https://github.com/righttoprivacyact/bill/tree/main/tests
There’s clearly a non-trivial level of LLM involvement.
I want to say 100% lawslop. I can’t figure out who’s behind this to ascertain their qualifications and acumen in the space.
100% seems like a safe place to start speculating from but I can be talked down.
When you disagree with an argument, you are supposed to address the argument itself, not the thing making the argument.
So, no, you are making the claim, first prove it is worth any of that effort.
Ad hominllm: the dismissal of a work or an argument because an LLM was, or may have been, used in its construction or editing.
Biblical times.
(a) In general.—There are authorizedI could also ask my 5 year old to draw a bill for me, that's as successful as giving a generic bill.
I haven’t read through the bill and text yet, but credibility is important in this fight. Plus, this can change at anytime, so knowing who’s behind it amplifies the trust.
We need to be having these conversations yesterday. Our fundamental freedoms are under attack, and a bill like this would go a long way to protecting future generations
b) Shouldn't our laws prioritize natural-persons over corporate desires?
Companies don't have a right to a specific revenue model. Humans should have a right to their own identity.
Say it loud so the kids in the back can here:
- IF IT IS FREE YOU ARE THE PRODUCT -
It has the benefit of being literally true, whoever thought the was necessary to have a bunch of hard to forge security measures on IDs which require physical inspection probably wouldn't be okay with easily faked scans being accepted.
> Require Social Security Numbers to authenticate preventing fraud.
There's a ton of stuff piled into the agenda on this page but that one in particular stumped me. Is it proposing that people (who?) are required to use their SSN to authenticate (for what?) or that the SSN agency is supposed to authenticate... something before doing something?
It contains following:
> (i) Finance and high-risk identity proofing.—No person shall extend credit, originate a loan, open a high-risk financial account, or provide another high-risk financial service based solely on a Social Security number, static identity information, or an uploaded image or copy of a government-issued identity document. A person engaging in such activity shall use multi-factor identity verification reasonably designed to verify both record consistency and claimant control, using less intrusive reasonably reliable methods where available.
> (j) Social Security number not sufficient identity credential.—A Social Security number, taxpayer identifier, or similar identifier shall not by itself be treated as proof of identity for purposes of this Act.
So, to me at least, it sounds like they actually mean "Providers must not use SSN for authentication (including fraud)".
Just leave your name and email on this contact form on github, so privacy can be solved once and for all!
(/s, but an interesting paradox for pro-privacy initiatives soliciting identifiable public support)
But I also don’t want to step on the EFF’s toes. They’ve been doing good work on this area for decades and I’d prefer we work with them on policy details.
Here’s a whitepaper on their policy positions: https://www.eff.org/wp/privacy-first-better-way-address-onli...
Then how can I know not to send you another email if I don't have your email flagged in my database to do-not-send?
For legitimate newsletters and similar: you delete any and all forms that allow signing up to receive emails without affirmative consent from that email address that they want to receive mail, and you offer a one-click effective-immediately "unsubscribe" to retract that consent at any time. Then, you can tell if you can send someone mail based on whether they're in your database of people who have explicitly consented to send you mail, and you don't ever send email to anyone else other than one-time consent requests and order-confirmation-style transactional mail.
The only legitimate database of emails is "these people have explicitly confirmed to us that we can email them"; any other database is radioactive waste, delete it.
That's not actually how HIPAA compliance works. You're required to keep 7 years of communications, and part of those communications is who you sent it to. Amazon SES sends complaint notifications and you're not allowed more than 1 complaint per 1000 emails or they shut you down too. People who are repulsively anti-spam have ruined email as a medium.
I'm merely pointing out the technical aspect of this bill is ridiculous and everyone sending transactional emails will fight you, killing any bill you might have.
1. User requests for email alice@example.com to be removed from database
2. Company removes "alice@example.com" from 'emails' table
3. Company adds 00b7d3...eff98f to 'do_not_send' table
Later on, the company buys emails from some other third-party, and Alice's email is on that list. The company can hash all the email addresses they received, and remove the emails with hashes that appear in their 'do_not_send' table.
You'd have to normalize the emails (and salt the hashes), but seems doable?
Dismissing an avenue of progress outright is to be defeatist or to sow defeat.
AI is going to use all this information against us. Because AI alignment can’t be better than people and corporations deploying the AI.
Lack of privacy is now a gaping security hole, being continually exploited on all our devices, across most sites on the internet.
[EDIT: And the leverage that information enables is being auctioned off to manipulators who we are exposed to continuously. This is just the beginning.]
We need to plug this security hole now, before power centralizes further and we can’t.
Lets add Facebook, twitter, openai, claude + all the others.
then lets add Flock, Palantir.
Do you honestly think the lobbying from them would be more or less if this bill gained any traction?
This view is unfortunately common among regular privacy advocates. That makes them politically useless.
To have a hope, this bill needs to target support outside tech, where civic laziness and nihilism are normalized. I’m not seeing any indication of that strategy here.