[Plura-list] ADT insider threat; Billionaires think VR stops guillotines; Privacy Without Monopoly

Mon Feb 15 13:03:50 EST 2021

_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

This Wednesday, I'm giving a talk called "Technology,
Self-Determination, and the Future of the Future" for the Purdue
University CERIAS Program:

https://www.cerias.purdue.edu/news_and_events/events/security_seminar/details/index/2njk1v59j4vdc3supiespncgr6

_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

Today's links

* ADT insider threat: If you build it they will spy.

* Billionaires think VR stops guillotines: TARP with tasps.

* Privacy Without Monopoly: Podcasting a reading of the latest EFF
whitepaper.

* This day in history: 2006, 2011

* Colophon: Recent publications, upcoming/recent appearances, current
writing projects, current reading

_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

🤥 ADT insider threat

Self-control isn't merely a matter of eliminating your own weaknesses.
Self control is primarily about compensating for those weaknesses. When
you go on a diet, you don't just commit yourself to eating well - you
also throw away the Oreos so you won't be tempted.

This manoeuvre has a name: a Ulysses Pact, named for the passage in the
Odyssey in which Ulysses pilots his ship through the sirens' sea,
eschewing wax-stoppered ears so that he could hear their song,
protecting himself by lashing himself to the mast.

Ulysses knew he would face a moment of weakness in the future, so he
used his strength in the moment to guard against his future self.

Tech was built on a Ulysses Pact: the irrevocable free software license:
once a hacker applies the GPL, they can't unchoose it.

No pressure from investors, not even the risk of bankruptcy or physical
coercion can remove a free software license once it has been applied.

A Ulysses Pact is an act of humility, an admission of frailty. Alas,
humility is in short supply in tech (the GPL is an exception).

Far more common is to build systems that can be abused, and assume that
you - and your successors, collaborators, and underlings - will never
yield to temptation.

Think of when the W3C incorporated DRM into browser standards, sure that
none of its members would use this to exclude future rivals, only to be
proven wrong a mere three years later, when Google blocked all free/open
entrants into the field.

https://memex.craphound.com/2020/01/08/three-years-after-the-w3c-approved-a-drm-standard-its-no-longer-possible-to-make-a-functional-indie-browser/

Or when Apple arrogated to itself the power to decide which software you
can run on your phones and tablets, only to have the Chinese state order
it to block working privacy tools to facilitate a system of violent,
totalitarian control.

https://locusmag.com/2021/01/cory-doctorow-neofeudalism-and-the-digital-manor/

As Pavel Chekov counselled us all those years ago on the Desliu lot, a
phaser on the bulkhead in act one will go off by act three.

Back in 2015, we bought - and then returned - a Canary security camera.
We'd just immigrated to the US and were feeling a little nervous.

I was suspicious of this gadget. Though I wasn't technically capable of
auditing its software, I WAS able to read its privacy policy, in which
they promised not to share footage from your home unless ordered to do so.

https://arstechnica.com/gadgets/2016/09/canary-debuts-flex-cam-suited-for-your-living-room-and-your-lawn/?comments=1&post=31916515

I suspected that meant that Canary didn't employ end-to-end encryption,
meaning that company insiders could peek at that footage, and the only
thing preventing such peeking was policy and integrity, not that such a
thing was impossible.

I wrote to the company and they confirmed that this was so, explaining
that having access to cleartext video streams helped them use ML models
that could distinguish between intruders and pets, and promising that
they carefully vetted people with access to the footage.

So far as I know, Canary hasn't had such a breach...yet. But ADT - an
industry leader whose major investor is Google - did. An ADT technician
named Telesforo Aviles admitted to spying on at least 200 ADT customers.

https://gizmodo.com/a-home-security-worker-hacked-into-surveillance-systems-1846111569

Aviles wanted to spy on attractive women in order to see them in naked
and having sex. ADT's system was designed to allow this; the primary
means by which it was prevented was vetting staff - a process that is
obviously too imperfect to trust in a high-stakes environment.

When ADT discovered this was happening, they tried to cover it up,
offering laughable cash payments to survivors of Aviles's spying in
exchange for confidentiality.

https://nypost.com/2020/05/19/adt-worker-accused-of-using-app-to-spy-on-people-for-7-years/

Doubtless certain technical aspects of the administration of ADT's
security system were made simpler by choosing to create a system that
was vulnerable to insider attacks. But by making this tradeoff, ADT
demonstrated its unfitness to be in this market.

Maturity, after all, isn't about resisting temptation - it's about
recognizing your own fallibility and taking measures to limit it.
Exposing millions of customers to insider attacks on the obviously false
belief that you will never hire the wrong person is unforgivable.

_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

🤥 Billionaires think VR stops guillotines

The pandemic has afforded all of us a refresher course on the five
stages of grief, a theoretical and controversial framework for
describing how people cope with tragedy: denial, anger, bargaining,
depression and acceptance.

https://en.wikipedia.org/wiki/Five_stages_of_grief

A far slower-moving unfolding of these stages can be seen in the
reactions of the super-wealthy to the breakdown in neoliberal orthodoxy,
the tale that says that inequality results from meritocracy, and makes
us all better off:

https://pluralistic.net/2021/02/13/data-protection-without-monopoly/#inequality

Denial came out in the "rationalist" view: the world is better off than
ever - richer, less violent, healthier, and any discontent you feel with
your plummeting fortunes and the contracting possibilities for your kids
is just your tunnel vision. Lack of perspective.

But the Great Financial Crisis and Occupy triggered the anger of the
elites: violent suppression of protests, the "Doom Boom" in new luxury
bunkers, Howard Schultz's insistence that "billionaire" is a slur (he
says we should call him a "person of wealth").

The pandemic - and the "K-shaped recovery"- has revealed the existential
threat inequality poses for our species, between price-gouging, fraud,
profiteering, flouting health directives, and coercing the poor and
vulnerable into risking their lives to keep the economy afloat.

A palpable desperation has set in among the ultra-wealthy, and with it,
bargaining. VR execs and their major investors have begun to quietly
assert that it will stabilize our unequal society by anaesthetizing the
have-nots with virtual wealth.

https://www.wired.com/story/billionaires-use-vr-avoid-social-change/

John Carmack: "Not everyone can have a mansion. Not everyone can have a
home theater. These are things we can simulate, to some degree, in
virtual reality."

Gabe Newell: "The real world will seem flat, colorless, blurry compared
to the experiences you'll be able to create in people's brains"

None of this will work. VR as opiate for the masses is a great Ernie
Cline plot, but it's lousy social policy. After all, providing the
desperate victims of the Great Financial Crisis unlimited access to
Oxycontin and Fentanyl did not stabilize our society.

As Matthew Gault writes in Wired: "If you want a picture of the future,
imagine a Facebook-branded set of VR goggles strapped to an emaciated
human face—forever."

_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

🤥 Privacy Without Monopoly

This week on my podcast, a spoken-word version of "Privacy Without
Monopoly: Data Protection and Interoperability," a major new white-paper
that Bennett Cyphers and I co-authored for EFF.

https://craphound.com/news/2021/02/15/privacy-without-monopoly-data-protection-and-interoperability-part-1/

It’s a paper that tries to resolve the tension between demanding that
tech platforms gather, retain and mine less of our data, and the demand
that platforms allow alternatives (nonprofits, co-ops, tinkerers,
startups) to connect with their services.

I read the first half of it this week - about 40 minutes' worth - and
I'll finish it next week. If you don't want to wait, you can dive in
with the written version straightaway:

https://www.eff.org/wp/interoperability-and-privacy

You can subscribe to my podcast feed here:

https://feeds.feedburner.com/doctorow_podcast

Here's a direct link to the MP3 (hosting courtesy of the Internet
Archive; they'll host your stuff for free, forever, too!):

https://archive.org/download/Cory_Doctorow_Podcast_378/Cory_Doctorow_Podcast_378_-_Privacy_Without_Monopoly_01.mp3

_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

🤥 This day in history

#15yrsago RIAA: CD ripping isn’t fair use
https://web.archive.org/web/20060216233008/https://www.eff.org/deeplinks/archives/004409.php

#10yrsago “Psychic” cancels show due to “unforeseen circumstances”
https://web.archive.org/web/20110217050619/https://scienceblogs.com/pharyngula/2011/02/irony.php

#10yrsago CBS sends a YouTube takedown to itself
https://www.reddit.com/r/WTF/comments/flktg/cbs_files_a_copyright_claim_against_themselves_o_o/

_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

🤥 Colophon

Today's top sources: Bruce Schneier (https://schneier.com/), Naked
Capitalism (https://nakedcapitalism.com/).

Currently writing:

* My next novel, "The Lost Cause," a post-GND novel about truth and
reconciliation. Friday's progress: 514 words (110389 total).

* A short story, "Jeffty is Five," for The Last Dangerous Visions.
Friday's progress: 251 words (5077 total).

Currently reading: Analogia by George Dyson.

Latest podcast: Someone Comes to Town, Someone Leaves Town (part 30)
https://craphound.com/articles/2021/01/31/someone-comes-to-town-someone-leaves-town-part-30/

Upcoming appearances:

* Keynote, NISO Plus, Feb 22,
https://niso.plus/cory-doctorow-to-keynote-at-niso-plus-2021/

* Technology, Self-Determination, and the Future of the Future (Purdue
CERIAS), Feb 17,
https://www.cerias.purdue.edu/news_and_events/events/security_seminar/details/index/2njk1v59j4vdc3supiespncgr6

*  Mellon Sawyer Seminar on Contemporary Political Struggle: Social
Movements, Social Surveillance, Social Media (with Zeynep Tufekci), Feb
24, https://ucdavis.zoom.us/webinar/register/WN_I99f4x8WRiKCfKUljVcYPg

* World Ethical Data Forum keynote, Mar 17-19,
https://worldethicaldataforum.org/wedf-2020

* Interop: Self-Determination vs Dystopia (FITC), Apr 19-21,
https://fitc.ca/presentation/interop/

Recent appearances:

* Chop Shop Economics
https://soundcloud.com/chopshopeconomics/unlocked-special-episode-9-cory-doctorow/s-VzUA5S25But

* Monocle Reads
https://monocle.com/radio/shows/meet-the-writers/monocle-reads-87/play/

* Hedging Bets on the Future (Motherboard Cyber):
https://play.acast.com/s/cyber/hedgingbetsonthefuturewithauthorcorydoctorow

Latest book:

* "Attack Surface": The third Little Brother novel, a standalone
technothriller for adults. The *Washington Post* called it "a political
cyberthriller, vigorous, bold and savvy about the limits of revolution
and resistance." Order signed, personalized copies from Dark Delicacies
https://www.darkdel.com/store/p1840/Available_Now%3A_Attack_Surface.html

* "How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet
analyzing the true harms of surveillance capitalism and proposing a
solution.
https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59
(print edition:
https://bookshop.org/books/how-to-destroy-surveillance-capitalism/9781736205907)

* "Little Brother/Homeland": A reissue omnibus edition with a new
introduction by Edward Snowden:
https://us.macmillan.com/books/9781250774583; personalized/signed copies
here:
https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html

* "Poesy the Monster Slayer" a picture book about monsters, bedtime,
gender, and kicking ass. Order here:
https://us.macmillan.com/books/9781626723627. Get a personalized, signed
copy here:
https://www.darkdel.com/store/p1562/_Poesy_the_Monster_Slayer.html.

This work licensed under a Creative Commons Attribution 4.0 license.
That means you can use it any way you like, including commercially,
provided that you attribute it to me, Cory Doctorow, and include a link
to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are
included either under a limitation or exception to copyright, or on the
basis of a separate license. Please exercise caution.

_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

🤥 How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/web/accounts/303320

Twitter (mass-scale, unrestricted, third-party surveillance and
advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"*When life gives you SARS, you make sarsaparilla*" -Joey "Accordion
Guy" DeVilla

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://mail.flarn.com/pipermail/plura-list/attachments/20210215/ba8f393d/attachment.sig>