It's the word "win" that bothers me in this context.
Until one sees that conflicting models can make "security" a zero sum
game, in which your security is my insecurity and vice versa, there is
only psychological splitting, posturing and clamour for the "moral
high ground".
Indeed, even using the word "security" as a bare noun is a mark of
presumptuousness. One must always ask; Security for whom? Security
against whom or what? Security to what end?
Unilaterally imposing a harm (leaking of data) upon others is
disdainful, but then offering "security" as your reason/excuse, is
condescending, since you do not know what my security needs are and
how they are prioritised.
When it comes to messing with my data or devices "for my own good" the
only proper response is "I'll be the judge of that!"
Many then respond that "people are too stupid and need a firm hand",
which is not a good look, and frankly cuts to the core of so many
problems in technology today.
Companies like Google need a better moral, sociological and
psychological map of reality before putting on their boots and
marching off down the road of good intentions in the direction of
Hell.
Interesting, I wasn't aware Google had actually stated "we don't use this data for tracking, and we only use it for link protection" (does it?).
Assuming true: you are right in that it's basically no-win. The fact that Google draws so much revenue from advertising makes it difficult to reconcile.
Nothing short of a third-party code audit of Google's code against their asserted privacy policy would appease everyone. And even then, there would be doubters.
More importantly: Google is in a jurisdiction that can mandate warrantless surveillance orders that require realtime surveillance of given selectors (i.e. IPs or users). They comply or they go to jail.
Even if the stated and official policy of Google is to never track these, and everyone at Google is 100% on board with this and will never change, they are subject to being Agent Smith'd at any time by the FBI/DHS and NSA and CIA and the rest of the US IC, critically: without probable cause or a search warrant. The US has abandoned the rule of law and the constitutional protections against unreasonable search. This applies to every single US-managed services vendor.
The decision to track or not track is simply not in their hands. If they get handed an NSL, a FISA order, or a regular old search warrant, they have to start turning over everything they have.
Third-Party Doctrine nips pretty much every expectation of privacy in the bud before we even get to things like special carve-outs for Law Enforcement.
As long as SCOTUS holds that business meta-records shared with a third party intermediary waive any expectation of privacy, the 4th Amendment is basically moot unless you self host everything.
Things might change for the better if everyone can get there, it'd basically ruin the raison' de etre of many of the business models currently espoused/searched for opportunities to implement here.
The Government loves when you build a platform. The Government hates when you enable everyone to set up their own platforms.
> The US has abandoned the rule of law and the constitutional protections against unreasonable search
Those constitutional protections protect US citizens anywhere and noncitizens while they are in the US. Warrantless surveillance of communications affects noncitizens outside the US. The US is still very much a nation of laws.
Human rights to privacy do not hinge upon location or citizenship.
Indeed, the declaration (written by British crown subjects) makes it clear: “that all men are created equal, that they are endowed by their Creator with certain unalienable Rights”.
It doesn’t say “all americans”. The constitution doesn’t grant the rights, it merely recognizes the existing ones... but you already know this.
> Warrantless surveillance of communications affects noncitizens outside the US.
We have also learned, again and again, that it affects US citizens, too, in violation of the law. The IC doesn’t care that much beyond keeping up appearances that they comply with the law.
These are the same people who ran torture centers, lied to Congress, got caught, and hacked Congressional computers to delete evidence, then got caught doing that, too. Nobody went to jail or was even charged.
> Indeed, the declaration (written by British crown subjects) makes it clear: “that all men are created equal, that they are endowed by their Creator with certain unalienable Rights”.
Three problems:
1. The Declaration is not the law of the land, nor does it grant "constitutional protections."
2. None of the inalienable rights it lists are protection against warrantless wiretaps.
3. Some of the rights clearly don't apply to foreigners because the Constitution, which is the law of the land, provides for warmaking.
> The constitution doesn’t grant the rights, it merely recognizes the existing ones... but you already know this.
The Constitution says how the government works. A society can decide to require court orders for surveillance or not. The US government requires them, while the British government does not.
> We have also learned, again and again, that it affects US citizens, too, in violation of the law. The IC doesn’t care that much beyond keeping up appearances that they comply with the law.
We've learned exactly the opposite from both recent leaks and from oversight reports. They try to follow the law closely.
It's the word "win" that bothers me in this context.
Until one sees that conflicting models can make "security" a zero sum game, in which your security is my insecurity and vice versa, there is only psychological splitting, posturing and clamour for the "moral high ground".
Indeed, even using the word "security" as a bare noun is a mark of presumptuousness. One must always ask; Security for whom? Security against whom or what? Security to what end?
Unilaterally imposing a harm (leaking of data) upon others is disdainful, but then offering "security" as your reason/excuse, is condescending, since you do not know what my security needs are and how they are prioritised.
When it comes to messing with my data or devices "for my own good" the only proper response is "I'll be the judge of that!"
Many then respond that "people are too stupid and need a firm hand", which is not a good look, and frankly cuts to the core of so many problems in technology today.
Companies like Google need a better moral, sociological and psychological map of reality before putting on their boots and marching off down the road of good intentions in the direction of Hell.