[zmmmmm]

The fundamental problem with a lot of this is that the legal system is absolute: if information exists, it is accessible. If the courts order it, nothing you can do can prevent the information being handed over, even if that means a raid of your physical premises. Unless you encrypt it in a manner resistant to any way you can be compelled to decrypt it, the only way to have privacy is for information not to exist in the first place. It's a bit sad as the potential for what technology can do to assist us grows that this actually may be the limit on how much we can fully take advantage of it.

I do sometimes wish it would be seen as an enlightened policy to legislate that personal private information held in technical devices is legally treated the same as information held in your brain. Especially for people for whom assistive technology is essential (deaf, blind, etc). But everything we see says the wind is blowing the opposite way.

[ajuhasz]

Agreed, while we've tried to think through this and build in protections we can't pretend that there is a magical perfect solution. We do have strong conviction that doing this inside the walls of your home is much safer than doing it within any companies datacenter (I accept that some just don't want this to exist period and we won't be able to appease them).

Some of our decisions in this direction:

  - Minimize how long we have "raw data" in memory
  - Tune the memory extraction to be very discriminating and err on the side of forgetting (https://juno-labs.com/blogs/building-memory-for-an-always-on-ai-that-listens-to-your-kitchen)
  - Encrypt storage with hardware protected keys (we're building on top of the Nvidia Jetson SOM)

We're always open to criticism on how to improve our implementation around this.

[sixtyj]

Device should have been accompanied with a lot of examples so people are really aware how stored data could be misused. Alexa or any other similar device - their users are technically illiterate. Do you remember leaks of movie stars’ iPhone images? Multiply it by thousands… Court order, burglars, hackers - all bad actors imaginable…

For you, as producer, those situations can be a nightmare if not well described in operating conditions. And devices should not be pre-setup (don’t be “Google-evil”, as they track everything if you don’t set it up different; and it is always hidden deep in the third level menu under 2-steps verification)

[bossyTeacher]

> - Minimize how long we have "raw data" in memory

I believe you should allow people to set how long the raw data should be stored as well as dead man switches.

[HWR_14]

> Unless you encrypt it in a manner resistant to any way you can be compelled to decrypt it,

In the US you it is not legal to be compelled to turn over a password. It's a violation of your fifth amendment rights. In the UK you can be jailed until you turn over the password.

[eel]

At Amazon, their travel trainings always recommended giving out your laptop password if asked by law enforcement or immigration, regardless of whether it was legal in the jurisdiction. Then you were to report the incident as soon as possible afterwards, and you'd have to change your password and possibly get your laptop replaced.

That kind of policy makes sense for the employee's safety, but it definitely had me thinking how they might approach other tradeoffs. What if the Department of Justice wants you to hand over some customer data that you can legally refuse, but you are simultaneously negotiating a multi-billion dollar cloud hosting deal with the same Department of Justice? What tradeoff does the company make? Totally hypothetical situation, of course.

[ratorx]

You can make it so employees don’t have ambient access to data, and require multi-party approval for all actions that require user data. Giving away a user password should be treated as a routine risk.

I’m not saying that’s how it actually works, and this process doesn’t have warts, but the ideal of individual employees not having direct access is not novel.

[DANmode]

Totally.

[SpicyLemonZest]

There are many jurisdictions in the US (not all!) where you can't be compelled to turn over a password in a criminal case that's specifically against yourself. But that's a narrow exception to the general principle that a court can order you to give them whatever information they'd like.

[HWR_14]

It's a federal constitutional protection to not be compelled to turn over your password. If you think a jurisdiction can compel you, I would like references.

[SpicyLemonZest]

The ACLU has a good overview (https://www.aclu.org/news/privacy-technology/police-should-n...). A number of state-level supreme courts have ruled that the protection you're describing exists, but others have ruled against it, and on the federal level AFAIK only the DC Circuit has made a clear ruling about it.

[lesuorac]

Well, currently sure.

However, back when the constitution was amended the 5th amendment also applied to your own papers. (How is using something you wrote down not self-incrimination!?).

It only matters if one year in the future it is because all that back data becomes immediately allowed.

[HWR_14]

Papers were covered under the 4th amendment. It's always been the case that a warrant could let the government access your journal.

[lesuorac]

> See United States v. Hubbell. In Boyd v. United States,[60] the U.S. Supreme Court stated that "It is equivalent to a compulsory production of papers to make the nonproduction of them a confession of the allegations which it is pretended they will prove".

https://en.wikipedia.org/wiki/Fifth_Amendment_to_the_United_...

This opinion hasn't lasted the test of time but historically your own documents cannot be used against use. Eventually the supreme court decided that since corporations weren't people that their documents could used against them and then later that it also people weren't protected by their own documents.

[rrr_oh_man]

There’s an interesting loophole for Face ID…

[estimator7292]

In the US, law enforcement is specifically allowed to compel biometric scans to unlock personal devices.

[schrodinger]

FYI -- Because of this, Apple made a feature where if you click the power button 5 times, your phone goes into "needs the passcode to unlock" mode.

Whenever I'm approaching a border crossing (e.g. in an airport), I'm sure to discreetly click power 5 times. You also get haptic feedback on the 5th click so you can be sure it worked even from within your pocket.

[Sharlin]

> nothing you can do can prevent the information being handed over

I'm being a bit flippant here, but thermite typically works fine.

[DontForgetMe]

Tricky to take data off the cloud, even with thermite