So... if we all care so much about shooting down the bad idea, why is nobody proposing opposite legislation: a bill enshrining a right to private communications, such that bills like this one would become impossible to even table?
Is it just that there's no "privacy lobby" interested in getting even one lawyer around to sit down and write it up?
Or is there at least one such bill floating around, but no EU member state has been willing to table it for discussion?
Everyone has the right to respect for his or her private and family life, home and communications.
Article 8
Protection of personal data
1. Everyone has the right to the protection of personal data concerning him or her.
2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
3. Compliance with these rules shall be subject to control by an independent authority."
It clearly states here in 2 “consent of the person concerned OR some other legitimate basis laid down the law”, any random law will trump personal consent
One of the reasons international human rights law is so worthless in actual practice, is that half of it is framed like this. "Everyone has the right to X, except as duly restricted by law." Cool, so that's not a right at all then.
Ditto the Canadian Charter of Rights and Freedoms, with its 'notwithstanding' clause. (Though they're presently litigating over that, so we'll see what happens!)
Any constitution or human rights instrument full of exemptions, 'emergency powers', 'notwithstanding' clauses, or 'states of exception' is not worth the paper it's written on.
Every contract I have to agree to these days has a "valid until unilaterally invalidated" clause. It feels like we're all just going through the motions.
It doesn’t remove the “right to the protection of personal data concerning him or her.” The law cannot be random, it must ensure “fair processing” and be limited to “specific purposes”, and the European Court of Justice as well as the ECHR will decide what constitutes a “legitimate basis” in that context. Furthermore, “Everyone has the right of access to data which has been collected concerning him or her”, which ensures transparency of what is being collected.
Secrecy of correspondence only applies to sealed physical letters, so it has zero applicability to this law and provides zero protection against scanning of private messages.
Also it isn't respected in most types of criminal trials. If a sealed physical letter is opened and proves fraud, for example ...
Secrecy of correspondence still has exceptions. That's what is always lost in these discussions -- every right of every person is not absolute. Just because you have a right to personal property, doesn't mean you don't have to pay taxes or store nuclear material in your basement. That's the hard part.
But end to end encryption with forward secrecy at no cost to user makes your right to private communication absolute. It's a new thing and the balancers can't balance it against other rights of other people, so this happens.
I feel we need something much more strongly worded to protect our mail, paper or electronic, messages and other communications from being read, not just “respect”.
The problem is, in all of those member states, they all have carve outs for "national security."
Germany, for exmaple, has secrecy of correspondence that extends to electronic communications, but allows for "restrictions to protect the free democratic basic order" and outlines when intelligence services can bypass the right to privacy.
Italy, France, and Polan also have similar carve outs.
Having it as a right isn't enough. National security and "public safety" carve outs need to be eliminated. So long as those exist, we have no right to privacy.
Rights are never absolute, they always have to be weighed against each other. The weighing can and should be debated, and needs strong protections when put into practice, but demanding an absolute is not reasonable.
I dunno; I think in practice an absolute sometimes shakes out just fine.
In this case, I see no reason that we would want to draft constitutional rights such that we consider a government's actions taken in pursuit of their national security to be, per se, legal — i.e. warranted, unable to be sued over, etc.
Imagine instead, a much weaker right granted to the state: the right to maintain laws or regulations which require/force government or military employees to do things that violate people's rights and/or the law of the land. But with no limit on liability. No grant of warrant. Just the mildest possible form of preservation: technically constitutional; and not immediately de-fanged the first time the Supreme Court gets their hands on it.
So, for example, some state might introduce a new law saying that soldiers can come to your house and confiscate your laptop. And then the head of that state might actually use that law to invade your home and take your laptop.
Given that the law exists, it would be legal for the head-of-state to give this order. And it would also be legal for the soldiers to obey this order (or to put it another way, court-martialable for the soldiers to disobey this order, since it's not an illegal order.)
But the actual thing that happened as a result of this law being followed, would be illegal — criminal theft! — and you would therefore be entitled to sue the state for damages about it. And perhaps, if it was still reporting on Find My or whatever, you might even be entitled to send police to whatever NSA vault your laptop is held in, to go get it back for you. (Where, unlike the state, those police do have a warrant to bust in there to get it. The state can't sue them for damages incurred while they were retrieving the laptop!)
The courts wouldn't be able to strike down the law (the national-security provision allows the state to declare it 'not un-constitutional", remember?); but since obeying the law produces illegal outcomes, you would be able to punish the government each and every time they actually use it. In as many ways as the state caused you and others harm through their actions.
There is absolutely zero reason why the state shouldn't be expected to "make people whole" for damages it has caused them, each and every time it does something against the people's interest in the name of national security.
And the simplest way to calculate that penalty / make the claiming and distribution of those rewards practical, would be to just not remove liability for these actions taken on behalf of the state, by not granting the state the right to do them in the first place. Just put them in the position of any other criminal, and force them to go to court to defend themselves.
"to protect the free democratic basic order", the irony.
It's incredible how even with the current surge of autocracy, most politicians can't see that the surveillance tools they crave for, could come under control of people much worse than them.
And can't see what they could do with them.
I think that many current governments in Europe are convinced that more surveillance will stop the autocratic surge. It's insane that they don't see how this is far from guaranteed, and how it will go if they're wrong.
>National security and "public safety" carve outs need to be eliminated. So long as those exist, we have no right to privacy.
This is overly absolutist, or maybe idealistic view. National security and public safety IS more important than individual right to privacy. As an extreme example, if your friend was dying, you had a password to my email, and you knew that you can use information in my inbox to save that person i really hope you would do it.
In general I think that police with a court order should be able to invade someone's privacy (with judge discretion). I mean they can already kick down someone's doors and detain them for several days - checking email doesn't sound too bad compared to it, does it? I think they should also be legally obliged to inform that person in let's say 6 months that they did it.
The problem is that modern world is drastically different than the old world when you needed to physically hunt down letters. Now you can mass scan everyone's emails, siphon terabytes of personal data that stasi could only dream of, and invigilate everyone. This is something that is worth fighting against.
Article 7 codifies "respect for [one's] private life" and "respect for [one's] private communications". Well, "respect" is a vague notion. This does not clearly imply that the government is not allowed to read your communications, or otherwise spy on you, if it believes it has good reason. It will do so "respectfully", or supposedly minimize the intrusion etc.
As for article 8: Here it is "protection of personal data" and "fair processing". It does not say "protection from government access"; and "processing" is when the government or some other party already has your data. In fact, as others point out, even this wording has an explicit legitimization of violation of privacy and 'protection' whenever there is a law which defines something as "legitimate basis" for invading your privacy.
You would have liked to see wording like:
* "Privacy in one's home, personal life, communications and digital interactions is a fundamental right."
* "The EU, its members, its bodies, its officers and whoever acts on its behalf shall not invade individuals' privacy."
and probably something about a non-absolute right to anonymity. Codified exceptions should be limited and not open-ended.
> This does not clearly imply that the government is not allowed to read your communications, or otherwise spy on you, if it believes it has good reason. It will do so "respectfully", or supposedly minimize the intrusion etc.
Which is... okay? Government gonna government, that's what we pay it to do.
The Charter has been used by the courts to shoot down incoming legislation. So, in a way, those pieces of paper mean everything, as without them legislation would pass without the judiciary branch being a check on the Bloc’s powers. Your comment is merely cynical.
In theory these limit the power of the EU, while anything the EU parliament passes can just be undone as easily by a future EU parliament. If you don't believe the EU charter provides any protection, why would you believe an EU law would be any different?
In theory, governments are made up of citizens. In practice, once the citizens are corrupted into corporate shills, they become politicians. They have traded their humanity for business class seats and dining at restaurants that cater to those whose entire personality is talking about their investment portfolio.
Because the people voting it down are the elected MEPs, whilst the people putting it up to parliament are the European Commission. The EC are appointed, rather than elected. Which means the powers that be just appoint people who are going to push through laws like this, that they want. The MEPs can't put up bills to be voted on.
Chat control is already illegal according to EU law, and has previously been ruled as such by the ECHR when Romania was trying to implement a chat control law that did actually pass, in 2014. But documents are documents (even the Rome statute), and can be rewritten.
It already violates Articles 7 and 8 of the EU Charter which is supposed to prevent stuff like this.
The reality is that they'll just keep pushing it from different angles, they only have to get lucky once, we (or EU citizens, we left and have our own issues) need to be lucky every time - much like an adverserial relationship where you are on the defending side from a cyberattack...funny that really.
I think the greatest risk to the EU is the sheer volume of communications it allows to travel without end-to-end encryption. Financial, infrastructure, personal political sentiment.. What doesn't a foreign enemy get volumes of minable data on?
The right to private communication is already enshrined in the EU.
Article 7, EU Charter of Fundamental Rights: Respect for private and family life (and probably a couple other sections in there as well).
The problem is national security exceptions. Chat control and other similar bills are trying to carve out exceptions to privacy laws under the excuse of national security.
Also its politically cheap to introduce surveillance or to expand state power, it's comparatively extremely difficult to pass laws that specifically restrict state power.
Privacy laws are well and good, but they exist. The problem is we need to stop allowing "public safety" or "national security" to be a trump card that allows exceptions to said laws, and good luck getting any government to ever agree that privacy is more important than national security.
There’s no point. The only way you can fix this is to pretty heavily market the situation and publicise and shame the lobbyist scum pushing this. And their associated ties.
If this law, or some future version of it, passes, I will derive great pleasure from a simple bash script sending a gdpr right to be forgotten request to eye European parliament in a daily basis
I don't think that's a very sensical right (like most rights, frankly). Everyone has limits to the privacy they can expect. But we should have a social contract where we can expect privacy between mutually consenting parties intending to have private communication (eg not in a public square) without reasonable suspicion of a crime being committed.
Technology means there is only one truly stable compromise, imo: I am free to use whatever technical means at my disposal to encrypt my communications and those of my customers (!), and you can try to read them as much as you want.
Combined with the right to communicate across borders, you can get quite a bit of privacy: a server in both sides of a geopolitical conflict and they've got to collaborate to track you.
And yet metadata collection is both unavoidable (if you don't collect it, your geopolitical opponents will) and should be enough. We don't need chat control in a world where I get precision-targeted ads -- it's not even about freedom of speech or privacy, it's about freedom of thought.
> a server in both sides of a geopolitical conflict and they've got to collaborate to track you.
With a server on the other side of a geopolitical conflict (actual conflict, not a mere discontinuity in legalscape) you trade a risk of the government reading your chats for a risk of the same government (which you don't trust for a good reason) locking you up for treason and espionage.
You don’t care by writing new legislation, you care by forming boycotts against the corporations that are not fighting back against the scanning. The world is not controlled by democracy, it is controlled by money and the oligarchs.
Is it not a web component, per se? Per the article, all the React stuff does seem to bake down to HTML Custom Elements, that get wired up by some client-side JS registering for them. That client-side JS is still a "web component", even if it's embedded inside React SPA code bundle, no?
If you mean "why do I need React / any kind of bundling; why can't I just include the minified video.js library as a script tag / ES6 module import?" — I'm guessing you can, but nobody should really want to, since half the point here is that the player JS that registers to back the custom elements, is now way smaller, because it's getting tree-shaken down to just the JS required to back the particular combination of custom elements that you happen to use on your site. And doing that requires that, at "compile time", the tree-shaking logic can understand the references from your views into the components of the player library. That's currently possible when your view is React components, but not yet possible (AFAIK) when your view is ordinary HTML containing HTML Custom Elements.
I guess you could say, if you want to think of it this way, that your buildscript / asset pipeline here ends up acting as a web-component factory to generate the final custom-tailored web-component for your website?
> Homebrew is working on an official Rust frontend that will actually have full compatibility.
When you say "Rust frontend", is the vision that Homebrew's frontend would eventually transition to being a pure Rust project — no end-user install of portable-ruby and so forth?
If so (ignore everything below if not):
I can see how that would work for most "boring" formulae: formula JSON gets pre-baked at formula publish time; Rust frontend pulls it; discovers formula is installable via bottle; pulls bottle; never needs to execute any Ruby.
But what happens in the edge-cases there — formulae with no bottles, Ruby `post_install` blocks, and so forth? (And also, how is local formula development done?)
Is the ultimate aim of this effort, to build and embed a tiny little "Formula Ruby DSL" interpreter into the Rust frontend, that supports just enough of Ruby's syntax + semantics to execute the code that appears in practice in the bodies of real formulae methods/blocks? (I personally think that would be pretty tractable, but I imagine you might disagree.)
We will never be 100% Rust an 0% Ruby. It’s possible that 99% of users end up never running any Ruby, though. It’ll still be needed for local development and our CI. We’re optimising for speeding up the 99% case as much as possible.
You only have the right to modify if you can access the source.
If you got (a snapshot of) the source along with the binary, that's fine, there's no need to keep hosting the source anywhere.
But if the company said "for source, see: our github", then that github has to stay up/public, for all the people who downloaded the binary a long time ago and are only getting around to exercising their right to modify today.
They don't need to post new versions of their software to it, of course. But they need to continue to make the source available somehow to people who were granted a right that can only be exercised if the source is made available to them.
(IIRC, some very early versions of this required you to send a physical letter to the company to get a copy of the source back on CD. That would be fine too. But they'd also have to advertise this somewhere, e.g. by stubbing the github repo and replacing it with a note that you can do that.)
You seem the right person to ask about this: why don’t we see any public web archivers operated by individuals or organizations based in countries that aren’t big fans of aiding or listening to American intelligence?
I think that one refers to doing so when there is no food on the chopsticks. Picture tapping the chopsticks against your lips to show you’re thinking, if conversing while eating. The overarching rule being that you should put the chopsticks down whenever you’re not in the middle of picking up/moving food with them.
(Unless you want to come off as imitating a Rakugo storyteller. If you do, then go ahead and use them as a talking prop. But maybe make it clear that you’re not eating with those ones, so people don’t worry you’ll flick sauce at them!)
So what are you expected to do with the last few sauce-soaked grains of rice that would at best be able to be plucked grain by grain from the bowl, and even then would likely slip from between the tips of the chopsticks? Just leave them in the bowl?
I've heard that clearing the table of food would be considered rude in China, as it means you didn't get enough to eat, almost exactly opposite to the only food-related rule I was ever taught growing in the US - never waste food or serve yourself more than you can eat. That's probably just a "my family" thing though. I get the impression that even saving leftovers is rare among Americans these days.
There are still contradictory customs around this enough that it is standard practice to warn exchange students from Europe that if they finish absolutely everything on their plate that this is a signal in many American homes that you should be served more. This can lead to some real discomfort as the student tries to eat everything they are given which leads to being given more and more.
So at the same time it is considered poor taste to take more than you can eat, it is also considered poor form to offer a guest anything less than more than they can eat. This also shows up when people rate restaurants by the serving size.
I wonder what Ms. Kyoto would tell me to do to properly pick up my chopsticks, given that I’m left-handed, and yet it is apparently a faux pas to lay down the chopsticks pointing to the right.
> to try to maybe help some rather technologically-hopeless groups of people
Even if they're the majority?
(Keep in mind that as average lifespan keeps getting longer while birth rates keep going lower, demographics will tend to skew older and older. Already happened in Japan; other developed countries will catch up soon.)
> They should probably not have a bank account at all and just stick to cash.
You know that these (mostly) don't fall into this category of being "hopeless with [modern] technology" because they're cognitively impaired, right?
Mostly, the people who most benefit by these protections, are just people 1. with full lives, who 2. are old enough that when they were first introduced to these kinds of technologies, it came at a time in their life when they already had too much to do and too many other things to think/care about, to have any time left over for adapting their thinking to a "new way of doing things."
This group of people still fully understands, and can make fluent use of, all the older technologies "from back in their day" that they did absorb and adapt to earlier in their lives, back when they had the time/motivation to do so. They can use a bank account; they can make phone calls and understand voicemail; they can print and fax and probably even email things. They can, just barely, use messaging apps. But truly modern inventions like "social media' confound them.
Old bigcorps with low churn rates are literally chock-full of this type of person, because they've worked there since they were young. That's why these companies themselves can sometimes come off as "out of touch", both in their communications and in their decision-making. But those companies don't often collapse from mismanagement. Things still get done just fine. Just using slower, older processes.
OpenAI don't talk about the "size" or "weights" of these models any more. Anyone have any insight into how resource-intensive these Mini/Nano-variant models actually are at this point?
I assume that OpenAI continue to use words like "mini" and "nano" in the names of these model variants, to imply that they reserve the smallest possible resource-units of their inference clusters... but, given OpenAI's scale, that may well be "one B200" at this point, rather than anything consumers (or even most companies) could afford.
I ask because I'm curious whether the economics of these models' use-cases and call frequency work out (both from the customer perspective, and from OpenAI's perspective) in favor of OpenAI actually hosting inference on these models themselves, vs. it being better if customers (esp. enterprise customers) could instead license these models to run on-prem as black-box software appliances.
But of course, that question is only interesting / only has a non-trivial answer, if these models are small enough that it's actually possible to run them on hardware that costs less to acquire than a year's querying quota for the hosted version.
They never put the parameter counts in their model names like other AI companies did, but back in the GPT3 era (i.e. before they had PR people sitting intermediating all their comms channels), OpenAI engineers would disclose this kind of data in their whitepapers / system cards.
IIRC, GPT-3 itself was admitted to be a 175B model, and its reduced variants were disclosed to have parameter-counts like 1.3B, 6.7B, 13B, etc.
Is it just that there's no "privacy lobby" interested in getting even one lawyer around to sit down and write it up?
Or is there at least one such bill floating around, but no EU member state has been willing to table it for discussion?
reply