Pluralistic: 20 May 2020

Today's links

Hackers on Planet Earth, in the cloud (permalink)

2600 Magazine's biennial Hackers on Planet Earth conference is one of hackerdom's longest-running, most countercultural events, and it's had a rough ride lately – kicked out of its historic home in NYC's Hotel Pennsylvania, then clobbered by covid.

But they're indomitable sorts: they've moved this summer's con online and extended it to a NINE DAY event, Jul 25-Aug 5, with the "same number of talks but spread out over a much longer period and available for viewing on a high capacity stream."

There are NINE keynotes, exclusive con tees and badges, and for once, HOPE doesn't have to worry about its speakers being arrested or denied visas to enter the USA.

There are overnight streams – DJs, concerts – and daytime activities like lockpicking, soldering and ham radio workshops.

2600's been slammed by covid, with issues they've printed (but hasn't been paid for) stuck in limbo in shuttered stores and distributors.

They're looking to throw a hell of a (virtual) party, even by 2600 standards, and they're hoping their supporters will convert their tickets to virtual event tickets, and that others will sign up for what promises to be an amazing event.

Climate and machine learning (permalink)

In a new CBC documentary, Brett Gaylor and his (adorbs!) young daughter explore the environmental cost of machine learning. We focus a lot on the privacy issues of the Internet of Shit, but they're also a climate dumpster-fire.;

The doc does a great job of covering the issues in the round, including the labor, solidarity, and technical issues associated with smart speakers and other ML systems, and especially the Amazon workers' uprising, demanding a greening of the company's cloud.

Seeking Fitbit owners' stories (permalink)

Google isn't an "inventing things" company (almost all of its in-house products flop), it's a "buying things" company – it acquired its way to dominance, just like the rest of Big Tech, who literally buy companies more often than I buy groceries.

The latest major Google acquisition is Fitbit, a company that succeeded in making a wearable that people used (unlike Google), whose products many people were forced to wear and give data to as a condition of their employer-provided health insurance.

However, we're finally – finally! – arriving at a moment when America's long-slumbering competition regulators are prepared to take action to protect competitive markets from the winner-take-all smorgasbord represented by acquisition-fueled growth.

That's where you come in. EFF is gathering stories of Fitbit use to help us in our discussions with regulators.
We're asking:

  • Did your employer force (or "strongly encourage") you to wear a Fitbit in order to receive company health benefits?

  • Did you buy a Fitbit because you didn't want to give Google even more of your data?

  • Does the Google-Fitbit merger make you feel like there's no point in opting out of Google data-collection because they'll just buy any company that has a successful alternative?

If you're a Fitbit owner with a story to tell, drop us a line at

Software secrecy (permalink)

Sonia Katyal's Cornell Law Review paper "The Paradox of Source Code Secrecy," is a fascinating and comprehensive analysis and critique of how software's unique properties and software law's incoherence have conspired to produce a unique crisis.

Katyal raises a number of issues but the most important – the issue that rises to a potential constitutional crisis – is that Lessig's metaphor that "code is law" is no longer metaphorical.

Increasingly, laws, their enforcement, and interpretation are literally accomplished in software code.

What's more, that code is both proprietary (in the sense of not being licensed as free/open source) and secret (covered by trade secret law).

So people who rub up against the criminal justice system today are not permitted to know how they broke the law, to see the evidence against them and counter it.

Judges and regulators habitually defer to automated systems, acting as though software-enabled determinations of guilt are empirical and thus reliable – while the reverse is true, as these systems are error-prone in the extreme.

And due to the weird, never-before-seen nature of software, and the resultant legal incoherence, software companies assert overlapping legal protections: patents, copyrights and trade secrets.

Each of these systems of state-issued privilege has the potential for social harm, and each has its own escape-valves designed to mitigate those harms: once someone lawfully, independently discovers your trade secret, your trade secrecy protection expires.

Copyrighted works have to be deposited with the Copyright Office for anyone to read in order to claim statutory damages, and copyright suits require that the plaintiff shows that the defendant actually copied something.

Patents require full disclosure of their system's working to the US Patent and Trademark Office, for anyone to see, and the patent only covers the claimed methods – not different inventions that do the same thing.

But because software is a machine, a literary work, and a secret, it can be patented, copyrighted, and protected with trade secrecy law. These overlapping provisions mean that every one of the escape valves for the public interest is sealed over.

You can get a patent without showing source-code; you can copyright code but redact trade secrets; you can avoid copyright's requirement to show that an act of copying occurred by invoking trade secrets. You can get a trade secret without the burdens of copyright/patent.

Then all this stuff collides with government and the justice system. Trade secrets have been invoked over government systems ranging from recordkeeping to student loans, gun registration to multiple-choice high school exams.

Trade secrets are used to hide the sums that McDonnell-Douglas charges the USAF, the workings of medical devices, the outcomes of clinical trials, the details of voting machines, and how search engines and breathalyzers work.

Chemical manufacturers that poisoned the drinking water of the people in their community have used trade secrets to keep from having to divulge the composition of the poison in the water-supply!

When you get to court, trade secrecy keeps you from interrogating breathalyzer evidence, DNA/fingerprints analysis, or the "Algorithmic Suspicion Assessment" that put you in contact with law enforcement in the first place.

It's a long paper, and Katyal goes very deep into the string of historical occurances that led to this point. You can get to the meat of the argument by skipping to Section IV, "Due Process In an Age of Delegation" (p54).

(Image: Markus Meier, CC BY-SA)

Grocer won't show employees results from mandatory temp-checks (permalink)

Harris Teeter is a giant chain of grocery stores in the American south; it has instituted a policy of taking employees' temperature when they start their shifts and sending them home if they have a fever.

That may sound perfectly reasonable, but for reasons that no one – not even the company's line managers – can figure out, employees themselves are not allowed to know their own temperatures.

As employees, managers, and health, labor and privacy experts told Buzzfeed's Brianna Sacks this has no basis in law or practice, and opens up employees to a host of abuses (like managers keeping sick workers on shift when they're understaffed).

What's more, the policy is being applied in a haphazard fashion, with huge implementation discrepancies between different locations.

Now, obviously, anyone with a fever should not be at work, particularly in food distribution (but also not at all, obvs).

But since the vast majority of coronavirus transmissions come from a- and pre-symptomatic carriers, temp checks are just the last line of defense; relying on them can be a kind of coronvirus theater.

The company spokesvillain's explanation for not showing employees their own temperatures is bizarre. "We choose not to do so as we want to get associates through the thermal screening process as quickly as possible and into work. And because we are not medical professionals and do not want to give medical advice."

Telling you that a thermometer indicates that you do(n't) have a fever is not "medical advice."

So yeah, while I don't think temp scans are the most important part of safe commercial practice, I also think a company whose policies are as stupid, incoherent, high-handed and indefensible as Harris Teeter probably shouldn't be trusted with the important stuff, either.

Bill Clinton sings "Baby Got Back" (permalink)

Back in 2017, Google Research published a paper on using machine learning to create vocal synthesis models – just feed the system samples of someone's speech and it then hand it a script and it would read that speech in the target's voice.

Like so many of ML's greatest party-tricks, the amazing thing about Vocal Synthesis is its low barrier to entry – it's easy for amateurs to get involved and play with the system and get it to do amazing things. There's a whole subreddit devoted to it:

Periodically, the community there puts out a video showingcasing their work. In March, they released "Bill Clinton reads 'Baby Got Back' by Sir Mix-A-Lot."

It does exactly what it says on the tin.

I'm no Clinton expert, but if you played this for me, my first reaction would be, "How did they get Clinton to recite Baby Got Back" and not "That is some impressive machine learning sorcery."

Webinar on Controlled Digital Lending and the pandemic (permalink)

This Friday at 9AM Pacific/12PM Eastern, I'm on a Zoom panel with a group of librarians, copyright experts, and academics to discuss "Controlled Digital Lending" – the practice of the Internet Archive's Open Library, as well as its National Emergency Library project.

If you want some background into the controversy over electronic lending by libraries like the Open Library and the National Emergency Library, I STRONGLY recommend "Libraries Do Not Need Permission To Lend Books" from Kyle Courtney.

Courtney makes a broad point – defended in fine detail with reference to caselaw – that libraries don't, and never have, and should not, require a license to lend out the books they lawfully acquire.

That's obvious on its face: as an author and a former library worker, it makes no sense at all to me that we'd ever ask a library system to secure permission from each person whose books were circulated through that system.

The discussion of the National Emergency Library has been very heated, but short on either good legal analysis about what libraries are allowed to do, and short on facts about what the NEL IS doing.

I'm really looking forward to a discussion that puts a factual understanding under those arguments, and then builds a moral case for electronic libraries on top of them.

Google vows no custom AI for oil and gas (permalink)

Greenpeace just released "Oil in the Cloud," its report on how Big Tech is enabling catastrophic expansions of oil and gas extraction with custom machine learning tools, analyzing 14 contracts between oil companies and Google, Microsoft and Amazon.

The companies are complicit as hell, inking deals with Exxon, Chevron, and Total; building portals specifically designed to entice and service the fossil fuel industry. Microsoft sponsored oil extraction conferences in Saudi Arabia and Amazon has an "Accelerate Oil" project.

But the good news is that Google had a change of heart and has backed away from enabling the oil industry, pledging that it will no longer "build custom A.I./ML algorithms to facilitate upstream extraction in the oil and gas industry."

Google once had a business unit devoted to its oil industry business, helmed by an ex-BP exec named Darryl Willis. But Willis is now at Microsoft (the worst offender in the report) and Google has shut down his division.

Google still gets $65M/year in oil industry cloud contracts, but that's just 1% of the company's cloud revenue and the figure is decreasing even as Google's cloud division is growing.

Writing in Onezero, Brian Merchant attributes the change of heart in part to the Googler Uprising, in which scarce, skilled tech workers staged walkouts, spoke out against the company and demanded better of it.

(Image: Cryteria, CC BY, modified)

Re-positive coronavirus cases are not infectious (permalink)

If you're like me, you're hungry for a little good news about coronavirus. Here's the best news I've had in a month: it appears that the "re-positive" people who test positive after recovering from the disease are not infectious.

The news comes from a South Korean study of 285 people who'd recovered from coronavirus and then tested positive again, and while 126 of them had renewed coronavirus symptoms, they were not shedding virus particles and thus not at risk of infecting others.

It's not merely that they are not shedding infectious particles (though that's a huge relief!), it's also that the people they lived with did not become infected. The subjects also had neutralizing antibodies in their blood.

"When KCDC researchers tried to isolate and grow whole, infectious particles of SARS-CoV-2 from the 108 cases they were able to test—all 108 were negative for whole virus."

The possibility that people who'd recovered from coronavirus could both manifest symptoms and spread the disease was literally keeping me up at night. Now, it seems that while symptoms my recoccur (which is dreadful), at least those people won't have to re-isolate.

Ifixit's medtech repair manual trove is full to bursting (permalink)

Early in the crisis, the Right to Repair campaign came into its own, as hospitals – all of us! – found themselves in the same position as farmers (R2R's staunchest advocates): isolated, far from parts and service, with urgent needs that could not wait.

Right from the start, the folks at Ifixit were on the case, putting out an open call for the repair and service manuals that hospital techs have long squirreled away and traded in secret for fear of reprisals from manufacturers:

That, after all, is medtech's dirty secret: despite manufacturers' claims that their products can't be safely serviced without their consent (and without paying them), hospitals have ALWAYS fixed their own gear, because the alternative is letting people die.

It was manufacturers who were endangering patients, by making it harder for technicians laboring under time-pressure to save human lives to get the information they needed. No wonder state officials started demanding respirator repair guides.

Hospital technicians answered Ifixit's call for repair manuals, opening up their secret hard-drives and inundating the service with more manuals than they could handle, so they enlisted The Maintainers and the American Library Association to help organize them.

Today, Ifixit's Medical Device Repair portal is open and thriving, with manuals for repairing a vast array of medical equipment, during the pandemic and beyond.

They're reversing the trend of deadly information hoarding. As Paul Kelley of Fremont's Washington Hospital told Wired's Lauren Goode: "We can do less and less work on equipment. We’re getting less and less documentation. Training is getting harder, and parts are getting scarcer."

Predictably, the medtech lobbyists at Medical Imaging and Technology Alliance is warning that this will put people in danger – I suppose their answer is that if an authorized technician isn't available, we should ensure patient safety by letting them die.

This day in history (permalink)

#15yrsago Spanish copyright society hounds Uni teacher out of job

#15yrsago Italian phone carriers have phone-unlockers arrested

#10yrsago Canada's sellout Heritage Minister ready to hand copyright to Hollywood

#10yrsago JHEREG license plate

#10yrsago Finnish record industry's regrettable new anti-piracy mascot

#10yrago NYC writer's space throws out last remaining typewriter user;_source=feedburner&utm;_medium=feed&utm;_campaign=Feed%3A+nydnrss%2Fny_local+%28NY+Local%29

#5yrsago FBI spies on tar sands opponents under banner of "national security"

#1yrago DRM and terms-of-service have ended true ownership, turning us into "tenants of our own devices"

#1yrago A look back at the sales training for Radio Shack's Model 100, a groundbreaking early laptop

#1yrago Notorious forum for account-thieves hacked, login and messages stolen and dumped

#1yrago How Warner Chappell was able to steal revenues from 25% of a popular Minecraft vlogger's channels

#1yrago That billionaire who paid off a graduating class's student loans also supports the hedge-fundie's favorite tax loophole

#1yrago A deep dive into the internal politics, personalities and social significance of the Googler Uprising

#1yrago Research shows that 2FA and other basic measures are incredibly effective at preventing account hijacking

Colophon (permalink)

Today's top sources: Aestetix, Four Short Links (, Fipi Lele, Naked Capitalism (Naked Capitalism), Slashdot (, Metafilter (Metafilter).

Currently writing: My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Yesterday's progress: 516 words (17387 total).

Currently reading: The Case for a Job Guarantee, Pavlina Tcherneva

Latest podcast: Someone Comes to Town, Someone Leaves Town (part 03)

Upcoming appearances: Controlled Digital Lending: Getting Books to Students During the Pandemic & Beyond, Friday May 22

Upcoming books: "Poesy the Monster Slayer" (Jul 2020), a picture book about monsters, bedtime, gender, and kicking ass. Pre-order here:

"Attack Surface": The third Little Brother book, Oct 20, 2020.

"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden:

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commerically, provided that you attribute it to me, Cory Doctorow, and include a link to

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy" DeVilla

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.