Comments
_insomagent t1_jdutru5 wrote
Sounds even more extreme than the censorship in China, and nobody fucking cares.
TrueDripDamage t1_je30lga wrote
No you see it’s a good thing because we hate TikTok and China so it’s just a nessecary evil /s
DodixieOrBust t1_jdvf0gd wrote
TFW the RESTRICT Act would apply harsher sentencing to someone using a VPN to get to tiktok ($250k / 20 years) than the charges for which the ATF initially raided the Branch Davidians (NFA violations, $250k / 10 years).
keyblade_crafter t1_jdz1zf6 wrote
Fuck and both of my state's senators sponsor it. Time for someone new
MyStationIsAbandoned t1_je8hvz4 wrote
just for accessing tik tok or using a VPN at all?
meoka2368 t1_jdrdqwk wrote
That's a misleading title (of the article, I know you used it verbatim).
It's more likely to be used to suppress free speech than improve security.
[deleted] t1_jdre8tc wrote
[removed]
Educational-Ice-319 t1_jdt19dz wrote
TikTok is unquestionably a national security risk for government workers, contractors, and contracting firms.
meoka2368 t1_jdt3lgh wrote
In what way is it more of a risk than any other social media app/company?
Educational-Ice-319 t1_jdt486d wrote
It’s close ties to a foreign government, it’s profiling apparatus’ in conjunction with the foreign government connections, etc.
saltiestmanindaworld t1_je4gbh5 wrote
Meanwhile there have been thousands (and im grossly underestimating that number) of security leaks on Facebook and Twitter.
CatProgrammer t1_jdtrm72 wrote
Okay then, they can't use it on their government devices. That's already within the power of those agencies to set rules for. They don't need a new law to do that.
jseasbiscuit t1_jdygym0 wrote
And that's already been solved with banning it on government devices. Congress doesn't need to give all these powers to the secretary of commerce in order to mitigate that threat.
PlayingTheWrongGame t1_jdtlkfu wrote
Any anyone working for any company in the government or a contractor’s supply chain, or anyone providing critical services for any of those companies, even the second-order ones.
Which is essentially every vaguely important company in the US.
HanaBothWays t1_jdrgi4h wrote
Gonna be really funny when EU countries get the idea to ban Meta and Twitter and the like because, since they are based in a country (America) with terrible laws around privacy and personal data collection, they pose unacceptable risks to EU citizens/national security.
Educational-Ice-319 t1_jdt15ni wrote
Already happening. Google Analytics is banned in Germany and Italy. Also, the US’ patchwork isn’t far off from GDPR, it’s just far less cohesive. US citizens have many of the same rights and control over their data, and have for decades in some cases.
HanaBothWays t1_jdt2ncx wrote
> Google Analytics is banned in Germany and Italy.
Alas, Google violates this all the time and gets only relatively light fines as punishment. If what TikTok is supposedly doing is bad enough to get them banned in the U.S. then EU countries might decide that taking extreme measures is the way to go.
>Also, the US’ patchwork isn’t far off from GDPR, it’s just far less cohesive. US citizens have many of the same rights and control over their data, and have for decades in some cases.
Functionally, no. You don’t really have a choice when it comes to, say, the information that credit bureaus collect about you, because you can’t opt out, and they will up and sell that to anyone. They also don’t secure their databases that well.
Educational-Ice-319 t1_jdt451p wrote
You actually can. FCRA and FACTA provide you a ton of control and opt-out….
HanaBothWays t1_jdtcbfs wrote
So you have to go hunting for settings somewhere and be presented with choices that may or may not be easy to interpret in order to opt out, instead of being automatically protected? Or having the option of not letting these entities collect your data in the first place?
Also, what happens if they violate these statutes? Not enough to keep them from doing it again.
Educational-Ice-319 t1_jdtdy41 wrote
No. You don’t have to go hunting. The text:
> (a) Initial notice and opt-out requirement —
> (1) In general. You may not use eligibility information about a consumer that you receive from an affiliate to make a solicitation for marketing purposes to the consumer, unless:
> (i) It is clearly and conspicuously disclosed to the consumer in writing or, if the consumer agrees, electronically, in a concise notice that you may use eligibility information about that consumer received from an affiliate to make solicitations for marketing purposes to the consumer;
> (ii) The consumer is provided a reasonable opportunity and a reasonable and simple method to “opt out,” or prohibit you from using eligibility information to make solicitations for marketing purposes to the consumer; and
> (iii) The consumer has not opted out.
There’s more, but this comment displays a fundamental lack of familiarity with US privacy law. For example, they can’t collect data unless it’s for credit approval purposes. Meaning you must seek the service and consent to provide the info for a limited purpose. And even GDPR respects that.
HanaBothWays t1_jdtfuwq wrote
In practice, none of this really helps and there is no rigorous monitoring of compliance with it or consequences to violations of it. If there were, credit bureaus would no longer be a viable business model and some kind of public agency would have to perform the function instead.
Educational-Ice-319 t1_jdti7g7 wrote
The FTC regularly fines and issues consent decrees, and has done so for literally decades…..
HanaBothWays t1_jduoz8x wrote
You keep finding new ways to tell me about how our our privacy regulations aren’t effective.
Educational-Ice-319 t1_jduwn7u wrote
No I don’t. You seem to be deliberately ignoring the fact that privacy regulations can either deter or punish, or both. And just because some firms fuck up doesn’t mean the regulations aren’t effective. Even in the EU they don’t achieve 100% compliance all the time.
HanaBothWays t1_jdux4yz wrote
> Even in the EU they don’t achieve 100% compliance all the time.
I mentioned that earlier.
Educational-Ice-319 t1_jdv0obd wrote
No you didn’t. You don’t understand what Google Analytics is if you think that Google is the one slapped with a violation lol.
HanaBothWays t1_jdv2wcx wrote
Yes they are. Who do you think Google Analytics belongs to? It’s not like it’s a different company that happens to have a similar name.
And they keep having problems because users in EU countries where Google Analytics is banned keep finding the Google Analytics script running in their browsers anyway because Google is not err on the side of caution when it comes to what browser clients Google Analytics does and doesn’t run on.
Educational-Ice-319 t1_jdv3cey wrote
Sigh. Let me explain:
Google Analytics is a service. A company based in the EU pays to run it on their platform. The one who gets fined isn’t Google, but the company who uses it in violation of the ban
HanaBothWays t1_jdv3p06 wrote
Service providers are also supposed to make sure that their services are running with configurations appropriate to geographical/jurisdictional restrictions as dictated by statutes (or not running, as appropriate).
Educational-Ice-319 t1_jdv3zrh wrote
Except that’s not what the fine is for. The fine is for using a banned service.
EDIT: Additionally, it is not Google’s job to make sure another Company is compliant.
thatattyguy t1_jdys4qi wrote
Does it matter in your mind whether these fines and consent decrees actually deter bad actors from focusing on protection of consumer data over profit?
If breaking the law earns a company $200 million p/year, not breaking the law nets it only $100 million p/year, and the penalty for getting caught breaking the law is $10 million p/year, then it's just a tax by another name. It's the feds taking a taste via a garden-variety mobster protection scheme. "You break the law, you make a lot of money, you break us off our piece and we'll sanction the behavior on an ongoing basis.
At the higher end, with the larger corporations, it's impact on behavior is likely somewhere between negligible-to-non-existent. The money is not enough to do more than subsidize on-going collection efforts.
The lesson here to private industry is to scale your criminality in order reduce the impact of real civil world consequences. Though is it even "criminality" to protect consumer data as cheaply as possible while still being able to maintain the pretense of respectability? Especially when the payment of the fine seemingly washes away past transgressions, and no criminal charges are ever filed?
It doesn't feel satisfying, as a person whose data has been ripped more than once. Make the penalty big enough to bk the company. Put some teeth in it.
opticd t1_jdto0b8 wrote
EU countries are taking a different approach. They’re passing regulation that isn’t entirely feasible to comply with and assigning large % global revenue fines for non compliance. Their plan is to just skim revenue and benefit rather than banning.
mixinmono t1_jdxay52 wrote
it's 1984 already? time flies.
espaulson t1_je1h70r wrote
I was thinking Fahrenheit 451
[deleted] t1_jdre6if wrote
[removed]
[deleted] t1_jdregnn wrote
[removed]
MyStationIsAbandoned t1_je8hyn3 wrote
this bill is extremely crazy. the people who made it and agree with it need to be voted out yesterday
orangejuicecake t1_jdrgddd wrote
civilian fines of 250k minimum with possible prison time of 20 years if you use a vpn to access tiktok
welcome to anericas descent into authoritarianism and censorship