[Plura-list] McKinsey For Kids (no, really); Outing German spy agencies by mailing them Airtags

Cory Doctorow doctorow at craphound.com
Tue Feb 15 12:18:31 EST 2022


Read today's issue online at: https://pluralistic.net/2022/02/15/management-jesuits/

_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

This coming weekend (Feb 18-20) I'm a (virtual) guest at the Boskone sf convention. I'm doing several panels and my first-ever reading from *Red Team Blues,* my coming novel from Tor Books.

https://schedule.boskone.org/people/29740

_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

Today's links

* McKinsey For Kids (no, really): Give us a child when they are seven and they are ours for life.

* Outing German spy agencies by mailing them Airtags: A threat-model parable.

* This day in history: 2007, 2012, 2017, 2021

* Colophon: Recent publications, upcoming/recent appearances, current writing projects, current reading

_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

🥎 McKinsey For Kids (no, really)

McKinsey for Kids is a new website from the scandal-haunted consulting giants who proposed that Oxycontin-producers Purdue Pharma pay a bounty to pharma distributors based on the number of lethal overdoses in their territories. Its purpose is to teach kids to think like McKinsey Consultants.

https://www.mckinsey.com/featured-insights/mckinsey-for-kids/hungry-fish-baffled-farmers-and-what-happened-next

"Chapter 1" of the project invites kids to manage an aquaponics fishery with "models" and "Internet of Things" gadgets and "computer vision." The lesson is long on the ways that outside experts can solve problems, and absolutely silent on the ways that outside experts can get it wrong. In that regard, it's a brilliant encapsulation of the McKinsey model (all that's missing are the titanic invoices).

Writing about McKinsey For Kids, *The American Prospect*'s Adam M Lowenstein calls the site part of McKinsey's "thought leadership" program: "[a means to] project expertise and credibility, and to sustain the company’s narrative of itself and the work it does."

https://prospect.org/power/mckinsey-for-kids-insidious-tool-kit-spreading-corporate-influence/

But McKinsey for Kids isn't just directed at the outside world; there's also an inside game: the site "reassure[s] current employees that the work they do is meaningful and purpose-driven, and to convince future employees that the way to live a meaningful and purpose-driven life is to go not into government, education, health care, or philanthropy, but into business. Somewhere like McKinsey."

That's an important challenge, because McKinsey's business relies on fielding plausible experts that will maintain its role as consigliere to 90 of the 100 largest businesses in the world. But McKinsey itself is such a force for ill that it keeps losing top personnel. Some - like Anand Giridharadas, go on to write bestsellers that eviscerate its claims to virtue:

https://memex.craphound.com/2018/11/10/winners-take-all-modern-philanthropy-means-that-giving-some-away-is-more-important-than-how-you-got-it/

It's hard to retain good people when your corporate mission helps ICE build freezing immigrant detention cages where prisoners are separated from their children and kept on the brink of starvation:

https://www.nytimes.com/2019/12/03/us/mckinsey-ICE-immigration.html

It's even harder when your corporate mission includes helping the Saudi royals identify dissidents and "neutralize" them:

https://www.newsweek.com/exiled-saudi-dissident-sues-mckinsey-us-outing-him-mbs-1568226

And as Lowenstein writes, McKinsey For Kids talks a good game about the company's role in addressing the climate emergency, but its meat-and-potatoes is work for Exoon, BP, and Saudi Aramco:

https://www.nytimes.com/2021/10/27/business/mckinsey-climate-change.html

The company is *really good* at this kind of thought-leadership-projection. Its utterly banal, useless "Beyond Coronavirus: The Path to the Next Normal" has been cited 65 times, including many citations in peer-reviewed journals (the reviewers apparently failed to read the article):

https://scholar.google.com/scholar?cites=9731384302586895627&as_sdt=20005&sciodt=0,9&hl=en

The foundational message of McKinsey for Kids is identical to the message of McKinsey itself: to save capitalism, we must capitalism harder. The problems of markets must be solved with markets. The problems of business are best addressed by founding a rival business.

McKinsey's built a powerful botnet: its alumni are woven through government, business and finance. These alums work with their former colleagues to create "efficiencies" that are realized through job cuts, pay cuts, informalization, regulatory arbitrage and mergers to monopoly.

McKinsey For Kids is part of the strategy that maintains the power of that botnet and replenishes its personnel.


_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

🥎 Outing German spy agencies by mailing them Airtags

Apple's Airtags are an ingenious technology: they fuse every Ios device into a sensor grid that logs the location of each tag, using clever cryptography to prevent anyone but the tag's owner from pulling that information out of the system.

But there are significant problems with Airtags' privacy model. Some of these are unique to Apple, others are shared by all Bluetooth location systems, including Covid exposure-notification apps and Airtag rivals like Tile.

For example, minute imperfections in these devices' Bluetooth radio circuitry make it possible to uniquely identify them without having to bypass their encryption, simply by tracking the signature "fingerprint" of each radio:

https://pluralistic.net/2021/10/21/sidechannels/#ble-eding

That's an attack on the device's owner. But tracker tags also enable attacks *by* the device's owner. For example, there's a thriving market for Airtags whose speakers have been disabled (the speakers emit a chirp that is supposed to warn people if they are being tracked by someone else's Airtag):

https://9to5mac.com/2022/02/03/airtags-with-deactivated-speakers-being-sold/

Even without gimmicked speakers, tracking people with Airtags (and their competitors) is frighteningly easy. The *New York Times*' Kashmir Hill (consensually) tracked her husband around Manhattan with a constellation of these bugs.

https://www.nytimes.com/2022/02/11/technology/airtags-gps-surveillance.html

Even with the chirping speakers, her husband - a press privacy advocate with a strong technical background - struggled to locate and de-activate the Airtags. Hill reports that many people - particularly women - are finding Airtags hidden in their cars, clothes and elsewhere.

The far-reaching surveillance potential of these trackers was driven home by a stunt/investigation carried out by Lilith Wittmann, who confirmed her suspicion that a German government agency was a front for a spy operation, by mailing Airtag-bugged packages to it and watching as they were relayed to facilities used by the intelligence services ("the Office for the Protection of the Constitution").

https://lilithwittmann.medium.com/bundesservice-telekommunikation-enttarnt-dieser-geheimdienst-steckt-dahinter-cd2e2753d7ca

It's a fascinating new operational security wrinkle that relies on the popularity and ubiquity of Apple's Ios devices; foiling it requires not just that a spy facility be mobile-phone-free, but that all the facilities that deliver its mail also adopt this measure.

Image:
Apple
https://www.apple.com/airtag/


_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

🥎 This day in history

#15yrsago Vancouver cops hate WiFi https://web.archive.org/web/20070217033827/https://www.theglobeandmail.com/servlet/story/LAC.20070215.BCWIRELESS15/TPStory/TPNational/BritishColumbia/

#10yrsago UK: yes, we kidnapped people and sent them to be tortured by Qaddafi, but you can’t sue us https://www.theguardian.com/world/2012/feb/14/mi6-licence-to-kill-and-torture

#5yrsago In the US and UK, retirement is only for the super-rich https://www.theguardian.com/commentisfree/2017/feb/14/wealthy-retire-austerity-pensioners-work

#5yrsago Scottish court: your neighbours owe you for the distress of pointing a CCTV at your back yard and recording your conversations https://www.techdirt.com/articles/20170214/03215936704/scottish-sheriff-awards-couple-compensation-distress-caused-neighbors-use-cctv.shtml

#1yrago Billionaires think VR stops guillotines https://pluralistic.net/2021/02/15/ulysses-pacts/#motivated-reasoning

_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

🥎 Colophon

Today's top sources: Crypto-gram (https://www.schneier.com/crypto-gram/, Naked Capitalism (https://nakedcapitalism.com/).

Currently writing:

* Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. Yesterday's progress: 524 words (62846 words total).

* Vigilant, Little Brother short story about remote invigilation. Yesterday's progress: 268 words (553 words total)

* A Little Brother short story about DIY insulin PLANNING

* Moral Hazard, a short story for MIT Tech Review's 12 Tomorrows. FIRST DRAFT COMPLETE

* Spill, a Little Brother short story about pipeline protests. FINAL DRAFT COMPLETE

* A post-GND utopian novel, "The Lost Cause."  FINISHED

* A cyberpunk noir thriller novel, "Red Team Blues."  FINISHED

Currently reading: Analogia by George Dyson.

Latest podcast: The Internet Heist (Part II) https://craphound.com/news/2022/02/13/the-internet-heist-part-ii/

Upcoming appearances:

* Boskone 59 (Feb 18-20)
https://boskone.org/program/schedule-text-view/

* Dangerous Visions and New Worlds: Radical Science Fiction, 1950 to 1985 (City Lights), Feb 27
https://citylights.com/events/dangerous-visions-and-new-worlds-radical-science-fiction-1950-to-1985/

* Emerging Technologies For the Enterprise, Apr 19-20
https://2022.phillyemergingtech.com

Recent appearances:

* Bringing Back Luddites (Oh No Ross and Carrie)
https://ohnopodcast.com/investigations/2022/2/14/ross-meets-cory-doctorow-bringing-back-luddites-edition

* The End of Uber (The War on Cars)
https://thewaroncars.org/2022/01/26/the-end-of-uber-with-cory-doctorow/

* Moral Panic (Drug Science Podcast)
https://www.drugscience.org.uk/podcast/53-moral-panic-with-cory-doctorow/

Latest book:

* "Attack Surface": The third Little Brother novel, a standalone technothriller for adults. The *Washington Post* called it "a political cyberthriller, vigorous, bold and savvy about the limits of revolution and resistance." Order signed, personalized copies from Dark Delicacies https://www.darkdel.com/store/p1840/Available_Now%3A_Attack_Surface.html

* "How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet analyzing the true harms of surveillance capitalism and proposing a solution. https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59 (print edition: https://bookshop.org/books/how-to-destroy-surveillance-capitalism/9781736205907) (signed copies: https://www.darkdel.com/store/p2024/Available_Now%3A__How_to_Destroy_Surveillance_Capitalism.html)

* "Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583; personalized/signed copies here: https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html

* "Poesy the Monster Slayer" a picture book about monsters, bedtime, gender, and kicking ass. Order here: https://us.macmillan.com/books/9781626723627. Get a personalized, signed copy here: https://www.darkdel.com/store/p1562/_Poesy_the_Monster_Slayer.html.

Upcoming books:

* Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin, nonfiction/business/politics, Beacon Press, September 2022

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

🥎 How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/web/accounts/303320

Medium (no ads, paywalled):

https://doctorow.medium.com/

(Latest Medium column: "An Open Letter to Pixsy CEO Kain Jones, Who Keeps Sending Me Legal Threats" https://doctorow.medium.com/an-open-letter-to-pixsy-ceo-kain-jones-who-keeps-sending-me-legal-threats-5dfc54558f2c)
Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"*When life gives you SARS, you make sarsaparilla*" -Joey "Accordion Guy" DeVilla


More information about the Plura-list mailing list