Mastodawn

https://mastodon.social/@mimsical/109972372579288795

Very illuminating context on Meta / Google turning over data to law enforcement for women who are seeking or perform abortions, from @alex

Alaric Aloor🐕🏎⚽️🥃Mar 5, 2023

@mimsical

💯💯

These companies, who have built billion dollar businesses off user data, almost all of it shared by users of their own volition, because the service is "free", have and have had 0 incentive to prioritize user/data privacy because we have no privacy regulation that really hits these companies where it hurts 💵
They sell it and give it up to LE or anyone else.
$7.8 million for sharing user data with FG/GOOG/SNAP. for this mental health app isn't even scratching the surface
https://www.usatoday.com/story/news/nation/2023/03/05/ftc-betterhelp-online-counseling-service-shared-data/11407521002/

Counseling service BetterHelp shared customer health data with Facebook and Snapchat, FTC says

The online counseling service BetterHelp agreed to return $7.8 million to customers for sharing health data it said it remain private.

USA TODAY

https://mstdn.social/@kkarhan/109975509250773309

@alaric @mimsical people still using #NSAbook / #StasiBook post - #Snowden should really reevaluate how they use #tech and either stop using it since they're basically unpaid "unofficial employees" of #SurveillanceCapitalism aka. #Cyberfacism or fucking get their shit together and learn fundamentals in #ITsec, #InfoSec, #OpSec & #ComSec...

Kevin Karhan :verified: (@[email protected])

@[email protected] THIS IS WHY PEOPLE SHOULD NEVER EVER TRUST ANY CORPORATION! THEY'LL ALWAYS BE BETRAYED IF THEY DO!! ALSO: LEARN TO USE PROPER #E2EE aka. #GnuPG & #OpenPGP and no, going to another #SingleVendor / #SingleProvider solution won't help. Regarldess if #ProtonMail, #Tutanote, #Signal, #WhatsApp, etc.

Mastodon 🐘

I can hear Jacob "ioerror" Appelbaum scream "#ToldYaSo!"...

Kat O’Brien Mar 5, 2023

@mimsical this is so scary 😞

@mimsical This is not a great article and the headline is egregious. The need to make every article boil down to "tech companies bad" obfuscates the core issue and therefore the potential responses..

The real, but less clickworthy headline would be "Prosecutors and judges are using the law to go after women getting abortions".

Tech companies can't just "turn over" data, they have to comply with ECPA/SCA, which requires a signed warrant* for content.

*Offer does not apply to FAA702

@mimsical All of these examples seem to be utilizing targeted search warrants aimed at individual women and signed by a judge. State search warrants often do not have affidavits or potentially charged crimes attached, so to the companies there is no good way to tell if this is an abortion-related investigation.

The companies are bound by state and federal law to respond to search warrants. They can fight and give notice, but in the end that is the law.

@mimsical If the companies declined to answer a search warrant, the judge could issue an arrest warrant for the tech co lawyer or another corporate officer.

The article implies that tech companies can just decide to not turn over data, and that is incorrect. What can be done?

1) The companies can be more aggressive with notification, although it's pretty standard for warrants to come with gag orders in lots of cases.

2) They can try to fight more warrants, but which ones is the hard part.

@mimsical 3) We could amend ECPA/SCA to set standards for interstate warrants to require affidavits or a citation of the law the target is presumed to have violated. That would, at least, give the companies more to work on.

4) California could try to create a conflict of laws and promise to not enforce abortion-related search and arrest warrants on behalf of other states. This seems like a serious full-faith-and-credit issue and I think we know what SCOTUS would do.

@mimsical 5) The companies can continue to roll out E2EE as widely as possible. This is the only realistic tech response.

I know a bunch of civil liberties lawyers are looking into other options, but they aren't great.

In the end, if the law criminalizes fundamental reproductive rights then the massive power of the criminal justice system can be perverted to go after innocent women. That's the problem.

@alex Makes perfect sense. But also illustrates, as you say, that E2EE is the primary "good" solution, for now.

From my perspective, it sure makes Tim Cook's priorities of late (the imessage encryption, not a commentary on ATT) look like the right ones.

Josh Sternberg Mar 5, 2023

@mimsical @alex what if these tech companies just didn't collect that kind of very specific data in the first place? no data collection, nothing to turn over, yeah?

@joshsternberg @mimsical The key case in this article used the content of chats, which either have to exist on servers or be E2EE. Hence bullet #5, saying that E2EE is the only realistic tech response.

Robin Berjon Mar 6, 2023

@alex @joshsternberg @mimsical E2EE won't address the overwhelming majority of the data those companies collect.

brooklynmarie Mar 6, 2023

@joshsternberg @mimsical @alex This. No one is forcing anybody to collect all that data. This is a bad faith defense at best. Alex is still running interference for Facebook, I see.

Alex Stamos Mar 6, 2023

@brooklynmarie @joshsternberg @mimsical Please read the article and thread carefully before accusing me of bad faith, as I am responding to the specific prosecution in the article which is based upon message contents. In the thread, I call for continued rollout of E2EE, which is the only realistic protection against lawful process targeting messaging contents.

Kim Scheinberg Mar 6, 2023

@joshsternberg @mimsical @alex
@brooklynmarie

"what if these tech companies just didn't collect that kind of very specific data in the first place? no data collection, nothing to turn over, yeah?"

Please, Josh. Now you're just talking crazy talk. Tech companies not slurping every bit of private data they can for maximum resale and state benefit? What will you crazy kids think of next?

@mimsical iMessage has been (mostly) E2EE for a while, but encryption for iCloud backups is definitely a good response to this threat. Those backups are extremely rich hunting grounds for LE.

Unfortunately, the process is so complicated that I expect usage of that feature is <1%.

@mimsical If we were going to reduce the power of search warrants against lots of crimes, I would start with the geofence warrants. Those do not have to show probable cause against individuals and I could easily see a DA who sees themself as governor issue geofence warrants around reproductive health clinics.

I'm not sure how this would play out across state lines.

BoredomFestival Mar 6, 2023

@alex @mimsical surely the ethical choice on the part of the companies would be to observe civil disobedience and refuse to comply with an unjust law. (I have no reason to believe any of them will, of course, because corporations aren't people and have no intrinsic ethics in the first place, only a drive for profit.)

@alex All of this makes sense! I appreciate you sharing this level of detail.

David Thiel Mar 5, 2023

@alex @mimsical If there is any fault with the article, it’s that it doesn’t focus on solutions — its description of the problem is entirely accurate, and it’s a problem that the public needs to be aware of. It also acknowledges that Meta has few legal options. Of all of the possible concerns here, “it makes tech companies look bad” is just not one that matters.

@det @mimsical The one redeeming part of the article is quoting Eric Goldman. All of the discussion I've seen on it so far is based upon the incorrect assumption that the companies can voluntarily turn off the spigot, so certainly the article has not had the effect of improving the quality of this conversation.

@det @mimsical Also, if the article was aimed at the real problem it would have mentioned the phone companies, who have no history of fighting government surveillance requests and seem to keep location and SMS data for very long periods.

@alex @det this is an excellent point. I have heard things about the volumes of location data phone companies have handed over to law enforcement that would turn your hair white

@mimsical @det Yeah, and based upon extremely broad location boundaries!

Vice had an expose on the phone companies selling location data and it was a scandal for like 4 hours.

David Thiel Mar 5, 2023

@alex @mimsical I mean, you literally just detailed several ways they could turn off the spigot, which was spurred by the article bringing attention to the issue. I’m not seeing the downside here.

My camera shoots fascists Mar 6, 2023

@alex @mimsical
'The real, but less clickworthy headline would be "Prosecutors and judges are using the law to go after women getting abortions".

This is exactly the point made in the last few paragraphs, when it should be the lede.

At the same time, there is a ton of info that is *not* in private chats that surveillance-based companies collect that they shouldn't be collecting. If you don't have it, you can't turn it over. That part *is* on them.

erin malone Mar 5, 2023

@mimsical this is insane - get on a vpn and the privacy browser and delete meta/Facebook and all logins using their tech.

BoredomFestival Mar 6, 2023

@erinmalone @mimsical (1) the average person doesn't even know what a VPN is (2) even if they do, it should not require a VPN to freely seek information and/or maintain one's bodily autonomy

Statmonkey 🙊Mar 6, 2023

@mimsical We have to make better choices America

Alfredo Montanez Mar 6, 2023

@mimsical this is why we need to delete the big tech companies from our lives

Martin Vermeer FCD Mar 6, 2023

@mimsical #DuckDuckGo.

Dancingwiththebeloved Mar 6, 2023

@mimsical steadily chipping away... but I am holding to the vision that Gen Z is pretty pissed at what's happening and that they are "arriving" at voting age in the nick of time... 😁

jonossa seuraava Mar 6, 2023

@mimsical
the land of the free

inaforest Mar 6, 2023

@mimsical ...in a "country" where women are stripped of reproductive rights..

Synchroma Mar 6, 2023

@mimsical

𝗖𝗔𝗡𝗡𝗢𝗧 𝗦𝗔𝗬 𝗜𝗧 𝗟𝗢𝗨𝗗 𝗘𝗡𝗢𝗨𝗚𝗛

#Privacy protection has been stricken & apps are subject to being data-mined to prosecute women.

Dating apps, health apps, shopping apps... all this #data can be used to prosecute a #woman in an #abortion case.

#RoeVsWade was sentenced on the premise that because the right to privacy IS NOT ENUMERATED in the constitution, it is illegal.
(𝘷𝘰𝘵𝘪𝘯𝘨 𝘳𝘪𝘨𝘩𝘵𝘴, 𝘸𝘩𝘰 𝘺𝘰𝘶 𝘮𝘢𝘳𝘳𝘺/ 𝘭𝘪𝘷𝘦/ 𝘴𝘭𝘦𝘦𝘱 𝘸𝘪𝘵𝘩, 𝘦𝘵𝘤... 𝘕𝘖𝘕𝘌 𝘖𝘍 𝘛𝘏𝘌𝘚𝘌 𝘢𝘳𝘦 𝘦𝘯𝘶𝘮𝘦𝘳𝘢𝘵𝘦𝘥)

𝗠𝗔𝗡𝗔𝗚𝗘 #𝗗𝗔𝗧𝗔 𝗪𝗜𝗦𝗘𝗟𝗬
🚺#WomenRights

@mimsical THIS IS WHY PEOPLE SHOULD NEVER EVER TRUST ANY CORPORATION!

THEY'LL ALWAYS BE BETRAYED IF THEY DO!!

ALSO: LEARN TO USE PROPER #E2EE aka. #GnuPG & #OpenPGP and no, going to another #SingleVendor / #SingleProvider solution won't help.

Regarldess if #ProtonMail, #Tutanota, #Signal, #WhatsApp, #Threema, etc.

@mimsical seriously...
https://mstdn.social/@kkarhan/109973854438891271

Kevin Karhan :verified: (@[email protected])

@[email protected] amd that's why noone.should.trust any #platform with #security or #encryption. Or as @[email protected] once said: " I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo " - https://mobile.twitter.com/thegrugq/status/1085614812581715968 Also "#LawfulInterception" exists and EVERY SINGLE PROVIDER WILL SNITCH ON CUSTOMERS before risking getting unplugged by regulators and to be hold in contempt for customer's actions.

Mastodon 🐘

https://mstdn.social/@kkarhan/109974440976543971

@mimsical for the last time to everyone: ENCRYPT YOUR SHIT!

Kevin Karhan :verified: (@[email protected])

Attached: 1 image @[email protected] @[email protected] And yes, #Thunderbird - which is included in #Ubuntu LTS for over a decade, which is completely free - also does #GnuPG / #OpenPGP transparently. To the point that I've to do more steps to sent an unencrypted eMail, as it defaults to encrypted eMails. https://mstdn.party/@husbandpanda/109974401951231194

Mastodon 🐘

catraxx Mar 6, 2023

@kkarhan @mimsical Just the tip of the iceberg.

https://mstdn.social/@kkarhan/109975545519318785

@catraxx @mimsical yeah, but neither shocking nor surprising...

Kevin Karhan :verified: (@[email protected])

@[email protected] @[email protected] I can hear Jacob "ioerror" Appelbaum scream "#ToldYaSo!"...

Mastodon 🐘

@catraxx @mimsical Or did people not expect that #NSAbook / #StasiBook will shaft them harder than #ANØM did when it turned out it was a #honeypot aka. #OperationIronside / #OperationTrojanShield?

NEVER EVER TRUST PLATFORMS!

catraxx Mar 6, 2023

@kkarhan @mimsical I only wonder when there will be consequences.

parajoudal Mar 6, 2023

@mimsical oh, privacy has been dead for a loooooong time

eramne Mar 6, 2023

@mimsical this is dystopian

Tagaziel Mar 6, 2023

@mimsical Its everywhere. A political dissident here in Poland has a five-year-old kid, and struggles with depression. When someone recently committed suicide in the Warsaw metro, she commented on FB that she struggles with suicidal thoughts. Cue a police raid, forced into an ambulance for a psychiatric evaluation, while the police gets a court order and basically abducts her son from kindergarten - she only learned that after two psychiatrists cleared her and she went to pick him up.

My camera shoots fascists Mar 6, 2023

@mimsical

The article (which, ugh, co-mingles a bunch of issues without properly addressing any of them) says Meta gets 400,000+ government requests for user data per year, so about 1,100 per day. The cost of protecting privacy by reviewing every request is a disincentive to do so. Tough shit

Meta (et al.) need to figure out how many experts they need to hire to effectively deal with those requests. Right now that is cost that they are externalizing onto their users/public. That *is* on them.