I have a feeling all these FTC cases like this and the ones against big tech companies will all be dropped in a couple of months with just a little greasing of the wheels from these companies that are under investigation.
Why should we have piecemeal, extra-legal policies that only favor special interest groups? It's nice that they protect the privacy of church goers, but they can still geofence my neighborhood to estimate my income bracket among other invasions. It's well past time for comprehensive data protection laws rather than a hodgepodge of special treatment policies for whoever the executive wants to curry favor with.
We really need a leak of tracking data on Congresspeople going to compromising places to make this happen.
A really good book on this topic is Byron Tau’s Means of Control. His contention is that this surveillance data has made NSA warrantless wiretaps old news. Cops don’t need to do the spying themselves, they can simply buy the info.
I am of the opinion that at this point, Americans only believe we are less surveilled than people elsewhere. It’s not visible so people forget about it. Yet it is so deeply embedded into the government that it will never be removed.
Maybe this helps make your point [0]. The data purchased and
aggregated so seamlessly now that standardised 'one-click' software
similar to X-keyscore (Locate X) is widely available for tracking
citizens.
There's the old saying that "we are free only as much as we don't have guns in our face telling us we're not". The reigns placed on our freedom are just unrecognized by the vast majority of people so they feel they have more freedom than what they might appreciate.
I’m not entirely sure if I understand the point you’re making, but let me try an analogy.
We are all forced to buy a car. There is no one with a gun to our head forcing such a purchase, or a law specifically requiring you to buy a car. But nevertheless the laws are structured so that everyone realistically must buy a car, whether they want to or not.
If you chose not to buy a car then your life will be dramatically more expensive and difficult to live, because of the network effects of this requirement.
So while you are technically free to not buy a car, realistically you are forced to do so.
I would say it's more like the American people are so propagandized in favor of free markets and enterprises and so poisoned at the notion of the Government doing literally anything that they utterly don't care about how thoroughly and completely our freedoms have been subsumed by capital interests, as long as they aren't "big government me no like."
Government death panels? Orwellian, literally 1984, communist, socialist. Your insurance company refusing to cover your cancer treatment? Well that's the free market bub, can't argue with it. Sorry you're gonna die.
Like I'm being hyperbolic, sure, but I am being that hyperbolic?
Some people might be against regulating private data collection on principle, but I would imagine far more people are simply unaware of it. And even if they are, it’s pretty damn hard to opt out of, and the harms are pretty abstract.
Unless you can demonstrate concrete ways in which it even inconveniences someone, it’s gonna fall pretty low on most people’s priorities.
> I am of the opinion that at this point, Americans only believe we are less surveilled than people elsewhere.
I'm not sure who believes that (Hollywood/any cop tv show would have you believing the opposite), but I'm also skeptical that these data brokers are only brokering US data.
> (Hollywood/any cop tv show would have you believing the opposite)
Hollywood and cop TV would have you believe that "zoom, enhance" is a legitimate means of surveillance. I suspect most educated Americans avoid framing their understanding of surveillance around CSI and SVU.
Well, if you follow legal cases as I do, you know that isn't true! We are surveilled just as much as everyone else, save for maybe the UK, but we're even getting pretty close to that!
> Despite understanding that precise geolocation data is sensitive information that requires consumers’ consent, Respondents fail to take reasonable steps to confirm consumers consented to Respondents’ collection, use, or sale of this data and consumers do not, in fact, consent to the collection, use, and sale of their location data by Respondents.
Is there some actual law that this is based on? I am sympathetic to arguments that this should be a law, and is sketchy and gross, but the legal requirement of active consent for geolocation data seems to be something the agency is just declaring to be true and daring lawsuits to challenge.
> seems to be something the agency is just declaring to be true and daring lawsuits to challenge
I'm pretty sure that this is exactly how it's supposed to work. Federal agencies like the FTC have (had?) the authority to make rules and reinterpret existing rules with the force of law.
In the (present) US government, it really can't work any other way. Without this sort of autonomy, any action by the FTC, EPA, etc would require congressional approval, which would mean that they effectively would never be able to function at all. Law moves far, far too slowly. FTC needs autonomy to go around the law to react to rapidly changing markets and technologies. Notionally their actions should be codified by Congress after the fact, but Congress is incapable of doing anything useful within 20 years.
Especially after recent supreme court decisions, which I support, Congress has to give an agency specific authority within defined boundaries in order to make regulations which have the force of law.
Congress doesn't have to get down to the very specifics (like for example emissions standards numbers for cars), but it does have to be specific enough (can't say: EPA, you're responsible for environment stuff, make whatever laws you feel like).
The legislation charges the FTC with preventing unfair business practices, defines what it means by unfair, and then gives authority to address these things through administrative actions or the courts.
It's based on Section 5 of the FTC Act, which prohibits unfair and deceptive practices. The vast majority of "FTC cases" you read about are Section 5 cases.
IANAL the tech developed and then laws started to form.. slow walking the laws took over due to internal law enforcement and intelligence agency desire to use the data. Tech companies brutally compete with winners emerging controlling billions in cash flows. Both US political parties are completely complicit behind closed doors. "motivated individuals" by the tens of thousands built the tech and drank the kool-aide, reaping many mini-millionaires (reading right now?) $0.02
great, so look for EULA/ToS updates soon to be released by all of the other players in this area with explicit permission granted hidden behind legalese weasel words
Honda sold their users' data for 26 cents per car.
Hyundai sold their users' data for 61 cents per car.
Whether or not that data is used to affect insurance premiums is hard to ascertain, but I wouldn't be surprised if someone somewhere in the world was affected by it.
> without obtaining verifiable user consent for commercial and government uses.
and if they did obtain it, this data should have trackable provenance, should be revokable, and there should be payment and royalties to the user for its use and continued use
unless you plan on making it DRM protected, how else do you make data revokable? it's just text that can at worst be screen scraped into whatever format they want/need. plus, as we all know, DRM encryption keys tend to have a way of being broken or discovered or whatever other method of being rendered useless.
we can just copy a regulatory regime seen in other industries: non-compliant offerings are outright illegal and anyone trading in it can be sanctioned outright, while compliant offerings have this feature set.
the feature set can have a standardized way of tracking provenance, which the user can look at and revoke its compliance if desired, by signing a cryptographic signature that produces the expected address that approved consent to begin with. the same address's public key would be used for royalty payment. there are many examples of this working in standardized ways in some networks.
> The companies can retain historic location data if they ensure that it is deidentified or rendered non-sensitive or if consumers consented to the use of their data.
They left a loophole, sounds like nothing will change.
Yes, her term as chair technically ended in September. Trump is expected to pick someone who aligns more toward his and JD Vance's goals regarding big tech.
This did not go far enough.
Why is there a class action lawsuit for Cliff bars and not for scummy location data harvesters.
I am curious whether they sold only segments or device level data and whether you could identify an individual
It doesn't really remove the discretion within the executive branch agencies. They still have to do some level of interpretation of what Congress really wanted.
Removal of Chevron effectively means a judge then gets to second-guess that interpretation. Previously, they were supposed to defer to the SMEs in the executive.
The same way agency did before Chevron. Chevron has only existed since 1984. Most of our core food, drug, air, etc regulations all predate it. They just have to use the authority explicitly granted to them rather then making shit up.
This is the best question here. The FTC can still make and enforce regulations. But the regulatees can now take those enforecements to federal judges who may modify or vacate the enforcement action, or even the regulation itself.
The loss of chevron does not end regulation. It creates a morass of inconsistent and inexpert judicial inturpretations. It was the worst supreme court decision in decades.
> It was the worst supreme court decision in decades.
Probably one of the best in decades... Seriously how did we get to the point that hacker news of all places is fondly dreaming of a near presidential dictatorship where rule making doesn't even need the legislative branch.
> It was the worst supreme court decision in decades
That's saying a lot considering that the presidential immunity decision is going to create the same kind of uncertainty surrounding presidential conduct which is likely not going to be resolved for decades.
As I skim that it just feels like a pile of shit that does nothing but create a few jobs to make reports. It doesn't bind the management. They can literally go do the same thing tomorrow.
Oh wait... "Gravy Analytics is now part of Unacast!"
Why isn't Unacast a party? Where is the monetary fine?
Are we skimming the same thing here? Section II explicitly binds the management and prohibits sale of precise sensitive location data. This is a consent decree - not sure what the FTC banning a company would look like exactly - using your example, Unacast would be bound by the terms of the decree. FTC's shuttering a line of business for these companies and requiring guardrails (which sure, might create jobs for reporting but...those data governance jobs for this type of data specifically should probably exist?), seems like an ok remedy imo. For context:
> "II. Prohibitions on the Use, Sale, or Disclosure of Sensitive Location Data
IT IS FURTHER ORDERED that Respondents and Respondents’ officers, agents, and
employees, whether acting directly or indirectly, must not sell, license, transfer, share, disclose, or otherwise use in any products or services Sensitive Location Data associated with the Sensitive Locations that Respondents have identified within 90 days of the effective date of this Order as part of the Sensitive Locations Data Program established and maintained pursuant to Provision III below."
Yeah government doesn't want to end the surveillance. They want to access it. This action serves that purpose and also makes more work for bureaucrats and lawyers. It's a real win-win from a DC perspective.
I really wish we would stop being distracted by what corporations are doing with our data, and shift the focus to what governments are doing with it.
It's true of course that corporations often collect and sell this data to the government, so we should focus instead on the data collection at it's source - on our devices. However the data is collected, and whoever collects it - the government will get and use it for their own purposes.
Corporations just want to sell you more stuff. The government wants to control you.
Here's a few previous threads (about "Venntel" or "Gravy Analytics" specifically),
https://news.ycombinator.com/item?id=24709347 ("The IRS is being investigated for using location data without a warrant", 80 comments)
I have a feeling all these FTC cases like this and the ones against big tech companies will all be dropped in a couple of months with just a little greasing of the wheels from these companies that are under investigation.
[flagged]
Why should we have piecemeal, extra-legal policies that only favor special interest groups? It's nice that they protect the privacy of church goers, but they can still geofence my neighborhood to estimate my income bracket among other invasions. It's well past time for comprehensive data protection laws rather than a hodgepodge of special treatment policies for whoever the executive wants to curry favor with.
We really need a leak of tracking data on Congresspeople going to compromising places to make this happen.
>It's well past time for comprehensive data protection laws....
Oh, for horror! That might mean more banners on websites....
A really good book on this topic is Byron Tau’s Means of Control. His contention is that this surveillance data has made NSA warrantless wiretaps old news. Cops don’t need to do the spying themselves, they can simply buy the info.
I am of the opinion that at this point, Americans only believe we are less surveilled than people elsewhere. It’s not visible so people forget about it. Yet it is so deeply embedded into the government that it will never be removed.
Maybe this helps make your point [0]. The data purchased and aggregated so seamlessly now that standardised 'one-click' software similar to X-keyscore (Locate X) is widely available for tracking citizens.
[0] https://www.404media.co/email/f459caa7-1a58-4f31-a9ba-3cb53a...
There's the old saying that "we are free only as much as we don't have guns in our face telling us we're not". The reigns placed on our freedom are just unrecognized by the vast majority of people so they feel they have more freedom than what they might appreciate.
Do you have some concrete examples of these reigns placed on our freedoms that most people apparently aren't intelligent enough to realize?
9 replies →
> we are free only as much as we don't have guns in our face telling us we're not.
Is this actually an old saying?
2 replies →
I’m not entirely sure if I understand the point you’re making, but let me try an analogy.
We are all forced to buy a car. There is no one with a gun to our head forcing such a purchase, or a law specifically requiring you to buy a car. But nevertheless the laws are structured so that everyone realistically must buy a car, whether they want to or not.
If you chose not to buy a car then your life will be dramatically more expensive and difficult to live, because of the network effects of this requirement.
So while you are technically free to not buy a car, realistically you are forced to do so.
Is that approximately what you mean?
37 replies →
I would say it's more like the American people are so propagandized in favor of free markets and enterprises and so poisoned at the notion of the Government doing literally anything that they utterly don't care about how thoroughly and completely our freedoms have been subsumed by capital interests, as long as they aren't "big government me no like."
Government death panels? Orwellian, literally 1984, communist, socialist. Your insurance company refusing to cover your cancer treatment? Well that's the free market bub, can't argue with it. Sorry you're gonna die.
Like I'm being hyperbolic, sure, but I am being that hyperbolic?
Some people might be against regulating private data collection on principle, but I would imagine far more people are simply unaware of it. And even if they are, it’s pretty damn hard to opt out of, and the harms are pretty abstract.
Unless you can demonstrate concrete ways in which it even inconveniences someone, it’s gonna fall pretty low on most people’s priorities.
You can always pay out of pocket for healthcare. "Government death panels" are death panels because it is illegal to seek any other care/recourse
15 replies →
> I am of the opinion that at this point, Americans only believe we are less surveilled than people elsewhere.
I'm not sure who believes that (Hollywood/any cop tv show would have you believing the opposite), but I'm also skeptical that these data brokers are only brokering US data.
> (Hollywood/any cop tv show would have you believing the opposite)
Hollywood and cop TV would have you believe that "zoom, enhance" is a legitimate means of surveillance. I suspect most educated Americans avoid framing their understanding of surveillance around CSI and SVU.
8 replies →
Not just police... the NSA as well.
https://www.cnn.com/2024/01/26/tech/the-nsa-buys-americans-i...
Well, if you follow legal cases as I do, you know that isn't true! We are surveilled just as much as everyone else, save for maybe the UK, but we're even getting pretty close to that!
> Despite understanding that precise geolocation data is sensitive information that requires consumers’ consent, Respondents fail to take reasonable steps to confirm consumers consented to Respondents’ collection, use, or sale of this data and consumers do not, in fact, consent to the collection, use, and sale of their location data by Respondents.
Is there some actual law that this is based on? I am sympathetic to arguments that this should be a law, and is sketchy and gross, but the legal requirement of active consent for geolocation data seems to be something the agency is just declaring to be true and daring lawsuits to challenge.
> seems to be something the agency is just declaring to be true and daring lawsuits to challenge
I'm pretty sure that this is exactly how it's supposed to work. Federal agencies like the FTC have (had?) the authority to make rules and reinterpret existing rules with the force of law.
In the (present) US government, it really can't work any other way. Without this sort of autonomy, any action by the FTC, EPA, etc would require congressional approval, which would mean that they effectively would never be able to function at all. Law moves far, far too slowly. FTC needs autonomy to go around the law to react to rapidly changing markets and technologies. Notionally their actions should be codified by Congress after the fact, but Congress is incapable of doing anything useful within 20 years.
This puts a bit of a weird spin on it.
Especially after recent supreme court decisions, which I support, Congress has to give an agency specific authority within defined boundaries in order to make regulations which have the force of law.
Congress doesn't have to get down to the very specifics (like for example emissions standards numbers for cars), but it does have to be specific enough (can't say: EPA, you're responsible for environment stuff, make whatever laws you feel like).
For example the origination of the FTC https://en.wikipedia.org/wiki/Federal_Trade_Commission_Act_o...
The legislation charges the FTC with preventing unfair business practices, defines what it means by unfair, and then gives authority to address these things through administrative actions or the courts.
2 replies →
Federal agencies have discretion, sure - but it's not unlimited discretion.
It's based on Section 5 of the FTC Act, which prohibits unfair and deceptive practices. The vast majority of "FTC cases" you read about are Section 5 cases.
IANAL the tech developed and then laws started to form.. slow walking the laws took over due to internal law enforcement and intelligence agency desire to use the data. Tech companies brutally compete with winners emerging controlling billions in cash flows. Both US political parties are completely complicit behind closed doors. "motivated individuals" by the tens of thousands built the tech and drank the kool-aide, reaping many mini-millionaires (reading right now?) $0.02
great, so look for EULA/ToS updates soon to be released by all of the other players in this area with explicit permission granted hidden behind legalese weasel words
Click-thru EULA's can be done away with with the flick of a pen.
1 reply →
I would like to see action against car makers like Honda and Subaru and Ford for selling location data from the car’s GPS
Don't forget Hyundai, too.
https://www.caranddriver.com/news/a61711288/automakers-sold-...
Honda sold their users' data for 26 cents per car.
Hyundai sold their users' data for 61 cents per car.
Whether or not that data is used to affect insurance premiums is hard to ascertain, but I wouldn't be surprised if someone somewhere in the world was affected by it.
> without obtaining verifiable user consent for commercial and government uses.
and if they did obtain it, this data should have trackable provenance, should be revokable, and there should be payment and royalties to the user for its use and continued use
>should be revokable
this data will self-destruct in five seconds?
unless you plan on making it DRM protected, how else do you make data revokable? it's just text that can at worst be screen scraped into whatever format they want/need. plus, as we all know, DRM encryption keys tend to have a way of being broken or discovered or whatever other method of being rendered useless.
nothing to do with DRM
we can just copy a regulatory regime seen in other industries: non-compliant offerings are outright illegal and anyone trading in it can be sanctioned outright, while compliant offerings have this feature set.
the feature set can have a standardized way of tracking provenance, which the user can look at and revoke its compliance if desired, by signing a cryptographic signature that produces the expected address that approved consent to begin with. the same address's public key would be used for royalty payment. there are many examples of this working in standardized ways in some networks.
Not everything has to be a tech solution. Legislate that companies must delete the data and punish them if they don’t. Much like GDPR.
2 replies →
> The companies can retain historic location data if they ensure that it is deidentified or rendered non-sensitive or if consumers consented to the use of their data.
They left a loophole, sounds like nothing will change.
> if consumers consented
The consumer has a phone, they obviously consented - hardly passing through the eye of a needle.
I wish they would take action on collecting data
How nice of the FTC to do this.
I mean, it won't matter come January 21st, but it's a nice thought.
Are these Lina Khan’s final days?
It's when an administration that thinks that any and all regulations are job-killing and burdensome takes power, with a Congress and SCOTUS to match.
Yes, her term as chair technically ended in September. Trump is expected to pick someone who aligns more toward his and JD Vance's goals regarding big tech.
4 replies →
This did not go far enough. Why is there a class action lawsuit for Cliff bars and not for scummy location data harvesters. I am curious whether they sold only segments or device level data and whether you could identify an individual
Off the gravy train for them! (Sorry)
How can the FTC make any enforceable rules now that Chevron is gone?
Chevron eliminated discretion regarding how an agency interprets what powers it has been given if the law is unclear about such things.
It does not eliminate the ability to make and enforce rules if those powers/rules are clearly within the scope of the law.
I have no idea about this FTC decision on this second point but agency lawyers tend to be pretty careful about such things.
It doesn't really remove the discretion within the executive branch agencies. They still have to do some level of interpretation of what Congress really wanted.
Removal of Chevron effectively means a judge then gets to second-guess that interpretation. Previously, they were supposed to defer to the SMEs in the executive.
1 reply →
The same way agency did before Chevron. Chevron has only existed since 1984. Most of our core food, drug, air, etc regulations all predate it. They just have to use the authority explicitly granted to them rather then making shit up.
Ah to live in a time that congress could make laws… swoon
1 reply →
This is the best question here. The FTC can still make and enforce regulations. But the regulatees can now take those enforecements to federal judges who may modify or vacate the enforcement action, or even the regulation itself.
The loss of chevron does not end regulation. It creates a morass of inconsistent and inexpert judicial inturpretations. It was the worst supreme court decision in decades.
> It was the worst supreme court decision in decades.
Probably one of the best in decades... Seriously how did we get to the point that hacker news of all places is fondly dreaming of a near presidential dictatorship where rule making doesn't even need the legislative branch.
4 replies →
> It was the worst supreme court decision in decades
That's saying a lot considering that the presidential immunity decision is going to create the same kind of uncertainty surrounding presidential conduct which is likely not going to be resolved for decades.
2 replies →
"can now take" isn't really accurate.
You could always appeal the rulings from federal agencies in court and that's how we lost chevron [1].
[1]: https://en.wikipedia.org/wiki/Loper_Bright_Enterprises_v._Ra...
Even worse than near-blanket immunity for the President? I guess we'll find out in January!
But yeah, the inconsistent rulings from the bench will be a total dumpster fire.
19 replies →
[dead]
we'll see when it gets challenged
"FTC Bans Location Data Company" no not really.
https://www.ftc.gov/system/files/ftc_gov/pdf/2123035gravyana...
As I skim that it just feels like a pile of shit that does nothing but create a few jobs to make reports. It doesn't bind the management. They can literally go do the same thing tomorrow.
Oh wait... "Gravy Analytics is now part of Unacast!"
Why isn't Unacast a party? Where is the monetary fine?
Are we skimming the same thing here? Section II explicitly binds the management and prohibits sale of precise sensitive location data. This is a consent decree - not sure what the FTC banning a company would look like exactly - using your example, Unacast would be bound by the terms of the decree. FTC's shuttering a line of business for these companies and requiring guardrails (which sure, might create jobs for reporting but...those data governance jobs for this type of data specifically should probably exist?), seems like an ok remedy imo. For context:
> "II. Prohibitions on the Use, Sale, or Disclosure of Sensitive Location Data IT IS FURTHER ORDERED that Respondents and Respondents’ officers, agents, and employees, whether acting directly or indirectly, must not sell, license, transfer, share, disclose, or otherwise use in any products or services Sensitive Location Data associated with the Sensitive Locations that Respondents have identified within 90 days of the effective date of this Order as part of the Sensitive Locations Data Program established and maintained pursuant to Provision III below."
Yeah government doesn't want to end the surveillance. They want to access it. This action serves that purpose and also makes more work for bureaucrats and lawyers. It's a real win-win from a DC perspective.
Huh. It was ok the last 4 years but not next year.
Said in response to literally every law, regulation, or enforcement action ever.
I really wish we would stop being distracted by what corporations are doing with our data, and shift the focus to what governments are doing with it.
It's true of course that corporations often collect and sell this data to the government, so we should focus instead on the data collection at it's source - on our devices. However the data is collected, and whoever collects it - the government will get and use it for their own purposes.
Corporations just want to sell you more stuff. The government wants to control you.
This is false. Corporations want to make money. A big way to do this is to sell your data to governments.
Another way is to use your data to help them become a monopoly and/or manipulate you.
It’s not “sell more stuff”, it’s “assist governments and extract money by any means, including robbing you”.