This is the biggest danger we face - the slow deterioration of our privacy to the point where when things like this emerge, a large part of the population's reaction is "why didn't you expect this?"
In fact, I would NOT expect the post office to spend millions in technology to track letters. They shouldn't have any INTEREST in doing that - it isn't important to their main function of delivering mail.
I expected them to use tech to better be able read zip codes & route more efficiently, and to count mail to better place people and resources where most needed.It should stop at that.
Simply because something is public does not mean the govt should be spending resources tracking and storing it
This is marginally tangential (because the Intelligent Mail tracking programs are completely separate from the tracking the article references), but tracking mail is hugely important to the USPS. Giant postal customers who individually mail millions of pieces every month want end-to-end routing metrics, and the USPS itself uses tracking for their own internal reporting. It's how they know quickly when a service facility is overloaded, and it's how AT&T knows your bill last month made it to your front door (or at least to your local Post Office).
Assuming you're in the US, check some of the mail you've received recently; do you see a jagged-looking barcode on the front? It can uniquely identify that specific piece, as well as the mailer and any special services applied--mostly requesting higher levels of tracking. The metadata for that piece lives in a big postal database in the sky, where mailers can request access at varying levels of detail. The USPS is way past just delivering mail at this point.
(Source: I was a developer in the postal mail industry for six years.)
In fact, I would NOT expect the post office to spend millions in technology to track letters. They shouldn't have any INTEREST in doing that - it isn't important to their main function of delivering mail.
It's certainly of fundamental importance to any kind of registered mail. And outside of registered mail, tracking mail helps internal processes - ensuring that mail isn't lost or forgotten. Tracking mail can help identify mail theives and other issues affecting timely delivery.
The problem comes when they share that information with outside agencies, or use it for reasons other than improving the timely and accurate delivery of mail
I'm curious about exploring your perspective, if you don't mind indulging me.
Suppose, in the course of their everyday routing systems, the USPS were tracking the information in question. Pretend it were free to transfer that data to the law enforcement authorities.
Would you have an issue with it, if it were free as part of doing business?
Proactive mass surveillance does not work. So even if the USPS is not spending money other parts of the government is going to waste money dealing with this crap.
Sure, we can get into a debate about the ethics of surveillance, but as long as there is zero benefit it seems pointless.
As to why it fails, there is simply to many false positives.
Sure it does, just not for what it is claimed to by its proponents. The real point of proactive mass surveillance is to perpetuate a culture of mass fear, a chilling effect on free speech and to maintain the socioeconomic status quo; that is, to limit upward mobility and destroy any notion of wealth redistribution before it gets off the ground.
Also, proactive mass surveillance, combined with a legal system that ensures that virtually everyone is guilty of some crime, combined with prosecutorial discretion, gives the government the ability to avoid due process while on the surface appearing to be following due process. And note that the United States has all three of those requirements.
This is the most ridiculous thing I've ever read. Fewer than 1% of the people I know live in a state of active fear of our government. There are certainly nefarious goals behind many incidents of mass surveillance, but "perpetuat[ing] a culture of mass fear" is not one of them. The vast majority of people don't even know this is going on, let alone care.
The vast majority of people is not important, important is whether they feel comfortable to challenge those in power or not.
State of active fear in everybody is not what it is about. The "benefit" is state when you think twice before you donate to Wikileaks or when you hesitate to voice support for Occupy Wall Street, because they might have been used against you at some point.
It is also the state when those you donated or joined occupy have to be more careful about what they do and say, because they know things said in supposedly private conversations might be twisted against them.
I know a few people who participated in Occupy Wall Street, and I myself have publicly spoken out in favor of Wikileaks. Having to "think twice" about doing either of these things is natural and hardly a "culture of mass fear", whether the post office is tracking mail or not.
Those people are also not participating/planning any protests or other forms of civil disobedience. They are irrelevant, as far as the elite are concerned.
My point is that there probably isn't a state of active fear of the government for most people, as in they're literally cowering in a corner. Of course, this is nearly literally true for some people today (like Edward Snowden) and has been literally true for lots of people in certain governments in recent history.
But anyway, despite there not being an active fear for most people, there certainly would be an immediate fear upon receiving word from the IRS, because the tax system is so hopelessly complex that every single filer is almost certainly guilty of violating some law.
Yeah I agree with everything you're saying here. I still think the parent's claim is absolutely absurd (that the USPS tracks mail in order to perpetuate a culture of mass fear and create income inequality).
>Fewer than 1% of the people I know live in a state of active fear of our government.
obviously the government is just at the beginning of the road and has a lot of work to do. Anyway, the majority of people in the society is just a cattle and are steered easily without any explicit fear. It is the active minority which is need to be put under control.
Not true. Our government and the people inside of it have a long history of intimidating people. Read about the first and second Red Scares, as well as the career of J. Edgar Hoover. We are a long way away from "the beginning of the road".
Before we start making pronouncements about how bad things are today, it's important to understand history so we can put things in context.
While I tend to agree with your overall point, I was asking the question for a different reason.
I find it useful to examine my opinions from different perspectives, even ones I disagree with, in order to better understand the crux of the issue.
Again, while I personally agree with what you say, I think it's a bit assertive to say "proactive mass surveillance does not work". I know several people who would argue just as strongly that their work is critical to national security.
This is a bit nitpicky on my part, but your statement "as long as there is zero benefit it seems pointless" is a tautology. I think the argument is regarding whether there is zero benefit.
Again, I don't mean to criticize your beliefs; I'm just interested in openly exploring different perspectives to try and understand the situation better.
How do you know it doesn't work? From all we've been told (very little, mostly through leaks) there isn't enough information to make that judgement.
The key issue isn't the potential benefit of mass surveillance in dealing with crimes or potential crimes, but rather its risk to individual privacy and the danger of enabling authoritarian governance.
If you have enough written content that you've placed online, the US government can identify you anyway. A person's writing style and specific use of function words is their handwriting for the digital time. Creepy/cool linguistics.
This is base concept upon which the legal abuse is built.
Earth Liberation Front, intentionally, never killed anybody. Their actions have been judged though, as if they were intentionally trying to kill people.
Terrorism is a vague concept, but the laws are well-defined, and the government intentionally applies them with double standards, exactly as it does with software patents, which are meant to cover a very precise idea, while they are applied in the vaguest possible terms, in order to extort money from the victims.
So here's where the hypocrisy starts:
On the lack of deaths from ELF attacks, the FBI's deputy assistant director for counterterrorism has said, "I think we're lucky. Once you set one of these fires they can go way out of control."
This is true, but why the government doesn't limit mass-spying of people, then? It actually did go out of control already.
By the way, don't forget that the government condoned HSBC, which factually supports real terrorists.
ELF isn't really an organization, there aren't really members and non-members. People did actions in the name of the organization, but I don't think there was much broader coordination.
I don't think it is that important. The important issue is that they are suggesting that millions of USPS customer's mail is being monitored in this way. And certainly, they aren't all members of violent organizations.
This deserves a lot more attention than it's gotten so far.
Why isn't this data used to do something for good, rather than for what we can safely presume to be evil? For instance, I'm sure we could use this data to track down every evil junkmailing sub-human "direct mail marketing" moron, publicize their contact info, and let's see how they like getting nothing but poop in their mailboxes?
Unfortunately, those direct mailers are the U.S. Postal Service's customers.
There is a rather inflammatory statement from the Postmaster General in the story about the demise of Outbox. “You mentioned making the service better for our customers; but the American citizens aren’t our customers—about 400 junk mailers are our customers. Your service hurts our ability to serve those customers.”
First-class mail doesn't pay the bills at the USPS; junk mail does. The junk mailers are the customer, and as the saying goes about online services, "If you're not paying you're the product."
I think you (and the folks making the same point below) misunderstand. The USPS is indeed part of the problem. They would also be utterly incapable of carrying out the kind of "enhanced" treatment of direct marketing "people" that's required.
Since the USPS is only the instrument, giving all the postal covers to the FBI, I say let the FBI/CIA/NSA/NRO have a shot at the direct marketeers. Those organizations have demonstrated a willingness to "deviate" from the usual behaviors in the defense of Truth, Justice and The American Way. They're just the sort of folks you'd want to "handle" the Direct Marketing Association.
Because direct mail campaigns aren't crimes, and are crucial to the current funding model of USPS? They'd sooner decide to stop carrying mail from individuals, and only deliver mail from customers large enough to drop ship their mail to the local BMC in palletized presorted bundles.
We could always drop the (ridiculous) expectation that the USPS should show a profit and just fund mail delivery through our tax dollars, of course. We did things that way for nearly 200 years -- the current quasi-private incarnation of the postal service only goes back to 1970 (see http://en.wikipedia.org/wiki/Postal_Reorganization_Act) -- and it worked pretty well.
It's always amusing to hear people complaining about the USPS putting junk mailers before the rest of us. The reason the USPS does that is because we forced them to. If you take a public service and turn it into a for-profit corporation, you shouldn't be surprised when it starts looking out for the interests of those it can make the biggest profits off of.
> For instance, I'm sure we could use this data to track down every evil junkmailing sub-human
The USPS and junkmailers are friends. They are losing money delivering legitimate mail. Their profits come from junk mail.
The USPS is the largest spammer in the world. Which makes it ironic that all the college hippies are groaning and crying that it might go under. We should just get rid of the pony express.
These are the fuckholes that killed Outbox, after all.
To be fair, some of your information are public because they are required by laws. For example, your home ownership. As soon as my parents bought a home, a mail came to my new home address addressed to my family.
Most people who actually send junk mail to us are via agency, and these people are small business owners.
Also, some junk mail are delivered via cheap labor, actually walking to people's home and drop off (local supermarket for example), not via USPS. So that's another "direct mail marketing" and yet a lot of people enjoy them!
I just throw junk mail away. My philosophy is that as long as they don't kill me I am giving these small business owner the opportunity to grow.
The only kind of junk mail I don't want to receive is the annual yellow page book.
Most postal advertising is for scams -- misleading afs for mortgage refis, carpet ornduct cleaners that harass you for upsells once they have you cornered in your house. And a few bad restaurants. Legitimate businesses don't need mail adverting to reach new
customers.
The comedy to that is, the biggest junk mail service provider is the US Postal Service. In fact the only junk mail I get is from them selling access to my address and PO Box.
I'm sure someone at the USPS has to be quite amused at receiving a lecture on an activity that "we can safely presume to be evil" from a person who in the very next sentence refers literally to untermensch.
And they also kicked in doors and murdered people routinely.
Which funny enough is also happening in the US, but has nothing to do with mail tracking and everything to do with approval of no-knock police raids and general apathy to ever doing something about obvious corruption and brutality by people like Arpaio.
Who in turn has absolutely no access to any of said surveillance infrastructure to start with...
Hey, someone's got to stand for freedom and democracy, right? Now let me rendition you to a situation of torture and solitary confinement without trial.
The outside of a letter is public information - when you give the letter to a postal worker you know that a series of people who you will never meet are going to have to look at that address in order to route it to the right place. It's not clear to me how you can have a reasonable expectation of privacy.
It's not so much about expecting things to be private, but more of expecting things not to end up in databases, virtually forever.
As programmers, we tend to view the world in a very "black and white" fashion, similar to our security model: If it's public, there is no expectation of privacy.
But the world is not like this ... shouldn't be like this. While there should be both technical and legal mechanisms in place to prevent privacy abuses, it does not mean that, if they're not there, we should simply expect governments to do as they please, log everything, put us in all sorts of databases, make those databases accessible to all sorts of people, etc.
I have to agree. The issue is isn't about the USPS having access to the information on the outside of mail, but that they are cataloging it. When I send a letter, I am providing my information for a service to be fulfilled and not for it to be put in long-term storage. In some sense, I think this is comparable to email. If Google was giving out a record of the addresses I've sent email to and received email from, I would consider it an invasion of my privacy. Services need to be upfront about what is being done with our data--anything else is dishonest. When I know what is being done with my information, I can make an informed decision on what services to use.
But Google does keep precisely the information you described and will quickly give it to federal law enforcement as required by law without informing anyone (also required by law).
Agreed. But, the issue is transparency. Now that I know what is happening with my Google data, I can at least make a decision to not use that service. Both the data collection and the act of keeping that data collection a secret are issues.
And yet they are doing that in full knowledge of what they are doing, which is not what is happening either with the post office or the expectation one has with Google.
Different situations have different expectations and outcomes.
We have had actual cases where someone mailed a bunch of anthrax through the US post.
Given that the post can be used to send dangerous physical objects, it seems prudent to maintain medium-term records of what was sent and where to assist in the prevention of this type of terrorism.
Because the alternative, is we wait till it happens, we have no record of where anything came from, and then we get to engage in a multi-month campaign of opening and inspecting mail arbitrarily considered "suspect" to try and prevent the next round.
So if somebody wanted to mail anthrax to, say, a government office, how would this stop that? Dropping off a stamped envelope in a mailbox in a different neighborhood with no witnesses is not likely to get intercepted.
And of course government efforts in "The War on Terror" would never be abused, right?
Call it what you want: if we have no records of where mail was sent from and where it got delivered too over a medium-scale timeframe, we are seriously limiting any ability to deal wit this type of activity effectively.
The term "letter bomb" is a real thing that was and still is really done.
You have to travel to the mailbox to send something from it.
That mailbox is generally surrounded by other people who might notice it's comings and goings, or unfamiliar characters posting large packages.
Frankly, the idea that metadata can't help us solve crimes but it can obviously be used to nebulously control a population is an oxymoron. Either metadata is useful, or it isn't. If it's useful, then why isn't it useful or potentially useful for dealing with crime? You can't have it both ways.
I disagree, because simply having a government database of this ostensibly public information is still not a threat, if the government will not take any actions which would be unacceptable regardless of whether the database existed. To use an extreme example, say there is an advocacy organization which the government decides they don't like. I'll use the ACLU just as an arbitrary familiar example. They could use their postal database to find all the people that have written letters to the ACLU, and target them in some way. It could be something extreme, like throwing them all in jail, or something more subtle, like using the IRS to audit them. Now, I think we can agree that this action is unacceptable. But the thing is, this action would still be unacceptable even if they didn't have or use the database. If they simply sent a government official to your house, asked you if you were involved with the ACLU, and arrested you if you said yes, that would clearly not be a violation of privacy, but it would clearly be unacceptable.
So I don't really see the scanning of the outside faces of letters to be a privacy issue. But I reserve the right to be appalled at the things the government might do and probably already does with this information, independent of how they acquired the information.
The whole concept of a threat is all about uncertainty, so it's somewhat incoherent to talk about it in connection with a supposed certain future.
An argument of the same structure would be: Simply playing russian roulette is still not a threat, if the chamber will be empty.
Well, yeah, _if_ - it's a threat precisely because you do not know whether that condition will hold, and there is a reasonable chance that it won't; if you knew, it wouldn't be a threat but either a boring game or a method of killing yourself.
Also, why would your argument not apply to medical information, say? If they collected your medical information from your doctor's office to then blackmail you with it, that is not a privacy issue because they could also have come to your door and asked you about your medical history, and that would also be unacceptable, wouldn't it?
If I understand your argument right, it is roughly "if 'they' can do something bad in more than one way, then either of the ways is not bad because it would still be bad if the other way was used"? I'm not quite sure how to make sense of that.
Also, one anecdote from history: The nazis when they invaded the Netherlands used existing census information on religious affiliation that was easily available on hollerith punch cards to find and deport the jews. Would you say that that information collection was not a threat for the jews who probably got killed faster and in larger numbers than if the data had not been available in that form?
edit: One more example to consider: A dictator is not a threat, if he doesn't do anything that would still be inacceptable if it was done by a democracy. Well, a dictator is a threat exactly because you don't know that, and we tend to prefer democracy in order to protect ourselves from that risk of having a dictator of the bad kind.
> If I understand your argument right, it is roughly "if 'they' can do something bad in more than one way, then either of the ways is not bad because it would still be bad if the other way was used"? I'm not quite sure how to make sense of that.
I think what you're missing is that I'm not saying that nothing counts as a privacy violation. Medical information, for example, absolutely has an expectation of privacy, but I claim that the outside of your envelopes does not. My point is that the mass collection of information, where there is no expectation of privacy for each piece of that information, is not itself a privacy violation. What people do with information is not what determines whether the collection of that information constitutes a privacy violation.
First, there isn't really such a thing as a generic "expectation of privacy". There is not just "public" and "private", it really is all about necessity and consequences, about who needs to know what and what the potential consequences (good and bad) are when somebody gets to know something about you. If I walk around outside, I don't consider it a violation of my privacy if people don't close their eyes in order to avoid seeing me. Yet, I would very much consider it a violation of my privacy if someone started following me with an HD camera (maybe even streaming it to the internet?), even though they are just "doing something else with the information encoded in the electromagnetic waves reflected from my outside into the public sphere". Or if someone started pointing medical diagnosis equipment at me in public in order to figure out from that same "public informaton" stuff that I very much might consider private. A black-and-white distinction between "public" and "private" information is useless, as there is no such thing - not every personally identifiable information is either not to be shared with anyone or good for printing in the newspaper, most of it is somewhere in between: One expects it to not be a secret, but still to only be shared and used within limits for some sensible reason and purpose. So, I expect my doctor to share my medical info with his assistants as needed, but not to publish it in a book, I expect the info on the outside of letters I send and receive to be read and used by the postal service and people working there for delivering them, but not for publishing a list of my correspondence in the newspaper - and that very much for privacy reasons.
Secondly, the simplest reason for why mass collection itself can be a violation of privacy is that there is information in the collection that is not in the individual datum, that is to say, information that only becomes recognizable once you look at the collection as a whole with the right tools. From a single letter, you cannot construct a social graph of a society, but from all the letter meta data, you most certainly can.
Another angle to look at it from is to think about it in epistomological terms: Do you think that the work of scientists increases the knowledge of humankind? After all, they are just using "public information" (observations of nature, that is) and transforming it into usable theories about the world. I would think that that work makes a huge difference in terms of the use of that "public information" by humans and the effects of that use, which is why I would say that they are increasing our knowledg. The collection and analysis of personally identifiable "public information", I would argue, has the same effect on the knowledge of the party collecting and analyzing the data about the people that this information is about, namely, they are gaining knowledge about those people as a result of that collection and analysis, and if that knowledge is something that I consider private, I might as well call this investigation a violation of my privacy.
> There is not just "public" and "private", it really is all about necessity and consequences, about who needs to know what and what the potential consequences (good and bad) are when somebody gets to know something about you.
Of course, I agree that there is subjectivity when it comes to expectation of privacy. Not everyone has the same expectations, and group expectations change over time. But I do think that privacy comes down to expectations, not to necessity or consequences. I think some actions with good consequences are violations of privacy, and some actions with bad consequences are not violations of privacy. The goodness of an action's consequence and whether that action is a violation of privacy are orthogonal.
> Yet, I would very much consider it a violation of my privacy if someone started following me with an HD camera (maybe even streaming it to the internet?), even though they are just "doing something else with the information encoded in the electromagnetic waves reflected from my outside into the public sphere".
And I would not consider that a violation of privacy. At some point, I believe it could constitute harassment or stalking, but not a violation of privacy. It would seem that we have different definitions of "privacy." You seem to consider any inappropriate action which in some way involves personal information to be a violation of privacy. I do not, and I believe my definition more closely matches general usage. Privacy is about the ability to control which bits of your personal information area are available to which individuals, not what people do with your personal information after they have it (unless of course what they do includes sharing it with more people).
> Or if someone started pointing medical diagnosis equipment at me in public in order to figure out from that same "public informaton" stuff that I very much might consider private.
That's a different example, and I suppose it would depend on what diagnostic equipment we're talking about. For example, I do believe there is expectation of privacy when it comes to X-raying on a public walkway.
> The goodness of an action's consequence and whether that action is a violation of privacy are orthogonal.
Yep, I agree. What I meant is that the expectation of privacy tends to be determined by expected necessity and consequences. People tend to expect privacy where they expect sharing/collection/distribution of information to have (potentially) bad consequences for them and there is no reasonable need to do so that would justify the risk. And my point is that the expectation of privacy is not a function of just the data, but also of the (intended, potential) use. You expect your letter to be delivered, therefore you expect that the address information on it will be used for that purpose (after all, having the letter delivered is your goal, and you are willing to give up as much of your privacy as is reasonably necessary to reach that goal), but you do not therefore expect that same information to be published in the newspaper, hence it's neither "public" nor "private", it's "for those involved in delivering this letter for the purpose of delivering this letter", just as medical information is "for those involved in making you healthy for the purposes of making you healthy".
> You seem to consider any inappropriate action which in some way involves personal information to be a violation of privacy.
Nah, I don't think that is quite it. It's more about the collection and processing of information for purposes that are not in the interest of the person the information is about in a way that reveals information about them that they could not reasonably have expected to be revealing when they revealed whatever information is being collected and/or analyzed. Privacy ultimately is about an individual's ability to predict and have control over what other people and institutions know about them while still being able to function in society, though not primarily "control" in the sense of "forcing to know or forget", but in the sense of "being able to estimate the consequences of sharing some information", as in "being in control of your life". The ability to function in society might require forcing at least computers to "forget", though, as open complete surveillance, while somewhat predictable, prevents society from functioning well.
> Privacy is about the ability to control which bits of your personal information area are available to which individuals, not what people do with your personal information after they have it (unless of course what they do includes sharing it with more people).
I think there is uselessness lurking somewhere in that definition ;-)
Does a government database count as an individual? Does government employees looking at the database constitute sharing? Does that control, at least in some cases, encompass new knowledge derived from previous knowledge in ways the affected person could not possibly have envisioned? If not, how do you resolve the conflict with the person's supposed control, if yes, how do you resolve the conflict with other people's supposed freedom to do with the information they have whatever they want (apart from sharing it)? Would blackmailing you with information about you be a violation of your privacy, if the person blackmailing you does not actually intend to share the information with anyone? How about just collecting information with the goal of possibly blackmailing you later (though again without any actual intention to disclose any of it)?
Somewhat out of order:
> I do not, and I believe my definition more closely matches general usage.
I'm not sure what the general usage is, but in any case I think the general public is far too confused about what information is and what automated information processing can do and can be expected to do in the near future for many to have any coherent, let alone reality-conforming concept of privacy (just look at the repeated high-profile cases of failed anonymization of datasets! their goal obviously is "privacy", and yet they fail miserably ...).
I might agree that your definition is probably close to a reasonable working model of privacy in the pre-computer era. But if you apply that too literally to today's world, I would expect you to end up with a practically useless concept that ignores many real-world problems that result from the collection and analysis of personally identifiable information. If you want to insist on such an outdated definition, well, there obviously is nothing fundamentally wrong with that, I just don't think there is much value to such a concept, and I'd rather define some privacy2 instead that has meaningful applicability today.
> That's a different example, and I suppose it would depend on what diagnostic equipment we're talking about. For example, I do believe there is expectation of privacy when it comes to X-raying on a public walkway.
Well, how about a camera that can detect heart problems from the pattern of blood flow in your face as it can be detected using high-speed high-resolution video in bright sunlight? (No clue whether such a thing exists, but I think we can agree something similar in some way or another should be technically within reach at least?) Also, what if the camera is actually just a high-speed high-resolution camera that doesn't do any diagnosis itself, but the video it records can later be analyzed on some computing cluster?
How do you get from "you should expect people to look at the envelope in order to deliver it to its destination" to "you should expect the postal service to archive the information about your letter"?
Seriously, I just don't get it.
Are you just saying that it's not surprising that it's possible for people to archive data they get to see? Well, yeah, obviously so, but that's just completely besides the point, as nobody is surprised it's possible (at least nobody here is, I suppose) - if anything, I'm surprised that people do such unethical things.
This is about ethics, not about technical possibility.
If the military of my own country tomorrow started bombing my neighbourhood, I also wouldn't be surprised about the technical possibility of dropping those bombs on my neighbourhood, I would be surprised why the heck they would do such an evil thing.
I can have a reasonable expectation of not being bombed by my own military because I expect them to be ethical (well, let's forget the question of whether military is ethical at all for the moment), not because it's impossible for them to do so.
It's the same reason why I expect not to be stabbed to death on the street even though I don't wear any armor, why I expect that nobody starts following me on the street as soon as I leave the house, making HD recordings of my every move for archival, and why I expect that nobody puts up telescopes and infrared cameras around my house to capture and archive all of the electromagnetic radiation that leaks from my personal life out into "the public".
Your notion of "reasonable expectation of privacy" is just naive and completely misses the point that this behaviour by the postal service poses a serious risk to society, and that risk does not go away just because it's unsurprising that they are technically capable of abusing their position of being able to see all the letters in transit.
The term "reasonable expectation of privacy" has a very specific meaning. It is a test that courts use to determine whether a search violates the fourth amendment[https://en.wikipedia.org/wiki/Expectation_of_privacy].
If you choose to start shouting at someone on the street and the police listen in (without a warrant), then you can't claim that your fourth amendment rights were violated - you made the choice to communicate in such a way that any number of people could have heard you. Subjectively, you couldn't have reasonably expected your conversation to remain private and objectively, society does not generally regard shouted messages as private. On the other hand, if you have a conversation in your home then it would be a violation of the fourth amendment for the police to listen in without a warrant because a person does not expect to be overheard in one's home and society considers one's home to be a private space.
The point isn't whether or not the police were technically capable of listening in. The point is that in order to claim that an act was private you actually have to take some steps to demonstrate that you want and expect it to be private and that society in general would expect it to be private. If you seal a letter in an envelope then you clearly want the contents of that letter to be private. On the other hand, if you write something on the outside of the envelope where any number of people can see it, you have a much more limited claim on how that information is used.
The SCOTUS disagrees with you. There is no such requirement to "take steps" to have an expectation of privacy. The deciding factor is if the situation is such that the "community in general" would expect privacy to exist in the type of situation being examined.
A good example is how the SCOTUS ruled that there was an expectation of privacy regarding IR cameras. Very few houses have any kind of real shielding against IR leakage, but the use of IR cameras was still rare enough that it would be unreasonable to expect the average citizen to take specific steps to defend against that intrusion. The average citizen expects they already had a reasonable amount of privacy.
The implication, of course, is that this is something that can change over time. If IR cameras became commonplace, it would be reasonable to assume a lack of IR privacy. At that point, it would indeed be prudent to expect people to take additional steps toward securing their privacy.
This "community standards" distinction is particularly relevant re: data mining, because relatively few people have any idea how powerful the table JOIN can be, and as such DO expect a certain amount of privacy regarding their data.
The phrase "take steps" was a bit imprecise. My intention was to say that by having a conversation in a private space, such as your home, you're putting yourself in a position where privacy would be expected.
Well, no, that phrase does not actually inherently have that meaning, but rather it's one possible use of that phrase, another valid interpretation would be the plain english one. Given that AFAICS noone was proclaiming an expectation of privacy in that specific sense, your use in that sense was rather unmotivated, which is why I went with the alternative interpretation.
Now, if I had known that you were using the phrase in that specific sense, I'd simply have asked: Where did you get the idea that anyone has an expectation of privacy (in the legal sense), and what does that have to do with the topic at hand (which is people's expectation of privacy (in the non-legal sense))?
I think you are completely confusing "what the law (possibly) is" with "what the law should be". This discussion is about what the law should be, but all you seem to be writing is "but the law is this!". This whole discussion exists because the law as it stands is defective, and people are aware of it (or maybe the law is actually fine, but then it at least tends to be mis-interpreted), so your pointing out what the law is is kinda besides the point. My actual expectation is that the postal service does not archive letter meta data and I have good reasons for that expectation. If the current law doesn't mirror that expectation, then the law needs to be changed.
Now, if you think the law is fine as it is and as it is applied, you maybe should bring forward some argument for why the law is good as it is and why a change would be bad rather than just state what the current law is.
Also, one more point: I would guess that society in general would actually not expect their letter meta data to be archived, and just as it is convention to not open a sealed envelope (a very strong convention indeed, given that it is law, but still it's just a convention in the sense that there is nothing inherent in an envelope that makes the content private - it doesn't really hinder access to the content at all, it's just that for good reasons society at some point has decided "a sealed envelope is not to be looked inside even though it's trivial to do so" when it just as well might have decided instead for a convention of "every sealed envelope is to be opened by the postal service and the content copied and archived"), it should for similar reasons be convention to not archive letter meta data even though that also is trivial to do, and if that is the convention, then all you have to do to "demonstrate that you expect privacy" is to post a letter that is not explicitly labeled "please archive!", just as you "demonstrate that you don't want to be shot" by going outside without a sign saying "please shoot me".
The expectation was generally that government services would not proactively record non-targeted information about services rendered, ie, that they'd have a specific cause they could articulate before they'd use their position to gather data about citizens for the purposes of tracking, profiling, etc.
When the laws governing this were written, it was generally impossible to do what they're doing now, so it wasn't specifically addressed.
Claiming that impossible to predict growths were not specifically covered does not mean that they shouldn't be covered, merely that the people who write our laws aren't oracles.
It may not be illegal, but it's clearly against the intent with which the law was written, and should be addressed by a new law which reflects the growing power of technology in society.
I live out in a rural area and our post office is horrible. When I moved into town, I didn't receive mail for 8 months even after approaching them numerous times and complaining. At one point I opened a mail box in a neighboring town. UPS and FedEx had no problem delivering packages. I actually bragged to my neighbors that "I don't get mail" at one point. Anyway I finally complained big time after not receiving some USPS package from aliexpress, and they started to deliver. I wish I could opt-out, I have never given out my address before, officially, and only receive junk mail. Makes me think of the Seinfeld skit, https://www.youtube.com/watch?v=Hox-ni8geIw
I suspected this months ago, and I pointed out how trivial it would be to log addresses on reddit. I was called a conspiracy theory nutcase.
I'll go one further: the high-speed sorting machines for envelopes could easily be modified to photograph the interior of envelopes and that this is already happening. You only need to shine a light through them to do this.
That would be one way. But perhaps the tears in wfunction's envelopes are used to insert a light/camera and the contents of the documents therein scanned. I wouldn't think it difficult to design a device to automatically scan most mailed documents in this manner.
The fact of the matter is that until our legal system and laws drastically change we cannot allow this level of surveillance. We have too many people wasting away in prisons for personal drug use, disproportionate sentences, and a increasingly alarming for profit prison industry. Until that is fixed we cannot allow this kind of power.
I thought everyone knew this was happening and that it started shortly after 911 when there were some Anthrax postal attacks in the US - hence all the insistance on people including a return address on all mail and mailrooms being cautious about mail with no return address.
This has been submitted before, so I've had time to think about this issue. I have lived in a country (Taiwan under its previous dictatorial regime in the early 1980s) where I assumed that all my postal mail, domestic or foreign, was read by the ruling party's secret police as part of the delivery process. The postal service in Taiwan was always awesomely efficient when I lived there, with residential mail delivery twice a day all days of the week, year-round except for a brief set of holidays for Chinese New Year. Because I assumed that all my mail would be read, I set up procedures to check whether any of it was seized. My dad and I would write weekly letters to each other, numbered consecutively. The course of post between Taiwan and Minnesota in those days was a week or less, so after a while each weekly letter would take the form of including a phrase like "This is letter number 12, replying to your letter number 10, which I received on [date]" and so on. As far as I can ascertain, all the letters I wrote and all the letters addressed to me were delivered, but I assumed that they were read by the secret police.
Foreign magazines and newspapers were sometimes seized and not delivered to subscribers, usually when they included articles about domestic politics in Taiwan. (I learned to respect The Economist as a news source by observing how often it was seized in delivery, either in entirety, or with blacking out of particular articles.) Local people who could read English could pay their hard-earned money to subscribe to (rather expensive, in those days) publications like The Economist or the Asian edition of the Wall Street Journal, but they couldn't count on receiving all of what they paid for.
The dictatorship in Taiwan eventually fell, after a largely peaceful people power revolution that forced a transformation to an open political system. Along the way, people I know, including the father of one my children's godparents, were imprisoned for leading peaceful protests urging free and fair elections and a stop to censorship. Most people don't have the courage to go to prison--especially prisons like those in Taiwan at the time. But courage is what it takes to undermine a dictatorship. A successful movement for greater freedom requires great courage, and a degree of social trust among the movement participants that is not easy to find. Allow me to repeat advice I have shared here on Hacker News before. If you really want to be an idealistic but hard-headed freedom-fighter, mobilizing an effective popular movement for more freedom wherever you live, I suggest you read deeply in the publications of the Albert Einstein Institution,
remembering that the transition from dictatorship to democracy described in those publications is an actual historical process with recent examples around the world that we can all learn from. Practice courage and practice collective action.
We have to be courageous. We also have to be grounded in facts. There is still no indication that any of my postal mail or any of my telephone calls are being listened in on by anyone in the United States. The program described in the submitted article looks at the OUTSIDE of mail pieces. I had to assume I was under continuous surveillance when I lived in Taiwan in the 1980s, and that nothing I said or did was private. I still expressed support for the freedom and democracy movement there. I was not afraid. There is even less to be afraid of today in the United States, but I will still keep speaking up for freedom, just in case.
> Because I assumed that all my mail would be read, I set up procedures to check whether any of it was seized.
The problem is worse than that.
We already know that the NSA tracks phone calls (logs of who calls whom, and the duration of the call), under the euphemism "metadata". This is enough data to construct a social graph of who knows whom, how well (how often they communicate), as well as any changes in these patterns[0].
We also already know that this phone data is revealing enough to be used for determining the targets of drone assassinations, which Keith Alexander accidentally admitted[1].
Assuming that "snail mail" data is no less revealing (which is a rather easy assumption), this means that even if the NSA/USPS/LEO never seize a single letter, there are already serious privacy violations occurring that could result in actual, tangible harm.
> There is still no indication that any of my postal mail or any of my telephone calls are being listened in on by anyone in the United States.
From what I can gather, nobody has accidentally left a card in your mail, reading, “Show all mail to supv for copying prior to going out on the street,”.
This is just a single good example of an extremely wide reaching pattern of large scale data acquisition, processing, storage, and data mining.
License plate capture, facial recognition, mail and email envelopes, contact lists, credit card receipts, CCTV, social network trawling... soon enough drones will capture and store 24/7 aerial video of all major cities.
I take it for granted that the government will know everyone I know, know everywhere I go, and know everything that I buy, sell, earn, and save. Pretty much the only thing left you have a chance at keeping private is the content of your conversations, and good luck with that.
Reminds me: anyone know why envelopes delivered by USPS sometimes have small (< 1cm long) and consistent tears along their edges sometimes? Why does the post office do this?
> Together, the two programs show that postal mail is subject to the same kind of scrutiny that the National Security Agency has given to telephone calls and e-mail.
Uhh, I'm pretty sure the NSA scrutiny included the bodies of said calls and emails. I'm slightly offended by an agency tracking who I'm in contact with, but I've very offended by an agency knowing why I'm in contact with said person.
You should also be very offended by the metadata tracking. Metadata is much easier to process and more often than not does reveal why you are in contact anyhow. It's one of "their" propaganda tricks to make you believe that it's "just" the metadata, while it actually (a) tells you much more than you initially think about the content of the communication (after all, they don't just see the connections, but also the timing and direction, and that tells you a lot about the relationship between people) and (b) at least for the time being is much easier to process anyhow.
The EU's right to be forgotten says that you can ask search engines to remove search results about you. It has nothing to do with government surveillance.
That's actually not true. There isn't even any actual "right to be forgotten", there just are data protection directives and laws and the like, which were the basis for the ECJ decision that got called the "right to be forgotten" which happened to be about search engines, Google in particular. The same laws do apply to the processing of personally identifiable information in any company, and that in principle should include postal service companies in the EU, as well as to the government itself, though sometimes with limitations.
That does not mean that postal services in the EU don't do the same thing for various reasons, but the legality is questionable.
The EU has it out for Google in particular. Why don't they go after the sites that have the information in the first place?
Regardless, if you have a news story about you, that you did something, it should be there as information forever. If the story is correct, then it's there. 20 years from now, you shouldn't have the right to say to some search engine that just happens to index it that you don't want it indexed anymore. The facts are still the same. The news story is still accurate. The site that has the news story still has it. Just because it may paint you in a negative light 20 years ago still doesn't mean you get the right to expunge that from the public record.
The implications of this are just chilling and far reaching.
Noone is "going after" anyone. Some guy sued Google, the court decided the case they were presented with (and said some things that are applicable outside the specific case).
As for the actual matter, I disagree. In particular, there are quite a few steps between "expunge from the public record" and "make it the most visible thing on the web", where the latter quite clearly is in conflict with the goal of resocialization in the justice system, for example.
I don't think this is comparable to recent NSA actions. The Post Office is a government agency. It's not reasonable to expect the government not to keep track of the mail it delivers.
The Post Office is a private company that happens to receive a monopoly on your mail box and some mandated legislation, but otherwise is not funded by tax dollars.
I'm just sick and tired of the herd mentality quick to say "but I have nothing to hide therefore they can spy on me."
This is extremely short sighted response and one which the government well expect. This is why they are able to get away with this gross violation of civil right to freedom and privacy, pillars of the free world which is attacked.
The terrorists have simply one. To cause this kind of paranoia and overreaction from the government which attacks every one of our rights as human beings, is clearly a win for the terrorists and also for those in power, and keep their power.
In fact, I would NOT expect the post office to spend millions in technology to track letters. They shouldn't have any INTEREST in doing that - it isn't important to their main function of delivering mail.
I expected them to use tech to better be able read zip codes & route more efficiently, and to count mail to better place people and resources where most needed.It should stop at that.
Simply because something is public does not mean the govt should be spending resources tracking and storing it