Comment by kibwen

Comment by kibwen 10 months ago

25 replies

View on Hacker News

The fact that my data can be stolen in the first place is already outrageous, because I neither consented to allowing these companies to have my data, nor benefit from them having my data.

It's like if you go to an AirBNB and the owner sneaks in at night and takes photos of you sleeping naked and keeps those photos in a folder on his bookshelf. Would you be okay with that? If you're not directly harmed, what liability would they have?

Personal data should be radioactive. Any company retaining it better have a damn good reason, and if not then their company should be burned to the ground and the owners clapped in irons. And before anyone asks, "personalized advertisements" is not a good reason.

ryandrake 10 months ago

That's the big problem with relying on tort law to curb this kind of bad corporate behavior: The plaintiff has to show actual injury or harm. This kind of bad behavior should be criminal, and the state should be going after companies.

Reply View 0 replies
JumpCrisscross 10 months ago

> before anyone asks, "personalized advertisements" is not a good reason

The good reason is growth. Our AI sector is based on, in large part, the fruits of these data. Maybe it's all baloney, I don't know. But those are jobs, investment and taxes that e.g. Europe has skipped out on that America and China are capitalising on.

My point, by the way, isn't pro surveillance. I enjoy my privacy. But blanket labelling personal data as radioactive doesn't seem to have any benefit to it outside emotional comfort. Instead, we need to do a better job of specifying which data are harmful to accumulate and why. SSNs are obviously not an issue. Data that can be used to target e.g. election misinformation are.

Reply View 4 replies
  • thfuran 10 months ago

    So you're saying it's all vastly valuable and that's why it is right that it is taken without consent or compensation?

    Reply View 1 reply
    • JumpCrisscross 10 months ago

      > it's all vastly valuable and that's why it is right that it is taken without consent or compensation?

      No, I'm saying it's a common with a benefit to utilisation. A lot of discussions around data involve zealouts on both sides. (One claiming it's the god-given right to harvest everyone's personal information. The other acting like it's the crime of the century for their email address to be leaked.)

      Reply View 0 replies
  • rockskon 10 months ago

    See - your problem is you think you're talking to politicians, Facebook-era journalists, disinfo activists.

    Most people here have thought more about the the topic of privacy in the modern era far more than what some 70 year old politician has.

    Reply View 0 replies
pc86 10 months ago

I mean it's pretty clear that you are directly harmed if someone takes naked photos of you without your knowledge or consent and then keeps them. It's not a good analogy so if we want to convince people like the GP of the points you're making, you need to make a good case because that is not how the law is currently structured. "I don't like ads" is not a good reason, and comments like this that are seething with rage and hyperbole don't convince anyone of anything.

Reply View 8 replies
  • drawkward 10 months ago

    What is the harm? It is not obvious to me, if the victim is unaware...unless you are alleging simply that there is some ill-defined right to privacy. But if that is so, why does it apply to my crotch and not my personal data?

    Reply View 3 replies
    • simoncion 10 months ago

      These are exactly my questions. If I never, ever know about those pictures and never, ever have my life affected by those pictures, what is the actual harm to me?

      If the answer to them ends up being "Well, it's illegal to take non-consensual nudie pictures.", then my follow-up question is "So, why isn't the failure to protect my personal information also illegal?".

      To be perfectly clear, I do believe that the scenario kibwen describes SHOULD be illegal. But I ALSO believe that it should be SUPER illegal for a company to fail to secure data that it has on me. Regardless of whether they are retaining that information because there is literally no way they could provide me with the service I'm paying them for without it, or if they're only retaining that information in the hopes of making a few pennies off of it by selling it to data brokers or whoever, they should have a VERY SERIOUS legal obligation to keep that information safe and secure.

      Reply View 2 replies
      • lcnPylGDnU4H9OF 10 months ago

        > to fail to secure data that it has on me

        Just want to point out that the company is usually also doing what it can to get other information about you without your consent based on other information it has about you. It's a lot closer to the "taking non-consensual nudie pictures" than "fail to secure data" makes it sound.

        Reply View 0 replies
  • JumpCrisscross 10 months ago

    > it's pretty clear that you are directly harmed if someone takes naked photos of you without your knowledge or consent and then keeps them

    Sure. In those cases, there are damages and that creates liability. I'm not sure what damages I've ever faced from any leak of e.g. my SSN.

    Reply View 3 replies
    • pixl97 10 months ago

      I mean most people won't until that day they find out theirs a house in Idaho under their name (and yes I've seen just this happen).

      The problem here is because of all these little data leaks you as an individual now bear a cost ensuring that others out there are not using your identity and if it happens you have to clean up the mess by pleading it wasn't you in the first place.

      Reply View 0 replies
    • pc86 10 months ago

      The real kicker is trying to prove which leak your SSN came from. If your SSN gets leaked by 3 different companies, and 6 months later someone uses your identity to commit some crime, you can't have each company share 1/3 of the blame.

      Reply View 1 reply
      • BlueTemplar 10 months ago

        I don't see why they couldn't all share the full blame ?

        It's not like there's a "conservation of blame" law.

        Reply View 0 replies
ranger_danger 10 months ago

>I neither consented to allowing these companies to have my data, nor benefit from them having my data.

I think both of those are debatable.

Reply View 1 reply
lesuorac 10 months ago

I don't think thats a proper parallel.

I think a better example would be You (AirBnB Host) rent a house to Person and Person loses the house key. Later on (perhaps many years later), You are robbed. Does Person have liability for the robbery?

Of course it also gets really muddy because you'll have renting the house out for those years and during that time many people will have lost keys. So does liability get divided? Is it the most recent lost key?

Personally, I think it should just be some statutory damages of probably a very small amount per piece of data.

Reply View 7 replies
  • pixl97 10 months ago

    The particular problem comes in because the amount of data lost tends to be massive when these breaches occur.

    It's kind of like the idea of robbing a minute from someone's life. It's not every much to an individual, but across large populations it's a massive theft.

    Reply View 1 reply
    • lesuorac 10 months ago

      Sure and if you pay a statutory fine times 10 million then it becomes a big deal and therefore companies would be incentivized to protect it better the larger they get.

      Right now they probably get some near free rate to offer you credit monitoring and dgaf.

      Reply View 0 replies
  • polygamous_bat 10 months ago

    > I think a better example would be You (AirBnB Host) rent a house to Person and Person loses the house key.

    This is not a direct analogue, a closer analogy would be when the guest creates a copy of the key (why?) without my direct consent (signing a 2138 page "user agreement" doesn't count) and at some later point when I am no longer renting to them, loses the key.

    Reply View 2 replies
    • lesuorac 10 months ago

      I'm still much more interested in the answer to who is liable for the robbery.

      Just the Robber? Or are any of the key-copiers (instead of losers w/e) also?

      Reply View 1 reply
      • Dylan16807 10 months ago

        I don't really care about the answer to that specific question, where there's only one household.

        What I will say is the guy that has copies of 20000 people's keys should get in trouble if he loses his horde.

        Reply View 0 replies
  • 8note 10 months ago

    This version loses multiple parts of things that are important

    1. I have no control over what was stored 2. I have no control over where the storage is

    The liability in this case is the homeowner/host, as you should have and had full ability to change out the locks.

    To make it more similar, I think you'd need one of the guests to have taken some amount of art off the wall, and brought it to a storage unit, and then the art later was stolen from the storage unit, and you don't have access to the storage unit.

    It's not as good as the naked pictures example because what's been taken is copies of something sensitive, not the whole thing

    Reply View 0 replies
  • mistrial9 10 months ago

    > You (AirBnB Host) rent a house to Person

    this is outrageously incorrect analogy.. you ASSUME property ownership in the first statement. Where are personal legal records analogous to owned property? by whom?

    Reply View 0 replies