Seeing drone dropped grenades everywhere in Ukraine has made me worried about normalized "drone drop murders" spreading to the rest of the world. With widely available addresses gang violence, political killings, and even online flamewar escalations will become much much uglier.
Who needs to do a driveby shooting if you could drop a homemade bomb from a McDonalds bathroom 20 miles away using some jailbroken drone? Violence isn't the only issue either -- Imagine what will happen when courts catch up to the internet age. Get ready for the normalization of digging through decades of comment history to character assassinate people on a whim. This is getting really bad. I don't think society at large is ready for the coming nightmare.
--
We need immediate privacy reforms to:
1. Fine companies for requiring unneeded personal data. Fine companies for collecting addresses and numbers when they don't need them. Address + number specifically should be dumped when no longer needed.
2. Fully regulate+audit data-based industries to confirm that anonymized user profiles are truly anonymous.
3. Raise the legal bar allowing usage of personal data to harm an individual. Lawyers and employers shouldn't be able to find+splice your Youtube comment history to try and character assassinate you outside of some felony-tier criminal case.
Changing posession of personal user data from a financial asset to a liability is probably the most effective thing the government could do in the near term to protect people's information. Companies right now are incentivized to collect tons of personal data because it's worth real money to them and others, and the liabilities mostly fall to the users. If there were heavy financial consequences to leaking personal data then companies would self regulate away a lot of terrible behavior that is currently common.
Sometimes the US perspective of things is completely surreal for me as a European. In a country where you can buy assault rifles with minimal background checks, people worry about addresses being available because someone might be able to look up the address to kill them with a drone and a home made bomb.
As other commenters have mentioned, US American's ease of access to firearms does not extend to their usage. If you buy a weapon and wrongly shoot someone, there is a system in place to make sure you are found and punished. There is no such system in place for catching people flying drones.
> In a country where you can buy assault rifles with minimal background checks, people worry about addresses being available because someone might be able to look up the address to kill them with a drone and a home made bomb.
Drones and IUDs may be less traceable than guns and offer even less risk to the user. Currently if you're going to use a gun, you basically have to be suicidal or care zero about the consequences.
But that also brings up a good point -- people worry about addresses being available because someone might be able to use a gun and kill them as well. Or hell, just their fists.
Doxxing is dangerous, is this not the case in Europe as well?
As an European living in Europe I worry about addresses being available because someone suitably unhinged and upset can come to my house and stab me, set it on fire, etc.
yeah the random killings and random violence are quite low in comparison to domestic violence. while disgruntled people you may know are a bigger vulnerability surface but the social connection makes it easier for the assailant to get caught. so the potential assailants (everyone) has an incentive to think of things more elaborate than picking up their semi automatic gun
Since guns are easily available, it's harder to kill someone.. since they might have a gun.
In Europe, all you need to kill your enemy and his family is two guys and a baseball bat or a knife. In America, you atleast need a gun since odds are they have a gun at home.
Tell me you know nothing about US gun laws without telling me you know nothing about US gun laws. Some states have stricter laws than Switzerland and Czechia.
As a European who has been living in the US for a decade, yeah, you're pretty spot on. Americans are a scared people, probably the most scared I've ever seen. Afraid of the gov't, the neighbors, and random people they don't even know. I've gotten a ton of hate as a foreigner and I am not surprised a hateful, greedy and selfish population like here is afraid somebody will take them out with an improvised device.
Imagine Iranian agents using these address books to track down naval officers in San Diego from across the border in Tijuana. Having a global address book lowers the barrier for hunting people down and hurting them. This is already happening to off-duty Russian officers mowing the lawn at home.
Being able to look up someone's address normally isn't a problem. Extremists and nut jobs being able to compile a list of people whose religion, political views, sexual preferences, medical conditions, and purchase habits makes them a target for violence is the problem. At that point being able to find them (using their street address or even real time geolocation data) becomes a pretty big part of that threat.
The drone drop on individuals is not the biggest worry.
Long range autonomous drones clearly are able to take out large scale infrastructure like pipelines, ships etc, the soft underbelly of the western world. And against the poor and proxy war forces of the world, the law is useless. We will miss the covid delivery crisis very soon.
And yes the US has the biggest navy, but against current drifting Kajak sized anti-ship submarine drones it and civil shipping is actually quite vulnerable.
And to make such a device smart enough to sleep until it identifies sounds and ship pictures, it needs no military industrial complex magic. A smartphone will do..
Completely agree. Personal information should be a liability to corporations. It should actively cost them money to know anything at all about us. They should be scrambling to forget all they can the second we're done transacting with them.
Most of the footage from Ukraine is from flat empty landscape targeting stationary targets. Trying to do the same on an urban environment with moving targets is way more complicated.
> Who needs to do a driveby shooting if you could drop a homemade bomb from a McDonalds bathroom 20 miles away using some jailbroken drone?
Driveby shootings are super easy. Drone bombing someone is way harder. Especially from 20 miles away. I don't see how Ukraine would change that.
Getting away with driveby shooting requires about the same amount of faff as getting away with a drone murder. (Because in both cases unless you biff it spectacularly the police is not going to catch you red-handed. They are going to find you based on who wanted the person gone.)
> Because in both cases unless you biff it spectacularly the police is not going to catch you red-handed.
The barriers for police have also gotten lower over the time. The thing where a lot of criminals get caught is dragnet surveillance - just subpoena Google, Apple and the operators of cellphone towers for a list of everyone who was in the proximity of where a crime happened, and they have no choice but to deliver the data you yourself collected to the police.
This is also getting worse because it's just a matter of time until states with abortion bans subpoena Google, Microsoft and Apple for which persons that are regularly in that state have visited known abortion providers in another state in a timeframe consistent with an abortion visit, or who have searched about abortions on the Internet.
You can buy Tannerite without an explosive license from the ATF. It's been used in past bombings. Plus, unless they outlaw anything from crude oil, alchohol and the plants used to produce it, gun powder, fireworks, and most chemicals under your kitchen sink, there are thousands of combinations that produce a material that can be used to make explosives. Access or lack of isn't the limiting factor, people's willingness to do it is and always will be the case. Air can make an explosive.
I'd sure be upset about a remote Molotov cocktail payload busting through my window and burning my house down. Things don't have to be explosive to be dangerous.
I heard this on NPR and I appreciate the avenue by which the red flag is being raised, but it bothers the shit out of me, because EVERYONE'S personal data is being sold by online brokers.
The implication that their data is more important or something just seems like a ploy to get more eyeballs on the research.
Service members are uniquely vulnerable. They are employed by the government which makes them a target of hostile foreign powers, and they're often ordered to give away their personal information while in service often out of habit and not out any genuine need to have the service members SSN.
All very correct, and to add to this as someone who's had direct consequences due to my information being sold: we have more sensitive personal information, and that information is more sensitive than that of an average civilian.
The holy Grail of documents is the DD-214, which has every single piece of sensitive personal information a civilian has, all in one place, and we are REQUIRED to keep it indefinitely, to present it under a large number of circumstances. It's a complete identity package; full name, signature, photo, work history, residence history, dates, personal description, mother's maiden name, date of birth, location of birth, name of birth hospital and doctor. Then there's security clearance paperwork, which may be even worse, extensive un-redacted medical records, etc.
All of these documents are viewed hundreds of times by hundreds of people during a military career, scanned, photocopied, emailed, printed, all without any sort of authorization or even knowledge by the service member. It's legitimately scary. And then after you're out, all of this information is managed by the VA by people who have nearly unrestricted access to it, and in my case along with thousands of others, put on a thumb drive and taken home and sold to a broker. It's a life ruiner.
Nothing you listed is unique to the military. The private sector is also the target of hostile foreign powers. The private sector is also made to feel obligated to give away more personal information that is likely necessary.
Unfortunately, thanks to surveillance capitalism, everyone is "uniquely vulnerable". You can never know which of the billions of data points that make up your dossier could make someone target you. Your political views, your religion, your employer, your sexual preferences, your genetics, any of it, however inaccurate or outdated, can make you a target to someone and all that data never goes away.
Hostile foreign powers are a problem, but so are hostile domestic extremists along with a large population of the mentally ill who over the last century have gone from being abused to being ignored, which means that while most of the mentally ill are harmless, nobody is keeping an eye on the ones who aren't. Not even after they get repeatedly reported to authorities by concerned family members (Robert Card, Ethan Crumbley, Orlando Harris, etc).
> The implication that their data is more important or something just seems like a ploy to get more eyeballs on the research.
So? Their data IS more important from a national security perspective, as the study suggests. If you handle nukes, your personal information would probably be more valuable than the data of someone flipping burgers at McD.
If this framing - 'the data brokerage industry is in itself a threat to national security' - forces congress to better regulate the industry, I think it is a win even if the regulations will only target military folks. It's a foot-in-the-door and objectively a good thing for the US national security.
Yes, the most troubling "red team" ideas are about attacking service members in their personal lives at home. Rather than attacking our nuclear bombers, submarines, and ICBMs, an adversary could target the people who operate and maintain those things, or their families, in their personal financial lives and neighborhoods where they are soft targets and reliant on law enforcement for protection.
Sometimes that is all that is needed to move the needle. Tik tok almost moved it but that just made certain swaths of the political spectrum ask for a direct ban (with other downsides eg. 1st amendment concerns) instead of overarching policy reform.
"Policymakers should consider the following steps:
Congress should pass a comprehensive U.S. privacy law, with strong controls on the data brokerage ecosystem. The most effective step to prevent harms from data brokerage for all Americans would be a strong, comprehensive privacy law."
if you don't just ban it, you get the whole GDPR consent banner issue. what is the downside of banning it? it's not like businesses couldn't manage advertising before the internet was around
More specific statements can be more impactful to the listener.
"Everyone's car is getting stolen these days" ... "Yeah, isn't that crazy? What are ya gonna do?"
"Your car is getting stolen right now" ... "Wait, what!?!?"
I think people really just write off the scale and scope of data privacy in this country as "yeah, sounds bad, but since it's happening to everyone there's nothing I can do about it"
I'm not sure they are implying their data is more important. FWIW, the research claims:
Most of the previous research on data brokers and national security focuses on data about all U.S. persons, rather than focusing on servicemembers as we do in this report. Research in both categories is described here.
Also, I think of note is that Military personnel are unique in that they are banned from using tiktok, at least right now, as of recently. This research, combined with earlier and future research might be able to determine what kind of effect this ban has on data collection/data brokers.
I also think it is unique in that the US government is the employer of military personnel, so if they take any action related to protecting their employee data from brokers or from selling, maybe this can be a model for all US citizens, or at least for other employers.
To my knowledge, I'm not banned from using TikTok as a US military service member. The ban is about using it on government furnished equipment / devices / networks.
I'm sure the military still has a SSN field on EVERY. SINGLE. FORM. they have you fill out while you're in the service. There was talk of replacing that with a "service number" but somehow I doubt they've got around to it yet.
Between VA employees leaving laptops full of PII laying around and that big OPM leak several years ago, I apparently have no private life.
The US military does not use the SSN as a username or a password. They've had smartcards, even on Linux, as far back as 20 years ago or more. Users without smartcards have to go through 2FA with a username/password combination and codes over SMS or proper TOTP (depending on agency).
The problem is that the entire Department of Defense is still very much a paper-oriented organization, and they got rid of service numbers in the 1970s, leaving the SSN as the only meaningful unique identifier. As a result it gets put on every piece of paperwork associated with a service member. Their own recordkeeping practices have the consequence that if you get almost any paperwork regarding a soldier, it has enough information to gain access to other personal information.
I think you're thinking of the Office of Personnel Management (OPM), not OMB (although I did just learn that the Trump administration proposed to merge parts of OPM into OMB).
In my experience, though, people now freak out if you fill in the SSN field on the form, because that makes it PII with a bunch of requirements for proper storage and transmission. This is despite the fact that most of the other information on the form already makes it PII, regardless of the presence of a SSN.
It did take a few years in the mid-2010s for the forms to catch up and replace the SSN field with the DOD ID number. In 2021, I think I was supposed to get new ID tags (dog tags) that would have my DOD ID number instead of my SSN.
We've spent two decades since 9/11 constantly asking everyone if they are active-duty or former military (boarding priority, 10% off at lowes, free meals on veterans day), and now we have a hunch some data might have been leaked?
What outcome did we expect?
There are some aspects of my work history that no one knows about and I would definitely not share them with a 3rd party just so I can board a plane 3 minutes before everyone else.
The issue is made so much worse because banks and the like are willing to withdraw money from someone's account with just the SSN and some other basic information. And the banks aren't held accountable when they give your money to a scammer. Rather they blame you for identity theft, and the government sides with the banks.
That reminds me of Strava leaking the workouts of military members, making it very easy to identify the location of secret military bases (this video mentions it: https://www.youtube.com/watch?v=V2WrDZnk33g&t=341s).
1. Servicemembers hold security clearances and thus access to critical things.
2. Leaked PII is a national security threat. This report, I'd argue, is good 'marketing' for the very real need for privacy protections nationwide. The U.S. military is, despite its best efforts, still an admired and respected institution.
That doesn't have any relevance to my point. Currently there is no infrastructure in place to secure people with clearance more than anyone else, so it's no surprise their data is available.
As for your second point, big shrug. All the data is already out there and isn't going away anytime soon. Best case is to protect future data from being leaked, but the US isn't going to outlaw data brokers anytime soon and holding companies with poor computer security practices to account is very recent.
Our nation allows private companies to SELL PII. Our nation utilizes the availability of said PII to build their own spying apparatus. Law Enforcement uses harvested location data to track people without any warrants or due process.
You are ignoring huge parts of reality to be able to say those 2 points above.
Readit News
Who needs to do a driveby shooting if you could drop a homemade bomb from a McDonalds bathroom 20 miles away using some jailbroken drone? Violence isn't the only issue either -- Imagine what will happen when courts catch up to the internet age. Get ready for the normalization of digging through decades of comment history to character assassinate people on a whim. This is getting really bad. I don't think society at large is ready for the coming nightmare.
--
We need immediate privacy reforms to:
1. Fine companies for requiring unneeded personal data. Fine companies for collecting addresses and numbers when they don't need them. Address + number specifically should be dumped when no longer needed.
2. Fully regulate+audit data-based industries to confirm that anonymized user profiles are truly anonymous.
3. Raise the legal bar allowing usage of personal data to harm an individual. Lawyers and employers shouldn't be able to find+splice your Youtube comment history to try and character assassinate you outside of some felony-tier criminal case.
It should cost enough to retain personal data that, unless that's your primary business and you're very good at it, it doesn't make financial sense.
Drones and IUDs may be less traceable than guns and offer even less risk to the user. Currently if you're going to use a gun, you basically have to be suicidal or care zero about the consequences.
But that also brings up a good point -- people worry about addresses being available because someone might be able to use a gun and kill them as well. Or hell, just their fists.
Doxxing is dangerous, is this not the case in Europe as well?
In Europe, all you need to kill your enemy and his family is two guys and a baseball bat or a knife. In America, you atleast need a gun since odds are they have a gun at home.
Source: get me out of here
Dead Comment
Imagine Iranian agents using these address books to track down naval officers in San Diego from across the border in Tijuana. Having a global address book lowers the barrier for hunting people down and hurting them. This is already happening to off-duty Russian officers mowing the lawn at home.
Long range autonomous drones clearly are able to take out large scale infrastructure like pipelines, ships etc, the soft underbelly of the western world. And against the poor and proxy war forces of the world, the law is useless. We will miss the covid delivery crisis very soon.
And yes the US has the biggest navy, but against current drifting Kajak sized anti-ship submarine drones it and civil shipping is actually quite vulnerable.
And to make such a device smart enough to sleep until it identifies sounds and ship pictures, it needs no military industrial complex magic. A smartphone will do..
Driveby shootings are super easy. Drone bombing someone is way harder. Especially from 20 miles away. I don't see how Ukraine would change that.
Getting away with driveby shooting requires about the same amount of faff as getting away with a drone murder. (Because in both cases unless you biff it spectacularly the police is not going to catch you red-handed. They are going to find you based on who wanted the person gone.)
The barriers for police have also gotten lower over the time. The thing where a lot of criminals get caught is dragnet surveillance - just subpoena Google, Apple and the operators of cellphone towers for a list of everyone who was in the proximity of where a crime happened, and they have no choice but to deliver the data you yourself collected to the police.
This is also getting worse because it's just a matter of time until states with abortion bans subpoena Google, Microsoft and Apple for which persons that are regularly in that state have visited known abortion providers in another state in a timeframe consistent with an abortion visit, or who have searched about abortions on the Internet.
It's gotten a lot harder to drive off into the sunset when there are massive CCTV networks.
Drone physically distances the operator from the crime.
https://en.wikipedia.org/wiki/Tannerite
The implication that their data is more important or something just seems like a ploy to get more eyeballs on the research.
The holy Grail of documents is the DD-214, which has every single piece of sensitive personal information a civilian has, all in one place, and we are REQUIRED to keep it indefinitely, to present it under a large number of circumstances. It's a complete identity package; full name, signature, photo, work history, residence history, dates, personal description, mother's maiden name, date of birth, location of birth, name of birth hospital and doctor. Then there's security clearance paperwork, which may be even worse, extensive un-redacted medical records, etc.
All of these documents are viewed hundreds of times by hundreds of people during a military career, scanned, photocopied, emailed, printed, all without any sort of authorization or even knowledge by the service member. It's legitimately scary. And then after you're out, all of this information is managed by the VA by people who have nearly unrestricted access to it, and in my case along with thousands of others, put on a thumb drive and taken home and sold to a broker. It's a life ruiner.
Hostile foreign powers are a problem, but so are hostile domestic extremists along with a large population of the mentally ill who over the last century have gone from being abused to being ignored, which means that while most of the mentally ill are harmless, nobody is keeping an eye on the ones who aren't. Not even after they get repeatedly reported to authorities by concerned family members (Robert Card, Ethan Crumbley, Orlando Harris, etc).
If I had to guess at a motivation, it's jockeying for reasons for congress to care about data privacy issues.
I am sure some enterprising person is going to purchase all the data on members of congress and release it at some point.
So? Their data IS more important from a national security perspective, as the study suggests. If you handle nukes, your personal information would probably be more valuable than the data of someone flipping burgers at McD.
If this framing - 'the data brokerage industry is in itself a threat to national security' - forces congress to better regulate the industry, I think it is a win even if the regulations will only target military folks. It's a foot-in-the-door and objectively a good thing for the US national security.
"Policymakers should consider the following steps:
Congress should pass a comprehensive U.S. privacy law, with strong controls on the data brokerage ecosystem. The most effective step to prevent harms from data brokerage for all Americans would be a strong, comprehensive privacy law."
"Everyone's car is getting stolen these days" ... "Yeah, isn't that crazy? What are ya gonna do?"
"Your car is getting stolen right now" ... "Wait, what!?!?"
I think people really just write off the scale and scope of data privacy in this country as "yeah, sounds bad, but since it's happening to everyone there's nothing I can do about it"
Most of the previous research on data brokers and national security focuses on data about all U.S. persons, rather than focusing on servicemembers as we do in this report. Research in both categories is described here.
Also, I think of note is that Military personnel are unique in that they are banned from using tiktok, at least right now, as of recently. This research, combined with earlier and future research might be able to determine what kind of effect this ban has on data collection/data brokers.
I also think it is unique in that the US government is the employer of military personnel, so if they take any action related to protecting their employee data from brokers or from selling, maybe this can be a model for all US citizens, or at least for other employers.
Deleted Comment
I clicked through because I wanted to see whether the data was health info or OPM breach data.
Dead Comment
Between VA employees leaving laptops full of PII laying around and that big OPM leak several years ago, I apparently have no private life.
It should not be the only information required to authenticate people.
The problem is that the entire Department of Defense is still very much a paper-oriented organization, and they got rid of service numbers in the 1970s, leaving the SSN as the only meaningful unique identifier. As a result it gets put on every piece of paperwork associated with a service member. Their own recordkeeping practices have the consequence that if you get almost any paperwork regarding a soldier, it has enough information to gain access to other personal information.
https://en.wikipedia.org/wiki/United_States_Office_of_Person...
But yeah, compared to that, sadly, this acquisition of much less detailed information about 30,000 service members seems moot.
It did take a few years in the mid-2010s for the forms to catch up and replace the SSN field with the DOD ID number. In 2021, I think I was supposed to get new ID tags (dog tags) that would have my DOD ID number instead of my SSN.
/s
https://www.google.com/search?q=pdf+used+in+cyber+attack
What outcome did we expect?
There are some aspects of my work history that no one knows about and I would definitely not share them with a 3rd party just so I can board a plane 3 minutes before everyone else.
1. Servicemembers hold security clearances and thus access to critical things.
2. Leaked PII is a national security threat. This report, I'd argue, is good 'marketing' for the very real need for privacy protections nationwide. The U.S. military is, despite its best efforts, still an admired and respected institution.
As for your second point, big shrug. All the data is already out there and isn't going away anytime soon. Best case is to protect future data from being leaked, but the US isn't going to outlaw data brokers anytime soon and holding companies with poor computer security practices to account is very recent.
You are ignoring huge parts of reality to be able to say those 2 points above.