Comment by Jtsummers
4 months ago
> “As much as Flock tries to be good stewards of the powerful tech we sell, this shows it really is up to users to serve their communities in good faith. Selling to law-enforcement is tricky because we assume they will use our tech to do good and then just have to hope we're right.”
> The Flock source added “Even if Flock took a stance on permitted use-cases, a motivated user could simply lie about why they're performing a search. We can never 100% know how or why our tools are being used.” A second Flock source said they believe Flock should develop a better idea of what its clients are using the company’s technology for.
In other words, why bother with safeguards when they'll just lie to us anyways?
> Even if Flock took a stance on permitted use-cases, a motivated user could simply lie about why they're performing a search. We can never 100% know how or why our tools are being used.
I think this is a legitimate problem.
But...isn't this what warrants are for? With a warrant, the police have to say why they want to perform a search to a judge, under threat of perjury. They have a powerful incentive not to lie.
So...should warrants be required for this kind of Flock data also? Couldn't Flock set a policy that these searches are performed only under warrant? Or a law be enacted saying the same? I imagine it would make Flock much less attractive to their potential customers, and searches would be performed much less often. [1] So it's not something Flock is going to do on their own. I think we'd need to create the pressure, by opposing purchases of Flock or by specifically asking our elected representatives to create such a law.
[1] If I'm being generous, because of the extra friction/work/delay. If I'm being less generous, because they have no legitimate reason a judge would approve.
> So...should warrants be required for this kind of Flock data also?
Based on another incident [0] I feel Flock's explanation for their actions boils down to:
1. "We are familiar with the customer the person claimed to be an agent for."
2. "We didn't know whether the person was doing something illegal with the data... And we don't want to know, and we don't try to find out."
3. "They didn't force us. They gave us money! We like money!"
As you might guess, I don't find these points especially compelling or exculpating. Certainly nothing that would/should stand up against state or local laws that prohibit the data being shared this way.
_____________
[0] https://news.ycombinator.com/item?id=45382434
Any law would upset the third-party data broker constitutional runaround that the government has become addicted to. It is already a breach of privacy. We just need legislators willing to serve the public and ignore the lobbyists and executive.
Which requires us, the people, to replace them if they won't.
It requires us, the people, to stop buying into their games of misdirection.
This is no easy task, but it is critical. They know they can throw a million issues at us and then we'll just argue over what's more important instead of actually solving things. So at this point I'll suggest a nonoptimal, but simple solution: stop arguing over what's more important and just concentrate on what you think is most important. If they're going to throw a million things at us we can be a million little armies. Divide and rule only works by getting those little armies to fight each other. If instead we are on, mostly, the same side then they lose power. They have to fight on a million fronts.
It's far from an optimal solution but it's far better than what we've been doing for the last half century. Because for during that time they've only grown and divided us even more. People are concerned that a small forward isn't enough. They're wrong. It isn't that by not making enough progress we're standing still, we're losing ground. We can't even take a small step forward, we need to first stop losing ground. Once we do that I think we can build momentum moving forward. But it's insane to constantly give up ground in order to maybe make small steps forward. That's certainly a losing battle
"So...should warrants be required for this kind of Flock data also? "
Yes.
Yes, this is what warrants are for.
Flock's entire business model is a flagrant violation of the 4th amendment. What Flock does for their core business is called "stalking", which is a crime.
The issue here is not that the law is inadequate to resolve this problem. The issue is that the current administration has chosen to collude with private corporations that flagrantly violate the law, thereby replacing our entire judiciary system with a protection racket.
Please don't be generous. Fascists depend on our patience to insulate them from consequences.
Yes, but the problem is deeper than flock or even privacy as a concept. The problem is that we routinely fail to recognize organization crime. Basically, you're allowed to just spread and obfuscate accountability and get away with basically anything.
If I stalk someone, I go to jail. If 100 people get together and invent Super Stalking and they stalk everyone all the time, nobody goes to jail. It's completely counter-intuitive but this is how we structured society and justice.
3 replies →
I'm not sure why we've decided that if one dude named Mark stalks one girl then he's a creep, but if he stalks a million girls he's a hero and role model.
Flock has existed for longer than 3 years, hasn't it?
3 replies →
Warrants for this is actually a great idea. Thats the exact correct solution to gov/leo overreach
Eh, if a cop sat at a Dunkin Donuts and wrote down every license plate they saw that wouldn't require a warrant.
Why should contracting that out to a private company require a warrant?
Flock isn't say Google which collects location data because it needs it for Google Maps to function. Flock is only here because the local government paid it to setup equipment.
It's really an issue for the local community. Do you want your local tax dollars going to support parks or tracking individuals?
if a cop followed you for private reasons in a private car while off duty, they wouldn't need a warrant. why should they need a warrant if they pay a private individual to do it? why should they need a warrant if they pay a private company to do it electronically? why should they need a warrant when they pay a private company to do it electronically while on the clock as part of their official duty? why should they ever need a warrant? they could just kill her if they wanted, nobody would do anything about it.
12 replies →
> It's really an issue for the local community. Do you want your local tax dollars going to support parks or tracking individuals?
Correct. In your analogy, the Texas cop is being paid by your community to write down your license plate. (Otherwise, he has no authority to be operating outside his state.)
They wouldn't require a warrant, but at the same time, that wouldn't be scalable to be able to record every license plate everywhere in the city.
Having a barrier to accessing data can help prevent casual abuse in my opinion, so that officers can't look up say some ex girlfriend's license plate, but if they get a warrant they can look up some suspect's license plate.
It is an emergent effect of scale. The first principle reasoning logic of small scale examples doesn’t work as you zoom out.
Being able to scope out a small scale example of why something is ok is a very poor indicator of how it operates in a massive one.
>Eh, if a cop sat at a Dunkin Donuts and wrote down every license plate they saw that wouldn't require a warrant
I would say that there is an appreciable qualitative difference between a man using his eyeballs and a piece of paper to write down license plate numbers and a technologically sophisticated network of computerized surveillance apparatus installed over a geographically large area being used to track an individual.
Call me old-fashioned I guess
We knew this going in with Flock: that with full sharing to Flock's network of law enforcement agencies, we'd be trusting our data to every one of tens of thousands of tiny, often completely unaccountable police departments around the country, many of whom wouldn't give the slightest possible fuck about whether they were contravening our own department's general orders. That's why we disabled sharing, first to any out-of-state departments, and then altogether; PDs that wanted data from us could simply call us up on the phone like human beings.
It was implied, both by our department and, more vaguely, by Flock, that sharing was reciprocal: if we didn't enable it, other departments wouldn't share with us. That's false; not only is it false, but apparently, to my understanding, Flock has (or had?) an offering for PDs to get access to the data without even hosting cameras of their own.
That obviously leaves Flock's own attestations of client data separation, and I get the cynicism there too, but basically every municipality in the country relies on those same kinds of attestations from a myriad of vendors, and unlike Flock those vendors have basically nothing to lose (since nobody is paying attention to them).
I think you can reasonably go either way on all this stuff. But you can't run these stacks in their default configuration with their default sharing and without special-purpose ordinances and general ordinances governing them.
I write this mostly to encourage people who have strong opinions about this stuff to get engaged locally. I did, I'm not particularly good at it (I'm a loud message board nerd), and I got what I believe to be the only ALPR General Order in Chicagoland written and what I know to be the only ACLU CCOPS ordinance in Illinois passed.
> I write this mostly to encourage people who have strong opinions about this stuff to get engaged locally. I did, I'm not particularly good at it (I'm a loud message board nerd), and I got what I believe to be the only ALPR General Order in Chicagoland written and what I know to be the only ACLU CCOPS ordinance in Illinois passed.
What’s an ALPR General Order and a ALCU CCOPS ordinance? How did you get them passed?
A General Order is a documented police policy.
Flock is an ALPR.
CCOPS is a model ordinance that requires board approval for any surveillance technology deployments.
2 replies →
There are ways to work around that problem.
For instance, just making it a rule that they are not allowed to lie to you about how things are being used -- we know that won't work because if they're willing to lie they are also willing to ignore contract violations.
Instead, put in a rule that says misuse of the system costs $X for each documented case. Now the vendor has a financial incentive to detect misuse, and the purchasers have a FINANCIAL incentive to curb misuse by their own employees.
It's not a magic fix, but it's the sort of thing that might help.
Those are the same thing. Either way you need to go to court. Putting a number in doesn't magically make the contract more binding.
Better: require them to purchase misuse violation insurance.
Make a neutral third party liable for the cost and then that third party which is mostly disinterested gets to calculate risk and compliance procedures.
The only way we're really going to get data handling under control is to give the victims of data abuse financial beneficiaries of liability through the courts and insurance companies.
Better yet: make willful violation of constitutional rights a crime, with repeat violations punishable by prison, and an independent body empowered to investigate and bring charges against officers.
... a neutral third party where the some of the board of directors have a seat at the camera company, or city concil seat?
This all ends in corporate feudalism, doesn't it?
I would ask them “why bother with DUI laws if some people will drive drunk anyway?”
If the only way we can have rules is if they are 100% followed 100% of the time, then we wouldn’t have any rules to begin with. Very publicly revoke the licenses of people who break your rules. You can’t stop everybody, but you can do something. This is just a lame excuse for in action.
I want to know how much Flock paid the guy who came up with, "How could we know that building a nationwide panopticon for police would be used for police-state things?"
Flock could shut off any PD they think is abusing their product. No excuses.
Then they will stop getting paid. They do not want to stop getting paid.
If only there was a process where a trusted individual could judge if an invasion of privacy was warranted.
In yet another set of words: we built a spy network, how could we ever know that people were going to use it to spy on people?
Imagine being the person who talks to the media on behalf of the police mass surveillance company. Like man you fucked up in this life if that’s where you ended up.
Maybe they should've tried not getting into the "dystopian surveillance network" business.
If only there was some person with good JUDGEment who could decide whether a situation WARRANTs police having data.
This is the “guns don’t kill people, people kill people” bad faith argument applied to surveillance technology.
I mean, this argument has worked for the firearms industry for centuries.
But oddly not for encryption ...