I think "selling your information" is a good high level description that conveys the essence of what is going on - your information is being used by whomever will pay to use it. But yes, digging into the details it's more like F/G are trusted third parties who keep comprehensive surveillance records on you, and sell services based on exploiting those records, with an incentive to not leak the whole trove because it's their competitive advantage.
The argument for this topic then becomes if F/G are found to be providing services to foreign governments that undermine national security, domestic laws can then be made to stop this behavior. But this assumes that the way those services can be abused will be blatant, the foreign powers using those services will be easy to spot, and also that foreign governments won't be able to exfiltrate significant parts of the databases through their use of the services (what Cambridge Analytica did).
Focusing on F/G also skips the entire ecosystem of smaller players that don't have the scale, scope, or product to be acting as trusted third parties, but instead do just sell the raw records themselves - to F/G, and also to any startup that comes along with funding and an acceptable narrative. Like the carriers and intermediaries selling phone tower data. And that whole cottage industry of apps and frameworks that collect data. And ANPR and other pure infrastructure providers. And the traditional surveillance industry ("credit bureaus").
The essential commonality in both of those is that while it feels good to address the most glaring high-level problems, as long as the underlying incentives remain it just becomes a game of wack-a-mole. And wack-a-mole isn't enough to stop determined foreign actors.
No comments yet.
