[Plura-list] Canadian judge invalidates Safe Third Country Agreement; Supreme Court poised to destroy machine learning security research; Where Will Everyone Go

Cory Doctorow doctorow at craphound.com
Thu Jul 23 12:12:02 EDT 2020

Today's links

* Canadian judge invalidates Safe Third Country Agreement: Asylum
seekers are not safe in America.

* Supreme Court poised to destroy machine learning security research:
Why the CFAA should be narrowly interpreted.

* Where Will Everyone Go: Modelling the climate emergency's migration

* BLM footage censored by copyright bots: Background music makes it
impossible to posthuman rights violations to social media.

* This day in history: 2005, 2015, 2019

* Colophon: Recent publications, upcoming appearances, current writing
projects, current reading


🌚 Canadian judge invalidates Safe Third Country Agreement

Remember during the Muslim Ban, when Canadian Prime Minister Justin
Trudeau tweeted those heart-warming words of support for refugees
brutalized by American border-thugs....


And then failed to do a single fucking thing to help those people?

I mean, yeah, JT has never met a progressive policy he wasn't willing to
endorse provided he didn't have to expend a single nanogram of political
capital in its service.

But where the Prince of Canada would not go, Canada's Federal court has.
Today, A Federal Canadian Court invalidated the 16-year-old US-Canada
Safe Third Country Agreement, so asylum seekers denied entry to the US
can try again in Canada.


The court found that - as was obvious to every non-sociopath in either
country - the fact that the US illegally imprisons asylum-seekers means
that the US is not "safe" for asylum seekers.

I mean, in case there was any doubt, the US is also run by a violent,
brooding narcissist with chronic logorrhea who routinely declares that
it is not a safe country for asylum seekers (bit of a fucking giveaway,

58,000 people have crossed from the US into Canada, seeking asylum, only
to be turned away because good ole JT couldn't be arsed to turn his
high-flown sentiments into law (I mean, if only he knew someone who
could affect Canadian policy!).

"It is my conclusion, based upon the evidence, that ineligible STCA
claimants are returned to the US by Canadian officials where they are
immediately and automatically imprisoned by US authorities.

"I have concluded that imprisonment and the attendant consequences are
inconsistent with the spirit and objective of the STCA and are a
violation of the rights guaranteed by section 7 of the [Charter of
Rights and Freedoms]" -Federal court judge Ann Marie McDonald


🌚 Supreme Court poised to destroy machine learning security research

US lawmaking has a distinctive failure mode: because of the
Constitution's absolute language and extensive jurisprudence, lawmakers
can please their base by enacting bad, overreaching or stupid laws and
then hope the courts will narrow or overturn them before they detonate.

This moral hazard is not evenly distributed: if you are the party that
decries "activist judges" and campaigns on the idea that governments are
bad at everything, then enacting bad laws and then having them
overturned serves your cause especially well.

On a totally different subject, let's talk about Ronald Reagan. After
Reagan saw Matthew Broderick's classic technothriller WAR GAMES, he
became convinced that America needed a far-reaching cybercrime bill,
something Fed prosecutors had been demanding for years.

That's how the Computer Fraud and Abuse Act (CFAA) came into being: it's
a maddeningly badly drafted, overreaching, vague law that potentially
felonizes any act that "exceeds your authorization" on someone else's
computer system.

Private firms have taken the extreme position that since their terms of
service define your "authorization" on their computers, that any
violation of the terms of service is a jailable felony.

In practical terms, that means that if you violate a company's terms of
service - a sprawling garbage-novella of deliberately impenetrable
legalese - they can send you to prison, for a very long time. This is
really bad.

Most of the time, of course, Fed prosecutors don't like to charge people
criminally for violating ToS, but when they have someone they want to
punish for petty reasons they can find a ToS violation and charge them

That's the Aaron Swartz story: Aaron violated MIT and JSTOR's terms of
service, and a prosecutor that Aaron had previously humiliated by
beating a bullshit charge was able to re-charge Aaron with 13 felonies
and threaten him with 35 years in prison.

(Background: Aaron published a trove of paywalled, public domain court
records from PACER, the feds' legal repository. He embarrassed the legal
system by showing that these court records that anyone could get at
$0.10/page were improperly redacted and exposed crime victims)

(Aaron later scraped a bunch of scientific journal articles he was
allowed to access via MIT's network; but the system's ToS said he had to
access them manually, not via a small script that downloaded them
automatically - this was the felony)

(After using legal maneuvers to draw out the case until Aaron and
everyone he could tap was broke, the PACER prosecutors were steaming
towards a prison sentence for Aaron; he hanged himself rather than face

Over the years the CFAA has had many court cases, and these have
produced a "circuit split," with some US courts interpreting CFAA
narrowly, and others taking a dangerous, expansive view of its text.

Ever heard the phrase "hard cases make bad law?" The thing about
overreaching, vague laws like CFAA is that they can be shaped to
criminalize ANY conduct, so if there's someone who did something
objectively terrible, vague laws give prosecutors an easy path to "justice."

Nathan Van Buren is an accused dirty cop who sold access to license
plate databases to his confederates. Prosecutors decided to charge him
under the CFAA, which could indeed mete out severe punishments for this
kind of bad behavior.


But that punishment comes at a high price: a precedent that could be
wielded against ANYONE who violated Terms of Service, something that all
of us do, a hundred times a day, without noticing it. It would give
prosecutors leeway to do what they did to Aaron, over and over.

The Supreme Court has agreed to hear Van Buren, and, as is customary in
this kind of high-stakes hearing, different groups are racing to file
amicus ("friend of the court") briefs explaining the knock-on effects of
a bad ruling.

In support a briefs, a group of legal, security, AI, and human rights
scholars published "Legal Risks of Adversarial Machine Learning
Research," exploring the potential impact of Van Buren on the critical
work of analyzing machine learning models.


Adversarial Machine Learning is the vital process of systematically
testing machine learning models to reveal security defects, bias, and
other problems. It is high-stakes work: without AML, you can trick car
autopilots into steering into oncoming traffic!

AML is also key to revealing racial bias in risk analysis software,
facial recognition, predictive policing, hiring algorithms, and a host
of other areas in which peoples' freedom, prosperity, safety and very
lives are at stake.

The authors explain in admirably plain language how a bad decision in
Van Buren puts this enterprise at risk - how it could leave us
(literally) flying blind, forced to rely on self-serving assurances of
vendors when we trust their systems with every aspect of our world.

This is the worst possible outcome of the moral hazard in American
lawmaking: not merely that lawmakers will promulgate bad laws to feed
their base in the hopes that courts will strike them down and give them
fresh grievances to campaign on.

But rather that these laws will become institutionalized, that they will
give rise to questions so technical and nuanced that they slide through
the courts and end up enshrined in our justice system.

Depending on the outcome of Van Buren, the CFAA could become an enduring
tool for thin-skinned corporate execs and petty, vengeful prosecutors to
imprison anyone that displeases them - including the security
researchers we rely on to vet our increasingly automated world.


🌚 Where Will Everyone Go

The looming climate emergency will actually be a mesh of mutually
accelerating emergencies: droughts, fires and famines; pandemics; mass
extinctions; floods and erosion; and all of this will drive waves of
refugee crises.

"Where Will Everyone Go?" is the most ambitious attempt yet to model the
migration patterns of the climate emergencies.  Baruch College
geographer Bryan Jones was commissioned by Pro Public and the New York
Times to model 5 scenarios.


I. Optimistic: "climate impacts are rapidly reduced on a global scale,
there is regional convergence toward higher levels of development"

II. Pessimistic: "climate change impacts are on the high end of current
plausible scenarios with significant challenges to development"

III. Climate-friendly: Progress on climate mitigation, no progress on

IV. Development-friendly: Little action on climate, lots of progress on

V. Moderate: some of each

The scenarios were run on a supercomputing cluster over a course of
days, using sophisticated models with billions of inputs:


The outcomes were then turned into a series of vital narratives that
tell the real stories of Mexican and Central American climate refugees,
and use these to explore the five scenarios.


The takeaways are both brutal and energizing. There's no question that
we are facing mass-scale displacement as farmland becomes unproductive,
and, in some cases, uninhabitable - literally lethal in a matter of
hours to unprotected humans.

But how much of this displacement takes place is entirely in our hands.
There's huge variation between the degradation in the scenarios based on
how seriously we take climate mitigation.

Likewise, the human cost of displacement is in our hands: as
displacement drives mass urbanization, we can abandon migrants to crime
and deprivation, or create thriving prosperous cities, resilient to
climate-based emergencies: floods, pandemics, fires, extreme weather.

The model does what a model should: shows us the costs and benefits of
different approaches. The costs of inaction are brutal, an existential
challenge to our civilization and species.

The benefits? We live and thrive.

The choice is ours.


🌚 BLM footage censored by copyright bots

Exactly one year ago today, people started toying with the idea of
suppressing the spread of Nazi rallies by playing copyrighted music in
the background, so that Big Tech's copyright filters would automatically
censor them.


At the time, I predicted that this would end badly: that the copyright
filters would become a major barrier to the spread of progressive
messages and even become a way to suppress footage of police violence
and other human rights abuses.


Boy was I right.

The Lumen Database of copyright takedowns rounds up the many ways in
which footage of Black Lives Matter demonstrations has been censored,
downranked and demonetized thanks to copyright complaints.


Because if your rally includes someone playing  Marvin Gaye's "Let’s Get
it On," 2Pac's "Keep Ya Head Up," Beyonce's "Freedom," Kanye's "Power"
or Kendrick Lamar's "Alright" it is prone to disappearing from the net.

These are accidental takedowns, dolphins in the tuna net - but you can
use this tactic to go dolphin fishing, too: "These removals are all
accidental, in the sense that they are false positives, there is the
possibility of deliberately leveraging these flaws in the system."


🌚 This day in history

#15yrsago Copyfighter to trademark bully: I own "freedom of expression"

#5yrsago Universal's agents send Google a censorship demand for

#5yrsago When scientists hoard data, no one can tell what works

#1yrago J Michael Straczynski's "Becoming Superman": a memoir of
horrific abuse, war crimes, perseverance, trauma, triumph and doing
what's right https://boingboing.net/2019/07/23/actual-superheroics.html

#1yrago Facebook's alleged growth is largely coming from countries where
Facebook says it has a fake account problem

#1yrago From #TelegramGate to #RickyLeaks: Puerto Rico is on ?!

#1yrago Steve Bannon used nonconsensually harvested location data to
advertise to people who'd been to a Catholic church

#1yrago Women are much more likely to be injured in car crashes,
probably because crash-test dummies are mostly male-shaped


🌚 Colophon

Today's top sources:

Currently writing:

* My next novel, "The Lost Cause," a post-GND novel about truth and
reconciliation. Today's progress: 513 words (40751 total).

Currently reading: Anger Is a Gift by Mark Oshiro

Latest podcast: Full Employment:

Upcoming appearances:

* Keynote, A Midsummer Night's Con, Jul 27,

* Virtual event with Christopher Brown for his novel "Failed State," Aug

Latest book:

* "Little Brother/Homeland": A reissue omnibus edition with a new
introduction by Edward Snowden:
https://us.macmillan.com/books/9781250774583; personalized/signed copies

* "Poesy the Monster Slayer" a picture book about monsters, bedtime,
gender, and kicking ass. Order here:
https://us.macmillan.com/books/9781626723627. Get a personalized, signed
copy here:

Upcoming books:

* "Attack Surface": The third Little Brother book, Oct 20, 2020.

This work licensed under a Creative Commons Attribution 4.0 license.
That means you can use it any way you like, including commerically,
provided that you attribute it to me, Cory Doctorow, and include a link
to pluralistic.net.


Quotations and images are not included in this license; they are
included either under a limitation or exception to copyright, or on the
basis of a separate license. Please exercise caution.


🌚 How to get Pluralistic:

Blog (no ads, tracking, or data-collection):


Newsletter (no ads, tracking, or data-collection):


Mastodon (no ads, tracking, or data-collection):


Twitter (mass-scale, unrestricted, third-party surveillance and


Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):


*When life gives you SARS, you make sarsaparilla* -Joey "Accordion Guy"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://mail.flarn.com/pipermail/plura-list/attachments/20200723/7327bfd9/attachment.sig>

More information about the Plura-list mailing list