The year is 2019 and I can’t buy a good majority of consumer technology because we lack privacy legislation and consumer protections. Example: it’s absurd that my TV came with spyware that can’t be turned off or avoided; I had to stop it from phoning home at the network level. It also came with an arbitration clause and a clause waiving the right to a class action lawsuit.

@retrohacker
i think the problem is not lack of legislation. the tech monopoly of big corps exists because people bought it. they sold their privacy for convenience and trendy blinking lights. furthermore, it is impossible for lawmakers to understand new technologies and to do specific laws for each new tech trap and it is impossible to stop the stupidity from people with the "it is ok, i have nothing to hide" mindset.

Follow

@hansbauer @retrohacker nope, actually, it's the lack of legislation.

We don't expect people to be experts in chemistry and food safety in order for them not to get poisoned by food they buy. This is called food safety standards.

And yet we expect people will become tech and legal experts, reading through endless EULAs and understanding the fine print, and then being able to verify the tech behind it, for them to be able to protect their basic privacy?

Bollocks.

@hansbauer @retrohacker legislators were able to create food safety standards that make getting poisoned by store-bought food impossibly unlikely. They were able to create regulations around medicines that make it highly unlikely for people to get poisoned by actual, you know, poisons (every medicine is poison in the right amount).

We can, and should, expect legislators to step in and regulate the IT industry.

Market will not solve it.

@rysiek @hansbauer @retrohacker

I've found this language helpful for thinking about some aspects of some of these problems:

en.wikipedia.org/wiki/Principa

There is some value in having people be the ultimate arbiters of what goods and services they buy.

But, to get reasonably safe and good things, we need the support of experts. And we need those experts to do their work on our behalf.

@deejoe @hansbauer @retrohacker oh absolutely. I am not saying people should not be able to make independent decisions.

But it is *not* an independent decision if the person is misinformed or does not have enough information to make an informed decision.

Legislation is needed (among other things) to create a baseline of quality of information about stuff that matches the baseline expectations of people.

@rysiek
I also want to point out that expecting people to 100% advocate for themselves in terms of tech and privacy is a privileged and even ableist position. Not everyone who gives in, does so out of laziness, convenience, or even ignorance. Some genuinely have few options.
@deejoe @hansbauer @retrohacker

@erosdiscordia @deejoe @hansbauer @retrohacker thank you for making this point, yes! This is such an important point that gets missed all the time.

@rysiek @erosdiscordia @deejoe @hansbauer I've been planning a post on this for a while... I've been working on taking back my privacy and network security. I'm dozens if not 100s of hours into the project, have several hundred dollars worth of hardware invested, and none of this includes the 10+ years experience I have as a linux sysadmin that made it possible in the first place.

@rysiek @erosdiscordia @deejoe @hansbauer Some folks' threat model is making sure their kids have food. Getting a pi-hole configured to do DNS over HTTPS isn't even on their radar. What does effective privacy look like for these folks? I can't come up with anything other than effective privacy legislation.

@retrohacker
if they enjoy using facebook, google etc products, or enjoy having the last model of tvs, i guess they have to wait for lawmakers to do something, as they seem to value convenience over other things. i'm not judging it. it is ok to do so.
@rysiek @erosdiscordia @deejoe

@hansbauer Well, the people who choose it for convenience are obviously in it for convenience. The people who don't have alternative choices without a huge pricetag or investment of time (which is money) are secondarily preyed on in that scenario, and they're a good enough rationale for legislation.

Like, I hate Google. My phone uses it. I hate Apple worse, can't afford a Purism, don't know how to root my phone, and need a bus app to help me get by with no car. @retrohacker @rysiek @deejoe

@erosdiscordia
i'm in a similar situation as you with shitty phones. i know how to root and everything, use dns blocking etc, and even so is not enough. i guess we have to wait for more phones like the one from purism, with a better price tag. i meanwhile we are somewhat screwed. i have no hopes lawmakers will do anything good even if pressured, but it would be good if they did. i'm not excluding that.
@retrohacker @rysiek @deejoe

@hansbauer @rysiek @erosdiscordia @deejoe I feel you are trying to reduce this down to an efficient market problem. It's not. We don't have an efficient market here.

@hansbauer @rysiek @erosdiscordia @deejoe

It's not just the choice to use Facebook and Google. That is actually irrelevant if you have a cellphone or use an ISP. Your DNS resolution to ISPs servers is being sold. Your location data from cell towers is being sold. Deep packet inspection by your ISP, that metadata is being sold. Simply being connected to the internet with a *stock* consumer device forfeits your right to any sort of privacy.

@hansbauer @rysiek @erosdiscordia @deejoe

Legislation _creates_ free markets, a free market can not exist without legislation. Legislation gives us the power to correct for inefficient markets. Legislation _creates_ human rights, and gives us the power to ensure they are honored.

@hansbauer @rysiek @erosdiscordia @deejoe The last few generations of the private sector have worked to create an ineffective government. This may not have been the intention, but it was definitely the result.

Now the private sector is promoting the idea that you can't trust your government with these problems because it is ineffective. Don't drink that kool-aid, they are the ones who fucked our system of self-regulation up in the first place.

@retrohacker
i don't trust it, because big corps are inside it. they have perverted the whole thing. i'm not saying legislation is bad, but that in the actual scenario, it is really bad to ask for more. at the end of the day, if we ask for. more legislation today, we are asking big corps to do it.
@rysiek @erosdiscordia @deejoe

@retrohacker @hansbauer @erosdiscordia @deejoe plus, it's not the choice of using Facebook or using Google. They offer vastly different services. They are not in the same markets. They create their own vertically integrated markets. They are, in a very real sense of this word, monopolists.

There cannot be an efficient market in this situation.

And yes, of course I had a talk about this at CCC once:
media.ccc.de/v/30C3_-_5319_-_e

@retrohacker
sorry if i gave this impression. what i'm trying to say is that legislation is not the only thing that will solve this, and from the things that can be done, legislation is a pretty dangerous one to be the main route.
@rysiek @erosdiscordia @deejoe

@hansbauer @rysiek @erosdiscordia @deejoe

I think the point I'm trying to make is that effective legislation is the _only_ thing that can actually get us out of this. The logistics of making that happen w/ government surveillance and lobbying included. If we can't navigate that, we are lost.

@hansbauer @retrohacker @rysiek @erosdiscordia @deejoe Could be they value their social lives. I made the “principled” choice re Facebook, and lost an entire social circle because Facebook is so good at being sticky that people will genuinely forget you exist. Reminded, they feel bad about it, but then forget again. Others have seen the same. Calling it a mere matter of preference fails to reflect the reality.

@alexis @hansbauer @rysiek @erosdiscordia @deejoe not to mention our ISPs and most consumer hardware vendors are user hostile so, unless you are tech savy, leaving Facebook doesn’t actually win you back your privacy.

@retrohacker @hansbauer @deejoe @erosdiscordia @rysiek Making privacy an individual responsibility is what the tech industry wants. They know damn well that most people have more pressing concerns than surveillance capitalism.

We should be forcing opt-in everything, mandatory informed consent with policies written in fourth-grade English, and outright banning the use of CRM tech that isn't HIPAA-compliant. Any consumer data that isn't deleted after the product warranty period should at least be stored with as much care as medical records.

One thing that frustrates me is this marketing fiction that technology can be made so that people can do things "for themselves". The central conceit is the company can disintermediate technology, that one is communing directly with the tech gods, with no priests or middlemen or dependency.

But it's crap. Instead, the megacorp replaces a more personal relationship with local experts. They capture that relationship to become the sole arbiter between that person & technology. The dependencies are all still there.

@Shamar @erosdiscordia @rysiek @deejoe @hansbauer

Regulating AI seems nonsensical to me. I'm not sure we want to regulate industries or technologies. I'm pretty sure we want to regulate behaviors.

Start with human rights and work out implications. The limits imposed on industry and technologies are derived from the human rights they aren't allowed to infringe on. It's not "you are allowed to use AI in these ways" its "no technology or person can infringe on the right [of/to]"

@Shamar @erosdiscordia @rysiek @deejoe @hansbauer

> forbid black boxes

I’m not sure this needs to be a regulation. Folks are free to do what they want with the tech they build, but they are responsible for the actions it takes. It’s risk management. If they aren’t able to comprehend the system they built, they are accepting that they may be found guilty of crimes that system commits. The decision to not use black boxes is easily derived from liability assuming we have balanced legislation.

@rysiek

I'm not trying to dispute what you're saying, just offering that as something I've found helpful, specifically being able to pin the phrase "the principle-agent problem" on a big chunk of this.

@hansbauer @retrohacker

@rysiek
software is different from food, chemicals, medicine. these can immediately kill or cause great harm. even so, just the most clear and obvious cases came into legislation. dangerous compounds are still being added to food and water, harmful medicines are still being sold etc. legislation did not really solved this problem.
@retrohacker

@hansbauer @retrohacker tell me again how this can't immediately kill or couse great harm:
wired.com/2015/07/hackers-remo

And then tell me how the above is not an obvious case that should come into legislation?

By saying "legislation did not solve the food and water safety issues" are you saying it's completely useless? Or can we agree that it did improve food and water safety measurably and in a very concrete way?

@rysiek
well it was not an issue before 2016 or so. this is what i mean. it will be only something when it is too obvious. furthermore this is some completely different problem from what was being discussed legislators gave only shitty responses to it.
@retrohacker

@hansbauer @retrohacker what was not an issue? Software/hardware that can kill people if buggy? Try about 1985 instead: en.wikipedia.org/wiki/Therac-2

I would still like answers to my two questions. they are pretty simple questions, here, for your convenience let me repeat them:
1. how is bad software/hardware not able to do immediate harm?
2. are food and water safety standards useless or not?

@rysiek
>how is bad software/hardware not able to do immediate harm?
i was talking about privacy issues, tracking software embedded in electronics. you tried to change the subject to self driving cars and what not. i was not having a general discussion.
>are food and water safety standards useless or not?
never said that. said it becomes effective in obvious cases, just after something big happened.
@retrohacker

@hansbauer @retrohacker

Okay, can we then agree we should have legislation that covers obvious cases where IT crappiness can physically harm people, and that such regulation can improve things?

@hansbauer @retrohacker furthermore, if the only thing we can get is legislation that only handles the most obvious cases, that will *still* be an serious improvement over the current state of affairs! Let's start with that, please.

@rysiek
it is everything ok, but i would like to finish this conversation with you.
@retrohacker

@rysiek
if you trust legislators and government, it is ok. but i find pretty dangerous to give more power to them because, asking them to protect us. if they do form an advisory tech board, who do you imagine will be there? the same big corps. it is even possible they decide only approved software and hardware will be lawful in some use cases, and you can be certain, it will be from big corps.
@retrohacker

@hansbauer @retrohacker nobody is giving them power, they already have that power.

I have been on a number of advisory boards, including one to a minister in a government. I have been also involved in grass-roots actions, including against ACTA (which, you know, worked).

And you have not answered my questions from the previous toot:
1. how is bad software/hardware not able to do immediate harm?
2. are food and water safety standards useless or not?

I would appreciate your answer.

@hansbauer @retrohacker and I am not saying we should trust the legislators. Quite the contrary.

But we can get them to enact the right kind legislation -- and I know that is actually possible from my own personal experience.

I also know that without legislation, IT crappiness is not going away. Because the incentives are completely b0rked.

government and technology Show more

government and technology Show more

government and technology Show more

Sign in to participate in the conversation
Mastodon

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!