Pluralistic: Company that makes millions spying on students will get to sue a whistleblower; Red Team Blues Chapter 1, part four (20 Apr 2023)

Today's links

A girl working on a laptop. Her mouth has been taped shut. Glaring out of the laptop screen is the hostile red eye of HAL9000 from '2001: A Space Odyssey.' Behind them is a tattered, filthy, burned Canadian flag.

Company that makes millions spying on students will get to sue a whistleblower (permalink)

Yesterday, the Court of Appeal for British Columbia handed down a jaw-droppingly stupid and terrible decision, rejecting the whistleblower Ian Linkletter's claim that he was engaged in legitimate criticism when he linked to freely available materials from the ed-tech surveillance company Proctorio:

It's been a minute since Linkletter's case arose, so I'll give you a little recap here. Proctorio is a massive, wildly profitable ed-tech company that sells a surveillance tool to monitor students while they take high-stakes tests from home. The tool monitors the student's computer and the student's face, especially their eye-movements. It also allows instructors and other personnel to watch the students and even take control of their computer. This is called "remote invigilation."

This is ghastly in just about every way. For starters, Proctorio's facial monitoring software embeds the usual racist problems with machine-learning stuff, and struggles to recognize Black and brown faces. Black children sitting exams under Proctorio's gimlet eye have reported that the only way to satisfy Proctorio's digital phrenology system is to work with multiple high-powered lights shining directly in their faces.

A Proctorio session typically begins with a student being forced to pan a webcam around their test-taking room. During lockdown, this meant that students who shared a room – for example, with a parent who worked night-shifts – would have to invade their family's privacy, and might be disqualified because they couldn't afford a place large enough to have private room in which to take their tests.

Proctorio's tools also punish students for engaging in normal test-taking activity. Do you stare off into space when you're trying through a problem? Bzzzt. Do you read questions aloud to yourself under your breath when you're trying to understand their meanings? Bzzzt. Do you have IBS and need to go to the toilet? Bzzzt. The canon of remote invigilation horror stories is filled with accounts of students being forced to defecate themselves, or vomit down their shirts without turning their heads (because looking away is an automatically flagged offense).

The tragedy is that all of this is in service to the pedagogically bankrupt practice of high-stakes testing. Few pedagogists believe that the kind of exam that Proctorio seeks to recreate in students' homes has real assessment merit. As the old saying goes, "Tests measure your ability to take tests." But Proctorio doesn't even measure your ability to take a test – it measures your ability to take a test with three bright lights shining directly on your face. Or while you are covered in your own feces and vomit. While you stare rigidly at a screen. While your tired mother who just worked 16 hours in a covid ward stands outside the door to your apartment.

The lockdown could have been an opportunity to improve educational assessment. There is a rich panoply of techniques that educators can adopt that deliver a far better picture of students' learning, and work well for remote as well as in-person education. Instead, companies like Proctorio made vast fortunes, most of it from publicly funded institutions, by encouraging a worse-than-useless, discriminatory practice:

Proctorio clearly knows that its racket is brittle. Like any disaster profiteer, Proctorio will struggle to survive after the crisis passes and we awaken from our collective nightmare and ask ourselves why we were stampeded into using its terrible products. The company went to war against its critics.

In 2020, Proctorio CEO Mike Olsen doxed a child who complained about his company's software in a Reddit forum:

In 2021, the reviews for Proctorio's Chrome plugin all mysteriously vanished. Needless to say, these reviews – from students forced to use Proctorio's spyware – were brutal:

Proctorio claims that it protects "educational integrity," but its actions suggest a company far more concerned about the integrity of its own profits:

One of the critics that Proctorio attacked is Ian Linkletter. In 2020, Linkletter was a Learning Technology Specialist at UBC's Faculty of Education. His job was to assess and support ed-tech tools, including Proctorio. In the course of that work, Linkletter reviewed Proctorio's training material for educators, which are a bonanza of mask-off materials that are palpably contemptuous of students, who are presumed to be cheaters.

At the time, a debate over remote invigilation tools was raging through Canadian education circles, with students, teachers and parents fiercely arguing the merits and downsides of making surveillance the linchpin of assessment. Linkletter waded into this debate, tweeting a series of sharp criticisms of Proctorio. In these tweets, Linkletter linked to Proctorio's unlisted, but publicly available, Youtube videos.

A note of explanation: Youtube videos can be flagged as "unlisted," which means they don't show up in searches. They can also be flagged as "private," which means you have to be on a list of authorized users to see them. Proctorio made its training videos unlisted, but they weren't private – they were visible to anyone who had a link to them.

Proctorio sued Linkletter for this. They argued that he had breached a duty of confidentiality, and that linking to these videos was a copyright violation:

This is a classic SLAPP – a "strategic litigation against public participation." That's when a deep-pocketed, thin-skinned bully, like Proctorio, uses the threat of a long court battle to force their critics into silence. They know they can't win their case, but that's not the victory they're seeking. They don't want to win the case, they want to win the argument, by silencing a critic who would otherwise be bankrupted by legal fees.

Getting SLAPPed is no fun. I've been there. Just this year, a billionaire financier tried to force me into silence by threatening me with a lawsuit. Thankfully, Ken "Popehat" White was on the case, and he reminded this billionaire's counsel that California has a strong anti-SLAPP law, and if Ken had to defend me in court, he could get a fortune in fees from the bully after he prevailed:

British Columbia also has an anti-SLAPP law, but unlike California's anti-SLAPP, the law is relatively new and untested. Still, Proctorio's suit against Linkletter was such an obvious SLAPP that for many of us, it seemed likely that Linkletter would be able to defend himself from this American bully and its attempt to use Canada's courts to silence a Canadian educator.

For Linkletter to use BC's anti-SLAPP law, he would have to prove that he was weighing in on a matter of public interest, and that Proctorio's copyright and confidentiality claims were nonsense, unlikely to prevail on their merits. If he could do that, he'd be able to get the case thrown out, without having to go through a lengthy, brutally expensive trial.

Incredibly, though, the lower court found against Linkletter. Naturally, Linkletter appealed. His "factotum" is a crystal clear document that sets out the serious errors of law and fact the lower court made:

But yesterday, the Court of Appeal upheld the lower court, repeating all of these gross errors and finding for Proctorio:

This judgment is grotesque. It makes a mockery of BC's anti-SLAPP statute, to say nothing of Canadian copyright and confidentiality law. For starters, it finds that publishing a link can be a "performance" of a copyrighted work, which meant that when Linkletter linked to the world-viewable Youtube files that Proctorio had posted, he infringed on copyright.

This is a perverse, even surreal take on copyright. The court rejects Linkletter's argument that even Youtube's terms of service warned Proctorio that publishing world-viewable material on its site constituted permission for people to link to and watch that material.

But what about "fair dealing" (similar to fair use)? Linkletter argued that linking to a video that shows that Proctorio's assurances to parents and students about its products' benign nature were contradicted by the way it talked to educators was fair dealing. Fair dealing is a broad suite of limitations and exceptions to copyright for the purposes of commentary, criticism, study, satire, etc.

So even if linking is a copyright infringement (ugh, seriously?!), surely it's fair dealing in this case. Proctorio was selling millions of dollars in software to public institutions, inflicting it on kids whose parents weren't getting the whole story. Linkletter used Proctorio's own words to rebut its assurances. What could be more fair dealing than that?

Not so fast, the appeals panel says: they say that Linkletter could have made his case just as well without linking to Proctorio's materials. This is…bad. I mean, it's also wrong, but it's very bad, too. It's wrong because an argument about what a company intends necessarily has to draw upon the company's own statements. It's absurd to say that Linkletter's point would have been made equally well if he said "I disbelieve Proctorio's public assurances because I've seen seekrit documents" as it was when he was able to link to those documents so that people could see them for themselves.

But it's bad because it rips the heart out of the fair dealing exception for criticism. Publishing a link to a copyrighted work is the most minimal way to quote from it in a debate – Linkletter literally didn't reproduce a single word, not a single letter, from Proctorio's copyrighted works. If the court says, "Sure, you can quote from a work to criticize it, but only so much as you need to make your argument," and then says, "But also, simply referencing a work without quoting it at all is taking too much," then what reasonable person would ever try to rely on a fair dealing exemption for criticism?

Then there's the confidentiality claim: in his submissions to the lower court and the appeals court, Linkletter pointed out that the "confidential" materials he'd linked to were available in many places online, and could be easily located with a Google search. Proctorio had uploaded these "confidential" materials to many sites – without flagging them as "unlisted" or "private."

What's more, the videos that Linkletter linked to were in found a "Help Center" that didn't even have a terms-of-service condition that required confidentiality. How on Earth can materials that are publicly available all over the web be "confidential?"

Here, the court takes yet another bizarre turn in logic. They find that because a member of the public would have to "gather" the videos from "many sources," that the collection of links was confidential, even if none of the links in the collection were confidential. Again, this is both wrong and bad.

Every investigator, every journalist, every critic, starts by looking in different places for information that can be combined to paint a coherent picture of what's going on. This is the heart of "open source intelligence," combing different sources for data points that shed light on one another.

The idea that "gathering" public information can breach confidentiality strikes directly at all investigative activity. Every day, every newspaper and news broadcast in Canada engages in this conduct. The appeals court has put them all in jeopardy with this terrible finding.

Finally, there's the question of Proctorio's security. Proctorio argued that by publishing links to its educator materials, Linkletter weakened the security of its products. That is, they claim that if students know how the invigilation tool works, it stops working. This is the very definition of "security through obscurity," and it's a practice that every serious infosec professional rejects. If Proctorio is telling the truth when it says that describing how its products work makes them stop working, then they make bad products that no one should pay money for.

The court absolutely flubs this one, too, accepting the claim of security through obscurity at face value. That's a finding that flies in the face of all security research.

So what happens now? Well, Linkletter has lost his SLAPP claim, so nominally the case can proceed. Linkletter could appeal his case to Canada's Supreme Court (about 7% of Supreme Court appeals of BC appeals court judgments get heard). Or Proctorio could drop the case. Or it could go to a full trial, where these outlandish ideas about copyright, confidentiality and information security would get a thorough – and blisteringly expensive – examination.

In Linkletter's statement, he remains defiant and unwilling to give in to bullying, but says he'll have to "carefully consider" his next step. That's fair enough: there's a lot on the line here:

Linkletter answers his supporters' questions about how they can help with some excellent advice: "What I ask is for you to do what you can to protect students. Academic surveillance technology companies would like nothing more but for us all to shut up. Don’t let them silence you. Don’t let anyone or anything take away your human right to freedom of expression."

(Image: Ingo Bernhardt, CC BY 2.0; Cryteria, CC BY 3.0; Eleanor Vladinsky, CC BY 4.0; modified)

A squared-off version of Will Staehle's cover for the Macmillan edition of 'Red Team Blues.'

Red Team Blues Chapter One, part four (permalink)

My next novel, Red Team Blues, is nearly here! I start my tour on Saturday, with two appearances at the LA Times Festival of Books:

To kick things off, I'm serializing chapter one, where we meet Marty Hench, a 67-year-old, hard-charging forensic accountant with 40 years' experience busting Silicon Valley's most eye-watering scams, and learn about his last case – recovering a billion dollars' worth of cryptographic secrets.

Here's the previous installments:

Part one:

Part two:

Part three:

Here's where US readers can pre-order the book:

Here's pre-orders for Canadians:

And for readers in the UK and the rest of the Commonwealth:

And now, here's today's serial installment:

We built the system to be secure. You know me, I’m a paranoid old creep with a dirty mind, so everything I did, I did right. The keys were on an air gap system. I bought that system myself off a pile of boxed HP laptops at Fry’s just a couple of weeks before they closed their doors for good.”

“Rest in peace.”

“It was time. But back when you could go into Fry’s, you could pick up a laptop sealed in shrink-­w rap, carry it yourself to the cashier, pay cash for it, and walk out, stopping only to show your receipt to the poor door-­checker. Then you could take it to the data center, badge into the clean room, lay out your workbench, unscrew that sucker, and remove every single network interface with a pair of pliers, not just snipping the traces but ripping them right off the board.”

“Lucky you didn’t snap the board.”

He grimaced. “I did. I bought three of them so I could take a mulligan or two if I needed it. I only needed one spare, as it turned out. Then it went into a safe, a good safe, rated for three hours. There’s a watchman who makes physical rounds of every safe room, every two hours. And I locked up the BIOS with a hardware token. Steal that laptop, you’d still need my token.”

“And yet . . .”

“You know how they say anyone can design a security system that he himself can’t figure out how to break?”

“Schneier’s law.”

“Schneier’s law. Yeah. Someone smarter than I am figured it out.”

“The watchman?”

“No, though he might have been in on it. They fired him. The safe was opened, the laptop was gone.”

“And the hardware token?”

“You’ll love this.”

“I can’t wait.”

He tugged his forelock and adopted a broad Cockney accent that would have embarrassed Dick van Dyke. “Guv’nah, I was pickpocketed, so I was.”

“I don’t believe it. Pickpocketing is supposed to be a dead art. Who was working the scam, Apollo Robbins?”

He shrugged. “I don’t reckon so. But yeah, there’s plenty of Vegas acts that do pickpocketing stuff, and there’s a pretty big YouTube competitive pickpocket scene with tutorials. Plus, there’s the European talent, a lot of it, never really died out there. Covent Garden is like a plague reservoir for the pathogen, and you get an outbreak every year or two.”

“You had the hardware token on your key ring?”

“That day, I did. I’d been in the data center. Then we went to dinner. Hydra. The prix fixe. The chef’s table is nice, but the taster menu gets you the octopodi. Someone bumped me between the data center and my front door.”

“Oof,” I said. “Did you have to ring the downstairs neighbor’s doorbell and climb out on their balcony?”

“Don’t be stupid,” he said. “In the first place, Sethu has her own keys. In the second place, the outside doors here are locked and armed when we’re AFK.”

I’d noticed the locks on the outside doors, and the break sensors, and the cameras—­both the covert and overt ones. There were probably some I’d missed. I wouldn’t put it past Danny to have a lidar rig in the shrubs, something to help the system distinguish between cat burglars and house cats.

“The watchman from the data center,” I said. “That’s your guy. Probably not the mastermind, but he’ll be the key to it all.”

“Looks like they socially engineered him. Matched him on Tinder, messaged him, Oh, is that where you work? I’m just around the corner—­want to meet me for a quick boba tea?

“Catfished. Honey trap.”

He sighed. “Yeah. It was a good one.”

“You reported the theft?”

“The insurance company will pay for a new laptop, which, frankly, I don’t need, because I already have the spare I bought when I was going through the whole rigamarole to set up the air gap. But that’s not the valuable part.”

“No, it isn’t. How about the keys?”

“Yeah, how about them?”

“First, have you warned your source that you lost them, so they can tell Apple and Samsung and all the other manufacturers that rely on those secure enclave chips? And second, have you warned your users that their money isn’t safe?”

He looked over at Sethu, at Palo Alto, at his lemonade glass, and at the clouds in the sky. Long looks. The silence spoke volumes.

“How much money is the Trustlesscoin ledger worth, Danny?”

He looked me dead in the eye now. “About a billion.”

We’d already been talking about trillions, so I shouldn’t have been shocked. But tech founders are always throwing around big numbers, and I’ve developed the mental habit of knocking a few zeroes off any claims about “total addressable markets.”

Trustlesscoin was the new crypto on the block. My unconscious estimate of its value was in the low tens of millions, which is also a big number, but not a billion.

“A billion here, a billion there—­”

He cut me off. “Pretty soon, it starts to add up to real money. Yeah, I know, Marty. Don’t joke, you’re not good at it.”

“When did you lose the keys?”

He checked his watch—­a mechanical one, not ostentatious, an old wartime Rolex, from when men’s Oysters were the size of a nickel, not these giant tourbillon monstrosities that cost a million bucks and looked like a poor man’s idea of a rich man’s watch. “Seventy-­four hours and thirty minutes ago.”

“Give or take.”

“You’re not good at comedy, Marty. We’ve established that.”

“What fallout has there been?”

“Not much,” he said. “In fact, maybe none. We have a pretty good statistical picture of what normal Trustless transaction activity looks like, and nothing has rung the alarm bells yet.”

“Yet. But maybe not ever. Maybe they can’t figure out how to exploit what they got.”

“Or maybe they’re biding their time. Or running an old-school salami-­slice grift, shaving a lot of pennies, getting ready to cash out.”

“Can you block that? They have to convert Trustlesscoins into fiat to get away with it, right?”

“They do, but we can’t stop them. We’re on every major exchange, not just to other tokens but also a bunch of different kinds of fiat and stablecoins. How do you think we got to a billion dollars so quickly? Trustless is both highly liquid and highly efficient. That’s why it’s the future of finance.”

“And money laundering.”

For a second, I thought he was going to throw his lemonade glass, dash it to the cool flagstones of his roof garden. He took a deep breath and then another and then set the glass down. “And money laundering. Marty, stop fucking with me. I am keenly aware that there are money launderers using my service. That has been apparent since the start. Some of these money launderers are very far away and would struggle to reach me if my technology did something to upset them. Some of them are closer.”

He shook his head violently. “Marty, I am shitting bricks here. There’s another shoe getting ready to drop, and when it does, I’m going to go down with it. Hard. I’m not just talking about losing my reputation and my fortune, I’m not just talking about ruining the life of that woman over there who dragged me back from the brink. I’m talking about being targeted for physical violence by unreasonable, sadistic, powerful criminal men who amassed their fortunes by spilling an ocean of blood and who cannot be placated. Nor can they be fended off, not unless I want to live my life inside a bunker.

“I don’t know who stole those keys, Marty. I shouldn’t have had them in the first place. I am now in a position where everything I hold dear is on the line, and so I called you. You and I go way back, you’re my friend and I trust you, but I didn’t call you because I wanted to cry on your shoulder.”

“You called me because you think I can get the keys back.”

“Bullshit. I called you because I’m desperate. I don’t think anyone can get those keys back. I think that inside of a month, everything I care about will be in ruins. Major technology platforms that depend on secure enclaves for things way beyond Trustlesscoin will be exposed because of my recklessness, and they will be fucked. Secure enclaves are designed to be tamper-proof. You try to take one off a board the way I did with those air gap laptops’ network interfaces and you render them permanently inoperable. They can’t be field updated. They have no flashable BIOS. A vulnerability in a secure enclave is permanent.

“But the trillions of dollars in damage that I will do to the largest tech companies in the world will not worry me, because I will either be on the run or dead. Not a good death, either, Marty.

“So I called you because before that happens, I plan on exhausting every avenue of mitigation available to me.”

“If I recover them?”

He snorted. “You do that, you might save my life and rescue a third of the top performers on the S&P 500 from their worst earnings call since the Great Financial Crisis.”

Hey look at this (permalink)

A Wayback Machine banner.

This day in history (permalink)

#10yrsago San Diego cop smashes phone & beats up suspect: “Phones can be converted to a weapon. Look it up online.”

#5yrsago China escalates the war on jaywalkers with automated shouting laser/squirtguns tied to motion-sensors

#5yrsago Koch-backed climate deniers are exploiting the reproducibility crisis to discredit climate science

#5yrsago The FDA is finally doing something about the medical device security dumpster-fire

#5yrsago Palantir has figured out how to make money by using algorithms to ascribe guilt to people, now they’re looking for new customers

#5yrsago Last summer, Southwest tried to kill a rule that would have tightened up engine fan blade inspections

#5yrsago Arizona is about to get its first statewide teachers’ strike

#5yrsago Wells Fargo loses teachers’ union business after it pledges its eternal loyalty to gun manufacturers

#5yrsago Wells Fargo fined $1B for stealing cars and jacking houses

#1yrago Undetectable backdoors for machine learning models

Colophon (permalink)

Today's top sources:

Currently writing:

  • A Little Brother short story about DIY insulin PLANNING

  • Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. FIRST DRAFT COMPLETE, WAITING FOR EDITORIAL REVIEW

  • The Bezzle, a Martin Hench noir thriller novel about the prison-tech industry. FIRST DRAFT COMPLETE, WAITING FOR EDITORIAL REVIEW

  • Vigilant, Little Brother short story about remote invigilation. ON SUBMISSION

  • Moral Hazard, a short story for MIT Tech Review's 12 Tomorrows. FIRST DRAFT COMPLETE, ACCEPTED FOR PUBLICATION

  • Spill, a Little Brother short story about pipeline protests. ON SUBMISSION

Latest podcast: How To Make a Child-Safe TikTok

Upcoming appearances:

Recent appearances:

Latest books:

Upcoming books:

  • Red Team Blues: "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books, April 2023

  • The Internet Con: A nonfiction book about interoperability and Big Tech, Verso, September 2023

  • The Lost Cause: a post-Green New Deal eco-topian novel about truth and reconciliation with white nationalist militias, Tor Books, November 2023

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to

The excerpt from Red Team Blues in this edition is all rights reserved.

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Medium (no ads, paywalled):

(Latest Medium column: "How To Make the Least-Worst Mastodon Threads: (An opinionated guide) (for the perplexed)"

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla