Tag Archives: privacy

In Which Illinois Got It Right

Posted on by
Reply

Back in 2008, Illinois passed a law barring companies from collecting customers’ personal biometric information without their prior permission. Companies in Illinois also were required to develop a policy, and make it readily available, that laid out how those biometric data would be stored and when they would be destroyed.

Facebook was accused of violating that law when it decided to use its facial recognition technology to analyze users’ photos in order to create and store “face templates.” Users’ faces are plainly biometric data in this context, the data were taken by Facebook without the owners’/users’ permission, and in 2015, folks sued Facebook over its misbehavior.

Now comes a reckoning of sorts.

Facebook has agreed to settle a $550 million lawsuit brought on behalf of millions of Illinois users who claim the social network’s automated tagging feature powered by facial recognition technology violates their biometric privacy rights.

Good law, and mostly good outcome.

But maybe the class action group shouldn’t have settled. Settlements only bind the parties to the suit and are only as good as the promises of those parties. Facebook has a long history of finding ways to weasel-word around the terms of its settlements, violating their spirit if not their letter.  Court judgments, though, are permanent, binding on all parties to the suit, and binding also on everyone else within the court’s jurisdiction.

We’ll see on this one, but Illinois got this one right with its law.

Harms in Public Spaces

Posted on by
Reply

The Brits are working out a new way to intervene in private lives and in private businesses, this time in an attempt to control “harms” done via (not by, mind you) “online platforms”—social media.

Under the [British] government’s proposal, a new regulator would have the power to require companies to protect users from a number of identified online harms—such as pornography, extremist content, and cyber bullying.

And

[T]he pair talked through the different terms that had been used to describe social media in a legal context, looking for the right analogy. They tried “platform,” “pipe” and “intermediary.” Nothing seemed to fit. Then “we thought of a ‘public space,'” says Ms Woods. “People do different things online. It was just like ‘how do we regulate spaces?'”

“Identified” online harms? We can’t even define the harms—such as pornography, extremist content, and cyber bullying.  Even Supreme Court Justice Potter Stewart ultimately walked back his foolish I know it when I see it nonsense, recognizing that such a nebulous “definition” had no place in law.

We have not—we cannot—define any of these harms, much less what constitutes a “public space;” there is no basis for Government regulating these things.

Nor have we succeeded in recognizing who actually is responsible for these harms, whether public or private.  See the disconnect, at a high level, between the Left’s Big Government is responsible on the one hand and the Right’s focus on individual responsibility on the other.

The British government may want to create a whole new, intrusive bureaucratic agency for controlling one more aspect of British citizens’ lives. When we wrote our Constitution and ratified it those two and a quarter centuries ago, we explicitly walked away from the British system of governance for a number of reasons; central among them being the illegitimacy of Government intrusions into private lives.

This is one more example.

A City’s Attack on Privacy

Posted on by
Reply

You’re aware of the Chicago Teachers Union strike against the city, demanding a ton more money—a 15% pay raise over the next three years (against Chicago Mayor Lori Lightfoot’s meek counteroffer of 16% over five years).  Here is another part of Lightfoot’s offer to the union [emphasis added].

1-5.8 Bargaining Unit Employee Information. The BOARD shall provide the UNION on at least a monthly basis, and on a weekly basis for the months of August, September, and October, a list of all current employees in the bargaining unit, which shall include each employee’s first and last name, shift, job title, department, work location, home address, all telephone numbers (including cell phone number if available), personal and work email addresses, date of birth, seniority date, base hourly pay rate (if available), language preference (if available), identification number/payroll code/job number, salary, status as a member or non-member, UNION dues, and COPE payment.

Nor can any school district employee, whether union member or not, opt out of this information grab.

Chicago is no place to live with a city administration that has no respect for its citizens’ personal information, their privacy, a city administration that considers such bits of information to be nothing more than bargaining chips.

In Which Zuckerberg is Right

Posted on by
Reply

Attorney General William Barr has taken up ex-FBI Director James Comey’s battle for government backdoors into private citizens’ encrypted private messages.  Apple MFWIC Tim Cook won a similar fight regarding iPhone passwords and a demand that government should be allowed backdoors into those, and Comey’s FBI was shown to have been dissembling about that difficulty by the speed with which a contractor the FBI hired successfully broke into an iPhone the FBI had confiscated.

Now Barr has broadened the fight, demanding Facebook give Government backdoors into Facebook’s planned rollout of encryption for its messaging services.  He wants Facebook, too, to hold off on its rollout until Government is satisfied it has such backdoors.  Barr’s cynically misleading plaint includes this tearjerker:

Companies cannot operate with impunity where lives and the safety of our children is at stake, and if Mr Zuckerberg really has a credible plan to protect Facebook’s more than two billion users it’s time he let us know what it is[.]

Zuckerberg has been quite clear on what it is.  It’s facilitating private citizens’ ability to encrypt their private messages on Facebook’s platform.  Many of whom live in outright tryannies, others of whom live in so-far free nations, but whose government officials want to be able to pierce the protections of enforceable privacy at will.

The concern that bad guys, terrorists as well as common criminals, will take advantage of such encryption to evade government law enforcement facilities is entirely valid.  Two things about that, though. First is Ben Franklin’s remark about the relationship between safety and security.

The other is for law enforcement to do better with their own IT skills and with their own human policing skills.  Just as the FBI did in cracking that iPhone after Apple refused to give break-in assistance to Government.

In Which Alphabet may be Getting One Thing Right

Posted on by
1

Alphabet’s Google subsidiary is developing a new Internet protocol, and competitors are worried that the protocol would mak[e] it harder for others to access consumer data. Some thoughts on that below.  Congress is concerned, too, and its “antitrust investigators” are looking into the matter.

The new standard modernizes a fundamental building block of the internet known as the domain name system, or DNS. This software takes a user’s electronic request for a website name such as wsj.com and, much like a telephone book, provides the series of internet protocol address numbers used by computers [to provide user access the website].
Google and another browser maker, Mozilla Corp, want to encrypt DNS. Doing so could help prevent hackers from spoofing or snooping on the websites that users visit, for example. Such a move could complicate government agencies’ efforts to spy on Internet traffic. But it could prevent service providers who don’t support the new standard from observing user behavior in gathering data.

Alphabet, via Google, also runs its own DNS service, Google Public DNS, which lends credence to monopoly abuse concerns.  Alphabet also pointed out, in its proposal, that the new standard would

improve users’ security and privacy and that its browser changes will leave consumers in charge of who shares their Internet surfing data.

My thoughts are these:

  • There’s nothing wrong with Alphabet developing any new Internet nav protocol, including this one. I’d expect them to be required to license it, though, much like chip makers are required to license their tech.
  • There’s nothing wrong with alter[ing] the internet’s competitive landscape as the article put some of the concerns. Product and tech development and innovation always alter the existing competitive landscape. That’s to the good.
  • They [cable and wireless providers] fear being shut out from much of user data.… That’s a bit of too bad. They’re not the providers’ data; they belong to the user. It’s exclusively (or should be) the user’s call whether to share his data with any provider or other vendor.

And this:

Mozilla…will move most consumers—but not corporate users who use providers such as Akamai—to the new standard automatically, even if the change involves switching their DNS service providers.

Users better be able to override that switch. Otherwise, this may resume the browser wars between Mozilla/Netscape and Microsoft.  To Alphabet’s credit, if they can be believed, its Google subordinate has no plans to ape Mozilla and compel a change in DNS providers.

Given licensing, the only real concern is this:

[T]he new system could harm security by bypassing parental controls and filters that have been developed under the current, unencrypted system.

That’s fairly straightforward to restore, though.