It is a criminal offence under s9 of the Bail Act 1976 to agree to indemnify a bail surety. If Assange's guarantors had entered into an agreement with Assange, that agreement would have been illegal under English criminal law, and thus an unenforceable contract.
This goes a little off-topic, but you might be pleasantly surprised about Crown Copyright.
Crown Copyright doesn't deal with university research, only with works done by the government. Pretty much everything released by central government is now licensed through the UK Government Licensing Framework under the Open Government License (OGL), which is essentially CC-BY.
That's good to know! I guess I was a little out of date, I mostly saw this come up when there was a big push to get stuff on en.wikipedia moved to commons, and all of the UK/AU/CA content couldn't be moved for obvious reasons.
Took this guy $177 to register a Delaware corporation called Stripe Inc and get Comodo to issue him an EV certificate that looks exactly like the real payment gateway. After Comodo revoked his cert, GoDaddy gave him one.
EV certificates tell you that a site is owned by a company with a particular name, not that it is the company you actually want. There's a reason browser vendors are de-emphasising EV: it isn't very useful.
Glad you can tell how regulation affects a market after less than one day of being active law, and zero enforcement actions or cases suggesting how courts/regulators are going to interpret the rules.
You do know that GDPR is not the first regulation that has ever been written correct? There is a huge body of economic literature already dedicated to the subject.
And you do know that not all regulations are the same?
You are making it sound like some kind of universal consensus on the validity of regulations exists, but such a consensus does not exist because it's a way too complex, and wide, topic to be making blanket statements about.
I was thinking about getting in to the car market but all these pesky requirements that I sell a car with airbags and seatbelts and fuel efficiency compliance are just there to protect existing incumbents.
Snark aside, that doesn't dispute the thesis that regulations tend to favor incumbents.
Some regulations are good. Some regulations are bad. Some regulations are smart. Some regulations are dumb. Reasonable people can disagree on the quality or intelligence of a given regulation, or its impact on a given industry, but that doesn't change that most regulations do tend to make products more expensive to manufacture and by proxy, more expensive to buy.
In Europe, if you want to sell eggs, you're required not to wash them or get them wet, because doing so erodes the natural coating that protects them from diseases. This is a regulation implemented to prevent salmonella.
In America, if you want to sell eggs, you're required to wash them in water at least 90 degrees, to make sure that they're clean, then rinse them with a chemically infused spray, then because you've got them wet, they need to be thoroughly dried to prevent bacterial growth. Further, because you've now washed and dried them, removing the natural protective coating, they need to be refrigerated in transit, at the store, and at home.
Both regulations are imposed to defend against Salmonella, and both are apparently quite effective, but the American regulations in play require the purchase of (conservatively) thousands of dollars in washing, sanitizing and drying equipment, and at least a partnership with a refrigerated trucking company. If you're selling the eggs in California, there's the additional requirement that the eggs were laid by free-range hens, which of course increases the amount of land required to raise the chickens upon, which of course makes it harder to prevent and protect the hens against predators.
Like I said, reasonable people can disagree on any given regulation, but it's hard to make the claim that egg regulations in America are more effective than those in Europe, or that the American regulatory environment doesn't make it the egg business a more capital intensive affair.
> Snark aside, that doesn't dispute the thesis that regulations tend to favor incumbents.
Not only that, even auto safety regulations do favor incumbents. There were far more new independent car companies created before the 1970s when the safety regulations were passed, and they were often created by small groups of people rather than huge established companies.
It's possible that the safety improvement is worth that cost, but that doesn't mean the cost isn't still there.
When we start talking about other industries where the result isn't literally a matter of life and death, it becomes much more likely that the cost outweighs the benefit. You're essentially talking about destroying competition -- the same competition that keeps companies from doing things you don't like.
If you want to pass regulations that destroy competition, those regulations had better prevent companies from doing more evil on net than competitive pressure does. Which is a pretty high bar.
There are benefits to washing the eggs, isn't there? I have read that in Europe as a consumer it's a lot more important to wash the eggs before using them.
I have lived all my life in Europe, in three different countries and with friends and colleagues from many more. and I have never seen or even heard about anyone washing eggs. So if it happens, it is certainly not a Europe-wide norm.
Yes. I have chickens (hence the anecdote above), and if you're getting eggs from friends, you should definitely wash them. I've personally just made it a habit to to wash all eggs in warm water, regardless of whether they're store-bought or fresh.
You should definitely wash the eggs before you cook with them. As you mention, that is de rigueur for Europeans, as it is in America for things like lettuce and potatoes.
You should wash the eggs before opening them. If you cook them in boiling water without opening them (except for the prick at the bottom), I don't see how washing them beforehand would make a difference.
What ? Is this legitimate or are you being funny ?
I'm European and have never washed an egg before cooking it in my life. what is this ? I crack it open and cook it and am still here.
I do wash my tomatoes when I make a salad with raw tomatoes though. And that's mostly to get stuff off since I'd argue my vinegrette would kill all the bacteria.
And washing your potato ? I'm so confused. Don't we all cook potatoes in boiling hot water ?
The incidence rate for salmonella is pretty low either way, but you should definitely wash eggs before cracking them open, for the same reasons you wash your tomatoes.
As for potatoes, no, we don't all cook them by boiling them in water -- many of us bake them, fry them, or use them for making hash browns. This might just be cultural, but I would actually be more inclined to wash them before boiling them, since the reason you wash potatoes is because they have dirt on them, and just as I wouldn't want to toss dirt into my boiling water, I would prefer to clean (or peel) my potatoes before boiling them.
Nope. In fact when I was in cookery school here in the EU, I was told that it is perfectly safe to eat raw egg here, but that in the US this is never advisable.
You can eat raw egg (yolks and whites) in the EU because chickens are inoculated against salmonella. This has absolutely nothing to do with whether or not salmonella is allowed to accumulate and/or incubate on the outside of the shell.
Not really, all regulation will favor incumbents - its just that some may with worth it. And it's worth noting that not all regulation is universally seen as useful.
You can make fun of it, but there's a reason that Silicon Valley venture capital goes to software engineering (where regulations have generally been lower) while significant disruption in the automotive space is coming from incumbents and one company founded by a guy with a net worth of $18 billion.
> there's a reason that Silicon Valley venture capital goes to software engineering (where regulations have generally been lower) while significant disruption in the automotive space is coming from incumbents and one company founded by a guy with a net worth of $18 billion.
Maybe it's because the auto industry is far more capital-intensive than software. I don't see anyone taking on incumbents in capital-intensive IT businesses, such as cloud services (do you want to compete with Google, Amazon, and Microsoft with your VC money?), or in software, operating systems in entrenched markets (desktop and smartphone).
That would be the self same reason the net is starting to attract regulation. Some of that significant disruption basically involves extending a middle finger to the laws and regulations of the country they want to do business in. I might call it taking the piss.
Taking the piss with laws and employment rights such as Deliveroo etc, or taking the piss with user data and personal privacy.
We'll be left with some of the regulation long after many of the disruptors that caused it have burnt out.
Conversely, people have also seen how some laws - like those protecting taxi drivers in this example - did nothing to help consumers. Not all regulations are being missed.
From the times I've been to the US I can see how disrupting NYC taxis could be a very good thing indeed. UK taxis? Nope, happy to keep those regulations and want to see them applied to Uber etc.
Vast difference between those examples, not least of which is that there are concrete rules around automotive safety to easily calculate the cost of implementation and verify compliance.
GDPR is full of vague terms and is global regulation based on principle rather than actual hard rules, which will increase costs and come nowhere near accomplishing the objectives it claims to do.
What is this, 1995? You're gonna need more than airbags and seat-belts and fuel efficiency.
Modern cars need ABS, TPMS, electronic stability control, passenger airbags, a backup camera and crash test standards all but demand side curtain airbags.
Don't get me started on emissions. Fuel economy really isn't a big deal or hard to meet. It's the half million other little things that need to be in a specific range that really waste the R&D time and money.
For something like a low end subcompact compliance is a huge chunk of the price.
Given the choice between a 1999 Toyota Solara (or whatever) which has one or two airbags for $5k or a new subcompact hatch with none of the listed safety features for $6k or $7k I'd probably take the subcompact. There's been huge improvements in all sorts of non-safety aspects of vehicle design in the past ~20yr that the subcompact has that the old sedan doesn't.
There's rapidly diminishing returns for regulating cars because by driving up the price of new cars you extend the time that the old ones stick around and the people who choose less safe alternatives (see mopeds in Asia)
Saying "regulation that mandates $goodthing is good" as a blanket statement is approximately of the same dumbness as saying "regulation is bad" as a blanket statement.
Relations, the regulators that make them, and the incumbents that support those regulators are under a sort of survival of the fittest to optimize for regulations that protect the incumbents but do so without being obvious and with some benefit to the consumer. Regulations that clearly support the incumbent and which clearly have no benefit to consumers will be the easiest to attack and remove. So if you want to cherry pick regulations, you can make them seem like perfect things that no sane person would ever have an issue with.
Look at how fines work, say with the GDPR. The maximum fine is 20 million or 4% of revenue, which ever is larger, which means that small businesses see a much larger risk as a percent of revenue from these regulations. This is independent of the chance of the max fine being applied. This inherently creates a pro-incumbent bias even if nothing else about the law created pro-incumbent bias.
Wouldn't it be sufficient to regulate outcome? I.e. mortality rate per passenger mile? Then, hypothetically, an AI company might be able to dispense with a lot of physical safety devices by taking advantage of the lower reaction times of a non-human driver.
What if - hypothetically - you came up with something safer then airbag & seatbelt? Even if all your customers found it to be self-evidently true that it was safer the only thing that would matter would be if the regulator thought it was safer. A regulator who is likely controlled by the incumbents.
Now with something like car safety it's easy to say - no one will come up with something like this or if they do then the regulator will immediately allow it. But what about something like Internet privacy? I think it's more likely in that case for the rules like the GPDR to be used to protect incumbents by keeping out competition.
Not only that - this is great weapon to shut down websites that are against current political agenda since virtually every site could be found non complaint.
Regulation can both help make people safer and also get in the way of innovation.
A more realistic example:
Regulations say cars are required to have steering wheels. They also say cars are expected to be under the control of a driver at all times.
Good and all if you expect to have human drivers. But it increases the cost of self-driving cars. And humans are terrible at mode-switching right before an emergency (we know this from studies on airplanes, as well as from studies on self-driving cars).
The two ways of solving this: (1) develop a self-driving car that doesn't need a steering wheel (ala trains under positive train control) or (2) restrict operation of self-driving cars to people who are highly trained and regularly operate cars in manual mode (ala the airplane industry).
Alphabet/Waymo/Google can afford the army of lawyers and lobbyists required to make this happen. All the other start-ups in this space had to get acquired by an incumbent (GM or Uber) or restrict their domain to something with less regulation (e.g. private land -- golf courses; university campuses; the Las Vegas Strip).
Car market in what sense? Making new automobiles? Yes you'll need to comply with the safety requirements of the markets in which you sell.
Selling used cars? Generally, as long as the car is sold as originally equipped, there's no issues. I can sell or drive a 1970s era car without having to add modern emissions equipment, bumpers, and airbags for example. At least I can where I live.
Airbags and seat belts were installed in cars long before they were required by regulators. The same goes for improvements in fuel efficiency. This all is driven by competing companies trying to make a profit.
Air bags were 'installed before they were required' because auto manufactures in the US were given a 7 year period to add them, not out of competition based on safety. This only after a decade of the auto industry fighting to keep those safety features from being required, exactly because the auto makers were worried about profits and not consumer safety.
"A Federal agency today abandoned the longdisputed requirement that automobile manufacturers install automatic crash protection, such as airbags or ''passive'' safety belts.
The action by the agency, the National Highway Traffic Safety Administration, drew immediate protest from safety groups and praise from the automobile industry."
>I was thinking about getting in to the car market but all these pesky requirements that I sell a car with airbags and seatbelts and fuel efficiency compliance are just there to protect existing incumbents.
I think by going to cars to prove your point proves how ridiculous regulation for websites are. For some reason there exists a group of people that believe that websites like facebook need regulations that are as strict as those required for developing cars.
People die from cars that are badly designed. People don't die from facebook (yes I'm sure you can find some contrived example.)
Unrelated but something that further adds to the irony of using cars as an example is that companies such as VW haven't even been fined for cheating on their emissions test.
I doubt a country like Germany would ever consider allowing the EU to fine 4% of Vws global revenue even though they broke the law in a way that has resulted in people's deaths.
My comparison is simply to show the standard laissez faire talking point of "oh, regulation exists just to protect incumbent market players" as bullshit: regulations exist to protect consumers from negligence and misbehaviour on the part of the companies.
The fact you think GDPR only applies to websites rather than the huge clusterfuck of personal data loss means you haven't understood the reason behind GDPR.
Equifax lost millions and millions of records and have so far faced no meaningful punishment from the UK regulators: as far as I can tell, they've so far made one brief statement on their website, and one tweet.
Major ISPs like TalkTalk lost millions of records (and ignored security researchers telling them about gaping security holes) and were given a slap on the wrist - £400,000 by the UK ICO. Mere pennies per user in fines; a drop in the bucket compared to their annual revenue. There is no economic interest to change their behaviour.
The negligence of these companies has led to millions of people having their personal and financial data stolen, having to keep eagle-eyed over bank statements and credit cards, having to worry that their transactions (or their travel bookings) might get flagged up as suspicious, that their credit rating gets eaten, and much else besides.
If a company you've entrusted your personal data with—not just your tweets or whatever, but sensitive personal data including health data, data about your religious affiliation, sexual orientation, etc. loses that data, as a UK citizen, you currently have no right to appeal the ICO failing to take action. GDPR/DPA2018 changes that balance.
Companies tell consumers "hey, trust us with your personal data". Consumers do in the false belief that there is some protection or basic responsibility taken. When they colossally fail to take the most basic steps to protect consumers from data loss, the status quo was this: nothing happens to them.
> My comparison is simply to show the standard laissez faire talking point of "oh, regulation exists just to protect incumbent market players" as bullshit: regulations exist to protect consumers from negligence and misbehaviour on the part of the companies.
You present a false dichotomy here. As much as the GP is wrong for boldly asserting the negative as fact, you are wrong for just as boldly asserting the opposite, without allowing for the panoply of options that inevitably arise from the point a regulation is conceived to the point that it is enacted. During the process of drafting the legislation, at least here in America, the existing players have a voice on the legislation's course, and the larger the existing player is, the louder their voice gets to be.
> During the process of drafting the legislation, at least here in America, the existing players have a voice on the legislation's course, and the larger the existing player is, the louder their voice gets to be.
Sounds like you need campaign finance and lobbying regulations. ;-)
In practice fining companies for getting hacked just boils down to a tax, as no company wants to be hacked, and the primary bottleneck to making software more secure is crap tools, crap platforms, poor training and inability to hire people who deeply understand security.
Hacking is not a problem you can solve by passing a regulation that says "don't get hacked".
> In practice fining companies for getting hacked just boils down to a tax, as no company wants to be hacked
No, it boils down to an incentive. No company wants to get hacked, but a lot those same companies aren't willing to invest in security measures and training that could mitigate the risk.
> Hacking is not a problem you can solve by passing a regulation that says "don't get hacked".
I don't think anyone's proposing a regulation like that. However, it's not fair to put the costs of a data-theft squarely on the victims, when it was really the company that was responsible for securing the data.
But companies that do invest massively still get hacked. See: Google. Yahoo. Microsoft.
It's also not even always clear what hacking actually means. A common way users get hacked is by reusing the same password on every website. One of those small sites gets hacked, the hackers try the users password at bigger sites to see if they work. Big players like Google and Facebook have heuristic systems that try to detect and block that, but sometimes they don't work.
So who's at fault then? The user for losing control of their password? The small site, probably not EU based, doesn't give a shit? Or the big guys who tried to protect the user but failed? Given the way the GDPR is being done my guess is the big guys will get taken to the cleaners even though they did nothing wrong.
Basically, you can't stop a big company from getting hacked no matter how much you spend on security.
> Basically, you can't stop a big company from getting hacked no matter how much you spend on security.
I never said anything to the contrary, but the observation is irrelevant. You can't stop all pollution, but that doesn't mean you shouldn't pass regulations that ether ban it or impose liability for it.
That's an invalid metaphor. The point behind regulating specific types of pollution and fining companies that emit it is in fact to completely eliminate it. When total elimination isn't possible regulators have taken alternative approaches, like phase outs and carbon trading schemes.
The GDPR authors appear to believe that not being hacked is merely a matter of choice, despite all evidence to the contrary. They are clearly dangerously delusional. If even Google, with its pick of the crop, unlimited budget and massive security team, cannot avoid being hacked, then nobody else has a chance.
What they care about is how much data you had (and did you need all of it), did you tell the users, have you put things right, had you done anything to protect the data?
If you have a lump of data that you don't need, that you store with no attempt at encryption, and it's held behind software that you haven't bothered to update even though security patches have been released then yes, you're going to be regulated.
> it was really the company that was responsible for securing the data
It was the financial industry and government that were responsible for implementing an identity scheme with a less insane architecture than handing the same secret material to every relying party. I disagree that we can or should force everyone to tie themselves in knots supporting it.
You say that, but what are the attack vectors in these high-profile breaches?
- Unpatched, publicly documented vulnerabilities.
- Unauthenticated S3 buckets.
- Unencrypted laptops.
- Default passwords.
This isn't subtle crypto weaknesses or attack vectors missed in the security assessment of protocol designs. It's carelessness. It's stuff that any high school kid who's good with computers will tell you about, let alone any IT professional or software engineer.
> Hacking is not a problem you can solve by passing a regulation that says "don't get hacked".
It doesn't say "don't get hacked", it says "if (when?) you get hacked, minimize the the cost to people who trusted you with their data". And the easy way to conform is: 1. do not collect more than you need to provide the service, and 2. do not keep the data you don't need any more just in case. Which should be the default, but in the world of cheap storage and data mining seems to be forgotten, or an afterthought. E.g. when a user unsubscribes we tend to set the flag "subscribed" to false next to the rest of their data, instead of removing the e-mail address we don't need.
So now we get a new status quo: "These measures are onerous and bake in internationally-controversial concepts like 'right to be forgotten,' so now companies may actually decide to punt on doing business with 500 million customers because the risk outweighs the rewards.' "
>My comparison is simply to show the standard laissez faire talking point of "oh, regulation exists just to protect incumbent market players" as bullshit: regulations exist to protect consumers from negligence and misbehaviour on the part of the companies.
We'll see. I have a feeling that European consumers and web companies are in for a world of hurt.
>The fact you think GDPR only applies to websites rather than the huge clusterfuck of personal data loss means you haven't understood the reason behind GDPR.
I know that GDPR applies to everyone, I think it's pretty obvious it will be selectively enforced since the regulation is too burdensome. Do you think your local mom and pop hair salon that is not in compliance will ever be fined?
By the US and 2.8B is a fraction of what they deserved to be fined. All VW execs should be in prison for the rest of their lives for what they have done.
I guess it isn’t. There are laws which US considers to be broken by external entities, yet US introduces a comletely inhumane programme worth of DPRK. Where’s the logic.
The original poster believes software should be regulated like cars. I pointed out that the fines for violating gdpr are larger than any fine VW will ever receive from the EU for literally killing people.
>You must point to the laws violated. E.g. Schmidt made a false statement to the California Air Resources Board under the Clean Air Act.
>Trial in the court of opinion and mob lynching is not compatible with the Western tenements of law.
Stop trying to shift goalposts, my point is that if any company deserved to be fined 4% of global turnover it's VW and they have currently received a total of $0 in fines even though they have probably increased the likelihood of you getting cancer.
I thought we established they received a non-zero dollar fine.
Their annual profit is about $13BN, they were fined $2.8BN which is about 22%. I think that along with imprisoning an exec that was complicit in the lie is a significant and reasonable deterrent/punishment.
As for VW significantly increasing the likelihood of any given arbitrary citizen getting cancer I'd love to see the numbers on that. Sounds like hyperbole to me[0]
> People die from cars that are badly designed. People don't die from facebook (yes I'm sure you can find some contrived example.)
I think the public, and much of HN, disagrees and is beginning to believe that the lack of privacy is undermining democracy, liberty, and human rights.
There are actually some historic examples. A university once performed scientific research on a minority group. Then the Nazis acquired the list and murdered the participants.
Obviously that's at risk of happening again, but machine learning and AI are risk of learning to be discriminatory by training on data sets resulting from historic and modern discrimination.
When applying for jobs, it may be possible to enter somebody's info into a next generation background check software to get a % probability of the candidate voting for a specific political party, and declining to call/interview based on that alone.
Even when it's not intentionally discriminatory, this is leading to a future where the teller says "sorry, you were declined. I don't really know why, the computer just made the decision". Where's the accountability?
In credit reports, I can at least request my credit report and understand how to improve my score or dispute line items.
If my car crashes or I am extorted due to my sexuality or killed for my religion. All the same. It is deadly. Data Privacy is not a nebulous concept. It is a human right.
If you have to keep your religion secret to avoid being killed, you have MUCH bigger problems in your society that I don't think "nobody knowing who is secretly Jewish" is actually going to fix.
It's not like a future hypothetical fascist dictatorship isn't going to have access to the necessary records to piece it together or would follow its own GDPR constraints, nor would the GDPR stop it from arbitrarily deciding some people are Jewish without detailed evidence.
I'd like to think the GDPR is underpinned by better philosophy than a false hope it could prevent a future Holocaust.
I think it is generally based against discrimination and not focused on something extreme as a state organized Holocaust. Also GDPR does not care about this. For the GDPR these are just attributes which should be protected.
A core rule of data privacy is to restrict yourself to the necessary information you need. Religion like sexual orientation is rarely justifiable why it is collected at all.
It’s sarcasm, I forgot the doesn’t exist on HN. My post history shows from day one I called DAO snake oil, and code is Law bullshit, and shows how much crap I took for that here on HN. But if the SEc can have a sense of humor about it why can’t I? They really did miss an opportunity to use the smart contract marketing though...
