Pluralistic: 16 Mar 2021


Today's links



SMS security is flaming garbage (permalink)

Thanks to the bipartisan consensus that monopolies are good, actually, the entire wireless sector has merged into four companies, each more incompetent – and structurally important – than the last.

The combination of size, importance and incompetence is deadly indeed. These companies know where we go, who we talk to…everything about us. We entrust them with our public safety and national security. The person who hijacks your phone hijacks your life.

The carriers are so bad at this. Hence "SIM-swapping," where criminals bypass your SMS-based two-factor auth to break into your online accounts and steal everything you own, millions at a time, with help from badly paid and badly supervised insiders.

https://www.zdnet.com/article/wave-of-sim-swapping-attacks-hit-us-cryptocurrency-users/

It's not just crooked insiders who victimize us. The companies' top execs get in on the act. They sell your location data on the cheap, to anyone who'll pay for it – bounty hunters, skip-tracers…stalkers.

https://www.vice.com/en/article/nepxbz/i-gave-a-bounty-hunter-300-dollars-located-phone-microbilt-zumigo-tmobile

The whole industry is a trash-fire. It is built on badly conceived, badly overseen institutions like the Override Services Registry, maintained by Netnumber. The OSR is a powerful, industry-wide database that allows text messages to be redirected from one phone to another.

You'd hope that access to the OSR would be tightly controlled, limited to companies that exhibited the utmost prudence and sobriety, lest thieves hijack your SMS messages, read your secrets, and steal your 2FA codes in order to rob you blind.

Your hopes will be dashed, I'm afraid. There are many, many companies that can access the OTR as part of commercial SMS marketing services. They offer cheap and easy signup. Find one, give it your target's cellphone number, and your phone will get their texts.

Writing for Motherboard, Joesph Cox describes how a security researcher named Lucky225 was able to (consensually) divert his text messages after paying $16 to a company called Sakari.

https://www.vice.com/en/article/y3g8wb/hacker-got-my-texts-16-dollars-sakari-netnumber

This is a bowel-looseningly terrifying vulnerability. After Sakari was contacted for comment, they added the basic, obvious authentication step of calling the subscriber before diverting their SMSes. No fear, many of Sakari's competitors do not bother with this.

As my EFF colleague Eva Galperin told Cox, this is a timely reminder not to use SMS for two-factor authentication or any kind of sensitive message – switch to an authenticator and an encrypted messenging app that's totally isolated from the horrible, lazy, sloppy telcos.

Okey Systems, the security company where Lucky225 is Director of Information, has produced a tool that monitors whether your SMSes are being hijacked. This is a nice tool to have, but we should not need it.

https://okeymonitor.com/



The People's Parity Project (permalink)

During the Trump epoch, we heard a lot about "Federalist society judges," with the implication that something deep and structural and sudden was shifting in American law.

It was, but there's more to the story.

The Federalist Society is a conservative law movement that proclaims itself to be "originalists," dedicated to interpreting the Constitution according to the lights and intentions of the Framers who drafted it.

Of course, this is nonsense. Just as Biblical "literalists" cherrypick which parts of the Bible they adhere to (they're not eschewing figs, or mixed textiles, or beard-trimmers), Constitutional "originalists" ignore the parts of the Constitution that don't suit their agenda.

What agenda does the Federalist Society have? The same agenda that every conservative has: to elevate a small group of people who were destined to rule over the rest of us, who were destined to be ruled over.

As Corey Robin described in THE REACTIONARY MIND, that is the single factor that unites all the strains of conservativism, from Dominionism to Libertarianism to Monarchism to Imperalism: some are born to rule, others, to be ruled over.

https://global.oup.com/academic/product/the-reactionary-mind-9780190692001

The Federalist Society also satisfies two other definitions of conservative thought.

First, Steven Brust's: "If you think human rights are more important than property rights, you're not a conservative. If you think property rights are human rights, you are a conservative."

And second, Frank Wilhoit's: "Conservatism consists of exactly one proposition…There must be in-groups whom the law protects but does not bind, alongside out-groups whom the law binds but does not protect."

https://crookedtimber.org/2018/03/21/liberals-against-progressives/#comment-729288

The Federalist Society project was decades in the making: wealthy conservatives poured money into it, year after year, both in creating a Federalist pipeline at law-schools, then securing positions for baby Federalists in large firms and courts.

As the project of corrupting the courts bore fruit, producing elite-friendly, wealth-friendly decisions that reversed decades of progress against discrimination and exploitation, it gathered steam and supporters and became a lobbying priority across multiple industries.

The Trump appointments were a massive leap forward for the Federalists. Thanks to McConnell's stonewalling on appointing judges under Obama, there were many vacancies to fill, including a Supreme Court seat, when Trump took office.

Now, there's been a change in government and with it, the chance to mitigate the harms these dangerous, ideologue judges will wreak upon the American people as they strip them of their rights and hand more and more power to the wealthy people to whom they owe their power.

There's a mainstream counterforce to the Federalists, the American Constitutional Society, favored by establishment Democrats. The ACS are conservatives, too, in the Corey Robin sense – they differ from the Federalists in terms of whom they think should rule.

That's how the ACS came to seat Amazon's chief union-buster, Andrew DeVore, on his board. He was ousted after public outcry, but he's not unique or exceptional in the ACS's leadership and ideology. They believe in corporate rule as surely as the Federalists do.

But there's a third faction, one that's still nascent, even larval, but is nevertheless showing enormous promise: the Peoples Parity Project, which formed in 2018 amidst the #MeToo movement, first to address sexual predation in corporate law firms.

https://www.peoplesparity.org/

The major barrier to dealing with law-firm predators is that lawyers who sign up to work at these firms have to sign forced arbitration waivers, in which they surrender their right to sue in civil court.

Forced arbitration has become widespread since SCOTUS Federalists ruled in favor of it. It is what keeps Uber drivers and many other kinds of workers from suing over wage-theft, sexual abuse, discrimination, and a host of other ills.

Naturally, corporate law firms impose arbitration on their own staff.

Importantly, the PPP fought against forced arbitration not just for lawyers, but for blue-collar workers at large law-firms (predatory execs at these firms are just as happy to assault admin assistants).

This is rare, but growing, and is the most hopeful part of the new labor movement: white-collar, high-waged workers form solidarity with low-waged workers.

See, for example, the solidarity movement between Amazon techies and warehouse workers.

https://pluralistic.net/2020/04/14/abolish-silicon-valley/#hang-together-hang-separately

The PPP is less than three years old, but it's already making a difference. As Daniel Boguslaw writes for The American Prospect, these young lawyers have forced the largest corporate firms, like Kirkland and Ellis, to abandon arbitration.

https://prospect.org/justice/taking-on-corporate-law-in-both-parties/

They were key to a coalition that has proposed "a vetted suite of progressives for circuit court judgeships" to the Biden administration, and they've built out chapters at over a dozen leading law-schools, from Harvard to NYU to U Mich.

The sudden shift in law that followed Trump's judge appointments wasn't sudden at all – it was the swift culmination of a low, slow, patient project to turn America into an oligarchy, where the few rule the many, where the few are protected by the law, but not bound by it.

The Clintonian takeover of the Democrats and its transformation into a different kind of corporate conservative project meant that the Left version of this slow, patient transformation had no party support – it was incubated outside of the Dems.

But we are at a transformative moment, where the inequality emergency, the climate emergency, the pandemic emergency, the employment emergency, and the health care emergency are all converging.

It's a moment where long, slow patient projects can accelerate, where "ideas lying around" might be picked up and used. It's a moment we can't afford to squander.



Meet the new music boss, same as the old music boss (permalink)

In his 2020 book MONOPOLIZED, David Dayen describes a curious and brutal dynamic of monopolies: they breed monopolies.

"Consumer welfare," the dominant strain of antitrust for the past 40 years, has treated monopolies as innocent until proven guilty.

https://pluralistic.net/2021/01/29/fractal-bullshit/#dayenu

Companies are allowed to merge with competitors and create vertical silos, so long as no one can prove that doing so has raised prices. The only acceptable proof are the mathematical models invented by pro-monopoly economists, who are the foremost builders of these models.

Strangely enough, these models always prove that the monopoly is good, actually: not harming "consumer welfare." All potential mergers will provably not result in increased prices. All post-merger price-increases are provably not due to the merger.

Anyone who challenges these interpretations is derided for their ignorance of how these models work. Modern antitrust is a priesthood, and whenever a monopoly question arises, they slaughter an ox and read the future in its guts, which only they can interpret.

And strangely enough, the ox guts always favor monopoly.

Now, not all price-fixing can be waved away as unrelated to market concentration. In some cases, different companies in a sector will literally conspire to set prices, putting it down on paper.

When that happens, you don't need to make a model to show that price rises can be attributed to market power: you have the receipts.

This happens all the time. The record labels documented their CD price-rigging in the 90s, leading to a $67.3m settlement in 2002.

In 2012, the Big Six publishers colluded with Apple to raise ebook prices. They also put it in writing.

https://en.wikipedia.org/wiki/United_States_v._Apple_Inc.

In most of these cases, the price-fixing is only part of the story. What's actually going on is more complicated: a cartel of manufacturers are conspiring not merely to raise prices, but to fight the predatory practices of a monopolist somewhere else in the supply-chain.

With the labels, it was big box retailers like Walmart. With the publishers, it was Amazon. These monopolists had cornered significant customer-bases for the cartels' products, and the monopolists were squeezing their suppliers for all they were worth – literally.

Here's where it gets funky. Remember that monopolies are innocent until proven guilty, and it's impossible to prove them guilty. If six publishers' CEOs conspire to raise ebook prices, that's illegal. It's collusion.

If one of those six buys two of the others – if Random House buys Penguin and Simon & Schuster – then the former CEOs of those companies (now heads of divisions in a single company) can do exactly the same thing with little fear of legal reprisals.

Antitrust law rewards monopolies and punishes cartels, so members of cartels merge until they have monopolies.

Which brings me back to David Dayen and his book MONOPOLIZED. The industry Dayen analyzes to demonstrate this phenomenon is US health care.

In Dayen's telling, the first salvo was the mergers-to-monopoly in pharma, producing the Big Pharma giants we have today. These massive, consolidated firm started to lean on their customers, notably hospitals, price-gouging them on medicine.

Individual hospitals were powerless against this pressure: a single hospital that refuses to buy cancer meds at jacked-up prices doesn't get lower prices, it gets dead cancer patients.

But if hospitals teamed up to demand lower prices, that would be illegal price-rigging.

However, if the hospitals all merged into giant chains, they'd be able to push back in two directions. First, they could demand lower prices on drugs from Big Pharma, and second, they could pass on high prices to the insurance sector, which was still decentralized.

Again, the health insurers were not capable of pushing back as individual firms. When all the health care in a single ZIP code is provided by one chain of clinics, hospitals and ERs, an insurer can't declare them all out-of-network – not if it wants to keep its customers.

But once the insurers merged to monopoly, they not only got to push back against hospital price-gouging – they also got to charge higher premiums and deductibles, and they didn't have to worry about losing customers, because there was nowhere to go.

This is really a story of shit flowing downhill – pharma pushes hospitals who push insurers, who push…us. The patients and the front-line health-care workers, from custodians and cafeteria workers to nurses and MDs.

Monopoly breeds monopoly, with each sector of the supply chain concentrating to defend itself against the other sectors, and to exert market power over those sectors that aren't yet monopolized. The only part of the chain that can't organize are workers and customers.

Historically, workers organized in unions to push back against these leveraged assaults on their rights, but the US has all but prohibited unionization.

The public historically organized through politicians who fought for them, but unlimited corporate campaign contributions have made such fights a distant memory.

And so every sector starts to look like health-care: monopolized at every level except for labor and customers.

Writing in Wired today, Ron Knox from the antimonopoly Institue for Local Self-Reliance describes how this dynamic is playing out in music, where the new bosses are all the same as the old bosses.

https://www.wired.com/story/opinion-big-music-needs-to-be-broken-up-to-save-the-industry/

It's not merely the Big Three labels colluding to rip off artists, it's also the tech partners who control distribution, notably Spotify and Youtube.

To the extent that merged-up behemoths like UMG exercise their monopoly power to get more from these digital partners, those excess gains are stolen from the musicians who earned them.

For example, big labels do minimum payout deals with Spotify specifying that millions are owed to them each quarter – but then they accept lower per-stream royalties for their music on Spotify. The result is that massive sums of those guaranteed payouts are "unattributed."

Unattributed revenues are not owed to any artist, so the label gets to keep that money. It's flat-out wage-theft, and it demonstrates the bankruptcy of hoping that a change in monopolists will make lives better for their workforces.

All things being equal, UMG would like to shift as many dollars as possible off of Spotify's balance sheet onto its own. But UMG will not, on its own, hand a single penny of that to the artists whose work generated those dollars

Which is why Knox says we have to break up all these giants – the labels and the digital distribution monopolists, including Youtube and Spotify and Apple and Amazon.

But, Knox points out, that will not be enough.

Because it's not just recording and distribution that are monopolized – it's also performance venues and ticketing (Ticketmaster/Live Nation) and radio (Iheartradio/Liberty Media), whose monopolists are rapacious wage-stealers and fraudsters.

The market can't and won't fix this. Take live performance venues: the vast majority of these are expected to fail thanks to the covid shutdowns. The private sector has a plan to bail them out: former WME exec Marc Geiger raised a vast warchest to buy them for pennies.

He will consolidate them into…a monopolist to push back against the Ticketmaster/Live Nation monopoly. If he pulls it off, he may succeed in shifting many millions from Live Nation's balance-sheet to his own. He will not give any of it to performers if he doesn't have to.

Knox's (correct) conclusion is that we have to have antimonopoly enforcement across the entire supply chain, not just in one or two sectors – from social media to recording to payments to venues to streaming to radio, we have to break them up.

And that might just happen. Two high-profile Biden appointees, Tim Wu and Lina Khan, are on the absolute vanguard of the new antimonopoly movement. Amy Klobuchar's (flawed) antitrust bill goes further than any initiative in years.

And most of all, the musicians aren't alone here. The fight they're fighting is just a part of the fight we're all in: not just every kind of artist, but doctors and patients, cabbies and riders, farmers and eaters.

Our fights have different technical characteristics and different structural remedies particular to those characteristics, but they are, fundamentally, the same fight.

The fight against monopolies.



This day in history (permalink)

#20yrsago Fuckedcompany costs $75/month https://web.archive.org/web/20020204021213/http://www.kaplanindex.com/fsearch/commerce/purchase_form.php

#10yrsago Four Color Fear: delightful horror comics from the pre-Code era https://memex.craphound.com/2011/03/16/four-color-fear-delightful-horror-comics-from-the-pre-code-era/

#5yrsago Sheriff says rape kits are irrelevant because most rape accusations are false https://www.oregonlive.com/pacific-northwest-news/2016/03/rape_kit_system_unnecessary_si.html

#5yrsago Fuck Optimism https://littleatoms.com/society/cory-doctorows-manifesto-hope

#5yrsago Hack-attacks with stolen certs tell you the future of FBI vs Apple https://memex.craphound.com/2016/03/16/hack-attacks-with-stolen-certs-tell-you-the-future-of-fbi-vs-apple/

#5yrsago From dingo babysitter to net neutrality hero: Tom Wheeler’s legacy https://arstechnica.com/information-technology/2016/03/how-a-former-lobbyist-became-the-broadband-industrys-worst-nightmare/

#5yrsago Captured: a book of prison inmate drawings of CEOs and other too-big-to-jail criminals https://thecapturedproject.com/

#1yrago Italian hospitals fix their ventilators with 3D printed parts https://pluralistic.net/2020/03/16/tiktoks-secrets/#3dp-breathfree



Colophon (permalink)

Today's top sources:

Currently writing:

  • My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Yesterday's progress: 514 words (116169 total).

  • A short story, "Jeffty is Five," for The Last Dangerous Visions. Yesterday's progress: 276 words (8092 total).

  • A cyberpunk noir thriller novel, "Red Team Blues." Yesterday's progress: 1044 words (29927 total).

Currently reading: Analogia by George Dyson.

Latest podcast: Privacy Without Monopoly: Data Protection and Interoperability (Part 3) https://craphound.com/news/2021/02/28/privacy-without-monopoly-data-protection-and-interoperability-part-3/ 2

Upcoming appearances:

Recent appearances:

Latest book:


This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.


How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/web/accounts/303320

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla