Comment by max_
1 year ago
The problem with such issues of data misuse is that people only provide 2 solutions.
a) Go off grid. Don't use The tech that these cars make.
The problem with this is that it is impractical for people that use see alot of value in using this tech.
b) Pass more regulation.
I am a Hayekian and I believe that regulation will not help with people that know the ins & outs of the regulation, also it's doesn't stop them. It just means corporations are willing to misbehave as long as they can play the legal gymnastics and pay rudimentary fines.
Now, The third option which I see would be the best but isn't talked much about is the promotion, and installation of homomorphic computing or homomorphic encryption.
I am not a cryptographer so I really don't fully understand it's limitations. But adopting this would simply make all these data abuse issues vanish.
Cryptographers, why hasn't homomophic Computing or homomophic encryption been massively adopted?
> isn't talked much about is the promotion, and installation of homomorphic computing or homomorphic encryption
Sure, the car company will homomorphically encrypt your driving data when it sends it to its own servers.
You’re trying to solve a social problem with technology. That doesn’t work.
>Sure, the car company will homomorphically encrypt your driving data when it sends it to its own servers.
You can encrypt the data such that the insurance companies cannot target any particular individual (which is my problem her) but they can use the data to improve their insurance pricing models.
I have no problem with a health insurance company using population data to find out how many are susceptible to say cancer.
But I have a problem when they use this data to over price a particular individuals insurance because their gene say that they are susceptible to cancer.
> encrypt the data such that the insurance companies cannot target any particular individual (which is my problem her) but they can use the data to improve their insurance pricing models
We already have population claims statistics, a product of regulations that require reporting. What insurance companies want is discrimination within the variation.
Of the solutions:
a) Impractical because cars are needed for daily life and there’s no incentive for automakers to not sell your data.. so all cars will unless this becomes a compelling enough product difference to move the needle on profits,
b) Legislation/regulation that creates the right incentives isn’t easy, but certainly doable.
c) Impractical because homomorphic encryption is absurdly computationally expensive, is still not a fully unsolved problem, and.. in what universe do automotive companies implement this far fetched and expensive means of privacy without sone.. err.. regulation?
It doesn’t seem to be superior to option b)
Which specific regulation do you think has a history of not being impactful? I find that the devil is in the detail in this argument because most regulation us massively impactful and helpful and I find that the talking point that we need to get rid of it is generally loudest from those who would profit the most from not following those rules anymore.
GDPR for example has done nothing to protect people from this particular case of data misuse.
The problem with English law, is that you have to explicitly declare what is wrong a head of time. So we just end up with endless needs for regulation ls.
If we had legal systems like Hammurabi Codes, they work work way better.
You'd be surprised what French data authority (CNIL) has to say about this[1]:
> Any use of personal data for an objective that is incompatible with the primary purpose of proces- sing is a misuse that is subject to administrative or criminal sanctions. > For example, a mechanic cannot sell the vehicle’s technical data to insurers to enable them to infer the driving profiles of their policyholders.
There may be a lack of enforcement, but it seems this type of data may be protected under GDPR.
[1] https://www.cnil.fr/sites/cnil/files/atoms/files/cnil_pack_v...
2 replies →
> GDPR for example has done nothing to protect people from this particular case of data misuse
You’re using one badly-written law to discard a category.
Why not look at the FDA? When was the last time you were poisoned?
7 replies →
I mean the one thing GDPR did was scare the ever living daylight out of quite a few engineering teams and executives. Which honestly was what they industry really needed, people just needed to consider the data collection a bit more.
And fines have been levied and are levied constantly. It's mostly a man power problem as to how many, but the fines pay for more man power in some places so it all works out. It's just slow, which is why people always complain that nothing ever happens.
Since nobody answered the question, the reason is its terribly absolutely insanely slow. It's possible, just requiring hundreds of thousands or millions of times as much work as say, a normal lookup in a database.
> I am a Hayekian and I believe that regulation will not help with people that know the ins & outs of the regulation, also it's doesn't stop them.
that is such a funny thing to say. Car industry is heavily regulated and car companies do work with the regulation. They are already regulated on safety, fuel standards, dimensions... Adding data protection into the mix makes sense.
The auto industry has fought tooth and nail against safety requirements[1] and still fights today against more stringent fuel standards[2][3].
Not only would they fight regulations like data safety that would open them to potential litigation when lose the data or sell it to the wrong player, but they would win. Privacy isn't the political football that the environment is, and you can't point to death statistics like you can with safety issues.
[1] https://www.the-rheumatologist.org/article/revisionist-histo... [2] https://texasclimatenews.org/2022/03/19/decades-of-lobbying-... [3] https://www.cbtnews.com/auto-lobby-group-warns-fuel-efficien...
they fight it because it works and impacts their bottom line, i dont see how that's evidence that regulation is ineffective as a whole because people can just find loopholes
1 reply →
The fact that they will fight it does not mean we should not try it. At least in EU the GDPR gives quite a bit of power to regulate this.
If I am a corporation and I am willing to break regulations, how will you force me to use homomorphic encryption? Why should I pass on gathering data that I can resell?
The average buyer won't understand or care about it so there is no direct pressure from consumers. I think regulations is not optional (and homomorphic encryption may be mandated if viable?). Breaching regulations is often a "cost of doing business", but some recent regulations (such as GDPR) can actually create very large fines in many countries. So it seems that what may be needed is good enforcement and measured penalties. Another deterrent would be having penalties that are not money.
> Breaching regulations is often a "cost of doing business", but some recent regulations (such as GDPR) can actually create very large fines in many countries.
This is the issue with so many laws. Stricter fines basically never deter would be offenders from committing the crime. What deters people is a high chance of getting caught.
Do companies ignore regulations? Sure, some do. But saying 'they will just pay the fines' ignores the fact that we could make the fines existential, or punish board members by kicking them out of the industry. The answer to 'the regulation we haven't even tried won't work if we do it improperly' is 'let's do it, and do it properly'. I have no idea what homomorphic encryption is, but rarely do 'let's add more tech to magic bullet a human problem of incentives' solutions work.
Homomophic encryption simply means that the data is encrypted in a way that the person working with it cannot use it arbitrarily.
Here is an example, I would for instance use Google Maps for Navigation but Google or any other third party would have no idea where I am going.
I used it in the first company I worked for and it works beautifully.
A) and B) work but they are not as effective as homomophic encryption.
Barring regulation, why would car manufacturers currently profiting off the sale of this data spend extra money voluntarily implementing something that cuts off their revenue stream?
1 reply →
The keyword here is "use".
Homomorphic Encryption reduces the breadth of computations that can be ran on the gathered data, by making it inaccessible outside of the specific homomorphic scheme that was chosen. So yes, in that sense it cannot be used arbitrarily.
However, the results, i.e. knowledge derived, from the chosen computations can still be shared arbitrarily, which IMO is a much greater issue, as the need of the result sharing will inform the computations that can be done within the scheme.
Who defines the computations? Surely not the users, and lacking regulations, also surely not regulatory bodies.
> use Google Maps for Navigation but Google or any other third party would have no idea where I am going
You don’t need homomorphic encryption for this, just local route processing. In the case of car data, the auto companies aren’t doing any useful processing of the data for the user. Homomorphic encryption is irrelevant.
I think a problem in this area is that if one avenue of data collection is denied, another one will be implemented and it becomes a game of whack-a-mole.
For example the USG is forbidden from collecting communications from US citizens, but that does not keep it from buying this information from private domestic sources or from other governments.
We did not freeze the ability to pass legislation or have courts decide on the constitutionality of governmental processes. Have you given up on democracy?
Why is everyone so quick to say 'well, they are getting away with it, might as well let them' instead of trying to use our processes for the purposes which they were designed?
1 reply →
Strangely enough, I know the answer to that, if memory is serving.
Homomorphic encryption is where you can compute on the encrypted data without ever decrypting it.
Logically, it sounds like a pipe dream to me, but apparently it's a thing.
Why is it a pipe dream I know companies that use it. And it serves their purposes well.
2 replies →
> I am a Hayekian and I believe that regulation will not help with people that know the ins & outs of the regulation, also it's doesn't stop them.
I work in the automotive industry. It is very heavily regulated. The majority of people have never heard of ISO 26262 but it's keeping billions of people safe every day. Data privacy can work in the same way.
> The problem with this is that it is impractical for people that use see alot of value in using this tech.
I would be happy to turn down the tech, but I wonder how long until I can't feasibly buy a car (or a car I want) without it...
> I am a Hayekian and I believe that regulation will not help with people that know the ins & outs of the regulation, also it's doesn't stop them. It just means corporations are willing to misbehave as long as they can play the legal gymnastics and pay rudimentary fines.
So you try nothing and are out of ideas. Amazing.
> homomorphic encryption
Let me get this straight, you think regulation is too hard because corporations don't want it, but you don't see any problem with homomorphic encryption, which is difficult to implement, poorly understood by consumers, AND provides privacy guarantees that corporations don't want?
Really?