this post was submitted on 30 Aug 2023
268 points (98.6% liked)

Technology

59402 readers
2858 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

A new bill sponsored by Sen. Schatz (D-HI), Sen. Cotton (R-AR), Sen. Murphy (D-CT), and Sen. Britt (R-AL) would combine some of the worst elements of various social media bills aimed at “protecting the children” into a single law.

top 27 comments
sorted by: hot top controversial new old
[–] pgm_01@kbin.social 41 points 1 year ago (1 children)

Message sent. One of the cosponsors of this madness is one of my Senators. We need universal healthcare. Instead, we get a proposed universal tracking system for people to access the internet. Stupid, stupid, stupid!

[–] HarkMahlberg@kbin.social 5 points 1 year ago (1 children)

One of my senators sponsored KOSA, the other sponsored this one, I literally can't win.

[–] Corkyskog@sh.itjust.works 1 points 1 year ago

From CT I guess? I always thought Murphy was reasonable, I expect that shit from Blumenthal.

[–] CookieJarObserver@sh.itjust.works 39 points 1 year ago (1 children)

Protecting children by taking everyone hostage. Fuck that, Parents are 100% responsible not everyone else.

[–] korazail@lemmy.myserv.one 6 points 1 year ago (1 children)

As a parent, and as a kid who grew up in the infancy of the internet/Social Media, I think there is a very fuzzy line here. Specifically, I'm fighting the concept that 'parents are 100% responsible'. I'm responding to Cookie, but not really disagreeing with them.

Kids have attempted to subvert their parents rules since the beginning of time. "I'm not touching you..." says the older brother in the car as his sister screams in annoyance. "You didn't say I couldn't have Ice Cream -- With sprinkles on it!"

I am an IT professional, focused in Cyber Security. I can lock down anything that touches the internet -- if it's in my house.

My kiddo, though, has access to a school chromebook. Guess how much control I have over that.

Chromebooks are fun. I have one, I have a family account for him, where I can control what and when he can access the internet. If he logs into MY chromebook with his SCHOOL account, he bypasses all of those controls. Hell, even his school chromebooks have a 'guest' option that bypasses almost all controls at the OS level. That was a relatively simple fix (for MY chromebook, not his school one) once I caught it, but it's a symptom of a bigger problem. All these internet connected devices tend to have their own flavor of browser with their own flavor of parental controls, if any. For any non-tech-savvy person to understand all the ramifications is unreasonable - and you'd better believe that the kids are more tech savvy than their parents and will find the gaps.

I don't claim to know the solution. And I fully agree with the article linked: 'Age verification' and 'Parental approval' are BAD (from a tracking standpoint, but also because kids and parents might not align on some issues) if not merely insufficient, but I do think there needs to be some culpability on the service provider to ensure that children are not subject to obvious( and here's the rub -- what is "bad") bad stuff.

If my kiddo turns out to be racist, that's partially on me, but I need help from other parties to ensure it wasn't because he tripped over a pokemon lets-play where the streamer was spewing hate-speech and he internalized that because he is 8 and takes everything for face-value. I literally cannot keep him off youtube completely, and even if I could, I would also deny him any bit of the cultural knowledge that would help him to make relationships in the real world. I have forbidden fortnight and roblox and you can't imagine the angst I get from just those. (And he plays them at friend's houses anyway)

The majority of the onus falls on parents, that is true, but kids are not rational and don't see the world the same way adults do. I need help ensuring that my kid is not subject to the trash pit that the internet is. There are too many ways and places for my kid to fall in to terrible things. The linked bill is terrible, but we probably do need something to help the average parent keep their kids away from large parts of the internet. ___

[–] gornius@lemmy.world 10 points 1 year ago (1 children)

As a 1998 who had access to the internet during its wildest peak with no parental control at all (had internet since I was 10 years old), I do not agree with ANY parental control. Your kid is going to stumble upon these topics anyway, sooner or later, internet or real life.

Instead of preventing it - monitor it, and make sure you discuss it with them. Some years from now on, you will lose whole control over them, and then they won't be easily persuaded.

Censorship creates people that are easily manipulated - no matter what your intentions are.

[–] Ajen@sh.itjust.works 1 points 1 year ago (1 children)

What years do you think we're the internet's wildest peak?

[–] gornius@lemmy.world 1 points 1 year ago

The times just before social media. Internet was just modern enough to serve memes to thousands of users, yet it wasn't treated as serious as now. It was literally wild west of digital world.

[–] slumlordthanatos@lemmy.world 21 points 1 year ago

As an Arkansan, I can assure you that anything with Tom Cotton's name on it is 100% undiluted evil and should be acted against with extreme prejudice.

[–] HarkMahlberg@kbin.social 7 points 1 year ago (4 children)

So maybe someone can fill me in on why the EFF opposes a digital national ID system. I know that Estonia has a cryptographically secure, free, and incredibly useful ID system. Is the fear of political persecution from the opposite party the reason we don't implement that kind of system?

[–] MajorHavoc@lemmy.world 10 points 1 year ago (1 children)

Governments have misused digital records about people in horrifying ways - IBM and the Holocaust article on Wikipedia

[–] Eximius@lemmy.lt -4 points 1 year ago* (last edited 1 year ago) (1 children)

That is quite a twist to use severely out-dated examples for the modern world of today.

The technology for mass data analysis is here and make no mistake all data about you is there in an NSA computer folder.

The question is, why the fuck can't the government give you a nation-backed digitally-verifiable ID number for you that is useful for you, when they have one of you anyway, because they gave you a passport/driving licence.

[–] MajorHavoc@lemmy.world 8 points 1 year ago (1 children)

Dismissing the holocaust as an "out-dated example" is actually a crime in some places, for good reasons.

In case you're asking in earnest, I can assure you that the technical risks are much bigger today than they were in the past, in most of the world. Exfiltration by third parties, illegal sales, and one-sided terms-of-use are big issues today.

The government certainly can give me a centralized ID and not cause any problems. But for those who think it'll automatically be fine - it's worth reading some history.

Some countries have the necessary culture and laws to make a centralized government tracked ID reasonably safe. Many do not.

We would each be wise to stay aware of which we reside in.

[–] Eximius@lemmy.lt 1 points 1 year ago* (last edited 1 year ago)

Nowhere am I dismissing the holocaust.

The example given in the wikipedia article is one small part of the holocaust, while helpful for Nazi efforts, if it did not exist, it would have had 0 ideological hindrance, and most likely would have been managed in some other (maybe less efficient) way, not with IBM punch-cards specifically. I would say it is a bad and irrelevant example. Especially since the world has gone quite a bit away from "out-dated" punch-cards.

I am arguing that having a digitally-verifiable ID has 0 impact on the country's ability for surveilliance of you, since it does that without it, without much hindrance.

A digitally-verifiable ID only impacts your ability to prove your identity online. That's really all. And lack of it is just one symptom of an anti-progressive (whether slow, or inept, or purposely obtuse) country government.

[–] Nowyn@sopuli.xyz 9 points 1 year ago (1 children)

I think having a digital ID system is very important in the modern age but where it is required needs to be limited. You should not need to use it where it isn't strictly necessary. We have one in Finland too. You will almost entirely use it to use official services that would need your ID in person as well. In this proposal, the issue is not digital ID but how it would be used. First, where it would be used could compromise revealing too much of your identity when you want privacy and secondly and more importantly, it could compromise revealing your private actions to the government. Latter can move into highly problematic territory when criminalizing actions that should not be criminalized.

[–] HarkMahlberg@kbin.social 1 points 1 year ago

Thanks for the well reasoned reply. Hyvää iltaa!

[–] MaxHardwood@lemmy.ca 4 points 1 year ago (1 children)

The EFF is notoriously kind of an extremist organization when it comes to privacy and any sort of tracking of people; not in a bad way though I think.

[–] chakan2@lemmy.world 7 points 1 year ago (1 children)

I wouldn't call it extremist...it's usually reasonable policy protecting people's privacy. It's only extreme because it would severely cut into big tech's profits and the USs surveillance capacity.

[–] MaxHardwood@lemmy.ca 4 points 1 year ago (1 children)

Probably more apt to call them absolutists than extremists.

Within the privacy community, EFF's viewed as pragmatists -- far from absolutists or extremists. So I agree with @chakan2@chakan2@lemmy.world, it only gets regarded as extreme because big tech and the surveillance-industrial complex have normalized not expecting privacy.

[–] thenexusofprivacy@lemmy.sdf.org 2 points 1 year ago (1 children)

That's one of the concerns. Here's more, from https://www.eff.org/issues/national-ids

Mandatory national ID cards violate essential civil liberties. They increase the power of authorities to reduce your freedoms to those granted by the card. If a national ID is required for employment, you could be fired and your employer fined if you fail to present your papers. People without ID cards can be denied the right to purchase property, open a bank account or receive government benefits. National identity systems present difficult choices about who can request to see an ID card and for what purpose. Mandatory IDs significantly expand police powers. Police with the authority to demand ID is invariably granted the power to detain people who cannot produce one. Many countries lack legal safeguards to prevent abuse of this power.

Historically, national ID systems have been used to discriminate against people on the basis of race, ethnicity, religion and political views. The use of national IDs to enforce immigration laws invites discrimination that targets minorities. There is little evidence to support the argument that national IDs reduce crime. Instead, these systems create incentives for identity theft and widespread use of false identities by criminals. National ID cards allow different types of identifying information stored in different databases to be linked and analyzed, creating extreme risks to data security. Administration of ID programs are often outsourced to unaccountable companies. Private sector security threat models assume that at any one time, one per cent of company employees are willing to sell or trade confidential information for personal gain.

[–] HarkMahlberg@kbin.social 2 points 1 year ago (1 children)

Alright, I'm going to be critical of this entire article, but in particular the paragraph you quoted, "Why You Should Oppose National ID Regimes." I have a lot of facets I want to tackle and no particular order in which to tackle them. There's no TL;DR... sorry, not sorry, but still kinda sorry. 1/?

Right up front, my philosophy is this: we sacrifice freedom for security all the time. It's not even an open question, the answer in reality is we do. Why are we only allowed to drive on one side of the street, ought I to be able to drive on the whole street, or whichever side I please? Well, we all agreed to limit ourselves to one side of the street to ensure we don't crash into each other. We stop at red lights. Why? A simple color cannot stop me from reaching my intended destination! Well we stop so we can let other people go first, and then we wait our turn. Why do we wait in lines? Why do we have customs, and rules, and laws? Why do we limit and restrict ourselves? Because we want to add some security to our lives, or at the very least remove one worry from our basket of worries. The restrictions we self-impose are all outweighed costs that we pay to derive some benefits. So this is the frame of mind with which I'm approaching this article.

First, most of this article talks about biometrics collection. Now my knee-jerk reaction is yeah, creepy! Why should anyone know my "fingerprints, iris, face and palm prints, gait, voice, and DNA?" But despite the article talking about biometrics for the majority of its length, it's not really about biometrics is it? It's about National ID's, and biometrics are just one method to create a National ID. We use other personal information to identify ourselves all the time. You have a Hinge or Bumble profile? What's on it? Your name, your gender, your face. When we get our driver's licenses, what's on it? Our names. Our height. Our eye color. Our birthdates. When you open a bank account, what do they ask for? Your Social Security Number...

[–] HarkMahlberg@kbin.social 2 points 1 year ago* (last edited 1 year ago) (1 children)

2/? Hey, real quick. You know how on old SSN cards it says "For Social Security and Tax Purposes - Not For Identification." That was added in 1946 but removed in 1972. And uh... I definitely couldn't get my current job without providing my SSN, I couldn't open my bank accounts without it, and I couldn't receive retirement benefits without it. So...

If a national ID is required for employment, you could be fired and your employer fined if you fail to present your papers. People without ID cards can be denied the right to purchase property, open a bank account or receive government benefits.

...We're already there. Yes even the purchase property bit, because you get your credit checked for the mortgage loan. "... landlords, cable companies, cell phone providers, or even credit reporting agencies, which all habitually request SSNs simply >> because a number is more precise than a name. << emphasis mine.) And our 9-digit, unencrypted social security number is not even that precise or secure!

Once biometric data is captured, it frequently flows between governmental and private sector users. ... Private sector security threat models assume that at any one time, one per cent of company employees are willing to sell or trade confidential information for personal gain.

We've already had the Equifax breach with SSN's. That wasn't a devious or disgruntled employee looking to make a quick buck, that was the entire organization choosing to skimp on security to save money. And no, I don't believe the CEO of Equifax when he says this was all to blame on one person. A failure that big is never the result of one individual, but a result of the entire institution full of people who failed to recognize and remedy the problem. So I'm in agreement with @Nowyn, we should be judicious about who can access your ID and set some consequences for them if they abuse or misuse that access. (I think it would help if we had cryptographically secure ID's, but that's an extra layer I don't want to jump into, I've ranted enough already.)

We already sacrifice freedom for security all the time. We already sacrifice privacy for identity all the time, from dating profiles to driver's licenses. We already have a national ID system, it's called Social Security, and it sucks. We're already there, so where do we go from here?

[–] HarkMahlberg@kbin.social 2 points 1 year ago* (last edited 1 year ago) (1 children)

3/? So here's my biggest beef with the EFF article. In school I was taught the most convincing arguments are made with synthesis - you have to both support your thesis and interrogate your antithesis. You may notice I haven't done that myself... guilty as charged.

I see the EFF has a lot of one-sided arguments for why you should oppose national ID systems... in fact they just tell you outright to oppose them. But I'm not easily convinced by a series of negative arguments with nearly zero analysis of the purported benefits of national ID's. This is the closest I think the article has:

After 9/11, many governments began collecting, storing and using biometrics identifiers in national IDs. Authorities justified these initiatives by arguing that biometric identification and authentication helps secure borders, verify employment and immigration, prosecute criminals, and combat identity fraud and terrorism.

...Maybe I'm just a certain kind of jaded or I'm just part of the wrong demographic, but whenever I see 9/11 being invoked, it's like a magic spell. It's such a universally terrible event that we can put it next to anything and taint it by association. "After 9/11, many video games began to feature 3D photo-realistic graphics." It's correlative, not causative. What else happened around 2000, 2001? Home computers became widely accessible? Google redefined the search engine? Yes, 9/11 is contextually important to the United States because it catapulted the PATRIOT Act through the legal process like a hot knife through butter. But was it also the catapult for "many other governments?" Or was computing power and data collection becoming more accessible, facilitating the collection of more information to increase the accuracy or security of preexisting national ID systems?

In fact the entire article reads as if it was written only for an American audience, and specifically a FUD-driven American audience. In the sidebar are short paragraphs talking (again, only negatively) about national ID systems in Argentina, France, India, and Kenya. Why is there no mention of Estonia, or Malaysia?

I'll admit this is personal, but I am not easily convinced by arguments that only focus on stopping something from happening, especially after it has already happened. And EFF's American-centric arguments ignore the fact that de-facto ID's are a problem elsewhere in the world. "Ireland's Public Services Card is not considered a national identity card by the Department of Employment Affairs and Social Protection (DEASP), but many say it is in fact becoming that, and without public debate or even a legislative foundation." It's a form of American exceptionalism, as if we have nothing to learn and nothing to gain from seeing how other countries operate and determining if/how we could apply their systems, or improve on their systems, at home.

Yes, the article presents a lot of problems with a National ID system. So... let's solve some of them? "Administration of ID programs are often outsourced to unaccountable companies." Social Security isn't, so maybe we can create a public bureau to issue and administrate a freely available national ID. "Historically, national ID systems have been used to discriminate against people on the basis of race, ethnicity, religion and political views." Alright, let's write and enforce laws that prohibit discrimination based on protected classes.

If we abdicate our ability to investigate and analyze complex problems, we don't make the problem go away. We just invite less scrupulous actors to attempt to solve that problem and exploit a lot of people along the way. We don't have a national ID system? The credit bureaus will co-opt the SSN. We don't have a virtual public square? Elon Musk will take Twitter and twist it into his image. Every problem we ignore, the ones where we eschew imperfect solutions in pursuit of ideological purity, is an opportunity to a grifter. If you don't trust the government to make a national ID... do you trust the free market more?

What's the cost of a national ID system? Privacy. Some freedoms. The government gets to collect more data about you. Build models of where you've been, what you bought, who you associate with.

What's the cost of not having a national ID system? A private interest can do all those same things, For profit.

[–] HarkMahlberg@kbin.social 2 points 1 year ago* (last edited 1 year ago) (1 children)

This thread is talking about a US-based law, so I shared EFF's perspectives on national IDs in the US. For a more international view, check out Why ID https://www.accessnow.org/campaign/whyid/ -- which they've signed along with dozens of other civil society organizations.

It's true that there are potential upsides of national ID systems as well as downsides. But as that Why ID letter says, "the scalability of digital identity programmes also makes their harms scalable. It is far from being proven that most digital identity programmes have brought additional benefits to users, without placing them at risk." You're right that private implementations have similar issues -- data brokers and tech companies are as careless with data as government agencies are, and just as eager to abuse people's privacy. But there are also some big differences: a national ID is mandatory, and the government has much more of an ability to put you in jail or deny you your rights.

[–] tronx4002@lemmy.world 6 points 1 year ago

While I don't support bills like this from the gvmt, I wouldn't mind if more social media companies had the mindset of The Well's "you own your own words" where everyones real identity is used.