[HN Gopher] Commercial Surveillance and Data Security Rulemaking
___________________________________________________________________
Commercial Surveillance and Data Security Rulemaking
Author : mooreds
Score : 79 points
Date : 2022-08-15 12:18 UTC (10 hours ago)
(HTM) web link (www.ftc.gov)
(TXT) w3m dump (www.ftc.gov)
| cs702 wrote:
| _Everyone_ wants this -- well, everyone except the online-
| advertising industrial complex, whose profits depend on being
| able to collect and sell people 's data without having to worry
| too much about the societal costs.
|
| The online-advertising industrial complex won't want to give up
| its sweetheart deal: private gains with public costs. Going
| forward, I'd expect to see a big PR/lobbying fight about this,
| possibly including astroturfing and even personal attacks on Lina
| Khan.
|
| If you care about this, advocate now.
| travisporter wrote:
| The cynic in me says half the country will scoff at using
| regulations.gov to submit anything. Might as well be
| communist.gov
| mooreds wrote:
| There is also a public forum on Sep 8: https://www.ftc.gov/news-
| events/events/2022/09/commercial-su...
| cowpig wrote:
| Interested to hear this community's thoughts on GDPR so far. Has
| it served its intended purpose? What ideas, if any, should be
| imported to the US?
| hedora wrote:
| It needs to be opt-in, and honor automatic opt-in / opt-out
| signals.
|
| In particular, they should be forced to honor the HTTP "do not
| track" header.
| Nextgrid wrote:
| GDPR is great on paper but suffers from a significant lack of
| enforcement, so a lot of malicious actors willingly breach it
| or practice fake compliance (intentionally obnoxious consent
| flows that are hard/impossible to actually decline even though
| the law requires it to be as easy as accepting).
| krono wrote:
| Good to get some official debate going on this.
|
| Crash reports, error events, feature flags, installation
| telemetry, however convenient it is to have this information,
| none of it is essential.
|
| The services that are often used to implement these things
| (sentry, segment, launchdarkly, etc. etc.) - and then in
| particular the APIs and the "all-batteries-included" SDKs they
| usually offer, make it very easy to collect a much wider array of
| data beyond these faux essentials at, essentially, the flick of a
| switch. And, besides, whose to say these services don't and/or
| won't abuse these capabilities?
|
| I hope for this official debate to push back a bit against the
| normalization of this.
| closeparen wrote:
| Consumer protection encompasses reliability and change
| management as well as privacy. Tossing software out into the
| world with no idea if it's working and no ability to mitigate
| bugs could, in a more regulated climate, come to be seen as a
| kind of software engineering malpractice or negligence.
| Telemetry and feature flagging are an essential part of my
| employer's compliance story with at least one of its EU
| regulators.
| pbronez wrote:
| This is a really important area for the policy community to
| address. We have an opportunity to forge a third way, learning
| from both Europe's well-intentioned efforts and China's hybrid
| capitalism surveillance state. Technologies like end-to-end
| encryption, differential privacy, and secure multi-party
| computation create opportunities for systems that deliver the
| benefits of the crowd while respecting individual autonomy and
| privacy much better than current solutions.
|
| If we get this right, it will be a win for both individuals and
| businesses.
| antonymy wrote:
| A surprising and welcome move by the FTC. Wish they'd hold
| something like this for how telecoms are regulated.
| howmayiannoyyou wrote:
| Advocate now. This is arguably the most important regulation
| review the USGOV will conduct in the next few years, here's why:
|
| - It is a national security issue. Foreign actors can exploit
| this data to perform highly targeted attacks on individuals at
| scale.
|
| - It will be an issue for you as a senior. We will all get old,
| and our ability to detect, ignore and counter misuses of this
| data declines with age.
|
| - Its an anti-monopoly issue. Much of this data is concentrated
| and sequestered in large companies. Small businesses, responsible
| for most employment in the US, cannot afford and is not aware of
| the availability of this data.
|
| - Privacy should be a human right. I know there is push-back to
| this argument, but seniors aside, many young adults (and some
| plain old adults) simply are not aware and not capable of
| understanding the data they are giving up, how it is (mis)used,
| and what that means for them.
|
| I hope all of us will engage with this form and provide comments.
| phkahler wrote:
| >> Much of this data is concentrated and sequestered in large
| companies.
|
| Even the claimed use "advertising" does not require data
| collection. It probably does make advertising more efficient,
| but that isn't a reason to allow it. Once collected it does
| tend to get aggregated in a large player, so most playing the
| game do not win anyway.
|
| I'd prefer they ban this data collection (and certainly its
| transfer or sale) but I fear they just want to "regulate" it.
| hedora wrote:
| Be sure to write useful comments. Your opinion ("I think
| Bluetooth beacons are bullshit") is much less useful than
| specific, actionable information:
|
| I have noticed the widespread use of Bluetooth beacons and
| commercial license plate cameras in my area. In addition to
| causing me to worry that the local grocery store is price-
| discriminating against people that do not own cars, some such
| businesses are adjacent to health clinics, and certainly
| inadvertently harvest HIPAA protected information about the
| appointment schedules of those clinics. In addition to this,
| in-store beacons other technologies, such as shopping cart RFID
| tags, allow marketers that work with grocery stores to infer
| health information by tracking patients as they move about
| inside a store. This information could then be used by
| insurance companies to unfairly adjust premiums, or by
| pharmaceutical marketers to better-target ads for frequently-
| abused prescription drugs.
|
| Health care is only one of many industries likely to abuse the
| information provided by passive surveillance systems. It is
| technologically infeasible to ensure such systems are used
| responsibly and legally.
|
| The FTC regulates technologies such as stalkerware apps, and
| has implemented anti-bait-and-switch marketing rules in other
| industries. Similarly, it provides guidance for responsible use
| of IP cameras. For these reasons, I think it would be well
| within your authority to institute wholesale bans of Bluetooth
| beacons and regulation of commercial license plate cameras that
| feed into data aggregation infrastructure.
| jffry wrote:
| I think you replied to the wrong comment when you wrote this,
| as the parent comment didn't mention bluetooth?
| knappe wrote:
| Bluetooth beacons are used to collect data. Hence the
| mention of them for commercial surveillance.
| kodah wrote:
| I'm honestly pleasantly surprised that "commercial
| surveillance" is the term they're using. You're also absolutely
| right, the time to lay the case is now.
| ColinHayhurst wrote:
| Also pleasantly surprised. Rebecca Slaughter used the term
| surveillance-economy previously when advocating for data
| minimization, saying that this "should mean that companies
| collect only the information necessary to provide consumers
| with the service or product they actually request and use the
| data they collect only to provide that service or product."
|
| It's a principle that we use in making our own design
| choices, but we are an outlier, for now.
|
| Anyway, interesting starter questions include:
|
| 1. Has X company gone beyond data minimisation?
|
| 2. If so, in what ways is this done?
|
| 3. To what extent does this amount to commercial
| surveillance?
|
| 4. What are the known and potential consumer harms of this
| commercial surveillance?
|
| 5. What problems can be solved, in society and the economy,
| with data minimisation as the default?
| hertzrat wrote:
| I wish Canada would do a similar call for comments
| Scoundreller wrote:
| Won't happen until the government controls the telecoms
| instead of the other way around.
| lettergram wrote:
| To be fair, they typically ignore all the comments. Claim
| they are bots or that they lost them or what have you...
| hedora wrote:
| It depends on who appointed the people reading the
| comments. I suspect we have some Biden and Obama people in
| at the moment.
|
| Also, there are people in these organizations that have
| made a career of working at the FTC because they believe in
| its mission. They will also be involved in the process.
| mistrial9 wrote:
| > a national security issue
|
| like for example, all of the applications for national security
| status managed by the State Department ?
|
| Why do citizens get tracked while buying bread, when actual
| National Security is exploited from afar? Where is the
| accountability for what has already transpired?
| howmayiannoyyou wrote:
| Dude, what are you smoking? I'm talking DNA data collected by
| Ancestry. I'm thinking behavioral data ala Tik Tok. Not sure
| what the US Dept of State has to do with this, especially
| since 99% of their mission is overseas engagement as opposed
| to domestic. If you're referring to collection on foreign
| citizens, well no joy to be had with the FTC. Lobby your
| foreign government to engage with USGOV on treaty obligations
| that sync privacy... shouldn't take more than 30 years to get
| that done.
| mistrial9 wrote:
| * The FTC is the US Federal Agency here, edit, my armchair
| error
|
| * FTC rules review will discuss ... more reading on the
| agenda here
|
| * a post (above) claims that this is a "national security
| issue" as in, bad foreign agents might track citizens here
|
| * But wait, actual national security is held in trust with
| the Federal Government, and has provably failed to protect
| itself against serious compromise, as mentioned in my reply
|
| * But wait again, US citizens are getting no reprieve in
| being relentlessly tracked for "ads" while some claim there
| is a national security issue so it is important that we
| engage in this feedback
|
| * Where is the accountability in Federal Government for
| real, actual National Security? and why are citizens being
| tracked doing daily things, in the first place?
|
| no "dude"
| howmayiannoyyou wrote:
| Dude... you are conflating the national security risks
| from foreign actors accessing US citizen privacy data,
| with your concern about the risks of domestic
| surveillance. Your comment is off-topic to mine and
| therefore whiney and immature.
|
| > actual national security is held in trust with the
| Federal Government, and has provably failed to protect
| itself against serious compromise, as mentioned in my
| reply
|
| Nat Sec folks have to be right all the time (impossible).
| Threats only have to get it right once. There have been
| failures and there will be more. If you think not hearing
| about successes means they aren't commonplace, then too
| bad for you that you never worked in Nat Sec or held a
| clearance. A lot of bad people have been taken off the
| playing field by USGOV and more will follow. But keep
| judging something you have no personal experience with.
| mistrial9 wrote:
| exactly - apologist for security state; anyone who
| criticizes "must be high" .. I could smell it; thx for
| the direct confirmation
|
| no "dude"
| hedora wrote:
| FCC != FTC.
|
| Also, the government is not a monolith. In particular,
| note that they're targeting commercial surveillance, and
| the biggest surveillance companies on earth have ties to
| other parts of the executive branch.
| [deleted]
___________________________________________________________________
(page generated 2022-08-15 23:01 UTC)