If you don't put the information out there, then they won't have it. It's a simple cause and effect relationship. Not giving up this information will likely cause you to not be able to use some services, however you have no inherent right to access services run by private parties. They are offered to you under certain conditions, and if you choose not to comply with those conditions, you are free to not use the service. With regard to "shadow profiles," simply use incognito mode if you are this worried about it.
Let's be clear that this law won't pass, certainly not as it is written. In the US, it's perfectly legal for websites to track your behavior. Should you object to this, you have a simple remedy: use incognito mode.
there's only one offense in the bill that includes that thread: knowingly certifying fraudulent data protection reports.
That's what it says, but one would have to believe that failing to file such reports would also be a criminal violation in any final draft of the bill. Otherwise what would be the point of the bill? Does it make sense to you that they would have a bill like this, and provide a simple way to avoid it: just don't file? That appears to be an oversight by the author, but one would undoubtedly be fixed.
By the way, did Flappy Bird even collect NPI?
Since this bill uses a vague and legally untested definition of "personal information," simply maintaining weblogs containing IP addresses could trigger this.
You are both right and wrong. Flappy Bird indeed had over 50MM users (in fact it had over 100MM users), and therefore its owner would have criminal liability under this law regardless of revenue. However you are right that the lower limit excludes people from criminal penalties. Having just 1MM user accounts still exposes them to the full brunt of the civil penalties available under this law that could easily bankrupt them. So if you have between 1MM and 50MM users, you won't go to prison, you'll just be broke.
It starts with the claim that this law could put Flappy Bird on the hook for decades of prison time. I rebut, and you say (paraphrased) "no, read the law, anyone with 1MM users could be sent to prison for failure to comply". This is obviously not true.
Actually, with specific regard to Flappy Bird, it is true because it had more than 100 million installs, far surpassing the 50 million requirement to expose him to criminal as well as civil penalties. So, in contrast to your statement, it actually is true.
Now, the proposal does not in fact have an auditor requirement, but also, the clause that discusses auditors goes out of its way to make it clear that the types of third parties they're referring to are technical experts, which startups already use.
I'm not sure what you mean here. There is an auditor requirement "where reasonable," and presumably "reasonable" would be entirely up to a court's discretion. Also, "technical experts" in the context of this law, wouldn't necessarily be the developer of the site, but rather technical experts who are trained in complying with this law. Likely, that means someone brought in by a law firm or professional auditing outfit, at enormous expense.
You're referring to that specific provision, but again you aren't considering the fact that any business interested in complying will have to have an attorney review the law, and then review all aspects of their business, software implementation, and policies/procedures in order to ensure they are compliant. That's not a requirement of the law, but how else can they ensure that they are compliant?
That's just not accurate. You should read pages 26-33 in detail. It wants external auditors to come in, and while consultation with a lawyer isn't required, companies would offensively have to use them to review everything they do, lest they be found non-compliant. That could easily range into hundreds of hours of legal work.
Most competent lawyers cost $400+/hr. For them to review your internal compliance policies and procedures (including your opt-in/out procedures. etc), privacy policy, etc. you could easily be looking at a few hundred hours. That doesn't include the external auditors that the bill wants you to have.
As you said in one of your comments, fortunately this bill as written will never come into law, both due to its implications, and the fact that its author is a single member of a minority party. This is one instance in which I am happy with our system of government.
A closer reading indicates seem to be correct that the criminal provisions only apply to those larger entities. However, ALL of the provisions in pages 26-33, which are significantly burdensome, still apply to All covered entities, which you can hit by just having 1 million user accounts.
That seems to be an entirely incorrect interpretation. Any app with more than 1 million users would fall under this law. You're simply reading it wrong, as the OP of this thread initially did. Any entity with personal information - as that term is (very broadly) defined in this document - on more than 1 million or more users is fully exposed to its civil and criminal penalties. This includes developers that just get lucky and get 1 million or more installs, and who have no way to pay for compliance.
The plain language of the law says that your interpretation is not correct. The criminal provisions apply to companies with over $1 billion in revenue or those those that have 1M or more users. That would expose a much larger range of independent developers to decades in prison.
I'm not GP, but it looks like the more burdensome things are on pages 26-33, and they are too lengthy to post here. I can see compliance costing significant sums that would be out of reach to a typical startup.
I'm not going to let this go, because you are trying to deliberately spread information about how our legal system works that is factually false, and that is damaging both to HN and to our country. So let me make it clear: In our system of justice, judges do not have any vote in whether or not federal grand juries issue indictments.
They strongly implied that Mueller probably lied because they didn't have to tell the truth and no one could prove it.
The comment literally says:
"They didn't lie, they don't have to. Everything in this indictment may be what they believe happened".
How is that ambiguous in any way?
By definition, they're not facts.
Russia does not extradite its own citizens to the US. That seems to be an undisputed fact. It's also a fact that the people named in this indictment - the indictment being discussed in this thread and the only people relevant to these comments - are Russian citizens. Accordingly, there is a 0% chance that these people will see the inside of a courtroom to litigate these charges.
You're actually trying to argue that judges have an active decision making role in deciding whether or not a grand jury issues an indictment? You're really destroying your own credibility and making my point for me the deeper this conversation goes.
There's an old saying: When you find yourself in a hole, stop digging.
And then the grand jury, completely independent of any judge, makes a decision as to whether or not to indict. Your argument is like saying the referees decide who wins the Super Bowl.
The comment you are replying to specifically says that they didn't lie, and didn't have to. This and your other comments seem to imply that you have some sort of angry agenda here. I'm new to commenting here, but I've been lurking for a long time and your goals here seem to be in conflict with the spirit of HN. One person pointed out some facts that you seem to not like, and you basically screamed and didn't even read the comment you were replying to.
Personally, I don't like Trump. But you cannot deny that none of the people in this indictment face any risk of being arrested, which means the allegations in this specific indictment will never be challenged or proven.
Let's be clear that this law won't pass, certainly not as it is written. In the US, it's perfectly legal for websites to track your behavior. Should you object to this, you have a simple remedy: use incognito mode.