[Plura-list] Hackers on Planet Earth, in the cloud; Climate and machine learning; Seeking Fitbit owners' stories; Software secrecy

Cory Doctorow doctorow at craphound.com
Wed May 20 16:54:07 EDT 2020

Today's links

* Hackers on Planet Earth, in the cloud: HOPE will not be cancelled.

* Climate and machine learning: Machine learning is roasting the planet.

* Seeking Fitbit owners' stories: Help EFF explain why the Google
takeover is wrong.

* Software secrecy: Code is (bad) law.

* Grocer won't show employees results from mandatory temp-checks:
Coronavirus theater, class war edition.

* Bill Clinton sings "Baby Got Back": Speech synthesis is just sublimely

* Webinar on Controlled Digital Lending and the pandemic: Talking about
the Internet Archive, this Friday.

* Google vows no custom AI for oil and gas: Reversing its 2018 position,
which was garbage.

* Re-positive coronavirus cases are not infectious: Finally, we catch a

* Ifixit's medtech repair manual trove is full to bursting: Right to
Repair, pandemic edition.

* This day in history: 2005, 2010, 2015, 2019

* Colophon: Recent publications, upcoming appearances, current writing
projects, current reading


🥘 Hackers on Planet Earth, in the cloud

2600 Magazine's biennial Hackers on Planet Earth conference is one of
hackerdom's longest-running, most countercultural events, and it's had a
rough ride lately - kicked out of its historic home in NYC's Hotel
Pennsylvania, then clobbered by covid.


But they're indomitable sorts: they've moved this summer's con online
and extended it to a NINE DAY event, Jul 25-Aug 5, with the "same number
of talks but spread out over a much longer period and available for
viewing on a high capacity stream."

There are NINE keynotes, exclusive con tees and badges, and for once,
HOPE doesn't have to worry about its speakers being arrested or denied
visas to enter the USA.

There are overnight streams - DJs, concerts - and daytime activities
like lockpicking, soldering and ham radio workshops.

2600's been *slammed* by covid, with issues they've printed (but hasn't
been paid for) stuck in limbo in shuttered stores and distributors.

They're looking to throw a hell of a (virtual) party, even by 2600
standards, and they're hoping their supporters will convert their
tickets to virtual event tickets, and that others will sign up for what
promises to be an amazing event.


🥘 Climate and machine learning

In a new CBC documentary, Brett Gaylor and his (adorbs!) young daughter
explore the environmental cost of machine learning. We focus a lot on
the privacy issues of the Internet of Shit, but they're also a climate


The doc does a great job of covering the issues in the round, including
the labor, solidarity, and technical issues associated with smart
speakers and other ML systems, and especially the Amazon workers'
uprising, demanding a greening of the company's cloud.


🥘 Seeking Fitbit owners' stories

Google isn't an "inventing things" company (almost all of its in-house
products flop), it's a "buying things" company - it acquired its way to
dominance, just like the rest of Big Tech, who literally buy companies
more often than I buy groceries.


The latest major Google acquisition is Fitbit, a company that succeeded
in making a wearable that people used (unlike Google), whose products
many people were forced to wear and give data to as a condition of their
employer-provided health insurance.


However, we're finally - finally! - arriving at a moment when America's
long-slumbering competition regulators are prepared to take action to
protect competitive markets from the winner-take-all smorgasbord
represented by acquisition-fueled growth.

That's where you come in. EFF is gathering stories of Fitbit use to help
us in our discussions with regulators.


We're asking:

*  Did your employer force (or "strongly encourage") you to wear a
Fitbit in order to receive company health benefits?

*  Did you buy a Fitbit because you didn't want to give Google even more
of your data?

*  Does the Google-Fitbit merger make you feel like there's no point in
opting out of Google data-collection because they'll just buy any
company that has a successful alternative?

If you're a Fitbit owner with a story to tell, drop us a line at
mergerstories at eff.org


🥘 Software secrecy

Sonia Katyal's Cornell Law Review paper "The Paradox of Source Code
Secrecy," is a fascinating and comprehensive analysis and critique of
how software's unique properties and software law's incoherence have
conspired to produce a unique crisis.


Katyal raises a number of issues but the most important - the issue that
rises to  a potential constitutional crisis - is that Lessig's metaphor
that "code is law" is no longer metaphorical.

Increasingly, laws, their enforcement, and interpretation are literally
accomplished in software code.

What's more, that code is both proprietary (in the sense of not being
licensed as free/open source) and secret (covered by trade secret law).

So people who rub up against the criminal justice system today are not
permitted to know how they broke the law, to see the evidence against
them and counter it.

Judges and regulators habitually defer to automated systems, acting as
though software-enabled determinations of guilt are empirical and thus
reliable - while the reverse is true, as these systems are error-prone
in the extreme.

And due to the weird, never-before-seen nature of software, and the
resultant legal incoherence, software companies assert overlapping legal
protections: patents, copyrights and trade secrets.

Each of these systems of state-issued privilege has the potential for
social harm, and each has its own escape-valves designed to mitigate
those harms: once someone lawfully, independently discovers your trade
secret, your trade secrecy protection expires.

Copyrighted works have to be deposited with the Copyright Office for
anyone to read in order to claim statutory damages, and copyright suits
require that the plaintiff shows that the defendant actually copied

Patents require full disclosure of their system's working to the US
Patent and Trademark Office, for anyone to see, and the patent only
covers the claimed methods - not different inventions that do the same

But because software is a machine, a literary work, and a secret, it can
be patented, copyrighted, and protected with trade secrecy law. These
overlapping provisions mean that every one of the escape valves for the
public interest is sealed over.

You can get a patent without showing source-code; you can copyright code
but redact trade secrets; you can avoid copyright's requirement to show
that an act of copying occurred by invoking trade secrets. You can get a
trade secret without the burdens of copyright/patent.

Then all this stuff collides with government and the justice system.
Trade secrets have been invoked over government systems ranging from
recordkeeping to student loans, gun registration to multiple-choice high
school exams.

Trade secrets are used to hide the sums that McDonnell-Douglas charges
the USAF, the workings of medical devices, the outcomes of clinical
trials, the details of voting machines, and how search engines and
breathalyzers work.

Chemical manufacturers that poisoned the drinking water of the people in
their community have used trade secrets to keep from having to divulge
the composition of the poison in the water-supply!

When you get to court, trade secrecy keeps you from interrogating
breathalyzer evidence, DNA/fingerprints analysis, or the "Algorithmic
Suspicion Assessment" that put you in contact with law enforcement in
the first place.

It's a long paper, and Katyal goes very deep into the string of
historical occurances that led to this point. You can get to the meat of
the argument by skipping to Section IV, "Due Process In an Age of
Delegation" (p54).


🥘 Grocer won't show employees results from mandatory temp-checks

Harris Teeter is a giant chain of  grocery stores in the American south;
it has instituted a policy of taking employees' temperature when they
start their shifts and sending them home if they have a fever.


That may sound perfectly reasonable, but for reasons that no one - not
even the company's line managers - can figure out, employees themselves
are not allowed to know their own temperatures.

As employees, managers, and health, labor and privacy experts told
Buzzfeed's Brianna Sacks this has no basis in law or practice, and opens
up employees to a host of abuses (like managers keeping sick workers on
shift when they're understaffed).

What's more, the policy is being applied in a haphazard fashion, with
huge implementation discrepancies between different locations.

Now, obviously, anyone with a fever should not be at work, particularly
in food distribution (but also not at all, obvs).

But since the vast majority of coronavirus transmissions come from a-
and pre-symptomatic carriers, temp checks are just the last line of
defense; relying on them can be a kind of coronvirus theater.


The company spokesvillain's explanation for not showing employees their
own temperatures is bizarre. "We choose not to do so as we want to get
associates through the thermal screening process as quickly as possible
and into work. And because we are not medical professionals and do not
want to give medical advice."

Telling you that a thermometer indicates that you do(n't) have a fever
is not "medical advice."

So yeah, while I don't think temp scans are the most important part of
safe commercial practice, I also think a company whose policies are as
stupid, incoherent, high-handed and indefensible as Harris Teeter
probably shouldn't be trusted with the important stuff, either.


🥘 Bill Clinton sings "Baby Got Back"

Back in 2017, Google Research published a paper on using machine
learning to create vocal synthesis models - just feed the system samples
of someone's speech and it then hand it a script and it would read that
speech in the target's voice.


Like so many of ML's greatest party-tricks, the amazing thing about
Vocal Synthesis is its low barrier to entry - it's easy for amateurs to
get involved and play with the system and get it to do amazing things.
There's a whole subreddit devoted to it:


Periodically, the community there puts out a video showingcasing their
work. In March, they released "Bill Clinton reads 'Baby Got Back' by Sir

It does *exactly* what it says on the tin.


I'm no Clinton expert, but if you played this for me, my first reaction
would be, "How did they get Clinton to recite Baby Got Back" and *not*
"That is some impressive machine learning sorcery."


🥘 Webinar on Controlled Digital Lending and the pandemic

This Friday at 9AM Pacific/12PM Eastern, I'm on a Zoom panel with a
group of librarians, copyright experts, and academics to discuss
"Controlled Digital Lending" - the practice of the Internet Archive's
Open Library, as well as its National Emergency Library project.


If you want some background into the controversy over electronic lending
by libraries like the Open Library and the National Emergency Library, I
STRONGLY recommend "Libraries Do Not Need Permission To Lend Books" from
Kyle Courtney.


Courtney makes a broad point - defended in fine detail with reference to
caselaw - that libraries don't, and never have, and should not, require
a license to lend out the books they lawfully acquire.

That's obvious on its face: as an author and a former library worker, it
makes no sense at all to me that we'd ever ask a library system to
secure permission from each person whose books were circulated through
that system.

The discussion of the National Emergency Library has been very heated,
but short on either good legal analysis about what libraries are allowed
to do, and short on facts about what the NEL IS doing.

I'm really looking forward to a discussion that puts a factual
understanding under those arguments, and then builds a moral case for
electronic libraries on top of them.


🥘 Google vows no custom AI for oil and gas

Greenpeace just released "Oil in the Cloud," its report on how Big Tech
is enabling catastrophic expansions of oil and gas extraction with
custom machine learning tools, analyzing 14 contracts between oil
companies and Google, Microsoft and Amazon.


The companies are complicit as hell, inking deals with Exxon, Chevron,
and Total; building portals specifically designed to entice and service
the fossil fuel industry. Microsoft sponsored oil extraction conferences
in Saudi Arabia and Amazon has an "Accelerate Oil" project.

But the good news is that Google had a change of heart and has backed
away from enabling the oil industry, pledging that it will no longer
"build custom A.I./ML algorithms to facilitate upstream extraction in
the oil and gas industry."


Google once had a business unit devoted to its oil industry business,
helmed by an ex-BP exec named Darryl Willis. But Willis is now at
Microsoft (the worst offender in the report) and Google has shut down
his division.

Google still gets $65M/year in oil industry cloud contracts, but that's
just 1% of the company's cloud revenue and the figure is decreasing even
as Google's cloud division is growing.

Writing in Onezero, Brian Merchant attributes the change of heart in
part to  the Googler Uprising, in which scarce, skilled tech workers
staged  walkouts, spoke out against the company and demanded better of it.


🥘 Re-positive coronavirus cases are not infectious

If you're like me, you're hungry for a little good news about
coronavirus. Here's the best news I've had in a month: it appears that
the "re-positive" people who test positive *after* recovering from the
disease are not infectious.


The news comes from a South Korean study of 285 people who'd recovered
from coronavirus and then tested positive again, and while 126 of them
had renewed coronavirus symptoms, they were not shedding virus particles
and thus not at risk of infecting others.

It's not merely that they are not shedding infectious particles (though
that's a huge relief!), it's also that the people they lived with did
not become infected. The subjects also had neutralizing antibodies in
their blood.

"When KCDC researchers tried to isolate and grow whole, infectious
particles of SARS-CoV-2 from the 108 cases they were able to test—all
108 were negative for whole virus."

The possibility that people who'd recovered from coronavirus could both
manifest symptoms and spread the disease was literally keeping me up at
night. Now, it seems that while symptoms my recoccur (which is
dreadful), at least those people won't have to re-isolate.


🥘 Ifixit's medtech repair manual trove is full to bursting

Early in the crisis, the Right to Repair campaign came into its own, as
hospitals - all of us! - found themselves in the same position as
farmers (R2R's staunchest advocates): isolated, far from parts and
service, with urgent needs that could not wait.


Right from the start, the folks at Ifixit were on the case, putting out
an open call for the repair and service manuals that hospital techs have
long squirreled away and traded in secret for fear of reprisals from


That, after all, is medtech's dirty secret: despite manufacturers'
claims that their products can't be safely serviced without their
consent (and without paying them), hospitals have ALWAYS fixed their own
gear, because the alternative is letting people die.

It was manufacturers who were endangering patients, by making it harder
for technicians laboring under time-pressure to save human lives to get
the information they needed. No wonder state officials started demanding
respirator repair guides.


Hospital technicians answered Ifixit's call for repair manuals, opening
up their secret hard-drives and inundating the service with more manuals
than they could handle, so they enlisted The Maintainers and the
American Library Association to help organize them.

Today, Ifixit's Medical Device Repair portal is open and thriving, with
manuals for repairing a vast array of medical equipment, during the
pandemic and beyond.


They're reversing the trend of deadly information hoarding. As Paul
Kelley of Fremont's Washington Hospital told Wired's Lauren Goode: "We
can do less and less work on equipment. We’re getting less and less
documentation. Training is getting harder, and parts are getting scarcer."


Predictably, the medtech lobbyists at  Medical Imaging and Technology
Alliance is warning that this will put people in danger - I suppose
their answer is that if an authorized technician isn't available, we
should ensure patient safety by letting them die.


🥘 This day in history

#15yrsago Spanish copyright society hounds Uni teacher out of job

#15yrsago Italian phone carriers have phone-unlockers arrested

#10yrsago Canada's sellout Heritage Minister ready to hand copyright to
Hollywood https://www.michaelgeist.ca/2010/05/np-on-copyright-bill/

#10yrsago JHEREG license plate

#10yrsago Finnish record industry's regrettable new anti-piracy mascot

#10yrago NYC writer's space throws out last remaining typewriter user

#5yrsago FBI spies on tar sands opponents under banner of "national

#1yrago DRM and terms-of-service have ended true ownership, turning us
into "tenants of our own devices"

#1yrago A look back at the sales training for Radio Shack's Model 100, a
groundbreaking early laptop

#1yrago Notorious forum for account-thieves hacked, login and messages
stolen and dumped

#1yrago How Warner Chappell was able to steal revenues from 25% of a
popular Minecraft vlogger's channels

#1yrago That billionaire who paid off a graduating class's student loans
also supports the hedge-fundie's favorite tax loophole

#1yrago A deep dive into the internal politics, personalities and social
significance of the Googler Uprising

#1yrago Research shows that 2FA and other basic measures are incredibly
effective at preventing account hijacking


🥘 Colophon

Today's top sources: Aestetix, Four Short Links
(https://www.oreilly.com/feed/four-short-links), Fipi Lele, Naked
Capitalism (Naked Capitalism), Slashdot (https://slashdot.org/),
Metafilter (Metafilter).

Currently writing: My next novel, "The Lost Cause," a post-GND novel
about truth and reconciliation. Yesterday's progress: 516 words (17387

Currently reading: The Case for a Job Guarantee, Pavlina Tcherneva

Latest podcast: Someone Comes to Town, Someone Leaves Town (part 03)

.Upcoming appearances: Controlled Digital Lending: Getting Books to
Students During the Pandemic & Beyond, Friday May 22

Upcoming books: "Poesy the Monster Slayer" (Jul 2020), a picture book
about monsters, bedtime, gender, and kicking ass. Pre-order here:

"Attack Surface": The third Little Brother book, Oct 20, 2020.

"Little Brother/Homeland": A reissue omnibus edition with a new
introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583

This work licensed under a Creative Commons Attribution 4.0 license.
That means you can use it any way you like, including commerically,
provided that you attribute it to me, Cory Doctorow, and include a link
to pluralistic.net.


Quotations and images are not included in this license; they are
included either under a limitation or exception to copyright, or on the
basis of a separate license. Please exercise caution.


🥘 How to get Pluralistic:

Blog (no ads, tracking, or data-collection):


Newsletter (no ads, tracking, or data-collection):


Mastodon (no ads, tracking, or data-collection):


Twitter (mass-scale, unrestricted, third-party surveillance and


Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):


*When life gives you SARS, you make sarsaparilla* -Joey "Accordion Guy"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://mail.flarn.com/pipermail/plura-list/attachments/20200520/e3e571bc/attachment.sig>

More information about the Plura-list mailing list