[Plura-list] SMS security is flaming garbage; The People's Parity Project; Meet the new music boss, same as the old music boss

Cory Doctorow doctorow at craphound.com
Tue Mar 16 12:25:08 EDT 2021


Today's links

* SMS security is flaming garbage: Netnumber is a perfect microcosm of
telephonic uselessness.

* The People's Parity Project: An antidote to corporate law.

* Meet the new music boss, same as the old music boss: Monopsony begets
monoposony.

* This day in history: 2001, 2006, 2011, 2020

* Colophon: Recent publications, upcoming/recent appearances, current
writing projects, current reading

_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

☠️ SMS security is flaming garbage

Thanks to the bipartisan consensus that monopolies are good, actually,
the entire wireless sector has merged into four companies, each more
incompetent - and structurally important - than the last.

The combination of size, importance and incompetence is deadly indeed.
These companies know where we go, who we talk to...everything about us.
We entrust them with our public safety and national security. The person
who hijacks your phone hijacks your life.

The carriers are so bad at this. Hence "SIM-swapping," where criminals
bypass your SMS-based two-factor auth to break into your online accounts
and steal everything you own, millions at a time, with help from badly
paid and badly supervised insiders.

https://www.zdnet.com/article/wave-of-sim-swapping-attacks-hit-us-cryptocurrency-users/

It's not just crooked insiders who victimize us. The companies' top
execs get in on the act. They sell your location data on the cheap, to
anyone who'll pay for it - bounty hunters, skip-tracers...stalkers.

https://www.vice.com/en/article/nepxbz/i-gave-a-bounty-hunter-300-dollars-located-phone-microbilt-zumigo-tmobile

The whole industry is a trash-fire. It is built on badly conceived,
badly overseen institutions like the Override Services Registry,
maintained by Netnumber. The OSR is a powerful, industry-wide database
that allows text messages to be redirected from one phone to another.

You'd hope that access to the OSR would be tightly controlled, limited
to companies that exhibited the utmost prudence and sobriety, lest
thieves hijack your SMS messages, read your secrets, and steal your 2FA
codes in order to rob you blind.

Your hopes will be dashed, I'm afraid. There are many, many companies
that can access the OTR as part of commercial SMS marketing services.
They offer cheap and easy signup. Find one, give it your target's
cellphone number, and your phone will get their texts.

Writing for Motherboard, Joesph Cox describes how a security researcher
named Lucky225 was able to (consensually) divert his text messages after
paying $16 to a company called Sakari.

https://www.vice.com/en/article/y3g8wb/hacker-got-my-texts-16-dollars-sakari-netnumber


This is a bowel-looseningly terrifying vulnerability. After Sakari was
contacted for comment, they added the basic, obvious authentication step
of calling the subscriber before diverting their SMSes. No fear, many of
Sakari's competitors do not bother with this.

As my EFF colleague Eva Galperin told Cox, this is a timely reminder not
to use SMS for two-factor authentication or any kind of sensitive
message - switch to an authenticator and an encrypted messenging app
that's totally isolated from the horrible, lazy, sloppy telcos.

Okey Systems, the security company where Lucky225 is Director of
Information, has produced a tool that monitors whether your SMSes are
being hijacked. This is a nice tool to have, but we should not need it.

https://okeymonitor.com/

_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

☠️ The People's Parity Project

During the Trump epoch, we heard a lot about "Federalist society
judges," with the implication that something deep and structural and
sudden was shifting in American law.

It was, but there's more to the story.

The Federalist Society is a conservative law movement that proclaims
itself to be "originalists," dedicated to interpreting the Constitution
according to the lights and intentions of the Framers who drafted it.

Of course, this is nonsense. Just as Biblical "literalists" cherrypick
which parts of the Bible they adhere to (they're not eschewing figs, or
mixed textiles, or beard-trimmers), Constitutional "originalists" ignore
the parts of the Constitution that don't suit their agenda.

What agenda does the Federalist Society have? The same agenda that every
conservative has: to elevate a small group of people who were destined
to rule over the rest of us, who were destined to be ruled over.

As Corey Robin described in THE REACTIONARY MIND, that is the single
factor that unites all the strains of conservativism, from Dominionism
to Libertarianism to Monarchism to Imperalism: some are born to rule,
others, to be ruled over.

https://global.oup.com/academic/product/the-reactionary-mind-9780190692001

The Federalist Society also satisfies two other definitions of
conservative thought.

First, Steven Brust's: "If you think human rights are more important
than property rights, you're not a conservative. If you think property
rights *are* human rights, you are a conservative."

And second, Frank Wilhoit's: "Conservatism consists of exactly one
proposition…There must be in-groups whom the law protects but does not
bind, alongside out-groups whom the law binds but does not protect."

https://crookedtimber.org/2018/03/21/liberals-against-progressives/#comment-729288

The Federalist Society project was decades in the making:  wealthy
conservatives poured money into it, year after year, both in creating a
Federalist pipeline at law-schools, then securing positions for baby
Federalists in large firms and courts.

As the project of corrupting the courts bore fruit, producing
elite-friendly, wealth-friendly decisions that reversed decades of
progress against discrimination and exploitation, it gathered steam and
supporters and became a lobbying priority across multiple industries.

The Trump appointments were a massive leap forward for the Federalists.
Thanks to McConnell's stonewalling on appointing judges under Obama,
there were many vacancies to fill, including a Supreme Court seat, when
Trump took office.

Now, there's been a change in government and with it, the chance to
mitigate the harms these dangerous, ideologue judges will wreak upon the
American people as they strip them of their rights and hand more and
more power to the wealthy people to whom they owe their power.

There's a mainstream counterforce to the Federalists, the American
Constitutional Society, favored by establishment Democrats. The ACS are
conservatives, too, in the Corey Robin sense - they differ from the
Federalists in terms of whom they think should rule.

That's how the ACS came to seat Amazon's chief union-buster, Andrew
DeVore, on his board. He was ousted after public outcry, but he's not
unique or exceptional in the ACS's leadership and ideology. They believe
in corporate rule as surely as the Federalists do.

But there's a third faction, one that's still nascent, even larval, but
is nevertheless showing enormous promise: the Peoples Parity Project,
which formed in 2018 amidst the #MeToo movement, first to address sexual
predation in corporate law firms.

https://www.peoplesparity.org/

The major barrier to dealing with law-firm predators is that lawyers who
sign up to work at these firms have to sign forced arbitration waivers,
in which they surrender their right to sue in civil court.

Forced arbitration has become widespread since SCOTUS Federalists ruled
in favor of it. It is what keeps Uber drivers and many other kinds of
workers from suing over wage-theft, sexual abuse, discrimination, and a
host of other ills.

Naturally, corporate law firms impose arbitration on their own staff.

Importantly, the PPP fought against forced arbitration not just for
lawyers, but for blue-collar workers at large law-firms (predatory execs
at these firms are just as happy to assault admin assistants).

This is rare, but growing, and is the most hopeful part of the new labor
movement: white-collar, high-waged workers form solidarity with
low-waged workers.

See, for example, the solidarity movement between Amazon techies and
warehouse workers.

https://pluralistic.net/2020/04/14/abolish-silicon-valley/#hang-together-hang-separately

The PPP is less than three years old, but it's already making a
difference. As Daniel Boguslaw writes for The American Prospect, these
young lawyers have forced the largest corporate firms, like Kirkland and
Ellis, to abandon arbitration.

https://prospect.org/justice/taking-on-corporate-law-in-both-parties/

They were key to a coalition that has proposed "a vetted suite of
progressives for circuit court judgeships" to the Biden administration,
and they've built out chapters at over a dozen leading law-schools, from
Harvard to NYU to U Mich.

The sudden shift in law that followed Trump's judge appointments wasn't
sudden at all - it was the swift culmination of a low, slow, patient
project to turn America into an oligarchy, where the few rule the many,
where the few are protected by the law, but not bound by it.

The Clintonian takeover of the Democrats and its transformation into a
different kind of corporate conservative project meant that the Left
version of this slow, patient transformation had no party support - it
was incubated outside of the Dems.

But we are at a transformative moment, where the inequality emergency,
the climate emergency, the pandemic emergency, the employment emergency,
and the health care emergency are all converging.

It's a moment where long, slow patient projects can accelerate, where
"ideas lying around" might be picked up and used. It's a moment we can't
afford to squander.

_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

☠️ Meet the new music boss, same as the old music boss

In his 2020 book MONOPOLIZED, David Dayen describes a curious and brutal
dynamic of monopolies: they breed monopolies.

"Consumer welfare," the dominant strain of antitrust for the past 40
years, has treated monopolies as innocent until proven guilty.

https://pluralistic.net/2021/01/29/fractal-bullshit/#dayenu

Companies are allowed to merge with competitors and create vertical
silos, so long as no one can prove that doing so has raised prices. The
only acceptable proof are the mathematical models invented by
pro-monopoly economists, who are the foremost builders of these models.

Strangely enough, these models always prove that the monopoly is good,
actually: not harming "consumer welfare." All potential mergers will
provably not result in increased prices. All post-merger price-increases
are provably not due to the merger.

Anyone who challenges these interpretations is derided for their
ignorance of how these models work. Modern antitrust is a priesthood,
and whenever a monopoly question arises, they slaughter an ox and read
the future in its guts, which only they can interpret.

And strangely enough, the ox guts always favor monopoly.

Now, not *all* price-fixing can be waved away as unrelated to market
concentration. In some cases, different companies in a sector will
literally conspire to set prices, putting it down on paper.

When that happens, you don't need to make a model to show that price
rises can be attributed to market power: you have the receipts.

This happens all the time. The record labels documented their CD
price-rigging in the 90s, leading to a $67.3m settlement in 2002.

In 2012, the Big Six publishers colluded with Apple to raise ebook
prices. They also put it in writing.

https://en.wikipedia.org/wiki/United_States_v._Apple_Inc.

In most of these cases, the price-fixing is only part of the story.
What's actually going on is more complicated: a cartel of manufacturers
are conspiring not merely to raise prices, but to fight the predatory
practices of a monopolist somewhere else in the supply-chain.

With the labels, it was big box retailers like Walmart. With the
publishers, it was Amazon. These monopolists had cornered significant
customer-bases for the cartels' products, and the monopolists were
squeezing their suppliers for all they were worth - literally.

Here's where it gets funky. Remember that monopolies are innocent until
proven guilty, and it's impossible to prove them guilty. If six
publishers' CEOs conspire to raise ebook prices, that's illegal. It's
collusion.

If one of those six buys two of the others - if Random House buys
Penguin and Simon & Schuster - then the former CEOs of those companies
(now heads of divisions in a single company) can do *exactly* the same
thing with little fear of legal reprisals.

Antitrust law rewards monopolies and punishes cartels, so members of
cartels merge until they have monopolies.

Which brings me back to David Dayen and his book MONOPOLIZED. The
industry Dayen analyzes to demonstrate this phenomenon is US health care.

In Dayen's telling, the first salvo was the mergers-to-monopoly in
pharma, producing the Big Pharma giants we have today. These massive,
consolidated firm started to lean on their customers, notably hospitals,
price-gouging them on medicine.

Individual hospitals were powerless against this pressure: a single
hospital that refuses to buy cancer meds at jacked-up prices doesn't get
lower prices, it gets dead cancer patients.

But if hospitals teamed up to demand lower prices, that would be illegal
price-rigging.

However, if the hospitals all merged into giant chains, they'd be able
to push back in two directions. First, they could demand lower prices on
drugs from Big Pharma, and second, they could pass on high prices to the
insurance sector, which was still decentralized.

Again, the health insurers were not capable of pushing back as
individual firms. When all the health care in a single ZIP code is
provided by one chain of clinics, hospitals and ERs, an insurer can't
declare them all out-of-network - not if it wants to keep its customers.

But once the insurers merged to monopoly, they not only got to push back
against hospital price-gouging - they also got to charge higher premiums
and deductibles, and they didn't have to worry about losing customers,
because there was nowhere to go.

This is really a story of shit flowing downhill - pharma pushes
hospitals who push insurers, who push...us. The patients and the
front-line health-care workers, from custodians and cafeteria workers to
nurses and MDs.

Monopoly breeds monopoly, with each sector of the supply chain
concentrating to defend itself against the other sectors, and to exert
market power over those sectors that aren't yet monopolized. The only
part of the chain that can't organize are workers and customers.

Historically, workers organized in unions to push back against these
leveraged assaults on their rights, but the US has all but prohibited
unionization.

The public historically organized through politicians who fought for
them, but unlimited corporate campaign contributions have made such
fights a distant memory.

And so every sector starts to look like health-care: monopolized at
every level except for labor and customers.

Writing in Wired today, Ron Knox from the antimonopoly Institue for
Local Self-Reliance describes how this dynamic is playing out in music,
where the new bosses are all the same as the old bosses.

https://www.wired.com/story/opinion-big-music-needs-to-be-broken-up-to-save-the-industry/

It's not merely the Big Three labels colluding to rip off artists, it's
also the tech partners who control distribution, notably Spotify and
Youtube.

To the extent that merged-up behemoths like UMG exercise their monopoly
power to get more from these digital partners, those excess gains are
stolen from the musicians who earned them.

For example, big labels do minimum payout deals with Spotify specifying
that millions are owed to them each quarter - but then they accept lower
per-stream royalties for their music on Spotify. The result is that
massive sums of those guaranteed payouts are "unattributed."

Unattributed revenues are not owed to any artist, so the label gets to
keep that money. It's flat-out wage-theft, and it demonstrates the
bankruptcy of hoping that a change in monopolists will make lives better
for their workforces.

All things being equal, UMG would like to shift as many dollars as
possible off of Spotify's balance sheet onto its own. But UMG will not,
on its own, hand a single penny of that to the artists whose work
generated those dollars

Which is why Knox says we have to break up all these giants - the labels
and the digital distribution monopolists, including Youtube and Spotify
and Apple and Amazon.

But, Knox points out, that will not be enough.

Because it's not just recording and distribution that are monopolized -
it's also performance venues and ticketing (Ticketmaster/Live Nation)
and radio (Iheartradio/Liberty Media), whose monopolists are rapacious
wage-stealers and fraudsters.

The market can't and won't fix this. Take live performance venues: the
vast majority of these are expected to fail thanks to the covid
shutdowns. The private sector has a plan to bail them out: former WME
exec Marc Geiger raised a vast warchest to buy them for pennies.

He will consolidate them into...a monopolist to push back against the
Ticketmaster/Live Nation monopoly. If he pulls it off, he may succeed in
shifting many millions from Live Nation's balance-sheet to his own. He
will not give any of it to performers if he doesn't have to.

Knox's (correct) conclusion is that we have to have antimonopoly
enforcement across the entire supply chain, not just in one or two
sectors - from social media to recording to payments to venues to
streaming to radio, we have to break them up.

And that might just happen. Two high-profile Biden appointees, Tim Wu
and Lina Khan, are on the absolute vanguard of the new antimonopoly
movement. Amy Klobuchar's (flawed) antitrust bill goes further than any
initiative in years.

And most of all, the musicians aren't alone here. The fight they're
fighting is just a part of the fight we're all in: not just every kind
of artist, but doctors and patients, cabbies and riders, farmers and eaters.

Our fights have different technical characteristics and different
structural remedies particular to those characteristics, but they are,
fundamentally, the same fight.

The fight against monopolies.

_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

☠️ This day in history

#20yrsago Fuckedcompany costs $75/month
https://web.archive.org/web/20020204021213/http://www.kaplanindex.com/fsearch/commerce/purchase_form.php

#10yrsago Four Color Fear: delightful horror comics from the pre-Code
era
https://memex.craphound.com/2011/03/16/four-color-fear-delightful-horror-comics-from-the-pre-code-era/

#5yrsago Sheriff says rape kits are irrelevant because most rape
accusations are false
https://www.oregonlive.com/pacific-northwest-news/2016/03/rape_kit_system_unnecessary_si.html

#5yrsago Fuck Optimism
https://littleatoms.com/society/cory-doctorows-manifesto-hope

#5yrsago Hack-attacks with stolen certs tell you the future of FBI vs
Apple
https://memex.craphound.com/2016/03/16/hack-attacks-with-stolen-certs-tell-you-the-future-of-fbi-vs-apple/

#5yrsago From dingo babysitter to net neutrality hero: Tom Wheeler’s
legacy
https://arstechnica.com/information-technology/2016/03/how-a-former-lobbyist-became-the-broadband-industrys-worst-nightmare/


#5yrsago Captured: a book of prison inmate drawings of CEOs and other
too-big-to-jail criminals https://thecapturedproject.com/

#1yrago Italian hospitals fix their ventilators with 3D printed parts
https://pluralistic.net/2020/03/16/tiktoks-secrets/#3dp-breathfree

_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

☠️ Colophon

Today's top sources:

Currently writing:

* My next novel, "The Lost Cause," a post-GND novel about truth and
reconciliation. Yesterday's progress: 514 words (116169 total).

* A short story, "Jeffty is Five," for The Last Dangerous Visions.
Yesterday's progress: 276 words (8092 total).

* A cyberpunk noir thriller novel, "Red Team Blues." Yesterday's
progress: 1044 words (29927 total).

Currently reading: Analogia by George Dyson.

Latest podcast: Privacy Without Monopoly: Data Protection and
Interoperability (Part 3)
https://craphound.com/news/2021/02/28/privacy-without-monopoly-data-protection-and-interoperability-part-3/
2

Upcoming appearances:

* Affordable Internet Day of Action, Mar 16,
https://www.affordable-internet.ca/

* World Ethical Data Forum keynote, Mar 17-19,
https://worldethicaldataforum.org/wedf-2020

* Launching "The Future You" with Brian David Johnson, Mar 19,
https://www.changinghands.com/event/march2021/brian-david-johnson-future-you-break-through-fear-and-build-life-you-want

*  Balancing Worldbuilding and Narrative (with Karen Osborne and Kali
Wallace), Mar 24,
https://ucsd.zoom.us/webinar/register/WN_YSvD5IjGS7Su2z-xhQN1ZA

* Interop: Self-Determination vs Dystopia (FITC), Apr 19-21,
https://fitc.ca/presentation/interop/

Recent appearances:

* Conspiracy Theories (Utopian Horizons):
https://soundcloud.com/utopianhorizons/conspiracy-theory-w-cory-doctorow

* Canadian Speculative Fiction (Unknown Worlds):
https://unknownworlds.podbean.com/e/canadian/

* Who Uses the Users? (This Machine Kills)
https://soundcloud.com/thismachinekillspod/48-who-uses-the-users-ft-cory-doctorow

* Technology, Self-Determination, and the Future of the Future (CERIAS)
https://www.youtube.com/watch?v=2yC_hBDS-RU

Latest book:

* "Attack Surface": The third Little Brother novel, a standalone
technothriller for adults. The *Washington Post* called it "a political
cyberthriller, vigorous, bold and savvy about the limits of revolution
and resistance." Order signed, personalized copies from Dark Delicacies
https://www.darkdel.com/store/p1840/Available_Now%3A_Attack_Surface.html

* "How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet
analyzing the true harms of surveillance capitalism and proposing a
solution.
https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59
(print edition:
https://bookshop.org/books/how-to-destroy-surveillance-capitalism/9781736205907)
(signed copies:
https://www.darkdel.com/store/p2024/Available_Now%3A__How_to_Destroy_Surveillance_Capitalism.html)

* "Little Brother/Homeland": A reissue omnibus edition with a new
introduction by Edward Snowden:
https://us.macmillan.com/books/9781250774583; personalized/signed copies
here:
https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html

* "Poesy the Monster Slayer" a picture book about monsters, bedtime,
gender, and kicking ass. Order here:
https://us.macmillan.com/books/9781626723627. Get a personalized, signed
copy here:
https://www.darkdel.com/store/p1562/_Poesy_the_Monster_Slayer.html.

This work licensed under a Creative Commons Attribution 4.0 license.
That means you can use it any way you like, including commercially,
provided that you attribute it to me, Cory Doctorow, and include a link
to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are
included either under a limitation or exception to copyright, or on the
basis of a separate license. Please exercise caution.

_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

☠️ How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/web/accounts/303320

Twitter (mass-scale, unrestricted, third-party surveillance and
advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"*When life gives you SARS, you make sarsaparilla*" -Joey "Accordion
Guy" DeVilla

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://mail.flarn.com/pipermail/plura-list/attachments/20210316/0d51325d/attachment.sig>


More information about the Plura-list mailing list