Pluralistic: Podcasting "How To Make a Child-Safe TikTok"; Serializing the first chapter of Red Team Blues (17 Apr 2023)


Today's links



The exterior of a corporate office building, with the TikTok logo and wordmark over its revolving doors. From behind the revolving doors glares the hostile red eye of HAL9000 from Kubrick's '2001: A Space Odyssey.

Podcasting "How To Make a Child-Safe TikTok" (permalink)

This week on my podcast, I read my recent Medium column, "How To Make a Child-Safe TikTok: Have you tried not spying on kids?" The column was inspired by one of the most bizarre exchanges during the Congressional grilling of TokTok CEO Shou Chew:

https://pluralistic.net/2023/04/09/how-to-make-a-child-safe-tiktok/

If you heard anything about that hearing, it was likely this. Rep Buddy Carter, Republican of Georgia, demanded to know whether Tiktok used "the phone’s camera to determine whether the content that elicits a pupil dilation should be amplified by the algorithm?"

https://www.c-span.org/video/?526609-1/tiktok-ceo-testifies-house-energy-commerce-committee-hearing

Chew replied, "We do not collect body, face or voice data to identify our users. We do not." Carter pressed him, asking "How do you determine what age they are then?"

Chew said, "We rely on age-gating as our key age assurance." Carter assumed tuckercarlsonian expression of perplexity and asked for more information. Chew explained: "It’s when you ask the user what age they are." Carter was clearly baffled by this.

Chew added, "this is a real challenge for our industry because privacy versus age assurance is a really big problem." Carter interrupted him: "you keep talking about the industry, we’re talking about TikTok here."

This was a remarkable exchange, even by the standards of Congressional hearings on technology, a genre that includes "a series of tubes," "Senator, we run ads," and "Will you commit to ending finsta?"

Chew was completely and terribly correct, of course. The way that the entire industry complies with COPPA – the law that prohibits data-gathering on under-13s without parental consent – is by asking every used to tick a box that says "I am over 13." This is such an inadequate and laughable figleaf that the Congressdunderhead from Georgia can (possibly) be forgiven for assuming that "age verification" involved some kind of digital phrenology by way of facial scanning.

But beyond being yet another entry in the annals Congressional Pig-Ignorance On Tech, the exchange reveals a massive blind-spot about the entire business of kids' privacy, and the legislative intention of COPPA, a law passed in 1998, before the age of ubiquitous commercial internet surveillance – but not before people understood that this would be an important subject.

One thing to note here is how rare COPPA is. The US has very near to zero federal privacy laws. There's the Electronic Communications Privacy Act of 1986, which is about as up-to-date as you might imagine given that it was passed in 1986. Then there's the Video Privacy Protection Act of 1988, which bans video-store clerks from revealing which porn you (or more to the point, Members of Congress) have rented.

And then there's COPPA, which requires parental consent for data-gathering on pre-teens. And that's basically…it.

COPPA's got a checkered legislative history; a lot of the "parental consent" language is about ensuring that kids can't get access reproductive health information and services, but as with any contentious piece of lawmaking, COPPA passed due to a coalition with different priorities, and part of that coalition just wanted to make sure that companies weren't spying on kids.

Because – as both Buddy Carter and Shou Chew – can attest, it's really hard to get parental consent at scale. Like, how do you even know if you're talking to a kid's parent or guardian if you're not allowed to gather information on that kid? And how do you know if you're talking to a kid or an adult when you gather any information, on any user?

Even if facial recognition technology had been widespread in 1986, I think we can all agree that Congress's intent wasn't to "protect kids' privacy" by subjecting every child who used a computer to an invasive biometric scan. How could you comply with COPPA, then?

Well, one possibility is to never spy on users.

OK, not never. But only in very special circumstances – situations in which users would be willing to go through a reasonably thorough identification procedure. There are some situations in which it would be relatively straightforward to do this for parental consent, too: schools, pediatricians and libraries typically encounter children at the same time as their parents or guardians.

And for the rest of it, companies could just not spy.

The truly bizarre thing is how bizarre this suggestion comes across. It is essentially beyond the imagination of both Buddy Carter and Shou Chew that Tiktok could comply with COPPA by not gathering any user-data. After all COPPA, doesn't prohibit providing web access to under-13s without parental consent – it prohibits spying on under-13s.

It's not just Congressdunderheads and Tiktok CEOs who treat "don't spy on under-13s" as a synonym for "don't let under-13s use this service." Every tech product designer and every general counsel at every tech company treats these two propositions as equivalent, because they are literally incapable of imagining a surveillance-free online service.

Which is funny, given another part of the Congressional interview. Chew says, "The only face data that you’ll get, that we collect is when you use the filters that put, say, sunglasses on your face, we need to know where your eyes are." Carter interrupts him to say, "Why do you need to know where the eyes are if you’re not seeing if they’re dilated?" (my god this guy is horny for pupils).

Chew finishes, "and the data is stored locally on your local device and deleted after the use, if you use it for facial" (emphasis mine).

The Tiktok app could store the list of accounts you follow on your device and send requests to the Tiktok servers for their updates, and the servers could fulfill those requests without logging them. Your device could analyze the videos you interact with and ask the Tiktok servers for suggestions based on those criteria – again, without Tiktok logging your info.

There's no millennial prophet who came down off a mountain with two stone tablets circa 2002 and intoned, "Nerds of the world, thou shalt stop rotating thine logfiles, and lo! Thou shalt mine them for actionable market intelligence." There is nothing intrinsic to the idea of letting people talk to each other, or search the web, or look at videos, that requires surveillance. The surveillance is a choice, which necessitated hundreds of billions of dollars in capital expenditures, and which should have been understood as illegal under COPPA.

But COPPA hasn't been meaningfully enforced for a quarter of a century. That's because the ad-tech industry mobilizes some of the hundreds of billions of dollars it gains through spying to block privacy law enforcement and the passage of any new privacy laws. David Cohen, CEO of the surveillance lobby group IEA, told his members, "Extremists are winning the battle for hearts and minds in Washington, D.C., and beyond. We cannot let that happen."

His co-conspirators at the anti-privacy lobbying group Privacy For America (yes, really) told Congress that commercial surveillance saves every American $30,000/year – in other words, they value the data they steal from you every year at $30,000:

https://www.privacyforamerica.com/wp-content/uploads/2023/02/Privacy-for-America-Letter-in-Support-of-Preemptive-Comprehensive-Privacy-Legislation.pdf

But as Julia Angwin points out, this figure is as absurd as the name "Privacy for America." The number is pure fiction:

https://www.pnas.org/doi/10.1073/pnas.1815663116#abstract

It doesn't matter how much the data caught in the ad-tech industry's nonconsensual harvest is worth – all that matters is that it produces the surplus needed to keep privacy law enforcement and expansion at bay.

Tiktok shouldn't spy on our kids. Neither should anyone else. America doesn't need a law banning Tiktok, it's needs a law banning Tiktok's surveillance – as well as the surveillance of all its rivals:

https://pluralistic.net/2023/03/30/tik-tok-tow/#good-politics-for-electoral-victories

Because the Chinese state doesn't need Tiktok to spy on Americans. In the freewheeling, unregulated privacy "marketplace," all that data is for sale – Chinese spies can just plunk down their credit-cards next to everyone else who buys our data and mobilizes it to compromise us, market to us, and stalk us.

Here's the podcast episode:

https://craphound.com/news/2023/04/17/how-to-make-a-child-safe-tiktok/

And here's a direct link to the MP3 (hosting courtesy of the Internet Archive; they'll host your stuff for free, forever):

https://archive.org/download/Cory_Doctorow_Podcast_443/Cory_Doctorow_Podcast_443_-_How_To_Make_a_Child-Safe_TikTok.mp3

And here's the direct RSS link for my podcast:

https://feeds.feedburner.com/doctorow_podcast

(Image: Cryteria, CC BY 3.0; Vxla, CC BY 2.0; modified)



A squared-off version of Will Staehle's cover for the Macmillan edition of 'Red Team Blues.'

Serializing the first chapter of Red Team Blues (permalink)

My next novel is Red Team Blues, which comes out on Apr 25; it's easily the most "commercial" book I've ever written – a "grabby thriller" (to quote my publisher), or, as Molly "Web3 Is Going Just Great" White put it, "don't start reading it at bedtime if you have to be awake for something the next morning."

https://us.macmillan.com/books/9781250865847/red-team-blues

Red Team Blues is the story of Martin Hench, a 67 year old, near-retirement forensic accountant who specializes in unwinding Silicon Valley finance scams, who stumbles into the most dangerous job of his life. He gets embroiled in cryptocurrency heist that exposes the finance rot at the heart of tech and the way that it curdled the dream of technology as a force for connection and good.

I'll be doing a giant tour (San Diego, LA, Burbank, Berkeley, San Francisco, PDX, Mountain View, Vancouver, Calgary, Gaithursburg, DC, Toronto, London, Hay, Oxford, Manchester, Nottingham, Berlin); you can follow the upcoming dates in each day's edition of my Pluralistic newsletter; here's today's:

https://pluralistic.net/2023/04/17/have-you-tried-not-spying/#bragsheet

And to whet your appetite, I'm going to spend the next week or so syndicating the first chapter of Red Team Blues, starting today. In this installment, we meet Martin Hench and the Unsalted Hash, his "foolish and ungainly" tour bus, just as he's being roped in for the job of his career.

I hope you'll consider pre-ordering the book! And if you read the book, I hope you'll post a review or recommendation to your social media or blog. There is literally no greater favor you can do for a writer than to tell the people who trust your judgment about a book you enjoyed. It's gift more precious than gold.

Here's where US readers can pre-order the book:

https://us.macmillan.com/books/9781250865847/red-team-blues

Here's pre-orders for Canadians:

https://services.raincoast.com/scripts/b2b.wsc/featured?hh_isbn=9781250865847&ht_orig_from=raincoast

And for readers in the UK and the rest of the Commonwealth:

https://uk.bookshop.org/p/books/red-team-blues-cory-doctorow/7225998?ean=9781804547755

And now, here's today's serial installment:

One evening, I got a wild hair and drove all night from San Diego to Menlo Park. Why Menlo Park? It had both a triple-­Michelin-­star place and a dear old friend both within spitting distance of the Walmart parking lot, where I could park the Unsalted Hash, leaving me free to drink as much as I cared to and still be able to walk home and crawl into bed.

I’d done a job that turned out better than I’d expected—­well enough that I was set for the year if I lived carefully. I didn’t want to live carefully. The age for that was long past. I wanted to live it up. There’d be more work. I wanted to celebrate.

Truth be told, I also didn’t want to contemplate the possibility that, at the age of sixty-­seven, the new work might stop coming in. Silicon Valley hates old people, but that was okay, because I hated Silicon Valley. Professionally, that is.

Getting close to Bakersfield, I pulled the Unsalted Hash into a rest stop to stretch my legs and check my phone. After a putter around the picnic tables and vending machine, I walked the perimeter of my foolish and ungainly and luxurious tour bus, checking the tires and making sure the cargo compartments were dogged and locked. I climbed back in, checked my sludge levels and decided they were low enough that I could use my own toilet, then, finally, having forced myself to wait, sat on one of the buttery leather chairs and checked my messages.

That’s how I learned that Danny Lazer was looking for me. He was working the usual channels—­DMs from people who I tended to check in with when I was looking for work—­and it put a shine on my evening, because sixty-­seven or no, there was always work for someone with my skill set. Danny Lazer had a problem with his Trustlesscoin keys, which relied on the best protected cryptographic secrets in the world (nominally). So I messaged him. One rest stop later, just past Gilroy, I got his reply. He was eager to see me. Would I call on him at his home in Palo Alto?

My pathetic little ego swelled up at his eagerness. I told him I had a big dinner planned the next night, but I’d see him the morning after. Truth be told, putting off a man as important as Danny Lazer, even for twenty-­four hours, made me feel more important still. I could tell from his reply that the delay chafed at him. I felt petty, but not so much so that I canceled my dinner. My dear old friend was a lively sort, and it was possible we’d walk from the restaurant to her place for an hour or three before I returned to the Walmart parking lot.

Dinner didn’t disappoint, and neither did the fun and games afterward. It was a very nice capstone to a very successful job, and a very good prelude to another job for one of the nicest rich men (or richest nice men) in Silicon Valley.

Danny was old Silicon Valley, a guy who started his own UUCP host so he could help distribute the alt hierarchy and once helped Tim May bring a load of unlicensed firearms across state lines from a Nevada gun show. He’d lived like a monk for decades, writing cryptographic code and fighting with the NSA over it, and had mortgaged his parents’ house back east to keep himself and a couple of programmers in business in a tiny office for a decade while he and Galit lived in a thirty-­foot motor home that needed engine tuning once a month just so it could trundle from one parking space to the next.

It was a bet that there would come a day when the internet’s innocence would end and people would want privacy from each other and their governments, and he kept doubling down on that bet through every boom and bust, living on ramen and open cereal boxes from the used food store, refusing to part with any equity except to promising hackers who’d join him, and then the bet paid off, and he became Daniel Moses Lazar, with a 75 percent stake in Keypairs LLC, whose crypto-­libraries and workflow tools were the much-­ballyhooed picks and shovels of the next internet revolution. Keypairs wasn’t the first unicorn in Silicon Valley, but it was the first one that never took a dime in venture capital and whose sole angels were Danny’s parents back in Jersey, to whom Danny sent at least $100 million before they made him stop, insisting that they had nothing more they wanted in this world.

Galit picked out a big place in Twin Peaks that you could see Alcatraz from on a clear day, gutted it to the foundation slab, bare studs, and ceiling joists, completely rebuilt it while being mindful of both Danny’s specification for networking receptacles throughout, and Galit’s encyclopedic knowledge of the Arts and Crafts Movement. One day, as she was bringing out some Mendocino grig and a cheese board for the two of them to enjoy from their half-­built porch, she gasped, complained of pain in both arms, then her chest, and then she collapsed and was dead before the ambulance arrived.

It had been a good marriage: twenty-­two years and no kids, because there was nowhere in their old RV to put them unless they wanted to hang them from the rafters. She’d been his rock while he’d built up Keypairs, but he’d been hers, too, rubbing her feet and helping her deal with the endless humiliations that a woman doing administrative work in Silicon Valley had to put up with. He didn’t see it that way, though: after he took possession of her ashes, all he could talk about was how they’d wasted nearly a quarter of a century chasing a fortune that didn’t do either of them a bit of good, and it had cost them the time they could have spent in a beach shack in the Baja while he did two hours of contract work a month to pay for machete sharpening and new hammocks once a year.

A procession of Silicon Valley’s most powerful leaders and most respected technologists filed through the Palo Alto teardown they’d bought to perch in while the Twin Peaks project was underway. People who weren’t merely wealthy but famous for their vision, their sensitivity, their insight. They argued with him about his crushing regrets and tried to tell him how much good he’d done, both for Galit and for the world, but he was unreachable. A consensus emerged among the Friends of Danny that he was not long for this world. Not that he was going to kill himself or anything but that he would simply stop caring about living, and then nature would take its course.

They were right—­given all facts in evidence, that was a foregone conclusion. But there was one hidden variable: Sethuramani Balakrishnan, who was twenty-­five, brilliant, and had made a series of lateral moves within Keypairs: customer support, then compliance, and finally Danny’s PA, a job she was vastly overqualified for.

She helped him flip the house, then to turn Keypairs over to a management committee carefully balanced between hackers who’d been with Danny since the PDP-­8 days, people with real managerial experience and proven experience growing companies and running big teams. He got rid of all the shares he’d taken in over the years to sit on advisory boards and stuck everything into Vanguard index-­tracker funds—­the ones that didn’t buy a lot of tech stocks.

As far as anyone could tell, Sethu didn’t try to talk him out of any of this, just offered efficient, intelligent, and supremely organized help in getting Danny’s life’s work out of a realm in which it had to be actively managed by someone with Danny’s incredible drive, insight, and technical knowledge, and into an investment vehicle managed by an overgrown spreadsheet, one that would multiply his money ahead of the CPI, year on year, until someone built a guillotine on his lawn.

What Sethu did talk him into was buying a condo around the corner from that Palo Alto teardown, an eight-­story place, quiet, built on the grave of another Palo Alto teardown that had been snapped up by property developers in the glory days before NIMBY planning ended all high-­density infill within fifty miles of Stanford.


Hey look at this (permalink)



A Wayback Machine banner.

This day in history (permalink)

#20yrsago Why WiFi is crucial to the First Amendment https://www.eff.org/files/filenode/20030417_eff_fcc_spectrum_letter.pdf

#20yrsago Paul Allen building science fiction museum https://www.nytimes.com/2003/04/17/arts/sci-fi-shrine-for-seattle-complete-with-aliens.html

#15yrsago Secret history of Infocom’s abortive sequel to The Hitchhikers’ Guide to the Galaxy text adventure, Milliways https://waxy.org/2008/04/milliways_infocoms_unreleased_sequel_to_hitchhikers_guide_to_the_galax/

#15yrsago Bell Canada: We have to screw up other ISPs’ connections or our retail customers will suffer by comparison https://web.archive.org/web/20080420010807/http://www.canada.com/montrealgazette/news/story.html?id=3b50140e-610c-4245-a234-1ae04193a5f2&k=66930

#10yrsago Wired Magazine’s 1992 media kit https://brianstorms.com/2013/04/revisiting-the-original-1992-wired-media-kit.html

#10yrsago Med Express uses broken Ohio law to silence critics who say true things https://www.popehat.com/2013/04/15/the-popehat-signal-stand-against-rank-thuggery-in-ohio/

#5yrsago Trump radicalized teachers, now Republicans are saying they won’t vote for the party anymore https://theintercept.com/2018/04/17/teacher-strikes-west-virginia-oklahoma-kentucky-arizona/

#10yrsago Austin Grossman’s YOU: brilliant novel plumbs the heroic and mystical depths of gaming and simulation https://memex.craphound.com/2013/04/16/austin-grossmans-you-brilliant-novel-plumbs-the-heroic-and-mystical-depths-of-gaming-and-simulation/

#10yrsago Copyright enforcement as the New Prohibition: Andy Baio’s speech on fair use https://waxy.org/2013/04/the_new_prohibition/

#10yrsago American oligopolies are the new monopolies https://www.newyorker.com/tech/annals-of-technology/the-oligopoly-problem

#5yrsago Trump’s sweetheart tax deal for economically useless financial engineering triggers a stock buyback bonanza https://www.ft.com/content/5f062834-3f51-11e8-b9f9-de94fa33a81e

#5yrsago T-Mobile fined $40m for scamming rural users with Potemkin ring-tones https://arstechnica.com/information-technology/2018/04/t-mobile-deceived-customers-with-false-ring-tones-on-failed-phone-calls/

#5yrsago People with implanted neurostimulators are vulnerable to wireless attacks https://www.esat.kuleuven.be/cosic/publications/article-2803.pdf

#5yrsago Stego for Skrillex: hiding data in dubstep drops https://github.com/benjojo/dubstep-data

#5yrsago Security expert says she helped a casino whose high-roller database was stolen through an Internet of Shit fish-tank thermometer https://www.businessinsider.com/hackers-stole-a-casinos-database-through-a-thermometer-in-the-lobby-fish-tank-2018-4

#5yrsago The UK’s company registry finally prosecuted someone for setting up a fraudulent company, but it’s a whistleblower who told them he did it https://twitter.com/OliverBullough/status/985574754420654080

#5yrsago Nova Scotia filled its public Freedom of Information Archive with citizens’ private data, then arrested the teen who discovered it https://www.cbc.ca/news/canada/nova-scotia/freedom-of-information-request-privacy-breach-teen-speaks-out-1.4621970

#5yrsago Ajit Pai made Elizabeth Pierce his “broadband advisor,” and now she’s been arrested for a $250,000,000 fraud https://www.theverge.com/2018/4/16/17245010/elizabeth-pierce-fraud-charges-bdac-fcc-ajit-pai

#1yrago Ryan North's 'How to Take Over the World': Popular science as a series of supervillainous thought-experiments https://pluralistic.net/2022/04/16/they-laughed-at-me-in-vienna/#ill-show-them-all



Colophon (permalink)

Today's top sources:

Currently writing:

  • A Little Brother short story about DIY insulin PLANNING

  • Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. FIRST DRAFT COMPLETE, WAITING FOR EDITORIAL REVIEW

  • The Bezzle, a Martin Hench noir thriller novel about the prison-tech industry. FIRST DRAFT COMPLETE, WAITING FOR EDITORIAL REVIEW

  • Vigilant, Little Brother short story about remote invigilation. ON SUBMISSION

  • Moral Hazard, a short story for MIT Tech Review's 12 Tomorrows. FIRST DRAFT COMPLETE, ACCEPTED FOR PUBLICATION

  • Spill, a Little Brother short story about pipeline protests. ON SUBMISSION

Latest podcast: How To Make a Child-Safe TikTok https://craphound.com/news/2023/04/17/how-to-make-a-child-safe-tiktok/

Upcoming appearances:

Recent appearances:

Latest books:

Upcoming books:

  • Red Team Blues: "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books, April 2023

  • The Internet Con: A nonfiction book about interoperability and Big Tech, Verso, September 2023

  • The Lost Cause: a post-Green New Deal eco-topian novel about truth and reconciliation with white nationalist militias, Tor Books, November 2023


This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

The excerpt from Red Team Blues in this edition is all rights reserved.

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.


How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Medium (no ads, paywalled):

https://doctorow.medium.com/

(Latest Medium column: "How To Make the Least-Worst Mastodon Threads: (An opinionated guide) (for the perplexed)" https://pluralistic.net/2023/04/16/how-to-make-the-least-worst-mastodon-threads/)

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla