Pluralistic: 23 Jun 2020

Today's links

Surveillance electoralism (permalink)

Writing in MIT Tech Review, Samuel Woolley and Jacob Gursky take a deep dive into the data-gathering in the apps from the Trump and Biden campaigns. It's quite a study in contrasts!

The Trump campaign is like Cambridge Analytica Mark II: invasive even by the standards of 2020, with Bluetooth access so your movements can be tracked by sleazy data-brokers, as well as endless-scroll propaganda channels to feed white nationalists' grievance complexes.

It's a feature-for-feature clone of the app used by Indian PM Modi, another authoritarian strongman with serious genocidal ambitions, and Modi has used the app to create regional propaganda clubs and feed them everything they need to push his narrative, to the brink of war.

By contrast, Biden's app is built around exploring your social graph and connecting you to people you have a genuine personal connection with in order to have a meaningful political conversations.

It's an evolution of the grassroots organizing tactics that the Obama campaign used to great effect in 2008 and especially in 2012.

But when I read about the tactics in use, I have another touchpoint.

Back in 2010, I was working on Homeland, the sequel to Little Brother.

I knew I wanted the plot to turn on a next-generation, networked election campaign, but I was stumped for how that would work.

For weeks, I interviewed top electoral strategists, people who'd been praised as high-tech svengalis for the campaigns they'd run.

I'd call them and say, "OK, pretend you've got a candidate who'd do anything you asked, and the smartest technologists in the world working for you. What would you build?"

The responses were so dull, the thrice-brewed teabags left over from the Dean campaign.

Then, on a lark, I asked Aaron Swartz what to do. I sent him a brief email outlining the challenge. A few hours later, he sent me a shovel-ready, complete plan – a plan that encompasses everything Obama did in 2012, and everything Biden is doing in 2020, and then some.

I basically just pasted that passage into the book. I also included it in my obit for Aaron when he killed himself in 2013, two weeks before the book came out. I toured that book across the USA, and everywhere I went, I talked about Aaron.

We're reissuing Homeland this summer, in a new omnibus edition with Little Brother, with an intro by @snowden, who also cites Aaron as an inspiration, and who risked his life to reveal the connection between commercial and state surveillance.

We're including the afterword Aaron wrote for the book, too.

Meanwhile, I see his fingerprints all over the things that give me hope in 2020. The Trump and Biden apps represent a stark contrast in approaches – one that sees supporters as marks, and the other as supporters.

Aaron's plan would create a tireless, committed army of supporters that would help their candidate govern: "I agree with you, I want to do it, now make me do it."

When Obama took office in 2012 he shut down his network, not willing to govern ahead of an activist rabble.

Meanwhile, the Tea Party held the TGOP's feet to the fire for four years, not letting them give a nanometer. They made Obama's life hell, and blocked virtually all of his agenda.

The GOP in Congress and the Senate make the TGOP look reasonable by comparison. They're fucking orcs. If Biden wins in November, his only hope of governing is that activist rabble.

So for me, as interesting as the contrast in surveillance approaches is, the real action is going to be in what happens afterward: will Biden shut down his app and tell his activists to stand down? Or will he govern with the activist rabble holding his feet to the fire?

Blueleaks (permalink)

On Juneteenth, the Distributed Denial of Secrets campaign released BlueLeaks, the "largest published hack of American law enforcement agencies": 269GB of "emails, audio, video, and intelligence documents, with more than a million files in total."

Distributed Denial of Secrets founder Emma Best told Wired's Andy Greenberg that the docs came via someone flying the Anonymous banner, and hinted heavily that it leaked from the web development company Netsential, and came from several fusion centers.

DDoSecrets maintains download links for all its leak troves:

Meanwhile, there's a widespread effort to catalog the contents of the leaks, which span 200+ law enforcement agencies (local, state, fed):

So far, the leaks don't reveal unlawful activity by police, but they do demonstrate a partisanship with white nationalists, who are described as "anti-antifa" rather than as fascists and genocidal authoritarians.

Best: "The underlying attitudes of law enforcement is one of the things I think BlueLeaks documents really well….Part of what a lot of the current protests are about is what police do and have done legally."

Virtual Ignite talks (permalink)

In a Pechakucha presentation, a speaker talks to 20 slides for 20 second each; the format came the USA and became the Ignite Talks, a beloved speaker series whose formal constraints make for spectacular and dazzling rhetoric.

Obviously, Ignite talks have been curtailed by the pandemic and lockdown, but they've gone virtual, and are hosting an event on Weds, Jun 24 at 1800h Pacific:

Here's the speaker roster:

  • Hope Williams – Coordinated Acts of Civil Disobedience
  • Monica Guzman – 7 words to keep your world from shrinking
  • Cecily Mak – C L E A R L I F E
  • Kelly Jensen – Fancy Pigeons Are a Thing
  • Chris Taylor – The how, what and why of microdosing
  • Jeremy Conrad – The History of Cocktail
  • Paula Chowles – The Art of Documentary Filmmaking in a Streaming World
  • Mya Roberson – When COVID-19 and racism collide
  • Inga Bard – Birthing a Renaissance
  • Robert Strong – Learn How the Brain is Tricked While Learning a Trick
  • Connie Yang – Modern matriarchal societies
  • Kevin Kelly – Journey in a Time Machine
  • Mellina White Cusack – Attention White People: Your #BLM memes are not enough


Congress wants to read all your DMs (permalink)

EARN IT is a bill that takes away online service providers' "safe harbor" (a rule that says that the company that provides your messenger app isn't liable if you use it for slander, obscenity, etc) under Section 230 of the Communications Decency Act.

That is, unless…

Unless the service follows "best practices" – meaning rules set out by a commission chaired by the Attorney General, AKA Bill Barr.

If this sounds ominous to you, you're absolutely right.

The first EARN IT Act hearings were yesterday. The bill's sponsors – Lindsey Graham and Richard Blumenthal – kicked things off by insisting that they had been maligned by the bill's opponents, who keep insisting that it bans working encryption.

Blumenthal: "This bill says nothing about encryption. Have you found a word in this bill about encryption?"

But as my EFF colleague Joe Mullin points out, this is an inept shell game indeed, even by Congressional standards.

Because the commissioners who will set out the EARN IT Act's best practices are crystal clear that the iron-clad condition for messenger apps' safe harbor is allowing law enforcement to spy on their users' messages, something that is only possible if you ban encryption.

Mullin: "You can’t have an Internet where messages are screened en masse, and also have end-to-end encryption any more than you can create backdoors that can only be used by the good guys. The two are mutually exclusive."

Graham and Blumenthal have pitched Barr's commission as a place where tech policy will get made, but as Mullin says, "The Commission won’t be a body that seriously considers policy; it will be a vehicle for creating a law enforcement wish list."

Barr is a cryptocidal maniac, who has made attempts to ban encryption for decades. The pretence that "we're not banning encryption, we're merely enabling Bill Barr to do whatever it takes to keep us safe, which starts with banning encryption" is tissue-thin.

It's not just bad policy, it's idiotic policy. The world is full of working, open, free encryption code that can be downloaded and run by anyone, including the Four Horsemen of the Infocalypse (mafiosi, terrorists, child pornographers and drug dealers).

The only way to prevent people from downloading and running this code is to erect a national firewall around the USA that blocks all sites by default, and then creates an unblock list of sites that promise to comply with EARN IT.

You'd also have to replace all the computers in circulation in the USA with trusted computing devices that refuse to run working VPNs and other firewall circumvention tools. And you'd have to seize all non-compliant devices at the border.

You'd have to ban math and computer science textbooks, because they explain how to make your own working encryption.

Anything less than this doesn't interdict bad guys, it just interdicts lazy, unmotivated bad guys.

The war on encryption is just the War on General Purpose Computation by another name:

Of course, none of that stuff is going to happen. For one thing, it would be unconstitutional, a thing that was firmly established in 1995 with EFF's precedent-setting Bernstein case, whose conclusion was and is: "Code is speech."

EARN IT is not a system for interdicting criminals and predators. It's a system for enabling and maintaining the capacity for mass surveillance of everyone, except criminals and predators and anyone else with the motivation to circumvent it.

Here's the petition against EARN IT. Go fill it in. Because as 2020 has taught us, merely being pigheadedly stupid and unworkable does not disqualify a thing from happening.

Privacy in tracing tokens (permalink)

One of our generation's greatest hardware hackers is Andrew "bunnie" Huang, and lucky for all of us, Huang is also a serious privacy advocate. He's been tapped to audit the security of Singapore's Tracetogether hardware token.

(Background on Huang: as an MIT student, he broke the Xbox's firmware locks and published despite the cowardly refusal of MIT to defend him against Microsoft; today, he's a plaintiff in a lawsuit to overturn the DMCA's prohibition on this activity)

Huang hasn't had the opportunity to teardown a Tracetogether token yet, but in a blog post, he sets out the means by which such a token could be effective at transcending mere exposure notification and attaining true contact-tracing, while still verifiably protecting privacy.

Early in the lockdown, Huang and Xobs were invited by the EU to design such a token; their design, the Simmel, approaches a platonic ideal of how it would work; what's more, it reflects Huang's manufacturing expertise. It's production-ready.

Huang's starting assumption is that you can't do privacy-respecting tracing in a phone. Phones just have too much attack surface. They emit too much data. They hold too much data. They are opaque and unauditable and complex.

Hardware tokens literally make people stewards of their data: it lives on the token, which is in their pocket. Simmel is designed to be easily disabled: "By simply twisting the cap of the token, users can power the token down at any time, creating a gap in their trace data."

This is really important for compliance: there's a lot of overlap between people at high-risk for spreading and people who face legal/social sanction for some of their movements (drug addicts, some sex workers, etc).

The Tracetogether token's retail cost is capped at S$20, which precludes hiding a lot of sneaky spyware in the production model. But it wouldn't stop a state (or supply-chain poisoners) from making a few tokens that did sneaky stuff.

To mitigate this risk, Huang falls back on physics. A token with a 1000mAh battery has limits that can't be overcome by trickery: "no amount of money invested by the government can break the laws of physics."

Huang: "If Singapore could develop a mass-manufacturable battery that can power a smartphone sensor suite for months in that form factor – well, let’s just say the world would be a very different place."

Huang closes with a to-do list of things to verify in a hackathon – that the BLE radio can't be repurposed for data-readout, etc, and warns that much of the privacy protection can be obliterated through laws requiring people to carry tokens, and the mass seizure of tokens.

Meanwhile, Huang's collaborator Xobs has done a full teardown of a Tracetogether token:

A/B Seattle (permalink)

A/B Street is a traffic simulator that models Seattle's actual traffic, using real Seattle traffic data, created by Dustin Carlino, whose "ultimate goal is for your changes to become a real proposal for adjusting Seattle's infrastructure."

The idea is to feed residents' lived experience of traffic dysfunctions ("the one left turn lane that always backs up or a certain set of poorly timed walk signals") into planning discussions.

Your changes to Seattle traffic rules ripple out through pedestrians, public transit, cyclists and private vehicles, which you can both visualize and quantify through a dashboard.

Carlino has a standing offer to help you recreate this for your city: "If you want to bring this to your city or if you're skilled in design, traffic simulation, data visualization, or civic/government outreach, please contact Dustin Carlino at"

Against AI phrenology (permalink)

The iron law of computing is GIGO: Garbage In, Garbage Out. Machine learning does not repealit. do statistical analysis of skewed data, get skewed conclusions. This is totally obvious to everyone except ML grifters whose hammers are perpetually in search of nails.

Unfortunately for the human race, there is one perpetual, deep-pocketed customer who always needs as much empirical facewash as the industry can supply to help overlay their biased practices with a veneer of algorithmic neutrality:

Law enforcement.

Here's where GIGO really shines. Say you're a police department who is routinely accused of racist policing practices, and the reason for that is that your officers are racist as fuck.

You can solve this problem by rooting out racist officers, but that's hard.

Alternatively, you can find an empiricism-washer who will take the data about who you arrested and then make predictions about who will commit crime. Because you're feeding an inference engine with junk stats, it will produce junk conclusion.

Give the algorithm racist policing data, and will pat you on the back and congratulate you for fighting crime without bias. As the Human Rights Data Analysis Group writes: predictive policing doesn't predict crime, it predicts what the police will do.

As odious as predictive policing technologies are, it gets much worse. Because if you want to really double down on empiricism-washing, there's the whole field of phrenology – AKA "race science" – waiting to be exploited.

Here's how that works: you feed an ML system pictures of people who have been arrested by racist cops, and call it "training a model to predict criminality from pictures."

Then you ask the model to evaluate pictures of people and predict whether they will commit crimes.

This system will assign a high probability of criminality to anyone who looks like people the cops have historically arrested. That is, brown people.

"Predictive policing doesn't predict crime, it predicts what the police will do."

It would be one (terrible) thing if this was merely the kind of thing you got in a glossy sales-brochure. But it gets (much) worse: researchers who do this stupid thing then write computer science papers about it and get them accepted in top scholarly publications.

For example: "Springer Nature — Research Book Series: Transactions on Computational Science and Computational Intelligence" is publishing a neophrenological paper called "A Deep Neural Network Model to Predict Criminality Using Image Processing."

The title is both admirably clear and terribly obscure. You could subtitle it: "Keep arresting brown people."

A coalition of AI practitioners, tech ethicists, computer scientists, and activists have formed a group to push back against this, called the Coalition for Critical Tech.

As its inaugural action, the Coalition for Critical Technology has published a petition calling on Springer to cancel publication of this junk science paper.

The petition also calls on other publishers to adopt a promise not to publish this kind of empiricism-washing in the future.

You can sign it too.

I did.

This day in history (permalink)

#10yrsago A Canadian author's perspective on "radical extremism" and copyright

#10yrsago Viacom v Internet: round one to Internet

#10yrsago Captain Long Ears: kids' comic is part Calvin and Hobbes, part Tekkonkinkreet

#10yrago Canadian Heritage Minister declares war on copyright reformers

#10yrsago Gate guarded McMansion suburb in Walt Disney World

#5yrsago Outstanding paper on the impact of ebook DRM on readers, writers, publishers and distributors

#5yrsago Tie your shoes the Ukrainian way

#1yrago Good Omens is amazing

#1yrago Man-Eaters Volume Two: Fleshing out the world where girls turn into lethal werepanthers when they get their periods

#1yrago Texas Instrument's post-#taxscam budget for financial engineering is $5B — triple its budget for actual engineering

Colophon (permalink)

Today's top sources: Christopher Brown (, Four Short Links (, EFF Deeplinks (

Currently writing:

  • My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Yesterday's progress: 510 words (30196 total).

  • A short story, "Making Hay," for MIT Tech Review. Yesterday's progress: 361 words (2612 total)

Currently reading: Goliath, Matt Stoller.

Latest podcast: Someone Comes to Town, Someone Leaves Town (part 07)

Upcoming appearances:

Upcoming books: "Poesy the Monster Slayer" (Jul 2020), a picture book about monsters, bedtime, gender, and kicking ass. Pre-order here: Get a personalized, signed copy here:

"Attack Surface": The third Little Brother book, Oct 20, 2020.

"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden:; personalized/signed copies here:

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commerically, provided that you attribute it to me, Cory Doctorow, and include a link to

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy" DeVilla

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.