Pluralistic: 09 Jun 2020

Today's links

John Oliver's comprehensive explanation of the rot in US policing (permalink)

Understanding the reasons for US policing's out of control, violent racism is hard, because there are so many factors at play. First, there's policing's root in "slave patrols" – white supremacist vigilantes who hunted Africans who'd escaped bondage.

Then there's "qualified immunity," a judge-made legal doctrine that means that it's virtually impossible to hold a cop legally responsible for corrupt and violent misdeeds, up to and including murder.

Add to that police unions, all-powerful criminal syndicates who immunize even the worst, most brutal cops from being fired or even disciplined, almost without limits. Unsurprisingly, police unions are correlated with murders committed by cops.

There's the fact that cops are basically the only public service left in many cities, serving as social workers, mental health professionals, and youth workers.

There's the militarization of police, a scheme cooked up by military suppliers to goose sales of war-fighting weapons to the military, who pass them on to local cops, turning cities into literal war-zones.

Don't forget "broken windows," a criminological fraud that led to bust quotas for cops, who met them by repeatedly and continuously harassing brown and Black people and anyone else whose complaints don't get a hearing.

And on top of that: US structural racism, "warrior" training for cops, and even police departments who literally ban anyone who's "too intelligent" from signing up to be a cop:

So many toxic threads, snarled together in a terrible knot. However, John Oliver is here with a 33-minute segment that unpicks many of these threads, in admirable and clear fashion.

If you lack time/inclination for a 33-minute segment, then please spare a few minutes for Kimberley Jones's superb, self-described "rant," which closes out the segment.

Cox violates the Geneva Conventions (permalink)

I'm accustomed to ISPs finding new depths of shittiness to plumb, but even I was taken aback to find one that is violating the fucking Geneva Conventions.

Nice work, Cox!

Cox offers "unlimited" data for an extra fee. However, they're using "unlimited" in special technical sense that means, very, very limited.

That's what "Mike" found out when Cox threatened to disconnect the broadband he relies on during lockdown because of "excessive" use.

Mike in Gainesville runs overnight backups that eat up a lot of upstream bandwidth, but confines those to run between 1AM and 8AM, when neighborhood usage is lowest.

Still, he got a threatening voicemail telling him he would be disconnected.

When he returned the call, they told him he had to use less in order to conform with the "acceptable use policy," but neither the company nor its policy would tell him how much less he had to use – just "use less."

Or else.

They followed this up with an email telling him that he'd been such a naughty boy that they were slowing down connections to his whole neighborhood to punish him for it.

Which brings me back to the Geneva Conventions, specifically Article 33 ofthe Fourth Convention (AKA GCIV): "No protected person may be punished for any offense he or she has not personally committed. Collective penalties… are prohibited."

AKA, punishing Mike's neighbors because he used too much bandwidth is war criminal shit.

But the hits keep on coming!

Cox has seen several years of record profit – and new lows in network investment (the profits were skimmed by execs and investors).

5.2m American households rely on Cox for broadband, and most of them live in cities where Cox is the only cable broadband provider.

And finally, while Cox has not told Mike whether or not he's still in danger of disconnection, they have warned him that they're about to raise his monthly bill.

Paramount's Unproduced Screenplays (permalink)

The funniest gag in Raiders of the Lost Arc is right at the end, when Indy fetches back the greatest treasure of history, only to have it crated, stored and forgotten in a giant, anonymous, secret government warehouse.

It's funny because it's so emblematic of the journey of screenwriters, who slave for years – even decades – over scripts that go through pre-production, even actual production, only to be shelved…forever.

If there's a novelist you loved who seems to be doing all right financially despite not putting out any more books, chances are they're writing unproduced screenplays, doing the best work of their career, in the knowledge that virtually no one will ever read them.

Sidebar: the funniest joke in 1984 is this one: "One of them was a girl whom he often passed in the corridors. He did not know her name, but he knew that she worked in the Fiction Department. Presumably—since he had sometimes seen her with oily hands and carrying a spanner she had some mechanical job on one of the novel-writing machines."

Just a little writer humor folks. If you didn't laugh, you'd have to cry, amr?

Studios buy a LOT of screenplays and produce very, very few of them. A Twitter account called @ParamountUnprod has come into possession of a hand-typed, hand-indexed catalog of 1,000 of Paramount's unproduced screenplays from 1983-97, with summaries of each.

And @ParamountUnprod is tweeting out every single summary, one at a time, for as long as it takes.

Some sound really, really awful.

Some are fantastically weird:

Some are grossly offensive:

Some are promising-sounding work by brilliant writers:

And some are very intriguing indeed:

"These documents are an alternate reality of movies. Though many of the titles read like absolute stinkers, many of the ideas under discussion are serious gamechangers, and possibly even a few screenplays listed here could have become masterpieces."

"Ultimately this account is to make these otherwise lost concepts available for everyone for posterity, which should start some conversations with anyone with an interest in film history – and hopefully some of the original filmmakers involved."

The person/s behind the project are also seeking donations:

Police budgets are out of control (permalink)

As #DefundThePolice spreads, you may be wondering what, exactly that means. It means a new kind of policing, with a dramatically shrunken role, one that excludes social work, mental health interventions, drug counselling, etc.

Police (rightly) complain that these are not jobs cops should be doing in the first place, but what they don't talk about is the reason cops are called upon to do that work: it's because they've absorbed the bulk of city budgets, leaving the rest of the system starving.

As David Sirota writes, between 1977-2017, the US population grew by 50%; police budgets grew by 173% – triple the rate of population growth.

In Chicago – a city whose population is declining – police budgets comprise 37% of general fund spending, having grown 27% during Rahm Emmanuel's 8-year reign; now Mayor Lightfoot wants to give them a 7% boost on top of that.

NYC is even worse: police spending grew from $4.1b (!) in 2008 to $6B today (!!), up 22% in the past 5 years alone.

The NYPD's budget consumes "more than the city spends on health, homelessness, youth development and workforce development combined."

The phenomena of decreased social spending and increased police spending are not unrelated.

The choice to immiserate and starve people, to deprive them of homes and health care and education, demands an increased spend on guard-labor to keep them from building guillotines.

"Defund the Police" isn't just a slogan, it's a compact manifesto about our social priorities: do we want to spend our money to provide humane conditions and meaningful opportunities for every person, or spend the same money locking up the people we marginalize?

Because cops are right that we shouldn't be asking them to do social work. What they miss is that we mostly need them because we defunded all the social workers and gave the money to the police force.

Auditing Omniballot, a terrible e-voting system (permalink)

Omniballot is an "internet voting and ballot delivery system" from a company called Democracy Live. A group of MIT and U Mich engineers did a security audit on the system. The results are really ugly.

Before we get into the technicalities, let's talk about what we need from our voting technology. Here's a recent interview with the eminent security researcher, Purdue's Eugene Spafford, where he assays a very compact answer.

"One of the goals of an election should be that whoever loses in an election can look at what happened and acknowledge it was a fair loss."

That is, if your voting machine doesn't work, your democracy loses legitimacy. Bad voting tech is an existential threat to democracy.

Which brings us back to Omniballot, some very bad voting tech indeed. Here's a good summary of the researchers' findings about its shortcomings:

Start with the headline finding: "votes returned online can be altered, potentially without detection, by a wide range of parties."

"Insiders at Democracy Live, Google, Amazon or Cloudflare, or any hackers who manage to hack into these companies, can steal votes."

"The Omniballot system send[s] the voter’s identity and ballot selections to Democracy Live (and Amazon)."

Even if you use Omniballot to generate a ballot that your print, hand mark and mail, it can't be trusted because attackers could alter the ballot.

"In all modes of operation, Democracy Live receives a wealth of sensitive personally identifiable information: voters’ names, addresses, dates of birth, physical locations, party affiliations, and partial social security numbers.

"When ballots are marked or returned online, the company also receives voters’ ballot selections, and it collects a browser fingerprint during online voting.

"This information would be highly valuable for political purposes or for election interference, as it could be used to target ads or disinformation campaigns based on the voter’s fine-grained preferences.

"Nevertheless, OmniBallot has no posted privacy policy, and it is unclear whether there are any effective legal limitations on the company’s use of the data."

Here's a summary of the researchers' recommendations for voters:

Recco #1: "Your safest option is to avoid using OmniBallot."

Easier said than done: "This system has been deployed in Delaware, West Virginia, and other jurisdictions."

Who are Dark Basin? (permalink)

For years, researchers have tracked a group of hackers-for-hire that targeted US-based Net Neutrality and anti-Exxon campaigners. Now Citizen Lab has identified the cybermercenaries behind these "Dark Basin" attacks: Belltrox, a New Delhi company.

"Dark Basin’s targets were often on only one side of a contested legal proceeding, advocacy issue, or business deal."

Their targets: "dozens of journalists in multiple countries," "net neutrality advocacy groups," "organisations working on a campaign called #ExxonKnew."

Also: "elected and senior government officials, hedge funds, multiple industries."

Citizen Lab makes a good case that Belltrox is behind these attacks: "director Sumit Gupta, was indicted in CA in 2015 for his role in a similar hack-for-hire scheme."

"BellTroX and its employees appear to use euphemisms for promoting their services online, including 'Ethical Hacking' and 'Certified Ethical Hacker.' BellTroX’s slogan is: 'you desire, we do!'"

BellTroX staff activities listed on LinkedIn include:

  • Email Penetration
  • Exploitation
  • Corporate Espionage
  • Phone Pinger
  • Conducting Cyber Intelligence Operation

Here's a partial list of environmental groups targeted by Belltrox:

  • Rockefeller Family Fund
  • Greenpeace
  • Center for Intl Environmental Law
  • Oil Change International
  • Public Citizen
  • Conservation Law Foundation
  • Union of Concerned Scientists

Other US-based NGOs targeted by Belltrox, during the campaign to save Net Neutrality:

  • Fight for the Future
  • Free Press

Belltrox targeted law firms working on corporate litigation in "US, UK, Israel, France, Belgium, Norway, Switzerland, Iceland, Kenya, and Nigeria."

Citizen Lab also found evidence that Belltrox had been retained to intervene in divorces and other personal disputes.

Hilariously, Belltrox didn't secure their own phishing servers, so Citizen Lab was able to access the logs and see how they'd been used.

As the report highlights, Belltrox is just one high-profile, sloppy actor in a large, shadowy industry of hacks-for-hire.

These cybermercenaries work for corporations and wealthy individuals as personal dirty tricks squads, attacking government officials, activists, and journalists who threaten to expose their wrongdoing and corruption.

Citizen Lab has alerted the DoJ to their findings.

This project builds on work previously done by EFF, and was undertaken in conjunction with Nortonlifelock.

NYPD's structural racism (permalink)

It's one thing to talk about structural racism in policing. It's another thing to quantify it. The NYC Civilian Complaint Review Board has released its first-ever report on the NYPD's treatment of young people, and it's ugly.

As The City reports, "investigations substantiated complaints of misconduct against youth at a higher rate than adults (29% compared to 23%) and exonerated cops at a lower rate (13% versus 23%)."

The investigations were hampered by NY State Law 50-a, a privacy law that cops and city governments wilfully misinterpret as a ban on releasing details of police misconduct.

Despite that, the CCRB report offers a blood-curdling look into the cruelty meted out by NYPD officers against children and youths, including a Black 11 year old boy who was "frisked by plainclothes officers after high-fiving an adult in his public housing complex."

65% of complaints against NYPD were Black and Latinx boys; among adults, 42% of complaints come from Black and Latinx men. 64% of youth complaints involve a Black person, while Black people make up 25% of NYC 10-19 year olds.

These complaints typically start with NYPD officers stopping children for innocuous activities: "playing, high-fiving, running, carrying backpacks and jaywalking."

Most of the complaints were initiated by parents; the CCRB notes that the NYPD do not routinely notify parents when they have interactions with their children – a commonsense measure whose omission cannot be an oversight.

IBM kills facial recognition program (permalink)

One of the commonest objections to facial recognition for law enforcement is that FR systems are more likely to make errors when asked to recognize the faces of people of color, due to bias in the training data.

That's fine as far as it goes, but it has a pretty weird connotation: that we'd be OK with facial surveillance for law enforcement if it worked really well on brown and Black people.

Consider that a bunch of giant Chinese tech companies that provide state surveillance services fixed their "Black faces" problem by requisitioning the Zimbabwean drivers' license database and retraining their systems.

Now, Chinese cops and spies are really good at recognizing Black peoples' faces. Kind of a hollow victory, if you ask me.

In related news, IBM is killing its facial recognition program.

IBM is/was one of the Big Tech giants – along with Amazon, Microsoft and others – developing facial recognition for its clients in the state surveillance, policing and security apparatus.

This is a source of controversy all around, but IBM has a special history when it comes to providing brutalizers with the technology needed to supercharge their systems, having provided the early computers needed to run the Nazi extermination camps.

This makes the company's decision to pursue these contracts especially unforgivable, but that was under a previous administration. The company has a new CEO, Arvind Krishna , who went beyond merely killing the facial recognition program.

Krishna has called upon the US Congress to "enact reforms to advance racial justice and combat systemic racism."

The facial recognition program never made much money for IBM, and it was the source of a lot of internal strife within the company.

Unfortunately, Krishna's critique of facial recognition fell into the "bias" trap of locating the problem with FR in its failings in recognizing Black faces – rather than in its role in the systematic oppression of racialized people in America.

"Vendors and users of Al systems have a shared responsibility to ensure that Al is tested for bias, particularly when used in law enforcement, and that such bias testing is audited and reported."

Yes, bias in machine learning is a problem, but the problem with equipping cops with facial recognition isn't that FR struggles with Black faces – it's that cops shouldn't be using FR, even (especially) if it works well on Black people.

Nutrition labels for IoT (permalink)

A group of CMU researchers just presented "What Should Be on an IoT Privacy and Security Label?" at the IEEE Symposium on Security & Privacy. They present a model for "privacy labels" to clarify the privacy implications of IoT gadgets.

I confess that I was skeptical of this, but the labels themselves are really good, clear and legible.

But…The more I think about this, the more my skepticism returns. We've seen tools like Privacy Badger and Ghostery that tell you how your data is being used by the websites you visit, but these haven't shown much efficacy in changing sites' behaviors.

Historically, the best counter to these "antifeatures" in technology has come from a) self-help measures and b) regulation.

We didn't kill pop-up ads by notifying users of which sites had pop-up ads so they could choose to go elsewhere. We gave them pop-up blockers.

Today, the best way to deal with your alarm about Privacy Badger warnings is to beef up your script-, tracker- and ad-blocking.

And there's a role for regulation here, too, which can take many forms. We can simply prohibit certain conduct, like collecting, retaining or selling data outside of a highly constrained set of circumstances.

Or we could establish a federal privacy law with a private right of action, so users could sue companies that leaked their data and collect statutory damages – a measure that would cause every insurer to instantaneously withdraw coverage for every surveillance tech company.

Don't get me wrong. I love these labels. But there is a huge danger in documenting bad conduct without providing a means to counter it – the danger that you train people to accept the bad conduct as inevitable.

This day in history (permalink)

#15yrsago Savage, brilliant essay on DRM

#10yrsago Glee vs copyright: do as I say, not as I do

#10yrsago Newlyweds discover their paths crossed in Walt Disney World when they were toddlers

#10yrsago "The Jammie Dodgers and the Adventure of the Leicester Square Screening

#5yrsago Internet-connected hospital drug pumps vulnerable to remote lethal-dose attacks

#5yrsago Thousands of American kids are getting free university educations in Germany

#1yrago Payday lenders switched their trade show to a Trump hotel and sent Trump at least a million bucks, then he gave them carte blanche to make billions preying on poor people

#1yrago A non-aboriginal business has licensed the copyright on Australia's aboriginal flag, and are making copyright claims against aboriginal businesses

Colophon (permalink)

Today's top sources: Kottke (, Super Punch), Naked Capitalism (, Bruce Schneier (, Slashdot (

Currently writing: My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Yesterday's progress: 520 words(24756 total).

Currently reading: Adventures of a Dwergish Girl, Daniel Pinkwater

Latest podcast: How Big Tech Monopolies Distort Our Public Discourse

Upcoming appearances:

Upcoming books: "Poesy the Monster Slayer" (Jul 2020), a picture book about monsters, bedtime, gender, and kicking ass. Pre-order here: Get a personalized, signed copy here:

"Attack Surface": The third Little Brother book, Oct 20, 2020.

"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden:; personalized/signed copies here:

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commerically, provided that you attribute it to me, Cory Doctorow, and include a link to

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy" DeVilla

One thought on “Pluralistic: 09 Jun 2020”

  1. Those privacy labels should use ISO 8601 (YYYY-MM-DD) for dates, especially for something like firmware, which could conceivably change fast enough that the difference between, say, May 6 and June 5 is important.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.