- EFF's Surveillance Self-Defense guide for students: Privacy is a team sport.
- Oregon's Dems have a supermajority, but the GOP won't show up for work: White nationalism is how plutes get turkeys to vote for Christmas.
- A Lever Without a Fulcrum Is Just a Stick: How to design a copyright to protect artists, not corporations.
- Facebook neutered "Download Your Data": "Your data" doesn't include a list of ad-tech companies that also hold your data.
- The EU's new copyright filters violate the GDPR: We told you so.
- Recycling spy agencies' malware for fun and profit: NOBUS is, and always has been, an idiotic idea.
- Japanese condiment company releases "sliced mayo": Comes in four flavors!
- Department of the Interior climate docs include junk science: Trump's man on the inside, sabotaging our future.
- This day in history: 2005, 2010, 2015, 2019
- Colophon: Recent publications, current writing projects, upcoming appearances, current reading
EFF's Surveillance Self-Defense guide for students (permalink)
EFF just launched its Surveillance Self-Defense guide for students: it's a soup-to-nuts guide for kids and parents disturbed about social media monitoring, campus facial recognition systems, and "aggression detection" mics in classrooms
It unpacks technical concepts from stalkerware to man-in-the-middle SSL certificates, and includes guides to having difficult privacy conversations with friends, family and officials, and technical guidance for protecting your privacy.
As the press-release notes, "School discipline disproportionately targets students of color, and it’s reasonable to think that additional, and more comprehensive scrutiny of their lives will only add to that injustice." These systems also disproportionately affect queer kids, "who tend to look for support online as they explore their gender identities, and find they’re under so much surveillance that they learn not to look. They learn not to trust online public spaces."
Oregon's Dems have a supermajority, but the GOP won't show up for work (permalink)
In Oregon, Democrats have a supermajority in the House and Senate, because the vast majority of Orgeonians support Democratic policies. But when Oregon drafted its constitution in 1857, it copied the Indiana constitution's provision that sets quorum at 2/3 of lawmakers.
Theoretically, this has meant that if a small handful of opposition lawmakers refused to show up for work, the state legislature would shut down. Practically, neither party has ever done this…until now. The Oregon GOP, acting on behalf of a small number of rural, white, reactionary voters, has refused to enter the statehouse when the majority was calling votes on "guns, forestry, health care, budgeting" and now, the climate crisis.
They've killed a small tax raise to fully fund state public schools, modest gun restrictions, and mandatory vaccinations for kids. Then they signed a memo promising not to pull that stunt again, so the legislature could pursue a cap-and-trade bill.
They fucking lied.
GOP Senators went into hiding, and threatened to murder any police officers sent to get them.
Cap and trade is back before the legislature, and the GOP cowards are in hiding again, refusing to show up and do the job the taxpayers are paying them to do. House Republicans have joined their Senate co-conspirators.
A ballot initiative might force them back into their seats, though:
The Oregon GOP has fielded a truckload of bullshit to defend their tantrum. They claim the measure has had insufficient "process" to proceed. It's had more process than any other bill in Oregon history.
"Democrats have bent over backward to accommodate GOP objections, layering on more process, making more concessions, but it hasn’t changed Republican rhetoric or behavior a whit. GOP objections aren’t to the bill’s contents or process, but to its existence."
Oregon has some of the nation's loosest money-in-politics laws and the state GOP is awash in money from polluting industries hoping to render the planet unfit for habitation ("first in the country in per-capita corporate donations to politicians")
"The Republicans who keep walking out on their jobs get 65 percent of their donations from corporations, in particular corporations like Koch Industries with assets that stand to be affected by cap-and-trade."
Democrats have walked out of legislatures, too: decades ago, and over gerrymandering attempts that would have guaranteed eternal minority rule by rendering the majority of state votes irrelevant. When the GOP stages rallies to support its actions, it is supported by 3 Percenters and other violent white nationalist terrorist elements. White supremacy is how the GOP gets turkeys to vote for Christmas.
But Oregon Dems are too timid to call white nationalism out when they see it. They won't run on the issue of the GOP doing corporate bidding with backing from white nationalists.
A Lever Without a Fulcrum Is Just a Stick (permalink)
My latest Locus column explores what copyright expert Rebecca Giblin calls "The New Copyright Bargain" – a copyright system designed around enriching authors above all, rather rather than treating authors' incomes as an incidental output of enriching entertainment or tech corporations. The column is called "A Lever Without a Fulcrum is Just a Stick." Copyright is billed as giving creators leverage over the corporations we contract with, but levers need fulcrums.
In an increasingly concentrated marketplace, any exclusive rights that are given to creators are simply appropriated by corporations as a non-negotiable condition of the standard contract. Think of how samples could originally be used without permission (in the Paul's Boutique/It Takes a Nation of Millions era), enriching old R&B artists who'd been burned by one-sided contracts.
(Image from Kembrew Macleod's "Creative License" https://www.dukeupress.edu/creative-license)
Those artists experienced a temporary enrichment when paying for samples became the norm, but today, all contracts simply require signing away your sampling rights. The fight to require licenses for samples merely gave the labels yet another right to demand of their artists. Which means that anyone hoping to sample must sign to a label and pay for a license either to that label or one of the other three. Giving new rights to artists in a monopolized market is like giving your bullied kid more lunch money. It doesn't buy the kid lunch, it just gives the bullies the opportunity to take more money from your kid.
After the "Blurred Lines" suit, labels have begun to fret about being sued over artists' copying the "vibe" of another artist. It's easy to feel smug about copyright maximalists being hoist on their own petards. But the end-game is easy to see: just make selling your "vibe" rights a condition of signing a record deal, and you transfer ownership of whole genres to the Big 4 labels.
What would a copyright look like that protected artists, rather than practicing the Magic Underpants Gnome method of:
- Enrich entertainment corporations;
- Artists get more money
Any new bargain in copyright centered on artists needs to take account of the concentration in tech and entertainment, and create rights for artists that aren't just creator's monopolies to be scooped up through non-negotiable contracts. Measures like reversion (which lets artists in the USA claim back rights they signed away 35 years ago), blanket licenses (designed to pay artists regardless of whether they're "rightsholders"), and restoring unionization rights are the key to paying artists.
Merely expanding the "author's monopoly" does no good in a world of industrial monopolies: it just gives those monopolists more ammo to use in the fight to shift revenues onto their own balance sheets, at the expense of working creators.
Facebook neutered "Download Your Data" (permalink)
Facebook recently unveiled a feature called "download your data," partly to comply with Europe's GDPR. But as Privacy International reveals, there's a very important omission in the data that Facebook will release to you.
Missing from "your data" is the list of advertisers whose targeted you by uploading some of your personal information (through the "Custom Audience" tool) – that is, the list of other companies that the GDPR lets you send data-requests to. This omission means that you can't use FB as a jumping-off point to discover all the data being held on you by all the advertisers, data-brokers, etc. It's not an accident, either: Facebook replicates this in their new "Off-Facebook" product.
Facebook is under increasing pressure to allow competition through interoperability, but argues that it can't possible protect your privacy if they are forced to allow companies that you trust to manage your Facebook experience for you. In other words, Facebook argues that it can't be a wise, benevolet steward of your privacy if you insist on allowing competitors to interfere with it. But that argument only works if you trust Facebook — and who the hell trusts Facebook?
(And why on Earth would you?)
The EU's new copyright filters violate the GDPR (permalink)
The EU's Copyright Directive effectively forces all online platforms to implement upload filters that scan everything you try to post and refuses anything that matches a database of works that anyone, anywhere has claimed to be "copyrighted." This a terrible idea in an era of rampant copyfraud. The Directive has no penalties for people who falsely claim copyright even when it's to rip off, blackmail or censor artists, and platforms still have to accept their copyright claims even after they're caught at it.
But it's also a massive violation of Article 22 of the GDPR, which promises users the right “not to be subject to a decision based solely on automated processing which produces legal effects concerning them or significantly affects them."
That is to say, you aren't allowed to do the kind of filtering that Article 17 of the Copyright Directive mandates. Billions of pieces of "personal information" (under the GDPR's definition) will be processed by copyright bots every day, and that's illegal.
None of the GDPR's exemptions apply, either. For example, the Copyright Directive doesn't "authorise" the filtering, because its authors explicitly deleted all mentions of filters in order to get the Directive passed, and publicly disclaimed any filtering mandate.
Nor is filtering "necessary" for the use of the service under the GDPR – the services run today without filtering, so the GDPR's narrow, rigorous definition of "necessity" does not apply.
The GDPR does allow this kind of processing with "consent" but not the kind where you click a terms-of-service "OK" button. Consent under GDPR has to include the ability to say no and still use the service.
What's more, the Copyright Directive includes new EU-wide copyright exceptions for parody and criticism, and while it's impossible to imagine a filter being able to tell the difference between parody/criticism and other kinds of speech, any attempt will be a privacy disaster. Identifying parody/criticism requires understanding of context – and that means that a filter trying to discern these concepts will have to consider huge amounts of personal information to make its determination. And the Copyright Directive itself does not allow any system that fails to respect these "fundamental rights" of internet users, which means that you can't use a filter unless it can grasp these distinctions.
Literally all of this was obvious from the start, and boosters of upload filters hand-waved them away, insisting they were mere technicalities that could be solved by asking tech companies to NERD HARDER. Now, the whole thing is likely to fall apart.
Recycling spy agencies' malware for fun and profit permalink)
The NSA has a doctrine called "NOBUS," which stands for "No One But Us" — as in, "It's OK if we keep these bugs we discovered a secret because no one but us is smart enough to find or exploit them." But as ex-NSA hacker Patrick Wardle's RSA presentation, "Repurposed Malware: A Dark Side of Recycling" shows, foreign spy agencies – and criminals – love NOBUS because it means they get to steal NSA cyberweapons and use them for themselves.
Once you discover a snippet of malicious code in the wild (either something used by a spy agency and then blown, or something stolen from the agency), it's really easy to remix it to deliver your own malware.
In his demo, Wardle showed how he replaced a small section of the pioneering fileless Macos malware AppleJeus.c and created his own, virus-scanner-resistant strain.
"With a single modification to the binary, (and building a light-weight C&C server), we now have access to an advanced nation-state loader that will perform to our bidding …without having to write any (client-side) code!"
NOBUS is, and always has been, a dead letter – equivalent to stockpiling superbugs to use as bioweapons, in hopes that no one else will discover or steal them, rather than developing a vaccine for them. It's the height of irresponsibility, and your tax-dollars pay for it.
Japanese condiment company releases "sliced mayo" (permalink)
The Japanese condiment company Bourbon just released a "sliced mayonnaise" product similar to American cheese singles. It'll come in flavors like "spicy tuna" and "cod roe."
It's an addition to the company's existing sliced condiment products, like "sliced chocolate."
The sliced mayo is ¥200-250, and comes in packets of four. Honestly, I'm fine with this except for the plastic – if it came in an edible wrapper, it'd make for an excellent picnic/school lunch supply.
Department of the Interior climate docs include junk science (permalink)
When Trump took office, he promoted Indur M Goklany, a climate denier, to the office of the deputy secretary "with responsibility for reviewing the agency’s climate policies."
Ever since, Goklany has been inserting debunked climate-denial talking points into US government science, including the myth that "increased carbon dioxide in the atmosphere is beneficial." Longtime agency staffers exchange private, grim jokes about being forced to insert "Goks uncertainty language" into their communications about the climate crisis, howlers like the idea that rising CO2 “may increase plant water use efficiency."
"The Interior Department declined to make Mr. Goklany available for an interview, and he did not return requests seeking comment."
This day in history (permalink)
#15yrsago Free Software Foundation tears MPAA a new one in Grokster brief http://moglen.law.columbia.edu/publications/grokster-amicus.pdf
#10yrsago Blind gamer speedruns Zelda with help of 100,000+ keystroke script https://boingboing.net/2010/03/03/blind-gamer-speedrun.html
#5yrsago Ed Snowden says he'll face trial in the US https://news.yahoo.com/edward-snowden-ready-return-states-144245040.html
#5yrsago Razorhurst: blood-drenched gang warfare and ghosts in Gilded Age Sydney https://boingboing.net/2015/03/03/razorhurst-blood-drenched-gan.html
#1yrago The FAIR Act will end forced arbitration for employment, consumer, antitrust and civil rights disputes https://thinkprogress.org/lawmakers-declare-war-on-the-biggest-civil-rights-problem-youve-probably-never-heard-of-eaf3b5459034/
#1yrago Google says it won't remove Saudi government app that lets men track and monitor their wives and domestic employees https://www.businessinsider.com/absher-google-refuses-to-remove-saudi-govt-app-that-tracks-women-2019-3
#1yrago Record label censors copyright lawyers' site by falsely claiming it infringes copyright https://spicyip.com/2019/02/saregama-pa-rdon-me-you-have-the-wrong-address-on-the-perils-and-pitfalls-of-notice-and-takedown.html
#1yrago German data privacy commissioner says Article 13 inevitably leads to filters, which inevitably lead to internet "oligopoly" http://www.fosspatents.com/2019/02/germanys-federal-data-protection.html#translation
Hugo nominators! My story "Unauthorized Bread" is eligible in the Novella category and you can read it free on Ars Technica: https://arstechnica.com/gaming/2020/01/unauthorized-bread-a-near-future-tale-of-refugees-and-sinister-iot-appliances/
- Canada Reads Kelowna: March 5, 6PM, Kelowna Library, 1380 Ellis Street, with CBC's Sarah Penton https://www.eventbrite.ca/e/cbc-radio-presents-in-conversation-with-cory-doctorow-tickets-96154415445
Currently writing: I just finished a short story, "The Canadian Miracle," for MIT Tech Review. It's a story set in the world of my next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. I'm getting geared up to start work on the novel now, though the timing is going to depend on another pending commission (I've been solicited by an NGO) to write a short story set in the world's prehistory.
Currently reading: Just started Lauren Beukes's forthcoming Afterland: it's Y the Last Man plus plus, and two chapters in, it's amazeballs. Last month, I finished Andrea Bernstein's "American Oligarchs"; it's a magnificent history of the Kushner and Trump families, showing how they cheated, stole and lied their way into power. I'm getting really into Anna Weiner's memoir about tech, "Uncanny Valley." I just loaded Matt Stoller's "Goliath" onto my underwater MP3 player and I'm listening to it as I swim laps.
Latest podcast: Disasters Don’t Have to End in Dystopias: https://craphound.com/podcast/2020/03/01/disasters-dont-have-to-end-in-dystopias/
Upcoming books: "Poesy the Monster Slayer" (Jul 2020), a picture book about monsters, bedtime, gender, and kicking ass. Pre-order here: https://us.macmillan.com/books/9781626723627?utm_source=socialmedia&utm_medium=socialpost&utm_term=na-poesycorypreorder&utm_content=na-preorder-buynow&utm_campaign=9781626723627
(we're having a launch for it in Burbank on July 11 at Dark Delicacies and you can get me AND Poesy to sign it and Dark Del will ship it to the monster kids in your life in time for the release date).
"Attack Surface": The third Little Brother book, Oct 20, 2020.
"Little Brother/Homeland": A reissue omnibus edition with a very special, s00per s33kr1t intro.