_______ __ _______
| | |.---.-..----.| |--..-----..----. | | |.-----..--.--.--..-----.
| || _ || __|| < | -__|| _| | || -__|| | | ||__ --|
|___|___||___._||____||__|__||_____||__| |__|____||_____||________||_____|
on Gopher (inofficial)
URI Visit Hacker News on the Web
COMMENT PAGE FOR:
URI Criminal complaint against facial recognition company Clearview AI
pogue wrote 9 hours 24 min ago:
I wish the US took data protections like this as seriously as the EU.
Our data is just passed around like a gangbang on a daily basis and the
US is just like ¯\_(ã)_/¯
udev4096 wrote 6 hours 11 min ago:
EU is the same. Maybe slightly better but with the amount of data
breaches increasing exponentially, I don't think any amount of
"regulations" is going to stop data leaks. The worst thing is,
companies are facing lesser and lesser consequences. Look at the
recent discord breach, nothing happened after millions of IDs were
exposed. They are just blaming it on customer support, who are
blaming it back on discord. The only thing we can do is promote E2EE
and homophoric encryption
c-linkage wrote 5 hours 31 min ago:
I've often said security doesn't matter anymore. There are no
consequences for a security breach. With companies claiming "hey,
we followed best practices!" and transferring liability to third
parties like Crowdstrike I'm not even sure how one could even
prosecute (in the US).
TheCraiggers wrote 4 hours 55 min ago:
What would you want instead? If a company truly followed best
practices and was as secure as was reasonably expected, then was
it their fault a zero-day was exploited? And if not what
consequence should there be for the actions of a bad actor?
pogue wrote 3 hours 12 min ago:
There MUST be consequences for data breaches. It simply can't
go on like this. There have to be rules & regulations for how
personal data is stored.
How many of you have received notices in the mail your data has
been leaked and the only restitution is a free year long credit
check? Then maybe a few years down the road you get $20 from a
class action lawsuit.
Last year alone, both AT&T and my health care company were
breached and all my data was leaked, including details of my
personal medical history.
This kind of thing just can't continue. There has to be someone
to set standards for how your personal and "private"
information is stored or it won't be possible to know who is
who going forward in the future. Even state DMV's have been
breached.[1] Imagine a point in the future where identity theft
has become so rampant that a US ID card or passport can't be
trusted because anyone anywhere at anytime can steal another
person's identity with ease because everyone's data is out
there and available for purchase through some black market.
It's a dystopian thought, but a lot of things from dystopian
fiction that I only thought would continue to be fiction seem
to be coming to pass on a regular basis these days. [1] Account
compromise leads to crash records data breach
URI [1]: https://www.txdot.gov/about/newsroom/statewide/account...
pogue wrote 6 hours 4 min ago:
If you're in the EU, you should pressure your legislators to do
something about it. As I understand it, there are laws against
these data breaches for companies doing business in the EU,
correct?
If that is the case & the law(s) aren't being properly
followed/enforced then you must speak up about it. Contact your
representatives and let them know.
I understand it's easy to be complacent and be apathetic that
nothing is being done, but that's how it goes in a representative
democracy. At the end of the day, all we have is our voice.
reify wrote 11 hours 8 min ago:
Been going on since 2021.
The UK has fined them has fined Clearview AI £7,552,800 in 2022 but
they have not paid.
EU data protection authorities did not come up with a way to enforce
its fines and bans against the US company, allowing Clearview AI to
effectively dodge the law. [1] A shit company
URI [1]: https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2...
udev4096 wrote 6 hours 3 min ago:
UK fining them is hilarious. UK is a joke in terms of upholding any
form of privacy for it's citizens
JohnFen wrote 5 hours 12 min ago:
Maybe so, but it's so much better than the US at this that it's not
even funny.
anonym29 wrote 9 hours 10 min ago:
I'm no fan of surveillance technology in general, nor of Clearview
specifically, but no American corporation is legally obligated to
obey British law. To suggest that Clearview is "dodging" the
(British) law falsely implies that Clearview has any legal duty to
obey (British) law in the first place.
Sure, if they don't want to follow British law, Britain has the right
to reject Clearview from British markets, but that's about it. The
British government does not have jurisdiction over American companies
or American citizens outside of Britain's borders, in spite of what
British Parliament seems to believe.
noir_lord wrote 4 hours 39 min ago:
> I'm no fan of surveillance technology in general, nor of
Clearview specifically, but no American corporation is legally
obligated to obey British law.
They are if they trade in the UK (which ClearView does).
The actual answer is for governments to just say clearly "You obey
our laws when operating here or you don't operate here".
Instead they faff around with fines that are largely priced into
doing business that get negotiated down endlessly.
The alternative is we allow them to operate with no way to
constrain them when they break our laws at all and at that point -
what use is government regulation on anything related to data
protection.
wat10000 wrote 6 hours 39 min ago:
Clearview doesnât have to follow British law, and Britain
doesnât have to allow people associated with Clearview to exist
freely on their territory.
This is little different from, say, Russian hackers targeting
Americans. Practically speaking thereâs nothing to be done unless
the perps enter American jurisdiction, but itâs entirely sensible
to say that they violated US law and face penalties for it. It
might be a little off to say that theyâre âdodgingâ that law,
but itâs close enough.
_el1s7 wrote 7 hours 51 min ago:
Right, but they're scraping photos of people from the whole web,
which of course includes photos of British and EU citizens.
So it's not just a normal American company in the American market,
it wants to be an international company but without respecting
international laws, and that's not going to end up well.
_heimdall wrote 7 hours 39 min ago:
So is your argument that a company must follow laws of any
locality they scrape information on the internet from?
Is that decided based on where the public content is hosted,
where it was created, or based on the individuals created it or
are portrayed in it?
If companies have to follow that then in all likelihood every big
tech company would have to follow every law in the world,
virtually all of them scrape data from the public internet.
hitarpetar wrote 5 hours 27 min ago:
> So is your argument that a company must follow laws
in principal, yes
toofy wrote 5 hours 49 min ago:
> So is your argument that a company must follow laws of any
locality they scrape information on the internet from?
i mean⦠yes? itâs entirely normal for a company to be bound
to the laws of jurisdiction it wants to open a store or
restaurant in or whatever. why on earth would this be any
different?
chatmasta wrote 3 hours 56 min ago:
What if theyâre scraping from a US exit IP hitting a local
Cloudflare cache node proxying to an origin in the UK? Their
scraper only interacts with the US node, and in fact
Cloudflare by design doesnât tell the scraper where the
origin node is. So are they subject to UK law in this case?
No internet traffic left the US, aside from when the target
site sent its data to a US server for publishing.
toofy wrote 3 hours 37 min ago:
thatâs a lot of âwhat ifâ wild hypotheticals.
clearview knows for absolute certain theyâve been
operating in the eu.
piltdownman wrote 6 hours 48 min ago:
Well yes, that should be self-evident. A company must follow
laws of any locality under which it engages with or utilises
resources from as a component of its business.
They're previously tried this domestically in every way
possible under the purview of things like the MPA and the DMCA.
The United States International Trade Commission went so far as
to consider electronic transmissions to the U.S. as "articles"
so that it could prevent the importation of digital files of
counterfeit goods.
In the meantime, AI companies are forgetting when the shoe was
on the other foot regarding Russian MP3 websites accessible
from the US - with the US trade negotiators warning Russia that
allowing AllOfMP3 to continue to operate would jeopardize
Russia's entry into the World Trade Organization, and the US
copyright lobby subsequently filing a $1.7 trillion lawsuit
against them.
"AllofMP3 understands that several U.S. record label companies
filed a lawsuit against Media Services in New York. This suit
is unjustified as AllofMP3 does not operate in New York.
Certainly the labels are free to file any suit they wish,
despite knowing full well that AllofMP3 operates legally in
Russia. In the meantime, AllofMP3 plans to continue to operate
legally and comply with all Russian laws."."
On May 20, 2008, the RIAA dropped all copyright infringement
charges against AllOfMP3.com
URI [1]: https://en.wikipedia.org/wiki/AllOfMP3
_el1s7 wrote 6 hours 58 min ago:
It depends on what information is being scraped and what is it
used for.
Scraping people's personal photos and biometric information for
shady agencies, is not the same as scraping e-commerce prices,
social media posts, or blog websites.
The intention is important. And respecting people's privacy and
copyrights.
inetknght wrote 4 hours 43 min ago:
> Scraping people's personal photos and biometric information
for shady agencies, is not the same as scraping e-commerce
prices, social media posts, or blog websites.
Hard disagree. They both violate people's privacy and
copyrights.
JohnFen wrote 5 hours 9 min ago:
I disagree that those two cases are really all that ethically
different, personally. They're both harmful practices. A pox
on both their houses.
tgv wrote 7 hours 5 min ago:
Bad luck. They don't have to scrape, you know.
impossiblefork wrote 8 hours 16 min ago:
I think the issue is that people are using personal information to
train AI systems.
This is a threat personal integrity and it doesn't really matter
how the images were obtained. The threat to people exists despite
the fact that they were on the public internet.
A_D_E_P_T wrote 8 hours 38 min ago:
> I'm no fan of surveillance technology in general, nor of
Clearview specifically, but no American corporation is legally
obligated to obey British law.
All the more when what Clearview has done is build an index of
publicly available images, and associated URLs, derived from the
freely-crawlable open web. Legal rulings in the US -- e.g., in
Sorrell v. IMS Health -- consistently show that information
aggregation and dissemination are treated as speech, so creating
and distributing the Clearview index is protected expression under
the First Amendment.
Also, Clearview is far from the only game in town. Lots of tech
companies -- including some very large ones -- have facial
recognition indexes. I suspect that Clearview is being made an
example of, pour encourager les autres. But it seems a little bit
exceptional, as though the law isn't being fairly or evenly
applied.
potatototoo99 wrote 6 hours 53 min ago:
It is very amusing to suggest that your amendments matter outside
of the US.
ronsor wrote 4 hours 6 min ago:
It's very amusing to suggest EU laws matter outside of the EU.
ForHackernews wrote 8 hours 49 min ago:
If they do business in the EU they are obligated to follow EU laws,
and if they have committed crimes they should be subject to arrest
and extradition.
I know you're making a point about Ofcom censorship, and I agree,
but we cannot set the precedent that "if you commit your crimes
using a company in Delaware, they're not illegal." If you program
your AI-drone to murder your enemies, that's fine as long as the
control server is offshore?
anonym29 wrote 8 hours 27 min ago:
Should European citizens be subject to the laws of Russia, China,
Iran, North Korea, and pals?
Either laws in other countries matter in yours (regardless of how
different they are from your own) or they don't.
Picking and choosing which country's laws you do or don't want to
consider yourself bound to on moral grounds is not fundamentally
very different from picking which of your own country's laws you
do or don't want to consider yourself bound to on moral grounds.
toofy wrote 5 hours 40 min ago:
> Should European citizens be subject to the laws of Russia,
China, Iran, North Korea, and pals?
if they do business in those jurisdictions, yes, of course.
if a new york cpa does business in ohio they need to be
licensed in ohio and follow ohio laws. even if their firm and
majority of work is based in new york.
iâm really surprised people find this confusing.
pjc50 wrote 5 hours 49 min ago:
The [1] tried to enforce the US embargo on Cuba on everyone
trading with Cuba, American or not.
URI [1]: https://en.wikipedia.org/wiki/Helms%E2%80%93Burton_Act
miningape wrote 6 hours 49 min ago:
> Should European citizens be subject to the laws of Russia,
China, Iran, North Korea, and pals?
Are these EU citizens operating/running businesses in the above
countries?
Are they even inside the above countries?
How are you even comparing a company which operates in the EU
to an EU citizen who is residing in the EU?
potatototoo99 wrote 6 hours 50 min ago:
Yes? Of course? Have you ever traveled and thought their laws
didn't apply to you?
lunar_mycroft wrote 5 hours 40 min ago:
It seems clear from the context that what's being discussed
is not "can a country enforce it's laws on a foreign citizen
within it's borders" but "can a country enforce it's laws on
a foreign citizen outside it's borders".
If I were ever to go to North Korea their government could of
course arrest me for insulting Kim Jong Un. What they could
not do, and absolutely should not be able to do, is have my
local police in the US arrest me for doing the same at home.
Yes, even if I do it on the internet where a citizen of North
Korea might theoretically see, or make use of content I
acquired over the internet that originated in that country.
bbg2401 wrote 7 hours 33 min ago:
An entity must follow the law of each jurisdiction it conducts
business. This is not a novel concept. If an entity wishes to
process data of citizens of a particular country, then they
must follow the laws and regulations of said country, in those
instances.
JoshTriplett wrote 6 hours 3 min ago:
The entire point of this is that the jurisdictional argument
is unclear. As abhorrent as Clearview's business is,
businesses should only be subject to the jurisdictions they
actually reside in or have employees in or otherwise have a
legal nexus in. Otherwise, you end up in a world in which
someone says "because citizens of country X can remotely
access your website, you are subject to the laws of X", for
every single X in the world.
If a country wants to control what its citizens access it can
put up its own firewall and deal with the backlash from its
own citizens. Let's not help move towards per-country
internets.
deaux wrote 10 hours 20 min ago:
> EU data protection authorities did not come up with a way to
enforce its fines and bans against the US company, allowing Clearview
AI to effectively dodge the law.
This is laughable. You make it illegal for any EU company to do
business with them, you imprison leadership as they arrive on EU
soil, there's a hundred things you can do. Companies like these that
simply ignore the law and seriously damage society need to be treated
just like international drug trafficking rings. Never heard a "well
they keep ignoring our fines and bans, oh my what do we do" when
talking about those.
leobg wrote 1 hour 32 min ago:
This is government. If you exceed the speed limit on the autobahn,
youâll be fined immediately. But if you run a multi million Euro
fraud, you will get away with it for DECADES.
Why? Because theyâve got no systems in place for that. And to do
something out of the ordinary that is hard would require someone
with an incentive to do it. That does not fit the profile of your
typical government employee. They donât get paid for taking on
difficult cases. They get paid for closing files, or, ideally,
finding reasons for not even opening them in the first place.
Laws are like locks. The honest people pay attention to them. The
criminals donât. They look at the enforcement (or lack thereof).
wongarsu wrote 6 hours 53 min ago:
I would assume their leadership simply never enter EU soil. Just
like the CIA agents Italy has arrest warrants out for kidnapping
Abu Omar, or how Kim Dotcom lived quite happily for a time by not
going to the US or any country that would extradite him. It's
pretty difficult to prosecute people on foreign soil without the
kind of international cooperation that exists for prosecuting drug
traffickers
deaux wrote 6 hours 41 min ago:
I did mention another measure. Does not a single EU company work
with Clearview? Even EU subsidiaries of US companies? I doubt it.
cynicalsecurity wrote 9 hours 28 min ago:
> you imprison leadership as they arrive on EU soil
It's in the article, Austria might issue a criminal warrant for the
company executives.
deaux wrote 6 hours 41 min ago:
The other measure is more important IMO. I doubt that zero EU
companies, including EU subsidiaries of US companies, do business
with these companies.
gampleman wrote 9 hours 31 min ago:
> imprison leadership as they arrive on EU soil
I think that's the step that's being taken (or attempted at least)
here.
DIR <- back to front page