[Plura-list] School surveillance self-defense, copyright for authors, Facebook's potemkin data-downloader, Oregon GOP's sabotage, and more!

Cory Doctorow doctorow at craphound.com
Tue Mar 3 06:57:43 EST 2020

Today's links

* EFF's Surveillance Self-Defense guide for students: Privacy is a team

* Oregon's Dems have a supermajority, but the GOP won't show up for
work: White nationalism is how plutes get turkeys to vote for Christmas.

* A Lever Without a Fulcrum Is Just a Stick: How to design a copyright
to protect artists, not corporations.

* Facebook neutered "Download Your Data": "Your data" doesn't include a
list of ad-tech companies that also hold your data.

* The EU's new copyright filters violate the GDPR: We told you so.

* Recycling spy agencies' malware for fun and profit: NOBUS is, and
always has been, an idiotic idea.

* Japanese condiment company releases "sliced mayo": Comes in four flavors!

* Department of the Interior climate docs include junk science: Trump's
man on the inside, sabotaging our future.

* This day in history: 2005, 2010, 2015, 2019

* Colophon: Recent publications, current writing projects, upcoming
appearances, current reading


👁‍ EFF's Surveillance Self-Defense guide for students

EFF just launched its Surveillance Self-Defense guide for students: it's
a soup-to-nuts guide for kids and parents disturbed about social media
monitoring, campus facial recognition systems, and "aggression
detection" mics in classrooms


It unpacks technical concepts from stalkerware to man-in-the-middle SSL
certificates, and includes guides to having difficult privacy
conversations with friends, family and officials, and technical guidance
for protecting your privacy.

As the press-release notes, "School discipline disproportionately
targets students of color, and it's reasonable to think that additional,
and more comprehensive scrutiny of their lives will only add to that
injustice." These systems also disproportionately affect queer kids,
"who tend to look for support online as they explore their gender
identities, and find they're under so much surveillance that they learn
not to look. They learn not to trust online public spaces."



👁‍ Oregon's Dems have a supermajority, but the GOP won't show up for work

In Oregon, Democrats have a supermajority in the House and Senate,
because the vast majority of Orgeonians support Democratic policies. But
when Oregon drafted its constitution in 1857, it copied the Indiana
constitution's provision that sets quorum at 2/3 of lawmakers.

Theoretically, this has meant that if a small handful of opposition
lawmakers refused to show up for work, the state legislature would shut
down. Practically, neither party has ever done this…until now. The
Oregon GOP, acting on behalf of a small number of rural, white,
reactionary voters, has refused to enter the statehouse when the
majority was calling votes on "guns, forestry, health care, budgeting"
and now, the climate crisis.


They've killed a small tax raise to fully fund state public schools,
modest gun restrictions, and mandatory vaccinations for kids. Then they
signed a memo promising not to pull that stunt again, so the legislature
could pursue a cap-and-trade bill.

They fucking lied.

GOP Senators went into hiding, and threatened to murder any police
officers sent to get them.

Cap and trade is back before the legislature, and the GOP cowards are in
hiding again, refusing to show up and do the job the taxpayers are
paying them to do. House Republicans have joined their Senate

A ballot initiative might force them back into their seats, though:


The Oregon GOP has fielded a truckload of bullshit to defend their
tantrum. They claim the measure has had insufficient "process" to
proceed. It's had more process than any other bill in Oregon history.


"Democrats have bent over backward to accommodate GOP objections,
layering on more process, making more concessions, but it hasn't changed
Republican rhetoric or behavior a whit. GOP objections aren't to the
bill's contents or process, but to its existence."

Oregon has some of the nation's loosest money-in-politics laws and the
state GOP is awash in money from polluting industries hoping to render
the planet unfit for habitation ("first in the country in per-capita
corporate donations to politicians")


"The Republicans who keep walking out on their jobs get 65 percent of
their donations from corporations, in particular corporations like Koch
Industries with assets that stand to be affected by cap-and-trade."

Democrats have walked out of legislatures, too: decades ago, and over
gerrymandering attempts that would have guaranteed eternal minority rule
by rendering the majority of state votes irrelevant. When the GOP stages
rallies to support its actions, it is supported by 3 Percenters and
other violent white nationalist terrorist elements. White supremacy is
how the GOP gets turkeys to vote for Christmas.

But Oregon Dems are too timid to call white nationalism out when they
see it. They won't run on the issue of the GOP doing corporate bidding
with backing from white nationalists.


👁‍ A Lever Without a Fulcrum Is Just a Stick

My latest Locus column explores what copyright expert Rebecca Giblin
calls "The New Copyright Bargain" – a copyright system designed around
enriching authors above all, rather rather than treating authors'
incomes as an incidental output of enriching entertainment or tech
corporations. The column is called "A Lever Without a Fulcrum is Just a
Stick." Copyright is billed as giving creators leverage over the
corporations we contract with, but levers need fulcrums.


In an increasingly concentrated marketplace, any exclusive rights that
are given to creators are simply appropriated by corporations as a
non-negotiable condition of the standard contract. Think of how samples
could originally be used without permission (in the Paul's Boutique/It
Takes a Nation of Millions era), enriching old R&B artists who'd been
burned by one-sided contracts.

Those artists experienced a temporary enrichment when paying for samples
became the norm, but today, all contracts simply require signing away
your sampling rights. The fight to require licenses for samples merely
gave the labels yet another right to demand of their artists. Which
means that anyone hoping to sample must sign to a label and pay for a
license either to that label or one of the other three. Giving new
rights to artists in a monopolized market is like giving your bullied
kid more lunch money. It doesn't buy the kid lunch, it just gives the
bullies the opportunity to take more money from your kid.

After the "Blurred Lines" suit, labels have begun to fret about being
sued over artists' copying the "vibe" of another artist. It's easy to
feel smug about copyright maximalists being hoist on their own petards.
But the end-game is easy to see: just make selling your "vibe" rights a
condition of signing a record deal, and you transfer ownership of whole
genres to the Big 4 labels.

What would a copyright look like that protected artists, rather than
practicing the Magic Underpants Gnome method of:

1. Enrich entertainment corporations;

2. ?????

3. Artists get more money

Any new bargain in copyright centered on artists needs to take account
of the concentration in tech and entertainment, and create rights for
artists that aren't just creator's monopolies to be scooped up through
non-negotiable contracts. Measures like reversion (which lets artists in
the USA claim back rights they signed away 35 years ago), blanket
licenses (designed to pay artists regardless of whether they're
"rightsholders"), and restoring unionization rights are the key to
paying artists.

Merely expanding the "author's monopoly" does no good in a world of
industrial monopolies: it just gives those monopolists more ammo to use
in the fight to shift revenues onto their own balance sheets, at the
expense of working creators.


👁‍ Facebook neutered "Download Your Data"

Facebook recently unveiled a feature called "download your data," partly
to comply with Europe's GDPR. But as Privacy International reveals,
there's a very important omission in the data that Facebook will release
to you.


Missing from "your data" is the list of advertisers whose targeted you
by uploading some of your personal information (through the "Custom
Audience" tool) – that is, the list of other companies that the GDPR
lets you send data-requests to. This omission means that you can't use
FB as a jumping-off point to discover all the data being held on you by
all the advertisers, data-brokers, etc. It's not an accident, either:
Facebook replicates this in their new "Off-Facebook" product.

Facebook is under increasing pressure to allow competition through
interoperability, but argues that it can't possible protect your privacy
if they are forced to allow companies that you trust to manage your
Facebook experience for you. In other words, Facebook argues that it
can't be a wise, benevolet steward of your privacy if you insist on
allowing competitors to interfere with it. But that argument only works
if you trust Facebook — and who the hell trusts Facebook?

(And why on Earth would you?)


👁‍ The EU's new copyright filters violate the GDPR

The EU's Copyright Directive effectively forces all online platforms to
implement upload filters that scan everything you try to post and
refuses anything that matches a database of works that anyone, anywhere
has claimed to be "copyrighted." This a terrible idea in an era of
rampant copyfraud. The Directive has no penalties for people who falsely
claim copyright even when it's to rip off, blackmail or censor artists,
and platforms still have to accept their copyright claims even after
they're caught at it.

But it's also a massive violation of Article 22 of the GDPR, which
promises users the right "not to be subject to a decision based solely
on automated processing which produces legal effects concerning them or
significantly affects them."


That is to say, you aren't allowed to do the kind of filtering that
Article 17 of the Copyright Directive mandates. Billions of pieces of
"personal information" (under the GDPR's definition) will be processed
by copyright bots every day, and that's illegal.

None of the GDPR's exemptions apply, either. For example, the Copyright
Directive doesn't "authorise" the filtering, because its authors
explicitly deleted all mentions of filters in order to get the Directive
passed, and publicly disclaimed any filtering mandate.

Nor is filtering "necessary" for the use of the service under the GDPR –
the services run today without filtering, so the GDPR's narrow, rigorous
definition of "necessity" does not apply.

The GDPR does allow this kind of processing with "consent" but not the
kind where you click a terms-of-service "OK" button. Consent under GDPR
has to include the ability to say no and still use the service.

What's more, the Copyright Directive includes new EU-wide copyright
exceptions for parody and criticism, and while it's impossible to
imagine a filter being able to tell the difference between
parody/criticism and other kinds of speech, any attempt will be a
privacy disaster. Identifying parody/criticism requires understanding of
context – and that means that a filter trying to discern these concepts
will have to consider huge amounts of personal information to make its
determination. And the Copyright Directive itself does not allow any
system that fails to respect these "fundamental rights" of internet
users, which means that you can't use a filter unless it can grasp these

Literally all of this was obvious from the start, and boosters of upload
filters hand-waved them away, insisting they were mere technicalities
that could be solved by asking tech companies to NERD HARDER. Now, the
whole thing is likely to fall apart.


👁‍ Recycling spy agencies' malware for fun and profit permalink)

The NSA has a doctrine called "NOBUS," which stands for "No One But Us"
— as in, "It's OK if we keep these bugs we discovered a secret because
no one but us is smart enough to find or exploit them." But as ex-NSA
hacker Patrick Wardle's RSA presentation, "Repurposed Malware: A Dark
Side of Recycling" shows, foreign spy agencies – and criminals – love
NOBUS because it means they get to steal NSA cyberweapons and use them
for themselves.


Once you discover a snippet of malicious code in the wild (either
something used by a spy agency and then blown, or something stolen from
the agency), it's really easy to remix it to deliver your own malware.

In his demo, Wardle showed how he replaced a small section of the
pioneering fileless Macos malware AppleJeus.c and created his own,
virus-scanner-resistant strain.


"With a single modification to the binary, (and building a light-weight
C&C server), we now have access to an advanced nation-state loader that
will perform to our bidding …without having to write any (client-side)

NOBUS is, and always has been, a dead letter – equivalent to stockpiling
superbugs to use as bioweapons, in hopes that no one else will discover
or steal them, rather than developing a vaccine for them. It's the
height of irresponsibility, and your tax-dollars pay for it.


👁‍ Japanese condiment company releases "sliced mayo"

The Japanese condiment company Bourbon just released a "sliced
mayonnaise" product similar to American cheese singles. It'll come in
flavors like "spicy tuna" and "cod roe."


It's an addition to the company's existing sliced condiment products,
like "sliced chocolate."


The sliced mayo is ¥200-250, and comes in packets of four. Honestly, I'm
fine with this except for the plastic – if it came in an edible wrapper,
it'd make for an excellent picnic/school lunch supply.



👁‍ Department of the Interior climate docs include junk science

When Trump took office, he promoted Indur M Goklany, a climate denier,
to the office of the deputy secretary "with responsibility for reviewing
the agency's climate policies."


Ever since, Goklany has been inserting debunked climate-denial talking
points into US government science, including the myth that "increased
carbon dioxide in the atmosphere is beneficial." Longtime agency
staffers exchange private, grim jokes about being forced to insert "Goks
uncertainty language" into their communications about the climate
crisis, howlers like the idea that rising CO2 "may increase plant water
use efficiency."

"The Interior Department declined to make Mr. Goklany available for an
interview, and he did not return requests seeking comment."


👁‍ This day in history

#15yrsago Free Software Foundation tears MPAA a new one in Grokster
brief http://moglen.law.columbia.edu/publications/grokster-amicus.pdf

#10yrsago Blind gamer speedruns Zelda with help of 100,000+ keystroke
script https://boingboing.net/2010/03/03/blind-gamer-speedrun.html

#5yrsago Ed Snowden says he'll face trial in the US

#5yrsago Razorhurst: blood-drenched gang warfare and ghosts in Gilded
Age Sydney

#1yrago The FAIR Act will end forced arbitration for employment,
consumer, antitrust and civil rights disputes

#1yrago Google says it won't remove Saudi government app that lets men
track and monitor their wives and domestic employees

#1yrago Record label censors copyright lawyers' site by falsely claiming
it infringes copyright

#1yrago German data privacy commissioner says Article 13 inevitably
leads to filters, which inevitably lead to internet "oligopoly"


👁‍ Colophon

Today's top sources: Waxy (https://waxy.org/), Four Short Links
(https://www.oreilly.com/feed/four-short-links), Slashdot
(https://slashdot.org), Kottke (https://kottke.org).

Hugo nominators! My story "Unauthorized Bread" is eligible in the
Novella category and you can read it free on Ars Technica:

Upcoming appearances:

* Canada Reads Kelowna: March 5, 6PM, Kelowna Library, 1380 Ellis
Street, with CBC's Sarah Penton

Currently writing: I just finished a short story, "The Canadian
Miracle," for MIT Tech Review. It's a story set in the world of my next
novel, "The Lost Cause," a post-GND novel about truth and
reconciliation. I'm getting geared up to start work on the novel now,
though the timing is going to depend on another pending commission (I've
been solicited by an NGO) to write a short story set in the world's

Currently reading: Just started Lauren Beukes's forthcoming Afterland:
it's Y the Last Man plus plus, and two chapters in, it's amazeballs.
Last month, I finished Andrea Bernstein's "American Oligarchs"; it's a
magnificent history of the Kushner and Trump families, showing how they
cheated, stole and lied their way into power. I'm getting really into
Anna Weiner's memoir about tech, "Uncanny Valley." I just loaded Matt
Stoller's "Goliath" onto my underwater MP3 player and I'm listening to
it as I swim laps.

Latest podcast: Disasters Don't Have to End in Dystopias:

Upcoming books: "Poesy the Monster Slayer" (Jul 2020), a picture book
about monsters, bedtime, gender, and kicking ass. Pre-order here:

(we're having a launch for it in Burbank on July 11 at Dark Delicacies
and you can get me AND Poesy to sign it and Dark Del will ship it to the
monster kids in your life in time for the release date).

"Attack Surface": The third Little Brother book, Oct 20, 2020.

"Little Brother/Homeland": A reissue omnibus edition with a very
special, s00per s33kr1t intro.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://mail.flarn.com/pipermail/plura-list/attachments/20200303/7baf36ef/attachment-0001.sig>

More information about the Plura-list mailing list