Back to previous post: Trauma and You, Part Six: Blast Injuries

Go to Making Light's front page.

Forward to next post: Dysfunctional Families: Hope

Subscribe (via RSS) to this post's comment thread. (What does this mean? Here's a quick introduction.)

August 5, 2013

Look at us all in our pretty dresses
Posted by Abi Sutherland at 05:38 PM * 77 comments

So this morning, my Twitter feed brought me a post on xojane by Bronny Zigmond, a “fatshion” blogger. She talked about how she’d been posting photographs of herself in clothing she liked to encourage other large women to be happy in their bodies. But when she started checking who was linking to photos on her blog, Tumblr, and Flickr pages, she discovered that it wasn’t just plus-sized women:

I quickly noticed that my outfit photos were also being reblogged onto porn or jerk-off Tumblr accounts. These were blogs run by guys who would use their Tumblr as their personal jerk-off folder. They would reblog photos of naked fat women, fat women in porn, and then also photos of me wearing the new cute dress I’d just bought from Top Shop. Often they would even include detailed comments about what they wanted to do to me sexually.

But it didn’t stop there.

Some of them began coming to my blog and leaving comments about how they loved my thick thighs or how they loved “BBWs” (a term I have never identified with at all). Others sent me sexually explicit emails. I was hosting my outfit photos on Flickr and at last count I had 164 users blocked on there. That’s 164 times that I logged on to see that a user had favorited multiple photos of me and clicked on their profile to realize, “Oh, hey, it’s another perv who is sexualizing images of me without my consent.”

Result: one blogger silenced, a bunch of people who might have enjoyed and been uplifted by her work in the way she wanted left with a duller, quieter internet.

Meanwhile, on another part of that same internet, Reuters reports that some of the intelligence information that was—honest—only for national security has been making its way to the Drug Enforcement Agency for more ordinary prosecutions via a special interagency clearinghouse.

The unit of the DEA that distributes the information is called the Special Operations Division, or SOD. Two dozen partner agencies comprise the unit, including the FBI, CIA, NSA, Internal Revenue Service and the Department of Homeland Security. It was created in 1994 to combat Latin American drug cartels and has grown from several dozen employees to several hundred.

But even the people doing it know that that kind of sharing isn’t kosher, so they’ve been training investigators to lie about using it.

“You’d be told only, ‘Be at a certain truck stop at a certain time and look for a certain vehicle.’ And so we’d alert the state police to find an excuse to stop that vehicle, and then have a drug dog search it,” the agent said.

After an arrest was made, agents then pretended that their investigation began with the traffic stop, not with the SOD tip, the former agent said. The training document reviewed by Reuters refers to this process as “parallel construction.”

(Remember, when you read that line about “finding an excuse”, that there are lots of laws to find people in violation of.)

There is actually a term in US legal parlance for evidence obtained illegally, and evidence obtained via illegally obtained evidence: Fruit of the Poisonous Tree. It’s the rule that means that following investigative leads obtained by breaking the law invalidates whatever you find when you get there for use in court. There are exceptions, into which I am certain that this process will be crammed one way or another, but the principle is that illegal police work contaminates the results.

So those NSA records that we’ve been hearing about? The process of collecting and collating all of our communications metadata that they can even arguably lay hands on, allegedly for national security? In some quarters, it must look like an orchard of poisonous trees, and at least one part of the legal system is already making jam from what it bears.

Do you know the old riddle about what’s worse than finding a worm in your apple?

The Reuters story is half a worm. I wouldn’t be surprised to hear that this process is more widespread. I wouldn’t be astonished to hear that local law enforcement and the state police are sharing this data like fashion photos on a jerkoff Tumblr. Your data. Mine. Not because we put it out there for their use, but because they can, because it’s there like a picture of a beautiful woman in a lovely dress, and our desire for reasonable privacy and decent justice is as significant and relevant to them as Zigmond’s desire not to have strangers slobbering over her fashion photos.

But unlike Zigmond, we as a society can’t easily quit this internet gig. Even if you aren’t on Facebook, you probably have a shadow profile. Even if you use Tor, the G-Man may be there before you. And the other people and companies you deal with may not be as careful as you are.

So what to do? Bruce Schneier has a suggestion, though even he doesn’t sound bullish.

Curbing the power of the corporate-private surveillance partnership requires limitations on both what corporations can do with the data we choose to give them and restrictions on how and when the government can demand access to that data. Because both of these changes go against the interests of corporations and the government, we have to demand them as citizens and voters. We can lobby our government to operate more transparently — disclosing the opinions of the Foreign Intelligence Surveillance Court would be a good start — and hold our lawmakers accountable when it doesn’t. But it’s not going to be easy. There are strong interests doing their best to ensure that the steady stream of data keeps flowing.

Speaking as a woman on the internet, which is to say, someone who assumes that the question is not whether I get my turn in front of the troll firehose but when, I’m not sanguine either.

Comments on Look at us all in our pretty dresses:
#1 ::: Daniel Martin ::: (view all by) ::: August 05, 2013, 06:31 PM:

I don't see how you can legally restrict what a corporation can do with data you've given it without restricting what a natural person could do with data you give them. (especially in light of decisions like Citizen's United) Restricting what the government can and can't do is legally much easier.

So, okay, you're going to now place restrictions on information about you that I know. Is it going to depend on how I acquired this information, or on the type of information? And is it going to end up in a place where actions like Jim's series of posts on Robert Fletcher (e.g.) is in violation of such laws?

Part of the big problem here is that what we'd like to outlaw is hard to define without slamming into bedrock first amendment/freedom issues. It seems obvious to me that if someone is a jerk to me online today, I should have the right to know and use that information whenever we should happen to meet in any context. (No matter how personally unhealthy holding that grudge may be) And I don't see how to make the legal distinction between "person A acted in this way, which I found unpleasant" and "person A did action X on [date]". The information we'd like to restrict is all of that form.

I'm hoping some actual lawyer with knowledge of privacy law can explain how to draw the boundaries here.

#2 ::: abi ::: (view all by) ::: August 05, 2013, 06:36 PM:

I honestly don't know that there is a solution. I've certainly been solemnly assured many times that there is no actual systemic solution to the sexist, abusive, stalkeriffic crap on the internet.

Maybe what I'm really saying is, "welcome to the party."

#3 ::: Serge Broom ::: (view all by) ::: August 05, 2013, 06:57 PM:

This sharing of information that wasn't supposed to be used for puposes other than was originally intended reminds me of a few years ago, when Dubya was President. The Texas legislature was going to go thru yet another gerrymandering of districts that'd favor the GOP and, to stop that, enough of the Democrats took off that there could be no vote. The Texas GOP did find them and drag them back. How had they found the Democrats, who were in Albuquerque, in a hotel two blocks from where I work? Would you be shocked that Homeland Security was used for partisan political purposes? Do you remember the outrage about that on F*x N*ws? Me neither.

#4 ::: Brad Hicks (@jbradhicks) ::: (view all by) ::: August 05, 2013, 07:13 PM:

One of the best things I've read in the last couple of years was Tim Weiner's history of the FBI counter-espionage and counter-terrorism division, Enemies. A lot, and I mean a lot, of it deals with black-bagging and warrant-less wiretapping.

The counter-espionage and counter-terrorism division was founded to determine if the "propaganda by deed" anarchist bombings and assassinations of a century ago were coordinated or just copy-cats, and if they had any foreign support, and the agent in charge, a young J. Edgar Hoover, found that he simply could not get the job done without the ability to break into suspects' homes and offices to read and photograph all their documents (black-bagging) and without listening to their phone calls without a warrant (warrantless wiretapping). They also lost two consecutive Supreme Court cases on the legality of the above. So they found ways to use the information they got, when they did find a terrorist group or a foreign spy ring, that didn't involve the court system, like tricking them into being afraid of each other or into turning on each other or into fleeing the country.

But Hoover understood something that none of his successors have understood: this was (arguably) important work, but it was also flat-out illegal. The FBI was getting away with something and it would be taken away from them, making the country less safe, if they abused it even once. Information obtained illegally could only be used inside the counter-terrorism and counter-espionage division, could not be shared with anyone outside the division, and could not be used for any purpose, no matter how important, other than to disrupt spy rings and active terrorist groups.

As an aside, Weiner explains that part of why Watergate happened was that Nixon tried to convince the FBI to black-bag and wire-tap everybody involved in the Pentagon Papers, everybody involved in the peace movement, and everybody involved in the McGovern campaign, to find out if they were infiltrated by or, worse, controlled by Moscow, and Hoover told him to (blank) off. What Hoover didn't tell Nixon was that yes, they had black-bagged and wire-tapped the main Russian spy network in the US and found out that the Russians did, in fact, have people in all three of those groups trying to influence them -- and failing. But because of internal safeguards, Hoover couldn't share that information even with the President. So Nixon set up his own wire-tap and black-bag squad, The Plumbers, and their incompetence was the Watergate scandal.

I tell this story because I want to make this point, which is very important to me:

From the Wilson administration to the Clinton administration, spies and counter-spies for the US did a lot of illegal things, from constitutional violations all the way up to murder and torture and support for rape gangs. But it's not our imagination that things have gotten worse since then. One of our important safeguards got dismantled when George W. Bush's legal team got away with the argument that Nixon tried and failed: "If the President does it, that means that it is not illegal." Bush, and now Obama, aren't ashamed of doing these things, and are only barely afraid of getting caught at them. Unsurprisingly, that turns out to matter, a lot, because if they have no fear of doing these things, and very little fear of getting caught at them, then suddenly it becomes a lot easier to imagine using them, even in situations that are far short of being matters of national survival.

#5 ::: Andrew Plotkin ::: (view all by) ::: August 05, 2013, 07:24 PM:

There is no systematic solution to anything on the Internet because the Internet is a bazillion systems, and more being thrown at the wall every day.

There may well be a systematic solution to Tumblr's problems on Tumblr, but then again there may not. As I understand it that whole system is about recontextualizing words and images. (Not saying that dismissively, either.)

#6 ::: Fragano Ledgister ::: (view all by) ::: August 05, 2013, 07:34 PM:

It seems to me that there are three dimensions here: freedom, privacy, and power. But they aren't the same in all cases. In the first example, that of Bronny Zigmond we have her freedom to present her image in the way she wants versus the freedom of others to look at that presented image and use it in ways they want (is the Mona Lisa art or is it porn? If people sexualise the image, neither Leonardo nor Signora del Giocondo would have wanted it, yet, undoubtedly people do).

Obviously, when they pass from treating the image as sexual to treating the person as a sexual object a line has been crossed and Ms Zigmond should under no circumstance accept harrassment.

What bothers me, however, is that she appears to assume that once she has placed an image in public others can only respond to it in ways to which she must consent. That's the policing of thought. Regardless of how perverted she, or I, may think others to be or how angry we may feel about their response to us it is in their heads and it is in response to what we publish. There are lots of responses to what I have said or written, or to my image, that have displeased me, ranging from the critical to the downright racist. If I want to live in a world of freedom, in which I have the freedom to express myself, however, I have to live with them.

The proper response is condemnation not withdrawal. It is to challenge in order to hold on to a public sphere rather than to leave it to the boorish.

Of course, I could be reading the entire situation wrongly. It wouldn't be the first time.

#7 ::: Fragano Ledgister has been seized by the gnomes ::: (view all by) ::: August 05, 2013, 07:35 PM:

Presumably for reasons arcane and mysterious. Have a mysterious mushroom!

#8 ::: Dave Harmon ::: (view all by) ::: August 05, 2013, 08:49 PM:

Daniel Martin #1L I don't see how you can legally restrict what a corporation can do with data you've given it without restricting what a natural person could do with data you give them.

The first step has to be laws indicating that a corporation (much less a government agency) is not a natural person. The second would be both laws and regulators enforcing the idea that compliance with the law takes precedence over profit, every time.

#9 ::: albatross ::: (view all by) ::: August 05, 2013, 08:55 PM:

I don't see an easy answer for either of these problems. The most likely workable answer is that we close off the font of information--everyone moves to encrypt everything, nobody trusts any company with private information beyond that which is necessary to complete their business with that company. And all that sounds pretty okay to me, though it's awfully nice having free webmail and search engines and social media sites, and those might not work out so well in a less trusting world.

But then we get to the parallels between abi's two cases. Posting anything on a social media site means both businesses and governments will probably get access to that data and use it in ways we don't like. Reflexively Googling or Wikipedia-ing for whatever is in the news, that seems like a great habit for people who want to be informed--unless your corporate IT deparrment is going to sic the local cops on you for suspicious searches, or Google or Wikipedia are secretly ordered to alert the authorities to some searches. Reading and taking part in political discussions outside the mainstream might seem like a good way to avoid groupthink and learn something you hadn't known before, but not if it's liable to get you put on a watchlist. Blogging, emailing, posting the wrong kind of stuff--well, are you sure it's worth the hassle? And so the world gets poorer, in much the same way it gets poorer if a pretty girl can't take pictures of herself in a pretty dress without finding those pictures all over the internet as wank material, and getting creepy messages from guys who enjoyed the wank material and now want to suggest something more personal. People rightly become a hell of a lot more careful about sharing their lives, their opinions, their knowledge, their experience--because they figure that they're likely to have bad things come from it.

The analogy is flawed, but it's a little like a small town where nobody locks their doors. It doesn't take very many home invasion burglaries before every door in the town is locked and bolted, and half the houses have alarm signs and the other half have a loaded gun under the bed. The whole community can become massively poorer, both in easily measured ways (money spent on locks) and hard-to-measure ways (nobody sits out on their porch at night anymore, so people stop socializing as much and the neighborhood hollows out).

I started out on the net, for some version of net, around 1985 or 1986. Since then, the story has been a continuous one of:

a. Stunning technological progress, moving from text only interfaces available only to a select few to streaming video on demand available to almost everyone.

b. A broad decline in the trust of the community, very broadly stated. That's not remotely a claim that the community of BITNET in 1986 was some kind of utopia, just that professional criminals and massive spying and spammers weren't a big feature back then. I think there was more trust, partly just because there wasn't yet either the social experience of how to make a buck or get a thrill by hurting others over the net, and because there wasn't yet the social experience of having been ripped off, gotten malware, or been stalked by some creep over the internet.

Heather Rose Jones pointed out in an earlier thread that maybe everything on the internet is temporarily useful. (She said it better than that.). I sometimes wonder what the internet will evolve into, and whether we'll still feel, as I often have these last ten years, that it is an amazing font of wealth offered for free, like a first-rate library opening up in your spare room along with a party line on which you may converse with millions of smart and interesting people. Maybe it will feel more like having a subway station in your spare room, or a homeless shelter/drunk tank, or a police station with surly SWAT team members looking to take some punks down a notch.

#10 ::: Xopher Halftongue ::: (view all by) ::: August 05, 2013, 09:03 PM:

We have to start by amending the Constitution to establish that the Bill of Rights applies to natural persons, and not to corporations.

There are problems with this, not least that since CU the corporations control the US Congress, so it will never be passed.

It's hard to see how the problems in this country will be fixed short of bloody revolution, or (of course) with it. I consider bloody revolution an automatic fail.

#11 ::: P J Evans ::: (view all by) ::: August 05, 2013, 09:51 PM:

I don't recall that they were dragged b ack, but I may be misremembering. The one I remember is several of them flying up to Oklahoma. (I remember because one of them was the representative from the district my parents had lived in. Flew his own plane.)

#12 ::: Serge Broom ::: (view all by) ::: August 05, 2013, 10:00 PM:

PJ Evans @ 8... I am probably remembering things wrong myself, but I'm pretty sure that they did use the willing cooperation of Homeland Security.

#13 ::: albatross gnomed ::: (view all by) ::: August 05, 2013, 10:00 PM:


#14 ::: Rick York ::: (view all by) ::: August 05, 2013, 10:06 PM:

It's been over a decade since he wrote it, but David Brin's (yes, that David Brin) "The Transparent Society" (Basic Books, 1999) was positively prescient in his views of privacy in the Technological Age. I urge everyone to read it. It's available as an eBook and other formats on Amazon and BN, and many more.

#16 ::: Nancy Lebovitz ::: (view all by) ::: August 05, 2013, 10:14 PM:

Would the gnomes be interested in some soon-to-be-created rice, eggs and hot spices?

#17 ::: Matthew Brown ::: (view all by) ::: August 05, 2013, 10:29 PM:

Rick York @ 11:

The problem is that there are a lot of people for whom only privacy and the difficulty & unacceptability of snooping have given them any freedom to live their lives without misery.

It is in a very real sense a privilege to be able to live one's self outwardly and be safe from repercussions for it. A privilege we should all have, but we don't.

#18 ::: Angiportus ::: (view all by) ::: August 05, 2013, 11:19 PM:

I think that even in a much saner society, when all sorts of people could be open about their whatever, I'd still want privacy, I'd still keep some things dark. Yet I pretty much agree with Matthew Brown, above. We should have the choice to be open or not, and not have to live in fear even if we decide for other reasons that some things are nobody's darned business.
I don't know what to do about the types who have no better response to something they don't understand than to spew hatred, short of hoping a lot more people learn to use the Ban Hammer. And maybe someone can design some better hammers. Those who do the Schadenfreude Dance when someone more articulate or famous or whatever goes down in flames due to some personal failing (as happened to someone I used to read regularly) are not exactly helpful, but creatures like those assailing the blogger mentioned in the post need to be reined in. It's one thing to have sexual fantasies about someone, but that someone probably doesn't want to hear about it. And it seems to me that if one has a compulsion to violate the target person's head by telling them anyway, one has bigger problems by far than sexual frustration. I am not familiar with social media and don't have solutions. I do know I went thru enough crap in the pre-Internet days to never want to have a blog or a social account.

#19 ::: Clifton ::: (view all by) ::: August 05, 2013, 11:47 PM:

Rick York @ 11: Prescient? Hardly.

It was frickin' obvious some time well before 1999 if you happened to be a Usenet user and have the misfortune to be stalked by a Usenet kook, for instance. I think that was '96 or '97 in my case. It was probably obvious long before that to anybody who went through a really bad divorce or breakup and had their state of sanity, their beliefs, their moods, their sexual attractions, their personal weaknesses, or just plain weirdness dragged before a court or before the court of their friends.

Matthew @ 13 has got it. The "accept transparency" philosophy only works if you happen to be perfectly conformant to the norms of society, both on the outside and on the inside. Otherwise it comes down to "stay in the damn closet!" without even having a closet you can hide in.

That pretty much means accepting that you not only can't be who you feel you are at core, but that you can't ever write about it or talk about it to anybody, even obliquely or anonymously. There is no anonymity, not really. It's why I use my real name for what I write here, and it's why I don't write anything too revealing of myself anywhere any more.

(That is, this all applies if you're among the normal rank in society. Brin's notion that transparency would apply to our leaders and politicians seems touchingly naive to me.)

In conclusion: Sorry. That wasn't really directed at you, but this is one of my hot buttons which comes up periodically.

I think what I wrote above is perfectly valid though. I'm twice burned and then some; as a result I gave up doing any creative writing - I just can't do it any more - and pulled everything I had written off the Internet, in so far as possible, even though I think some of it was damn good.

#20 ::: Dave Bell ::: (view all by) ::: August 06, 2013, 02:09 AM:

It may not have been noticed elsewhere, but there are been a Metric Shitstorm of media reporting in the UK, on the behaviour of some Twitter users, and the apparent lack of response from Twitter. It seemed to start about a week and a half ago, with the announcement that Jane Austen was to be pictured on the new £10 note. The woman who had campaigned for more women on banknotes, and who had been named in the media reports, was hit with sexually abusive tweets, things such as rape threats.

Other people reported similar abuse.

A man has been arrested over some of them, but Twitter can't react quickly enough. On Sunday 4th August, the campaign that had exploded across Twitter held a Twitter boycott. Professor Mary Beard, the grey-haired classicist who, a week ago on TV, was telling us about the Emperor Bootikins[1], pulled out of the boycott to publicise further abuse. Some of the threats were of firebombs and decapitation.

Locally, a couple of months ago, a mosque was firebombed. That, to me, makes a firebomb a credible threat.

Come Monday morning, and some men are being rude about Prof. Beard for not sticking to the boycott.

I admit it: there have been times, seeing what some vocal feminists say about sex, I have wondered if they know what they are talking about. It might be prompted more by the anti-sex aspect than by their gender, but I have wondered if some people ought to get laid. It's the sort of thought that could easily get out of hand if I expressed it to a particular person, and the idea that it develops into rape threats is repulsive to me.

But I don't see any of that triggery sexual politics on the part of the original victims.

I suppose there's an amplification effect with social media, it doesn't need many people to make a lot of noise and get noticed. And once the trolls and spammers see they are getting away with it, they multiply.

There's a gaming company which has a set of forums. For some reason, they don't run 24/7 support, and every weekend the forums are swamped with adverts for sexual services. It hardly seems worth the effort, but they can get away with it for a few hours so te spammers keep doing it. Get a bit sarcastic about support availability, and a "moderator" will delete your post...

Silicon Valley sometimes seems rather short on social skills, and always seems to be taken by surprise by what humans do with their neat ideas.

[1] "Bootikins" is a free translation of the Roman nickname "Caligula".

#21 ::: Avram ::: (view all by) ::: August 06, 2013, 02:15 AM:

In related news, the TSA is expanding beyond airport security:

In April 2012, during a joint operation with the Houston police and the local transit police, people boarding and leaving city buses complained that T.S.A. officers were stopping them and searching their bags. (Local law enforcement denied that the bags were searched.)

The operation resulted in several arrests by the local transit police, mostly for passengers with warrants for prostitution and minor drug possession. Afterward, dozens of angry residents packed a public meeting with Houston transit officials to object to what they saw as an unnecessary intrusion by the T.S.A.

#22 ::: Nicole J. LeBoeuf-Little ::: (view all by) ::: August 06, 2013, 03:14 AM:

Oh, argh, that first link.

Just today, via Facebook -- and, damn it, there's a reason I try not to get into arguments on Facebook, I try not to spend time on Facebook beyond the cursory glance needed to get caught up on the relevant doings, I don't plan to spend time conversing there in reliable back-and-forth --

Let me start over.

The conversation began when a roller derby skater in a fairly competitive league said she'd just been recognized in that capacity on the street for the first time. This raised a few "me toos," not just in the context of derby but also art, music, the like. It led to an anecdote in which the speaker recalled feeling angry and uncomfortable about a man openly staring at her in the grocery store--and then feeling guilty about that because when he finally opened his mouth it was to compliment her on her music. He'd been staring because he thought he recognized her and was trying to be sure.

So, basic themes of "being female in public" and "being a minor local celebrity in public."

At which point some guy chimes in to LOL over how no guy could possibly understand why women go to so much trouble to look hot and attract men's attention but then get pissed at men for staring.

Because, of course, a woman in public must always be presumed to be vying for sexualized attention from men. Women never go out in public to just get the effing shopping done. Women never ever take time and care over their grooming simply for their own happiness and comfort and self-esteem. No, we are only ever viewable in public as a deliberate act of (hetero)sexual exhibitionism, and so we should never ever complain about being subjected to the (hetero)sexualized male gaze.

This didn't begin with the internet, the panopticon, the surveillance state, though these things exacerbated it. It will not end through legislature, regulations, user agreements, or bug fixes. The problem isn't technology. The problem is treating women in public as available goods (and projecting on us, and condemning us for, the motivation to be constantly selling ourselves) rather than as full human beings existing in pursuit of our own wants and needs.

...which doesn't speak to the rest of the post, of course. But, oh, argh, that first link.

#23 ::: Angiportus ::: (view all by) ::: August 06, 2013, 03:41 AM:

Dave Bell, #21--Someone whose experience of sex doesn't sound like yours very probably *does* know what they are talking about. Everyone knows their own story best, what with having been treated differently at vulnerable times, and having all sorts of different needs to start with. Possibly something quite different than your idea, or mine for that matter, of "getting laid".
But it seems to me that online trolling and threats and so on aren't the most effective way of dealing with those people who really do think no one should have any fun. It depends on how (or whether) they act on that belief. Say, vote them out, don't watch their tv show, read something else, etc.
I think you nailed it about the amplification effect, and people seeing what others can get away with. And Clifton just said what I was feeling better than I could.

#24 ::: Charlie Stross ::: (view all by) ::: August 06, 2013, 06:25 AM:

Daniel Martin @1: you are looking at this within a specifically USAn legal frame.

If you look away at Foreignerland for a moment ... here in the EU we have a European Convention on Human Rights -- derived from the UN Convention on Human Rights, which in turn leveraged the US Bill of Rights. There are, however, some differences.

The ECHR is a bit worse on some areas -- e.g. freedom of speech (there's a dilution clause for reasons of "public health and morality"). But it's stronger in other areas: there's a strong Right to Privacy in Personal Life. One may speculated that the US founding fathers never envisaged the sort of threat to privacy that a modern police state might represent, but the ECHR was drafted in the wake of the second world war, by people who'd felt the chill winds of Nazism and Stalinism breathing down their necks.

Anyway, one side-effect of the ECHR is the EU Data Protection Directive, which is seen as a key plank in privacy and human rights law.

Key points:

* Personal data are defined as "any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly.

* Personal data should not be processed at all, except when certain conditions are met. These conditions fall into three categories: transparency, legitimate purpose, and proportionality.

* The responsibility for compliance rests on the shoulders of the "controller", meaning the natural or artificial person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data;

* Personal data can only be processed for specified explicit and legitimate purposes and may not be processed further in a way incompatible with those purposes.

So the default is to safeguard privacy by not permitting the processing of personal data without permission, and once acquired it may not be used for other unspecified purposes.

The last bit is the important one because it provides a basis for criminalizing the use of data collected for one legitimate purpose for some other task.

And it seems to me that the thing everyone is getting upset about is the reuse of personal data for purposes not admitted to when it was collected.

Time for a US Constitutional amendment to add an explicit right to privacy, as a basis for a personal data protection framework?

#25 ::: Daniel Martin ::: (view all by) ::: August 06, 2013, 06:48 AM:

As much as I like the idea of corporations being more explicitly less than human, I'm not sure how that helps and am almost sorry I brought it up.

Corporations are people, in the same way soylent green is - absent sentient robots, everything a corporation does is ultimately done by a human. There might be some useful room to argue that what is known by a corporation is different in that a corporation is also said to know things when the information is recorded on computers or documents owned by a corporation even if no human remembers or even ever knew that information, but I'd hate to see a legal regime where my privacy rights depend on whether the server running a site is owned by a sole proprietorship or by an incorporated LLC.

And in any case, what happens when some employee of that corporation needs to see my data in the course of doing business? Say, imagine I'm acting like a troll on their forums and they need to go through the details to ferret out sock puppet accounts. If that employee then separately moderates a free community forum on the side, are they allowed to retain the information about me that I am a known troll, and my habits and how to identify me? What about other information about me that might be personally embarrassing?

I don't see in the case of limiting what can be done with personal information how you can separate corporate actions from the actions of the natural people who make up corporations. You might be able to prevent the use of corporate resources in disclosing that information (so no display in Times Square with my home address), but the privacy violations we care about don't seem to require corporate money to do their damage.

#26 ::: Dave Harmon ::: (view all by) ::: August 06, 2013, 08:17 AM:

albatross #9: I got on the 'net right about the same time you did, and I'll add a third aspect to "the story since then": (c) Continuously increasing real-world stakes.

Back in '86, there were a lot fewer people on the 'Net, which also meant fewer nutcases -- and most Net users had strings tried to them, meaning their accounts came from some college or lab that could at least try to hold them accountable. That changed rapidly when private Net providers showed up, and quickly got too big to keep track of all their users.

Then too, back in 1986, a Net user's social life might be dominated by their interactions there... but they didn't have their credit cards and bank accounts exposed, or most of the other RW hooks that have developed over time. There wasn't nearly as much information available about people, either.

Daniel Martin #25: The problem is that the Citizens United decision game corporations in the US the full legal rights of an individual human, notably including free speech.

The problem here is that this is grossly imbalanced, because for a human, those rights are balanced by responsibilities and moral awareness -- most humans at least have some idea of what actions are immoral and prohibited, and if their ideas diverge too far from the law, we can jail or otherwise punish them, which will at least make the point that if they don't constrain their behavior, they get smacked.

But corporations do not have personal responsibility, ordo have is a legal shield that makes it extremely difficult to punish individuals within the corporation, directing both civil and most criminal liability to the corporate shell.

I'd hate to see a legal regime where my privacy rights depend on whether the server running a site is owned by a sole proprietorship or by an incorporated LLC.

And, in fact, that's exactly what you have now. If it's a private individual running the site, they can be prosecuted and jailed. If it's a corporation, you're legally pretty much SOL.

It's almost impossible to punish corporations effectively: Fines? The employees or officers who made the decisions won't be paying them. If the fines drive the corporation bankrupt, or if a company actually gets shut down directly, the stockholders pay while the former officers go on to run other companies. Arresting employees and even officers? They get replaced by others who will be facing the same demands.

Before Citizen's United, there was something of a balance of power where corporations could be held to account in ways humans couldn't. Now they have the best of both worlds.

#27 ::: Dave Harmon ::: (view all by) ::: August 06, 2013, 08:31 AM:

Bah, "ordo" should read "what they do" ...

#28 ::: Charlie Stross ::: (view all by) ::: August 06, 2013, 08:39 AM:

Dave @26: It's almost impossible to punish corporations effectively: Fines? The employees or officers who made the decisions won't be paying them. If the fines drive the corporation bankrupt, or if a company actually gets shut down directly, the stockholders pay while the former officers go on to run other companies. Arresting employees and even officers? They get replaced by others who will be facing the same demands.

I will note that practice differs in other countries. Note the enthusiasm with which the Italian judicial system prosecutes executives for homicide if someone dies as a result of corporate negligence.

(There are plenty of things wrong with the Italian legal system, including the way this is sometimes executed; but the principle that executives are responsible for their company policies -- and if said policies lead to death said executives should do time in prison -- is not one of those things.)

#29 ::: Mongoose ::: (view all by) ::: August 06, 2013, 09:18 AM:

This is incredibly depressing stuff, but there are things one can do that help a little. One of the simplest is not to use the major search engines, especially in the light of recent news articles about people in America who get visits from the FBI on suspicion of terrorism after having searched for things like pressure cookers. (From this sort of article, I learned that it's possible to make a bomb out of a pressure cooker - who knew? I'm sure there are better ways of making bombs if you're really that way inclined.)

Well, I'm not American, but nonetheless I don't think I need the FBI poring over my online searches, regardless of the fact that they tend to consist of phrases such as "charles daniels tenor", "php mysql manual" and "12th century clothing". I've therefore ditched our old friend Google in favour of, which appears to be just as effective. Though, I must admit, I do like the Google doodles. I don't imagine the FBI will notice if I have a look at those now and again.

#30 ::: lorax ::: (view all by) ::: August 06, 2013, 09:38 AM:

Mongoose @29:

One of the simplest is not to use the major search engines, especially in the light of recent news articles about people in America who get visits from the FBI on suspicion of terrorism after having searched for things like pressure cookers. (From this sort of article, I learned that it's possible to make a bomb out of a pressure cooker - who knew? I'm sure there are better ways of making bombs if you're really that way inclined.)

Later iterations of that story revealed that the suspicious search was actually "pressure cooker bombs", which is an entirely different animal (one with many innocent explanations, but I think in this day and age anyone can suspect that it's going to get scrutinized), and that it was conducted on a work computer by a then-employee; the circumstances under which he became an ex-employee were such that his former employer looked at his search history, and subsequently informed local law enforcement. It's still not great, but it's hardly the "google for canning recipes and the goons will be at your door" story it was initially portrayed as.

#31 ::: Daniel Martin ::: (view all by) ::: August 06, 2013, 09:41 AM:

Dave @ #26: As awful as it was, I think you overstate the impact of Citizens United. That case did nothing to change any criminal liability.

And I'm curious what you think a single person running a website could do that would result in jail time under current US law that would not result in jail time if they had incorporated.

#32 ::: Serge Broom ::: (view all by) ::: August 06, 2013, 09:41 AM:

Speaking of pressure cookers and bombs... My mom's generation (up in francophone Quebec) called a kettle a bomb.

#33 ::: Caroline ::: (view all by) ::: August 06, 2013, 10:03 AM:

Fragano @ 6:

What bothers me, however, is that she appears to assume that once she has placed an image in public others can only respond to it in ways to which she must consent. That's the policing of thought. […] There are lots of responses to what I have said or written, or to my image, that have displeased me, ranging from the critical to the downright racist. If I want to live in a world of freedom, in which I have the freedom to express myself, however, I have to live with them.

I think this quote is key:

I’m not naive, I know that once you’ve uploaded a photo on the Internet, anybody can pretty much use that photo in whatever way that they like but I do think there is a statement being made when a man adds a photo of me to their Flickr favorites or reblogs a photo of me to their Tumblr jerk-off blog, I think there is a reason they do this in a manner that makes me aware of it.

It would be easier to right click and save the photo into some folder on their computer where they could look at it all they wanted without me knowing about it. I feel that by making it known to me, they are saying something -– I consider you a sexual object who exists for my enjoyment, I don’t consider you as an equal human being, and I don’t care how you feel about this.

It's not the sexual response in their heads she has a problem with. It's the deliberate choice to make her aware of that sexual response, which is what makes it harassment.

I also don't see her arguing that they shouldn't have the right to make wank-fodder Tumblrs, or that they should go to jail for it or anything. Just that it makes her angry and disgusted.

So I don't think it's a free-speech issue.

As for the "proper response" being "condemnation not withdrawal" -- in a general sense, yes. But individual people do what they need to do to maintain their mental and emotional health.

#34 ::: P J Evans ::: (view all by) ::: August 06, 2013, 10:33 AM:

They've been doing those in Los Angeles for several years. I don't know what their criteria are for stopping and checking. (I was really glad they weren't doing that the day I took a bread knife to work. It was still sealed in plastic, but !)

#35 ::: Daniel Martin ::: (view all by) ::: August 06, 2013, 10:41 AM:

Charlie Stross @24: Yes, I'm looking at it from a US point of view because the implications of the European view on privacy that I've been exposed to strike me as either bizarre or an infringement on my right to do what I want with what's in my head.

Partially this is because of how I've been exposed to it: I've never been on the end where it would provide me any protection, but I have been part of organizations hit with demands that, from a US view, seem to come out of left field. Therefore, my only view of it has been when people wave it saying "you can't do thing X", where X strikes me as a totally legitimate thing to do.

E.g.: The first time I was ever made aware of European privacy law was as part of Debian, when someone who had in the past participated in some Debian email lists decided he didn't like how a Google search for his name didn't find his personal website but instead found his old posts to Debian mailing lists. His solution was to first request that Debian delete from the mailing list archives all messages he'd sent or been CC:ed on or event that quoted his name and email address in replying to him. (Basically, anything that would cause Google to return that page in response to a search for his name)

Now, maintaining as complete as possible archive of project activity is a very important organizational value to Debian, as part of a larger commitment to organizational transparency. After being told basically "What? No", his response was to threaten legal action based on the EU Privacy Directive. (Since Debian had no right to publish his name and email after he'd requested that those posts be deleted) Now, I don't remember how it was eventually resolved, but I believe Debian had to find EU council because it wasn't clear that his threat was baseless. Under US law, there'd be no question and ridiculous demands like that could be safely ignored. (Were he complaining about libelous messages, of course that would be different, but he was asserting a right to say "you must delete evidence of my email address" after using it on a public mailing list)

As another example, it has occasionally been proposed that there be some EU law that prevents Google from storing and archiving search data beyond a certain relatively short time period, even if individual identifiers have been stripped (e.g., even if the only data stored with a query is a timestamp and general - i.e. city level - location data). This would cripple things like Google Flu Trends, which need massive amounts of data going back years to tune their models properly.

True, a restriction like that would also prevent Google from doing things like testing new ad-clickthrough models on historical data streams so the ad auctions at Google would be less efficient. I know that advertisers - and ad-serving platforms like Google - are not sympathetic actors, but a less efficient market doesn't result in a surplus to consumers. It just results in money being wasted making the whole world marginally poorer.

On a smaller scale, it strikes me as bizarre that it might be illegal to have a personal webserver that served up its logs directory. (Since you'd then be publishing the IP address of every website visitor) There are many reasons why it would generally be personally foolish to do such a thing, but for that to be disallowed, or more generally to disallow complete archiving of access logs to tape forever, strikes me as wrong - as a USian, I view the files on my server as mine even if they were created by interaction with you. Saying I can't keep them or that I must mangle them strikes me as just as silly as saying I can't keep a letter you sent me, or can't show the letter to a third party.

#36 ::: nerdycellist ::: (view all by) ::: August 06, 2013, 11:00 AM:

Caroline @ #33 -

I had an almost identical thought when I found some stranger on flickr had favorited a photo of mine out of a birthday set; it was to show my parents how I spent my birthday money, and included pictures of luxury food items and my fred-flintstone style feet with a bright blue pedicure. He chose my feet, and left a comment. He put that photo in his own photo-set of random feet. I changed my settings, but since I have a few friends and family members whose contact info has been known to change, and who like to see and comment on vacation photos, I didn't lock them down nearly enough. Again, had he just right-click-saved, or screen grabbed or whatever, I wouldn't have known. But he wanted me to know.

Felt the same way about the dude at DragonCon videotaping a line I was in. Had he just recorded I would have forgotten immediately. His audible commentary as he was taping means two years later I remember his assessment of me and every other girl in line. Gross.

#37 ::: Jim Macdonald ::: (view all by) ::: August 06, 2013, 11:10 AM:

#30 Lorax

Later iterations of that story revealed that the suspicious search was actually "pressure cooker bombs",

Immediately after the Boston Marathon bombing I'd think that would have been a really common search phrase.

#38 ::: Lis ::: (view all by) ::: August 06, 2013, 11:18 AM:

Nicole @ 22 has a good point about "being female in public". There's this weird intersection about the panopticon and celebrity and everything else.

I have a friend who is a Paralympic gold medalist. She's a very dedicated, talented athlete. And she's spoken of how disturbing it is to be at international sports competitions where the only photographers in the stands have to be forcibly removed by security, because they're working for amputee fetish websites.

Which always, to me, takes away the defense of, "Don't put your picture in public if you don't want..." because her crime, in this case, is being a world-class athlete in public. I understand people wanting to maintain this illusion of control, that if we're only smart enough or good enough or circumspect enough we can keep it from hurting when we're squashed onto a microscope slide. But in the days of creepshots and metadata tracking, I think that really is an illusion.

#39 ::: Daniel Martin ::: (view all by) ::: August 06, 2013, 11:20 AM:

Mongoose @29: Ugh. I was afraid someone was going to go there with the pressure cooker story.

Okay, so about that story?

The parts that made it anything other than a "some busybody freaked out, called the cops" story are FALSE.

1) The person was visited by Suffolk County PD, not the FBI.
2) The police who visited were in plain clothes, not riot gear.
3) Google did not supply any information in this case.
4) The person wasn't visited because there was some broad dragnet to catch combinations of search terms that separately looked innocent.
5) The searches that caused the police to visit weren't done on the home computers.
6) The searches that caused the police to visit did include the phrase "pressure cooker bombs".

What apparently happened is that the husband's former employer went through the web history of the husband's former work computer after the husband's employment had ended. (Still ambiguous if the employment ended on friendly terms or not) When doing so, the employer found Google searches for "pressure cooker bombs" and "backpacks". The employer then called the local police, had them come out and explained to them what he had found on the computer, and the police then went to the house just to see if this was as it seemed nothing or if this was one of those times when in six months there'd be all sorts of questions on how they let this bomber fall through the cracks. They arrived at the house, they talked, conducted an amazingly cursory search, concluded it was nothing, and left. Apparently at the time the police said that they were there because of Google searches, and specifically mentioned pressure cookers, backpacks, and asks the husband "did you ever Google for how to make a pressure cooker bomb?". Also apparently, either the police in that initial visit didn't make it clear that this was because of searches done on the work computer at the husband's old job, or the husband failed to convey that detail to his wife when he recounted it later.

The wife then writes a blog post on about what happened including deeply paranoid imaginations about Google and the national surveillance state as statements of background fact. The internet proceeds to explode.

My opinion? The employer was an ass. Who goes through the web history on returned machines? You wipe them totally clean and reinstall, and then decide if they're still new enough to issue to a new employee or if you give them to a charity and write it off on your taxes. The cops were annoying and intimidating, but that's about what I expect of local cops. Do remember that the initial blog post described the tone of the police visit as "conversational".

Also, "news" sites covering this went nuts, and continued to go nuts even after we know the full story. Part of this going nuts offends me personally because it just assumes that of course Google is going to be doing this kind of broad intersectional surveillance because they love being Big Brother or something. That's as offensive as if someone characterized all lawyers as "of course they'll totally break all client confidentiality for $20", or characterized all M.D.s as being willing to conduct things like the Tuskegee syphilis experiment because that's how people who believe in scientific medicine act.

(E.g. Stuff like this, which characterizes "Google will comply with legal procedure" as "Google will rat you out on a dime and sing like a canary on crack" - in fact Google routinely fights overly broad search warrants or court orders in court, but if/when they lose they choose not to declare themselves above the law. Apparently anything less than full civil disobedience is insufficient for some people.)

More about this in the most recent open thread.

#40 ::: Betsy-the-muffin ::: (view all by) ::: August 06, 2013, 11:39 AM:

A follow-on to Caroline @33 - I think that saying Zigmond has an obligation to stay public in a show of strength carries the unfortunate implication that she's somehow obliged to continue providing wank-fodder for people she would rather not provide wank-fodder for. It's okay that she can't control how people decide to use her photos. But it's also okay for her to let her comfort level with those potential uses determine whether or not she's willing to make them available.

My cynical reaction to Charlie Stross @28 is something along the lines of: this would backfire in America. Executives would use "I'm assuming this risk for the company!" as a lever to demand even-higher compensation packages, and they'd lawyer so well up if charged that actual jail time seems unlikely.

#41 ::: Charlie Stross ::: (view all by) ::: August 06, 2013, 11:51 AM:

Daniel @35: your experience on the Debian mailing list sounds rather wrong-headed -- that's an abuse of process. Also, should have been easy to work around in the sign-on process: "by signing on to this list you not only authorize us to send you list-related email, but you authorize other subscribers of this list to read your email, and you give us a non-revocable authorization to maintain a public archive containing it." At which point the mailing list is a consented-to use and the transparency criteria are also satisfied.

There's also the proportionality issue. It would indeed be bizarre and disproportionate to prosecute a website for accidentally exposing its logfiles. If it was deliberately exposing them for some reason, then the DPD implies that it ought, at a minimum, to notify visitors that this is happening and please to piss off if they're not happy with this. But that's about all.

Google flu trends probably overrides the DPD because of the public health exception in most of the clauses of the ECHR -- "not dying of a pandemic plague" is a higher priority than the reasonable everyday right to privacy, up to a point.

Shorter version: it's not an unreasonable law, but as with all laws, sometimes it gets misapplied or abused. The question is whether it does more good than harm.

#42 ::: Fragano Ledgister ::: (view all by) ::: August 06, 2013, 11:51 AM:

Caroline #33: You're right. She's responding to their arseholery. She's entirely right to do so.

What worries me is that in protecting principles with which I agree, we may end up empowering the policing of thought. That would be a giant step backwards.

#43 ::: Charlie Stross ::: (view all by) ::: August 06, 2013, 11:58 AM:

Daniel: an example of where Google got jumped on and trashed due to the DPD -- the French government prosecuted them because their Street View cars were promiscuously sniffing wifi networks. Merely mapping wifi base stations to improve the location database used by Android phones would appear to be reasonable, but the Google cars were recording wireless data streams, including passwords and email.

And in Germany, many people want to be able to opt out of having their homes visible in Street View -- so many that Google was forced to provide an opt-out mechanism. As the article explains, "the reason for the German behavior lies in their history. With first the nazi’s taking away the privacy of the German citizens and later the communists: the Germans are allergic to anything which can invade their privacy."

Neither of these matters seem disproportionate to me. It's one thing to take a snapshot of a street scene in which individuals may appear, for your personal use -- you were there, after all -- or even to show to your friends and relatives -- if those individuals aren't identifiable. It's an entirely different matter to scan and make searchable the appearance of every domestic residence (with or without drawn curtains!) in a country, or to intercept and store without consent someone's email or login credentials.

#44 ::: Charlie Stross has been gnomed ::: (view all by) ::: August 06, 2013, 11:59 AM:

Would the gnomes care for some cat treats? (We're low on human food due to impending road trippiness, but Mafdet's gone to stay with her cat-sitter ...)

#45 ::: Lee ::: (view all by) ::: August 06, 2013, 12:43 PM:

nerdycellist, #36: Heh. I've had some odd things be favorited on Flickr, and a couple of times I've gone to see if I could figure out why. Once it was someone who apparently collects shots in which people got their finger over the lens. Another time it was clearly someone who has a feet-in-platform-shoes fetish. A little weird, but I basically look at it as "no skin off my nose".

As to the "he wanted me to know" thing, I don't seem to have that reaction to it. I favorite stuff on Flickr all the time because that's the easiest way to bookmark it, and allows me to look at it in the Flickr interface. I'm not doing it to send any kind of message to the person who posted the picture, I'm doing it for myself. OTOH, leaving a comment does rather take it to another level.

Oh, and there's one particular guy who routinely favorites any photos I take of men in satyr costumes. I went to look at his collection once, and it was an amazing set of eye candy!

#46 ::: Dave Bell ::: (view all by) ::: August 06, 2013, 01:06 PM:

Daniel @39

In light of the SOD revelations, I find it hard to believe any Police claims in such cases. You might be talking to an honest cop, but we now can doubt his superiors.

#47 ::: Daniel Martin ::: (view all by) ::: August 06, 2013, 01:31 PM:

Okay, so let's take that Wifi data case. That turned out to be a bigger deal in the US (over $7 million in the settlement with all the different states) than in the EU, (I think the French government finally fined Google 100K Euros) and it wasn't because of privacy protections in the US, but because of state-level anti-wiretapping laws. (The FCC fined Google something like $25K but the states were more aggressive)

So, while I agree that the French response there was mostly proportionate (though I like the approach Ireland took better, where Google could just destroy the drives unexamined rather than have to go through months of letting the government go through citizen's data and then be told that they shouldn't have that data), it didn't need data protection-type laws for government action to happen. It's not clear that this is really the same thing as what Abi was talking about, where the issue isn't how some data was acquired but how it's used. (In fact, if use - not acquisition - were the issue, Google might well be in the clear. The full captures sat on drives and weren't examined. Automated tools pulled the wireless AP names and MAC addresses - data Google could legally acquire - out of the captures and then they just sat there until the drives were cycled back out in another Street View car trip)

I get that certain forms of data acquisition are and should be illegal. What seems weird to me is this idea that legally acquired data doesn't belong to the entity that legally acquired it to analyze and store as it sees fit. That strikes my US-tuned sensibilities as dangerously close to "you can't think these thoughts".

For similar reasons, I don't understand some of the logic behind the author's side of the Google Books lawsuit, where the contention is that Google violates the author's copyright simply by scanning an author's work and storing a digital copy no one is ever shown (until the author or an appropriately licensed publisher allows it to be). That is, the idea that the act of scanning itself is a violation because the information on the printed page was supposed to go directly into a human brain and not into magnetic pulses on disk.

#48 ::: Daniel Martin ::: (view all by) ::: August 06, 2013, 01:48 PM:

Dave Bell @46: It isn't that the police said stuff, therefore I believe.

It's that the story as initially presented made no sense, (*) and the police statement if taken as true or mostly true changes the story so that it does make sense.

Either the police had serious deep surveillance knowledge or they didn't. If they did, then showing up at the house and obviously not caring enough to do a real search (if they were worried, they wouldn't have left any room untouched) doesn't make sense. If they thought "this is probably BS, but we should go look" then: 1) their behavior at the house makes total sense, and 2) that attitude is what I'd expect the cops to have if they got a tip-off from a busybody civilian. Also, note that when told that the searches were from the husband's former work computer, the original blog post author says "I didn't know that before, I really was going with the facts as I understood them at the time" and not "The police are lying". Presumably this means her husband has confirmed that he did do such searches from his work machine.

So... sure, it's possible the cops are lying. I can't imagine though why they would.

(*) Note that the blog post author complained on twitter after the internet exploded but before Suffolk County PD released its statement that she did not make the whole thing up as people were accusing her of doing. I don't believe she made anything up as such, I just think she was reckless with the truth and has read too many paranoid fantasies about Google and national security state. The reason she was getting that accusation though is that her story as presented didn't ring true.

#49 ::: albatross ::: (view all by) ::: August 06, 2013, 02:07 PM:


Right, but it's important to be clear that this story does *not* provide evidence of some kind of federal monitoring of Google searches. That may be going on, with or without Google's help[1][2], but this story as it has come out doesn't really tell us much about that, as we have an apparently much less surprising explanation for why they got a police visit.

Now, there is a hell of a lot wrong with the cops questioning you and searching your house (apparently in a pretty professional, low-impact way--this wasn't a midnight SWAT raid) because you made the wrong Google searches at work. But we need to be clear on *what* is going wrong there in order to know how to respond intelligently.

[1] If Google and Bing were monitoring web searches in some federal program, with a court order forcing them to do so from the FISA court, my understanding is that they could not disclose this fact. They might fight it in (secret) court if they could, they might try to be allowed to disclose it, but they would be violating the law and decisionmakers would be risking prison time if they did so without permission. This sucks all around, but it's the way the laws work in the US right now. It's a way for the law to *decrease* trust, instead of *increasing* trust. Note the difference: proper regulation of banks and food producers and doctors and such makes me *more* willing to trust them. Turning them into government informers or enforcers makes me *less* likely to trust them.

[2] If the feds are watching the traffic before it gets to Google, then TLS-encrypted connections to Google will protect your traffic from being casually recorded. This is a good reason to install a browser extension like https everywhere to get the benefits that you can get from encryption. The encryption doesn't make the endpoints trustworthy--neither Google's servers nor your desktop machine--but it does secure the traffic in-between.

#50 ::: albatross gnomed ::: (view all by) ::: August 06, 2013, 02:08 PM:

Gnomed, gnomed on the range....

#51 ::: Tom Whitmore ::: (view all by) ::: August 06, 2013, 02:13 PM:

Avram @21: do TSA agents take an oath to defend the Constitution? If so, there's wordage there about "unreasonable searches and seizures" and "probable cause." The article you linked to says they need to do these unreasonable searches because of their remit to prevent terrorism. It's always been true that unreasonable searches will uncover more crimes than reasonable ones -- but there's still a reason that language was put in the Constitution. And yes, the Bill of Rights really is part of the Constitution. Like the other amendments.

#52 ::: albatross ::: (view all by) ::: August 06, 2013, 02:37 PM:

There are many beautiful and useful and good things that can only be produced or done in certain environments. When the right environment goes away, so do the beautiful and useful and good things.

We live in a world where way more than enough food is grown. And yet, that's possible because of a set of laws and social conventions and local conditions keeps it possible. If something changes and it stops paying for people to grow food, we'll stop having enough food. Let the government set a maximum price for bread below the cost of production, or some widespread social movement start burning fields just before harvest or scattering landmines in fields to terrorize farmers, and we will find ourselves short of bread.

Similarly, writing academic papers is a pretty good way for some people to get recognition that translates into job opportunities and prestige, in exchange for helping other people learn more about the world. But let the government start arresting people for violating some hard-to-understand rules about socially undesirable research, or let some broad social movement start firebombing the labs and homes of anyone who publishes research in some areas, and a hell of a lot of research will dry up. In an area where today we are rich, we can find ourselves poor tomorrow, because circumstances and incentives changed.

It seems to me that the first story is an example of that, and that we've seen several more such stories. On the internet, you can share lots of things that are nice to share--pictures of yourself in a pretty dress, poetry, fiction, revealing personal stories, ideas, beliefs, political or social arguments, computer programs, podcasts, music, whatever. And as long as the conditions are right for that, so that you can benefit or at least not be hurt by sharing them, then we will see that sharing going on. But if conditions change so that the reward for those things is often some awful bucket of shit being dumped in your lap, then we will see a lot less sharing of those things. That's happening.

It does not take very many net.kooks or creeps making rape threats or whackjobs making credible-sounding death threats or jerks getting the SWAT team called out on you or screwing with business records to get your power turned off or your credit ruined, before a whole lot of people are silenced. More and more people decide that it isn't worth it to be active online under your own name, or to go to great lengths to keep yourself anonymous. Posting pretty pictures gets you hundreds of messages from creeps who want to fuck you, posting the wrong kind of political argument (especially if you're visibly a woman) gets you surpassingly nasty threats and ill wishes of being raped and murdered, annoying the wrong people online gets you endless headaches. And so people stop sharing those things.

And the result is that we get poorer. Things that were once plentiful and nice become rare and less nice. Systems that were once mostly useful become mostly useless (think email full of spam).

#53 ::: C. Wingate ::: (view all by) ::: August 06, 2013, 02:53 PM:

re 47: The problem word here is "acquire". Probably 85% of legal problems with anything computer-related stem from the reality that digital computers do everything by copying; thus, everything that passes into a computer is to some extent acquired and at least technologically can be kept. Most people's intuition of most of this data passing is that the virtual data pipe should be inviolate, and that there's an implicit "need to know" standard applied to those at the other end. What we have instead, in reality, is that people are made to give up these intuited rights to some greater or lesser degree as a cost of doing business, so that privacy is negotiated out in the the not-very-free marketplace of choosing not to do business with whomever or over the internet at all. And since businesses can make it difficult or at least quite inconvenient to do business any other way, they have most of the market power. I don't accept that simply having to have the data empowers those that have it to use it in any way they see fit; it seems to me (and I think that most people feel the same way) that this is to some degree a custodial relationship, and not just a pure ownership relationship. It's like having money in the bank, not like giving money to a store.

In the large what this means is that the notion of data ownership has to be worked out through societal norming, which in the US unfortunately means that the only significant determining force will probably be economic power, inadequately counterbalanced by law directed against the most egregious violations of public sense.

#54 ::: Jim Macdonald ::: (view all by) ::: August 06, 2013, 03:34 PM:
SOD: DEA officials who oversee the unit say the information sent to law enforcement authorities was obtained through subpoena, court order and other legal means. A DEA spokesman said members of Congress "have been briefed over the years about SOD programs and successes." This includes a 2011 letter to the Senate describing the DICE database. But the spokesman said he didn't know whether lawmakers have been briefed on how tips are being used in domestic criminal cases.
--How DEA program differs from recent NSA revelations

Emphasis mine. "And other legal means" covers a vast number of sins.

#55 ::: Avram ::: (view all by) ::: August 06, 2013, 04:15 PM:

Tom Whitmore @51, TSA agents are agents of the federal government, and therefore bound by the Constitution regardless of whether they take an oath to remind them of it.

#56 ::: Avram ::: (view all by) ::: August 06, 2013, 04:18 PM:

Daniel Martin @25: Corporations are people, in the same way soylent green is

It occurred to me last night that corporations are tigers, in the same way that Hobbes (from the old Calvin & Hobbes comics strips) is. Except that the authorities, unlike Calvin’s parents, actually take the kid seriously when he says “Don’t blame me, it’s the tiger’s fault!”

#57 ::: Fragano Ledgister ::: (view all by) ::: August 06, 2013, 05:18 PM:

Caroline #33: You're right. She's responding to their arseholery. She's entirely right to do so.

What worries me is that in protecting principles with which I agree, we may end up empowering the policing of thought. That would be a giant step backwards.

#58 ::: Daniel Martin ::: (view all by) ::: August 06, 2013, 06:11 PM:

C. Wingate @ 53:
I like the phrasing of personal data given to large companies being like putting money in a bank. That is, I give the bank my money because doing so gives me benefit. That the bank then uses my money to fund someone else's business loan (that is, that the bank uses my money to make itself richer) is not a reason for me to hate the bank and need to pull out. On the other hand, I can at any point quit the bank though there are significant transactional annoyances to doing so.

Yes, fractional reserve banking only works because money is fungible, etc. - it's not an exact analogy. However, it really works surprisingly well at describing the situation we seem to want.

So... okay, BUT:
1) Banks are pretty specialized businesses. I think this vague analogy works fine for Facebook, Google+, LinkedIn, or Pinterest but I'm not sure it works for, say,
2) There's a lot of standardized legalese to read and sign when you open an account at a bank. There's a lot of legalese to read and accept when creating an account on Facebook too, but it isn't standardized. I could see that changing. Also, I could see privacy policies become legally binding on the companies that hold user data since currently they generally aren't. (Google's privacy policies are legally binding on Google until 2020 or so under a consent degree with the FTC - fallout from the Google Buzz rollout - but I don't know about other big players)
3) There's the matter that though some of this data is data you clearly entrust to the site in a custodial manner - e.g. your Facebook profile data - other data is data the site knows because of how you interact with it. For example, a site might know how often you click on ads that show a smiling woman. I think that currently the biggest issues are with how that second type of data can be used. Unlike profile data, it isn't the kind of data most people would think of as belonging to them the way their photos, emails, contact info, etc. belong to them. You wouldn't carry that kind of data with you elsewhere. In other words, it isn't the kind of data you "want back" once you decide its being held by a site you no longer trust, it's the kind of data you then want destroyed. The bank analogy doesn't seem to have anything useful to say about this kind of "I want it burned" data.

#59 ::: chris ::: (view all by) ::: August 06, 2013, 09:08 PM:

#41: Also, should have been easy to work around in the sign-on process: "by signing on to this list you not only authorize us to send you list-related email, but you authorize other subscribers of this list to read your email, and you give us a non-revocable authorization to maintain a public archive containing it." At which point the mailing list is a consented-to use and the transparency criteria are also satisfied.

Doesn't this require a time machine, so that you can change the sign-on process at the time the user in question was an active user, which may be years before the law in question was even passed? (Precognition would be equally effective, but only if you had it when you needed it.) If you didn't know at the time that you would need explicit consent to archiving, it seems much more difficult to obtain it after the dispute has already begun.

Never mind the user moving to a jurisdiction different from where you operate your servers, but which will nevertheless attempt to claim jurisdiction over your actions on the basis that you are publishing something about their citizen in a medium available in their jurisdiction. Whether that will hold up or not, I don't know, IANAL; but it certainly seems plausible enough to make a wise and prudent person consult with a lawyer, possibly one local to the jurisdiction, before concluding that there is no danger.

And, of course, you may well find that in some jurisdictions, your consent language is legally void. There are plenty of things that cannot be agreed on in contracts because they are contrary to public policy. Whether or not this may apply to the same physical jurisdiction in the future after a change of law is, again, something that may vary from one jurisdiction to another and you had better consult your lawyer.

P.S. ISTM that Debian would lose little, if anything, by changing all references to him to "Anonymized User #24601", which would still make it possible to track conversations but not to link them to the particular person however many years later; unless of course they were a person of historical significance, in which case there might be a public figures exception anyway. In fact, if the archives were of the right age, then they probably contained some users anyway. But I can also see why they might not want to take the time developing the software to do such a thing, or might find the demand offensive to their organizational principles.

#60 ::: B. Durbin ::: (view all by) ::: August 07, 2013, 01:37 AM:

The chilling effect of such behavior is completely obvious to me: after all, there's one particular blog project that I would like to do, but won't do unless I can figure out a reasonable amount of anonymity on the technical side. When you grow up with someone in your sphere of influence who received credible death threats over Usenet postings (about SF television, usually!), you tend to be wary of anything that might be potentially incendiary. Especially when you're female, and dare to have an opinion.

#61 ::: Charlie Stross ::: (view all by) ::: August 07, 2013, 04:31 AM:

chris @59: Doesn't this require a time machine, so that you can change the sign-on process at the time the user in question was an active user, which may be years before the law in question was even passed?

That, in my opinion, is a silly question. New laws governing what we can and can't do online show up all the time; if you're running a mailing list by definition you've got a list of subscribers, so you email them with an update to the terms and conditions and let them cancel out if they don't agree. If the addition of the term "perpetual" to your conditions causes problems then you weren't thinking it through when you created the archive in the first place.

More to the point, that quibble is a classic example of a form of derailing discourse common to internet fora in general: focus on a single micro-issue, then explore it in infinite depth, yelling "the sky is falling!" over every minute obstacle, thereby obscuring the core of the problem -- which is that the US Constitution gave no explicit right to privacy, and that other jurisdictions provide well-developed frameworks for protecting that right.

#62 ::: Dave Bell ::: (view all by) ::: August 07, 2013, 04:59 AM:

Charlie @61

Just posting to add; and the internet is a part of the general globalization of business, which is why differences between the US Constitution and and equivalent-law in other countries actually matter.

There's some sort of treaty between the EU and the USA on this specific matter, and quite what the result would be is a case ever got to the Supreme Court of the USA would be interesting, in the fake-Chinese-curse sense. I think the US Constitution would take precedence, but quite what that means in practice, I couldn't begin to say.

#63 ::: abi ::: (view all by) ::: August 07, 2013, 05:25 AM:

Broadening Dave and Charlie's point even more: there is a fundamental question about how we mesh among various legal regimes. Do we default to the most "permissive" legal system? (Permissive to whom?) Do we cater to the most "restrictive"? (Again, for whom?) In theory, we should compromise. In practice, we seem to go for the most "permissive", then feel exposed and offended in the areas where our home models are not that permissive. Europeans twitch at the way US companies suck up their data and use it everywhere; Americans freak out about porn and copying.

In theory, these things should be negotiated away from the default to a place that's mutually comfortable. In practice, the lawmakers do this (with the US as the 500-pound gorilla in the conversation), but actual users subvert the controls they put in place. Because it offends their sense of justice, both that they don't have rights that they consider "natural" and because they see the offenses against their own proprieties as permission to offend back.

To some extent, this is just the way it is. I know that. But I'm also aware that many things that were "the way it is" no longer are, from human bondage to high infant mortality. I keep hoping that at last, enough people are bothered by "the way it is" that we do something about it. That's why I made the analogy between something that women are told to just suck up and live with and something that affects and bothers a broader population.

#64 ::: Serge Broom ::: (view all by) ::: August 07, 2013, 06:42 AM:

abi @ 63... these things should be negotiated away from the default to a place that's mutually comfortable

"Do you know what a compromise is?"
"Bendin' the law?"
"Uh, no. It's an agreement reached by mutual consent."
- from 'To Kill A Mockingbird'

#65 ::: Daniel Martin ::: (view all by) ::: August 07, 2013, 07:30 AM:

I wonder what the effect would be of tumblr becoming selectively less anonymous? That is, if you re-blog something from someone else's blog, for a limited time thereafter that person can see who you are? (And if you don't give Tumblr enough information to know who you are, you don't have easy reblogging features enabled on your account)

This would, in this particular case, allow the fetish reblogers to be named and shamed. However, it would also possibly kill reblogging for the purpose of criticism. (is that a thing? Tumblr is something for a generally younger-than-I crowd) Also, while I understand Zigmond's legitimate desire not to be strangers' wank material, naming and shaming someone for their expressed sexual desires strikes me as something that could go very, very wrong very fast.

#66 ::: Renatus ::: (view all by) ::: August 07, 2013, 09:07 AM:

Daniel Martin @ #65: However, it would also possibly kill reblogging for the purpose of criticism. (is that a thing? Tumblr is something for a generally younger-than-I crowd)

It's very much a thing. Tumblr is a hotbed of social justice and media criticism via fandom activities.

It's also full of queer people of various stripes, and I think very few of us would be willing to give up relative anonymity so we can participate.

#67 ::: Jim Macdonald ::: (view all by) ::: August 07, 2013, 09:39 AM:

If you have ever put up a picture of yourself anywhere on the Internet, I promise you that there is, somewhere, someone whacking off to your picture right now.

#68 ::: Jim Macdonald ::: (view all by) ::: August 07, 2013, 10:00 AM:

Speaking of Tumblr:

Tumblr Cracks Down On Adult Content, Suffers An Unrelated Security Breach. Karma?

I know this is old news and their policy has since (since it was announced on 18 July of this year) been rescinded/clarified, but it still points to chilling effects.

#69 ::: C. Wingate ::: (view all by) ::: August 07, 2013, 12:19 PM:

re 58: Some comments, perhaps not that well-organized:

a. Part of the thing there with the bank is that the legalese is standardized, due in no small part because the law directs it be so. It isn't so with the internet legalese so there's a strong element of "what we can get away with for now".

b. There are some far more sweeping data retention rules in place, e.g. how credit card charges are handled. Again there is some law backing this up, but also the extremely powerful credit card companies dictating policy.

c. There are so many levels of handling material in sending it around, and so many possible points of collecting data, that in practice a set of individual agreements at each of the various interfaces is impractical and often impossible. Even in a simple person-to-person transaction, how am I supposed to make legal agreements with the other person's internet provider? As a rule I cannot even find who that provider is with already having interacted with them.

d. Something I neglected to mention the first time around is how this cuts both ways. When you get any sort of displayable/playable medium off the internet, at some level your local device is making a copy of it, even if it doesn't hold the whole copy at once. There's an inherent problem in copyright regulation when any use of the material requires that it be copied; the old model of "you can't copy it at all" doesn't work.

The point I'm trying to get at is that the technological decisions made along the way keep reraising the issue that moving stuff around electronically is not like moving stuff around physically, so that physical having of electronic data doesn't produce the same kinds of ownership effects as physical possession of the same data on paper or some other medium, and that the transmission of material is creating a lot of new stuff for which we don't have a good physical analogue. Societal norms about this stuff need to be worked out by people other than the administrators of governmental bureaus and big corporations whose accountability is limited. Your powerlessness is in inverse proportion to your need to use the internet or other electronic interaction. And I note that it is increasingly the case that you do have no other choice. For instance, my wife discovered that one could not purchase refreshments on a plane trip; they would only accept credit or debit cards.

#70 ::: Dave Bell ::: (view all by) ::: August 07, 2013, 01:06 PM:

Jim @67

I have a mirror.

You rotten swine! You have deadded my internet reputation!

#71 ::: Bob Webber ::: (view all by) ::: August 11, 2013, 10:31 AM:

#70 ::: Dave Bell

Waits for sound of fapping... Not a sausage!

#72 ::: John A Arkansawyer ::: (view all by) ::: August 11, 2013, 11:30 AM:

Brad Hicks @ 4: What did the book have to say about this sordid episode?

Johnson’s most controversial assistance came from the FBI. Since becoming President, Johnson’s relationship with the Secret Service had deteriorated, and on occasion he threatened to bring in replacements from the FBI to serve on his security detail. For the convention, he followed through on those threats to an extent, inviting a “special squad” to help the Secret Service and to maintain order. Led by Cartha “Deke” DeLoach, an assistant director of the FBI who was a principal liaison to the White House, a unit of almost thirty agents monitored wiretaps of Martin Luther King Jr.’s hotel room and the MFDP’s convention headquarters, and they worked undercover as infiltrators and fake news reporters. According to a congressional investigation in 1975, these agents provided a “steady stream” of critical information about the MFDP challenge to the White House, primarily to Johnson aide Walter Jenkins. Most of the information passed along was “purely political and only tangentially related to possible civil disturbances,” and it provided “the most intimate details of the plans of individuals supporting the MFDP’s challenge.”
#73 ::: albatross ::: (view all by) ::: August 11, 2013, 05:29 PM:

This is what congressional oversight looks like. Even members of congress can't get a straight answer on what surveillance is going on.

#74 ::: albatross ::: (view all by) ::: August 14, 2013, 11:46 AM:

The real version of Going Galt. There is a linked interview with Amy Goodman on Democracy Now. I very strongly recommend watching it to get a sense of what is going on.

Of particular interest:

a. Ladar Levison could not say exactly what he was being ordered to do by the government, presumably because national security letters come with a lifelong gag order.

b. He appeared with his lawyer, and kept asking whether he could talk about things. Most often, he could not.

My first comment is that this pattern of not even being able to tell us what's being done in our name, and of this guy being obviously very intimidated that he could misspeak and end up in prison, tells us a lot about what kind of country we are becoming.

My second comment is that this isn't what the rule of law looks like. Secret courts, secret orders, secret laws--this is nothing like the rule of law. At this point, my sense is that a lot of the legal trimmings are maintained, not to impose any restrictions on what is being done, but rather to provide some reassurance to the public that the rule of law still exists. It's like keeping the old republic's offices and forms, even though the emperor makes all the decisions. How often have court decisions or congressional hearings actually forced the spy agencies to change their behavior?

My third comment is that this is the best example I know of "going Galt." Not muttering about leaving the country in a huff because your sociopath lost to their sociopath in the last election, but rather closing down your business rather than be forced to do stuff you know is wrong. "I have left it as I found it. Take over, it's yours."

And finally, this guy is a canary dropping dead as we all happily mine coal in the cave. So probably it's nothing to worry about. After all, the canary was probably some kind of crackpot or had some unsavory allies or weird sexual tastes or something. Best not to think about him. Our leaders would never leave us down here mining coal if it weren't perfectly safe to do so.

#75 ::: P J Evans ::: (view all by) ::: August 14, 2013, 12:02 PM:

See Also: Silent Circle.

#76 ::: albatross ::: (view all by) ::: August 16, 2013, 12:44 AM:

I very highly recommend this article in the New York Times. Note the level of computer security and opsec needed to report on this story.

This makes me wonder how many other reporters don't have this level of care and knowledge, and so get their stories spiked from the editor or owner of the paper, or get arrested, or get a visit from an FBI agent to discuss their porn viewing habits and that escort service they use whenever they're in Vegas. And obviously, you can imagine worse that might be done.

We already know that surveillance information is being passed from NSA to DEA and IRS and presumably many other law enforcement agencies. It would be shocking to me if that information was not even more available to whomever serves this administration as its plumbers.

How would we know, if surveillance was being used to preemptively spike stories? Would it come out in public? I imagine there would be rumors of it among journalists, but I don't know.

#77 ::: albatross gnomed ::: (view all by) ::: August 16, 2013, 12:46 AM: my neverending attempt to make ML admins dig through the spam bucket....

Welcome to Making Light's comment section. The moderators are Avram Grumer, Teresa & Patrick Nielsen Hayden, and Abi Sutherland. Abi is the moderator most frequently onsite. She's also the kindest. Teresa is the theoretician. Are you feeling lucky?

Comments containing more than seven URLs will be held for approval. If you want to comment on a thread that's been closed, please post to the most recent "Open Thread" discussion.

You can subscribe (via RSS) to this particular comment thread. (If this option is baffling, here's a quick introduction.)

Post a comment.
(Real e-mail addresses and URLs only, please.)

HTML Tags:
<strong>Strong</strong> = Strong
<em>Emphasized</em> = Emphasized
<a href="">Linked text</a> = Linked text

Spelling reference:
Tolkien. Minuscule. Gandhi. Millennium. Delany. Embarrassment. Publishers Weekly. Occurrence. Asimov. Weird. Connoisseur. Accommodate. Hierarchy. Deity. Etiquette. Pharaoh. Teresa. Its. Macdonald. Nielsen Hayden. It's. Fluorosphere. Barack. More here.

(You must preview before posting.)

Dire legal notice
Making Light copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017 by Patrick & Teresa Nielsen Hayden. All rights reserved.