I wrote to Flock's privacy contact to opt out of their domestic spying program

Posted by speckx 6 hours ago

I wrote to Flock's privacy contact to opt out of their domestic spying program(honeypot.net)

420 points | 177 commentspage 2

gguncth 3 hours ago|

It’s fascinating how America could completely get rid of Flock cameras by sending criminals to prison and leaving them there, but we won’t do that so we have these endless arguments about these cameras.

jancsika 1 hour ago||

tldr; holding powerful people accountable is very hard.

Take Cheney's post-911 warrantless wiretapping program. You had Bush's own top DOJ officials threatening to resign over it in 2004, and Jim Risen with a story about it ready to publish in the NYT before the 2004 election. But not only was the White House able to stave off the resignations (IIRC through some tepid FISA oversight of the program), they got NYT editor Bill Keller to scuttle the story on vague national security grounds. (NYT reluctantly published it after the election only because Risen threatened to scoop them in his upcoming book.)

Then in 2008, Obama claimed the need to "look forward, not backward" wrt this and the Iraq War. Plus his admin renewed Bush's subpoena against Risen on another national intelligence story he'd done!

Any effort to hold Cheney or the Bush administration accountable for this would have had to battle both parties at the same time as educating the public on the issue, without the help of and backing of media institutions like the NYT.

I'd be fascinated to hear how anyone in America could seriously make the case that such an indictment could ever be achieved. Even now, decades after the fact when the base of both parties has absolutely nothing but disdain for people like Dick Cheney. But that's just one old example out of many-- current ones obviously are harder since people currently in power tend to be implicated.

AlotOfReading 2 hours ago||

I'm trying to understand the argument here. Are you saying that never releasing convicted criminals would completely eliminate crime?

That doesn't seem correct, even leaving aside the obvious moral issues with that.

kstrauser 2 hours ago||

My interpretation was that they were saying Flock were criminals who should be sent away for good. I don't know if that's right but it would be consistent that way.

AlotOfReading 1 hour ago||

That makes much more sense, yeah.

cold_tom 3 hours ago||

Feels like a classic “we’re just the processor” answer But in reality you have no way to find or contact whoever actually controls the data, so it doesn’t really help. Kind of shows the gap between how the law works on paper vs how these systems work in practice.

rdiddly 4 hours ago||

Flock's customers own the data the same way Uber drivers are independent contractors, i.e. it's designed for weaseling out of obligations.

sklargh 3 hours ago||

The concept of what constitutes a sale under CCPA is pretty expansive. An exchange of value can be a sale that occurs outside of a processing relationship. I’d say their note is inaccurate.

_moof 4 hours ago||

They seem to be implying that because they are a "service provider," they aren't responsible for complying with CCPA rules even though they are the ones with the data.

Does this hold water? I'm reading the CCPA rules now but if anyone knows, it would save me some tedious research.

pnw 1 hour ago||

See point 7 at https://oag.ca.gov/privacy/ccpa

ezfe 4 hours ago||

I guess if one likens it to AWS S3 holding your data on behalf of Apple it makes sense

pugworthy 4 hours ago||

An interesting quandary here is that they'd need to constantly scan for you and your vehicle, etc. so that they could know it was you then delete you. So to ensure they don't observe you, they need to observe you.

thangalin 2 hours ago||

Sent to Benn Jordan:

https://i.ibb.co/WWWYznHX/flock-future.png

See also a poster from IBM’s German subsidiary, circa 1934. The approximate translation: “See everything with Hollerith punch cards.”

https://www.clevelandjewishnews.com/opinion/op-eds/new-detai...

atmosx 3 hours ago||

Back in 2018, CloudFormation data leaked through a public gist (misconfigured gist plugin, I thought the gist was private but it wasn't... I had change the default config) and showed up on an obscure website being served via CloudFlare. When I contacted CF, they claimed they couldn’t remove the cached content because their system “doesn’t work like that". I pushed back and then they said that they're not responsible for the content and that I should send another email to abuse@cf... to get data about the hosting provider and deal with the content provider (e.g. VPS, ISP, whatever). After a few back and forth msgs, I made it clear that if the data wasn’t taken down within a week or so, I would escalate the issue to the local and German GDPR authority (see https://www.ombudsman.europa.eu/en/european-network-of-ombud...).

And what do you know? I got not reply, but the content disappeared in ~48hrs.

kube-system 5 hours ago||

I don't think they need your permission to use ALPR on your publicly displayed license plate.

> (2) (A) “Personal information” does not include publicly available information [...]

> (B) (i) For purposes of this paragraph, “publicly available” means any of the following:

> (I) Information that is lawfully made available from federal, state, or local government records.

> (II) Information that a business has a reasonable basis to believe is lawfully made available to the general public by the consumer

_moof 4 hours ago|

The information being collected isn't your license plate, it's your location. (Still might not be personal information.)

lacker 4 hours ago|

Isn't that how it should work?

If you write the police and ask them to delete all their data about you, that isn't a thing that they do. It shouldn't matter if the police store their data on AWS or their own servers.

Flock is a tool used by the police so it should work the same way.

nerevarthelame 4 hours ago|

You're right are exemptions for both GDPR [0] and the CCPA [1] where organizations aren't obligated to comply with erasure requests if it would limit their ability to prevent or investigate crimes, fraud, or similar matters.

But that's not what Flock is claiming. They're claiming that they don't even have to consider the request because they don't own the data.

[0] https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-re...

[1] https://www.clarip.com/data-privacy/ccpa-erasure-exemptions/

More comments...