Pluralistic: 21 Feb 2022

Today's links

A flooded suburban American street; a partially submerged Swiss flag sits in the foreground; atop the flag dances a version of Monopoly's Rich Uncle Pennybags, who has removed his face to reveal a grinning skull.

A(nother) massive Swiss banking leak (permalink)

Look, there's been another massive banking leak, this one from Credit Suisse, showing complicity in laundering money for the world's greatest monsters: human traffickers, despots, criminals. They're calling it Suisse Secrets.

They had to call it that, because Swiss Leaks was already taken, for the 2015 UBS leaks that revealed UBS's complicity in the same fucking thing.

As Jeffrey Neiman – lawyer for the Credit Suisse whistleblowers – told the Guardian, "How many rogue bankers do you need to have before you start having a rogue bank?" I'd add, given that this rot extends beyond Credit Suisse to UBS and undoubtably further, "How many rogue banks do you need to have before you start having a rogue banking system?"

The friend who emailed me about this wrote, "After so many of these, I am accepting that these leaks don't matter, and that those in power don't actually want to fix the system. Sunlight isn't doing any disinfecting at all."

He's not wrong, but that's not the whole story.

The problem isn't the transparency, it's the inaction.

Their money laundering revealed in Suisse Secrets abetted the worst criminals on Earth, like Nigerian dictator Sani Abacha, who looted $5b from his people and laundered hundreds of millions (or more) through Credit Suisse. Abacha is in good company – CS also laundered for the Marcoses and their bagman, and other looters from Syria to Madagascar.

Also mafiosi, killers, human traffickers, embezzlers, fraudsters, corrupters and worse. Given the facts laid out in the Guardian story (and stories in partner outlets like Süddeutsche Zeitung), there is no question that Credit Suisse knew whose money they were handling, and knew just how dirty it was.

What's more, the reporting makes it abundantly clear that Swiss banking secrecy is designed and maintained for the express purpose of laundering this blood money. Despite Swiss officials' claims to have ended banking secrecy, the country is still a rogue state, a criminal haven. It's not only failing to end money-laundering, it's encouraging it: Switzerland is broadening its banking secrecy law to allow it to punish whistleblowers who reveal the nation's role in global finance crime:

To my friend's point, we kind of knew all of this. The leaks – SwissLeaks, LuxLeaks, IRS Files, Panama Papers, Paradise Papers, Pandora Papers – keep revealing that the marble facades of the world's greatest banks are holding back oceans of blood and misery:

We haven't done anything about it.


500 new billionaires were minted in 2020. Then it got worse. There's a new billionaire being minted every 17 hours:

Behind every great fortune is a great crime:

It's a nightmare and it shows no sign of ending.

Knowing about it isn't enough. But knowing about it is a start.

The knowledge we've gained from the reporting on these leaks – reporting at great expense and risk, which has resulted in a journalist's assassination – isn't the reason for the inaction.

Indeed, if the action ever comes, it will be because of this reporting. You can't solve a problem until you know it exists.

A truism of the free/open source world is that "with enough eyeballs, all bugs are shallow." That is, with enough scrutiny, a solution will emerge.

That idea came under enormous strain with 2014's Heartbleed Bug. It turned out that a widely used free/open piece of web-server infrastructure had a longstanding bug, just hanging out there in plain sight. The code was there for anyone to scrutinize, but no one had looked hard enough to find it.

That was a wakeup call for the community. It wasn't enough to simply publish sourcecode for important infrastructure. We had to build and fund systems that would audit that code. Having the code where anyone could see it would make their job easier, but the job wouldn't do itself.

We got lucky with Heartbleed. The good guys found it before it was ever exploited in the wild, and they coordinated a massive, global upgrade that patched the majority of webservers before the bug was disclosed.

But we didn't get so lucky the next time. When the Log4j bug was discovered last November, it was already too late. We'd hit snooze on Heartbleed's wakeup call and holy shit had we ever overslept:

Competent, serious people are worried about the vulnerabilities presented by the software that underpins our digital world, but none of them argue that the problem with that software is that it's available for inspection. The problem is that we don't inspect or act on it in a systemic, coordinated way. We don't take it seriously.

We should take it seriously.

The problem isn't that we know about these deep and worrying flaws. The problem is that we're not doing anything about them. Knowing these specifics – whether it's Log4j or SuisseSecrets – is the necessary, but insufficient condition for change.

These leaks are claim-checks on the people who sold us out. Someday, we'll collect on them.

(Image:, modified)

A giant in a suit leans on a basketball net, holding a giant ball (which has been replaced by the menacing, glowing red eye of HAL9000); two normal sized people stand in one corner, glaring up at him.

The people's disruption (permalink)

"Innovation" is in very bad odor these days. "Disruption" is even more disreputable. But as tech and the global south researcher Rida Qadri writes in Wired, "innovation" isn't limited to inventing unregulated banks and calling them "fintech" and "disruption" is more than just misclassifying employees as contractors.

Qadri studies workers who are seizing the means of computation, reverse-engineering and repurposing the apps that are meant to keep them in bondage and figuring out how to set themselves free. Her research on gig drivers in Jakarta is essential reading:

Indonesian drivers have banded together to build clubhouses that serve as break-rooms, union halls, tech workshops and scooter maintenance depots. These centers are the birthplace of "tuyul" apps, which allow workers to resist algorithmic "optimization" and adapt their working conditions to improve their pay and safety.

In her Wired piece, Qadri gives examples of other "tech workers" – that is, low-waged, casualized workers who are dispatched and managed by apps – who use technology to take back control, from "farmers who strike against a smart city plan" to riders who band together to get back their stolen scooters.

This is mutual aid, with code. It is every bit as innovative and disruptive as Uber or Amazon, but because it is done by workers, rather than to workers, it is not recognized as such. Indeed, when workers modify the apps that script their movements, they're called "criminals," not "innovators."

Take Doordash's smear campaign against Para, an app that let delivery drivers find out how much a job paid before they took it (Doordash hides compensation from drivers in hopes of tricking them into taking unprofitable runs):

Doordash called Para a criminal app, baselessly accused it of identity theft, and insisted that drivers had no right to know how much they were going to get paid before they committed to a job.

But as Para shows, seizing the means of computation is an important strategy for workers seeking a better life. The tactics of Adversarial Interoperability (AKA Competitive Compatibility or Comcom) can transfer power from Goliaths to Davids:

But the soi-disant disruptors of the business world will not tolerate being disrupted themselves. Uber is content to skirt labor, safety and transportation policy, but would scream bloody murder if drivers and riders hacked the app to make it obsolete:

(Image: Hugh D'Andrade/EFF and Cryteria, CC BY 3.0; modified)

This day in history (permalink)

#20yrsago Science fiction without the future

#20yrsago Vegas is decadent again
#20yrsago Thin-skinned Mike Harris brings $15m libel suit against the Globe and Mail

#20yrsago The Betamax decision, demystified

#15yrsago Odeo for sale
#15yrsago Pay-per-use electricity in Dallas/Fort-Worth airport

#15yrsago MSU forces students to watch RIAA videos

#15yrsago Understanding what a progam can do

#10yrsago Leaked climate-change denial lobby docs came from water scientist

#5yrsago It’s very hard to maintain an anonymous Twitter account that can withstand government-level attempts to de-anonymize it

#5yrsago “Europe’s last dictator” finally finds the limits to power: taxing the unemployed during a recession

#5yrsago A Clinton-era tech law has quietly, profoundly redefined the very nature of property in the IoT age

#1yrago The Paltrow-Industrial Complex: How Goop is cashing in on covid

#1yrago Facebook vs Australia: It's not a link-tax, it's collective bargaining

#1yrago K-shaped recovery vs wealth taxes: Evita's spectre is haunting Argentina

#1yrago Tech trustbusting's moment has arrived

Colophon (permalink)

Today's top sources: Bruce Schneier (

Currently writing:

  • Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. Friday's progress: 500 words (64956 words total).

  • Vigilant, Little Brother short story about remote invigilation. Friday's progress: 281 words (1618 words total)

  • A Little Brother short story about DIY insulin PLANNING

  • Moral Hazard, a short story for MIT Tech Review's 12 Tomorrows. FIRST DRAFT COMPLETE, ACCEPTED FOR PUBLICATION

  • Spill, a Little Brother short story about pipeline protests. FINAL DRAFT COMPLETE

  • A post-GND utopian novel, "The Lost Cause." FINISHED

  • A cyberpunk noir thriller novel, "Red Team Blues." FINISHED

Currently reading: Analogia by George Dyson.

Latest podcast: The Internet Heist (Part II)
Upcoming appearances:

Recent appearances:

Latest book:

Upcoming books:

  • Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin, nonfiction/business/politics, Beacon Press, September 2022

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Medium (no ads, paywalled):

(Latest Medium column: "We Should Not Endure a King: Antitrust is a political cause, not an economic one"

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla