Today's links
- Every internet fight is a speech fight: And every internet fight is a sovereignty fight.
- Hey look at this: Delights to delectate.
- This day in history: 2009, 2014, 2019, 2023
- Upcoming appearances: Where to find me.
- Recent appearances: Where I've been.
- Latest books: You keep readin' em, I'll keep writin' 'em.
- Upcoming books: Like I said, I'll keep writin' 'em.
- Colophon: All the rest.
Every internet fight is a speech fight (permalink)
My latest Locus Magazine column is "Hard (Sovereignty) Cases Make Bad (Internet) Law," an attempt to cut through the knots we tie ourselves in when speech and national sovereignty collide online:
https://locusmag.com/2024/11/cory-doctorow-hard-sovereignty-cases-make-bad-internet-law/
This happens all the time. Indeed, the precipitating incident for my writing this column was someone commenting on the short-lived Brazilian court order blocking Twitter, opining that this was purely a matter of national sovereignty, with no speech dimension.
This is just profoundly wrong. Of course any rules about blocking a communications medium will have a free-speech dimension – how could it not? And of course any dispute relating to globe-spanning medium will have a national sovereignty dimension.
How could it not?
So if every internet fight is a speech fight and a sovereignty fight, which side should we root for? Here's my proposal: we should root for human rights.
In 2013, Edward Snowden revealed that the US government was illegally wiretapping the whole world. They were able to do this because the world is dominated by US-based tech giants and they shipped all their data stateside for processing. These tech giants secretly colluded with the NSA to help them effect this illegal surveillance (the "Prism" program) – and then the NSA stabbed them in the back by running another program ("Upstream") where they spied on the tech giants without their knowledge.
After the Snowden revelations, countries around the world enacted "data localization" rules that required any company doing business within their borders to keep their residents' data on domestic servers. Obviously, this has a human rights dimension: keeping your people's data out of the hands of US spy agencies is an important way to defend their privacy rights. which are crucial to their speech rights (you can't speak freely if you're being spied on).
So when the EU, a largely democratic bloc, enacted data localization rules, they were harnessing national soveriegnty in service to human rights.
But the EU isn't the only place that enacted data-localization rules. Russia did the same thing. Once again, there's a strong national sovereignty case for doing this. Even in the 2010s, the US and Russia were hostile toward one another, and that hostility has only ramped up since. Russia didn't want its data stored on NSA-accessible servers for the same reason the USA wouldn't want all its' people's data stored in GRU-accessible servers.
But Russia has a significantly poorer human rights record than either the EU or the USA (note that none of these are paragons of respect for human rights). Russia's data-localization policy was motivated by a combination of legitimate national sovereignty concerns and the illegitimate desire to conduct domestic surveillance in order to identify and harass, jail, torture and murder dissidents.
When you put it this way, it's obvious that national sovereignty is important, but not as important as human rights, and when they come into conflict, we should side with human rights over sovereignty.
Some more examples: Thailand's lese majeste rules prohibit criticism of their corrupt monarchy. Foreigners who help Thai people circumvent blocks on reportage of royal corruption are violating Thailand's national sovereignty, but they're upholding human rights:
https://www.vox.com/2020/1/24/21075149/king-thailand-maha-vajiralongkorn-facebook-video-tattoos
Saudi law prohibits criticism of the royal family; when foreigners help Saudi women's rights activists evade these prohibitions, we violate Saudi sovereignty, but uphold human rights:
https://www.bbc.com/news/world-middle-east-55467414
In other words, "sovereignty, yes; but human rights even more so."
Which brings me back to the precipitating incidents for the Locus column: the arrest of billionaire Telegram owner Pavel Durov in France, and the blocking of billionaire Elon Musk's Twitter in Brazil.
How do we make sense of these? Let's start with Durov. We still don't know exactly why the French government arrested him (legal systems descended from the Napoleonic Code are weird). But the arrest was at least partially motivated by a demand that Telegram conform with a French law requiring businesses to have a domestic agent to receive and act on takedown demands.
Not every takedown demand is good. When a lawyer for the Sackler family demanded that I take down criticism of his mass-murdering clients, that was illegitimate. But there is such a thing as a legitimate takedown: leaked financial information, child sex abuse material, nonconsensual pornography, true threats, etc, are all legitimate targets for takedown orders. Of course, it's not that simple. Even if we broadly agree that this stuff shouldn't be online, we don't necessarily agree whether something fits into one of these categories.
This is true even in categories with the brightest lines, like child sex abuse material:
https://www.theguardian.com/technology/2016/sep/09/facebook-reinstates-napalm-girl-photo
And the other categories are far blurrier, like doxing:
https://www.kenklippenstein.com/p/trump-camp-worked-with-musks-x-to
But just because not every takedown is a just one, it doesn't follow that every takedown is unjust. The idea that companies should have domestic agents in the countries where they operate isn't necessarily oppressive. If people who sell hamburgers from a street-corner have to register a designated contact with a regulator, why not someone who operates a telecoms network with 900m global users?
Of course, requirements to have a domestic contact can also be used as a prelude to human rights abuses. Countries that insist on a domestic rep are also implicitly demanding that the company place one of its employees or agents within reach of its police-force.
Just as data localization can be a way to improve human rights (by keeping data out of the hands of another country's lawless spy agencies) or to erode them (by keeping data within reach of your own country's lawless spy agencies), so can a requirement for a local agent be a way to preserve the rule of law (by establishing a conduit for legitimate takedowns) or a way to subvert it (by giving the government hostages they can use as leverage against companies who stick up for their users' rights).
In the case of Durov and Telegram, these issues are especially muddy. Telegram bills itself as an encrypted messaging app, but that's only sort of true. Telegram does not encrypt its group chats, and even the encryption in its person-to-person messaging facility is hard to use and of dubious quality.
This is relevant because France – among many other governments – has waged a decades-long war against encrypted messaging, which is a wholly illegitimate goal. There is no way to make an encrypted messaging tool that works against bad guys (identity thieves, stalkers, corporate and foreign spies) but not against good guys (cops with legitimate warrants). Any effort to weaken end-to-end encrypted messaging creates broad, significant danger for every user of the affected service, all over the world. What's more, bans on end-to-end encrypted messaging tools can't stand on their own – they also have to include blocks of much of the useful internet, mandatory spyware on computers and mobile devices, and even more app-store-like control over which software you can install:
https://pluralistic.net/2023/03/05/theyre-still-trying-to-ban-cryptography/
So when the French state seizes Durov's person and demands that he establish the (pretty reasonable) minimum national presence needed to coordinate takedown requests, it can seem like this is a case where national sovereignty and human rights are broadly in accord.
But when you consider that Durov operates a (nominally) encrypted messaging tool that bears some resemblance to the kinds of messaging tools the French state has been trying to sabotage for decades, and continues to rail against, the human rights picture gets rather dim.
That is only slightly mitigated by the fact that Telegram's encryption is suspect, difficult to use, and not applied to the vast majority of the communications it serves. So where do we net out on this? In the Locus column, I sum things up this way:
- Telegram should have a mechanism to comply with lawful takedown orders; and
-
those orders should respect human rights and the rule of law; and
-
Telegram should not backdoor its encryption, even if
-
the sovereign French state orders it to do so.
-
Sovereignty, sure, but human rights even more so.
What about Musk? As with Durov in France, the Brazilian government demanded that Musk appoint a Brazilian representative to handle official takedown requests. Despite a recent bout of democratic backsliding under the previous regime, Brazil's current government is broadly favorable to human rights. There's no indication that Brazil would use an in-country representative as a hostage, and there's nothing intrinsically wrong with requiring foreign firms doing business in your country to have domestic representatives.
Musk's response was typical: a lawless, arrogant attack on the judge who issued the blocking order, including thinly veiled incitements to violence.
The Brazilian state's response was multi-pronged. There was a national blocking order, and a threat to penalize Brazilians who used VPNs to circumvent the block. Both measures have obvious human rights implications. For one thing, the vast majority of Brazilians who use Twitter are engaged in the legitimate exercise of speech, and they were collateral damage in the dispute between Musk and Brazil.
More serious is the prohibition on VPNs, which represents a broad attack on privacy-enhancing technology with implications far beyond the Twitter matter. Worse still, a VPN ban can only be enforced with extremely invasive network surveillance and blocking orders to app stores and ISPs to restrict access to VPN tools. This is wholly disproportionate and illegitimate.
But that wasn't the only tactic the Brazilian state used. Brazilian corporate law is markedly different from US law, with fewer protections for limited liability for business owners. The Brazilian state claimed the right to fine Musk's other companies for Twitter's failure to comply with orders to nominate a domestic representative. Faced with fines against Spacex and Tesla, Musk caved.
In other words, Brazil had a legitimate national sovereignty interest in ordering Twitter to nominate a domestic agent, and they used a mix of somewhat illegitimate tactics (blocking orders), extremely illegitimate tactics (threats against VPN users) and totally legitimate tactics (fining Musk's other companies) to achieve these goals.
As I put it in the column:
- Twitter should have a mechanism to comply with lawful takedown orders; and
-
those orders should respect human rights and the rule of law; and
-
banning Twitter is bad for the free speech rights of Twitter users in Brazil; and
-
banning VPNs is bad for all Brazilian internet users; and
-
it’s hard to see how a Twitter ban will be effective without bans on VPNs.
There's no such thing as an internet policy fight that isn't about national sovereignty and speech, and when the two collide, we should side with human rights over sovereignty. Sovereignty isn't a good unto itself – it's only a good to the extent that is used to promote human rights.
In other words: "Sovereignty, sure, but human rights even more so."
(Image: © Tomas Castelazo, www.tomascastelazo.com/Wikimedia Commons/CC BY-SA 4.0; modified)
Hey look at this (permalink)
- Apple 'broke law' by pushing out labor-organizing dev https://www.theregister.com/2024/11/05/apple_labor_law_nlrb/
-
Starlost Unauthorized https://denvaldron.com/2024/11/05/starlost-unauthorized-now-available/ (h/t Hugh Spencer)
-
e-Patients https://participatorymedicine.org/e-Patient_White_Paper_with_Afterword.pdf (h/t jonl)
This day in history (permalink)
#15yrsago Corporate law firm targets whistle-blowers and anonymous commenters https://www.business-live.co.uk/professional-services/birmingham-wragge-team-focus-online-3938930
#15yrsago Teen sex belongs in teen lit https://web.archive.org/web/20091110003113/http://www.locusmag.com/Perspectives/2009/11/cory-doctorow-teen-sex.html
#15yrsago Pigeons From Hell: Robert E Howard’s classic horror story adapted for comics by Joe R Lansdale https://memex.craphound.com/2009/11/06/pigeons-from-hell-robert-e-howards-classic-horror-story-adapted-for-comics-by-joe-r-lansdale/
#15yrsago Leaked text of secret copyright treaty vs. bland bureaucratic press-release describing same https://web.archive.org/web/20091108115049/https://www.michaelgeist.ca/content/view/4516/125/
#10yrsago Pennsylvania passes a “Gag Mumia” law to silence prisoner’s voices https://kersplebedeb.com/posts/the-gag-mumia-law/
#5yrsago T-Mobile: because we have a (stupid) trademark on one magenta shade, no one can use pink in their logos https://adage.com/article/digital/t-mobile-says-it-owns-exclusive-rights-color-magenta/2212556
#5yrsago Two years ago, Juli Briskman was fired for flipping off the Trump motorcade; now she’s been elected as a Virginia county supervisor https://www.washingtonpost.com/local/virginia-politics/the-cyclist-who-flipped-off-trumps-motorcade-is-running-for-public-office/2018/09/11/c12cc2d2-b5dc-11e8-a7b5-adaaa5b2a57f_story.html
#1yrago Amazon is a ripoff https://pluralistic.net/2023/11/06/attention-rents/#consumer-welfare-queens
Upcoming appearances (permalink)
- TusCon (Tucson), Nov 8-10
https://tusconscificon.com/ -
International Cooperative Alliance (New Delhi), Nov 24
https://icanewdelhi2024.coop/welcome/pages/Programme -
ACM Conext-2024 Workshop on the Decentralization of the Internet (Los Angeles), Dec 9
https://conferences.sigcomm.org/co-next/2024/#!/din -
IA et “merdification“ d’internet: peut-on envisager un nouveau web? (Remote), Dec 12
https://www.unige.ch/comprendre-le-numerique/conferences-publiques1/cycle-5-2024-2025/ia-et-merdification-dinternet-peut-envisager-un-nouveau-web/ -
ISSA-LA Holiday Celebration keynote (Los Angeles), Dec 18
https://issala.org/event/issa-la-december-18-dinner-meeting/ -
Cloudfest (Europa Park), Mar 17-20
https://cloudfest.link/
Recent appearances (permalink)
- Enshittification Was a Choice (SOSS Fusion)
https://www.youtube.com/watch?v=KCSelmMUO0c -
Maximum Iceland Scenario – Data Caps, 3rd Party Android Stores, Nuclear Amazon (This Week in Tech)
https://www.youtube.com/watch?v=P5MkCwktKz0 -
Speciale intervista a Cory Doctorow (Digitalia)
https://digitalia.fm/744/
Latest books (permalink)
- The Bezzle: a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (the-bezzle.org). Signed, personalized copies at Dark Delicacies (https://www.darkdel.com/store/p3062/Available_Feb_20th%3A_The_Bezzle_HB.html#/).
-
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org). Signed, personalized copies at Dark Delicacies (https://www.darkdel.com/store/p3007/Pre-Order_Signed_Copies%3A_The_Lost_Cause_HB.html#/)
-
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
-
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com. Signed copies at Dark Delicacies (US): and Forbidden Planet (UK): https://forbiddenplanet.com/385004-red-team-blues-signed-edition-hardcover/.
-
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
-
"Attack Surface": The third Little Brother novel, a standalone technothriller for adults. The Washington Post called it "a political cyberthriller, vigorous, bold and savvy about the limits of revolution and resistance." Order signed, personalized copies from Dark Delicacies https://www.darkdel.com/store/p1840/Available_Now%3A_Attack_Surface.html
-
"How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet analyzing the true harms of surveillance capitalism and proposing a solution. https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59?sk=f6cd10e54e20a07d4c6d0f3ac011af6b) (signed copies: https://www.darkdel.com/store/p2024/Available_Now%3A__How_to_Destroy_Surveillance_Capitalism.html)
-
"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583; personalized/signed copies here: https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html
-
"Poesy the Monster Slayer" a picture book about monsters, bedtime, gender, and kicking ass. Order here: https://us.macmillan.com/books/9781626723627. Get a personalized, signed copy here: https://www.darkdel.com/store/p2682/Corey_Doctorow%3A_Poesy_the_Monster_Slayer_HB.html#/.
Upcoming books (permalink)
- Picks and Shovels: a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books, February 2025
-
Unauthorized Bread: a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2025
Colophon (permalink)
Today's top sources:
Currently writing:
- Enshittification: a nonfiction book about platform decay for Farrar, Straus, Giroux. Today's progress: words ( words total).
-
A Little Brother short story about DIY insulin PLANNING
-
Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. FORTHCOMING TOR BOOKS FEB 2025
Latest podcast: Spill, part four (a Little Brother story) https://craphound.com/littlebrother/2024/10/28/spill-part-four-a-little-brother-story/
This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
How to get Pluralistic:
Blog (no ads, tracking, or data-collection):
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
Medium (no ads, paywalled):
Twitter (mass-scale, unrestricted, third-party surveillance and advertising):
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla