Pluralistic: 18 Jun 2020

Today's links

Sterilizer company vs Right to Repair (permalink)

When a once-in-a-century public health emergency strikes, some people leap to help. Others leap to sue.

Ifixit published maintenance manuals for medical equipment. Steris Corporation threatened to sue them for it.

The Right to Repair movement has been around for a long time, but it only went mainstream when farmers joined, insisting on the right to fix the agricultural machines they depend on.

It's only natural that farmers would demand the right to fix their equipment: they are isolated, far from authorized technicians and parts warehouses, and they have urgent, time-bound needs.

When the hailstorm is coming and the crops need to be harvested, you can't wait for John Deere to send out a technician to type an unlock code that blesses your tractor repair – you have to bring in the crop NOW.

Hospitals have always lived a version of this – higher stakes, but lower urgency, at least for hospitals that are in major cities, close to authorized technicians and parts suppliers. Nevertheless, hospitals have ALSO always done their own repairs, quietly, as needed.

Hospital technicians have gathered unauthorized scans of repair manuals and traded them through backchannels, or relying on a brave Tasmanian repair-tech whose personal site hosted many of these manuals.

At the start of the pandemic, Ifixit decided fix this.

They put out the call for medtechs to share their hoarded manuals, and created a searchable, indexed repository for them, something you could navigate quickly and efficiently during a crisis when lives were on the line.

State treasurers started to demand that medtech companies hand over their manuals so that hospitals could maintain vital equipment with as few impediments as possible:

It was all going so well. A fucking Smurfs Family Christmas miracle.

And then Steris threatened its lawsuit.

And EFF fired back:

"As we explained in our letter back to Steris, iFixit is protected by the safe harbor of the Digital Millennium Copyright Act when it hosts user-provided content, and the Medical Device Repair Database is making fair use of the repair materials hosted there."

The Constitution establishes a purpose for copyright: "To promote the useful arts and sciences." Is there anyone who, with a straight face, can claim that denying hospitals the ability to fix their sterlizers during a pandemic accomplishes either of those goals?

Intro to cybersecurity (permalink)

The Open University's "Introduction to Cybersecurity" is a free, massively open online course that covers a wide range of infosec subjects in a way that's both accessible and rigorous.

I'm a Visiting Professor in OU's computer science department, and I was honoured to serve as the introducer and host for the course.

It's free to take, or $79 if you want the exams that entitle you to accreditation from a wide variety of institutions, including IISP.

"The course does not assume any prior knowledge of computer security and can be enjoyed by anyone interested in improving the security of their digital information."

This is the EU's interoperability moment (permalink)

20 years ago, the EU adopted the E-Commerce Directive, laying the groundwork for the regulation of tech in Europe. Today, the body is codifying its Digital Services Act, the biggest update to those policies in a generation.

Writing in EFF's Deeplinks blog, my colleagues Christoph Schmon and Svea Windwehr describe how the EU could seize this opportunity to promote #Interoperability, where new services can plug into the existing, dominant platforms.

This allows users to gracefully transition from dominant companies to new entrants – for example, by leaving Facebook for a more privacy-respecting alternative, but still being able to see the messages your friends are posting to your FB groups and reply to them.

It's critical that the EU get this right! Recent EU initiatives have gone the other way, from the Copyright Directive to the Terror Regulation to Germany's NetzDG and France's Avia Bill.

These all strengthened Big Tech's position and gave them an excuse to block interop: "How can we prevent terrorism (or copyright infringement, or whatever) if our rivals can simply plug into our services?"

In a major new paper, EFF sets out six principles for interoperability that should be included in any update to EU internet regulation.

"Principle 1: General Interoperability Obligations"

Fix the "data portability" rules to cut out the "where technically feasible" loophole; and expand portability to true interop, to mandate continuous, ongoing communications between services.

"Principle 2: Delegability"

Oblige big platforms to allow "competing third parties to act on users’ behalf" – "if you don’t like Facebook's moderation you should be able to delegate that to another organization, like a non-profit specializing in community based moderation."

"Principle 3: Limit Commercial Use of Data"

"Any data made available through interoperability should not be available for general commercial use….It should only be used for maintaining interoperability, safeguarding users’ privacy, or ensuring data security."

"Principle 4: Privacy"

Require privacy by design, data minimization and privacy by default, with "easy-to-use interfaces through which users can give their explicit consent regarding any use of their data (as well as revoke that consent at any time)."

"Principle 5: Security"

Interop should always center user security. "If intermediaries have to suspend interop to fix security issues, they should not exploit such situations to break interop but rather communicate transparently, resolve the problem, and reinstate interop."

"Principle 6: Documentation and Non-Discrimination"

"Interfaces shouldn't discriminate between different competitors and shouldn't come with strenuous obligations or content restrictions. Interfaces, such as APIs, must be easy to find, well-documented, and transparent."

This day in history (permalink)

#10yrsago HTTPS Everywhere: Firefox plugin that switches on crypto whenever it's available

#5yrsago FCC fines AT&T; $100M for throttling "unlimited" customers

#5yrsago Privacy activists mass-quit U.S. government committee on facial recognition privacy

#5yrsago Europe, China, India & US comfortably fit into Africa's landmass

#1yrago Karl Schroeder's "Stealing Worlds": visionary science fiction of a way through the climate and inequality crises

#1yrago CEO of London's Serpentine Gallery resigns after Guardian report

#1yrago Berlin Senate approves five-year, citywide rent freeze

#1yrago Vast majority of truck-driving jobs are not under threat from automation

#1yrago Catherynne Valente schools her racist neighbors about the asylum seekers in their midst

Colophon (permalink)

Today's top sources:

Currently writing:

  • My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Yesterday's progress: 515 words (28650 total).

  • A short story, "Making Hay," for MIT Tech Review. Yesterday's progress: 303 words (1599 total)

Currently reading: Adventures of a Dwergish Girl, Daniel Pinkwater

Latest podcast: Part 6 of "Someone Comes to Town, Someone Leaves Town"

Upcoming appearances:

Upcoming books: "Poesy the Monster Slayer" (Jul 2020), a picture book about monsters, bedtime, gender, and kicking ass. Pre-order here: Get a personalized, signed copy here:

"Attack Surface": The third Little Brother book, Oct 20, 2020.

"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden:; personalized/signed copies here:

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commerically, provided that you attribute it to me, Cory Doctorow, and include a link to

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy" DeVilla

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.