| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by api 3222 days ago

People want to carry around little location aware Internet connected computers studded with sensors and that run third party apps, and there is just no hope of securing these systems against all possible vectors for unauthorized snooping. There is no technical solution. Ultimately I think this can only be fixed with legislation.

If there is money to be made in invading peoples' privacy, it is going to happen unless there are regulations in place that make it costly by imposing fines.

Here's a simple starter idea: extend HIPAA type protection to the most sensitive forms of PII like location information, photos not explicitly shared, microphone data, and health sensor data. Sale or other release of this information without explicit per-sale or per-release user consent is illegal. Leaks or intentional distribution results in fines that start at $10,000 per incident.

Gather your users' locations and sell them? That'll be $10k per user per 24 hour period in which any location data points were leaked.

Microphone and camera data should be subject to further protections. It should be illegal to store such data for longer than what would be needed for legitimate algorithmic uses or to use such data for other than its explicitly intended purpose unless the user explicitly shares it. So something like Siri could leverage cloud compute to parse your verbal commands but it better throw that data away afterwords... leaks would be $10,000 per user per audio recording.

The only exemptions should be for things like IP addresses since this would require fundamental re-engineering of the entire Internet. These do reveal some location data but it's nowhere near as accurate (and hence intrusive) as device location data. There also are techno hacks like VPNs that can be used to obscure such data if a user wishes to do so.

Edit: as far as government snooping goes that also must be fixed at the legislative level. There are legitimate reasons for governments to conduct surveillance but these must be subject to strict regulation and oversight. It's the only way. Government agencies like NSA, CIA, and FBI (and their equivalents in other places) are well funded and very good and there is no hope of preventing them of leveraging the Internet for surveillance unless the legislative branch explicitly regulates their actions.

TL;DR: the only solution here is the rule of law. Techno-fixes won't work and are a cop-out to avoid confronting the dysfunction of our political system.