I want reasonable restrictions on the governments AND the businesses in this case... To protect my digital freedom. Regulation isn't always evil.

But realistically, I think the consumers are the most at fault for many of the issues that have been coming up lately (apathy towards privacy, lack of skepticism towards social media bots and advertising, willingness to put all their eggs in one basket, etc). I'm just not sure how we should address those issues.

Blaming consumers is the least helpful way to think of this and is, intentionally or not, blatant intellectual dishonesty that saves people from a deeper examination or taking action. It's lazy, scapegoats the people, and helps ensure the situation persists.

It's like blaming the American people for the Iraq war, p-hacking, or climate change denialism.

Humans have a limited capacity for knowledge. The greater our expertise in one subject, the more other subjects we must sacrifice. Therefore we must rely on the expertise of others _most of the time_ making us very susceptible to influence.

I am certain both you and I (or all) are equally guilty of ignorance and apathy of several other societal ills.

And always using government and corporations as a scapegoat seems equally intellectually dishonest, imo.

Are you suggesting that the people are just innocent pawns being manipulated to vote, buy, and consume a certain way?

I wasn't proposing that the solution is merely to blame the consumers. But in a capitalist democracy the buyers and the voters do actually play a large role in the direction that these issues take.

It seems, to me, to be a problem of education (regarding the issues) and motivation. Perhaps recent events will function as a public notice and help to realign priorities.

> I am certain both you and I (or all) are equally guilty of ignorance and apathy of several other societal ills.

Agreed. And I believe that it's our responsibility to make an effort to focus on our own ignorance and apathy. And to put thought into what we contribute to our peers.

I'm not saying that we're solely responsible. But we collectively share a large portion of the responsibility.

I agree completely! I'm just saying we should support our lobbying power to make sure we have a voice when these decisions are made.

     curl -o x.htm http://web.archive.org/web/20171029163834/https://www.wsj.com/amp/articles/who-will-rein-in-facebook-challengers-are-lining-up-1509278405

     # remove javascript
     sed -i '/<p>/,/<\/p>/!d' x.htm

     file://x.htm

(Not even the web archive URL, but the original works!)

I think there is a difference between a small startup launching a new service, and a world-wide social telecommunications network with over 1B users.

I have a vested interest in IoT devices beings secure, and the idea of the US government defining "be secure" is laughable at best, terrifying at worst.

You will pine for the bad, old days of "completely insecure" when you have a TSA-like entity defining your security.

https://pages.nist.gov/800-63-3/sp800-63b.html

But what about something like firmware updates? What should be the frequency of update? How long am I required to support a device? Which update networking modalities am I required to support?

These aren't small decisions. They can make a product viable--or not. Having this in the hands of something with the proven competence of the TSA (har har) is far from desirable.

On one hand this can be abused to create artificial end-of-life scenarios by some hardware companies, but allows for a wide variety of choice in the companies providing alternatives. It also provides the end-user with less restrictions. Caveat emptor.

On the other hand, a regulatory agency could reign in companies trying to artificially shorten the lifespan of a piece of hardware, but at the same time make the standard of support a huge barrier to entry that restricts choice to only the largest companies. There might be less rampant IoT exploits, but there'd also likely be less personal freedom to do what you want on your devices.

Given how other industries like telecom and cable have trended, we'll probably get the worst of both worlds. There'll be expensive regulations that serve as barriers to entry for smaller companies, but the regulations won't do much to restrict corporate malfeasance.

Liability?

I'm not exaggerating. Medical devices are the extreme form of this.

Look at the (some would say lack of) progress is creating an artificial pancreas for Type-1 diabetes, for example. The progress has been so slow that Type-1 sufferers with tech knowledge have been reverse engineering existing pumps and sensors in the hope that they can hack them and break the bottleneck themselves.

Or, alternatively, everybody will release a product and almost immediately wind up the company so that you can't get at any of the profits or use Hollywood accounting so that there magically never are any profits.

Or are you willing to make security problems a criminal offense? (Now there's a fun can of worms--write a bug, go to jail).

Be careful what you wish for.

If your company makes no attempt to patch vulnerabilities, and your devices become one more bot in the botnet, there should be some liability for this.

You’re free to do whatever you want on your own devices. I don’t see how reasonable regulation meant to prevent tragedy of the commons (the only real application of regulation) will infringe on your ability to continue “free range hacking.”

People opposed to regulation somehow expect companies to "do the right thing" unfortunately history provides many examples of companies behaving like bad actors as long as it is in their financial interests to do so.

Also, I take it you've never worked in a heavily regulated industry. It blows. While regulation is a good thing (PHI protection), it definitely has a chilling effect on innovation, and at times results in ill-informed policy (security via obscurity; pointless protective measures from know-nothing management.)

I completely understand the fear about government regulation with respect to how we compute. For example Section 1201 of the DMCA, the CFAA both scare me, as do periodical “nerd harder” debates about backdoored encryption.

But what is it that you’d like to do with people’s private data that you’re worried will be prevented?

There are loads of apps right now that exfiltrate your address book, for example, to gather what you know about private individuals, without their knowledge or consent, to be exploited in an unregulated marketplace of personal data.

Is that good? Do you think he EFF think it is, or the FSF?

Furthermore, I believe in a consumers right to sue if they are harmed by a companies misuse of data (Equifax).

Note these policies are very consumer oriented (i.e. it's illegal to put Google Analytics on your site without notifying your users.)

What I'm very worried about is when a policy ends inadvertently fostering centralization. For example, the government might require you to store private user information with one of a set of vetted companies to prevent another Equifax situation.

A better policy might be to allow consumers to sue firms for damages resulting from negligence and prevent firms from forcing consumers into binding arbitration.

> But what is it that you’d like to do with people’s private data that you’re worried will be prevented?

In my experience, medical innovation has stagnated because of unreasonable data protection on the part of firms in reaction to government policy. For example, I've had execs get cold feet on a project that would clearly save lives and improve the bottom-line because there's a perceived security loss.

While there are good arguments for these protections, my only point is that regulation never comes for free: efficiency is inevitably lost somewhere, and you need to be comfortable with the trade-off.

this part also is a problem - almost none of service providers EXPLICITLY informs user about data collection. there are some obscure/abstract phrases (if there are any) about increased quality of service and that’s it. For example linkedin is collecting my contact information harvested via native app without clear information where it will be used, so how I can make informed decision whether I want to use this service or not?

government regulation could at least enforce some rules for clear communication of infor collecting process or something like that.

But massive centralization in the private sector (Google, Amazon, Facebook) doesn't concern you? Or you don't think it's the purpose of government to regulate that?

It's having serious consequences in so many aspects of life and society.

I have been working with journos and they are getting overwhelmed trying to counter/verify/investigate the tsunami of bullshit they wake up too every morning.

People are living in a dreamland. This stuff is increasing exponentially across the world and the only solution is to control the flows. Delay the misguided validation people get out of their likes/upvotes/retweet counts.

There is a whole professional class of people now, that spend their entire day promoting an "us vs them" mentality cause it's highly lucrative. It does not matter if they are on the left or on the right. They are causing serious irreversible damage and their influence must be checked.

Probably the nightmare authoritarian governments had to deal with, at the advent of the internet brought them to that same conclusion.

And since they realized that, from their perspective, the "information" they were receiving was suspect, all they needed to do was just seed information that was also suspect - just in their favor.

(thats a confusing sentence - from the perspective of a Machiavelli, the naive belief that information is freedom is broken down into a more fine tuned model of information, delivery, reception, uptake and understanding. Their realization is that you can use the internet to hack people, instead of having the internet just hack their regime)

It's a fools game. When everyone does it, and everyone is doing it, no one wins. One day Obama thinks he has mastered the hack. Another day Trump does. End of the day, there are no great outcomes. Just herds of "hacked minds" stampeding and crashing into one another.

What we will get, if this keeps on is more Vegas type shootouts as more people loose their minds.

Have you ever called your Congressperson or U.S. Senator about your views on this? I have, and I'm usually the only one in my Manhattan Congressional district talking about tech issues.

Advanced robots will likely be in the same situation. The trend for drones has been foreshadowing this with more and more locking down of who is allowed to program them and what they are allowed to do.

Also many providers still avoid the cloud (despite proven PHI compliance) and run their own inefficient, in-house server farms with thousands of tech staff because of this irrational fear. This causes a number of problems:

- It assumes a hospital system is better at infrastructure security and maintenance than Amazon or Microsoft

- Server costs per project are stupidly expensive. A VM that goes for $10/mo in the cloud ends up costing $200/mo to whatever department that foots the bill.

- You can't deploy a VM or app with a click. Instead you need to file a demand, then someone needs to make sure they have the resources available, then someone needs to manually spin up a VM for you...

- You can't build services that dynamically scale: this ends up being a problem for computationally expensive ML work - Tech spending on a hospital is overwhelmingly spend on maintenance and uptime rather than innovation or purchasing solutions

I could go on forever.

* This is also complicated by the fact that the industry isn't really incentivized to improve your health. Why run a predictive model and intervene to reduce your need for a stent when I make money from that operation?

The healthcare industry has two sides: the providers and the insurers. A hospital may not have the incentive to steer you away from unnecessary surgery, but your insurance company definitely does, since they'll be the ones paying for it. And your insurance company may have even more information to base its models on, since it knows about all the procedures you've had at any provider. So I'd expect insurance companies to be pioneering this kind of health-improvement software, not hospitals.

Your health provider has zero financial incentive to improve your health, and your employer or insurer will get more ROI from nitpick things like delaying claims or pushing out prescription fulfillment to reduce the spend this quarter.

Over the long run, it would seem to be in the insurer's best interest to keep everyone healthy for as long as possible.

Given that, any regulation should be assumed to be horrible at the start, and only with overwhelming proof should it be deemed to be "reasonable", and even then should be under constant suspicion - since regulations tend to change, and away from public eye and scrutiny, usually not for the best.

You are saying it like there's something good in extorting money from foreign companies because we own the territory, so damn it if you're going to do business here without paying us protection money. Likes of Microsoft, Intel and Google created the Internet as we know it today. Surely, they are not ideal and have their faults, but they has also been a huge force of improvement and technological advancement. EU has been nothing but sand in the gears in the meantime. When IE seemed to be monopoly, EU did very little to deal with it. When Firefox and Chrome came, IE is no more. See for yourself who is effective here and who is money-sucking, foot-dragging, obtuse and overweight bureaucracy.

> That the USA does not have an effective government does not mean the rest of the world is the same.

USA has way over-active, busybody, annoying and wasteful government. But compared to euro-bureaucrats which obsessively regulate everything from size of holes in cheese to search engines, they are indeed much better. Thanks for reminding about it.

This is how the world works.

If your country has the oil, you get to reap the benefits.

For Facebook, the resource is the population. If Facebook grows rich off the backs of your population, you have every right to tax that.

> USA has way over-active, busybody, annoying and wasteful government.

Take a look at the cellular and cable markets in the USA for how 'we don't need no gubmint telling us what to do' is working out for you. Or the fact that much of your people are drinking water laden with heavy metals. Or the fact that you are having ten to twenty mass shootings a year. Your lovely Equifax breach that will probably go largely unpunished. Non-existant privacy protection.

So yeah, considering the EU actually and actively fights for its citizens whereas the USA has largely become a toy of corporations, you and I both know once we cross over from ideology (yours is obviously libertarian) to reality your comment and stance become absurd. If I had to distill it - you're the individual version of the Tea Party: libertarian ideals co-opted by corporate brainwashing.

You obviously have no idea how regulated cell and cable markets in US are.

> Or the fact that much of your people are drinking water laden with heavy metals.

I have zero idea what you are talking about, some sources?

> Or the fact that you are having ten to twenty mass shootings a year.

How shootings have anything to do with anything discussed? Do you just copypaste it from somewhere or what?

> Your lovely Equifax breach that will probably go largely unpunished.

And Equifax. Way to go offtopic. Surely, in EU there are no hacks. Come on, you are beclowning yourself.

> If I had to distill it - you're the individual version of the Tea Party: libertarian ideals co-opted by corporate brainwashing.

Surely, I call attention to burdensome, useless and expensive regulation that prevents technological advancement and helps no one but inflated bureaucracies because "corporations" corrupted my brain. No reasonable person with uncorrupted brain would ever protest such thing. Self-beclowining, as I said.

Not enough seeing as they effectively have carved out monopolies by 'accidentally' staying out of each others territory

> I have zero idea what you are talking about, some sources?

You have not heard about Flint...?[0]

> How shootings have anything to do with anything discussed? Do you just copypaste it from somewhere or what?

You say the USA (and more so the EU) are weighted down by regulations and a stuffy government. Pretty much all EU countries have _very_ stringent regulations on guns

> And Equifax. Way to go offtopic. Surely, in EU there are no hacks. Come on, you are beclowning yourself.

I'm not saying no hacks happen in the EU. I'm saying tha in the EU the government deals out very harsh punishments for such things (thus also making companies more careful), whereas in the USA companies usually get a slap on the wrist due to a combination of lobbying and settlements.

> Surely, I call attention to burdensome, useless and expensive regulation that prevents technological advancement and helps no one but inflated bureaucracies because "corporations" corrupted my brain. No reasonable person with uncorrupted brain would ever protest such thing. Self-beclowining, as I said.

I just summed up a smattering of different areas in which regulation has made life unequivocally better in the EU than the USA. Regulation when done right helps citizens and not, as you say, 'inflated bureaucracies'.

[0] http://www.mlive.com/news/flint/index.ssf/2017/10/71_michiga...

I really hope I'm wrong here. But try installing an HTTP server on your phone. The network does not provide the required environment to make this possible. Why? It's not the hardware.

Of course you are. I'm speaking from an American perspective, but this is the very foundation of liberty.

> The network does not provide the required environment to make this possible. Why? It's not the hardware.

I do not own the network that my phone operates on, and the people that do have decided to control what they allow on it. I can start my own network and attempt to compete.

Personally, I don't care for wsj articles, but if they want to pull a clickbait title, I think it's fair for them to provide a read.

There are plenty of reasons the Wall Street Journal does not want this, e.g. its paying journalists top dollar relative to industry. As a subscriber to the Wall Street Journal and New York Times, I'm quite fine with their paywall policies.

Interesting, but that's exactly what I thought of when I read the title.