Presumably the cloud synchronization checks are not a feature Apple wanted to add, but one which they had to under US regulations. Other providers have done this for years server-side, but Apple needed a different approach since the photos are E2E encrypted[1]
It is not a ML model but a list of known image hashes, and is only enabled for US-based accounts, furthering my suspicions this was minimum-effort for regulatory compliance.
Note they _do_ have a feature (also announced today) that uses ML models, but it is meant for local filtering and parental controls/notifications. This feature is also US-only and the parental notifications policy is fixed and age-based. I believe this is both to fit into regulations (e.g. US recognition of rights based on age) and into cultural norms.
I suspect they will have different rules in different jurisdictions when this rolls out further in the future.
[1]: With separate key escrow HSMs for account recovery and legal compliance with e.g. court-ordered access.
It didn't have to be binding, just advisory or symbolic with no action to be taken. It might have prevented most of the current situation if the result had been to remain (which would have been most likely, back then, now I'm not so sure). If it had been independence I suppose we would be in a very similar situation.
We had a non-binding referendum on November 9th, 2014, with 90% saying yes to independence, but 37% voter turnout.
Then an illegally-binding referendum was organized by the Catalan government on October 1st, 2017. The result was 90% leaves, but yet again, 43% voter turnout, and there were no democratic guarantees, as some people were caught voting multiple times, the census was obtained illegally, etc.
After that illegal referendum, the Catalan government decided to secede and declare independence. That's why they were prosecuted and recently convicted. Declaring the independence of a part of Spanish sovereign territory is explicitly forbidden under the name of "secession" in Spanish constitution, and because it goes against the nation's own sovereignty it is considered a very serious crime, that's why they were convicted up to 13 years.
From my POV, as a Catalan citizen, this is ordinary application of law, the law that we all agreed upon in the first place, and the riots and violent scenes seen recently are simply caused by a minority of the pro-independent minority which want independence at all costs, and police forces can't allow that, thus, conflict.
I'm really interested in an answer for this question, since WhatsApp is the only Facebook app I have installed/keep an account.
Unfortunately, everyone uses WhatsApp in Brazil, and very few people uses Telegram, for example. This makes it kinda impossible to be Facebook-free here.
> ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Anything that falls in that 'personal data' segment above that belongs to me has to be obtained with my prior, explicit consent. And these bits of data with my name or other details in them must be included if I send Google a "right to be forgotten" or "show me all the data you've got about me" request. That's GDPR in a nutshell.
This might be a grey area for now, as both GDPR and listening devices are both quite new. But Google, Amazon & co aren't super popular with EU regulators and governments, so they might side with users' rights on this one.
And not to be anywhere near anyone else's listening devices.
Isn't there a law in some US states that there needs to be consent before recording someone? How does this fit in and who would be held responsible, the owner of the listening device or the company behind it?
Yeah, this was a big issue about a decade ago when police officers could sue someone for recording said officers doing something illegal in Massachusetts.
So they redacted that law then had to fast track an updated version of it a few years later when someone got arrested for taking upskirt photos and then it wasn't illegal. My cousin was an aide to a state lawmaker and had to explain to his boss what it meant at the time.
> And not to be anywhere near anyone else's listening devices.
No assistant records all the time, not Google, Amazon, or Apple. They listen for the "Wake Word" onboard using more primitive (and lower power consumption) Speech Recognition and only utilize The Cloud after the "Wake Word" (or phase) is spoken. You can confirm this using Wireshark.
You can view and listen to your recorded speech on the Google Account Dashboard.
No, they don't, however, accidental activation is still highly likely.
I've had other people's devices activate during conversations where I couldn't figure out which part of the sentence activated them, it just happens.
"Ok, Go get..."
"Ok, Good ..."
"All except..."
"Sir, I..."
Then you have television shows and adverts that intentionally use language to activate these assistants.
Usually the assistants are going to say something when it accidentally detects a wake word, but if you're in another room or don't hear it for some reason, it can easily capture a conversation without you knowing.
I use the phrase “are you serious?!” a lot when I am frustrated. Almost always it wakes up Siri on at least one of my iDevices. Which makes me say “are you serious?!” again and it just spirals from there.
"Isn't there a law in some US states that there needs to be consent before recording someone?"
I doubt it - there would have been a test case involving one of the millions of people who have mobile phones capable of recording video/audio. If you're in a public place you should have no expectation of (that sort of) privacy.
I'm kind of surprised that Massachusetts's very strong laws about wiretapping permit storage of training data from Amazon Echo/Google Assistant/Apple Siri/Microsoft Cortana/Xbox, given that by their nature they naturally sometimes record incidental conversations of people who didn't intentionally trigger them.
It's a fairly mainstream view that MA wiretapping law requires written consent from every participant in a conversation for the recording of their conversation in a non-public place and does not permit implicit agreement (there isn't any kind of common-sense carveout for "you should have known you were being recorded in the background by the Echo at your neighbor's house"). See MGL chapter 272 section 99 (https://malegislature.gov/laws/generallaws/partiv/titlei/cha... , sample writeup https://www.masslive.com/news/2014/06/massachusetts_wiretap_... )
Now, MA has a bunch of laws on the books that no one actually enforces. There is a law against jaywalking which provides a $1 fine and tickets are never issued. Or for a bigger example, there is a law that requires you get a temporary permit from the Alcoholic Beverages Control Commission before importing any quantity of alcohol into the state, including for example buying beer at a NH liquor store or flying home from Europe with a bottle of wine. Last time I looked I think that law provides for a $2500 fine or 6 month jail time if violated, although it was hard to tell. ABCC will absolutely insist that this is a real requirement if you ask, and will even provide a copy of all such permits they have issued for the year under freedom-of-information rules -- I once asked and was given a copy of 46 permits issued in 2015, many to a single person who reviews wine and stubbornly files a permit for every shipment he orders from out of state apparently to protest the requirement, causing so much administrative overhead that the ABCC tried to issue him a special blanket approval to get him to go away, which he refused to accept.
To the extent that wiretapping laws are similarly not really enforced against the technology companies who make, retain, and distribute the recordings, this seems like an unknowably large regulatory risk a lot of companies are taking. Sure, the state loves its big local employers (IIRC Alexa development is in Cambridge?), and wouldn't want to lose their tax revenue, but what if the political winds change?
I think when you buy a Google Home you basically accept some terms and conditions in the app to set it up. Buried in there is probably your consent to analytics etc.
You already consented by agreeing to the terms of service. If someone else is talking to their smart device while you're talking, it's ostensibly their responsibility. There's no reasonable laws that prevent you from being overheard in the back of a recorded phone conversation
Most states are either one party or two party consent states. One party = you can unilaterally record anything (not sure this includes things you're not actively involved with, e.g. spying). Two party = you must have consent of everyone in the recording.
By a plain reading of two party consent statutes, people are in violation if their home speaker records a guest without obtaining consent.
I'm sure Google and Amazon's lawyers would try to weasel out of compliance via claimed anonymization, but that's definitely not the spirit of the law.
You're also going to bump up into specific wording on whether a given statute covers only telephone conversations or oral conversations, as most of these are phone wiretap laws that may or may not have been worked ambiguously.
Additionally, there are federal statutes that likely also bear.
Know that even in all party consent states, if you continue talking after being made aware that the conversation is being recorded implies consent. This is why devices like google home are legal, they make a loud warning sound before they begin recording. For example in CA the law states that:
> (a) A person who, intentionally and without the consent of all parties to a confidential communication, uses an electronic amplifying or recording device to eavesdrop upon or record the confidential communication, whether the communication is carried on among the parties in the presence of one another or by means of a telegraph, telephone, or other device, except a radio, shall be punished...
(b) For the purposes of this section, “person” means an individual, business association, partnership, corporation, limited liability company, or other legal entity, and an individual acting or purporting to act for or on behalf of any government or subdivision thereof, whether federal, state, or local, but excludes an individual known by all parties to a confidential communication to be overhearing or recording the communication.
> they make a loud warning sound before they begin recording
This contradicts my personal experience last week with a google-controlled music player. Music was the only response to a voice command to play music, and silence was the only response to a voice command to turn it off.
My understanding of recording law is that in One Party states you need to be part of the conversation to record it. Speculation: This would mean that the device / owner would be in violation if the owner was not in the room?
Sorry for the extreme analogy, but a gun owner is responsible if their nephew accesses their gun when they're not home.
It is not farfetched to imagine that, to be in compliance with the law, you would need to unplug your listening devices to avoid them accidentally going off.
The owner of a listening device might be ignorant of audio being stored and audited by human listeners. It's farfetched to think a gun owner might be ignorant of a gun's dangers because they didn't read the terms of service in detail.
So I buy one of these things; install it; put it online, but i'm not responsible for it? I don't understand. Would you be happy with that defence from a hotel if your wife stayed in a hotel room and was killed by carbon monoxide from a faulty heater?
Not in the case of the device being someone else's. I don't have any Google or Amazon smart listeners, so I never accepted them. Yet if my voice is in any of these recordings, well...
As long as you are warned that you are being recorded then the law considers you to have given consent if you decide to continue to talk. This is why all the home devices make a loud sound that you cannot disable before they begin recording.
Except that I don't know what that sound means. I know what the one my device makes is, but I've never heard the others. Unless it's a human voice saying, "This conversation is now being recorded" I can't be expected to know what a random beep from a device means. It could just mean the person got a notification or something. (And even if it is a recognizable sentence, it assumes I understand the human language the device is set to.)
The rules regarding audio recording are different from video. This is why many security cameras do not actually record audio.
I think the laws are different primarily due to the different pace of audio vs. video recording technology. Audio recording of phone calls etc. has been feasible for a long time so laws were written about that. Ubiquitous video recording has really only become a thing in the past 2 decades or so.
Absolutely. I feel like the pace of adoption has been mostly driven by per-bit storage costs falling (and high efficiency codecs).
Above all else, people will do useful things with computers once the price to do so matches the utility. And we're far on the other side of that with cameras.
I can't wait to see what the next decade+ does to all the Facebook-esque camera startups. It's going to be hard to monetize your customer's video feeds once regulation clamps down.
I don’t believe there are laws prohibiting video surveillance in public by businesses. Some states have laws prohibiting filming in locations where one expects privacy. Other states allow filming in private spaces as long as the business notifies employees and customers they are being filmed.
Yea most states also have a pretty clear "if the device is obvious" law. It's also why businesses put up "smile you are on camera" signs, especially if their camera isn't immediately recognizable.
There are some rules concerning security cameras as well. I recently found out that private CCTV (at least in the UK) can't record public areas (e.g only your porch). Someone got sued over this recently.
There have been some stories in HN about opting out of face recognition as well. Maybe the laws for video are different as the other reply says, but there are privacy concerns in there as well.
edit: here's a list of GDPR fines (not comprehensive as I only see 2 in the UK). If you filter by CCTV you'll find a couple of examples from Austria:
http://enforcementtracker.com/
Face coverings are not legal in public in all countries, but even where they are, why should someone concerned about creeping surveillance go to great lengths to modify their own behaviour because someone else is unwittingly breaking the law because a product they bought was made by someone who couldn’t be bothered to do it right?
So this outrage is in the Netherlands. Security cameras may not be pointed by businesses at public space (which we have a lot of unlike the US). The local government itself may place cameras though but private parties, what kind of nightmare situation is that?
And in public or private space when there are cameras there needs to be signs everywhere to warn and inform you.
So in the Netherlands at least.. Google recording a conversation with someone who doesn't know Google is recording is definitely illegal.
The question is: will they prosecute? Then it becomes a geopolitical question because we are a small country with a disproportionate number of Google datacenters.
So to summarize:
- This is definitely illegal in the Netherlands
- There is no consent of others participating and you really do need that
- Fine print is not consent: consent of terms and conditions requires a majority (determined by polling or common sense of a judge) of users to be aware and knowledgeable what they consented to.
- there won't be prosecution by the Dutch public prosecutor.
- there will be a lobby for the EU to buttrape Google but it may use different reasons or context
I find this reasonable; you wouldn't sue the manufacturer of a recording device if someone made a secret recording with it. I do think this means that the smartphone owner is liable, and should be fined or jailed.
But in this particular case, it's the company doing the recordings, not the owner of the device, so it's a slightly different situation, in my opinion.
That said... The owner could be liable if for example it were necessary to explicitly inform of the existence of such devices the possibility of being recorded.
I'm guessing it's some kind of A/B testing done by Amazon. Do people trust in the Amazon brand, or do they rather buy from unknown brands that offer cheap but decent quality (compared to the cheap and poor quality counterparts that flood the site)? Each brand is probably there to answer a specific question (or set of).
I only started reading this one yesterday. I honestly know nothing of this book other than everybody always mentions it (along with 1984, Animal Farm and Farenheit 451). The first few pages made me raise a few eyebrows already, looking forward to finishing it.
This is going to bite more innocent people through false positives than criminals who already know how to get away with these things.