LurkersWillLurk's comments

Each violation of HIPAA can carry a fine between $100 and $50,000 per violation. The hard part is that many people don't know what their privacy rights are, or to whom they go when their rights are violated (in this case, the Office of Civil Rights of the Department of Health and Human Services).

I'm surprised, but glad, that a federal magistrate judge would take the time to write out an article like this. It feels odd to me that a judge - someone who is supposed to be neutral - would openly take a stance that prosecutors are overstepping their boundaries within matters of policy. (Of course, one of the functions of a judge is to say when a prosecutor has crossed the line as a matter of law.)

I saw a video (https://www.youtube.com/watch?v=eXAkXyysfFU) discussing one of this judge's recent opinions regarding a series of copyright infringement lawsuits. Orenstein dismissed 13 suits from one single copyright holder against numerous "John Doe" defendants, in which the rights holder conflated people who subscribed to internet service as being the same people who actually committed copyright infringement. Since the plaintiff had no evidence to show that the subscriber and infringer were the same person, Orenstein dismissed the suit without the defendant even knowing he or she was being sued - but Orenstein's basic knowledge, allowing him to make such a ruling unprompted, is the exception, not the rule.

We can't depend on having judges like Orenstein or William Alsup or even the Supreme Court to enact good privacy policy. Policymaking is the job of Congress, and while I am happy to see recent Congressional oversight hearings regarding facial recognition, TSA, and the like, I wish that Congress would take bolder stances against police and prosecutorial overreach.

I'd speculate that the certification of hours might be an effort to deny unemployment benefits. The company can fire you for cause and claim that you lied about your hours. If everyone breaks some minor rule all of the time, then prosecution and punishment becomes entirely discretionary, used only when furthering the goals of the authority.

I'm not sure if this theory would actually prevail in an unemployment hearing - it varies significantly by state - but the business loses nothing by trying.

I'm reminded of parallels between cell phone location privacy and genetic tracking. The average person does not understand that they are creating a record of everywhere they go when they have their cell phone on. The same is true with your DNA - while it's true that you do in fact leave a literal trace of your genes, you don't expect that you could be identified later on simply by the fact that you had lunch.

What we really need is a legislative solution, but unfortunately I have low expectations for Congress, seeing that Carpenter v. United States even had to happen.

The asymmetry with the criminal penalties individuals face versus the civil penalties private organizations face feels like a rejection of the idea of the rule of law.

The worst part, for me at least, is I'm not even sure how you would sue Hertz for something like this. It's negligence resulting in false imprisonment, but not all false imprisonment tort statutes have negligence as a valid cause of action. There's also malicious prosecution and defamation, but that typically also requires intent, rather than just negligence or recklessness. I suppose that it could fall under the blanket "unfair business practices" tort, but the damages would probably be limited. In PA for example, you couldn't get more than $1,000 out of that claim.

This is an absurd set of factual circumstances, and there are almost no accountability structures in place to fight it. It's incredibly disheartening.

The problem is that most terms of service include forced arbitration clauses. Even if they don't, you generally have to sue in the jurisdiction where the company is incorporated, which for the vast majority of people, is very far away.

That is called "making false statements", a serious federal felony. 18 U.S.C. § 1001.

This API endpoint will get you all past messages (except for those encrypted by Secret Chats):

https://core.telegram.org/method/messages.getMessages

Telegram's crypto contest is questionable (see "A Crypto Challenge for the Telegram Developers" https://hackerfall.com/story/a-crypto-challenge-for-the-tele... and https://news.ycombinator.com/item?id=6936539 for previous discussion)

> Signal is endorsed by NSA

Uh, what? This isn't true.

> I NEVER received a thank you from any of these people.

Is it possible that they (perhaps mistakenly) believe that communicating with you could open them up to civil liability?

The First Amendment applies to all three branches of the government, not just Congress. The executive branch can attempt to obtain a gag order, but the 1st Amendment nonetheless places limits upon them.

See, for example, https://en.wikipedia.org/wiki/New_York_Times_Co._v._United_S...

Here's a more specific article:

https://en.m.wikipedia.org/wiki/Robbins_v._Lower_Merion_Scho...

Previous discussion here: https://news.ycombinator.com/item?id=16084575

I hope this purported initiative will be accessible to all users, not just to those on a whitelist. As it currently stands, I can use a security key as my second factor, but I can also receive a text message, which defeats the whole point of the key. I would love to see an option to not use SMS as my second factor.

You seem to be implying that depressed people are selfish, which is generally unhelpful, false, and disrespectful to those who have suffered.

If you manually verify safety numbers and mark your contact as verified, it will hard-stop you and require confirmation if your contact's identity key changes afterwards.

Is the date that the green card was bought recorded by USPS? Basically, how exactly does writing the tracking number within the letter prove that the letter was mailed with that envelope?

How did you do that, if I may ask?