I built a lighting system for <hotel chain you've heard of> to save energy by turning off hallway lights when not in use. The environmental aspect was great and saved hundreds of thousands in electricity. Someone eventually realized that the mesh network I built to connect all the lights together and report usage statistics could also be used to track employees moving throughout the building and catch them taking unauthorized breaks in the stairwell, so that's its main purpose now.
Almost all software can be abused or co-opted for surveillance purposes. It's one of the reasons I've grown more disillusioned with computer tech over the years.
1. Almost all software can be abused or co-opted for surveillance purposes.
2. Some software comes already designed for surveillance purposes up front.
2a. This includes plenty of well-known mass appeal software; importantly, the customer-facing marketing copy and the investor pitch can present a completely different value proposition.
3. Software doesn't become used for surveillance or abuse by accident; there are actual human beings who make a decision to use it in this fashion, or commission it for this purpose.
3a. The "misguided programmers harming people by trying to solve social problems with technology" meme is dumb for many reasons, but it's also distracting (possibly purposefully so) from the fact that it's not software, or people who coded up the software, that are the primary culprits. The coders that were too naive or too self-interested to refuse work or blow the whistle may have some responsibility, but we should start talking about the people who made the decisions to commission or repurpose technology for bad purposes.
> To stop the surveillance, [they] would have to get their equipment suppliers to make changes; they would have to change their own back-office systems; they would have to reformulate customer contracts so they would not rely on the data being available in case of disputes; and so on.
> [It] would cost [them] more money to stop the surveillance of their customers than to continue doing it.
> That is quite literally what "surveillance too cheap to meter" means.
Thing is, when the company that pays you actively wants to track everyone, there's little you can do as the person that creates tech form them.
If the piece of software you created is unbiased and unopinionated, it can be used for evil purposes.
If you make the software deliberatedly against that, you have to (a) take measures without the company knowing (b) have the manpower to do it alone while still reaching development goals (c) those measures can be undone by another developer that cares less that you.
After all, software big enough is collective by nature. It's also unfair to us to think that we're responsible for any misuse as if we were mechanical engineers creating weapons for war
"Thing is, when the company that pays you actively wants to track everyone, there's little you can do as the person that creates tech form them."
You can quit. Literally, there is something you can do. If your boss asks you to write or adapt something to surveil, then you can quit.
There may be consequences to quitting, perhaps disproportionately felt between you and the company, perhaps consequences that you won't enjoy as much as your current job stability and paycheck, but the choice is always there.
> There may be consequences to quitting, perhaps disproportionately felt between you and the company
This is why unions are so important, even in a field like software engineering. If you quit on your own, the company may not care. But using the threat of strikes, workers can demand better conditions for themselves and more ethical directions for their company.
Why are tech workers so resistant to organized action? Their owner employers sure are organizing adversarially in a multitude of ways in the open and behind closed doors
> Why are tech workers so resistant to organized action?
If you mean software engineers when saying "tech workers" because unions make it harder to fire people. There's not much that makes a software engineer's job harder than a bad engineer who isn't getting fired and is destroying the quality of the product and the code and creating work for everyone else to fix, all the time.
Unions also result in gaining seniority by time spent in a job instead of competency, and that's also a miserable experience, when someone incompetent is dictating the engineering work. In software engineering you want people who are technically proficient and capable of mentoring to assume leadership positions and positions of increased responsibility, not people who've been there the longest.
Software engineers in my first hand experience have been able to organize around coordinated action to get their employer to improve their conditions and pay without unions necessarily. One simple example of that is to coordinate around pay transparency
Tech workers disproportionally 1) believe in meritocracy, and 2) believe that the existing arrangement in IT is it, or at least closer to it than it would have been with unions in the picture.
Why that is the case is another interesting question.
Which is to say that even very intelligent people can be very vulnerable to believing in things which are patently false provided that the end result is the ability to continue to live in a state of complete denial, and a world of pure imagination, where no action is required on one's own part and you can just continue to hope that all of this is a temporary aberration that will get better on its own :)
Obviously. Why else would people on hacker news advocate for all the socialist economic policies that humanity just spent the entire 20th century proving don't work?
Sadly history repeats so we'll probably just have another "cultural revolution" and "great leap forward" in the 21st century.
I disagree. I think most tech workers identify more with their employers and their class than their own status and that of their colleagues. They’re moving up, fast, and they’re satisfied with their prospects more than anything they might get from solidarity.
In Marxist terms, lumpenproletariat is a close approximation, but a weird accident of history.
That's not strange is it? If you're making 100k+/year, you're well into bourgeois territory, and FAANG benefits are practically near-instant-owner-class. Why would you expect anybody getting that kind of money to identify with the lower classes?
Sure, and many people getting less still own stocks via 401(k) etc. The important question is whether a person can live entirely off their rents, or they have to work for someone else for a living.
That depends on your baseline, of course. Or to answer your other question:
> Why would you expect anybody getting that kind of money to identify with the lower classes?
I don’t expect it, though I do have deep solidarity myself. Because, to return to the middle of your response:
> If you're making 100k+/year, you're well into bourgeois territory, and FAANG benefits are practically near-instant-owner-class.
I can speak to six figures, and I’m in no way into bourgeois territory. I’m approximately as comfortable as middle class boomers, ie I can make financial decisions to benefit my aging family with some hope I’ll still be comfortable myself. I don’t own anything in the sense meant by “bourgeois” in this context. I may yet, in the sense of a retirement plan. That’s a middle class aspiration. Which, having grown up poor and then broke and then getting by… I recognize very much is still working class.
There certainly is a larger segment of the tech work force than the general population which has reason to believe it can cross the bridge from gentry to ownership… but it’s still a minority of us and it’s mostly scraps. I don’t expect most of my colleagues to be comrades, but I certainly don’t agree with their class analysis which you have expressed so clearly.
> Why are tech workers so resistant to organized action?
I am not actually so much resistant to unions, as I do not see what benefit I’ll get from them. What exactly in my life would have changed for better if I had been a part of a union? Just one thing, can you name?
Vacation? I have unlimited days off, and my request was never rejected.
On call? They paid me $500 a week to have a cellular phone officially, but at the same time unofficially everyone was strictly forbidden to call it. It was an internal political move by the engineering department (see our commitment to this new product? we even put Mike on call), turned into an additional benefit to best engineers.
> If you have ever gone up against HR over anything ever, a union would have benefited you.
My wife (who is one of the best teachers in California, documented) was fired exactly because of the union rules. The principal wanted to keep her so much, that the district turned his desire into a political tool: oh you want to keep L? she is a good teacher? sign this paper (some financial cover up) and we will give you the money to keep L. The union did not care is she a good teacher, or not. Less seniority? Go away (but we keep your $1000 union fees).
My favorite counter-example is a collective action of about a thousand medical workers in SF Hospital demanding from Facebook an increase in censorship (and the censorship is impossible without surveillance).
Why do you think a union will support your ethical choices? And if it would not - you’d have to quit the company and the union, loosing not only your salary, but also union fees.
That well has been poisoned in the US. It's tough to find any extant union which isn't a corrupt sellout organization leeching off the workers they're supposed to represent. It's hard to change, because laws around unions are designed to lead to the current situation. Cross-industry/informal/extra-organizational action and coordination using the internet is probably a far more workable idea than traditional unions.
Yes. I've also worked in a few union shops and experienced it myself. I'm a socialist through and through, but what is called a union in the US is not an organization of and for the workers, it is a co-opted parasitic extension of corporate and government policy. Workers can and should organize, but restricting ourselves to following the controlled opposition is stupid and self-defeating.
> You can quit. Literally, there is something you can do. If your boss asks you to write or adapt something to surveil, then you can quit.
If you had a union, or even a professional association whose code of ethics had teeth, you could refuse without having to quit. It's incredible to me that in 2022, most programmers are still anti-union.
They do have a say. Their labour is being purchased from them, not appropriated. They can say no (individually or together) and ultimately they can walk away.
As you say, collective bargaining is usually going to be more effective than individual.
> As you say, collective bargaining is usually going to be more effective than individual.
It may be more effective in terms of salary and working conditions (though I doubt that in software engineering I would have been able to get better pay through collective).
But in terms of ethics?
Individually, it’s almost impossible to make me support surveillance and censorship. But a big collective is much more vulnerable to manipulation. Comes 9/11 and you’ll get “collective” support for Patriot act, comes 6/1 and you’ll get “collective” support for censorship.
Even in war, we don't universally take "I was following orders" as a valid excuse. People writing surveillance software are not innocent - not as guilty as those that gave the order, but still guilty.
It's also why employers prefer to hire young people over more experienced people, because the latter actually understand what's going on and might object.
I think to combat this you need to have laws like in Germany where this is pretty much explicitly illegal. We cannot put the technology back in the bottle
That's fair, but the 3 and 3a. is not about whether a decision is bad or not, but about attribution. It makes no sense to blame "technology" or engineers in news stories for being used in some way, but completely ignore the people who ordered and bankrolled it to be used in that way.
which is why it's less of a technical problem and more of a social problem
people need to realize that with how the technology is today we can't afford to rely on marked self regulation for a lot of things especially wrt. privacy protection it just fundamentally does not work
(Or in other words, such usage of employee surveillance should be just plain out forbidden by law not just to be used but to be deployed)
In order to do that, people are going to have to go to the ballot boxes and vote. And when they do that, they're going to discover that there are no good options there. Then they're going realise that they have to create those options, and there's no grown-up to do it for them now. Then it dawns on them that they are not even members of any political organisations, nor are they in a union. It's like they've lived their whole lives without ever even having used their rights to freedom of speech, freedom of association, freedom of assembly, freedom to join political organisations, freedom to create political organisations, freedom to stand for office, or even considered using them before in any meaningful way, so it's like a nation of infants contemplating the idea of taking the wheel of a car. It's terrifying.
I have this feeling that with the increasing complexity and sophistication of the technical environment/tools we have in our hands, there is an increasing amount of people simply unable to cope with everyday challenges of modern society.
Of course, there have always been these kind of people, but in the old days they were easily identified groups of disabled and elderly people, who, most importantly, understood also themselves that they need help.
The bleak future I see that increasing amount of normal people with normal intelligence are just going to be financially destroyed, all while they themselves believe that they are fully qualified and justified to decide whether their money is "invested" in the next cryptard scheme, sent to a nigerian prince to get millions, or put in a crappy health insurance covering accidents once in a blue moon, instead of those damn government elite experts taking their money and actually providing health care and pension. And after they are destroyed, they become even more hostile against the "elite experts" who just seem to be laughing at their faces "told you so".
(To be extremely clear here: I believe intelligence is a highly multi-dimensional thing. And yu can be intelligent only in very limited dimensions. so practically all of us - me very much included - are morons in most of the dimensions. So I am not pointing here to any specific group, but all of us are vulnerable in some dimension. I may be able to above average avoiding certain kind of scams, but I am for sure vulnerable - even laughable stupid looking afterwards - for face-to-face friendly scams. Which, luckily to me, are typically not expensive.)
Unfortunately I have no good solution anywhere in sight. The best idea I have so far is to mock online the idiots who think Ayn Rand was a genius. I have to admit, though, that even that is likely to be useless even in the best case, so most of the time I try to just bite my lip.
In many cases, software is like a tool. I provided a screwdriver: generally it's used for good, but sometimes it's used for assembling a bomb. By providing the screwdriver, I have no influence on how it's used. For me, it's important that most software I write is free software with few restrictions on its use. That way, I ensure that my screwdriver is available for all good purposed, even though I acknowledge that I cannot prevent it from being able to be used for evil. It's a tricky balance, but I trust that the good uses of new tools outweigh the evil. A war on screwdrivers won't prevent missiles targeting civilians.
> I built a lighting system for <hotel chain you've heard of>
I am sick and tired of how often extremely pertinent information has to be neutered in this way. And I am utterly disgusted at how the legal system is used to protect scummy corporations like this unnamed hotel chain.
I wish we had strong laws that prevented employers from even thinking about threatening employees for talking about their work. Or collective bargaining to make sure employers don't have the leverage to impose such one-sided contracts.
* Minimize BOM cost. Only 1 in N lights would actually have the full sensor complement, so they needed to communicate.
* Minimize installation cost. They just wanted to plug into a light socket, not run network cabling.
* Push data logs to a central server. They didn't want to send a tech physically to each lightbulb to get data for e.g. energy usage certifications.
plus other obvious requirements.
All of that made it really easy to just stick a beacon tag inside employee badges and measure the RSSI from the mesh lightbulbs (since they already tracked that to discover who their physical neighbors were). Instant employee monitoring.
I am starting to think the requirements were crafted to push towards enabling surveillance without outright stating it.
PIRs are cheap and last basically the lifetime of the hotel. I would need to see some actual data to believe this whole project didn't actually cost more than installing a bunch of PIR lamps.
RSSI is just signal strength. Tracking it allows you to approximately triangulate where people are so you can say "ID #xxxx was closest to the first floor east stairwell at 10:02am". Maybe nothing is done with that data, but it's ultimately a surveillance system and enables all the potential abuses that can entail.
I know what RSSI is, it seems like complete nonsense even pretending this is for energy efficiency if you have to keep track of where the non-staff are anyway - or is the people-tracking just an optional extra?
I think people tracking was just an optional extra/add-on. It sounds like the RSSI signal was there in the first place to set up the mesh based on what other lights had active sensors...
Because by measuring multiple RSSI you can trilaterate and track employees relatively accurately. If an employee lingers somewhere unusual, you can have a manager ask them why.
Yes. The commenter is upset because a mesh network that he helped build for another purpose also provides a convenient dense network of radios that can be used to track staff, and that this is now the primary use case.
"All of that made it really easy to just stick a beacon tag inside employee badges and measure the RSSI from the mesh lightbulbs (since they already tracked that to discover who their physical neighbors were)."
Most nodes in a radio based system will do rssi measurements to any other nodes that they need to communicate with directly, as part of deciding appropriate tx/rx amplification levels / when nodes are unavailable / etc. These functionalities are often easy to access to enable easier debugging, so it's a relatively straightforward change to start using them to scan other things on the same protocol etc.
By the time they got to "just stick a beacon tag inside employee badges and measure the RSSI from the mesh lightbulbs" it's pretty clear that it's one of the features they had in mind, though. You wouldn't "just" re-issue all your employee badges and spend engineering time on integrating it like this if tracking the employees wasn't the goal.
For some additional context, the original feature genuinely was energy efficiency. <Hotel chain> was trying to get some green certifications for a flagship and went looking for partners to do the actual efficiency stuff. That company found a sub, and so on until I was contracted to do the actual firmware. Everything got done and it was installed in a test hotel in Vegas.
After that initial success, one of the intermediary contractors came up with the surveillance idea (among others) to try and find reasons for <hotel chain> to roll the system out to more facilities.
Systems like that are commercially available now, even as far as pitching "we don't know what to do with all the data but by golly we're collecting it for you."
For location tracking they specifically called out things like equipment carts, but it was implied that it could track other bluetooth devices.
I did this almost a decade ago. I'd be very surprised if it wasn't commercially available now. Heck, the system I wrote might even be one of them for all I know.
for starters the idea of “unauthorized” in terms of taking a couple minutes to yourself is questionable.
i have never worked in an office environment where people didn’t routinely unwind for a couple minutes. the way we’re treated in an office setting vs those outside an office is in a lot of ways disturbing. a couple years ago my friends dad lost his job of 25 years because he was caught sneaking around a corner, out of eyesight of his foreman, to eat a candy bar. he had been warned about these “unauthorized” snack breaks in the past.
this idea is entirely foreign to any of us who sit at a computer coding or doing whatever desk job that sometimes we don’t stop to think of how ludicrous some workers are treated—my entire post college career, if i wanted to eat a candy bar, i just ate it.
were a decision to come down in just about any office full of engineers which said “unless authorized, you cannot drink or eat anything. if any unauthorized stoppage of typing occurs, there will be consequences.” people would be justifiably outraged.
but they’d be “catching” “unauthorized” non-typers.
the idea that someone somewhere decided to put trackers on human beings is wild.
The same thing that would be bad about using your phone GPS location sensors to automatically send you speeding tickets every time you wander >1mph over the limit.
Even without intending to, everyone would go from a ticket or two per decade to dozens of tickets on every commute.
"But the law is still the same!?!"
Of course it is, but changing from poorly scalable human-required surveillance to always-on, fully-scaled electronic surveillance, changes it from completely reasonable to massively oppressive.
If everyone's productivity is fine, and people take unauthorized breaks, no one will notice, all is cool. If one or two people are noticeably unproductive, the manager will likely investigate and fix the unauthorized breaks, which is also fine.
But with constant electronic surveillance, it's no longer about meaningful productivity differences, it is about oppression.
In line with what a sibling comment says, it stops being about the person themselves, and what their actual performance is, but about adherence to arbitrary rules. The computer says you took X number of unauthorized breaks this past year, so no raise/promotion for you. Employee has still been getting their assigned job done, and has been doing it perfectly well, and has stellar feedback from customers? So what! It's the rules that matter more.
Often a manager will not have any say over these things. "The metrics speak for themselves!"
Regardless, I don't think we should design systems with the assumption that the people in charge of them will be compassionate and reasonable. There are a lot of petty, corrupt (in the moral sense, not financial) people out there in positions of power over others.
Centralized automated system like this often is not something someones (direct) manager uses, but that gets pushed down from higher up the chain. Larger disconnect, less human consideration taken, with an extra helping of "well the system says..."
One argument in favor of this is that it would pretty much force governments to set reasonable speed limits, rather than optimizing them to ensure that the police have an excuse to pull over almost anyone at any time.
No, it would allow them to adjust the limit to whatever brings in the most revenue without crashing the economy or engendering open revolt.
It would always be entirely unworkable at anything resembling the current fine structure, with fines in the $100s for a single infraction. These are based on the assumption that people are rarely caught.
I could see a surveillance-based system working, something on the lines of a congestion toll. Maybe $0.02/mi/mph over the limit, so going 10mph over the limit for 20 miles would be a $4.00 charge. We'd also have to eliminate the bogus insurance surcharges which falsely equate speeding with unsafe driving (barring neighborhoods & construction zones, they can signify either an unsafe driver or a highly skilled driver).
That's the difference between living in Munich or São Paulo, or New York and Miami. Different societies have different tolerances for what's on the books and what gets enforced.
Personally, I prefer less on the books and proper enforcement, but many people like a lot on the books and just as many loopholes.
If we lived in such a society I would imagine we would be a bit more careful as we drafted laws. It would also be a lot more equitable due to the lack of selective enforcement.
Even if getting there from the current state of affairs by rigorously enforcing laws to the letter is possible, it would come with a very heavy price on people while the laws get reformed.
Taking the other side - you’d rather live in the society we have today where policies/laws are selectively enforced based on whether cops/supervisors have a good relationship with you, are biased re your race/gender, etc?
Perfectly executed laws would also have biased outcomes, likely worse than the current system.
There’s a good quote that goes something like “the law treats all men equally: the rich man and the poor man are punished the same for stealing bread to feed their family.”
It's more about the negatives of pervasive electronic surveillance. The marginal benefit to the business of catching employees taking a break (which, honestly... they're probably all overworked and should have more breaks anyway) does not outweigh the downsides of our inexorable slide toward being monitored as we do everything.
If both pilots left the cockpit mid-flight in order to chill with the stewardesses, I would be fine with them being barred from working as pilots ever again.
I couldn't care less if a receptionist catches a quick smoking break during a slow hour.
I'm a lot more paranoid about privacy these days.