Wednesday, October 23, 2024

NAOMI BROCKWELL: TOS documents are deliberately written in legalese filled with vague language and buried in fine print design more for liability protection than to inform users the myth of implied consent assumes people understand what they are agreeing to


Our expectations of privacy has shifted dramatically in the past few decades surveillance that once seemed outrageous has today become commonplace it's just like what happened with fish it comes from a fantastic essay by Bruce Schneider and barathe ragavan in this video I want to talk about ideas from this essay taking stock of how much things have changed when it comes to how we treat surveillance in our lives and think about whether this is really the future we want to be moving towards let's start with exploring some of the ways are perception of privacy has changed in recent years take this news from Microsoft for example just recently Microsoft said they caught State back hackers using its generative AI tools to help with their attacks.  " Microsoft says it caught Hackers from China Russia and Iran using its AI tools," Reuters.

The security Community immediately started asking questions not about how hackers were using the tools that was utterly predictable the questions were about how Microsoft figured it out the natural conclusion was that Microsoft was spying on its AI users some pushed back at calling Microsoft's actions "spying."  

"If you call this spying, you should read the TOS of the open AI API again."

Of course, cloud service providers monitor what users are doing they said and because we expect Microsoft to be doing something like this it's not fair to call it spying so we can no longer call a company watching all the activities of their users spying I don't think so pal ing traditionally means secretly monitoring someone's activities without them knowing was Microsoft spying because technically they did release terms of service that probably provided that information.

". . . by posting uploading inputting providing or submitting ("Posting") your Submission, you are granting Microsoft, it's affiliated companies and necessary sublicensees permission to use your submission in connection with the operation of their internet businesses."

Some people say that if you don't read a company's terms of service it's your fault if your data gets misused I can see that argument but let's get real these documents are deliberately written in legalese filled with vague language and buried in fine print design more for liability protection than to inform users the myth of implied consent assumes people understand what they are agreeing to but most don't have a law degree or hours to dissect these terms companies know this and exploited collecting mountains of data while users remain clueless about the extent of the intrusion.  Microsoft apologist might be technically correct that the information was conveyed to users but what's most interesting is how we're so focused on whether Microsoft technically covered their bases instead of whether watching the every digital move of their users is right or wrong we used to think that companies modern hearing their customers to this degree was creepy apparently not everyone because of a vague terms of service that no one read okay let's look at Financial surveillance because that's a clear example of how far Norms have shifted.

3:00  In 1970, when the Bank Secrecy Act, was introduced, the government said they'd start monitoring transactions of $10,000 or more and customers would be alerted whenever this happened and have the ability to push back people were outraged at the time saying this is unconstitutional.  The government wasn't meant to be able to get your information without a warrant.  ". . . the Bank Secrecy Act permitting the government to examine individual bank accounts [is] an unconstitutional invasion of privacy," NYT, September 12, 1972.  And keep in mind that at the time $10,000 was a huge amount of money that could buy you a brand new house in some areas of the United States people still thought this was overreach.  Today mountains of suspicious activity reports are filed by banks every day about their customers for any transaction size, and it's illegal for the bank to tell their customers about it.  So none of us can push back.  Every swipe of our credit card hands over data, and any payment account like venmo or PayPal with $600 worth of activity over the course of a year gives that information in both directly to the government.

"Federal law (31 U.S.C. 5318(g)(2)) prohibits the notification of any person that is involved in the activity being reported on a SAR that the activity has been reported.  This prohibition effectively precludes the disclosure of an SAR or the fact that an SAR has been filed."

On top of that, all this data about our finances is sold to countless entities.  We used to use cash and consider handing over our financial data to be an overreach.  Now, we all swipe our cards, and consider it normal that so many entities see every financial transaction we make.

"Venmo, PayPal, Cash App must report $600 plus in business transactions to IRS, NBC News, January 6, 2022.

"How MasterCard sells Its 'gold mine' of transaction data," U.S. PIRG Education Fund, June 17, 2024.

04:21. My how things have changed in all areas of Our Lives we see examples of privacy disappearing but we don't quite seem to register how much things have changed and how much surveillance we've begun to normalize to understand this phenomenon we can look to an unlikely source fish how about fish?  Fish are crazy, right?  You know the phrase there are plenty of fish in the sea?  It came about because the number of fish in the ocean used to be so vast, but in the mid-20th century, scientists began noticing that this number had started declining rapidly due to overfishing.  ". . . local economies during the 1990s collapse from the over-harvesting of cod," WhoWhatWhy, October 10, 2021.  They had already seen a similar decline in whale populations when the whaling industry nearly drove many species extinct in wailing and later in commercial fishing new technology made it easier to find and catch Marine creatures in ever greater numbers so ecologists specifically those working and fisheries management began studying how and when certain fish populations had gone into serious decline one scientist Daniel Pauly realize that researchers studying fish populations were making a major error when trying to determine acceptable catch size.  "Journalists often ask me, when is the catastrophe going to happen?  Well, it's happening right now.  It's happening under our noses.  It's a catastrophe in slow motion," Daniel Pauly, FRSC.  It wasn't that scientists didn't recognize the declining fish populations it was just that they didn't realize how significant the decline was and this was because each generation of scientists had a different baseline to which they compared the current statistics, and each generation baseline was lower than that of the previous one.  In a 1995, paper Pauly called this "shifting baseline syndrome."  

". . . Each generation of Sciences except as a baseline the stock size that occurred at the beginning of their careers and uses this to evaluate changes."  "Anecdotes in the shifting Baseline syndrome of Fisheries," PostScript.

The Baseline most scientists used was the one that was normal when they began their research careers and by that measure each decline they saw from thereon out wasn't significant.  But when you zoomed out the total decline was devastating each generation of researchers wasn't taking into account the previous decline that had led up to the start of their own research accidentally masking an exponential decline.  Pauly's insights came too late to help those managing some Fisheries the ocean suffered catastrophes such as the complete collapse of the Northwest Atlantic Cod population in the 1990s.

"FISH STOCKS DOWN TO PARLOUS LEVELS," NYT, August 1, 1993.

Internet surveillance and the resulting loss of privacy is following the same path just a certain fish populations in the world's oceans have fallen 80% from previously having fallen 80% from previously having fallen 80% and so on our expectations of privacy have similarly collapsed.  Modern technology has become a pervasive part of our lives and this has made surveillance easier than ever before but each generation considers the privacy that they've grown up with to be the status quo so the severity of this disappearance of privacy that's happened over the past several decades and the complete change of the digital landscape goes unnoticed historically people controlled their own computers and software with standalone they backed up their files to floppy disks and thumb drives that only they had access to this new world of always connected Cloud deployed software and services changed everything most apps and services are designed to be always online feeding usage information back to the company and most users don't even realize it's going on the consequences that everyone from cynical Tech folk even to ordinary users expect that what you do with modern tech isn't private our Baseline has shifted and this is at the heart of our Collective loss of privacy.  I like to call it "Frog-in-boiling-water" syndrome because we don't notice it as it's happening so we don't push back.  But soon our privacy is dead.  Are there any legal protections in place that might safeguard our privacy?  Well, not really because they too are subject to shifting baselines.  The US Supreme Court effectively says that our right to privacy depends on whether we have a reasonable expectation of privacy.  

"expectation of privacy," Overview.  Legal Information Institute, LII, Cornell Law School.

But this means that as our expectations continue to slip so do our protections.  The question remains, what now?  Fishery scientists armed with knowledge of Shifting Baseline syndrome now look at the bigger picture they no longer considered relative measures such as comparing this decade with the last decade instead they take a holistic ecosystem-wide perspective to see what a healthy Marine ecosystem should look like in privacy and security we need to do the same ultimately as with Fisheries we need to take a big picture perspective and be aware of shifting baselines this is essential for figuring out what a healthy technological ecosystem would look like where people's privacy rights are respected by governments and companies alike and companies are allowed to recoup the costs of the services they provide without having to sell their users as the products so take a moment zoom out think about the Privacy that people used to have decades ago in their daily life and the freedom they enjoyed as a result and then ask the question are you okay with the current status quo and where surveillance is headed in society if not you may want to start speaking out and demanding better practices a huge thank you to Bruce Snyder and bar off rockhaven for letting me reproduce their ideas in video form I think reframing our view of Shifting privacy norms by considering shifting baselines is a crucial step towards changing our culture around surveillance.

No comments:

Post a Comment