[Plura-list] Big Car says Right to Repair will MURDER YOU; Algorithmic grading; Snowden vindicated

Cory Doctorow doctorow at craphound.com
Thu Sep 3 12:44:31 EDT 2020

Today's links

* Big Car says Right to Repair will MURDER YOU: You wouldn't download a car.

* Algorithmic grading: Another weapon of math destruction.

* Snowden vindicated: NSA spying was illegal.

* Coronavirus is over (if we want it): All we have to do is reform our
entire health-care system.

* Rest in Power, David Graeber: Occupy, Debt, Utopia of Rules, Bullshit

* Hedge fund managers trouser 64%: 2-and-20 is a fiction.

* Corporate spooks track you "to your door": SDKs are trojan horses.

* This day in history: 2005, 2010, 2019

* Colophon: Recent publications, upcoming appearances, current writing
projects, current reading


🌻 Big Car says Right to Repair will MURDER YOU

In 2012, Massachusetts voters overwhelmingly passed (87%!) an automotive
Right to Repair ballot initiative, but in the years since, car-makers
have brutally sabotaged it, prompting another ballot initiative that'll
be before voters in Nov.


The 2012 rule requires car companies to provide independent mechanics
with an interface to access the diagnostic info from the car's CAN bus,
but not from wireless interfaces within the car. So now the automakers
just send all the good stuff wirelessly.

Question 1 - the Mass ballot initiative - just closes that loophole,
requiring the manufacturers to provide mechanics with whatever they need
to access this wireless diagnostic data.

Naturally, the car makers are *freaking out*.

They've launched an absolutely *bugfuck* attack ad that says that if
cars are designed to let independent mechanics fix them, stalkers will
buy used cars, extract potential victims' data from them, and *murder them*.


The ads are paid for by "The Coalition for Safe and Secure Data," a
front for "The Alliance for Automotive Innovation" a front for (who
else?) the car manufacturers.

But when this is pointed out to them, they say, "Oh yeah! Well, *guess
who is paying for question one?! It is the Auto Care Association! Dunh
dunh duuuuuuuhn!"

You will not be amazed to learn that the Auto Care Assoc represents
independent mechanics.

Dunh dunh duuuuuhn.

For his excellent Motherboard story on the ads, Matthew Gault points out
that you should *really* reset your car's onboard systems before you
sell it or give it away.

He quotes Paul F Roberts from Secure Repairs who makes the even better
point that if your car has a bunch of data that's useful to stalkers,
it's only because the car manufacturers have turned cars into rolling
surveillance platforms that spy on their drivers *constantly*.

Which is a pretty good point.

If Big Car is worried that used vehicles are full of nonconsensually
collected kompromat, maybe they could, you know, just stop collecting
all that data?


🌻 Algorithmic grading

Here's your heartbreaking algorithmic cruelty story of the week: UC
Riverside history prof Dana Simmons has a son who's just started junior
high and loves his history teacher:


But when he submitted his first assignment, he was aghast to receive a
50% grade on it.

The assignment was graded by Edgenuity, a machine learning grift that
purports to generate grades for overworked, beleagured teachers.

Simmons calls it an "automatic grading algorithm that values only rote
repetition," and to prove the point, she told her son how to please the
machine: long sentences with a lot of proper names.

It worked: now her son submits "word salads" consisting of two sentences
(long ones, presumably) and a bunch of keywords from the lesson, and is
consistently earning 100% grades. As Simmons says, "He went from an F to
an A+ without learning a thing."

In Cathy O'Neil's seminal "Weapons of Math Destruction," she doesn't
just provide a devastating critique of the underlying statistical basis
for machine learning, but also a set of VERY useful rules of thumb for
spotting AI grifters.


First: if a company provides an AI but doesn't check its predictions,
they don't give a shit about its accuracy.

Think about it: if Amazon uses ML to predict whether moving the *buy*
button will generate more sales, the *definitely* measure whether sales
improved after moving it.

The fact that this automated grading system produces estimates that are
so easily gamed tells you it is a straight-up grift. I mean, the
Bayesian spam filters of the mid-2000s were able to detect the "word
salad" attack.

This isn't one of those subtle, amazing "adversarial example" attacks on
a ML model - like that weird thing where a vision system is tricked into
thinking that a rifle is a helicopter:


It's more like a password prompt that you can bypass just by hitting the
spacebar a bunch of times.

That is: negligent garbage serving no pedagogical purpose, an embodiment
of the enterprise software pathology where the person who buys the
product doesn't have to use it.

Simmons is admirably compassionate about the whole affair: "teaching
online is overwhelming and you can't do it all. _Please_, use the
algorithm to track their learning. But don't post to them as if it's a
measure of their performance. It's more destructive than you know."


School boards shouldn't be buying this tool for teachers.

Teachers shouldn't be using it to assess students.

Students should not be made to see those assessments.


🌻 Snowden vindicated

It's been 7 years since Edward Snowden revealed the full scope of the
NSA's mass surveillance program, something only hinted at by Mark
Klein's 2006 whistleblowing over AT&T;'s role in illegal domestic


In the years since, the NSA and its apologists have spun their lawless
conduct in two ways: first, the insisted that domestic surveillance had
foiled innumerable domestic terror plots, and second, that it was all legal.

The question of whether surveillance catches terrorists has an
unambiguous, empirical answer: it does not. In all the years that the
NSA spied on every single American, they caught one criminal: someone
making a small-dollar donation to Al Shabab.


But the legal question was thornier: the NSA's legal experts advanced
theories to explain why what they did was legal under the (admittedly
farcically broad) Foreign Intelligence Surveillance Act, and why FISA
was legal under the Constitution.

Most people who understood both FISA and the Constitution disagreed, but
it was up to a court to decide. And now it has. The 9th Circuit Court of
Appeals has ruled that NSA surveillance was illegal under both FISA
*and* the Constitution.


This absolutely vindicates Snowden, who remains in exile in Russia.
Snowden has promised to return to the US and stand trial, on condition
that it be held in open court with a jury.

Trump, meanwhile, has mooted pardoning him in what is almost certainly
an irrelevant distraction tactic (this is true of nearly everything
Trump muses about aloud).

What Snowden did was heroic, and his personal account of why he did it
should be required reading for everyone involved in tech, security and



🌻 Coronavirus is over (if we want it)

Few people have been on the right side of more health-care issues than
Atul Gawande, who is the master of simple, commonplace interventions
that make gigantic differences in outcomes - like consistently using
surgical checklists:


His 2014 BBC Reith Lectures on systems thinking in health care are among
the most important programs I've ever listened to:





While "Being Mortal," his 2014 book on death and dignity, permanently
changed the way I relate to my own feelings of death.


And because reality has a well-known bias in favor of universal
health-care, it's not surprising that he's led the research on the cost-
and health-effectiveness of offering care to all, free at the point of


Which is why you should *really* read his (admittedly long) important
New Yorker article "We Can Solve the Coronavirus-Test Mess Now—if We
Want To," about how we could bring the pandemic to heel in very short
order by improving our testing systems:


There's good news and bad news. The good news is that tests are getting
a lot better, and while they have different characteristics - some
generate fewer false positive and others are better on false negatives -
there are effective, evidence-based ways to apply them.

There are even innovative mass-testing techniques - like monitoring the
sewage coming out of a university dorm for early warnings of new infections.

And there's *lots* of excess lab capacity in the USA, including academic
labs that could quickly ramp up to 100k tests/day.

What's more, these tests can be combined in ways that effectively tame
the disease and would allow a quick return to something like normalcy -
as they did in the Italian city of Vò, which reduced infections from 3%
to 0.3% in *two weeks* with a test-and-isolate system.

That's the good news. The bad news is that the US's longstanding, lethal
health-care dysfunction is the major impediment to getting America back
on its feet.

* insurance companies refusing to cover "medically unnecessary" tests

* millions of uninsured people

* incoherent logistics resulting in delays for sampling, transport, and
analysis of samples

* incoherence in health-care delivery, including the patchwork of
uncoordinated hospitals and primary care facilities

* a lack of load-balancing that leaves some labs idle while others groan
under massive backlogs

* lack of coordination between public health officials and health care

* massive underspending in public health, generally

It will get worse. This will likely be one of our worst-ever flu
seasons. Official sabotage of vote-by-mail threatens to turn the
election into a nationwide superspreader event.

People are working around the feds to stave off these looming disasters.
There's the Assurance Testing Alliance: "a logistics grid that links
schools, nursing homes, and others that need regular testing to those
with capacity to deliver it."


There's a 10-state bipartisan compact "to purchase and distribute enough
rapid-testing devices and supplies for the delivery of five million tests."


"Such efforts aren’t a replacement for national leadership, but they
start the work that must be done to make ordinary physical interaction
safe again, and to begin creating the public-health system we deserve."

"The pandemic has brought us a further lesson: our best chance for long,
flourishing lives in the future requires that we build the foundations
of our public health now." -Gawande


🌻 Rest in Power, David Graeber

The incredible writer, activist, academic and speaker David Graeber has
died in a hospital in Venice of undisclosed causes. He was only 59.

I'm devastated.


I first encountered Graeber's work through his magesterial book "Debt:
The First 5,000 Years," which ripped through my circle, especially the
science fiction writers, inspiring entirely a subgenre of "debtpunk,"
like Charlie Stross's "Neptune's Brood."


Debt - along with Solnit's "A Paradise Built in Hell" - was the major
inspiration for my own 2017 novel Walkaway:


Graeber's political radicalism was the result, in part, of his
anthropological view of economics, which gave him insight both into how
we interact with one another, but also why economists' views of those
interactions are so often wrong.


Graeber wasn't just a master of crossing academic disciplines: he was
also brilliant at crossing between the academic and nonacademic worlds,
and as a result, he had an outsized, activist's impact on the world.

His 2015 essay collection "The Utopia of Rules" remains a profoundly
observed, brilliantly written and terribly relevant anthropological
critique of capitalism that is aimed at making a better, smarter, more
effective anti-authoritarian left.


But it was his 2018 breakout book, Bullshit Jobs, that arguably reached
the largest audience and smuggled his critique of capitalism into an
ascerbic and darkly hilarious view of employment:


Graeber and I had corresponded for years before Bullshit Jobs was
published, but it wasn't until his tour for the book that we finally met
face to face, when I interviewed him onstage in LA:


I was delighted to learn that he was charming and gentle in person -
still recognizably that acerbic, lightning-witted blade that he was
online, but tempered with a deep, human compassion that shone through
during the signing afterwards.

The last time I saw Graeber was shortly after the crisis started, when
we were on a panel on radical economics together (alas, no video seems
to be online from that event). I remember that I made him laugh several
times and felt obscenely proud to have done so.

Graeber lived his principles and bore the cost: his activism with Occupy
Wall Street triggered vicious retaliation from NYPD intelligence,
leading to him being evicted from his childhood home:


He inspired millions and died too young. As Owen Jones wrote, "Rest In
Power, David Graeber."



🌻 Hedge fund managers trouser 64%

The fact that rich people buy something is often held up as proof that
it's good, which is how you get Bernie Madoff frauds and subprime crises.

Nowhere is this more true than in money-management, especially hedge-funds.

Hedge funds make investments on behalf of "high-net-worth individuals,"
institutional investors and since "being rich" is equated with "being
good at money," you'd think that hedge fund managers were good at investing.

They are not.

The vast majority of hedge-funds underperform a simple tracker fund
every year, and virtually all funds underperform the market over the


But wait: "vast majority" isn't the same as "all" so maybe all you have
to do is pick a good hedge fund?

Sorry, nope, even when hedge-funds make good bets, they still


Notionally, hedge fund managers live on a 2-and-20 structure: an annual
fee of 2% of the money they manage, and 20% of the profits they
generate. But a 22-year study published by the National Bureau of
Economic Research reveals some next-level chicanery.


The managers of hedge funds (and private equity funds) calculate their
commissions in ways that are extremely beneficial to them, and that can
only be parsed with extremely careful readings of performatively complex
and dull agreements.

As Yves Smith explains, PE managers "take fees on every deal that show a
profit once a hurdle rate is met... firms sell good deals early and dogs
later, meaning it’s pretty common for investors to have been charged
carry fees on early deal profits wiped out by later losses."

The mechanisms meant to guard against this have to be fought for and
more often result in  a "vague promise of getting a 'deal' on the next
fund…which pre-commits them to invest with someone who underperformed
and would not live up to his contact."

That's PE funds - but hedge funds have their own versions. For example,
losses on one hedge fund could not offset gains on a different fund -
giving managers broad leeway to run "multiple funds with no offsets
across funds run by the same hedge fund manager."

And because hedge funds are relatively liquid, investors are allowed to
pull out during downturns, "if they showed profits earlier so they give
up the opportunity to have the losses offset against later gains."

And withdrawals during downturns cause funds to shut down suddenly, with
contracts that favor managers in these events; as the study's authors
note, changing 2-and-20 to 1-and-30 would likely only increase managers'


🌻 Corporate spooks track you "to your door"

Ever wondered why an app that doesn't need your location still wants
permission to get your location? It's likely because the app was built
with a "free" developer toolkit that was made by a company that harvests
and sells your location data.

One such company is X-Mode, whose first product was an app that was
supposed to stop you from making phone calls while drunk. They pivoted
to mass location surveillance, providing developer tools to many app
creators, from MP3 converters to the beauty app Perfect365.

Who buys X-Mode's data? Creepy corporate spies. HYAS is a "threat
intelligence" company that boasts that if you think your company is
being hacked or defrauded by someone on the internet, they can give you
that person's home address.


As Joseph Cox writes for Motherboard, the locational data that's
nonconsensually harvested from your phone is usually billed as being
sold to marketing firms for aggregate analysis ("30% of the foot-traffic
here comes from single mothers").

But a now-deleted material from HYAS's website reveals that this data is
also available for anyone willing to pay to to stalk individual persons.

HYAS's customers aren't just corporations: they also boast of working
with law-enforcement. There have been a rash of stories about cops
engaging in mass surveillance, bypassing the warrant process by spending
tax dollars for commercial data.


X-Mode says its location tracking code has been embedded in 400 apps and
that it harvests location data from 60m people/month.

You can discover this only if you read the sprawling garbage novellas of
legalese that come with those apps, which no one, anywhere, does.

"The first threat intelligence source added, describing HYAS' use of
mobile location data, 'It's shady as fuck.'" -Joseph Cox, Motherboard


🌻 This day in history

#15yrsago MSFT CEO: I will "fucking kill" Google — then he threw a chair

#15yrsago Bruce Sterling's Singapore wrapup

#15yrsago Help the Internet Archive archive blog coverage of Katrina

#15yrsago Box-Wrapping: "single use only" is now enforceable

#15yrsago Apple //e mainboards networked and boxed: the Applecrate

#15yrsago HOWTO convert an NES controller to an optical mouse

#15yrsago Being Poor — meditation by John Scalzi

#15yrsago Massachusetts to MSFT: switch to open formats or you're fired

#10yrsago Old tabriz rug becomes bear rug

#10yrsago Homeroom Security: book about the cruelty of zero-tolerance
classroom policies

#10yrsago Jewelry made from laminated, polished cross-sections of books

#1yrago Guy returns his "smart" light bulbs, discovers he can still
control them after someone else buys them

#1yrago Hong Kong protests level up in countermeasures, tactics, art and
deadly seriousness

#1yrago HOW TO: XKCD's Randall Munroe finds the humor in taking silly
questions very, very seriously

#1yrago Library of Congress releases 11,700 freely usable photos of
"roadside America," taken by John Margolies

#1yrago Rideshare companies' effort to kill California employment bill
is failing miserably

#1yrago Ring: "We don't use facial recognition"; also Ring: "We have a
head of facial recognition research"

#1yrago Apple led the campaign to kill Right to Repair, now it's
supplying parts to (some) independent repair shops

#1yrago Survey: Self-identified "pro lifers" are generally contemptuous
of women

#1yrago Dell Magazines have changed the Campbell Award to the Astounding
Award, removing the name of fascist John W Campbell

#1yrago They told us DRM would give us more for less, but they lied


🌻 Colophon

Today's top sources: Naked Capitalism
(https://www.nakedcapitalism.com/), Slashdot (),

Currently writing: My next novel, "The Lost Cause," a post-GND novel
about truth and reconciliation. Yesterday's progress: 512 words (56793

Currently reading: Gideon the Ninth, Tamsyn Muir

Latest podcast: Someone Comes to Town, Someone Leaves Town (part 14)

Upcoming appearances:

* Keynote for Law Via the Internet conference, Sept 22,

* Writing into an Uncertain Future, Afterwords Festival, Oct 1,

Upcoming appearances:

* Keynote for Law Via the Internet conference, Sept 22,

* Writing into an Uncertain Future, Afterwords Festival, Oct 1,

Latest book:

* "Little Brother/Homeland": A reissue omnibus edition with a new
introduction by Edward Snowden:
https://us.macmillan.com/books/9781250774583; personalized/signed copies

* "Poesy the Monster Slayer" a picture book about monsters, bedtime,
gender, and kicking ass. Order here:
https://us.macmillan.com/books/9781626723627. Get a personalized, signed
copy here:

Upcoming books:

* "Attack Surface": The third Little Brother book, Oct 20, 2020.

This work licensed under a Creative Commons Attribution 4.0 license.
That means you can use it any way you like, including commercially,
provided that you attribute it to me, Cory Doctorow, and include a link
to pluralistic.net.


Quotations and images are not included in this license; they are
included either under a limitation or exception to copyright, or on the
basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):


Newsletter (no ads, tracking, or data-collection):


Mastodon (no ads, tracking, or data-collection):


Twitter (mass-scale, unrestricted, third-party surveillance and


Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):


When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://mail.flarn.com/pipermail/plura-list/attachments/20200903/2b65c4a0/attachment-0001.sig>

More information about the Plura-list mailing list