"A common defense from companies that creepily collect massive amounts of data is that the data is only analyzed in aggregate; for example, Google's database BigQuery, which allows organizations to upload big data sets and then query them quickly, promises that all its public data sets are 'fully anonymized' and 'contain no personally-identifying information.' "
I think it is critically important that we [as the data subjects ] recognise an important distinction.
This statement would be equally true if the company:-
1. Collected all the data with maximum resolution
2. Stored that data in a maximum resolution data set
3. Created a transformation process that took the maximum resolution data, "anonymized it" as it was loaded into a queryable database
4. Ran queries of the database...
The point being that the wording is so specious and so perfect for leading you to jump to the wrong conclusion. In other words, unless the company actually comes out with, "We do not store or otherwise retain access to your data in original or non-anonymized form - and you can come audit us so we can prove it to you", then they are not to be trusted.
And remember, anything that is captured - even if not used as part of the company's commercial offering - can be subpoenad or demanded via NSL.
And if your company is doing something that is right on the edge of being shut down by i.e. privacy laws, then maybe one way of staying just inside the line of acceptability [to government] is to offer to share what you've got if they ask...
As a human being, I hang my head in shame for the fact that, in the 21st century, we still have to deal with racism. I just wish we could all grow up and behave like the advanced species we claim to be.
One aspect of this story particularly interests me - and it might be a subtle, legal point - which is: what is/are the responsibilities of "Tesla the Company", with respect to tackling and preventing racism in the workplace?
I am not for one moment suggesting that the claims of this plaintiff are anything less than genuine. What interests me is: as an employer, where do Tesla's responsibilities stop? Do they have to have anti-racism training for their staff? Do they have to have a grievance procedure? Do they have to have an anonymous whistleblowing program? Are there other things that an employer needs to demonstrate in order to avoid accusations of institutional racism?
The reason I ask the original question is that it seems to me that we need to understand the difference between "Tesla the Company" and "Tesla's Other Employees". I would be willing to accept the words of the complaint that suggest that some employees at Tesla are out-and-out racists. I would hope that Tesla are doing all they can to identify and expel such people. But does the presence of one or more racist employees at any company mean that the company itself is racist?
If not, how do we make the differentiation? Is it when 10% of employees are racist? 20%? Is it if the company fails to handle accusations of racism appropriately - and, if so, what does "appropriate handling" need to include?
This is a sensitive, emotive and hugely important topic for us as a society: it is, perhaps, one of the defining aspects of human history over the last few hundred years, so I think that our response to this - as individuals, employers, colleagues and friends - is hugely important.
But much as I'm concerned by these claims and would want to see some solid evidence of a reasonable response to them, I'm struggling to make the leap from "a number of employees at Company X demonstrated racist behaviour" as being equal to "Company X is racist".
Is this reasonable skepticism, or is this splitting hairs that an unethical company would hide behind? Is it fair to make the distinction? What would be the indicators you would look for, in a case like this, before you would conclude that a company was racist?
I should have augmented my reference to JAVA with exactly the point that you raise - I did not mean to infer that it was somehow exempt from the problems seen elsewhere, only to offer it as an example of a language that had actually contributed some new thinking to language design. [ At least, I *think* that some of what JAVA offers is original thinking, although I'd be happy to concede that the example was poor if someone can correct me].
If we could return to the principle, however, I think that programming languages has become one of those aspects of technology where we see "change for the sake of change", not "change because we have identified a better way".
In some cases we can identify specific design requirements for languages that bring about diversity: for example, a language that was designed for GUI environments would necessarily contain architecture and primitives specific to the needs of handling GUI artefacts, whilst a language designed for batch processing [say on a mainframe] would have no such needs and could therefore be simpler and smaller.
I acknowledge and embrace the value of [programming] language diversity as a means to solve different classes of problems, but I am far less tolerant of "new" languages that add nothing new or of value...
Perhaps I could better express this a different way. Consider the class of software program that is the Word Processor. Now imagine that you have several different tasks to complete using your Word Processing program: you are going to write a book, write a letter to your sister, submit a legal motion for a court case and prepare a to-do list of chores that you need to complete around your house this weekend. These are all different use cases for a word processor, but would you seriously comprehend using 4 different text-editing applications, one for each task? In the vast majority of cases and with the vast majority of people, the answer would be know. We rely on our Word Processing package to have the right selection of capabilities to be there when we need them, including formatting, indexing, colour and font management, spell-checking and layout features.
Why, then, do we expect to use four different programming languages when tasked with writing software to fit equally similar use cases or paradigms?
I should stress that I'm *not* suggesting we revert to a one-size-fits-all solution when it comes to software. If that were the case we'd all still be writing in the first languages to be developed. But what I am suggesting is that the introduction of new languages no longer occurs because we've identified a new use case that no existing language meets, but because of far less stringent or valid arguments. As technologists, we should be wary of this sort of change to technology. It rarely leads to better.
I don't consider myself to be a programmer by profession, although I have been in the past, with experience spanning quite a range of different language types, including COBOL (74 & 85), FORTRAN 77, BASIC, JAVA, PHP, Visual BASIC (up to 5.0), VBA and Assembler (several different CPUs).
When I started to learn programming languages at high school, the number available was relatively small (compared with today) and the differences between them relatively significant. Each language was specifically designed to solve a reasonably well defined set of problems. If you were working mainly with mathematical problems such as with physics or engineering, you'd use FORTAN. If you were developing applications for business, you'd use COBOL.
Look again at the syntax and structure of these languages and their origins, architecture and design are clear.
I am very (very!) sorry to all those professionals currently working in the field of programming language design if what follows is offensive, but we seemed to have entered an age in which a "fantastic" or "revolutionary" new language is released every few months. The better ones then follow the Gartner Hype Cycle before drifting back into obscurity. The mediocre ones never seem to make it even close to widespread adoption...
We now seem to have reached a point where, instead of designing and developing a programming language to solve a specific business, scientific or technical problem, language designers are simply stealing primitives and ideas from existing languages and throwing them together into a framework before declaring their solution to be "The Next Big Thing (TM)". Of course this is a generalisation - every now and then we see some really remarkable innovation happening in the language space. JAVA for example, with it's aim of "write once, run anywhere" and it's much improved memory handling, would be a valid example.
But in my ignorance I can't help but look at the current state of programming languages and think that too much of what we see today is just different, not necessarily better. Perhaps the most egregious mistake I see us making, as an industry, is that we're losing sight of the fact that programming languages should be designed to be easy. Remember the relevant portion of ESR's own "Art of Unix Programming", the Rule of Representation, which says, "Fold knowledge into data, so program logic can be stupid and robust."
Do we see modern languages with the data handling sophistication of COBOL, for example? No. That's acceptable if the new language has a well-defined set of design goals that don't include data handling, but if not, I think we need to think very carefully about that old maxim, "all progress is change, but not all change is progress"...
So whilst I'm always interested in learning about developments in programming language design, I think it helps if we ask a few fundamental questions of a new language:-
1. What are the specific goals and design requirements of this language? How well does it meet them? Are there any compromises made in doing so... and, if there are, are they acceptable?
2. Of all existing programming languages that exist today, which one or ones are closes to this new offering in terms of goals and design requirements? Having identified the competition, what are the features and key differentiators of this new language that make the existing language obsolete? Are we certain (for example), that before embarking on an all-new language, that it is impossible to extend the legacy competition with new language primitives?
3. Given that all design decisions are in fact compromises by another name, what is/are the impact(s) of the design decisions taken that differentiate this new language from the competition? [If these yield benefits, then wonderful; if they bring costs, then are we willing to accept them?]
4. What is the learning curve like? Does the new language include weaknesses that yield to commo
If a manufacturer had pairs of all the TV models they sold, at 2 different prices, one with "commercial free" and the other with a warning that made it crystal clear to the consumer that they were buying a product in which the *product* would insert content, over and above the ability of the user to control, then that would be fair. Amazon did exactly this with their lower-priced Kindle readers - in return for a discounted product, you agreed to take advertisements.
That is most assuredly not happening here. In this case, vendors are taking advantage of the ability to remotely update *your* product, which you purchased under a set of terms and conditions and under the protection of the "Sale of Goods Act" [or your local equivalent] and now the vendor are trying to argue that they have the legal authority to remotely alter/degrade the functionality of the product even if doing so is against your will.
Nope. No way. The Kindle example sets a clear precedent of what can be done by a vendor wishing to explore this revenue stream. Personally, I don't see many takers. If you can afford to buy a decent Smart TV, you can avoid the advert-free model... Or you can buy from someone else! I happen to own a Samsung Smart TV - and if they [Samsung] started to embed commercials in my TV, not only would I junk it, I would never buy another Samsung product again. There are plenty of others to choose from.
Unfortunately, I suspect that the law most likely to defend the interests of the buyer of "smart" TVs in this case is going to be consumer protection law. In the specific scenario described by the OP, I think that this may hinge on the decisions that a typical buyer would have made at the time of purchase. For example, we know that it is technically possible to have a smart TV without forced commercials, because many of us own them today.
We also can find out whether or not users choose to purchase smart TVs with forced in-line advertisements through analysis of buying trends as this technology is introduced. And we can add the uproar that Samsung faced when they "accidentally" altered some of their TVs, by pushing new firmware [without user action], is a pretty clear indicator that this modification is *not* welcome.
What it all boils down to is choice. If a buyer can show that they would not have chosen to purchase a model of TV if they had known, at the time of purchase, that it would subsequently be modified to show commercials, then the manufacturer of the smart TV is going to have a problem on their hands. This is not the first time this issue has been discussed - and the last time it came around I used the following analogy:-
Suppose that you went out and bought yourself a new car. For a year you drove it around and it was just what you wanted - absolutely perfect. Then you booked it in for it's first service, and when the car was handed back to you, the dealer had put a big light rig across the roof, with the word "TAXI" on it, they had put decals and logos down the side, and now you were obliged to stop and give rides to people who hailed you. Even better, if you did this [because you had no choice] any money generated from these rides went to the dealer, not to you...
This is a variation on the concept of post-purchase modification to a product. Put in this context it is entirely unacceptable, but in *legal* terms it is remarkably similar to what Samsung did with their TVs and the subject of the OP's question.
I think the only way that we can resist this is to vote with our wallets. If we find ourselves in a situation where all manufacturers of Smart TVs do this, then we're going to have to rely on Consumer Protection laws to defend us. I would not give high hopes for our chances.
I can only hope that the portion of the US Administration that is currently investigating Marcus Hutchins is willing to apply a similar outlook that we see handed down here. The law should be fair for all; whilst I respect the value of allowing judicial discretion in certain circumstances, I do think it is important to be implemented in a neutral way.
"Capitalism is the best system we have for efficiently managing resources, but it is not perfect."
I'd certainly agree that capitalism is not perfect, but I think it is just a little bit of a stretch to claim that it is the best system for efficiently managing resources. [ At least, I suspect that we may be disagreeing over which *types* of resources]. For example, given natural resources, such as fish stocks, or minerals, or timber, pure capitalism has - as demonstrated - resulted in uncontrolled exploitation that has taken living species to the edge of extinction [or beyond] and left defenceless environments ruined.
Although I'm not sure if it is fair to claim that these are synonymous, an expression often linked to capitalism is "market forces", as in, "let market forces regulate supply and demand..." The problem is that when the entire market stands on one side of an equation [use and consumption of resources] and there is nothing and/or nobody to stand on the opposite site of that equation, the capitalism will run, gleefully unchecked, until well past the point of recovery.
I think that the truth and the aim might be to find the balance - that neither uncontrolled capitalist markets nor totally controlled government-directed states can ever be truly successful. Perhaps the trick is finding the right point of balance - allowing the freedoms of innovation and creativity that capitalism gives us, but placing some [as-yet-to-be-determined] limits on uncontrolled exploitation of markets and resources.
No mobile phone carrier provider should be allowed to negatively change the terms of an existing contract, while that contract is in operation, unless they are prepared to allow all existing users on that contract to terminate early and without penalty.
It's that simple.
If they want to improve the service, that is one thing... but it simply is not acceptable to degrade a service once someone has paid for it. Imagine if you ordered a 50" 4K TV from Amazon, but they sent you a 40" TV. When you complained, they try and explain that between the moment you ordered and the moment that they shipped, the terms of the offer changed... I don't think so
... It's [also] about the right to perform user-installable upgrades.
If we look at the developments in the markets of personal consumer electronics [computers, tablets, phones, and so on] then what we see is that companies have realised that they can sell products more frequently, thus creating much greater profits, if they build in obsolescence to their designs.
If you look at the evolution in say tablets as an example... There have been 7 generations of [for example] the Apple iPad since the introduction of the device in 2010. Gradually, over that time, we've seen the maximum memory capacity increase. In the model range for today's 10.5 inch iPad Pro, there are 3 different memory capacities available: 64Gb, 256Gb and 512Gb. In the UK, these are priced at £619, £769 and £969 respectively. How many people think that the difference in the cost of the parts and the assembly of a 512Gb iPad is £350 *more* than the cost of the 64Gb version?
Electronics companies are fighting the right to repair legislation not just because currently they can be guaranteed a new sale if your existing appliance or device dies, but because they know that through designed-in obsolescence, they can *force* you to upgrade. They do this by stopping support for software updates, and/or bloating the size of an update so that it no longer runs on older, limited capacity models, or that it runs so slowly as to render the older unit impossible to use...
Companies with the funding and resources of Dell, HP, Apple, Samsung, Microsoft and others - especially those which are vertical integrators with complete control over their supply chain - can and should be able to design and build products with at least 5 years of reliable, supportable life built in to them. The only reason that companies are *not* doing this is because they would rather you threw away the product you bought last year and buy another one.
Just as an exercise in validation, go take a look at the current state of laptops, and for any model that you like the look of, ask yourself if you can upgrade the RAM, upgrade the HDD/SSD and/or replace the battery yourself. The default answer to these questions has become "No". The manufacturers would like you to fall into their sucker-trap: "Because: Reliability". That's rubbish. The truth is: "Because: profits"
The problem with the current state of affairs is simply that there is nobody to speak up for the rights or interests of consumers. Our role in society has been relegated to that of a profit centre for corporations.
I wasn't aware of that, but it does strike me as something that a legal counsel might want to do if they were in doubt as to the strength of their case. The last thing the weaker side needs is someone on the jury with technical acumen when it comes to deliberation time - the less-technical jurors can easily be swayed by someone sounding as if they know what they are talking about.
Far better to push for an all technical jury and try and win on the merits of your case.
In fact, I think your comment is remarkably revealing - if we could only know the outcome of juror selection of this trial - and the challenges made by the two legal teams - then we'd have a pretty good idea of what *they* think of their chances.
And for those who didn't make the connection - and the OP doesn't mention explicitly - Judge Alsup is currently presiding over the Waymo vs. Uber case, which is due in court in December.
Could not agree with you more...
Even simple features, such as the ability to filter out anything I have already seen, would be welcome. In fact, if Netflix would just go out and hire a couple of UI design experts, that would be a start...
It will almost certainly be owned by Microsoft Ireland, a wholly-owned subsidiary of Microsoft Inc, US.
Unfortunately, this is where the story gets interesting. Whilst MS Inc, the US Parent, is incorporated under US Law and therefore subject to US jurisdiction, if the Irish subsidiary is incorporated under Irish law, then the ability of the US government to exert demands on it are potentially eliminated.
I have found that a good test to apply in a situation like this is to reverse the scenario. Here's a hypothetical situation to put this to the test: imagine that "Microsoft Ireland" was found guilty of a criminal offence [it doesn't matter what] and that the fine levied for this was equal to $100 Billion US. Now imagine that Microsoft Ireland are worth a grand total of say $40 Billion US and that extracting even this from them will completely bankrupt them.
Would the Supreme Court / Microsoft (US) inc be willing to allow the reciprocal to happen - i.e. that the plaintiff in the Irish case has the authority to go after Microsoft US for the remaining $60 Billion of their settlement? In other words - does that liability go both ways?
Obviously this is an academic question for a hypothetical situation; my sense is that the US parent would not want an open-door liability like this to be allowed. Which, whilst different in some respects, rather serves to enforce the view that these are two entirely different legal entities, incorporated under the laws of entirely different countries. If Microsoft Ireland had been incorporated under US law, then there might be an argument supporting the view of the US government. If it exists under Irish law, I don't see how the US government's case can have merit.
Curiously, I find myself agreeing with you about everything you write except our differing view on the appropriate remedy.
We agree it's a bad situation...
With respect to taking the data away from Equifax, we have a slightly different view. In my idea world, the government would step in, bar Equifax from operating, charge the directors with criminal negligance and then take the Equifax data set and offer it for sale to other companies in the market. They would include a set of terms and conditions that would make it a legal requirement for anyone accepting the Equifax data to post escrow/bond for the safekeeping of the data, and they would be signing up their directors for massive sanctions for failure.
If none of the competitors liked the terms, they had better start thinking to get out of the credit checking [data slurping] business.
Pretty much the only difference between us is that I think we already *know* that Equifax cannot be trusted. With the others in the market, at least we have a 50-50 chance they can do better, right? And if not, the terms of their data acquisition would make their culpability a certainty. Finally, the money raised from the fire sale of Equifax's assets as they are forcibly liquidated by the government would be divided up and paid to everyone on whom they have a record. Even if it is one cent per person.
And I would do that as a visible, public warning to others: "if you hold data on private citizens and don't keep it safe, we are coming for you..."
The sad truth is that unless or until a message of this stark, unwavering savagery is delivered, companies will carry on thumbing their noses at us. They make money, we suffer fraud. This is not a justifiable state of affairs.
The government concerned needs to send a clear message to other information brokers, to make it very clear to them that there is zero tolerance for this sort of data breach. There needs to be a real, material punishment. I accept that revoking an [information broker] license that would bar the culprit from the market permanently, but I would like to see the participants actually held to personal account for the failures they have presided over.
And if there aren't sufficiently strong laws to punish companies that free-load of *our* data like this, without any current form of sanction available, then we need some. Pronto.
So what you are essentially arguing is that Equifax are 'too big to fail'? That the cure is worse than the disease?
Sorry, I don't buy it. Equifax have already demonstrated that they cannot be trusted to keep consumer data safe. There are only two remedies for this:
1. Take the data away from them.
2. Find a way of providing an absolutely SOLID guarantee that all their data is now and will remain 100% secure...
Think about that second item for a moment. Who among their data subjects would trust them with continued access to their data? Not me. If you want to argue that the data held by Equifax, if lost, would disadvantage their data subjects, then require copies of that data to be given to one of the alternate providers. Demand some form of licensing analogous to an "information broker operating license", enforced by a government agency (in the UK this would be the Information Commissioner's Office). Have anyone applying for a broker license be required to place a financial bond in escrow, so that if an event like this occurs, the company can be forcibly liquidated and the escrow funds can be used to support their victims.
In other words, create an environment where it is easier, cheaper and safer for companies wishing to provide Equifax-like services to do the job properly, accurately and securely. Until such time as the environment means that a failure to do these things will have painful repercussions for those wanting to hold and process that data.
Remember, this company - and others in this sector - are harvesting a vast amount of information about private citizens, yet they are using and selling it for the benefit of themselves and private companies. This is an incongruous relationship for those who are the subjects of the data from which Equifax profits.
Whatever we do, there is one thing that we simply cannot allow to happen: we cannot allow this situation to occur without a significant and cautionary penalty to be applied to Equifax and their Directors. They cannot be allowed to "get away with it", to have presided over this disaster and yet escape without legal sanction and appropriate penalty. Make no mistake, their "oversight" could easily destroy people's lives. That negligence has to be addressed.
In order for Equifax to legitimately place that statement on their web site, they would have been required to complete an annual ISO27001 Security Audit, conducted by a Certified ISO Security Auditor.
Such an audit is valid for a maximum duration of 12 months and thus has to be completed annually. It would be very interesting to compare the results of that audit with details of the system[s] that were breached, to determine what level of diligence was provided by the ISO Auditor.
I wonder if Equifax can substantiate that claim? Interesting...
I think that the single best piece of advice to give anyone who has a record held by Equifax is to assume that every single shred of information the company held on you has been compromised.
The UK's data regulator, the Information Commissioner's Office, must immediately demand that Equifax provide them with proof that every single UK citizen on whom Equifax has held data has been contacted and has acknowledged that contact.
Why so extreme? Because if one thing is apparent from this appalling incident it is that Equifax simply don't know what they are doing when it comes to safeguarding the data of their users. It is borderline offensive that a company can go public with a statement to admit that they have just detected a hack which took place months previously, only to then turn round within a matter of days and claim to know exactly what was accessed, what was stolen.
The bottom line is that if an attacker was good enough to get into their systems and wander around for days, weeks or months without being detected, then it stands to reason that they were also good enough to make sure that logs of their activities were disabled and/or wiped. The mere fact that Equifax were hacked in the first place should tell us everything that we need to know about placing reliance on their IT Security or IT Forensic skills. [ And no, hiring in an outside specialist consultancy to help may not be good enough. When the data is gone, it's gone - a good attacker will have left few traces].
There is another major problem with the Equifax approach. Publicly, they claim that "several hundred thousand" UK citizens may have been hit by their breach. Given the size of this number, it means that any individual contacted by Equifax will have to assume that "they are one of the unlucky ones". But this leaves us with two problems. Firstly, how do we know that Equifax aren't lying now and just contacting everyone? Are they making deliberately misleading statements to try and placate their regulators? Secondly - and potentially much more significantly - how do you know if you are an "Equifax customer" in the first place? They don't mean customer, do they? They mean data subject: i.e., victim. If you have a credit card or applied for a loan or purchased a car or an expensive product on any form of hire purchase or store credit agreement, then you are potentially an Equifax customer. But when you bought your three-piece suite or that new car, did the store or dealership explicitly tell you that their credit-checking services were provided by Equifax? I doubt it.
I think the British people need to be demanding that Equifax are:-
1. Given a *massive* fine by the Information Commissioner's Office.
2. Made to pay compensation to every UK citizen held in their records.
3. Forced to provide lifelong free credit protection services, including alerting them when people run credit checks against them or attempt to access their records.
3. Forced to disclose, completely, in 100% detail, every last scrap of data held by Equifax against every UK citizen. If necessary, to offer to explain to the person what has been taken and how it could be used, to educate their victims and help them defend against identity theft and fraud.
4. Have their license for operating in the UK revoked, immediately, and be prevented from operating in the UK or taking or collecting data from UK subjects.
Only something as clear and powerful as this will send a message to companies like Equifax that they are putting people at tremendous risk. These companies see themselves as untouchable, see their business model as all up-sides. They get their data for free as part of 2-way deals, and then sell it on for a profit.
I can't deny the valid challenges you raise, but the reason for offering the GPG model as an alternative to the current approach is that it works to hand control back to the User.
I am sure that we could come up with ways of protecting the private key - but really my focus was on taking back control...
That is fair - but bear in mind the improvements that we've seen regarding typical internet bandwidth since the first release of Skype. In fact, I would go so far as to say that it was really only the upgrade of the internet backbone to gigabit speed, with home connections measurable in megabit speeds, which allowed Microsoft to re-route the traffic via their servers.
Had they tried to do the same thing at the original net speeds, it likely would not have worked at all...
Anyone who was paying attention at the time would have noticed that shortly after Microsoft acquired Skype, they made a fundamental change to the way the application operates.
In the original, pre-Microsoft world, when you made a connection to a counter-party for a Skype Call, the client would first check a dynamic, central registry to see if the counter-party could be identified and if they were on line. If these checks were positive, then your client would be given the connection handle [i.e. IP address] to establish a link with the counter-party, before the link to the central servers were dropped. This was a very efficient, effective use of a central directory model, which avoided overloading the central servers with traffic, and which guaranteed the best possible connection quality.
The key Microsoft change was to switch the clients such that all traffic is now run through central Microsoft Servers. Obviously, this is so that Microsoft can, if required, record your Skype conversations [you're not a terrorist, are you?] and pass them along to authorities who ask for them.
What Microsoft have done here is even smarter than that. They still want to better understand your conversations - likely, this time around, for advertising and marketing purposes - but by federating some of this activity to Cortana, they open the door for pushing some of the compute resources required down to your PC. As our machines become more powerful, the need for tools like Siri and Cortana to push audio clips to a cloud service for interpretation will be gradually reduced [OK, unlikely that we'll ever need to completely abandon cloud support]. But the key thing here is that Microsoft - who get to benefit from understanding what you're talking about by selling advertisements to third parties with greater claims of relevance - are opening up the door to using your hardware and electricity to do their hard work for them.
I wonder if they got the idea from this crypto-currency miners that were using browser-injected malware to perform the mining for them?
Slashdot Mirror
From the OP:
"A common defense from companies that creepily collect massive amounts of data is that the data is only analyzed in aggregate; for example, Google's database BigQuery, which allows organizations to upload big data sets and then query them quickly, promises that all its public data sets are 'fully anonymized' and 'contain no personally-identifying information.' "
I think it is critically important that we [as the data subjects ] recognise an important distinction.
This statement would be equally true if the company:-
1. Collected all the data with maximum resolution
2. Stored that data in a maximum resolution data set
3. Created a transformation process that took the maximum resolution data, "anonymized it" as it was loaded into a queryable database
4. Ran queries of the database...
The point being that the wording is so specious and so perfect for leading you to jump to the wrong conclusion. In other words, unless the company actually comes out with, "We do not store or otherwise retain access to your data in original or non-anonymized form - and you can come audit us so we can prove it to you", then they are not to be trusted.
And remember, anything that is captured - even if not used as part of the company's commercial offering - can be subpoenad or demanded via NSL.
And if your company is doing something that is right on the edge of being shut down by i.e. privacy laws, then maybe one way of staying just inside the line of acceptability [to government] is to offer to share what you've got if they ask...
None of this is safe. None of it.
As a human being, I hang my head in shame for the fact that, in the 21st century, we still have to deal with racism. I just wish we could all grow up and behave like the advanced species we claim to be.
One aspect of this story particularly interests me - and it might be a subtle, legal point - which is: what is/are the responsibilities of "Tesla the Company", with respect to tackling and preventing racism in the workplace?
I am not for one moment suggesting that the claims of this plaintiff are anything less than genuine. What interests me is: as an employer, where do Tesla's responsibilities stop? Do they have to have anti-racism training for their staff? Do they have to have a grievance procedure? Do they have to have an anonymous whistleblowing program? Are there other things that an employer needs to demonstrate in order to avoid accusations of institutional racism?
The reason I ask the original question is that it seems to me that we need to understand the difference between "Tesla the Company" and "Tesla's Other Employees". I would be willing to accept the words of the complaint that suggest that some employees at Tesla are out-and-out racists. I would hope that Tesla are doing all they can to identify and expel such people. But does the presence of one or more racist employees at any company mean that the company itself is racist?
If not, how do we make the differentiation? Is it when 10% of employees are racist? 20%? Is it if the company fails to handle accusations of racism appropriately - and, if so, what does "appropriate handling" need to include?
This is a sensitive, emotive and hugely important topic for us as a society: it is, perhaps, one of the defining aspects of human history over the last few hundred years, so I think that our response to this - as individuals, employers, colleagues and friends - is hugely important.
But much as I'm concerned by these claims and would want to see some solid evidence of a reasonable response to them, I'm struggling to make the leap from "a number of employees at Company X demonstrated racist behaviour" as being equal to "Company X is racist".
Is this reasonable skepticism, or is this splitting hairs that an unethical company would hide behind? Is it fair to make the distinction? What would be the indicators you would look for, in a case like this, before you would conclude that a company was racist?
An entirely fair cop!
I should have augmented my reference to JAVA with exactly the point that you raise - I did not mean to infer that it was somehow exempt from the problems seen elsewhere, only to offer it as an example of a language that had actually contributed some new thinking to language design. [ At least, I *think* that some of what JAVA offers is original thinking, although I'd be happy to concede that the example was poor if someone can correct me].
If we could return to the principle, however, I think that programming languages has become one of those aspects of technology where we see "change for the sake of change", not "change because we have identified a better way".
In some cases we can identify specific design requirements for languages that bring about diversity: for example, a language that was designed for GUI environments would necessarily contain architecture and primitives specific to the needs of handling GUI artefacts, whilst a language designed for batch processing [say on a mainframe] would have no such needs and could therefore be simpler and smaller.
I acknowledge and embrace the value of [programming] language diversity as a means to solve different classes of problems, but I am far less tolerant of "new" languages that add nothing new or of value...
Perhaps I could better express this a different way. Consider the class of software program that is the Word Processor. Now imagine that you have several different tasks to complete using your Word Processing program: you are going to write a book, write a letter to your sister, submit a legal motion for a court case and prepare a to-do list of chores that you need to complete around your house this weekend. These are all different use cases for a word processor, but would you seriously comprehend using 4 different text-editing applications, one for each task? In the vast majority of cases and with the vast majority of people, the answer would be know. We rely on our Word Processing package to have the right selection of capabilities to be there when we need them, including formatting, indexing, colour and font management, spell-checking and layout features.
Why, then, do we expect to use four different programming languages when tasked with writing software to fit equally similar use cases or paradigms?
I should stress that I'm *not* suggesting we revert to a one-size-fits-all solution when it comes to software. If that were the case we'd all still be writing in the first languages to be developed. But what I am suggesting is that the introduction of new languages no longer occurs because we've identified a new use case that no existing language meets, but because of far less stringent or valid arguments. As technologists, we should be wary of this sort of change to technology. It rarely leads to better.
I don't consider myself to be a programmer by profession, although I have been in the past, with experience spanning quite a range of different language types, including COBOL (74 & 85), FORTRAN 77, BASIC, JAVA, PHP, Visual BASIC (up to 5.0), VBA and Assembler (several different CPUs).
... and, if there are, are they acceptable?
When I started to learn programming languages at high school, the number available was relatively small (compared with today) and the differences between them relatively significant. Each language was specifically designed to solve a reasonably well defined set of problems. If you were working mainly with mathematical problems such as with physics or engineering, you'd use FORTAN. If you were developing applications for business, you'd use COBOL.
Look again at the syntax and structure of these languages and their origins, architecture and design are clear.
I am very (very!) sorry to all those professionals currently working in the field of programming language design if what follows is offensive, but we seemed to have entered an age in which a "fantastic" or "revolutionary" new language is released every few months. The better ones then follow the Gartner Hype Cycle before drifting back into obscurity. The mediocre ones never seem to make it even close to widespread adoption...
We now seem to have reached a point where, instead of designing and developing a programming language to solve a specific business, scientific or technical problem, language designers are simply stealing primitives and ideas from existing languages and throwing them together into a framework before declaring their solution to be "The Next Big Thing (TM)". Of course this is a generalisation - every now and then we see some really remarkable innovation happening in the language space. JAVA for example, with it's aim of "write once, run anywhere" and it's much improved memory handling, would be a valid example.
But in my ignorance I can't help but look at the current state of programming languages and think that too much of what we see today is just different, not necessarily better. Perhaps the most egregious mistake I see us making, as an industry, is that we're losing sight of the fact that programming languages should be designed to be easy. Remember the relevant portion of ESR's own "Art of Unix Programming", the Rule of Representation, which says, "Fold knowledge into data, so program logic can be stupid and robust."
Do we see modern languages with the data handling sophistication of COBOL, for example? No. That's acceptable if the new language has a well-defined set of design goals that don't include data handling, but if not, I think we need to think very carefully about that old maxim, "all progress is change, but not all change is progress"...
So whilst I'm always interested in learning about developments in programming language design, I think it helps if we ask a few fundamental questions of a new language:-
1. What are the specific goals and design requirements of this language? How well does it meet them? Are there any compromises made in doing so
2. Of all existing programming languages that exist today, which one or ones are closes to this new offering in terms of goals and design requirements? Having identified the competition, what are the features and key differentiators of this new language that make the existing language obsolete? Are we certain (for example), that before embarking on an all-new language, that it is impossible to extend the legacy competition with new language primitives?
3. Given that all design decisions are in fact compromises by another name, what is/are the impact(s) of the design decisions taken that differentiate this new language from the competition? [If these yield benefits, then wonderful; if they bring costs, then are we willing to accept them?]
4. What is the learning curve like? Does the new language include weaknesses that yield to commo
No, but the TV equivalent of this is pretty much exactly what the OP is asking us to consider...
Come on, that's entirely specious...
If a manufacturer had pairs of all the TV models they sold, at 2 different prices, one with "commercial free" and the other with a warning that made it crystal clear to the consumer that they were buying a product in which the *product* would insert content, over and above the ability of the user to control, then that would be fair. Amazon did exactly this with their lower-priced Kindle readers - in return for a discounted product, you agreed to take advertisements.
That is most assuredly not happening here. In this case, vendors are taking advantage of the ability to remotely update *your* product, which you purchased under a set of terms and conditions and under the protection of the "Sale of Goods Act" [or your local equivalent] and now the vendor are trying to argue that they have the legal authority to remotely alter/degrade the functionality of the product even if doing so is against your will.
Nope. No way. The Kindle example sets a clear precedent of what can be done by a vendor wishing to explore this revenue stream. Personally, I don't see many takers. If you can afford to buy a decent Smart TV, you can avoid the advert-free model... Or you can buy from someone else! I happen to own a Samsung Smart TV - and if they [Samsung] started to embed commercials in my TV, not only would I junk it, I would never buy another Samsung product again. There are plenty of others to choose from.
Unfortunately, I suspect that the law most likely to defend the interests of the buyer of "smart" TVs in this case is going to be consumer protection law. In the specific scenario described by the OP, I think that this may hinge on the decisions that a typical buyer would have made at the time of purchase. For example, we know that it is technically possible to have a smart TV without forced commercials, because many of us own them today.
We also can find out whether or not users choose to purchase smart TVs with forced in-line advertisements through analysis of buying trends as this technology is introduced. And we can add the uproar that Samsung faced when they "accidentally" altered some of their TVs, by pushing new firmware [without user action], is a pretty clear indicator that this modification is *not* welcome.
What it all boils down to is choice. If a buyer can show that they would not have chosen to purchase a model of TV if they had known, at the time of purchase, that it would subsequently be modified to show commercials, then the manufacturer of the smart TV is going to have a problem on their hands. This is not the first time this issue has been discussed - and the last time it came around I used the following analogy:-
Suppose that you went out and bought yourself a new car. For a year you drove it around and it was just what you wanted - absolutely perfect. Then you booked it in for it's first service, and when the car was handed back to you, the dealer had put a big light rig across the roof, with the word "TAXI" on it, they had put decals and logos down the side, and now you were obliged to stop and give rides to people who hailed you. Even better, if you did this [because you had no choice] any money generated from these rides went to the dealer, not to you...
This is a variation on the concept of post-purchase modification to a product. Put in this context it is entirely unacceptable, but in *legal* terms it is remarkably similar to what Samsung did with their TVs and the subject of the OP's question.
I think the only way that we can resist this is to vote with our wallets. If we find ourselves in a situation where all manufacturers of Smart TVs do this, then we're going to have to rely on Consumer Protection laws to defend us. I would not give high hopes for our chances.
I can only hope that the portion of the US Administration that is currently investigating Marcus Hutchins is willing to apply a similar outlook that we see handed down here. The law should be fair for all; whilst I respect the value of allowing judicial discretion in certain circumstances, I do think it is important to be implemented in a neutral way.
"Capitalism is the best system we have for efficiently managing resources, but it is not perfect."
I'd certainly agree that capitalism is not perfect, but I think it is just a little bit of a stretch to claim that it is the best system for efficiently managing resources. [ At least, I suspect that we may be disagreeing over which *types* of resources]. For example, given natural resources, such as fish stocks, or minerals, or timber, pure capitalism has - as demonstrated - resulted in uncontrolled exploitation that has taken living species to the edge of extinction [or beyond] and left defenceless environments ruined.
Although I'm not sure if it is fair to claim that these are synonymous, an expression often linked to capitalism is "market forces", as in, "let market forces regulate supply and demand..." The problem is that when the entire market stands on one side of an equation [use and consumption of resources] and there is nothing and/or nobody to stand on the opposite site of that equation, the capitalism will run, gleefully unchecked, until well past the point of recovery.
I think that the truth and the aim might be to find the balance - that neither uncontrolled capitalist markets nor totally controlled government-directed states can ever be truly successful. Perhaps the trick is finding the right point of balance - allowing the freedoms of innovation and creativity that capitalism gives us, but placing some [as-yet-to-be-determined] limits on uncontrolled exploitation of markets and resources.
No mobile phone carrier provider should be allowed to negatively change the terms of an existing contract, while that contract is in operation, unless they are prepared to allow all existing users on that contract to terminate early and without penalty.
It's that simple.
If they want to improve the service, that is one thing... but it simply is not acceptable to degrade a service once someone has paid for it. Imagine if you ordered a 50" 4K TV from Amazon, but they sent you a 40" TV. When you complained, they try and explain that between the moment you ordered and the moment that they shipped, the terms of the offer changed... I don't think so
... It's [also] about the right to perform user-installable upgrades.
If we look at the developments in the markets of personal consumer electronics [computers, tablets, phones, and so on] then what we see is that companies have realised that they can sell products more frequently, thus creating much greater profits, if they build in obsolescence to their designs.
If you look at the evolution in say tablets as an example... There have been 7 generations of [for example] the Apple iPad since the introduction of the device in 2010. Gradually, over that time, we've seen the maximum memory capacity increase. In the model range for today's 10.5 inch iPad Pro, there are 3 different memory capacities available: 64Gb, 256Gb and 512Gb. In the UK, these are priced at £619, £769 and £969 respectively. How many people think that the difference in the cost of the parts and the assembly of a 512Gb iPad is £350 *more* than the cost of the 64Gb version?
Electronics companies are fighting the right to repair legislation not just because currently they can be guaranteed a new sale if your existing appliance or device dies, but because they know that through designed-in obsolescence, they can *force* you to upgrade. They do this by stopping support for software updates, and/or bloating the size of an update so that it no longer runs on older, limited capacity models, or that it runs so slowly as to render the older unit impossible to use...
Companies with the funding and resources of Dell, HP, Apple, Samsung, Microsoft and others - especially those which are vertical integrators with complete control over their supply chain - can and should be able to design and build products with at least 5 years of reliable, supportable life built in to them. The only reason that companies are *not* doing this is because they would rather you threw away the product you bought last year and buy another one.
Just as an exercise in validation, go take a look at the current state of laptops, and for any model that you like the look of, ask yourself if you can upgrade the RAM, upgrade the HDD/SSD and/or replace the battery yourself. The default answer to these questions has become "No". The manufacturers would like you to fall into their sucker-trap: "Because: Reliability". That's rubbish. The truth is: "Because: profits"
The problem with the current state of affairs is simply that there is nobody to speak up for the rights or interests of consumers. Our role in society has been relegated to that of a profit centre for corporations.
I wasn't aware of that, but it does strike me as something that a legal counsel might want to do if they were in doubt as to the strength of their case. The last thing the weaker side needs is someone on the jury with technical acumen when it comes to deliberation time - the less-technical jurors can easily be swayed by someone sounding as if they know what they are talking about.
Far better to push for an all technical jury and try and win on the merits of your case.
In fact, I think your comment is remarkably revealing - if we could only know the outcome of juror selection of this trial - and the challenges made by the two legal teams - then we'd have a pretty good idea of what *they* think of their chances.
And for those who didn't make the connection - and the OP doesn't mention explicitly - Judge Alsup is currently presiding over the Waymo vs. Uber case, which is due in court in December.
Could not agree with you more...
Even simple features, such as the ability to filter out anything I have already seen, would be welcome. In fact, if Netflix would just go out and hire a couple of UI design experts, that would be a start...
It will almost certainly be owned by Microsoft Ireland, a wholly-owned subsidiary of Microsoft Inc, US.
Unfortunately, this is where the story gets interesting. Whilst MS Inc, the US Parent, is incorporated under US Law and therefore subject to US jurisdiction, if the Irish subsidiary is incorporated under Irish law, then the ability of the US government to exert demands on it are potentially eliminated.
I have found that a good test to apply in a situation like this is to reverse the scenario. Here's a hypothetical situation to put this to the test: imagine that "Microsoft Ireland" was found guilty of a criminal offence [it doesn't matter what] and that the fine levied for this was equal to $100 Billion US. Now imagine that Microsoft Ireland are worth a grand total of say $40 Billion US and that extracting even this from them will completely bankrupt them.
Would the Supreme Court / Microsoft (US) inc be willing to allow the reciprocal to happen - i.e. that the plaintiff in the Irish case has the authority to go after Microsoft US for the remaining $60 Billion of their settlement? In other words - does that liability go both ways?
Obviously this is an academic question for a hypothetical situation; my sense is that the US parent would not want an open-door liability like this to be allowed. Which, whilst different in some respects, rather serves to enforce the view that these are two entirely different legal entities, incorporated under the laws of entirely different countries. If Microsoft Ireland had been incorporated under US law, then there might be an argument supporting the view of the US government. If it exists under Irish law, I don't see how the US government's case can have merit.
But then again, I'm not a lawyer...
Curiously, I find myself agreeing with you about everything you write except our differing view on the appropriate remedy.
We agree it's a bad situation...
With respect to taking the data away from Equifax, we have a slightly different view. In my idea world, the government would step in, bar Equifax from operating, charge the directors with criminal negligance and then take the Equifax data set and offer it for sale to other companies in the market. They would include a set of terms and conditions that would make it a legal requirement for anyone accepting the Equifax data to post escrow/bond for the safekeeping of the data, and they would be signing up their directors for massive sanctions for failure.
If none of the competitors liked the terms, they had better start thinking to get out of the credit checking [data slurping] business.
Pretty much the only difference between us is that I think we already *know* that Equifax cannot be trusted. With the others in the market, at least we have a 50-50 chance they can do better, right? And if not, the terms of their data acquisition would make their culpability a certainty. Finally, the money raised from the fire sale of Equifax's assets as they are forcibly liquidated by the government would be divided up and paid to everyone on whom they have a record. Even if it is one cent per person.
And I would do that as a visible, public warning to others: "if you hold data on private citizens and don't keep it safe, we are coming for you..."
The sad truth is that unless or until a message of this stark, unwavering savagery is delivered, companies will carry on thumbing their noses at us. They make money, we suffer fraud. This is not a justifiable state of affairs.
"Where there's a will, there's a way..."
If we can put a man on the moon, we can do this.
Agreed - but I would go further...
The government concerned needs to send a clear message to other information brokers, to make it very clear to them that there is zero tolerance for this sort of data breach. There needs to be a real, material punishment. I accept that revoking an [information broker] license that would bar the culprit from the market permanently, but I would like to see the participants actually held to personal account for the failures they have presided over.
And if there aren't sufficiently strong laws to punish companies that free-load of *our* data like this, without any current form of sanction available, then we need some. Pronto.
So what you are essentially arguing is that Equifax are 'too big to fail'? That the cure is worse than the disease?
Sorry, I don't buy it. Equifax have already demonstrated that they cannot be trusted to keep consumer data safe. There are only two remedies for this:
1. Take the data away from them.
2. Find a way of providing an absolutely SOLID guarantee that all their data is now and will remain 100% secure...
Think about that second item for a moment. Who among their data subjects would trust them with continued access to their data? Not me. If you want to argue that the data held by Equifax, if lost, would disadvantage their data subjects, then require copies of that data to be given to one of the alternate providers. Demand some form of licensing analogous to an "information broker operating license", enforced by a government agency (in the UK this would be the Information Commissioner's Office). Have anyone applying for a broker license be required to place a financial bond in escrow, so that if an event like this occurs, the company can be forcibly liquidated and the escrow funds can be used to support their victims.
In other words, create an environment where it is easier, cheaper and safer for companies wishing to provide Equifax-like services to do the job properly, accurately and securely. Until such time as the environment means that a failure to do these things will have painful repercussions for those wanting to hold and process that data.
Remember, this company - and others in this sector - are harvesting a vast amount of information about private citizens, yet they are using and selling it for the benefit of themselves and private companies. This is an incongruous relationship for those who are the subjects of the data from which Equifax profits.
Whatever we do, there is one thing that we simply cannot allow to happen: we cannot allow this situation to occur without a significant and cautionary penalty to be applied to Equifax and their Directors. They cannot be allowed to "get away with it", to have presided over this disaster and yet escape without legal sanction and appropriate penalty. Make no mistake, their "oversight" could easily destroy people's lives. That negligence has to be addressed.
In order for Equifax to legitimately place that statement on their web site, they would have been required to complete an annual ISO27001 Security Audit, conducted by a Certified ISO Security Auditor.
Such an audit is valid for a maximum duration of 12 months and thus has to be completed annually. It would be very interesting to compare the results of that audit with details of the system[s] that were breached, to determine what level of diligence was provided by the ISO Auditor.
I wonder if Equifax can substantiate that claim? Interesting...
I think that the single best piece of advice to give anyone who has a record held by Equifax is to assume that every single shred of information the company held on you has been compromised.
The UK's data regulator, the Information Commissioner's Office, must immediately demand that Equifax provide them with proof that every single UK citizen on whom Equifax has held data has been contacted and has acknowledged that contact.
Why so extreme? Because if one thing is apparent from this appalling incident it is that Equifax simply don't know what they are doing when it comes to safeguarding the data of their users. It is borderline offensive that a company can go public with a statement to admit that they have just detected a hack which took place months previously, only to then turn round within a matter of days and claim to know exactly what was accessed, what was stolen.
The bottom line is that if an attacker was good enough to get into their systems and wander around for days, weeks or months without being detected, then it stands to reason that they were also good enough to make sure that logs of their activities were disabled and/or wiped. The mere fact that Equifax were hacked in the first place should tell us everything that we need to know about placing reliance on their IT Security or IT Forensic skills. [ And no, hiring in an outside specialist consultancy to help may not be good enough. When the data is gone, it's gone - a good attacker will have left few traces].
There is another major problem with the Equifax approach. Publicly, they claim that "several hundred thousand" UK citizens may have been hit by their breach. Given the size of this number, it means that any individual contacted by Equifax will have to assume that "they are one of the unlucky ones". But this leaves us with two problems. Firstly, how do we know that Equifax aren't lying now and just contacting everyone? Are they making deliberately misleading statements to try and placate their regulators? Secondly - and potentially much more significantly - how do you know if you are an "Equifax customer" in the first place? They don't mean customer, do they? They mean data subject: i.e., victim. If you have a credit card or applied for a loan or purchased a car or an expensive product on any form of hire purchase or store credit agreement, then you are potentially an Equifax customer. But when you bought your three-piece suite or that new car, did the store or dealership explicitly tell you that their credit-checking services were provided by Equifax? I doubt it.
I think the British people need to be demanding that Equifax are:-
1. Given a *massive* fine by the Information Commissioner's Office.
2. Made to pay compensation to every UK citizen held in their records.
3. Forced to provide lifelong free credit protection services, including alerting them when people run credit checks against them or attempt to access their records.
3. Forced to disclose, completely, in 100% detail, every last scrap of data held by Equifax against every UK citizen. If necessary, to offer to explain to the person what has been taken and how it could be used, to educate their victims and help them defend against identity theft and fraud.
4. Have their license for operating in the UK revoked, immediately, and be prevented from operating in the UK or taking or collecting data from UK subjects.
Only something as clear and powerful as this will send a message to companies like Equifax that they are putting people at tremendous risk. These companies see themselves as untouchable, see their business model as all up-sides. They get their data for free as part of 2-way deals, and then sell it on for a profit.
These people are parasites.
I can't deny the valid challenges you raise, but the reason for offering the GPG model as an alternative to the current approach is that it works to hand control back to the User.
I am sure that we could come up with ways of protecting the private key - but really my focus was on taking back control...
Here:- https://scifi.stackexchange.co...
That is fair - but bear in mind the improvements that we've seen regarding typical internet bandwidth since the first release of Skype. In fact, I would go so far as to say that it was really only the upgrade of the internet backbone to gigabit speed, with home connections measurable in megabit speeds, which allowed Microsoft to re-route the traffic via their servers.
Had they tried to do the same thing at the original net speeds, it likely would not have worked at all...
Anyone who was paying attention at the time would have noticed that shortly after Microsoft acquired Skype, they made a fundamental change to the way the application operates.
In the original, pre-Microsoft world, when you made a connection to a counter-party for a Skype Call, the client would first check a dynamic, central registry to see if the counter-party could be identified and if they were on line. If these checks were positive, then your client would be given the connection handle [i.e. IP address] to establish a link with the counter-party, before the link to the central servers were dropped. This was a very efficient, effective use of a central directory model, which avoided overloading the central servers with traffic, and which guaranteed the best possible connection quality.
The key Microsoft change was to switch the clients such that all traffic is now run through central Microsoft Servers. Obviously, this is so that Microsoft can, if required, record your Skype conversations [you're not a terrorist, are you?] and pass them along to authorities who ask for them.
What Microsoft have done here is even smarter than that. They still want to better understand your conversations - likely, this time around, for advertising and marketing purposes - but by federating some of this activity to Cortana, they open the door for pushing some of the compute resources required down to your PC. As our machines become more powerful, the need for tools like Siri and Cortana to push audio clips to a cloud service for interpretation will be gradually reduced [OK, unlikely that we'll ever need to completely abandon cloud support]. But the key thing here is that Microsoft - who get to benefit from understanding what you're talking about by selling advertisements to third parties with greater claims of relevance - are opening up the door to using your hardware and electricity to do their hard work for them.
I wonder if they got the idea from this crypto-currency miners that were using browser-injected malware to perform the mining for them?