22 Matching Annotations
  1. Jun 2020
    1. But the good thing about a payment gateway like PayPal, Stripe, or 2Checkout is that they take on the security surrounding PCI compliance and, more importantly, assume the risk.
    1. Some large tech behemoths could hypothetically shoulder the enormous financial burden of handling hundreds of new lawsuits if they suddenly became responsible for the random things their users say, but it would not be possible for a small nonprofit like Signal to continue to operate within the United States. Tech companies and organizations may be forced to relocate, and new startups may choose to begin in other countries instead.
    2. The EARN IT act turns Section 230 protection into a hypocritical bargaining chip. At a high level, what the bill proposes is a system where companies have to earn Section 230 protection by following a set of designed-by-committee “best practices” that are extraordinarily unlikely to allow end-to-end encryption. Anyone who doesn’t comply with these recommendations will lose their Section 230 protection.
    3. Broadly speaking, Section 230 of the Communications Decency Act protects online platforms in the United States from legal liability for the behavior of their users. In the absence of this protection, many of the apps and services that are critical to the way the internet functions today may have never been created in the first place – or they couldn’t have been created in America.
    1. A year’s worth of cajoling back and forth has ultimately resulted in the EARN-IT bill wending its way through the U.S. system, a bill that, if passed, would see messaging services become legally responsible for the content on their platforms. While not mandating backdoors, per se, without some form of probes into message content, the argument runs that the punitive risks become unsurvivable.
    2. there’s a bill tiptoeing through the U.S. Congress that could inflict the backdoor virus that law enforcement agencies have been trying to inflict on encryption for years... The choice for tech companies comes down to weakening their own encryption and endangering the privacy and security of all their users, or foregoing protections and potentially facing liability in a wave of lawsuits.
    1. Once the platforms introduce backdoors, those arguing against such a move say, bad guys will inevitably steal the keys. Lawmakers have been clever. No mention of backdoors at all in the proposed legislation or the need to break encryption. If you transmit illegal or dangerous content, they argue, you will be held responsible. You decide how to do that. Clearly there are no options to some form of backdoor.
    1. Despite its opposition, EARN-IT is the clearest threat yet to end-to-end encryption, given this clever twist in pushing the onus onto the platforms to avoid transmitting illegal content, rather than mandating a lawful interception approach.
    2. Tiring of the privacy and safety debate, those behind EARN-IT have proposed making the platforms responsible for the content they transmit, encrypted or not. This would mean, as explained by Sophos, that tech companies “either weaken their own encryption and endanger the privacy and security of all their users, or forego protections and potentially face liability in a wave of lawsuits.”
    1. The Digital Millennium Copyright Act (DMCA) has notable safe-harbor provisions which protect Internet service providers from the consequences of their users' actions. (Similarly, the EU directive on electronic commerce provides a similar provision of "mere conduit" which, while not exactly the same, serves much the same function as the DMCA safe harbor in this instance.)
  2. May 2020
    1. make it as easy to withdraw consent as to give it. The latter gets particularly interesting when considering that in some contexts, consent may be obtained “through only one mouse-click, swipe or keystroke” and therefore “data subjects must, in practice, be able to withdraw that consent equally as easily” per the WP29.

      It seems, then, that one should be careful to not make it too easy to opt in to something unless you are prepared to accept the liability for making it just as easy to opt out (which may be technically challenging).

  3. Apr 2020
    1. The key change here is the removal of an intent to defraud and replacing it with willfully; it will be illegal to share this information as long as you have any reason to know someone else might use it for unauthorized computer access.It is troublesome to consider the unintended consequences resulting from this small change.
    2. Again, this is stupid that I have to do this, but
    1. Without passing any judgement on any third party developers, we have to advise people to never enter their 1Password Master Passwords into anything other than 1Password. I have no reason to doubt the integrity or competence of these third party developers, and RogueLazer’s project is even open-source. But it would be irresponsible for us to do anything other than advise you never to give your 1Password Master Password to anyone or any other application.
  4. Mar 2020
    1. Most companies are throwing cookie alerts at you because they figure it’s better to be safe than sorry When the GDPR came into effect, companies all over the globe — not just in Europe — scrambled to comply and started to enact privacy changes for all of their users everywhere. That included the cookie pop-ups. “Everybody just decided to be better safe than sorry and throw up a banner — with everybody acknowledging it doesn’t accomplish a whole lot,” said Joseph Jerome, former policy counsel for the Privacy & Data Project at the Center for Democracy & Technology, a privacy-focused nonprofit.
  5. Jan 2020
    1. The Twenty-Six Words that Created the Internet is Jeff Kosseff’s definitive history and analysis of the current fight over Section 230, the fight over who will be held responsible to forbid speech. In it, Kosseff explains how debate over intermediary liability, as this issue is called, stretches back to a 1950s court fight, Smith v. California, about whether an L.A. bookseller should have been responsible for knowing the content of every volume on his shelves.

      For me this is the probably the key idea. Facebook doesn't need to be responsible for everything that their users post, but when they cross the line into actively algorithmically promoting and pushing that content into their users' feeds for active consumption, then they do have a responsibility for that content.

      By analogy image the trusted local bookstore mentioned. If there are millions of books there and the user has choice when they walk in to make their selection in some logical manner. But if the bookseller has the secret ability to consistently walk up to children and put porn into their hands or actively herding them into the adult sections to force that exposure on them (and they have the ability to do it without anyone else realizing it), then that is the problem. Society at large would further think that this is even more reprehensible if they realized that local governments or political parties had the ability to pay the bookseller to do this activity.

      In case the reader isn't following the analogy, this is exactly what some social platforms like Facebook are allowing our politicans to do. They're taking payment from politicans to actively lie, tell untruths, and create fear in a highly targeted manner without the rest of society to see or hear those messages. Some of these sorts of messages are of the type that if they were picked up on an open microphone and broadcast outside of the private group they were intended for would have been a career ending event.

      Without this, then we're actively stifling conversation in the public sphere and actively empowering the fringes. This sort of active targeted fringecasting is preventing social cohesion, consensus, and comprimise and instead pulling us apart.

      Perhaps the answer for Facebook is to allow them to take the political ad money for these niche ads and then not just cast to the small niche audience, but to force them to broadcast them to everyone on the platform instead? Then we could all see who our politicians really are?

  6. Jul 2018
    1. So basically in an effort to stop 1,000 pieces of infringing content, you'd end up pulling down 50,000 pieces of legitimate content. And that's with an incredible (and unbelievable) 99.5% accuracy rate. Drop the accuracy rate to a still optimistic 90%, and the results are even more stark:
  7. Apr 2016