xkcd

[Heisenberg]

* I remember there was a group trying to sue a telecom (AT&T?) for granting wiretaps without a warrant or something linked to the PATRIOT Act or similar, and the government just ended the trial with a "state's secrets" order or something along those lines.

Hepting v. AT&T

Spoiler:

In Hepting v. AT&T, EFF sued the telecommunications giant on behalf of its customers for violating privacy law by collaborating with the NSA in the massive, illegal program to wiretap and data-mine Americans’ communications.

Evidence in the case includes undisputed evidenceprovided by former AT&T telecommunications technician Mark Klein showing AT&T has routed copies of Internet traffic to a secret room in San Francisco controlled by the NSA.

In June of 2009, a federal judge dismissed Hepting and dozens of other lawsuits against telecoms, ruling that the companies had immunity from liability under the controversial FISA Amendments Act (FISAAA), which was enacted in response to our court victories in Hepting. Signed by President Bush in 2008, the FISAAA allows the Attorney General to require the dismissal of the lawsuits over the telecoms' participation in the warrantless surveillance program if the government secretly certifies to the court that the surveillance did not occur, was legal, or was authorized by the president -- certification that was filed in September of 2008. EFF is planning to appeal the decision to the 9th U.S. Circuit Court of Appeals, primarily arguing that FISAAA is unconstitutional in granting to the president broad discretion to block the courts from considering the core constitutional privacy claims of millions of Americans.

Good thing we elected Bush to Judge-In-Chief

[MartianInvader]

Do you mind if I ask why you're "damn sure Gmail violates our privacy?" Is it just because they have machines reading your e-mails? Because, you know, every email provider has machines reading your emails.

More like because they clearly have advertisements that are tailored for me depending on which email I click... and those advertisements follow me around when I'm on Youtube and Google Searches.

So its clear from practical experience that Google is tracking your emails, your search history, youtube browsing history, and potentially other searches (I know they have a database of searches of Financial Information... are they using that for stock picking?). And they have a methodology of combining it all of this information together in the name of advertisements. Plus, with the recently changed privacy policy, Google unifies the tracking across all of their services.

That's interesting... I don't really consider that a violation of my privacy if humans aren't actually able to look at my mail or things that come out of it. To me, it's just a machine scanning my mail and putting it through algorithms, which is necessary anyway to store & send the mail in the first place. Sure, there's different algorithms to do different things, but I tend to measure privacy as "who can see my information", and that doesn't change whether or not a machine uses it for targeted ads.

Please note I'm not trying to say you're wrong... obviously, this is just opinion, and clearly yours differs

[Panonadin]

Can someone that cares about this whole "privacy online" thing explain to me why this is important to you?

I just cannot wrap my head around it, I know this opinion differs from most people and I'm not calling your views wrong I just differ I guess. The only thing I can side with is people that are afraid that the data that is collected can be stolen and put into the wrong hands. I'm open to changing this opinion but I just don't se eit happening without outside influence.

[iamspen]

Because it's entirely within the realm of possibility that two guys wearing suits and Google badges are snickering over the seriously freaky porn you watch online. Unless they created that product you're consuming, what business of theirs is it that you choose to watch girl-on-velociraptor-on-Albert-Pujols-cardboard-cutout videos? And why doesn't the internet conform to demographic data collection of other media, such as TV and radio, which is entirely voluntary?

[Panonadin]

I guess I can understand that stance, while I don't peronsally care if two people at a company are laughing about my internet history I can see how it would bother someone else.

Would you be ok if say, this data wasn't available to people at the company collecting it? That it was just collected?

[iamspen]

I personally don't care, either, with the caveat being I don't want the government snooping on me. But, just like I don't want just anyone to be able to track my every movement in the real world, it'd like data collection to at least have an opt-out feature, because, like I said, releasing my personal consumption habits should be voluntary.

(In before, "You don't have to use the internet." I don't have to take my pisses in a bathroom, either, but it's become a bit essential in mainstream society to be able to do so.)

[FierceContinent]

from wikipedia
"President Obama has argued that the bill lacks confidentiality and civil liberties safeguards and has threatened to veto it"

Word Up.

[KnightExemplar]

Do you mind if I ask why you're "damn sure Gmail violates our privacy?" Is it just because they have machines reading your e-mails? Because, you know, every email provider has machines reading your emails.

More like because they clearly have advertisements that are tailored for me depending on which email I click... and those advertisements follow me around when I'm on Youtube and Google Searches.

So its clear from practical experience that Google is tracking your emails, your search history, youtube browsing history, and potentially other searches (I know they have a database of searches of Financial Information... are they using that for stock picking?). And they have a methodology of combining it all of this information together in the name of advertisements. Plus, with the recently changed privacy policy, Google unifies the tracking across all of their services.

That's interesting... I don't really consider that a violation of my privacy if humans aren't actually able to look at my mail or things that come out of it. To me, it's just a machine scanning my mail and putting it through algorithms, which is necessary anyway to store & send the mail in the first place. Sure, there's different algorithms to do different things, but I tend to measure privacy as "who can see my information", and that doesn't change whether or not a machine uses it for targeted ads.

Please note I'm not trying to say you're wrong... obviously, this is just opinion, and clearly yours differs

To be honest, I'm choosing my opinion based on Ghostbear's arguments somewhat.

My real opinion is two-fold:
1. If you care about Google tracking everything, then the problem is that Google tracked you.
2. If you don't care about Google tracking everything, then whats the problem with them sharing it with one more entity?

I just don't see CISPA as a valid place to make a stance on privacy. Thats my real argument. The part you quoted above is just an extension of subargument #1. (ie: the problem is with Google tracking us in the first place). But its important to remember that I feel that my argument applies to both hypotheticals.

I personally don't care, either, with the caveat being I don't want the government snooping on me. But, just like I don't want just anyone to be able to track my every movement in the real world, it'd like data collection to at least have an opt-out feature, because, like I said, releasing my personal consumption habits should be voluntary.

(In before, "You don't have to use the internet." I don't have to take my pisses in a bathroom, either, but it's become a bit essential in mainstream society to be able to do so.)

The problem truly occurs because the internet needs to track you to do even the most basic of things. This web forum for instance gives you a cookie, and that cookie tracks every single page you visit. The cookie (or session-id, if cookies fail) is needed for you to even "log into" this website.

I mean, hackers often use different means of attacking users. And one of the defenses to the CSRF attack is... tracking your users through cookies. (At its core, an anti-CSRF cookie tracks which user visited which page, and makes sure that they're visiting web pages in the right order).

Tracking users is built into the very fabric of the internet. Its an absolutely essential mechanism to do anything at all. We like it when Google autocompletes addresses we've typed in before. We like it when we can see our youtube history to remember the videos we've last seen. We like keeping track of our purchase history. Etc. etc. If you don't believe me, turn off "cookies" (a form of tracking... really), and see how many things on the internet breaks. There are other ways to track users of course, but most sites probably use cookies.

And now that you've programmed your computers to track users, it isn't that much harder to track all sorts of things that they might care about. But programmers gotta work, and they'll just make decisions without consulting anyone. Thats where all of these privacy problems come in. Programmers who don't care one-way or the other are making websites, and from a programmer's perspective... you're almost always tracking users. Its just what websites do (Databases, IP Logs, access logs, etc. etc.)

[iamspen]

And now that you've programmed your computers to track users, it isn't that much harder to track all sorts of things that they might care about. But programmers gotta work, and they'll just make decisions without consulting anyone. Thats where all of these privacy problems come in. Programmers who don't care one-way or the other are making websites, and from a programmer's perspective... you're almost always tracking users. Its just what websites do (Databases, IP Logs, access logs, etc. etc.)

I am aware of that, but if you'll notice, I put my concerns about tracking in the context of creating and distributing demographic data.

[Ghostbear]

Changing the law... when on one hand we have incredibly difficult odds of actually winning a court case against a company that cooperated with the government... to a law where that company has a few provisions where we don't have a chance of suing them is not much of a change at all. Thats all I'm saying.

Well, look at it this way. In a practical sense, whoever the sitting president is, they've been practically immune to the law since at least watergate, if not earlier. This isn't some official statute -- it's just the way it is. Would you support a constitutional amendment making the president officially immune to the law? No, that'd be silly really dumb; at the very least, since it's not official, there are some practical limitations on it. You don't see presidents just going out into the street and gunning people down, or ordering rivals assassinated, or similar. The non-liability is the same type of deal. They might not be sueable in practice, but any officiating of such will just make any potential situations where we would want to sue them more likely to happen. It would remove that last check they have to keep them from going all out. Sure, Google might not be respectful of our privacy right now, but they aren't glaringly, cheerios-pissingly horrible about it either, because they know if they do step enough over that line, that they will be sued, and if it actually was far enough over that line, they will lose. This would remove that.

* I remember there was a group trying to sue a telecom (AT&T?) for granting wiretaps without a warrant or something linked to the PATRIOT Act or similar, and the government just ended the trial with a "state's secrets" order or something along those lines.

Hepting v. AT&T

Spoiler:

In Hepting v. AT&T, EFF sued the telecommunications giant on behalf of its customers for violating privacy law by collaborating with the NSA in the massive, illegal program to wiretap and data-mine Americans’ communications.
Evidence in the case includes undisputed evidenceprovided by former AT&T telecommunications technician Mark Klein showing AT&T has routed copies of Internet traffic to a secret room in San Francisco controlled by the NSA.

In June of 2009, a federal judge dismissed Hepting and dozens of other lawsuits against telecoms, ruling that the companies had immunity from liability under the controversial FISA Amendments Act (FISAAA), which was enacted in response to our court victories in Hepting. Signed by President Bush in 2008, the FISAAA allows the Attorney General to require the dismissal of the lawsuits over the telecoms' participation in the warrantless surveillance program if the government secretly certifies to the court that the surveillance did not occur, was legal, or was authorized by the president -- certification that was filed in September of 2008. EFF is planning to appeal the decision to the 9th U.S. Circuit Court of Appeals, primarily arguing that FISAAA is unconstitutional in granting to the president broad discretion to block the courts from considering the core constitutional privacy claims of millions of Americans.

Good thing we elected Bush to Judge-In-Chief

That's the one! Thanks.

I guess I can understand that stance, while I don't peronsally care if two people at a company are laughing about my internet history I can see how it would bother someone else.

Would you be ok if say, this data wasn't available to people at the company collecting it? That it was just collected?

No, because it's data that can be used against you if things go south. What if we get another red-scare type scenario? If you became a target in a similar scenario, they could possibly go through your entire internet history. With the amount of shit people do on the internet these days, you could probably paint just about any image of someone that you wanted with that kind of information.

[Dauric]

I guess I can understand that stance, while I don't peronsally care if two people at a company are laughing about my internet history I can see how it would bother someone else.

Would you be ok if say, this data wasn't available to people at the company collecting it? That it was just collected?

No, because it's data that can be used against you if things go south. What if we get another red-scare type scenario? If you became a target in a similar scenario, they could possibly go through your entire internet history. With the amount of shit people do on the internet these days, you could probably paint just about any image of someone that you wanted with that kind of information.

Here's the problem: A lot of the pornography you can find on the internet is technically illegal under various laws regarding distribution and content that are still on the books (most are regional rather than federal, and many are of the "You can possess it but no-one can sell it to you" type of bans), as is sharing copyrighted music tracks. They're 'non-technically' permissible under the idea that it's impossible to catch the multitudes of petty crimes like a couple of teenagers copying and trading their favorite cassette tapes.

CISPA would make it easier for the government to get a list of data, or rather to encourage service providers to be more willing to part with that data, then information sifting programs could find who's been downloading illegal porn in the relevant districts, who's been trading copyrighted music, etc. etc. The aggregate data itself is useless unless its analyzed, so the sheer fact that the government gets the information ensures that it will be parsed in some fashion.

In and of itself... It's troubling. It's the kind of thing that gets used to compile things like "Enemies Lists". Combine it with a socially conservative executive, and you've got a combination that may lead to that automated system using that data to start pumping out subpoenas for state prosecutors to press charges against. Now to actually go forward with those cases would be up to the relevant District or State Attorney's office, which would depend on the conservative bent of the local DA or SA office.

-IF- all they were doing was collecting data.. it's uncomfortable. The problem is that they don't want the data to fill government offices with hard-drives, they want to analyze the data, and then -do something- with that analyzed data. It's what they'll do with that data (in combination with a recent tendency to care less about things like warrants or judicial oversight from the executive branch) that is troubling.

The problem isn't that someone is looking at your browsing history and laughing at you. The problem is that they might be compiling a list of people who are "Unpatriotic" or "Immoral" and with that list they can actively do something about your "...contribution to the downfall of a righteous America."

As much as I would like to believe that McCarthyism wouldn't return after McCarthy's epicFail at the congressional hearings in his day, I'm afraid that those who would replicate those strategies would only use it as a practical lesson in errors to avoid.

[KnightExemplar]

Changing the law... when on one hand we have incredibly difficult odds of actually winning a court case against a company that cooperated with the government... to a law where that company has a few provisions where we don't have a chance of suing them is not much of a change at all. Thats all I'm saying.

Well, look at it this way. In a practical sense, whoever the sitting president is, they've been practically immune to the law since at least watergate, if not earlier. This isn't some official statute -- it's just the way it is. Would you support a constitutional amendment making the president officially immune to the law? No, that'd be silly really dumb; at the very least, since it's not official, there are some practical limitations on it. You don't see presidents just going out into the street and gunning people down, or ordering rivals assassinated, or similar. The non-liability is the same type of deal. They might not be sueable in practice, but any officiating of such will just make any potential situations where we would want to sue them more likely to happen. It would remove that last check they have to keep them from going all out. Sure, Google might not be respectful of our privacy right now, but they aren't glaringly, cheerios-pissingly horrible about it either, because they know if they do step enough over that line, that they will be sued, and if it actually was far enough over that line, they will lose. This would remove that.

Poor example though. Because Watergate brought down massive restrictions on the FBI in the form of the Church Committee, and the subsequent laws that were passed as result of the committee. A lot of the privacy restrictions on the US Government exists because of this chain of events. Before then, there were next to no privacy restrictions at all on what the FBI could do to people (and thus COINTELPRO and similar projects).

On the other hand, the worst example you can bring up was the Hepting v. AT&T case, which ended in massive favor of the US Government and AT&T.

Watergate was a major event which resulted in major restrictions getting placed down on the US Government. Calling the President "immune" because Nixon got pardoned is a bit short-sighted. I'm sure the FBI/CIA doesn't want to get their ass handed to them again by Congress, and would advise the President against any behavior that would punish them. The President only has to worry about things for the next 8 years... but the FBI has been under the revised laws since the 1970s.

As for Google being "cheerios-pissingly horrible" about our privacy, remember that CISPA is only an information sharing bill and not an overall privacy bill. CISPA only encourages Google (and other tech firms) to share information with the US Government. It does not encourage Google to violate our privacy anymore than it already has, and it doesn't give power to the US Government to do so either.

------------------------------------

A REAL privacy concern would be this bill.

Its a simple matter of what trips my internal alarm, so to speak. The FBI Wiretapping law that forces Facebook to cooperate is exactly the kind of bill we should be worried about. But if we blow the whistle on issues that don't matter too much (ie: CISPA), then we're only harming our political strength.

We can't run around and call everything a horrible bill that must be defeated, we need to carefully pick and choose our battles. Otherwise, the internet community will become the boy who cried wolf.

[Ghostbear]

Poor example though. Because Watergate brought down massive restrictions on the FBI in the form of the Church Committee, and the subsequent laws that were passed as result of the committee. A lot of the privacy restrictions on the US Government exists because of this chain of events. Before then, there were next to no privacy restrictions at all on what the FBI could do to people (and thus COINTELPRO and similar projects).
[...]
Watergate was a major event which resulted in major restrictions getting placed down on the US Government. Calling the President "immune" because Nixon got pardoned is a bit short-sighted. I'm sure the FBI/CIA doesn't want to get their ass handed to them again by Congress, and would advise the President against any behavior that would punish them. The President only has to worry about things for the next 8 years... but the FBI has been under the revised laws since the 1970s.

That's missing the point though. It doesn't matter if they made more restrictions after the fact, or that the FBI isn't going to want to get in trouble; it showed that persecuting the president for fucking up in such a fashion is "extremely difficult". Just as you said there's little difference in the difficulty in holding those accountable now vs. when they're 100% immune, there's little difference in the difficulty of persecuting a president now vs. when they're 100% immune. Despite that, I think you'd agree that a law officiating that the president is 100% immune is a bad idea. The same applies to the companies; it's similarly a bad idea to officially make them immune.

On the other hand, the worst example you can bring up was the Hepting v. AT&T case, which ended in massive favor of the US Government and AT&T.
[...]
As for Google being "cheerios-pissingly horrible" about our privacy, remember that CISPA is only an information sharing bill and not an overall privacy bill. CISPA only encourages Google (and other tech firms) to share information with the US Government. It does not encourage Google to violate our privacy anymore than it already has, and it doesn't give power to the US Government to do so either.

Hepting V. AT&T was an example of some of the ways it's already difficult, not an example of the worst that could happen. As I mentioned (and you agreed -- or, it seemed such from my reading), we don't need to show examples of them already doing bad things with that data; we just need to acknowledge that they can do bad things with that data, and that they would no longer be held liable for that in the slightest -- removing a significant discouragement from doing that. Dauric did a wonderful expansion on a brief example I gave of why we don't want the government to have this data, and from there it's not difficult to imagine companies giving data for "cyber security reasons" that could also, incidentally, be used to diminish other parties that they don't like in a red scare 2.0 scenario.

We can't run around and call everything a horrible bill that must be defeated, we need to carefully pick and choose our battles. Otherwise, the internet community will become the boy who cried wolf.

We can if they keep introducing horrible bills that must be defeated. There's no limit on the number of shitty bills we can oppose in short order; if there was, then legislators can just reintroduce a slightly modified bill after we defeat its predecessor. You only become the boy crying wolf if you aren't actually pointing at a wolf. Sure, it's a smaller wolf than SOPA, but it's still a wolf.

[KnightExemplar]

Update: CISPA has passed the House.

President Obama however is threatening a Veto, unless some provisions are changed. Obama does not want the data shared with the NSA, but instead with the Department of Homeland Security (Fair point: the NSA, a military spy agency, isn't supposed to be doing things on American Soil anyway. That is more of a "police thing" as opposed to a "military" thing). He also wants more privacy safeguards into the bill.

http://www.latimes.com/business/technol ... 7419.story