Always easier when you can avoid the law and just buy it off the shelf. It’s fine to do this, we say, because it’s not being done by the government - but if they’re allowed to turn around and buy it we’re much worse off.
That's why it doesn't make sense to ban governments from doing things while still allowing private companies. Either it is illegal to surveil the public for everyone, or the government can always do it indirectly with the same effect.
I don't think the deal described here is even that egregious. It's basically a labeled data scrape. Any entity capable of training these LLMs are able to do this.
The difference is that a government can take personal liberty away from people in the most direct way. A private company can't decide to lock somebody away in prison or send them to death row. (Hopefully anyway.) So we put a higher standard on government.
That said, I do believe there ought to be more restrictions on private use of these technologies.
The point is that "who gathers it" should be irrelevant.
The government shouldn't be able to buy data that would be unconstitutional or unlawful for them to gather themselves.
On the other hand if a company is just aggregating something benign like weather data, there's no need to bar the government from buying that instead of building it themselves.
I also personally think there are some private collections we should ban, or put in place limitations on how it can be used, in the interest of general privacy.
That is trickier to decide on and surely there's room to debate.
Yeah but these companies are operating hand in glove with govt such that there's no discernible difference between the current system and government just doing it themselves. Ban it outright.
I don't disagree with the sentiment. I feel like what we're seeing lately is that private companies are doing the thing that would violate the 4th amendment if government did it, then they sell to the government. The idea that it's not the government itself violating the constitution because they did it through a contractor is pretty absurd.
What specific legal measures you do to enforce this, I don't know, there's some room for debate there.
I don't think there is an expectation of privacy for things you literally post to the public, like social media. Even the government doing the scraping directly I believe would not violate the 4th amendment.
The third party doctrine also basically legalizes most types of search through people's "cloud data". To have an expectation of privacy, the data needs to not be shared in the first place.
I don't think tying the hands of the government is a viable solution. The sensitive data needs to not be collected in the first place via technical and social solutions, as well as legislation to impose costs on data collection.
- Teaching that "the cloud is just someone else's computer"
- E2EE cloud
- Some way of sharing things that don't involve pushing them to the whole internet, like Signal's stories.
- GDPR type legislation which allows deleting, opting out, etc
> The third party doctrine also basically legalizes most types of search through people's "cloud data"
This isn't actually true (it varies by type of "cloud data", like content vs metadata, and the circuit you're in), and there are multiple recent carveouts (eg geofence warrants) that when the Supreme Court bothers to look at it again, suggests they don't feel it's as clear as it was decades ago. Congress can also just go ahead and any time make it clear they don't like it (see the Stored Communications Act).
It's also, just to be clear, an invented doctrine, and absolutely not in the constitution like the fourth amendment is. Don't cede the principle just because it has a name. Technical and social solutions are good, but we should not tolerate our government acting as it does.
> I don't think there is an expectation of privacy for things you literally post to the public, like social media
Neither is there an expectation that automation would slurp it up and build a database on you and everyone else. Maybe the HN crowd is one thing, but most normies would probably say it shouldn't be allowed.
> Even the government doing the scraping directly I believe would not violate the 4th amendment.
Every time I see someone make a statement like this I think of the Iraq war era when a Berkeley law professor said torture is legal. Simply saying something that clearly violates the spirit of our rights is ok based on a technicality, I would not call that a moral high ground.
> The sensitive data needs to not be collected in the first place via technical and social solutions,
At this point and points forward I think your comment is much more on the mark.
I think we clearly both agree that mass surveillance is problematic regardless of whether it is done by the government or corporations. With that said
> normies would probably say it shouldn't be allowed
Despite knowing about this, most continue supporting the various companies doing exactly that, like Facebook and Google.
> Neither is there an expectation [...]
Expectation is not law, and it cuts both ways. The authors of the 4th and 5th amendments likely did not anticipate the existence of encryption - in their view, the flip side of the 4th amendment is that with a warrant, the government could search anything except your mind, which can't store that much information. We now get to enjoy an almost absolute right to privacy due to the letter of the law. You might feel that we should have that right anyway, but many other governments with a more recent/flexible constitution do not guarantee that, and in fact require key disclosure.
Expectation of privacy is a legal test based literally on on what "normies would probably say". If, as a society, we're moving more and more of our private effects to the cloud, there is a point where there's an expectation of privacy from the government there, regardless of the shadiness of the company we trusted for it, and regardless of what's convenient for the government.
Carpenter v. United States is a great example of this, where a thing once thought as obviously falling under the third party doctrine (cell tower location information) was put definitively within protection by the fourth amendment because of ongoing changes in how society used and considered cell phones.
And I forgot about this but just saw it referenced in the wikipedia article: it's notable that Gorsuch's dissent on the case argued for dropping the third party doctrine completely:
> There is another way. From the founding until the 1960s, the right to assert a Fourth Amendment claim didn’t depend on your ability to appeal to a judge’s personal sensibilities about the “reasonableness” of your expectations or privacy. It was tied to the law. The Fourth Amendment protects “the right of the people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures.” True to those words and their original understanding, the traditional approach asked if a house, paper or effect was yours under law. No more was needed to trigger the Fourth Amendment....
> Under this more traditional approach, Fourth Amendment protections for your papers and effects do not automatically disappear just because you share them with third parties.
But that is his point with "or the government can always do it indirectly with the same effect"
The company doesn't have that power, but the government can compel companies to provide them with the same data as long as it exists, and then abuse it in the same way as if they had collected it themselves.
A private company can rat you out the government in the same way that a private citizen can report you to the police. I don't see a reasonable way to change this.
The government should be held to higher standards in terms of being able to appeal its actions, fairness, evidentiary standards. But the government shouldn't necessarily be prevented from acquiring and using information (which is otherwise legally obtained).
I don't disagree that we should perhaps more restrictions on private processing of data though -- GDPR style legislation that imposes a cost on data collection is probably sufficient.
The separation between private and the government is purely theatrics - a mere administrative shell.
I really don't understand why people treat it with such sacrosanct reverence.
It reminds me of a cup and ball street scam. Opportunistic people move things around and there's a choir of true believers who think there's some sacred principles of separation to uphold as they defend the ornamental labels as if they're some divine decree.
In some cases yes, especially when it comes to surveillance, the distinction doesn't feel like very much. When the government hires a contractor specifically because they break the spirit of the 4th amendment, it's hard to argue that it's not the government breaking the law.
Cops are legally forbidden from surveilling everyone at all times using machines. Explicitly so. Yet, if a company starts up and surveils everyone at all times, and their only customer is Cops, it's all Okay somehow. The cops don't even need a warrant anymore.
What's worse, is that third party doctrine kills your rights worse than direct police surveillance.
Imagine if you will, back in the day of film cameras: The company developing your film will tell the police if you give them literal child porn but otherwise they don't. But imagine if they kept a copy of every picture you ever took, just stuffed it into a room in the back, and your receipt included a TOS about you giving them a license to own a copy "for necessary processing". Now, a year after you stopped using film cameras, the cops ask the company for your photos.
The company hands it over. You don't get to say no. The cops don't need a warrant, even though they 100% need a warrant to walk into your home and grab your stash of photos.
Why is this at all okay? How did the supreme court not recognize how outright stupid this is?
We made an explicit rule for video rental stores to not be able to do this! Congress at one time recognized the stupidity and illegal nature of this! Except they only did that because a politician's video rental history was published during his attempt at confirmation.
That law is direct and clear precedent that service providers should not be able to give your data to the cops without your consent, but this is America so precedent is only allowed to help businesses and cops.
> The difference is that a government can take personal liberty away from people in the most direct way. A private company can't decide to lock somebody away in prison or send them to death row. (Hopefully anyway.) So we put a higher standard on government.
We put higher standards on the government because companies have the biggest propaganda coffers.
It’s not some rational principle. Money goes in, beliefs come out.
A private company can surely link its own cameras and data to create a private use database of undesirables. I’m certain that Walmart and friends do exactly this already. It’s the large scale version of the Polaroids behind the counter.
That's not how the law works in the US. The government cannot have a third party take action on its behalf to do something that would be illegal for the government to do itself. This is why the Biden administration had a restraining order filed against it, on account of them pressuring social media companies to ban content it didn't like. This violated the First Amendment, despite the fact that it was a third party that was doing the actual banning at the behest of the government.
The government could legally create its own facial recognition technology if it wanted to. They're not avoiding the law, facial recognition isn't illegal.
That's pretty much how KYC works. The government can't just willy nilly demand papers of everyone going into the bank to open up an account due to the 4th amendment. So they just make the bank do it so it is a "private" act, and then for instance IRS is authorized to do warrantless seizure on the accounts which are now tied to names that were forced to be revealed under KYC laws.
The government doesn't need a warrant to access bank records, as per the US's banking laws. They just need an administrative subpoena, which doesn't have to be signed off by a judge.
This is not and example of the government sidestepping laws through a third party. You just don't like the existing laws, and would prefer to make certain things illegal that are presently legal.
There wouldn't be any identity linked for an anonymous bank account to 'access', were it not for the warrantless search of your papers required under KYC but done via private entity (sidestepping 4th amendment) to open an account. That part is done without even a subpoena.
That is, the US banking laws force private actors, under color of law, to systematically inspect the papers of those opening an account, which conveniently sidesteps the 4th amendment implication of the government searching the papers themselves at everyone opening an account at the bank. And then allows the government to act on the information of that forced search, even without a warrant.
---------- re: below due to throttling -------
I'm referring to this:
>The government cannot have a third party take action on its behalf to do something that would be illegal for the government to do itself.
It is illegal for the government to violate the 4th amendment, whether or not a 'law' beyond what is written in the constitution is present.
Clearly the government would love to just take all your information directly when you open an account, as that would be even better for them, but due to the 4th amendment they can't do that. But just asking or without a warrant requiring the bank to act on it or reveal it is almost as easy, so they just sidestep that by just requiring via the law the bank to search your papers instead. It's effectively a government imposed search but carried out by a 3rd party.
--------------------
>This is just factually wrong. The Bank Secrecy Act specifically requires that banks to provide this info. The 4th amendment does not prohibit this. If a bank refused to provide this required information, the government would go in and get that information directly.
>Again, no law is being avoided. You just don't like the
This is not 'just factually wrong.' The bank is doing the search instead of the government. A blanket search of everyone, even without a subpeona, even without an individualized notice, even without any sort of event that would require reporting to the government under the BSA, even then they still are required to search the information even in the instances that it doesn't end up being required to be transmitted to the government. You're saying the portion of data the government collects might be 4A compliant, but that doesn't mean the private actor being forced to collect information that doesn't even get reported is 4A compliant if the government did it. You're just saying the subset of required KYC collected information that ends up transmitted to the government was 4A compliant, which isn't sufficient to establish the government could have collected all the information to begin with under the 4A as they have required the bank to do.
>the government would go in and get that information directly
A blanket sweep of everyone's information willy nilly by the government is not 4A compliant, that's why they've had the bank do it on their behalf.
> Clearly the government would love to just take all your information directly when you open an account, as that would be even better for them, but due to the 4th amendment they can't do that
This is just factually wrong. The Bank Secrecy Act specifically requires that banks to provide this info. The 4th amendment does not prohibit this. If a bank refused to provide this required information, the government would go in and get that information directly.
Again, no law is being avoided. You just don't like the law.
Right, but the point is, no law is being avoided. The comment I responded to wrote:
> Always easier when you can avoid the law and just buy it off the shelf. (Emphasis mine)
No law is being avoided, neither in your banking example nor in the situation with Clearview. To be sure, people can have whatever opinion on the law that they want. But I do want to make it clear the the government is not "avoiding" any law here.
This is why we should shun the people that build this stuff. If you take a paycheck to enable fascism, you're a bad person and should be unwelcome in polite society.
I'm sure the anti-vax crowd who were foaming at the mouthes over the vaccine containing tracking chips will explain why this is needed and why its not a big deal.
And this right here is why Clearview (and others) should have been torn apart back when they first appeared on stage.
I 'member people who warned about something like this having the potential to be abused for/by the government, we were ridiculed at best, and look where we are now, a couple of years later.
There are certain people who believe that average citizens can be held responsible for the actions of their government, to the point that they are valid military targets.
Well, if that's true then employees of the companies that build the tools for all this to happen can also be held responsible, no?
I'm actually an optimist and believe there will come a time whena whole lot of people will deny ever working for Palantir, for Clearview on this and so on.
What you, as a software engineer, help build has an impact on the world. These things couldn't exist if people didn't create and maintain them. I really hope people who work at these companies consider what they're helping to accomplish.
> average citizens can be held responsible for the actions of their government, to the point that they are valid military targets.
What do you mean by this? If a government conscripts "average citizens" into its military then they become valid military targets, sure.
I'm not why you think this implies that developers working for Palantir or Clearview would become military targets. Palantir builds software for the military. But the people actually using that software are military personnel, not Palantir employees.
>There are certain people who believe that average citizens can be held responsible for the actions of their government, to the point that they are valid military targets.
Yeah we typically call those people terrorists or war criminals.
I never worked at a company that could broadly be considered unethical, I don't think. But it was always a bit disheartening how many little obviously unethical decisions (e.g., advertised monthly plans with a small print "annual contract" and cancellation fee) almost every other employee would just go along with implementing, no pushback whatsoever. I don't know what it is, but your average employee seemingly sees themselves as wholly separate from the work they're paid to do.
I have friends who are otherwise extremely progressive people, who I think are genuinely good people, who worked for Palantir for many years. The cognitive dissonance they must've dealt with...
We need a Constitutional amendment that guarantees a complete right to anonymity at every level: financial, vehicular, travel, etc. This means the government must not take any steps to identify a person or link databases identifying people until there has been a documented crime where the person is a suspect.
Only if an anonymous person or their property is caught in a criminal act may the respective identity be investigated. This should be sufficient to ensure justice. Moreover, the evidence corresponding to the criminal act must be subject to a post-hoc judicial review for the justifiability of the conducted investigation.
Unfortunately for us, the day we stopped updating the Constitution is the day it all started going downhill.
That will be wildly unpopular with both parties and most importantly their constituents. I doubt even the libertarian party should they get the president, house and senate could pull it off
Note that the Amendment would apply only to the government, not to private interests. Even so, i could be unpopular among advertisers and data resellers, e.g. Clearview, who sell to the government. I guess these are what qualify as constituents these days. The people themselves have long been forgotten as being constituents.
What do you mean "even" the libertarian party? Libertarians would remove whatever existing laws there are around facial recognition so that companies are free to do whatever they like with the data.
Maybe. Anonymity is where bad actors play. Better to have better disclosure and de-anonymization in some cases. If some live in fear (e.g. of cartels), go after the cartels harder than they go after you.
That is a myth spread by control freaks and power seekers. Yes, bad actors prefer anonymity, but the quoted statement is intended to mislead and deceive because good actors can also prefer strong anonymity. These good actors probably even outnumber bad ones by 10:1. To turn it around, deanonymization is where the bad actors play.
Also, anonymity can be nuanced. For example, vehicles can still have license plates, but the government would be banned from tracking them in any way until a crime has been committed by a vehicle.
Not sure why you say that statement was intended to deceive?
Both good and bad actors benefit in the current system from anonymity. If bad actors had their identities revealed, they'd have a lot harder time being a bad actor. Good actors need anonymity because of those bad actors.
Anonymity is where little bad actors play. The big ones don't need to be anonymous because their nefariousness is legal, or they don't get prosecuted. See: waves vaguely in the direction of the US government.
That said, the recent waves vaguely in the direction of the US government has demonstrated the weakness of legal restrictions on the government. It's good to have something you can point to when they violate it, but it's too easily ignored. There's no substitute for good governance.
Don't we already have facial recognition technology that isn't based on AI? why is throwing AI into the mix suddenly a reasonable product? Liability wavers?
I think the facial rec systems you're thinking of will recognize faces, but not ID them. They need you to label a face, and then it recognizes that face with a name from there on. Clearview is different in that you can provide it an unknown face and it returns a name. Whether it's just some ML based AI vs an LLM, it's still under the AI umbrella technically.
There are plenty of facial rec systems. Thinking of systems like in iOS Photos, or any of the other similar photo library systems. I think pretty much everyone would be freaked out if they started IDing people in your local libraries.
Note that there is no difference in the model or in the training. The only thing needed to convert ios photos into one that IDs people is access to a database mapping name to image. The IDing part is done after the "AI" part, it's just a dot product.
unsure what you mean by starting IDing? Majority business in US does it already, all banks use facial recognition to know who comes through their door (friend who works in IT at Bank of America told me they implemented it cross all Florida branches sometime in 2009), most large chain gas stations as well, so does car rentals, most hotels, etc. I was recently booted out of Mazda Dealership in Florida because 11 years ago in Georgia I sued Toyota Dealership for a lemon sell, and now they both under same ownership and my name came up on "no business" alert when I entered their offices.
After the literal first one which just measured distance between nose and mouth and stuff like that from the 1960s, everything else has been based on AI.
If my memory serves me, we had a PCA and LDA based one in the 90s and then the 2000s we had a lot of hand-woven adaboosts and (non AI)SIFTs. This is where 3D sensors proved useful, and is the basis for all scifi potrayals of facial recognition(a surface depth map drawn on the face).
In the 2010s, when deep learning became feasible, facial recognition as well as all other AI started using an end to end neural network. This is what is used to this day. It is the first iteration pretty much to work flawlessly regardless of lighting, angle and what not. [1]
Note about the terms AI, ML, Signal processing:
In any given era:
- whatever data-fitting/function approximation method is the latest one is typically called AI.
- the previous generation one is called ML
- the really old now boring ones are called signal processing
Sometimes the calling-it-ML stage is skipped.
[1] All data fitting methods are only as good as the data. Most of these were trained on caucasian people initially so many of them were not as good for other people. These days the ones deployed by Google photos and stuff of course works for other races as well, but many models don't.
I think anything short of fully obscuring your face (a-la ICE-agent/stormtrooper) will be merely a mitigation and not 100% successful. I recall articles talking about face recognition being used "successfully" on people wearing surgical masks in China. In the US they ask you to remove face masks in places where face recognition is used (at the border, TSA checkpoints), but would be unsurprised if that isn't strictly needed in most cases (but asking people to remove it preemptively ends up being faster for throughput).
99.9% of people walk around with an electronic device that identifies them. If a particular person doesn’t, it should be trivial to filter out all the people that it couldn’t have been, leaving only a small list of possible people.
Your gait I think is more useful than your face is anyways and my understanding is it's my difficult to disguise. So you'll need a wheel chair/scooter and a mask in public.
Alright, I'll rephrase - "ICE agents have shown a bias towards escalation than de-escalation in conflict situations, be it pepper spray, assault, detention, or worse. I think that trying to get into a shouting match with them about HIPAA violations on removing your face mask are not likely to result in "okay, carry on, as you were"."
Always easier when you can avoid the law and just buy it off the shelf. It’s fine to do this, we say, because it’s not being done by the government - but if they’re allowed to turn around and buy it we’re much worse off.
That's why it doesn't make sense to ban governments from doing things while still allowing private companies. Either it is illegal to surveil the public for everyone, or the government can always do it indirectly with the same effect.
I don't think the deal described here is even that egregious. It's basically a labeled data scrape. Any entity capable of training these LLMs are able to do this.
The difference is that a government can take personal liberty away from people in the most direct way. A private company can't decide to lock somebody away in prison or send them to death row. (Hopefully anyway.) So we put a higher standard on government.
That said, I do believe there ought to be more restrictions on private use of these technologies.
>A private company can't decide to lock somebody away in prison or send them to death row.
A private company can 100% do this in many ways. They already do this buy putting up and using their technology in minority areas, for example.
It's a distinction. Private companies are partnering with the government to take away personal liberty.
We should ban the government from accessing data gathered by private companies by default, perhaps. I need to mull on it.
The point is that "who gathers it" should be irrelevant.
The government shouldn't be able to buy data that would be unconstitutional or unlawful for them to gather themselves.
On the other hand if a company is just aggregating something benign like weather data, there's no need to bar the government from buying that instead of building it themselves.
> The government shouldn't be able to buy data that would be unconstitutional or unlawful for them to gather themselves.
Now that sounds like a good argument to make in court! How do we do it?
I also personally think there are some private collections we should ban, or put in place limitations on how it can be used, in the interest of general privacy.
That is trickier to decide on and surely there's room to debate.
Yeah but these companies are operating hand in glove with govt such that there's no discernible difference between the current system and government just doing it themselves. Ban it outright.
I don't disagree with the sentiment. I feel like what we're seeing lately is that private companies are doing the thing that would violate the 4th amendment if government did it, then they sell to the government. The idea that it's not the government itself violating the constitution because they did it through a contractor is pretty absurd.
What specific legal measures you do to enforce this, I don't know, there's some room for debate there.
I don't think there is an expectation of privacy for things you literally post to the public, like social media. Even the government doing the scraping directly I believe would not violate the 4th amendment. The third party doctrine also basically legalizes most types of search through people's "cloud data". To have an expectation of privacy, the data needs to not be shared in the first place.
I don't think tying the hands of the government is a viable solution. The sensitive data needs to not be collected in the first place via technical and social solutions, as well as legislation to impose costs on data collection.
- Teaching that "the cloud is just someone else's computer"
- E2EE cloud
- Some way of sharing things that don't involve pushing them to the whole internet, like Signal's stories.
- GDPR type legislation which allows deleting, opting out, etc
> The third party doctrine also basically legalizes most types of search through people's "cloud data"
This isn't actually true (it varies by type of "cloud data", like content vs metadata, and the circuit you're in), and there are multiple recent carveouts (eg geofence warrants) that when the Supreme Court bothers to look at it again, suggests they don't feel it's as clear as it was decades ago. Congress can also just go ahead and any time make it clear they don't like it (see the Stored Communications Act).
It's also, just to be clear, an invented doctrine, and absolutely not in the constitution like the fourth amendment is. Don't cede the principle just because it has a name. Technical and social solutions are good, but we should not tolerate our government acting as it does.
> I don't think there is an expectation of privacy for things you literally post to the public, like social media
Neither is there an expectation that automation would slurp it up and build a database on you and everyone else. Maybe the HN crowd is one thing, but most normies would probably say it shouldn't be allowed.
> Even the government doing the scraping directly I believe would not violate the 4th amendment.
Every time I see someone make a statement like this I think of the Iraq war era when a Berkeley law professor said torture is legal. Simply saying something that clearly violates the spirit of our rights is ok based on a technicality, I would not call that a moral high ground.
> The sensitive data needs to not be collected in the first place via technical and social solutions,
At this point and points forward I think your comment is much more on the mark.
I think we clearly both agree that mass surveillance is problematic regardless of whether it is done by the government or corporations. With that said
> normies would probably say it shouldn't be allowed
Despite knowing about this, most continue supporting the various companies doing exactly that, like Facebook and Google.
> Neither is there an expectation [...]
Expectation is not law, and it cuts both ways. The authors of the 4th and 5th amendments likely did not anticipate the existence of encryption - in their view, the flip side of the 4th amendment is that with a warrant, the government could search anything except your mind, which can't store that much information. We now get to enjoy an almost absolute right to privacy due to the letter of the law. You might feel that we should have that right anyway, but many other governments with a more recent/flexible constitution do not guarantee that, and in fact require key disclosure.
> > Neither is there an expectation [...]
> Expectation is not law.
It is in this case.
Expectation of privacy is a legal test based literally on on what "normies would probably say". If, as a society, we're moving more and more of our private effects to the cloud, there is a point where there's an expectation of privacy from the government there, regardless of the shadiness of the company we trusted for it, and regardless of what's convenient for the government.
https://www.law.cornell.edu/wex/expectation_of_privacy
Carpenter v. United States is a great example of this, where a thing once thought as obviously falling under the third party doctrine (cell tower location information) was put definitively within protection by the fourth amendment because of ongoing changes in how society used and considered cell phones.
And I forgot about this but just saw it referenced in the wikipedia article: it's notable that Gorsuch's dissent on the case argued for dropping the third party doctrine completely:
> There is another way. From the founding until the 1960s, the right to assert a Fourth Amendment claim didn’t depend on your ability to appeal to a judge’s personal sensibilities about the “reasonableness” of your expectations or privacy. It was tied to the law. The Fourth Amendment protects “the right of the people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures.” True to those words and their original understanding, the traditional approach asked if a house, paper or effect was yours under law. No more was needed to trigger the Fourth Amendment....
> Under this more traditional approach, Fourth Amendment protections for your papers and effects do not automatically disappear just because you share them with third parties.
https://www.law.cornell.edu/supremecourt/text/16-402
But that is his point with "or the government can always do it indirectly with the same effect"
The company doesn't have that power, but the government can compel companies to provide them with the same data as long as it exists, and then abuse it in the same way as if they had collected it themselves.
A private company can put you on a list and you'll never have a home again.
A private company can rat you out the government in the same way that a private citizen can report you to the police. I don't see a reasonable way to change this.
The government should be held to higher standards in terms of being able to appeal its actions, fairness, evidentiary standards. But the government shouldn't necessarily be prevented from acquiring and using information (which is otherwise legally obtained).
I don't disagree that we should perhaps more restrictions on private processing of data though -- GDPR style legislation that imposes a cost on data collection is probably sufficient.
The separation between private and the government is purely theatrics - a mere administrative shell.
I really don't understand why people treat it with such sacrosanct reverence.
It reminds me of a cup and ball street scam. Opportunistic people move things around and there's a choir of true believers who think there's some sacred principles of separation to uphold as they defend the ornamental labels as if they're some divine decree.
I mean come on. Know when you're getting played.
In some cases yes, especially when it comes to surveillance, the distinction doesn't feel like very much. When the government hires a contractor specifically because they break the spirit of the 4th amendment, it's hard to argue that it's not the government breaking the law.
People die all the time, because of decisions made by private companies.
Cops are legally forbidden from surveilling everyone at all times using machines. Explicitly so. Yet, if a company starts up and surveils everyone at all times, and their only customer is Cops, it's all Okay somehow. The cops don't even need a warrant anymore.
What's worse, is that third party doctrine kills your rights worse than direct police surveillance.
Imagine if you will, back in the day of film cameras: The company developing your film will tell the police if you give them literal child porn but otherwise they don't. But imagine if they kept a copy of every picture you ever took, just stuffed it into a room in the back, and your receipt included a TOS about you giving them a license to own a copy "for necessary processing". Now, a year after you stopped using film cameras, the cops ask the company for your photos.
The company hands it over. You don't get to say no. The cops don't need a warrant, even though they 100% need a warrant to walk into your home and grab your stash of photos.
Why is this at all okay? How did the supreme court not recognize how outright stupid this is?
We made an explicit rule for video rental stores to not be able to do this! Congress at one time recognized the stupidity and illegal nature of this! Except they only did that because a politician's video rental history was published during his attempt at confirmation.
That law is direct and clear precedent that service providers should not be able to give your data to the cops without your consent, but this is America so precedent is only allowed to help businesses and cops.
> The difference is that a government can take personal liberty away from people in the most direct way. A private company can't decide to lock somebody away in prison or send them to death row. (Hopefully anyway.) So we put a higher standard on government.
We put higher standards on the government because companies have the biggest propaganda coffers.
It’s not some rational principle. Money goes in, beliefs come out.
Uh, the government can pay the private company for the data so they can lock those people up.
What would such a ban look like?
A private company can surely link its own cameras and data to create a private use database of undesirables. I’m certain that Walmart and friends do exactly this already. It’s the large scale version of the Polaroids behind the counter.
wouldnt "Any person found to have implemented a system which violates the rights of people in xyz way will be punished with imrisonment" work ?
In what way? A business can refuse to service any individual as long as it’s not a direct violation of things like civil rights laws.
Just like when Verizon sold its customers' precise location history to data brokers who then sold it to law enforcement agencies.[^1] Laundered.
[^1]: https://arstechnica.com/tech-policy/2025/09/court-rejects-ve...
That's not how the law works in the US. The government cannot have a third party take action on its behalf to do something that would be illegal for the government to do itself. This is why the Biden administration had a restraining order filed against it, on account of them pressuring social media companies to ban content it didn't like. This violated the First Amendment, despite the fact that it was a third party that was doing the actual banning at the behest of the government.
The government could legally create its own facial recognition technology if it wanted to. They're not avoiding the law, facial recognition isn't illegal.
That's pretty much how KYC works. The government can't just willy nilly demand papers of everyone going into the bank to open up an account due to the 4th amendment. So they just make the bank do it so it is a "private" act, and then for instance IRS is authorized to do warrantless seizure on the accounts which are now tied to names that were forced to be revealed under KYC laws.
The government doesn't need a warrant to access bank records, as per the US's banking laws. They just need an administrative subpoena, which doesn't have to be signed off by a judge.
This is not and example of the government sidestepping laws through a third party. You just don't like the existing laws, and would prefer to make certain things illegal that are presently legal.
There wouldn't be any identity linked for an anonymous bank account to 'access', were it not for the warrantless search of your papers required under KYC but done via private entity (sidestepping 4th amendment) to open an account. That part is done without even a subpoena.
That is, the US banking laws force private actors, under color of law, to systematically inspect the papers of those opening an account, which conveniently sidesteps the 4th amendment implication of the government searching the papers themselves at everyone opening an account at the bank. And then allows the government to act on the information of that forced search, even without a warrant.
---------- re: below due to throttling -------
I'm referring to this:
>The government cannot have a third party take action on its behalf to do something that would be illegal for the government to do itself.
It is illegal for the government to violate the 4th amendment, whether or not a 'law' beyond what is written in the constitution is present.
Clearly the government would love to just take all your information directly when you open an account, as that would be even better for them, but due to the 4th amendment they can't do that. But just asking or without a warrant requiring the bank to act on it or reveal it is almost as easy, so they just sidestep that by just requiring via the law the bank to search your papers instead. It's effectively a government imposed search but carried out by a 3rd party.
--------------------
>This is just factually wrong. The Bank Secrecy Act specifically requires that banks to provide this info. The 4th amendment does not prohibit this. If a bank refused to provide this required information, the government would go in and get that information directly.
>Again, no law is being avoided. You just don't like the
This is not 'just factually wrong.' The bank is doing the search instead of the government. A blanket search of everyone, even without a subpeona, even without an individualized notice, even without any sort of event that would require reporting to the government under the BSA, even then they still are required to search the information even in the instances that it doesn't end up being required to be transmitted to the government. You're saying the portion of data the government collects might be 4A compliant, but that doesn't mean the private actor being forced to collect information that doesn't even get reported is 4A compliant if the government did it. You're just saying the subset of required KYC collected information that ends up transmitted to the government was 4A compliant, which isn't sufficient to establish the government could have collected all the information to begin with under the 4A as they have required the bank to do.
>the government would go in and get that information directly
A blanket sweep of everyone's information willy nilly by the government is not 4A compliant, that's why they've had the bank do it on their behalf.
> Clearly the government would love to just take all your information directly when you open an account, as that would be even better for them, but due to the 4th amendment they can't do that
This is just factually wrong. The Bank Secrecy Act specifically requires that banks to provide this info. The 4th amendment does not prohibit this. If a bank refused to provide this required information, the government would go in and get that information directly.
Again, no law is being avoided. You just don't like the law.
Right, but the point is, no law is being avoided. The comment I responded to wrote:
> Always easier when you can avoid the law and just buy it off the shelf. (Emphasis mine)
No law is being avoided, neither in your banking example nor in the situation with Clearview. To be sure, people can have whatever opinion on the law that they want. But I do want to make it clear the the government is not "avoiding" any law here.
This is why we should shun the people that build this stuff. If you take a paycheck to enable fascism, you're a bad person and should be unwelcome in polite society.
https://archive.is/3qywb
"Tactical Targeting" - you just know someone's PowerPoint presentation used the word "synergy" in it too.
How long before the bring the price down and local PD's start using it too?
Not sure if you're joking but Clearview's primary customers are local or metro police departments.
I'm sure the anti-vax crowd who were foaming at the mouthes over the vaccine containing tracking chips will explain why this is needed and why its not a big deal.
local laws forbidding facial recognition tech have never been wiser
225k USD per year sells us cheaply!
I keep reading this as “CBS signs…” and can’t help thinking about that uncomfortable possible future moment.
And this right here is why Clearview (and others) should have been torn apart back when they first appeared on stage.
I 'member people who warned about something like this having the potential to be abused for/by the government, we were ridiculed at best, and look where we are now, a couple of years later.
"This cannot happen here" should be classified as a logical fallacy.
As stated in many of the comments in my code where some else branch claims this shouldn't be happening
There are certain people who believe that average citizens can be held responsible for the actions of their government, to the point that they are valid military targets.
Well, if that's true then employees of the companies that build the tools for all this to happen can also be held responsible, no?
I'm actually an optimist and believe there will come a time whena whole lot of people will deny ever working for Palantir, for Clearview on this and so on.
What you, as a software engineer, help build has an impact on the world. These things couldn't exist if people didn't create and maintain them. I really hope people who work at these companies consider what they're helping to accomplish.
> average citizens can be held responsible for the actions of their government, to the point that they are valid military targets.
What do you mean by this? If a government conscripts "average citizens" into its military then they become valid military targets, sure.
I'm not why you think this implies that developers working for Palantir or Clearview would become military targets. Palantir builds software for the military. But the people actually using that software are military personnel, not Palantir employees.
>There are certain people who believe that average citizens can be held responsible for the actions of their government, to the point that they are valid military targets.
Yeah we typically call those people terrorists or war criminals.
Or heroes, if they win.
No, I will continue to call them terrorists or war criminals. You can feel free to lick their boots though.
I never worked at a company that could broadly be considered unethical, I don't think. But it was always a bit disheartening how many little obviously unethical decisions (e.g., advertised monthly plans with a small print "annual contract" and cancellation fee) almost every other employee would just go along with implementing, no pushback whatsoever. I don't know what it is, but your average employee seemingly sees themselves as wholly separate from the work they're paid to do.
I have friends who are otherwise extremely progressive people, who I think are genuinely good people, who worked for Palantir for many years. The cognitive dissonance they must've dealt with...
> I don't know what it is, but your average employee seemingly sees themselves as wholly separate from the work they're paid to do.
Hannah Arendt coined the term “the banality of evil”. Many people think they are just following orders without reflecting on their actions.
"Tactical Targetting": Whitewash stochastic terrorism to attack brown people before midterms.
We need a Constitutional amendment that guarantees a complete right to anonymity at every level: financial, vehicular, travel, etc. This means the government must not take any steps to identify a person or link databases identifying people until there has been a documented crime where the person is a suspect.
Only if an anonymous person or their property is caught in a criminal act may the respective identity be investigated. This should be sufficient to ensure justice. Moreover, the evidence corresponding to the criminal act must be subject to a post-hoc judicial review for the justifiability of the conducted investigation.
Unfortunately for us, the day we stopped updating the Constitution is the day it all started going downhill.
That will be wildly unpopular with both parties and most importantly their constituents. I doubt even the libertarian party should they get the president, house and senate could pull it off
Note that the Amendment would apply only to the government, not to private interests. Even so, i could be unpopular among advertisers and data resellers, e.g. Clearview, who sell to the government. I guess these are what qualify as constituents these days. The people themselves have long been forgotten as being constituents.
What do you mean "even" the libertarian party? Libertarians would remove whatever existing laws there are around facial recognition so that companies are free to do whatever they like with the data.
Maybe. Anonymity is where bad actors play. Better to have better disclosure and de-anonymization in some cases. If some live in fear (e.g. of cartels), go after the cartels harder than they go after you.
> Maybe. Anonymity is where bad actors play.
The problem is when the government changes the definition of 'bad actor'.
> Anonymity is where bad actors play
That is a myth spread by control freaks and power seekers. Yes, bad actors prefer anonymity, but the quoted statement is intended to mislead and deceive because good actors can also prefer strong anonymity. These good actors probably even outnumber bad ones by 10:1. To turn it around, deanonymization is where the bad actors play.
Also, anonymity can be nuanced. For example, vehicles can still have license plates, but the government would be banned from tracking them in any way until a crime has been committed by a vehicle.
Not sure why you say that statement was intended to deceive?
Both good and bad actors benefit in the current system from anonymity. If bad actors had their identities revealed, they'd have a lot harder time being a bad actor. Good actors need anonymity because of those bad actors.
Anonymity is where little bad actors play. The big ones don't need to be anonymous because their nefariousness is legal, or they don't get prosecuted. See: waves vaguely in the direction of the US government.
That said, the recent waves vaguely in the direction of the US government has demonstrated the weakness of legal restrictions on the government. It's good to have something you can point to when they violate it, but it's too easily ignored. There's no substitute for good governance.
Don't we already have facial recognition technology that isn't based on AI? why is throwing AI into the mix suddenly a reasonable product? Liability wavers?
I think the facial rec systems you're thinking of will recognize faces, but not ID them. They need you to label a face, and then it recognizes that face with a name from there on. Clearview is different in that you can provide it an unknown face and it returns a name. Whether it's just some ML based AI vs an LLM, it's still under the AI umbrella technically.
Uh no? Facial recognition to names has been the bread and butter of facial recognition since the beginning. It’s literally the point.
There are plenty of facial rec systems. Thinking of systems like in iOS Photos, or any of the other similar photo library systems. I think pretty much everyone would be freaked out if they started IDing people in your local libraries.
Facebook was doing that 10 years ago
Note that there is no difference in the model or in the training. The only thing needed to convert ios photos into one that IDs people is access to a database mapping name to image. The IDing part is done after the "AI" part, it's just a dot product.
unsure what you mean by starting IDing? Majority business in US does it already, all banks use facial recognition to know who comes through their door (friend who works in IT at Bank of America told me they implemented it cross all Florida branches sometime in 2009), most large chain gas stations as well, so does car rentals, most hotels, etc. I was recently booted out of Mazda Dealership in Florida because 11 years ago in Georgia I sued Toyota Dealership for a lemon sell, and now they both under same ownership and my name came up on "no business" alert when I entered their offices.
Huh? What relevance does that have with the discussion?
After the literal first one which just measured distance between nose and mouth and stuff like that from the 1960s, everything else has been based on AI.
If my memory serves me, we had a PCA and LDA based one in the 90s and then the 2000s we had a lot of hand-woven adaboosts and (non AI)SIFTs. This is where 3D sensors proved useful, and is the basis for all scifi potrayals of facial recognition(a surface depth map drawn on the face).
In the 2010s, when deep learning became feasible, facial recognition as well as all other AI started using an end to end neural network. This is what is used to this day. It is the first iteration pretty much to work flawlessly regardless of lighting, angle and what not. [1]
Note about the terms AI, ML, Signal processing:
In any given era:
- whatever data-fitting/function approximation method is the latest one is typically called AI.
- the previous generation one is called ML
- the really old now boring ones are called signal processing
Sometimes the calling-it-ML stage is skipped.
[1] All data fitting methods are only as good as the data. Most of these were trained on caucasian people initially so many of them were not as good for other people. These days the ones deployed by Google photos and stuff of course works for other races as well, but many models don't.
Wear a face mask in public. Got it.
I think anything short of fully obscuring your face (a-la ICE-agent/stormtrooper) will be merely a mitigation and not 100% successful. I recall articles talking about face recognition being used "successfully" on people wearing surgical masks in China. In the US they ask you to remove face masks in places where face recognition is used (at the border, TSA checkpoints), but would be unsurprised if that isn't strictly needed in most cases (but asking people to remove it preemptively ends up being faster for throughput).
Probably room to add little cheek pads or other shape-shifters under the mask.
You have to change how you walk and sounds as well
99.9% of people walk around with an electronic device that identifies them. If a particular person doesn’t, it should be trivial to filter out all the people that it couldn’t have been, leaving only a small list of possible people.
Your gait I think is more useful than your face is anyways and my understanding is it's my difficult to disguise. So you'll need a wheel chair/scooter and a mask in public.
Putting a rock in your shoe instantly changes your gait signature.
Thank you Corey Doctorow and "Little Brother". That book was prescient. And free.
Frankly, I never imagined when I read that decades ago, that it could be underselling the horror.
Aren't we back to where this is illegal again, unless you're an ICE agent.
"Hey man, doctor's orders. Gotta wear it to get allergy relief. And no, can't ask about it... HIPAA stuff."
It is not a good idea to lie to an employee of the USA.
https://www.law.cornell.edu/uscode/text/18/1001
Who said it's a lie? It's also not a good idea to operate a police state.
Sadly, I'm sure that will go over "not well" with ICE agents who will happily assault you for carrying a phone...
I disagree with the shooting too, but this is such a massive oversimplification of the event.
Alright, I'll rephrase - "ICE agents have shown a bias towards escalation than de-escalation in conflict situations, be it pepper spray, assault, detention, or worse. I think that trying to get into a shouting match with them about HIPAA violations on removing your face mask are not likely to result in "okay, carry on, as you were"."
"I'll show you mine if you show me yours"
If you have not yet heard of it, look into gait recognition. Any battle for anonymity is a losing one, it appears.
In that case, guess it's time to start thinking of ways to make it unappealing to act upon the intelligence they've gathered upon us.
Skynet. "You only postponed it. Judgment Day is inevitable."