[Plura-list] How police backdoors for online services let sextortionists target children; Laura Jean McKay's "The Animals in That Country"

Cory Doctorow doctorow at craphound.com
Wed Apr 27 10:29:20 EDT 2022

Read today's issue online at: https://pluralistic.net/2022/04/27/im-a-backdoor-man/


Tomorrow (4/28), I'm on a streamed panel called "The Power of Utopia," hosted by The Center for Artistic Activism:



CORRECTION: Yesterday's article on recycling identified Exxon as the creator of the recycling symbol,They did not create the symbol, but they did pressure 40 US state legislatures to mandate the use of the logo, though they knew that the plastics that bore it couldn't be recycled. I regret the error.


Today's links

* How police backdoors for online services let sextortionists target children: There is no such thing as a back-door that only lets the good guys through.

* Laura Jean McKay's "The Animals in That Country": A brilliant debut novel of too much understanding.

* Hey look at this: Delights to delectate.

* This day in history: 2002, 2012, 2017, 2021

* Colophon: Recent publications, upcoming/recent appearances, current writing projects, current reading


🕵🏾 How police backdoors for online services let sextortionists target children

An "Emergency Data Request" (EDR) is a warrantless demand by a police officer to a tech company, designed for white-hot emergencies when a cop needs an online service to cough up some of its user data to save a life or prevent a tragedy.

Criminals *love* EDRs. Once a crook breaks into a police email server (something so easy that the children running the LAPSUS$ crime-gang did it several times), they can send their own EDRs to online services, who will dutifully dox their own users. After all, if someone's in mortal danger, there's no time to stop and verify the cop's identity:


Children don't just abuse EDRs, they're also *abused* with EDRs. Facebook, Apple, Google, Snap, Twitter and Discord have all been tricked with fake EDRs into giving up sensitive information about underage children, according to a Bloomberg report by William Turton.


These EDRs were wielded by "sextoritionists" - sexual criminals who blackmail their victims into performing sex acts on camera; videos of these sex acts are used as leverage for increasingly extreme extortion demands.

There was a sextortion wave in the 2010s. It turned out that one extremely prolific sextortionist was a US Embassy staffer stationed in London, who ran a sextortion campaign that targeted at least 75 young women over two years:


A 19 year old targeted hundreds of girls and women, and was only caught when he tried to extort a former Miss Teen USA, who had connections that put her in touch with the FBI:


The men who attacked women in this first wave relied on a piece of malware called a "Remote Access Trojan" (RAT). A 2014 sweep of RAT criminals busted 100 men who had victimized 70,000 women and girls


But today's sextortionist doesn't need to break into his target's computer. He can just send an email from a hacked police account to an online service and they'll hand him all the information he needs to gain access to his target's most sensitive data.

(Readers interested in learning more about how sextortion works in the real world are encouraged to read Lauren McLaughlin's superb 2020 novel, "Send Pics"):


There are 18,000 police agencies in the US, making it impossible to determine whether an EDR comes from a real cop or not (and, of course, between the 18,000 agencies, it's inevitable that some of those cops will make fraudulent EDRs for money or as a favor to a buddy).

What's more, the online services have little or no clue about how their users' data is being accessed and shared. Amazon had to fire a string of Chief Security Officers until it found a person so underqualified that he wouldn't complain about the company's incredibly reckless data handling. The result was a string of breaches that the company can't even fully quantify.


Amazon isn't uniquely cavalier about your data. A newly published leaked Facebook memo reveals that the company's privacy engineers have warned their bosses that the company has no way to know how it's used your data:


To quote those engineers: "We do not have an adequate level of control and explainability over how our systems use data, and thus we can’t confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose.’ And yet, this is exactly what regulators expect us to do, increasing our risk of mistakes and misrepresentation."

Reporting for Motherboard, Lorenzo Franceschi-Bicchierai quotes an internal Facebook source who calls the company's data handling "broadly speaking, a complete shitshow."


Let's recap: the companies collect as much of your data as they can. They store it forever. They give it to anyone who has a police department email address, without question. And they don't keep track of who they give your data to.


🕵🏾 Laura Jean McKay's "The Animals in That Country"

*The Animals in That Country* is the debut novel of Australian writer Laura Jean McKay; it's an extraordinary book about a plague of understanding that sweeps across Australia, leaving the infected cursed with the ability to communicate with animals.


As a premise, this is very good: an inversion of the standard trope of people and animals communicating with one another and finding mutual understanding and peace as a result. In execution, it's even better: McKay sets herself the (seemingly) impossible of dramatizing human-animal communication without anthropomorphizing the animals, and then pulls it off - brilliantly.

The protagonist of *Animals* is Jean, a self-destructive, aging grandmother living in a wildlife park with her daughter-in-law (the park's director) and her granddaughter, Kim. Her son in not in his daughter's life - he's a loose-footed, irresponsible womanizer who's disappeared. Her ex-husband is also long gone. All Jean really has is Kim, who is the only reason she moderates her drinking and her self-immolating confrontations with friends, family, and strangers on the internet.

Jean and Kim have a fierce bond, and a rich fantasy life about how they would run an animal park if they were in charge. They play out these fantasies even as Australia is in a mounting panic over "zooflu," an epidemic burning its way north towards Kim and Jean. Zooflu's initial symptoms are similar to a mild cold - but afterward, the afflicted find that they can communicate with animals. Mammals at first, but as the disease progresses, the infected are able to understand birds, reptiles, insects.

This is not a pleasant experience. At first, many of the infected are swept up in mystical ecstasies as new worlds open to them, but quickly this turns to terror as the strange, alien thoughts of all the animals of the land, water and sky clamor for attention. The nation begins to shut down.

That's when Lee, Jean's missing son, re-enters her life, bringing the zooflu with him. As the nature park's carers and rangers cope with their infections, Lee kidnaps his daughter Kim and takes her south to commune with whales.

That sets up the main action of the book, a long road-trip tale set in an Australia where civil order in crumbling. But Jean's not the Road Warrior or one of Nevil Shute's square-jawed submarine captain. She's a middle-aged, alcoholic granny in a wheezing camper van, accompanied by Sue, one of the nature park's dingos, who has joined Jean's pack and is leading her to her lost child and grandchild.

Jean's journey - across the land and across the boundaries that separate her from the animal kingdom - is a thrilling adventure tale, a taut thriller, and a wildly imaginative (and linguistically impressive) journey into the hypothetical minds of horses, cows, rats, cats, flying foxes, gnats, and blowflies.

At Rebecca Giblins' suggestion, I bought *Animals* in audiobook form (from libro.fm, where it is DRM-free), read by the author, whose narration performance is stellar, bringing great depth, pathos, and humor to the animal voices.


Reading Justine Jordan's *Guardian* review of *Animals*, I learned that McKay holds a doctorate in "literary animal studies," a discipline I had never heard of until just now, but reading *Animals* feels like a master-class in it.



🕵🏾 Hey look at this

* Mexico nationalizes lithium industry https://peoplesdispatch.org/2022/04/24/mexico-nationalizes-lithium-industry/ (h/t Slashdot) ("We will coup whoever we want! Deal with it." - E. Musk)


🕵🏾 This day in history

#20yrsago The Hollings Bill isn’t dead https://web.archive.org/web/20020604080345/https://www.wired.com/news/politics/0,1283,52145,00.html

#10yrsago Consent of the Networked: indispensable, levelheaded explanation of how technology can make us free, or take away our liberty https://memex.craphound.com/2012/04/27/consent-of-the-networked-indispensable-levelheaded-explanation-of-how-technology-can-make-us-free-or-take-away-our-liberty/

#10yrsago Publishing exec admission: “I break ebook DRM” https://web.archive.org/web/20120424134939/http://paidcontent.org/2012/04/24/breaking-drm-publishing-exec/

#5yrsago When Theresa May called snap elections, she killed tax-haven reform https://www.taxjustice.net/2017/04/26/uk-parliament-fails-tackle-financial-secrecy-overseas-territories/

#5yrsago No matter how cool superblack activated charcoal food looks, it’s a bad idea https://imbibemagazine.com/dangerous-drinks/

#5yrsago FCC Chairman Pai wants to kill Net Neutrality, at the expense of small-town America https://www.wired.com/2017/04/ajit-pai-is-siding-with-the-oligarchy-and-misleading-trumps-base/

#5yrsago Insulin prices spike by 1123%, sending parents to the black market to keep their kids alive https://www.nbcnews.com/business/consumer/desperate-families-driven-black-market-insulin-n730026

#5yrsago Oakland elementary school students resist Caltrans’ insistence on taking copyright to their mural https://abc7news.com/caltrans-mural-battle-students-protest-for/1921812/

#1yrago Lexmark's toxic printer-ink https://pluralistic.net/2021/04/27/bruno-argento/#static-controls

#1yrago Unpack the court with judicial overrides https://pluralistic.net/2021/04/27/bruno-argento/#crisis-of-legitimacy

#1yrago Pharma's anti-generic-vaccine lobbying blitz https://pluralistic.net/2021/04/27/bruno-argento/#pharma-death-cult

#1yrago Klobuchar on trustbusting https://pluralistic.net/2021/04/27/bruno-argento/#klobuchar

#1yrago Robot Artists & Black Swans: The fantascienza of "Bruno Argento" (AKA Bruce Sterling) https://pluralistic.net/2021/04/27/bruno-argento/#fantascienza


🕵🏾 Colophon

Today's top sources: Rebecca Giblin (https://twitter.com/rgibli/).

Currently writing:

* Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. Yesterday's progress: 611 words (88092 words total).

* A Little Brother short story about DIY insulin PLANNING

* Vigilant, Little Brother short story about remote invigilation. FIRST DRAFT COMPLETE, WAITING FOR EXPERT REVIEW

* Moral Hazard, a short story for MIT Tech Review's 12 Tomorrows. FIRST DRAFT COMPLETE, ACCEPTED FOR PUBLICATION

* Spill, a Little Brother short story about pipeline protests. FINAL DRAFT COMPLETE

* A post-GND utopian novel, "The Lost Cause."  FINISHED

* A cyberpunk noir thriller novel, "Red Team Blues."  FINISHED

Currently reading: Analogia by George Dyson.

Latest podcast: Big Tech Isn’t Stealing News Publishers’ Content

Upcoming appearances:

* The Power of Utopia, The Center for Artistic Activism Apr 28

* Demicon 33 (Des Moines), May 6-8

* OpenJSWorld Keynote (Austin), Jun 8

* UK Competition and Markets Authority Data Technology and Analytics conference (London), Jun 15-16

Recent appearances:

* Blockchain, Crypto & Web3 (Life Itself podcast)

* Launch for Jennifer Egan's "Candy House" (Vancouver Public Library)

* Surveillance Capitalism, Borders, and the Police (Tech Workers Coalition San Diego)

Latest book:

* "Attack Surface": The third Little Brother novel, a standalone technothriller for adults. The *Washington Post* called it "a political cyberthriller, vigorous, bold and savvy about the limits of revolution and resistance." Order signed, personalized copies from Dark Delicacies https://www.darkdel.com/store/p1840/Available_Now%3A_Attack_Surface.html

* "How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet analyzing the true harms of surveillance capitalism and proposing a solution. https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59 (print edition: https://bookshop.org/books/how-to-destroy-surveillance-capitalism/9781736205907) (signed copies: https://www.darkdel.com/store/p2024/Available_Now%3A__How_to_Destroy_Surveillance_Capitalism.html)

* "Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583; personalized/signed copies here: https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html

* "Poesy the Monster Slayer" a picture book about monsters, bedtime, gender, and kicking ass. Order here: https://us.macmillan.com/books/9781626723627. Get a personalized, signed copy here: https://www.darkdel.com/store/p1562/_Poesy_the_Monster_Slayer.html.

Upcoming books:

* Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin, nonfiction/business/politics, Beacon Press, September 2022

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.


Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.


🕵🏾 How to get Pluralistic:

Blog (no ads, tracking, or data-collection):


Newsletter (no ads, tracking, or data-collection):


Mastodon (no ads, tracking, or data-collection):


Medium (no ads, paywalled):


(Latest Medium column: "Automation is Magic: The Messy Business of Security Economics" https://doctorow.medium.com/automation-is-magic-f4c1401d1f0d)

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):


Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):


"*When life gives you SARS, you make sarsaparilla*" -Joey "Accordion Guy" DeVilla

More information about the Plura-list mailing list