http://arstechnica.com/tech-policy/2014/03/volunteers-in-metadata-study-called-gun-stores-strip-clubs-and-more/

"Cyrus Farivar" wrote:

Since late last year, the team has been releasing interim results from the 546 people that chose to participate. On Wednesday, the team released its latest and most complete findings and was startled by what it found.

...

So what was revealed, precisely? Mayer and his team showed that participants called public numbers of “Alcoholics Anonymous, gun stores, NARAL Pro-Choice, labor unions, divorce lawyers, sexually transmitted disease clinics, a Canadian import pharmacy, strip clubs, and much more.”

...

“We were able to corroborate Participant B’s medical condition and Participant C’s firearm ownership using public information sources,” the team added. “Owing to the sensitivity of these matters, we elected to not contact Participants A, D, or E for confirmation.”

...

“This is striking,” Fred Cate, a law professor at Indiana University, told Ars by e-mail.

“It highlights three key points. First, that the key part of the NSA’s argument—we weren’t collecting sensitive information so what is the bother?—is factually wrong. Second, that the NSA and the [Foreign Intelligence Surveillance Act] Court failed to think this through; after all, it only takes a little common sense to realize that sweeping up all numbers called will inevitably reveal sensitive information. Of course the record of every call made and received is going to implicate privacy. And third, it lays bare the fallacy of the Supreme Court’s mind-numbingly broad wording of the third-party doctrine in an age of big data: just because I reveal data for one purpose—to make a phone call—does not mean that I have no legitimate interest in that information, especially when combined with other data points about me.”

I'd say its time to review and tighten up the privacy laws.

Instead of creating laws on top of laws which can complicate things further, I like the alternative suggestion a little more: http://arstechnica.com/tech-policy/2014/02/nsa-head-floats-idea-what-if-we-only-gathered-terrorist-communications/. Seems like a no-brainer to me. This is what should have happened all along.

Instead of creating laws on top of laws which can complicate things further, I like the alternative suggestion a little more: http://arstechnica.com/tech-policy/2014/02/nsa-head-floats-idea-what-if-we-only-gathered-terrorist-communications/. Seems like a no-brainer to me. This is what should have happened all along.

What, you think the NSA is the only one who collects all that meta data? Meta data is the new big thing for companies to make a profit. The only reason why all those free phone apps exist is because most of them require complete access to your call history, your contact list, agenda, etc. Facebook, Google, Microsoft, EA, Valve, Apple, all of them are very interested in your online behavior and they are monitoring it. We need tighter regulation on what meta data companies can collect and how they can use it, even without taking the behavior of our intelligence agencies in consideration.

As for the NSA, seems reasonable that they start focusing on terrorist communications. But that does not necessarily result in them collecting less meta data.

What, you think the NSA is the only one who collects all that meta data?

But at least people have a choice when installing those free apps, and can usually opt out or chose not to install if you don't agree with the terms. Can anyone do that with the NSA?

As for the NSA, seems reasonable that they start focusing on terrorist communications. But that does not necessarily result in them collecting less meta data.

Not sure why you believe it wouldn't result in less meta data. Of course, more and less are quantities, and I'm not entirely concerned with quantity. I'm concerned with illegal spying without oversight, reasonable suspicion, and a system that starts with giving people the benefit of the doubt instead of rubber stamping all forms for approval.

At least you can sue a company if you believe you've been wronged by one and have your day in court. You can't even sue the American Government unless they agree to allowing you to sue them.

But at least people have a choice when installing those free apps, and can usually opt out or chose not to install if you don't agree with the terms. Can anyone do that with the NSA?

With the apps, yes, but then there is still Facebook, Microsoft, Apple and every other major software and internet company. Can you reasonably say that in today's world people can effectively opt out from Facebook? From personal experience, I can say that is not the case, at least not for people my age.

Not sure why you believe it wouldn't result in less meta data. Of course, more and less are quantities, and I'm not entirely concerned with quantity. I'm concerned with illegal spying without oversight, reasonable suspicion, and a system that starts with giving people the benefit of the doubt instead of rubber stamping all forms for approval.

Well, they still need data to sift through, even if they are just focusing on known terrorists. They could still try to collect all data available from everyone, store it in some data base and then try to filter out everything that is suspicious.

But at least people have a choice when installing those free apps, and can usually opt out or chose not to install if you don't agree with the terms. Can anyone do that with the NSA?

With the apps, yes, but then there is still Facebook, Microsoft, Apple and every other major software and internet company. Can you reasonably say that in today's world people can effectively opt out from Facebook? From personal experience, I can say that is not the case, at least not for people my age.

People can opt out if they know where to look and pay attention to what the app requests access to when they install it, but they don't bother. They just click-and-go. Personal responsibility seems to be the preferred route to me. In my experience as an IT Engineer, people don't bother to read what's given to them, they simply want to go about their lives. A law needn't be created to protect them from their own ignorance. People should be encouraged to pay attention.

But I do note that you side-stepped the issue that people cannot opt out of the NSA's data collecting, so no personal responsibility or choice is given to a private, law-abiding citizen about what information is collected by the government.

Not sure why you believe it wouldn't result in less meta data. Of course, more and less are quantities, and I'm not entirely concerned with quantity. I'm concerned with illegal spying without oversight, reasonable suspicion, and a system that starts with giving people the benefit of the doubt instead of rubber stamping all forms for approval.

Well, they still need data to sift through, even if they are just focusing on known terrorists. They could still try to collect all data available from everyone, store it in some data base and then try to filter out everything that is suspicious.

I'm confused. A data collection program run by governments that you cannot opt out of is necessary to feel safe and warm, but data collection by corporations that you can opt out of or litigate if you feel wronged requires stricter privacy laws? I'm also not seeing a convincing argument as to why the government needs to collect data on everyone, particularly given how invasive such data can be, and the potential for abuse of that information is created (no matter who the keeper of the data is). I fail to see what is wrong with the suggestion to only collect data after reasonable suspicion is presented to a neutral judge, presumably with lawyers present arguing the pros and cons of allowing the data collection to happen on a specific case-by-case basis, before the government starts intruding into people's lives.

In other words if you are up to no good, or thought likely to be, then you have to assume that you may be kept an eye on.

This is what I have an issue with. Who are these thought police that get to decide what is "up to no good"? And once we give them this power, how easy is it to take it away if they are found to abuse it? History tells us the more power you give, the harder it is to take away.

If you are an ordinary person in the street then you ought to be confident that your personal privacy is just that, private.

Given the link I used to start this thread, why would anyone feel confident that their personal privacy is still private? If by private you mean people you don't even know, never met, don't know if you can trust, never had a chance to know who they are, can know every personal detail of your life simply by accessing data about you that is requested is private, then I suppose you're right. Perfectly private.

People can opt out if they know where to look and pay attention to what the app requests access to when they install it, but they don't bother. They just click-and-go. Personal responsibility seems to be the preferred route to me. In my experience as an IT Engineer, people don't bother to read what's given to them, they simply want to go about their lives. A law needn't be created to protect them from their own ignorance. People should be encouraged to pay attention.

Well I think a lot of people are ignorant about what those companies do when they get that data and I think a lot of people also don't know how much companies can tell from metadata. Essentially these companies are exploiting that lack of knowledge under the guise of 'personal responsibility'.

I wonder how many people would still download free apps if they knew what companies learn about you through the data that you give them.

But I do note that you side-stepped the issue that people cannot opt out of the NSA's data collecting, so no personal responsibility or choice is given to a private, law-abiding citizen about what information is collected by the government.

I honestly don't think that people can reasonably opt out from Facebook either. Sure, Guy did. But if I look how much of my communication about projects I need to do for uni go through Facebook, how much information about social events are all organized through Facebook, I can honestly say that if I were to opt out from Facebook, my uni experience would be greatly decreased. Social pressure and the lack of a viable alternative leave people with little to no choice.

I'm confused. A data collection program run by governments that you cannot opt out of is necessary to feel safe and warm, but data collection by corporations that you can opt out of or litigate if you feel wronged requires stricter privacy laws? I'm also not seeing a convincing argument as to why the government needs to collect data on everyone, particularly given how invasive such data can be, and the potential for abuse of that information is created (no matter who the keeper of the data is). I fail to see what is wrong with the suggestion to only collect data after reasonable suspicion is presented to a neutral judge, presumably with lawyers present arguing the pros and cons of allowing the data collection to happen on a specific case-by-case basis, before the government starts intruding into people's lives.

You misunderstand. I was not arguing that the government needs to collect all that data, I was saying that even when the NSA promises to focus more on terrorist communications, that by itself is not an indication that they are going to hoard less data on other people. And I agree with you here for 100% that the government should not collect data on innocent law abiding citizens. It should go back to how it was. If you have reasonable suspicion someone is up to no good, you go to a court and get a warrant that allows you to monitor someones communication.

Well I think a lot of people are ignorant about what those companies do when they get that data and I think a lot of people also don't know how much companies can tell from metadata. Essentially these companies are exploiting that lack of knowledge under the guise of 'personal responsibility'.

I wonder how many people would still download free apps if they knew what companies learn about you through the data that you give them.

Such is the wonder of public discourse. People who don't know what can be ascertained from meta-data should be able to educate themselves on the matter rather easily. There is still a personal responsibility there to get involved to understand the problems of today, and to address them.

I honestly don't think that people can reasonably opt out from Facebook either. Sure, Guy did. But if I look how much of my communication about projects I need to do for uni go through Facebook, how much information about social events are all organized through Facebook, I can honestly say that if I were to opt out from Facebook, my uni experience would be greatly decreased. Social pressure and the lack of a viable alternative leave people with little to no choice.

Again, public discourse can help push back the social pressure in the other direction. People should be willing and able to speak up against using online tools like Facebook for uni communication and/or projects. Sites like Facebook/MySpace came into existence as a way for people to connect with other people using modern tools like computers. This is not a strictly patentable idea. Unis can implement their own social media without the meta-data collection done by sites like Facebook.

Social pressure works both ways, and if enough people educate themselves about data collection and express concern, they won't be 'forced' to use things against their better judgment.

You misunderstand. I was not arguing that the government needs to collect all that data, I was saying that even when the NSA promises to focus more on terrorist communications, that by itself is not an indication that they are going to hoard less data on other people.

It would seem that focusing data collection would heavily imply less data hoarding on other people. I understand that even innocent people caught in communication with a known suspect will get dragged in, but that's far better than (and less data) collecting on everyone.

Again, public discourse can help push back the social pressure in the other direction. People should be willing and able to speak up against using online tools like Facebook for uni communication and/or projects. Sites like Facebook/MySpace came into existence as a way for people to connect with other people using modern tools like computers. This is not a strictly patentable idea. Unis can implement their own social media without the meta-data collection done by sites like Facebook.

Our uni has something like that. Except no one uses it, because its clunky and unwieldy and offers nothing over Facebook. Its not easy to just compete with established social media sites. Just look at how well Google+ does.

I think its easier to just prevent sites like Facebook from collecting all that information and selling it to others by tightening privacy laws, rather than leaving the loopholes but just hope that people will migrate to a social media site that holds itself to stricter privacy standards. Its hoping that companies turn good while there are enormous financial incentives to not be good.

It would seem that focusing data collection would heavily imply less data hoarding on other people. I understand that even innocent people caught in communication with a known suspect will get dragged in, but that's far better than (and less data) collecting on everyone.

Id say it depends on the method they want to use. Do you immediately focus on known terrorists or do you collect data of everyone and then filter the database for suspicious communications. Both methods will result in a bigger focus on bad guys, but one still results in data collection on everyone while the other does not.

In other words if you are up to no good, or thought likely to be, then you have to assume that you may be kept an eye on.

This is what I have an issue with. Who are these thought police that get to decide what is "up to no good"? And once we give them this power, how easy is it to take it away if they are found to abuse it? History tells us the more power you give, the harder it is to take away.

Methinks you are getting somewhat paranoid about this.

I'd prefer to leave the labels out of this. Just because I express concern about mass data collecting, doesn't automatically mean I'm unnecessarily paranoid, or indeed paranoid in the over-used sense of the term.

I cant speak for America, but over here in the more sensible less panicky part of the Western world we don't have thought police. Or perhaps more importantly we don't all think we do like you lot. What we do have is a sensible statistical approach to matters.

Really? Sensible you say? So making laws against walking while texting because a few people walk into walls or comically fall into pools of water is a sensible approach? Or merely believing/claiming the Holocaust didn't happen and voicing that belief isn't the thought police? Indeed, it seems most of you like to be told what to do and enjoy dictating what others can do through unncessary force of law.

If a group of self proclaimed adherents to anti establishment causes, or known sympathy to terrorist regimes, are under surveillance, then it makes sense to also have a look at their known friends and acquaintances that are on the fringe of that group.

It's appalling that you'd tell me above that there's no thought police, but then state you're perfectly ok collecting data on people who are anti-establishment. Though you may not agree with anti-establishment views, that doesn't mean their privacy needs to be invaded, nor does it automatically mean they will resort to violent causes (terrorism).

Anti-establishment can be a good thing; it can overturn dictatorial or oppressive regimes. Allowing these regimes to collect data on those that disagree with them so that they can head off potential, but understandable unrest will only make it more difficult for legitimate dissent. Think about Communist regimes like China utilizing such methods to prevent people from mentioning Tiananmen Square or forcing their government from acknowledging their role in that event.

It becomes a slippery slope to think that giving governments these mass surveillance programs will only prevent Bad Things(tm) from occurring. Who gets to decide what those Bad Things(tm) are and if they should be stopped? Who has more power to use the media to their advantage when trying to gain public support for their actions?

It isn't about paranoia. It is about removing potential power abuses from those that are in power by limiting or not giving it to them in the first place so they are forced to come up with more amenable alternative solutions.

can know every personal detail of your life simply by accessing data about you that is requested is private,

So what data is this then?

Isn't that being purposefully obtuse to avoid the issue?

Our uni has something like that. Except no one uses it, because its clunky and unwieldy and offers nothing over Facebook. Its not easy to just compete with established social media sites. Just look at how well Google+ does.

I think its easier to just prevent sites like Facebook from collecting all that information and selling it to others by tightening privacy laws, rather than leaving the loopholes but just hope that people will migrate to a social media site that holds itself to stricter privacy standards. Its hoping that companies turn good while there are enormous financial incentives to not be good.

Of course it is easier to force someone else to do what you want through force of law. But is that really the correct thing to do? IMO, no. If the local uni tools aren't as good, then pressure should be applied to make them better and usable.

It would seem that focusing data collection would heavily imply less data hoarding on other people. I understand that even innocent people caught in communication with a known suspect will get dragged in, but that's far better than (and less data) collecting on everyone.

Id say it depends on the method they want to use. Do you immediately focus on known terrorists or do you collect data of everyone and then filter the database for suspicious communications. Both methods will result in a bigger focus on bad guys, but one still results in data collection on everyone while the other does not.

I've already addressed my thoughts on what method should be used above, and we seemingly agree. The preferred method is the one that doesn't use a large sledge hammer so you can examine the broken pieces later.

Of course it is easier to force someone else to do what you want through force of law. But is that really the correct thing to do? IMO, no. If the local uni tools aren't as good, then pressure should be applied to make them better and usable.

You do realize you are suggesting that my university should invest significant resources in creating a safe social network for its students that can compete with Facebook? That would use resources the university would otherwise be investing in education and even then has a high degree of failure, given that Facebook has millions of users world wide while our university has at best a few thousand students at any given year. It seems like a very unrealistic plan. Even if every university in the world would band together to create some kind of system, you end up with things like Blackboard, which is effing terrible.

And even if you manage to work around Facebook, there is still Microsoft, Apple and Google. Should my university also provide me with a safe operating system for my laptop/mobile phone/tablet?

Besides, whats wrong with tightening up the existing privacy laws so companies cannot just collect all that data from you and sell it to other companies? Because you force companies to act responsibly rather than wait until they magically grow responsible themselves?

Anti establishment supporters are those that wish to undermine the status Quo, general law and order, and support public insurrection and unrest on the streets of a country. I think that those people should be monitored as they want to bring down society as we know it.

..and Hunt Saboteurs are not against the status quo as it existed?

So you won't mind if you are monitored and reigned in then!

I support the Hunt Saboteurs.

---

But as this thread shows with friends of friends of friends etc, YOU ARE associated with a violent group of people regardless of the fact that you support them financially and non-violently!

So where is it right for just one group of people to be monitored and not another?

---

Great, now we are also monitored for associating with Chris ;)

Great, now we are also monitored for associating with Chris ;)

:-) I'm being monitored anyway for being a crazy Irishman that abhors corruption and abuse of power so being monitored more because of associations ..... C'est La vie.

---

Of course it is easier to force someone else to do what you want through force of law. But is that really the correct thing to do? IMO, no. If the local uni tools aren't as good, then pressure should be applied to make them better and usable.

You do realize you are suggesting that my university should invest significant resources in creating a safe social network for its students that can compete with Facebook?

There's no need to compete; it's a university resource. They're not meant to compete but offer an "official service". Corporations do this sort of thing all the time. In fact, my company doesn't allow any cloud access at all for various security reasons, so things like Google+, Microsoft OneDrive, and any other cloud storage stuff is off limits. We have our own in-house resources to take their place. We're not competing with these services because we do not offer these services to our customers. They're for internal use only. The same would be true for your university as well.

Besides, whats wrong with tightening up the existing privacy laws so companies cannot just collect all that data from you and sell it to other companies? Because you force companies to act responsibly rather than wait until they magically grow responsible themselves?

Because I do not believe using force of law unless absolutely necessary. Every law created takes away from individual freedoms, which is not a Good Thing.