California is Bringing Law and Order To Big Data. It Could Change the Internet in the US (nbcnews.com) 126
California is embarking on a new era of privacy on the internet, and Xavier Becerra can't stop thinking about the failed debut of Obamacare. From a report: Back in 2013, Becerra, then a Democratic congressman from Los Angeles, watched as technical problems with the website marred the rollout of President Barack Obama's signature law, delaying sign-ups for health insurance and denting the public's faith in the new offering. Now, as California's attorney general, Becerra is worried that a similarly halting start awaits the California Consumer Privacy Act, a far-reaching law that would put some of the world's strictest rules on how tech companies -- many of which call the state home -- handle and collect user data.
The rest of the country is watching closely. No other state has attempted such an ambitious privacy law, and since before the dawn of the internet, Congress hasn't either. The law has numerous parts. It forces companies to reveal what data they collect. It gives users the right to delete that data and prevent its sale. And it will likely restrict how data can be used for online ads. Becerra, whose office will be responsible for enforcing the law when it goes into effect Jan. 1, 2020, said he might not have enough staff to carry out the job, and that as a result the law could collapse under its own weight.
The rest of the country is watching closely. No other state has attempted such an ambitious privacy law, and since before the dawn of the internet, Congress hasn't either. The law has numerous parts. It forces companies to reveal what data they collect. It gives users the right to delete that data and prevent its sale. And it will likely restrict how data can be used for online ads. Becerra, whose office will be responsible for enforcing the law when it goes into effect Jan. 1, 2020, said he might not have enough staff to carry out the job, and that as a result the law could collapse under its own weight.
Re: (Score:2)
The problem is Small time fraud, and it is more dangerous then big time fraud. Because there are so many more small fish. However it is easier to catch and punish the big fish, then as they get their lessons learned then they work down.
Re: (Score:2)
That strategy worked so well for the war on drugs. /s
Re: (Score:3)
The problem with the War on Drugs, is that they were hitting everyone, not the real fraud. Most of the dealers, sold exactly what they advertised. A smaller number had stuff that was laced with extra stuff that made it more dangerous. However with the war on drugs with such high penalties it made it nearly impossible for any retribution to the guy selling a quality product, vs one selling something intentionally dangerous, because it was cheaper to produce.
The Problem with Drugs, is it is a Black Market
Re: (Score:1)
If you had ever been on a dairy farm you would realize there is no such thing as "clean raw milk."
Re: if there is one thing i learned in my youth (Score:1)
Same happens when you gas up your F 150, only its schools getting bombed and illegal arms sales and fake civil wars and terrorism.
Dont kid yourself that it isnt.
Re: if there is one thing i learned in my youth (Score:5, Insightful)
The war on drugs was a PR loss, not an actual one
Only if you think the War on Drugs was supposed to reduce drug use.
The War on (some) Drugs was designed to "other" particular groups in the US, and maintain the political power of those enforcing drug laws. And those efforts have been massively successful.
Re: (Score:2)
4) If someone forms an addiction, even after you've informed then "hey, dumbass, this drug if used even once can cause you to become addicted to it" let them be on their own for getting off of it. No taxpayer funded rehab help for the stupid.
It's a lot shorter to say "I want to spend a lot more money on prisons than I'd ever spend on treatment!!"
Re: (Score:2)
I guess you amazon package won't get shipped because your address was purged from its records.
Re: (Score:3)
Which is why we disconnect Billing Name and address from Order after the order is shipped. (Compliance with EU Laws)
There's a tokenization intermediary in there, as well, so if a user does use their right to be forgotten/deleted, all names and addresses for finalized (no longer returnable) orders are dropped, and just left with the original abstract UUID, and no name, address, nor post-code.
Order 1, bought by User UUID-1, on date 1.
Order 2, bought by User UUID-2, on date 2.
(Whether UUID1 and 2 are the same
Re: (Score:1)
Going to be interesting to see (Score:1)
Just how fast people who make billions off customer data just move themselves out of California's reach.
Re:Going to be interesting to see (Score:4, Informative)
Re: (Score:2)
Re: (Score:2)
not for black males at 75 years nor hispanic males at 77, those lead/copper obstructions in the gut skew the averages
Re: (Score:2)
That can lend itself to exploitative lawsuits against small competitors.
Which, has been the case in California already with other laws that allow for private individuals to litigate.
The "We'll appeal and make it too expensive to continue to ligitate" is a common tactic out here.
By larger companies using smaller players to go after competitors.
By companies to out-last under-funded private individuals with valid cases.
Both solutions are broken, but the gov't only approach at least keeps the weapon out of the
Re: (Score:2)
Their servers won't be required to be located in California, just somewhere in the US. Because if they're doing business in California, the state can prosecute or investigate servers located anywhere in the US without any really special processes. They could try Canada, I suppose, but if they can't be investigated, they *can* be closed down (i.e. financial transactions forbidden).
I suppose that if they neither send nor accept financial data, then there isn't any real way to touch them, but most companies
Re: (Score:2)
Because if they're doing business in California,
You see no problem with a global system being regulated by one state in one country? You do realize that a company in, say, Ireland, that has a web presence, has a web presence in California due to the global nature of the Internet. If they have a web presence in Cali, and are selling things, they're "doing business" in California, and may have no way of knowing that they are doing business with someone there.
If "Ireland" is too foreign to make the point, try Georgia. Not the ex-USSR Georgia, the US state
Re: (Score:1)
Why yes, we hates the info sellers, so punish them! Make them pay! And then Illinois creates their own law that is different and incompatible. Then Alabama. Then ... a patchwork of different laws that apply to interstate commerce and offer different protection. Now, sales tax is a similar issue, but the taxation authority is based on where the goods or services are delivered. Residency is not. Suppose Oregon implements this kind of law. I go online to a new website and order something to be shipped to my family in another state. They're "doing business" in Oregon, but they have no way of knowing that. They don't obey Oregon law, they obey the law of the state the shipment went to. Fry them! They're scum! Yes?
Yikes. I guess that puts the 'Information Sellers' out of business. So sad.
Re: (Score:2)
Yikes. I guess that puts the 'Information Sellers' out of business. So sad.
Who cares about the legitimate businesses who need to keep data about their customers but cannot comply with 50 different sets of laws that require 50 different things, or cannot know that one specific customer happens to be a resident of a state that has strict laws about something? Not you.
That's what's sad.
Re: (Score:1)
'Legitimate businesses' and 'Information sellers' are completely different categories. We are talking about 'big data' here, not your barber keeping track of how you like your hair cut.
Re: (Score:2)
They don't necessarily transact business in California. It has been proven on multiple occasions that site specific blocking is reasonably feasible. It you just need to show you're not courting business in some particular area, it's trivial.
Also, if you don't do business in the US, then California laws can have no effect, even if you actually break them. And I would expect that the laws would be written to only have effect if you have a business presence in California. That, however, is just a reasonabl
Re: (Score:2)
They don't necessarily transact business in California.
You either didn't read or didn't understand. Yes, if they have a website that people in California can access and they are selling things on that website, then they are doing business in California. You don't really think that a brick and mortar that sets up shop in Sacramento, e.g., can get away with not having a business license just because they haven't yet sold anything, do you?
It has been proven on multiple occasions that site specific blocking is reasonably feasible.
You have it exactly backwards. The guy in Georgia running his site has to block every CLIENT that is a resident of California.
Re: (Score:2)
Basically, the GDPR. (Score:1)
Nice to see something go im the right direction once.
I guess the thugs that rule the world, don't want to be in the limelight either.
Inform the user? (Score:3)
Re: (Score:3)
There will be that one person who reads it, and will tell everyone else about it.
Then you have the options to do the following.
1. Don't care and give that information.
2. Don't use that service, and suffer any penalties that not using such service implies.
3. (The often unused options) Negotiate a better license, that suites you needs. So you may not want such service to collect and sell that info, try to get a deal that you pay them $x per month to operate without selling such data.
Re: (Score:1)
Speaking from experience in Germany... (Score:1)
Sites now all have a link at the bottom to their data protection declaration and you have to check an extra mark and sign below on each contract/order, online or offline, that you have read and agree to it.
The documents are, of course, legalese. But much shorter than full terms & conditions. E.g. a single page.
Also, big sites all have this extra "What we're using your data for..." page, that is a lot more fiendly, has pictograms, and feels closer to a CC license info page.
And the best part is: Even phys
Re:Inform the user? (Score:4, Informative)
This is very easy to prevent in law. Look at GDPR, it requires explicit opt-in, freely given permission for every covered data use, and crucially the request must be made in plain and easy to understand language.
Re: (Score:1)
All for the privacy of the gov and content owner.
Re: (Score:2)
I guess the solution is for you to stop being a overly paranoid, tin foil hat-wearing prick and use the web like the way everyone else does.
Did he make you angry? Are you a 'data scientist' who works for the marketing critters?
it won't change anything (Score:2)
Expect the data cartel lobbyists to descend on DC (Score:5, Insightful)
Facebook, Google, et al will have their high priced lobbyists in the US Congress crafting a bipartisan law that prohibits states from doing exactly what California is trying to do.
Re: (Score:3)
And it will be a good thing. Because all the country needs is some balanced privacy rules: not to throw out the baby with the bathwater in an anti-Tech kneejerk reaction against Facebook towards creation of an insane amount of red tape for tech startups and the entire technology industry
"Might not have enough staff" (Score:4, Insightful)
Make no mistake, this isn't about YOUR privacy. This is about increasing this asshat's headcount.
Ready set nothing. (Score:1)
Clueless democrats in california.
No surprise if nothing happens or they pass something nobody can deal with.
Re:I'm conflicted about this. (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
Re:I'm conflicted about this. (Score:4, Insightful)
Assholes and hatemongers are the price of freedom of speech.
Exactly this. There are always gonna be people who abuse their rights. That doesn't mean we should take those rights away from everyone else because of it.
Re:I'm conflicted about this. (Score:4, Informative)
Same should go for ALL our rights.
I say the same thing about our rights to arms.
Re: (Score:3)
Re: (Score:2)
1) "Well regulated"
2) Do you really have a Right to Keep and Bear Arms if cops are free to air out people who aren't even holding guns? John Crawford, Tamir Rice, Daniel Shaver.....
Re: (Score:2)
You're missing the comma...two ideas in one sentence, the important part of that is the mention of "the people"....that means everyone.
Well, the right of the people to bear arms has nothing to do with cops that either shoot people justifiable, or not, if the latter, then they need to be prosecuted.
Either way, the police are NO
Re: (Score:2)
Everyone in a militia. And still, a well-regulated one.
Sure it does. Would you have a functional right to free speech to challenge the government, if the second you use that right the government tosses you in jail for sedition? No one has a functional right to firearm
Re: (Score:2, Insightful)
However historically Privacy and Free Speech were two different things.
You have the right to privacy and not spied on and asked about your standing on things.
You have the right to state you standing on things without fear of being punished by law for your feelings on a topic.
However normally if you are going to say something you are giving up your privacy to say it.
In the olden days for good or bad, when someone stated something that people didn't like, while not punished by law, they could be ostracized fr
Re: (Score:2)
i"m pretty sure people have been able to print anonymously ever since we've been able to print things and distribute to read.
Re:I'm conflicted about this. (Score:5, Informative)
However normally if you are going to say something you are giving up your privacy to say it.
This is 100% false, the founding fathers were in favor of anonymous speech, and made use of it frequently. We still don't know who wrote all of the federalist papers, as one example.
Anonymity was crucial in the battle of ideas against old King George.
Re: (Score:2)
There's also the question who decides who the "assholes and hatemongers" are. Nowadays some are very quick to accuse others of "hate speech", when they disagree with their political views. So the people you are referring to as "assholes and hatemongers" might be very different from the group someone else identifies with the same description.
Re: (Score:2)
Won't this law also make it more difficult to catch dangerous hatemongers?
Nah, they're all here on /. posting as AC's.
"Hatemongers"? So what? Grow up. (Score:1)
This was always a core value of the Internet: You could say whatever the fuck you want.
Why was that OK?
Because on the Internet, you can ALWAYS go somewhere else.
It is not the physical world where there are limits to space division and proximity.
E.g. a chat room where two sides hate each other, can just be split into two rooms. Hell, they can even both still think they are in the "same" room while the other side was banned. A la IRC netsplit.
So before Eternal September, you simply did that.
Or flamed on, if t
Re: (Score:2)
Won't this law also make it more difficult to catch dangerous hatemongers?
Not really.
Cop: "Who posted this?"
Tech: "Dangerous_Hatemonger_47"
Cop: "When?"
Tech: "12:54 on Tuesday the 16th"
Cop gets warrant for company's logs, asking for all IP addresses used to log into the Dangerous_Hatemonger_47 account on Tuesday the 16th. Cop gets 2nd warrant for the ISP that owned those IP addresses, gets name and address of the person behind Dangerous_Hatemonger_47*.
No privacy laws violated. All information is data that those entities have to record anyway due to existing laws, the basic funct
Re:I'm conflicted about this. (Score:5, Informative)
Which is why in Europe, IP Addresses are now considered Personally Identifying Information (PII), that is subject to GDPR, Opt-Out Regulations, and Right to Removal regulations.
I work with multi-national companies, and the first thing we do, is ensure there are no IP Address logs anywhere.
They are the first stripped in any requests, and never logged.
Security Logs do have some highly restricted access to IP addresses for abuse. As far as I know, they are only kept on a rolling 30min window, and we make better use of trend analysis tools, to focus on the "immediate" access and abuse, and adjust from there. For day to short-term analysis, IP addresses are Geo-Located to a city (Metro-Region specifically), and we operate on that anonymised, aggregated data set rather than on actual IP addresses.
Re: (Score:2)
Actually most of them do. That is why the Democrats try to get more tax revenue.
What normally happens is the idea will get passed, while the funding gets earmarked off, or reduced with an other bill.
Re: (Score:2)
We can expect Social Media to decline in popularity over time, as a new technology arises. While Facebook may not go away, it just won't be what is commonly used.