That said, I do believe there ought to be more restrictions on private use of these technologies.
A private company can 100% do this in many ways. They already do this buy putting up and using their technology in minority areas, for example.
We should ban the government from accessing data gathered by private companies by default, perhaps. I need to mull on it.
The government shouldn't be able to buy data that would be unconstitutional or unlawful for them to gather themselves.
On the other hand if a company is just aggregating something benign like weather data, there's no need to bar the government from buying that instead of building it themselves.
Now that sounds like a good argument to make in court! How do we do it?
That is trickier to decide on and surely there's room to debate.
What specific legal measures you do to enforce this, I don't know, there's some room for debate there.
I don't think tying the hands of the government is a viable solution. The sensitive data needs to not be collected in the first place via technical and social solutions, as well as legislation to impose costs on data collection.
- Teaching that "the cloud is just someone else's computer"
- E2EE cloud
- Some way of sharing things that don't involve pushing them to the whole internet, like Signal's stories.
- GDPR type legislation which allows deleting, opting out, etc
This isn't actually true (it varies by type of "cloud data", like content vs metadata, and the circuit you're in), and there are multiple recent carveouts (eg geofence warrants) that when the Supreme Court bothers to look at it again, suggests they don't feel it's as clear as it was decades ago. Congress can also just go ahead and any time make it clear they don't like it (see the Stored Communications Act).
It's also, just to be clear, an invented doctrine, and absolutely not in the constitution like the fourth amendment is. Don't cede the principle just because it has a name. Technical and social solutions are good, but we should not tolerate our government acting as it does.
Neither is there an expectation that automation would slurp it up and build a database on you and everyone else. Maybe the HN crowd is one thing, but most normies would probably say it shouldn't be allowed.
> Even the government doing the scraping directly I believe would not violate the 4th amendment.
Every time I see someone make a statement like this I think of the Iraq war era when a Berkeley law professor said torture is legal. Simply saying something that clearly violates the spirit of our rights is ok based on a technicality, I would not call that a moral high ground.
> The sensitive data needs to not be collected in the first place via technical and social solutions,
At this point and points forward I think your comment is much more on the mark.
> normies would probably say it shouldn't be allowed
Despite knowing about this, most continue supporting the various companies doing exactly that, like Facebook and Google.
> Neither is there an expectation [...]
Expectation is not law, and it cuts both ways. The authors of the 4th and 5th amendments likely did not anticipate the existence of encryption - in their view, the flip side of the 4th amendment is that with a warrant, the government could search anything except your mind, which can't store that much information. We now get to enjoy an almost absolute right to privacy due to the letter of the law. You might feel that we should have that right anyway, but many other governments with a more recent/flexible constitution do not guarantee that, and in fact require key disclosure.
> Expectation is not law.
It is in this case.
Expectation of privacy is a legal test based literally on on what "normies would probably say". If, as a society, we're moving more and more of our private effects to the cloud, there is a point where there's an expectation of privacy from the government there, regardless of the shadiness of the company we trusted for it, and regardless of what's convenient for the government.
https://www.law.cornell.edu/wex/expectation_of_privacy
Carpenter v. United States is a great example of this, where a thing once thought as obviously falling under the third party doctrine (cell tower location information) was put definitively within protection by the fourth amendment because of ongoing changes in how society used and considered cell phones.
And I forgot about this but just saw it referenced in the wikipedia article: it's notable that Gorsuch's dissent on the case argued for dropping the third party doctrine completely:
> There is another way. From the founding until the 1960s, the right to assert a Fourth Amendment claim didn’t depend on your ability to appeal to a judge’s personal sensibilities about the “reasonableness” of your expectations or privacy. It was tied to the law. The Fourth Amendment protects “the right of the people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures.” True to those words and their original understanding, the traditional approach asked if a house, paper or effect was yours under law. No more was needed to trigger the Fourth Amendment....
> Under this more traditional approach, Fourth Amendment protections for your papers and effects do not automatically disappear just because you share them with third parties.
I would still prefer legislation and tech that actually reduce data collection though. Fifth amendment protections are much stronger, and cannot be overcome by a warrant, whereas third parties can be subject to subpoena.
The company doesn't have that power, but the government can compel companies to provide them with the same data as long as it exists, and then abuse it in the same way as if they had collected it themselves.
The government should be held to higher standards in terms of being able to appeal its actions, fairness, evidentiary standards. But the government shouldn't necessarily be prevented from acquiring and using information (which is otherwise legally obtained).
I don't disagree that we should perhaps more restrictions on private processing of data though -- GDPR style legislation that imposes a cost on data collection is probably sufficient.
I really don't understand why people treat it with such sacrosanct reverence.
It reminds me of a cup and ball street scam. Opportunistic people move things around and there's a choir of true believers who think there's some sacred principles of separation to uphold as they defend the ornamental labels as if they're some divine decree.
I mean come on. Know when you're getting played.
What's worse, is that third party doctrine kills your rights worse than direct police surveillance.
Imagine if you will, back in the day of film cameras: The company developing your film will tell the police if you give them literal child porn but otherwise they don't. But imagine if they kept a copy of every picture you ever took, just stuffed it into a room in the back, and your receipt included a TOS about you giving them a license to own a copy "for necessary processing". Now, a year after you stopped using film cameras, the cops ask the company for your photos.
The company hands it over. You don't get to say no. The cops don't need a warrant, even though they 100% need a warrant to walk into your home and grab your stash of photos.
Why is this at all okay? How did the supreme court not recognize how outright stupid this is?
We made an explicit rule for video rental stores to not be able to do this! Congress at one time recognized the stupidity and illegal nature of this! Except they only did that because a politician's video rental history was published during his attempt at confirmation.
That law is direct and clear precedent that service providers should not be able to give your data to the cops without your consent, but this is America so precedent is only allowed to help businesses and cops.
We put higher standards on the government because companies have the biggest propaganda coffers.
It’s not some rational principle. Money goes in, beliefs come out.
A private company can surely link its own cameras and data to create a private use database of undesirables. I’m certain that Walmart and friends do exactly this already. It’s the large scale version of the Polaroids behind the counter.