[Plura-list] The FTC takes aim at commercial surveillance
Cory Doctorow
doctorow at craphound.com
Fri Aug 12 11:38:33 EDT 2022
Read today's issue online at: https://pluralistic.net/2022/08/12/regulatory-uncapture/
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
Tomorrow (Aug 13), I'm co-presenting a program item at Defcon (Las Vegas) called "Literal Self-Pwning: Why Patients - and Their Advocates - Should Be Encouraged to Hack, Improve, and Mod Med Tech" with Christian "quaddi" Dameff & Jeff “r3plicant” Tully MD:
https://forum.defcon.org/node/242205
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
Today's links
* The FTC takes aim at commercial surveillance: Oh, the sheer poetry of "Commercial Surveillance and Data Security Rulemaking."
* Hey look at this: Delights to delectate.
* This day in history: 2007, 2012, 2017
* Colophon: Recent publications, upcoming/recent appearances, current writing projects, current reading
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🐓 The FTC takes aim at commercial surveillance
The biggest fallacy in the online privacy is that there is a difference between "state surveillance" and "commercial surveillance." Bizarrely, it's a fallacy that is widely held by both government snoops and Big Tech snoops.
Many's the time I've spoken to a DC audience about privacy, only to have an audience member say, "I'm OK with Uncle Sam spying on me - after all, I've already given up every sensitive scrap of information about my personal life to the Office of Personnel Management when I applied for security clearance. But I don't want my money going to *Google* - those bastards would sell their mothers out for a nickle."
Meanwhile, in Silicon Valley, I hear, "I don't care if Google has my data - they just want to show me better ads. But the US government? Hell no! Those govies and their profiteering private contractor pals are all too stupid to get jobs at *real* tech companies and who knows what they're going to do with my data?"
Both groups are gripped by the delusion that state surveillance can be disentangled from commercial surveillance. In a just world, companies would be barred from undertaking mass-scale surveillance for their private gain. After all, this is a practice that imposes vast risks on the public - humiliation, identity theft, extortion, and more - and is only profitable because the companies that create this risk can privatize the benefits of spying and socialize the costs of leaks:
https://locusmag.com/2018/07/cory-doctorow-zucks-empire-of-oily-rags/
How is it that the government hasn't stepped in to force companies to end the practice of spying? Worse, how is it that the government *abets* spying - for example, by reinforcing the risible fiction that clicking "I agree" on a meandering, multi-thousand word garbage legalese novella constitutes "consent"?
https://pluralistic.net/2022/08/10/be-reasonable/#i-would-prefer-not-to
It's because the project of mass state surveillance *depends* on mass commercial surveillance. Remember the Snowden revelations? Remember how they started with #Prism, a program whereby Big Tech had secretly colluded with the NSA to conduct illegal, mass surveillance?
https://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data
The companies denied it at first, but they changed their tunes - and squealed like stuck pigs - when another NSA program called "Upstream" was revealed. "Upstream" was the NSA's practice of wiretapping the fiber lines between Big Tech's data-centers.
https://www.washingtonpost.com/world/national-security/in-nsa-intercepted-data-those-not-targeted-far-outnumber-the-foreigners-who-are/2014/07/05/8139adf8-045a-11e4-8572-4b1b969b6322_story.html
Prism turned out to be a way to trick the tech giants into thinking that they were in control of the NSA's harvesting of their users' data. But what was really going on was that the NSA was capturing *everything*, picking out the stuff they wanted, and requesting it via Prism (this is called "parallel construction" and it's used when an agency does not want to reveal its methods to its partners or adversaries).
The NSA *depended* on Big Tech collecting and retaining everything, and it *depended* on the companies recklessly transmitting data between their data-centers without encrypting it. The NSA is also the agency charged with defending Americans from foreign surveillance, the risk of which *also* increased thanks to Big Tech's overcollection and sloppy storage. If the NSA took its defensive mission seriously, it would have been screaming its head off, demanding an end to commercial surveillance and hardening of internal communications. Instead, it exploited both.
The public-private surveillance partnership is very old, and it's key to monopolists' strategy. It took 69 years to break up AT&T, because every time trustbusters came close, America's cops and spies and military would spring into action, insisting that the Bell System was America's "national champion," needed to defend it from foreign enemies. The Pentagon rescued Ma Bell from breakup in the 50s by claiming that the Korean War couldn't be won without AT&T's help:
https://onezero.medium.com/jam-to-day-46b74d5b1da4
But it's not just powerful federal agencies that rely on commercial surveillance - and who aggressively cape for the tech surveillance industry. Local cops rely on Amazon's Ring doorbells to conduct off-the-books, mass scale street surveillance. Despite Amazon's repeated false claims, police can do this without Ring owners' knowledge or consent:
https://www.politico.com/news/2022/07/13/amazon-gave-ring-videos-to-police-without-owners-permission-00045513
Hard to overstate how sleazy this is, even leaving aside the creepy public surveillance part. Amazon sells you networked surveillance cameras, encourages you to put them inside and outside of your house, promises that you will have control over the footage they capture, then secretly hands it out to cops. In a just world, Amazon would face stiff penalties for lying to its customers about a matter this sensitive. In our world, nothing happens - because local cops across America go to bat for Amazon every time the issue comes up.
Google deceptively captures your location data. It is effectively impossible to opt out of Google location collection. You have to uncheck a dozen or so boxes in different places. Even the senior Googlers who ran Google Maps couldn't figure it out - they thought they'd opted out, but hadn't.
https://pluralistic.net/2021/06/01/you-are-here/#goog
In a just world, Google would face stiff penalties for deceiving billions of people who thought they had explicitly told the company *not* to track their location - but in our world, Google is left alone to do so. I mean, of course - why not? Without Google's mass harvesting and indefinite storage of surveillance data, cops wouldn't be able to use "reverse warrants" to go after Black Lives Matter protesters:
https://www.theguardian.com/us-news/2021/sep/16/geofence-warrants-reverse-search-warrants-police-google
(If you think that reverse warrants are good because they were used to prosecute the 1/6 insurrectionists, please consider that the vast majority of reverse warrants are used against progressive protesters).
Facebook deceptively captures your personal communications. You may think your private messages are private, but actually Facebook collects this data and retains it forever. In a just world, Facebook would be punished for this. In our world, Facebook turns over teens' private chats about procuring a medication abortion to cops seeking to charge an underaged girl as an adult with multiple felonies:
https://www.vice.com/en/article/n7zevd/this-is-the-data-facebook-gave-police-to-prosecute-a-teenager-for-abortion
Republicans talk a big game about tech companies being too powerful - but they mean that tech companies shouldn't be able to do content moderation.
https://www.eff.org/deeplinks/2021/07/right-or-left-you-should-be-worried-about-big-tech-censorship
They *don't* mean that tech companies should stop collaborating with latter-day Witchfinders General in their hunt for formerly pregnant children to imprison on behalf of the forced birth movement.
A federal privacy bill has been working its way through Congress all year, but it keeps getting watered down to the point of uselessness - or worse, because the bill will preempt *good* state privacy laws and replace them with a weak federal rule. But that might be moot, because I hear there's no chance of the bill passing.
This isn't regulatory capture - it's *legislative* capture. Congress and the Senate are thoroughly dependent on the big tech companies, as well as other surveillance giants like the credit reporting bureaux and the military contractors who build and maintain government surveillance systems.
https://doctorow.medium.com/regulatory-capture-59b2013e2526
All that might piss you off. It should. But here's the good news. The *great* news. When it comes to digital surveillance, America no longer has a regulatory capture problem. That's because personnel are policy, and the brilliant, fearless Lina Khan is running the FTC.
https://pluralistic.net/2022/05/09/rest-in-piss-robert-bork/#harmful-dominance
Khan rose to prominence just five years ago, when, as a law student, she published the earth-shaking law review article "Amazon's Antitrust Paradox," which demolished 40 years of right-wing orthodoxy that insisted that monopolies were efficient and beneficial and should be *encouraged* by governments:
https://www.yalelawjournal.org/note/amazons-antitrust-paradox
Today, she is chair of the FTC, and she's taking no prisoners. Instead, she's instituting new stringent merger guidelines, aggressively pursuing monopolies, and proposing sweeping new regulation that would allow the FTC to step in on privacy where Congress has failed us.
The FTC's just given notice of a future rulemaking on digital privacy, called the "Commercial Surveillance and Data Security Rulemaking":
https://www.ftc.gov/legal-library/browse/federal-register-notices/commercial-surveillance-data-security-rulemaking
They want to hear from you on a series of hard-hitting questions, including
* Are there some harms that consumers may not easily discern or identify? Which are they?
* How should the Commission identify and evaluate these commercial surveillance harms or potential harms? On which evidence or measures should the Commission rely to substantiate its claims of harm or risk of harm?
* Which areas or kinds of harm, if any, has the Commission failed to address through its enforcement actions?
* Has the Commission adequately addressed indirect pecuniary harms, including potential physical harms, psychological harms, reputational injuries, and unwanted intrusions?
* Which kinds of data should be subject to a potential trade regulation rule?
* Which, if any, commercial incentives and business models lead to lax data security measures or harmful commercial surveillance practices? Are some commercial incentives and business models more likely to protect consumers than others?
* How, if at all, should potential new trade regulation rules address harms to different consumers across different sectors? Which commercial surveillance practices, if any, are unlawful such that new trade regulation rules should set out clear limitations or prohibitions on them? To what extent, if any, is a comprehensive regulatory approach better than a sectoral one for any given harm?
As Thomas Claburn writes for *The Register*, "the agency's decision to use the word 'surveillance' rather than a euphemism like 'data gathering' or 'personalization' suggests the FTC is already inclined to change the status quo."
https://www.theregister.com/2022/08/11/ftc_personal_data_rules/
You might have heard about the Supreme Court's ruling in *West Virginia v EPA*, where Trump's illegitimate judges used their stolen seats to twist procedure and overturn decades of precedent to say that the EPA was not allowed to take action on climate change unless Congress specifically wrote them a mandate instructing them to do so:
https://www.npr.org/2022/06/30/1103595898/supreme-court-epa-climate-change
Commentators have focused - rightly - on the environmental consequences of this decision. As Justice Kagan wrote in her dissent: "The subject matter of the regulation here makes the Court’s intervention all the more troubling. Whatever else this Court may know about, it does not have a clue about how to address climate change. And let’s say the obvious: The stakes here are high. Yet the Court today prevents congressionally authorized agency action to curb power plants’ carbon dioxide emissions. The Court appoints itself—instead of Congress or the expert agency—the decision-maker on climate policy. I cannot think of many things more frightening. Respectfully, I dissent."
But the impact of this decision goes much farther. Expect the commercial surveillance industry to go after Khan and the FTC here, arguing that since the Federal Trade Commission Act of 1914 didn't mention the possibility of mass internet surveillance, the FTC can't do anything about it. By that reasoning, of course, the FTC should limit itself to policing the business practices of 1914 and previous. Look forward to a future Republican FTC chair opening an investigation into the build-quality of the Packard Six Phaeton.
The fusion of commercial and state surveillance is baked into the companies' business models, which rely on the state's dependence on commercial surveillance data, which, in turn, makes the state unwilling to regulate commercial surveillance.
As my EFF colleague Corynne McSherry said, "The best way to protect your users is to minimize the data you collect, delete what you do collect whenever possible, and encrypt private messages end-to-end as a default. Don't build it, don't keep it, and the cops won't come for it."
The corollary: if you build it, if you keep it, the cops will defend your right to do so. Chairperson Khan needs all our support. We need to flood that docket - and our reps' ears - with rejections of commercial surveillance. Because there is no mass state surveillance without mass commercial surveillance - and vice-versa.
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🐓 Hey look at this
* Man who built ISP instead of paying Comcast $50K expands to hundreds of homes https://arstechnica.com/tech-policy/2022/08/man-who-built-isp-instead-of-paying-comcast-50k-expands-to-hundreds-of-homes/
* McMansion Hell: "Everything’s bigger in Texas" https://mcmansionhell.com/post/692219683011706880/everythings-bigger-in-texas
* Gen-Z Harry Potter https://github.com/typoes/harry-potter-gen-z (h/t Boing Boing)
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🐓 This day in history
#15yrsago Epcot’s secret meeting rooms https://web.archive.org/web/20071025054350/https://thedisneyblog.com/tdb/2007/08/the-secret-room.html
#10yrsago Time wars: our finite lives frittered away in the precarious world of automation https://web.archive.org/web/20120813051220/https://www.gonzocircus.com/xtrpgs/incubate-special-exclusive-essay-time-wars-by-mark-fisher/
#10yrsago Mitt Romney’s tax bill under Paul Ryan’s budget? 0.82% (Your taxes will probably go up, though) https://www.theatlantic.com/business/archive/2012/08/mitt-romney-would-pay-082-percent-in-taxes-under-paul-ryans-plan/261027/
#5yrsago Amazon scammers’ new trick: shipping things to random widows in your town https://petapixel.com/2017/08/11/fell-victim-1500-used-camera-lens-scam-amazon/
#5yrsago You are Henry David Thoreau in the Walden simulator video game https://www.waldengame.com/
#5yrsago 24 hours later, ANOTHER massive Wells Fargo fraud scandal https://theintercept.com/2017/08/12/theres-a-new-wells-fargo-scandal-this-time-its-the-trucoat/
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🐓 Colophon
Today's top sources: Naked Capitalism (https://www.nakedcapitalism.com/), Slashdot (https://slashdot.org/).
Currently writing:
* The Bezzle, a Martin Hench noir thriller novel about the prison-tech industry. Yesterday's progress: 503 words (31763 words total)
* The Internet Con: How to Seize the Means of Computation, a nonfiction book about interoperability for Verso. Yesterday's progress: 526 words (27978 words total)
* Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. (92849 words total) - ON PAUSE
* A Little Brother short story about DIY insulin PLANNING
* Vigilant, Little Brother short story about remote invigilation. FIRST DRAFT COMPLETE, WAITING FOR EXPERT REVIEW
* Moral Hazard, a short story for MIT Tech Review's 12 Tomorrows. FIRST DRAFT COMPLETE, ACCEPTED FOR PUBLICATION
* Spill, a Little Brother short story about pipeline protests. FINAL DRAFT COMPLETE
* A post-GND utopian novel, "The Lost Cause." FINISHED
* A cyberpunk noir thriller novel, "Red Team Blues." FINISHED
Currently reading: Analogia by George Dyson.
Latest podcast: View a SKU: Let’s Make Amazon Into a Dumb Pipe https://craphound.com/news/2022/07/31/view-a-sku-lets-make-amazon-into-a-dumb-pipe/
Upcoming appearances:
* DEFCON 30 (Las Vegas), Aug 13
https://defcon.org/html/defcon-30/dc-30-index.html
* Talking "Radicalized" with the Building Bridges for America Book Club, Aug 15
https://www.mobilize.us/buildbridges4am/event/476946/
* Launch for Motherboard's Terraform anthology, Vice offices (Los Angeles), Aug 18
https://www.eventbrite.com/e/terraform-book-release-party-vice-ft-cory-doctorow-geoff-manaugh-tickets-399204109237
* Radical Interoperability: An Internet Disassembly Manual, Aug 29 15h (Burning Man Center Camp)
* Chokepoint Capitalism: a Better Deal for Creative Labor, Aug 30, 13h (Burning Man Palenque Norte, 915 and B)
* Interview with Bunnie Huang on the Precursor and Trusting Trust, Aug 31, 12h (Burning Man Liminal Labs, 945 and Rod's)
* Unfinished Live (NYC), Sept 21-24
https://live.unfinished.com/
Recent appearances:
* DRM Secretly Polices You (Daily Tech News Show)
https://dailytechnewsshow.com/2022/07/29/drm-secretly-polices-you-dtns-4327/
* Bricking Tractors (Inside Agri-Turf)
https://inside-agriturf.captivate.fm/episode/bricking-tractors-with-cory-doctorow
* Blockchain, Bitcoin & Selling The Brooklyn Bridge (MMT Podcast):
https://pileusmmt.libsyn.com/135-cory-doctorow-blockchain-bitcoin-selling-the-brooklyn-bridge
Latest book:
* "Attack Surface": The third Little Brother novel, a standalone technothriller for adults. The *Washington Post* called it "a political cyberthriller, vigorous, bold and savvy about the limits of revolution and resistance." Order signed, personalized copies from Dark Delicacies https://www.darkdel.com/store/p1840/Available_Now%3A_Attack_Surface.html
* "How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet analyzing the true harms of surveillance capitalism and proposing a solution. https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59 (print edition: https://bookshop.org/books/how-to-destroy-surveillance-capitalism/9781736205907) (signed copies: https://www.darkdel.com/store/p2024/Available_Now%3A__How_to_Destroy_Surveillance_Capitalism.html)
* "Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583; personalized/signed copies here: https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html
* "Poesy the Monster Slayer" a picture book about monsters, bedtime, gender, and kicking ass. Order here: https://us.macmillan.com/books/9781626723627. Get a personalized, signed copy here: https://www.darkdel.com/store/p2682/Corey_Doctorow%3A_Poesy_the_Monster_Slayer_HB.html#/.
Upcoming books:
* Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin, nonfiction/business/politics, Beacon Press, September 2022
* Red Team Blues: "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books, April 2023
This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🐓 How to get Pluralistic:
Blog (no ads, tracking, or data-collection):
Pluralistic.net
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
https://mamot.fr/web/accounts/303320
Medium (no ads, paywalled):
https://doctorow.medium.com/
(Latest Medium column: "Como is Infosec" https://doctorow.medium.com/como-is-infosec-307f87004563)
Twitter (mass-scale, unrestricted, third-party surveillance and advertising):
https://twitter.com/doctorow
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"*When life gives you SARS, you make sarsaparilla*" -Joey "Accordion Guy" DeVilla
More information about the Plura-list
mailing list