Personally I'm wary of any surveillance of my life, period. Governments are a worry, but so are private entities, at least because they'll hand over their data to governments with minimal resistance, but also because their goal is to use information about me to influence my behavior and worldview, a very insidious proposition.
The difference to me is that data in the hands of the government falls under- at least- some thin veil of democratic oversight and accountability in how it's handled; data in the hands of private entities goes for the most part unchecked.
Taliban acquires US military biometric devices that can identify Afghans who assisted coalition efforts – reports
The Taliban has reportedly seized US military biometrics equipment that could expose Afghans who helped coalition forces – since they contain identifying data like iris scans and fingerprints as well as biographical information.
An unidentified Joint Special Operations Command (JSOC) official told The Intercept that the Islamist group confiscated the Handheld Interagency Identity Detection Equipment (HIIDE) devices during its offensive push last week. The report was backed up by three former US military personnel.
They told the news outlet that the portable devices could be used to access sensitive information from large, centralized military databases, but noted that it was still unclear how much of the biometric database collected on the Afghan population has been compromised.
According to a US Army Corps of Engineers presentation, HIIDE devices use the data collected to create a “portfolio” that can then be imported into Biometrics Automated Toolset (BAT) identification-processing software as a “digital dossier.” This can be scanned against official watch lists for threats.
Besides tracking insurgents, the Pentagon was also reportedly keen to use the devices to gather unique data on 80% of the Afghan population to check for terrorist and criminal activity. Unnamed sources said biometric details of locals who helped the US were also collected and used in identification cards.
“We processed thousands of locals a day, had to ID, sweep for suicide vests, weapons, intel gathering, etc. ... [HIIDE] was used as a biometric ID tool to help ID locals working for the coalition,” an American military contractor told the outlet.
I’d say the bigger difference is governments have a monopoly on the use of force. Certain companies could make your life a living hell I guess if they wanted with how much data they have on us though.
Government has a monopoly on the claim to legitimate use of force. All elements of this statement are crucial. The (usually Libertarian) objection neglects to consider "claim", "legitimate", and most aspects of "monopoly".
Hey that’s cool. I had no idea where that line of thinking came from. I think it makes sense to say a state essentially is something that has gained the monopoly on the legitimate use of force, but that still doesn’t invalidate that their surveillance is likely to be much worse.
It seems like the problem becomes when one says something is a legitimate use of force, and another says it is an illegitimate use. I’d argue they already illegitimately use their force and we should be very careful to give them any more ability to do so.
More government surveillance could genuinely be good and we could catch more bank robbers and rapists with it maybe, but it could also be used to punish those who protest.
Imagine if we give the feds crazy surveillance powers, and nod in approval as they arrest those on the right not wearing masks while not vaccinated. We might save lives! Then Trump gets re-elected and decides to use that same surveillance to go and arrest those protesting the “legitimate” use of force against PoC.
I wasn't addressing the issue of surveillance in my first comment to this thread, only the misuse of Weber's observation and definition.
Focusing on that for a moment:
There are companies which have visited violence on people. Often in a limited fashion, though not infrequently of an ulimited nature. Smith's Wealth of Nations discusses the companies of his times which operated their own private armies and navies. (He was Not A Fan.) There are today private armed forces, whether cast as private security, police, or mercenaries. Pretending that there's some inherent divide between governments which engage in deadly force and private industry which does not is simply false.
The worst abuses occur where governments and indsutries work hand-in-hand. That is part of the particular evil of ur-industrialism in its Fascist incarnation, where an elite industrial and financial class joins with a political group to wage genocide on its own people as well as the world. Note that Nazi Germany didn't operate without international support, and that companies including IBM provided direct, ongoing, contracted support for Nazi activities, including the Holocaust, throughout WWII. The tattoos you see on the arms of Holocaust survivors are in fact IBM-generated identification codes.
What I'm concerned about is unipolar power organised without restraint or separation of power, though constructing an effective-yet-functional separation also proves difficult. (The model inherent in the US constitution appears to function poorly in the face both of political parties and a division of the country in which no common agreement on basic facts seems possible.)
In the case of information and communications monopolies, which I've previously argued inherently give rise to censorship, propaganda, surveillance, and targeted manipulation, (See: https://joindiaspora.com/posts/7bfcf170eefc013863fa002590d8e... (HN discussion: https://news.ycombinator.com/item?id=24771470)) there is a symbiosis between state and private / corporate activities and engagement. One part of the stimulus of the development of intrusive, ubiquitous, and privately-operated social networks was the NSTIC, National Strategy for Trusted Identities in Cyberspace, described by Alex Howard of O'Reilly Media as "[A Manhattan Project for Online Identity](http://radar.oreilly.com/2011/05/nstic-analysis-identity-pri...)".
One of the inherent problems in government is in designing tools and systems which can be effective, whilst being aware that as much as they'll help your own interests whilst you have some control over them, they'll serve the goals of your political opposition when _they_ gain power. (Note that thsi problem is not limited to government, and that there are numerous companies which have evolved far from the interests of their own founders over time. This seems to happen especially in the publishing and media space, see H.L. Mencken's American Mercury or The Learning Channel.) I'm not sure how that is ultimately to be dealt with, though I also believe that any tool which is useful is also of necessity potentially harmful.
But the notion that the solution to minority or tyrannical capture in government is to eliminate government's role in a domain and assign it instead to instituations based on minority and tyrannical control, that is, privately-owned businesses unanswerable to the general public and with an unlimited scope of monopoly control ... seems to have a few flaws.
Government and politics, for all their flaws, are literally the mechanism by which a public and polity comes to a mutual and shared agreement and actions.
And misquoting and misrepresenting Weber does that fact a tremendous disservice.
The point is that a government can turn bad and not fall under democratic oversight, and surveillance done by such a government is incomparably worse than that done by private companies. Look at the countless totalitarian regimes through history. Liberal democracy, which is the reference point of your post here, is not guaranteed.
Infosec talent is not going to stop data privacy violations. Heck, sometimes it won't even stop data leaks.
The only secure option for maintaining the privacy of data is not to collect it in the first place. Collecting it and then saying, "I'm going to hire better hackers to secure it than the guys attacking me will hire to gain access to it!" Is a bit naive. At scale, you're almost guaranteed to lose that bet.
Governments can imprison you if you don't submit to their surveillance. See the criminal codes for failure to file an income tax return, refusal to report private transactions to surveillance agencies when acting as a money transmitter, or refusal to place a backdoor in encrypted email services.
Can I interest you in being also wary of the possibility that collected data about you could be stolen by explicitly malicious parties? Thieves, for example.
“Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive. It would be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end for they do so with the approval of their own conscience.” - C S Lewis
Of the three with data they could abuse, I’ll take the thieves everyday of the week.
I always think of this when I think of Nazi germany. The scary part is that the Germans turning in their neighbors weren’t bad people. They were convinced with the approval of their conscious they were doing the thing that would help society. It’s scary to think that if most us lived in nazi Germany during that time we likely would’ve gone right along with it, patting ourselves on the back for being good people.
If the last year taught me anything, it’s how fast people will turn on neighbors if given even slight guidance by the media let alone the government. Pick a topic, it’s all division, and seems intentional now.
Digital thieves aren't that organized, and mainly seem to be trying to defraud banks. When thieves do their thing, the narrative is automatically biased against them - nobody spins their activities as justifiable, and there are many government agencies that work to track them down and stop them.
Meanwhile commercial surveillance also consists of explicitly malicious parties. LexisNexis isn't storing your data to benefit you. But when Surveillance Valley does its thing, their activities aren't even illegal. And it takes many years for the media narrative to even acknowledge the harm.
So no, I'm not terribly worried about information thieves. Most news stories that focus on them seem like simplistic distractions to focus people on the wrong threat.
No, there is a misunderstanding here: not /information/ thieves. I meant, people using data of yours extracted from some less protected repository to facilitate financial theft against you and similar. Credit card details are an example, but also any data facilitating impersonation. Base dangers, vs more complex dangers.
You're going to need to give some concrete examples to detail the specific threat you're imagining. I was already addressing the possibility of someone impersonating me to defraud financial institutions. This would be annoying, but is straightforwardly handled by our existing institutions. In the absolute worst case I would have to retain an attorney to protect against levying of my actual bank accounts, etc, while the defrauded parties sort themselves out. Do you have a different threat in mind?
I (with the rest of the interested) will try to think more detailed examples, but I can already note that you seem to have much more faith than I have in your protection from the insurance, from the service providers and from the system.
I am very concerned with security holes opened by legislation such as the PSD2 in Europe - they should not exist in the first place, I want to sleep well in the notion that the project is solid -, and banks far from necessarily assume that you are the victim: very uncomfortable demands of proof may exist (up to, in a slightly different context, frequently heard absurdities such as "prove that your handheld was secure" [it is not, the service provider is the one that should provide security, not the user!!] or "prove that you did not write your PIN number somewhere in the stolen wallet containing your ATM card" [and then prove what, that one does not think of Spencer Tracy!?]).
But the matter is not (for clarity) just with the example of theft. That personal data is collected inappropriately is not just a reason for moral outrage, there may be also basic real consequences. Your personal messages, under "bad" practices, for example, may leak to more repositories: if one of them is compromised, your privacy may be exposed in ways difficult to compensate. These should not be forgotten, while keeping in mind other, very practical but not immediate for some, situations like "Ah, Mr. Jones, so we came to know you are a dissident", and the general disconcert.
And by the way, when I was re-reading the imperfect 'disconcert', the term 'discomfort' came to mind. Which makes other situations come to mind. In Europe some legislation mandates to have microphones (plus GPS and radio) in the new batches of cars (post 2018, to be used in case of car crash): some may never want to enter any such trap. If I felt uncomfortable with having my phone on I would just remove the battery, but not feeling comfortable even when one is in one's own car, that is way, way, way, way_times_by_1000 too much. Back to the article, it may not take much to have an entity decide, "let us record it". And then, for some reason (subcontractors, public-private partnerships etc.), have copies around. And then, owing to holes, having one's privacy exposed...
Which brings me back to my original point: what if not just the big-s-state or its contractors, or partners (already here we are at mind-boggling reality from a moral and good-sensical point of view), could access those intrusion devices, but just Mr. Random, owing to security holes? I do not forget that my privacy is also against Mr. Random, together with Society, Enterprise and State.
Unfortunately, most of us are the reasons why this is the problem. A lot of us on HN are developers and software engineers who pioneered the technology for a paycheck or are using this technology for a paycheck. The only way it stops is if engineers start refusing and the software community as a whole sticks to a code of ethics that prevents this.
Some of us in this thread that are decrying survelliance of all types are going to go back to work on the next work day at Google, Facebook, Amazon or some other company. When the boss man comes in and says "can you implement this feature" and it is about getting user analytics, you will say "yes sir/ma'am" and do it with a smile.
> The only way it stops is if engineers start refusing
I find it sad that this is seen as a reasonable statement: totally idealistic, hideously unrealistic, and it is awfully close to virtue signalling.
You might as well say that the prisoners dilemma is solved by asking everybody to not cheat.
Any solution has to be robust to the variety of engineers that exist: including the antisocial, the people doing it for the lulz or $, those that don’t give a shit about anyone but themselves, and the plain clueless that are simply unaware of the outcomes/implications of their work.
Clearly expecting engineers to just solve the problem hasn’t happened, so it won’t happen. Currently the only solutions I can see are based on legal restrictions upon our government organisations to protect ourselves from our own authorities.
In general all types of dilemma situations are solved to a substantial degree by allowing people to communicate with each other and then individuals arriving at appropriate actions.
I am not advocating against regulations or the like but saying that individuals are of the hook because „I don’t matter anyway“ is a recipe for ongoing disaster.
We need all types of push back against injustice, unfairness, and plain stupidity. Making excuses doesn’t help anyone.
Issue is that there will be always those that will accept if someone refuse, for higher amount of money or bit of "nudge" (pressure). Let's not forget that even now we have black, gray and white hackers...
Doctors are a completely invalid comparison. Is your healthcare system hurting people? Yes, of course it is.
With a doctor, the patient and their family is highly motivated to ensure the doctor is doing their best to avoid harm in a high stakes and high cost transaction.
When you get doctors more removed from patients (say large commercial medical organisations or vaccines or medicines), then “doctors” can often make the same selfish decisions against the diffuse interests of those they affect.
And the implication that engineers are the only vital part in an organisation that has the agency of choice is amazing. Equivalent statements could be:
* The only way it stops is if managers start refusing
* The only way it stops is if shareholders start refusing
Those statements are clearly ludicrous, yet somehow it makes sense that engineers are responsible for choice?
I do believe us engineers need to try and act responsibly, and I do think using social pressure against unethical engineers is valid. But some anarchistic belief in self-policing is totally unrealistic. Likewise ethical guidelines do not seem to really help much in other professions like accountancy, legal or journalism. Our legal, regulatory, and political systems are there to help mitigate these types of issue.
>But some anarchistic belief in self-policing is totally unrealistic.
I'm telling you that Canada has this. There are 12 professional engineering organizations in Canada, all are self-governing, all have legal backing to enforce sanctions against engineers that act unethically.
>truely authoritarian societies
Canada has its issues but I wouldn't call it authoritarian.
The point wasnt to only assign fault at engineers but to show that the problem is more broad then its the "governments fault" or "corporations fault." That we assign agency to these vast things but dont acknowledge individuals.
Yet the 20th century showed us a big list of examples of doctors breaking their oath, by conducting human experiments and so on… A few examples on different scales: [1][2][3][4]
Of course some doctors are going to break their oath and do horrible unethical things, particularly in extreme situations such as wartime and under totalitarian regimes. But that's a dumb argument, you might as well say, well, people are always going to steal so let's not have any laws on stealing. The vast majority of doctors in a functioning society will uphold their oath first because they believe in it and second because their career depends on following it.
An Oath and law are completely different things (you won't go to jail for breaking your oath and you can very much go to jail even if you did not break it). In fact laws and oath are the two opposing sides in this very thread! Robocat is advocating for laws, and bobsmooth responds arguing in favor of oath.
The problem with most of the statement is that it is subjective. It is not a black and white issue of ethics of mandatory vaccines. Arguments with merits exist on both sides the argument. And mandatory vaccination with the exclusion of religious and sound medical reasons (can't because of chemo therapy), have existed outside of COVID and has ruled in courts to be valid. However this is not a discussion on the ethics of medicine.
>this is not a discussion on the ethics of medicine.
It's a discussion of ethics. So...
I maintain that the fact doctors are so silent on important issues - however subjective they may be to you - shows that trusting in a code of ethics rather than _actual impartial oversight and accountability_ is daft.
And that applies equally as much to engineers and tech.
This is not the first instance of suggesting something like this. Look at the history of the ASCE and the AME which held very different views of engineering. ASCE more sticking to principle and the AME sticking more to business loyalty. Ultimately, there has been some happy medium reached. This has not existed and software and should. But the idealistic nature of the ASCE impacted most of the engineering fields even though it did not get it's way 100%. So you can call it idealistic and unreasonable, but a similar approach has worked to some degree.
Computer science needs more funding for research at "Layer 8" of the OSI Networking model. There are some baby steps taking place due to cybersecurity failures, where software supply chains are being forced to self-document (Software Bill of Materials) via US Executive Order. This will have far-reaching implications for everyone working in the tech industry.
Some of these tools can be adapted to create formal models of concerns that are today relegated to "ethics" and "law", which have near-zero chance of keeping pace with software evolution. Social Network Analysis has several decades of work on graph theory applied to social systems, including knowledge work, law enforcement and intelligence, most famously applied by Palantir. There are reusable OSS libraries for SNA.
We need to get to the point where a CI/CD test or simulator failure can flag the introduction of code/policy that places positive social futures at existential risk. Then the proposed changes can be escalated for human governance review. In the meantime, we rely on policy frameworks, threat models and watchdogs from places like EFF, https://twitter.com/evacide
Lets say your a civil engineer working on a bridge. If your employer asked you to remove a support beam to save costs but you knew it had serious impacts on the safety would you do it? Knowing that your stamp would be on it and if an issue happened, you could be held responsible? Why is it in other fields of engineering there are actions that are not acceptable, but in software it is virtually non-existent.
Exactly. And developers are essentially engineers from a problem solving point. I think this is why Grace Hopper pushed so hard to help coin the term "software engineer" with the idea of trying to capture some of the ideas of what engineering should be and incorporate it into the world of software. The fact is there is no rubber stamp. This is why I think we have some of the instances of security breeches where we do.
There's a certain amount of inflation that has happened to job titles.
Previously, my last 4-5 job titles have included the word "manager", yet I have never performed any managerial tasks. My current title includes the word "engineer", yet there is no engineering in my job description.
I fix bugs, implement workflows and rules, and onboard customers on a platform. I don't consider that engineering, that's operations.
Because software engineering is easy to get into, but hard/impossible to master. You cannot limit it via the requirement of a license. Your country would put itself at a disadvantage in the software space and the projects would move elsewhere. Putting your country at such a disadvantage is a big deal considering that software is likely going to be the most important field in the future due to automation (ie it'll be a part of almost every other field that produces stuff).
Yes. But we do have measures. Why not start our own firms with these ethics and refuse to work for entities that do. And dog food our own responsible privacy respecting code. Maybe it means we need to stop chasing the higher and higher paychecks, but none of these entities can survive if we choose to not apply to work for them and do something else. The point is, there is a point where engineers are at fault just as much as companies and governments. Continuing to build these things and say "well the bad man in the business suit told me too" has to stop if we really want to tackle this problem. Legislation won't help, we can't compete with corporate donors.
It's very hard for people to not take a higher paycheck. That higher paycheck may be the difference between paying off debts and not paying off debts. It may be the difference between sending your child to a good school or a bad school. It may be the difference between not being screwed over or being screwed over during your next hospital visit. It may be the difference between a family member dying or being treated.
It's not just that it's hard to refuse a bigger paycheck, but that everyone needs to refuse it. If 95% of people who could implement something refuse to do so on moral grounds - that won't be an impediment to the thing getting done.
When I grumble about collecting needless data, conditioning users to insecure practices or similar ethical concerns, my manager usually drops it. There - I think I've made some difference.
If you have an source of developers, where you can discard 95% without effect, could you please find me a haskell developer, sysadmin and a ee engineer woking in kicad? Salary - good in Eastern Europe. I'd prefer those that do have morals and standards. Thank you very much.
95% of developers refusing to build, won't stop PRISM or FAANG by not building. What it can do (along some explanations and reasoning), is to unrecognizably change the landscape, change availability and perception of privacy and security, and in a roundabout way, maybe even stop or at least reduce PRISM, FAANG, et al. data collation.
Currently, about 5% of websites respect their user's data? What if it was 95%?
Exactly. You do not need 100% or 95%. You just need enough to start changing the culture and landscape. Some of those people with industry experience but with values steeped in privacy and security will go on to educate (literally in academia) and mentor junior developers/engineers. It can be about trying to get enough support to change the landscape to create a feedback loop of a culture of developers/engineers taking into mind how their actions in a source file impact the end user's privacy and security.
Bad analogy. Disposing of a cup properly doesn't threaten your life.
Quitting work without alternatives would put many people in grave danger, including not being able to receive hospital care, or not having a place to live.
Yes but what is the other alternative? People say legislation. But we all know we can't out compete the businessmen/businesswoman and stock holders. The only tangible alternative is to just not do the work. Unless someone has a plan to crowd source the lobbying money to make the legislation, I see no other path.
And how exactly is this person supposed to pay their rent and food costs?
"Don't do the work" isn't a viable solution for a lot of people. Pressure has to be put on the decision makers AND law, not the poor dude who is just trying to feed their family.
If you have enough rent saved up for a year, you might have the luxury of being able to say no.
Yeah, it's long too late. Even if all US SWE's manage to deny the bullshit (which will absolutely never happen) companies can just pull in any variety of third worlders who will leave their entire lives behind overnight for 1/5th of the pay current US SWE's are making.
Pandora's box has been opened, and we're going to be in for some interesting times.
"When the boss man comes in and says "can you implement this feature" and it is about getting user analystics, you will say "yes sir/ma'am" and do it with a smile."
However, this not the behaviour of someone who is seeking to be promoted. There are those who of "us" who have taken or are taking the initiative to go beyond what the boss asks them to do in hopes of being promoted. To be persuasive as evidence for promotion, this "extra work" must support the bottom line of the company the same as "the boss's orders".
Hence "us" includes more than only the employees who "show up to collect a paycheck" and dutifully follow instructions, but are otherwise opposed supporting to the bottom line of the company.
Going further, is it safe to say some of "us" have already been promoted for supporting the company's bottom line and some of "us" are in fact managers. "We" are effectively the "boss man".
This line is intriguing: "The only way it stops is if engineers ..."
This seems to imply a underlying belief that "no one/nothing can stop us". As such, only "self-regulation" will work. Am I reading this wrong.
I think you bring up some good concepts here with working above and beyond for promotion. That sometimes we do voluntary build these tools in hope of some reward even if it is not specifically asked for. And maybe not even directly as a job but for a resume project. I think quiet a few here would probably agree twitter to some degree has had a negative impact on society or conversation. Yet, many of us build something to scrape data and utilize for something, put it on github not thinking how that tool could be misused.
Also bringing into scope of "us" being moved into management. While I do meant boss man to be interpreted more liberally. "Boss man" can be a direct manager/supervisor (who may be an MBA or a prior engineer him/herself), it can be the CEO or shareholders. But yes, in some case those of us become the "boss man" and ask for these features or do not get in the way when someone higher asks for them.
To answer the last line, it surely is not the "only thing" that can stop us. Regulation can work also as has been brought up. But I fail to see where years of screaming for regulation has materialized in anything meaningful, at least in the US. The quickest way would be self-regulation. Adhering to a code of ethics or principles voluntarily.
For sure not. When I worked at a multinational very big company in Europe, and my manager requested to add this little feature to track all users, of course I refused citing the law and regulations. Certainly no smile of complicity. What he got was a top 10 list of best performers, but not the list of the worst performers.
Can you clarify this for me? I feel like I could walk away with two different interpretations?
"What he got was a top 10 list of best performers, but not the list of the worst performers."
I interpret this to mean either you were on the list of 10 best performers or that he received a list of performs to perhaps replace you with.
Also, my case might be more true in America where there does not appear to be many laws regarding privacy. As far as I know, the EU is leading the way in this.
Not necessarily baddies but that we play a major part in this too. I fail to see Trump or Biden sitting behind a compiler writing the code. I do see Mark Zuckerberg, a programmer, running a company he founded doing mass data collection.
"what country can preserve it's liberties if their rulers are not warned from time to time that their people preserve the spirit of resistance?" -Thomas Jefferson
I doubt he would have envisioned the mass surveillance possible today, however.
This title makes it sound like these two developments would be unrelated. The thing is that giving a group of people more power generally worsens their behavior.
Yes, I always imagine surveillance apologists saying something like "It's fine to give this government absolute power, because this government isn't corrupt absolutely."
Generally, the more authoritarian a system is, the harder is standing up for liberties, because it has more willingness and tools to violently quell any resistance.
One example: a hypothetical doctor who spent 2020 healing Covid patients at great personal risk, has since recovered from Covid, then uses their professional judgement to delay vaccine selection (e.g. waiting for an upcoming nasal vaccine with sterilizing immunity) -- is no longer allowed to eat indoors or improve their health in a gym in New York or San Francisco. In some cases, their employer is threatening to fire them, even though their natural immunity is more protective than current, non-sterilizing intramuscular vaccines.
History shows that "Papers Please" often preceded questionable policy. Today, we have both questionable policy and poorly-conceived papers/identity systems being rolled out, with enforcement and fines starting in weeks.
Healthcare workers in many U.S. states are required to have vaccines for a variety of infections, including hepatitis, influenza, MM&R, etc., as a condition of their presence (and employment) in healthcare facilities. [1] Social and financial penalties for refusal to accept vaccines are not a novel situation for healthcare professionals.
The only difference with COVID is that 375,000 people died last year in the U.S. because of it. It is a pandemic. There are three vaccines that have been granted authorization by the FDA for COVID that have also been shown in preliminary studies to be safe and efficacious.[2]
Further, why would the hypothetical doctor, whose "natural immunity is more protective than current, non-sterilizing intramuscular vaccines" additionally need the "upcoming nasal vaccine with sterilizing immunity"?
If one _must_ take a vaccine to satisfy a legal mandate, one would prefer a vaccine that provides sterilizing immunity, i.e. a permanent solution, rather than years of variant-specific booster shots with temporary, non-sterilizing immunity.
> Whilst we feel that current vaccines are excellent for reducing the risk of hospital admission and disease, we propose that research be focused on vaccines that also induce high and durable levels of mucosal immunity in order to reduce infection of and transmission from vaccinated individuals. This could also reduce the possibility of variant selection in vaccinated individuals.
> Vaccines that are injected into the arm have done a spectacular job at preventing severe disease and death. But they do not generate the kind of protection in the nasal passages that would be needed to block all infection. That’s called “sterilizing immunity.” The fact that the vaccines don’t block all infections and don’t prevent vaccinated people from transmitting isn’t a big surprise, said Kathryn Edwards, a vaccine expert at Vanderbilt School of Medicine.
The MMR vaccine is sterilizing, there are no booster subscription plans required. It is unfortunate that hundreds of millions of people now have category confusion where they mistakenly equate rushed, temporary, tactical vaccines (focused on symptom and mortality reduction) with proven vaccines (like MMR) that provide long-term immunity and have many years of safety data.
Also, people do get tetanus boosters as needed and some people do have to get another round of Hep-B again. My wife who is about to enter a nursing program has to go through another regimen of Hep-B because her medical paperwork shows she doesnt have immunity. She was vaccinated. It does occur in some people that their body does not retain immunity.
Now yes, I would like to see a better COVID shot. Or atleast know the full limits of the COVID shot. We are still not 100% how long someone has immunity. Hopefully it is a long time. If it turns out to be short, well yes I think we all want longer. There is also no garuntee of protection against variants. Measles could very well morph out in the wild as something different and current MMR vaccines render useless. I would actually say it is not an if, but when. As it is common for things to evolve over time.
Yes, no vaccine or therapeutic is 100%, but a vaccine delivered via the arm deltoid muscle is going to produce blood/serum antibodies. A respiratory virus like SARS-CoV-2 enters via the upper respiratory system, usually the nose. Natural immunity provides substantial mucosal antibodies in the upper respiratory system but current Covid vaccines do not. This is why a vaccinated person can get infected (via nose) and still be protected against symptoms (by blood/serum antibodies).
Unfortunately, FDA approval is being rushed and may appear as early as next week, possibly in order to justify mandates. This is despite (a) Pfizer trial does not conclude until Jan 2023, (b) the control group for the trials have been lost.
And the key question would be: is there any statistically significant report of safety or efficacy problems in any peer reviewed study or even reported through VARES?
Some autopsies are finally being done in US and Germany, which have already been able to identify some deaths which can be directly attributed to vaccines. It will take time, but physical evidence from those proven cases can help focus the search for patterns in the data, which in turn can guide the design of new studies to screen those few who may be at risk from vaccines.
Nothing was omitted from my statement. They have been authorized under an Emergency Use Authorization, not the full approval process because, if we waited for full approval, we would have no vaccines at all because full approval can take well over a year.
In any case, the Pfizer vaccine is expected to be fully approved within days.
>Nothing was omitted from my statement. They have been authorized under an Emergency Use Authorization, not the full approval process because, if we waited for full approval, we would have no vaccines at all because full approval can take well over a year.
The authorization's value was in allowing voluntary vaccination by those who are willing to undergo vaccination before FDA approval. There's a big difference between being _allowed_ to be injected with a substance, versus being _forced_ to be injected with a substance under pain of losing the job that provides for housing, health insurance, and other legal mandates that you could be thrown in jail for (like child support) if you are terminated "for cause" and unable to pay.
>In any case, the Pfizer vaccine is expected to be fully approved within days.
Excellent! We should hold vaccinations to at least this standard before we force people to take them, if people must be forced.
It seems no more bothersome than being required to be licensed to drive or to present a proof of age to purchase alcohol. There are perfectly viable alternatives - you can eat outdoors, get takeout, exercise outside, just like how you can ride a bike or take a taxi if you choose not to get a driving license.
And the decision to require vaccination at hospitals are also made on recommendation of doctors that are as, if not more qualified than the hypothetical doctor. The doctor in question can also open their own practice if they do not want to be employed by the hospital.
Licensing systems necessitate some surveillance in the form of identification and data storage, but it's not as if these do not exist already and somehow the driving license has not caused American to spiral into dystopia nor is it even close to being the worst surveillance mechanism that the American government could choose to use if it does turn authoritarian.
The viable alternatives are separate but equal. Where have I heard that before?
Driver's licenses are not required on private property, so the driver license analogy doesn't hold when we're talking about private establishments. Requiring a license and government dictating your driving behavior on your own private property would indeed be dystopian.
It’s not being discriminated against based on some protected class. Being vaccinated is a choice, unlike skin color.
The government will not let you serve alcohol at a restaurant unless you check the drinker’s age. The government will now also not let you serve diners indoors unless you check they have been vaccinated.
>It’s not being discriminated against based on some protected class. Being vaccinated is a choice, unlike skin color.
Good to know we've established that you're ok with folks being shut out of a diner by mandate of government, so long as the reason is something other than related to a protected class. How about we ban everyone under 40 from dining indoors -- after all age discrimination is legal as long as it's against those under 40. We can also outlaw anyone who makes their living in the information economy, they shouldn't have chosen that career if they wanted to . And I think I want to ban anyone who drives or rides in motor vehicles, because there's a public safety risk as drivers and passengers of motor vehicles are one of the most common causes of traumatic death.
>The government will not let you serve alcohol at a restaurant unless you check the drinker’s age. The government will now also not let you serve diners indoors unless you check they have been vaccinated.
So you're one of those that thinks those old enough to go to war shouldn't be able to have a drink? The drinking age is one of the weakest arguments for government control and is an excellent example of overstepping gone wrong. I seriously can't tell if you might be using that example as evidence to discredit the mandates.
I was, too. Still remember that slowly dawning realization that the greatest communication medium ever created could also function as the most intrusive personal surveillance system ever created.
And is hosted in the exact same space and on the exact same Infrastructure as web 2.0. nothing will change. You don't control the infrastructure your a pawn to the system. You ultimately have no say in what is blocked or copied.
No, that doesn't sound like web3 at all. Web3 runs on different rails than Web2.
Web3 typically runs on IPFS which is like an upgraded HTTPS where instead of just one computer hosting a file on the internet it's instead lots of different people around the world. It's pretty much impossible to censor a file on IPFS. IPFS also allows easy offline web apps and a built-in CDN.
Web3 also uses a decentralized execution and state system where instead of your data being in one companies' servers like Facebook it's instead hosted on thousands of people's copy of the database. The important state data is impossible to censor.
In Web3 the infrastructure is distributed and no one controls it. You can run an app without having to trust anyone.
Every IPFS node advertises the content it is making available on the network. As soon as a hash is deemed an illegal number, it would be trivial for an ISP to block nodes providing that hash. Maybe no one controls the end points, but Verizon-AT&T-Comcast still own the wire.
From the docs: “information about which nodes are retrieving and/or reproviding which CIDs is publicly available.”
You can build dapps with privacy in mind. It's an OSS-friendly world where you can verify the contents of the smart contracts you are interacting with and see what the contents of a website are if the website is deployed to IPFS. It's not perfect since it's an entirely new way of building web apps, but it's better than proprietary systems.
You can create new wallet addresses, for example, when you want and sign in with those. Or your dapps can use https://magic.link/ and users can just use private email addresses if they want.
Generally, for surveillance I think the legacy systems we're all still using are much worse. Firstly because we don't always know what they're doing, and secondly because these companies can say one thing and change their mind next week. Like how Apple was supposedly a privacy champion, and now they're leading the charge for building on-device surveillance tooling.
Sorry, but "private email" is an oxymoron. This system sounds open, but also indelible. Can you make a self-destructing file? Sounds like your pseudonymous data can tracked, fingerprinted, and correlated to your real name, to me. And no rush, the data ain't going anywhere. Privacy's gotta be engineered. Today's strongest crypto will be plain in 100 years.
I agree with you that privacy has to be engineered. Please consider getting involved in some Web 3 projects!
I'm not an expert yet but I don't see why self-destructing file sharing couldn't be built in the Web 3 world. You could also build hybrid apps, where most of the app is a dapp and the sensitive feature like self-destructive file sharing are housed on proprietary systems guarded by a company with a reputation for security/privacy.
I think that if today's strongest cryptography becomes plain in 100 years, I'll be okay with that since I'll be gone and the future generations will have figured out more advanced cryptography :) Or society will have moved away from privacy because we're all linked to each other with neural laces and everyone would know everyone's deepest thoughts.
Files get uploaded and then distributed across nodes in the entire network. They are accessible via gateways which could be centralized, but you can also access the files directly as well from a browser that supports it. Brave supports it.
So as a piece of infrastructure for hosting content and websites, it's decentralized and as more nodes come online it becomes more and more fault tolerant.
Much less. I'd say < 5 years. The rate at which people are onboarding onto Web 3 technologies and building stuff is increasing rapidly. You can check out the IPFS blog, the Protocol Labs blog, and see who is being sponsored in the space. People are building all kinds of useful software.
Here are some examples if you wish to watch a presentation on the finalists from a recent hackathon.
Slightly OT but why do people point to Snowden as the guy who discovered the NSA surveillance in 2013 when the NY Times discovered the much worse surveillance they were doing in 2005?
Snowden was far from the first to publicise NSA surveillance.
Snowden documented that surveillance in vastly more detail than had been done before, and deserves the thanks of citizens of the US and world for doing so.
> the intelligence agency has monitored [...] hundreds, perhaps thousands, of people [...] over the last three years
That doesn't strike me as worse than what Snowden revealed. PRISM and the rest of those programs intercepted communications of hundreds of millions of people each year.
This is very relevant to the discussion of Apple's CSAM scanning. I'm convinced that this development has been precipitated by a very visible decline in America's economic, and social position as a world leader. I'm convinced that Apple's upper management figure the minimal blowback they're experiencing for this privacy invading technology in the west is worth the expansion of their technology into a much more totalitarian Chinese market.
> A digital ID that proves immunity will raise serious human rights issues. And the failure of the digital ID industry to deal with the issues of exclusion, exploitation and discrimination puts the entire industry under question ... The most important message for the industry is, perhaps, that you don't have to provide a solution to every conceivable use-case for identity. This pandemic should form a check on the hubris of the digital identity industry.
2021: Linux Foundation & others launch an interoperable blockchain to unify human identity across all US states and all countries, enabling linking of phones, online wallets, driver's licenses, EU digital ID, offline activity (e.g. travel, entering buildings) and potentially future central bank digital currencies with kill switches (e.g. prevent kids from exceeding monthly quota of sweets/candy purchases, or some cross-border transactions), https://www.zdnet.com/index.php/forums/discussi.com/index.ph...
> For health passes to work globally, helping countries to restart economies and reopen borders, they need to be trusted globally. Through the Global COVID Certificate Network, Linux Foundation Public Health is working to address this challenge by bringing together a network of trusted and interoperable Trust Registries, so that the holder of a certificate can use it whenever they need and wherever they are. IBM is excited to collaborate with Linux Foundation Public Health on this important initiative at this critical time in our history.
In other news, mobile phone numbers can be used to obtain the real-time geolocation of a phone. Both T-Mobile and AT&T recently announced data breaches of customer data, including phone number and other identifying information, for millions of customers.
The US government lost the entire OPM classified database on security-cleared personnel, one of the highest-value information systems on high-value humans.
So who exactly are we going to trust to run this global blockchain of human identity? IBM? What's their historical track record on cybersecurity and governance of protecting humans? And no, many "decentralized" companies enforcing identical policy does not make the resulting system any less centralized and fragile.
We need to collect less data, not more. If the West wants a social credit system, at least have the decency of emulating China by stating explicit public policy goals and owning the societal consequences. If Western countries don't want a China-style social credit system, then new legislation may be needed to encode this societal value, or to clarify Constitutional principles. But it should be a governance and policy decision, not an accidental consequence of "tech" infrastructure.
Let's remember that "Covid Contact Tracing" via phones was not especially successful in adoption or changing of outcomes. Even when tracing data was available, some local governments made decisions which ignored the data. Yet, every phone now carries closed-source binaries to track not only the human user, but neighboring devices belonging to humans. With this track record of non-utility, what is the justification for expanding health surveillance interoperability to every aspect of online, offline and economic life?
It seems that the Linux Foundation has overstepped its initial purpose of driving Linux standardization. Is it becoming instead a shell for a wide megacorp[0] coalition, now jumping on the Covid train[1]?
And how about CBDC? It seems that there's a (strong?) link between Hyperledger and the WEF.[2][3]
I doubt Linus would condone such things! Oh, wait...[4]
WEF has been kind enough to release public media about their visions, e.g. last week's video envisioned people's lives being rebuilt around "neighborhood hubs" that are 15-min walking distance from their home offices, containing gym and bars, but no restaurants since those will be replaced by ghost kitchens. They envision biometric ID of each human by their heartbeat [already specified in the upcoming 2024 IEEE Wi-Fi standard that will allow consumer routers to "see through walls" with doppler imaging], https://twitter.com/wef/status/1427721919483326470
There is an index of partner organizations,[0] but I haven't had much luck with their people index,[1] which seems to present just the WEF website template without any content.
Indeed they've been very kind with releasing their agenda. :) Schwab's "The Great Reset" book is a roadmap for the next steps, and the WEF is following up with more media-friendly content regularly.[3]
I suspect that Schwab either is a very productive author who made excellent use of his lockdown time, or the Great Reset manuscript was sitting in his ghostwriter's desk, and just got "COVID-19" prepended to its title.
Also, re: the "neighborhood hubs". Really? These already existed, they were called, eh let me think -- neighborhoods. But yeah, I like your take on it as a "smart gulag", seems to capture the whole idea nicely.
I'm squinting really hard, but can't see any non-dystopian outcome. Sure, we'll put on a smile -- even with a mask on, it's a requirement, and the WiFi routers are ubiquitous, they're looking at us,[4] and they can tell when you're not smiling,[5] so we'll have to.
(OK, perhaps I'm stretching it with SENS being able to detect smiling, though apparently it does detect gestures.)
A modicum of good news: in a previous HN discussion of SENS, someone posted a couple of EU-funded research papers on technical countermeasures ("CSI murder" based on OpenWiFi), https://news.ycombinator.com/item?id=27133079
We need something like a web of trust system that enables local governments to validate official ID's and cryptographic signatures. We can't do a perfect job, but doing the best we can with current technology and building a rational framework of data protection at the citizen level is the only rational course.
A blockchain system makes sense for a distributed record of a web of trust. Instead of a coin and proof of stake, a proof of population based algorithm would allow nodes to join a network.
Such a network could form the basis of any government function and cryptographically protected personal data. You could add trustless age verification for porn sites, for example. Or it could allow checking the vaccination status for college entry, or so on. In the case of identity theft, it should be possible to allow law enforcement or some official entity the ability to issue a new identity key, and revert or modify any changes in private data, flagging the poisoned entries in the blockchain.
Anyway, the point is : it doesn't have to be perfect, it just has to be better than the shitshow we have now. We can eliminate SSNs and do a pretty good job of implementing cryptographically secured trustless identity. We can build a system that maintains privacy as a fundamental principle instead of trying to tack on post-hoc reactive solutions that are always too little too late.
Keeping our privacy, both digital and otherwise, secure from intrusion isn't and absolutely shouldn't be about simply keeping them secure from "bad governments" and nefarious data thieves. The point should be to rigorously prevent governments of any kind using any supposedly good justification period from easily knowing or tracking certain things. If history should be able to teach us anything it's that good governments can become corrupt and that the data held by any large organization can quickly be stolen or misused by its individual members or others for their own ends. Data like that shouldn't simply be "secured", it should be made extremely difficult to collect in the first place, especially by any large centralized party.
In addition to privacy as a fundamental principle, we also need "separation of powers" as a fundamental democratic governance principle.
Once these systems are deployed, how can we guarantee ongoing transparency of policy debates and citizen-tax-representative governance and admin/config/security changes?
Without ongoing feedback loops that evaluate systems against explicit democratic principles, there is risk of network effects where early policy choices become difficult or impossible to change after many parties have implemented local systems. In that scenario, early system design could become a far-reaching target for lobbyists and techno-regulatory capture.
They should be designed to be interoperable and each functional layer should be completely self sufficient, so that any particular module can be eliminated or modified without affecting underlying data.
Anti-theft and anti-abuse functionality needs to be baked in from the ground up, so that individuals have total control over their data, with governments able to maintain some absolutely minimal necessary baseline of record keeping.
For example:
A health department could build a vaccination status verification system, and be provided by the local government with the ability to signa citizen's record. Participation needs to be voluntary and easily reversible. At the same time, the health department should have an ephemeral record from which an accidentally reversed or deleted signature can be recovered. If someone gets their ID stolen, they can go to their local courthouse, get a new ID key, synchronize everything up to the time right before the compromise, sign off on deactivating the old key, and continue on with life.
Not only does it have to be private and secure, it has to allow for human fallibility and malice.
A system like this could be the basis for controlling law enforcement access to biometrics. If you have no criminal record, all fingerprint and DNA and other data could be restricted without a warrant, or voluntary participation, or legally structured access. Things like this would eliminate the practice of fingerprinting children, using facial recognition or DNA dragnets without explicit judicial permissions, meaning law enforcement access has to be baked in. If done right, it could mean every piece of information could be cryptographically segregated, and a record stored within the blockchain, forcing accountability in any government access and use of private data.
Best of all, it would allow secure digital voting. Instead of an election day, you could set a voting week or even month during which every citizen has the opportunity to cast their vote, then verify their selections. People would need to use the extended time frame to ensure their vote is accurate and their keys secure, and only have to go to a polling location if they have been compromised (or simply want to use paper. )
It would need to be wargamed extensively and over the course of at least a year, but we should be leveraging the best technology has to offer. It just needs to be better than what we have, and that's an abysmally low bar.
Isn't this also a statement against gun control or generally anything that increases the power of the state with respect to the citizens?
Governments can change for the worse, and it will suck if they change in a way that makes you the receiving end of their wrath. However, the biggest state power that can be turned against you is their monopoly on violence. Who cares if they can surveil you, if they can just threaten to execute your friends and family unless you give them what they want?
Sometimes, we computer people see everything through the lens of computers that we forget larger, non-computer consequences.
The surveillance allows the government to better target the violence. Building lists of troublemakers, lists of those with guns, collecting information that can be used for blackmail, social credit scores, etc.
The Stasi, the East German secret police, had the same guns as officials have in free countries, the difference seemed to be the effort they put into surveillance. Technology enables so much more of that.
It seems to me like the author focuses on the Taliban's seizure of such data as a way of bringing absolutely everyone onto the page of "data can be misused", maybe aimed at the field that was cautiously optimistic about the transition to more data in the hands of the farmers.
Someone I know said he doesn’t care about surveillance because he has nothing to hide. This is a late 20s Midwestern guy. The subject came up when I mentioned that Apple is going to be scanning our phones from now on on behalf of the United States government.
We are fucked. I am reminded of Elon Musk remarking that people in China seem very motivated and grounded compared to Americans because Americans have had it too good for too long. I have felt the same way for many years.
Americans today haven’t experienced a depression, a real war, a dictatorship or a collapse of government. They haven’t experienced anything besides being the largest, richest first-in-the-queue country and they are in for the rudest awakening in human history.
The "toff MP" said it couldn't happen in the mature democracies of the US or UK and the author counters that by listing example of it not happening in a mature democracy (Trump) and happening in immature democracies (every other case). This is attempting to mislead the reader by presenting facts in a way that they sound like they mean the opposite of what they really mean.
Surveillance is just going to happen. That cat is out of the bag. Becoming Luddites only works if we all (all 7 billion+ individuals on this planet) do it. Besides, modern technology has too many benefits to part with it.
The way to deal with surveillance is counter surveillance: watch the watchers. Abusive behavior is a lot harder if you can't do so without being observed by countless others and being exposed. A lot of surveillance right now is being done by shadowy government agencies, foreign nations, some big corporations, terrorists, criminals, etc. It's very one sided. Once that stops being one sided, we can control it.
It's also an arms race. Everybody is watching each other, their own citizens/subordinates/etc. People in power are rightfully concerned about being under surveillance themselves. Because they probably are. We've had a few high profile cases of e.g. the German chancellor being under surveillance by what was supposed to be an ally.
The logical outcome of such an arms race is surveillance technology becoming a widespread commodity. Commoditization means things get a lot cheaper. So, inevitably there will be a lot more entities engaging in mutual surveillance just because they can.
Those doing the surveillance will themselves become obvious targets for surveillance. You can watch but you can't do so without risking being exposed. That changes the game. Because now abuse of surveillance technology has a price and a risk. And you can't ever be certain nobody is watching.
