Why the hell do we continue to believe the carriers' promises to respect our privacy?


Originally published at: https://boingboing.net/2019/01/10/lies-damned-lies-telcoms-lies.html


Your data is created by you. It is your action, effort, and work which creates this data. Like anything else created by your work, it belongs to you until someone pays you for it. That your internet and call activity happens in public is beside the point. If I paint my fence green, it doesn’t become a public fence just because I can’t expect the color change to remain private.


there’s actually a pretty easy way to make sure the carriers stop abusing us: make it illegal, and enforce the laws.
I would suggest “straightfoward”, instead of “easy”. Getting the US legislative and justice systems to represent the rights of the citizens (who aren’t the ones lining their pockets with money) is by no means easy.


The data is created by the company tracking you. It’s their data. When you make a call, the content of that call is your property. But the fact that you made a [time] call to [number] from [location] is their data.

It doesn’t become a public (commonly owned) fence, but if it can be seen by the public (i.e., I can view it from the street), then I can gather data on it because it’s in public. At which point, any pictures, videos, or other data I create about the fence is my data, not yours. People freak out when videos of them are posted on YouTube, and they try to invoke copyright to remove their “performance” from the web. But the person recording the video owns the copyright, and if the performance was in public… well, there’s no expectation of privacy, is there?


You are arguing that the post office can sell information on when I send a letter. Obviously this is not rooted in anything sensible.

You are confusing analogy for subject matter. Here the fence is an analogy for data. Yes, when painted, you can share that it was painted and you can even share the color. In other words, when I create data via my action you can record that I took an action, but the data I created is still mine.

And the camera company, though they created the device and method I used to record a video, does not own the video or any metadata for that video.


I’m not sure “who owns the data” is a useful question - both parties have partial claim, and turning it into a property rights issue doesn’t necessarily solve anything.

I think the more apt analogy is with other kinds of client/service transactions, where some expectation of privacy is implied (or even legally guaranteed).

For example, if I open a bank account, I would expect that my account balance, transaction history, social security number, and other information generated in the course of use are going to be used only as actually necessary, and otherwise kept as privileged information by the bank. Certainly not handed out to any rando who will pay a few bucks for them.

Or if I go to the pharmacy and buy some pills for an embarrassing condition, I would kind of expect that the pharmacist isn’t going to blab about it to anyone who happens to stop by and ask.

So similarly, when I enter into an agreement with a phone company to route the calls I place, I don’t see why I would expect information about who I called and when – let alone the real-time latitude and longitude I’m calling from or walking around at – would ever leave the premises of the phone company. IMSI catchers aside, there’s nothing inherently public about the operation of a personal phone.

I know there’s a long-standing legal analogy to postal mail in operation here - that the information printed on the “outside” of the envelope (origin, destination, time of posting) is public, while the contents are private - but frankly, I think that logic is a little strained even for actual, old-timey physical mail. Extending it to phone calls or emails is completely broken. (After all, in principle, the only people who have or need access to to even the outside of the envelope are myself, trustworthy employees of the postal service – who must read the info in order to conduct the delivery – and the recipient. I don’t think anybody else should ever need or be able to see it unless I or the recipient show it to them.)



Enforce the laws? Laws are for little people, my good man.


No. I am saying that when you use a device that collects data on your usage, then the data is owned by the for-profit company that generates and stores that data.

I suppose I would be arguing that if you mail a package via UPS or FedEX, or other non-governmental, for-profit corporation, then yes, if they want to build a database of who uses their service, and then sell that data to other third-party entities, then they could definitely do that. You own the contents of the package, but they own the records of who uses their service.

Nope. Your actions, and the data created by your actions, are separate and discrete things. You go the supermarket. That’s your action. You own that. But you took your phone with you, and it recorded where you started, where you stopped, how long you were there, and the route you took to get home. The company that generated that data set, owns that data set.

Let’s say you borrowed my phone, and took it with you. My phone also recorded the data of those actions. We have different carriers. The individual companies that are recording those actions, own those data sets. But, you used my phone to pay for your groceries (because we’re friends). Now my phone carrier has an extra data set – perhaps that a purchase was made, perhaps exactly what was purchased. Again, your actions are one things, but whoever is recording the data, owns that data.

They don’t own the copyright for the video, that’s correct. Don’t be so sure that they don’t “own” a copy, and don’t be so sure that they don’t have metadata for your video.

I want to be clear that I’m not saying, “This is a good thing” – I’m saying, “This is how it works.”


If the customer assumes they own the data when they don’t, I think it is a very important question. In the same way that people think they own the “copyright” of their bad actions in public, when the copyright is “actually” owned by the people who recorded their actions. That’s a critical distinction.

I’m not arguing against a legal guarantee for privacy. Quite the opposite. I’m saying that if for-profit companies generate data, then they own it. It is definitely intrusive to have them keep records of where we’ve been, and for how long, and so on. But the data generated by our actions belongs to them, not us.

Edit: typo


Someone who assumes they “own” the data generated incidentally as they transact with a service provider is wrong, yes. And that’s dangerous inasmuch as they might naively assume this fictional ownership protects their privacy.

But it’s equally wrong to say that the service provider “owns” it. There just isn’t any ownership right of any kind involved.

I think you’re gesturing at the fact that the provider probably possesses comprehensive records of your interactions with them and use of the service - in their servers, filing cabinets, whathaveyou - but, technically, so could you. (It’s just that your version of it probably isn’t as saleable, because you only have data about you - not millions of people.)

But that’s a mere fact of the situation. On some level, a service like a bank or a phone company will always need to possess certain records about you to conduct the business you’ve hired them to conduct for you, to bill you for it, etc.

The question is what they’re allowed or should be allowed – morally and legally – to do with those records. And my point is that framing that question in terms of some kind of new property right isn’t necessarily helpful.

What people are really trying to say when they say “it’s my data” is not that it’s their property, per se, but that they contracted with someone to provide a specific service, and had a (very reasonable, IMO) expectation that the data generated in the course of that interaction would only be used in that context. Not, say, sold on cheaply to third parties very possibly opposed to their own interests.

Further reasoning about the morality or legality of the carriers’ actions needs to proceed from there, not from some goofy idea that the carriers “own” the private customer data that they, necessarily, possess.


You have to take care of your own damn self, because these fuckers sure aren’t going to do it, nor are any so-called “regulators” going to do it. If protecting yourself online is important to you, then figure out how to out-skunk the skunks. Use their own tools and systems against them.


The problem is that “our” representatives receive a pay check from the corporations they represent.
Do we have any representation any longer?
I would argue we don’t, and the checks being written are a direct conflict of the Democratic process we are supposed to have.


This topic was automatically closed after 5 days. New replies are no longer allowed.