The "only used in exceptional cases" argument is the same tired line every government uses before mass surveillance becomes the norm. Once a backdoor exists, it's not just "good guys" using it; it's an open invitation for abuse.
Indeed. During the pandemic, restaurants in Germany were required to track customer's information including addresses, so people could be informed in case of a confirmed CoViD infection of another customer who was there at the same time. Of course, this information was never to be used for any other purpose whatsoever.
In one case, however, there was a capital crime near a restaurant (or similar venue) and police and prosecutor used this information illegally to track down witnesses. They were sued after the fact and lost, but got nothing more than a slap on the wrist.
Once information is available, it will be used for purposes other than the intended one, even by the "good guys".
That’s a good way of thinking about it - it’s fun to think through how everything digital security-related from privilege separation (engineering controls) to mitigations (PPE) fits in that framework.
Oh is it being done by the same genius that built electric cars with no way to get out of the back when the power is out so if there's a fire and you're in the back you'll burn to death?
I used the following query in your favorite ai powered search engine, "what knowledge would I need to able to make an intelligent post similar to <insert above comment>, please give me some high quality reading sources"
Damn, you used an LLM to tell you that to learn more about "hierarchy of hazard controls" you should google "hierarchy if hazard controls" :) Truly a revolutionary technology!
You don't know what you don't know! Did I open myself to a sweet hindsight bias attack, luckily my saving throw worked. I used a search engine in a high dimensional space, not a fax machine.
I remember reading a similar story in Ireland on Reddit, where a guy started receiving newsletters and advertising texts that he only ate at once during the pandemic. Turns out the restaurant were using the contact details for Covid tracking for advertising purposes… diabolical stuff.
>I went through an E-ZPass controlled interstate once as a passenger
>Yet, I received "Pending E-ZPass payment" scam for a year.
I think you're overestimating how precise scammers' targeting are. They're playing a numbers game, so they're going to spam every who might have used ezpass, not carefully curate their spam list by buying real time location data from data brokers. I received phishing texts for banks that I don't have accounts for, so next time I get a phishing text for a bank that I do use, I'm not going to think my bank got breached.
I travel a lot due to work. Generally the destinations are the same, but a new country is added now and then. When I go there and come back, I also start to get spam in that country's language.
I currently have English, Spanish, Dutch and Italian spam regularly in my mailboxes. They all started after I visited respected countries, and continue since I still visit them semi-regularly.
That E-ZPass spam started right after I returned from US, continued for a year, ceased and didn't return.
Spammers have better targeting tools than we know.
>I currently have English, Spanish, Dutch and Italian spam regularly in my mailboxes. They all started after I visited respected countries, and continue since I still visit them semi-regularly.
It's far more likely your email addresses are getting leaked by airlines/hotels (or basically anyone you gave your email to during your travel) than random apps selling your location to data brokers, data brokers being competent enough link those locations back to your email, but somehow too incompetent to know that being in France for a month doesn't mean you're interested in buying French car insurance. The latter isn't impossible, but occam's razor says we should favor the more straightforward explanation.
>restaurants in Germany were required to track customer's information including addresses
Ironic they went along with this considering how chest-pumping Germans are about their government being all about protecting their citizens' "privacy".
>They were sued after the fact and lost, but got nothing more than a slap on the wrist.
Government workers don't care about doing a good job since if they break the rules they won't get fired and the fines are not paid from their pockets but from the taxpayers pockets anyway so there's no incentive to be competent at your job.
The German government, and maybe to a lesser extent the EU more generally, feels that the privacy of citizens from corporations (especially foreign ones, especially American tech ones) is important to preserve and protect. Privacy from the government is a different matter. The government, due to its being duly elected by the people, has an implicit right to pry into people's affairs if such prying can be justified as serving the public interest.
It's quite a different attitude than the USA. The USA is almost unique in being individualist to what some might consider an extremist degree, to the point where if the government intends to violate someone's fundamental rights, they may do so only under very limited circumstances and must document everything and prove that those circumstances had been met. In most of the democratic world, individual rights are just one factor that needs to be balanced against public safety, public order, etc. and the government has much wider latitude to violate even constitutionally protected rights on its own say-so.
This is how you get German prosecutors on 60 Minutes, grinning and laughing as they describe the shock people undergo as they are arrested and their computers confiscated and searched over literal mean tweets. For the Germans, it's normal -- necesssary, even, to have a functional society. To Americans it's abhorrent.
I'm not really all that surprised. Public opinion is easily swayed with good marketing.
The government mandated contact tracing, but not how it was to be implemented. There was a publicly developed open-source app for contact tracing that was perfectly privacy preserving.
Unfortunately, many restaurants instead used a commercial solution that was none of these things. What it did have was support from a mildly famous German musician and great lobbying. Most people didn't care, they just wanted to go to the restaurant.
Well. That's actually a good example. Because contact tracing can (and was) implemented in a completely anonymous way, at a technical level, storing no personally identifiable information.
You can do this, just like you can do e.g. video surveillance, in a secure and privacy-respecting way. There is just no political will.
It probably was. It was also illegal. As much as you, I, or even public opinion may agree that something is right, we can't have public servants knowingly violate the law when it is convenient. To accept that would be to forfeit many of your liberties.
In my state the law said that this checking information could only be used for contact tracing. So when the law says this and the cops drive over it in in a bulldozer, it's a bit shit.
That said, in my state the cops recruited and flipped a criminal lawyer who then back doored her high profile clients and gave confidential and privileged information to them them in order to build cases.
I'd agree that is a good case. But I'd still object to this tracking. It's a slippery slope. Who determines what is worthy?
We might like one government administration and highly expect them to respect the privacy. But what about the next administration? We've just seen Trump say he will withhold funding for universities with "illegal protests". I'd fully expect his administration to abuse this tracking, in the name of law and order.
When these apps were rolled out, they were specifically advertised as private and only used for contact tracking and nothing more on the basis that we as a society want to maximize their use for tracking to be effective. Reneging on this promise will backfire in any future pandemic.
Exactly. No matter how well-intentioned a system is at the start, once the data exists, it will be accessed for purposes beyond what was originally promised
Queensland Police gained access to the Check In Qld app in June through a search warrant after the theft of a police-issued firearm, which led to an officer being stood down.
Western Australian Police has used its data twice without a warrant, which led to the state then banning police from accessing the data, while Victoria Police has tried but been rebuffed on at least three occasions.
The police gained no advantage, no prosecutions were carried through, and in WA Quigley (then WA Attorney-General ) rebuffed the police and strengthened the fines for breaching. He is not (now) a fan of the police, despite having once been the police unions bulldog lawyer of choice .. he's seen too many breaches too close to ignore.
In 2007, his life membership of the Western Australian Police Union was withdrawn after his parliamentary attack on police involved with the Andrew Mallard case, where he named a former undercover policeman who had a role in Mallard's unjust conviction.
He planned to melt down his life membership badge, have it made into a tiepin with the words Veritas Vincit— "Truth Conquers", the motto of the school he attended—and present it to Mallard.
It also always lead to the same downward spiral of prosecutors complaining that the data they need to investigate drug trade is right there, but they can only access it for terrorism reasons, so why not add drug trade to the list of exceptions. Repeat with homicide, then fraud, all the way down to traffic infractions.
I once naively believed that us "good guys" have little to fear or to lose by yielding a little privacy for the greater good. Then I grew up and realized that governments routinely fail to wield such power responsibly.
And I refuse to believe that the politicians behind that travesty don't know that.
Also, if you already go to prison for not handing over your decryption keys when asked, the one purpose left for a backdoor can only be criminal abuse.
"To continue to demonstrate why tools like this are essential to our mission, we need to use them ... I urge everyone to continue to look for ways to appropriately use US person queries to advance the mission"
- 2024 internal email by FBI Deputy Director Paul Abbate
