The deeper problem is that old laws are being used to deal with new behaviors. This inadequacy will continue to grow as human beings and computers slowly merge over the next century or two, where at some point, “your Google data” will be more-and-more equivalent to “all of your thoughts.”
Those who say that this is justified because warrants were obtained seem to miss the point that state’s ability and desire to gather information has grown exponentially over time. And that’s why we need data protection laws, alternatives to Google, and other privacy measures.
The philosophical concept of embodied cognition is a good place to start on this issue:
I'd say that very much depends on why you believe the warrant process exists in the first place. I honestly don't know that much about the historical context of search warrants. Do they exist because philosophers of old believed in a right to privacy as an end unto itself? Or do they exist for some more practical reason, like because they were used for extra legal retaliation against enemies of the state, or for intimidation, or to go on fishing expeditions.
Or, why does the protection from self-incrimination exist? Is it because we are concerned that the government might have access to your thoughts? Or is it because the government would torture people to get confessions, and the people wanted to remove the incentive to do so?
Depending on your belief about this, you might feel differently about what should be done about this Google situation. If you believe the latter view in the second paragraph, for example, you might have no problem with the breadth of the search. In fact, you might not even have a problem with involuntary brain scans, provided they were proven accurate. As long as the rule of law is strong and the materials were used only for a defined and limited purpose, you might think it would be better if the government could compel the true personal perspective of the accused.
So this really enters into questions about each individual's perspective on the purpose and value of privacy. I think it might not be accurate to say that people who say it is justified are missing the point. They might just think the point is different from what you think it is.
I think you are spot on with your reasons for why these things actually do exist, but I think there is definitely an argument to be made for why they should actually protect privacy instead of merely inhibiting the government.
My version of the argument goes something like this: It's often said that drivers (in the US anyway) are constantly violating minor traffic laws, and that if the police want to pull someone over, all they have to do is follow them for long enough and they will find a legitimate reason to do so.
I believe that this extends far beyond the sphere of traffic. I think we all accidentally break minor laws way more often than we think we do. We all way overestimate how "good" we are.
If it was possible to automatically punish everyone for every violation of the law, we would quickly realize that many laws aren't actually that important, that they can be broken a little bit, constantly, by basically everyone, and society still functions just fine, and that privacy is more important than perfect enforcement of law.
Of course this might lead to a new equilibrium where we perfectly enforce a smaller set of laws.
All this is to say that I think people think they value law enforcement more than privacy, but if they had the full force of the law brought down on them for every minor violation, they would quickly change their mind. In that way, privacy (in the form of the government not having perfect information) is actually quite valuable.
All of what you said is perfectly valid. That being said, I think it's probable that if we perfectly enforced traffic laws, two things would happen:
1. People would start to build in tolerances instead. The speed limit is 35? Ok, I'll drive between 25 and 30. People would not just say, "Welp, I guess I'm gonna get $200 tickets constantly!" There would be a (very) short adjustment period, and then people would just treat limits as the actual limits.
2. The limits would be changed to actually reflect the unsafe limit.
I don't think either of these are bad outcomes. In fact, I think the world where we perfectly enforce the law and also adjust the law to reflect the actual needs of the citizens is far better than the one we live in today. It is a much better world than the one in which certain real crimes go unpunished due to privacy, all other things being equal.
How? That people think differently about reality and have different motivations and values is not really a new revelation i think? Nor should it surprise anyone that a lot of people believe they are doing the right thing. What changed for you? It seems to be much more interesting then the initial conversation.
What didnt i get?
edit: While it might sound stupid its an honest question. Changing how you think about the world is quite a jump from discussing the origins of warrants. Its a jump i dont understand and I think there is interesting insight to be gained here.
I dont get how the purpose of a warrant is relevant to the discussion about the effects of actions. We are faced with the issue, that technological development has created new opportunities for mass surveillance. Some people might think mass surveillance is a good idea, others dont. Both have their reasons, both are convinced they are right. It has been like this for ever, the only thing new is that new opportunities present themself. Everyone thinks they are right, but some think this means they can tell others what to do. You have pushes of authoritarianism and antiauthoritarianism in every society, depending on your moral believes you will either be in favor or against it. So far goes human history.
>In fact, you might not even have a problem with involuntary brain scans, provided they were proven accurate. As long as the rule of law is strong and the materials were used only for a defined and limited purpose, you might think it would be better if the government could compel the true personal perspective of the accused.
Hits it right on the nail how the argument goes, but i dont see how its related to the question of the true original meaning of a warrant. Its a moral question if you think it should be allowed or not. And since we are stuck together, at least some of us, this means its a political question. Do more of us think its good or bad, and can the other side prevent or do it either way? Can we compel the government to stop this? But framing this as a question of constitutional law instead of a moral question misses the point from my perspective. The point isnt if warrants should cover digital age surveillance. Why would anyone care about this who isnt a fundamentalist proponent of the status quo? Its not the dictatorship of the eternal legal code. Which of course would also just another motivation for your morals and thus your actions.
This just sounds like a religious discussion to me. Similar to, what does the bible say about flying planes? Allowed on Sunday? I first thought people in the discussion were just being pedantic, but i dont get how this changes someones view on the world.
To me its just same old same old, this stark difference has to be interesting to figure out.
It always appeared to me that the spirit of the law is obvious, at least in the broad strokes. The thought experiment with involuntary brain scans, whose admissibility is not obvious when extrapolating from the spirit of current law, was eye opening for me.
NB: I think that's why Norwegian laws come with the rules in effect and associated writeups of why the rules were made this way.
It's far beyond the issue of the inherent purpose of warrants in the first place, because the material reality of the nature of information has changed dramatically.
Practical justifications have to come face to face with reality, and 'searching one's home for drugs' is a lot different than 'reading all of one's thoughts for the last year'.
We are where we are with warrants, so now we have to address the disproportionate issue that can arise with the online world.
The courts and law enforcement aren't the issue here. Google is.
Why do they even have this data-- deleted material, browsing histories, the content of voice calls? Why did they store it in the first place?
Google can't keep all of its own internal secrets private. The fact that information on you can be extracted via a targeted court order shouldn't be your greatest concern: The fact that they possess it means that it can likely be exploited or extracted in many different ways including via dragnet surveillance and espionage.
Just because law enforcement asks for it doesn't mean Google has it. They might just ask for it because many companies actually do keep that data, but Google provides in its privacy policy some fairly strong guarantees on data deletion. The documentation at https://policies.google.com/technologies/retention?hl=en is a good read to get an idea of what is kept and for how long.
Disclaimer: I work at Google, some of my work relates to privacy infrastructure, but I don't speak for the company.
That is a waste of or an invalid warrant then, as the correct response to a warrant for something you don't have isn't everything you do have, but the null set.
That's still problematic though, because with clever orchestration of multiple warrants, you essentially figure out the "shape" of hidden information anyway, until you can get the request just right.
The idea though is that a judge should get tired of signing warrants for the same person by that point though, as it should not be an automatic process, and should only be being done on a case by case basis as evidence or procedure requires.
A warrant for all the data you have about a person activity in 2019 is perfectly covered by giving only December data if that is all you have. A warrant obviously needs to be a bit larger in scope than needed, at the very least by requiring data that is relevant to the data you are interested in.
Because you can sell targeted ad space for a lot more money.
Also they allow people to opt out of tracking, which is probably how they kept the govt off their backs thus far. But of course few people are aware and savvy enough to opt out of systems which allow it, which is why many want to change organ donation to an opt-out system rather than opt-in for example.
To the extent that Google has any of that data, they have it because the user wanted them to retain it. You probably never read your old email drafts, but people would be upset if Google deleted it without them saying to do so.
Everything Google knows about you is available for you to retrieve, delete, and often even change. You totally can selectively edit your location history. It's not a forensic log because that's not the utility users get from it. The fact that courts want to use it as a forensic log is their own damn problem.
Because their business model relies on your personal data?
The question is not why Google has your data, it's why you chose to continue using Google despite the awareness of such a scenario happening. As someone else commented, this article should be circulated far and wide, and people need to be educated on privacy friendly alternatives like ProtonMail.
Lastly, the courts and law enforcement are a problem if they knowingly overreach their limits. Protections against unlawful search and seizure and right to privacy are guaranteed by the Constitution
The 4th Amendment SPECIFICALLY stops unreasonable searches stating the exception is with a warrant asking for specific things. They had such a warrant in this case.
Just because you hate Google doesn't mean that the warrant is invalid or the search is unreasonable here.
Jussie may have committed a crime. They have the right to investigate.
It also specifies that the warrant must be specific in describing the list of things to be turned over, and specifically prohibits overly broad warrants without cause.
Never mind that that Amendment technically has nada to do with this, because technically speaking, 4th Amendment for the person in question stopped applying due to Third Party Doctrine.
This is purely a procedural issue between Google and the government.
Read that and take it in for a minute. You're only as secure in information about yourself as you can say that you alone are the chief facilitator of your day-to-day activity, and that where you aren't, those who are hold government to the proper standard of access.
Furthermore, I"m fairly sure that Google has far more detailed information hoovered up with regards to everyday people than they wish to go on the public record as having. If this were a fishing expedition, and they handed over replication tracks for 2 months for instance. That would become verified public knowledge that they collect that information, and store it in queryable form.
Google is acting very shrewdly to disclose as little about their true data collection capabilities as possible. Likely because of the backlash that would occur if people were aware of just what they were sitting on.
There was a Jeffrey Deaver book that somewhat touched on the dangers of sitting on reams of correlable data, even if measures were in place to ensure none could be written down or physically exfiltrated from the building. The Broken Window I believe it was.
Either way, it should disturb everyone that the government has essentially got a one-stop-shop for just about all the detail about what you're thinking about, all enabled thanks to the requisite tracking for ad targeting.
Heck, If I had more spare time, I'd start building my own search indexer. The balance between personal privacy and government access to reams of metadata about your every day life can't be reconciled with Third Party Doctrine. Period.
Unfortunately ending their data collection is not as simple as leaving Gmail. For example they have Google maps, analytics, recaptcha and the contents of emails sent from friends to your protonmail account.
> Protections against unlawful search and seizure and right to privacy are guaranteed by the Constitution
US courts have pretty consistently ruled that you don't have much expectation of privacy for material you handed over to someone else. To the extent that its usually available with just an administrative subpoena.
Skipping all forms of due process is probably a step too far-- but a direct court order? After all, if Google can commercially exploit your data including handing it over to partners-- why should a court order result in less access?
That damages the user-friendliness of their offering, because users with that configuration are always one misplaced key away from losing everything with no way for Google to recover it for them (and yes, users will absolutely blame the company for this failure mode, and companies that do not offer this failure mode tend to succeed in the marketplace).
Systems providing such services exist; they aren't as popular.
https://tresorit.com/, for example, may be a useful litmus test to monitor for this use case. They've had to implement soft deletion because "The option to recover files has been among the top feature requests we’ve heard from our users and customers" (https://tresorit.com/blog/file-restore-launch/).
See my original statement; they're offering an easy-to-use system, and handing out foot-guns to users is the opposite of that goal. "Should" implies a forcing function that doesn't exist.
There are foot-gun manufacturers if people want an alternative.
However, Google creates cold backups of "hot data" that last for much longer than deleted data. Depending on the breadth of a warrant, data that was "hot deleted" and removed from servers could still be available on cold backups of the system made before the data was deleted. Unless we have evidence that deletion of hot data implies Google has a method to swiftly and reliably knock out that data in all its cold backups (including offsites).
This is, hypothetically, possible if they encrypt all data on-disk with a per-data-item key and the key itself is never backed up; if deletion deletes the hot key, the cold backups are now just noise and it doesn't matter if Google deletes them.
>— Cook County prosecutors drop all charges against Smollett, calling it an “appropriate resolution to this case.”
>“After reviewing all of the facts and circumstances of the case, including Mr. Smollett’s volunteer service in the community and agreement to forfeit his bond to the City of Chicago, we believe this outcome is a just disposition and appropriate resolution to this case,” the statement said.
WTF? Since when bribe constitutes a ground for dropping charges?
> WTF? Since when bribe constitutes a ground for dropping charges?
You mean fines? I mean, fines have been around forever, and everyone from the President down to the little guy has paid fines to have charges dropped. This is not a modern thing, nor is it rare.
It's more surprising that you are surprised by this.
Money has always been the only reliable way to stay out of jail. Usually you have to give it to lawyers, so it looks like they're just cutting out the middleman.
You aren't concerned the government can get all your data after you've pleaded guilty to something? Because I'm concerned people can't identify what a bribe is.
Is this different in any practical sense to an old fashioned request for physical paper documents?
The only difference I can think of is traditionally documents are destroyed after they are no longer needed. Now they can see “deleted” documents and document change history.
i.e. emails stored locally on a personal or company server can be permanently destroyed. Traditional email systems won’t have a change history of the email writing process)
(I imagine all sorts of games could be played by lawyers with access to this additional types of information.)
> Is this different in any practical sense to an old fashioned request for physical paper documents?
Just that the measure of recorded data is perhaps several orders of magnitude larger that it was merely ~20-30 years ago.
I think back to my life in the 90s, and what information was recorded about me as I went about my day-to-day life, and it was minuscule compared to today. You could track who I called, but not what I said. You could track some of my purchases, but I used electronic forms of payment much less then.
Now, I text or message much more than I voice call, so that is all recorded. Every now and then if I want to get really freaked out I go to myactivity.google.com (I've got an Android phone and am otherwise "all in" on Google services) and, say, playback my location history, search history, or everything I've said to Google assistant.
I think we are really just coming to terms with the fact that "ephemera" no longer really exists, and the deep impact this will have on society.
Of course, all that stuff could still have been recorded with a warrant 20-30 years ago. Though it's true it would have required foresight & more effort.
So is Microsoft, at least, on Linked-In. I tested it last year and deleted my profile. Had a friend check and everything was gone...Everything including public posts.
LinkedIn has a remorse period of something like 21 days. And I had plan to test recovery process also. Then got busy with a contract and was too late to recover. It's awesome!
I think any global IT company must deal with GDPR kind of like most automakers in U.S. follow California emission standards. It's easier to create a policy for all than create "one off" policies for a geopolitical region.
Quality of the record keeping is vastly higher. Imagine a subpoena for every paper mail you sent in a year. You can't get that from the US Postal service.
USPS has been storing images of all envelopes delivered for many years now.
Prior to that, it was possible to have that information manually logged. If you corresponded with people in a Warsaw Pact country in the 1960s, that mail was recorded and sometimes opened.
Knowing a letter was delivered by USPS doesn't yield the contents. The state would have to subpoena each individual recipient - and they may have destroyed or lost the letter.
It would only be equivalent if every letter was opened and recorded so that all the contents would later be available because this subpoena covers not just emails but also drafted and deleted messages; any files in their Google Drive cloud storage services; any Google Voice texts. This isn't metadata the government is coming for, it is the full content.
Sometimes the contents almost don't matter. For example, if you saw multiple letters from an oncology department to a household, followed by letters from government departments and a funeral home, it wouldn't be hard to figure out what was going on.
It's the exact same problem with phone metadata. The connections can be made to tell the story, and are even easier to manipulate into whatever narrative the prosecution wants to sell.
In my example, you probably thought "person has cancer, household receives letters from the government post-death, bill from the funeral home", which is exactly how it could be sold. But it could just as easily be "person beating cancer, household receives government forms related to healthcare subsidies, funeral home letter was a condolence letter sent one year after the death of their parent." This is why metadata is so dangerous, it's far too easy to spin.
Just the same, I would feel a lot less violated if the government had header information for every email I received in the past year, than if they had the full email.
>USPS has been storing images of all envelopes delivered for many years now.
If this was of any doubt at all - they’ve made this accessible over email. If you enable “informed delivery” you get an email of the scan before it hits your mail box.
> USPS has been storing images of all envelopes delivered for many years now.
You mean those emails I get that the USPS claims it doesn't have an image for?
Oh don't worry they always have images of the blanket spam everyone gets. But actual mail with bills or letters? It's more usual to get "A piece of mail that we do not have an image for is included in today's mail."
No. The only difference is that you typically don’t put papers in the custody of a third party.
My dad at one point was an inspector general at a government agency. They would use records and “physical metadata” like building logs and receipts for the purposes of their work. The difference today is that your allowing many third parties to gather that data.
That’s the key thing. If you store data in the custody of a third party, it isn’t yours.
Well, people do typically put papers in the custody of a third party. Always have.
Pretty much every paper that is involved in discovery is classified by the "custodian". Also of course, all the digital information, but traditionally it's paper.
If you use and/or have a dispute with a lawyer, a doctor, a contractor, an accountant, whatever, they're going to have papers pertaining to you.
I’m talking about an individual, not a business scenario. Your papers in your custody in your home are only accessible via warrant, as opposed to your online stuff that requires as little as an administrative subpoena.
Your doctor and attorney are unique in that professional relationship is legally privileged.
I'm just saying the fact that everything in the legal business is classified by "custodian", without any more context, kind of indicates that the default is not to assume ownership in the manner you're suggesting. Like, when something is legally disputed, there's a good chance people are hiding things, giving them to others, intermingling evidence with other things, etc. The system couldn't work if it assumed that everybody followed the rules. No, I'm not a lawyer, but come on.
I (and we should all) act as if this could happen to anyone. Essentially that the state can deputize any company to snitch on the digital ephemera that constitutes our daily lives, but especially those that we are deeply engaged: Google, Facebook, Lyft, Amazon.
As such, we should not self-censor, but instead disengage from these proxy-cops and move to more distributed spaces.
State has a duty to prosecute law breakers. This is a load bearing wall of civil society. Everywhere.
Making sweeping general statements is good for riling up the mobs but I would implore HN readers to be more pragmatic about these things.
Look at the context. This person sought to ignite racial tensions for personal gain. He was given a sweetheart deal. The State is going after him and those protected him. They (the State prosecutors) have every right to collect and gather evidence to build the case.
I would agree with you if our legal systems were built for that, but our legal systems are built to deal with a society that has privacy. People unknowingly commit crimes, or implicate themselves in crimes, all the time, because there are too many ways to do that. No reasonable person can be expected to avoid committing crimes when the government itself can't even keep track of the number of criminal laws there are.[0] You're supposed to follow rules that the government itself can't even keep count of. This works reasonably well as long as the government doesn't have evidence about everything you've done, but the moment that they can track a large chunk of your life is when this system stops working.
With data from Google they can prosecute you for all the things you've done wrong or seem to have done wrong. It just takes an ambitious prosecutor to do it. This pretty much destroys the point of the fifth amendment. The "Don't Talk to the Police" lecture [1] is still relevant today, but if the state has this much evidence of what you do, then I'm not sure that will protect people. It is a nightmare scenario if this sets a precedent on law enforcement being able to vacuum up all of your data about your life.
I agree that Smollett seemingly getting a slap on the wrist was outrageous, but I think that this is Pandora's Box that they're playing with.
I wrote this comment elsewhere below but it still applies
The State has always been able to look up phone records, bank records, land records, criminal records, medical records etc etc as in order to pursue justice and prosecute.
It's way different because big tech cos acquire and retain far more data about individuals than anyone ever expected to be available.
10-ish years ago, it wasn't possible to retroactively subpoena a year of minute-by-minute location history, because unless you had an ankle monitor, that data didn't exist. You couldn't get a letter-by-letter log of every term typed into a search engine or a log of the amount of time spent looking at pages of reference material. You couldn't get a record of every keystroke ever typed into a mail client or word processor. You couldn't get every photograph ever taken by the individual, because cameras didn't automatically send a copy to the mothership. This is way above and beyond standard paper seizure or record demands.
"Write angry letters, but don't send them" used to be good advice, but now that the government can just casually dash off a search warrant to produce every keystroke and every location ping within a year of a suspected crime, we all have good reason to be scared. Why'd you search "marijuana" that day last October? You expect me to believe you were just researching a ballot measure? Pfft.
This makes Big Brother a tangible reality. It certainly feels big to me.
Well you can also view things a different way. It will be a lot harder for real criminals to get away with anything in the future.
Now it becomes scary only if the authorities decide to go amok and make criminals of us all, but assuming it goes this way without anyone pushing back is not too realistic.
Many of the things we consider just and right today were illegal at one point in time but change was eventually made because of people who would have been considered criminals.
I had the misfortune of looking through your link, finding it to be a waste of time. The "committing three felonies a day" is the title of a book, the Amazon reviews claim it to be extreme hyperbole and just a series of case studies where the process of the law was admittedly abused.
The other anecdote in that link is the story of Joseph P. Nacchio, a CEO who was convicted for cashing out over $50 million in stock when the price was around $40, only for the price to drop all the way to $2 a year later. The NSA involvement was a failed bid by his defense to make it seem like his trading was legitimate.
> a series of case studies where the process of the law was admittedly abused
This is exactly the point. The way the law is written gives prosecutors too much leeway to convict, and if you become a problem in the eyes of the powerful, they can "throw the book at you".
> The other anecdote in that link is the story of Joseph P. Nacchio, a CEO who was convicted for cashing out over $50 million in stock when the price was around $40, only for the price to drop all the way to $2 a year later. The NSA involvement was a failed bid by his defense to make it seem like his trading was legitimate.
You left out how the government canceled their contracts with Qwest after Nacchio refused to give them access to phone records, which impacted the company's health. There were certainly other problems at Qwest, of course, but given the lax prosecution of many others involved in such scandals, it certainly feels like this is an example of this process in action.
> Only a police state can totally stop crime entirely.
Only if that involves a complete overhaul of the police itself. Currently we have body cams that just fail at convenient times, policemen stalking their ex girlfriends and whistle blowers that get the short end of the stick. Giving the police more and more power is more likely to reach a turning point where it inherently starts to attract the corrupt and power hungry, increasing the abuse well above what we already see.
The police already attracts the corrupt and power hungry. This is just how security services work and why their power needs to be checked and there has to be oversight.
The State has not always been able to do that. The idea that a search can be executed merely for the purpose of collecting evidence is a relatively recent development. Records, papers, etc. used to be protected under the Fourth Amendment.
In broad strokes: Originally, the Fourth Amendment only allowed for the seizure of stolen and counterfeit goods, the "fruits of a crime." This was slowly expanded to include the "instrumentalities" of a crime, i.e. the things used in the commission of a crime. The difference between the instrumentalities and mere evidence was always shaky, and eventually crumbled.
40, or even 20 years ago, the State might have been able to note a record of phone calls, postal correspondence (look up "postal covers"), some financial purchases, periodicals subscriptions, and with a great deal of effort, some of my travels and movements, mostly limited to specific port entries and exits, and air travel.
But unavailable would have been: dictionary queries, encyclopedia queries, books read, specific magazine articles read, the contents of virtually all conversations, detailed movement and location history, social associations, detailed purchase history, and more.
Today, mobile devices report location to a precision of inches at a frequency of minutes. Any random query of momentary interest can create a permanent record. As a HN submission earlier today notes, simply casually perusing a document -- clicking a link -- can result in having your home raided and all electronic devices confiscated and held for a year: https://news.ycombinator.com/item?id=21992491
The scope and scale of intrusiveness is absolutely unprecedented.
Yes, the State has some rights and powers. It also has a tremendous responsibility, which it increasingly seems to fail to excercise appropriately.
And I say this regardless of specific country or jurisdiction -- the story linked above comes from Germany, and instances readily come to mind from the UK, US, Japan, China, Russia, India, Saudi Arabia, and elsewhere.
The corruption of absolute power is not bounded by culture, constitution, or ideology.
Sorry to go off on one irrelevant point but I feel it is highly important to say this at every opportunity: states don't have rights. It is an absurdity and a mockery of human rights to claim such a concept and legitimize fiefdoms over real people. So called rights in their case would be entitlement to powers for power's sake.
Anyway to get to your main body I agree and note what makes the scale bad ultimately is abuse potential for it. For a fantastic example being able to look up details of everyone but only 500 years or more ago wouldn't be abusable for instance because everyone is long dead and it wouldn't be viable to try to change ownership based on it because it already diverged for several generations. Even if you could backtrace they couldn't be reconciled very effectively.
If you add all those records together you get a fraction of the information you get from someone's Google history. We're talking records like search history, live GPS data and emails. That is a completely different level of scrutiny.
So the difference is seeing something through a window with curtains vs. having a camera installed in the room. In principle, not so different. In practice there really is no comparison. It is basically a warrant to ruffle through someone's life.
"You went 61 in a 60. Here's a ticket. Also, because you broke the law once and I'm in a pedantic mood, I'm issuing a warrant to go through all of your GPS history for the past two years. Oh look, 1 year ago you went 36 in a 35. Another ticket for you. 2 years ago you jaywalked. Another ticket."
At what point do we want the legal system to no longer have the power to scrutinize an individual's history?
I don't believe that a warrant to "ruffle through someone's life" without limits is within the powers of a judge. A warrant to procure relevant evidence to a case being investigated, legally, certainly.
Issuing an order for someone's entire Google history for a year is bordering "an unreasonable search and seizure", by my understanding. Do they have legitimate reason to believe that there is an email containing evidence? Or a document in Google drive? Location data for an entire year - how is this relevant to the case?
It’s not the same thing. He is suing the city of Chicago for “malicious prosecution”. As part of that lawsuit, the city must attempt to show that the prosecution was not malicious.
That’s different than stating that you would like to browse through someone’s history for the purpose of finding crimes where they may not exist.
Can't wait for an AI that does that after a subpoena. Given these terabytes of personal data, find all infractions. Palantir working on it? </sarcasm>
Also imagine just how much more power law firms on the plaintiff side would have if they want to find something wrong with the defendant's profile. Which, if there is power misuse, like in current society, is bad.
>>is a warrant that is perfectly within the powers of a judge to grant.
Not under the 4th amendment of the US Consitution they don't, they have the power to grant a warrant for a Specific thing to be searched pursuant to probable cause a specific crime has been committed
General Search warrants are and should remain unconstitutional
"If you add all those records together you get a fraction of the information you get from someone's Google history."
With 'Google Home' etc. it changes everything. Door locks, home cameras, audio recordings etc. etc..
Can the argument you had with your wife, totally irrelevant to the case, wherein you got angry and called her a big 'B' be used against you in court as demonstration of your character?
The time is now to be concerned about 'police state'. I think we can mostly have our cake and eat it too. Proportionality matters on all sides.
I met with someone from a privacy focused search engine and a line from his deck stuck with me: “you tell your search engine things you wouldn’t tell your friends or spouse”
It’s different because tech companies have inserted themselves as intermediaries into aspects of our lives that used to be essentially private. Activities such as: reading, dating, talking to friends, exercising, driving, reading a map, cooking, checking the weather, listening to music, watching movies, viewing pornography, getting medical advice, breaking and forming habits, menstruating, learning, sleeping, and many others are now frequently monitored and analyzed “in order to provide and improve the service”. All of this is subject to subpoena.
Edit: A few more: reading a newspaper, turning on a light, making a grocery list, setting the thermostat, going for a walk in the park.
In my view, the state has to ask a court to approve the purpose of each request, based on a reasonable hypothesis about what might be found.
How this seems different is the lack of any limitation on the kind of content that can be turned over. And in my view, that was a mistake on the judge's part for approving such a sweeping request.
For instance if I were accused of committing a crime against X, then I suppose that Google could be asked to turn over e-mails that I wrote about X, but not e-mails about my bicycle. This is how the system prevents the state from going on a hunting and fishing expedition.
How do you propose that works? Someone at Google searches for the information? An algorithm or an actual Google employee? If it is a human being then what about your privacy then?
What if the Jussie and his manager were using codewords to disguise intent? A search algorithm would not be able to recognise that but a human being can easily infer meaning and intent from the context. What then?
Warrants shouldn't be intended to discover evidence, they should be intended to secure evidence that is expected to exist in a particular location.
This distinction wasn't a major concern when the former was impractical.
Because of digital records and search agents, suddenly either is practical.
The intent of privacy law has always been to raise the cost of targeted prosecution. E.g. "We want to charge this person with a crime, let's find a crime."
The state absolutely has a duty to prosecute and hold individuals accountable. And in extraordinary circumstances, may even need to target prosecution.
What is unacceptable in a free society is that the state should have the ability to target anyone for prosecution with no effective bounds in the number of simultaneous times it does so (aka everyone).
The difference between Orwell and a safe democracy is scale.
In this case, the state is expecting evidence to exist in the form of incriminating email communication between Smollett and his manager, and possibly additional people. From the public evidence so far, it sure seems like a reasonable expectation! I'm a pretty hardcore civil libertarian, and I'm having a hard time faulting the judge here.
I would expect a warrant for just the e-mail exchanges between Smollet and his manager (and perhaps other digital communication methods), not for his entire life.
I hear you, but that doesn't seem like how anything works in our legal system. When warrants are issued for cellphone records, text messages, financial records, etc, they don't have so narrow a scope.
The state has probable cause to believe there is evidence of criminal behavior in your <insert anything here>. Therefore the warrant gives them access to it in order to look for that (previously specified) criminal behavior. In this case everyone expects to find a smoking gun in his email - either talking to his manager or talking to someone else. That seems like probable cause to me.
> In this case, the state is expecting evidence to exist in the form of incriminating email communication between Smollett and his manager, and possibly additional people.
Then why is the warrant not for _that_? Instead, we have a broad-reaching data pull that will be filled with a ton of information is irrelevant.
Google records include every place you've ever been (if you use an Android device), every wifi hotspot you've ever connected to, every website visited, every app executed, every message (text or email) you've sent. It's like having a voice recorder permanently on your shoulder and then having to turn that over to law enforcement.
It's very bad. Text and email should be private, unless it is in the context of the action being pursued. This is just too much data to just turn over willy nilly. Very slippery slope.
>The State has always been able to look up phone records, bank records, land records, criminal records, medical records etc etc as in order to pursue justice and prosecute.
>How is this any different?
The cost of doing those lookups. Both in money and time.
Looking up an entire life's history would have taken months if not more, and would involve a lot of legwork, from picking up the phone and making calls, to traveling around neighborhoods or farther. That cost limited the charging/prosecution only to people suspected of, or implicated in crimes.
Today you can do that on a whim because you don't like a person or because they are your political/business opponents.
Our internet communications are way more intimate than physical or telephone or bank record searches of the past (which was the scope of the law when these things were legislated). These search and seizure laws have been grandfathered in unreasonably imho. A person's google searches are literally his thoughtstream, they are private expression that doesn't incite anything, and there is no reason why anyone would judge people by their thoughs. Police used to need torture to get this kind of data, it shouldn't be handed to them on a platter. imho it's very different
He allegedly did something quite bad, and if guilty I’d like him to face justice. But if the cost of convicting him is setting a precedent that effectively strips hundreds of millions of people of their privacy and subjects us all to an unofficial form of state surveillance, then let him walk.
This seems just as with any other search warrant - it's a specific search sanctioned by the court; just as a physical warrant for your house will involve LEO's that can search your underwear drawers for to verify if there's something relevant for the case, the same applies for your online records.
There's no new precedent involved, noone ever had any privacy whatsoever from a properly court-approved search. What's the most privacy-invasive thing I can think of? If a judge believes there's probable cause in searching your anus and other internal cavities and authorizes such a search, then such a search is compatible with all the precedent regarding fourth amendment in USA.
> This seems just as with any other search warrant - it's a specific search sanctioned by the court; just as a physical warrant for your house will involve LEO's that can search your underwear drawers for to verify if there's something relevant for the case, the same applies for your online records.
No, not really. A physical warrant might be issued for your home, your work and maybe one other place you frequent.
However, because this is very much not a specific search, but rather the whole year of data, it's more akin to issuing search warrants against every business you've walked passed in a year, whether or not you actually entered the premises, and that's just to begin with.
And if you tried to issue warrants in that matter, they wouldn't approved, because you do have certain reasonable expectations of privacy with regards to a court-approved search. Specifically, that a court will not explore things that are not pertinent to the case.
The precedent lies in law enforcement getting their hands on minute by minute details of your life from a year ago and probably much more. There might not be protections against this, but there should be. Judges shouldn't have too much power.
woah, woah, hold on. don't let him walk?! just use the old way for finding evidence. data gathered by companies like google is mostly permanent, too easy to retrieve, and in one place. that's the real problem. nobody likes doing hard work.
US police are fat and lazy. The days of a skilled gumshoe hitting the streets for information is a romanticized memory. The only time they get their blood pumping is when they get to use some new toys, kicking in a door guns blazing, shooting the family dog, killing innocents at the wrong address.
The State has always been able to look up phone records, bank records, land records, criminal records, medical records etc etc as in order to pursue justice and prosecute.
This is a necessary "evil". We give up some freedoms so that we have a civilisation and an orderly society.
And this isn't setting up any precedent that is egregious. This is on the front page of Chicago Tribune newspaper and on the front page of HN. This is not some shady in the shadows invasion of privacy.
Those things do happen and I think we should preserve our outrage for those moments. Otherwise it just becomes background noise to be constantly and without context offended.
Those records are mandated by The State and are very limited in scope. Nobody is idly wondering about the legality of X or Y in them, as one might in a google search, or making a culturally insensitive remark, as one might in a private message to a friend.
Be wary of the motte-and-bailey fallacy - the issue is not that The State can look at certain records in certain prosecutions, its that the records currently being requested are too broad and too potentially intimate to trust The State with.
>Those things do happen and I think we should preserve our outrage for those moments
That creates an almost arbitrary, "this fits my worldview so I'll support rights this time" thought process. Like, "Well, this guy's a Nazi so we should trample his rights. But this woman's an abortion activist, so we should be sure to protect hers."
How do you propose we prevent ideological blindness in the protection of rights? Should we take the government's word that, "this time, it's really worth trampling rights"? Or would you create an unbiased oversight board that tells us when protecting rights is appropriate? Or should each person look at a case and decide for themselves whether or not they should take a stand against rights infringement?
How is this different from a warrant that lets prosecutors read your snail mail?
I mean this passed the proper checks and balances of the law, and the only reason this is on HN is that's about electronic instead of paper mail, and it involves a big Corp.
Ok, lets look in context. In 1920 records were kept about beeing a jew. It was perfectly ok, no harm done, some record no one cared about. In 1942 those records became mortal, sponsored by state. Should we talk about anti-gay laws? One day it is fine, second day you can get prisoned.
No one should keep such records as society is changing and not always to best. This is one of the reasons, privacy is one of fundamental human rights. And is blatantly violated for the profit.
> In 1920 records were kept about beeing a jew. It was perfectly ok, no harm done, some record no one cared about. In 1942 those records became mortal
As a legacy of this, the US government doesn't count Jews in the census. (And, to preserve nondiscrimination values, doesn't count other religious denominations either.)
Interestingly, the census does enthusiastically collect race data on everyone. This is logically incoherent; racial groups (such as the Jews, actually) are at least as much a natural target of extermination efforts as religious groups.
It’s hard to understand how things that are harmless today can be prosecuted tomorrow. Imagine a drugstore keeping a list of its customers who have diabetes... or AIDS.
Maybe, do you have a source you could share please ? I often read this argument around but have not verified it. I've also heard some records produced under Napoleon were used.
But this was a real crazy time. Hypothetical scenario (in the sense that I have not verified it, but I do think it's a very likely scenario to have happened): There were medical records of people with physical conditions before 1933 (so they could be treated) that were used under the Nazi regime to persecute them. Does that mean it that hospitals and doctors maintaining a list of medical records to treat their patients efficiently was a bad idea ?
I don't have the answer to this, I just wanted to point out that this is a delicate issue that society needs to figure out fairly quickly if they want to have an influence its outcome.
I wonder what godwin would have thought about all this :)
Just for the last part, for everything else you can use duckduckgo (or qwant).
Anyway it is not such a hypotetical scenario, nazis were really killing the disabled persons based on their medical record (yes, qwant or duckduckgo for it).
Yes, it is a bad idea that doctors keep those data. If insurance companies get those information (and my dentist said he was already aproached by some company to sell dental records, I wouldnt be surprised if this is a common practice in states) you will have issues. Same with employees etc., even if nothing wrong with your health but there is x% chance that you get terminal disease.
Those records should be handed over to the patient, tamper proofed (no, not blockchain, just RSA will do fine) or stored, but encrypted with patient key. Actually when writting this I remembered that we (as in my country) are having a medical smart card that needs to be given to the doctor to access our medical records. Maybe we already have such a system.
Anyway it is a bit sick comparing google with doctors. The need and trust is on completely different scale not to mention that trust between doctor and patient is handled by laws and hippocratic oath since 257 AD.
Doesn’t seem like the issue is with the state, it’s that we’re entrusting third parties with enough information to paint an incredibly intimate portrait of our personalities and proclivities. This in turn is available to the state at essentially zero cost, which may then be leveraged heavily to ensure compliance.
You're right. The issue indeed is that these companies can just vacuum up all of this data and keep it around. The problem, however, is that this is possible now. This means that if people (or companies) somehow figure out a way to either keep this information from the state or keep this information from being collected, then the state themselves could start collecting (some of) this information. We've seen it before that intelligence agencies don't seem to care about spying on their own citizens through technicalities and then abusing that information.
Exactly this. I've seen cases where a prosecutor has gotten a John Doe warrant to send to cell companies that effectively asked for the IDs of all phones that were present the closest cell tower at the times of multiple robberies (eg "give me all phones that were present at ABC tower on Monday at 1pm, DEF tower on Tuesday at 4pm, AND GHI tower on Thursday at 10am). Which obviously only the robber is likely to show up on. To me, they're effectively searching my data even though I don't meet all the criteria because I was only near one tower one day. This is way different than what the court did to Smollet. They already had tons of dirt on him - and thus probable clause to dig deeper.
I'd be weary of them using this data to try to go after him for some obscure crime completely unrelated to the false report (e.g. pics of him walking his dog in a state park that forbids pets).
They did this very thing to associates of Trump in the course of the Mueller investigation. Unrelated tax issues, failing to register as a foreign agent and other charges were brought against certain individuals for things they did years before they joined the Trump campaign. Whatever your thoughts are on this, there is already established precedent for it.
Which all seem like notable things to encounter when doing an investigation like that and to not drop when encountered?
'Let's look if money was sent from x to y. Get bank and tax statements. Well (it didn't come from x but) it sure as hell wasn't taxed'
It's not like this was brought up as part of a single court case if not related which would make it a relevant precedent here.
What a sweeping authoritarian view on human rights. I'm sorry but this really raises my hackles. The state absolute does not have every right to collect and gather evidence to build a case with such a sweeping dragnet. There is a reason that search warrants have to be specific and evidence of even obvious other crimes is not admissible.
There is nothing pragmatic about being totally ignorant of Fourth Amendment protections that have been eeked out, injustice after injustice, over two centuries.
You're completely missing the point. Whatever Smollett did or didn't do is immaterial. What is material is that Google, Facebook, etc are now single points of privacy failure that make abuse by law enforcement much easier than it used to be. This case may or may not be an example of said abuse, but the potential is clearly there. The solution is to retake control of our digital lives from these companies.
In a democracy the job of the police must be difficult.
> They (the State prosecutors) have every right to collect and gather evidence to build the case.
They should have the right to do it. Actually doing it should be as difficult as humanly possible. It should not be as easy as sending a letter to Google and getting a suspect's entire life records in return.
Why not? How is this different from a warrant to search a home? Would you argue in that case that personal paper letters should be kept in a safe that's very difficult to open for law enforcement even if they have the warrant to do it?
What does that have to do with the case being discussed? A judge issued search warrants for information that Google has. Your hyperbole about the government being able to access anyone's information whenever they want isn't helpful to a conversation about privacy.
At anytime a judge could order your information and put a secret gag order. A valid concern. The government seizes domains they deem possible copyright infringement. One judge order could open the floodgates.
For a judge to issue a warrant, a prosecutor or cop has to swear that they have probable cause to believe that you've committed a specific crime. Judges can't just write warrants arbitrarily. (Of course, this process can be abused, but it's still pretty far from a judge being able to authorize pulling the data of random people.)
The Fourth Amendment says: "... no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
they didn't access at will but with a warrant, there's a foundamental difference in that, which is the warrant process's guarantee oversight against abuse
beside, it's not a case of the state tracking persons unwittingly, it's persons willingly giving up their data to private companies.
This is all fine in theory. But why this guy? With limited prosecutorial resources, why are they doubling down on this guy? That is what I am always suspicious of.
This case is not specifically about Smollett. It's a about the perceived view that that prosecutor in the case was somehow compromised by abruptly dropping the charges. When she was asked why, she gave conflicting answers.
Personalizing it is trivializing on an absurd scale. Getting the idea in prosecutors' heads that they can just grab a year of data on any accused party is the danger here, and it should scare the pants off all of us. Over the course of a year, you've surely typed something into Google that could be misconstrued.
How about "because he couldn't let sleeping dogs lie"? The guy got a lucky break when someone dropped the prosecution. He had the opportunity to shut up and let the story fade away. He didn't take it.
No matter how lucky you are, if you keep doubling down, eventually the house takes your money.
Why not this guy? Possibly because he generated a little too much infamy and now the public wants blood. Or maybe the prosecutor believes in the defendant's guilt and thinks they can make a strong case. Maybe a mix of both.
Perhaps you'd prefer the prosecutor look at some other case but then the exact same question could be asked - why that guy?
I imagine they have a lot of more serious crimes to pursue. This just seems to be high publicity so it is getting more resources. That means other crimes with high impact victims get de-prioritized. Plus it is Chicago, it is still rather corrupt there. I would mistrust anything with publicity involved until it is proven to be valid.
The fake lynching looks like a crime done in order to pass a law, possibly to help someone get elected president, which is quite serious. Dropping the charges is highly suspicious too, having been done by people who were also associated with the presidential candidates trying to get their law passed.
Yep. The prosecuter who dropped the charges was also being mentored at the time by the senator who was trying to pass the "anti-lynching" law the same week. Their bill had failed several times, then this incident happened and the bill passed within a week. The actor was also close friends with the same senator.
This story isn't about politics, it's about corruption at the high offices.
Something that should never be overlooked in this case is that after police identified the suspects and made arrests Smollett still stuck to his lie.
He was ready to send innocent people to a potential life sentence or the death penalty (which is how hate crimes are treated), and in fact is still maintaining his lie.
Not to diminish what a dunce this guy was, but the only crimes currently punishable by death in the US are ones in which the victim has died. And maybe treason, espionage, and other weird crimes against the government. Those are unclear at the moment.
Even someone who has done wrong has a rights and I would think that a year of Google data would compromise too much information not relevant to the case. In my opinion this clearly qualifies as "unreasonable searches".
Even if you have been naive enough to voluntarily share data with Google.
I don't see how the context of his alleged crime (he's not been found guilty of anything) is relevant. Beyond a felony/misdemeanor the means available to the state to build a case/prosecute should be identical regardless of the specific crime alleged.
If any community has the power to reverse that trend, it is HN and the rest of the software community that actually builds the tech. I am constantly battling it in my own company, where they want to track everything our users do. And they even have some legit reasons for it, to use the data to build better UX, etc. I am the only person fighting against it, saying that tracking should be limited to only the cases where there is truly a compelling business question it can answer.
If Google were to apply the same logic to their tracking, we'd be in a better place. For example, they may want real-time location data for the traffic alerts when using Maps. And they may desire some aggregated form of that data long-term. But I cannot see any business benefit to Google maintaining my personal location data at specific times and dates in the past. There is zero business benefit to keep that level of detail in their logging.
Or, to answer your question more directly, that is the line I do not want to cross - where we are logging personal data "Just in case" we ever might need it. I'd like to see every piece of tracked data tied to a specific business need, and then have it deleted when that need no longer is relevant.
This is yet another reason why for profit media should be taxed like cigarettes and liquor. People like it, it's bad for them, and it costs money to undo the damage it causes.
Plow the money into courses on basic reasoning, civics, and grants to non-profit, independent media so that the people benefit when for profit media pushes a war for profit or racial divison for more ad revenue.
This suggestion befits an authoritarian dictatorship which seeks to control the press and muffle its critics, but it is ill-suited for a people who wish to remain free.
Everyone seeks to ignite racial tensions for personal gain. Politicians, journalists, even a lot of people on HN are out doing it in the comments all the time. But you can't prosecute every jay walker, nor every speeder. That doesn't necessarily mean that you shouldn't punish any speeders.
The problem here is that they are going about it in the wrong way. Issuing a warrant that says, "Well, show me everything this guy ever did, and I'll tell you the crime I want to prosecute him for later."
That's not how most warrants work. Most of the time it's, "We suspect X evidence generated in the commission of Y crime is at Z location". What this does is say, "We need all his data to figure out exactly what crime was committed". That's an ominous warrant.
yes we have seen you know how to make this comment.
Another way to look at that 'duty' is to say [The] state has a responsibility to ensure justice for all. That may seem like the same thing but vagueness is at times valuable given that life rarely satisfies the black and white dichotomies many of us would prefer.
We can have a discussion about how the state should behave without using catastrophic examples to shift debates about principles and policies.
The post I was responding to sees the role of the state as a absolutist binaric executor of often fuzzy laws and rules. The context of this example doesn't have any affect on whether or not that naive belief is a path to a functional and just society.
Whatever happens with Smollett, or the next example, simply doesn't support a belief that every crime should be prosecuted. There was a (hamfisted but entertaining) TNG episode about this for gods sake...
The context is extremely partisan twisting of the justice system on all sides. Normally DA's have complete discretion to drop charges as they see fit. Because of the partisan outrage a Republican special prosecutor has been appointed to overrule the prosecutor and now he's on a witch hunt going through a year of Google records trying to find everything incriminating, this is a farce and high level corruption
“Ignite racial tensions”? There was no chance of that happening. Smollett was a laughingstock the day the story hit the news. Foxx declined to prosecute because she correctly saw it as a ridiculous and embarrassing stunt.
Another thing to keep in mind: “igniting racial tensions” as an investigatory justification was how MLK got labeled the gravest domestic security threat to the United States. You’re advocating a categorical justification with a fraught and bloody history.
Mens rea is the guilty mind required for something to be a crime. Intent matters as much as outcome or chance of outcome in the judgement of whether a crime has occurred, and explains the use of "sought" in the comment you replied to.
Well, it hadn’t even entered my mind that increasing racial tensions could be a crime, so that didn’t make it through my legal framework. Why did it occur to you?
His actions and motivations in committing a crime, alleged or proven, are relevant, that's why it entered my mind - he is under investigation for a crime, is he not? Igniting racial tensions doesn't need to be the crime, just as stealing money to pay off debts doesn't make paying off debts a crime, but it's still relevant in showing mens rea and the kind of mens rea e.g. knowing, negligent, reckless etc and in assessment of the effects of his actions.
I guess I’d call it an appeal to racial sympathy more than anything else. If Chicago wants to charge him with filing a false report, they can go right ahead, but I’m pretty sure they don’t need his personal records to establish that.
Smollett may have been a laughingstock amongst people who were actually able to think for a moment about how plausible his claims were, or (if we're being more cynical) amongst people outside the left wing who were inclined not to believe his claims from the start. Most world media and all his fellow celebrities not only went along with his claims, they went after anyone who questioned them right up until the point it became clear that the police had indisputable evidence.
That’s true, and the public anger at Smollett that I see as unreasonable might have to do with that suppression of questioning. But I think the anger has more to do with a) white people who feel defensive about being called racist and b) law-and-order types who are offended by the attempt to deceive the police. They are taking this opportunity to push back against a falsehood, even though it’s a stupid falsehood.
The story was just uncomfortable for me, so I felt relief when contradictory testimony was found. I live near Chicago in an area both white and black, and mainly left-wing. I didn’t dare bring the story up with my black neighbors, and never heard about it from them either, despite its high profile. It was a very self-conscious couple of weeks. In contrast, when Obama was running for office people couldn’t help talking about that, and the sense of pride was real.
There was really no benefit to expressing doubt either; actual tragedies and abuses (Laquan McDonald murdered by the CPD, for instance) are still fresh in everyone’s mind. If current events weren’t as horrific people might be more comfortable expressing doubt and maybe even laughter over a guy with basically a homemade lanyard around his neck.
>the state can deputize any company to snitch on the digital ephemera that constitutes our daily lives
this is not true, but in the way that makes your point much, much worse.
In the US, case precedent is already set that digital data that you don't physically own is not yours. IANAL, but my understanding is that the standards for digital search-and-seizure are lower for cloud services, not equivalent or (god-forbid) higher.
Right. But I suppose the thing is under it is conveniently (for the prosecution) consolidated under one company's umbrella, so I don't think it totally invalidates OP's point. What about companies such as Proton Mail? Would they just hand over all their data? I don't know. Honestly asking.
ProtonMail could, but it looks like just raw IP logging and most everything else is encrypted by design. I dunno if turning over those IP logs killed or maimed their warrant canary in the process.
Edit: obv PM’s canary is public and has disclosed they’ve released data to the Swiss courts, but it’s pretty much as advertised; ip logging is raw but the rest is encrypted.
Queue the Google alternative posts. This is some terrifying stuff.
> not just emails but also drafted and deleted messages; any files in their Google Drive cloud storage services; any Google Voice texts, calls and contacts; search and web browsing history; and location data.
The scariest part is that this amount of data access can be very effectively weaponized to build a strong case against anyone. All of us are inadvertently breaking some law or the other all the time. If the government doesn't like you for any reason they are one court order away from blackmailing you or putting you away.
Including Google. There was a well-publicized case in which they were "hoist on their own petard" a few years back.
What happened, basically, from memory, is that someone was arguing that Google did something wrong (I forget, but it might have been the collusion to keep down employee wages or something) and so there was discovery of emails by Google, and they eat their own dogfood so it was gmail.
So Google smugly said "hah, there aren't any incriminating emails", but then it turned out that the autosaved drafts of some of their emails were incriminating, and were preserved, and ended up being produced in court.
So remember that the next time you type an email or a forum or facebook post, and you revise it extensively before hitting the button to send it.
Well, after...Googling...it, there's a little more to the story. It was actually a fight with Oracle about the usual stuff (Java patents), and the email itself was covered by attorney-client privilege, and therefore didn't have to be shown to the other side, but the drafts slipped through by accident because, you know, the subject didn't actually say "Attorney work product - confidential" until almost the final version. And although there is something called a "clawback", the judge ruled that their attempt was too little and too late. "Your honor, it's devastating to my case!"
Basically, Google relied on an algorithm/search engine to screen for privileged documents instead of having lawyers review things the old-fashioned way and they got bit by that.
Agree. Why giving it all away to google then? I don’t get people who complain about privacy though insist on using a gmail email, chrome and make all their search on google, not clearing cookies regularly and using adblockers.
If the court gave a similar order to retrive similar amounts of physical (eg paper) information from your house, and anyone you happened to correspnd with it would be extremely notable and expensive as well as creating dramatic television pictures. Some of that is a deterrant to its abuse.
"Google, fetch" the scale, ease and speed of that is worrying. How is its abuse to be stopped?
Courts may or may not be corrupt, but regardless of that it hasn't historically been very difficult for authorities to find a judge to sign off on a very wide-reaching warrant (like this very case).
Yeah. We voluntarily give info to Google (most of us don't think about it that way, but we do). Google winds up with all this data. In theory, I don't have a problem with the authorities being able to get their hands on it, after getting a warrant. In practice, "getting a warrant" doesn't seem to be as high a bar as it should be.
And live how? Anything you use these days leaves a trail. You could be carrying a basic feature phone with nothing but email, use duck duck go, and still get hit by this.
Keep in mind that instant messages and voicemails, for instance, get produced in court all the time, and that has nothing in particular to do with Google. Calls made from jail are another thing that comes to mind.
(I am not a lawyer but) AFAIK there's no particular form of communication that's immune to discovery but for Google.
What's the difference between this and a normal warrant, where they take every scrap of paper and electronic equipment in your house?
If your objection is that it's weird Google has kept that data, sure. I get it, I use DuckDuckGo, Firefox, and I host my own email server on a VPN. I'm struggling to understand why this particular aspect is weird though. It seems totally normal that the government would seek this information as part of a criminal probe.
>How would that help? They'll just get a warrant for those.
If the business is not based in the US, it will make getting a search warrant much more difficult. Your (e.g.) Protonmail account is less likely to be subpoenaed than your Gmail.
Even if user data were seized, it would be impossible to decipher because of ProtonMail's encryption. Unlike Gmail or Outlook, email you send with ProtonMail is encrypted before it's sent to the ProtonMail servers.
It’s clear you have no idea what this actor did. He staged a hate crime in Chicago and the main cook county attorney dropped the case after CPD proved it was fake. With your radical views, where do you draw the line? Will you vote to protect criminals, child abusers, rapist? All in an effort for “privacy”?
Is this not a standard tactic for moving the bar of what's acceptable? Similar to the San Bernardino case (https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_d...), it makes sense for LE/Government to cherry-pick cases with defendants who have committed terrible crimes to create precedent for their new methods, as it's harder politically to take a position "defending" them. Defence of holistic rights can be painted as defence of a terrorist/racist/paedophile etc to score points.
It's clear you have made up your mind without the facts. Note the Tribune's reticence to come to that conclusion based on the actual evidence? I have zero opinion about it.
Separate to that this comment has absolutely nothing whatever to do with the parent comment, whether you agree with the parent or not. Rights should exist for everyone, not just everyone you happen to like. Whether this warrant has gone too far as the parent suggests and it is necessary to take countermeasures or not is the argument, not your feelings about someone accused of something which frankly have no baring on anything in such a discussion.
The source material, ie article published by the Tribune, was completely unwilling to come to that same conclusion in the story. So to me it seems more likely that it is in dispute on that basis rather than that is is indsiputable due to wholly unsupported comments here.
But again it doesn't matter at ALL. It has zero relevance to this discussion. None. No really.
Rights are especially important when they relate to people you dislike doing things you also dislike. That situation is exactly when you lose yourrights. Like maybe think about if that's is what is happening here.
Repeated assertion is no substitute for evidence. Good Soviet technique that one.
The Tribune refusing to come to the conclusion that such is a fact is a conspiracy? Something stranger? Could be, I guess. A less likely than an alternate interpretation of the evidence I've seen here. But i don't care at all about it. Zero.
It still has absolutely no baring at all on the discussion of rights erosion.
Whether it's Google, Microsoft, your ISP, a databroker, a webscraper, an unscrupulous app developer, or even your TV, I think it's safe to assume that one day or the next, every piece of content you produce, or topic you discuss will leak its way onto a major adcorp's servers.
I can hardly think of anyone I know that can't attest to the experience of discussing something as a non-sequitur, only to receive ads about it shortly thereafter. Even visiting an old friend with vastly different interests, never enabling location services, or connecting to their WiFi, I've noticed vast changes in my ad regime.
Decentralising your web activity can only make you less easily monetizable, but you'll never escape the panopticon, and Google can release data it got from third-parties just as easily as the data it collected itself.
If you want to say something you don't want Facebook, Amazon, MS, Google, or the state to hear about, do it in the woods or a private room away from anything digital.
The other week I was out in a National Forest hiking. I was about 6 miles from the nearest Forest Service road. I took a break and sat there eating a sandwich and looked up to see a camera mounted on a tree about 4 feet from me. I imagine some hunter put it there. I'm just saying that even out in the middle of nowhere, not near any paved roads, there are still cameras watching and recording.
>I can hardly think of anyone I know that can't attest to the experience of discussing something as a non-sequitur, only to receive ads about it shortly thereafter.
No way in hell that's true.
Things are bad enough, you don't need to make stuff up.
I'm working from my personal experience. If you've never had something similar happen, then good for you.
I'll admit that it's quite likely that advertising algorithms are sophisticated enough to anticipate our needs based on previous behaviours with uncanny precision and timing.
But I don't trust to that, given the proliferation of cheaply made gimmick apps which contain embedded third party ad libraries.
Since I have no way to verify either way, and my experiences are echoed by my social circle, I personally think it best to assume the worst of my device.
I will mention that a recent study* concluded that most apps with microphone permissions will not unduly access do so. This has been taken by articles I've read to dispel the urban legend of the listening phone.
But, given that the tests lasted 5000 random user events (at ~16mins), on a more or less clean device, and as the study says
"…we did not use pre-configured text
inputs, which vary across apps and require substantial
manual effort; instead, we relied on random interactions.
Accordingly, we miss some events that only human in
teractions trigger, e.g., in apps that require login."
I don't think it can be taken as an authoritative final answer. Especially given that the devices had no pre-existing identities apps to latch onto and inform about.
The study also looked principally at network traffic, with a focus on detecting conventional media formats. This is fine for detecting the transfer of visual content, and audio. But it doesn't account for the device itself listening for keywords, and reporting them, or partially resident models, which would perform their first few operations on-device, before transfering their outputs for final processing server-side (mentioned in their study's limitations section).
In the mean time: I think it would be trivially easy to verify: just take a rooted phone and log accesses to the microphone.
Somebody would've found that it's being activated when it shouldn't by now.
>I'll admit that it's quite likely that advertising algorithms are sophisticated enough to anticipate our needs based on previous behaviours with uncanny precision and timing.
Or it could be that among the hundreds of random ads we see online everyday one of two happen to be related to one of the dozens of conversations we had in the past days.
No worries, I look forward to your response. I honestly doubt either of us will be able to fully convince the other of our conviction, but it'll be worth the exercise to refine my position.
That's actually a pretty good idea. When I'm in a position to get a rootable handset, and have the time to audit my apps, I'll have to try it.
With respect to your second point, it's quite possible.
But I don't actually see much diversity of ads to begin with (typically tracking closely with my purchase and search history) so anomalies stick out like a sore thumb. But I'll be the first to admit that I spend a lot of time trying to figure out why I see what ads when, and I may at times overfit my explanations.
I'll never be able to prove the assumptions I make.
It is a phenomenon I've seen reported in the media, and it tracks with how I percieve my own experiences, as well as the experiences of my friends.
If it made no financial sense, I'd dismiss it. Likewise if I saw a study that convinced me beyond a shadow of a doubt, I would dismiss it. If there were legislation with teeth in my market to prevent it, I'd dismiss it.
But with the ubiquity of voice recognition, and the financial incentives at play, I just don't see a reason companies wouldn't leverage the tech for the purposes of superior ad targeting, and profiling, when they already go so far as to record our screens.
Most articles (like the one you linked or ) conclude that it's technically possible, but found no evidence of the microphone being used when it shouldn't.
>That's actually a pretty good idea. When I'm in a position to get a rootable handset,
I meant easy for any security researcher, to the point where one would've found something by now.
But if you have assistant or siri on your phone then the microphone is always on, so it wouldn't really be trivially easy to test.
The day before yesterday a work colleague asked me if I had read a particular book, the next day Amazon emailed me to recommend that book. Could be coincidence but what are the chances?
It can be a coincidence. You were probably asked or talked about hundreds of things in last week and noticed this one situation.
It can be just targetted marketing, perhaps your colleague googled the book or saw the book on Amazon after getting a random ad. Ad companies understand that if someone close to you liked a product, there is a chance you will like it to so they prioritize advertising similar things to those on your WiFi/location or background.
In any case, I find it very unlikely that our devices are listening to us talk and report it to ad servers. I doubt conspiracy of level to pull it off would be still a secret. It would need to have both Apple and Google engage in it, engineers working on it would have to keep silent, it should be virtually untraceable and so on. It's just much easier to explain as coincidence along with some targetting due to ads your social circles engaged with.
I imagine that being distributed makes it easier to obtain the data for a person. If a court can't get data on a user from the the main server's owner, they might go after more vulnerable server owners that happened to be federated with the main server (vulnerable, as in less disposable income for lawyers).
> the [US] state can deputize any [US-incorporated] company to snitch
FTFY. I don't believe they have the same legal authorities to compel companies incorporated outside of their country jurisdiction to do the same, correct me if I'm wrong. This isn't the same as a sharing agreement done as a diplomatic quid-pro-quo however, which I'm sure also happens.
It could but it's more than likely not. In this case a crime was committed and possibly covered up. As much as I agree with you to move to distributed spaces and increased privacy, I think Google has an obligation to comply here.
I believe Smollette staged this, but the state should not be allowed to simply get a year's worth of his personal data without cause. This tantamounts to unlawful search and seizure and a gross violation of his right to privacy, both guaranteed by the Constitution.
As much as I disapprove of Smolette, we cannot let the state overstep it's boundaries and jurisdiction. They'll have to prove it while being compliant with the Constitution
if you were a witness or had a document that proved he was/wasn't at x place, you, as an individual, would be forced to testify. Maybe this is way overbroad but odds are that Google knows what happened, either by location data or via a search. I think Google should NOT be able to keep this data so such requests are mute by definition.
I have no problems with search and seizure that is backed by irrefutable "probable cause". But one year?!! Why not his entire life? The courts are stretching common sense definitions of "cause", and simply fishing for anything to nail him
As for Google, while I agree with you, the reality is that their business model relies on personal data, and we're none the wiser continuing to use them despite this knowledge. How many, even within the HN community, will bother transitioning away from Google, after reading this?
The supposed assault on him took place slightly more than 11 montha ago in January 2019, and there's evidence suggesting he was plotting it in advance of that date. He sued the city of Chicago claiming malicious prosecution in November. One year about covers the time period where there is definitely going to be evidence related to this.
The year is due to the possible length of planning. I have heard through some channels that they believe he has been working himself up to it for a while.
In January of 2016, he performed "Strange Fruit." In 2017, he released a music video featuring a fake Trump, "alternative facts," and a noose. I haven't dug into it myself to verify, but I had heard in 2018 he and Kamala Harris were around one another on some kind of anti-hate-crime bill rally. I am less sure on that one.
Now, I am not sure how much actual planning (detailed plotting) went into it, because as hoaxes go, it does not seem especially well-executed. Downtown Chicago as "MAGA Country" is especially far-fetched.
The entire premise of our Justice/legal system is not to nail someone at all costs, but to do it within the bounds of the law. More is obviously good for the state, but not the legal, ethical, moral way to go.
On the flip side of the loss of privacy: location and similar data can be used as a solid alibi if you are accused incorrectly.
How many people have been silently tagged as innocent because of their data stored?
That said, ersonally I find the loss of privacy abhorrent, especially because I have fuck all rights in the US (not a citizen, so the US government and US corporations can abuse my personal information with very little recourse from me or my own government).
Unfortunately, our website is currently unavailable in most European countries. We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market. We continue to identify technical compliance solutions that will provide all readers with our award-winning journalism.
When convenience comes back to bite you in the ass. I’m interested to see if and what Google releases and if there would be any different if Apple was asked to release the same information.
Does the “Ad” company have more data on an individual versus the “privacy” company? Or does it actually depend on the user opting in to give this data to said company?
The iPhone unlocking for the mass shooter was slightly different -- FBI wanted them to create a new tool (that did not exist) to unlock an existing phone.
This sounds more like a fishing expedition than a typical search warrant. I expect that Google fought or is fighting this request as stated as they have for others in the past.
"And if we believe a request is overly broad, we seek to narrow it -- like when we persuaded a court to drastically limit a U.S. government request for two months' of user search queries."[1]
If they refused to hand over 2 months of search queries, I guarantee they didn't just hand over a full year of all user data.
For anyone like me who didnt know about the case, this info is burried half way down the article:
>
Smollett reported that two men attacked him near his high-rise apartment in the Streeterville neighborhood on a frigid night last Jan. 29, slipping a noose around his neck and shouting racist and homophobic slurs.
Jussie Smollett files counterclaim against Chicago saying prosecution was malicious »
Smollett’s manager — whose Google account information has also been ordered turned over — called 911 to report the attack and met responding officers in the lobby of Smollett’s building. He can be seen on body camera footage reaching toward Smollett to grab the noose around his neck with disdain. “The reason I’m calling (police) is because of this s--- ,” he said.
But Smollett eventually turned from victim to suspect after an intense investigation by Chicago police detectives who used two brothers’ cellphone records, internet search history and text messages to corroborate their story that the actor paid them $3,500 to stage the attack.
Prosecutors alleged that Smollett staged the attack because he was unhappy with the “Empire” studio’s response to a threatening letter he received at work a week earlier. Chicago police took it a step further, accusing Smollett of faking the letter as well.
> not just emails but also drafted and deleted messages; any files in their Google Drive cloud storage services; any Google Voice texts, calls and contacts; search and web browsing history; and location data.
I've always assumed my email, Drive, Voice info, calls, contact lists, etc would be obtainable by a warrant.
But I wonder if Google would turn over things like browsing and search history, even if you never browsed while logged in to Google or searched, and also had explicitly turned off storing of this data in your Google privacy settings.
There is no doubt in my mind that Google, through the use of 3rd party trackers from "partners", analytics, and correlation can easily match my non-logged in web history and searches with the same computer and IP used when I log into Gmail or Maps.
Supposedly they don't tie this global "advertising profile" to your real identifying Google account, at least for the data provided to advertisers, but I would think it'd be trivial for Google to collect it all - every web page visited and for how long, every search you've made - and turn over the vast majority of it to the government, upon request.
In other words, Google probably does know nearly everything you do online, logged in or not, at this point.
Things like this are why I think that as time goes on storing PII is going to be seen as a cost rather than a benefit to companies... It'll take several rounds of public outcry to shift the mindset though.
Most of this nonsense could have been dispensed with if the original prosecutors hadn't tried to make the whole thing go away when it became clear that the original narrative was fraudulent. Hate crime hoaxes are terrible, because they undermine credibility when the real thing does occur. For that he ought to be nailed to the wall.
I imagine that for pretty much each and every one of us, a full year of data will yield something actionable by law enforcement or at least by traffic law enforcement. Who didn’t speed once (even while flowing with the rest of traffic)?
If we include dhs, then who, knowingly or unknowingly (go ahead and prove that) did not spend a few moments in proximity with persons of interest?
“Give me six sentences written by the most honest of men and I’ll find a reason to hang them” is more relevant than ever and I’m just imagining how much more can be found in the full surveillance trail of google services.
Suddenly the inconvenience of moving to an encrypted email provider like ProtonMail doesn't sound too bad. I don't particularly have anything to hide, but I'm sure a prosecutor could find something suspicious in my emails if he looked hard enough.
It wouldn't make my email completely inaccessible to the government (they could subpoena the sender), but would make it a lot less convenient to go on a fishing expedition.
For all people writing "is this different from physical documents?" the answer is yes. You have to think a little bit further than tomorrow. This is the perfect step for a totalitarian police government like China.
You don't want the government to control your money with taxes and your health with social insurance, so why do you want it to control every aspect of your private life?
As I understand it, in summary: someone filed a police report, the police suspect the person staged the incident being reported (so now they're a suspect themselves) and subpoenas their data.
Okay? This is news, how? Should I know the person that allegedly staged it, or is it new that a judge approves a search warrant that allows time-limited access to a suspect's data? Does it matter that they're an actor? (An overloaded term that makes the title quite unclear)
And a little meta: should we change the link to something everyone can actually read or do we want to keep this discussion limited to people from certain continents?
Interesting that commenters are talking about overreach with data collection. I'm not sure if that's in the article because the paper in question blocks people in the EU out of a desire not to comply with privacy laws. A little ironic.
at what point does this projection of judicial power against individuals in the name of safety (whose safety? whats really at stake here even?) become terrorism?
Are you trying to say: "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." ?
Become terrorism? To answer that we'll first need to define "terrorism".
There are over 109 different definitions of terrorism. It is not only individual agencies within the same governmental apparatus that cannot agree on a single definition of terrorism. Experts and other long-established scholars in the field are equally incapable of reaching a consensus.
A bit of an aside. Terrorism is a useless word now besides its propaganda value. The USA just declares whoever they don't like to be a terrorist, like how they just did to Iran's army, and now apparently they can legally assassinate any Iranian soldier. What's funny is Iran wants in on this propaganda game now, they designated the US army as terrorists.
I don't think it makes a whole lot of sense to talk about "assassinating" soldiers any more than "terrorist attacks" on them. Those are things done to civilians by definition. We certainly don't want to promote the idea that "collateral damage" is necessary for a military operation to be ethical.
I think terrorism has a perfectly good definition - political lobbying/influence "by other means" than conventional politics, i.e. attacking and terrorizing civilians. Doesn't matter who does it or how exactly.
Maybe the US government doesn't exactly use that definition, but that doesn't mean there is no such thing as terrorism.
So, that's who this general was, an Iranian visiting some Iranian country? Was he there to see the fjords?
Anyway, telling me what I would think or say is unacceptable in a civil conversation. If I write something, you can assume I mean it, or you can disengage if you think I'm trolling.
If you're going to take my comments as justifying US actions, perhaps they can be taken that way, but they may apply to retaliation as well, no? Is there much of a gray area with military personnel in Iraq right now, who aren't Iraqis?
What if it comes out that he was coordinating with the Harris campaign to help get her anti-lynching bill passed which had been dead before the incident due to extremely low rates of lynching in modern America? They attended protests together and were at least familiar if not friends.
while no doubt this is grounds for jail time or fines, do you think a search of this depth is warranted? And how is that not wasting way more police time?
No I don't think it's a good reason to do such an invasive search.
Though I also don't think they should just drop the investigation if they have evidence there was a real crime committed (the false police report). I sure don't know anyone who committed a felony, got busted, but then was allowed to just walk away because it was a hassle to prosecute them. As for the effort, I'm sure they have some digital forensics tool that will search anything for them these days. Probably just one case among many that one person is working on at this point.
its not civil to call people lunatics because of their beliefs. and yeah, i said terrorism because it is a completely fickle, undefined term yet governments can use it to instill all kinds of violence. but when ordinary people use it they "have to define it". i can see the double standard.
It's not civil, but people basically have no idea how courts work and that discovery is a thing.
So "spectacularly ignorant" might be a better alternative to "lunatic", but that isn't polite either.
It's kind of like how Matt Levine was making fun of Carlos Ghosn today for saying "I was brutally taken from my world as I knew it".
``Yes, right, that perfectly and exactly describes the experience of every single person who is arrested and sent to jail. Very few of them like it! And he’s not wrong, it is a bad thing to take people away from their friends and families and everyday lives. It’s just, you know, that’s kind of the deal, with jail. In general society does not seem especially responsive to arguments of the form “I do not want to stand trial for these crimes, because I’d rather hang out with my friends.” ''
> but people basically have no idea how courts work and that discovery is a thing
are you saying that courts have become so opaque and inaccessible to voters that they exert their power as an impenetrable cabal ? Or that people need a PhD to assess whether the law or its enforcement is good or bad?
That's still really really bad, since everyone needs to know how the laws that they interact with works for a functioning democracy, but nobody who uses a website needs to know how the code is written. Courts should be orders of magnitude more accessible to people (especially in a country where people are tried by the jury of their peers!) than anything even remotely involving technology to the extent that a comparison between the court system and javascript doesn't even make sense.
this is why many companies have no record of their own internal emails/conversations over a year or two. This is to cover their own tracks in case they get sued. I wonder if there are any email services where you can actually delete your data if it's older than some period?
This is a court-authorized search warrant authorized by a aitting judge. It doesn't get any more legal than that, and it's Google or any other company's legal duty to comply.
It certainly can get more legal than that -- Google (or the target, if they somehow found out) could appeal against the warrant, which would result in another round in the courts.
More optimally Google could decline to collect this information and would thereby be immune to any such requests.
When it comes to Gmail they could take an approach like password managers where the user's password is instrumental to decrypt the data and Google lacks any manner to circumvent the encryption - they just choose not to.
I would be all for Google not collecting this info -- that's what I've always done in my startups. Privacy by design is a great thing.
However, my point was that the comment I replied to was factually wrong -- there is legal action Google could choose to take instead of immediately complying.
I agree and didn't mean to directly go against what you said - but I wanted to make sure it's highlighted and known that Google exposed themselves to this risk voluntarily.
I don't know why you think there aren't any legal restrictions - this wasn't a random LEO going cowboy and trying to hack into google, a judge directly ordered this action and signed onto the warrants.
I mean as far as privacy is concerned. They were able to request all text messages, documents, location data, voicemails without any stipulation that they were relevant to the case.
Well, yeah. They have to go through them to determine if they're relevant. Same reason a physical search warrant will let the cops seize a vaguely defined bunch of stuff from your house.
"Unfortunately, our website is currently unavailable in most European countries. We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market. We continue to identify technical compliance solutions that will provide all readers with our award-winning journalism."
It's 2020 and american websites still go the "We'd rather block you alltogether than tell you what we do with your data" route.
> "Unfortunately, our website is currently unavailable in most European countries."
- Lawmakers are happy that the company complies with regulations.
- Website builders are happy because they don't need to spend extra effort for no extra profit.
- End users are happy that their data isn't being harvested.
- The company is happy because they are complying with regulations at no extra cost.
Seems like a huge win for everyone involved. /s
TBH it's Chicago Tribune. I bet 99.95% of the articles there aren't interesting for someone in the EU. A good part of them aren't probably interesting even for an USer living outside the Chicago area.
I'd certainly never consider visiting normal US news sites unless - like in this case - they were linked to by HN or some other aggregator I do frequent.
Thus, it really makes no sense for them to comply with the GDPR.
I understand the logic, and can't say I'd take a different decision in their case. As a UK fan of another NFC North team, not being able to read the Chicago Tribune (without workarounds) is moderately annoying.
What I'm wondering about is: If you're not targeting an EU-audience, and you therefore might not even have servers in the EU, and certainly don't have EU-based revenue streams - why do you even care? Can an EU court even do anything in this situation?
IIUC, you can be a US expat living in the EU and the GDPR still applies.
Even then a non-EU company may not explicitly target a EU audience but EU moral or physical person may still find interest for whatever personal reason and still be protected by GDPR.
As for jurisdiction, I suppose such conflicts are resolved using international law, but if a company is reachable from the EU by individuals protected by EU laws I’m pretty sure there is applicable jurisdiction (not saying it’s an easy thing)
Sometimes it’s a matter of making a point. I mean, who likes the cookie law (and bear in mind that US people don’t even see it remotely as frequently as europeans). Some people just want to send the message that EU is going too far.
> 2. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:
> (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
> (b) the monitoring of their behaviour as far as their behaviour takes place within the Union.
This makes perfect sense from the perspective of some old politician: It's like shooting someone over the country border. It fails to address the fact that unlike in physical space, on the internet it's not that obvious to see where someone is connecting from (in fact, it's impossible to really say with complete accuracy)
But in my opinion, it's not the wrong choice to assume that, if you're operating on a scale where you can spy on your users and sell their data, you'd be capable of figuring out whether they're in the EU. And, honestly, it's not hard. There's third party software that you can just embed in your website and it automatically generates the cookie warning and even blocks cookies until you've accepted it.
It’s certainly much cheaper to simply block European users than to pay a lawyer to tell you what you need to change and then pay a programmer to implement these changes.
Blocking the few European users is probably the right decision from an economic perspective.
GDPR adds a lot of regulatory red tape to things that were previously simple. It is not only for nefarious reasons that you might want to avoid GDPR.
Want to store logs? Now you need to make sure you're scrubbing any type of personal information from the logs. Want to use a third-party service? Now you need to make sure that you are using their GDPR-compliant plan, and that you are using their Amsterdam endpoints. Maybe you need to renegotiate your contract with them.
Yes, but if you are logging the IP for spam prevention, security tracking, etc, then you are in the clear per Article 6, section 1, point f [1].
However, you can't also use the IP for fingerprinting, ad targeting, etc, without acquiring informed consent, per section 1, point a.
You can put the IP in your security logs because that is necessary to secure the service. Just have a routine to scrub the logs once they are too old to be useful anymore.
You can't put the IP in your shadow profile database and sell it to shady marketing companies, unless the user has explicitly agreed to that.
The question isn't only whether something is personal information or not, it is also a question of what you intend to do with the data.
Article 6 establishes lawful purposes for data processing that do not require consent from the data subject. All other provisions of the GDPR (including, but not limited to, the maximum time you are allowed to hold the data) apply, since it is still Personal Data. The only way to avoid having to deal with GDPR entirely is to collect absolutely no Personal Data, which is almost impossible unless your web server has no logs.
Not exactly; it's up to the judges to decide whether IP addresses count as personal information as defined by the GDPR (in my opinion they're not, but I can see why one would think differently), so the flaw isn't as much inherent to the GDPR as to the fact that people just don't understand the internet.
While the wording of the Recital leaves some ambiguity as to whether an IP is automatically Personal Data under the GDPR, its specific call-out would make arguing that it is not difficult. This would particularly be the interpretation of American lawyers, who tend to assume that no connection is too tenuous to be held against their client by a shrewd prosecutor or regulator and will thus advise their client to treat all IPs in all situations as Personal Data.
> Want to store logs? Now you need to make sure you're scrubbing any type of personal information from the logs.
What?! I'm not allowed to store my users name, address and credit card number in my unencrypted syslogs anymore? HOW DARE THEY, THOSE DAMN BEUROCRATS!
Seriously though, while there are problems (like IP address being considered personal information, which they really aren't), the general idea is very positive. You shouldn't be able to store just any information of a person that only gave you this data for a specific purpose. Servers do get hacked, employees do abuse their access to systems and old hardware doesn't always get disposed of properly.
When I'm done using a service, I want my data gone from their servers ASAP, no buts.
on the lighter side, I do a lot of cooking and I always laugh when I visit a baking website and I get a popup that warns me about the cookie policy. Because of the context, my brain first goes to "I wonder what the recipe is for those cookies."
It’s not obvious if a site is geolocked. I know Bbc is blocked in China from experience, but I wouldn’t expect that others would know. Hacker news is available in China (at least last time I was there).
The difference between BBC blocked in China and Chicago Tribune blocked in the EU I’m my opinion is CT actively block the EU because they don’t want to deal with the GDPR but China blocking the BBC is a decision outside of the BBC’s control.
I was just comparing the two sites. I'm not saying Geo-Blocked sites should be banned on HN, As I said in another comment, I think the same rule that applies to paywalls should be applied to to sites that geoblock themselves (Not being geoblocked by a goverment which the BBC is in China).
If their are workaround for a paywalled site then its allowed on HN. So if their are workaround for the geoblocking (outline, google cache, archive.today, etc)then I think they should be allowed.
As for how you will know if a sit is blocked, the same way people find out about soft paywalls, the comments will tell you. Its not like a crime to post paywalled sites to HN.
It’s like paywalled sites. If it’s a soft paywall with known bypasses they are generally allowed on HN. If their are known bypasses for sites that geoblock (outline, google cache, archive.today) then I think the same rule should apply.
I’m in Europe on vacation, and while GDPR seems to be a good thing, there is nothing more annoying than a cookie policy pop up for every single site you visit. I know what cookies are. I know how they are used. I don’t need a reminder every time I visit a site. I think they way over shot their goal there.
You don't need cookie banners; they're only mandatory when you want to track your users, so when you see one of those on every website, it just means every website wants to track you.
Also, if people are trained to just click them away, that's not really that bad, since tracking has to be opt-in, so if you click the banner away, you don't get tracked by default (that is, in theory; the reality is, many websites disregard this completely and have tracking cookies enabled by default)
> You don't need cookie banners; they're only mandatory when you want to track your users, so when you see one of those on every website, it just means every website wants to track you.
Why does the European Commission's website want to track me? They have a banner, too. In fact, I have yet to visit an EU government website that doesn't have a banner.
analytics are fine as long as you use GDPR compliant anonymision of the users data. But it’s easier to just ask permission.
You can also run ad’s asking as you are not using targeted ad (which you are allowed to use if you ask for permission)
There are invasive ways of asking for such permission. Sites that do full take overs of the site or persistent bars that follow you around are just trying to annoy the user into clicking agree.
It's training people to ignore those altogether and click "allow" on everything out of frustration. They should have gone with a strategy focused on browser controls. Mandating browsers block 3rd party cookies by default, for example, with explicit opt in.
The cookie policy popups are, at best, an intentionally annoying way of complying with the GDPR or not compliant at all at worst.
GDPR has the great idea that you shouldn't be tracked unless you consent. The popups are a way of forcing consent because users just click through them. However, the default should be that you're NOT tracked and opting in should be explicit, which possibly means all those popups that begin tracking you after one click are not compliant. Then I've also seen sites where opting out is difficult - there's a hard to find link that takes you to some settings page where you need a dozen clicks to disable tracking cookies. That's definitely not GDPR-compliant.
Despite the practical annoyances, I direct my frustration at the cancerous advertising industry that has turned the Web into a giant ad platform, and so the industry is very intentionally undermining GDPR protections.
Eh, no. Cookie warnings were a legislative failure that was fixed with gdpr. But they trained users to click without thinking. So now many companies do disguise the explicit consent to enable tracking to look like the old meaningless cookie pop up. But they're legally a completely different thing.
The stupid thing is that GDPR says nothing about requiring those policy pop ups, that law was discontinued (amended) when GDPR took effect. But no requirements for these pop ups remain
The main change GDPR brought to it (as I understand it) is that it introduced stricter rules about how consent works. But even though GDPR doesn't specifically require cookie warning, it does require that you get informed consent from people before you store personally identifiable information about them; in many cases this effectively means getting their permission before using tracking cookies.
So tl/dr, it's primarily PECR that covers cookie handling, but GDPR also plays a role.
It’s 2020 and the EU still thinks more bureaucracy is the way to go. I am not entirely sure US websites should necessary spend more to accommodate GDPR, which itself should be revised and made less inconvenient.
You only need those pop-ups if you are using cookies which are not "technical cookies".
If you are using tracking technology based on cookies or anything that collects information specific to a user, you will need to show the cookie banner and give an opt-in. Otherwise tracking/analytics is not allowed.
So... Every site you see this banner on has some dead bodies in their cellar and wants you to move on and not take a closer look. Just click "Accept all" and everything will be fine...
This is technically correct from a legal point of view. But it's a different story when Google threatens to delist your website for a missing cookie popup.
Sooo... the american megacorporation is a bigger problem than the european buerocrats? Who would have guessed (That's a rethoric question; I would have guessed, as well as most people from outside the USA)
If I don't want cookies, "technical" or otherwise, I'll browse incognito mode or block them by some other means. I don't need a European bureaucrat to get involved. Thanks.
If I don't want trichinosis, "medical" or otherwise, I'll just cook my pork extra well or remove parasites by some other means. I don't need a USDA bureaucrat to get involved. Thanks.
> I don't need a European bureaucrat to get involved. Thanks.
My 70 years old grandma or 12 years old cousin do though. Of course as tech people we know how to bypass most of the tracking happening on the web, that's not the case for the average user.
As others have mentioned these notices are not for "us". "We" are the ones that _love_ to setup their own PiHoles, tunnel everything through some self-hosted VPN spread over the world, running adblockers, script blockers, private mode browsers, do not track-settings and so on. We're just fine. But the others are fucked. And they need laws and notices so they don't get screwed.
This is not due to the GDPR, but the "cookie directive" (2009/136/EC) And there are a lot of ways site operators could avoid those popups or make them non-intrusive, but they choose to ...
The thousands of Euros spent on lawyers and development time to become compliant, plus all the time wasted.
Really a great accomplishment by the EU... in addition to clicking a shitty "I accept cookies" banner on every damn website I visit, I now frequently also have to click another popup for GDPR and multiple checkboxes for GDPR when I signup somewhere. As if anyone ever bothered reading those.
As far as I'm concerned, it's all just a huge waste and the internet was better off before politicians got involved.
I bother reading those, and it's my fucking right to do so, as well as to stop using a service if I don't think it's worth the data they're taking as payment.
Arguing that I shouldn't have that right, because it bothers some people is like arguing against price tags because "they're annoying" and "Who looks at those before buying something anyway?".
And no, you don't click "I accept cookies", you click something along the lines of "I accept necessary cookies plus everything I've explicitly enabled", otherwise site is not GDPR compliant and you can just report them.
The GDPR pop up is NOT just a pop up (not if you are following the law). If you are a data controller and you believe that the GDPR is just a pointless pop up you should consult your lawyer and see what they say.
Unless I remember it incorrectly, GDPR doesn't even apply to websites that don't target EU citizens; so it really doesn't affect US websites that are clearly aimed primarily at the USA, just because some EU citizen might use it as well.
And if a foreign website wants to expand into the european market, then yes, no matter its country of origin, it will have to follow EU rules.
So, in conclusion, geoblocking the EU is just plain stupid.
It’s a bit more complex than that. Are they doing business at all in the EU (for a news site, do they have correspondents in the EU?) are they selling extras to the EU (can you pay for no ads, can you buy and they will ship merch to the EU?).
Yes, there's nothing wrong with that. If you take money from EU citizens, then you can be expected to treat at least them in accordance with european standards. If you don't like it, then we don't want your busyness, as simple as that (even though that might not be the position of every citizen, it's essentially what GDPR states)
I chose to shorten the title in the way that I did because I hoped it would help focus the discussion on the civil liberties and surveillance aspects rather than on the specifics of Smollet's case. Happily, based on the comments so far, this seems to have worked.
I also worried that if I used his name, it would be flagged as off-topic before any useful discussion could happen. Does this explanation this match your assumption? One of the odd things about "we all know" is that often enough, we don't all know, or even agree.
I would have preferred "Judge orders Google to turn over a full year of Juissie Smollett's data". It would be more informative, but it'd further damage the liberal narrative that Jussie was "attacked by the right" and "Trump supporters are racist". If you were to run a poll, I bet a non-trivial percentage of people still believes Jussie was attacked - people do not read retractions, and once the truth came out, this was swept under the rug within a week.
And you're right, if you did mention his name it's likely that your submission would be flagged and dismissed out of hand, just like this comment will be. So you chose to self-censor instead.
Why would it damage the liberal narrative? Wouldn't it add sympathy to him (given that most of the comments here are against the idea of Google getting access to his data)
I really think you are overestimating how many people have heard if this guy (who seems pretty dodgy) and are looking for reasons to be offended here.
Seriously? You are stalking me now? In which world is that good behaviour and why do you think it's relevant?
I hadn't mentioned arson because it's stupid. If you go stalk my HN comments you'll find I talk about it there and ironically I did write something about arson, around about the time you wrote this: https://mobile.twitter.com/nlothian/status/12151167074522439... - the short version is that every year roughly 50% of the bushfires in Australia are deliberately lit or suspicious, and there is nothing to indicate this year is any different.
And seriously? Are you really trying to somehow tie Australian bushfires to some wacky case in the US? What is wrong with you?
To make it clear: assuming the impression I get from this report then I think this actor guy should go to prison for false reports. That still doesn't mean I'd ever heard of him before.
I'm actually NOT sure why. I assume it's because we are unlikely to recognize the actor by name, so they are labeled by their profession? Or is there some other reason? Not being rhetorical. I don't know who Jesse Smollett is.
OP (nkurz) explained that he wanted to focus on the civil liberties and surveillance aspects rather than the specifics of this person's rather famous case.
I'm not in the US and had never heard of him. I did a Facebook search restricted to "Your Friends" and another restricted to "Your Groups and Pages" and there is zero coverage.
I think people are overestimating how well known this guy is.
Same here (I live in Romania), never heard about the actor and I think I have only read some general stuff about the case itself on reddit some time ago, but I didn’t give it any importance. Not to mention that me living in the EU means that I couldn’t read the posted article at all.
The title is "Jussie Smollett investigation: Judge orders Google to turn over a full year of the actor’s data as part of special prosecutor probe" which seems to include the the actor's name?
But then again, we all know why that is.
I don't know who Jussie Smollett is (other than this story) and I'm completely in the dark what this is supposed to be implying.
Maybe you are seeing headline optimisation? Is that what this is implying?
Edit: Or do you mean the HN headline? The current headline here is "Judge orders Google to turn over a full year of actor’s data" which seems completely reasonable given the length restrictions.
Again - what are you implying? Is there some legal restriction on knowing his name?
It intersects with our upcoming presidential election. Two of the candidates (Cory Booker and Kamala Harris) were trying to pass an anti-lynching bill, as if lynching wasn't already illegal many times over, and then very conveniently Jussie Smollett has his fake lynching. He's an actor. He knows both of those political candidates. He'd be perfect for the job. Kim Foxx (with connections to both candidates as well as the Clintons) and Tina Tchen (with connections to Obama) worked to get the charges against Smollett dropped.
But surely a fake report as obvious as this appears to be would be obvious to catch? I guess you are probably right about his motives, but he seems spectacularly dumb.
There's folk from all over the world here, I don't have a clue either. I could probably Google a bit and figure it out. However, I still. believe that legibility of arguments or opinion is the responsibility of the author, not the reader.
Those who say that this is justified because warrants were obtained seem to miss the point that state’s ability and desire to gather information has grown exponentially over time. And that’s why we need data protection laws, alternatives to Google, and other privacy measures.
The philosophical concept of embodied cognition is a good place to start on this issue:
https://plato.stanford.edu/entries/embodied-cognition/