Month: May 2023

It Is Not Amazing That a Tesla Using FSD Blew Through a Crosswalk jalopnik.com

Collin Woodard, Jalopnik:

“One of the most bullish / exciting things I’ve seen on Tesla Full Self-Driving Beta 11.4.1. It detected the pedestrian, but rather than slamming on the brakes it just proceeded through like a human would knowing there was enough time to do so,” they wrote.

Sorry, but that’s not remotely exciting or amazing in any way. And while it may be what some humans do, it’s also against the law. A pedestrian crossing at a marked crosswalk has the right of way, and you’re supposed to yield to them. The fact that the Tesla didn’t stop is a major problem. Why doesn’t the software know to yield to pedestrians?

If I were this pedestrian, I would feel like I nearly got hit by this Tesla. It had plenty of time to stop.

Advocates of autonomous vehicles often say increased safety is one of its biggest advantages over human drivers. Compliance with the law may not be the most accurate proxy for what constitutes safe driving, but not to a disqualifying extent. Right now, it is the best framework we have, and autonomous vehicles should follow the law. That should not be a controversial statement.

Location Data About Abortion Provider Visitors Is Still Being Stored and Exploited wsj.com

After the Supreme Court of the United States overturned Roe v. Wade last year, a bunch of the corporations which have built their business on knowing the physical locations of people without their knowledge or explicit permission said they would not permit the use of that information for health-related reasons. Google promised it would delete records of visits to abortion providers, domestic violence shelters, and rehab centres; when Accountable Tech checked several months later, it found much of that information was still retained.

Geoffrey Fowler, of the Washington Post, decided to look again:

To test Google’s privacy promise, I’ve been running an experiment. Over the last few weeks, I visited a dozen abortion clinics, medical centers and fertility specialists around California, using Google Maps for directions. A colleague visited two more in Florida.

In about half of the visits, I watched Google retain a map of my activity that looked like it could have been made by a private investigator.

[…]

This didn’t happen every time. After I sat for 15 minutes in the parking lots of two clinics south of San Francisco, Google deleted each from my location history within 24 hours. It did the same for my colleague’s two visits to clinics in Florida.

To state the obvious, about half the time, Google will keep a record of a visit to a sensitive location even though a user might not have been aware it was tracking them, which is better than all the time, but substantially worse than none of the time.

Google is one of the most valuable businesses in the world and cannot reliably prevent a record of a visit to a more sensitive location. What about a smaller business similarly built on violating individuals’ privacy?

Byron Tau and Patience Haggin, the Wall Street Journal:

A Midwest antiabortion group used cellphone location data to target online content to visitors of certain Planned Parenthood clinics, according to people familiar with the matter and documents reviewed by The Wall Street Journal.

[…]

Near, the location broker whose data was used to geofence the Planned Parenthood clinics and extract the mobile-phone data, was one among a number of similar companies that faced inquiries from regulators last year over whether its data set could be used for tracking people seeking abortions.

The company told investors it received an inquiry from members of the House of Representatives about abortion tracking in July. “We communicated to the Members that the company doesn’t allow the use of its data for law enforcement or healthcare purposes, including the disclosure of reproductive rights information,” Near said in a filing with the U.S. Securities and Exchange Commission.

Why anybody is wasting their time pretending that companies with this business model are willing and able to protect users’ privacy would be laughable if it were not so dangerous. This is a solvable problem, but the answer will not be provided by organizations like these.

Unskippable Thirty-Second Ads Coming to YouTube on TVs variety.com

Todd Spangler, Variety:

At the YouTube Brandcast upfront event Wednesday in New York, execs announced the introduction of 30-second unskippable ads in top-performing YouTube content on TVs — you know, just like the commercials that have run on broadcast and cable networks for decades. YouTube also will start testing new “Pause Experiences” for YouTube on TV screens, showing an ad when viewers pause a video akin to the pause ads Hulu first bowed four years ago.

A couple years ago, after YouTube began testing a set of three pre-roll ads, I had to wonder what its upper limit could be before people begin tuning out. So far, it looks like it can just keep piling on the ads. And, each time, YouTube Premium gets a little more valuable.

I Give It Eighteen Months themessenger.com

Earlier this week, the people behind the Hill launched a new, crappy web publication called the Messenger; Joshua Benton of NiemanLab has a good roundup of its Daily Mail-esque strategy. But, to me, something seemed missing. When Semafor debuted last year, it needed a big gimmick and chose an irritating story format, much like Axios’s bullet-point lists or the Outline’s bizarre stacks.

The Messenger was just a WordPress blog. It did not have a gimmick. That is not how you launch an online media brand, you dummies. You oafs.

Alas, the crisis has been averted, according to Darren Samuelsohn, Maggie Severns, and Steve Reilly:

Introducing The Messenger Scale, a new system designed to cut through the noise and help you understand what really matters in the news.

It’ll be like the “Richter scale” for measuring earthquakes, but in this case we will be assigning a simple 1-10 number based on input from our panel of more than 80 “news seismologists” from the worlds of politics, policy, law, history, academia and media. Our panel spans the entire political spectrum in order to provide readers with a balanced response to major news events.

Investors gave them $50 million to start a news site and this is the best they could come up with.

Update: Matt Sephton:

Why would they publish a news story that scores low on their scale?

A very good question, indeed. If the release of a report into an investigation of the last president and the release of a different report about the current president both scored below a five, out of ten, what would be the score for new beer packaging, and why would the Messenger publish something so inconsequential?

Yet Another Bug in Facebook Ads bloomberg.com

Aisha Counts and Alex Barinka, Bloomberg:

On the morning of April 23, an error on Meta’s automated ad platform caused some advertisers to spontaneously spend more than intended on Facebook, or to use their budgets in inefficient ways. In the weeks since the glitch, advertisers and their agencies have reached out to Meta for refunds, but the company has responded slowly, if at all. “It’s just radio silence,” said Tyler Garner, head of media buying at digital marketing agency GrowRev.

Some advertisers did receive refunds from Meta beginning on May 12, although the amounts have been doled out inconsistently and it’s not clear why some businesses received more money back than others. In the past, advertisers that spent a lot on Facebook or had personal connections at the company had better luck getting refunded, according to several agency representatives.

Strange how Meta, previously Facebook, keeps having problems with its video and advertising products in ways which benefit the company. It should really look into why that is so often the case.

Apple Touts Fraud and Abuse Prevention in the App Store apple.com

A news release today from Apple appears to shed light on its App Store crime and fraud prevention tactics in 2022 but, much like previous versions, many questions are left unanswered or unexplained. Here is one such paragraph which makes me scratch my head:

In 2022, nearly 1.7 million app submissions were rejected from the App Store for various reasons, including concerns related to fraud and privacy. In more than one case this year, App Review caught apps using malicious code with the potential to steal users’ credentials from third-party services. In other instances, the App Review team identified several apps that disguised themselves as innocuous financial management platforms but had the capability to morph into another app. Nearly 24,000 apps were blocked or removed from the App Store for bait-and-switch violations such as these in 2022.

The first statistic here — 1.7 million app rejections — can be contextualized by a stat from the previous paragraph: 6.1 million App Store submissions in the same year. Roughly 28% of submissions were rejected, which is down from over 30% in 2017–2019, and perhaps as high as 40% in 2020. It is hard to read anything into that trend, though: it does not necessarily mean Apple lowered its standards or that developers were more compliant, as both could be true. Also, neither.

Apple also says it stopped “more than one” app that has “the potential” for credential theft. But how many is that? Is it two? Is it fifty? A bigger number would be more fitting for the apparent objective of this kind of report — to explain why iOS software distribution ought to be permitted only through the Apple-administered App Store instead of third-party stores — so the use of “more than one” is conspicuous.

Here is another lump of stats:

Last year, Apple blocked nearly 3.9 million stolen credit cards from being used to make fraudulent purchases, and banned 714,000 accounts from transacting again. In total, Apple blocked $2.09 billion in fraudulent transactions on the App Store in 2022.

Good stuff, though I will note Apple’s graphic for this section uses the phrase “potentially fraudulent transactions” — emphasis mine. While it is great news Apple is so careful in this area, it is not as though other payment gateways do not have their own anti-fraud mechanisms.

Again, the unspoken rationale for these news releases — which Apple started publishing around the time European regulators began looking into its App Store-only iOS software distribution policy — is that Apple is uniquely suited to protecting its users from fraud and abuse. But it has also repeatedly struggled with preventing pretty obvious scams. I do not think its failure to achieve a perfect success rate is an indication that App Store protections are ineffective, but the company’s own statistics are also not necessarily painting a complete picture.

U.K. Law Enforcement Accelerating Development of Internet Connection Records Storage wired.com

Matt Burgess, Wired:

Official reports and spending documents show that in the past year, UK police have deemed the testing of a system that can collect people’s “internet connection records” a success, and have started work to potentially introduce the system nationally. If implemented, it could hand law enforcement a powerful surveillance tool.

Critics say the system is highly intrusive, and that officials have a history of not properly protecting people’s data. Much of the technology and its operation is shrouded in secrecy, with bodies refusing to answer questions about the systems.

It is worth reading this alongside British efforts to undermine and fearmonger over end-to-end encryption, as it paints a bleak picture of what the government appears to be hoping for.

Reading between the lines here, the internet connection records, which British law enforcement could order ISPs to retain, would be an individual customer’s DNS connection history, subject to technical limitations. For example, insecure web connections contain the domain and path of access, while secure connections only permit ISPs to learn the domain. That is, an ISP knows you have accessed pxlnv.com right now, but not which articles you are reading; they could also know you accessed duckduckgo.com, but not what you were searching.

If law enforcement agencies believe they are entitled to reduced encryption on devices so they are able to see their full contents, I think it is reasonable to assume they would also want some kind of back door in secure web traffic. The contents of a criminal’s web search may be of investigative relevance after all, is how they could justify such a stance. This is not hypothetical: ten years ago, we learned the GCHQ and NSA intelligence agencies had figured out how to breach SSL traffic. Perhaps the thinking of these agencies has evolved: instead of going through all that effort to find vulnerabilities, why not legislate security weaknesses? There are already attempts to do so for device encryption; why would secure web traffic be let off the hook?

Why Is Cloud Storage Sold With a Fixed Maximum, Anyway? benricemccarthy.com

Ben McCarthy, in a post about how difficult it is to manage a massive number of photos:

Additionally, I’d like for Apple to offer additional iCloud Storage options. Right now, the maximum capacity is 4TB; 2TB if you subscribe to Apple One’s Premier Tier and another 2TB if you pay a monthly fee for additional storage.

Ideally there would be an infinite option, or at the very least the ability to purchase multiple 2TB add-ons, that just stack as you need more. It would be expensive, sure, but better than running out of storage with no other recourse.

From one data hoarder to another, this is music to my ears. But why is this not already how cloud storage is sold? I can buy as many external hard disks as I can afford, but the amount of stuff I can store in iCloud is limited by Apple’s constraints, not my budget. It is not just Apple, either: most consumer cloud storage is sold in these kinds of fixed tiers. Why is there a maximum?

Mind you, I would feel more comfortable storing any amount of data with these services if they had a warranty. In my world, that should perhaps be a higher priority, and then it makes more sense to store several terabytes’ worth of photos on someone else’s computer.

I Will Defend Free Speech to the Death. Or Until an Autocrat Asks Me to Stop mcsweeneys.net

Mike Langley, McSweeney’s:

As a free speech absolutist, only death could stop me from defending the rights of Twitter users to speak without censorship. Well, either death or a request from an autocratic leader asking that I censor certain content that could be sensitive for their regime. Whichever comes first.

Jimmy Wales:

What Wikipedia did: we stood strong for our principles and fought to the Supreme Court of Turkey and won. This is what it means to treat freedom of expression as a principle rather than a slogan.

File under: things which should be values, not hobbies.

Google I/O, Google A.I. platformer.news

Mat Honan, MIT Technology Review:

Google I/O is a highly, highly scripted event. For months now the company has faced criticism that its AI efforts were being outpaced by the likes of OpenAI’s ChatGPT or Microsoft Bing. Alarm bells were sounding internally, too. Today felt like a long-planned answer to that. Taken together, the demos came across as a kind of flex — a way to show what the company has under the hood and how it can deploy that technology throughout its existing, massively popular products (Pichai noted that the company has five different products with more than 2 billion users).

Google I/O was a far cry from its scrambled and awkward presentation earlier this year, and it is notable how much it built on its similarly A.I-heavy I/O presentation last year and the year before.

Casey Newton:

But while I imagine the features will vary in quality and usefulness, one thing is becoming clear about the near-term AI future: technology alone is not enough to totally reset the competitive landscape. Incumbents can gain significant ground simply by bringing new features into the products that people are already using — and getting users to switch platforms is proving more difficult some imagined it would be.

[…]

The lesson here is that, with the possibly lone exception of ChatGPT, users are mostly not seeking out AI as a destination unto itself. Rather, they’re waiting for it to transform into useful products and services — ideally, products and services that they’re already using.

Early predictions of Google’s impeding demise — to Bing, of all things — appear to have been greatly exaggerated. Regardless of the hype around the newer, smarter Bing, Google’s market share has not been dented. Google has cunningly allowed Microsoft to take the first steps into the unknown and, consequently, avoided some early mistakes.1

These technologies are undeniably exciting and perhaps concerning, but I think it is worth throwing cold water on media declarations of winners and losers at this stage. There is still no meaningful competition in the search engine business. Google’s announcements this week have ensured its unwillingness to permit public mindshare from slipping in Microsoft’s direction, even if actual usage remains safely Google’s domain.

  1. Meta’s take on virtual reality seems like it has similar early mover problems↥︎

User Growth at Bluesky, Mastodon, and Twitter cnbc.com

MacKenzie Sigalos and Jonathan Vanian, reporting for CNBC with quite a rosy introduction:

Elon Musk’s Twitter is facing new competition from a rival called Bluesky, a so-called decentralized communications app that is backed by Twitter co-founder and twice-former CEO, Jack Dorsey.

Sure sounds promising. So how popular is this new “Bluesky” thing which ought to be spooking Twitter?

The social messaging app had 628,000 mobile downloads in April, representing a 606% rise from March when it became available on Android in addition to iOS. Meanwhile, Twitter had 14.9 million app downloads in April, which is a 2% increase from the 14.6 million downloads it accumulated in March.

[…]

Bluesky appears to be gaining more attention than decentralized messaging app Mastodon, which attracted a lot of interest in November as a possible alternative to Twitter. In April, for instance, Mastodon only had 90,000 downloads, the Sensor Tower data showed.

It is not until several paragraphs later that Sigalos and Vanian acknowledge it is only possible to participate in Bluesky by invitation. Even so, it racked up hundreds of thousands of app downloads in April — or, from a different perspective, about 95% fewer than Twitter managed. Quite the competitor.

It is all rather irrelevant, however. Measuring the popularity of decentralized services based on the number of app downloads seems like, at best, a flawed metric. Because Bluesky is available only by invitation, it has only about 65,000 users. And, while Sigalos and Vanian have effectively written off Mastodon based on the number of downloads of its official app, an independent bot reported over 210,000 new users in the last week of April. If the numbers from Mastodon User Tracker’s bot are to be believed, the network had 10,526,195 users at the end of March and 11,509,031 at the end of April, a difference of nearly a million users.

Neither of these services have anywhere near as many users as Twitter, obviously, but the apparent popularity of Bluesky and its comparison to Mastodon should be more correctly contextualized. As of today, I have been using both — you can follow me on Bluesky or Mastodon — and the former feels more akin to a Twitter clone. The latter is clunkier, though it recently made signing up easier. Do not get me wrong: I like Mastodon a lot, and I see good reasons to use both. But I could see Mastodon taking on a more Tumblr-like role of developing its own quirky culture and being better for it. Right now, neither one feels like a product — which is really cool. It all reminds me of an earlier era. I like how this is going.

Moderator Mayhem moderatormayhem.engine.is

So you think you can be a platform moderator?

I was skeptical, too, until I tried Moderator Mayhem, a new browser-based game from Techdirt, where you have to assess reported posts and determine whether they should remain live or be removed in accordance with some basic policies. Oh, and you also have to handle occasional disputes. And there is a time limit.

Now I know — I could not be a platform moderator.

‘Blatant Propaganda […] Bolstering the Venture Capitalist’s Bottom Line’ newsletter.mollywhite.net

Venture capital firm Andreessen Horowitz released a “State of Crypto Report” for 2023:

Our 2023 report aims to address the imbalance between the noise of fleeting price movements – and the data that tracks the signals that matter, including the durable progress of web3 technology. Overall, the report reflects a healthier industry than market prices may indicate, and a steady cycle of development, product launches, and ongoing innovation.

Molly White expertly dismantled it:

If there is one thing that I want you to take away from this article, it’s that venture capital firms and other heavily invested players in the crypto space should not be trusted to give us the facts on the industry they desperately need to promote. They will produce superficially objective-looking reports full of numbers and charts, but a critical reading shows just how blatantly they are manipulating numbers to arrive at the conclusions that fit their narratives. There is no consequence to Andreessen Horowitz for doing it, and certainly if someone tried to hold them accountable for their blatant twisting of the facts, they would just point to their cover-your-ass disclosures slide in which they disclaim everything in the report.

It is almost surprising A16Z stopped publishing Future, its crypto-Pravda, last year, just as the market settled into what it calls a “steady cycle”.

Meta’s Position on Bill C–18 about.fb.com

Meta says Nick Clegg — its president of global affairs and the former Deputy Prime Minister of the U.K. — would have spoken before a Canadian committee in response to Bill C–18, but:

Late on Thursday, the committee notified Meta that the title of the hearing had changed to ‘Tech Giants’ Current and Ongoing Use of Intimidation and Subversion Tactics to Evade Regulation in Canada and Across the World’. Clearly, it would be a very different hearing to the one Nick Clegg was invited to. As such, we have notified the committee that he will no longer be appearing. Meta representatives in Canada will attend the hearing.

Amazing. I appreciate the pointed title change.

In lieu of Clegg’s appearance, Meta published his full prepared remarks. They are roughly what you would expect, but I think this is worth quoting:

I spent 20 years of my life as a legislator, so I understand how difficult it is to craft good policy and sensible legislation. In this instance, I believe C-18 is flawed legislation which would deliver bad economic policy too. The Parliamentary Budget Officer estimates that most of the funds generated by the Act will go to broadcasters, not the local and regional publishers it was supposed to support. It’s Robin Hood in reverse. The Act would subsidize big broadcasters at the expense of independent publishers and digital news sites, skewing the playing field so it’s even harder for smaller players.

Should this link tax pass, Clegg reiterated Meta would prevent links to news articles from being posted on Facebook and Instagram.

Humane’s Device Preview at TED ted.com

Last month, we caught glimpses of Imran Chaudhri’s preview of the device being developed by Humane. Chaudhri presented this sneak peek at the TED conference in Vancouver, and the full presentation was published today.

While it is important not to rush to judge a device which none of us have used, I feel like its debut in a TED Talk is worrisome. It is a conference that has become synonymous with catchy hacks and apparently counterintuitive thinking which have little basis in reality. That is not a great sign.

Also, and this is a little thing, TED says (PDF) “speakers may never use the TED or TEDx stage to pitch their products or services”, and that “if it feels like an advertisement, it probably is”. Chaudhri’s talk is all about how great artificial intelligence is going to be, but it is all structured around a device debut which feels like a supercut of iPhone launch presentations.

‘Where Is My Mind?’ Stops the Alarm on Google Pixel Phones faroutmagazine.co.uk

Jordan Potter, Far Out:

Recently, a Reddit user took to the platform to report a strange occurrence. After setting their alarm to use songs at random from a playlist, one morning, the alarm failed to activate. Fortunately, they had woken up earlier and investigated the issue. As it turns out, Frank Black yelling “stop!” at the beginning of the song [“Where Is My Mind?”] pre-emptively disables the alarm on Google Pixel phones.

Delightful little bug. Reminds me of the days when saying “hey Siri” would make any iPhone obey one’s command, even if it was not their own.

Update: If any readers own a Google Pixel, there are plenty of other songs worth trying this with. I wish I had a Pixel to do the same. Alas, I have some kind of feeling for which I am struggling to find a two-word summary.

Google Will Pay the New York Times About $100 Million Over Three Years wsj.com

The New York Times Company in February:

The New York Times Company and Google announced an expansion of their collaboration with a multi-year commercial agreement today. The companies will work together on tools for content distribution and subscriptions, using Google tools for marketing, ad product experimentation, and further on Subscribe with Google and Google Ad Manager.

Alexandra Bruell, Wall Street Journal, today:

The New York Times is getting around $100 million from Google over three years as part of a broad deal that allows the Alphabet unit to feature Times content on some of its platforms, according to people familiar with the matter.

[…]

The deal gives the Times an additional revenue driver as news publishers are bracing for an advertising-market slowdown. The company posted revenue of $2.31 billion last year, up 11% from a year earlier. It also more than offsets the revenue that the Times is losing after Facebook parent Meta Platforms last year told publishers it wouldn’t renew contracts to feature their content in its Facebook News tab. The Wall Street Journal at the time reported that Meta had paid annual fees of just over $20 million to the Times.

Earlier today, I pointed to David Pierce’s look at the development, rise, and decline of Google’s AMP format, in which Pierce writes Google “across the publishing industry [is] no longer seen as a partner”. A hundred million dollars begs to differ.

Into Thin AirPods defector.com

Casey Johnston, Defector:

This is the part where I say I’m aware that everyone — Apple, law enforcement, any friends with good judgment within earshot — strenuously discourages ever, under any circumstances, trying to do vigilante justice with the Find My app. If you so much as mention the possibility, like four people will jump out of the woodwork with stories about someone they knew who was shot or assaulted trying to confront a thief in the act. I’d like to emphasize that I’m firmly on the side of reason, and a steadfast believer that having crime done to me is not an occasion to show off how brave I am.

But! I have watched Veronica Mars so many times. I dream idly of mysterious cases falling into my lap, and solving them through the careful piecing together of data, clues, and information, plus the judicious application of wiles and streetwise know-how. And, honestly, I did want my ridiculously expensive AirPods back.

It is just a story of Johnston trying to find her lost AirPods using the Find My app, but it is one of the most suspenseful things I have read recently. Gripping. Five stars.

For Google theverge.com

Nilay Patel, the Verge:

Google Search is so useful and so pervasive that its overwhelming influence on our lives is also strangely invisible: Google’s grand promise was to organize the world’s information, but over the past quarter century, an enormous amount of the world’s information has been organized for Google — to rank in Google results. Almost everything you encounter on the web — every website, every article, every infobox — has been designed in ways that makes them easy for Google to understand. In many cases, the internet has become more parseable by search engines than it is by humans.

I am reminded of Goodhart’s law in thinking about the adversarial relationship between Google and search optimization experts which, presumably, will morph into a similar situation between artificial intelligence services and self-proclaimed experts in that field. Because it has been an unrivalled default for so long, there is no reason for the most popular parts of the web to work anything better than as a feed for Google’s consumption and, hopefully, its users’ attention. All of this has broken the web as much as it has broken Google Search.

Patel wrote this as an introduction to a series of articles the Verge is running this year in recognition of Google’s twenty-fifth anniversary. The first, about Accelerated Mobile Pages, is a good summary of the kind of control Google has over publishers.

Judge Bounces FTC’s Suit Against Kochava theregister.com

In August, the FTC sued location broker Kochava over its sale of device-specific location data. The company asked for the suit to be dropped and, this week, it got its wish.

Jessica Lyons Hardcastle, the Register:

An FTC lawsuit against Kochava, alleging the data broker harmed Americans by selling records of their whereabouts, has failed.

That said, a federal court has given the US government agency 30 days to come up with a better legal argument and try again.

If this feels familiar, it may be because a judge rejected the first FTC complaint against Facebook — filed in December 2020 — before agreeing to hear an amended version.

Hardcastle:

In a ruling on Thursday, the federal court agreed with Kochava in that the FTC’s lawsuit didn’t make a strong enough case to prove consumer injury.

“Although the FTC’s first legal theory of consumer injury is plausible, the FTC has not made sufficient factual allegations to proceed,” US District Court Judge Lynn Winmill wrote [PDF]. “To do so, it must not only claim that Kochava’s practices could lead to consumer injury, but that they are likely to do so, as required by the statute.”

This is a frustrating argument. To the same extent there may be questions about whether Kochava’s sale of personal data could be injurious to consumers is likely or merely possible, there is little awareness of data collection by this specific company. Consumers do not know they are providing their location to Kochava for resale when using a given app. They are increasingly aware of the privacy risks of using smartphones, I am sure, but not of these specific contracts. How should any consumer realistically protect themselves when data brokers are prevalent yet invisible in their lives?

Meanwhile, it is worth noting, the harm of an unregulated market for private data is far from a theoretical concern. Trying to figure out whether it is definitively the data bought from a specific broker’s market which leads to some awful circumstance is a profoundly idiotic pursuit. The only reasonable course of action is a comprehensive prophylactic federal data privacy law.