My most generous guess here is that the NYT is accusing OpenAI of deleting infringing user chats themselves, because the implication that someone would delete their history due to fear of copyright infringement is completely stupid.
But OpenAI are desperately trying to spin it that the logs should not be allowed into evidence.
As a citizen of an EU country, I do not view trampling on my rights, directly violating my country's laws and reneging on published privacy policy (all of which OpenAI is being forced to in this case by keeping the data) to be "par for the course".
If OpenAI have already been violating your rights, by putting private information into the logs, then your beef is with them, not the courts for preserving data.
> Accordingly, OpenAI is NOW DIRECTED to preserve and segregate all output log data that would otherwise be deleted on a going forward basis until further order of the Court (in essence, the output log data that OpenAI has been destroying), whether such data might be deleted at a user’s request or because of “numerous privacy laws and regulations” that might require OpenAI to do so.
https://storage.courtlistener.com/recap/gov.uscourts.nysd.64...
This is important. OpenAI was already deleting the data (as per their policies), now they can't.
As an insult to injury, the paragraph you quoted also gives a fat middle finger to GDPR.
a) GDPR has an exemption for court orders. Which this is. (All court orders are legitimate reason).
b) GDPR says you can't log private data. Which they were. (You can only log legitimate interests, contractual obligations, legal compliance, or consent.)
Again - this is logs, this is not your average user data. This is not their database. This is not the historical chats of their users. This is just... The... Access... Logs.
> Processing shall be lawful only if and to the extent that at least one of the following applies:
> ...
> processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
It's not going to stop the rise of LLMs. But one should expect it to cause a lot of very strange news in the next couple of years (lawful leaks [i.e. "discovery"], unlawful leaks, unintended leaks, etc.).
The Justice system (pretty much anywhere) is amenable to being incentivized. It looks like NYT has found the right judge (take that how you will).
Ordinary people expect stuff that they don't actively share with others to stay private. Rightly so! It's the ad industry that got it wrong, not the People.
Having worked at one of those companies (and having quit that job being disillusioned by a lot of things), there is still so much mainstream misinformation about this. Yes data is often used for tracking and training. In aggregate form. Sensitive data is anonymized/de-id-ed. The leading research on these techniques are also coming out from these companies btw.
There are layers and layers of policy and permission safeguards before you're allowed to access user data directly as an engineer. And if/when someone tries to exploit the legitimate pathways to touch user data (say customer support), they get promptly fired.
But it's much easier to believe that FAANG is some great monolithic evil, out to surveil you personally for some vague benefit that never gets specified. All the legitimate concrete monetary benefits (e.g. tracking for ad targeting work and training ML models) can be had just as well with aggregate data, but privacy FUD doesn't want to listen to that.
Meanwhile stupid legislation and the ability of courts and law-enforcement to subpoena any data they want whenever they want keeps data on their servers longer than they'd want to. Yet people will prefer to blame the "Evil Tech Cartel" instead of multiple branches of their government wanting to read their texts and GPS logs.
There aren't that many possibilities on how geolocation data vendors get access to high-precision location data of millions of people. A publicly traded company that generates revenue from targeted ads can never be fully trusted to behave. A social network that optimizes for time spent looking at ads will never really care about its users well-being. Algorithmic feeds are responsible for a widening social divide and loneliness. Highly detailed behavioral analysis can hurt people even when aggregated, for example when they get less favorable insurance terms based on their spending habits. Data that can be used to increase revenue will not be left untouched just to keep moral higher ground. Sensitive information shared with an LLM that end up in training data today might have dangerous consequences tomorrow, there is no way to know yet.
This isn't even about proper handling of individual pieces of data, but the higher-order effects of handing control over both the world's information and the attention of its inhabitations to shareholder-backed mega-corporations. There are perverse incentives at play here, and anyone engaging in this game carries responsibility for the outcome.
In a world where cellphones have all sorts of radio antennas on at all times, there are more ways than you'd think.
> A publicly traded company that generates revenue from targeted ads can never be fully trusted to behave. A social network that optimizes for time spent looking at ads will never really care about its users well-being. Algorithmic feeds are responsible for a widening social divide and loneliness.
I'm really not interested in debating dogmatic philosophy about how cynical one should be in the world. The entire point of my comment was that cynicism induces FUD that's not necessarily backed by direct evidence. One can come up with all sorts of different theories to explain what's happening in the world. Just because they sound somewhat consistent on the surface, doesn't mean they're true. That's just inverted inference.
I do agree with you that there are bad incentives in play here, but if we don't want them to be exploited and actually care about privacy, we should convince our effing legislators to plug the loopholes and enshrine online privacy in actual law. Instead of companies being able to write whatever they want in their Terms of Service. And then create mechanisms to enforce said legislation. Instead of moralizing actions of a company as some sort of monolithic (un)-ethical entity.
I think humanizing and moralizing the actions of large companies is a gigantic waste of time. Not only it accomplishes nothing, it gives us (the affected party) a distraction from focusing our efforts on the representatives that we elected who aren't doing their job. Maybe it's representative of where we feel we can make change
That doesn't explain why soldiers can be identified by their location traces at known military sites; the data must be sent from the device.
> The entire point of my comment was that cynicism induces FUD that's not necessarily backed by direct evidence.
That is exactly the kind of deflective attitude common in big tech I was referring to: There is concrete evidence for these effects (e.g. [0][1][2][3]). Google, Netflix, Amazon et al. would falter if it weren't for the violation of their user's privacy. Even if we leave dogma out of this, lots of negative effects would simply not be possible without their data collection practices.
You cannot participate in—and profit off of—something bad and then distance yourself by claiming your specific part in it was not inherently evil.
[0]: https://www.science.org/doi/abs/10.1126/science.ade7138
[1]: https://arxiv.org/abs/2305.16941
[2]: https://arxiv.org/abs/1607.01032
[3]: https://guilfordjournals.com/doi/10.1521/jscp.2018.37.10.751It's not cynical to say ad-driven social networks are adversarial to their users, it's logical and unavoidable. Because they're optimizing for different things.
Networks want the best, most targeted ads, so they need the most data. They want the highest watch times and retention, so they MUST develop addictive algorithms.
It's like selling a cigarette. Is there any non-adversarial way to sell a cig? No. You're optimizing for the most smoking. Okay great, let's concentrate the Tobacco then so we have more nicotine. Let's use butane rings so the cig burns faster.
I do agree 100% with your points about legislation - this is the only path forward. And, about not humanizing corporations. Corporations are more akin to machines or algorithms.
But, because they're more akin to machines or algorithms, we can prove when, and why, they are working against our interests, and it's not cynicism.
There's an illogical extension of conflict that's sometimes applied in this context, with heavily implicative language that's often misleading. No Google isn't interested in reading your personal email (as if Google as an entity could have any interest in the first place), they will definitely serve you targeted ads and sell product integrations based on it though.
And whilst you say there's so much protection... We have countless examples of where it's been done. [1]
The only real way to be safe with data is... To not have it in the first place. (Which, bonus, often means governments can't compel you to keep it.)
[0] https://digitalcommons.law.uw.edu/wjlta/vol5/iss1/3/
[1] https://www.forbes.com/sites/simonchandler/2019/09/04/resear...
The point I was making wasn't that De-id is a solved problem, or that your data is "safe" with FAANG companies. The point was more about the malice that's attributed to them as a blanket measure, in comments such as these:
> (especially all the FAANG people that curiously always stay silent in threads like this one), has worked very hard to make everyone believe that online privacy is a thing, while working even harder to undermine that at every possible step.
There are many people and execs at these companies who are unscrupulous. But there are also many parts of them that are trying to work on doing things the "somewhat right" way when handling user data.
De-id and anonymization is a hard problem. But there's a lot of concrete evidence for me that many people in the FAANG world are at least trying to make progress on it (sinking billions of dollars of eng and research resources on them), instead of blatantly making bag, which they totally could.
I absolutely believe that there are people at those companies, trying to rein in the corporate behemoth so it doesn't squash its own legs. However, evidence looks like they're... Losing that particular battle.
The corporations still haven't learnt to respect individuals - they're just resources. [4]
Until a corporation acknowledges that safety comes with... Simply not spying on everyone... The risk in trusting them isn't going to be one that people want to take. Yes. These are hard problems. So don't make them a problem you have to face.
[0] https://www.cnbc.com/2018/04/05/facebook-building-8-explored...
[1] https://www.cnbc.com/2018/03/21/facebook-cambridge-analytica...
[2] https://firewalltimes.com/tiktok-data-breach-timeline/
[3] https://www.drive.com.au/news/tesla-shared-private-camera-re...
[4] https://www.theverge.com/meta/694685/meta-ai-camera-roll
Everything uses SSL or, more accurately, TLS. Very few things are E2EE. Consider Signal - is Signal equivalent to Whatsapp because Whatsapp using TLS? Of course not.
If you have data in plaintext on a server, you should always assume that data lives forever. You might be wrong sometimes, rarely. But usually it does live forever. Most delete buttons don't even actually delete anything.
Even assuming a perfectly benevolent company, that means nothing. Just them having the data is a liability. Which is why Rule Number 1 of data security is: have the least data.
>It's not going to stop the rise of LLMs.
Disney might, though.
I think few want to "stop the rise of LLM's", though. I personally just want the 3 C's the be followed: credit, consent, compensation. If it costs a billion dollars to compensate all willing parties to train on their data: good. If someone doesn't want their data trained on it no matter how big the paycheck: also good.
I don't know why that's such a hot take (well. that's rhetorical. I've had many a comment here unironically wanting to end copyright as a concept). That's how every other media company has had to do things.
It's not the public reading the information I'd concerned about, it's every data-hungry corporation that manages to file a lawsuit.
The courts put a lot of trust in lawyers: they'll redact the sensitive information from me and you, but take the view that lawyers are "officers of the court" and get to make copies of anything they convince the court to drag into evidence. But those officers of the court actually work for the same data-harvesting companies and have minimal oversight regarding what they share with them.
I mean, the site's name is Hacker News after all, even though so many of the "hackers" here are confessing their love for Intellectual Property and Copyright law, and everybody chanting the well-known slogan "Information wants to be proprietary!".
Allowing LLMs freedom to snap up everything, overwhelming hurts the smaller people who would have led to said competition. It further entrenches all the biggest players.
And a lot more interest in figuring out "Who does this benefit in The Class War in the short term?", and changing their opinion of legislation so they're on the same side of that.
It's socially consistent, logically questionable.
Given how blatantly "copyright" has been (and still is) abused by multibillion dollar corporations (with Disney being the most notorious) it's no surprise that there will be a counter-movement forming.
Complete abolishment is of course a pretty radical proposal but I think pretty much everyone here agrees that both the patent and copyright situation warrants a complete overhaul.
Until then all your "nuclear bomb sized" chats are effectively the same as the dinner bill for Sam courting Huang to get more of those GPUs.
I fully expect these chats from discovery to be leaked, token, or show up in the form of analytics in a NYY expose.
Just to be clear, what NY Times lawyers means in this situation is the outside lawyers that the Times has hired to litigate this case. Lawyers that actually work at the Times won't get access. Not will non-lawyers who work at the Times.
The outside lawyers might also hire experts to help them understand and assess the information. Those experts might get access subject to court approval. ChatGPT would have a chance to challenge the choice of experts.
The way access works typically is that the lawyers for the side providing the data (ChatGPT in this case) will set aside a room in their offices (or someplace they've rented specifically for this litigation) that contains a computer and storage with all the data, does not have internet access, and is locked. The other side has to come and be let into the room to look at the data, and can't take copies with them when they leave.
* not sure what the right word is
>I hope for everyone’s sake that OpenAI’s lawyers
>I hope for everyone’s sake that OpenAI
https://news.ycombinator.com/item?id=43628278
How much conversation data have you shared with OpenAI to date?
The current NYT is about as far away from that past as you can get. These days they would be writing column after column inciting the whistleblower should be locked up for live as a domestic terrorist.
Given the choice between not logging chats or violating either EU or US law, it seems pretty clear what the vibe is in OpenAI and the valley these days. (no expert on GDPR as applicable to this order either, though)
Interesting. Does this imply that OpenAI needs to distinguish between users in the EU who absolutely have a right to have personal information deleted (like, really, actually deleted) and users in the US?
I don't think people trust OpenAI nor NYT. But if you did trust OpenAI with your sensitive data, NYT isn't going to be more nefarious with it that OpenAI already is.
I just cancelled my NYT subscription because of their actions, detailing the reason for doing so. It’s a very small action, but the best I can do right now.
The NYT making the logs public is extremely unlikely.
The people who do see them won't even describe anything they see in them to Times employees. Times employees won't see much more than what you or I will be able to see by reading public court filings and attending hearings and the trial (if it gets that far) in person.
Courts have been dealing with highly confidential and sensitive information in discovery for decades (the present system used in federal litigation has been around since 1938) and take care to limit access.
aucisson_masque•7mo ago
I guess people could switch to one of the many chatgpt competitor that isn't being forced to give away your personal chat.
Don't even know what the time is trying to achieve now, the cat is out of the bag with LLM. Even if a judge ruled that chatgpt and other must give royalties to the time for each request, what about the ones running locally on joe's computer or in countries that don't care about American justice at all.
bilekas•7mo ago
Infact I see it being hard to defend for OpenAI to basically say "Well yes, its standard practice to hand over any potential evidence, but no we're not doing that".
As for the deleted data, I wonder if legally there are obligations NOT to delete data ?
Tadpole9181•7mo ago
It is an absurd breach of user privacy at the scale of tens of millions of Americans that goes well beyond the reasonability for a civil copyright lawsuit.
This sets the precedence that if Gmail gets sued for privacy, now all our emails are leaked. Télécom companies? All of our text messages. Cloud image storage? Woops, gotta hand us every photo any American has taken with a Samsung phone! After all, it might have content that infringes on my copyright!
hotep99•7mo ago
louthy•7mo ago
Are they? Are you speculating or do you know something we don’t?
It seems that if the NYT want to know whether ChatGPT has been producing copyrighted material, that they own, verbatim, and also understand the scale of the abuse, then they would need to see the logs.
People shouldn’t be surprised, that a company that flouts the law (regardless of what they think of those laws) for its own financial gain, might end up with its collected data in a legal discovery. It’s evidence.
johnnyanmac•7mo ago
You don't think that's a victory in and of itself for a business?
Also, you don't need to worry about drug users if you take out the dealer. the users will eventually dry up.
bux93•7mo ago
Well, maybe it's business as usual now. A lot of things that were previously considered obvious overreach by corporates and goverment are now depicted as "business as usual" in the US.