Slashdot Mirror

← Back to Stories (view on slashdot.org)

When it Comes To Privacy, Consent is Immaterial. Corporate and Gov't Surveillance Systems Must Be Stopped Before They Ask For Consent: Richard Stallman (theguardian.com)

Posted by msmash on from the work-from-ground-up dept.

In a rare op-ed, Richard Stallman, the president of the Free Software Foundation, says that the surveillance imposed on us today is worse than in the Soviet Union. He argues that we need laws to stop this data being collected in the first place. From his op-ed: The surveillance imposed on us today far exceeds that of the Soviet Union. For freedom and democracy's sake, we need to eliminate most of it. There are so many ways to use data to hurt people that the only safe database is the one that was never collected. Thus, instead of the EU's approach of mainly regulating how personal data may be used (in its General Data Protection Regulation or GDPR), I propose a law to stop systems from collecting personal data.

The robust way to do that, the way that can't be set aside at the whim of a government, is to require systems to be built so as not to collect data about a person. The basic principle is that a system must be designed not to collect certain data, if its basic function can be carried out without that data. Data about who travels where is particularly sensitive, because it is an ideal basis for repressing any chosen target.

9 of 266 comments (clear)

  1. Stallman is on point. by xpiotr · · Score: 5, Informative

    And the latest developments with FB and more has proven him right.
    Yes, he is a bit extreme, but then again he needs to be.
    And I for one am glad he is out there, fighting for us who have given up.

  2. I just fought this last night... by MadCow42 · · Score: 5, Insightful

    I was buying groceries at Target, and happened to get a case of beer - for which I was fully expecting to have to show ID (I'm >40 years old btw).

    When the cashier asked to "see my ID" (emphasize the "SEE"), I held out my license. She physically snatched it from my fingers and before I could even react she turned it over and scanned the barcode on the back into their POS system. That bar code contains all kinds of personal data including my address and biometric info. I did NOT consent to them collecting that info, and yet I have no way to get them to expunge it from their system. Not only am I being tracked in 17 different ways with their marketing and other systems, but they're likely selling that info of to other "partners", and putting it at risk WHEN they eventually have a systems breach.

    That type of collection should be illegal. I've contacted their guest relations team about my concern, and have yet to hear back.

    --
    I used to have a sig, but I set it free and it never came back.
  3. Easy to get consent by XXongo · · Score: 5, Interesting

    What he points out is that people click "yes" to usage agreements and terms of service without reading them, and as an example, links to a test where the terms of service explicitly state giving up your first-born child... and people still agreed to them.

    People don't read terms of service, they just click yes.

    Have you ever read terms of service? The damn things are pages and pages of boring small print.

    1. Re:Easy to get consent by froggyjojodaddy · · Score: 5, Insightful

      I suppose the counter-argument is that you shouldn't need a degree in law just to be able to post pictures of cute animals.

      A key part of reading comprehension is the ability to understand the meaning of a set of words in a specific context and I would venture to say that's where additional protections are needed. Any person capable of reading can read even the most convoluted user agreement but MOST people would read it word by word but not really having the experience, education, or skill to fully understand the implications of a set of words in a specific order.

      This may be a real bad analogy, but it's kinda like the protections you get in a Law. Imagine if your Law said "No-one is allowed to force you to work more than 8 hours in a consecutive 24 hour period".
      Then you went to work for an employer who made you sign a 50 page employee contract. Somewhere buried in all that text was a roundabout way of the company saying you had to work 12 hours in a consecutive 24 hour period. That stipulation would be immediately null and void (despite your signature) because it's overruled by the Law that said you can't work more than 8 hours.

      So .. you may have inadvertently consented to working 12 hour days - or maybe you're genuinely OK with working 12 hour days. But should that ever change in the future, you have the full protection of the law by telling your employer you only want to work 8 hours.

    2. Re:Easy to get consent by AmiMoJo · · Score: 5, Interesting

      Terms of Service need to be heavily regulated. Ideally there would be a few standard ToS documents and companies would have to pick one, rather than writing their own. Or maybe a kind of build-a-licence system like the Creative Commons one.

      Anything they want outside of that, sod off. Products must indicate what licence terms they picked before you buy, e.g. on the box.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    3. Re:Easy to get consent by Anonymous Coward · · Score: 5, Insightful

      For an average user it would take 76 days to read the terms of service that they typically agree to in a year.

      https://www.theatlantic.com/technology/archive/2012/03/reading-the-privacy-policies-you-encounter-in-a-year-would-take-76-work-days/253851/

      That's insane, no one will spend that much time reading usage agreements. This isn't about reading comprehension.

    4. Re:Easy to get consent by Anonymous+Brave+Guy · · Score: 5, Insightful

      But that is their problem?

      When the legalese is so long and cumbersome that it would be literally impossible for any normal person to read, understand and actively give informed consent to it, yes, I think it is their problem.

      We've got into this strange situation with online services where there is this fantasy legal environment where everyone is signing up for things with these huge accompanying documents that they have supposedly read and agreed to, when those documents might contain terms that have very little to do with what the person thought they were signing up for.

      Just imagine the bricks-and-mortar equivalent of what is supposedly happening with online purchases: you get to the checkout at the store with your groceries, spend a couple of minutes getting everything scanned and bagged up, and just before you tap your contactless card to conveniently pay for it in a few more seconds, you have to stop and spend an hour reading 27 printed pages of legal terms including how you may serve the beef, removing any responsibility from the store if your pack of fresh vegetables is half-rotten behind the packaging you can't see through, promising to pay the store's legal costs if anyone else who was in that day falls and hurts themselves but mentions your name while they're suing the store for damages, giving up your own right to take normal legal actions against the store in favour of some obviously not loaded at all "arbitration" process, and agreeing to let someone from the store visit your house whenever they want to check what's in your fridge and then stand in your lounge offering your whole family replacement products they think might interest you that are available from their carefully selected partners. It's absurd on so many levels.

      Perhaps the greatest irony is that, at least in places with sensible legal systems, a lot of the legalese is mostly worthless anyway, because if there is something surprising and unreasonable in a standard form contract like this then it's unlikely to stand up in court anyway.

      --
      If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  4. Re:...wat? by pr0nbot · · Score: 5, Insightful

    He should probably have used East Germany rather than the Soviet Union for his comparison. The Stasi not only conducted surveillance but relied on a climate of fear and suspicion in which people informed on one another, either to escape suspicion themselves or to gain some advantage.

    Even if you do not consent to your data being collected, as soon as someone else puts it out there (e.g. your photo, phone number, email, twitter handle and date of birth in their contacts list) and consents to it being collected, you're shafted.

  5. Key point missing.... by Anonymous Coward · · Score: 5, Interesting

    There is a key point missing that isn't brought up much. The data is not there to help you and will be absent when it's your turn to actually need it. I can easily prove this....

    State tracking car insurance. That data will get me pulled over if I let my insurance lapse, but if I get pulled over for other reasons and lack my insurance card, that data is unavailable to exonerate me. I'll still have to physically go to court/police station to show that card. They won't just "look at the data" showing I have insurance.

    Same for medical records. It will be used to raise my insurance rates but I will have to actually pay to get my own records and even then it won't be the electronic copy that's legible, instead it will be the doctors scribbling that is incomprehensible. I even had a doctor tell me I wasn't paying him to read his handwriting to me when dealing with carpal tunnel years ago.

    If I lose my cell phone, despite it containing enough tracking to immediately find it, the phone company will not give me that data. But if I rob/hurt/steal/kidnap/etc with that phone on me, that data will ID me and I will be in trouble. When I need it and can prove I am the account holder this data unavailable to help me recover my lost phone.

    Stop thinking the data is okay because it helps us and makes our lives easier. That is not the case!