Good on El Reg
For reporting this. I live in the Great State. I consider myself passably au courant as to what the members of our legislature are up to. And this is the first I've heard of any of this.
The US state of Maine is violating internet broadband providers' free speech by forcing them to ask for their customers’ permission to sell their browser history, according to a new lawsuit. The case was brought this month by four telco industry groups in response to a new state-level law aimed at providing Maine residents …
This post has been deleted by its author
"“Maine cannot discriminate against a subset of companies that collect and use consumer data by attempting to regulate just that subset and not others, especially given the absence of any legislative findings or other evidentiary support that would justify targeting ISPs alone.”
As the judge in this lawsuit, I must admit this point by the plaintiffs contains some logic and legal effect. Therefore, to prevent discriminatory legislation, it is my duty to remove those components of the legislation likely to lead to discrimination. In my reading of the law and the most able one provided by the plaintiffs, the discriminatory part of the legislation appears to be the words "internet service providers"--to limit the legislation to this subset is clearly unacceptable and must be altered for justice's sake. Therefore, it is the considered opinion of this court that the law shall be edited to replace all instances of "internet service providers" with "companies of any description using or holding user data". With this alteration made, the remainder of the case submitted is no longer applicable, and the issue is now resolved.
I reluctantly agree that the plaintiffs do make a good point.
Even more reluctantly, I would have to conclude that a judge doesn't have the authority to edit the statute to that extent. Either the law is (whatever the relevant test is), or it isn't. If it isn't, then the judge's only remedy is to declare it unenforceable, and basically send it back to the legislature to fix. The judge can't unilaterally rewrite it.
Or maybe it's the viewpoint.
In Europe, privacy is seen as a fundamental right belonging to an individual. So it really doesn't matter who wants to use the data, it needs either an explicit permission of a valid legal interest.
US keeps on seeing privacy as a commercial good which can be sold or not depending on the business and business practices. The problem with US is that they are putting business revenues above people's rights.
"The problem with US is that they are putting business revenues above people's rights."
Businesses are "people" too! Won't someone think of the businesses (and their "constitutional rights" like freedom of speech?)
Personally, I think of a business wants to legally identify as and claim the rights of a person, they should also be subject to imprisonment and have all their rights taken away and put into a box for whatever time period the sentence results in, ie not allowed to carry on their business.
More pertinently if you want your company to be treated like a person, you should be ok with it being taxed on income instead of profit. If you're not happy with that, stop believing the ridiculous notion that a company should have the same legal rights as a person.
If companies are people, we should be able to try and execute them too.
It could be simpler than that. It could be the right of the person should trump the right of an interfering body. The private should be over the public body.
Excluding the UK, Europe does tend the other way of regulating everything and the private need public permission before doing anything.
The lobbies/special interest groups play into the problem, certainly. The other issue is that politicians just don't care about stuff like this. They want high-profiles stuff that they can use to get votes. They're not about doing what's right, they're about doing what gets them re-elected as many times as possible.
No, there is no reason the law cannot target ISPs. Don't forget that this is the US, so ISPs are, in many areas, actual monopolies and, everywhere else, effective monopolies. Here (anywhere else in the world) we have a competitive market for ISPs (mostly based on local loop unbundling) so we can choose an ISP based on privacy, if we wish.
So, clearly, if the legislators' goal is to allow people the option of using the internet without being tracked then ISPs can be legitimately targetted. If they want to not be targetted they need to allow effective competition with a large number of competitors.
They are also able, if they wish, to compete with the FAANGs by creating separate companies, not receiving any data from their ISP business - just like those companies do.
OK, I think I just found the problem with America and American law. Companies can claim the rights granted to citizens in the constitution!!!!
Funnily enough it seems to be hard to send a company to jail if it breaks the law, so they are citizens with the rights of citizens, but none of the responsibilities! Ever seen a company perform jury duty, after all?
And I know some wag is going to say, well companies cant vote, but with the money they pay in "donations" to the politicial parties, they get the laws they want anyway. Who needs to vote, when you already control the parliament? (see everything the FTC has done since Pai took charge).
Companies claiming free speech protection! God i'm glad i live in a (at least for the moment) semi-sane country...
Legislators do actually like to have someone on whom to come down like a ton of bricks.. UK company law, for example requires that at least one director is a natural person. I'd be very surprised that US legislation doesn't have that provision. The responsibilities of the directors under UK law include a requirement to act within the company's constitution and that is a set of documents registered with Companies House who aren't going to accept a declaration that the company is going to act outside that law, The legislation also makes reference to common law responsibilities. It also makes reference to offences being committed by the company and any officer in default. You'll also find other legislation putting officers of the company on the line, for instance the current DPA sticks closely to GDPR and does just that.
I've probably been on this planet longer than you and certainly long enough to have spent a decade or so as a company director. Whilst the above might not have been a day-to-day concern it was one to be kept in mind.
Sadly not even covering for the monumental fraud that was Enron (and World Com and Sunbeam, and and etc) is enough. Just knew they were going to find the technicality so corporations could go back to being above the law.
It's very rare for directors of a company to go to jail for the company's bad actions. Among other things, it usually requires proving they authorized the bad behavior *and* knew it was illegal; you won't find many company memos with "yes, do the illegal thing -- Your CEO" written on them, so proving any one person meets those criteria is hard.
"If you think your country sees them any differently, you should probably take an economics course."
Economics? Try law, because that's where how a country sees companies is expressed. And one of the provision in UK law is that at least one director has to be a natural person. UK law distinguished between companies as persons and actual real human beings as persons. Your rhetoric might sound great but sometimes you have to look at facts.
> you have to look at facts
While you're right about the intent of the law, the facts remain that "going to jail because company ignored the law" is very low on the occupational hazards list of big company directors. Now of course the keyword here is "big". Small companies don't have the financial gravity to bend reality to their requirements; At best they can play possum, dissolve and reappear under a different name.
Big companies on the other hand, well, just look at the news. The Register is talking about them quite frequently: They can and they will. And while sometimes they get a slap on the wrist, the worst thing their directors have to fear is being fired by the board as sacrificial goats, with a nice compensation and the assurance to immediately find another nice, cushy job.
Though, my memory not being anymore what it used to be, feel free to remind me of some cases where big company directors found themselves in orange jumpsuits following some creative interpretation of the law...
High ups in Enron went to jail but that was one of the last hoorays before late capitalism freaked and said never again. Hell of it is I bet a good number of people on here arguing about the status of corporations are the ones who defend the current system and thinks its awesome (ie the house slave syndrome, has it much better after all).
Under US law, corporations are considered "legal entities", not people. Should a "company break the law", as in criminal law, the company officers are still liable for jail time. If a company if found to have breached a civil duty, as part of a lawsuit, the "legal entity" prevents the personal assets of each and every employee of the company from being at risk of seizure to satisfy the lawsuit. That's why in many modern lawsuits against companies, the major officers are named separately as co-defendants, to put their assets on the line as well as the company's. Under current law, if a company intentionally mis-states its financial position to gain investor confidence, the CEO can go to jail - the CEO has to sign each financial statement personally attesting that its true. So CEOs become obsessed over accounting - they don't want to go to jail - and lose sight of the actual company business. And it doesn't take being a company to buy votes - wealthy "celebrities" do it all the time too. You never seem to have A-list celebs called up for Jury Duty either, and they *are* people. And it takes a whole lot for one to ever go to jail....even when they're found guilty of actual crimes.
A lot of special interests have claimed "first amendment" rights whenever debate over campaign spending and so called "soft money" comes up. Most of these aren't even actual companies.
For this ISPs to claim First Amendment...it doesn't hold water. They actually DO have that protection - they are allowed express "official company position"s on various topics if they so choose - and nobody can restrict their legal right to do it. They will still face consequences from individuals (customers, pundits, their own employees, etc), just as any human would who takes a view others dislike.
That said, I cannot figure out what convolution or distortion these ISPs applied to make the First Amendment apply here. That's the problem.
People cn choose to use Facebook or whatever, use ad blockers, script blockers on browser to keep privacy.
However (yes, methods people could use to try and evade this as why should they go the extra hassle of VPNs, tor, tunnelling whatever workaround, especially as a decent VPN will be an extra expense so consumer essentially paying for privacy) as ISP is default pipe to websites visited they have unique record of all sites visited that ad companies will not have. ISP argument is similar to mail service looking at every letter I receive and selling the data on - their job is as a data carrier and that's it.
Yes, but we all have the option of not using Google's services. Companies like Mozilla seem to be trying to make sure that it is easy for non-experts to avoid many of those Google services if they want to.
I plan to run my own DoH server but I would certainly prefer Cloudflare over Google (at least until Cloudflare change their business model).
It's becoming increasing hard, when you get Google trackers on any page you visits - while disabling some may break the page, and its damned captcha is being used by services you *must* use.
You can setup your own DoH server, but unless it's a full recursive server and just forwards to another, you're still leaking data.
But still very few spend the increasing effort to block data slurping, and the biggest companies are in a position to get the most.
For now, too little data in DNS requests, and most of them comes from NAT devices masking the real IP, and, for example, it doesn't allow to track a device as it moves across networks.
DoH, being HTTP, allows for much more fingerprinting of the calls. Coupled with IPv6, even better.
I guess you didn't know that scanning and storing the addresses on envelopes has been standard practice in many countries for years.
So what? Most people, and many advertisers and companies, don't put the sender's address on the outside of the envelope. IOW, while the owner of a pipe carrying e-mail etc knows both sender and recipient as well as the content of an unencrypted message, in a large majority of cases the Post Office or mail carrier does not know who sent to mail or whats in it.
> Most people, and many advertisers and companies, don't put the sender's address on the outside of the envelope.
That's certainly not true in my neck of the woods. Very nearly 100% of all postal mail I receive has the sender's name and address on the outside of the envelope. It's so expected that every so often when I get something that doesn't have it, that stands out as weird.
Charlie, scanning and storing addresses is one thing - it allows you to say that something was sent to Person A at Address B on a certain date but doesn't tell you whether Person A really was at Address B on that date (they could have been at a different address but moved to or from B around that date, or it might be a genuine mistake and they were never there, or it might be a deliberate attempt to get someone in trouble or provide them with an alibi if they wanted to pretend *not* to be elsewhere).
And it certainly does not tell you what was inside the envelope, which is what the ISPs have access to but the post office does not.
The Post Office knows someone sent a brown envelope to Joe Genaro of 123 Any Street, Anytown but they don't know what was sent - a love letter? A job application? An order for the latest edition of "Freaky Pr0n Compendium"? It could be anything.
Not only does your ISP know *you* sent the envelope but they know exactly what you sent - which is fine if you don't mind them knowing your business but not so great if it is something you don't want anyone else to know about. And now they don't just want to let anyone know *your* personal activities, they want to *charge* other people who want to know what you get up to - and what everyone else gets up to as well... if you cannot see a problem with that, you probably should keep off the internet.
that if Google and Facebook are allowed to sell their users’ personal data then ISPs feel they should be allowed to as well.
Have they never heard, that two wrongs don't make a right?
Why does the 1st Amendment even apply to a company? I thought the Constitution applies to citizens?
“The Statute is preempted by federal law because it directly conflicts with and deliberately thwarts federal determinations about the proper way to protect consumer privacy,” the lawsuit argues.
You mean the fact that the FCC believes consumers shouldn't have any privacy?
Corporations were created to provide a legal entity which survived the death of a partner, provided limited liability for investors, and could enter into contracts.
Their personhood was limited to certain state specified actions.
In the US, the Supreme Court in Citizens United v. Federal Election Commission held that the free speech clause of the First Amendment applies to corporations, something that few other major countries (if any) subscribe to. This ruling directly led to the creation of "Super PACs" (Political Action Committees) and their unlimited and non transparent contributions. What effect this will have on the Maine case remains to be seen but it's the basis of the ISPs argument.
Associate Justice John Paul Stevens argued that Court's ruling represented "a rejection of the common sense of the American people, who have recognized a need to prevent corporations from undermining self government."
IMHO, the ruling is the single biggest contributor to the morass of US elections. You Brits will have to come up with your own explanation of your electoral morass.
The Constitution applies to persons, if you take the Bill of rights, all ten amendments use either “people” or “person” and nowhere can you find the word “citizen”.
The 14th Amendment also prevents States from discriminating the application of law:
No state shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States; nor shall any state deprive any person of life, liberty, or property, without due process of law; nor deny to any person within its jurisdiction the equal protection of the laws.
There is a reason they used person, in that it extends the protections to non citizens. Given Corporations are seen as persons in the eyes of law and that's how the ISP's can claim they are covered.
Whether it's an infringement of speech is another matter, but they do have domain (sic) for raising the case.
You have a free press because the free speech rights protects that as well. The same way property rights are valid for companies as well for people. It would be hard to assert that a person have a right to free speech, but a news company has not (which, is anyway, made by people).
The issue here is not if a company has or has not the right to free speech - the question is if selling people's data falls under the "free speech" protection. IMHO "free speech" protect the right to assert something and disseminate it - not the act of doing it - especially when it causes damage to someone or impacts someone else's right. Saying "slavery was right" is protected by free speech rights - implementing slavery is not. It cuold protect some "demonstrative acts" (as long as they are harmless) - i.e. burning a flag-, but I'm quite sure you can't burn "witches" - or even a bank - using the same argument.
So they can say ad nauseam that selling user data is good - but as long as long laws bars selling data, they cant.
How public-spirited of these ISPs to draw their customers' attention to the fact they can't be trusted with those customers' data.
Those ISPs can certainly expect to haemorrhage savvy customers to their more privacy-conscious competitors and if there were any small pockets of territory where a competitor was not available then at least the FCC can be expected to step in to manage the situation.
A "person" does not necessarily have the plural "people", friend. In the language of law, the plural of "person" is "persons". Because "person" in law means something very different than "person" in ordinary speech.
If you want to be able to sue a corporation, then the corporation must be a legal "person"--because only a legal "person" can appear before a court.
The question in the famous (infamous if you so believe) case was to delineate the extent to which the individual right to donate to campaigns and/or expressly advocate for or against elections survives incorporation. We already had political parties and trade unions with those rights, and the original law baring other types of corporations was expressly created because a politician got ticked off about almost losing an election. The USSC determined that the statute impermissibly denied the incorporation of these rights to other types of corporations.
The US founding fathers went to great pains to prevent corporations (like the India Tea Company) from having the same rights as citizens.
Our republican trolls eventually bent to big business and gave us Citizens United. Fast forward to now where their argument is corporations speech is more important than the privacy of citizens. China, Russia, and the US, same deal. Government is and always has been a bad joke.