The Register's article is a complete shitshow in emulating the confusing language from the lawsuit. Luckily the complaint itself [1] refers to an Ars Technica article from 2021 which finally explains a bit more [2].
Thanks for finding that. The Ars Technica article is actually informative journalism. The The Register article just leaves you confused about what's real and seems to focus more on who's involved than what's happened.
Really creepy that Google is willing to work with governments to force install apps like that. Makes me think nobody should run stock Android.
edit: I think it’s also worth pointing out that they are not suing for money (only lawyers fees and $1 nominal fee), they are just asking the government to stop working with google to install covid tracking apps that users cannot uninstall.
I've taken that bit out of the title—its polarizing effect on discussion is so dramatic as to count as linkbait. (Yes, it would be the same the other way).
No, they're just asking Google to stop installing apps that include the configuration for where to report COVID cases and where to get COVID cases that you were close to from. Users can uninstall the app, and the tracking happens outside the app.
Why is that surprising. What Massachusetts and Google did is bad. This awful Koch funded group filing a class action lawsuit is also bad. Both are bad.
edit: you ought to read the actual lawsuit - https://nclalegal.org/wp-content/uploads/2022/11/Complaint_W... before you make mistaken claims like "they are just asking the government to stop working with google to install covid tracking apps that users cannot uninstall". They have other goals.
Don’t you ever roll your eyes when you see a headline with “Soros-funded group does X” in it?
No. I try to ignore headlines because they are a waste of my limited time and intentionally provocative. I read the articles sometimes, though. In this case, it is a strategic lawsuit, leveraging a popular and reasonable cause (what Massachusetts and Google did was wrong) in order to incrementally weaken precedents towards other, mostly unrelated, goals (also wrong).
edit: The way groups like the NCLA operate is by weakening protections in a quiet way under the guise of populist and popular causes. I won't defend Mass or Google, because I don't agree with them here, but it does not follow that I should support the NCLA suit.
Which precedents? Governments getting to install arbitrary apps for "people’s own good"? Or making it difficult for gov/big tech to exploit an emergency to expand surveillance, that conveniently sticks around after the emergency ends?
Thank you for linking the actual lawsuit earlier, I found it informative. That said, I'm trying but I'm not seeing what 'precedents' they're weakening, other than that the government can't force install tracking apps on one's phone without consent.
Seems like they ask for a lot of declarations that this was unlawful and they shouldn't do it again, $1 in nominal damages, and attorney's fees.
What sinister plans am I missing here?
Just for reference, I voluntarily installed a Covid tracking app on my phone.
You can agree that something is wrong, but disagree strongly about why it's wrong. To show standing, you have to have injury, causation, and remedy. You might hear about people bring civil cases for violating civil rights instead of wrongful death. This is a legal tactic to get the best changes of a desired outcome. You can see the nature of what NCLA is after in the claims for relief on page 25 and relief requested on page 33. The claims of violations of 4th and 5th amendments and CFAA (counts I, III, and VII) and relief Requested c-g are what I think you're missing. Privacy violation? Fine. Injunctions? Declaration it violated MA common law? Costs, expenses, and fees? Fine. The rest is seeking strategic precedents. It's a part of why they only seeking nominal damages of $1.
You may have to clarify a bit more about what's wrong with the precedent they seek. Stating that it's bad to force install apps on one's phone that track them doesn't seem very abuse-able to me offhand.
Not sure what you're saying about standing, either. Seems like they've at least plead to a reasonable injury that the state should have jurisdiction over based on acts caused by the state & Google and they list various remedies. Now the other side can argue with all of that, but the pleadings don't seem obviously defective to me.
FYI the comment replying to this one is a different person than the one this one is replying to, also you didn't actually answer the first, more pertinent question you're replying to.
The register isn't a news site but a news aggregator. They are a bit like the IT version of Zero Hedge, where they dig up interesting factoids and then add their own short editorial, often inflammatory/sarcastic/humorous. IIRC, they have only editors on staff, not reporters. The little entertaining summaries and story selection is their value add, as they don't write the stories so they aren't going to give you the details.
Ugh, I hate it when articles leave out the most crucial information, namely:
1. How did Mass install these apps in the first place if it was "clandestine" as the lawsuit alleges?
2. Google is not in the business, generally, of just giving access to private data to government agencies just because they asked. Was there some sort of legal requirement or court order involved here?
In other words, I'm taking this whole filing with a giant cup of salt until more details are available, never mind that legal filings are by definition highly biased to the side being represented.
1. Some background process, probably part of Google Play services, installed the app. Users were not notified that the app was installed. Eventually the app, once already installed and running, would put up a notification asking if the user wanted to participate.
The app was intentionally subtle, in that it had no application icon, which would presumably make it very difficult for user to disable contract tracing if they had enabled it. If you managed to uninstall the app, it would get reinstalled silently again.
2. The lawsuit alleges that there was no legal requirement or court order. Even if there had been, the lawsuit argues that the conduct would still have violated federal and state law and constitutions.
It is really pretty shitty, and, IANAL, probably is/was illegal, with the caveats that (a) I'm not sure whether Massachusetts or Google or both should be considered responsible; and (b) they might try to argue that a user's acceptance of Google's ToS and privacy policy constitutes permission.
> 2. The lawsuit alleges that there was no legal requirement or court order. Even if there had been, the lawsuit argues that the conduct would still have violated federal and state law and constitutions.
I would think the lack of a legal requirement or court order would actually absolve Massachusetts, as it would leave the responsibility resting on Google. Surely within the terms of Play store etc, Google has the power to do anything they'd like to your device and personal information. And that power extends to Google's actions when working with other parties.
I'm most definitely not a fan of mass surveillance or centralized control. But running an operating system developed by a surveillance company, to which they have multiple backdoors and frontdoors, is fundamentally a surrender to these terrible things.
The main thing that makes this different than every other Google update is that the government of Massachusetts was also involved, for a "greater good" public health purpose rather than the usual lucre.
Now, if we had real privacy protection (either legislative or common law) to the point that processing individuals' private information were illegal, even regardless of any contracts purporting the opposite, then there could be a claim. But something tells me this suit isn't looking to go that far.
It seems just moderately shitty. They did it with good intentions and there is no indication they misused the data. Despite that, clearly a mistake and some form of lawsuit is warranted. I guess "disappointed and hope they learned their lesson, what a crazy time to live through, I am happy we can all move on" doesn't drive engagement.
Nothing they did nears being as shitty as what the "Civil Liberties Alliance" represent. They are a bunch of bought and sold lawyers that trick us little people into believing they are pro-freedom with stunts like this, when their actual goal is deregulating in the context of worker safety, environmental, and food and drug safety to increase profits of industry. They get the votes they need for this from the evangelical movement, who they pay back by pushing for a radical reinterpretation the first amendment. Their end goal is a religious state with unregulated, unaccountable capitalism. To call them monsters is unfair to monsters.
Not everything requires a good guy and a bad guy. "Everybody Sucks Here" applied here.
> They did it with good intentions and there is no indication they misused the data.
There is a very old proverb from Abbot Bernard of Clairvauxin in the 1100s that is still applicable today, "The road to hell is paved with good intentions."
Wait ... what (?) ... 'good intentions' are not very relevant here.
I don't care what Koch's other objectives might be, this is an ugly transgression of people's rights.
Arbitrary government surveillance is an incredibly bad thing and a very slippery slope.
We're witnessing governments around the world establishing '360 Surveillance' for all sorts of 'socially positive!', but ultimately dubious reasons.
If the government had specific reason to grab information about a specific person and a lawfully obtained warrant given a specific set of circumstances - then yes.
Or if we're talking the government buying generalized anonymoized information that is publicly available otherwise - then yes.
But slipping spyware onto phones is straight outrageous.
I'm generally a communitarian type person who believes we ought to step up and do the right thing as citizens but even I recognize this as the slipperiest of all slopes irrespective of their reasoning, and I can't fathom the tone of the comments here given that this is HN with usually a distinctly more libertarian-ish leaning.
"Not everything requires a good guy and a bad guy. "Everybody Sucks Here" applied here. "
Sorry but the 'Government of Mass' are the 'Bad Guys' here and the 'Koch Brothers' (or whoever is paying for this, I don't care) are the 'Good Guys' for going after them. That's it.
“Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive. It would be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end for they do so with the approval of their own conscience.”
I've heard that somewhere before! And it's a good point, I'm glad you brought it up. I'm not defending the action, removed from context. However, intent does matter to me and is a well established legal consideration. Note the distinction between first, second, and third degree homicide for just one example. Just plain common sense application: I will feel differently if I am hit while crossing the street by 1) an ambulance speeding to save a mother and infant in preterm labor 2) a teen driver negligently text 3) someone speeding to get somewhere on time 4) a drunk driver 5) someone swerving to hit me because they don't like people like me for some reason. I am still mashed by a car and in rehab for a year, regardless, so is it unreasonable of me to feel differently which of those cases it is?
edit: To reply to your late edit, " It would be better to live under robber barons than under omnipotent moral busybodies" is magnificent, because it correctly frames the NCLA lawsuit "The robber baron's cruelty". I can recognize a wolf in sheep's clothing or trojan horse, whatever your preferred metaphor is.
I would reply "No thank you to either option, but thanks for the books, C.S. Lewis"
final edit: dmix, I am rate limited, so I can't reply to you, and I've written more than enough already. But you make a fair point, and it seems in good faith. I agree with you in general. I don't generally agree with something because someone claims, "it's for widows and orphans", which is the cliche. I just disagree with you in this particular set of circumstances. I would agree with a different lawsuit made in good faith meant to remediate the injury to the claimants.
People often use those good intentions to silence dissent. If anyone questions their actions you can just spin it to say "well then you obviously don't care about [good intention, ie “grandmas dying of COVID”]".
So they are a very critical piece of the puzzle with this sort of abuse of power. They can very easily muddy the waters and obfuscate things.
It's often the side effects of their actions anyway. In this case the access the app provides is the side effect. The side effects outweighing the alleged benefits is what matters. Easily the most often recurring problem is politics. 1 step forward, 2 steps back.
I don't give a damn what your god thinks. Or are you responding to C.S. Lewis's beliefs? Quoting a Christian doesn't make me a Christian, least of all when the quote doesn't even present a religious argument.
If you don't trust Google, commercial Android is not for you.
Google can push apps onto your phone and the apps can run without interaction on the phone. Often that's useful and authorized by the user --- you can use the google play website to push things, but this case shows it's not limited to that. I don't think you can disable this through settings, you would have to disable play services or block the networking or not have gapps installed or something.
Play services runs in a priviledged mode and generally updates itself, so there's a lot of trust needed.
Afaik, all modern commercial OSes intended for end users have a similar level of trust required for the vendor. The capability to push code run in a privileged space enables rapid response to emergent malware, but also enables the vendor to take actions without explicit consent.
> The suit, as described, leaves a lot of questions.
Here's what the suit alleges:
>To increase adoption, starting on June 15, 2021, DPH worked with Google to secretly install the Contact Tracing App onto over one million Android mobile devices located in Massachusetts without the device owners’ knowledge or permission. When some Android device owners discovered and subsequently deleted the App, DPH would re-install it on to their devices.
Google made a statement confirming that the app was pushed by the Play Store at the time:
>We have been working with the Massachusetts Department of Public Health to allow users to activate the Exposure Notifications System directly from their Android phone settings. This functionality is built into the device settings and is automatically distributed by the Google Play Store
So Google Play Store installs apps without consent.
And one can't unistall Google Play Store.
Ergo, we finally need to liberate our phones and tablets with an open alternative which isn't F-Droid.
You would be naive to believe that Android/iOS are secure in this respect. Pretty much every government in the world has a "need" to surveil their population, and have "insisted" upon this capability.
You're saying a State Government can request Google installs a 3rd party app on 1 million phones? If that's true then I'm genuinely astonished. And more so that it wasn't headline news at the time.
Or maybe there's more to this than currently is apparent.
> You're saying a State Government can request Google installs a 3rd party app on 1 million phones? If that's true then I'm genuinely astonished. And more so that it wasn't headline news at the time.
Yes. That's what happened. (I'm not sure if the 1E6 phones claim is accurate, but it was a non-trivial chunk of people near MA).
> 1. How did Mass install these apps in the first place if it was "clandestine" as the lawsuit alleges?
Discovery will probably shed some light on this. How would the plaintiff know the exact method used?
> never mind that legal filings are by definition highly biased to the side being represented.
Tell me you’ve never been a plaintiff in a lawsuit without telling me you’ve never been a plaintiff in a lawsuit. Why would the fillings _not_ be biased to the side being represented? Why would the side being represented be biased to the defense? That makes no sense at all.
> How would the plaintiff know the exact method used?
This is not exactly difficult. They are alleging that this was installed on a million phones, I'm sure doing some straightforward technical forensics would make it clearly apparent what was going on.
> Why would the fillings _not_ be biased to the side being represented?
You've misunderstood my point, though I don't understand yours. Of course the filings are biased, that is exactly what I'm saying. I've just seen numerous cases (myself included) where people get out their pitchforks when they've only read one side's version of events, well before a complete picture emerges of what actually happened.
> They are alleging that this was installed on a million phones,
This allegation is based up the number reported by Google that is available to the public.
> I'm sure doing some straightforward technical forensics would make it clearly apparent what was going on.
Why? Why spend the money to hire a forensics analyst or a team, when through discovery you can learn that information straight from the source. In my opinion it would be worth it to wait to see if the lawsuit actually progresses and is not immediately slapped down by a judge. If immediately slapped down then you just wasted money, by waiting to ensure it’s approved to move forward you can save some money.
I will admit I have not read completely the actual filing, which probably will shed more light on it than an article.
> Google is not in the business, generally, of just giving access to private data to government agencies just because they asked. Was there some sort of legal requirement or court order involved here?
From the article, because the title is purposefully vague:
> The Massachusetts Department of Public Health conspired with Google to secretly install a COVID-19 tracing app onto more than 1 million Android users' devices without their knowledge and without obtaining warrants...
It is embarrassing that this case had to be brought by a firm otherwise known for suing to let landlords evict tenants during a pandemic moratorium.
Why was this not brought by an organization like the EFF or ACLU? I remember writing to my Senators at the time because of how unprecedented and troubling this action was.
Here's an article from The Verge with more details from the time this was rolled out:
The NCLA is absolutely a partisan organization. They're funded by republicans, they're run by republicans, they hire republicans (Jeffrey Clark couldn't get a job anywhere post-insurrection, so they picked him up) they file suits only against democratic states or the Biden-administered federal government.
Frankly I think tagging them as a partisan group adds important context, though I agree that should be exposed in the article rather just left as code in the headline.
You can disable it, it's just a bit more difficult: https://android.stackexchange.com/a/219376 (use the builtin package manager pm over ADB debug permissions, pm uninstall --user 0 package)
I in no shape form or fashion could be considered leaning right. But why the emphasis on Koch funding instead of being more concerned with giving more surveillance power to the state?
The state did not gain more surveillance power. The state asked a surveillance company for help, and the company saw a common goal and exercised the surveillance power that it's been building for the past two decades. Power inevitably coalesces, and the only way to opt out of our brave new surveillance society is to be running software that represents your own interests.
If the state asks an arbitrary person to break into your house, and that person breaks into your house, they should be prosecuted. Only if they are not prosecuted is there an argument to be made they're acting with de facto state authority.
What Google did here was not illegal. It should be, but it's not.
You said the answer is to use another phone to prevent surveillance. In that case is the solution to buy another house outside of US jurisdiction to prevent the government from breaking into your house and installing cameras?
Well, the other half of your analogy would be that you live in a country where the government routinely breaks into houses and installs cameras, so yes?
Of course there are other solutions besides the technical one of installing software that represents your interests. For example, effective privacy legislation would go a long way towards curtailing commercial surveillance, as well as giving users a way to distance themselves from companies that did objectionable things.
Because the Kochs have a habit of using their wealth to suppress their political enemies. It would not be beyond them to file a lawsuit of no merit to harass Google.
Not saying that's what happened here. I don't know. But it's a relevant bit of context.
Wait, wasn't the covid19 contact tracing app (the "spyware" in question) installed as a part of the android (and also iOS) system and was disabled by default?
Yes, but this was a Big Ethical Deal in the movie, and a power so great that it was deleted after one use. It's a good cultural touch point about this issue; I wish it was better used.
The contact tracing protocol for that app was developed in cooperation with Apple with encryption and privacy as top concern. Calling it spyware and a 4th amendment search doesn't make sense, the state can't centrally track people's location using this app
I think you might have a misunderstanding of what is under discussion - to quote from the filed complaint
"To increase adoption, starting on June 15, 2021, DPH worked with Google to secretly install the Contact Tracing App onto over one million Android mobile devices located in Massachusetts without the device owners’ knowledge or permission" which is very different from installing an app!
Is the headline some weird example of “republicans pounce”? Is the story about the Koch brothers lawsuit or about the fact that the government installed spyware on citizen’s phones without their knowledge or consent?
It’s kind of both? The fact that the previous litigation of this group was to allow landlords to evict tenants during lockdown is more than interesting. And the fact that the state thought it would be OK to force install the app is interesting too
It’s not kinda both. It’s the equivalent of scary quotes. By framing this as Koch funded, anti Koch people already made their decision and grabbed their pitch forks without reading anything past the headline.
If Charles Koch doesn't want state governments to secretly install surveillance apps on my cellphone, I don't even want any constitutional rights. That'll show him.
I think this falls under their ‘batshit crazy’ category.
Libertarianism in general seems to filter/select for people that insist mankind can’t possibly alter the climate and that it’s just a huge leftist plot.
It’s the primary try reason I stopped identifying with the concept.
Disappointing because there are a lot of good ideas / principles in the philosophy, but the degree of pedantic extremism exhibited by the community is weird.
Whatever you think of the Kochs, their views are generally more libertarian than Republican, eg pro marijuana, anti Trump, David Koch was (inconsistently) pro abortion. So this policy is pretty typical for him.
I've read "Good Profits" by Charles. I wasn't a fan, just someone hearing it directly from the horse's mouth.
I don't recall anything extreme or controversial. The gist was: gov regs too often have a winner and a loser. It all depends on who / what has the most influential on the legislature.
I guess that's controversial is that's what truth and honesty is.
Ironic when they lobby many politicians themselves. If they really wanted to put their money where their mouth is, they'd support a public fund for campaign finances, no ability to fund politicians outside of that.
From the lawsuit: "The exchanged data, both random and non-random, are time-stamped and stored in each device alongside other personal identifiers, including the device owner’s MAC address, wireless network IP addresses,
phone numbers, and personal emails. When this stored data is written onto mobile devices’ system logs, it becomes available to DPH, Google, application developers, device manufacturers, network providers, and other third parties with access to the logs. DPH and third parties can use the MAC address of a device owner and other personal identifiers to trace the logged data back to determine the individual identity of the owners."
This is the biggest bs in the lawsuit. We're supposed to be worried that the user will unknowingly transmit their data when the user files a bug report that requires them to send the system logcat. I've been an android user for over 10 years and have never sent logcat dump to anyone
Sounds like it, that’s why the headline has Koch in it, by framing it this way the anti-Koch crowd grabs their pitch forks without reading past the headline.
I thought the article was quite clear - it’s obvious the Koch brothers are doing this because of the covid angle but it’s still pretty shocking that the state thought it would be OK to force install an app
Clickbait perhaps, but I don't think The Register is especially right wing and they did put spyware in inverted commas, just like you did. The case also alleges that the app uploads emails and contact databases and doesn't provide any notification, which if true hardly sounds like best practice.
The Register's article is a complete shitshow in emulating the confusing language from the lawsuit. Luckily the complaint itself [1] refers to an Ars Technica article from 2021 which finally explains a bit more [2].
[1] https://nclalegal.org/wp-content/uploads/2022/11/Complaint_W...
[2] https://arstechnica.com/gadgets/2021/06/even-creepier-covid-...