to reach". You don't get to hold the user data in a csv; you get to put messages in front of groups of people. You don't possess the data -- you have access to use it through a user interface provided by FB/Google.
I respect that you may feel FB/Google holding these user data is unethical. Other people feel the exchange is perfectly fine. Regardless, using precise language is important to not muddy the waters, especially in such a tendentious debate.
Who is the hypothetical you in the second to last paragraph? You are assuming one scenario, that of a brand or agency planner, who is creating a media plan with audience builder or w/e the name is these days.
Saying or assuming that no tech companies sell user data is disingenuous. Case in point, doesn't Edmunds have an exclusive data contract to share data with Oracle Data Cloud?
An advertiser, in the 2nd to last paragraph. I'm only assuming the facts in evidence -- that FB and Google aren't selling user data. They sell advertisements, which use user data for targeting via generally broad mechanisms or 1st party data.
Re-reading my comment, I don't think I said anything about companies in general.
Maybe it's because it's dangled as a red herring all the time when in fact it is barely relevant whether Google & co sell your data.
The fact that they collect it in the first place is the real problem. And when they inevitably get hacked and lose the data (happened), or leak the data (happened), or their employees inappropriately access the data (happened), or they hand it over to whatever government after putting up a token fight (happened)... it doesn't matter one bit.
> Google and most of the other major tech companies don't actually sell user data
This is not correct. Google and Facebook may not sell PII directly to third party but most lower/medium size tech companies do sell PII to third party (insurers, credit co, erc) and most of them even say it explicitly on TOS or privacy policy.
Now, because it's written deep down inside some TOS doesn't mean users are fully informed and people certainly are not making truly informed decisions.
Now, the fact is: people do not understand whats going in and tech companies are abusing this.
> what are you proposing as a solution? That privacy groups stop accepting money from tech companies? What that would do is cause them to have less money for privacy advocacy. Ask yourself who benefits from that.
This is a classic case of zooming in too far with your politics. You can maybe make this argument if you put blinders on and only consider the next best option in this exact political system, but really this is a paradigmatic example of Google & Facebook attempting both regulatory capture & crowding out organizations who would authentically advocate for users rather than gigantic corporations.
If you wake up every morning and choose the least evil of the options directly in front of you without once thinking of the bigger picture, you go to some truly bad places.
Could you explain why the restriction over selling user data would be a violation of first amendment rights?
Overall, isn't your last point also the source of problems? If the whole idea is to be able to exert regulatory control, to protect users, over companies that seem to have a huge share on decision-making in this space due to their unmatched wealth, how is their parting with a minuscule portion of their wealth so they can potentially influence a decision made on the topic of restricting them, solve any problems in the first place? It seems like a stretch to suggest that privacy advocacy groups need money from tech giants to support themselves.
I agree that every organization needs the money but the problem at hand is that every organization should not ideally depend on tech company donations because they have amassed the largest sums. Since this is the problem these laws are trying to address in the first place, I am not sure taking donations from tech giants would solve the problem, even if it doesn't exacerbate it (assuming for a moment that the tech giants are actually being a force of good here).
> Could you explain why the restriction over selling user data would be a violation of first amendment rights?
Start with the premise that you're passing a law against people telling other people anything they know about you (especially if they would otherwise be able to without compensation), then add in the "money is speech" thing, which is existing precedent whether you like it or not.
> If the whole idea is to be able to exert regulatory control, to protect users, over companies that seem to have a huge share on decision-making in this space due to their unmatched wealth, how is their parting with a minuscule portion of their wealth so they can potentially influence a decision made on the topic of restricting them, solve any problems in the first place? It seems like a stretch to suggest that privacy advocacy groups need money from tech giants to support themselves.
Privacy advocacy groups don't just have binary existence where either they exist or they don't. Every dollar is more advocacy.
And you can't have it both ways. Either the amount they receive is insignificant and consequently shouldn't affect their overall policy positions or it is significant and losing it would be a meaningful hit.
This sounds extremely vague and contrived - something something, the money is speech thing, 1A issue. We regulate all sorts of sales, data collection practices, etc, all the time. Can you find a concrete example, especially in a non-political, plain business-to-consumer context where such regulation has received 1A scrutiny? Even a description by Google or FB or their surrogates of such a potential problem will do.
Every dollar is more advocacy.
The question is advocacy for what. To square this circle you have to argue that the interests of Google and FB are aligned with the privacy interests of individual users - those are the interests such groups tend to claim to represent. This seems implied in your line of argument as I read it and, to me at least, appears glaringly inaccurate.
Ehhh, the 'collect it to use internally' is a bit inaccurate. While not literally saying 'here buyer is user data that we are offering to sell you' Facebook, Google, and every other platform do sell user-derived data to advertisers in the form of native audiences or other targeting products. 'Oh you want to to serve ads to individuals that shop at Uniqlo? Here's a list of profiles to target that have checked into a Uniqlo three times in the past 6 weeks'. 'New-Parents? here are inds that have dwelled on babies-r-us (I have no idea if they still exist) or clicked to learn more about a stroller ad that was served in their Instagram feed'.
It's not 'here's all the activity data about Anthony Mouse', and user data is collected internally, but it is also baked into targeting products that they sell to brands and agencies.
"Oh you want to to serve ads to individuals that shop at Uniqlo? Here's a list of profiles to target that have checked into a Uniqlo three times in the past 6 weeks"
No, this is not true. It's more like "Oh you want to to serve ads to individuals that shop at Uniqlo? Give us your ad creative and we will show you to the profiles that have checked into a Uniqlo three times in the past 6 weeks"
Additionally, at FB ads, often it's custom audience, and in that case it's "Oh you want to to serve ads to individuals that shop at Uniqlo? Give us your ad creative and list of email addresses of people you want to target and we show them your ads." (though you can actually do "similar audience" and so on.
Wait, I'm supposed to get paid for this? Who sends me the... is it a W.2 or a 1099? Somebody call my agent. I think I'm getting ripped off.
That's funny. Was that meant as a joke? It's like the reverse variant of the fallacy of the article. You imply that I'm getting paid based on my positions, the article implies that they're taking positions based on getting paid. No consideration of the possibility that the same positions could be held without compensation.
Does Google BUY consumer data as Facebook does? Do any of Google's acquired companies buy or sell user data? Do any of Google's expanding enterprise products buy or sell user data?
If the answer is yes to these questions Google may have a clear competitive reason to lobby for pro data selling/buying legislation to the detriment of users which may signal that these privacy advocacy groups may not actually be privacy advocacy groups as the article alludes to.
And they are quite effective. My government believes selling customer data is the road to riches. They plan to sell even patient data from mandatory governmental health services. Complete lunatics in my opinion.
I wrote that they sell it, which is wrong. They want to give it away for free. I don't know what is worse at this point. Patients don't have any possibility to protest.
It is in Germany and the law isn't active yet, but will be very soon. They basically create a central organization to collect data from all insurers. They receive info and are allowed to spread it to third parties in anonymized form.
> If the data is truly anonymized (and that's a big if), would you still have an issue?
Health data cannot be anonymized , since indicators and diagnoses can quickly identify a person. But no, this is my data and I do only share it when I explicitly consent to it.
You can opt out if you make enough money because that allows you to leave state insurance, which is kind of a real problem in our health system. But that wouldn't phase our current health minister, who seems to be an idiot and needs to be removed from office. His performance is bad enough.
Now that you bring it up, I can see how one could identify a person based on that data. We're able to identify users based on things like browser extensions; I see how the concepts map.
The only reason I have to favor this sort of data sharing is that I have a (perhaps naive) hope that it would aid diagnoses and treatment.
Not exactly the same thing, but the following is happening now, in Spain. Citizens can opt-out by either turning off their phones or putting them in airplane mode during the dates mentioned.
"Spain’s National Statistical Institute (INE) plans to track the movements of millions of Spanish citizen’s cellphones to conduct a ‘sociological study’, El Pais and EFE reported. The INE will analyze user’s movements between November 18 to 21, November 24, on December 25 and during July 20 and August 15, using data from the ‘big three’ telecom companies in Spain. Data however will be anonymized before processing, the INE stressed."
I know your question was rhetorical, but let's give it fair consideration. I suspect what they'll learn is whether they have the capability to analyze the movements of their entire population efficiently and if not, what it would take to do so.
Armed with that knowledge, they can prepare for the eventuality where the one-off exercise gets turned on permanently.
When people go where they go, and where they go next. This can help to figure out which interventions are even worth trying to improve things for public transport. I can imagine this would be very useful and relatively cheap to do.
Actually I have worked on projects for major UK rail stations along these lines - how many people on this platform then go to this platform, and should we build a bridge / open up a barrier.
I can see that as useful - it is targeted and pretty simple to do (although the anti-tracking mechanisms in wifi now makes it harder)
but ... I struggle with the value of such data collected on such a scale. Cell Tower radius is on the order of kilometres - the interesting stuff to do inside cities cannot be discovered on that scale - you need metres or better.
This feels like a mass public holiday migration watch. And you learn that ... people live in different cities to their parents?
Cells have both a maximum range and a _maximum population_. The multiplexing that enables many devices to use the same spectrum to communicate with a tower is limited, so you can't just put up one tower in Manhattan and you're done, that'd fill up with users immediately, you need to add lots of towers in areas with many simultaneous users or the service is lousy. As a bonus the reduced transmission distance means handsets (automatically) reduce radio power, which means improved battery life.
As a result cells are naturally much smaller in populated areas where you're most likely to want detailed information. In a city centre the cells may be only a hundred meters across. True, up a mountain the cellular network may have no idea where on the mountain you are, but this isn't a Safety of Life application, it's a survey.
The US Census famously used differential privacy in their most recent surveys. They have a quite extensive analysis of the tradeoffs they had to make to ensure everyone's privacy, and there is a fairly large body of academic work that analyzes (e.g.) the economic impact of this privacy preservation. The general consensus AFAIK is that they did a great job.
I'm not sure that this can be done with certain datasets, like health data.
If you had access to anonymised health data from my nation, for example, picking me personally out of the records would be extremely trivial, using just two data points:
+ I have an illness that only 1% of people have.
+ I lost my spleen whilst I was in primary school.
Both of those things are actually a matter of public record, thanks to being mentioned in various local newspapers, so it's reasonable to assume someone somewhere has that data.
I believe the general consensus on health data is that you have the age a person was at an incident, and the nature of an incident, you only need to have two or three incidents in your database to de-anonymise their records.
The only way to combat it is to not provide the detail required for the analysis that is exactly what the above organisations wish to do. No profiles, no fine-grained demographics.
And yet, people with rarer illnesses or events than mine will still stand out, so you also need to eliminate them from the dataset, even though they may well be the ones who could benefit most from this sort of widescale analysis.
Furthermore, the data may be static, but de-anonymization capabilities are not and may improve over time to identify someone.
For example, if they're tracking all instances of various ailments seen by some doctor in some time period. Suppose you are the only person of a given age and gender with that ailment, so that bucket would one entry for anonymous you. Fine. But then suppose the aggregating party begins to buy and correlate against credit card and location records that place you at the doctor's office in that time frame, bingo, they have a match to tie all three data.
> If the data is truly anonymized (and that's a big if), would you still have an issue?
Yes!
It's simply not anyone's matter to decide but the affected person what their data is used for, if only because that destroys trust. It is critical to the relationship between doctors and patients that the patient doesn't feel any need to hide information because they think that it might be shared and used against them, even when that fear might not actually be justified by the actual facts of the situation.
Also, that big if of anonymization is an important reason why the decision should be for the individual to make, if it is allowed at all: If you distrust the anonymization, then you should be able to refuse, without any requirement on your part to prove that it is unreliable.
Besides the "it can't be reliably anoned" answer, there are other issues.
One key one imo is simply ownership. Why do they get to sell it, regardless of who they are. I find the "terms of service" argument to be disingenuous.
I really think we need to completely change the way we do IP, and "data" has effectively become a new type of IP.
The default should be open/public domain, at lwats for anonyzable data. There are lots of reasons for it, economic moral and liberal.
Excellent question. In my mind I had been thinking that it could be analogous to census data. That doesn't answer the why though, or how it would bring commensurate benefits to civilians.
>> in much the same way it benefits us now, just more.
Tesla's data enables better driving software. Medical data lost motives medical tech, etc. If more people had access to it, the technology would improve more.
The conventional argument for patents, is/was (1) to encourage/reward innovation and (2) avoid secrecy. Imo, #2 failed, for the most part.
On innovation/etc... Ultimately data needs volume to be useful for ml applications. Opening all the datasets would also combine them, and improve their usefulness.
I'm skeptical as to whether robust anonymisation is possible, given the incentives involved.
After all, the data is more valuable the more bits there are per patient record, for researchers to find correlations - and the more bits there are, the easier it is to de-anonymise. Especially as you never know how many bits of data are already public about a given individual.
And given that they're releasing the data to make a profit, or to advance research, anyone doing this has an incentive to release more bits - and no incentive to release fewer bits.
Data that needs to be shared should be signed by sender at every port of exit and by receiver at every port of entry. All significant transformations should also be signed in a manner that allows one to follow data to it's real world source.
If applying complete attribution to our data was the norm, for at least some markets places, entities empowered by our data would be much less likely to just "share" it willy nilly.
Dark markets will always exist, but I think attribution of data would incentives certain corporations (health, banking, etc) to act in their users better interests, at least compared to what we have now.
"Anonymized data" can always be deanonymized. There have been plenty of studies about this.
It also reminds me of a recent post-Cambridge Analytica story about FB trying to get patient records, for which they said they "wouldn't get the names of the patients".
Okay, but the only reason Facebook would even get that data is to match it with its users' real names through some of their algorithmic reverse engineering of the data. That data is only useful to FB if it can associate various illnesses with real users on its platforms so that then advertisers can market to those people directly.
Don't fall for the "anonymized data" bullcrap. Google was caught doing something similarly recently, too.
This article accentuates the need to always look for the source of the funding when it comes to non-profits, think tanks, and "public interest" groups. Unfortunately, the goals of these groups are not always as transparent as their names would have you believe.
The same goes for all UNGOs and NGOs that operate around the world for various humanitarian causes. I have interned at places like World Vision, World Concern, and Save the Children; my sister has worked for almost three years at a well-known French NGO that operates in my home country (in SE Asia). A few other people I know work for various non-profit orgs like UNICEF and UNOCHA etc.
We notice one consistent thing: these purpose of organizations/institutions isn't as simple as "serve the best for the native population that they are supposed to save from natural/economic/humanitarian disaster". The need (say, for regional/program directors) to find the next funding to keep the project going trumps EVERY OTHER altruistic purpose. Also, these program directors don't stay for longer than 2-3 years (let alone getting to know the native population they are trying to help) and most of them are always trying to get in on the next action/conflict in another country, and/or to simply move to a better pasture (a more developed country). The management in these non-profit orgs--such as save the children, world vision, UNICEF--are always whitewashed (I do not intend this to come out negatively, but have to keep it real here) and they rarely promote native workers to have a say in things that matter (although native workers are the ones who have to do the day-to-day, on-the-field hard work). On Facebook, there has been a growing resentment by native workers toward these 'foreigners of ruling hierarchy' that work for non-profits (while taking up most of the salary+benefits and wasting donation money). I don't know how far it will go and am interested to see it out.
And even political parties. In Belgium the "Green" party (Groen) after the last election finally admitted they were not and never have been an environmental/ecological party after they grabbed control of the former real environment party (AGALEV) in 2003. They successfully bamboozled the green vote just by semantically squatting the name for 16 years.
Never trust a name, as more often than not it just has been hijacked by the most powerful/lucky marketing group.
I was once approached by someone representing (or at least claiming to) the Nature Conservancy. They had a worthy-sounding pitch but I told them that as a rule I didn't donate on knee-jerk reactions, but that I would be happy take down their info, have a closer look, and consider a donation. They guy said, "oh like on Charity Navigator", whipped out their phone and showed me near-perfect scores for them on Charity Navigator. I stuck to my rule, got home, and looked them up. At the time they had 2/4 stars on Charity Navigator. Guy was using an old screenshot or something.
Finding the information can be easy, but coming to a conclusion from it is harder.
For example, in the links you provided, we can see that AccessNow is supported by Google and Facebook, but also by Mozilla, which is generally considered to be a strong privacy advocate. Similarly, CDT is supported by Google and Facebook, but also by DuckDuckGo and Mozilla.
So what can we conclude from this? I'm not really sure. It could be any of:
1. Mozilla, DuckDuckGo, etc. are supporting organizations that are working against the interests of privacy.
2. Google and Facebook actually care about privacy.
3. Privacy is a complicated issue and there aren't really well-defined "sides" to take.
Even if they performed as advertised, it's not the only problem from this pattern. The bigger issue is how in our society giving away money somehow magically washes away all the harm done.
Here's the pattern: "First, do some harm. Reap gains from it. Then atone, and reap power from the atonement."
Anand Giridharadas has this all down. Best book you can read right now if you're interested in this topic.
Sadly, people are removed from civil society today (as they are removed from society in general), which leaves a lot of space for various snake oil salesmen selling them "safety" and "truth". We know well that these things can't be bought but earned.
I think buboard was referring to how the most prominent voices heard in political discourse today are not humans speaking for themselves, but corporate entities; lobbyists (correct me if my interpretation is wrong).
They're a 501(c)3, they take donations off the front page of their website. Sure, you might be curious who is donating? Or if there are any donations over a certain amount? I don't see any of that for The March of Dimes, either, do we question whether they are "for sale?"
I agree that "for sale" isn't a fair descriptor, of the March of Dimes or EPIC or the EFF. That was mostly my point.
I think it's reasonable to ask some number of questions about the March of Dimes. It's surprising, at least a little bit, that eradicating polio didn't reduce the amount of charitable work a polio charity had to do.
Because I'm aware of their history and the positions they've taken on privacy issues. They've always been the actual pro-privacy group, unlike the others which represent tech industry interests.
The EFF, popular with many tech workers, also falls into the latter group. They've started to pivot post all the privacy scandals of the past few years, but in general they've taken positions that align with the tech industry. There's a reason why they've been preoccupied with government surveillance but have been silent (until recently) about corporate surveillance.
I was mainly attacking those think tanks for providing air cover for tech industry interests. I'm sure there are actual examples of tech companies also donating to EPIC, as well as employees of tech companies.
Many, if not most, of the "consumer advocacy" groups are completely fake. They're astroturf groups that are owned by various industries. Here's a small selection of the ones owned by big oil:
I think that's true, our last big donation to EFF was a while ago. I know some executives have donated over the years significantly, but not as 'google'.
Glad I actually read the actual article. I saw the headline and thought to myself "hmmm, that's weird. I thought they wanted to basically destroy privacy, why would they be donating to things that try to preserve it?"
Google et al often stand to benefit from privacy regulations (e.g. GDPR), because they can bear the cost of compliance, while smaller competitors copying their business model can't. Increased costs in return for a stronger monopoly.
It seems that's partly the case here: they want more legislation, but also want to make sure it won't hurt them.
Do you really believe they want gdpr? Or might they be more interested in keeping it out of America? I see no evidence they care about people's privacy, rather the opposite is intrinsic to their business model.
It's not ideal for them, but I believe it benefits their monopoly position. Implementing the technical and compliance measures required by the GDPR is trivial at the scale of Google, but a significant barrier to entry for smaller competitors.
I don't believe they care about people's privacy either, but it's a noble cause to be exploited. I think what they really want is regulatory hurdles that stifle competition, but have no real impact on their business.
I expect they want to shape emerging legislation to include the likes of: appoint a dedicated data protection officer; have a process by which customers can request their data; produce quarterly reports. Things which place a proportionately larger burden on smaller businesses (which perhaps can even be sold to them as services), but don't limit the collection or processing of data.
Even if the privacy advocates are completely incorruptible, FB and Google still have a devious motivation when they try frame the debate about their companies around Privacy.
Privacy is important, but the monopolistic/oligarchic control these businesses exert over their peers and the people of our countries is the real issue.
Nothing would make these companies happier than if we argued about privacy for the next 100 years.
also Google spends loads of money on ads in actual papers (definitely catering to an older and more privacy-interested clientele), for example urging people to take privacy into their own hands, by leading them here: https://g.co/privacycheckup .
I wonder how many of the targets take the bait and "sign up for privacy" just to never sign out again, giving Google official approval for their data collection mechanics...
I'm coming more and more to the conclusion that a wide array of problems (from privacy to creating a sustainable economy) might just be served best by heavily regulating the whole advertising sector (starting from banning individualized ads to enforcing quotas on ad-spending/marketing in all other industries)
Not exactly the same topic but similar - reminded me of how Google also donates not a small amount to Mozilla, to the point where Mozilla’s survival seems to be quite dependent on Google’s generosity.
Can you clarify what Google donations are you talking about? I honestly interested since I know for sure they bought the right to be default search engine in many countries, but I doubt Google ever just donated a lot of money to Mozilla for no reason.
The Google payment to Mozilla has been in the form of a ad revenue sharing deal since 2005 or so. Before that you could characterize it as a donation, or something.
Do you have any reason to believe it is? The article contains interviews from spokespersons of some of the charities in question and Bloomberg asked Facebook/Google for comment. Surely if it was simply matching donations, someone in PR for one of these organizations would have derailed this entire article by pointing that out?
There is a long standing tradition of companies funding "third party" groups with essentially the opposite naming to what they're actually lobbying for.
FUD / message control / obfuscation is the name of the game.
Non-profits should be automatically named <sponsor>'s <name of group> - that would at least make it a little more obvious whose message you're getting.
It's a scientific fact that donations influence behavior. It is impossible for these organizations to remain unbiased in their approach to privacy when they take these contributions.
Doesn't sound like something that they would advocate for though. FB & G want your data to make money, and government wants their data to spy on you. Or is this a smokescreen
I think it's the thing in most areas with public and NGO advocacy groups. Although the groups are officially non-profits, they are often very profitable for its employees. Local Greenpeace branch essentially takes protection money from various developer and mining companies to look other way (at those that don't "sponsor" them) and use the money for bird conservation activities etc. in other areas.
If you think about it, it's not even that bad. No one else really cares much about the companies' exploits and the money is at the end at least partially used for praiseworthy goals. And wheel of market keeps spinning...
> Google and Facebook want a federal privacy law, as long as it doesn’t disrupt their data collection and advertising empires, critics say.
Impossible. That sentence literally contradicts itself. The real question is why we allow companies to be non profit, yet be shills for the like of Google and Facebook while pretending they are doing a public service. A company cannot be fully focused on privacy and take money from Google, fb, etc. Even Mozilla can't fully pull that off although they come pretty close.
So, Twitter shares of the article also use the current headline on HN, "Facebook, Google Donate Heavily to Privacy Advocacy Groups". It looks like Bloomberg Law changed the title, but the original submitter here did use the article title at the time.
> Organizations like the Center for Democracy and Technology, which received at least $960,000 from [Google and Facebook] in 2018, are often quoted in the media as unbiased third parties and influence how policy is developed in Washington as such, despite receiving the tech company funding.
> The group supports allowing tech giants to sell user data to third parties with limited restrictions, a position that is in line with technology companies that profit handsomely from such sales, but not so popular with consumers.
I guess "Privacy Advocacy Groups" does not equal "Pro-Privacy Advocacy Groups".