"Even if the Court were to entertain such questions, they would only work to unduly delay the resolution of the legal questions actually at issue."
So because the lawsuit pertains to copyright, we can ignore possible constitutional issues because it'll make things take longer?
Also, rejecting something out of hand simply because a lawyer didn't draft it seems really antithetical to what a judge should be doing. There is no requirement for a lawyer to be utilized.
The full order is linked in the article: https://cdn.arstechnica.net/wp-content/uploads/2025/06/NYT-v.... If you read that it becomes more clear: The person who complained here filed a specific "motion to intervene" which has a strict set of requirements. These requirements were not met. IANAL, but it doesn't seem too strange to me here.
> Also, rejecting something out of hand simply because a lawyer didn't draft it seems really antithetical to what a judge should be doing. There is no requirement for a lawyer to be utilized.
This is also mentioned in the order: An individual have the right to represent themselves, but a corporation does not. This was filed by a corporation initially. The judge did exactly what a judge what supposed to do: Interpret the law as written.
1. a court order that a dating service saves off all chats and messages between people connecting on the service (instead of just saving off say the chats from a suspected abuser)
2. saving all text messages going through a cell phone company
3. how about saving all google docs? Probably billions of these a day are being created.
4. And how has the govt not tried to put out a legal request that signal add backdoors and save all text messages (because there will no doubt be nefarious users like our own secretary of defense). I think it would take a very significant reason to succeed against a private organization like signal.
The power and reach of this makes me wonder if the US govt already has been doing this to normal commercial services (outside of phone calls and texting). I recall reading back in the day they were "tapping" / legally accessing through some security laws phone company trunks. And then we learned about tapping google communications from Edward Snowden.
Point of order, phone companies already do that. Third Party Doctrine. I don't believe they should, but as of right now, that's where we're at.
Quick question. Should your percieved "right to privacy" supersede all other laws?
To extrapolate into the real world. Should it be impossible for the police to measure the speed of your vehicle to protect your privacy? Should cameras in stores be unable to record you stealing for fear of violating your privacy?
We can all observe the world in the moment. Police can obtain warrants to wiretap (or the digitial equivalent) suspects in real-time. That's fine!
The objection is that we are ending up with laws and rulings that require a recording of history of everyone by everyone - just so the police can have the convenience of trawling through data everyone reasonably felt was private and shouldn't exist except transiently? Not to mention that perhaps the state should pay for all this commercially unnecessary storage? Our digital laws are so out-of-touch with the police powers voters actually consented to - that mail (physical post) and phone calls shall not be in intercepted except under probable cause (of a particular suspect performing a specific crime) and a judge's consent. Just carry that concept forward.
On a technical level, I feel a "perfect forward secrecy" technique should be sufficient for implementers. A warrant should have a causal (and pinpoint) effect on what is collected by providers. Of course we can also subpoena information that everyone reasonably expected was recorded (i.e. not transient and private). This matches the "physical reality" of yesteryear - the police can't execute a warrant for an unrecoreded person-to-person conversation that happened two weeks ago; you need to kindly ask one of the conversents (who have their own rights to privacy / silence, are forgetful, and can always "plead the 5th").
> Not to mention that perhaps the state should pay for all this commercially unnecessary storage?
Unfortunately, that often creates incentive for the business to error on the side of sharing too much with the authorities, even when proper procedure (warrants) have not been followed. It's the only way to retroactively get payed for all that storage and for the code to retrieve that data.
I know of smaller companies that have been charging since at least 2014.
Cellphone location data: https://en.wikipedia.org/wiki/Carpenter_v._United_States
Thermal imaging a home: https://en.wikipedia.org/wiki/Kyllo_v._United_States
Biometric unlocking: https://cdt.org/insights/circuit-court-split-lays-the-ground...
In these cases, privacy, or rather, the constitution, does supersede all other laws.
https://www.americanbar.org/groups/communications_law/public...
Beyond that, no, it didn’t impact anything other than abortion.
When the SCOTUS ruled the constitution protected the right to engage in gay sex, and later gay marriage, precidents were overturned.
Conservatives claimed this might make it easier to overturn Roe. It didn’t.
Roe wasn’t in danger until SCOTUS had six reliable anti-Roe justices.
The reasoning behind Roe was generally regarded as tenuous even by the justices that supported it. Overturning it was required to defend the government’s Constitutional authority for agencies like the FDA, which was undermined by inconsistencies introduced by Roe v Wade. Eventually those judicial inconsistencies come home to roost.
tl;dr: Roe being overturned had little to do with privacy and more to do with protecting specific regulatory powers from being unconstitutional using the same reasoning introduced in Roe v Wade.
Removing such decisions from Federal purview was an elegant solution to the problem, with the practical effect of deferring all such decisions to voters at the State level.
Speed cameras only operate on public roads. The camera in the store is operated by the store owner. In both cases one of the parties involved in the transaction (driving, purchasing) is involved in enforcement. It is clear in both cases that these measures protect everyone and they have clear limits also.
Better examples would be police searching your home all the time, whenever they want (This maps to device encryption).
Or store owners surveilling competing stores / forcing people to wear cameras 24/7 "to improve the customer experience" (This maps to what Facebook / Google try to do, or what internet wire tapping does).
What? How does OpenAI map to your home at all? This is pure nonsense. You seem to have entirely dismissed the comparison to driving a little too out of hand.
The internet is, like the roads, public infrastructure. You can't claim that encryption makes all traffic on the public infrastructure as private as staying home.
You sound like one of those "free man of the land" guys: "I'm not driving your honor, I was traveling."
If you drive in the US, the contents of your car are somewhat protected by law. It's not trivial for authorities to obtain the right to search your car, though I understand it's common for some to flout the rules and search anyway.
But there are not gates on the highway which scan all cars and subject the contents of all the cars along with details of the drivers to government scrutiny. Not just the number plates, everything in and about the car.
However, it is the goal of several agencies to perform this level of searching to all data transmitted. Why do you claim that people have less right to privacy when transmitting data in the virtual vs the physical world?
The argument you're sketching out, of an authority (the nebulous government, the mysterious agencies) totally surveilling your car, is completely and totally disconnected from the discussion at hand. This is a case about two private entities that that are trying to resolve their dispute in a court of law. There's no government agency involved. Whatever you believe about the scary agencies has no bearing on the outcome of this suit.
this is a strange turn of phrase
1. https://answers.microsoft.com/en-us/msoffice/forum/all/savin...
2. https://community.fabric.microsoft.com/t5/Service/End-User-S...
In both cases it's being used for "copying".
We can also see it was used as early as 15 years ago on this very site ( https://news.ycombinator.com/item?id=1182478 ), so it's not a new turn of phrase.
My experience has definitely been that I've heard it more online and in San Francisco, and not very often in Germany, Texas, or Russia. Are you in one of those areas?
I feel like the etymology is something like "print off a few sheets" becoming "copy off a sheet with the copier", and then to the more general digital copy meaning.
Conceptually, I think that the "off" serves the purpose of aligning it with something like "split off"—you're essentially forking the history by creating a separate saved copy.
This is 100% wrong. Pro Se litigation is well regulated, in the first case a non lawyer tried to file in representation of his company, which is not himself so it's not pro se, and you need to be a licensed lawyer to represent someone else.
"So because the lawsuit pertains to copyright, we can ignore possible constitutional issues because it'll make things take longer?"
Not quite, the contention is that the judge doesn't see how it would be successful, so it would be a delay that never addresses a constitutional issue by her judgment.
What constitutional issues do you believe are present?
> There is no requirement for a lawyer to be utilized.
Corporations must be represented by an attorney, by law. So that's not true outright. Second, if someone did file something pro-se, they might get a little leeway. But the business isn't represented pro-se, so why on earth would the judge apply a lower standard appropriate for a pro-se party so a sophisticated law firm, easily one of the largest and best in the country?
When you are struggling to reason around really straightforward issues like that, it does not leave me with confidence about your other judgments regarding the issues present here.
The PDF is easy to read and really lucid once you get past the formatting. Ars should have just converted it to markdown.
4th Amendment (Search and Seizure)
So I think that this is more so an artefact of the parameters than an outcome of some mechanism of law.
There is a reasonable expectation that deleted and anonymous chats would not be indefinitely retained.
> The court is just requiring OpenAI to maintain records it already maintains and segregate them.
Incorrect. The court is requiring OpenAI to maintain records it would have not maintained otherwise.
That is the crux of this entire thing.
Not quite. The court is requiring OpenAPI to maintain records longer than it would otherwise retain them. It's not making them maintain records that they never would have created in the first place (like if a customer of theirs has a zero-retention agreement in place).
Legal holds are a thing; you're not going to successfully argue against them on 4A grounds. This might seem like an overly broad legal hold, though, but I'm not sure if there are any rules that prevent that sort of thing.
the government is not involved at all in this dispute, neither state or federal.
(for example, your own comment: the executive and judicial branches [of government])
Should I mention that water is wet every time I mention water? The executive is the executive, the judicial is the judicial. It's inherent in the discussion and pretending otherwise only for the benefit of furthering obtuse points that go nowhere serves the benefit of no one. So you either didn't know, and do now, or you're just cratering the discussion.
The distinction of the judiciary is most certainly relevant to the actual legal analysis here - the judiciary often reserves sweeping authoritarian powers for themselves, even when they do act to restrain the legislative/executive. So without even really analyzing the details, I am pretty sure that the law as written supports this action.
But the comment I was responding to wasn't making a larger more nuanced argument - rather it said that the government was not involved, defining away the actions of the judiciary as somehow not being governmental action, regardless of them being done with the authority of government.
The overall analysis is that if people are up in arms about this, it just reinforces the need for some actual privacy laws in this country - both to protect from corporations themselves abusing our data, and in this case to prevent the government from creating overly broad judicial orders that may only target specific companies but end up running roughshod over many individuals' rights.
(and just to be clear to avoid going off into the terminology weeds again: the definition of rights I'm using is the one of imagined natural rights, not merely what has been codified into law)
The commenter I responded to is an attorney who presumably just tried to cut out having to detail a longer argument based on the actual nuances that have been interpreted from the 4th amendment. Still, the argument bit off too much so in the interest of deeper analysis and rational discussion it seemed worth calling out.
> government order
They aren't called "government orders" they are called "court orders".
Give me a break with this nonsense alreayd.
This is Hacker News - we readily jump between levels of abstraction. I've acknowledged that the executive and judicial are separate branches are government, but my argument zooms out a level and treats them as both part of the larger government. Because when people feel their right to privacy is being violated by the government, it doesn't really depend on which branch is causing it!
It seems to me you want to hold to the distinction between the two so perhaps you can paint the action under discussion as if it's the result of something that could not just be changed? But obviously this capability of the judiciary could be restrained by Congress, the same as actions by the executive.
> but my argument zooms out a level and treats them as both part of the larger government
Okay? I'm not going to argue against your obtuse misunderstanding or recharacterization of the problem. No one was referring to the government that way, so pretending like they were "for the sake of argument" furthers nothing.
Discovery is not a search. There's no point to having this discussion when you keep pushing these obtuse misunderstandings of words that have particular meanings in these contexts. No less so when you insist you do understand that you are pushing different meanings of the words than what are being discussed.
> We're right back to where we started, with you wanting to rule out people's legitimate concerns by defining terms narrowly and then asserting the concerns make no sense under your definitions.
It's not a legitimate concern. It is a misunderstanding based on ignorance. So funny how we got here again. Looking forward to your next post where you tell me actually you did understand, you were just trying to make a completely different point.
> Sorry, communication does not work that way
The law does. You don't go to court and call that a search. It's discovery. Search you need a warrant for because it's something the gov't does. The gov't here being the *executive branch* when it prosecutes crime.
The legal system does not have a monopoly on defining words or being a source of truth. And it is obvious that the legal system's reasoning lines up with the action in this case - otherwise the action wouldn't have happened! If you were merely clumsily making a point about positive behavior (vs normative behavior), that might be understandable. But then we get:
> It's not a legitimate concern
You are trying to define away discussion about normative behavior by insisting on the legal system's definitions, as if the legal system's definitions and laws cannot be changed. Either because you think it's an easy way to win the argument, or because the legal definitions have warped your brain so badly that you cannot think outside of that box. Either way, sorry - there are valid concerns here.
Putting the way I see it in legal terminology: the relationship between a user and a data storage provider should be much closer to that of a trustor/trustee than the current "anything goes" regime. Legally demanding a user's data, and especially the retention of a user's data, from/by a centralized service should require some indication that the specific user is doing something illegal themselves - not merely that the hosting provider in aggregate might be. They are not "business records", but rather personal records being entrusted to the custody of a business.
Specifically in this case, it should mean that in order to access saved chats and demand retention of deleted chats, the NYT (et al) should have to point to specific users they think may be infringing upon their copyrights, not merely launching a fishing expedition against all users.
And once again, since you seem to have a problem keeping this separate - I'm obviously talking about how things ought to be, not how the current laws shake out.
Or, perhaps, that's not something known by most. I didn't struggle to understand that, I simply didn't know it. Also, again, the article could have mentioned that, and I started my statement by saying maybe the article was doing a bad job conveying things.
> What constitutional issues do you believe are present?
This method of interrogation of online comments is always interesting to me. Because you seem to want to move the discussion to that of whether or not the issues are valid, which wasn't what I clearly was discussing. When you are struggling to reason around really straightforward issues like that, it does not leave me with confidence about your other judgments regarding the issues present here.
>Or, perhaps, that's not something known by most. I didn't struggle to understand that, I simply didn't know it.
Sorry you struggled to not understand your own concept that you put forward that because a lawyer isn't required (not true, but granting you this for the sake of this conversation), we shouldn't hold lawyers up to the standard of a lawyer anyway? That's facially silly.
I literally just repeated to you what you said to me. But, yeah, I'm the petty one.
> Sorry you struggled to not understand your own concept that you put forward that because a lawyer isn't required
What? Why are you misinterpreting everything I wrote?
> we shouldn't hold lawyers up to the standard of a lawyer anyway? That's facially silly.
Where in the world did I say this?
It's extremely unlikely that a protected class is going to start treating a non-protected class with the same regard in society.
I'm not even sure how there could be a constitutional issue here, but it probably isn't for this court to figure out anyways.
I note with amazement that tons of hn users with zero legal experience, let alone judge experience, are sure its the judge who doesn't understand, not them. Based on what I don't know but they really are sure they get it more than the judge!
It is highly likely that this is not confined to just software, I'm sure other engineering or complex disciplines feel the same way about their discipline.
How do we have experts inform these decisions without falling into the trap of lobbying where the rich control the political and legal sphere?
Anyway, I cede you the point that the US law does not match my "common sense" esp around this 3rd party rule mentioned in other comments. It kind of sucks that US "winning the internet" means that even non-US citizens are subject to US law in this regard.
It's OK to say "don't throw out a few pieces of paper for a bit", but that doesn't compare to "please spend $500k/month more on S3 bills until whenever we get around to hearing the rest of the case". (Perhaps that much money isn't that important to either side in this _particular_ case, but there is a cost to all this data retention stuff).
However the risk of data being leaked, or data being requested through a gag order, cannot be ignored.
That said I don't think the arguments were made, the judge is right to dismiss arguments that don't address these nuances.
I wonder what the precedent with google searches is.
A judicial system populated by people who don't understand what's possible is a real issue.
You can count on the fact that the judge does in fact understand that this is a very routine part of such a process.
It is more like the users of ChatGpt don't understand the implication of giving "the cloud" sensitive information and what can happen to it.
It might surprise many such users the extent that the data they casually place at the hands of giant third parties can be, and has routinely, been the target of successful subpoena.
As an illustration, if two huge companies sue each other, part of the legal process involves disclosure. This means inhaling vast quantities of data from their data stores, their onsite servers, executives laptops. Including those laptops that have Ashley Madison data on them. Of course, part of the legal process is motions to exclude this and that, but that may well be after the data is extracted.
For understanding of this topic, pay attention to what DannyBee says https://news.ycombinator.com/item?id=44361478 and not what HN users wish were true.
You can file a motion yourself pro se as the original plaintiff did. Regardless of whether you'd be successful, it is your right.
Like it or not, the judge's ruling sits comfortably within the framework of US law as it exists at present: since there's no reasonable expectation of privacy for chat logs sent to OpenAI, there's nothing to weigh against the competing interest of the active NYT case.
The 3rd party doctrine is worse than that - the data you gave is not only not yours anymore, it is not theirs either, but the governments. They're forced to act as a government informant, without any warrant requirements. They can say "we will do our very best to keep your data confidential", and contractually bind themselves to do so, but hilariously, in the Supreme Court's wise and knowledgeable legal view, this does not create an "expectation of privacy", despite whatever vaults and encryption and careful employee vetting and armed guards standing between your data and unauthorized parties.
Implying that the recourse is to change the law.
Those precedents are also fairly insane and not even consistent with one another. For example, the government needs a warrant to read your mail in the possession of the Post Office -- not only a third party but actually part of the government -- but not the digital equivalent of this when you transfer some of your documents via Google or Microsoft?
This case is also not the traditional third party doctrine case. Typically you would have e.g. your private project files on Github or something which Github is retaining for reasons independent of any court order and then the court orders them to provide them to the court. In this case the judge is ordering them to retain third party data they wouldn't have otherwise kept. It's not clear what the limiting principle there would be -- could they order Microsoft to retain any of the data on everyone's PC that isn't in the cloud, because their system updater gives them arbitrary code execution on every Windows machine? Could they order your home landlord to make copies of the files in your apartment without a warrant because they have a key to the door?
My understanding is it's closer to something like: They cannot order a company to create new tools, but can tell them to not destroy the data they already have. So, in the question of MS having the ability to create a tool that extracts your data is not the same as MS already having that tool functioning and collecting all of your data that they store and are then told to simply not destroy. Similarly, VPNs that are not set-up to create logs can't keep or hand over what they don't have.
Laws can be made to require the collection and storage of all user data by every online company, but we're not there -- yet. Many companies already do it on their own, and the user then decides if that's acceptable or not to continue using that service.
If the company created their service to not have the data in the first place, this probably never would have found its way to a judge. Their service would cost more, be slower, and probably be difficult to iterate on as it's easier to hack things together in a fast moving space then build privacy/security first solutions.
"the data they already have" means the data the user gave the company (no one is "giving" their files to their landlord) and that the company is in full possession of and now owns. Users in this case are not in possession or ownership of the data they gave away at this point.
If you hand out photocopies of the files in your apartment, the files in your apartment are still yours, but the copies you gave away to a bunch of companies are not. Those now belong to the company you gave them to and they can do whatever they want with it. So if they keep it and a judge tells them the documents are not to be destroyed (because laws things), they would probably get into trouble if they went against the order.
Which is what I was trying to bring attention to; the fact that the company has a choice in what data (if any) they decided to collect, possess, and own. If they never collected/stored it then no one's privacy would be threatened.
There is nothing analogous to this happening in this case though. The users aren't in default on any financial obligations.
> "the data they already have" means the data the user gave the company (no one is "giving" their files to their landlord) and that the company is in full possession of and now owns
You put your files in the landlord's building because you're leasing the apartment from them. You put your data on the provider's servers because you're leasing the service from them. How do they own this data? Did you assign the copyright to them? Does the judge's ability to order them to keep it depend on what the contract between you and the service says?
The comparison between the physical and digital is not 1 to 1. You are putting copies of your files(data) into a digital server that you do not have possession of.
You have possession of your apartment and there are laws that apply to that world that in no way apply to copies of files you gave (gave being the key word) to the server that you do not have possession of.
Unless the company (company being the problem) specifically sets up terms, usually in a very expensive enterprise contract -- with legal cutouts for law things judges may do -- which promises what you give to their servers will function more like the rental apt you are trying to tie together -- you are simply giving them data. point. blank. simple. Even then they could renege and then you deal with it or go through long legal process to sue. The ship for data privacy has already long sailed by the time you come at a judge that told them not to destroy it.
People agree to it so companies get away with being allowed to use the copies of data you give them however they want. Thats why it's different. People(society that made the laws) don't accept that behaviour from landlords. They shouldn't from the online world either but here we are. I have no other way of helping this click for you, and at this point it's just moving the same words around to try and find the right sequence that will. Good luck, take care.
https://en.wikipedia.org/wiki/Third-party_doctrine#:~:text=w...
If OpenAI doesn't succeed at oral argument, then in theory they could try for an appeal either under the collateral order doctrine or seeking a writ of mandamus, but apparently these rarely succeed, especially in discovery disputes.
To prevent that you need Congress to tell them no, but that creates a sort of priority inversion: The machinery designed to stop the government from doing something bad unless there is consensus is then enabling government overreach unless there is consensus to stop it. It's kind of a design flaw. You want checks and balances to stop the government from doing bad things, not enable them.
> once you voluntarily give your data to a third party-- e.g. when you sent it to OpenAI-- it's not yours anymore and you have no reasonable expectation of privacy about it.
Furthermore, if the third party doctrine is upheld in its most naïve form, then this would breach the EU-US Data Privacy Framework. The US must ensure equivalent privacy protections to those under the GDPR in order for the agreement to be valid. The agreement also explicitly forbids transferring information to third parties without informing those whose information is transferred.
The magistrate is suggesting that there is no reasonable expectation of privacy in chats OpenAI agreed to delete, at the request of users. This is bizarre, because there's no way for OpenAI to use data that is deleted. It's gone. It doesn't require abrogation of US law, it requires a sensible judge to sit up and recognize they just infringed on the privacy expectations of millions of people.
I can't wait actually. It's less about privacy to me than to being offline.
Non-technicals don't know how LLMs work, and, more importantly, don't care about their privacy.
For a technology to be widely used, by definition, you need to make it appealing to the masses, and there is almost zero demand for private LLM right now.
That's why I don't think that local llms will win. There are narrow use cases where regulations can force local llm usage (like for medical stuff), but overall I think that services will win (as they always do)
you need some really expensive hardware to run a local LLM, most of which is unavailable to the average user. The demand might just simply be hidden as these users do not know nor want to expend the resources for it.
but i have hope that the hardware costs will come down eventually, enough that it reveals the demand for local LLM.
After all, i prefer my private questions to an LLM not be ever revealed.
We can have services but also private history/contexts. Those can be "local" (and encrypted).
Start using services of countries who are unlikely to submit data to the US.
Users should stop sending information that shouldn't be public to US cloud giants like OpenAI.
The laws still look completely different in US and EU though. EU has stronger protections and directives on privacy and weaker supremacy of IP owners. I do not believe lawyers in any copyright case would get access to user data in a case like this. There is also a gap in the capabilities and prevalence of govt to force individual companies or even employees to insert and maintain secret backdoors with gag orders outside of court (though parts of the EU seem to be working hard to close that gap recently...).
[0]: Using it to derive baking recipes is not the same as using it to directly draft personal letters. Using it over VPN with pseudonym account info is not the same as using it from your home IP registered to your personal email with all your personals filled out and your credit card linked. Running a coding agent straight on your workstation is different to sandboxing it yourself to ensure it can only access what it needs.
Based on what? Keep in mind that the data is to be used for litigation purposes only and cannot be disclosed except to the extent necessary to address the dispute. It can't be given to third parties who aren't working on the issue.
> There is also a gap in the capabilities and prevalence of govt to force individual companies or even employees to insert and maintain secret backdoors with gag orders outside of court
There's no secret backdoor here. OpenAI isn't being asked to write new code--and in fact their zero-data-retention (ZDR) API hasn't changed to record data that it never recorded in the first place. They were simply ordered to disable deletion functionality in their main API, and they were not forbidden from disclosing that change to their customers.
I have to assume that they are all simply ignorant of the fact that this exact same preservation of your data happens in every other service you use constantly other than those that are completely E2EE like signal chats.
Gmail is preserving your emails and documents. Your cell provider is preserving your texts and call histories. Reddit is preserving your posts and DMs. Xitter is preserving your posts and DMs.
This is not to make a judgement about whether or not this should be considered acceptable, but it is the de facto state of online services.
>This is not to make a judgement about whether or not this should be considered acceptable
A person is outraged because they find it unacceptable. This is beyond terms and conditions, OpenAI is being forced to keep data they want to discard for the user.
I am shocked that you are shocked, that people are taking a position on this when you suggest you dont take a position on this.
When you hand over your data to a 3rd party, you should not expect it to remain private from the government that rules over that party. The entire 21st century has been a constant deluge of learning how much we are all monitored constantly.
It takes 30 seconds to save the privacy policy and upload it to an LLM and ask it questions and it quickly becomes clear that their privacy policy allows them to hold onto data indefinitely as is.
If you want to input sensitive data into an LLM, do so locally.
is the same as forced retention. You've got a double negative here that I think you didn't intend.
But all of this assumes a legal framework we can trust - and I don’t think this comes into being piecemeal with judges.
My personal take is that data that, without the existence of activity of a natural human, data that woukd not exist or be different must belong to that human - and that it can only be held in trust without explicit payment to that human if the data is used in the best interests of the human (something something criminal notwithstanding)
Blathering on a bit I know but I think “in the best interests of the user / citizen is a really high and valuable bar, and also that by default, if my activities create or enable the data,it belongs to me, really forces data companies to think.
Be interested in some thoughts
Its still outside the overton window (especially on HN), but the only way that I’ve seen where we can get the benefits of big data and maintain privacy is by locking the data to the user and not aggregating it in all these centralized silos that then are incentivized to build black markets around that data.
OpenAI slams court order to save all ChatGPT logs, including deleted chats
Last time I saw such weak decision-making from a magistrate I was pleased to see they were not renewed, and I hope the same for this individual.
[1] https://nysd.uscourts.gov/sites/default/files/2025-06/Public...
https://www.uscourts.gov/about-federal-courts/types-federal-...
In a nutshell, I used quotes to indicate how the position was described by the article. These judidical officers are not interchangeable with judges in the federal system, and in my experience this distinction is relevant to both why this person issued the kind of decision they did, and what it means for confidence in the US justice system.
It's precisely that perspective that I think should sink a magistrate, hundreds of times over.
Second, what colorable argument? There is no colorable argument that entitles you to "discover everything everyone types into the Internet" so there's no need to pretend there is for the purpose of this conversation. Feel free to posit one. You didn't, because none exist. Discovery is limited and narrow. Here, what the court is demanding from OpenAI is limited and narrow, unlike the ridiculous scenario you offered.
This always has been like this, you are in HN, did you think E2EE was just a LARP? It's not even like this is some Patriot Act gag-order bullshit, if you could claim an exception for privacy for any user data, 99% of companies would be immune to discovery.
So no, the spooks are not gonna look at your deepest secrets that you put in CleverBot 9000, but giving your data to Sam "Give me your eyes for 20 bucks" Altman was stupid. Yes, if you are capable of reaching this site it's your *fault*, you should know better.
In the view of American law, as it is currently written and settled, when what you've typed into the internet is relevant to ongoing litigation, yes, there is no expectation of privacy from discovery for anything you typed into the particular service on the internet that's being litigated. Likewise, there's no expectation of privacy if you're not either litigant, but you have been subpoenaed, and forced to testify. The fifth amendment only protects you from self-incrimination.
There are far more horrifying aspects of American law, as it is currently written and settled, I can't say I have the energy to be all that outraged over this one, as opposed to any of the other insane shit that's currently going on.
When people are routinely being disappeared without due process or legal recourse, the issue of 'a few lawyers sworn to secrecy going over some user queries under the constraints of a judge in an active litigation' is not actually a serious issue. This category of thing happens all the time, and it's uncomfortable for third parties involved, but a millenium of common law has generally put the needs of the courts reaching a fair decision in a case above the needs of unrelated third parties to not be bothered by them.
Losing this case would be an incredibly serious issue for OpenAI's business model though, though, which is why it's throwing shit at the wall to see if it sticks, and is shouting for sympathy to anyone who wants to listen. I can't say I give a fig about their financial well-being, though.
This is a good point because chat gpt is The Internet and any order pertaining to a specific website applies to every website. Similarly if the police get a warrant to search a house it applies to every house on the earth
Also not deleting user-submitted content is the same thing as mass surveillance. For example this website doesn’t allow you to delete comments after a certain period, so Hacker News is a surveillance apparatus
A person not a party to the action then filed an application to intervene in the lawsuit because the Judge's Preservation Order constituted a breach of the terms of his contract with OpenAI regarding his use of OpenAI's product - more specifically that the Intervenor entered into usage of OpenAI's product upon the agreement that OpenAI would not preserve any portion of Intervenor's communication with the OpenAI product.
The problem, as I see it, is that the Judge did not address the issue that her Order constituted a breach of Intervenor's contractual interests. That suggests to me that Intervenor did not expressly state that he held contractual rights that the Court's Order was violating. I would think the next step would be to file an Order to Show Cause directly against the Magistrate Judge claiming the Magistrate's Order constitutes an unconstitutional government taking of property without Due Process.
Real human beings actual real work is allegedly being abused to commit fraud at a massive scale, robbing those artist of the ability to sustain themselves. Your false perception of intimacy while asking the computer Oracle to write you smut does not trump the fair and just discovery process.
Sorry but, humans have a right to privacy beyond your dislike of the services they use.
But I will tell you that real humans asking private, real questions of LLMs is also happening, and these two things aren’t related. Many people who don’t have the technical literacy to understand the implications are sending messages with extremely sensitive personal, medical, and financial information.
Straw-manning all of these users as tech-savvy, horny IP thieves is ridiculous. I could find your argument more persuasive if you actually considered the privacy needs of the people who had nothing to do with building or perpetuating the systems.
EDIT: to be clear I’m not sure what I think the solution should be, as I also understand the need for discovery.
This is why in this part of the world we have GDPR and it would be amazing to see OpenAI receiving penalties for billions of euros, while at the same time a) the EU will receive more money to spend, and b) the US apparatus will grow stronger because it will know everything about everyone (the very few things they didn't already know via the FAANGS.
Lately I have been thinking that "they" play chess with our lives, and we sleepwalking to either a Brave New World (for the elites) and/or a 1984/animal farm for the rest. To give a more pleasant analogy, the humans in WALL-E or a darker analogy, the humans in the Matrix.
This is a horrible view of privacy.
This gives unlimited ability for judges to violate the privacy rights of people while stating they are not law enforcement.
For example, if the New York Times sues that people using an a no scripts addin, are bypassing its paywall, can a judge require that the addin collect and retain all sites visited by all its users and then say its ok because the judiciary is not a law enforcement agency?
See my comment above in reply to aydyn: in general, "privacy rights" do not exist in American law, and as such the judge is violating nothing.
People are always surprised to learn this, but it's the truth. There's the Fourth Amendment, but courts have consistently interpreted that very narrowly to mean your personal effects in your possession are secure against seizure specifically by the government. It does not apply to data you give to third-parties, under the third-party doctrine. There are also various laws granting privacy rights in specific domains, but those only apply to the extent of the law in question; there is no constitutional right to privacy and no broad law granting it either.
Until that situation changes, you probably shouldn't use the term "privacy rights" in the context of American law: since those don't really exist, you'll just end up confusing yourself and others.
This isn’t a new issue OpenAI is forcing the courts to wrestle with for the first time.
What a horribly worded title.
A judge rejected the creation of a mass surveillance program?
A judge denied that creating a mass surveillance program harms all ChatGPT users?
A judge denied that she created a mass surveillance program, and its creation (in the opinion of the columnist) harms all ChatGPT users?
The judge's act of denying resulted in the creation of a mass surveillance program?
The fact that a judge denied what she did harms all ChatGPT users?
(After reading the article, it's apparently the third one.)
If this is a concern, is the the best course of action for McSherry to stop using ChatGPT.
We have read this sort of "advice" this countless times in HN comments relating to use of software/websites controlled by so-called "tech" companies.
Something like, "If you are concerned about [e.g., privacy, whatever], then do not use it. Most users do not care."
Don't use _____.
This is a common refrain in HN comment threads.
"OpenAI will have a chance to defend panicked users on June 26, when Wang hears oral arguments over the ChatGPT maker's concerns about the preservation order."
"Some users appear to be questioning how hard OpenAI will fight. In particular, Hunt is worried that OpenAI may not prioritize defending users' privacy if other concerns-like "financial costs of the case, desire for a quick resolution, and avoiding reputational damage"-are deemed more important, his filing said."
"Intervening ChatGPT users had tried to argue that, at minimum, OpenAI should have been required to directly notify users that their deleted and anonymous chats were being retained. Hunt suggested that it would have stopped him from inputting sensitive data sooner."
Any OpenAI argument that invokes "user privacy" is only doing so as an attempt to protect OpenAi from potentially incriminating discovery. OpenAI will argue for its own interests.