Today's links
- Mexico's new copyright vs cybersecurity: Trump's copyright law makes Mexico's devices unauditable attack surfaces for the world's cyber-arms-dealers.
- Google destroys yet more smart-glasses: Glassholes love company.
- Solar heroin: Afghan solar adoption, the heroin market, and the future of energy and agriculture.
- Why sweat smells: Go home, staphylococcus hominis, you're drunk (on Cys-Gly-3M3SH).
- Interop to the rescue: The role for interoperability in addressing tech's competition crisis.
- This day in history: 2019
- Colophon: Recent publications, upcoming appearances, current writing projects, current reading
Mexico's new copyright vs cybersecurity (permalink)
Mexico's new copyright law was rushed through its Congress without debate or consultation, copy-pasting the US copyright system into Mexican law as though America's system was working perfectly.
https://www.eff.org/deeplinks/2020/07/mexicos-new-copyright-law-puts-human-rights-jeopardy
The law poses grave risks to Mexicans' human rights, especially (and most obviously), their right to free expression.
https://www.eff.org/deeplinks/2020/07/how-mexicos-new-copyright-law-crushes-free-expression
But perhaps even more urgent is the impact this law will have on the Mexicans' cybersecurity: the security of their devices and thus the integrity of their data and even their personal safety:
https://www.eff.org/deeplinks/2020/07/mexicos-new-copyright-law-cybersecurity-and-human-rights
The new law imports the USA's "anti-circumvention rule" – a rule that makes it both a criminal and civil matter to tamper with the "technical protection measures" that restrict access to a device, even if it's your device, and even if you're not infringing copyright.
This law has been a serious impediment to independent security audits – when a researcher investigates the devices we're using, to ensure that they aren't leaking our data or exposing us to risk – say, by allowing hackers to send lethal shocks to our implanted pacemakers.
That's because security testing often involves bypassing a TPM to get at the device's internals, and the output of those tests is often "proof of concept" code, which incontrovertibly demonstrates the defects, overriding any denials from the manufacturer.
Both of these run afoul of both US and (new) Mexican copyright law, and since the only way to determine whether a system is secure is to subject it to independent scrutiny, this leaves devices vulnerable to serious attacks with real consequences.
Mexicans have direct experience with this. Pegasus, a digital weapon sold by the arms dealer NSO Group, was used to attack independent journalists, anti-sugar campaigners, and even young children:
https://threatpost.com/pegasus-spyware-targets-investigative-journalists-in-mexico/139424/
The same weapons were implicated in the Saudi kidnapping, murder and dismemberment of Jamal Khashoggi; they rely upon lingering security defects in devices that the arms dealers exploit and sell to dictators and wealthy thugs.
Like the US law, the Mexican law contains an "exemption" for security research; in fact, it is nearly a verbatim translation of the US clause. That exemption is entirely useless. How useless? In 22 years, no one in the USA has ever managed to use it.
And in case there was any doubt, the US Copyright Office has officially acknowledged the insufficiency of this exemption and has created larger, more explicit carve outs (that are still insufficient).
The US law lets the Copyright Office make these changes; the Mexican law not only does not define a process for fixing these overreaches, it's also starting without the USA's 22 years' worth of exemptions.
No nation can afford to tie the hands of cybersecurity researchers. Mexico's lawmakers could have easily written a law that accommodated security – all they'd have had to say was, "None of this applies unless you're infringing someone's copyright." They didn't.
Now it's down to the National Commission for Human Rights, which has until Jul 31 to announce that it is reviewing the law. If you are in Mexico or are Mexican, here's a petition to the Commission:
https://participa.nicensuranicandados.org
Google destroys yet more smart-glasses (permalink)
Late last June, Google bought out "North," a tech company based in Waterloo, ON, which manufactured "Focals," a line of "smart glasses." A month later, the company is turning off the servers the glasses rely on, bricking every pair they ever sold.
https://support.bynorth.com/hc/en-us/articles/360045128691
The company is refunding its customers' money, but this is cold comfort for many. As I said when Microsoft revoked every ebook it ever sold by shutting off its DRM server:
"When I was a bookseller, nothing I could do would result in your losing the book that I sold you. If I regretted selling you a book, I didn't get to break into your house and steal it, even if I left you a cash refund for the price you paid."
https://boingboing.net/2019/06/28/jun-17-2004.html
Why would Google do this? The company stonewalled CTV News, but we can make some guesses.
First, Google is incredibly bad at making wearable products. They've spent hundreds of millions on glasses and watches and they all sucked and flamed out.
Historically, companies that were bad at something would lose to companies that were good at it. But in the new Gilded Age, where we no longer enforce antitrust laws, companies that are bad at things can buy up companies that are good at them, a monopolistic tactic.
Google's buying a lot of wearable companies, like Fitbit. They have a buyer's market, because the company has stockpiled billions by maintaining the absurd pretense that it was headquartered somewhere in the Irish Sea, in a state of tax-free bliss.
https://pluralistic.net/2020/05/20/oil-in-the-cloud/#buying-things
This isn't an advantage that its nascent rivals enjoy – until you have billions, you can't hide billions, because the enablers who create trusts and Double-Irish Dutch Sandwiches and other polite names for "fraud" are not interested in your business.
Google – and other Big Tech companies – literally buy companies more often than I buy groceries. This is by design: the companies have used monopolistic tactics to effectively foreclose on the possibility of their being unseated.
https://pluralistic.net/2020/05/16/labor-investors/#big-goog
As a result, the "exit" that most founders and investors seek from tech startups is acquisition – generally an "acqui-hire," where a company is purchased for its engineering team. The product is scrapped and the team become employees.
The "acquisition" fee is really just a hiring bonus, with a finder's fee to the "investors" disguised as a share purchase. America's tech investors are largely headhunters, a glorified, inefficient job-placement service.
And the "products" that the "investors" pay "founders" to make aren't really products: they're portfolio pieces, a post-grad project to prove that you can execute a product design.
The product was never intended to be used by humans – you, the customer, are simply a proof-of-concept. It's a wasteful, idiotic system that throws billions at imaginary products for the purpose of shifting fractional points from Big Tech's balance sheets to investors.
Solar heroin (permalink)
For a glimpse of the future of agriculture and energy, check out Justin Rowlatt's fascinating article on the role of solar energy in Afghan heroin cultivation, a booming phenomenon that has boosted yields from a single annual harvest to two or three.
https://www.bbc.com/news/science-environment-53450688
As Rowlatt points out, there's only one reason that the heroin industry changes: to increase its profits. The switch to solar in war-torn Helmand is driven by the plummeting price of solar energy, not local subsidies or climate concerns.
Which is not to say that climate and subsidies aren't playing indirect roles here. Part of the reason solar panels are so cheap is that they scaled up thanks to subsidies elsewhere, like Germany and the USA; those countries' subsidies drove R&D; and production efficiencies.
The solar is driven by droughts, which send farmers questing for water with deep wells, draining nonrenewable fossil aquifers. In theory, farmers elsewhere could use solar to power desalinators, but that has its own climate consequences (salt flushed into coastal waters).
And while Helmand's farmers don't just grow opium poppies – one farmer featured in the article also grows tomatoes – the global flood of cheap heroin has real humanitarian consequences (of course).
But all of that doesn't change the essential fact illustrated by solar uptake among these poor, illegal, desperate businesses: solar is cheap and easy. In the Lashkar Gah market, "solar panels are stacked 3 storeys high."
"And what the changes in Afghan opium production show us is that having a source of power independent of any electricity grid – or fossil fuel supplies – can bring significant innovation."
Why sweat smells (permalink)
In "The molecular basis of thioalcohol production in human body odour," biologists from the University of York trace human body odor to a metabolite of the enzyme Cys-Gly-3M3SH when it is consumed by the bacterium staphylococcus hominis.
https://www.nature.com/articles/s41598-020-68860-z
The source of the "pungent, cheesy, oniony smell" has been something of a mystery because thioalcohols – the smelly substance – are not produced by most of our the microorganisms in our skin biomes. The team isolated the source of thioalcohols as a waste product of staph h.
The enzyme Cys-Gly-3M3SH is released by our apocrine glands – the sweat glands associated with hair follicles that cluster densely in armpits, genitals and nipples – from puberty onwards.
In theory, this opens the way to new deodorants that narrowly target a single component of our microbial nations, rather than the current scorched-earth microbicidal approach (or its even worse alternative, plugging our sweat glands).
Interop to the rescue (permalink)
In a major new paper, just released as a preprint, the eminent UK computer scientist and digital rights campaigner Ian Brown makes the case for "Interoperability as a tool for competition regulation."
https://osf.io/preprints/lawarxiv/fbvxd
The paper pulls together many of the recent interventions on the subject into a single, readable, brief summary that makes for an excellent overview – I'm not saying you shouldn't read the CMA's magesterial 450 page report, but realistically…
https://www.gov.uk/government/news/new-regime-needed-to-take-on-tech-giants
Brown starts by describing interop – an often slippery topic – in concrete terms, giving familiar examples from existing tech (eg SMS) and then describing how interop could open Big Tech's silos up.
He summarizes leading economists' views on the effects of interop on competition, presenting both pro- and con- arguments (the pro arguments are MUCH better, but then reality has a well-known leftist bias).
He then presents a taxonomy of types of platforms:
- Gatekeepers: "control access between businesses and potential customers"
-
Conglomerates: "companies with a broad range of sometimes weakly-related businesses"
-
Ecosystems: "collections of services connected via privileged channels not fully available to competitors"
This is a jumping-off point for concepts from competition scholarship: "complementary innovation," "homogenization," "static vs dynamic effects" – the ways that companies interpenetrate each others' products/services for good and ill.
Having covered the economic dimension, Brown turns to the social consequences of interop: as covid showed us, platform dominance has a profound effect on our social lives, with choices made by tech giants redounding to every facet of our digitally mediated, locked down lives.
Competition economists since Thatcher and Reagan have largely dismissed these consequences, focusing solely on short-term price increases as the only reliable barometer of whether monopolistic conduct is good or bad.
But tech concentration has profound impacts on our civil society – the BBC can't get Amazon or Google to put its coronavirus coverage on their smart speakers, so "tech companies with their executives in the US have a monopoly in British people’s kitchens and living rooms."
Other media orgs also complain that tech acts as a rent-seeker and gate-keeper, holding their audiences hostage (though those who succeed rarely complain on behalf of smaller, new entrants who can't afford to pay tech's tolls and thus do not compete with Big Content).
Next is privacy and data protection, citing some of the work I've done with my EFF colleague Bennett Cyphers:
https://pluralistic.net/2020/07/29/break-em-up/#beyond-breakups
This is a severely undertheorized area, and there are severe potential pitfalls if we get it wrong. One thing we know, though, is that the status quo is NOT good for privacy, and lack of competition doesn't incentivize tech monopolists to do better.
https://www.eff.org/deeplinks/2019/08/interoperability-and-privacy-squaring-circle
Next, Brown turns to content moderation, an area of growing concern that regulators have primarily addressed by creating impossibly expensive mandates to prevent harmful speech, at costs that preclude new market entrants, strengthening Big Tech's dominance.
Brown cites federated platforms like Mastodon, which allow for partial interconnetion between autonomously maintained servers, where communities can make their own policies and block/filter those with policies they disagree with.
These offer the possibility of having fine-grained locally responsive rules – enforced by the community itself, not by traumatized subcontractors in the Philippines tasked with moderating all of Facebook's 2.6B users' contributions.
Brown takes on "digital sovereignty" and the uneasy fact that most of the west's online media is controlled by a handful of US-based companies with "GDP"s larger than most countries'.
Interop lets domestic competitors arise that can benefit from these US giants' users, while returning control to local firms and regulators.
Brown ends with an appendix that enumerates types of interop and scenarios for how they could be applied to existing Big Tech firms' services, bringing the whole thing into focus with concrete examples and proposals.
As the US Congress showed us yesterday, we're at a turning point with our relationship to Big Tech. Smaller tech companies are experiencing a mass die-off thanks to covid, and Big Tech has huge war-chests it can use to snap them up.
When these US giants buy all their nascent competitors, they will present themselves as rescuers, saviors of businesses drowning in debt. But unless we intervene, they will emerge from the crisis with levels of dominance we can hardly dream of.
This day in history (permalink)
#1yrago Zero Sum Game: action-packed sf thriller about a ninja hero whose superpower is her incredible math ability https://boingboing.net/2019/07/30/cat-russell.html
#1yrago Rockstar Games made £4b between 2013-19, paid no corporate tax in the UK, claimed £42m in tax relief https://www.taxwatchuk.org/reports/gaming-the-tax-system/
#1yrago Defects in embedded OS Vxworks leaves an estimated 200m devices vulnerable, many of them mission-critical, "forever day" systems https://arstechnica.com/information-technology/2019/07/200-million-devices-some-mission-critical-vulnerable-to-remote-takeover/
#1yrago The darkest SEO: forging judges' signatures on fake court orders to scrub negative Google results https://www.cbsnews.com/news/online-reputation-management-cbs-news-investigation-finds-fraudulent-court-orders-used-to-change-google-search/
#1yrago Affluent parents surrender custody of their kids to "scam" their way into needs-based college scholarships https://www.propublica.org/article/university-of-illinois-financial-aid-fafsa-parents-guardianship-children-students
#1yrago Cop says Amazon told him they had "partnered" with 200 US police forces to sell and tap into Ring surveillance doorbell https://www.vice.com/en_us/article/j5wyjy/amazon-told-police-it-has-partnered-with-200-law-enforcement-agencies
Colophon (permalink)
Today's top sources: Bob Loblaw (https://twitter.com/cburatto/), Slashdot (https://slashdot.org/), Ian Brown (https://twitter.com/1Br0wn/).
Currently writing:
- My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Yesterday's progress: 512 words (43375 total).
Currently reading: The Deficit Myth, Stephanie Kelton
Latest podcast: Someone Comes to Town, Someone Leaves Town (part 11) https://craphound.com/podcast/2020/07/27/someone-comes-to-town-someone-leaves-town-part-11/
Upcoming appearances:
- Reading, Conzealand, Aug 1 (Aug 2 in NZ!), https://sites.grenadine.co/sites/conzealand/en/conzealand/schedule/3620/Reading:%20Cory%20Doctorow
-
Do Androids Dream of Electric Cars? Public Transit in the Age of Google, Uber, and Elon Musk, Aug 4, https://www.eventbrite.ca/e/public-transit-in-the-age-of-google-uber-and-elon-musk-tickets-114353753154
-
Virtual event with Christopher Brown for his novel "Failed State," Aug 12, https://www.bookpeople.com/event/virtual-event-christopher-brown-failed-state
Latest book:
- "Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583; personalized/signed copies here: https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html
-
"Poesy the Monster Slayer" a picture book about monsters, bedtime, gender, and kicking ass. Order here: https://us.macmillan.com/books/9781626723627. Get a personalized, signed copy here: https://www.darkdel.com/store/p1562/_Poesy_the_Monster_Slayer.html.
Upcoming books:
- "Attack Surface": The third Little Brother book, Oct 20, 2020. https://us.macmillan.com/books/9781250757531
This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commerically, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
How to get Pluralistic:
Blog (no ads, tracking, or data-collection):
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
https://mamot.fr/web/accounts/303320
Twitter (mass-scale, unrestricted, third-party surveillance and advertising):
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy" DeVilla