> how big the number of false positives would have to be to shut the whole thing down?
Since it seems that false positives are uncorrectable (given that even a New York Times article hasn't gotten this one fixed), and the consequences of one are thus life-destroying, even a single false positive should mean shutting the whole thing down.
I disagree. The value Google and similar web services brings is enormous. That said, there should be people in the loop who are trained and authorized to work around the operational systems. This is the cost of doing business.
So, Google, Apple, Twitter, Facebook, etc should all shut down their scanning for CSAM? Do you realize the outcry this would produce?
Google is not unique here, nor does it have unique power. This story would be just as plausible, and difficult, if the company in question were Facebook or Apple.
Once a system exists to scan for this material, it’s quite easy to argue that shutting it off would be immoral and potentially criminal. “You had the means to identify abused children and help them, but you turned it off because you couldn’t work out a reasonable policy to deal with the false positives? Try harder, people.”
> So, Google, Apple, Twitter, Facebook, etc should all shut down their scanning for CSAM?
What they should shut down, is their irrevocable deletion of accounts. When the false positives trigger nuclear bombs, then yes, a single false positive is too much.
As far as I know, only Google does this, so everyone else can keep scanning in this argument.
Shutting down this new type of scanning is not the same as no longer scanning for CSAM.
It's curious how the big providers have been scanning for CSAM for YEARS with nothing making the news...because hashes are much different and don't false positive like this.
The process that has led to our phones scanning everything we do and condemning us in an opaque extrajudicial process began with much smaller violations of privacy and trust — analysis of our emails, tracking our movement with cookies, and so on. When these practices were introduced, some people complained, saying they were part of a motion that could only ratchet in one direction: toward ubiquitous surveillance and corporate control over more and more of our lives.
Cut to just a few years later, and here we are: "shutting it off would be immoral and potentially criminal". We can't go back! So, that clicking sound you hear is the ratchet turning.
It is interesting to me that CSAM is used as justification for such heavy-handed consequences and widespread surveillance. People use the internet to do all kinds of awful things, plenty of them crimes, plenty of those crimes being violent or personal property crimes. Murder, robbery, burglary, etc.
Obviously CSAM is vile and not something your average citizen condones. But so are those other crimes. I suppose children "pull on the heartstrings" more than your average victim, but children are also the victims of those other crimes. Why haven't we started surveilling personal messages to detect criminal planning in advance? Because more people understand the nasty implications of the government reading your messages, but few understand the implications of machine learning "detecting" CSAM in your Google Drive or Photos?
In the UK they also search for “terrorism related content” and other types of criminal media. While this isn’t required in the US (and neither is CSAM scanning) part of the impetus for building these systems is to satisfy non-US governments that don’t have the same constitutional protections that the US does. US law enforcement officials routinely join with their non-US counterparts in urging/pressuring US firms to implement these systems, knowing that once they’re built (non-voluntarily) for non-US compliance they will likely be turned on (“voluntarily”) for US customers as well.
That logic seems to go both ways, though. Actual child abuse is, surely, even more "life-destroying", right? So wouldn't it make more sense to tolerate any number of false positives if we can save just one kid?
I'm always amazed at the number of people who come to a complicated nuanced issue like this, accuse one side of having implemented an absolutist and inflexible dystopian monster, and then promptly demand an equally absolutist solution.
The libertarian answer might well be that we need to tolerate CSAM in the interests of free speech, but that's not the sense of the society we live in, nor of the laws it has passed. All paths must be middle paths.
I think this article points to a missing product in the market - integrated cloud services but with the cloud located on a private server in the home. Specifically for a company like Apple (who hand waives at being pro-privacy) to enable all iCloud functionality to be hosted on a personal mac. From a high level (and likely ignoring important but probably not insurmountable technical details), the idea would be for everything to look exactly the same to the iPhone user, but for all data and processing to happen on a machine the user controls. No Apple accessible or hosted user data, end-to-end encrypted in transit, etc.
One might argue there are products that can fill this niche and certainly many on Hacker News are capable of setting up their own home servers. However, that is not nearly as convenient or realistic for the average person to do. Those setups also don't integrate directly into default services like iMessage, Photos (including both storage and things like photo tagging), etc. Modern desktops and many people's internet connections should be powerful/fast enough to handle this.
To the extent user data is used to feed big-data algos/machine learning/etc, this might not be practical. That's why I suggest Apple do it rather than Google (Apple already claiming much of their ML services are handled on-device).
One might argue that's essentially something iTunes handled (still could?) but again it's not nearly as integrated as modern iCloud services. And that only works over a local network or direct wired connection.
The basic idea is just to move data hosting and processing from third-party servers where users have no direct control over how their data is used or accessed to hardware sitting in their home.
That only covers a subset of iCloud functionality though. Remote file storage sure. What about things like like backup the entire device with the ability to restore on a new iPhone, browsing history, app data (first and third-party), passwords, etc. AFAIK solutions aren't nearly as integrated. Which is why it would need Apple's support.
Then there are services like email, iMessage, reminders, notes, etc. The latter there may be some service that does it but not in the default apps. The former I don't know of any plug-and-play solutions not cloud hosted. For example, many privacy concerned people use Proton mail but that is cloud hosted and subject to search without the user's knowledge (hopefully provided a valid warrant, but I don't think that takes away from the point).
I'd also rather services like find-my-iphone, recent locations, and other map data be handled on a server I control without Apple having any potential access.
I'm not saying there are no solutions but I am saying that they involve tradeoffs that a first-party solution could make a lot smoother. I'd gladly pay for a home Apple server that could replace all iCloud functionality without having to change my habits. I suspect I'm not the only one - just look at their recent privacy focused offering that turns off a bunch of features for "at risk" individuals.
It more sounds like your fault for becoming overly-reliant on services that are only possible by putting your trust in one company. I'm also one of the people who does the whole "home NAS" thing, and I have no problem syncing my passwords, notes, dotfiles and whatnot.
This is the hook that Tim Cook has been setting up for years. They wanted you to take a bite out of their services without thinking about how their concentration of power effects you. Now that people are realizing that iCloud/Apple Pay/App Store are all just ploys to add an Apple Tax to other segments of the economy, they're relying on the people addicted to their services to justify it's use. When people talk about the degrading Apple ecosystem, this is what we're referring to.
I jumped off that racket years ago. Buy a few WD Reds and set up RAID, then you can self-provision your own cloud resources.
I don't disagree. Still, the situation remains and I bet Apple could charge another "tax" to remedy it. And to be clear, I'm suggesting a product offering not a regulatory solution.
Yep. I certainly wouldn't hold your breath for Apple to reverse their stance on services/the cloud though. They make too much money off it to encourage people to self-host. It may well take regulatory action before Apple puts their customers before profit margins again.
I don't see how that bit would be a problem. The market size, yes, it's a problem, but it's supposed to be a cloud service, there is no loss on the clients being open source.
yes there's a loss, not a monetary/economic loss, but a loss of (potential) power. the fact the loss is "potential" irks me about calling it a 'loss'; it's not quite a loss, but a missed opportunity to leverage more power over.
I suspect the market may actually be of decent size if you consider enterprises, journalists, politicians, and the like. Users who aren't necessarily tech savvy, won't stop using default services/apps without a fight, but who require a level or privacy that is currently somewhat compromised.
Have you seen the unmitigated dumpster fire that is mass-market Wordpress hosting? Now imagine that, but even worse.
Users who aren't tech savvy who are trying to run their own mission-critical software on their own hardware:
1. Should expect to pay $200+/month for a support plan. That will buy them one hour of an engineer's time per month. They are going to need that time, because deploying software is hard, keeping software running is hard, and there are no SRE/DevOps economies of scale when every Tom, Dick, and Harry wants to run their own service on their own hardware.
2. Should expect to either deal with all the problems (stability and security) that come with regular auto-updates, or regularly getting pwned (because they aren't auto-updating, and because they are a juicy, high ROI target for bad actors).
3. All this stuff already exists for enterprises, and they aren't complaining in these HN threads, because their needs are being met by cloud providers (As are the needs of politicians. Because they generally don't need security, they need security theatre. As long as they can check the compliance checkbox, they are in the clear.) The people whose needs aren't met are the long-tail small-fry of journalists and hobbyists and their ilk. Who aren't enough of a market, and can't afford the money, and the time, because see points #1 and #2. Like, maybe the NYT can afford to have this set up, and set up well for their people, but they already have dedicated IT teams doing just that!
We want it to be open source because open source is the only source of services you can run at home or on premises at a small business for a reasonable cost.
It's really a supply side issue pretending to be a demand one. Self hosted services of all kinds are woefully underdeveloped.
Tech giants aren't going to encourage you to own your data and hardware by spending effort on supporting it, because that undermines key reasons for building cloud services: surveillance and control.
Self-hosted services are woefully underdeveloped because people outside the open source community generally don't want them. I'm familiar with a couple of small organizations who've been around since the pre-cloud days; all of them hated "the server" and love that Google enabled them to get rid of it.
> Tech giants aren't going to encourage you to own your data and hardware by spending effort on supporting it
On the contrary, it would make a lot of sense for Amazon to work on open source self-hosted server apps, because they would seem to be the answer to the question, "Why would a non-techy want a cloud VM." Surely their PMs must day-dream about a future in which a cloud VM is as common a monthly fee for a middle-class family as a gym membership or netflix subscription, right?
Fake edit to add: there's a startup devoted to solving this problem with a novel OS intended to be a good platform for server-side apps, and since they appear unlikely to get traction I would be very happy to hear that Amazon is forking or duplicating it, just because I so badly want to be a user of such a product.
That's one of the reasons I point to Apple as the company that could theoretically do it. Apple devices talking to Apple software running on Apple hardware. As a partial (but less complex) analogy, consider how seamless AirPods are vs bluetooth headphones.
If the server software were confined to macs, that would also act as marketing just like iTunes was mac only for a while. Though I recognize Tim Cook seems far more interested in selling additional services than hardware unfortunately.
I love this idea and hope it comes to market. Apple could easily turn it into a subscription and have the user provide their own storage (aka upsell internal storage). I was curious how users without a stationary Mac (aka a MacBook that doesn’t have ~100% uptime) but I’m sure they could create a network sharing between devices when they are on the move.
Unfortunately, iCloud works well for probably 99% of their user and, like someone in this thread said, the only people interested in this service are in this thread.
> We want it to be open source because open source is the only source of services you can run at home or on premises at a small business for a reasonable cost
Many, many HN users want open source primarily for ideological reasons. A closed-source solution (or even a source-available one) is unacceptable for that reason alone, and not related to cost or practicality.
The product that kicked off the topic is Google Photos, which I recently neared my storage limit on. Sensing that Google One may not be an ideal next step, I set up my phone to backup photos and videos to my Synology instead using DSFile (Synology's file manager for Android). This has been pretty awesome so far, at least for my use cases.
I think Synology is the closest product I know of that provides something like what you're describing, though, as you point out, it's not OSI open source.
I use google photos for access, not backup. So, I can not only access all my photos from anywhere, I can also take advantage of their ML driven search. I'm not entirely happy with the UX of Google Photo's but it's 1000x better than a self hosted file share
Ah, misunderstanding, perhaps. Synology offers global access, search, browsing, a dedicated app, and face detection. I just set up backup through the file manager.
But what reason is there to believe that the synology software stack isn't doing the same scanning of your texts, photos, whatever you put there. What happens if synology decides you did something illegal or 'bad' whatever that could mean, could they block your access on your own device, even if you were exonerated? And while that seems to be a great system, they can have bugs, make a mistake, have bad policies.
I don't see a solution for this. Billions of people and probably a ton of people reading this on hacker news like me have their stuff at google or another top cloud provider. Google causes untold suffering for people by not let people recover their accounts. There was the recent librarian letter requesting help for people this happens too. We might know someone at google to ask for help. Wonder if this person did.
They only provide DNS. I choose when and if to update. Very different setup from Google, in many ways that matter to user autonomy.
Most importantly, due to users hosting all the data using their own physical space, electricity, and bandwidth, the incentive for Synology to scan everything stored evaporates: they are not on the hook for illegal files hosted on a server in someone's home. I think the picture is less clear when it's Google or Apple doing the hosting, which leads them to scan people's files as a policy.
>I think this article points to a missing product in the market - integrated cloud services but with the cloud located on a private server in the home.
I don't know, this sounds like a technical solution to what is a political problem. Gmail, today, already scans your email for ads; what if congress decides that they started doing CSAM on your emails? How feasible is it for everyone to host their own email in that situation?
This also echoes the controversy with CSAM scanning in iCloud. There is no clear national consensus if the government should be allowed to invade your privacy when it comes to child abuse. Ironically, terrorists seem to have better privacy protections than a pedophile.
Personally I don't think CSAM scanning of your private data should exist, much like I think everyone should be afforded E2EE communication even if they might break the law with it. Whether we allow our privacy to be invaded in such a manner is a political/regulatory problem. A "private cloud" doesn't help if congress decides that comcast should also be allowed to MITM your SSL connection to scan every image you donwload.
> The process of selecting and showing personalized ads in Gmail is fully automated. These ads are shown to you based on your online activity while you're signed into Google. We will not scan or read your Gmail messages to show you ads.
Although it's a fair mistake; Google used to do this.
Here is an except from my "welcome to Gmail" message, from Google, from June 2004:
"You may also have noticed some text ads or related links to the right of this message. They're placed there in the same way that ads are placed alongside Google search results and, through our AdSense program, on content pages across the web. The matching of ads to content in your Gmail messages is performed entirely by computers; never by people. Because the ads and links are matched to information that is of interest to you, we hope you'll find them relevant and useful."
Notice is says “for ads,” and not in general. The terms sneakily allow them to still
profile you or use your content in other ways, like training ai systems or reporting you to the government
> A "private cloud" doesn't help if congress decides that comcast should also be allowed to MITM your SSL connection to scan every image you donwload.
Not to be overly pedantic, but I don't think this is true on a technical level? Any "private cloud" worth its salt would presumably use its own E2E encryption, with keys known only to the owner.
The government could force the private cloud vendor to build a back door, but that's kicking things up a notch. The vendor could also decide to build a back door on their own, I suppose... which is another reason people in this market tend to want open source.
> A "private cloud" doesn't help if congress decides that comcast should also be allowed to MITM your SSL connection to scan every image you donwload.
It also doesn't help if you send the image in an email to a third party that doesn't share encryption keys with you. Which is going to be the case for situations like the one described in this article unless your "private cloud" expands to include all your health care providers--not to mention your bank, your insurance company, etc., etc. Which of course it won't; all of those third parties are not going to care what your private cloud setup is; they're going to use whatever all the other large companies use.
Apple is never going to do this. Their largest growing source of income is "services" (iCloud, etc...) They make a ton of money charging users for those services
> I think this article points to a missing product in the market - integrated cloud services but with the cloud located on a private server in the home
Absolutely. But who's going to sell it to the masses? Most people don't care, as they haven't been told to - no one has sold it to them.
And who is going to explain about the erosion of privacy? Would that be Google, the government? Why, when both are beneficiaries of the existing system (ie making money for google, increasing control and monitoring for govts)? This is a market that is studiously ignored as it is in no one's interests!
Do you remember when Google piled into rss only to try its best to then kill it? When data is your business, it makes no sense to cut yourself out of the intermediation.
You are right to point at Apple, as they have been and still probably are the blocking piece for this to not become a reality.
NAS vendors saw that future and worked toward it. Synology's solution is pretty extensive and could have been a real game changer... if it wasn't for:
- being a PITA to handle network shares on the mac
- iTunes being the prevalent link to iPods and iPhones for such a long time, even for local file exchange
- music files being the sanctuary no third party messes with on iPhones
- photo sync being such a PITA as well for anything non Apple for so long (still is?)
- iOS backups being iCloud only
- even Time Machine backups require more specific adjustments that make it harder for normal people to use outside of the Apple offering.
Don't get me wrong Google also screws the market in so many nasty ways, but Smartphone got rebooted by Apple, and they royally fucked it for so many third party applications to cement their own services' profits.
You are describing Nextcloud. My family and I host virtually all of our data on our own property and while there are off-site backups they encrypted with hardware backed cryptographic keys we are not legally obligated to supply to anyone under any circumstances under US law.
This is the only way I am aware of to maintain a life with most modern technical conveniences and still have the protections or the Fourth and Fourteenth Amendment.
If anyone wants to pursue this type of digital sovereignty, I founded an organization called #! that will happily teach anyone interested.
https://hashbang.sh or #!:matrix.org
I am quite excited about digital sovereignty, but not excited enough to run a script from a website whose only visible content is the text "sh <(curl hahsbang.sh | gpg)". And the 4+ pages of script in the page source are not enticing me to proceed...
Can’t you achieve a lot of this if apple merely enables end to end encryption with iCloud? That way, only keys you own can be used to decrypt the data, so it isn’t a big deal that encrypted data is on the cloud.
This is where e.g. much of "free market" rhetoric and e.g. Libertarianism need to take a severe backseat.
Given the reach, it's absolutely time for "government interference." Now, I'm not actually saying that we definitely should shut things down. But we absolutely need to drag Google people into public hearings and such. Google et al have inserted themselves into their lives to an extent that they ought no longer be able to claim "but we're a private company." It's increasingly difficult, if not impossible, to opt out.
Example; I fully intended for my children to not have anything like a Google account until a certain age -- but then the pandemic and remote schooling happened. It is true that with a great deal of pain to teachers et al I could have opted out, but that would have been literally unreasonable, not to mention unsustainable for other people.
I think good places in the past to look are "warning labels" and/or "common carrier"-like ideas.
Warning labels today, I think means "fixing voluminous EULA crap," which we've done in other fields reasonably well, e.g. the FDA I think is pretty solid here. Simply requiring "readable" terms of services I think would go a long way (though you have to wait a bit for things to shake out.)
The general principles behind "common carrier" type services would also be a good idea to start thinking about; they essentially just say "When your product or service becomes a day-to-day thing for a lot of people, we're going to hold you to certain accessibility rules."
I think I largely agree with you about getting the government involved. But the nature of that involvement is important here.
As I see it the fundamental problem is not that Google isn't behaving as a responsible steward of free speech. The problem is that Google shouldn't have this power to begin with. By law, Google should be allowed to capriciously and arbitrarily shut down a user's account. It's their service, they shouldn't need to provide a justification. But Google shouldn't be in a position where they control so much of the market. There needs to be real competition in this area so users can easily switch to a different provider if they lose faith in Google's reliability. Where the government needs to be involved is in ensuring real choice in a free market, rather than the current duopoly.
Ensuring a free market isn't easy. It's much easier to simply pass a law that says that Google (or a company in a similar position) needs to provide better service or offer users recourse to dispute this sort of service interruption. But that's just putting wallpaper over a crack. We need the government to commit to the hard work of enforcing open standards of interoperability so smaller entrants can get into the market.
I'd like to see a private equity style Competition Authority. The idea being the gov would come into a monopolized market and fund new competitors. I say PE because I'd rather the people profit if successful rather than subsidies but the real point is funding more choice vs only having the power to breakup or constrain existing corporations. Another tool in the toolbox.
Essentially, though -- this is just "more regulation with extra steps."
Just pass the regulations and competition will likely find a way around it. Honestly, this to me is the biggest blind spot in all of "pro free market capitalism." The good flavor of capitalism is antifragile, You can make competition better precisely by making things HARDER on private companies, not easier. Stuff gets better because the weak die.
If we've allowed Google (and a few other select tech companies) the privilege of becoming de-facto monopolies in their space (and I believe we absolutely have, often intentionally as government policy in the international space) then they should be bound by the same rules that the government is.
I think this is even more obvious when you consider how some of these companies creep into government processes.
Ex: Google classroom is estimated to be in use in more than 60,000 schools across the US. This means that a Google account is required for all students in these schools (opt-outs exist, but are impractical, hard to enforce, and often cause you to be labeled as troublesome by teachers and staff).
If my child attends a public school that is using Google software and requiring a Google account - The government damn well is involved, and I expect the government to require the same rights & due process for a Google account as they do for other governmental actions.
> By law, Google should be allowed to capriciously and arbitrarily shut down a user's account. It's their service, they shouldn't need to provide a justification.
I strongly disagree.
While there should be some level of protection for large companies ability to terminate customers at will, there also need to be consumer protections against unreasonable EULAs and capricious decisions. (Edit: some such protections already exist, so it is a question of if and how we shift the balance between consumer rights and corporate rights. I think as the companies grow larger, more powerful, and more integral to our daily lives, that balance needs to shift further towards consumer rights given the power imbalance.)
When companies sell us digital goods and become integral parts of our digital lives, there arises a need to balance their rights of free association against the rights of their users to due process.
That is not to say that simply mandating a fair dispute resolution system is a sufficient solution, but it is a necessary step.
I think mandating data portability and maybe even interoperability is also necessary (though an interoperability mandate seems tricky to do well.)
Google is not selling you any digital goods. They provide services like GMail for free to people. That is a big part of the problem: users are not paying customers and so have no leverage, as they would in a proper customer relationship. Instead, users are the product, and the actual paying customers have all the leverage in determining how the product is treated.
> Google operates a number of stores for books, movies, music, apps, electronics and more.
None of which are relevant to the issues of privacy being discussed. The relevant Google services, such as GMail, are provided for free (meaning no money is paid); that's why so many individuals and institutions, including government-run schools, shortsightedly adopt them without considering the actual (non-monetary) costs.
> Being a paying customer is no protection when
...you are only a paying customer for products that have nothing to do with what you're complaining about. Google isn't going to care any more about your GMail privacy just because you happen to have bought some books, movies, music, or apps on Google Play or own a Pixel phone. They have demonstrated that quite clearly for years now.
> None of which are relevant to the issues of privacy being discussed.
The issue being discussed is a company like Google banning your account with no recourse. Privacy only comes into play in this discussion because the given reason for the ban comes from the scanning of Google Drive uploads for CSAM, which has nothing to do with Google selling your data or targeting ads at you and is done regardless of whether you pay for Google Drive storage or not.
Google operates a single account across all their services, so a ban for a Google Drive CSAM false positive means that you lose access to not only the contents of your drive, but also any books, movies, music, apps, cell service, advertising campaign, hosting, etc.
This is tangential, but your opening statement threw me for a loop. As a Libertarian, I've spent a lot of time arguing with people on the left and right who are on the pro-censorship side when it comes to corporations. While it wouldn't surprise me to see a Libertarian take a position against individual liberty on this issue, I have not seen that happen. Your ire may be better directed at the ones in the driver's seat who have the power to address this and refuse to do so rather than the powerless minority who consistently get this right.
> But we absolutely need to drag Google people into public hearings and such
We have dragged Google into public hearings. The problem is that the purpose of these hearings has always been to collect soundbytes rather than to try to define a relationship between internet services, the people, and the government.
> This is where e.g. much of "free market" rhetoric and e.g. Libertarianism need to take a severe backseat.
No, it's where we the people need to understand that rights come with responsibilities. If you want to claim the right to keep your data private, you need to not give it to third parties that you know are not going to honor that. And knowing that is easy when it comes to Google, Facebook, Twitter, etc., because of the simple rule that if you're not paying for the product, you are the product.
The problem here is not too much free market and libertarianism, but too little. The ultimate reason for this...
> It's increasingly difficult, if not impossible, to opt out.
...is that the government has inserted itself more and more deeply into our lives, and we have let it. For example, your kids' schools are beholden to Google because they are run by the government, which is insulated from free market competition and can just punt on providing proper infrastructure. And the reason why Google, Facebook, Twitter, etc. can survive on the ad-supported business model, instead of having to make their users actual paying customers as would be the case in a real free market, is that the government has set things up to favor them. They can get cheap loans to build the massive infrastructure they need because of government monetary policy. They can insulate themselves from any effective legal challenge because of the way the legal system is set up.
> your kids' schools are beholden to Google because they are run by the government, which is insulated from free market competition and can just punt on providing proper infrastructure.
Private schools are just as beholden to Google. No school is going to compete on the basis of "we don't use Google services (we pay for more-private infrastructure)", in any world, ever.
> we the people need to understand that rights come with responsibilities. If you want to claim the right to keep your data private, you need to not give it to third parties that you know are not going to honor that.
So if I'm a parent of a school-age child, what exactly do you think I should do? If I don't decide that Google accounts are enough of a reason to homeschool my child, will you claim I don't understand that rights come with responsibilities, and that I (and my child) don't have any right to expect our data to be private?
We live in a society. Sometimes the only way to crack collective action problems is government intervention.
> No school is going to compete on the basis of "we don't use Google services (we pay for more-private infrastructure)"
Um, what? Didn't you just get through saying you don't want your kids to have to have Google accounts just to go to school? Do you think you're the only parent who wants that? Isn't the protection of your kids' privacy by the school worth something?
If you're unwilling to pay anything more than zero for something you claim you value, then your claim that you value it becomes, to say the least, questionable.
> if I'm a parent of a school-age child, what exactly do you think I should do?
You mentioned homeschooling yourself. In our current environment, unless you are very lucky in what school district you happen to live in, that is probably the only option to avoid giving up your kids' privacy.
> don't have any right to expect our data to be private
Google apparently doesn't think so, and neither do your kids' current schools (and I suspect your implication that the vast majority of schools in the country are similar is correct), which means the government that runs those schools doesn't think so either.
> Sometimes the only way to crack collective action problems is government intervention.
No, that's my point: governments do not solve collective action problems. They grab power using the excuse that they are going to solve such problems Real Soon Now, but they never actually do. Governments run all the public schools in this country: they have had all the tools they need to solve the collective action problem of how to protect kids' privacy in a digital world for quite some time now. And they don't care. And this is just one of many, many examples.
> If you're unwilling to pay anything more than zero for something you claim you value
I'm willing to pay something for it. That doesn't imply I'm willing to pay an unlimited amount for it. Google accounts are not in the top 10 things I care about with regard to schools.
> You mentioned homeschooling yourself. In our current environment, unless you are very lucky in what school district you happen to live in, that is probably the only option to avoid giving up your kids' privacy.
My mention of homeschooling was intended to drive home the point that the only way to avoid Google in this situation has incredibly high cost, out of proportion to its benefit. If you truly think that a parent should homeschool to avoid giving data to Google, that's an extreme view.
That does not mean I don't think giving data to Google is harmful!
> No, that's my point: governments do not solve collective action problems. They grab power using the excuse that they are going to solve such problems Real Soon Now, but they never actually do.
Apparently your solution to collective action problems is that individuals must take action, without coordination, even when it's individually counterproductive. And you view failure to do so as indicative that they place no value on the problem getting solved. In other words, you seem to dismiss the notion of the "collective action problem" as a phenomenon at all. Frankly, I find this view absurdly naïve.
> you seem to dismiss the notion of the "collective action problem" as a phenomenon at all
No, I'm just objecting to the claim that governments can solve such problems.
> the only way to avoid Google in this situation has incredibly high cost, out of proportion to its benefit
That's because the current situation was created by a collective action failure, one which governments have not done anything to help and have in fact made worse, by doing the same thing individuals have been doing: shortsightedly taking advantage of "free" services from Google without considering the actual (non-monetary) costs.
Governments are not going to fix this situation. The only way to fix it is to invert the collective action that caused it in the first place. I agree that, because of the depth of the hole we have dug ourselves into, climbing out of it is a huge effort. That doesn't change the fact that the problem won't be solved any other way.
It seems like the simplest solution here would be to not ban accounts automatically for CSAM detections, but to have a process to do so based on police recommendation.
Clearly Google already has a process to escalate detection to the police so banning the account based on what happens there doesn’t seem like a big leap.
> It seems like the simplest solution here would be to not ban accounts automatically for CSAM detections, but to have a process to do so based on police recommendation.
The police aren't going to recommend a ban. They don't want people banned. They want people arrested, tried, and convicted for criminal possession. They're going to recommend keeping the account open until they have enough evidence to take it to court.
Which seems completely fine. If the person is being investigated and they are continuing to commit abuses, the police will immediately arrest them and have evidence to bear increasing the odds that society locks the person up prompty. If the suspect is in custody, what does the status of their account matter? The point is that the account ultimately gets closed and the data purged if the suspect is found guilty, so what benefit is there to anybody in being delete-happy?
Google probably doesn't share the same rosy outlook. Long-running investigations that do not result in charges will be bad PR. The headline "Google shared private data on 100s of innocent users with law enforcement" will not be received well.
> the tremendous trade-offs entailed in the indiscriminate scanning of users’ cloud data.
It might be helpful to frame any cloud-based scanning of user activity or files as akin to mass-testing in health. While it sounds good in principle, there is always a background rate of false positives. And being incorrectly diagnosed can have negative consequences. There has been a large amount of examination of the consequences of mass-testing for various diseases without indication.
Google by not answering is giving a clear message: if you test positive, even if you are then cleared out of all wrongdoings, you are going to be banned for life. So better be extra careful and don't even take children's pictures, even if your own or in perfectly valid scenarios.
The problem is, this isn't Google, this is the government. All platforms, even Apple, are doing this. They aren't doing it voluntarily either, they did this under direction of laws, or threats of measures against them, such as banning their platforms from large economic zones.
Note that these laws don't mention platforms by name. So not copying your chats and images to the authorities, even going so far as using an application you custom write for a particular conversation, from even social workers and certain (not even named) private organisations (not even just the police or justice departments) will be illegal regardless of the content. They haven't even bothered to list which institutions are to have access to your chats. Just "law enforcement". Do I need to copy Latvian law enforcement on a message I send from France to my wife in New York? It's actually not clear.
Any point where the law would require a little bit of effort by government, everything is left open. And these laws require a LOT of effort and infrastructure by governments to even enable citizens to comply with them.
Call me a cynic, but I find it very hard to believe EU or US citizens would vote for their private chats or pictures to be copied even to the police, or scanned for anything at all.
Never mind that, of course, said authorities haven't even bothered to make it possible for other platforms to do said reporting (I guess Facebook, Google and Amazon just find phone numbers to call somewhere, and then send unencrypted email with the material, because anything else just wouldn't work). Of course there is zero mention of what a person can do if such reporting mechanisms are used to discredit them (for example, send CSAM to your ex/political adversary, call the police on them).
And of course, the police, social workers' and other institutions reputations where it comes to helping victims of CSAM is beyond terrible. In a lot of countries, including the US, cases where people protect children against CPS, even in cases of abuse, are easy to find. The reason is the extremely bad treatment child victims receive once reported, in other words: these reports aren't helping the victims at all, and this is a problem well-known for decades. It's not likely to improve any time soon. Cases of children fighting against these institutions when they are the victim aren't just well known ... they're actually the norm, the expected outcome of such interventions.
I'm against conspiracy theories ... but I do agree with them on one point: I find it very hard to believe laws like this are even meant to protect anyone, other than the institutions stuff is being reported to themselves. If they were meant to protect, then we would make sure the treatment of children after reporting would be great, AND THEN go look for children in problem situations. The opposite is happening. You want my guess? These extreme measures are attempts to minimise the times government institutions get embarrassed by (the extremely rare cases of) serious crimes against children, which are still mostly missed.
Then they're in violation of EU regulations. And while I grant you that for the moment this is probably true, Apple will lose this fight and start scanning chats and messages.
The key point, regardless of the subsequent disagreements about Apple, is that this involves the government. Consequently, it is easy to argue that Google and Big Tech aren't private companies and thus subject to the Bill of Rights.
Part of the problem IS google and their refusal to reinstate accounts once police cleared the accused:
> Mark asked if Mr. Hillard could tell Google that he was innocent so he could get his account back. “You have to talk to Google,” Mr. Hillard said, according to Mark. “There’s nothing I can do.” Mark appealed his case to Google again, providing the police report, but to no avail…
> A Google spokeswoman said the company stands by its decisions, even though law enforcement cleared the two men
I don't think it is that simple. That the police don't "take" a complaint means nothing. A crime could still be committed. This means nothing.
Second, what is Google to do? Clearly the picture is not ok, I mean hopefully we can agree on that. Yes it isn't reason to suspect child abuse, but it isn't ok to spread either, which is of course what Google is worried about.
Going through the account and removing this picture is ... also very much not ok. Hell, not even just because of the privacy invasion that would be. On what basis would they declare things safe? There is no guidance in the law on what is allowed.
The government just throws the entire thorny problem on Google and then declares itself not available for comment.
So I don't see what you want Google to do here. I don't see what options they have. Restoring access to the account may be a crime for Google (that might turn out to be "knowingly" allowing the spread of CSAM). Going through the account and removing the material is fraught with problems too, starting with the impossibility for Google to declare material safe, as well as privacy issues.
This doesn't necessarily take away from your point, but commonly under the law there is a legal fiction that holds a corporation is considered a "person"[1].
> power ... exerting force over a minority ... free software movements
were never about the openness nor the accessibility of the source
code. But about issues such as this.
Yes, Free Software culture has always been more about justice on a new
(digital) frontier where new forms of injustice and abuse roam wild
(and have only grown worse).
I sincerely think the best model for understanding big-tech
corporations like Google is as serfdom under feudal warlords within
modern fiefdoms. It closely mirrors these historical power relations
where laws and constitutions have nothing to say.
The article is long and complex but I eventually found the kernel in
this line:
> "A Google spokeswoman said the company stands by its decisions, even
though law enforcement cleared the two men."
Though the moral questions behind it all are very complex, this case
is not itself actually that complex. There was no mistake. No lack of
proper investigation or tardiness by the police. The child, parent,
doctor and police - all of the parties except Google - acted fairly,
in good faith, mutuality and consent.
Google is the problem here, and simply believes itself a law unto
itself, that's the nub of it. For all the posturing about complying
with the laws of nation states, companies like Facebook and Google
have grown smug about their power. When they roll over the toes of the
innocent, they laugh and say "and what are you going to do about it?"
We are in new "might is right" times and nobody big enough has yet had
the courage to say "Act justly, or we will hurt you back", and then
follow up.
For the ordinary citizen, the only sensible course is to resolutely
refuse to use their services and products, and Free Software which
provides so many alternatives to Google, Microsoft, Facebook and
suchlike is the solution. It is the moral choice that a good
citizen can and should make in these times.
Does a petition/campaign in Mark's favour have any hope of getting Google to restore his account ?
the most frustrating question I have - Why isn't Google restoring his account despite him being cleared by the police ? Why are they not even explaining this ?
This is an under-appreciated factor in regulation ignored by the reflexive "regulation bad" crowd. Companies can welcome regulation, and not in a malign, regulatory capture fashion.
One case could be this one: doing the right thing could open you up to attacks from bad actors. A regulation could give you air cover (and legal cover).
Or lets say you want to be more environmentally friendly but customers won't pay extra. Your competitors do too, but of course you can't agree to do this (that's collusion). A regulation removes the risk and is applied to all.
I am utterly baffled as well. This was literally a front-page article in the NYT, not just the online home page but front page of the paper edition [1].
It's one thing to get the attention of some Googlers on the front page of HN, it's a whole other order of magnitude for the front page of the NYT.
I cannot imagine how this hasn't become an urgent priority for Sundar himself to make sure this gets fixed and fast, at a minimum in these known situations. What could they possibly still be debating or deciding inside there at Google...? Police determined no charges, so restore the accounts. I don't see any potential risk, legal/reputational/otherwise, this would open up. Google's inaction here boggles the mind.
I'm surprised at how long this has gone on, but not at all surprised that it happened. Based on my experience at Google, I would have expected the NYT article to get it unstuck within 2-3 days.
When I was at Google, I was continuously amazed at how hard it was to stop this kind of own-goal when we knew it was happening. (Based on where I was inside Google, I came across (dramatically-less-sensational) obviously dumb decisions of this sort).
It was always shockingly hard as a Googler to get traction on fixing some customer's bureaucracy-navigation problem -- but usually it getting into the press finally got someone through the bureaucracy.
I’m right there with you in dismay, but I think this has been building up a while: consider how long there have been Google employees who browse HN, fully aware of how broken processes are damaging users and developers, and just sitting on the sidelines because they’re in it for the paycheck.
My (somewhat cynical) explanation is that they want to deter people from taking these types of medical pictures on their phones, since that makes Google's job easier.
Rather than improve their AI to avoid more of these types of false positives, or invest in their customer support teams to deal with these situations, they can eliminate this entire class of false positives by scaring people with articles like this.
EDIT: which if true, is kind of extra fucked up when you consider the potential consequences of delaying medical treatment for a child.
Google has become too large. As a result, they're a threat rather than a benefit to the web ecosystem.
We saw similar stuff when banks were getting bailed out because they were "too big to fail". That meant that their very size was a threat to the financial system - they were really too big to allow to exist.
I don't think Google's doing this out of a deep concern for CSAM and hatred for due process, but I think it's in fact the law itself that essentially requires corporations to have these trigger bans otherwise they'd face liability.
Think about Google's alternatives here.
They could (1) not have CSAM filters -- your data is private no need for Google to scan anything -- in which case people would use their platform to distribute illegal content and they'd be a nice target to get massive damages from.
Or (2) give people due process, rights, appeals, etc despite not having any of the tools of a court of law, it's even illegal for them to look at the evidence, and if they make the wrong decision or they make the right decision too late they're still liable for their platform being used for illegal activity. Keep in mind the only way to truly know if material is sexually explicit is to show it to Potter Stewart. He'll know it when he sees it.
Or (3) be proactive in building systems that detect illegal use of their platform and aggressively, without process or appeal, remove any user of the platform the moment you have any evidence at all they are engaged in this activity.
Because people will try to use Google's platform for illegal activity and Google knows this, (3) is not only the only sensible option but it's actually the only legal option. It would, in effect, be illegal for Google to do anything other than scanning all your files and aggressively ban people.
I'm not a fan of this phrasing because it absolves Google of responsibility. If the CSAM is on a Google server then Google is possessing and distributing CSAM. You can say they're doing it unwittingly or unintentionally but that doesn't change the fact that they're doing it.
What's wrong with (4) - report all CSAM positives to the relevent authorities and then abide by their decision?
They don't need any of the "tools of a court of law" you mentioned in (2) if they defer to the authorities and then stay in their lane.
It seems to me that the big issue here is Google digging its heals in on an account ban, even when the victim of a false positive had been cleared by the police.
>As company shareholders, BlackRock and Vanguard can vote on behalf of their clients at company shareholder meetings. Both firms also have “investment stewardship” functions, which enables the proxy votes.
>BlackRock’s spokesperson said the votes can also be carried out by a portfolio manager – and in some cases at BlackRock, can be carried out by the clients themselves (here).
>BlackRock and Vanguard do not “own” all the biggest corporations in the world. They invest trillions of dollars into leading companies on behalf of their clients, who ultimately own the shares.
So blackrock/vanguard can "hide" their "big" investors, depending on the company "invested in", or is this public info?
That said, it is actually blackrock/vanguard ppl on the boards, and often they are the biggest ones, and expecting no steering from them or the "big" investors behind would be... "unexpected".
Their is also the massive debts with the gigantic interests to be paid all along the calendar year. In the case of starbucks, owners of the debts is public info or the web page is incomplete?
That said, now I understand why online non-franchised/licensed starbucks stuff has the aspx file extension.
The 2 other heavily blackrock-ed/vanguard-ed companies are microsoft and apple, then "their" directors would be the current microsoft CEO and the apple guy.
This is an extremely good article. The hard part of this is everyone can agree that "legality is not morality" and that what is legal is not necessarily moral. But this is used for the wrong side of the argument - since the Bill of Rights is a legal document, some disregard it as any guidance for morality.
the article makes good points, but i don’t think the conclusion is obvious. for example, i want the freedom to not interact with Google. a ruling to require Google provide services to every individual might allow for a future corresponding ruling, that individuals must interact with Google (or at least, this becomes the socially acceptable view, which shapes laws later). wiser, i think, would be to prevent any single company from becoming critical to participation in society.
I don't think that really solves anything here, because nothing in the story indicates that Google was critical to Mark's participation in society. He got new contact information and it sounds like he's been able to (with some effort) get all his non-Google accounts switched over. He didn't get fired, or evicted, or land in any legal trouble. He just liked Google's services and enjoyed using them until he was unfairly banned.
If regulation is the answer, I'd hope it is designed with the restraint that Madison had: only guarantee the deepest and most fundamental rights. It should not rule out the ability to use error-prone systems at all, at most it could restrict their use for the most severe consequences like broad account bans. Google can and should be reducing the scope of their automated action.
I think error-prone systems are still necessary today to reduce costs to a tolerable modern level. I'm not inclined to throw out the baby with the bathwater regarding communication costs for the same reason I don't want $300 toasters even if "they don't make 'em like they used to".
A good example is something that Facebook does: they have a blacklist of domains you can't send on Messenger, the message will be instantly blocked when you paste a detected link. From experience, this list is fairly large and very inaccurate, but the false positives for this system are annoying rather than catastrophic because all it does is block a specific message. If you don't like this, then you can use Signal or something, I don't want other people making that choice for me.
My theory on why Google does this (and follows the same pattern in so many areas) is that having one person simply use common sense and reasonable judgment would be something of an admission that their software, created by the best and brightest engineers, isn't top notch.
There's a question as to whether Google is acting as an agent of the Government here. When the Government outsources something, that activity sometimes becomes subject to constitutional protections. Cases on this are iffy, though.[1] This has come up in reference to Amtrak, the Federal Reserve, Blackwater, and privately run prisons.
Suppose Google analyzed all business data that passed through its servers looking for patterns of tax evasion. If the probability of tax evasion was high, reporting it to the IRS, which offers rewards, could be a profit center.
Actually, Reagan is misquoting there.[1] Something like that is often attributed to either Huey Long or Sinclair Lewis, but neither actually wrote that. Or even close. The closest match is from Sinclair Lewis' book "It Can't Happen Here": "He was afraid that the world struggle today was not of Communism against Fascism, but of tolerance against the bigotry that was preached equally by Communism and Fascism. But he saw too that in America the struggle was befogged by the fact that the worst Fascists were they who disowned the word “Fascism” and preached enslavement to Capitalism under the style of Constitutional and Traditional Native American Liberty."
Every passing day I feel that we are at the social limits of what our existing laws and documents can practically support without a pretty decent refactor. This essay is the perfect supporting argument, and the actions of Google the perfect case study.
What will USA 2.0 look like? Is there a way to work on this without it being a bloody revolution? If we got 2/3rds of the population to green light a refactor of the constitution could it happen? Who would do it? Who are the right people?
Importantly, if we want to preserve the spirit of the USA's founding documents, they need to evolve more formally and officially than supreme court case law and bloated regulatory agencies tied to deeply industry integrated lobbyists. I really wish writing laws was more like the RFC process.
I don't think the solution is to "just run more stuff at home" as much as that tickles my technocratic jimmies.
Lawmaking could learn a lot from the open source community. Imagine a wiki + git + democratic voting style system. All laws and changes would be hosted on a publicly available website. Any citizen could browse and submit "pull requests" which would then get debated and eventually voted on if they gain enough traction.
Obviously such a system would be way more complicated than I can describe in a single HN comment, but I do think we have the technology to build a much more public, accessible, and directly democratic method of writing laws.
As an aside, did you know no one even knows how many federal laws exist?[1].
I'd still rather see that happen out in the open instead of back room deals and bills ghost written by opaque lobbyists.
I could even imagine a voting system that lets you name your favorite politician as your proxy. So politicians could collect the votes of their base into a block. Maybe even a mechanism of saying I want this expert to cast my vote on x topic, and this other thought leader on y topic. Independents might retain their vote on every issue if they care to.
I'd probably go with a system with tiers of votes as an issue gains more public attention. Say a minor change is proposed on a niche law and those who are passionate about fishing rights in the Colorado River get involved and vote. Say 5k people vote. Then there's a cooling off period before implementation but all of a sudden the issue ends up in the news and 5m people are now interested so there's another vote with another cooling off period. Only this time 10m people would need to express interest to hold another vote.
I don't know the perfect system but I'm confident we can come up with a more democratic process than what was possible 250 years ago. One in which the public more directly decides what issues get voted on.
Congress has limited capacity and can't focus on everything but the work can be distributed if it were more open. A system in which experts could make proposals directly instead of being forced to educate and convince a politician the issue is even worth spending political capital on. And a system in which citizens can see all the changes being made publicly. It seems every time a major bill is passed it tends to be this huge amalgamation of new laws that often aren't even related. And then news articles follow pointing out how x, y, and z things got slipped into the 800 page bill no one in Congress actually bothered to read.
Even if we didn't go that far, I'd be happy if Congress started using open source practices/tools just so things are easier for the public to audit and follow. Bill's text in public throughout the whole process. Public and documented changes/proposals/comments even if still made by only members of Congress.
And a single official repository of all laws that can be edited directly and kept up to date. The United States Code is actually a pretty good place to start, here I’m just suggesting modernizing it.
There's been some development in this area; the first system you describe is known as 'liquid democracy' -- a direct democracy where anyone may delegate vote(s) to anyone else under under chosen criteria. The association with open-source and related movements is indeed present, a notable implementation being LiquidFeedback, originally developed for the pirate parties ~2010.
It'd be fantastic if we could persuade some local governments to try this and work out the bugs. If it went well, it could be adopted by more and more locales.
> We don’t know how many of those children were subsequently rescued, but a question worth posing to anyone unilaterally opposed to Google’s approach is how big that number would have to be to have made it worthwhile? [..] how big the number of false positives would have to be to shut the whole thing down?
There's nothing worse or more myopic than this kind of "pragmatic", numerical approach towards liberty. As if living in a panopticon cage is desirable, as long as the wardens never make a mistake.
Why is it myopic? Well, if being forced to use technology that betrays its user is okay as long as one number is sufficiently larger than another, then why not force all new houses to come with indoor microphones and cameras, always listening and watching - only for the most heinous crimes, of course!
Are you "unilaterally opposed" to such a measure, despite how much sexual abuse and domestic violence and murder it would prevent? What about tracking and shock collars for everyone? How much violence could be stopped if everyone was forced to wear those!
Don't like it? Not even if the false positive rate was zero?
The (enterprise) cloud side of Google is a business associate (also covered in HIPAA) in some circumstances but I don't think that applies in this case.
Since it seems that false positives are uncorrectable (given that even a New York Times article hasn't gotten this one fixed), and the consequences of one are thus life-destroying, even a single false positive should mean shutting the whole thing down.
reply