Today, Google's CEO, Sundar Pichai, will be testifying before the US House of Representatives, in a hearing entitled: "Transparency & Accountability: Examining Google and its Data Collection, Use and Filtering Practices".

We live in the Information Age, the era of Big Data. A massive industry has developed around the principles of personal data mining and resale.

Our data is used by entities, typically unknown to us, to target commercial advertisements, news stories, and political assertions. Most people are not even aware that they are being mined, happily clicking through Facebook & Google, marveling at the economy of MoviePass membership, etc.

The Equifax breach and the Cambridge Analytica scandal are two recent, highly publicized (MSM) events, and there are countless instances of personal data being compromised by poor information security and by loose privacy protections.

As electronic networks become increasingly ubiquitous and vital to everyday living (consider the Internet of Things), these issues of information security and privacy will become increasingly pressing, and at present our society appears to be ill-equipped to respond.

What should be the extent (if any) of government involvement in this area? How best can we address these issues, in terms of effectiveness and propriety?

Informing this discussion, I would like to draw your attention to the "Third Party Doctrine", which basically provides that an individual, by sharing information with a non-governmental entity, thereby forfeits their "reasonable expectation" that such information will remain private.

On this basis, the police can lawfully demand your cell phone records (including your text messages, the numbers you have dialed, the locations of the physical towers that your phone has connected to, etc), your emails, and your browsing history.

I ask that you consider this information when forming your opinions of the rights of private companies to store and/or disseminate your information, with or without your knowledge and/or permission.

I've been reading some of Bruce Schneier's work since I heard him on Harry Shearer's Le Show a few weeks ago. The guy is simultaneously nerdy and scary and has a rather doom & gloom outlook on cyber security, but he knows his **** so I thought I'd share him here.

https://www.schneier.com/

This is one sobering article

https://www.schneier.com/blog/archiv...ersonal_d.html

If eventual compromise is inevitable, would retention limits mitigate our collective exposure?

Perhaps data collectors can be held statutorily liable for data breaches, shifting the risks of information leakage/abuse from the public to the profiteering data cartels - liquidated damages? attorney fees? licensure implications?

^^^ That's the rub, that's the point that dude Schneier and others keep making. Everything you listed there would be a massive step in the right direction. But to boil it down to the simplest terms: There is no incentive for corporations to do a better job at protecting our data because there are relatively few consequences for not doing so.

I mean, just look at the Equifax data breach. A House committee called it "entirely preventable"

https://www.engadget.com/2018/12/10/...x-data-breach/

September marked the one-year anniversary of the breach. And what was done in that year? What steps were taken to ensure it never happens again? Virtually none:

http://fortune.com/2018/09/07/equifa...r-anniversary/

No significant changes in the company. No regulatory changes by our government wrt Equifax. THEY'RE STILL RECEIVING 'LARGE' GOVERNMENT CONTRACTS!

Equifax should have been hit with an injunction stopping them from ALL personal data trafficking until they could demonstrate significant changes, butnahh. It's business as usual.

for those not watching this House Judiciary Committee hearing at home:

the questions of the first Democratic representative dealt with privacy and security concerns

the questions of the first Republican representative were limited perceived political (anti-conservative) bias in search results

Yes, the majority party's top priorities are always a) protect the GOP brand and b) protect corporate profits, order sometimes reversed.

This is something a CFPB with teeth could address if it hadn't been reduced to a sham mockery of a department by the current admin.

Democrat asks about Google's operations in China, particularly it's role in facilitating the suppression of opposition to the government.

Followed up by a Republican returning to the question of whether Google's search results are biased against Conservative ideology, particularly on a "by outcome" basis.

I don't like the CFPB solution because of the phenomenon of regulatory capture.

CFPB should be a tool/resource to help the layman secure necessary information, but the policing of this issue is compromised if relegated to any particular, central authority.

Taking this larger issue one step further...

VR technology is poised to take media, gaming, and education to a new level of mass appeal, and I've seen some suggestions that AR devices may become commonplace before long.

If we pop an EEG reader into the device, nascent eg, what can be gleaned about a person, their preferences/fears/etc, as response to various stimuli?

downstream republicans are finally going for real issues

Poe, Marino

Poe's proposed legislation is weak AF



Senator Leahy's bill has actual teeth, but it didn't make it far past committee. This seems like a bipartisan issue, no?

I appreciate the idea that big companies should be doing more to protect personal information. However, a major barrier to that is the fact that for many companies of any reasonable size the horse is out of the barn. What I mean is - larger companies have been collecting, storing, sharing, processing, etc. data of their clients for years/decades. It's all over their systems, and all over devices, has been exchanged back and forth with the personal computers of employees, in all manner of encryption (mostly unencrypted). So to go to one of these companies now and say "Hey, you protect all your personal information right now, or else!" is all well and good, but those companies don't even know where all the data they have is.

I'm not talking especially about post-2000 the tech companies. This is more in relation to large companies that have been around for decades and whose person in charge of privacy until 2006 was a lawyer who needed help opening Word. Those companies will assemble committees, hire new Chief Privacy Officers, hire privacy staff, etc., but it's mostly window dressing. They will certainly do some good certainly, but there's a lot of data that is simply out of their control.

everyone's favorite congressman steve king complained about iphones to the google dude.

These companies need a big fat nuke. Delete all your free apps. What a **** show.

I expect this is indeed a huge problem, but I don't accept that there's just nothing we can do at this point, waaf, etc. Nor do I sympathize with the corprocrats on whom costs might be imposed to remedy the quagmire that they have needlessly, heedlessly created.

Forensic accounting is a thing; how about forensic data accounting? Absent some type of MAD scenario, our digital information age milieu isn't going anywhere anytime soon. Developing this type of field would benefit consumers and law enforcement alike.

I agree with this, I just think that solutions to the problem need to be based on the reality of the problem. I think the personal violation aspects of privacy issues might drive people toward approaches that have emotional appeal but little practical value. Like, you could threaten huge fines for data breaches but it may not stop data breaches. If everyone has little practical control over their data, and neither do their competitors, then it just becomes a cost of doing business and it will be treated like a tax, not something to fix.

Privacy is often topical and nonpartisan. Let’s discuss.

Everyone wines about privacy yet gives Apple, Facebook and Amazon all their info but nope do not let the government have anything

Moved to Europe about a year ago. Feel like they have good policies with the GDPR. Internet companies already have to comply with that, why not make it a more global standard. Certainly better than say China's approach which moves in the opposite direction with social credit and the like.

With regard to the NSA spying stuff, the current administration is a shining example of why the Patriot act should be repealed. Even if you believe the federal agencies are full of ethical civil servants only going after terrorists and the like, they are one election away from having their management replaced by partisan hacks.

With regard to local police having access to this stuff, I think this is a case where lots of case law and old white guys who have n authoritarian streak or don't understand modern technology must have led to a string of bad precedents that somehow got worse and worse. If the second amendment is interpreted to mean almost all guns are legal for everyone, then IMO the 4th amendment should mean that all papers, including digital papers and digital records, are secure from warrant-less search.

As someone now living in Germany, I understand that I could at any point email apple and facebook and google and invoke my right to be forgotten and have all my data deleted. To be honest I am also in the boat that I really don't care that they have my data because I am in a super privileged class of people, and the ads I am bombarded with all the time anyway might as well be targeted or somehow relevant to my interests but I understand that others can and should feel different and should have rights in this case.

Congress oversight body recommends GDPR-style privacy laws

The agency wrote as a conclusion:

Does GDPR create a private cause of action for the victims of privacy invasion/breach?

Based on the second quote, "civil penalty", it looks like there is just a fine for a violation.