I'm a man in my 40s. My eldest daughter is 17. We have the same first name (spelled differently, at least) and have had many cases where medical records have gotten confused.
We always double-check dosages for medications before taking them.
When I was 18 I got called up for jury duty along with someone with the same name and age. It was confusing. They started referring to us by the suburb we lived in. Luckily both of us got passed over.
FWIW, there are vanishingly few problems with improper voting in the US, and the extremely unusual occurrences are mostly PartyB voters trying to "counteract" the imaginary PartyA violations.
Anyone who tells you differently is lying or ignorant.
Because the data is collected while voting is ongoing, and audited after the fact.
This is how we know how extremely few problems there are, and how we catch the accidents (which are backed out, hence the delay between voting and election certification), and the fraud (which is extremely rare but of course also backed out).
If there's no problem w/ improper voting, then why would anyone object to measures intended to verify that the proprieties involved are being followed?
Because 10% of US citizens (legitimate voters) do not have the forms of ID required in these proposed laws, and it can be expensive and time-consuming to get those forms of ID which are not otherwise required for their lives (QED), and they might not do so strictly for voting.
Some people think disenfranchisement is bad. Others see it as useful.
Specifically, PartyB thinks those people with inadequate ID skew toward PartyA voters. This has been the accepted wisdom for decades. So they are incentivized to make it harder for them to vote.
Interestingly though, PartyB might be wrong about the current population. PartyA, and those against disenfranchisement and imaginary crises in general (I count myself in this third group), do not want to blow up centuries of precedent especially if the consequences are likely to be undemocratic and unfair.
This is revealed as a fraudulent premise in many states, though. For instance, Illinois doesn't require ID to vote, yet requires an FOID to bear a firearm.
How is it that you don't need an ID to exercise the rights of voting 'citizens', but you need one to exercise the right of 'people'? Consider that virtually all 'citizens' are also 'people', and even if you argue they are not, the portion of voting citizens that aren't 'people' is inconsequential compared to the supposed "10%" that can't muster an ID.
It's almost as if both sides of the argument are just using logically inconsistent arguments that just aligns with whatever gets the voting demographics they like. In fact, Vermont is the only state I know of that gives both full rights of citizens and full rights of people to those without ID in a manner consistent with the anti-ID argument usually presented.
I reject your premise that the outcome of voting is less dangerous than dropping FOID requirements in places with no ID required to vote, and reject that it is actually reversible (can't undo all the dead school girls in Iran).
But lets accept your premise as true.
You're proposing something like rank-stacking the risk of various rights of citizens and people and if they're high enough on the stack it's OK to to ID and if they're lower maybe it's not OK. That seems to move the goalpost quite a bit from your prior argument.
If it were out of genuine concern for verification, those supporting it would want to ensure that all citizens are able to easily, quickly, and cheaply get ID. That is not the case, however.
> measures intended to verify that the proprieties involved are being followed?
Giving you the benefit of the doubt regarding the intent, why would anyone support a measure that demonstrably does not achieve what it intends, but instead denies you the right to vote?
You're not wrong, but there is a huge difference between moving US government regulated currency to (possibly) foreign and (possibly) nefarious actors, and this.
Ever since KYC was extended to cover cryptocurrency exchanges, I have given up any faith in that this is solely about regulated currencies, or money laundering at all.
I don't understand this position. Cryptocurrency exchanges are the primary legal touch point (fiat offramp) for a lot of criminal activity. Of course they will get attention for AML.
I can understand the regulation of fiat/crypto exchanges, but the verification extends to centralized exchanges that merely facilitate exchanges one kind of purely virtual currency for another, neither of which have to be recognized as legal tender.
I didn't know those existed, and so I kind of see your point.
The counterpoint is that if your job was to prevent/punish financial crimes that affect consumers, would it make sense to ignore these exchanges?
Heck, if M:TG cards were the medium, and they could be moved across international borders with a few keystrokes, then surely those would be watched too.
I won't argue that it's not privacy-invading for legitimate customers, but if the legal structure allows it, regulators have an obligation to look where the problems are expected to be.
If my job was to promote open source software it would make sense to ban proprietary software. That doesn't mean I should actually be allowed to do that.
But there's no jurisdictional reality that any of country/union A's rights will protect a person while they are present in country/union B.
In the same way that a US citizen does not have legal protection for free speech when present in, e.g. China, Saudi Arabia, or Germany.
Even if the EU got the text incorporated into the UN Universal Declaration of Human Rights, there are famously many countries who are not signatories (and it would require a locally-implemented actual law to support its recognition).
The EU can arrange post facto penalties for violations of their citizens' rights, to be (potentially) administered in the future, when a responsible entity enters EU jurisdiction, but absolutely not before then without cooperation by treaty with the nation where these foreign-and-not-real "rights" were violated. Which would be a surrender of sovereignty and basically unimaginable.
(No comment on the goodness or successfulness of the GDPR here, just that no part of it is relevant outside of the EU regardless of how the text is composed.)
(And this is all written with awareness that the US somehow manages to selectively enforce their laws extra-jurisdictionally in weak foreign nations. The EU is not the US, and the US is not weak.)
Just, that is why I wrote "it's just potentially harder for the EU to enforce meaningful penalties for infractions."
You premise is true in one sense, however, the point remains - the GDPR covers all EU citizens, regardless of where the company is based. For small US companies, sure the EU has very little power to enforce it, but larger companies that derive any revenue from the EU can be, and are, fined by the EU GDPR commissioners.
I can't find the source, but Google's AI in the search results also claims that "EU GDPR fines for U.S. companies are significant, with U.S. firms facing roughly 83% of total GDPR fines, totaling over €4.68 billion by early 2025". That 83% figure seems unreasonably high to me, but it's possibly just a consequence of the size of the fine being based on worldwide revenue and over half of the 20 biggest fines were to Google and Meta.
I get it, but the operative point is not "potentially harder", but "literally impossible" to enforce -- unless the corp has some presence in the EU of course.
FWIW, I just checked Wikipedia to sanity-check my memory of our lawyers' guidance. Important differences from our discussion, if my read is correct:
GDPR does not apply to "EU citizens anywhere in the world", it applies to the personal data of "living persons ... inside the EU" or with data processed there.
(So GDPR would apply to a US citizen who is present in the EU, and/or being a user/customer of a vendor that operates in the EU)
From the "Misconceptions" section[0]:
> ## Misconceptions
>
> GDPR applies to anyone processing personal data of EU citizens anywhere in the world
>
> In fact, it applies to non-EU established organizations only where they are processing data of data subjects located in the EU (irrespective of their citizenship) and then only when supplying goods or services to them, or monitoring their behaviour.
(So GDPR would not apply to a EU citizen who is present in the US at the time of "processing", whether that's a service or product sale, etc)
This is important to my company. We are US-based, but have EU citizens as customers. For regulatory reasons, we block customer activity from outside the US, and we are not able to comply with GDPR (but we do have to be aware of CCPA[1] which has some similarities).
I'm not sure I agree with that interpretation, as "processing" is extremely broad and includes just storing the data.
Yes, technically if the EU citizen remains outside the EU for the entire lifecycle of the data up to and including deletion, then it isn't covered. But if you store that data at all when they have returned to the EU, then you need to comply with the GDPR in terms of handling that data.
Also, as a UK citizen (formally EU citizen), I don't understand why US-based countries are so against the GDPR, as essentially it's just a codification of how to do the morally best thing for your customers. Any data you don't need for a business purpose should be deleted as soon as possible. You can have any data about someone as long as there is a justifiable business reason for it. You have to let someone know what data you have about them (if they request it via a SAR) and you have to give them the information up front to determine if they are happy with you handling their data, via a clear privacy policy and opt-in to having their data used.
Complying with the GDPR is pretty straight forward, as long as your intention isn't to profit by selling or otherwise making use of people's data in ways that they wouldn't be comfortable with. If you aren't doing anything bad with user's data and already following good security practices, including deleting data that's no longer needed, then you are already compliant with the intent of the GDPR and going from that to full compliance is probably only adding processes to be able to handle an SAR.
I'd have to dig deeper, but generally "storing" (or maintaining storage) is not "processing" in the local US legal vernacular. Where both apply (PCI DSS, etc), both terms are used.
In my personal (business) case, we literally cannot comply with GDPR and also BSA/AML, FinCen, Reg E, KYC, etc, simultaneously. Our "business requirements" can last 7+ years, and our customers' wishes have no bearing on them.
And while we have no operations in any EU country, we are absolutely not obligated to even consider any EU laws about the data belonging to any of our customers, regardless of their citizenship. That's the primary point I'm making here -- the EU has zero jurisdiction over anything that happens outside the EU, ever, or any entities outside the EU, despite any claims to the contrary (which, according to Wikipedia at least, are not even made).
This is intuitive, but also the very expensive legal opinion of our lawyers, who have offices in the US, EU, and EMEA, for whatever that's worth!
In the general case, and as a customer, I'm fully in support of GDPR and CCPA-like protections. They're a great idea, I think! I'm usually the privacy nut in any discussion.
But compliance is obviously more work/expense than not, and small companies are especially allergic to nonproductive work and expenses. So naturally there's resistance to the suggestion that a foreign law compels them to do more of both.
And of course, if we're talking about the US, we have a very different culture around government and regulation. "As little as possible" (except those that protect my interests) is the preference of the landed gentry, and those who would aspire to same.
Reasonable people will recognize this as absurd, but ... you can't spell "absurd" without U, S, and A.
Absolutely agree, effectively the EU can't touch small companies, they'd only be able to touch you if you generated any revenue in the EU that they could intercept.
As for "the EU has zero jurisdiction over anything that happens outside the EU, ever, or any entities outside the EU, despite any claims to the contrary" again, this isn't true if you conduct any business in the EU. Even for a company domiciled outside the EU, they could compel your payment processors to seize all payments to you from EU entities, for instance. The degree to which they'd fight pushback would depend on how serious the violation was and the size of the company, but you can be sure for instance that even if say Google had no EU presence at all, that the EU would make sure they complied with the GDPR or else ban them from the EU entirely.
In your situation, you actually have a good defence if there ever was an EU citizen trying to use the GDPR against you, because by taking efforts to not allow sales outside the US, you can argue that your services were never for sale to EU citizens. I guess if your TOS also said your service wasn't available to EU citizens, it would be even more watertight.
But just FYI for this:
> In my personal (business) case, we literally cannot comply with GDPR and also BSA/AML, FinCen, Reg E, KYC, etc, simultaneously. Our "business requirements" can last 7+ years, and our customers' wishes have no bearing on them.
I don't know the requirements of all those other things, but contrary to what a lot of people believe - you CAN store whatever you need to if there is a justifiable business reason for it, and you don't have to delete it even if a customer requests you to if there is a valid business requirement, such as regulatory or statutory compliance. The GDPR just compels you to be transparent with the data subject about what data is stored in those cases.
Almost every business in the EU is required to hold tax records of sales for 5 years, and so obviously these must be retained even after a customer stops being a customer and even if they request deletion of their PII data. What the GDPR requires is that you only keep the minimum required data to fulfill those statutory requirements, and delete anything else, and also not to use that data for any other purpose. Regular data should be deleted as soon as it is no longer needed.
I haven't studied the CCPA in depth, but my understanding is that it's very similar in scope to the GDPR and that complying with one would get you almost all the way to compliance with the other.
I also understand the general reaction against being told what to do by some other extra-territorial entity, but in today's society of cross-border trade, it's usually inescapable, apart from when they directly contradict - e.g. requirements to only store data in one territory.
The EU can theoretically sanction entities with establishment inside the EU, for actions outside the EU. I'm not sure if GDPR allows this, but (as a terrible example), I've read of laws to punish foreign travel for underage sex tourism. However entities with no such establishment cannot be punished judicially by the EU because there is no mechanism.
The EU could block network traffic to an offending extraterritorial entity, which might cause them to suffer losses (e.g. advertising volume if nothing else), but the EU cannot fine or arrest the entity or its officers as punishment.
I think we largely agree at the root of things. There's some imprecision in language around words like "apply" and "relevant".
I have only dug this deeply on GDPR because we, as a corporation, want to comply with the most consumer-friendly policies that we are able to. Obligations (e.g. CCPA because we are in the US) are table stakes, but we aim for more. Our lawyers tell me to stop worrying about the GDPR at all, and I am confident that they are correct legally (and financially), but as we all know it is more efficient to design systems that do things properly at the outset (or at least under minimal time pressure), instead of urgently retrofitting later.
I didn't think of it in time to update my previous comment, so I'll add another!
Decades ago, I knew people who pronounced "Italian" as eye-TAL-yun. They were usually older, sometimes WW2 veterans. This was in an area of the US that has a large Italian immigrant population, FWIW.
I don't know if it was due to historical disrespect of Mussolini-era Italy, some contemporary xenophobia, or just simple ignorance.
They all pronounced "Italy" in the normal way though.
I agree that ignorance is the most likely explanation.
But it's not like these folks didn't grow up with "Italy" and "Italian" being on the radio/TV all the time, spoken correctly by newscasters.
So there's a disconnect there, and it's also undeniable that there was an anti-Italian sentiment in the then-previous waves of naturalized immigrants. So I can't say for sure.
There's no reason for Italy and Iran/Iraq to be pronounced similarly. (Cf Indiana, Illinois, Iowa, Idaho?)
But FWIW, the EYE-rack thing is because GWB (most prominently, but others before and after) intentionally mispronounced the name of the country, in a "real american" kind of way, and also to annoy SAD-dumb Hussein as a kind of "we're stupid but we're going to kill you anyway" kind of psyop. Or maybe just "we disrespect you in advance of killing you"?
Americans of other political persuasions usually pronounce the names correctly.
I've lived in over a dozen states and I've never heard either called anything other than EYE-(ran/raq) in conversation.
The extremely, I mean extremely rare occasion when someone pronounces it differently on TV, it's almost like they get side-eyed by other people as trying to "talk fancy".
Well, I've lived in four states in the last 20 years.
Anecdotally, the pronunciation popularity has split neatly along statewide-prominent political lines. For my four example states, three were correct/respectful, and one wrong/disrespectful.
Correct pronunciation has also had an inverse correlation with the rates of active/former military employment, which might be more directly indicative. And a positive correlation with education levels. So the answer is in there somewhere, I suspect.
National TV "news" programming might have a style guide which dictates pandering to the audience by speaking in real american, no matter how well-educated the hosts might be.
I've been thinking about this a bit more and I think we're actually talking about two (or more) different pronunciations.
There is a VERY hard "I" that Lindsey Graham does. I think that's the specific version you're talking about, and that one is intentionally offputting. It's like "EYEEE RACK", but that does sound different from "AYERAK" or "EYEROQ".
Yes, I think you're right. The middle ground, which I'll phoneticize as "uh-RON" or even "uh-RAN" is what I hear in most places.
The effete "ih-RAHN" is the voice that you mentioned might get side-eyes. This is the closest to how Iranians that I know pronounce it, except that we don't have a phoneme quite like their R, which to my ears sounds like a D, L, and R all smashed together.
But these side-eyes are mostly fair, I think. It's like Americans prounouncing France as "Frawhce", or Paris as "Pahdee". Ostentatious and pretentious, for an English-speaker.
And Lindsey's provocative "EYE-ran" is very present in some locations, I think because GHWB and GWB's affected pronunciations were pounded into the American consciousness during Gulf Wars 1 and 2. Although Reagan did it too, IIRC, and I'm not sure about Clinton.
It's "ZIP Code™", trademarked by the US Postal Service (this is mostly to prevent others from misusing the name). It is exactly equivalent to a postal code, and most US residents will know both terms, although they will always say "ZIP".
ZIP is an acronym for "Zone Improvement Plan", but no one knows that and it's not meaningful if you do!
This happens in the US too, and even if you're wise enough to treat postal codes as strings (which they are) and not integers, someone is going to paste the data into Excel which will promptly blow things up on you anyway.
!x has been a shell history expansion since at least csh (1978?).
reply